Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1536328485263430"
MIME-Version: 1.0
Date: Fri, 7 Sep 2018 13:54:45 +0000
From: "Filip Hajny" <fhajny@netbsd.org>
Subject: CVS commit: pkgsrc/security/hitch
To: pkgsrc-changes@NetBSD.org
Reply-To: fhajny@netbsd.org
Message-Id: <20180907135445.DA532FBF8@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1536328485263430
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	fhajny
Date:		Fri Sep  7 13:54:45 UTC 2018

Modified Files:
	pkgsrc/security/hitch: Makefile distinfo
	pkgsrc/security/hitch/patches: patch-hitch.conf.example

Log Message:
security/hitch: Update to 1.4.8.

hitch-1.4.8 (2018-04-19)
------------------------

- Reworked the dynamic backend bits.
- Update docs to recommend running Hitch as a separate non-privileged
  user.

hitch-1.4.7 (2018-01-11)
------------------------

- Massive test suite refactor and update.
- Fix OpenBSD/FreeBSD/POSIX portability issues: restrict fstat(1) to
  OpenBSD, bring sockstat(1) support back, drop pathchk(1) usage in
  the test suite, switch from sockstat(1) to fstat(1)
- Add an OCSP refresh timeout parameter
- Autotools polish
- Random usage of config section if reduntant
- Support for separate key files
- Fix logging to syslog even when set to syslog = off
- Making log-filename, recv-bufsize and send-bufsize parameters
  available though command line and config file.
- Fix: global backaddr is assumed to be static
- Add support for session-cache in config file and as cmdline option
- Plug file descriptor leak: killing worker processes would leave the
  pipe's write end open, leaking one file descriptor per worker upon
  reload


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/hitch/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/hitch/distinfo
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/security/hitch/patches/patch-hitch.conf.example

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1536328485263430
Content-Disposition: inline
Content-Length: 3376
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/hitch/Makefile
diff -u pkgsrc/security/hitch/Makefile:1.6 pkgsrc/security/hitch/Makefile:1.7
--- pkgsrc/security/hitch/Makefile:1.6	Wed Jun 14 13:28:57 2017
+++ pkgsrc/security/hitch/Makefile	Fri Sep  7 13:54:45 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.6 2017/06/14 13:28:57 fhajny Exp $
+# $NetBSD: Makefile,v 1.7 2018/09/07 13:54:45 fhajny Exp $
 
-DISTNAME=	hitch-1.4.6
+DISTNAME=	hitch-1.4.8
 CATEGORIES=	security
 MASTER_SITES=	https://hitch-tls.org/source/
 

Index: pkgsrc/security/hitch/distinfo
diff -u pkgsrc/security/hitch/distinfo:1.7 pkgsrc/security/hitch/distinfo:1.8
--- pkgsrc/security/hitch/distinfo:1.7	Mon Jul  3 13:03:02 2017
+++ pkgsrc/security/hitch/distinfo	Fri Sep  7 13:54:45 2018
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.7 2017/07/03 13:03:02 joerg Exp $
+$NetBSD: distinfo,v 1.8 2018/09/07 13:54:45 fhajny Exp $
 
-SHA1 (hitch-1.4.6.tar.gz) = 4dbf533706129bfd7a45f6dff020e2ba281a4abc
-RMD160 (hitch-1.4.6.tar.gz) = eb576b1b878d7184c3dc143c8b4d954e52ec03c3
-SHA512 (hitch-1.4.6.tar.gz) = e1dbbbeda4cfcd2d8afeba94f48bc7094e767aa9d18c778cee994c9bf5508cd503a99dc23cbe327df0e042e86d57d8d60f36143f9c1545f2f98ba5b9d6511842
-Size (hitch-1.4.6.tar.gz) = 308210 bytes
-SHA1 (patch-hitch.conf.example) = 1c922c2e294362ef009ff60bfe43f746de596087
+SHA1 (hitch-1.4.8.tar.gz) = 70833f7e9928c6e66f1c9d110c3aca1e1a999738
+RMD160 (hitch-1.4.8.tar.gz) = 3e7425cbdb1242d5f4689ecf3ec9145e46024cfb
+SHA512 (hitch-1.4.8.tar.gz) = 4225391822c6e223e795bbc4756d55dcd8d16f61b42cf1e336205ae0707c1ba1f86b4c0be1457695d0f0ad4ec1906fdacb46cdd0dbbe50d00385380a9cbad617
+Size (hitch-1.4.8.tar.gz) = 297107 bytes
+SHA1 (patch-hitch.conf.example) = 21840c6028994953d9b05632c55f2da81fd817b0
 SHA1 (patch-src_configuration.c) = 030ba883e99b1ce0ab13d54952dd53a94ff16cbd

Index: pkgsrc/security/hitch/patches/patch-hitch.conf.example
diff -u pkgsrc/security/hitch/patches/patch-hitch.conf.example:1.2 pkgsrc/security/hitch/patches/patch-hitch.conf.example:1.3
--- pkgsrc/security/hitch/patches/patch-hitch.conf.example:1.2	Mon Jan  9 13:02:20 2017
+++ pkgsrc/security/hitch/patches/patch-hitch.conf.example	Fri Sep  7 13:54:45 2018
@@ -1,10 +1,10 @@
-$NetBSD: patch-hitch.conf.example,v 1.2 2017/01/09 13:02:20 fhajny Exp $
+$NetBSD: patch-hitch.conf.example,v 1.3 2018/09/07 13:54:45 fhajny Exp $
 
 Sane default options.
 
---- hitch.conf.example.orig	2016-11-14 13:13:10.000000000 +0000
+--- hitch.conf.example.orig	2018-04-19 09:02:26.000000000 +0000
 +++ hitch.conf.example
-@@ -2,15 +2,15 @@
+@@ -2,7 +2,7 @@
  
  
  frontend = {
@@ -13,17 +13,18 @@ Sane default options.
      port = "443"
  }
  backend = "[127.0.0.1]:6086"    # 6086 is the default Varnish PROXY port.
- workers = 4                     # number of CPU cores
+@@ -12,8 +12,8 @@ daemon = on
  
- daemon = on
--user = "nobody"
--group = "nogroup"
+ # We strongly recommend you create a separate non-privileged hitch
+ # user and group
+-user = "hitch"
+-group = "hitch"
 +user = "@HITCH_USER@"
 +group = "@HITCH_GROUP@"
  
  # Enable to let clients negotiate HTTP/2 with ALPN. (default off)
- # alpn-protos = "http/2, http/1.1"
-@@ -18,4 +18,6 @@ group = "nogroup"
+ # alpn-protos = "h2, http/1.1"
+@@ -21,4 +21,6 @@ group = "hitch"
  # run Varnish as backend over PROXY; varnishd -a :80 -a localhost:6086,PROXY ..
  write-proxy-v2 = on             # Write PROXY header
  

--_----------=_1536328485263430--