haproxy/haproxy.changes

-------------------------------------------------------------------
Sat May  2 22:17:57 UTC 2015 - mrueckert@suse.de

- update to 1.5.12
  - BUG/MINOR: ssl: Display correct filename in error message
  - DOC: Fix L4TOUT typo in documentation
  - BUG/MEDIUM: Do not consider an agent check as failed on L7
    error
  - BUG/MINOR: pattern: error message missing
  - BUG/MEDIUM: pattern: some entries are not deleted with case
    insensitive match
  - BUG/MEDIUM: buffer: one byte miss in buffer free space check
  - BUG/MAJOR: http: don't read past buffer's end in
    http_replace_value
  - BUG/MEDIUM: http: the function "(req|res)-replace-value"
    doesn't respect the HTTP syntax
  - BUG/MEDIUM: peers: correctly configure the client timeout
  - BUG/MINOR: compression: consider the expansion factor in init
  - BUG/MEDIUM: http: hdr_cnt would not count any header when
    called without name
  - BUG/MEDIUM: listener: don't report an error when resuming
    unbound listeners
  - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes
    only
  - BUG/MEDIUM: stream-int: always reset si->ops when si->end is
    nullified
  - BUG/MEDIUM: http: remove content-length from chunked messages
  - DOC: http: update the comments about the rules for determining
    transfer-length
  - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding
    to HTTP/1.1
  - BUG/MEDIUM: http: incorrect transfer-coding in the request is a
    bad request
  - BUG/MEDIUM: http: remove content-length form responses with bad
    transfer-encoding
  - MEDIUM: http: restrict the HTTP version token to 1 digit as per
    RFC7230
  - MEDIUM: http: add option-ignore-probes to get rid of the floods
    of 408
  - BUG/MINOR: config: clear proxy->table.peers.p for disabled
    proxies
  - MINOR: stick-table: don't attach to peers in stopped state
  - MEDIUM: config: initialize stick-tables after peers, not before
  - MEDIUM: peers: add the ability to disable a peers section
  - DOC: document option http-ignore-probes
  - DOC: fix the comments about the meaning of msg->sol in HTTP
  - BUG/MEDIUM: http: wait for the exact amount of body bytes in
    wait_for_request_body
  - BUG/MAJOR: http: prevent risk of reading past end with balance
    url_param
  - DOC: update the doc on the proxy protocol
- remove patches that we pulled from the 1.5 tree
  0001-BUG-MINOR-pattern-error-message-missing.patch
  0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
  0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
  0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
  0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
  0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
  0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
  0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
  0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
  0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
  0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
  0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch

-------------------------------------------------------------------
Mon Apr 20 10:52:12 UTC 2015 - mrueckert@suse.de

- pull 3 patches from upstream:
  0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
  0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
  0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch

-------------------------------------------------------------------
Thu Apr  2 10:54:29 UTC 2015 - mrueckert@suse.de

- pull 3 patches from upstream:
  0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
  0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
  0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch

-------------------------------------------------------------------
Mon Mar 16 15:00:13 UTC 2015 - kgronlund@suse.com

- pull 3 patches from upstream:
  - BUG/MEDIUM: peers: correctly configure the client timeout
  - BUG/MEDIUM: buffer: one byte miss in buffer free space check
  - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
- Add 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
- Add 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
- Add 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch

-------------------------------------------------------------------
Thu Mar  5 22:10:56 UTC 2015 - mrueckert@suse.de

- added another fix from upstream:
  0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch

-------------------------------------------------------------------
Wed Feb 11 12:38:06 GMT 2015 - aspiers@suse.com

- haproxy.init: fix reload and force-reload not to start a stopped
  service

-------------------------------------------------------------------
Fri Feb  6 18:47:17 UTC 2015 - mrueckert@suse.de

- pulled 2 patches from upstream:
  0001-BUG-MINOR-pattern-error-message-missing.patch
  0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch

-------------------------------------------------------------------
Sun Feb  1 08:27:43 UTC 2015 - mrueckert@suse.de

- update to 1.5.11
  - BUG/MEDIUM: backend: correctly detect the domain when
    use_domain_only is used
  - MINOR: ssl: load certificates in alphabetical order
  - BUG/MINOR: checks: prevent http keep-alive with http-check
    expect
  - BUG/MEDIUM: Do not set agent health to zero if server is
    disabled in config
  - MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent
    health is zero
  - BUG/MINOR: stats:Fix incorrect printf type.
  - DOC: add missing entry for log-format and clarify the text
  - BUG/MEDIUM: http: fix header removal when previous header ends
    with pure LF
  - BUG/MEDIUM: channel: fix possible integer overflow on reserved
    size computation
  - BUG/MINOR: channel: compare to_forward with buf->i, not
    buf->size
  - MINOR: channel: add channel_in_transit()
  - MEDIUM: channel: make buffer_reserved() use
    channel_in_transit()
  - MEDIUM: channel: make bi_avail() use channel_in_transit()
  - BUG/MEDIUM: channel: don't schedule data in transit for leaving
    until connected
  - BUG/MAJOR: log: don't try to emit a log if no logger is set
  - BUG/MINOR: args: add missing entry for ARGT_MAP in
    arg_type_names
  - BUG/MEDIUM: http: make http-request set-header compute the
    string before removal
  - BUG/MINOR: http: fix incorrect header value offset in
    replace-hdr/replace-value
  - BUG/MINOR: http: abort request processing on filter failure
- drop patch included in update:
  0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch

-------------------------------------------------------------------
Tue Jan  6 09:28:16 UTC 2015 - mrueckert@suse.de

- pull fix from usptream:
  0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
  BUG/MEDIUM: backend: correctly detect the domain when
  use_domain_only is used

-------------------------------------------------------------------
Wed Dec 31 22:17:18 UTC 2014 - mrueckert@suse.de

- update to 1.5.10
  - DOC: fix a few typos
  - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407
    Unauthorized"
  - BUG/MINOR: parse: refer curproxy instead of proxy
  - DOC: httplog does not support 'no'
  - MINOR: map/acl/dumpstats: remove the "Done." message
  - BUG/MEDIUM: sample: fix random number upper-bound
  - BUG/MEDIUM: patterns: previous fix was incomplete
  - BUG/MEDIUM: payload: ensure that a request channel is available
  - BUG/MINOR: tcp-check: don't condition data polling on check
    type
  - BUG/MEDIUM: tcp-check: don't rely on random memory contents
  - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is
    an expect
  - BUG/MINOR: config: fix typo in condition when propagating
    process binding
  - BUG/MEDIUM: config: do not propagate processes between stopped
    processes
  - BUG/MAJOR: stream-int: properly check the memory allocation
    return
  - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
  - BUG/MEDIUM: compression: correctly report zlib_mem
- drop patches that we pulled from git before:
  0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
  0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
  0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
  0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
  0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
  0006-DOC-fix-a-few-typos.patch
  0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
  0008-DOC-httplog-does-not-support-no.patch
  0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
  0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
  0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
  0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch

-------------------------------------------------------------------
Sat Dec 20 01:20:07 UTC 2014 - mrueckert@suse.de

- pulled some more fixes from git:
  0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
  0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
  0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
  0006-DOC-fix-a-few-typos.patch
  0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
  0008-DOC-httplog-does-not-support-no.patch
  0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
  0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
  0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
  0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch

  see patch headers for details.

-------------------------------------------------------------------
Fri Nov 28 18:21:43 UTC 2014 - mrueckert@suse.de

- pulled 2 fixes from git:
  - 0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
    Dmitry Sivachenko <trtrmitya@gmail.com> reported that commit
    315ec42 ("BUG/MEDIUM: pattern: don't load more than once a
    pattern list.") relies on an uninitialised variable in the
    stack. While it used to work fine during the tests, if the
    uninitialized variable is non-null, some patterns may be
    aggregated if loaded multiple times, resulting in slower
    processing, which was the original issue it tried to address.
  - 0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
    Denys Fedoryshchenko reported a segfault when using certain
    sample fetch functions in the "tcp-request connection" rulesets
    despite the warnings. This is because some tests for the
    existence of the channel were missing.

-------------------------------------------------------------------
Wed Nov 26 12:29:42 UTC 2014 - ledest@gmail.com

- fix bashisms in example scripts
- add patches:
  * haproxy-1.5.8-fix-bashisms.patch

-------------------------------------------------------------------
Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de

- update to 1.5.9
  - BUILD: fix "make install" to support spaces in the install dirs
  - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
    healthchecks
  - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in
    case of OOM.
  - BUG/MINOR: samples: fix unnecessary memcopy converting binary
    to string.
  - BUG/MEDIUM: connection: sanitize PPv2 header length before
    parsing address information
  - BUG/MEDIUM: pattern: don't load more than once a pattern list.
  - BUG/MEDIUM: ssl: force a full GC in case of memory shortage
  - BUG/MINOR: config: don't inherit the default balance algorithm
    in frontends
  - BUG/MAJOR: frontend: initialize capture pointers earlier
  - BUG/MINOR: stats: correctly set the request/response analysers
  - DOC: fix typo in the body parser documentation for msg.sov
  - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not
    trash.size
  - MINOR: sample: add a few basic internal fetches (nbproc, proc,
    stopping)
  - BUG/MAJOR: sessions: unlink session from list on out of memory
- Drop patches pulled from git
  - 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
  - 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
  - 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
  - 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
  - 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
  - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch 

-------------------------------------------------------------------
Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com

- BUILD: fix "make install" to support spaces in the install dirs
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
- BUG/MINOR: config: don't inherit the default balance algorithm in frontends
- BUG/MAJOR: frontend: initialize capture pointers earlier

- Add patches:
  - 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
  - 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
  - 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
  - 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
  - 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
  - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch 

-------------------------------------------------------------------
Sun Nov 09 21:52:00 UTC 2014 - Led <ledest@gmail.com>

- fix bashisms in pre script

-------------------------------------------------------------------
Fri Oct 31 22:24:27 UTC 2014 - mrueckert@suse.de

- update to 1.5.8
  - BUG/MAJOR: buffer: check the space left is enough or not when
    input data in a buffer is wrapped
  - BUG/BUILD: revert accidental change in the makefile from latest
    SSL fix
- changes in 1.5.7
  - BUG/MEDIUM: regex: fix pcre_study error handling
  - BUG/MINOR: log: fix request flags when keep-alive is enabled
  - MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return
    DER formatted certs
  - MINOR: ssl: add statement to force some ssl options in global.
  - BUG/MINOR: ssl: correctly initialize ssl ctx for invalid
    certificates
  - BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
  - BUG/MAJOR: cli: explicitly call cli_release_handler() upon
    error
  - BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
  - BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET
    sockets
- Dropped patches:
  - 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
  - 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
  - 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
  - 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch

-------------------------------------------------------------------
Wed Oct 29 08:07:07 UTC 2014 - kgronlund@suse.com

- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
- BUG/MINOR: log: fix request flags when keep-alive is enabled
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol

- Added patches:
  - 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
  - 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
  - 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
  - 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch

-------------------------------------------------------------------
Sat Oct 18 18:23:29 UTC 2014 - mrueckert@suse.de

- update to 1.5.6
  - BUG/MEDIUM: systemd: set KillMode to 'mixed'
  - MINOR: systemd: Check configuration before start
  - BUG/MEDIUM: config: avoid skipping disabled proxies
  - BUG/MINOR: config: do not accept more track-sc than configured
  - BUG/MEDIUM: backend: fix URI hash when a query string is present
- dropped patches that were pulled from upstream
  0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch
  0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
  0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
  0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch
- dropped patch we sent upstream
  haproxy-1.5_check_config_before_start.patch

-------------------------------------------------------------------
Fri Oct 17 16:03:39 UTC 2014 - kgronlund@suse.com

- BUG/MINOR: config: do not accept more track-sc than configured
- BUG/MEDIUM: backend: fix URI hash when a query string is present
- Add patch: 0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
- Add patch: 0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch

-------------------------------------------------------------------
Fri Oct 10 20:01:33 UTC 2014 - kgronlund@suse.com

- BUG/MEDIUM: config: avoid skipping disabled proxies
- Add patch: 0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch

-------------------------------------------------------------------
Thu Oct  9 14:24:45 UTC 2014 - kgronlund@suse.com

- Fix check config before start patch to apply after previous patch
- Update patch: haproxy-1.5_check_config_before_start.patch

-------------------------------------------------------------------
Thu Oct  9 14:14:35 UTC 2014 - kgronlund@suse.com

- BUG/MEDIUM: systemd: set KillMode to 'mixed'
- Add patch:
  - 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch 

-------------------------------------------------------------------
Wed Oct  8 12:53:41 UTC 2014 - kgronlund@suse.com

- update to 1.5.5
  - DOC: indicate that weight zero is reported as DRAIN
  - DOC: Address issue where documentation is excluded due to a gitignore rule
  - This update includes all previous patches since 1.5.4

- Removed patches:
  - 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
  - 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
  - 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
  - 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
  - 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
  - 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
  - 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
  - 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
  - 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
  - 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
  - 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
  - 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
  - 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
  - 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
  - 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
  - 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
  - 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
  - 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
  - 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
  - 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch

-------------------------------------------------------------------
Mon Oct  6 09:09:58 UTC 2014 - kgronlund@suse.com

- Backported fixes:
  - BUG/MEDIUM: http: adjust close mode when switching to backend
  - BUG/MINOR: config: don't propagate process binding on fatal errors.
  - BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
  - BUG/MINOR: tcp-check: report the correct failed step in the status
  - BUG/MINOR: config: don't propagate process binding for dynamic use_backend

- Added patches:
  - 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
  - 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
  - 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
  - 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
  - 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
 
-------------------------------------------------------------------
Thu Sep 25 16:10:08 UTC 2014 - kgronlund@suse.com

- Backported fixes (bnc#898498):
  - DOC: clearly state that the "show sess" output format is not fixed
  - MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
  - MEDIUM: Improve signal handling in systemd wrapper.
  - MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
  - DOC: indicate in the doc that track-sc* can wait if data are missing
  - MEDIUM: http: enable header manipulation for 101 responses
  - BUG/MEDIUM: config: propagate frontend to backend process binding again.
  - MEDIUM: config: properly propagate process binding between proxies
  - MEDIUM: config: make the frontends automatically bind to the listeners' processes
  - MEDIUM: config: compute the exact bind-process before listener's maxaccept
  - MEDIUM: config: only warn if stats are attached to multi-process bind directives
  - MEDIUM: config: report it when tcp-request rules are misplaced
  - MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
  - MEDIUM: systemd-wrapper: support multiple executable versions and names
  - BUG/MEDIUM: remove debugging code from systemd-wrapper

- Added patches:
  - 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
  - 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
  - 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
  - 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
  - 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
  - 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
  - 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
  - 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
  - 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
  - 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
  - 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
  - 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
  - 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
  - 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
  - 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch

-------------------------------------------------------------------
Wed Sep  3 07:35:14 UTC 2014 - kgronlund@suse.com

- update to 1.5.4 (bnc#895849 CVE-2014-6269)
  - BUG: config: error in http-response replace-header number of arguments
  - BUG/MINOR: Fix search for -p argument in systemd wrapper.
  - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
  - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
  - MEDIUM: connection: add new bit in Proxy Protocol V2
  - BUG/MINOR: server: move the directive #endif to the end of file
  - BUG/MEDIUM: http: tarpit timeout is reset
  - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
  - BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
  - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
  - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
  - BUG/MEDIUM: acl: correctly compute the output type when a converter is used
  - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
  - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer

- Dropped patches:
  - 0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
  - 0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
  - 0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
  - 0004-BUG-config-error-in-http-response-replace-header-num.patch
  - 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch

-------------------------------------------------------------------
Fri Aug 22 14:38:59 UTC 2014 - mrueckert@suse.de

- pull 2 more fixes from git:
  - 0004-BUG-config-error-in-http-response-replace-header-num.patch
    A couple of typo fixed in 'http-response replace-header':
    - an error when counting the number of arguments
    - a typo in the alert message
  - 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
    Before the commit bbba2a8ecc35daf99317aaff7015c1931779c33b
    (1.5-dev24-8), the tarpit section set timeout and return, after
    this commit, the tarpit section set the timeout, and go to the
    "done" label which reset the timeout.

-------------------------------------------------------------------
Wed Jul 30 09:47:38 UTC 2014 - mrueckert@suse.de

- pull important fixes from git:
  0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
  0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
  0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
  Especially the last patch is important:
  As a consequence of various recent changes on the sample
  conversion, a corner case has emerged where it is possible to
  wait forever for a sample in track-sc*.

-------------------------------------------------------------------
Mon Jul 28 11:33:14 UTC 2014 - kgronlund@suse.com

- update to 1.5.3
  - DOC: fix typo in Unix Socket commands
  - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
  - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
  - DOC: mention that Squid correctly responds 400 to PPv2 header
  - BUG/MINOR: http: base32+src should use the big endian version of base32
  - BUG/MEDIUM: connection: fix proxy v2 header again!
- Removed backported patches:
  - 0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
  - 0002-DOC-fix-typo-in-Unix-Socket-commands.patch
  - 0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
  - 0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
  - 0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
  - 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch

-------------------------------------------------------------------
Mon Jul 21 13:45:40 UTC 2014 - mrueckert@suse.de

- added 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch:
  Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory
  corruption when building a proxy v2 header") was wrong, using
  &cn_trash instead of cn_trash resulting in a warning and the
  client's SSL cert CN not being stored at the proper location.

-------------------------------------------------------------------
Fri Jul 18 15:01:53 UTC 2014 - mrueckert@suse.de

- added
  0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch:
  BUG/MEDIUM: connection: fix memory corruption when building a
  proxy v2 header

-------------------------------------------------------------------
Thu Jul 17 10:45:28 UTC 2014 - mrueckert@suse.de

- pulled a few fixes from the 1.5 branch: most notable the DHE
  memleak fix. Adds the following patches:
  0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
  0002-DOC-fix-typo-in-Unix-Socket-commands.patch
  0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
  0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch

-------------------------------------------------------------------
Sat Jul 12 16:56:27 UTC 2014 - mrueckert@suse.de

- update to 1.5.2
  - BUG/MEDIUM: backend: Update hash to use unsigned int throughout
  - BUG/MINOR: ssl: Fix external function in order not to return a
    pointer on an internal trash buffer.
  - DOC: expand the docs for the provided stats.
  - BUG/MEDIUM: unix: do not unlink() abstract namespace sockets
    upon failure.
  - MINOR: stats: fix minor typo in HTML page
  - BUG/MEDIUM: http: fetch "base" is not compatible with
    set-header
  - BUG/MINOR: counters: do not untrack counters before logging
  - BUG/MAJOR: sample: correctly reinitialize sample fetch context
    before calling sample_process()
  - MINOR: stick-table: make stktable_fetch_key() indicate why it
    failed
  - BUG/MEDIUM: counters: fix track-sc* to wait on unstable
    contents
  - BUILD: remove TODO from the spec file and add README
  - MINOR: log: make MAX_SYSLOG_LEN overridable at build time
  - MEDIUM: log: support a user-configurable max log line length
  - DOC: provide an example of how to use ssl_c_sha1
  - BUILD: http: fix isdigit & isspace warnings on Solaris
  - BUG/MINOR: listener: set the listener's fd to -1 after deletion
  - BUG/MEDIUM: unix: failed abstract socket binding is retryable
  - MEDIUM: listener: implement a per-protocol pause() function
  - MEDIUM: listener: support rebinding during resume()
  - BUG/MEDIUM: unix: completely unbind abstract sockets during a
    pause()
  - DOC: explicitly mention the limits of abstract namespace
    sockets
  - DOC: minor fix on {sc,src}_kbytes_{in,out}
  - DOC: fix alphabetical sort of converters
  - BUG/MAJOR: http: correctly rewind the request body after start
    of forwarding
  - DOC: remove references to CPU=native in the README
  - DOC: mention that "compression offload" is ignored in defaults
    section
- drop patches including in version upgrade.
  - 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
  - 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
  - 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
  - 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
  - 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
  - 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
- use www.haproxy.org now instead of the old domain which is just
  redirecting to haproxy.org now.

-------------------------------------------------------------------
Tue Jul  1 12:13:33 UTC 2014 - kgronlund@suse.com

- BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
- MINOR: stick-table: make stktable_fetch_key() indicate why it failed
- BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process()
- BUG/MINOR: counters: do not untrack counters before logging
- BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
- BUG/MEDIUM: http: fetch "base" is not compatible with set-header

- Add patches:
  - 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
  - 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
  - 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
  - 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
  - 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
  - 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch

-------------------------------------------------------------------
Tue Jun 24 15:55:48 UTC 2014 - mrueckert@suse.de

- install the vim file into the versioned directory and dont cover
  the current symlink with a directory

-------------------------------------------------------------------
Tue Jun 24 13:00:39 UTC 2014 - mrueckert@suse.de

- add Requires to vim to make the ownership of the vim directory
  clear and not break any symlink handling the vim package might
  use.

-------------------------------------------------------------------
Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de

- update to 1.5.1
  - BUG/MINOR: config: http-request replace-header arg typo
  - BUG/MINOR: ssl: rejects OCSP response without nextupdate.
  - BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
  - BUG/MINOR: ssl: Fix OCSP resp update fails with the same
    certificate configured twice.     (cherry picked from commit
    1d3865b096b43b9a6d6a564ffb424ffa6f1ef79f)
  - BUG/MEDIUM: Consistently use 'check' in process_chk
  - BUG/MAJOR: session: revert all the crappy client-side timeout
    changes
  - BUG/MINOR: logs: properly initialize and count log sockets
- drop haproxy-1.5.0_consistently_use_check.patch:
  included upstream

-------------------------------------------------------------------
Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com

- Install vim file to a more appropriate location 

-------------------------------------------------------------------
Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com

- added pre macro for systemd service file 

-------------------------------------------------------------------
Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com

- Use better systemd detection consistently

-------------------------------------------------------------------
Sun Jun 22 19:48:11 UTC 2014 - mrueckert@suse.de

- pull commit 9ac7cabaf9945fb92c96cb92f5ea85235f54f7d6:
  Consistently use 'check' in process_chk
  I am not entirely sure that this is a bug, but it seems
  to me that it may cause a problem if there agent-check is
  configured and there is some kind of error making a connection
  for it.
  adds patch haproxy-1.5.0_consistently_use_check.patch

-------------------------------------------------------------------
Fri Jun 20 14:37:21 UTC 2014 - mrueckert@suse.de

- update to 1.5.0
  For people who don't follow the development versions, 1.5 expands
  1.4 with many new features and performance improvements,
  including native SSL support on both sides with SNI/NPN/ALPN and
  OCSP stapling, IPv6 and UNIX sockets are supported everywhere,
  full HTTP keep-alive for better support of NTLM and improved
  efficiency in static farms, HTTP/1.1 compression (deflate, gzip)
  to save bandwidth, PROXY protocol versions 1 and 2 on both sides,
  data sampling on everything in request or response, including
  payload, ACLs can use any matching method with any input sample
  maps and dynamic ACLs updatable from the CLI stick-tables support
  counters to track activity on any input sample custom format for
  logs, unique-id, header rewriting, and redirects, improved health
  checks (SSL, scripted TCP, check agent, ...), much more scalable
  configuration supports hundreds of thousands of backends and
  certificates without sweating.

  For all the details see /usr/share/doc/packages/haproxy/CHANGELOG

- enable tcp fast open if the kernel is recent enough
- enable PCRE JIT if PCRE is recent enough
- enable openssl support!
  - haproxy can finally terminate ssl itself and also talk SSL to
    the backend servers.
  - including SNI/NPN/ALPN support.
  new buildrequires openssl and pkgconfig
- enable deflate support
  new buildrequires zlib-devel
- enable transparent proxy support
- enable usage of accept4. reduces the syscall amount.
- enable building and installing of halog
- install vim file into the correct place
- dropped patches:
  0001-MEDIUM-add-systemd-service.patch
  0002-MEDIUM-add-haproxy-systemd-wrapper.patch
  0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
  0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
  0005-BUILD-stdbool-is-not-portable-again.patch
  0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
  0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
  0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
  0009-openSUSE-Configure-haproxy-user.patch
  0010-openSUSE-Fix-path-to-PCRE-library.patch
  0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
  0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
  0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
  0014-MINOR-systemd-wrapper-improve-logging.patch
  0015-MINOR-systemd-wrapper-propagate-exit-status.patch
- added haproxy-1.2.16_config_haproxy_user.patch:
  (replaces 0009-openSUSE-Configure-haproxy-user.patch)
- added haproxy-1.5_check_config_before_start.patch:
  systemd allows us to run other things before we start the final
  daemon. use this to check the configuration before launching.
- added haproxy-makefile_lib.patch
  (replaces 0010-openSUSE-Fix-path-to-PCRE-library.patch)
- added sec-options.patch:
  allow it more easily to build haproxy with PIE, stackprotector
  and relro. all those options are enabled on our build.
- added apparmor profile
  usr.sbin.haproxy.apparmor
  local.usr.sbin.haproxy.apparmor
- change the conditionals for systemd to use bcond_with to make it
  more obvious what we are guarding.

-------------------------------------------------------------------
Wed May 21 10:50:21 UTC 2014 - jsegitz@novell.com

- added necessary macros for systemd files

-------------------------------------------------------------------
Tue May  6 06:12:08 UTC 2014 - kgronlund@suse.com

- update to 1.4.25 (bnc#876438)
   - DOC: typo: nosepoll self reference in config guide
   - BUG/MINOR: deinit: free fdinfo while doing cleanup
   - BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
   - BUG/MINOR: use the same check condition for server as other algorithms
   - BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv()
   - BUG/MINOR: fix forcing fastinter in "on-error"
   - BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
   - BUG/MAJOR: http: don't emit the send-name-header when no server is available
   - BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
   - MEDIUM: session: disable lingering on the server when the client aborts
   - MINOR: config: warn when a server with no specific port uses rdp-cookie
   - MEDIUM: increase chunk-size limit to 2GB-1
   - DOC: add a mention about the limited chunk size
   - MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
   - BUILD: proto_tcp: remove a harmless warning
   - BUG/MINOR: acl: remove patterns from the tree before freeing them
   - BUG/MEDIUM: checks: fix slow start regression after fix attempt
   - BUG/MAJOR: server: weight calculation fails for map-based algorithms
   - BUG/MINOR: backend: fix target address retrieval in transparent mode
   - BUG/MEDIUM: stick: completely remove the unused flag from the store entries
   - BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
   - BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
   - BUG/MINOR: stats: report correct throttling percentage for servers in slowstart
   - BUG/MINOR: stats: correctly report throttle rate of low weight servers
   - BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
   - BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
   - BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
   - BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN
   - BUG/MEDIUM: http: don't start to forward request data before the connect
   - DOC: fix misleading information about SIGQUIT
   - BUILD: simplify the date and version retrieval in the makefile
   - BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
   - BUILD: use format tags in VERDATE and SUBVERS files

- Reorganized patches and backported fixes for systemd wrapper:
   - Renamed 0006-haproxy-1.2.16_config_haproxy_user.patch to 0009-openSUSE-Configure-haproxy-user.patch
   - Renamed 0007-haproxy-makefile_lib.patch to 0010-openSUSE-Fix-path-to-PCRE-library.patch
   - Removed 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch
   - Added 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
   - Added 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
   - Added 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
   - Added 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
   - Added 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
   - Added 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
   - Added 0014-MINOR-systemd-wrapper-improve-logging.patch
   - Added 0015-MINOR-systemd-wrapper-propagate-exit-status.patch

-------------------------------------------------------------------
Fri Nov 22 09:54:48 UTC 2013 - kgronlund@suse.com

- Backport haproxy-systemd-wrapper from upstream
- Patch haproxy-systemd-wrapper to work on openSUSE

-------------------------------------------------------------------
Thu Oct 31 12:46:04 UTC 2013 - kgronlund@suse.com

- Remove duplicate Requires: from .spec file.

-------------------------------------------------------------------
Thu Oct 31 12:41:12 UTC 2013 - kgronlund@suse.com

- Re-enable sysvinit support for older versions
  (server:http still builds for older versions)

-------------------------------------------------------------------
Mon Oct 28 14:32:00 UTC 2013 - p.drouand@gmail.com

- Add systemd support
  Target distributions all support systemd; keep alive sysvinit support
  is useless

-------------------------------------------------------------------
Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com

- license update:  GPL-2.0+ and  LGPL-2.1+
  only header files are LGPL, the rest is still GPL

-------------------------------------------------------------------
Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de

- update to 1.4.24 (bnc#825412)
  - BUG/MAJOR: backend: consistent hash can loop forever in certain
    circumstances
  - BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks
    are used
  - MEDIUM: protocol: implement a "drain" function in protocol
    layers
  - BUG/CRITICAL: fix a possible crash when using negative header
    occurrences CVE-2013-2175

-------------------------------------------------------------------
Wed Apr  3 14:47:43 UTC 2013 - mrueckert@suse.de

- update to 1.4.23 CVE-2013-1912
  - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
  - BUG: fix garbage data when http-send-name-header replaces an
    existing header
  - BUG/MEDIUM: remove supplementary groups when changing gid
  - BUG/MINOR: Correct logic in cut_crlf()
  - BUG/MINOR: config: use a copy of the file name in proxy
    configurations
  - BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
  - MINOR: halog: sort output by cookie code
  - BUG/MINOR: halog: -ad/-ac report the correct number of output
    lines
  - BUG/MINOR: halog: fix help message for -ut/-uto
  - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel
    mode
  - BUG/MEDIUM: command-line option -D must have precedence over
    "debug"
  - OPTIM: halog: keep a fast path for the lines-count only
  - MINOR: halog: add a parameter to limit output line count
  - BUG: halog: fix broken output limitation
  - MEDIUM: checks: avoid accumulating TIME_WAITs during checks
  - MEDIUM: checks: prevent TIME_WAITs from appearing also on
    timeouts
  - BUG/MAJOR: cli: show sess <id> may randomly corrupt the
    back-ref list
  - BUG/MINOR: http: don't report client aborts as server errors
  - BUG/MINOR: http: don't log a 503 on client errors while waiting
    for requests
  - BUG/MEDIUM: tcp: process could theorically crash on lack of
    source ports
  - BUG/MINOR: http: don't abort client connection on premature
    responses
  - BUILD: no need to clean up when making git-tar
  - MINOR: http: always report PR-- flags for redirect rules
  - BUG/MINOR: time: frequency counters are not totally accurate
  - BUG/MINOR: http: don't process abortonclose when request was
    sent
  - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
  - BUG/MINOR: config: fix improper check for failed memory alloc
    in ACL parser
  - BUG/MEDIUM: checks: ensure the health_status is always within
    bounds
  - CLEANUP: http: remove a useless null check
  - BUG/MEDIUM: signal: signal handler does not properly check for
    signal bounds
  - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on
    memory shortage
  - CLEANUP: config: slowstart is never negative
  - BUILD: improve the makefile's support for libpcre
  - BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
  - MEDIUM: halog: add support for counting per source address
    (-ic)
  - DOC: mention the new HTTP 307 and 308 redirect statues
    (cherry picked from commit
    b67fdc4cd8bde202f2805d98683ddab929469a05)
  - MEDIUM: poll: do not use FD_* macros anymore
  - BUG/MAJOR: ev_select: disable the select() poller if maxsock >
    FD_SETSIZE
  - BUILD: enable poll() by default in the makefile
  - BUILD: add explicit support for Mac OS/X
  - BUG/CRITICAL: using HTTP information in tcp-request content may
    crash the process CVE-2013-1912
  - MEDIUM: http: implement redirect 307 and 308
  - MINOR: http: status 301 should not be marked non-cacheable
- adapt haproxy-makefile_lib.patch to the rewritten Makefile

-------------------------------------------------------------------
Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de

- switch license tag to spdx format.

-------------------------------------------------------------------
Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de

- update to 1.4.22
  - BUG/MEDIUM: option forwardfor if-none doesn't work with some
    configurations
  - MINOR: balance uri: added 'whole' parameter to include query
    string in hash calculation
  - DOC: specify the default value for maxconn in the context of a
    proxy
  - BUG/MINOR: checks: expire on timeout.check if smaller than
    timeout.connect
  - REORG/MINOR: use dedicated proxy flags for the cookie handling
  - BUG/MINOR: config: do not report twice the incompatibility
    between cookie and non-http
  - MINOR: http: add support for "httponly" and "secure" cookie
    attributes
  - MEDIUM: stats: add support for soft stop/soft start in the
    admin interface
  - BUILD: add support for linux kernels >= 2.6.28
  - MINOR: contrib/iprange: add a network IP range to mask
    converter
  - BUILD: add an AIX 5.2 (and later) target.
  - MINOR: halog: use the more recent dual-mode fgets2
    implementation
  - BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on
    full-length matches
  - CLEANUP: halog: make clean should also remove .o files
    (cherry picked from commit
    8ad4193100aafa19f04929670371bf823dbe11d0)
  - OPTIM: halog: make use of memchr() on platforms which provide a
    fast one
  - OPTIM: halog: improve cold-cache behaviour when loading a file
  - [MINOR] config: make it possible to specify a cookie even
    without a server
  - MINOR: config: tolerate server "cookie" setting in non-HTTP
    mode
  - BUG/MINOR: tarpit: fix condition to return the HTTP 500 message

-------------------------------------------------------------------
Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de

- fix description in the init script

-------------------------------------------------------------------
Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org

- update to 1.4.21 (bnc#763833) CVE-2012-2391
  - MINOR: patch for minor typo (ressources/resources)
  - CLEANUP: fix typo in findserver() log message
  - DOC: cleanup indentation, alignment, columns and chapters
  - DOC: fix some keywords arguments documentation
  - MINOR: stats admin: allow unordered parameters in POST requests
  - MINOR: stats admin: use the backend id instead of its name in
    the form
  - BUG/MAJOR: trash must always be the size of a buffer
  - DOC: fix minor regex example issue and improve doc on stats
  - BUG/MAJOR: possible crash when using capture headers on TCP
    frontends
  - MINOR: config: disable header captures in TCP mode and complain
  - BUG/MEDIUM: balance source did not properly hash IPv6 addresses
  - CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
  - CLEANUP: remove a few warning about unchecked return values in
    debug code
  - CLEANUP: http: remove unused http_msg->col
  - BUG/MINOR: http: error snapshots are wrong if buffer wraps
  - BUG/MAJOR: checks: don't call set_server_status_* when no LB
    algo is set
  - MINOR: proxy: make findproxy() return proxies from numeric IDs
    too
  - BUILD: http: stop gcc-4.1.2 from complaining about possibly
    uninitialized values
  - BUG/MINOR: stop connect timeout when connect succeeds

-------------------------------------------------------------------
Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org

- update to 1.4.20:
  - BUG/MINOR: fix typo in processing of http-send-name-header
  - BUG/MEDIUM: correctly disable servers tracking another disabled servers.
  - BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
  - MINOR: halog: add some help on the command line     (cherry picked from
    commit 615674cdec067066a42f53f5d55628ab7b207e6c)
  - BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
  - BUG: http: disable TCP delayed ACKs when forwarding content-length data
  - BUG: checks: fix server maintenance exit sequence
  - BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on
    partial writes
  - DOC: enumerate valid status codes for "observe layer7"

-------------------------------------------------------------------
Wed Feb  8 15:30:58 UTC 2012 - mrueckert@suse.de

- update to 1.4.19
  - MEDIUM: http: add support for sending the server's name in the
    outgoing request
  - BUG/MINOR: fix options forwardfor if-none when an alternative
    header name is specified
  - MINOR: task: new function task_schedule() to schedule a wake up
  - BUG/MEDIUM: checks: fix slowstart behaviour when server
    tracking is in use
  - BUG: tcp: option nolinger does not work on backends
  - BUG: ebtree: ebst_lookup() could return the wrong entry
  - BUG: http: re-enable TCP quick-ack upon incomplete HTTP
    requests
  - CLEANUP: ebtree: remove a few annoying signedness warnings
  - CLEANUP: ebtree: remove 4-year old harmless typo in duplicates
    insertion code
  - CLEANUP: ebtree: remove another typo, a wrong initialization in
    insertion code
  - BUG: proto_tcp: set AF_INET on tproxy for use with recent
    kernels
  - MINOR: halog: add support for matching queued requests
  - BUG: http: tighten the list of allowed characters in a URI

-------------------------------------------------------------------
Wed Nov  9 12:09:33 UTC 2011 - mrueckert@suse.de

- update to 1.4.18
  - [MINOR] http: *_dom matching header functions now also split on
    ":"
  - [MINOR] halog: support backslash-escaped quotes
  - BUILD/MINOR: fix the source URL in the spec file
  - DOC: acl is http_first_req, not http_req_first
  - BUG/MEDIUM: don't trim last spaces from headers consisting only
    of spaces
  - MINOR: acl: add new matches for header/path/url length
  - [MINOR] halog: do not consider byte 0x8A as end of line
  - [OPTIM] halog: make fgets parse more bytes by blocks
  - [OPTIM] halog: add assembly version of the field lookup code
  - [CLEANUP] startup: report only the basename in the usage
    message
  - [DOC] update the README file to reflect new naming rules for
    patches

-------------------------------------------------------------------
Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org

- update to 1.4.17:
  - [MINOR] halog: add support for termination code matching (-tcn/-TCN)
  - [MINOR] halog: make SKIP_CHAR stop on field delimiters
  - [MINOR] halog: add support for HTTP log matching (-H)
  - [MINOR] halog: gain back performance before SKIP_CHAR fix
  - [OPTIM] halog: cache some common fields positions
  - [OPTIM] halog: check once for correct line format and reuse the pointer
  - [OPTIM] halog: remove many 'if' by using a function pointer for the filters
  - [OPTIM] halog: remove support for tab delimiters in input data
  - [MINOR] halog: add -hs/-HS to filter by HTTP status code range
  - [CLEANUP] update the year in the copyright banner
  - [BUG] check: http-check expect + regex would crash in defaults section
  - [MEDIUM] http: make x-forwarded-for addition conditional
  - [DOC] fixed a few "sensible" -> "sensitive" errors
  - [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
  - [BUG] http: trailing white spaces must also be trimmed after headers
  - [MINOR] http: take a capture of too large requests and responses
  - [MINOR] http: take a capture of truncated responses
  - [MINOR] http: take a capture of bad content-lengths.

-------------------------------------------------------------------
Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de

- update to version 1.4.16
  - [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
  - [DOC] Minor spelling fixes and grammatical enhancements
  - [CLEANUP] Remove assigned but unused variables
  - [BUG] checks: http-check expect could fail a check on
    multi-packet responses
  - [DOC] fix minor typo in the "dispatch" doc
  - [MINOR] http: make the "HTTP 200" status code configurable.
  - [MINOR] http: partially revert the chunking optimization for
    now
  - [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete
    transfer
  - [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out
    test
  - [MEDIUM] http: add support for "http-no-delay"
  - [OPTIM] http: optimize chunking again in non-interactive mode
  - [OPTIM] stream_sock: avoid fast-forwarding of partial data
  - [OPTIM] stream_sock: don't use splice on too small payloads
  - [BUG] stats: support url-encoded forms
  - [BUG] halog: correctly handle truncated last line
  - [DOC] fix typos, "#" is a sharp, not a dash

-------------------------------------------------------------------
Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org

- revert splitting out the documentation

-------------------------------------------------------------------
Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org

- split out documentation and examples into haproxy-doc
- add rpmlintrc to suppress false positive warnings about
  script examples in documentation files (without exec flag)
- fix license

-------------------------------------------------------------------
Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de

- update to version 1.4.15
  - [CRITICAL] fix risk of crash when dealing with space in
    response cookies
- additional changes from 1.4.14
  - [MINOR] config: fix endianness of server check port
  - [BUG] http: fix possible incorrect forwarded wrapping chunk
    size (take 2)
  - [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
  - [BUG] http: fix content-length handling on 32-bit platforms
  - [OPTIM] buffers: uninline buffer_forward()

-------------------------------------------------------------------
Wed Mar  9 12:00:23 UTC 2011 - mrueckert@suse.de

- update to 1.4.13
  - config: don't crash on empty pattern files.
- additional changes from 1.4.12
  - stats: add support for several packets in stats admin
  - stats: admin commands must check the proxy state
  - stats: admin web interface must check the proxy state
  - http: update the header list's tail when removing the last
    header
  - fix typos (http-request instead of http-check)     (cherry
    picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c)
  - http: use correct ACL pointer when evaluating authentication
  - cfgparse: correctly count one socket per port in ranges
  - startup: set the rlimits before binding ports, not after.
  - acl: srv_id must return no match when the server is NULL
  - acl: fd leak when reading patterns from file
  - fix minor typo in "usesrc"
  - http: fix possible incorrect forwarded wrapping chunk size
  - http: fix computation of message body length after forwarding
    has started
  - http: balance url_param did not work with first parameters on
    POST
  - update the url_param regression test to test check_post too

-------------------------------------------------------------------
>>>>>>> ./haproxy.changes.r40
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de

- update to 1.4.11
  - cfgparse: Check whether the path given for the stats socket
    actually fits into the sockaddr_un structure to avoid
    truncation.
  - fix a minor typo
  - fix ignore-persist documentation
  - http: fix http-pretend-keepalive and httpclose/tunnel mode
  - add warnings on features not compatible with multi-process mode
  - acl: add be_id/srv_id to match backend's and server's id
  - log: add support for passing the forwarded hostname
  - log: ability to override the syslog tag
  - fix minor typos in the doc
  - fix another typo in the doc
  - http chunking: don't report a parsing error on connection
    errors
  - stream_interface: truncate buffers when sending error messages
  - http: fix incorrect error reporting during data transfers
  - session: correctly leave turn-around and queue states on abort
  - session: release slot before processing pending connections
  - stats: report HTTP message state and buffer flags in error
    dumps
  - http: support wrapping messages in error captures
  - http: capture incorrectly chunked message bodies
  - stats: add global event ID and count
  - http: don't send each chunk in a separate packet
  - acl: fix handling of empty lines in pattern files
  - ebtree: fix ebmb_lookup() with len smaller than the tree's keys
  - ebtree: ebmb_lookup: reduce stack usage by moving the return
    code out of the loop

-------------------------------------------------------------------
Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.10:
  * a possible crash when using Cookie-based persistence with
    appsessions was fixed
  * header processing could become wrong after a single reqidel
    rule removed exactly two headers
  * some out-of-memory conditions were not correctly handled in
    appsession or cookie captures
  * users of appsessions are strongly encouraged to upgrade

-------------------------------------------------------------------
Tue Nov  2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.9:
  * the Web interface now allows you to enable or disable servers
  * the ECV and LDAPv3 checks were merged
  * the MySQL check was improved to support a real login sequence
  * persistence cookies can now be timestamped to support a maximum
    idle time and a maximum life time, and can be removed by the
    server if needed (e.g. logout)
  * the SNMP plugin was improved to report socket stats
  * some Cacti templates were merged
  * the halog tool can now instantly report per-URL response times

-------------------------------------------------------------------
Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de

- implement graceful restart in the init script

-------------------------------------------------------------------
Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de

- update to 1.4.8:
  * mention 'option http-server-close' effect in Tq section
  * summarize and highlight persistent connections behaviour
  * add configuration samples
  * stick_table: the fix for the memory leak caused a regression
  * client: don't add a new session to the list too early

-------------------------------------------------------------------
Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.7:
  * fixes problems where consistent hashing was broken when no
    server ID was specified in the configuration
  * some errors were incorrectly reported as failed instead of
    denied in the statistics
  * the dispatch and http_proxy modes were fixed
  * a few termination flags in the logs used for troubleshooting
    were corrected
  * a few other minor issues were fixed
  * upgrading is recommended

-------------------------------------------------------------------
Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.6:
  * a minor precision about RDP cookies was added to the
    documentation
  * a new ACL keyword was added
  * those who had no problem building and running 1.4.5 don't need
    to upgrade

- drop haproxy-fix_dprintf.patch, merged upstream

-------------------------------------------------------------------
Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.5:
  * Haproxy can now read huge ACL pattern lists from files and
    match inputs against them without any noticeable performance
    impact, making geolocation possible
  * adds a new "ignore-persist" directive, allowing it to ignore
    the persistence cookie if an ACL-based condition is matched
    (which is useful for static objects in stateful farms)
  * a few other minor improvements
  * a nice performance boost of the log analyzer, which can now
    process more than 1 GB of logs per second and report request
    counts by status codes

-------------------------------------------------------------------
Thu Apr  8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.4:
  * brings a new option to work around optimization issues with
    Tomcat and Jetty in server close mode, and for a bug in Jetty's
    handling of Expect: 100-continue
  * a very old appsession unexpected match of shorter cookie names
    was also fixed
  * a new feature to make it possible to connect to a server from
    an IP found in a header was merged: it allows you to run
    stunnel+haproxy in transparent mode together

-------------------------------------------------------------------
Fri Apr  2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.3:
  * fxes a regression introduced in 1.4.2 which could cause a
    connection to still be attempted on the server side in case of
    an error on the client side; this issue could even lead to a
    crash if a Layer7 hash algorithm was used, so this code was
    strengthened
  * the configuration parser now detects many more inappropriate
    options in TCP mode and emits related warnings
  * it is now possible to indicate in the configuration that a
    server will start in the "disabled" state
  * other very minor issues were fixed

-------------------------------------------------------------------
Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.2:
  * fixes a very rare case of stuck client sessions when using
    keep-alive
  * fixes a url_param hash bug which could result in a dead server
    in very rare situations
  * fixes status codes 501 and 505 which could cause a server to be
    marked down if on-error was used
  * fixes a risk of getting truncated HTTP responses when
    chunk-encoding was used
  * fixes an issue with anonymous ACLs
  * improvements on health checks

-------------------------------------------------------------------
Fri Mar  5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.1:
  * some errors were incorrectly reported as 502 with the flags
   "SL" in the logs; this is now fixed
  * other minor issues were fixed
  * documentation was updated

-------------------------------------------------------------------
Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org

- update to 1.4.0:
  * new features:
    + keep-alive
    + IP-based stickiness
    + consistent hashing
    + support for the RDP protocol
    + a much nicer stats interface
    + a much-improved performance level
  * add -fno-strict-aliasing

- changes from 1.4rc1:
  * new features:
    + server maintenance mode
    + HTTP authentication (server and proxy)
    + secure passwords
    + conditional request/response header rewriting using ACLs
    + anonymous ACLs that can be declared inline
    + support for HTTP/1.1 101+Upgrade status code to support non-
      HTTP protocols such as WebSocket

-------------------------------------------------------------------
Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de

- update to 1.3.23

-------------------------------------------------------------------
Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de

- update to 1.3.20

-------------------------------------------------------------------
Fri Apr  3 13:54:40 CEST 2009 - mrueckert@suse.de

- update to 1.3.17

-------------------------------------------------------------------
Mon Mar  9 16:40:38 CET 2009 - mrueckert@suse.de

- update to 1.3.15.8

-------------------------------------------------------------------
Wed Feb  4 15:13:15 CET 2009 - mrueckert@suse.de

- update to 1.3.15.7

-------------------------------------------------------------------
Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de

- update to 1.3.15.4

-------------------------------------------------------------------
Sun Nov  4 21:21:35 CET 2007 - mrueckert@suse.de

- update to 1.3.13.1:
  too many changes see changelog file

-------------------------------------------------------------------
Mon Apr  2 00:53:38 CEST 2007 - mrueckert@suse.de

- prepared spec for easy split out of -snapshot packages.
- added vim syntax file

-------------------------------------------------------------------
Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de

- update to 1.2.17:
  - replaced the linked-list with a faster rbtree in the scheduler
  - add user/group support (Marcus Rueckert)
  - add the "except" keyword to the "forwardfor" option (Bryan
    Germann)
  - re-implemented support for multi-line headers (was
    incidently reverted)
  - fixed possible crash when no cookie was set on a server
  - fixed various length checks in appsession
  - fixed unlikely memory leak in appsession in case of memory
    shortage
  - updates to the architecture guide
- remove haproxy-1.2.16_username_groupname_support.patch:
  patch included upstream

-------------------------------------------------------------------
Mon Jan  8 00:27:17 CET 2007 - mrueckert@suse.de

- initial package of 1.2.16
- added 2 patches:
  haproxy-1.2.16_config_haproxy_user.patch
  haproxy-1.2.16_username_groupname_support.patch
  the patches allow to specify username and groupname instead of
  uid/gid. The patches are needed as we do not have a static
  uid/gid for the haproxy user/group.