- Update to version 1.8.1 (bsc#1069954):
* BUG/MAJOR: h2: correctly check the request length when building an H1 request
* BUG/MAJOR: thread: Be sure to request a sync between threads only once at a time
* BUG/MAJOR: thread/peers: fix deadlock on peers sync.
* BUG/MEDIUM: h2: do not accept upper case letters in request header names
* BUG/MEDIUM: h2: remove connection-specific headers from request
* BUG/MEDIUM: h2: enforce the per-connection stream limit
* BUG/MEDIUM: checks: Be sure we have a mux if we created a cs.
* BUG/MEDIUM: peers: fix some track counter rules dont register entries for sync.
* BUG/MEDIUM: h2: don't report an error after parsing a 100-continue response
* BUG/MEDIUM: threads/peers: decrement, not increment jobs on quitting
* BUG/MEDIUM: stream: fix session leak on applet-initiated connections
* BUG/MEDIUM: cache: bad computation of the remaining size
* BUG/MEDIUM: ssl: don't allocate shctx several time
* BUG/MEDIUM: tcp-check: Don't lock the server in tcpcheck_main
* BUG/MEDIUM: kqueue: Don't bother closing the kqueue after fork.
* BUG/MINOR: h2: use the H2_F_DATA_* macros for DATA frames
* BUG/MINOR: h2: reject response pseudo-headers from requests
* BUG/MINOR: h2: properly check PRIORITY frames
* BUG/MINOR: h2: reject incorrect stream dependencies on HEADERS frame
* BUG/MINOR: h2: do not accept SETTINGS_ENABLE_PUSH other than 0 or 1
* BUG/MINOR: h2: the TE header if present may only contain trailers
* BUG/MINOR: h2: fix a typo causing PING/ACK to be responded to
* BUG/MINOR: h2: ":path" must not be empty
* BUG/MINOR: h2: try to abort closed streams as soon as possible
* BUG/MINOR: h2: immediately close if receiving GOAWAY after the last stream
* BUG/MINOR: hpack: dynamic table size updates are only allowed before headers
* BUG/MINOR: hpack: reject invalid header index
* BUG/MINOR: hpack: must reject huffman literals padded with more than 7 bits
* BUG/MINOR: hpack: fix debugging output of pseudo header names
OBS-URL: https://build.opensuse.org/request/show/548068
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=154
- Update to version 1.7.9:
* BUG/MINOR: peers: peer synchronization issue (with several peers sections).
* BUG/MINOR: lua: In error case, the safe mode is not removed
* BUG/MINOR: lua: executes the function destroying the Lua session in safe mode
* BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted
* BUG/MEDIUM: lua: bad memory access
* DOC: update the list of OpenSSL versions in the README
* DOC: Updated 51Degrees git URL to point to a stable version.
* BUG/MINOR: http: Set the response error state in http_sync_res_state
* MINOR: http: Reorder/rewrite checks in http_resync_states
* MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags
* BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined
* BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state
* BUG/MINOR: lua: Fix Server.get_addr() port values
* BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()
* BUG/MINOR: lua: always detach the tcp/http tasks before freeing them
* BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions.
OBS-URL: https://build.opensuse.org/request/show/518340
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=149
- Update to version 1.7.8:
* BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue
* BUG/MAJOR: cli: fix custom io_release was crushed by NULL.
* BUG/MAJOR: map: fix segfault during 'show map/acl' on cli.
* BUG/MAJOR: compression: Be sure to release the compression state in all cases
* DOC: fix references to the section about time format.
* BUG/MEDIUM: map/acl: fix unwanted flags inheritance.
* BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel
* BUG/MINOR: http: Don't reset the transaction if there are still data to send
* BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels
* BUG/MINOR: http: properly handle all 1xx informational responses
- Update to version 1.7.7:
* BUG/MINOR: Wrong peer task expiration handling during synchronization processing.
* BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed
* BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range 1..32767
* DOC: fix references to the section about the unix socket
* BUG/MINOR: log: pin the front connection when front ip/ports are logged
OBS-URL: https://build.opensuse.org/request/show/509191
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=148
- Update to version 1.7.6:
* DOC: changed "block"(deprecated) examples to http-request deny
* DOC: add few comments to examples.
* DOC: update sample code for PROXY protocol
* DOC: mention lighttpd 1.4.46 implements PROXY
* DOC: stick-table is available in frontend sections
* BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets.
* BUG/MINOR: config: missing goto out after parsing an incorrect ACL character
* BUG/MINOR: arg: don't try to add an argument on failed memory allocation
* BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error
* BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
* MINOR: lua: ensure the memory allocator is used all the time
* CLEANUP: logs: typo: simgle => single
* BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
* BUG/MAJOR: Use -fwrapv.
* BUG/MINOR: server: don't use "proxy" when px is really meant.
* BUG/MINOR: server: missing default server 'resolvers' setting duplication.
* DOC: add layer 4 links/cross reference to "block" keyword.
* DOC: errloc/errorloc302/errorloc303 missing status codes.
* BUG/MEDIUM: lua: memory leak
* MEDIUM: config: don't check config validity when there are fatal errors
* BUG/MINOR: hash-balance-factor isn't effective in certain circumstances
* MINOR/DOC: lua: just precise one thing
* BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
* DOC: update RFC references
* BUG/MINOR: checks: don't send proxy protocol with agent checks
* BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything
* BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer
* BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers
* BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map
OBS-URL: https://build.opensuse.org/request/show/504548
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=147
- Update to version 1.7.5:
* BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
* BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
* BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
* BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
* MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
OBS-URL: https://build.opensuse.org/request/show/493447
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=146
- Update to version 1.7.4:
* MINOR: config: warn when some HTTP rules are used in a TCP proxy
* BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
* BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
* BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
* BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
* BUG/MINOR: Fix "get map <map> <value>" CLI command
* BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
* BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
* BUG/MINOR: checks: attempt clean shutw for SSL check
* BUG/MEDIUM: listener: do not try to rebind another process' socket
* BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
* BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
* BUG/MEDIUM: connection: ensure to always report the end of handshakes
* BUG: payload: fix payload not retrieving arbitrary lengths
* BUG/MAJOR: http: fix typo in http_apply_redirect_rule
* BUG/MEDIUM: stream: fix client-fin/server-fin handling
* MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
* BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
* DOC/MINOR: Fix typos in proxy protocol doc
* DOC: Protocol doc: add checksum, TLV type ranges
* DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
* DOC: Protocol doc: add noop TLV
* MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
* BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
* MINOR: server: irrelevant error message with 'default-server' config file keyword.
* MINOR: doc: fix use-server example (imap vs mail)
* BUG/MEDIUM: tcp: don't require privileges to bind to device
OBS-URL: https://build.opensuse.org/request/show/483306
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=145
- Update to version 1.7.3:
* BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
* BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
* BUG/MINOR: unix: fix connect's polling in case no data are scheduled
* BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword
* MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested
* BUG/MAJOR: dns: restart sockets after fork()
* MINOR: chunks: implement a simple dynamic allocator for trash buffers
* BUG/MEDIUM: http: prevent redirect from overwriting a buffer
* BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined
* BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
* BUG/MINOR: http: Return an error when a replace-header rule failed on the response
* BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
* BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
* BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule
* MINOR: http: don't close when redirect location doesn't start with "/"
OBS-URL: https://build.opensuse.org/request/show/460842
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=144
- Update to version 1.7.2:
* BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
* BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
* DOC: lua: documentation about time parser functions
* DOC: lua: section declared twice
* BUG/MINOR: lua/cli: bad error message
* DOC: fix small typo in fe_id (backend instead of frontend)
* BUG/MINOR: Fix the sending function in Lua's cosocket
* BUG/MINOR: lua: memory leak executing tasks
* BUG/MINOR: lua: bad return code
* BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
* BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
* BUG/MINOR: stats: fix be/sessions/current out in typed stats
* BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
* BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
* BUG/MINOR: systemd: potential zombie processes
* DOC: Add timings events schemas
* BUG/MINOR: option prefer-last-server must be ignored in some case
* MINOR: stats: Support "select all" for backend actions
* BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
* BUG/MAJOR: channel: Fix the definition order of channel analyzers
* BUG/MINOR: http: report real parser state in error captures
* BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
* MINOR: http: custom status reason.
* MINOR: connection: add sample fetch "fc_rcvd_proxy"
* BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
* BUG/MINOR: tools: fix off-by-one in port size check
* BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
* MEDIUM: server: split the address and the port into two different fields
* MINOR: tools: make str2sa_range() return the port in a separate argument
* MINOR: server: take the destination port from the port field, not the addr
* MEDIUM: server: disable protocol validations when the server doesn't resolve
* BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
* BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
* MINOR: proto_http.c 502 error txt typo.
* DOC: add deprecation notice to "block"
* BUG/MINOR: Reset errno variable before calling strtol(3)
OBS-URL: https://build.opensuse.org/request/show/453453
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=142
* BUG/MAJOR: stream: fix session abort on resource shortage
* BUG/MINOR: cli: allow the backslash to be escaped on the CLI
* BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
* DOC: Fix map table's format
* DOC: Added 51Degrees conv and fetch functions to documentation.
* BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
* DOC: mention that req_tot is for both frontends and backends
* BUG/MEDIUM: variables: some variable name can hide another ones
* BUG/MINOR: stats: fix be/sessions/max output in html stats
* MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
* DOC: lua: Documentation about some entry missing
* MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set
* DOC: Add undocumented argument of the trace filter
* DOC: Fix some typo in SPOE documentation
* BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
* MINOR: applet: Count number of (active) applets
* MINOR: task: Rename run_queue and run_queue_cur counters
* BUG/MEDIUM: stream: Save unprocessed events for a stream
* BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
* BUILD/MEDIUM: Fixing the build using LibreSSL
* [RELEASE] Released version 1.7.1
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=141
- Update to version 1.7.0:
* BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
* BUG/MINOR: stats: make field_str() return an empty string on NULL
* BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
* BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn
* BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
* BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
* BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode
OBS-URL: https://build.opensuse.org/request/show/443139
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=138
- Update to version 1.6.9+git.1477940904.ab45181 (fate#321723)
* BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang
* MINOR: cfgparse: few memory leaks fixes.
* MINOR: build: Allow linking to device-atlas library file
* DOC: Fix typo in description of `-st` parameter in man page
* BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream
* BUG/MEDIUM: peers: fix use after free in peer_session_create()
* BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed
* MINOR: systemd: report it when execve() fails
* BUG/MINOR: systemd: check return value of calloc()
* BUG/MINOR: systemd: always restore signals before execve()
* BUG/MINOR: systemd: make the wrapper return a non-null status code on error
* BUG/MINOR: ssl: prevent multiple entries for the same certificate
* BUG/MINOR: ssl: Check malloc return code
* BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session
* BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
* BUG/MINOR: vars: use sess and not s->sess in action_store()
* MEDIUM: make SO_REUSEPORT configurable
* MINOR: Add fe_req_rate sample fetch
* MINOR: show Running on zlib version
* MINOR: show Built with PCRE version
* BUG/MINOR: displayed PCRE version is running release
OBS-URL: https://build.opensuse.org/request/show/438382
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=135
- Update to 1.6.9
- MINOR: cli: allow the semi-colon to be escaped on the CLI
- BUG/MINOR: payload: fix SSLv2 version parser
- BUG/MAJOR: stream: properly mark the server address as unset on connect retry
- DOC: Updated 51Degrees readme.
- BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table
- BUG/MINOR: peers: empty chunks after a resync.
- BUG/MINOR: peers: some updates are pushed twice after a resync.
- MINOR: sample: use smp_make_rw() in upper/lower converters
- BUG/MEDIUM: stick-table: properly convert binary samples to keys
- BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size
- BUG/MAJOR: server: the "sni" directive could randomly cause trouble
- MINOR: sample: provide smp_is_rw() and smp_make_rw()
- MINOR: sample: implement smp_is_safe() and smp_make_safe()
- BUG/MEDIUM: samples: make smp_dup() always duplicate the sample
- BUG/MAJOR: compression: initialize avail_in/next_in even during flush
- BUILD: make proto_tcp.c compatible with musl library
- DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
- BUG/MEDIUM: stream-int: completely detach connection on connect error
- BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests
- DOC: lua: remove old functions
- BUG/MINOR: peers: Fix peers data decoding issue
- BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash
- BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash
OBS-URL: https://build.opensuse.org/request/show/424127
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=132
- BUILD: ssl: fix build error introduced in commit 7969a3 with
OpenSSL < 1.0.0
- DOC: fix a typo for a "deviceatlas" keyword
- FIX: small typo in an example using the "Referer" header
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
- BUG/MAJOR: dns: first DNS response packet not matching queried
hostname may lead to a loop
- BUG/MINOR: dns: unable to parse CNAMEs response
- BUG/MINOR: examples/haproxy.init: missing brace in
quiet_check()
- DOC: deviceatlas: more example use cases.
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
install-bin.
- BUG/MAJOR: http: don't requeue an idle connection that is
already queued
- DOC: typo on capture.res.hdr and capture.req.hdr
- BUG/MINOR: dns: check for duplicate nameserver id in a
resolvers section was missing
- CLEANUP: use direction names in place of numeric values
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
- drop haproxy-1.6.0-ssl-098.patch: included upstream
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=122
- DOC: specify that stats socket doc (section 9.2) is in
management
- BUILD: install only relevant and existing documentation
- CLEANUP: don't ignore debian/ directory if present
- BUG/MINOR: dns: parsing error of some DNS response
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
disabled
- MEDIUM: dns: Don't use the ANY query type
- drop haproxy-1.6.0-ssl.crash.patch included in update
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=121
- drop patches we pulled from upstream git:
0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
0002-DOC-usesrc-root-privileges-requirements.patch
0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
0006-DOC-typo-in-redirect-302-code-meaning.patch
0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
0008-CLEANUP-.gitignore-ignore-more-test-files.patch
0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
0012-DOC-ssl-missing-LF.patch
0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
- refresh/redo patches to apply cleanly again:
old: haproxy-1.2.16_config_haproxy_user.patch
new: haproxy-1.6.0_config_haproxy_user.patch
old: haproxy-makefile_lib.patch
new: haproxy-1.6.0-makefile_lib.patch
old: sec-options.patch
new: haproxy-1.6.0-sec-options.patch
- added new haproxy.cfg to have a minimal config we can actually
launch!
- drop patch haproxy-1.5.8-fix-bashisms.patch: patched files no
longer exist
- drop haproxy.vim: we will use the copy which ships with the
upstream tarball now.
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=117
