4 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
fhajny
|
6bcf07f4b6 |
Update databases/pgbouncer to 1.7.2.
Set up a separate user, previous PGUSER/PGGROUP integration didn't make sense. 2016-02-26 - PgBouncer 1.7.2 - "Finally Airborne" - Fix crash on stale pidfile removal. Problem introduced in 1.7.1. - Disable cleanup - it breaks takeover and is not useful for production loads. Problem introduced in 1.7.1. - After takeover, wait until pidfile is gone before booting. Slow shutdown due to memory cleanup exposed existing race. (#113) - Make build reproducible by dropping DBGVER handling. (#112) - Antimake: Sort file list from $(wildcard), newer gmake does not sort it anymore. (#111) - Show libssl version in log. - deb: Turn on full hardening. 2016-02-18 - PgBouncer 1.7.1 - "Forward To Five Friends Or Else" - WARNING: Since version 1.7, server_reset_query is not executed when database is in transaction-pooling mode. Seems this was not highlighted enough in 1.7 announcement. If your apps depend on that happening, use server_reset_query_always to restore previous behaviour. - TLS: Rename sslmode "disabled" to "disable" as that is what PostgreSQL uses. - TLS: client_tls_sslmode=verify-ca/-full now reject connections without client certificate. (#104) - TLS: client_tls_sslmode=allow/require do validate client certificate if sent. Previously they left cert validation unconfigured so connections with client cert failed. (#105) - Fix memleak when freeing database. - Fix potential memleak in tls_handshake(). - Fix EOF handling in tls_handshake(). - Fix too small memset in asn1_time_parse compat. - Fix non-TLS (--without-openssl) build. (#101) - Fix various issues with Windows build. (#100) - TLS: Use SSL_MODE_RELEASE_BUFFERS to decrease memory usage of inactive connections. - Clean allocated memory on exit. Helps to run memory-leak checkers. - Improve server_reset_query documentation. (#110) - Add TLS options to sample config. 2015-12-18 - PgBouncer 1.7 - "Colors Vary After Resurrection" - Support TLS connections. OpenSSL/LibreSSL is used as backend implementation. - Support authentication via TLS client certificate. - Support "peer" authentication on Unix sockets. - Support Host Based Access control file, like pg_hba.conf in Postgres. This allows to configure TLS for network connections and "peer" authentication for local connections. - Set query_wait_timeout to 120s by default. Current default (0) causes infinite queueing, which is not useful. That means if client has pending query and has not been assigned to server connection, the client connection will be dropped. - Disable server_reset_query_always by default. Now reset query is used only in pools that are in session mode. - Increase pkt_buf to 4096 bytes. Improves performance with TLS. The behaviour is probably load-specific, but it should be safe to do as since v1.2 the packet buffers are split from connections and used lazily from pool. - Support pipelining count expected ReadyForQuery packets. This avoids releasing server too early. Fixes #52. - Improved sbuf_loopcnt logic - socket is guarateed to be reprocessed even if there are no event from socket. Required for TLS as it has it's own buffering. - Adapt system tests to work with modern BSD and MacOS. (Eric Radman) - Remove crypt auth. It's obsolete and not supported by PostgreSQL since 8.4. - Fix plain "--with-cares" configure option - without argument it was broken. |
||
fhajny
|
ba5204a8ea |
Uddate databases/pgbouncer to 1.6.1.
Update home page & master site, clean up. PgBouncer 1.6.1. - Security fix for CVE-2015-6817. - Per-pool pooling mode vs. reset query. Details: http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/ PgBouncer 1.6.0 Main new features: - Load user password hash from postgres database. - Pooling mode can be configured both per-database and per-user. - Per-database and per-user connection limits: max_db_connections and max_user_connections. - Add DISABLE/ENABLE commands to prevent new connections. - New preferred DNS backend: c-ares. - Config files have %include FILENAME directive to allow configuration to be split into several files. Details: http://pgbouncer.github.io/2015/08/pgbouncer-1-6/ PgBouncer 1.5.5 - Fix remote crash - invalid packet order causes lookup of NULL pointer. Not exploitable, just DoS. |
||
fhajny
|
aa118026dc |
Update pgbouncer to 1.5.4.
Add SMF support. Fix default dirs. 2012-11-28 - PgBouncer 1.5.4 - "No Leaks, Potty-Training Successful" = Fixes = * DNS: Fix memory leak in getaddrinfo_a() backend. * DNS: Fix memory leak in udns backend. * DNS: Fix stats calculation. * DNS: Improve error message handling for getaddrinfo_a(). * Fix win32 compile. * Fix compiler dependency support check in configure. * Few documentation fixes. 2012-09-12 - PgBouncer 1.5.3 - "Quantum Toaster" = Critical fix = * Too long database names can lead to crash, which is remotely triggerable if autodbs are enabled. The original checks assumed all names come from config files, thus using fatal() was fine, but when autodbs are enabled - by '*' in [databases] section - the database name can come from network thus making remote shutdown possible. = Minor Features = * max_packet_size - config parameter to tune maximum packet size that is allowed through. Default is kept same: (2G-1), but now it can be made smaller. * In case of unparseable packet header, show it in hex in log and error message. = Fixes = * AntiMake: it used $(relpath) and $(abspath) to manupulate pathnames, but the result was build failure when source tree path contained symlinks. The code is now changed to work on plain strings only. * console: now SET can be used to set empty string values. * config.txt: show that all timeouts can be set in floats. This is well-hidden feature introduced in 1.4. 2012-05-29 - PgBouncer 1.5.2 - "Don't Chew, Just Swallow" = Fixes = * Due to mistake, reserve_pool_timeout was taken in microseconds, not seconds, effectively activating reserve pool immediately when pool got full. Now use it as seconds, as was intended. (Noticed by Keyur Govande) 2012-04-17 - PgBouncer 1.5.1 - "Abort, Retry, Ignore?" = Features = * Parameters to tune permissions on unix socket: unix_socket_mode=0777, unix_socket_group=''. = Fixes = * Allow empty string for server-side variable - this is needed to get "application_name" properly working, as it's the only parameter that does not have server-side default. * If connect string changes, require refresh of server parameters. Previously PgBouncer continued with old parameters, which breaks in case of Postgres upgrade. * If autodb connect string changes, drop old connections. * cf_setint: Use strtol() instead atoi() to parse integer config parameters. It allows hex, octal and better error detection. * Use sigqueue() to detect union sigval existence - fixes compilation on HPUX. * Remove 'git' command from Makefile, it throws random errors in case of plain-tarball build. * Document stats_period parameter. This tunes the period for stats output. * Require Asciidoc >= 8.4, seems docs are not compatible with earlier versions anymore. * Stop trying to retry on EINTR from close(). 2012-01-05 - PgBouncer 1.5 - "Bouncing Satisified Clients Since 2007" If you use more than 8 IPs behind one DNS name, you now need to use EDNS0 protocol to query. Only getaddrinfo_a()/getaddrinfo() and UDNS backends support it, libevent 1.x/2.x does not. To enable it for libc, add 'options edns0' to /etc/resolv.conf. GNU Make 3.81+ is required for building. = Features = * Detect DNS reply changes and invalidate connections to IPs no longer present in latest reply. (Petr Jelinek) * DNS zone serial based hostname invalidation. When option dns_zone_check_period is set, all DNS zones will be queried for SOA, and when serial has changed, all hostnames will be queried. This is needed to get deterministic connection invalidation, because invalidation on lookup is useless when no lookups are performed. Works only with new UDNS backend. * New SHOW DNS_HOSTS, SHOW DNS_ZONES commands to examine DNS cache. * New param: min_pool_size - avoids dropping all connections when there is no load. (Filip Rembialkowski) * idle_in_transaction_timeout - kill transaction if idle too long. Not set by default. * New libudns backend for DNS lookups. More featureful than evdns. Use --with-udns to activate. Does not work with IPv6 yet. * KILL command, to immediately kill all connections for one database. (Michael Tharp) * Move to Antimake build system to have better looking Makefiles. Now GNU Make 3.81+ is required for building. = Fixes = * DNS now works with IPv6 hostnames. * Don't change connection state when NOTIFY arrives from server. * Various documentation fixes. (Dan McGee) * Console: Support ident quoting with "". Originally we did not have any commands that took database names, so no quoting was needed. * Console: allow numbers at the stard of word regex. Trying to use strict parser makes things too complex here. * Don't expire auto DBs that are paused. (Michael Tharp) * Create auto databases as needed when doing PAUSE. (Michael Tharp) * Fix wrong log message issued by RESUME command. (Peter Eisentraut) * When user= without password= is in database connect string, password will be taken from userlist. * Parse '*' properly in takeover code. * autogen.sh: work with older autoconf/automake. * Fix run-as-service crash on win32 due to bad basename() from mingw/msvc runtime. Now compat basename() is always used. |
||
dholland
|
5276196e8b |
Fix build failure on NetBSD caused by trying to redefine bswap16/32/64.
While here, fix some pkglint. |