lp:ubuntu/vivid/haproxy

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/vivid/haproxy
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

27. By Vincent Bernat

* New upstream stable release including the following fixes:
    - BUG/MAJOR: stream-int: properly check the memory allocation return
    - BUG/MEDIUM: sample: fix random number upper-bound
    - BUG/MEDIUM: patterns: previous fix was incomplete
    - BUG/MEDIUM: payload: ensure that a request channel is available
    - BUG/MEDIUM: tcp-check: don't rely on random memory contents
    - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
    - BUG/MEDIUM: config: do not propagate processes between stopped
                  processes
    - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
    - BUG/MEDIUM: compression: correctly report zlib_mem
* Upload to experimental.

26. By Vincent Bernat

* Cherry-pick the following patches from 1.5.9 release:
    - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
                              of memory
    - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
                               list.
    - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
                               parsing address information
    - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
    - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
                               ssl healthchecks
    - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
    - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
                               segfault in case of OOM.
* Cherry-pick the following patches from future 1.5.10 release:
    - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
                               available
    - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete

25. By Vincent Bernat

* New upstream stable release including the following fixes:

   + BUG/MAJOR: buffer: check the space left is enough or not when input
                data in a buffer is wrapped
   + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
   + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
   + BUG/MEDIUM: regex: fix pcre_study error handling
   + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
   + BUG/MINOR: log: fix request flags when keep-alive is enabled
   + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
   + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
* Also includes the following new features:
   + MINOR: ssl: add statement to force some ssl options in global.
   + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
            formatted certs
* Disable SSLv3 in the default configuration file.

24. By Serge Hallyn

haproxy.init: return 0 on stop if haproxy was not running. (LP: #1038139)

23. By Vincent Bernat

* New upstream version.
  + Fix a critical bug that, under certain unlikely conditions, allows a
    client to crash haproxy.
* Prefix rsyslog configuration file to ensure to log only to
  /var/log/haproxy. Thanks to Paul Bourke for the patch.

22. By Apollon Oikonomopoulos <email address hidden>

* New upstream stable release, fixing the following issues:
  + Memory corruption when building a proxy protocol v2 header
  + Memory leak in SSL DHE key exchange

21. By Apollon Oikonomopoulos <email address hidden>

* New upstream stable release. Important fixes:
  + A few sample fetch functions when combined in certain ways would return
    malformed results, possibly crashing the HAProxy process.
  + Hash-based load balancing and http-send-name-header would fail for
    requests which contain a body which starts to be forwarded before the
    data is used.

20. By Apollon Oikonomopoulos <email address hidden>

* New upstream stable release:
  + Fix a file descriptor leak for clients that disappear before connecting.
  + Do not staple expired OCSP responses.

19. By Apollon Oikonomopoulos <email address hidden>

* New upstream stable series. Notable changes since the 1.4 series:
  + Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
  + IPv6 and UNIX sockets are supported everywhere
  + End-to-end HTTP keep-alive for better support of NTLM and improved
    efficiency in static farms
  + HTTP/1.1 response compression (deflate, gzip) to save bandwidth
  + PROXY protocol versions 1 and 2 on both sides
  + Data sampling on everything in request or response, including payload
  + ACLs can use any matching method with any input sample
  + Maps and dynamic ACLs updatable from the CLI
  + Stick-tables support counters to track activity on any input sample
  + Custom format for logs, unique-id, header rewriting, and redirects
  + Improved health checks (SSL, scripted TCP, check agent, ...)
  + Much more scalable configuration supports hundreds of thousands of
    backends and certificates without sweating

* Upload to unstable, merge all 1.5 work from experimental. Most important
  packaging changes since 1.4.25-1 include:
  + systemd support.
  + A more sane default config file.
  + Zero-downtime upgrades between 1.5 releases by gracefully reloading
    HAProxy during upgrades.
  + HTML documentation shipped in the haproxy-doc package.
  + kqueue support for kfreebsd.

* Packaging changes since 1.5~dev26-2:
  + Drop patches merged upstream:
    o Fix-reference-location-in-manpage.patch
    o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
  + d/watch: look for stable 1.5 releases
  + systemd: respect CONFIG and EXTRAOPTS when specified in
    /etc/default/haproxy.
  + initscript: test the configuration before start or reload.
  + initscript: remove the ENABLED flag and logic.

18. By Prach Pongpanich

[ Prach Pongpanich ]
* New upstream version.
* Update watch file to use the source page.
* Bump Standards-Version to 3.9.5.

[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.

[ Apollon Oikonomopoulos ]
* Require syslog to be operational before starting. Closes: #726323.
* Document how to bind non-local IPv6 addresses.
* Add a reference to configuration.txt.gz to the manpage.
* debian/copyright: synchronize with source.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/wily/haproxy
This branch contains Public information 
Everyone can see this information.

Subscribers