pound (2.6-6+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the security team with maintainer approval. * Add missing part of anti_beast patch to fix disabling of client renegotiation. (Closes: #765649) -- Thijs Kinkhorst Tue, 05 May 2015 13:27:06 +0000 pound (2.6-6) unstable; urgency=low * Add options to disable SSLv2 and SSLv3. -- Brett Parker Mon, 20 Oct 2014 00:48:13 +0100 pound (2.6-5) unstable; urgency=low * Add MKCALENDAR support (Closes: #742488) * Check config file is valid for restart/force-restart (Closes: #747517) * Up max http size to 8k (Closes: #691941) -- Brett Parker Sun, 19 Oct 2014 22:31:00 +0100 pound (2.6-4) unstable; urgency=low * Add HTTP PATCH support * Add semaphore wait support (Closes: #737853) -- Brett Parker Mon, 03 Mar 2014 15:22:11 +0000 pound (2.6-3) unstable; urgency=low * New maintainer: Brett Parker * Update xss_redirect_patch - Allow = character in urls (Closes: #723731) * Add patch from Joe Gooch for CRIME vulnerability - tls_compression_disable.patch (Closes: #727197) -- Brett Parker Sun, 26 Jan 2014 12:40:27 +0000 pound (2.6-2) unstable; urgency=low * Update anti_beast patch - Actually authored by Joe Gooch - Fix segfault on some systems * Added patch to fix XSS redirect vulnerability - Patch from Joe Gooch * Switched to dpkg-buildflags (Closes: #654833) - Patch from Moritz Muehlenhoff -- Martin Meredith Fri, 03 Feb 2012 09:40:45 +0000 pound (2.6-1) unstable; urgency=low * New upstream release * Patch from Michal Jirku to add config options that prevent BEAST/renegotiation attacks -- Martin Meredith Mon, 30 Jan 2012 10:21:52 +0000 pound (2.5-1.1) unstable; urgency=low * NMU * Apply patch to work with new openssl. Thanks to Ilya Barygin for the patch. Closes: #622041 * Add simple initial build-arch and build-indep rules as suggested by lintian -- Steve McIntyre Thu, 12 Dec 2011 15:29:12 +0000 pound (2.5-1) unstable; urgency=low * New upstream release * Switch to dpkg-source 3.0 (quilt) format * Removed previous patch from #517359 - incorporated upstream * Added ${misc:Depends} * Added openssl as a B-D (New functionality to connect to SSL backends) -- Martin Meredith Wed, 10 Mar 2010 21:44:12 +0000 pound (2.4.5-3) unstable; urgency=low * Added functionality to init script to allow optional arguments (Closes: #449430) -- Martin Meredith Fri, 02 Oct 2009 13:30:36 +0100 pound (2.4.5-2) unstable; urgency=low * Fixed small typo in init script (Closes: #537602) -- Martin Meredith Mon, 27 Jul 2009 21:04:07 +0100 pound (2.4.5-1) unstable; urgency=low * New upstream release * Hijacked Package: New Maintainer (due to MIA) * Changed init script to create /var/run/pound * Upstream has fixed RewriteLocation Port issues (Closes: #525733) * Added patch to fix truncation issues (Closes: #517359) * Updated to standards version 3.8.2 * Updated to debhelper 7 * Added dpatch as B-D -- Martin Meredith Sun, 05 Jul 2009 16:11:36 +0100 pound (2.4.3-1) unstable; urgency=medium [Michael Mende] * New upstream release. -- Michael Mende Wed, 4 May 2008 13:11:21 +0200 pound (2.4.2-1) unstable; urgency=medium [Michael Mende] * New upstream release. * Added FAQ and CHANGELOG. (Closes: #472453) * debian/watch + Fixed regex. -- Michael Mende Tue, 28 Apr 2008 14:33:11 +0200 pound (2.4-2) unstable; urgency=medium [Michael Mende] * debian/control: + Removed libgoogle-perftools-dev from build-dependencies because libgoogle-perftools does not seem to enter testing soon. * debian/rules: + Syntax error in LDFLAGS on some architectures. (Closes: #469823) + CFLAGS on ARM without '-fstack-protector' due to segmentation faults. + Added 'noexecstack' to LDFLAGS. -- Michael Mende Wed, 7 Mar 2008 11:20:11 +0100 pound (2.4-1) unstable; urgency=medium [Michael Mende] * New upstream version (Closes: #432784). * Has now support for IPv6 (Closes: #360158). * debian/copyright + Moved license to GPLv3 (changed in upstream version 2.4d). * debian/rules: + '[ ! -f Makefile ] || $(MAKE) clean' instead of '-$(MAKE) distclean' (Closes: #424308). + Remove Makefile after make clean. + Added security hardening features. * debian/control: + Removed Sam Johnston from Maintainer: and Jörg Wendland from Uploaders: field (Closes: #465968). + Set myself as maintainer. + Bumped Standards-Version to 3.7.3. + Use debhelper 6 now. + Added Homepage field. + Added libgoogle-perftools-dev to build-dependencies for amd64, i386, ia64 and powerpc. + Added libpcre3-dev to build-dependencies. * debian/dirs: + Added /var/run/pound for poundctl control socket. * debian/pound.cfg: + Added global option 'Control' to enable poundctl usage. * Addes watch file debian/watch. -- Michael Mende Wed, 27 Feb 2008 11:31:12 +0100 pound (2.2.7-2) unstable; urgency=high * Urgency high: This supersedes 2.2.7-1 which closed #360842. That was a grave bug, as it rendered pound unusable, I just had not realized how bad it was. * Also fix init script: restart did not work (first start, then stop), status bailed if daemon not running -- Michael Piefel Thu, 29 Mar 2007 13:43:55 +0200 pound (2.2.7-1) unstable; urgency=low * New upstream version (closes: #407183) - also this time the fix that was supposed to be included in the last upload is now in the upstream source (closes: #360842) * Update syntax of example config file (closes: #356466) * Make pound really use the specified CFLAGS (closes: #342080) * Update init.d script to be LSB-compliant * Bumped Standards-Version to 3.7.2 * Use debhelper 5 now -- Michael Piefel Wed, 28 Mar 2007 11:12:25 +0200 pound (2.0-1.1) unstable; urgency=low * Non-maintainer upload * apply patch fixsegfaults.patch to fix segmentation fault in worker (closes: #360842) -- Arthur de Jong Mon, 25 Sep 2006 12:42:57 +0200 pound (2.0-1) unstable; urgency=low * New upstream release * New configuration file syntax * Listener-specific backends to eliminate need for multiple instances * New redirector backend * Secondary proarties (error messages, timeouts, etc.) now private to listeners. * HAport accepts an optional address * Added -V flag for version * Session tracking on a specific header -- Sam Johnston Thu, 2 Feb 2006 05:29:09 +1100 pound (1.9.4-1) unstable; urgency=low * New upstream release * Added LogFacility config file directive * HTTP Request Smuggling fix: first of Content-Length and Transfer-Encoding takes precedence -- Sam Johnston Fri, 21 Oct 2005 03:14:24 +1000 pound (1.9.3-1) unstable; urgency=low * New upstream release. Closes #326941, #331604, #333559, #320220, #263578. -- Sam Johnston Sun, 16 Oct 2005 08:02:40 +1000 pound (1.9-1) unstable; urgency=low * New upstream version, closes: #310646, #311548, #306649 * Ack security NMU, the fix is included upstream, closes: #307852 * Add myself to uploaders with ok from Sam. * Clean up debian/: - remove rules.old - remove bogus comments and commands from rules - remove config, debconf is not used * debian/init.d: - use pid file - remove commented lines -- Joerg Wendland Mon, 11 Jul 2005 09:16:30 +0200 pound (1.8.2-1.1) unstable; urgency=high * Non-maintainer upload (tnx djpig). * CAN-2005-1391: Fix possible buffer overflow in the add_port function which could be triggered by a long Host: header from a remote host (Closes: #307852) -- Joey Hess Mon, 27 Jun 2005 14:13:42 -0400 pound (1.8.2-1) unstable; urgency=low * New upstream version, closes: #285357 - This supposedly also fixes some SSL issues and closes 263578 * Added myself to uploaders, I will try to look after the package as long as Sam is too busy. * Increased MAXBUF, closes: #293915 -- Michael Piefel Tue, 22 Mar 2005 09:45:58 +0100 pound (1.7-1) unstable; urgency=high * New upstream *SECURITY* release * Resolves bugtraq id 10267 (Input Validation Error) -- Sam Johnston Wed, 19 May 2004 09:09:39 +1000 pound (1.5-2) unstable; urgency=medium * Removed --pidfile argument to start-stop-daemon in init script. Closes: #222885. -- Sam Johnston Thu, 5 Feb 2004 01:50:07 +1100 pound (1.5-1) unstable; urgency=low * New upstream release * Changing priority from optional to extra. -- Sam Johnston Fri, 24 Oct 2003 17:13:59 +1000 pound (1.4-3) unstable; urgency=low * Changing priority back to optional while waiting for override update. -- Sam Johnston Mon, 13 Oct 2003 18:07:22 +1000 pound (1.4-2) unstable; urgency=low * New maintainer * Changing priority from optional to extra. -- Sam Johnston Mon, 13 Oct 2003 16:51:57 +1000 pound (1.4-1.1) unstable; urgency=low * Non-maintainer upload * Removes templates file as debconf is not used. Closes: #208064, #208392. * Adds init.d script. Closes: #207689. * Added version (0.9.7) for libssl-dev to resolve engine related compile errors. * Sets default config file location to /etc/pound/pound.cfg * Includes minimal example pound.cfg (courtesy gentoo-portage) * Fixed broken paths in manpage. * Adds /etc/default/pound file to prevent unconfigured startup. -- Sam Johnston Sat, 11 Oct 2003 14:12:13 +1000 pound (1.4-1) unstable; urgency=low * Initial release. -- Norbert Tretkowski Sun, 03 Aug 2003 12:20:27 +0200