lp:debian/haproxy

Created by James Westby on 2009-07-27 and last modified on 2015-07-03
Get this branch:
bzr branch lp:debian/haproxy
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

32. By Vincent Bernat on 2015-07-03

* New upstream version. Fix an information leak (CVE-2015-3281):
  - BUG/MAJOR: buffers: make the buffer_slow_realign() function
               respect output data.
* Add $named as a dependency for init script. Closes: #790638.

31. By Vincent Bernat on 2015-06-27

* New upstream stable release including the following fixes:
  - MAJOR: peers: allow peers section to be used with nbproc > 1
  - BUG/MAJOR: checks: always check for end of list before proceeding
  - MEDIUM: ssl: replace standards DH groups with custom ones
  - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
  - BUG/MEDIUM: cfgparse: segfault when userlist is misused
  - BUG/MEDIUM: stats: properly initialize the scope before dumping stats
  - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
                except for tunnels
  - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
  - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
  - BUG/MEDIUM: peers: apply a random reconnection timeout
  - BUG/MEDIUM: config: properly compute the default number of processes
                for a proxy

30. By Vincent Bernat on 2015-05-02

* New upstream stable release including the following fixes:
  - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
  - BUG/MAJOR: http: prevent risk of reading past end with balance
               url_param
  - BUG/MEDIUM: Do not consider an agent check as failed on L7 error
  - BUG/MEDIUM: patern: some entries are not deleted with case
                insensitive match
  - BUG/MEDIUM: buffer: one byte miss in buffer free space check
  - BUG/MEDIUM: http: thefunction "(req|res)-replace-value" doesn't
                respect the HTTP syntax
  - BUG/MEDIUM: peers: correctly configure the client timeout
  - BUG/MEDIUM: http: hdr_cnt would not count any header when called
                without name
  - BUG/MEDIUM: listener: don't report an error when resuming unbound
                listeners
  - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
  - BUG/MEDIUM: stream-int: always reset si->ops when si->end is
                nullified
  - BUG/MEDIUM: http: remove content-length from chunked messages
  - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to
                HTTP/1.1
  - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad
                request
  - BUG/MEDIUM: http: remove content-length form responses with bad
                transfer-encoding
  - BUG/MEDIUM: http: wait for the exact amount of body bytes in
                wait_for_request_body

29. By Vincent Bernat on 2015-04-26

Upload to unstable.

28. By Vincent Bernat on 2015-02-27

Remove RC4 from the default cipher string shipped in configuration.

27. By Vincent Bernat on 2014-12-07

* Cherry-pick the following patches from 1.5.9 release:
    - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
                              of memory
    - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
                               list.
    - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
                               parsing address information
    - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
    - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
                               ssl healthchecks
    - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
    - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
                               segfault in case of OOM.
* Cherry-pick the following patches from future 1.5.10 release:
    - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
                               available
    - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete

26. By Vincent Bernat on 2014-10-31

* New upstream stable release including the following fixes:

   + BUG/MAJOR: buffer: check the space left is enough or not when input
                data in a buffer is wrapped
   + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
   + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
   + BUG/MEDIUM: regex: fix pcre_study error handling
   + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
   + BUG/MINOR: log: fix request flags when keep-alive is enabled
   + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
   + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
* Also includes the following new features:
   + MINOR: ssl: add statement to force some ssl options in global.
   + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
            formatted certs
* Disable SSLv3 in the default configuration file.

25. By Vincent Bernat on 2014-10-20

* New upstream stable release including the following fixes:
  + BUG/MEDIUM: systemd: set KillMode to 'mixed'
  + MINOR: systemd: Check configuration before start
  + BUG/MEDIUM: config: avoid skipping disabled proxies
  + BUG/MINOR: config: do not accept more track-sc than configured
  + BUG/MEDIUM: backend: fix URI hash when a query string is present
* Drop systemd patches:
  + haproxy.service-also-check-on-start.patch
  + haproxy.service-set-killmode-to-mixed.patch
* Refresh other patches.

24. By Apollon Oikonomopoulos <email address hidden> on 2014-10-08

[ Vincent Bernat ]
* initscript: use start-stop-daemon to reliably terminate all haproxy
  processes. Also treat stopping a non-running haproxy as success.
  (Closes: #762608, LP: #1038139)

[ Apollon Oikonomopoulos ]
* New upstream stable release including the following fixes:
  + DOC: Address issue where documentation is excluded due to a gitignore
    rule.
  + MEDIUM: Improve signal handling in systemd wrapper.
  + BUG/MINOR: config: don't propagate process binding for dynamic
    use_backend
  + MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
  + DOC: clearly state that the "show sess" output format is not fixed
  + MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
  + DOC: indicate in the doc that track-sc* can wait if data are missing
  + MEDIUM: http: enable header manipulation for 101 responses
  + BUG/MEDIUM: config: propagate frontend to backend process binding again.
  + MEDIUM: config: properly propagate process binding between proxies
  + MEDIUM: config: make the frontends automatically bind to the listeners'
    processes
  + MEDIUM: config: compute the exact bind-process before listener's
    maxaccept
  + MEDIUM: config: only warn if stats are attached to multi-process bind
    directives
  + MEDIUM: config: report it when tcp-request rules are misplaced
  + MINOR: config: detect the case where a tcp-request content rule has no
    inspect-delay
  + MEDIUM: systemd-wrapper: support multiple executable versions and names
  + BUG/MEDIUM: remove debugging code from systemd-wrapper
  + BUG/MEDIUM: http: adjust close mode when switching to backend
  + BUG/MINOR: config: don't propagate process binding on fatal errors.
  + BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
  + BUG/MINOR: tcp-check: report the correct failed step in the status
  + DOC: indicate that weight zero is reported as DRAIN
* Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the
  systemctl stop action conflicting with the systemd wrapper now catching
  SIGTERM.
* Bump standards to 3.9.6; no changes needed.
* haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org.
* d/copyright: move debian/dconv/* paragraph after debian/*, so that it
  actually matches the files it is supposed to.

23. By Vincent Bernat on 2014-09-02

* New upstream version.
  + Fix a critical bug that, under certain unlikely conditions, allows a
    client to crash haproxy.
* Prefix rsyslog configuration file to ensure to log only to
  /var/log/haproxy. Thanks to Paul Bourke for the patch.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:debian/squeeze/haproxy
This branch contains Public information 
Everyone can see this information.

Subscribers