]>
granicus.if.org Git - pgbouncer/log
secwall [Sat, 10 Jun 2017 10:45:35 +0000 (13:45 +0300)]
Free user_name and db_name in hba rule_free to avoid memory leak on hba file reload
Petr Jelinek [Tue, 24 Jan 2017 19:59:13 +0000 (20:59 +0100)]
Merge pull request #178 from marco44/master
Add paused and disabled field to the SHOW DATABASES command
Marc Cousin [Tue, 24 Jan 2017 15:25:54 +0000 (16:25 +0100)]
Add paused and disabled field on the show databases command
Marko Kreen [Tue, 27 Dec 2016 15:06:38 +0000 (17:06 +0200)]
Merge pull request #157 from anayrat/master
Mention auth_user in pgbouncer.ini example
Marko Kreen [Tue, 27 Dec 2016 14:43:08 +0000 (16:43 +0200)]
Merge pull request #171 from macobo/patch-1
Improve build instructions
Marko Kreen [Tue, 20 Dec 2016 10:39:25 +0000 (12:39 +0200)]
doc: auth_query - mention that function is run in target db
Marko Kreen [Sat, 17 Dec 2016 11:10:04 +0000 (13:10 +0200)]
Upgrade libusual
Mainly to get OpenSSL 1.1 fixes
Fixes: #159
Karl-Aksel Puulmann [Fri, 16 Dec 2016 12:15:13 +0000 (14:15 +0200)]
Improve build instructions
Ran into this when building a docker image.
Marko Kreen [Tue, 6 Dec 2016 16:57:44 +0000 (18:57 +0200)]
Merge branch 'master' of https://github.com/pgbouncer/pgbouncer
Marko Kreen [Tue, 6 Dec 2016 16:42:22 +0000 (18:42 +0200)]
console: change server_encoding to UTF8 from SQL_ASCII
cannot see any benefit of keeping SQL_ASCII around here.
Marko Kreen [Tue, 6 Dec 2016 16:40:25 +0000 (18:40 +0200)]
console: use UTF8 instead UNICODE as client_encoding
Seems UTF8 is proper encoding and UNICODE is alias.
Java JDBC driver gets confused by UNICODE.
Fixes: #165
Marko Kreen [Mon, 5 Dec 2016 15:37:44 +0000 (17:37 +0200)]
Merge pull request #137 from waldyrious/patch-1
add license title
Marko Kreen [Mon, 5 Dec 2016 15:27:36 +0000 (17:27 +0200)]
Merge pull request #162 from mhagander/typofix
Fix typo
Magnus Hagander [Tue, 15 Nov 2016 13:45:46 +0000 (14:45 +0100)]
Fix typo
Petr Jelinek [Mon, 7 Nov 2016 18:19:02 +0000 (19:19 +0100)]
Merge pull request #147 from cpatru/issue-141
Don't send ReadyForQuery on main_connection for CancelQuery requests
anayrat [Thu, 27 Oct 2016 08:27:53 +0000 (10:27 +0200)]
Mention auth_user in pgbouncer.ini example
cpatru [Wed, 14 Sep 2016 17:17:40 +0000 (18:17 +0100)]
Don't send ReadyForQuery on main_connection as it may cause clients to get out of sync.
Petr Jelinek [Tue, 25 Oct 2016 15:44:48 +0000 (17:44 +0200)]
Merge pull request #155 from mhagander/pam_thread_fix
Make pam_init happen in the child process when forking
Magnus Hagander [Tue, 25 Oct 2016 15:12:49 +0000 (17:12 +0200)]
Make pam_init happen in the child process when forking
Previously, pam_init would happen in the master process that then
quickly died, rendering pam authentication inoperative.
Waldir Pimenta [Fri, 1 Jul 2016 17:36:59 +0000 (18:36 +0100)]
add license title
It's not strictly required, but it's useful metadata, and part of the recommended license template text (see http://choosealicense.com/licenses/isc/ and https://opensource.org/licenses/isc-license)
Ilya Staheev [Mon, 21 Mar 2016 16:29:08 +0000 (17:29 +0100)]
Add PAM authentication support
Adds support for PAM authentication. Since PAM API is synchronous, this
patch introduces PAM authentication thread which processes the
authentication requests in backgrouns so that the normal poll operations
of the main thread are not blocked.
This feature is turned off by default and has to be enabled by
--with-pam configure parameter.
Author: Ilya Staheev
Reviewed by Marko Kreen and Petr Jelinek
Marko Kreen [Mon, 14 Mar 2016 10:09:07 +0000 (12:09 +0200)]
hba: Skip unparseable lines, keep parsing to the end.
Rejecting whole HBA file on failure seems bad usability.
Show warning but keep parsing.
Fixes #118
Marko Kreen [Sat, 12 Mar 2016 12:31:26 +0000 (14:31 +0200)]
tls: reject client TLS request on unix socket
Marko Kreen [Sat, 12 Mar 2016 12:12:18 +0000 (14:12 +0200)]
tls: do not ask TLS on unix socket
Marko Kreen [Fri, 26 Feb 2016 11:53:32 +0000 (13:53 +0200)]
v1.7.2
Marko Kreen [Fri, 26 Feb 2016 10:24:19 +0000 (12:24 +0200)]
deb: turn on full hardening, needs v9 dh
Marko Kreen [Fri, 26 Feb 2016 08:57:03 +0000 (10:57 +0200)]
Sort tarball files too, just in case.
Marko Kreen [Fri, 26 Feb 2016 08:13:50 +0000 (10:13 +0200)]
Disable cleanup.
Not useful for production loads, only for debugging.
Marko Kreen [Thu, 25 Feb 2016 18:52:39 +0000 (20:52 +0200)]
Revert "Skip cleanup if there is takeover"
This reverts commit
7c03a6c8f8d9ffcc3f0152e74c629213487b6d64 .
Marko Kreen [Wed, 24 Feb 2016 19:15:15 +0000 (21:15 +0200)]
Skip cleanup if there is takeover
Marko Kreen [Wed, 24 Feb 2016 18:28:59 +0000 (20:28 +0200)]
Show TLS backend version
Marko Kreen [Wed, 24 Feb 2016 18:28:46 +0000 (20:28 +0200)]
Sync libusual
Marko Kreen [Wed, 24 Feb 2016 18:12:28 +0000 (20:12 +0200)]
takeover: wait for pidfile to go away
Marko Kreen [Wed, 24 Feb 2016 17:58:31 +0000 (19:58 +0200)]
Missing var declaration.
Marko Kreen [Tue, 23 Feb 2016 10:08:41 +0000 (12:08 +0200)]
Sync libusual
Marko Kreen [Tue, 23 Feb 2016 09:20:43 +0000 (11:20 +0200)]
Proper stale pidfile handling in check_pidfile.
- Don't use remove_pidfile as that also frees value.
- Check for error, exit if failed.
Marko Kreen [Tue, 23 Feb 2016 09:03:44 +0000 (11:03 +0200)]
Merge remote-tracking branch 'main/master'
Marko Kreen [Mon, 22 Feb 2016 08:20:55 +0000 (10:20 +0200)]
Always check for NULL cf_pidfile
It is used before config is loaded.
Marko Kreen [Sun, 21 Feb 2016 15:53:30 +0000 (17:53 +0200)]
Merge pull request #112 from credativ/reproducible
Make build reproducible by dropping DBGVER handling
Christoph Berg [Sun, 21 Feb 2016 14:35:18 +0000 (15:35 +0100)]
Make build reproducible by dropping DBGVER handling
Debian wants debug symbols for all builds (the binaries are stripped by
debhelper's dh_strip), but the "(compiled by...)" information added for
debug builds defeats the goal to make builds reproducible on the binary
level. Fix by dropping the DBGVER information which doesn't serve any
purpose if the build output is byte-identical on rebuild.
https://wiki.debian.org/ReproducibleBuilds
Marko Kreen [Thu, 18 Feb 2016 16:56:47 +0000 (18:56 +0200)]
v1.7.1
Marko Kreen [Thu, 18 Feb 2016 16:36:42 +0000 (18:36 +0200)]
doc: improve auth_user docs
Marko Kreen [Thu, 18 Feb 2016 16:35:53 +0000 (18:35 +0200)]
doc: fix manpage section
Marko Kreen [Thu, 18 Feb 2016 16:35:34 +0000 (18:35 +0200)]
todo cleanup
Marko Kreen [Wed, 17 Feb 2016 15:54:22 +0000 (17:54 +0200)]
libusual: sync, change url
Marko Kreen [Mon, 15 Feb 2016 07:18:36 +0000 (09:18 +0200)]
Sync libusual
Marko Kreen [Sun, 14 Feb 2016 11:57:05 +0000 (13:57 +0200)]
Add TLS options to sample config file.
Marko Kreen [Sun, 14 Feb 2016 11:56:28 +0000 (13:56 +0200)]
optscan: fix doc path
Marko Kreen [Sun, 14 Feb 2016 11:55:15 +0000 (13:55 +0200)]
Rename sslmode "disabled" to "disable" as in libpq
Marko Kreen [Sun, 14 Feb 2016 11:32:16 +0000 (13:32 +0200)]
sbuf: remove unused function
Marko Kreen [Fri, 12 Feb 2016 13:35:03 +0000 (15:35 +0200)]
Sync libusual
Marko Kreen [Fri, 12 Feb 2016 13:34:41 +0000 (15:34 +0200)]
Fix some format warnings under win64
Marko Kreen [Fri, 12 Feb 2016 13:34:11 +0000 (15:34 +0200)]
tags: look deeper under libusual
Marko Kreen [Wed, 10 Feb 2016 18:08:16 +0000 (20:08 +0200)]
doc: Improve server_reset_query description
Based on feedback in #110
Also remove obsolete suggestion for pre-8.3 postgres.
Marko Kreen [Wed, 3 Feb 2016 10:35:09 +0000 (12:35 +0200)]
sbuf: in varify-ca/full checking should not be optional
Marko Kreen [Wed, 3 Feb 2016 10:26:26 +0000 (12:26 +0200)]
Update libusual
Marko Kreen [Tue, 26 Jan 2016 20:52:08 +0000 (22:52 +0200)]
cleanup: proparly free autodbs
Marko Kreen [Tue, 26 Jan 2016 20:39:44 +0000 (22:39 +0200)]
sbuf: define handle_tls_handshake for non-tls build
Fixes: #101
Marko Kreen [Tue, 26 Jan 2016 20:39:29 +0000 (22:39 +0200)]
Upgrade libusual
Marko Kreen [Mon, 25 Jan 2016 12:09:35 +0000 (14:09 +0200)]
Clean allocated memory on exit.
Helps to track potential memory leaks.
Marko Kreen [Mon, 25 Jan 2016 12:08:42 +0000 (14:08 +0200)]
Upgrade libevent
Marko Kreen [Mon, 25 Jan 2016 12:05:19 +0000 (14:05 +0200)]
hba_test: include usual/event.h
Helps to build without real libevent.
Marko Kreen [Mon, 25 Jan 2016 11:00:37 +0000 (13:00 +0200)]
Freeing db may leak host.
Marko Kreen [Mon, 25 Jan 2016 10:53:22 +0000 (12:53 +0200)]
test: make asynctest.c compile again
Marko Kreen [Fri, 18 Dec 2015 18:02:12 +0000 (20:02 +0200)]
v1.7
Marko Kreen [Fri, 4 Dec 2015 13:25:47 +0000 (15:25 +0200)]
Merge pull request #85 from doismellburning/feature/gitignore-tests
.gitignore various test files/dirs
Marko Kreen [Fri, 4 Dec 2015 13:15:10 +0000 (15:15 +0200)]
Add no-dep rule to create manpages if missing.
For building from git where manpages are missing.
Fixes: #82, #94
Marko Kreen [Fri, 4 Dec 2015 12:55:03 +0000 (14:55 +0200)]
hba: initialize struct before opening file
Otherwise is can crash when walking uninitialized list.
Fixes: #95
Marko Kreen [Fri, 4 Dec 2015 10:14:03 +0000 (12:14 +0200)]
sbuf: improved sbuf_loopcnt logic
Simple early exit won't work for TLS as all data
may be in libssl buffers and no network wakeup is coming.
Use special-case event_add() with timeout for postponing.
It might be even improve non-tls case as there could
be specific buffers lengths when even that does
postponing while nothing is coming from network.
Marko Kreen [Thu, 3 Dec 2015 18:53:13 +0000 (20:53 +0200)]
tls: avoid recursive socket loop
TLS handshake may happen immediately without
going though libevent poll. (Loaded CPU with fast
network - local testing). This will lead to
sbuf_main_loop
->sbuf_tls_connect
->SBUF_EV_TLS_READY
->sbuf_continue
->sbuf_main_loop
call which finally end up in sbuf_send_pending()
running on JUSTFREE socket which crashes.
To improve things:
* Always perform sbuf_pause before handshake.
Otherwise sbuf_continue can be called on
unpaused socket.
* Move actual handshake out from from sbuf_tls_* functions
to avoid recursive sbuf_main_loop().
Fixes: #97
Marko Kreen [Thu, 3 Dec 2015 18:51:15 +0000 (20:51 +0200)]
configure: make plain --with-cares work
Marko Kreen [Tue, 10 Nov 2015 18:59:26 +0000 (20:59 +0200)]
Build on win32
Marko Kreen [Tue, 10 Nov 2015 18:08:15 +0000 (20:08 +0200)]
Update news
Marko Kreen [Tue, 10 Nov 2015 18:08:08 +0000 (20:08 +0200)]
Update authors
Marko Kreen [Mon, 9 Nov 2015 13:08:34 +0000 (15:08 +0200)]
readme: add links to CVE-s
Marko Kreen [Sun, 8 Nov 2015 10:36:33 +0000 (12:36 +0200)]
Increase pkt_buf to 4k
Apparently (#87) TLS performs better with larger buffer.
The behaviour is probably load-specific, but it should be
safe to do as since v1.2 the packet buffers are split
from connections and used lazily from pool.
In fact the pkt_buf should have been increased in v1.2.
Marko Kreen [Fri, 6 Nov 2015 17:56:10 +0000 (19:56 +0200)]
Postpone change of expect_rfq_count
When changed too early and client socket is paused,
then packet will processed again when socket is woken
up and expect_rfq_count will be too high.
Marko Kreen [Tue, 3 Nov 2015 10:44:46 +0000 (12:44 +0200)]
Import ssl test data into git
Marko Kreen [Tue, 3 Nov 2015 10:41:02 +0000 (12:41 +0200)]
Merge remote-tracking branch 'main/master'
Marko Kreen [Mon, 2 Nov 2015 18:39:44 +0000 (20:39 +0200)]
v1.7rc1
Marko Kreen [Mon, 2 Nov 2015 18:53:19 +0000 (20:53 +0200)]
Add missing files to 'make dist'
Marko Kreen [Mon, 2 Nov 2015 16:11:09 +0000 (18:11 +0200)]
Update libusual
Kristian Glass [Mon, 26 Oct 2015 21:32:00 +0000 (21:32 +0000)]
.gitignore various test files/dirs
Petr Jelinek [Sun, 18 Oct 2015 03:11:44 +0000 (05:11 +0200)]
Merge pull request #76 from ChristophBerg/patch-1
Fix typo in pgbouncer.ini
Marko Kreen [Mon, 12 Oct 2015 07:44:18 +0000 (10:44 +0300)]
Merge remote-tracking branch 'main/master'
Marko Kreen [Mon, 12 Oct 2015 07:43:38 +0000 (10:43 +0300)]
Merge pull request #80 from sammcj/master
Document version requirement for hba auth_type
Sam [Sun, 11 Oct 2015 23:17:37 +0000 (10:17 +1100)]
Document version requirement for hba auth_type
Relates to:
* https://github.com/pgbouncer/pgbouncer/issues/77
* https://github.com/pgbouncer/pgbouncer/issues/70
Christoph Berg [Wed, 7 Oct 2015 13:08:08 +0000 (15:08 +0200)]
Fix typo in pgbouncer.ini
Marko Kreen [Tue, 15 Sep 2015 21:14:21 +0000 (00:14 +0300)]
Sync with TLS API changes
Marko Kreen [Thu, 3 Sep 2015 20:04:15 +0000 (23:04 +0300)]
Update news
Marko Kreen [Thu, 3 Sep 2015 14:17:41 +0000 (17:17 +0300)]
Set query_wait_timeout to 120s by default.
Current default (0) causes infinite queuing,
which is not useful.
Fixes: #46, #48
Marko Kreen [Thu, 3 Sep 2015 14:17:27 +0000 (17:17 +0300)]
Update todo
Marko Kreen [Thu, 3 Sep 2015 13:05:59 +0000 (16:05 +0300)]
test.sh: add tests for auth_user
Marko Kreen [Thu, 3 Sep 2015 12:21:24 +0000 (15:21 +0300)]
Remove too early set of auth_user
When query returns 0 rows (user not found),
this user stays as login user...
Should fix #69.
Marko Kreen [Thu, 3 Sep 2015 12:20:52 +0000 (15:20 +0300)]
Fix server_reset_query_always declaration
Marko Kreen [Wed, 2 Sep 2015 13:04:43 +0000 (16:04 +0300)]
Sync libusual
Marko Kreen [Mon, 31 Aug 2015 16:58:06 +0000 (19:58 +0300)]
server_reset_query_always
Do not use server_reset_query for non-session pools.
New setting `server_reset_query_always` to restore
old behaviour. 1.6 will also have this setting
but with different default perhaps.
Marko Kreen [Mon, 31 Aug 2015 16:33:03 +0000 (19:33 +0300)]
Merge remote-tracking branch 'main/master'
Marko Kreen [Mon, 31 Aug 2015 16:31:28 +0000 (19:31 +0300)]
console: Fill auth_user when auth_type=any.
Otherwise logging can crash (#67).
Marko Kreen [Mon, 31 Aug 2015 16:26:20 +0000 (19:26 +0300)]
Sync again