Commit graph

16 commits

Author SHA1 Message Date
jperkin
36e6903fd8 Remove the stability entity, it has no meaning outside of an official context. 2016-06-08 10:16:50 +00:00
jperkin
31ffe7cbb6 Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
2016-06-08 09:46:01 +00:00
fhajny
6bcf07f4b6 Update databases/pgbouncer to 1.7.2.
Set up a separate user, previous PGUSER/PGGROUP integration didn't
make sense.

2016-02-26 - PgBouncer 1.7.2 - "Finally Airborne"

- Fix crash on stale pidfile removal. Problem introduced in 1.7.1.
- Disable cleanup - it breaks takeover and is not useful for
  production loads. Problem introduced in 1.7.1.
- After takeover, wait until pidfile is gone before booting. Slow
  shutdown due to memory cleanup exposed existing race. (#113)
- Make build reproducible by dropping DBGVER handling. (#112)
- Antimake: Sort file list from $(wildcard), newer gmake does not
  sort it anymore. (#111)
- Show libssl version in log.
- deb: Turn on full hardening.

2016-02-18 - PgBouncer 1.7.1 - "Forward To Five Friends Or Else"

- WARNING: Since version 1.7, server_reset_query is not executed
  when database is in transaction-pooling mode. Seems this was not
  highlighted enough in 1.7 announcement. If your apps depend on
  that happening, use server_reset_query_always to restore previous
  behaviour.
- TLS: Rename sslmode "disabled" to "disable" as that is what
  PostgreSQL uses.
- TLS: client_tls_sslmode=verify-ca/-full now reject connections
  without client certificate. (#104)
- TLS: client_tls_sslmode=allow/require do validate client
  certificate if sent. Previously they left cert validation
  unconfigured so connections with client cert failed. (#105)
- Fix memleak when freeing database.
- Fix potential memleak in tls_handshake().
- Fix EOF handling in tls_handshake().
- Fix too small memset in asn1_time_parse compat.
- Fix non-TLS (--without-openssl) build. (#101)
- Fix various issues with Windows build. (#100)
- TLS: Use SSL_MODE_RELEASE_BUFFERS to decrease memory usage of
  inactive connections.
- Clean allocated memory on exit. Helps to run memory-leak
  checkers.
- Improve server_reset_query documentation. (#110)
- Add TLS options to sample config.

2015-12-18 - PgBouncer 1.7 - "Colors Vary After Resurrection"
- Support TLS connections. OpenSSL/LibreSSL is used as backend
  implementation.
- Support authentication via TLS client certificate.
- Support "peer" authentication on Unix sockets.
- Support Host Based Access control file, like pg_hba.conf in
  Postgres. This allows to configure TLS for network connections
  and "peer" authentication for local connections.
- Set query_wait_timeout to 120s by default. Current default (0)
  causes infinite queueing, which is not useful. That means if
  client has pending query and has not been assigned to server
  connection, the client connection will be dropped.
- Disable server_reset_query_always by default. Now reset query is
  used only in pools that are in session mode.
- Increase pkt_buf to 4096 bytes. Improves performance with TLS.
  The behaviour is probably load-specific, but it should be safe
  to do as since v1.2 the packet buffers are split from connections
  and used lazily from pool.
- Support pipelining count expected ReadyForQuery packets. This
  avoids releasing server too early. Fixes #52.
- Improved sbuf_loopcnt logic - socket is guarateed to be
  reprocessed even if there are no event from socket. Required for
  TLS as it has it's own buffering.
- Adapt system tests to work with modern BSD and MacOS. (Eric
  Radman)
- Remove crypt auth. It's obsolete and not supported by PostgreSQL
  since 8.4.
- Fix plain "--with-cares" configure option - without argument it
  was broken.
2016-03-15 11:29:35 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
efd9ad4549 Remove duplicate SHA512 digests that crept in. 2015-11-04 17:41:15 +00:00
agc
d549bff9a5 Add SHA512 digests for distfiles for databases category
Problems found with existing distfiles:
	distfiles/D6.data.ros.gz
	distfiles/cstore0.2.tar.gz
	distfiles/data4.tar.gz
	distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 01:56:09 +00:00
fhajny
ba5204a8ea Uddate databases/pgbouncer to 1.6.1.
Update home page & master site, clean up.


PgBouncer 1.6.1.

- Security fix for CVE-2015-6817.
- Per-pool pooling mode vs. reset query.

Details:
  http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/


PgBouncer 1.6.0

Main new features:
- Load user password hash from postgres database.
- Pooling mode can be configured both per-database and per-user.
- Per-database and per-user connection limits: max_db_connections and
  max_user_connections.
- Add DISABLE/ENABLE commands to prevent new connections.
- New preferred DNS backend: c-ares.
- Config files have %include FILENAME directive to allow configuration
  to be split into several files.

Details:
  http://pgbouncer.github.io/2015/08/pgbouncer-1-6/


PgBouncer 1.5.5

- Fix remote crash - invalid packet order causes lookup of NULL pointer.
  Not exploitable, just DoS.
2015-10-23 16:40:38 +00:00
fhajny
aa118026dc Update pgbouncer to 1.5.4.
Add SMF support. Fix default dirs.

2012-11-28  -  PgBouncer 1.5.4  -  "No Leaks, Potty-Training Successful"

  = Fixes =

    * DNS: Fix memory leak in getaddrinfo_a() backend.

    * DNS: Fix memory leak in udns backend.

    * DNS: Fix stats calculation.

    * DNS: Improve error message handling for getaddrinfo_a().

    * Fix win32 compile.

    * Fix compiler dependency support check in configure.

    * Few documentation fixes.

2012-09-12  -  PgBouncer 1.5.3  -  "Quantum Toaster"

  = Critical fix =

    * Too long database names can lead to crash, which
      is remotely triggerable if autodbs are enabled.

      The original checks assumed all names come from config files,
      thus using fatal() was fine, but when autodbs are enabled
      - by '*' in [databases] section - the database name can come
      from network thus making remote shutdown possible.

  = Minor Features =

    * max_packet_size - config parameter to tune maximum packet size
      that is allowed through.  Default is kept same: (2G-1), but now
      it can be made smaller.

    * In case of unparseable packet header, show it in hex in log and
      error message.

  = Fixes =

    * AntiMake: it used $(relpath) and $(abspath) to manupulate pathnames,
      but the result was build failure when source tree path contained
      symlinks.  The code is now changed to work on plain strings only.

    * console: now SET can be used to set empty string values.

    * config.txt: show that all timeouts can be set in floats.
      This is well-hidden feature introduced in 1.4.

2012-05-29  -  PgBouncer 1.5.2  -  "Don't Chew, Just Swallow"

  = Fixes =

    * Due to mistake, reserve_pool_timeout was taken in microseconds,
      not seconds, effectively activating reserve pool immediately
      when pool got full.  Now use it as seconds, as was intended.
      (Noticed by Keyur Govande)

2012-04-17  -  PgBouncer 1.5.1  -  "Abort, Retry, Ignore?"

  = Features =

    * Parameters to tune permissions on unix socket:
      unix_socket_mode=0777, unix_socket_group=''.

  = Fixes =

    * Allow empty string for server-side variable - this is
      needed to get "application_name" properly working, as it's
      the only parameter that does not have server-side default.

    * If connect string changes, require refresh of server parameters.
      Previously PgBouncer continued with old parameters,
      which breaks in case of Postgres upgrade.

    * If autodb connect string changes, drop old connections.

    * cf_setint: Use strtol() instead atoi() to parse integer config
      parameters.  It allows hex, octal and better error detection.

    * Use sigqueue() to detect union sigval existence - fixes
      compilation on HPUX.

    * Remove 'git' command from Makefile, it throws random errors
      in case of plain-tarball build.

    * Document stats_period parameter.  This tunes the period for
      stats output.

    * Require Asciidoc >= 8.4, seems docs are not compatible with
      earlier versions anymore.

    * Stop trying to retry on EINTR from close().

2012-01-05  -  PgBouncer 1.5  -  "Bouncing Satisified Clients Since 2007"

  If you use more than 8 IPs behind one DNS name, you now need to
  use EDNS0 protocol to query.  Only getaddrinfo_a()/getaddrinfo()
  and UDNS backends support it, libevent 1.x/2.x does not.
  To enable it for libc, add 'options edns0' to /etc/resolv.conf.

  GNU Make 3.81+ is required for building.

  = Features =

    * Detect DNS reply changes and invalidate connections to IPs no longer
      present in latest reply.
      (Petr Jelinek)

    * DNS zone serial based hostname invalidation.  When option
      dns_zone_check_period is set, all DNS zones will be queried
      for SOA, and when serial has changed, all hostnames
      will be queried.  This is needed to get deterministic
      connection invalidation, because invalidation on lookup
      is useless when no lookups are performed.
      Works only with new UDNS backend.

    * New SHOW DNS_HOSTS, SHOW DNS_ZONES commands to examine DNS cache.

    * New param: min_pool_size - avoids dropping all connections
      when there is no load.
      (Filip Rembialkowski)

    * idle_in_transaction_timeout - kill transaction if idle too long.
      Not set by default.

    * New libudns backend for DNS lookups.  More featureful than evdns.
      Use --with-udns to activate.  Does not work with IPv6 yet.

    * KILL command, to immediately kill all connections for one database.
      (Michael Tharp)

    * Move to Antimake build system to have better looking Makefiles.
      Now GNU Make 3.81+ is required for building.

  = Fixes =

    * DNS now works with IPv6 hostnames.

    * Don't change connection state when NOTIFY arrives from server.

    * Various documentation fixes.
      (Dan McGee)

    * Console: Support ident quoting with "".  Originally we did not
      have any commands that took database names, so no quoting was needed.

    * Console: allow numbers at the stard of word regex.  Trying
      to use strict parser makes things too complex here.

    * Don't expire auto DBs that are paused.
      (Michael Tharp)

    * Create auto databases as needed when doing PAUSE.
      (Michael Tharp)

    * Fix wrong log message issued by RESUME command.
      (Peter Eisentraut)

    * When user= without password= is in database connect string,
      password will be taken from userlist.

    * Parse '*' properly in takeover code.

    * autogen.sh: work with older autoconf/automake.

    * Fix run-as-service crash on win32 due to bad basename() from
      mingw/msvc runtime.  Now compat basename() is always used.
2014-05-13 14:18:49 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
tron
73d05e2276 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:17:32 +00:00
jperkin
b091c2f172 Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.
2013-07-12 10:44:52 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
asau
354ee694fd Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-02 21:25:15 +00:00
dholland
5276196e8b Fix build failure on NetBSD caused by trying to redefine bswap16/32/64.
While here, fix some pkglint.
2011-12-21 08:29:05 +00:00
dholland
c72940435b Whitespace, prompted by pkglint. 2011-12-21 08:27:20 +00:00
mjl
b42520b2fe Initial import of pgbouncer-1.4.2
pgbouncer is a lightweight connection pooler for PostgreSQL that provides
the following features:

 * Several levels of brutality when rotating connections.
 * Low memory requirements.
 * It is not tied to one backend server, the destination databases
   can reside on different hosts.
 * Supports online reconfiguration for most of the settings.
 * Supports online restart/upgrade.
2011-09-03 22:15:51 +00:00