Ubuntu
haproxy package

haproxy 1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1 source package in Ubuntu

Changelog

haproxy (1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1) trusty-backports; urgency=medium

  * No-change backport to trusty (LP: #1494141)

haproxy (1.5.14-1ubuntu0.15.10.1) wily; urgency=medium

  * Ensure that haproxy processes are terminated correctly when executing
    stop/restart operations, easing backports to pre-systemd versions of
    Ubuntu (LP: #1477198, #1481737).

haproxy (1.5.14-1) unstable; urgency=high

  * New upstream version. Fix an information leak (CVE-2015-3281):
    - BUG/MAJOR: buffers: make the buffer_slow_realign() function
                 respect output data.
  * Add $named as a dependency for init script. Closes: #790638.

haproxy (1.5.13-1) unstable; urgency=medium

  * New upstream stable release including the following fixes:
    - MAJOR: peers: allow peers section to be used with nbproc > 1
    - BUG/MAJOR: checks: always check for end of list before proceeding
    - MEDIUM: ssl: replace standards DH groups with custom ones
    - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
    - BUG/MEDIUM: cfgparse: segfault when userlist is misused
    - BUG/MEDIUM: stats: properly initialize the scope before dumping stats
    - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
                  except for tunnels
    - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
    - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
    - BUG/MEDIUM: peers: apply a random reconnection timeout
    - BUG/MEDIUM: config: properly compute the default number of processes
                  for a proxy

haproxy (1.5.12-1) unstable; urgency=medium

  * New upstream stable release including the following fixes:
    - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
    - BUG/MAJOR: http: prevent risk of reading past end with balance
                 url_param
    - BUG/MEDIUM: Do not consider an agent check as failed on L7 error
    - BUG/MEDIUM: patern: some entries are not deleted with case
                  insensitive match
    - BUG/MEDIUM: buffer: one byte miss in buffer free space check
    - BUG/MEDIUM: http: thefunction "(req|res)-replace-value" doesn't
                  respect the HTTP syntax
    - BUG/MEDIUM: peers: correctly configure the client timeout
    - BUG/MEDIUM: http: hdr_cnt would not count any header when called
                  without name
    - BUG/MEDIUM: listener: don't report an error when resuming unbound
                  listeners
    - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
    - BUG/MEDIUM: stream-int: always reset si->ops when si->end is
                  nullified
    - BUG/MEDIUM: http: remove content-length from chunked messages
    - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to
                  HTTP/1.1
    - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad
                  request
    - BUG/MEDIUM: http: remove content-length form responses with bad
                  transfer-encoding
    - BUG/MEDIUM: http: wait for the exact amount of body bytes in
                  wait_for_request_body

haproxy (1.5.11-2) unstable; urgency=medium

  * Upload to unstable.

haproxy (1.5.11-1) experimental; urgency=medium

  * New upstream stable release including the following fixes:
    - BUG/MAJOR: log: don't try to emit a log if no logger is set
    - BUG/MEDIUM: backend: correctly detect the domain when
                  use_domain_only is used
    - BUG/MEDIUM: Do not set agent health to zero if server is disabled
                  in config
    - BUG/MEDIUM: Only explicitly report "DOWN (agent)" if the agent health
                  is zero
    - BUG/MEDIUM: http: fix header removal when previous header ends with
                  pure LF
    - BUG/MEDIUM: channel: fix possible integer overflow on reserved size
                  computation
    - BUG/MEDIUM: channel: don't schedule data in transit for leaving until
                  connected
    - BUG/MEDIUM: http: make http-request set-header compute the string
                  before removal
  * Upload to experimental.

haproxy (1.5.10-1) experimental; urgency=medium

  * New upstream stable release including the following fixes:
      - BUG/MAJOR: stream-int: properly check the memory allocation return
      - BUG/MEDIUM: sample: fix random number upper-bound
      - BUG/MEDIUM: patterns: previous fix was incomplete
      - BUG/MEDIUM: payload: ensure that a request channel is available
      - BUG/MEDIUM: tcp-check: don't rely on random memory contents
      - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
      - BUG/MEDIUM: config: do not propagate processes between stopped
                    processes
      - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
      - BUG/MEDIUM: compression: correctly report zlib_mem
  * Upload to experimental.

haproxy (1.5.9-1) experimental; urgency=medium

  * New upstream stable release including the following fixes:
      - BUG/MAJOR: sessions: unlink session from list on out
                   of memory
      - BUG/MEDIUM: pattern: don't load more than once a pattern
                    list.
      - BUG/MEDIUM: connection: sanitize PPv2 header length before
                    parsing address information
      - BUG/MAJOR: frontend: initialize capture pointers earlier
      - BUG/MEDIUM: checks: fix conflicts between agent checks and
                    ssl healthchecks
      - BUG/MEDIUM: ssl: force a full GC in case of memory shortage
      - BUG/MEDIUM: ssl: fix bad ssl context init can cause
                                 segfault in case of OOM.
  * Upload to experimental.

haproxy (1.5.8-3) unstable; urgency=medium

  * Remove RC4 from the default cipher string shipped in configuration.

haproxy (1.5.8-2) unstable; urgency=medium

  * Cherry-pick the following patches from 1.5.9 release:
      - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
                                of memory
      - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
                                 list.
      - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
                                 parsing address information
      - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
      - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
                                 ssl healthchecks
      - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
      - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
                                 segfault in case of OOM.
  * Cherry-pick the following patches from future 1.5.10 release:
      - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
                                 available
      - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete

haproxy (1.5.8-1) unstable; urgency=medium

  * New upstream stable release including the following fixes:

     + BUG/MAJOR: buffer: check the space left is enough or not when input
                  data in a buffer is wrapped
     + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
     + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
     + BUG/MEDIUM: regex: fix pcre_study error handling
     + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
     + BUG/MINOR: log: fix request flags when keep-alive is enabled
     + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
     + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
  * Also includes the following new features:
     + MINOR: ssl: add statement to force some ssl options in global.
     + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
              formatted certs
  * Disable SSLv3 in the default configuration file.

haproxy (1.5.6-1) unstable; urgency=medium

  * New upstream stable release including the following fixes:
    + BUG/MEDIUM: systemd: set KillMode to 'mixed'
    + MINOR: systemd: Check configuration before start
    + BUG/MEDIUM: config: avoid skipping disabled proxies
    + BUG/MINOR: config: do not accept more track-sc than configured
    + BUG/MEDIUM: backend: fix URI hash when a query string is present
  * Drop systemd patches:
    + haproxy.service-also-check-on-start.patch
    + haproxy.service-set-killmode-to-mixed.patch
  * Refresh other patches.

haproxy (1.5.5-1) unstable; urgency=medium

  [ Vincent Bernat ]
  * initscript: use start-stop-daemon to reliably terminate all haproxy
    processes. Also treat stopping a non-running haproxy as success.
    (Closes: #762608, LP: #1038139)

  [ Apollon Oikonomopoulos ]
  * New upstream stable release including the following fixes:
    + DOC: Address issue where documentation is excluded due to a gitignore
      rule.
    + MEDIUM: Improve signal handling in systemd wrapper.
    + BUG/MINOR: config: don't propagate process binding for dynamic
      use_backend
    + MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
    + DOC: clearly state that the "show sess" output format is not fixed
    + MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
    + DOC: indicate in the doc that track-sc* can wait if data are missing
    + MEDIUM: http: enable header manipulation for 101 responses
    + BUG/MEDIUM: config: propagate frontend to backend process binding again.
    + MEDIUM: config: properly propagate process binding between proxies
    + MEDIUM: config: make the frontends automatically bind to the listeners'
      processes
    + MEDIUM: config: compute the exact bind-process before listener's
      maxaccept
    + MEDIUM: config: only warn if stats are attached to multi-process bind
      directives
    + MEDIUM: config: report it when tcp-request rules are misplaced
    + MINOR: config: detect the case where a tcp-request content rule has no
      inspect-delay
    + MEDIUM: systemd-wrapper: support multiple executable versions and names
    + BUG/MEDIUM: remove debugging code from systemd-wrapper
    + BUG/MEDIUM: http: adjust close mode when switching to backend
    + BUG/MINOR: config: don't propagate process binding on fatal errors.
    + BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
    + BUG/MINOR: tcp-check: report the correct failed step in the status
    + DOC: indicate that weight zero is reported as DRAIN
  * Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the
    systemctl stop action conflicting with the systemd wrapper now catching
    SIGTERM.
  * Bump standards to 3.9.6; no changes needed.
  * haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org.
  * d/copyright: move debian/dconv/* paragraph after debian/*, so that it
    actually matches the files it is supposed to.

 -- Iain Lane <email address hidden>  Mon, 08 Feb 2016 15:09:20 +0000

Upload details

Uploaded by:
Iain Lane
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Trusty backports main net

Downloads

File Size SHA-256 Checksum
haproxy_1.5.14.orig.tar.gz 1.3 MiB 9565dd38649064d0350a2883fa81ccfe92eb17dcda457ebdc01535e1ab0c8f99
haproxy_1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1.debian.tar.xz 36.2 KiB 1114fd243d0c1d566e3cccba7246561228607069a5c0b013b9e6556ffa395283
haproxy_1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1.dsc 2.4 KiB 88905ab1af0da8475d335801bcf31498a7d090a9517229087c3ef4f55fa38fd6

View changes file

Binary packages built by this source

haproxy: fast and reliable load balancing reverse proxy

 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
 availability environments. It features connection persistence through HTTP
 cookies, load balancing, header addition, modification, deletion both ways. It
 has request blocking capabilities and provides interface to display server
 status.

haproxy-dbg: fast and reliable load balancing reverse proxy (debug symbols)

 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
 availability environments. It features connection persistence through HTTP
 cookies, load balancing, header addition, modification, deletion both ways. It
 has request blocking capabilities and provides interface to display server
 status.
 .
 This package contains the debugging symbols for haproxy.

haproxy-dbgsym: debug symbols for package haproxy

 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
 availability environments. It features connection persistence through HTTP
 cookies, load balancing, header addition, modification, deletion both ways. It
 has request blocking capabilities and provides interface to display server
 status.

haproxy-doc: fast and reliable load balancing reverse proxy (HTML documentation)

 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
 availability environments. It features connection persistence through HTTP
 cookies, load balancing, header addition, modification, deletion both ways. It
 has request blocking capabilities and provides interface to display server
 status.
 .
 This package contains the HTML documentation for haproxy.

vim-haproxy: syntax highlighting for HAProxy configuration files

 The vim-haproxy package provides filetype detection and syntax highlighting
 for HAProxy configuration files.
 .
 As per the Debian vim policy, installed addons are not activated
 automatically, but the "vim-addon-manager" tool can be used for this purpose.