ubuntu/+source/haproxy:debian/jessie

Last commit made on 2015-09-05
Get this branch:
git clone -b debian/jessie https://git.launchpad.net/ubuntu/+source/haproxy
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/jessie
Repository:
lp:ubuntu/+source/haproxy

Recent commits

f3eb123... by Vincent Bernat on 2015-07-14

Import patches-unapplied version 1.5.8-3+deb8u2 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 6428dd03cd209cb3116c02eb404d297ce4f3a518

New changelog entries:
  * Fix a segfault when parsing a configuration file containing disabled
    proxy sections. Closes: #792116.
      - BUG/MINOR: config: fix typo in condition when propagating
                   process binding
      - BUG/MEDIUM: config: do not propagate processes between
                    stopped processes
  * Fix an information leak. CVE-2015-3281.
      - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect
                   output data

6428dd0... by Vincent Bernat on 2015-02-27

Import patches-unapplied version 1.5.8-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0cd533b2038ec5ab12bc5c8267051a5035c78382

New changelog entries:
  * Remove RC4 from the default cipher string shipped in configuration.

0cd533b... by Vincent Bernat on 2014-12-07

Import patches-unapplied version 1.5.8-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 718cb54f16f78755cf0a56c7da1a2f219750142e

New changelog entries:
  * Cherry-pick the following patches from 1.5.9 release:
      - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
                                of memory
      - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
                                 list.
      - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
                                 parsing address information
      - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
      - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
                                 ssl healthchecks
      - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
      - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
                                 segfault in case of OOM.
  * Cherry-pick the following patches from future 1.5.10 release:
      - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
                                 available
      - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete

718cb54... by Vincent Bernat on 2014-10-31

Import patches-unapplied version 1.5.8-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a6f809499fdf77e8933c11eab9282a697f5f0c03

New changelog entries:
  * New upstream stable release including the following fixes:
     + BUG/MAJOR: buffer: check the space left is enough or not when input
                  data in a buffer is wrapped
     + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
     + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
     + BUG/MEDIUM: regex: fix pcre_study error handling
     + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
     + BUG/MINOR: log: fix request flags when keep-alive is enabled
     + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
     + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
  * Also includes the following new features:
     + MINOR: ssl: add statement to force some ssl options in global.
     + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
              formatted certs
  * Disable SSLv3 in the default configuration file.

a6f8094... by Vincent Bernat on 2014-10-20

Import patches-unapplied version 1.5.6-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cb3c73b6b7faf3fecd0aea558f022d23336f2b05

New changelog entries:
  * New upstream stable release including the following fixes:
    + BUG/MEDIUM: systemd: set KillMode to 'mixed'
    + MINOR: systemd: Check configuration before start
    + BUG/MEDIUM: config: avoid skipping disabled proxies
    + BUG/MINOR: config: do not accept more track-sc than configured
    + BUG/MEDIUM: backend: fix URI hash when a query string is present
  * Drop systemd patches:
    + haproxy.service-also-check-on-start.patch
    + haproxy.service-set-killmode-to-mixed.patch
  * Refresh other patches.

cb3c73b... by Apollon Oikonomopoulos <email address hidden> on 2014-10-08

Import patches-unapplied version 1.5.5-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c906040b143b7c8183b0b19292bd472bbdd74c5d

New changelog entries:
  [ Vincent Bernat ]
  * initscript: use start-stop-daemon to reliably terminate all haproxy
    processes. Also treat stopping a non-running haproxy as success.
    (Closes: #762608, LP: #1038139)
  [ Apollon Oikonomopoulos ]
  * New upstream stable release including the following fixes:
    + DOC: Address issue where documentation is excluded due to a gitignore
      rule.
    + MEDIUM: Improve signal handling in systemd wrapper.
    + BUG/MINOR: config: don't propagate process binding for dynamic
      use_backend
    + MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
    + DOC: clearly state that the "show sess" output format is not fixed
    + MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
    + DOC: indicate in the doc that track-sc* can wait if data are missing
    + MEDIUM: http: enable header manipulation for 101 responses
    + BUG/MEDIUM: config: propagate frontend to backend process binding again.
    + MEDIUM: config: properly propagate process binding between proxies
    + MEDIUM: config: make the frontends automatically bind to the listeners'
      processes
    + MEDIUM: config: compute the exact bind-process before listener's
      maxaccept
    + MEDIUM: config: only warn if stats are attached to multi-process bind
      directives
    + MEDIUM: config: report it when tcp-request rules are misplaced
    + MINOR: config: detect the case where a tcp-request content rule has no
      inspect-delay
    + MEDIUM: systemd-wrapper: support multiple executable versions and names
    + BUG/MEDIUM: remove debugging code from systemd-wrapper
    + BUG/MEDIUM: http: adjust close mode when switching to backend
    + BUG/MINOR: config: don't propagate process binding on fatal errors.
    + BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
    + BUG/MINOR: tcp-check: report the correct failed step in the status
    + DOC: indicate that weight zero is reported as DRAIN
  * Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the
    systemctl stop action conflicting with the systemd wrapper now catching
    SIGTERM.
  * Bump standards to 3.9.6; no changes needed.
  * haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org.
  * d/copyright: move debian/dconv/* paragraph after debian/*, so that it
    actually matches the files it is supposed to.

c906040... by Vincent Bernat on 2014-09-02

Import patches-unapplied version 1.5.4-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 263095c52c1ec09d9a1d31e6b91c636bd5a6588d

New changelog entries:
  * New upstream version.
    + Fix a critical bug that, under certain unlikely conditions, allows a
      client to crash haproxy.
  * Prefix rsyslog configuration file to ensure to log only to
    /var/log/haproxy. Thanks to Paul Bourke for the patch.

263095c... by Apollon Oikonomopoulos <email address hidden> on 2014-07-25

Import patches-unapplied version 1.5.3-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b04a9675e1108dde30274f4fb36b10e6cc6ff23d

New changelog entries:
  * New upstream stable release, fixing the following issues:
    + Memory corruption when building a proxy protocol v2 header
    + Memory leak in SSL DHE key exchange

b04a967... by Apollon Oikonomopoulos <email address hidden> on 2014-07-13

Import patches-unapplied version 1.5.2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ec9bffbd7b0e55314bd875cd3da26d2b1337cb14

New changelog entries:
  * New upstream stable release. Important fixes:
    + A few sample fetch functions when combined in certain ways would return
      malformed results, possibly crashing the HAProxy process.
    + Hash-based load balancing and http-send-name-header would fail for
      requests which contain a body which starts to be forwarded before the
      data is used.

ec9bffb... by Apollon Oikonomopoulos <email address hidden> on 2014-06-24

Import patches-unapplied version 1.5.1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f169248a82ea817b061c073e03879918873026cd

New changelog entries:
  * New upstream stable release:
    + Fix a file descriptor leak for clients that disappear before connecting.
    + Do not staple expired OCSP responses.