pool/haproxy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6cdbd8d7c3
haproxy/haproxy.changes

1057 lines
47 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Thu Oct 9 14:24:45 UTC 2014 - kgronlund@suse.com
- Fix check config before start patch to apply after previous patch
- Update patch: haproxy-1.5_check_config_before_start.patch
-------------------------------------------------------------------
Thu Oct 9 14:14:35 UTC 2014 - kgronlund@suse.com
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
- Add patch:
- 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
-------------------------------------------------------------------
Wed Oct 8 12:53:41 UTC 2014 - kgronlund@suse.com
- update to 1.5.5
- DOC: indicate that weight zero is reported as DRAIN
- DOC: Address issue where documentation is excluded due to a gitignore rule
- This update includes all previous patches since 1.5.4
- Removed patches:
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
-------------------------------------------------------------------
Mon Oct 6 09:09:58 UTC 2014 - kgronlund@suse.com
- Backported fixes:
- BUG/MEDIUM: http: adjust close mode when switching to backend
- BUG/MINOR: config: don't propagate process binding on fatal errors.
- BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
- BUG/MINOR: tcp-check: report the correct failed step in the status
- BUG/MINOR: config: don't propagate process binding for dynamic use_backend
- Added patches:
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
-------------------------------------------------------------------
Thu Sep 25 16:10:08 UTC 2014 - kgronlund@suse.com
- Backported fixes (bnc#898498):
- DOC: clearly state that the "show sess" output format is not fixed
- MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
- MEDIUM: Improve signal handling in systemd wrapper.
- MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
- DOC: indicate in the doc that track-sc* can wait if data are missing
- MEDIUM: http: enable header manipulation for 101 responses
- BUG/MEDIUM: config: propagate frontend to backend process binding again.
- MEDIUM: config: properly propagate process binding between proxies
- MEDIUM: config: make the frontends automatically bind to the listeners' processes
- MEDIUM: config: compute the exact bind-process before listener's maxaccept
- MEDIUM: config: only warn if stats are attached to multi-process bind directives
- MEDIUM: config: report it when tcp-request rules are misplaced
- MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
- MEDIUM: systemd-wrapper: support multiple executable versions and names
- BUG/MEDIUM: remove debugging code from systemd-wrapper
- Added patches:
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
-------------------------------------------------------------------
Wed Sep 3 07:35:14 UTC 2014 - kgronlund@suse.com
- update to 1.5.4 (bnc#895849 CVE-2014-6269)
- BUG: config: error in http-response replace-header number of arguments
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MEDIUM: http: tarpit timeout is reset
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
- Dropped patches:
- 0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
- 0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
- 0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
-------------------------------------------------------------------
Fri Aug 22 14:38:59 UTC 2014 - mrueckert@suse.de
- pull 2 more fixes from git:
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
A couple of typo fixed in 'http-response replace-header':
- an error when counting the number of arguments
- a typo in the alert message
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
Before the commit bbba2a8ecc35daf99317aaff7015c1931779c33b
(1.5-dev24-8), the tarpit section set timeout and return, after
this commit, the tarpit section set the timeout, and go to the
"done" label which reset the timeout.
-------------------------------------------------------------------
Wed Jul 30 09:47:38 UTC 2014 - mrueckert@suse.de
- pull important fixes from git:
0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
Especially the last patch is important:
As a consequence of various recent changes on the sample
conversion, a corner case has emerged where it is possible to
wait forever for a sample in track-sc*.
-------------------------------------------------------------------
Mon Jul 28 11:33:14 UTC 2014 - kgronlund@suse.com
- update to 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
- Removed backported patches:
- 0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
- 0002-DOC-fix-typo-in-Unix-Socket-commands.patch
- 0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
- 0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
- 0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
- 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch
-------------------------------------------------------------------
Mon Jul 21 13:45:40 UTC 2014 - mrueckert@suse.de
- added 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch:
Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory
corruption when building a proxy v2 header") was wrong, using
&cn_trash instead of cn_trash resulting in a warning and the
client's SSL cert CN not being stored at the proper location.
-------------------------------------------------------------------
Fri Jul 18 15:01:53 UTC 2014 - mrueckert@suse.de
- added
0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch:
BUG/MEDIUM: connection: fix memory corruption when building a
proxy v2 header
-------------------------------------------------------------------
Thu Jul 17 10:45:28 UTC 2014 - mrueckert@suse.de
- pulled a few fixes from the 1.5 branch: most notable the DHE
memleak fix. Adds the following patches:
0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
0002-DOC-fix-typo-in-Unix-Socket-commands.patch
0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
-------------------------------------------------------------------
Sat Jul 12 16:56:27 UTC 2014 - mrueckert@suse.de
- update to 1.5.2
- BUG/MEDIUM: backend: Update hash to use unsigned int throughout
- BUG/MINOR: ssl: Fix external function in order not to return a
pointer on an internal trash buffer.
- DOC: expand the docs for the provided stats.
- BUG/MEDIUM: unix: do not unlink() abstract namespace sockets
upon failure.
- MINOR: stats: fix minor typo in HTML page
- BUG/MEDIUM: http: fetch "base" is not compatible with
set-header
- BUG/MINOR: counters: do not untrack counters before logging
- BUG/MAJOR: sample: correctly reinitialize sample fetch context
before calling sample_process()
- MINOR: stick-table: make stktable_fetch_key() indicate why it
failed
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable
contents
- BUILD: remove TODO from the spec file and add README
- MINOR: log: make MAX_SYSLOG_LEN overridable at build time
- MEDIUM: log: support a user-configurable max log line length
- DOC: provide an example of how to use ssl_c_sha1
- BUILD: http: fix isdigit & isspace warnings on Solaris
- BUG/MINOR: listener: set the listener's fd to -1 after deletion
- BUG/MEDIUM: unix: failed abstract socket binding is retryable
- MEDIUM: listener: implement a per-protocol pause() function
- MEDIUM: listener: support rebinding during resume()
- BUG/MEDIUM: unix: completely unbind abstract sockets during a
pause()
- DOC: explicitly mention the limits of abstract namespace
sockets
- DOC: minor fix on {sc,src}_kbytes_{in,out}
- DOC: fix alphabetical sort of converters
- BUG/MAJOR: http: correctly rewind the request body after start
of forwarding
- DOC: remove references to CPU=native in the README
- DOC: mention that "compression offload" is ignored in defaults
section
- drop patches including in version upgrade.
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
- use www.haproxy.org now instead of the old domain which is just
redirecting to haproxy.org now.
-------------------------------------------------------------------
Tue Jul 1 12:13:33 UTC 2014 - kgronlund@suse.com
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
- MINOR: stick-table: make stktable_fetch_key() indicate why it failed
- BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process()
- BUG/MINOR: counters: do not untrack counters before logging
- BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
- BUG/MEDIUM: http: fetch "base" is not compatible with set-header
- Add patches:
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
-------------------------------------------------------------------
Tue Jun 24 15:55:48 UTC 2014 - mrueckert@suse.de
- install the vim file into the versioned directory and dont cover
the current symlink with a directory
-------------------------------------------------------------------
Tue Jun 24 13:00:39 UTC 2014 - mrueckert@suse.de
- add Requires to vim to make the ownership of the vim directory
clear and not break any symlink handling the vim package might
use.
-------------------------------------------------------------------
Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de
- update to 1.5.1
- BUG/MINOR: config: http-request replace-header arg typo
- BUG/MINOR: ssl: rejects OCSP response without nextupdate.
- BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
- BUG/MINOR: ssl: Fix OCSP resp update fails with the same
certificate configured twice. (cherry picked from commit
1d3865b096b43b9a6d6a564ffb424ffa6f1ef79f)
- BUG/MEDIUM: Consistently use 'check' in process_chk
- BUG/MAJOR: session: revert all the crappy client-side timeout
changes
- BUG/MINOR: logs: properly initialize and count log sockets
- drop haproxy-1.5.0_consistently_use_check.patch:
included upstream
-------------------------------------------------------------------
Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com
- Install vim file to a more appropriate location
-------------------------------------------------------------------
Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com
- added pre macro for systemd service file
-------------------------------------------------------------------
Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com
- Use better systemd detection consistently
-------------------------------------------------------------------
Sun Jun 22 19:48:11 UTC 2014 - mrueckert@suse.de
- pull commit 9ac7cabaf9945fb92c96cb92f5ea85235f54f7d6:
Consistently use 'check' in process_chk
I am not entirely sure that this is a bug, but it seems
to me that it may cause a problem if there agent-check is
configured and there is some kind of error making a connection
for it.
adds patch haproxy-1.5.0_consistently_use_check.patch
-------------------------------------------------------------------
Fri Jun 20 14:37:21 UTC 2014 - mrueckert@suse.de
- update to 1.5.0
For people who don't follow the development versions, 1.5 expands
1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and
OCSP stapling, IPv6 and UNIX sockets are supported everywhere,
full HTTP keep-alive for better support of NTLM and improved
efficiency in static farms, HTTP/1.1 compression (deflate, gzip)
to save bandwidth, PROXY protocol versions 1 and 2 on both sides,
data sampling on everything in request or response, including
payload, ACLs can use any matching method with any input sample
maps and dynamic ACLs updatable from the CLI stick-tables support
counters to track activity on any input sample custom format for
logs, unique-id, header rewriting, and redirects, improved health
checks (SSL, scripted TCP, check agent, ...), much more scalable
configuration supports hundreds of thousands of backends and
certificates without sweating.
For all the details see /usr/share/doc/packages/haproxy/CHANGELOG
- enable tcp fast open if the kernel is recent enough
- enable PCRE JIT if PCRE is recent enough
- enable openssl support!
- haproxy can finally terminate ssl itself and also talk SSL to
the backend servers.
- including SNI/NPN/ALPN support.
new buildrequires openssl and pkgconfig
- enable deflate support
new buildrequires zlib-devel
- enable transparent proxy support
- enable usage of accept4. reduces the syscall amount.
- enable building and installing of halog
- install vim file into the correct place
- dropped patches:
0001-MEDIUM-add-systemd-service.patch
0002-MEDIUM-add-haproxy-systemd-wrapper.patch
0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
0005-BUILD-stdbool-is-not-portable-again.patch
0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
0009-openSUSE-Configure-haproxy-user.patch
0010-openSUSE-Fix-path-to-PCRE-library.patch
0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
0014-MINOR-systemd-wrapper-improve-logging.patch
0015-MINOR-systemd-wrapper-propagate-exit-status.patch
- added haproxy-1.2.16_config_haproxy_user.patch:
(replaces 0009-openSUSE-Configure-haproxy-user.patch)
- added haproxy-1.5_check_config_before_start.patch:
systemd allows us to run other things before we start the final
daemon. use this to check the configuration before launching.
- added haproxy-makefile_lib.patch
(replaces 0010-openSUSE-Fix-path-to-PCRE-library.patch)
- added sec-options.patch:
allow it more easily to build haproxy with PIE, stackprotector
and relro. all those options are enabled on our build.
- added apparmor profile
usr.sbin.haproxy.apparmor
local.usr.sbin.haproxy.apparmor
- change the conditionals for systemd to use bcond_with to make it
more obvious what we are guarding.
-------------------------------------------------------------------
Wed May 21 10:50:21 UTC 2014 - jsegitz@novell.com
- added necessary macros for systemd files
-------------------------------------------------------------------
Tue May 6 06:12:08 UTC 2014 - kgronlund@suse.com
- update to 1.4.25 (bnc#876438)
- DOC: typo: nosepoll self reference in config guide
- BUG/MINOR: deinit: free fdinfo while doing cleanup
- BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
- BUG/MINOR: use the same check condition for server as other algorithms
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv()
- BUG/MINOR: fix forcing fastinter in "on-error"
- BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
- BUG/MAJOR: http: don't emit the send-name-header when no server is available
- BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
- MEDIUM: session: disable lingering on the server when the client aborts
- MINOR: config: warn when a server with no specific port uses rdp-cookie
- MEDIUM: increase chunk-size limit to 2GB-1
- DOC: add a mention about the limited chunk size
- MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
- BUILD: proto_tcp: remove a harmless warning
- BUG/MINOR: acl: remove patterns from the tree before freeing them
- BUG/MEDIUM: checks: fix slow start regression after fix attempt
- BUG/MAJOR: server: weight calculation fails for map-based algorithms
- BUG/MINOR: backend: fix target address retrieval in transparent mode
- BUG/MEDIUM: stick: completely remove the unused flag from the store entries
- BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
- BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
- BUG/MINOR: stats: report correct throttling percentage for servers in slowstart
- BUG/MINOR: stats: correctly report throttle rate of low weight servers
- BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
- BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
- BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN
- BUG/MEDIUM: http: don't start to forward request data before the connect
- DOC: fix misleading information about SIGQUIT
- BUILD: simplify the date and version retrieval in the makefile
- BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
- BUILD: use format tags in VERDATE and SUBVERS files
- Reorganized patches and backported fixes for systemd wrapper:
- Renamed 0006-haproxy-1.2.16_config_haproxy_user.patch to 0009-openSUSE-Configure-haproxy-user.patch
- Renamed 0007-haproxy-makefile_lib.patch to 0010-openSUSE-Fix-path-to-PCRE-library.patch
- Removed 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch
- Added 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
- Added 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
- Added 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
- Added 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
- Added 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
- Added 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
- Added 0014-MINOR-systemd-wrapper-improve-logging.patch
- Added 0015-MINOR-systemd-wrapper-propagate-exit-status.patch
-------------------------------------------------------------------
Fri Nov 22 09:54:48 UTC 2013 - kgronlund@suse.com
- Backport haproxy-systemd-wrapper from upstream
- Patch haproxy-systemd-wrapper to work on openSUSE
-------------------------------------------------------------------
Thu Oct 31 12:46:04 UTC 2013 - kgronlund@suse.com
- Remove duplicate Requires: from .spec file.
-------------------------------------------------------------------
Thu Oct 31 12:41:12 UTC 2013 - kgronlund@suse.com
- Re-enable sysvinit support for older versions
(server:http still builds for older versions)
-------------------------------------------------------------------
Mon Oct 28 14:32:00 UTC 2013 - p.drouand@gmail.com
- Add systemd support
Target distributions all support systemd; keep alive sysvinit support
is useless
-------------------------------------------------------------------
Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com
- license update: GPL-2.0+ and LGPL-2.1+
only header files are LGPL, the rest is still GPL
-------------------------------------------------------------------
Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de
- update to 1.4.24 (bnc#825412)
- BUG/MAJOR: backend: consistent hash can loop forever in certain
circumstances
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks
are used
- MEDIUM: protocol: implement a "drain" function in protocol
layers
- BUG/CRITICAL: fix a possible crash when using negative header
occurrences CVE-2013-2175
-------------------------------------------------------------------
Wed Apr 3 14:47:43 UTC 2013 - mrueckert@suse.de
- update to 1.4.23 CVE-2013-1912
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
- BUG: fix garbage data when http-send-name-header replaces an
existing header
- BUG/MEDIUM: remove supplementary groups when changing gid
- BUG/MINOR: Correct logic in cut_crlf()
- BUG/MINOR: config: use a copy of the file name in proxy
configurations
- BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
- MINOR: halog: sort output by cookie code
- BUG/MINOR: halog: -ad/-ac report the correct number of output
lines
- BUG/MINOR: halog: fix help message for -ut/-uto
- BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel
mode
- BUG/MEDIUM: command-line option -D must have precedence over
"debug"
- OPTIM: halog: keep a fast path for the lines-count only
- MINOR: halog: add a parameter to limit output line count
- BUG: halog: fix broken output limitation
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
- MEDIUM: checks: prevent TIME_WAITs from appearing also on
timeouts
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the
back-ref list
- BUG/MINOR: http: don't report client aborts as server errors
- BUG/MINOR: http: don't log a 503 on client errors while waiting
for requests
- BUG/MEDIUM: tcp: process could theorically crash on lack of
source ports
- BUG/MINOR: http: don't abort client connection on premature
responses
- BUILD: no need to clean up when making git-tar
- MINOR: http: always report PR-- flags for redirect rules
- BUG/MINOR: time: frequency counters are not totally accurate
- BUG/MINOR: http: don't process abortonclose when request was
sent
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
- BUG/MINOR: config: fix improper check for failed memory alloc
in ACL parser
- BUG/MEDIUM: checks: ensure the health_status is always within
bounds
- CLEANUP: http: remove a useless null check
- BUG/MEDIUM: signal: signal handler does not properly check for
signal bounds
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on
memory shortage
- CLEANUP: config: slowstart is never negative
- BUILD: improve the makefile's support for libpcre
- BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
- MEDIUM: halog: add support for counting per source address
(-ic)
- DOC: mention the new HTTP 307 and 308 redirect statues
(cherry picked from commit
b67fdc4cd8bde202f2805d98683ddab929469a05)
- MEDIUM: poll: do not use FD_* macros anymore
- BUG/MAJOR: ev_select: disable the select() poller if maxsock >
FD_SETSIZE
- BUILD: enable poll() by default in the makefile
- BUILD: add explicit support for Mac OS/X
- BUG/CRITICAL: using HTTP information in tcp-request content may
crash the process CVE-2013-1912
- MEDIUM: http: implement redirect 307 and 308
- MINOR: http: status 301 should not be marked non-cacheable
- adapt haproxy-makefile_lib.patch to the rewritten Makefile
-------------------------------------------------------------------
Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de
- switch license tag to spdx format.
-------------------------------------------------------------------
Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de
- update to 1.4.22
- BUG/MEDIUM: option forwardfor if-none doesn't work with some
configurations
- MINOR: balance uri: added 'whole' parameter to include query
string in hash calculation
- DOC: specify the default value for maxconn in the context of a
proxy
- BUG/MINOR: checks: expire on timeout.check if smaller than
timeout.connect
- REORG/MINOR: use dedicated proxy flags for the cookie handling
- BUG/MINOR: config: do not report twice the incompatibility
between cookie and non-http
- MINOR: http: add support for "httponly" and "secure" cookie
attributes
- MEDIUM: stats: add support for soft stop/soft start in the
admin interface
- BUILD: add support for linux kernels >= 2.6.28
- MINOR: contrib/iprange: add a network IP range to mask
converter
- BUILD: add an AIX 5.2 (and later) target.
- MINOR: halog: use the more recent dual-mode fgets2
implementation
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on
full-length matches
- CLEANUP: halog: make clean should also remove .o files
(cherry picked from commit
8ad4193100aafa19f04929670371bf823dbe11d0)
- OPTIM: halog: make use of memchr() on platforms which provide a
fast one
- OPTIM: halog: improve cold-cache behaviour when loading a file
- [MINOR] config: make it possible to specify a cookie even
without a server
- MINOR: config: tolerate server "cookie" setting in non-HTTP
mode
- BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
-------------------------------------------------------------------
Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de
- fix description in the init script
-------------------------------------------------------------------
Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org
- update to 1.4.21 (bnc#763833) CVE-2012-2391
- MINOR: patch for minor typo (ressources/resources)
- CLEANUP: fix typo in findserver() log message
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: stats admin: allow unordered parameters in POST requests
- MINOR: stats admin: use the backend id instead of its name in
the form
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- BUG/MAJOR: possible crash when using capture headers on TCP
frontends
- MINOR: config: disable header captures in TCP mode and complain
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- CLEANUP: remove a few warning about unchecked return values in
debug code
- CLEANUP: http: remove unused http_msg->col
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MAJOR: checks: don't call set_server_status_* when no LB
algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs
too
- BUILD: http: stop gcc-4.1.2 from complaining about possibly
uninitialized values
- BUG/MINOR: stop connect timeout when connect succeeds
-------------------------------------------------------------------
Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org
- update to 1.4.20:
- BUG/MINOR: fix typo in processing of http-send-name-header
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line (cherry picked from
commit 615674cdec067066a42f53f5d55628ab7b207e6c)
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on
partial writes
- DOC: enumerate valid status codes for "observe layer7"
-------------------------------------------------------------------
Wed Feb 8 15:30:58 UTC 2012 - mrueckert@suse.de
- update to 1.4.19
- MEDIUM: http: add support for sending the server's name in the
outgoing request
- BUG/MINOR: fix options forwardfor if-none when an alternative
header name is specified
- MINOR: task: new function task_schedule() to schedule a wake up
- BUG/MEDIUM: checks: fix slowstart behaviour when server
tracking is in use
- BUG: tcp: option nolinger does not work on backends
- BUG: ebtree: ebst_lookup() could return the wrong entry
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP
requests
- CLEANUP: ebtree: remove a few annoying signedness warnings
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates
insertion code
- CLEANUP: ebtree: remove another typo, a wrong initialization in
insertion code
- BUG: proto_tcp: set AF_INET on tproxy for use with recent
kernels
- MINOR: halog: add support for matching queued requests
- BUG: http: tighten the list of allowed characters in a URI
-------------------------------------------------------------------
Wed Nov 9 12:09:33 UTC 2011 - mrueckert@suse.de
- update to 1.4.18
- [MINOR] http: *_dom matching header functions now also split on
":"
- [MINOR] halog: support backslash-escaped quotes
- BUILD/MINOR: fix the source URL in the spec file
- DOC: acl is http_first_req, not http_req_first
- BUG/MEDIUM: don't trim last spaces from headers consisting only
of spaces
- MINOR: acl: add new matches for header/path/url length
- [MINOR] halog: do not consider byte 0x8A as end of line
- [OPTIM] halog: make fgets parse more bytes by blocks
- [OPTIM] halog: add assembly version of the field lookup code
- [CLEANUP] startup: report only the basename in the usage
message
- [DOC] update the README file to reflect new naming rules for
patches
-------------------------------------------------------------------
Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org
- update to 1.4.17:
- [MINOR] halog: add support for termination code matching (-tcn/-TCN)
- [MINOR] halog: make SKIP_CHAR stop on field delimiters
- [MINOR] halog: add support for HTTP log matching (-H)
- [MINOR] halog: gain back performance before SKIP_CHAR fix
- [OPTIM] halog: cache some common fields positions
- [OPTIM] halog: check once for correct line format and reuse the pointer
- [OPTIM] halog: remove many 'if' by using a function pointer for the filters
- [OPTIM] halog: remove support for tab delimiters in input data
- [MINOR] halog: add -hs/-HS to filter by HTTP status code range
- [CLEANUP] update the year in the copyright banner
- [BUG] check: http-check expect + regex would crash in defaults section
- [MEDIUM] http: make x-forwarded-for addition conditional
- [DOC] fixed a few "sensible" -> "sensitive" errors
- [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
- [BUG] http: trailing white spaces must also be trimmed after headers
- [MINOR] http: take a capture of too large requests and responses
- [MINOR] http: take a capture of truncated responses
- [MINOR] http: take a capture of bad content-lengths.
-------------------------------------------------------------------
Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de
- update to version 1.4.16
- [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
- [DOC] Minor spelling fixes and grammatical enhancements
- [CLEANUP] Remove assigned but unused variables
- [BUG] checks: http-check expect could fail a check on
multi-packet responses
- [DOC] fix minor typo in the "dispatch" doc
- [MINOR] http: make the "HTTP 200" status code configurable.
- [MINOR] http: partially revert the chunking optimization for
now
- [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete
transfer
- [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out
test
- [MEDIUM] http: add support for "http-no-delay"
- [OPTIM] http: optimize chunking again in non-interactive mode
- [OPTIM] stream_sock: avoid fast-forwarding of partial data
- [OPTIM] stream_sock: don't use splice on too small payloads
- [BUG] stats: support url-encoded forms
- [BUG] halog: correctly handle truncated last line
- [DOC] fix typos, "#" is a sharp, not a dash
-------------------------------------------------------------------
Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org
- revert splitting out the documentation
-------------------------------------------------------------------
Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org
- split out documentation and examples into haproxy-doc
- add rpmlintrc to suppress false positive warnings about
script examples in documentation files (without exec flag)
- fix license
-------------------------------------------------------------------
Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de
- update to version 1.4.15
- [CRITICAL] fix risk of crash when dealing with space in
response cookies
- additional changes from 1.4.14
- [MINOR] config: fix endianness of server check port
- [BUG] http: fix possible incorrect forwarded wrapping chunk
size (take 2)
- [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
- [BUG] http: fix content-length handling on 32-bit platforms
- [OPTIM] buffers: uninline buffer_forward()
-------------------------------------------------------------------
Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de
- update to 1.4.13
- config: don't crash on empty pattern files.
- additional changes from 1.4.12
- stats: add support for several packets in stats admin
- stats: admin commands must check the proxy state
- stats: admin web interface must check the proxy state
- http: update the header list's tail when removing the last
header
- fix typos (http-request instead of http-check) (cherry
picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c)
- http: use correct ACL pointer when evaluating authentication
- cfgparse: correctly count one socket per port in ranges
- startup: set the rlimits before binding ports, not after.
- acl: srv_id must return no match when the server is NULL
- acl: fd leak when reading patterns from file
- fix minor typo in "usesrc"
- http: fix possible incorrect forwarded wrapping chunk size
- http: fix computation of message body length after forwarding
has started
- http: balance url_param did not work with first parameters on
POST
- update the url_param regression test to test check_post too
-------------------------------------------------------------------
>>>>>>> ./haproxy.changes.r40
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de
- update to 1.4.11
- cfgparse: Check whether the path given for the stats socket
actually fits into the sockaddr_un structure to avoid
truncation.
- fix a minor typo
- fix ignore-persist documentation
- http: fix http-pretend-keepalive and httpclose/tunnel mode
- add warnings on features not compatible with multi-process mode
- acl: add be_id/srv_id to match backend's and server's id
- log: add support for passing the forwarded hostname
- log: ability to override the syslog tag
- fix minor typos in the doc
- fix another typo in the doc
- http chunking: don't report a parsing error on connection
errors
- stream_interface: truncate buffers when sending error messages
- http: fix incorrect error reporting during data transfers
- session: correctly leave turn-around and queue states on abort
- session: release slot before processing pending connections
- stats: report HTTP message state and buffer flags in error
dumps
- http: support wrapping messages in error captures
- http: capture incorrectly chunked message bodies
- stats: add global event ID and count
- http: don't send each chunk in a separate packet
- acl: fix handling of empty lines in pattern files
- ebtree: fix ebmb_lookup() with len smaller than the tree's keys
- ebtree: ebmb_lookup: reduce stack usage by moving the return
code out of the loop
-------------------------------------------------------------------
Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.10:
* a possible crash when using Cookie-based persistence with
appsessions was fixed
* header processing could become wrong after a single reqidel
rule removed exactly two headers
* some out-of-memory conditions were not correctly handled in
appsession or cookie captures
* users of appsessions are strongly encouraged to upgrade
-------------------------------------------------------------------
Tue Nov 2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.9:
* the Web interface now allows you to enable or disable servers
* the ECV and LDAPv3 checks were merged
* the MySQL check was improved to support a real login sequence
* persistence cookies can now be timestamped to support a maximum
idle time and a maximum life time, and can be removed by the
server if needed (e.g. logout)
* the SNMP plugin was improved to report socket stats
* some Cacti templates were merged
* the halog tool can now instantly report per-URL response times
-------------------------------------------------------------------
Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de
- implement graceful restart in the init script
-------------------------------------------------------------------
Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de
- update to 1.4.8:
* mention 'option http-server-close' effect in Tq section
* summarize and highlight persistent connections behaviour
* add configuration samples
* stick_table: the fix for the memory leak caused a regression
* client: don't add a new session to the list too early
-------------------------------------------------------------------
Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.7:
* fixes problems where consistent hashing was broken when no
server ID was specified in the configuration
* some errors were incorrectly reported as failed instead of
denied in the statistics
* the dispatch and http_proxy modes were fixed
* a few termination flags in the logs used for troubleshooting
were corrected
* a few other minor issues were fixed
* upgrading is recommended
-------------------------------------------------------------------
Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.6:
* a minor precision about RDP cookies was added to the
documentation
* a new ACL keyword was added
* those who had no problem building and running 1.4.5 don't need
to upgrade
- drop haproxy-fix_dprintf.patch, merged upstream
-------------------------------------------------------------------
Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.5:
* Haproxy can now read huge ACL pattern lists from files and
match inputs against them without any noticeable performance
impact, making geolocation possible
* adds a new "ignore-persist" directive, allowing it to ignore
the persistence cookie if an ACL-based condition is matched
(which is useful for static objects in stateful farms)
* a few other minor improvements
* a nice performance boost of the log analyzer, which can now
process more than 1 GB of logs per second and report request
counts by status codes
-------------------------------------------------------------------
Thu Apr 8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.4:
* brings a new option to work around optimization issues with
Tomcat and Jetty in server close mode, and for a bug in Jetty's
handling of Expect: 100-continue
* a very old appsession unexpected match of shorter cookie names
was also fixed
* a new feature to make it possible to connect to a server from
an IP found in a header was merged: it allows you to run
stunnel+haproxy in transparent mode together
-------------------------------------------------------------------
Fri Apr 2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.3:
* fxes a regression introduced in 1.4.2 which could cause a
connection to still be attempted on the server side in case of
an error on the client side; this issue could even lead to a
crash if a Layer7 hash algorithm was used, so this code was
strengthened
* the configuration parser now detects many more inappropriate
options in TCP mode and emits related warnings
* it is now possible to indicate in the configuration that a
server will start in the "disabled" state
* other very minor issues were fixed
-------------------------------------------------------------------
Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.2:
* fixes a very rare case of stuck client sessions when using
keep-alive
* fixes a url_param hash bug which could result in a dead server
in very rare situations
* fixes status codes 501 and 505 which could cause a server to be
marked down if on-error was used
* fixes a risk of getting truncated HTTP responses when
chunk-encoding was used
* fixes an issue with anonymous ACLs
* improvements on health checks
-------------------------------------------------------------------
Fri Mar 5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.1:
* some errors were incorrectly reported as 502 with the flags
"SL" in the logs; this is now fixed
* other minor issues were fixed
* documentation was updated
-------------------------------------------------------------------
Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.0:
* new features:
+ keep-alive
+ IP-based stickiness
+ consistent hashing
+ support for the RDP protocol
+ a much nicer stats interface
+ a much-improved performance level
* add -fno-strict-aliasing
- changes from 1.4rc1:
* new features:
+ server maintenance mode
+ HTTP authentication (server and proxy)
+ secure passwords
+ conditional request/response header rewriting using ACLs
+ anonymous ACLs that can be declared inline
+ support for HTTP/1.1 101+Upgrade status code to support non-
HTTP protocols such as WebSocket
-------------------------------------------------------------------
Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de
- update to 1.3.23
-------------------------------------------------------------------
Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de
- update to 1.3.20
-------------------------------------------------------------------
Fri Apr 3 13:54:40 CEST 2009 - mrueckert@suse.de
- update to 1.3.17
-------------------------------------------------------------------
Mon Mar 9 16:40:38 CET 2009 - mrueckert@suse.de
- update to 1.3.15.8
-------------------------------------------------------------------
Wed Feb 4 15:13:15 CET 2009 - mrueckert@suse.de
- update to 1.3.15.7
-------------------------------------------------------------------
Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de
- update to 1.3.15.4
-------------------------------------------------------------------
Sun Nov 4 21:21:35 CET 2007 - mrueckert@suse.de
- update to 1.3.13.1:
too many changes see changelog file
-------------------------------------------------------------------
Mon Apr 2 00:53:38 CEST 2007 - mrueckert@suse.de
- prepared spec for easy split out of -snapshot packages.
- added vim syntax file
-------------------------------------------------------------------
Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de
- update to 1.2.17:
- replaced the linked-list with a faster rbtree in the scheduler
- add user/group support (Marcus Rueckert)
- add the "except" keyword to the "forwardfor" option (Bryan
Germann)
- re-implemented support for multi-line headers (was
incidently reverted)
- fixed possible crash when no cookie was set on a server
- fixed various length checks in appsession
- fixed unlikely memory leak in appsession in case of memory
shortage
- updates to the architecture guide
- remove haproxy-1.2.16_username_groupname_support.patch:
patch included upstream
-------------------------------------------------------------------
Mon Jan 8 00:27:17 CET 2007 - mrueckert@suse.de
- initial package of 1.2.16
- added 2 patches:
haproxy-1.2.16_config_haproxy_user.patch
haproxy-1.2.16_username_groupname_support.patch
the patches allow to specify username and groupname instead of
uid/gid. The patches are needed as we do not have a static
uid/gid for the haproxy user/group.
Reference in New Issue View Git Blame Copy Permalink