Change log for haproxy package in Ubuntu

175 of 77 results
Published in bionic-release on 2017-10-24
Published in artful-release on 2017-09-15
Deleted in artful-proposed (Reason: moved to release)
haproxy (1.7.9-1ubuntu1) artful; urgency=medium

  * Backport of -x option from upstream haproxy to enable seamless
    reloading of haproxy without dropping connections.  This is enabled
    by adding
    " stats socket <stats file> expose-fd listeners
      stats bind-process 1 "
    to the global section of your haproxy config, and
    setting HAPROXY_STATS_SOCKET in the haproxy.service unit file.
    (LP: #1712925)

 -- Dave Chiluk <email address hidden>  Thu, 14 Sep 2017 12:32:36 -0500
Superseded in artful-release on 2017-09-15
Deleted in artful-proposed on 2017-09-16 (Reason: moved to release)
haproxy (1.7.9-1) unstable; urgency=medium

  * New upstream version release (see CHANGELOG):
    - BUG/MAJOR: lua/socket: resources not destroyed when the socket is
                 aborted
    - BUG/MEDIUM: lua: bad memory access
    - BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body
                  length is undefined

 -- Vincent Bernat <email address hidden>  Sat, 19 Aug 2017 12:05:02 +0200

Available diffs

Superseded in artful-release on 2017-08-22
Deleted in artful-proposed on 2017-08-23 (Reason: moved to release)
haproxy (1.7.8-1) unstable; urgency=medium

  * New upstream version release (see CHANGELOG):
    - BUG/MAJOR: cli: fix custom io_release was crushed by NULL.
    - BUG/MAJOR: compression: Be sure to release the compression state in
                 all cases
    - BUG/MAJOR: map: fix segfault during 'show map/acl' on cli.
    - BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both
                  channels
    - BUG/MEDIUM: map/acl: fix unwanted flags inheritance.
  * Bump Standards-Version to 4.0.0. No changes needed.
  * Update d/watch to use https.

 -- Vincent Bernat <email address hidden>  Sat, 08 Jul 2017 08:24:35 +0200

Available diffs

Superseded in artful-release on 2017-07-08
Deleted in artful-proposed on 2017-07-10 (Reason: moved to release)
haproxy (1.7.7-1) unstable; urgency=medium

  * New upstream version release (see CHANGELOG):
    - BUG/MEDIUM: http: Drop the connection establishment when a redirect
                  is performed
    - BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range
                  1..32767

 -- Vincent Bernat <email address hidden>  Mon, 26 Jun 2017 14:06:48 +0200

Available diffs

Superseded in artful-release on 2017-06-27
Deleted in artful-proposed on 2017-06-28 (Reason: moved to release)
haproxy (1.7.6-1) unstable; urgency=medium

  * New upstream version release (see CHANGELOG):
    - BUG/MAJOR: Use -fwrapv.
    - BUG/MAJOR: http: call manage_client_side_cookies() before erasing
                 the buffer
    - BUG/MAJOR: server: Segfault after parsing server state file.
    - BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
    - BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
    - BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments
                  on error
    - BUG/MEDIUM: lua: memory leak
    - BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return
                  anything
    - BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
    - BUG/MEDIUM: unix: never unlink a unix socket from the file system

 -- Vincent Bernat <email address hidden>  Sun, 18 Jun 2017 12:34:40 +0200

Available diffs

Superseded in artful-release on 2017-06-19
Deleted in artful-proposed on 2017-06-21 (Reason: moved to release)
haproxy (1.7.5-2) unstable; urgency=medium

  * Enable getaddrinfo() support, allowing resolution of hostnames to IPv6
    addresses (Closes: #862780). Thanks to Anton Eliasson
    <email address hidden>!

 -- Apollon Oikonomopoulos <email address hidden>  Wed, 17 May 2017 13:01:45 +0300

Available diffs

Superseded in artful-release on 2017-05-31
Deleted in artful-proposed on 2017-06-01 (Reason: moved to release)
haproxy (1.7.5-1) unstable; urgency=medium

  * New upstream version release (see CHANGELOG):
    - BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
    - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
    - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is
      enabled

 -- Apollon Oikonomopoulos <email address hidden>  Tue, 04 Apr 2017 14:25:38 +0300

Available diffs

Superseded in artful-release on 2017-04-30
Published in zesty-release on 2017-01-13
Deleted in zesty-proposed (Reason: moved to release)
haproxy (1.7.2-1) unstable; urgency=medium

  * New upstream release (see CHANGELOG):
    + Fix a regression whereby fragmented requests were randomly flagged as
      bad requests depending on previous buffer contents; this was noticable
      under low load with authenticated requests.
    + Fix dynamic address resolution for IPv6-only hosts.
    + Make sure SSL sessions are not reused when the SNI changes. This makes
      SNI and SSL health checks play nice together.
    + Minor improvements:
      - Add the ability to perform actions on multiple servers via the stats
        page.
      - Add the ability to specify a custom HTTP reason field in generated
        responses.
      - New sample fetch function, `fc_rcvd_proxy', indicating wheter the
        PROXY protocol was used on the frontend for a connection or not.

 -- Apollon Oikonomopoulos <email address hidden>  Fri, 13 Jan 2017 14:49:05 +0200

Available diffs

Superseded in zesty-release on 2017-01-13
Deleted in zesty-proposed on 2017-01-15 (Reason: moved to release)
haproxy (1.7.1-1) unstable; urgency=medium

  * New upstream stable release.
  * Upload to unstable.
  * Notable new features since 1.6:
    + SPOE (stream processing offload engine) : ability to delegate some
      slow, unreliable or dangerous processing to external processes.
    + More statistics in the CSV output.
    + Support of directories for config files: if the argument to -f
      is a directory, all files found there are loaded in alphabetical order.
    + It is now possible to set/unset/preset environment variables directly in
      the global section and query them through the CLI.
    + The CLI makes it possible to change a server's address, port, maxconn,
      check address and port at runtime, without reloading haproxy.
    + Support for multiple certificates: different certificates for the same
      domain so that the best one can be picked according to browser support.
      The main use is to be able to deliver ECDSA certificates to clients
      supporting them, without breaking compatibility with older clients.
    + SO_REUSEPORT is now configurable and can be disabled.
    + Updates to the Lua API, including new classes to access many internal
      objects like listeners, servers, proxies etc.
    + Support for a new type of maps consisting of regular expressions with
      replacement values.

 -- Apollon Oikonomopoulos <email address hidden>  Tue, 13 Dec 2016 12:32:32 +0200

Available diffs

Superseded in zesty-release on 2016-12-13
Deleted in zesty-proposed on 2016-12-15 (Reason: moved to release)
haproxy (1.6.10-1) unstable; urgency=medium

  * New upstream release (see CHANGELOG):
    + Fix retransmits in proxy mode and rare cases of unkillable tasks.
    + systemd wrapper: do not leave old processes behind when reloading too
      fast.
    + systemd wrapper: correctly set the status code.
    + Fix two bugs in the peers' task management possibly causing some
      CLOSE_WAIT connection after some rare race conditions.
    + Make SO_REUSEPORT use configurable via the "-dR" command line switch
      or the "noreuseport" config option in the global section.
  * B-D on libssl1.0-dev (Closes: #828337); upstream does not currently
    support OpenSSL 1.1 for the 1.6 series.
  * haproxy: depend on lsb-base for the initscript's use of
    /lib/lsb/init-functions.

 -- Apollon Oikonomopoulos <email address hidden>  Mon, 21 Nov 2016 11:46:16 +0200

Available diffs

Superseded in zesty-release on 2016-11-21
Deleted in zesty-proposed on 2016-11-23 (Reason: moved to release)
haproxy (1.6.9-2) unstable; urgency=medium

  * Enable Linux namespace support.
  * Pass the full Debian version and package release date from d/changelog to
    the build system.
  * initscript: reorder the reload command arguments to always parse EXTRAOPTS
    properly.

 -- Apollon Oikonomopoulos <email address hidden>  Wed, 28 Sep 2016 10:45:43 +0300

Available diffs

Superseded in zesty-release on 2016-11-03
Published in yakkety-release on 2016-08-15
Deleted in yakkety-proposed (Reason: moved to release)
haproxy (1.6.8-1) unstable; urgency=medium

  * New upstream release (see CHANGELOG):
    + BUG/MAJOR: compression: initialize avail_in/next_in even during
      flush
    + BUG/MAJOR: server: the "sni" directive could randomly cause trouble
    + BUG/MAJOR: stick-counters: possible crash when using sc_trackers
      with wrong table

 -- Vincent Bernat <email address hidden>  Sun, 14 Aug 2016 14:17:08 +0200

Available diffs

Superseded in yakkety-release on 2016-08-15
Deleted in yakkety-proposed on 2016-08-16 (Reason: moved to release)
haproxy (1.6.7-1) unstable; urgency=medium

  * New upstream release (see CHANGELOG):
    + BUG/MAJOR: fix use-after-free crash on start
    + BUG/MEDIUM: dns: fix alignment issues in the DNS response parser

 -- Vincent Bernat <email address hidden>  Thu, 14 Jul 2016 08:29:43 +0200

Available diffs

Superseded in yakkety-release on 2016-07-14
Deleted in yakkety-proposed on 2016-07-16 (Reason: moved to release)
haproxy (1.6.6-1) unstable; urgency=medium

  * New upstream release (see CHANGELOG):
    + BUG/MAJOR: fix listening IP address storage for frontends
    + BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
    + BUG/MEDIUM: stick-tables: fix breakage in table converters
    + BUG/MEDIUM: dns: unbreak DNS resolver after header fix
    + BUG/MEDIUM: stats: show servers state may show an servers from another
      backend
    + BUG/MEDIUM: fix risk of segfault with "show tls-keys"
    + BUG/MEDIUM: sticktables: segfault in some configuration error cases
    + BUG/MEDIUM: lua: converters doesn't work
    + BUG/MEDIUM: http: add-header: buffer overwritten
    + BUG/MEDIUM: external-checks: close all FDs right after the fork()
    + BUG/MAJOR: external-checks: use asynchronous signal delivery
  * Drop haproxy.service-check-config-before-reload.patch. Applied
    upstream.

 -- Vincent Bernat <email address hidden>  Tue, 28 Jun 2016 10:13:33 +0200

Available diffs

Published in xenial-updates on 2016-06-20
Published in xenial-security on 2016-06-20
haproxy (1.6.3-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via reqdeny
    - debian/patches/CVE-2016-5360.patch: use temporary variable to store
      status in include/types/proto_http.h, src/proto_http.c.
    - CVE-2016-5360

 -- Marc Deslauriers <email address hidden>  Tue, 14 Jun 2016 09:35:08 +0300
Superseded in yakkety-release on 2016-06-29
Deleted in yakkety-proposed on 2016-06-30 (Reason: moved to release)
haproxy (1.6.5-2) unstable; urgency=high

  * Add a patch to fix CVE-2016-5360. Closes: #826869.
    + BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes

 -- Vincent Bernat <email address hidden>  Sat, 11 Jun 2016 22:23:50 +0200

Available diffs

Superseded in yakkety-release on 2016-06-12
Deleted in yakkety-proposed on 2016-06-13 (Reason: moved to release)
haproxy (1.6.5-1) unstable; urgency=medium

  * New upstream release (see CHANGELOG):
    + BUG/MAJOR: channel: fix miscalculation of available buffer space
    + BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY
      headers
    + BUG/MEDIUM: channel: don't allow to overwrite the reserve until
      connected
    + BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers
    + BUG/MEDIUM: channel: incorrect polling condition may delay event
      delivery
    + BUG/MEDIUM: dns: fix alignment issue when building DNS queries
    + BUG/MEDIUM: fix maxaccept computation on per-process listeners
    + BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are
      present
    + BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from
      dead client
    + BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP
      mode
    + BUG/MEDIUM: lua: protects the upper boundary of the argument list for
      converters/fetches.
    + BUG/MEDIUM: peers: fix incorrect age in frequency counters
    + BUG/MEDIUM: sample: initialize the pointer before parse_binary call.
    + BUG/MEDIUM: stats: show backend may show an empty or incomplete result
    + BUG/MEDIUM: stats: show servers state may show an empty or incomplete
      result
    + BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the
      connection state.
    + BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared
    + BUG/MEDIUM: trace.c: rdtsc() is defined in two files
    + MEDIUM: unblock signals on startup.
  * Bump standards to 3.9.8; no changes needed.

 -- Apollon Oikonomopoulos <email address hidden>  Wed, 11 May 2016 11:07:24 +0300

Available diffs

Superseded in yakkety-release on 2016-05-12
Deleted in yakkety-proposed on 2016-05-13 (Reason: moved to release)
haproxy (1.6.4-3) unstable; urgency=medium

  * d/init: remove support for dynamic script name. This enable haproxy to
    be started on boot.

 -- Vincent Bernat <email address hidden>  Thu, 24 Mar 2016 20:36:08 +0100

Available diffs

Published in trusty-backports on 2016-02-08
haproxy (1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1) trusty-backports; urgency=medium

  * No-change backport to trusty (LP: #1494141)

Superseded in yakkety-release on 2016-04-27
Published in xenial-release on 2015-12-31
Deleted in xenial-proposed (Reason: moved to release)
haproxy (1.6.3-1) unstable; urgency=medium

  [ Apollon Oikonomopoulos ]
  * haproxy.init: use s-s-d's --pidfile option.
    Thanks to Louis Bouchard (Closes: 804530)

  [ Vincent Bernat ]
  * watch: fix d/watch to look for 1.6 version
  * Imported Upstream version 1.6.3

 -- Vincent Bernat <email address hidden>  Thu, 31 Dec 2015 08:10:10 +0100
Published in trusty-updates on 2015-12-15
Deleted in trusty-proposed (Reason: moved to -updates)
haproxy (1.4.24-2ubuntu0.4) trusty; urgency=medium

  * debian/haproxy.init: Ensure that EXIT trap does not override the
    return status of the init script, which causes issues in tools that
    check return codes such as pacemaker (LP: #1526271).

 -- James Page <email address hidden>  Tue, 15 Dec 2015 15:07:13 +0000
Deleted in vivid-proposed on 2016-05-12 (Reason: The package was removed due to its SRU bug(s) not being v...)
haproxy (1.5.10-1ubuntu0.2) vivid; urgency=medium

  * Ensure that haproxy processes are terminated correctly when executing
    stop/restart operations, easing backports to pre-systemd versions of
    Ubuntu (LP: #1481737).

 -- Louis Bouchard <email address hidden>  Wed, 09 Dec 2015 08:45:27 -0600
Published in wily-updates on 2015-11-18
Deleted in wily-proposed (Reason: moved to -updates)
haproxy (1.5.14-1ubuntu0.15.10.1) wily; urgency=medium

  * Ensure that haproxy processes are terminated correctly when executing
    stop/restart operations, easing backports to pre-systemd versions of
    Ubuntu (LP: #1477198, #1481737).

 -- James Page <email address hidden>  Mon, 09 Nov 2015 16:51:46 +0000
Superseded in xenial-release on 2015-12-31
Deleted in xenial-proposed on 2016-01-01 (Reason: moved to release)
haproxy (1.6.2-2ubuntu3) xenial; urgency=medium

  * d/haproxy.init: Ensure that cleanup does not override exit status
    of init script.

 -- James Page <email address hidden>  Mon, 09 Nov 2015 14:35:15 +0000
Superseded in xenial-proposed on 2015-11-09
haproxy (1.6.2-2ubuntu2) xenial; urgency=medium

  [ Louis Bouchard ]
  * d/haproxy.init: Ensure that all haproxy processes are cleared up
    when nbproc configuration > 1 (LP: #1481737).

 -- James Page <email address hidden>  Mon, 09 Nov 2015 14:31:19 +0000

Available diffs

Superseded in xenial-release on 2015-11-09
Deleted in xenial-proposed on 2015-11-10 (Reason: moved to release)
haproxy (1.6.2-2ubuntu1) xenial; urgency=medium

  [ Jorge Niedbalski ]
  * debian/haproxy.init:
    + Pass the pidfile to the --pidfile argument instead of the PID
      number, easing backports to pre-systemd versions of Ubuntu
      and Debian (LP: #1477198).

 -- James Page <email address hidden>  Mon, 09 Nov 2015 09:44:46 +0000
Superseded in trusty-updates on 2015-12-15
Deleted in trusty-proposed on 2015-12-17 (Reason: moved to -updates)
haproxy (1.4.24-2ubuntu0.3) trusty; urgency=medium

  * debian/haproxy.init:
    - Loops through all PIDs present in the PIDFILE when
      nproc > 1 (LP: #1481737)

 -- Louis Bouchard <email address hidden>  Wed, 23 Sep 2015 17:45:41 +0200
Superseded in xenial-release on 2015-11-09
Deleted in xenial-proposed on 2015-11-10 (Reason: moved to release)
haproxy (1.6.2-2) unstable; urgency=medium

  * Enable USE_REGPARM on amd64 as well.

 -- Vincent Bernat <email address hidden>  Tue, 03 Nov 2015 21:21:30 +0100

Available diffs

Superseded in xenial-release on 2015-11-04
Deleted in xenial-proposed on 2015-11-05 (Reason: moved to release)
haproxy (1.6.2-1) unstable; urgency=medium

  * New upstream release.
    - BUG/MAJOR: dns: first DNS response packet not matching queried
                      hostname may lead to a loop
    - BUG/MAJOR: http: don't requeue an idle connection that is already
                       queued
  * Upload to unstable.

 -- Vincent Bernat <email address hidden>  Tue, 03 Nov 2015 13:36:22 +0100

Available diffs

Superseded in xenial-release on 2015-11-03
Deleted in xenial-proposed on 2015-11-05 (Reason: moved to release)
haproxy (1.5.15-1) unstable; urgency=medium

  * New upstream stable release including the following fix:
    - BUG/MAJOR: http: don't call http_send_name_header() after an error

 -- Vincent Bernat <email address hidden>  Mon, 02 Nov 2015 07:34:19 +0100

Available diffs

Superseded in trusty-backports on 2016-02-08
haproxy (1.5.4-1ubuntu2.1~ubuntu14.04.1) trusty-backports; urgency=medium

  * No-change backport to trusty (LP: #1473162)

Superseded in trusty-updates on 2015-12-09
Deleted in trusty-proposed on 2015-12-10 (Reason: moved to -updates)
haproxy (1.4.24-2ubuntu0.2) trusty; urgency=high

  * debian/haproxy.init:
    + Pass the pidfile to the --pidfile argument instead
      of the PID number. (LP: #1477198).

 -- Jorge Niedbalski <email address hidden>  Wed, 22 Jul 2015 11:12:26 -0500
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
haproxy (1.5.4-1ubuntu2.1) utopic-security; urgency=medium

  * SECURITY UPDATE: information disclosure via uninitialized memory
    - debian/patches/CVE-2015-3281.patch: respect output data in
      src/buffer.c.
    - CVE-2015-3281

 -- Marc Deslauriers <email address hidden>  Mon, 06 Jul 2015 16:24:11 -0400
Published in vivid-updates on 2015-07-07
Published in vivid-security on 2015-07-07
haproxy (1.5.10-1ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: information disclosure via uninitialized memory
    - debian/patches/CVE-2015-3281.patch: respect output data in
      src/buffer.c.
    - CVE-2015-3281

 -- Marc Deslauriers <email address hidden>  Mon, 06 Jul 2015 16:19:52 -0400
Superseded in xenial-release on 2015-11-02
Published in wily-release on 2015-07-04
Deleted in wily-proposed (Reason: moved to release)
haproxy (1.5.14-1) unstable; urgency=high

  * New upstream version. Fix an information leak (CVE-2015-3281):
    - BUG/MAJOR: buffers: make the buffer_slow_realign() function
                 respect output data.
  * Add $named as a dependency for init script. Closes: #790638.

 -- Vincent Bernat <email address hidden>  Fri, 03 Jul 2015 19:49:02 +0200

Available diffs

Superseded in wily-release on 2015-07-04
Deleted in wily-proposed on 2015-07-05 (Reason: moved to release)
haproxy (1.5.13-1) unstable; urgency=medium

  * New upstream stable release including the following fixes:
    - MAJOR: peers: allow peers section to be used with nbproc > 1
    - BUG/MAJOR: checks: always check for end of list before proceeding
    - MEDIUM: ssl: replace standards DH groups with custom ones
    - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
    - BUG/MEDIUM: cfgparse: segfault when userlist is misused
    - BUG/MEDIUM: stats: properly initialize the scope before dumping stats
    - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
                  except for tunnels
    - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
    - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
    - BUG/MEDIUM: peers: apply a random reconnection timeout
    - BUG/MEDIUM: config: properly compute the default number of processes
                  for a proxy

 -- Vincent Bernat <email address hidden>  Sat, 27 Jun 2015 20:52:07 +0200

Available diffs

Superseded in trusty-updates on 2015-07-30
Deleted in trusty-proposed on 2015-07-31 (Reason: moved to -updates)
haproxy (1.4.24-2ubuntu0.1) trusty; urgency=medium

  * debian/haproxy.init:
     + Backport of utopic start/stop routines,
       uses start-stop-daemon to reliable terminate all
       haproxy processes and return the proper exit code.
       (LP: #1462495).
     + Backport of utopic check_haproxy_config routine,
       that test the configuration before start or reload.
       (LP: #1468879)

 -- Jorge Niedbalski <email address hidden>  Thu, 25 Jun 2015 12:51:05 -0700
Deleted in utopic-proposed on 2015-07-08 (Reason: moved to -updates)
haproxy (1.5.4-1ubuntu2) utopic; urgency=medium

  * debian/haproxy.init: Backport of vivid stop routine,
    uses start-stop-daemon to reliable terminate all haproxy processes
    and return the proper exit code. (LP: #1462495)

 -- Jorge Niedbalski <email address hidden>  Mon, 08 Jun 2015 15:52:13 -0500

Available diffs

Superseded in wily-release on 2015-06-27
Deleted in wily-proposed on 2015-06-29 (Reason: moved to release)
haproxy (1.5.12-1) unstable; urgency=medium

  * New upstream stable release including the following fixes:
    - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
    - BUG/MAJOR: http: prevent risk of reading past end with balance
                 url_param
    - BUG/MEDIUM: Do not consider an agent check as failed on L7 error
    - BUG/MEDIUM: patern: some entries are not deleted with case
                  insensitive match
    - BUG/MEDIUM: buffer: one byte miss in buffer free space check
    - BUG/MEDIUM: http: thefunction "(req|res)-replace-value" doesn't
                  respect the HTTP syntax
    - BUG/MEDIUM: peers: correctly configure the client timeout
    - BUG/MEDIUM: http: hdr_cnt would not count any header when called
                  without name
    - BUG/MEDIUM: listener: don't report an error when resuming unbound
                  listeners
    - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
    - BUG/MEDIUM: stream-int: always reset si->ops when si->end is
                  nullified
    - BUG/MEDIUM: http: remove content-length from chunked messages
    - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to
                  HTTP/1.1
    - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad
                  request
    - BUG/MEDIUM: http: remove content-length form responses with bad
                  transfer-encoding
    - BUG/MEDIUM: http: wait for the exact amount of body bytes in
                  wait_for_request_body

 -- Vincent Bernat <email address hidden>  Sat, 02 May 2015 16:38:28 +0200

Available diffs

Superseded in wily-release on 2015-05-06
Published in vivid-release on 2015-01-13
Deleted in vivid-proposed (Reason: moved to release)
haproxy (1.5.10-1) experimental; urgency=medium


  * New upstream stable release including the following fixes:
      - BUG/MAJOR: stream-int: properly check the memory allocation return
      - BUG/MEDIUM: sample: fix random number upper-bound
      - BUG/MEDIUM: patterns: previous fix was incomplete
      - BUG/MEDIUM: payload: ensure that a request channel is available
      - BUG/MEDIUM: tcp-check: don't rely on random memory contents
      - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
      - BUG/MEDIUM: config: do not propagate processes between stopped
                    processes
      - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
      - BUG/MEDIUM: compression: correctly report zlib_mem
  * Upload to experimental.

 -- Vincent Bernat <email address hidden>  Sun, 04 Jan 2015 13:17:56 +0100

Available diffs

Superseded in vivid-release on 2015-01-13
Deleted in vivid-proposed on 2015-01-14 (Reason: moved to release)
haproxy (1.5.8-2) unstable; urgency=medium


  * Cherry-pick the following patches from 1.5.9 release:
      - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
                                of memory
      - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
                                 list.
      - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
                                 parsing address information
      - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
      - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
                                 ssl healthchecks
      - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
      - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
                                 segfault in case of OOM.
  * Cherry-pick the following patches from future 1.5.10 release:
      - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
                                 available
      - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete

 -- Vincent Bernat <email address hidden>  Sun, 07 Dec 2014 11:11:21 +0100

Available diffs

Superseded in vivid-release on 2014-12-07
Deleted in vivid-proposed on 2014-12-08 (Reason: moved to release)
haproxy (1.5.8-1) unstable; urgency=medium


  * New upstream stable release including the following fixes:

     + BUG/MAJOR: buffer: check the space left is enough or not when input
                  data in a buffer is wrapped
     + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
     + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
     + BUG/MEDIUM: regex: fix pcre_study error handling
     + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
     + BUG/MINOR: log: fix request flags when keep-alive is enabled
     + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
     + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
  * Also includes the following new features:
     + MINOR: ssl: add statement to force some ssl options in global.
     + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
              formatted certs
  * Disable SSLv3 in the default configuration file.

 -- Vincent Bernat <email address hidden>  Fri, 31 Oct 2014 13:48:19 +0100
Deleted in trusty-proposed on 2015-04-17 (Reason: The package was removed due to its SRU bug(s) not being v...)
haproxy (1.4.24-2ubuntu1) trusty-proposed; urgency=medium

  * haproxy.init: return 0 on stop if haproxy was not running.  (LP: #1038139)
 -- Serge Hallyn <email address hidden>   Tue, 23 Sep 2014 12:17:09 -0500
Deleted in precise-proposed on 2015-04-17 (Reason: The package was removed due to its SRU bug(s) not being v...)
haproxy (1.4.18-0ubuntu1.3) precise-proposed; urgency=medium

  * haproxy.init: return 0 on stop if haproxy was not running.  (LP: #1038139)
 -- Serge Hallyn <email address hidden>   Tue, 23 Sep 2014 12:14:54 -0500
Superseded in vivid-release on 2014-11-17
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
haproxy (1.5.4-1ubuntu1) utopic; urgency=medium

  * haproxy.init: return 0 on stop if haproxy was not running.  (LP: #1038139)
 -- Serge Hallyn <email address hidden>   Tue, 23 Sep 2014 12:06:17 -0500
Superseded in utopic-release on 2014-09-24
Deleted in utopic-proposed on 2014-09-25 (Reason: moved to release)
haproxy (1.5.4-1) unstable; urgency=high


  * New upstream version.
    + Fix a critical bug that, under certain unlikely conditions, allows a
      client to crash haproxy.
  * Prefix rsyslog configuration file to ensure to log only to
    /var/log/haproxy. Thanks to Paul Bourke for the patch.

 -- Vincent Bernat <email address hidden>  Tue, 02 Sep 2014 19:14:38 +0200

Available diffs

Superseded in trusty-backports on 2015-08-23
haproxy (1.5.3-1~ubuntu14.04.1) trusty-backports; urgency=medium

  * No-change backport to trusty (LP: #1336628)

Superseded in utopic-release on 2014-09-11
Deleted in utopic-proposed on 2014-09-12 (Reason: moved to release)
haproxy (1.5.3-1) unstable; urgency=medium


  * New upstream stable release, fixing the following issues:
    + Memory corruption when building a proxy protocol v2 header
    + Memory leak in SSL DHE key exchange

 -- Apollon Oikonomopoulos <email address hidden>  Fri, 25 Jul 2014 10:41:36 +0300

Available diffs

Superseded in utopic-release on 2014-07-25
Deleted in utopic-proposed on 2014-07-27 (Reason: moved to release)
haproxy (1.5.2-1) unstable; urgency=medium


  * New upstream stable release. Important fixes:
    + A few sample fetch functions when combined in certain ways would return
      malformed results, possibly crashing the HAProxy process.
    + Hash-based load balancing and http-send-name-header would fail for
      requests which contain a body which starts to be forwarded before the
      data is used.

 -- Apollon Oikonomopoulos <email address hidden>  Mon, 14 Jul 2014 00:42:32 +0300

Available diffs

Superseded in utopic-release on 2014-07-14
Deleted in utopic-proposed on 2014-07-15 (Reason: moved to release)
haproxy (1.5.1-1) unstable; urgency=medium


  * New upstream stable release:
    + Fix a file descriptor leak for clients that disappear before connecting.
    + Do not staple expired OCSP responses.

 -- Apollon Oikonomopoulos <email address hidden>  Tue, 24 Jun 2014 12:56:30 +0300

Available diffs

Superseded in utopic-release on 2014-06-24
Deleted in utopic-proposed on 2014-06-26 (Reason: moved to release)
haproxy (1.5.0-1) unstable; urgency=medium


  * New upstream stable series. Notable changes since the 1.4 series:
    + Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
    + IPv6 and UNIX sockets are supported everywhere
    + End-to-end HTTP keep-alive for better support of NTLM and improved
      efficiency in static farms
    + HTTP/1.1 response compression (deflate, gzip) to save bandwidth
    + PROXY protocol versions 1 and 2 on both sides
    + Data sampling on everything in request or response, including payload
    + ACLs can use any matching method with any input sample
    + Maps and dynamic ACLs updatable from the CLI
    + Stick-tables support counters to track activity on any input sample
    + Custom format for logs, unique-id, header rewriting, and redirects
    + Improved health checks (SSL, scripted TCP, check agent, ...)
    + Much more scalable configuration supports hundreds of thousands of
      backends and certificates without sweating

  * Upload to unstable, merge all 1.5 work from experimental. Most important
    packaging changes since 1.4.25-1 include:
    + systemd support.
    + A more sane default config file.
    + Zero-downtime upgrades between 1.5 releases by gracefully reloading
      HAProxy during upgrades.
    + HTML documentation shipped in the haproxy-doc package.
    + kqueue support for kfreebsd.

  * Packaging changes since 1.5~dev26-2:
    + Drop patches merged upstream:
      o Fix-reference-location-in-manpage.patch
      o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
    + d/watch: look for stable 1.5 releases
    + systemd: respect CONFIG and EXTRAOPTS when specified in
      /etc/default/haproxy.
    + initscript: test the configuration before start or reload.
    + initscript: remove the ENABLED flag and logic.

 -- Apollon Oikonomopoulos <email address hidden>  Fri, 20 Jun 2014 11:05:17 +0300

Available diffs

Superseded in utopic-release on 2014-06-20
Deleted in utopic-proposed on 2014-06-22 (Reason: moved to release)
haproxy (1.4.25-1) unstable; urgency=medium


  [ Prach Pongpanich ]
  * New upstream version.
  * Update watch file to use the source page.
  * Bump Standards-Version to 3.9.5.

  [ Thomas Bechtold ]
  * debian/control: Add haproxy-dbg binary package for debug symbols.

  [ Apollon Oikonomopoulos ]
  * Require syslog to be operational before starting. Closes: #726323.
  * Document how to bind non-local IPv6 addresses.
  * Add a reference to configuration.txt.gz to the manpage.
  * debian/copyright: synchronize with source.

 -- Prach Pongpanich <email address hidden>  Fri, 28 Mar 2014 09:35:09 +0700

Available diffs

Superseded in utopic-release on 2014-04-26
Published in trusty-release on 2013-10-21
Deleted in trusty-proposed (Reason: moved to release)
haproxy (1.4.24-2) unstable; urgency=low


  [ Apollon Oikonomopoulos ]
  * Ship contrib/halog as /usr/bin/halog.
  
  [ Vincent Bernat ]
  * Don't use -L/usr/lib and rely on default search path. Closes: #722777.

 -- Vincent Bernat <email address hidden>  Sun, 15 Sep 2013 14:36:27 +0200

Available diffs

Published in precise-updates on 2013-06-20
Published in precise-security on 2013-06-20
haproxy (1.4.18-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: denial of service in HTTP header parsing
    - debian/patches/CVE-2013-2175.patch: properly calculate the header
      field count in src/proto_http.c.
    - CVE-2013-2175
 -- Marc Deslauriers <email address hidden>   Thu, 20 Jun 2013 14:03:46 -0400
Obsolete in quantal-updates on 2015-04-24
Obsolete in quantal-security on 2015-04-24
haproxy (1.4.18-0ubuntu2.2) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service in HTTP header parsing
    - debian/patches/CVE-2013-2175.patch: properly calculate the header
      field count in src/proto_http.c.
    - CVE-2013-2175
 -- Marc Deslauriers <email address hidden>   Thu, 20 Jun 2013 14:02:46 -0400
Obsolete in raring-updates on 2015-04-24
Obsolete in raring-security on 2015-04-24
haproxy (1.4.18-0ubuntu3.1) raring-security; urgency=low

  * SECURITY UPDATE: denial of service in HTTP header parsing
    - debian/patches/CVE-2013-2175.patch: properly calculate the header
      field count in src/proto_http.c.
    - CVE-2013-2175
 -- Marc Deslauriers <email address hidden>   Thu, 20 Jun 2013 13:59:54 -0400
Superseded in trusty-release on 2013-10-21
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
haproxy (1.4.24-1) unstable; urgency=high


  [ Vincent Bernat ]
  * New upstream version.
     + CVE-2013-2175: fix a possible crash when using negative header
       occurrences.

  [ Prach Pongpanich ]
  * Drop bashism patch. It seems useless to maintain a patch to convert
    example scripts from /bin/bash to /bin/sh.
  * Fix reload/restart action of init script (LP: #1187469).

 -- Vincent Bernat <email address hidden>  Mon, 17 Jun 2013 21:56:26 +0200

Available diffs

Superseded in saucy-release on 2013-06-18
Deleted in saucy-proposed on 2013-06-19 (Reason: moved to release)
haproxy (1.4.23-1) unstable; urgency=low


  [ Apollon Oikonomopoulos ]
  * New upstream version (Closes: #643650, #678953)
     + This fixes CVE-2012-2942 (Closes: #674447)
     + This fixes CVE-2013-1912 (Closes: #704611)
  * Ship vim addon as vim-haproxy (Closes: #702893)
  * Check for the configuration file after sourcing /etc/default/haproxy
    (Closes: #641762)
  * Use /dev/log for logging by default (Closes: #649085)

  [ Vincent Bernat ]
  * debian/control:
     + add Vcs-* fields
     + switch maintenance to Debian HAProxy team. (Closes: #706890)
     + drop dependency to quilt: 3.0 (quilt) format is in use.
  * debian/rules:
     + don't explicitly call dh_installchangelog.
     + use dh_installdirs to install directories.
     + use dh_install to install error and configuration files.
     + switch to `linux2628` Makefile target for Linux.
  * debian/postrm:
     + remove haproxy user and group on purge.
  * Ship a more minimal haproxy.cfg file: no `listen` blocks but `global`
    and `defaults` block with appropriate configuration to use chroot and
    logging in the expected way.

  [ Prach Pongpanich ]
  * debian/copyright:
     + add missing copyright holders
     + update years of copyright
  * debian/rules:
     + build with -Wl,--as-needed to get rid of unnecessary depends
  * Remove useless files in debian/haproxy.{docs,examples}
  * Update debian/watch file, thanks to Bart Martens

 -- Vincent Bernat <email address hidden>  Mon, 06 May 2013 20:02:14 +0200
Superseded in saucy-release on 2013-05-17
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
haproxy (1.4.18-0ubuntu3) raring; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via non-default global.tune.bufsize.
    - debian/patches/CVE-2012-2942.patch: check buffer sizes in
      include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
      src/dumpstats.c, src/haproxy.c, src/proto_http.c,
      tests/0000-debug-stats.diff.
    - CVE-2012-2942
  * SECURITY UPDATE: denial of service via HTTP information in tcp-request
    - debian/patches/CVE-2013-1912.patch: properly handle buffers in
      src/proto_http.c.
    - CVE-2013-1912
 -- Marc Deslauriers <email address hidden>   Fri, 05 Apr 2013 10:12:47 -0400
Superseded in precise-updates on 2013-06-20
Superseded in precise-security on 2013-06-20
haproxy (1.4.18-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via non-default global.tune.bufsize.
    - debian/patches/CVE-2012-2942.patch: check buffer sizes in
      include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
      src/dumpstats.c, src/haproxy.c, src/proto_http.c,
      tests/0000-debug-stats.diff.
    - CVE-2012-2942
  * SECURITY UPDATE: denial of service via HTTP information in tcp-request
    - debian/patches/CVE-2013-1912.patch: properly handle buffers in
      src/proto_http.c.
    - CVE-2013-1912
 -- Marc Deslauriers <email address hidden>   Fri, 05 Apr 2013 10:21:10 -0400
Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
haproxy (1.4.15-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via non-default global.tune.bufsize.
    - debian/patches/CVE-2012-2942.patch: check buffer sizes in
      include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
      src/dumpstats.c, src/haproxy.c, src/proto_http.c,
      tests/0000-debug-stats.diff.
    - CVE-2012-2942
  * SECURITY UPDATE: denial of service via HTTP information in tcp-request
    - debian/patches/CVE-2013-1912.patch: properly handle buffers in
      src/proto_http.c.
    - CVE-2013-1912
 -- Marc Deslauriers <email address hidden>   Fri, 05 Apr 2013 10:22:37 -0400
Superseded in quantal-updates on 2013-06-20
Superseded in quantal-security on 2013-06-20
haproxy (1.4.18-0ubuntu2.1) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via non-default global.tune.bufsize.
    - debian/patches/CVE-2012-2942.patch: check buffer sizes in
      include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
      src/dumpstats.c, src/haproxy.c, src/proto_http.c,
      tests/0000-debug-stats.diff.
    - CVE-2012-2942
  * SECURITY UPDATE: denial of service via HTTP information in tcp-request
    - debian/patches/CVE-2013-1912.patch: properly handle buffers in
      src/proto_http.c.
    - CVE-2013-1912
 -- Marc Deslauriers <email address hidden>   Fri, 05 Apr 2013 10:20:05 -0400
Superseded in raring-release on 2013-04-15
Obsolete in quantal-release on 2015-04-24
haproxy (1.4.18-0ubuntu2) quantal; urgency=low

  * Rebuild for new armel compiler default of ARMv5t.
 -- Colin Watson <email address hidden>   Tue, 02 Oct 2012 12:18:30 +0100

Available diffs

Superseded in quantal-release on 2012-10-02
Published in precise-release on 2011-12-21
haproxy (1.4.18-0ubuntu1) precise; urgency=low

  * New upstream release
 -- Scott Kitterman <email address hidden>   Wed, 21 Dec 2011 15:36:29 -0500

Available diffs

Superseded in precise-release on 2011-12-21
Obsolete in oneiric-release on 2015-04-24
haproxy (1.4.15-1) unstable; urgency=low

  * New upstream release with critical bug fix (Closes: #631351)
 -- Scott Kitterman <email address hidden>   Sun,  25 Sep 2011 09:52:58 +0000

Available diffs

Superseded in oneiric-release on 2011-09-25
haproxy (1.4.13-1) unstable; urgency=low

  * New maintainer upload (Closes: #615246)
  * New upstream release
  * Standards-version goes 3.9.1 (no change)
  * Added patch bashism (Closes: #581109)
  * Added a README.source file.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Sat,  30 Apr 2011 12:51:24 +0000

Available diffs

Superseded in oneiric-release on 2011-04-30
Obsolete in natty-release on 2013-06-04
Obsolete in maverick-release on 2013-03-05
Superseded in maverick-release on 2010-09-20
haproxy (1.4.8-1) unstable; urgency=low

  * New upstream release.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Sun,  20 Jun 2010 03:01:19 +0100

Available diffs

Superseded in maverick-release on 2010-06-20
haproxy (1.4.4-1) unstable; urgency=low

  * New upstream release
  * Add splice and tproxy support
  * Add regparm optimization on i386
  * Switch to dpkg-source 3.0 (quilt) format

Available diffs

Superseded in maverick-release on 2010-05-09
Obsolete in lucid-release on 2016-10-26
haproxy (1.3.22-1) unstable; urgency=low

  * New upstream bugfix release

Available diffs

Superseded in lucid-release on 2009-11-05
Obsolete in karmic-release on 2013-03-04
haproxy (1.3.18-1) unstable; urgency=low

  * New Upstream Version (Closes: #534583).
  * Add contrib directory in docs

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  29 Jun 2009 21:36:39 +0100

Available diffs

Superseded in karmic-release on 2009-06-29
haproxy (1.3.15.7-2) unstable; urgency=low

  * Fix build without debian/patches directory (Closes: #515682) using
    /usr/share/quilt/quilt.make.

Available diffs

Superseded in karmic-release on 2009-04-29
Obsolete in jaunty-release on 2013-02-28
haproxy (1.3.15.2-2~lenny1) testing-proposed-updates; urgency=low

  * Rebuild for lenny to circumvent pcre3 shlibs bump.

Available diffs

Superseded in jaunty-release on 2009-02-09
haproxy (1.3.15.2-1) unstable; urgency=low

  * New Upstream Version (Closes: #497186).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  04 Nov 2008 21:25:39 +0000

Available diffs

Superseded in jaunty-release on 2008-11-05
Obsolete in intrepid-release on 2013-02-20
haproxy (1.3.15.1-1) unstable; urgency=low

  * New Upstream Version
  * Upgrade standards version to 3.8.0 (no change needed).
  * Build with TARGET=linux26 on linux, TARGET=generic on other systems.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Sat,  21 Jun 2008 23:13:35 +0100

Available diffs

Superseded in intrepid-release on 2008-06-21
haproxy (1.3.14.5-1) unstable; urgency=low

  * New Upstream Version (Closes: #484221)
  * Use debhelper 7, drop CDBS.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  05 Jun 2008 22:09:56 +0100

Available diffs

175 of 77 results