Publishing details
Changelog
haproxy (1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1) trusty-backports; urgency=medium
* No-change backport to trusty (LP: #1494141)
haproxy (1.5.14-1ubuntu0.15.10.1) wily; urgency=medium
* Ensure that haproxy processes are terminated correctly when executing
stop/restart operations, easing backports to pre-systemd versions of
Ubuntu (LP: #1477198, #1481737).
haproxy (1.5.14-1) unstable; urgency=high
* New upstream version. Fix an information leak (CVE-2015-3281):
- BUG/MAJOR: buffers: make the buffer_slow_realign() function
respect output data.
* Add $named as a dependency for init script. Closes: #790638.
haproxy (1.5.13-1) unstable; urgency=medium
* New upstream stable release including the following fixes:
- MAJOR: peers: allow peers section to be used with nbproc > 1
- BUG/MAJOR: checks: always check for end of list before proceeding
- MEDIUM: ssl: replace standards DH groups with custom ones
- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
- BUG/MEDIUM: cfgparse: segfault when userlist is misused
- BUG/MEDIUM: stats: properly initialize the scope before dumping stats
- BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
except for tunnels
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
- BUG/MEDIUM: peers: apply a random reconnection timeout
- BUG/MEDIUM: config: properly compute the default number of processes
for a proxy
haproxy (1.5.12-1) unstable; urgency=medium
* New upstream stable release including the following fixes:
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
- BUG/MAJOR: http: prevent risk of reading past end with balance
url_param
- BUG/MEDIUM: Do not consider an agent check as failed on L7 error
- BUG/MEDIUM: patern: some entries are not deleted with case
insensitive match
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- BUG/MEDIUM: http: thefunction "(req|res)-replace-value" doesn't
respect the HTTP syntax
- BUG/MEDIUM: peers: correctly configure the client timeout
- BUG/MEDIUM: http: hdr_cnt would not count any header when called
without name
- BUG/MEDIUM: listener: don't report an error when resuming unbound
listeners
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is
nullified
- BUG/MEDIUM: http: remove content-length from chunked messages
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to
HTTP/1.1
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad
request
- BUG/MEDIUM: http: remove content-length form responses with bad
transfer-encoding
- BUG/MEDIUM: http: wait for the exact amount of body bytes in
wait_for_request_body
haproxy (1.5.11-2) unstable; urgency=medium
* Upload to unstable.
haproxy (1.5.11-1) experimental; urgency=medium
* New upstream stable release including the following fixes:
- BUG/MAJOR: log: don't try to emit a log if no logger is set
- BUG/MEDIUM: backend: correctly detect the domain when
use_domain_only is used
- BUG/MEDIUM: Do not set agent health to zero if server is disabled
in config
- BUG/MEDIUM: Only explicitly report "DOWN (agent)" if the agent health
is zero
- BUG/MEDIUM: http: fix header removal when previous header ends with
pure LF
- BUG/MEDIUM: channel: fix possible integer overflow on reserved size
computation
- BUG/MEDIUM: channel: don't schedule data in transit for leaving until
connected
- BUG/MEDIUM: http: make http-request set-header compute the string
before removal
* Upload to experimental.
haproxy (1.5.10-1) experimental; urgency=medium
* New upstream stable release including the following fixes:
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MEDIUM: config: do not propagate processes between stopped
processes
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MEDIUM: compression: correctly report zlib_mem
* Upload to experimental.
haproxy (1.5.9-1) experimental; urgency=medium
* New upstream stable release including the following fixes:
- BUG/MAJOR: sessions: unlink session from list on out
of memory
- BUG/MEDIUM: pattern: don't load more than once a pattern
list.
- BUG/MEDIUM: connection: sanitize PPv2 header length before
parsing address information
- BUG/MAJOR: frontend: initialize capture pointers earlier
- BUG/MEDIUM: checks: fix conflicts between agent checks and
ssl healthchecks
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- BUG/MEDIUM: ssl: fix bad ssl context init can cause
segfault in case of OOM.
* Upload to experimental.
haproxy (1.5.8-3) unstable; urgency=medium
* Remove RC4 from the default cipher string shipped in configuration.
haproxy (1.5.8-2) unstable; urgency=medium
* Cherry-pick the following patches from 1.5.9 release:
- 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
of memory
- bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
list.
- 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
parsing address information
- 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
- 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
ssl healthchecks
- 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
segfault in case of OOM.
* Cherry-pick the following patches from future 1.5.10 release:
- 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
available
- bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete
haproxy (1.5.8-1) unstable; urgency=medium
* New upstream stable release including the following fixes:
+ BUG/MAJOR: buffer: check the space left is enough or not when input
data in a buffer is wrapped
+ BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
+ BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
+ BUG/MEDIUM: regex: fix pcre_study error handling
+ BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
+ BUG/MINOR: log: fix request flags when keep-alive is enabled
+ BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
+ BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
* Also includes the following new features:
+ MINOR: ssl: add statement to force some ssl options in global.
+ MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
formatted certs
* Disable SSLv3 in the default configuration file.
haproxy (1.5.6-1) unstable; urgency=medium
* New upstream stable release including the following fixes:
+ BUG/MEDIUM: systemd: set KillMode to 'mixed'
+ MINOR: systemd: Check configuration before start
+ BUG/MEDIUM: config: avoid skipping disabled proxies
+ BUG/MINOR: config: do not accept more track-sc than configured
+ BUG/MEDIUM: backend: fix URI hash when a query string is present
* Drop systemd patches:
+ haproxy.service-also-check-on-start.patch
+ haproxy.service-set-killmode-to-mixed.patch
* Refresh other patches.
haproxy (1.5.5-1) unstable; urgency=medium
[ Vincent Bernat ]
* initscript: use start-stop-daemon to reliably terminate all haproxy
processes. Also treat stopping a non-running haproxy as success.
(Closes: #762608, LP: #1038139)
[ Apollon Oikonomopoulos ]
* New upstream stable release including the following fixes:
+ DOC: Address issue where documentation is excluded due to a gitignore
rule.
+ MEDIUM: Improve signal handling in systemd wrapper.
+ BUG/MINOR: config: don't propagate process binding for dynamic
use_backend
+ MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
+ DOC: clearly state that the "show sess" output format is not fixed
+ MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
+ DOC: indicate in the doc that track-sc* can wait if data are missing
+ MEDIUM: http: enable header manipulation for 101 responses
+ BUG/MEDIUM: config: propagate frontend to backend process binding again.
+ MEDIUM: config: properly propagate process binding between proxies
+ MEDIUM: config: make the frontends automatically bind to the listeners'
processes
+ MEDIUM: config: compute the exact bind-process before listener's
maxaccept
+ MEDIUM: config: only warn if stats are attached to multi-process bind
directives
+ MEDIUM: config: report it when tcp-request rules are misplaced
+ MINOR: config: detect the case where a tcp-request content rule has no
inspect-delay
+ MEDIUM: systemd-wrapper: support multiple executable versions and names
+ BUG/MEDIUM: remove debugging code from systemd-wrapper
+ BUG/MEDIUM: http: adjust close mode when switching to backend
+ BUG/MINOR: config: don't propagate process binding on fatal errors.
+ BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
+ BUG/MINOR: tcp-check: report the correct failed step in the status
+ DOC: indicate that weight zero is reported as DRAIN
* Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the
systemctl stop action conflicting with the systemd wrapper now catching
SIGTERM.
* Bump standards to 3.9.6; no changes needed.
* haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org.
* d/copyright: move debian/dconv/* paragraph after debian/*, so that it
actually matches the files it is supposed to.
-- Iain Lane <email address hidden> Mon, 08 Feb 2016 15:09:20 +0000
Builds
Built packages
-
haproxy
fast and reliable load balancing reverse proxy
-
haproxy-dbg
fast and reliable load balancing reverse proxy (debug symbols)
-
haproxy-dbgsym
debug symbols for package haproxy
-
haproxy-doc
fast and reliable load balancing reverse proxy (HTML documentation)
-
vim-haproxy
syntax highlighting for HAProxy configuration files
Package files