haproxy/haproxy.changes

599 lines
24 KiB
Plaintext

-------------------------------------------------------------------
Mon Oct 28 14:32:00 UTC 2013 - p.drouand@gmail.com
- Add systemd support
Target distributions all support systemd; keep alive sysvinit support
is useless
-------------------------------------------------------------------
Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com
- license update: GPL-2.0+ and LGPL-2.1+
only header files are LGPL, the rest is still GPL
-------------------------------------------------------------------
Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de
- update to 1.4.24 (bnc#825412)
- BUG/MAJOR: backend: consistent hash can loop forever in certain
circumstances
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks
are used
- MEDIUM: protocol: implement a "drain" function in protocol
layers
- BUG/CRITICAL: fix a possible crash when using negative header
occurrences CVE-2013-2175
-------------------------------------------------------------------
Wed Apr 3 14:47:43 UTC 2013 - mrueckert@suse.de
- update to 1.4.23 CVE-2013-1912
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
- BUG: fix garbage data when http-send-name-header replaces an
existing header
- BUG/MEDIUM: remove supplementary groups when changing gid
- BUG/MINOR: Correct logic in cut_crlf()
- BUG/MINOR: config: use a copy of the file name in proxy
configurations
- BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
- MINOR: halog: sort output by cookie code
- BUG/MINOR: halog: -ad/-ac report the correct number of output
lines
- BUG/MINOR: halog: fix help message for -ut/-uto
- BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel
mode
- BUG/MEDIUM: command-line option -D must have precedence over
"debug"
- OPTIM: halog: keep a fast path for the lines-count only
- MINOR: halog: add a parameter to limit output line count
- BUG: halog: fix broken output limitation
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
- MEDIUM: checks: prevent TIME_WAITs from appearing also on
timeouts
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the
back-ref list
- BUG/MINOR: http: don't report client aborts as server errors
- BUG/MINOR: http: don't log a 503 on client errors while waiting
for requests
- BUG/MEDIUM: tcp: process could theorically crash on lack of
source ports
- BUG/MINOR: http: don't abort client connection on premature
responses
- BUILD: no need to clean up when making git-tar
- MINOR: http: always report PR-- flags for redirect rules
- BUG/MINOR: time: frequency counters are not totally accurate
- BUG/MINOR: http: don't process abortonclose when request was
sent
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
- BUG/MINOR: config: fix improper check for failed memory alloc
in ACL parser
- BUG/MEDIUM: checks: ensure the health_status is always within
bounds
- CLEANUP: http: remove a useless null check
- BUG/MEDIUM: signal: signal handler does not properly check for
signal bounds
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on
memory shortage
- CLEANUP: config: slowstart is never negative
- BUILD: improve the makefile's support for libpcre
- BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
- MEDIUM: halog: add support for counting per source address
(-ic)
- DOC: mention the new HTTP 307 and 308 redirect statues
(cherry picked from commit
b67fdc4cd8bde202f2805d98683ddab929469a05)
- MEDIUM: poll: do not use FD_* macros anymore
- BUG/MAJOR: ev_select: disable the select() poller if maxsock >
FD_SETSIZE
- BUILD: enable poll() by default in the makefile
- BUILD: add explicit support for Mac OS/X
- BUG/CRITICAL: using HTTP information in tcp-request content may
crash the process CVE-2013-1912
- MEDIUM: http: implement redirect 307 and 308
- MINOR: http: status 301 should not be marked non-cacheable
- adapt haproxy-makefile_lib.patch to the rewritten Makefile
-------------------------------------------------------------------
Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de
- switch license tag to spdx format.
-------------------------------------------------------------------
Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de
- update to 1.4.22
- BUG/MEDIUM: option forwardfor if-none doesn't work with some
configurations
- MINOR: balance uri: added 'whole' parameter to include query
string in hash calculation
- DOC: specify the default value for maxconn in the context of a
proxy
- BUG/MINOR: checks: expire on timeout.check if smaller than
timeout.connect
- REORG/MINOR: use dedicated proxy flags for the cookie handling
- BUG/MINOR: config: do not report twice the incompatibility
between cookie and non-http
- MINOR: http: add support for "httponly" and "secure" cookie
attributes
- MEDIUM: stats: add support for soft stop/soft start in the
admin interface
- BUILD: add support for linux kernels >= 2.6.28
- MINOR: contrib/iprange: add a network IP range to mask
converter
- BUILD: add an AIX 5.2 (and later) target.
- MINOR: halog: use the more recent dual-mode fgets2
implementation
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on
full-length matches
- CLEANUP: halog: make clean should also remove .o files
(cherry picked from commit
8ad4193100aafa19f04929670371bf823dbe11d0)
- OPTIM: halog: make use of memchr() on platforms which provide a
fast one
- OPTIM: halog: improve cold-cache behaviour when loading a file
- [MINOR] config: make it possible to specify a cookie even
without a server
- MINOR: config: tolerate server "cookie" setting in non-HTTP
mode
- BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
-------------------------------------------------------------------
Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de
- fix description in the init script
-------------------------------------------------------------------
Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org
- update to 1.4.21 (bnc#763833) CVE-2012-2391
- MINOR: patch for minor typo (ressources/resources)
- CLEANUP: fix typo in findserver() log message
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: stats admin: allow unordered parameters in POST requests
- MINOR: stats admin: use the backend id instead of its name in
the form
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- BUG/MAJOR: possible crash when using capture headers on TCP
frontends
- MINOR: config: disable header captures in TCP mode and complain
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- CLEANUP: remove a few warning about unchecked return values in
debug code
- CLEANUP: http: remove unused http_msg->col
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MAJOR: checks: don't call set_server_status_* when no LB
algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs
too
- BUILD: http: stop gcc-4.1.2 from complaining about possibly
uninitialized values
- BUG/MINOR: stop connect timeout when connect succeeds
-------------------------------------------------------------------
Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org
- update to 1.4.20:
- BUG/MINOR: fix typo in processing of http-send-name-header
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line (cherry picked from
commit 615674cdec067066a42f53f5d55628ab7b207e6c)
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on
partial writes
- DOC: enumerate valid status codes for "observe layer7"
-------------------------------------------------------------------
Wed Feb 8 15:30:58 UTC 2012 - mrueckert@suse.de
- update to 1.4.19
- MEDIUM: http: add support for sending the server's name in the
outgoing request
- BUG/MINOR: fix options forwardfor if-none when an alternative
header name is specified
- MINOR: task: new function task_schedule() to schedule a wake up
- BUG/MEDIUM: checks: fix slowstart behaviour when server
tracking is in use
- BUG: tcp: option nolinger does not work on backends
- BUG: ebtree: ebst_lookup() could return the wrong entry
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP
requests
- CLEANUP: ebtree: remove a few annoying signedness warnings
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates
insertion code
- CLEANUP: ebtree: remove another typo, a wrong initialization in
insertion code
- BUG: proto_tcp: set AF_INET on tproxy for use with recent
kernels
- MINOR: halog: add support for matching queued requests
- BUG: http: tighten the list of allowed characters in a URI
-------------------------------------------------------------------
Wed Nov 9 12:09:33 UTC 2011 - mrueckert@suse.de
- update to 1.4.18
- [MINOR] http: *_dom matching header functions now also split on
":"
- [MINOR] halog: support backslash-escaped quotes
- BUILD/MINOR: fix the source URL in the spec file
- DOC: acl is http_first_req, not http_req_first
- BUG/MEDIUM: don't trim last spaces from headers consisting only
of spaces
- MINOR: acl: add new matches for header/path/url length
- [MINOR] halog: do not consider byte 0x8A as end of line
- [OPTIM] halog: make fgets parse more bytes by blocks
- [OPTIM] halog: add assembly version of the field lookup code
- [CLEANUP] startup: report only the basename in the usage
message
- [DOC] update the README file to reflect new naming rules for
patches
-------------------------------------------------------------------
Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org
- update to 1.4.17:
- [MINOR] halog: add support for termination code matching (-tcn/-TCN)
- [MINOR] halog: make SKIP_CHAR stop on field delimiters
- [MINOR] halog: add support for HTTP log matching (-H)
- [MINOR] halog: gain back performance before SKIP_CHAR fix
- [OPTIM] halog: cache some common fields positions
- [OPTIM] halog: check once for correct line format and reuse the pointer
- [OPTIM] halog: remove many 'if' by using a function pointer for the filters
- [OPTIM] halog: remove support for tab delimiters in input data
- [MINOR] halog: add -hs/-HS to filter by HTTP status code range
- [CLEANUP] update the year in the copyright banner
- [BUG] check: http-check expect + regex would crash in defaults section
- [MEDIUM] http: make x-forwarded-for addition conditional
- [DOC] fixed a few "sensible" -> "sensitive" errors
- [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
- [BUG] http: trailing white spaces must also be trimmed after headers
- [MINOR] http: take a capture of too large requests and responses
- [MINOR] http: take a capture of truncated responses
- [MINOR] http: take a capture of bad content-lengths.
-------------------------------------------------------------------
Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de
- update to version 1.4.16
- [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
- [DOC] Minor spelling fixes and grammatical enhancements
- [CLEANUP] Remove assigned but unused variables
- [BUG] checks: http-check expect could fail a check on
multi-packet responses
- [DOC] fix minor typo in the "dispatch" doc
- [MINOR] http: make the "HTTP 200" status code configurable.
- [MINOR] http: partially revert the chunking optimization for
now
- [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete
transfer
- [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out
test
- [MEDIUM] http: add support for "http-no-delay"
- [OPTIM] http: optimize chunking again in non-interactive mode
- [OPTIM] stream_sock: avoid fast-forwarding of partial data
- [OPTIM] stream_sock: don't use splice on too small payloads
- [BUG] stats: support url-encoded forms
- [BUG] halog: correctly handle truncated last line
- [DOC] fix typos, "#" is a sharp, not a dash
-------------------------------------------------------------------
Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org
- revert splitting out the documentation
-------------------------------------------------------------------
Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org
- split out documentation and examples into haproxy-doc
- add rpmlintrc to suppress false positive warnings about
script examples in documentation files (without exec flag)
- fix license
-------------------------------------------------------------------
Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de
- update to version 1.4.15
- [CRITICAL] fix risk of crash when dealing with space in
response cookies
- additional changes from 1.4.14
- [MINOR] config: fix endianness of server check port
- [BUG] http: fix possible incorrect forwarded wrapping chunk
size (take 2)
- [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
- [BUG] http: fix content-length handling on 32-bit platforms
- [OPTIM] buffers: uninline buffer_forward()
-------------------------------------------------------------------
Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de
- update to 1.4.13
- config: don't crash on empty pattern files.
- additional changes from 1.4.12
- stats: add support for several packets in stats admin
- stats: admin commands must check the proxy state
- stats: admin web interface must check the proxy state
- http: update the header list's tail when removing the last
header
- fix typos (http-request instead of http-check) (cherry
picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c)
- http: use correct ACL pointer when evaluating authentication
- cfgparse: correctly count one socket per port in ranges
- startup: set the rlimits before binding ports, not after.
- acl: srv_id must return no match when the server is NULL
- acl: fd leak when reading patterns from file
- fix minor typo in "usesrc"
- http: fix possible incorrect forwarded wrapping chunk size
- http: fix computation of message body length after forwarding
has started
- http: balance url_param did not work with first parameters on
POST
- update the url_param regression test to test check_post too
-------------------------------------------------------------------
>>>>>>> ./haproxy.changes.r40
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de
- update to 1.4.11
- cfgparse: Check whether the path given for the stats socket
actually fits into the sockaddr_un structure to avoid
truncation.
- fix a minor typo
- fix ignore-persist documentation
- http: fix http-pretend-keepalive and httpclose/tunnel mode
- add warnings on features not compatible with multi-process mode
- acl: add be_id/srv_id to match backend's and server's id
- log: add support for passing the forwarded hostname
- log: ability to override the syslog tag
- fix minor typos in the doc
- fix another typo in the doc
- http chunking: don't report a parsing error on connection
errors
- stream_interface: truncate buffers when sending error messages
- http: fix incorrect error reporting during data transfers
- session: correctly leave turn-around and queue states on abort
- session: release slot before processing pending connections
- stats: report HTTP message state and buffer flags in error
dumps
- http: support wrapping messages in error captures
- http: capture incorrectly chunked message bodies
- stats: add global event ID and count
- http: don't send each chunk in a separate packet
- acl: fix handling of empty lines in pattern files
- ebtree: fix ebmb_lookup() with len smaller than the tree's keys
- ebtree: ebmb_lookup: reduce stack usage by moving the return
code out of the loop
-------------------------------------------------------------------
Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.10:
* a possible crash when using Cookie-based persistence with
appsessions was fixed
* header processing could become wrong after a single reqidel
rule removed exactly two headers
* some out-of-memory conditions were not correctly handled in
appsession or cookie captures
* users of appsessions are strongly encouraged to upgrade
-------------------------------------------------------------------
Tue Nov 2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.9:
* the Web interface now allows you to enable or disable servers
* the ECV and LDAPv3 checks were merged
* the MySQL check was improved to support a real login sequence
* persistence cookies can now be timestamped to support a maximum
idle time and a maximum life time, and can be removed by the
server if needed (e.g. logout)
* the SNMP plugin was improved to report socket stats
* some Cacti templates were merged
* the halog tool can now instantly report per-URL response times
-------------------------------------------------------------------
Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de
- implement graceful restart in the init script
-------------------------------------------------------------------
Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de
- update to 1.4.8:
* mention 'option http-server-close' effect in Tq section
* summarize and highlight persistent connections behaviour
* add configuration samples
* stick_table: the fix for the memory leak caused a regression
* client: don't add a new session to the list too early
-------------------------------------------------------------------
Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.7:
* fixes problems where consistent hashing was broken when no
server ID was specified in the configuration
* some errors were incorrectly reported as failed instead of
denied in the statistics
* the dispatch and http_proxy modes were fixed
* a few termination flags in the logs used for troubleshooting
were corrected
* a few other minor issues were fixed
* upgrading is recommended
-------------------------------------------------------------------
Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.6:
* a minor precision about RDP cookies was added to the
documentation
* a new ACL keyword was added
* those who had no problem building and running 1.4.5 don't need
to upgrade
- drop haproxy-fix_dprintf.patch, merged upstream
-------------------------------------------------------------------
Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.5:
* Haproxy can now read huge ACL pattern lists from files and
match inputs against them without any noticeable performance
impact, making geolocation possible
* adds a new "ignore-persist" directive, allowing it to ignore
the persistence cookie if an ACL-based condition is matched
(which is useful for static objects in stateful farms)
* a few other minor improvements
* a nice performance boost of the log analyzer, which can now
process more than 1 GB of logs per second and report request
counts by status codes
-------------------------------------------------------------------
Thu Apr 8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.4:
* brings a new option to work around optimization issues with
Tomcat and Jetty in server close mode, and for a bug in Jetty's
handling of Expect: 100-continue
* a very old appsession unexpected match of shorter cookie names
was also fixed
* a new feature to make it possible to connect to a server from
an IP found in a header was merged: it allows you to run
stunnel+haproxy in transparent mode together
-------------------------------------------------------------------
Fri Apr 2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.3:
* fxes a regression introduced in 1.4.2 which could cause a
connection to still be attempted on the server side in case of
an error on the client side; this issue could even lead to a
crash if a Layer7 hash algorithm was used, so this code was
strengthened
* the configuration parser now detects many more inappropriate
options in TCP mode and emits related warnings
* it is now possible to indicate in the configuration that a
server will start in the "disabled" state
* other very minor issues were fixed
-------------------------------------------------------------------
Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.2:
* fixes a very rare case of stuck client sessions when using
keep-alive
* fixes a url_param hash bug which could result in a dead server
in very rare situations
* fixes status codes 501 and 505 which could cause a server to be
marked down if on-error was used
* fixes a risk of getting truncated HTTP responses when
chunk-encoding was used
* fixes an issue with anonymous ACLs
* improvements on health checks
-------------------------------------------------------------------
Fri Mar 5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.1:
* some errors were incorrectly reported as 502 with the flags
"SL" in the logs; this is now fixed
* other minor issues were fixed
* documentation was updated
-------------------------------------------------------------------
Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.0:
* new features:
+ keep-alive
+ IP-based stickiness
+ consistent hashing
+ support for the RDP protocol
+ a much nicer stats interface
+ a much-improved performance level
* add -fno-strict-aliasing
- changes from 1.4rc1:
* new features:
+ server maintenance mode
+ HTTP authentication (server and proxy)
+ secure passwords
+ conditional request/response header rewriting using ACLs
+ anonymous ACLs that can be declared inline
+ support for HTTP/1.1 101+Upgrade status code to support non-
HTTP protocols such as WebSocket
-------------------------------------------------------------------
Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de
- update to 1.3.23
-------------------------------------------------------------------
Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de
- update to 1.3.20
-------------------------------------------------------------------
Fri Apr 3 13:54:40 CEST 2009 - mrueckert@suse.de
- update to 1.3.17
-------------------------------------------------------------------
Mon Mar 9 16:40:38 CET 2009 - mrueckert@suse.de
- update to 1.3.15.8
-------------------------------------------------------------------
Wed Feb 4 15:13:15 CET 2009 - mrueckert@suse.de
- update to 1.3.15.7
-------------------------------------------------------------------
Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de
- update to 1.3.15.4
-------------------------------------------------------------------
Sun Nov 4 21:21:35 CET 2007 - mrueckert@suse.de
- update to 1.3.13.1:
too many changes see changelog file
-------------------------------------------------------------------
Mon Apr 2 00:53:38 CEST 2007 - mrueckert@suse.de
- prepared spec for easy split out of -snapshot packages.
- added vim syntax file
-------------------------------------------------------------------
Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de
- update to 1.2.17:
- replaced the linked-list with a faster rbtree in the scheduler
- add user/group support (Marcus Rueckert)
- add the "except" keyword to the "forwardfor" option (Bryan
Germann)
- re-implemented support for multi-line headers (was
incidently reverted)
- fixed possible crash when no cookie was set on a server
- fixed various length checks in appsession
- fixed unlikely memory leak in appsession in case of memory
shortage
- updates to the architecture guide
- remove haproxy-1.2.16_username_groupname_support.patch:
patch included upstream
-------------------------------------------------------------------
Mon Jan 8 00:27:17 CET 2007 - mrueckert@suse.de
- initial package of 1.2.16
- added 2 patches:
haproxy-1.2.16_config_haproxy_user.patch
haproxy-1.2.16_username_groupname_support.patch
the patches allow to specify username and groupname instead of
uid/gid. The patches are needed as we do not have a static
uid/gid for the haproxy user/group.