lp:ubuntu/vivid/haproxy
- Get this branch:
- bzr branch lp:ubuntu/vivid/haproxy
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 27. By Vincent Bernat
-
* New upstream stable release including the following fixes:
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MEDIUM: config: do not propagate processes between stopped
processes
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MEDIUM: compression: correctly report zlib_mem
* Upload to experimental. - 26. By Vincent Bernat
-
* Cherry-pick the following patches from 1.5.9 release:
- 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
of memory
- bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
list.
- 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
parsing address information
- 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
- 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
ssl healthchecks
- 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
segfault in case of OOM.
* Cherry-pick the following patches from future 1.5.10 release:
- 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
available
- bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete - 25. By Vincent Bernat
-
* New upstream stable release including the following fixes:
+ BUG/MAJOR: buffer: check the space left is enough or not when input
data in a buffer is wrapped
+ BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
+ BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
+ BUG/MEDIUM: regex: fix pcre_study error handling
+ BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
+ BUG/MINOR: log: fix request flags when keep-alive is enabled
+ BUG/MAJOR: cli: explicitly call cli_release_handler( ) upon error
+ BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
* Also includes the following new features:
+ MINOR: ssl: add statement to force some ssl options in global.
+ MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
formatted certs
* Disable SSLv3 in the default configuration file. - 23. By Vincent Bernat
-
* New upstream version.
+ Fix a critical bug that, under certain unlikely conditions, allows a
client to crash haproxy.
* Prefix rsyslog configuration file to ensure to log only to
/var/log/haproxy. Thanks to Paul Bourke for the patch. - 22. By Apollon Oikonomopoulos <email address hidden>
-
* New upstream stable release, fixing the following issues:
+ Memory corruption when building a proxy protocol v2 header
+ Memory leak in SSL DHE key exchange - 21. By Apollon Oikonomopoulos <email address hidden>
-
* New upstream stable release. Important fixes:
+ A few sample fetch functions when combined in certain ways would return
malformed results, possibly crashing the HAProxy process.
+ Hash-based load balancing and http-send-name-header would fail for
requests which contain a body which starts to be forwarded before the
data is used. - 20. By Apollon Oikonomopoulos <email address hidden>
-
* New upstream stable release:
+ Fix a file descriptor leak for clients that disappear before connecting.
+ Do not staple expired OCSP responses. - 19. By Apollon Oikonomopoulos <email address hidden>
-
* New upstream stable series. Notable changes since the 1.4 series:
+ Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
+ IPv6 and UNIX sockets are supported everywhere
+ End-to-end HTTP keep-alive for better support of NTLM and improved
efficiency in static farms
+ HTTP/1.1 response compression (deflate, gzip) to save bandwidth
+ PROXY protocol versions 1 and 2 on both sides
+ Data sampling on everything in request or response, including payload
+ ACLs can use any matching method with any input sample
+ Maps and dynamic ACLs updatable from the CLI
+ Stick-tables support counters to track activity on any input sample
+ Custom format for logs, unique-id, header rewriting, and redirects
+ Improved health checks (SSL, scripted TCP, check agent, ...)
+ Much more scalable configuration supports hundreds of thousands of
backends and certificates without sweating* Upload to unstable, merge all 1.5 work from experimental. Most important
packaging changes since 1.4.25-1 include:
+ systemd support.
+ A more sane default config file.
+ Zero-downtime upgrades between 1.5 releases by gracefully reloading
HAProxy during upgrades.
+ HTML documentation shipped in the haproxy-doc package.
+ kqueue support for kfreebsd.* Packaging changes since 1.5~dev26-2:
+ Drop patches merged upstream:
o Fix-reference-location- in-manpage. patch
o 0001-BUILD-stats-workaroun d-stupid- and-bogus- Werror- forma.patch
+ d/watch: look for stable 1.5 releases
+ systemd: respect CONFIG and EXTRAOPTS when specified in
/etc/default/ haproxy.
+ initscript: test the configuration before start or reload.
+ initscript: remove the ENABLED flag and logic. - 18. By Prach Pongpanich
-
[ Prach Pongpanich ]
* New upstream version.
* Update watch file to use the source page.
* Bump Standards-Version to 3.9.5.[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.[ Apollon Oikonomopoulos ]
* Require syslog to be operational before starting. Closes: #726323.
* Document how to bind non-local IPv6 addresses.
* Add a reference to configuration.txt.gz to the manpage.
* debian/copyright: synchronize with source.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/haproxy