c3b95c864d
- Update to version 1.7.8: * BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue * BUG/MAJOR: cli: fix custom io_release was crushed by NULL. * BUG/MAJOR: map: fix segfault during 'show map/acl' on cli. * BUG/MAJOR: compression: Be sure to release the compression state in all cases * DOC: fix references to the section about time format. * BUG/MEDIUM: map/acl: fix unwanted flags inheritance. * BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel * BUG/MINOR: http: Don't reset the transaction if there are still data to send * BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels * BUG/MINOR: http: properly handle all 1xx informational responses - Update to version 1.7.7: * BUG/MINOR: Wrong peer task expiration handling during synchronization processing. * BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed * BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range 1..32767 * DOC: fix references to the section about the unix socket * BUG/MINOR: log: pin the front connection when front ip/ports are logged OBS-URL: https://build.opensuse.org/request/show/509191 OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=148
2319 lines
110 KiB
Plaintext
2319 lines
110 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Jul 10 12:05:16 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.8:
|
|
* BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue
|
|
* BUG/MAJOR: cli: fix custom io_release was crushed by NULL.
|
|
* BUG/MAJOR: map: fix segfault during 'show map/acl' on cli.
|
|
* BUG/MAJOR: compression: Be sure to release the compression state in all cases
|
|
* DOC: fix references to the section about time format.
|
|
* BUG/MEDIUM: map/acl: fix unwanted flags inheritance.
|
|
* BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel
|
|
* BUG/MINOR: http: Don't reset the transaction if there are still data to send
|
|
* BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels
|
|
* BUG/MINOR: http: properly handle all 1xx informational responses
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 10 12:05:07 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.7:
|
|
* BUG/MINOR: Wrong peer task expiration handling during synchronization processing.
|
|
* BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed
|
|
* BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range 1..32767
|
|
* DOC: fix references to the section about the unix socket
|
|
* BUG/MINOR: log: pin the front connection when front ip/ports are logged
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 19 05:09:38 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.6:
|
|
* DOC: changed "block"(deprecated) examples to http-request deny
|
|
* DOC: add few comments to examples.
|
|
* DOC: update sample code for PROXY protocol
|
|
* DOC: mention lighttpd 1.4.46 implements PROXY
|
|
* DOC: stick-table is available in frontend sections
|
|
* BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets.
|
|
* BUG/MINOR: config: missing goto out after parsing an incorrect ACL character
|
|
* BUG/MINOR: arg: don't try to add an argument on failed memory allocation
|
|
* BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error
|
|
* BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
|
|
* MINOR: lua: ensure the memory allocator is used all the time
|
|
* CLEANUP: logs: typo: simgle => single
|
|
* BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
|
|
* BUG/MAJOR: Use -fwrapv.
|
|
* BUG/MINOR: server: don't use "proxy" when px is really meant.
|
|
* BUG/MINOR: server: missing default server 'resolvers' setting duplication.
|
|
* DOC: add layer 4 links/cross reference to "block" keyword.
|
|
* DOC: errloc/errorloc302/errorloc303 missing status codes.
|
|
* BUG/MEDIUM: lua: memory leak
|
|
* MEDIUM: config: don't check config validity when there are fatal errors
|
|
* BUG/MINOR: hash-balance-factor isn't effective in certain circumstances
|
|
* MINOR/DOC: lua: just precise one thing
|
|
* BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
|
|
* DOC: update RFC references
|
|
* BUG/MINOR: checks: don't send proxy protocol with agent checks
|
|
* BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything
|
|
* BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer
|
|
* BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers
|
|
* BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map
|
|
* BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING
|
|
* BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
|
|
* BUG/MAJOR: server: Segfault after parsing server state file.
|
|
* BUG/MEDIUM: unix: never unlink a unix socket from the file system
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 08 13:18:54 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.5:
|
|
* BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
|
|
* BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
|
|
* BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
|
|
* BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
|
|
* MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 29 11:53:23 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.4:
|
|
* MINOR: config: warn when some HTTP rules are used in a TCP proxy
|
|
* BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
|
|
* BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
|
|
* BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
|
|
* BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
|
|
* BUG/MINOR: Fix "get map <map> <value>" CLI command
|
|
* BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
|
|
* BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
|
|
* BUG/MINOR: checks: attempt clean shutw for SSL check
|
|
* BUG/MEDIUM: listener: do not try to rebind another process' socket
|
|
* BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
|
|
* BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
|
|
* BUG/MEDIUM: connection: ensure to always report the end of handshakes
|
|
* BUG: payload: fix payload not retrieving arbitrary lengths
|
|
* BUG/MAJOR: http: fix typo in http_apply_redirect_rule
|
|
* BUG/MEDIUM: stream: fix client-fin/server-fin handling
|
|
* MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
|
|
* BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
|
|
* DOC/MINOR: Fix typos in proxy protocol doc
|
|
* DOC: Protocol doc: add checksum, TLV type ranges
|
|
* DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
|
|
* DOC: Protocol doc: add noop TLV
|
|
* MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
|
|
* BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
|
|
* MINOR: server: irrelevant error message with 'default-server' config file keyword.
|
|
* MINOR: doc: fix use-server example (imap vs mail)
|
|
* BUG/MEDIUM: tcp: don't require privileges to bind to device
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 28 11:31:02 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.3:
|
|
* BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
|
|
* BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
|
|
* BUG/MINOR: unix: fix connect's polling in case no data are scheduled
|
|
* BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword
|
|
* MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested
|
|
* BUG/MAJOR: dns: restart sockets after fork()
|
|
* MINOR: chunks: implement a simple dynamic allocator for trash buffers
|
|
* BUG/MEDIUM: http: prevent redirect from overwriting a buffer
|
|
* BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined
|
|
* BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
|
|
* BUG/MINOR: http: Return an error when a replace-header rule failed on the response
|
|
* BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
|
|
* BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
|
|
* BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule
|
|
* MINOR: http: don't close when redirect location doesn't start with "/"
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 30 14:43:01 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.2 (bsc#1023141):
|
|
* BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
|
|
* BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
|
|
* DOC: lua: documentation about time parser functions
|
|
* DOC: lua: section declared twice
|
|
* BUG/MINOR: lua/cli: bad error message
|
|
* DOC: fix small typo in fe_id (backend instead of frontend)
|
|
* BUG/MINOR: Fix the sending function in Lua's cosocket
|
|
* BUG/MINOR: lua: memory leak executing tasks
|
|
* BUG/MINOR: lua: bad return code
|
|
* BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
|
|
* BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
|
|
* BUG/MINOR: stats: fix be/sessions/current out in typed stats
|
|
* BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
|
|
* BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
|
|
* BUG/MINOR: systemd: potential zombie processes
|
|
* DOC: Add timings events schemas
|
|
* BUG/MINOR: option prefer-last-server must be ignored in some case
|
|
* MINOR: stats: Support "select all" for backend actions
|
|
* BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
|
|
* BUG/MAJOR: channel: Fix the definition order of channel analyzers
|
|
* BUG/MINOR: http: report real parser state in error captures
|
|
* BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
|
|
* MINOR: http: custom status reason.
|
|
* MINOR: connection: add sample fetch "fc_rcvd_proxy"
|
|
* BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
|
|
* BUG/MINOR: tools: fix off-by-one in port size check
|
|
* BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
|
|
* MEDIUM: server: split the address and the port into two different fields
|
|
* MINOR: tools: make str2sa_range() return the port in a separate argument
|
|
* MINOR: server: take the destination port from the port field, not the addr
|
|
* MEDIUM: server: disable protocol validations when the server doesn't resolve
|
|
* BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
|
|
* BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
|
|
* MINOR: proto_http.c 502 error txt typo.
|
|
* DOC: add deprecation notice to "block"
|
|
* BUG/MINOR: Reset errno variable before calling strtol(3)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 24 02:36:10 UTC 2016 - mrueckert@suse.de
|
|
|
|
- Update to version 1.7.1:
|
|
* BUG/MAJOR: stream: fix session abort on resource shortage
|
|
* BUG/MINOR: cli: allow the backslash to be escaped on the CLI
|
|
* BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
|
|
* DOC: Fix map table's format
|
|
* DOC: Added 51Degrees conv and fetch functions to documentation.
|
|
* BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
|
|
* DOC: mention that req_tot is for both frontends and backends
|
|
* BUG/MEDIUM: variables: some variable name can hide another ones
|
|
* BUG/MINOR: stats: fix be/sessions/max output in html stats
|
|
* MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
|
|
* DOC: lua: Documentation about some entry missing
|
|
* MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set
|
|
* DOC: Add undocumented argument of the trace filter
|
|
* DOC: Fix some typo in SPOE documentation
|
|
* BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
|
|
* MINOR: applet: Count number of (active) applets
|
|
* MINOR: task: Rename run_queue and run_queue_cur counters
|
|
* BUG/MEDIUM: stream: Save unprocessed events for a stream
|
|
* BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
|
|
* BUILD/MEDIUM: Fixing the build using LibreSSL
|
|
* [RELEASE] Released version 1.7.1
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 02 07:31:16 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.0:
|
|
* BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
|
|
* BUG/MINOR: stats: make field_str() return an empty string on NULL
|
|
* BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
|
|
* BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn
|
|
* BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
|
|
* BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
|
|
* BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 02 07:30:49 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to version 1.6.10:
|
|
* BUG/MEDIUM: systemd-wrapper: return correct exit codes
|
|
* BUG/MEDIUM: srv-state: properly restore the DRAIN state
|
|
* BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags
|
|
* BUG/MEDIUM: servers: properly propagate the maintenance states during startup
|
|
* BUG: vars: Fix 'set-var' converter because of a typo
|
|
* BUG/MEDIUM: channel: bad unlikely macro
|
|
* CLEANUP: lua: move comment
|
|
* CLEANUP: lua: control executed twice
|
|
* CLEANUP: ssl: Fix bind keywords name in comments
|
|
* DOC: ssl: Use correct wording for ca-sign-pass
|
|
* BUG/MINOR: stick-table: handle out-of-memory condition gracefully
|
|
* BUG/MEDIUM: connection: check the control layer before stopping polling
|
|
* BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory
|
|
* CONTRIB: initiate a debugging suite to make debugging easier
|
|
* BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
|
|
* BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 02 16:56:57 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to version 1.6.9+git.1477940904.ab45181 (fate#321723)
|
|
* BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang
|
|
* MINOR: cfgparse: few memory leaks fixes.
|
|
* MINOR: build: Allow linking to device-atlas library file
|
|
* DOC: Fix typo in description of `-st` parameter in man page
|
|
* BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream
|
|
* BUG/MEDIUM: peers: fix use after free in peer_session_create()
|
|
* BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed
|
|
* MINOR: systemd: report it when execve() fails
|
|
* BUG/MINOR: systemd: check return value of calloc()
|
|
* BUG/MINOR: systemd: always restore signals before execve()
|
|
* BUG/MINOR: systemd: make the wrapper return a non-null status code on error
|
|
* BUG/MINOR: ssl: prevent multiple entries for the same certificate
|
|
* BUG/MINOR: ssl: Check malloc return code
|
|
* BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session
|
|
* BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
|
|
* BUG/MINOR: vars: use sess and not s->sess in action_store()
|
|
* MEDIUM: make SO_REUSEPORT configurable
|
|
* MINOR: Add fe_req_rate sample fetch
|
|
* MINOR: show Running on zlib version
|
|
* MINOR: show Built with PCRE version
|
|
* BUG/MINOR: displayed PCRE version is running release
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 1 07:16:13 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to 1.6.9 (bsc#1003264)
|
|
- MINOR: cli: allow the semi-colon to be escaped on the CLI
|
|
- BUG/MINOR: payload: fix SSLv2 version parser
|
|
- BUG/MAJOR: stream: properly mark the server address as unset on connect retry
|
|
- DOC: Updated 51Degrees readme.
|
|
- BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table
|
|
- BUG/MINOR: peers: empty chunks after a resync.
|
|
- BUG/MINOR: peers: some updates are pushed twice after a resync.
|
|
- MINOR: sample: use smp_make_rw() in upper/lower converters
|
|
- BUG/MEDIUM: stick-table: properly convert binary samples to keys
|
|
- BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size
|
|
- BUG/MAJOR: server: the "sni" directive could randomly cause trouble
|
|
- MINOR: sample: provide smp_is_rw() and smp_make_rw()
|
|
- MINOR: sample: implement smp_is_safe() and smp_make_safe()
|
|
- BUG/MEDIUM: samples: make smp_dup() always duplicate the sample
|
|
- BUG/MAJOR: compression: initialize avail_in/next_in even during flush
|
|
- BUILD: make proto_tcp.c compatible with musl library
|
|
- DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
|
|
- BUG/MEDIUM: stream-int: completely detach connection on connect error
|
|
- BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests
|
|
- DOC: lua: remove old functions
|
|
- BUG/MINOR: peers: Fix peers data decoding issue
|
|
- BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash
|
|
- BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 19 01:50:28 UTC 2016 - mrueckert@suse.de
|
|
|
|
- update to 1.6.7
|
|
- MINOR: new function my_realloc2 = realloc + free upon failure
|
|
- CLEANUP: fixed some usages of realloc leading to memory leak
|
|
- Revert "BUG/MINOR: ssl: fix potential memory leak in
|
|
ssl_sock_load_dh_params()"
|
|
- BUG/MEDIUM: dns: fix alignment issues in the DNS response
|
|
parser
|
|
- BUG/MINOR: Fix endiness issue in DNS header creation code
|
|
- changes from 1.6.6
|
|
- BUG/MAJOR: fix listening IP address storage for frontends
|
|
- BUG/MINOR: fix listening IP address storage for frontends
|
|
(cont)
|
|
- DOC: Fix typo so fetch is properly parsed by Cyril's converter
|
|
- BUG/MAJOR: http: fix breakage of "reqdeny" causing random
|
|
crashes
|
|
- BUG/MEDIUM: stick-tables: fix breakage in table converters
|
|
- BUG/MEDIUM: dns: unbreak DNS resolver after header fix
|
|
- BUILD: fix build on Solaris 11
|
|
- CLEANUP: connection: fix double negation on memcmp()
|
|
- BUG/MEDIUM: stats: show servers state may show an servers from
|
|
another backend
|
|
- BUG/MEDIUM: fix risk of segfault with "show tls-keys"
|
|
- BUG/MEDIUM: sticktables: segfault in some configuration error
|
|
cases
|
|
- BUG/MEDIUM: lua: converters doesn't work
|
|
- BUG/MINOR: http: add-header: header name copied twice
|
|
- BUG/MEDIUM: http: add-header: buffer overwritten
|
|
- BUG/MINOR: ssl: fix potential memory leak in
|
|
ssl_sock_load_dh_params()
|
|
- BUG/MINOR: http: url32+src should use the big endian version of
|
|
url32
|
|
- BUG/MINOR: http: url32+src should check cli_conn before using
|
|
it
|
|
- DOC: http: add documentation for url32 and url32+src
|
|
- BUG/MINOR: fix http-response set-log-level parsing error
|
|
- MINOR: systemd: Use variable for config and pidfile paths
|
|
- MINOR: systemd: Perform sanity check on config before reload
|
|
(cherry picked from commit
|
|
68535bddf305fdd22f1449a039939b57245212e7)
|
|
- BUG/MINOR: init: always ensure that global.rlimit_nofile
|
|
matches actual limits
|
|
- BUG/MINOR: init: ensure that FD limit is raised to the max
|
|
allowed
|
|
- BUG/MEDIUM: external-checks: close all FDs right after the
|
|
fork()
|
|
- BUG/MAJOR: external-checks: use asynchronous signal delivery
|
|
- BUG/MINOR: external-checks: do not unblock undesired signals
|
|
- BUILD/MEDIUM: rebuild everything when an include file is
|
|
changed
|
|
- BUILD/MEDIUM: force a full rebuild if some build options change
|
|
- BUG/MINOR: srv-state: fix incorrect output of state file
|
|
- BUG/MINOR: ssl: close ssl key file on error
|
|
- BUG/MINOR: http: fix misleading error message for response
|
|
captures
|
|
- BUG/BUILD: don't automatically run "make" on "make install"
|
|
- DOC: add missing doc for
|
|
http-request deny [deny_status <status>]
|
|
- drop patches which were pulled from git before
|
|
0001-BUG-MAJOR-fix-listening-IP-address-storage-for-front.patch
|
|
0002-BUG-MINOR-fix-listening-IP-address-storage-for-front.patch
|
|
0003-DOC-Fix-typo-so-fetch-is-properly-parsed-by-Cyril-s-.patch
|
|
0004-BUG-MAJOR-http-fix-breakage-of-reqdeny-causing-rando.patch
|
|
0005-BUG-MEDIUM-stick-tables-fix-breakage-in-table-conver.patch
|
|
0006-BUG-MEDIUM-dns-unbreak-DNS-resolver-after-header-fix.patch
|
|
0007-BUILD-fix-build-on-Solaris-11.patch
|
|
0008-CLEANUP-connection-fix-double-negation-on-memcmp.patch
|
|
0009-BUG-MEDIUM-stats-show-servers-state-may-show-an-serv.patch
|
|
0010-BUG-MEDIUM-fix-risk-of-segfault-with-show-tls-keys.patch
|
|
0011-BUG-MEDIUM-sticktables-segfault-in-some-configuratio.patch
|
|
0012-BUG-MEDIUM-lua-converters-doesn-t-work.patch
|
|
0013-BUG-MINOR-http-add-header-header-name-copied-twice.patch
|
|
0014-BUG-MEDIUM-http-add-header-buffer-overwritten.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 9 12:48:27 UTC 2016 - mrueckert@suse.de
|
|
|
|
- pull patches from git to fix some important issues (bsc#983972) (bsc#983974):
|
|
0001-BUG-MAJOR-fix-listening-IP-address-storage-for-front.patch
|
|
0002-BUG-MINOR-fix-listening-IP-address-storage-for-front.patch
|
|
0003-DOC-Fix-typo-so-fetch-is-properly-parsed-by-Cyril-s-.patch
|
|
0004-BUG-MAJOR-http-fix-breakage-of-reqdeny-causing-rando.patch
|
|
0005-BUG-MEDIUM-stick-tables-fix-breakage-in-table-conver.patch
|
|
0006-BUG-MEDIUM-dns-unbreak-DNS-resolver-after-header-fix.patch
|
|
0007-BUILD-fix-build-on-Solaris-11.patch
|
|
0008-CLEANUP-connection-fix-double-negation-on-memcmp.patch
|
|
0009-BUG-MEDIUM-stats-show-servers-state-may-show-an-serv.patch
|
|
0010-BUG-MEDIUM-fix-risk-of-segfault-with-show-tls-keys.patch
|
|
0011-BUG-MEDIUM-sticktables-segfault-in-some-configuratio.patch
|
|
0012-BUG-MEDIUM-lua-converters-doesn-t-work.patch
|
|
0013-BUG-MINOR-http-add-header-header-name-copied-twice.patch
|
|
0014-BUG-MEDIUM-http-add-header-buffer-overwritten.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 10 14:24:24 UTC 2016 - mrueckert@suse.de
|
|
|
|
- update to 1.6.5
|
|
- BUG/MINOR: log: Don't use strftime() which can clobber timezone
|
|
if chrooted
|
|
- BUILD: namespaces: fix a potential build warning in
|
|
namespaces.c
|
|
- DOC: add encoding to json converter example
|
|
- BUG/MINOR: conf: "listener id" expects integer, but its not
|
|
checked
|
|
- DOC: Clarify tunes.vars.xxx-max-size settings
|
|
- BUG/MEDIUM: peers: fix incorrect age in frequency counters
|
|
- BUG/MEDIUM: Fix RFC5077 resumption when more than
|
|
TLS_TICKETS_NO are present
|
|
- BUG/MAJOR: Fix crash in http_get_fhdr with exactly
|
|
MAX_HDR_HISTORY headers
|
|
- BUG/MINOR: lua: can't load external libraries
|
|
- DOC: "addr" parameter applies to both health and agent checks
|
|
- DOC: timeout client: pointers to timeout http-request
|
|
- DOC: typo on stick-store response
|
|
- DOC: stick-table: amend paragraph blaming the loss of table
|
|
upon reload
|
|
- DOC: typo: ACL subdir match
|
|
- DOC: typo: maxconn paragraph is wrong due to a wrong buffer
|
|
size
|
|
- DOC: regsub: parser limitation about the inability to use
|
|
closing square brackets
|
|
- DOC: typo: req.uri is now replaced by capture.req.uri
|
|
- DOC: name set-gpt0 mismatch with the expected keyword
|
|
- BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the
|
|
connection state.
|
|
- DOC: fix "needed" typo
|
|
- BUG/MINOR: dns: inapropriate way out after a resolution timeout
|
|
- BUG/MINOR: dns: trigger a DNS query type change on resolution
|
|
timeout
|
|
- BUG/MINOR : allow to log cookie for tarpit and denied request
|
|
- OPTIM/MINOR: session: abort if possible before connecting to
|
|
the backend
|
|
- BUG/MEDIUM: trace.c: rdtsc() is defined in two files
|
|
- BUG/MEDIUM: channel: fix miscalculation of available buffer
|
|
space (2nd try)
|
|
- BUG/MINOR: cfgparse: couple of small memory leaks.
|
|
- BUG/MEDIUM: sample: initialize the pointer before parse_binary
|
|
call.
|
|
- DOC: fix discrepancy in the example for http-request redirect
|
|
- DOC: Clarify IPv4 address / mask notation rules
|
|
- CLEANUP: fix inconsistency between fd->iocb, proto->accept and
|
|
accept()
|
|
- BUG/MEDIUM: fix maxaccept computation on per-process listeners
|
|
- BUG/MINOR: listener: stop unbound listeners on startup
|
|
- BUG/MINOR: fix maxaccept computation according to the frontend
|
|
process range
|
|
- MEDIUM: unblock signals on startup.
|
|
- BUG/MEDIUM: channel: don't allow to overwrite the reserve until
|
|
connected
|
|
- BUG/MEDIUM: channel: incorrect polling condition may delay
|
|
event delivery
|
|
- BUG/MEDIUM: channel: fix miscalculation of available buffer
|
|
space (3rd try)
|
|
- BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields
|
|
in TCP mode
|
|
- BUG/MEDIUM: lua: protects the upper boundary of the argument
|
|
list for converters/fetches.
|
|
- BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ>
|
|
- MINOR: channel: add new function channel_congested()
|
|
- BUG/MEDIUM: http: fix risk of CPU spikes with pipelined
|
|
requests from dead client
|
|
- BUG/MAJOR: channel: fix miscalculation of available buffer
|
|
space (4th try)
|
|
- BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly
|
|
cleared
|
|
- BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1
|
|
transfers
|
|
- BUG/MEDIUM: stats: show servers state may show an empty or
|
|
incomplete result
|
|
- BUG/MEDIUM: stats: show backend may show an empty or incomplete
|
|
result
|
|
- MINOR: stats: fix typo in help messages
|
|
- MINOR: stats: show stat resolvers missing in the help message
|
|
- BUG/MINOR: dns: fix DNS header definition
|
|
- BUG/MEDIUM: dns: fix alignment issue when building DNS queries
|
|
- CLEANUP/MINOR: stats: fix accidental addition of member "env"
|
|
in the applet ctx
|
|
- refreshed patches to apply cleanly again
|
|
- haproxy-1.6.0-makefile_lib.patch
|
|
- haproxy-1.6.0-sec-options.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 02:45:05 UTC 2016 - mrueckert@suse.de
|
|
|
|
- update to 1.6.4 (fate#320607) (bsc#937202)
|
|
- BUG/MINOR: http: fix several off-by-one errors in the url_param
|
|
parser
|
|
- BUG/MINOR: http: Be sure to process all the data received from
|
|
a server
|
|
- BUG/MINOR: chunk: make chunk_dup() always check and set
|
|
dst->size
|
|
- MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
|
|
- MINOR: chunks: add chunk_strcat() and chunk_newstr()
|
|
- MINOR: chunk: make chunk_initstr() take a const string
|
|
- MINOR: lru: new function to delete <nb> least recently used
|
|
keys
|
|
- DOC: add Ben Shillito as the maintainer of 51d
|
|
- BUG/MINOR: 51d: Ensures a unique domain for each configuration
|
|
- BUG/MINOR: 51d: Aligns Pattern cache implementation with
|
|
HAProxy best practices.
|
|
- BUG/MINOR: 51d: Releases workset back to pool.
|
|
- BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees.
|
|
- CLEANUP: 51d: Aligned if statements with HAProxy best practices
|
|
and removed casts from malloc.
|
|
- DOC: fix a few spelling mistakes (cherry picked from commit
|
|
cc123c66c2075add8524a6a9925382927daa6ab0)
|
|
- DOC: fix "workaround" spelling
|
|
- BUG/MINOR: examples: Fixing haproxy.spec to remove references
|
|
to .cfg files
|
|
- MINOR: fix the return type for dns_response_get_query_id()
|
|
function
|
|
- MINOR: server state: missing LF (\n) on error message printed
|
|
when parsing server state file
|
|
- BUG/MEDIUM: dns: no DNS resolution happens if no ports provided
|
|
to the nameserver
|
|
- BUG/MAJOR: servers state: server port is erased when dns
|
|
resolution is enabled on a server
|
|
- BUG/MEDIUM: servers state: server port is used uninitialized
|
|
- BUG/MEDIUM: config: Adding validation to stick-table expire
|
|
value.
|
|
- BUG/MEDIUM: sample: http_date() doesn't provide the right day
|
|
of the week
|
|
- BUG/MEDIUM: channel: fix miscalculation of available buffer
|
|
space.
|
|
- MEDIUM: pools: add a new flag to avoid rounding pool size up
|
|
- BUG/MEDIUM: buffers: do not round up buffer size during
|
|
allocation
|
|
- BUG/MINOR: stream: don't force retries if the server is DOWN
|
|
- BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch
|
|
the table
|
|
- MINOR: unix: don't mention free ports on EAGAIN
|
|
- BUG/CLEANUP: CLI: report the proper field states in "show sess"
|
|
- MINOR: stats: send content-length with the redirect to allow
|
|
keep-alive
|
|
- BUG: stream_interface: Reuse connection even if the output
|
|
channel is empty
|
|
- DOC: remove old tunnel mode assumptions
|
|
- BUG/MAJOR: http-reuse: fix risk of orphaned connections
|
|
- BUG/MEDIUM: http-reuse: do not share private connections across
|
|
backends
|
|
- BUG/MINOR: ssl: Be sure to use unique serial for regenerated
|
|
certificates
|
|
- BUG/MINOR: stats: fix missing comma in stats on agent drain
|
|
- BUG/MINOR: lua: unsafe initialization
|
|
- DOC: lua: fix somme errors
|
|
- DOC: add server name at rate-limit sessions example
|
|
- BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
|
|
- BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
|
|
- DOC: LUA: fix some typos and syntax errors
|
|
- MINOR: cfgparse: warn for incorrect 'timeout retry' keyword
|
|
spelling in resolvers
|
|
- MINOR: mailers: increase default timeout to 10 seconds
|
|
- MINOR: mailers: use <CRLF> for all line endings
|
|
- BUG/MAJOR: lua: applets can't sleep.
|
|
- BUG/MINOR: server: some prototypes are renamed
|
|
- BUG/MINOR: lua: Useless copy
|
|
- BUG/MEDIUM: stats: stats bind-process doesn't propagate the
|
|
process mask correctly
|
|
- BUG/MINOR: server: fix the format of the warning on address
|
|
change
|
|
- BUG/MEDIUM: chunks: always reject negative-length chunks
|
|
- BUG/MINOR: systemd: ensure we don't miss signals
|
|
- BUG/MINOR: systemd: report the correct signal in debug message
|
|
output
|
|
- BUG/MINOR: systemd: propagate the correct signal to haproxy
|
|
- MINOR: systemd: ensure a reload doesn't mask a stop
|
|
- BUG/MEDIUM: cfgparse: wrong argument offset after parsing
|
|
server "sni" keyword
|
|
- CLEANUP: stats: Avoid computation with uninitialized bits.
|
|
- CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
|
|
- CLEANUP: map: Avoid memory leak in out-of-memory condition.
|
|
- BUG/MINOR: tcpcheck: fix incorrect list usage resulting in
|
|
failure to load certain configs
|
|
- BUG/MAJOR: samples: check smp->strm before using it
|
|
- MINOR: sample: add a new helper to initialize the owner of a
|
|
sample
|
|
- MINOR: sample: always set a new sample's owner before
|
|
evaluating it
|
|
- BUG/MAJOR: vars: always retrieve the stream and session from
|
|
the sample
|
|
- CLEANUP: payload: remove useless and confusing nullity checks
|
|
for channel buffer
|
|
- BUG/MINOR: ssl: fix usage of the various sample fetch functions
|
|
- MINOR: cfgparse: warn when uid parameter is not a number
|
|
- MINOR: cfgparse: warn when gid parameter is not a number
|
|
- BUG/MINOR: standard: Avoid free of non-allocated pointer
|
|
- BUG/MINOR: pattern: Avoid memory leak on out-of-memory
|
|
condition
|
|
- CLEANUP: http: fix a build warning introduced by a recent fix
|
|
- BUG/MINOR: log: GMT offset not updated when entering/leaving
|
|
DST
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 11 14:22:44 UTC 2016 - e.istomin@edss.ee
|
|
|
|
- update to 1.6.3 (fate#320607)
|
|
- BUG/MEDIUM: lua: clean output buffer
|
|
- BUG/MEDIUM: http: switch the request channel to no-delay once done.
|
|
- BUG/MEDIUM: http: don't enable auto-close on the response side
|
|
- BUG/MEDIUM: stream: fix half-closed timeout handling
|
|
- BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
|
|
- BUG/MEDIUM: sample: urlp can't match an empty value
|
|
- BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input.
|
|
- BUG/MEDIUM: checks: email-alert not working when declared in defaults
|
|
- BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
|
|
- BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
|
|
- BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
|
|
- BUG/MEDIUM: peers: old stick table updates could be repushed
|
|
- BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
|
|
- BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
|
|
- BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
|
|
|
|
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
or http://www.haproxy.org/download/1.6/src/CHANGELOG
|
|
-------------------------------------------------------------------
|
|
Sat Nov 21 01:36:11 UTC 2015 - mrueckert@suse.de
|
|
|
|
- on sle11 we still need to own /etc/apparmor.d/local
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Nov 21 01:15:07 UTC 2015 - mrueckert@suse.de
|
|
|
|
- instead of owning the apparmor directories, BR apparmor-profiles.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 10 14:50:26 UTC 2015 - mrueckert@suse.de
|
|
|
|
- fix link to tarball
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 3 12:02:19 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.6.2
|
|
- BUILD: ssl: fix build error introduced in commit 7969a3 with
|
|
OpenSSL < 1.0.0
|
|
- DOC: fix a typo for a "deviceatlas" keyword
|
|
- FIX: small typo in an example using the "Referer" header
|
|
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
|
|
- BUG/MAJOR: dns: first DNS response packet not matching queried
|
|
hostname may lead to a loop
|
|
- BUG/MINOR: dns: unable to parse CNAMEs response
|
|
- BUG/MINOR: examples/haproxy.init: missing brace in
|
|
quiet_check()
|
|
- DOC: deviceatlas: more example use cases.
|
|
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
|
|
install-bin.
|
|
- BUG/MAJOR: http: don't requeue an idle connection that is
|
|
already queued
|
|
- DOC: typo on capture.res.hdr and capture.req.hdr
|
|
- BUG/MINOR: dns: check for duplicate nameserver id in a
|
|
resolvers section was missing
|
|
- CLEANUP: use direction names in place of numeric values
|
|
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
|
|
- drop haproxy-1.6.0-ssl-098.patch: included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.6.1
|
|
- DOC: specify that stats socket doc (section 9.2) is in
|
|
management
|
|
- BUILD: install only relevant and existing documentation
|
|
- CLEANUP: don't ignore debian/ directory if present
|
|
- BUG/MINOR: dns: parsing error of some DNS response
|
|
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
|
|
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
|
|
disabled
|
|
- MEDIUM: dns: Don't use the ANY query type
|
|
- drop haproxy-1.6.0-ssl.crash.patch included in update
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 19 16:15:57 UTC 2015 - mrueckert@suse.de
|
|
|
|
- add haproxy-1.6.0-ssl-098.patch:
|
|
fix building on openssl 0.9.8
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 16 17:16:40 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added haproxy-1.6.0-ssl.crash.patch: fix SNI related crash
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 15 23:19:33 UTC 2015 - mrueckert@suse.de
|
|
|
|
- only use network namespace support on distros newer than 13.2
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 13 19:39:12 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.6.0
|
|
The most user-visible changes, we can cite the simpler handling
|
|
of multiple configuration files, the support for quotes and
|
|
environment variables in the configuration, a significant
|
|
reduction of the memory usage thanks to a new dynamic buffer
|
|
allocator, notifications over e-mail, server state keeping across
|
|
reloads, dynamic DNS-based server address resolution, new
|
|
scripting capabilities thanks to the embedded Lua interpreter,
|
|
use of variables in the configuration to manipulate samples,
|
|
request body buffering and analysis, support for two third-party
|
|
device identification products (DeviceAtlas and 51Degrees), a lot
|
|
of new sample converters including arithmetic operators and table
|
|
lookups, TLS ticket secret sharing between nodes, TLS SNI to the
|
|
server, full tables replication between peers, ability to
|
|
instruct the kernel to quickly kill dead connections, support for
|
|
Linux namespaces, and a number of other less visible goodies. The
|
|
performance has also been improved a lot with support for server
|
|
connection multiplexing, much faster and cheaper HTTP compression
|
|
via libslz, and the addition of a pattern cache to speed up
|
|
certain expensive ACLs. The great flexibility offered by this
|
|
version will allow many users to significantly simplify their
|
|
configurations. Some users will notice a huge performance boost
|
|
after they enable the features designed for them.
|
|
|
|
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
- drop patches we pulled from upstream git:
|
|
0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
|
0002-DOC-usesrc-root-privileges-requirements.patch
|
|
0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
|
0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
|
0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
|
0006-DOC-typo-in-redirect-302-code-meaning.patch
|
|
0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
|
0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
|
0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
|
0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
|
0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
|
0012-DOC-ssl-missing-LF.patch
|
|
0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
|
0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
|
0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
|
- refresh/redo patches to apply cleanly again:
|
|
old: haproxy-1.2.16_config_haproxy_user.patch
|
|
new: haproxy-1.6.0_config_haproxy_user.patch
|
|
old: haproxy-makefile_lib.patch
|
|
new: haproxy-1.6.0-makefile_lib.patch
|
|
old: sec-options.patch
|
|
new: haproxy-1.6.0-sec-options.patch
|
|
- added new haproxy.cfg to have a minimal config we can actually
|
|
launch!
|
|
- drop patch haproxy-1.5.8-fix-bashisms.patch: patched files no
|
|
longer exist
|
|
- drop haproxy.vim: we will use the copy which ships with the
|
|
upstream tarball now.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 23 19:26:54 UTC 2015 - dmueller@suse.com
|
|
|
|
- fix haproxy status checks (bsc#947204)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 8 09:10:02 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Backport patches from upstream:
|
|
- BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
|
|
- BUG/MAJOR: http: don't call http_send_name_header() after an error
|
|
- Add 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
|
- Add 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 26 22:47:34 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Backport patches from upstream:
|
|
- BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
|
|
- DOC: usesrc root privileges requirements
|
|
- BUILD: ssl: Allow building against libssl without SSLv3.
|
|
- DOC/MINOR: fix OpenBSD versions where haproxy works
|
|
- BUG/MINOR: http/sample: gmtime/localtime can fail
|
|
- DOC: typo in 'redirect', 302 code meaning
|
|
- DOC: mention that %ms is left-padded with zeroes.
|
|
- CLEANUP: .gitignore: ignore more test files
|
|
- CLEANUP: .gitignore: finally ignore everything but what is known.
|
|
- MEDIUM: config: emit a warning on a frontend without listener
|
|
- BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
|
|
- DOC: ssl: missing LF
|
|
- DOC: fix example of http-request using ssl_fc_session_id
|
|
|
|
- Add 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
|
- Add 0002-DOC-usesrc-root-privileges-requirements.patch
|
|
- Add 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
|
- Add 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
|
- Add 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
|
- Add 0006-DOC-typo-in-redirect-302-code-meaning.patch
|
|
- Add 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
|
- Add 0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
|
- Add 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
|
- Add 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
|
- Add 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
|
- Add 0012-DOC-ssl-missing-LF.patch
|
|
- Add 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 3 16:37:55 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Update to 1.5.14 (CVE-2015-3281) (bsc#937042)
|
|
+ BUILD/MINOR: tools: rename popcount to my_popcountl
|
|
+ BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 26 11:45:33 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Update to 1.5.13
|
|
- Dropped all patches backported from git, no further changes
|
|
than those patches provided.
|
|
|
|
- Removed patches:
|
|
+ Remove 0001-BUG-MEDIUM-stats-properly-initialize-the-scope-befor.patch
|
|
+ Remove 0002-BUG-MEDIUM-http-don-t-forward-client-shutdown-withou.patch
|
|
+ Remove 0003-BUG-MINOR-check-fix-tcpcheck-error-message.patch
|
|
+ Remove 0004-CLEANUP-checks-fix-double-usage-of-cur-current_step-.patch
|
|
+ Remove 0005-BUG-MEDIUM-checks-do-not-dereference-head-of-a-tcp-c.patch
|
|
+ Remove 0006-CLEANUP-checks-simplify-the-loop-processing-of-tcp-c.patch
|
|
+ Remove 0007-BUG-MAJOR-checks-always-check-for-end-of-list-before.patch
|
|
+ Remove 0008-BUG-MEDIUM-checks-do-not-dereference-a-list-as-a-tcp.patch
|
|
+ Remove 0009-BUG-MEDIUM-peers-apply-a-random-reconnection-timeout.patch
|
|
+ Remove 0010-DOC-Update-doc-about-weight-act-and-bck-fields-in-th.patch
|
|
+ Remove 0011-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
|
|
+ Remove 0012-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
|
|
+ Remove 0013-BUG-MINOR-cfgparse-fix-typo-in-option-httplog-error-.patch
|
|
+ Remove 0014-BUG-MEDIUM-cfgparse-segfault-when-userlist-is-misuse.patch
|
|
+ Remove 0015-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
|
|
+ Remove 0016-BUG-MINOR-debug-display-null-in-place-of-meth.patch
|
|
+ Remove 0017-CLEANUP-deinit-remove-codes-for-cleaning-p-block_rul.patch
|
|
+ Remove 0018-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
|
|
+ Remove 0019-MEDIUM-init-don-t-stop-proxies-in-parent-process-whe.patch
|
|
+ Remove 0020-MINOR-peers-store-the-pointer-to-the-signal-handler.patch
|
|
+ Remove 0021-MEDIUM-peers-unregister-peers-that-were-never-starte.patch
|
|
+ Remove 0022-MEDIUM-config-propagate-the-table-s-process-list-to-.patch
|
|
+ Remove 0023-MEDIUM-init-stop-any-peers-section-not-bound-to-the-.patch
|
|
+ Remove 0024-MEDIUM-config-validate-that-peers-sections-are-bound.patch
|
|
+ Remove 0025-MAJOR-peers-allow-peers-section-to-be-used-with-nbpr.patch
|
|
+ Remove 0026-DOC-relax-the-peers-restriction-to-single-process.patch
|
|
+ Remove 0027-CLEANUP-config-fix-misleading-information-in-error-m.patch
|
|
+ Remove 0028-MINOR-config-report-the-number-of-processes-using-a-.patch
|
|
+ Remove 0029-BUG-MEDIUM-config-properly-compute-the-default-numbe.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 25 15:01:34 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Backport upstream patches:
|
|
+ DOC: Update doc about weight, act and bck fields in the statistics
|
|
+ MINOR: ssl: add a destructor to free allocated SSL ressources
|
|
+ BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
|
|
+ BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
|
|
+ BUG/MEDIUM: cfgparse: segfault when userlist is misused
|
|
+ MEDIUM: ssl: replace standards DH groups with custom ones
|
|
+ BUG/MINOR: debug: display (null) in place of "meth"
|
|
+ CLEANUP: deinit: remove codes for cleaning p->block_rules
|
|
+ BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
|
|
+ MEDIUM: init: don't stop proxies in parent process when exiting
|
|
+ MINOR: peers: store the pointer to the signal handler
|
|
+ MEDIUM: peers: unregister peers that were never started
|
|
+ MEDIUM: config: propagate the table's process list to the peers sections
|
|
+ MEDIUM: init: stop any peers section not bound to the correct process
|
|
+ MEDIUM: config: validate that peers sections are bound to exactly one process
|
|
+ MAJOR: peers: allow peers section to be used with nbproc > 1
|
|
+ DOC: relax the peers restriction to single-process
|
|
+ CLEANUP: config: fix misleading information in error message.
|
|
+ MINOR: config: report the number of processes using a peers section in the error case
|
|
+ BUG/MEDIUM: config: properly compute the default number of processes for a proxy
|
|
|
|
- Added patches:
|
|
+ Add 0010-DOC-Update-doc-about-weight-act-and-bck-fields-in-th.patch
|
|
+ Add 0011-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
|
|
+ Add 0012-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
|
|
+ Add 0013-BUG-MINOR-cfgparse-fix-typo-in-option-httplog-error-.patch
|
|
+ Add 0014-BUG-MEDIUM-cfgparse-segfault-when-userlist-is-misuse.patch
|
|
+ Add 0015-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
|
|
+ Add 0016-BUG-MINOR-debug-display-null-in-place-of-meth.patch
|
|
+ Add 0017-CLEANUP-deinit-remove-codes-for-cleaning-p-block_rul.patch
|
|
+ Add 0018-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
|
|
+ Add 0019-MEDIUM-init-don-t-stop-proxies-in-parent-process-whe.patch
|
|
+ Add 0020-MINOR-peers-store-the-pointer-to-the-signal-handler.patch
|
|
+ Add 0021-MEDIUM-peers-unregister-peers-that-were-never-starte.patch
|
|
+ Add 0022-MEDIUM-config-propagate-the-table-s-process-list-to-.patch
|
|
+ Add 0023-MEDIUM-init-stop-any-peers-section-not-bound-to-the-.patch
|
|
+ Add 0024-MEDIUM-config-validate-that-peers-sections-are-bound.patch
|
|
+ Add 0025-MAJOR-peers-allow-peers-section-to-be-used-with-nbpr.patch
|
|
+ Add 0026-DOC-relax-the-peers-restriction-to-single-process.patch
|
|
+ Add 0027-CLEANUP-config-fix-misleading-information-in-error-m.patch
|
|
+ Add 0028-MINOR-config-report-the-number-of-processes-using-a-.patch
|
|
+ Add 0029-BUG-MEDIUM-config-properly-compute-the-default-numbe.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 25 09:34:58 UTC 2015 - kgronlund@suse.com
|
|
|
|
- BUG/MINOR: check: fix tcpcheck error message
|
|
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
|
|
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
|
|
- CLEANUP: checks: simplify the loop processing of tcp-checks
|
|
- BUG/MAJOR: checks: always check for end of list before proceeding
|
|
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
|
|
- BUG/MEDIUM: peers: apply a random reconnection timeout
|
|
- Add 0003-BUG-MINOR-check-fix-tcpcheck-error-message.patch
|
|
- Add 0004-CLEANUP-checks-fix-double-usage-of-cur-current_step-.patch
|
|
- Add 0005-BUG-MEDIUM-checks-do-not-dereference-head-of-a-tcp-c.patch
|
|
- Add 0006-CLEANUP-checks-simplify-the-loop-processing-of-tcp-c.patch
|
|
- Add 0007-BUG-MAJOR-checks-always-check-for-end-of-list-before.patch
|
|
- Add 0008-BUG-MEDIUM-checks-do-not-dereference-a-list-as-a-tcp.patch
|
|
- Add 0009-BUG-MEDIUM-peers-apply-a-random-reconnection-timeout.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 11 19:27:33 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added 0002-BUG-MEDIUM-http-don-t-forward-client-shutdown-withou.patch
|
|
BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
|
|
except for tunnels
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 4 22:02:30 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added first patch from the 1.5 branch after the update:
|
|
0001-BUG-MEDIUM-stats-properly-initialize-the-scope-befor.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 2 22:17:57 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.5.12
|
|
- BUG/MINOR: ssl: Display correct filename in error message
|
|
- DOC: Fix L4TOUT typo in documentation
|
|
- BUG/MEDIUM: Do not consider an agent check as failed on L7
|
|
error
|
|
- BUG/MINOR: pattern: error message missing
|
|
- BUG/MEDIUM: pattern: some entries are not deleted with case
|
|
insensitive match
|
|
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
|
|
- BUG/MAJOR: http: don't read past buffer's end in
|
|
http_replace_value
|
|
- BUG/MEDIUM: http: the function "(req|res)-replace-value"
|
|
doesn't respect the HTTP syntax
|
|
- BUG/MEDIUM: peers: correctly configure the client timeout
|
|
- BUG/MINOR: compression: consider the expansion factor in init
|
|
- BUG/MEDIUM: http: hdr_cnt would not count any header when
|
|
called without name
|
|
- BUG/MEDIUM: listener: don't report an error when resuming
|
|
unbound listeners
|
|
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes
|
|
only
|
|
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is
|
|
nullified
|
|
- BUG/MEDIUM: http: remove content-length from chunked messages
|
|
- DOC: http: update the comments about the rules for determining
|
|
transfer-length
|
|
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding
|
|
to HTTP/1.1
|
|
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a
|
|
bad request
|
|
- BUG/MEDIUM: http: remove content-length form responses with bad
|
|
transfer-encoding
|
|
- MEDIUM: http: restrict the HTTP version token to 1 digit as per
|
|
RFC7230
|
|
- MEDIUM: http: add option-ignore-probes to get rid of the floods
|
|
of 408
|
|
- BUG/MINOR: config: clear proxy->table.peers.p for disabled
|
|
proxies
|
|
- MINOR: stick-table: don't attach to peers in stopped state
|
|
- MEDIUM: config: initialize stick-tables after peers, not before
|
|
- MEDIUM: peers: add the ability to disable a peers section
|
|
- DOC: document option http-ignore-probes
|
|
- DOC: fix the comments about the meaning of msg->sol in HTTP
|
|
- BUG/MEDIUM: http: wait for the exact amount of body bytes in
|
|
wait_for_request_body
|
|
- BUG/MAJOR: http: prevent risk of reading past end with balance
|
|
url_param
|
|
- DOC: update the doc on the proxy protocol
|
|
- remove patches that we pulled from the 1.5 tree
|
|
0001-BUG-MINOR-pattern-error-message-missing.patch
|
|
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
|
|
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
|
|
0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
|
|
0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
|
|
0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
|
|
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
|
|
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
|
|
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
|
|
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
|
|
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
|
|
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 20 10:52:12 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pull 3 patches from upstream:
|
|
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
|
|
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
|
|
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 2 10:54:29 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pull 3 patches from upstream:
|
|
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
|
|
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
|
|
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 16 15:00:13 UTC 2015 - kgronlund@suse.com
|
|
|
|
- pull 3 patches from upstream:
|
|
- BUG/MEDIUM: peers: correctly configure the client timeout
|
|
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
|
|
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
|
|
- Add 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
|
|
- Add 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
|
|
- Add 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 5 22:10:56 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added another fix from upstream:
|
|
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 11 12:38:06 GMT 2015 - aspiers@suse.com
|
|
|
|
- haproxy.init: fix reload and force-reload not to start a stopped
|
|
service
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 6 18:47:17 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pulled 2 patches from upstream:
|
|
0001-BUG-MINOR-pattern-error-message-missing.patch
|
|
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 1 08:27:43 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.5.11
|
|
- BUG/MEDIUM: backend: correctly detect the domain when
|
|
use_domain_only is used
|
|
- MINOR: ssl: load certificates in alphabetical order
|
|
- BUG/MINOR: checks: prevent http keep-alive with http-check
|
|
expect
|
|
- BUG/MEDIUM: Do not set agent health to zero if server is
|
|
disabled in config
|
|
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent
|
|
health is zero
|
|
- BUG/MINOR: stats:Fix incorrect printf type.
|
|
- DOC: add missing entry for log-format and clarify the text
|
|
- BUG/MEDIUM: http: fix header removal when previous header ends
|
|
with pure LF
|
|
- BUG/MEDIUM: channel: fix possible integer overflow on reserved
|
|
size computation
|
|
- BUG/MINOR: channel: compare to_forward with buf->i, not
|
|
buf->size
|
|
- MINOR: channel: add channel_in_transit()
|
|
- MEDIUM: channel: make buffer_reserved() use
|
|
channel_in_transit()
|
|
- MEDIUM: channel: make bi_avail() use channel_in_transit()
|
|
- BUG/MEDIUM: channel: don't schedule data in transit for leaving
|
|
until connected
|
|
- BUG/MAJOR: log: don't try to emit a log if no logger is set
|
|
- BUG/MINOR: args: add missing entry for ARGT_MAP in
|
|
arg_type_names
|
|
- BUG/MEDIUM: http: make http-request set-header compute the
|
|
string before removal
|
|
- BUG/MINOR: http: fix incorrect header value offset in
|
|
replace-hdr/replace-value
|
|
- BUG/MINOR: http: abort request processing on filter failure
|
|
- drop patch included in update:
|
|
0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 6 09:28:16 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pull fix from usptream:
|
|
0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
|
|
BUG/MEDIUM: backend: correctly detect the domain when
|
|
use_domain_only is used
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 31 22:17:18 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.10
|
|
- DOC: fix a few typos
|
|
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407
|
|
Unauthorized"
|
|
- BUG/MINOR: parse: refer curproxy instead of proxy
|
|
- DOC: httplog does not support 'no'
|
|
- MINOR: map/acl/dumpstats: remove the "Done." message
|
|
- BUG/MEDIUM: sample: fix random number upper-bound
|
|
- BUG/MEDIUM: patterns: previous fix was incomplete
|
|
- BUG/MEDIUM: payload: ensure that a request channel is available
|
|
- BUG/MINOR: tcp-check: don't condition data polling on check
|
|
type
|
|
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
|
|
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is
|
|
an expect
|
|
- BUG/MINOR: config: fix typo in condition when propagating
|
|
process binding
|
|
- BUG/MEDIUM: config: do not propagate processes between stopped
|
|
processes
|
|
- BUG/MAJOR: stream-int: properly check the memory allocation
|
|
return
|
|
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
|
|
- BUG/MEDIUM: compression: correctly report zlib_mem
|
|
- drop patches that we pulled from git before:
|
|
0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
|
|
0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
|
|
0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
|
|
0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
|
|
0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
|
|
0006-DOC-fix-a-few-typos.patch
|
|
0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
|
|
0008-DOC-httplog-does-not-support-no.patch
|
|
0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
|
|
0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
|
|
0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
|
|
0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 20 01:20:07 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pulled some more fixes from git:
|
|
0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
|
|
0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
|
|
0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
|
|
0006-DOC-fix-a-few-typos.patch
|
|
0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
|
|
0008-DOC-httplog-does-not-support-no.patch
|
|
0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
|
|
0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
|
|
0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
|
|
0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
|
|
|
|
see patch headers for details.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 28 18:21:43 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pulled 2 fixes from git:
|
|
- 0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
|
|
Dmitry Sivachenko <trtrmitya@gmail.com> reported that commit
|
|
315ec42 ("BUG/MEDIUM: pattern: don't load more than once a
|
|
pattern list.") relies on an uninitialised variable in the
|
|
stack. While it used to work fine during the tests, if the
|
|
uninitialized variable is non-null, some patterns may be
|
|
aggregated if loaded multiple times, resulting in slower
|
|
processing, which was the original issue it tried to address.
|
|
- 0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
|
|
Denys Fedoryshchenko reported a segfault when using certain
|
|
sample fetch functions in the "tcp-request connection" rulesets
|
|
despite the warnings. This is because some tests for the
|
|
existence of the channel were missing.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 26 12:29:42 UTC 2014 - ledest@gmail.com
|
|
|
|
- fix bashisms in example scripts
|
|
- add patches:
|
|
* haproxy-1.5.8-fix-bashisms.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.9
|
|
- BUILD: fix "make install" to support spaces in the install dirs
|
|
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
|
|
healthchecks
|
|
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in
|
|
case of OOM.
|
|
- BUG/MINOR: samples: fix unnecessary memcopy converting binary
|
|
to string.
|
|
- BUG/MEDIUM: connection: sanitize PPv2 header length before
|
|
parsing address information
|
|
- BUG/MEDIUM: pattern: don't load more than once a pattern list.
|
|
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
|
- BUG/MINOR: config: don't inherit the default balance algorithm
|
|
in frontends
|
|
- BUG/MAJOR: frontend: initialize capture pointers earlier
|
|
- BUG/MINOR: stats: correctly set the request/response analysers
|
|
- DOC: fix typo in the body parser documentation for msg.sov
|
|
- BUG/MINOR: peers: the buffer size is global.tune.bufsize, not
|
|
trash.size
|
|
- MINOR: sample: add a few basic internal fetches (nbproc, proc,
|
|
stopping)
|
|
- BUG/MAJOR: sessions: unlink session from list on out of memory
|
|
- Drop patches pulled from git
|
|
- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
|
- 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
|
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
|
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
|
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
|
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUILD: fix "make install" to support spaces in the install dirs
|
|
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
|
|
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
|
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
|
|
- BUG/MINOR: config: don't inherit the default balance algorithm in frontends
|
|
- BUG/MAJOR: frontend: initialize capture pointers earlier
|
|
|
|
- Add patches:
|
|
- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
|
- 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
|
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
|
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
|
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
|
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 09 21:52:00 UTC 2014 - Led <ledest@gmail.com>
|
|
|
|
- fix bashisms in pre script
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 31 22:24:27 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.8
|
|
- BUG/MAJOR: buffer: check the space left is enough or not when
|
|
input data in a buffer is wrapped
|
|
- BUG/BUILD: revert accidental change in the makefile from latest
|
|
SSL fix
|
|
- changes in 1.5.7
|
|
- BUG/MEDIUM: regex: fix pcre_study error handling
|
|
- BUG/MINOR: log: fix request flags when keep-alive is enabled
|
|
- MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return
|
|
DER formatted certs
|
|
- MINOR: ssl: add statement to force some ssl options in global.
|
|
- BUG/MINOR: ssl: correctly initialize ssl ctx for invalid
|
|
certificates
|
|
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
|
|
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon
|
|
error
|
|
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
|
|
- BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET
|
|
sockets
|
|
- Dropped patches:
|
|
- 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
|
|
- 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
|
|
- 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
|
|
- 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 29 08:07:07 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
|
|
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
|
|
- BUG/MINOR: log: fix request flags when keep-alive is enabled
|
|
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
|
|
|
|
- Added patches:
|
|
- 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
|
|
- 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
|
|
- 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
|
|
- 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 18 18:23:29 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.6
|
|
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
|
|
- MINOR: systemd: Check configuration before start
|
|
- BUG/MEDIUM: config: avoid skipping disabled proxies
|
|
- BUG/MINOR: config: do not accept more track-sc than configured
|
|
- BUG/MEDIUM: backend: fix URI hash when a query string is present
|
|
- dropped patches that were pulled from upstream
|
|
0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch
|
|
0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
|
|
0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
|
|
0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch
|
|
- dropped patch we sent upstream
|
|
haproxy-1.5_check_config_before_start.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 17 16:03:39 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MINOR: config: do not accept more track-sc than configured
|
|
- BUG/MEDIUM: backend: fix URI hash when a query string is present
|
|
- Add patch: 0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
|
|
- Add patch: 0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 10 20:01:33 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: config: avoid skipping disabled proxies
|
|
- Add patch: 0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 9 14:24:45 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Fix check config before start patch to apply after previous patch
|
|
- Update patch: haproxy-1.5_check_config_before_start.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 9 14:14:35 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
|
|
- Add patch:
|
|
- 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 8 12:53:41 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.5.5
|
|
- DOC: indicate that weight zero is reported as DRAIN
|
|
- DOC: Address issue where documentation is excluded due to a gitignore rule
|
|
- This update includes all previous patches since 1.5.4
|
|
|
|
- Removed patches:
|
|
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
|
|
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
|
|
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
|
|
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
|
|
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
|
|
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
|
|
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
|
|
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
|
|
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
|
|
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
|
|
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
|
|
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
|
|
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
|
|
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
|
|
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
|
|
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
|
|
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
|
|
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
|
|
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
|
|
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 6 09:09:58 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Backported fixes:
|
|
- BUG/MEDIUM: http: adjust close mode when switching to backend
|
|
- BUG/MINOR: config: don't propagate process binding on fatal errors.
|
|
- BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
|
|
- BUG/MINOR: tcp-check: report the correct failed step in the status
|
|
- BUG/MINOR: config: don't propagate process binding for dynamic use_backend
|
|
|
|
- Added patches:
|
|
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
|
|
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
|
|
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
|
|
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
|
|
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 25 16:10:08 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Backported fixes (bnc#898498):
|
|
- DOC: clearly state that the "show sess" output format is not fixed
|
|
- MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
|
|
- MEDIUM: Improve signal handling in systemd wrapper.
|
|
- MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
|
|
- DOC: indicate in the doc that track-sc* can wait if data are missing
|
|
- MEDIUM: http: enable header manipulation for 101 responses
|
|
- BUG/MEDIUM: config: propagate frontend to backend process binding again.
|
|
- MEDIUM: config: properly propagate process binding between proxies
|
|
- MEDIUM: config: make the frontends automatically bind to the listeners' processes
|
|
- MEDIUM: config: compute the exact bind-process before listener's maxaccept
|
|
- MEDIUM: config: only warn if stats are attached to multi-process bind directives
|
|
- MEDIUM: config: report it when tcp-request rules are misplaced
|
|
- MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
|
|
- MEDIUM: systemd-wrapper: support multiple executable versions and names
|
|
- BUG/MEDIUM: remove debugging code from systemd-wrapper
|
|
|
|
- Added patches:
|
|
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
|
|
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
|
|
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
|
|
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
|
|
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
|
|
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
|
|
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
|
|
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
|
|
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
|
|
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
|
|
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
|
|
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
|
|
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
|
|
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
|
|
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 3 07:35:14 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.5.4 (bnc#895849 CVE-2014-6269)
|
|
- BUG: config: error in http-response replace-header number of arguments
|
|
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
|
|
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
|
|
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
|
|
- MEDIUM: connection: add new bit in Proxy Protocol V2
|
|
- BUG/MINOR: server: move the directive #endif to the end of file
|
|
- BUG/MEDIUM: http: tarpit timeout is reset
|
|
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
|
|
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
|
|
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
|
|
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
|
|
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
|
|
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
|
|
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
|
|
|
|
- Dropped patches:
|
|
- 0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
|
|
- 0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
|
|
- 0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
|
|
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
|
|
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 22 14:38:59 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pull 2 more fixes from git:
|
|
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
|
|
A couple of typo fixed in 'http-response replace-header':
|
|
- an error when counting the number of arguments
|
|
- a typo in the alert message
|
|
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
|
|
Before the commit bbba2a8ecc35daf99317aaff7015c1931779c33b
|
|
(1.5-dev24-8), the tarpit section set timeout and return, after
|
|
this commit, the tarpit section set the timeout, and go to the
|
|
"done" label which reset the timeout.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 30 09:47:38 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pull important fixes from git:
|
|
0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
|
|
0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
|
|
0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
|
|
Especially the last patch is important:
|
|
As a consequence of various recent changes on the sample
|
|
conversion, a corner case has emerged where it is possible to
|
|
wait forever for a sample in track-sc*.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 28 11:33:14 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.5.3
|
|
- DOC: fix typo in Unix Socket commands
|
|
- BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
|
|
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
|
|
- DOC: mention that Squid correctly responds 400 to PPv2 header
|
|
- BUG/MINOR: http: base32+src should use the big endian version of base32
|
|
- BUG/MEDIUM: connection: fix proxy v2 header again!
|
|
- Removed backported patches:
|
|
- 0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
|
- 0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
|
- 0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
|
- 0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
|
- 0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
|
|
- 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 21 13:45:40 UTC 2014 - mrueckert@suse.de
|
|
|
|
- added 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch:
|
|
Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory
|
|
corruption when building a proxy v2 header") was wrong, using
|
|
&cn_trash instead of cn_trash resulting in a warning and the
|
|
client's SSL cert CN not being stored at the proper location.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 18 15:01:53 UTC 2014 - mrueckert@suse.de
|
|
|
|
- added
|
|
0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch:
|
|
BUG/MEDIUM: connection: fix memory corruption when building a
|
|
proxy v2 header
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 17 10:45:28 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pulled a few fixes from the 1.5 branch: most notable the DHE
|
|
memleak fix. Adds the following patches:
|
|
0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
|
0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
|
0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
|
0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 12 16:56:27 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.2
|
|
- BUG/MEDIUM: backend: Update hash to use unsigned int throughout
|
|
- BUG/MINOR: ssl: Fix external function in order not to return a
|
|
pointer on an internal trash buffer.
|
|
- DOC: expand the docs for the provided stats.
|
|
- BUG/MEDIUM: unix: do not unlink() abstract namespace sockets
|
|
upon failure.
|
|
- MINOR: stats: fix minor typo in HTML page
|
|
- BUG/MEDIUM: http: fetch "base" is not compatible with
|
|
set-header
|
|
- BUG/MINOR: counters: do not untrack counters before logging
|
|
- BUG/MAJOR: sample: correctly reinitialize sample fetch context
|
|
before calling sample_process()
|
|
- MINOR: stick-table: make stktable_fetch_key() indicate why it
|
|
failed
|
|
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable
|
|
contents
|
|
- BUILD: remove TODO from the spec file and add README
|
|
- MINOR: log: make MAX_SYSLOG_LEN overridable at build time
|
|
- MEDIUM: log: support a user-configurable max log line length
|
|
- DOC: provide an example of how to use ssl_c_sha1
|
|
- BUILD: http: fix isdigit & isspace warnings on Solaris
|
|
- BUG/MINOR: listener: set the listener's fd to -1 after deletion
|
|
- BUG/MEDIUM: unix: failed abstract socket binding is retryable
|
|
- MEDIUM: listener: implement a per-protocol pause() function
|
|
- MEDIUM: listener: support rebinding during resume()
|
|
- BUG/MEDIUM: unix: completely unbind abstract sockets during a
|
|
pause()
|
|
- DOC: explicitly mention the limits of abstract namespace
|
|
sockets
|
|
- DOC: minor fix on {sc,src}_kbytes_{in,out}
|
|
- DOC: fix alphabetical sort of converters
|
|
- BUG/MAJOR: http: correctly rewind the request body after start
|
|
of forwarding
|
|
- DOC: remove references to CPU=native in the README
|
|
- DOC: mention that "compression offload" is ignored in defaults
|
|
section
|
|
- drop patches including in version upgrade.
|
|
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
|
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
|
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
|
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
|
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
|
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
|
- use www.haproxy.org now instead of the old domain which is just
|
|
redirecting to haproxy.org now.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 1 12:13:33 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
|
|
- MINOR: stick-table: make stktable_fetch_key() indicate why it failed
|
|
- BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process()
|
|
- BUG/MINOR: counters: do not untrack counters before logging
|
|
- BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
|
|
- BUG/MEDIUM: http: fetch "base" is not compatible with set-header
|
|
|
|
- Add patches:
|
|
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
|
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
|
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
|
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
|
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
|
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 15:55:48 UTC 2014 - mrueckert@suse.de
|
|
|
|
- install the vim file into the versioned directory and dont cover
|
|
the current symlink with a directory
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 13:00:39 UTC 2014 - mrueckert@suse.de
|
|
|
|
- add Requires to vim to make the ownership of the vim directory
|
|
clear and not break any symlink handling the vim package might
|
|
use.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.1
|
|
- BUG/MINOR: config: http-request replace-header arg typo
|
|
- BUG/MINOR: ssl: rejects OCSP response without nextupdate.
|
|
- BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
|
|
- BUG/MINOR: ssl: Fix OCSP resp update fails with the same
|
|
certificate configured twice. (cherry picked from commit
|
|
1d3865b096b43b9a6d6a564ffb424ffa6f1ef79f)
|
|
- BUG/MEDIUM: Consistently use 'check' in process_chk
|
|
- BUG/MAJOR: session: revert all the crappy client-side timeout
|
|
changes
|
|
- BUG/MINOR: logs: properly initialize and count log sockets
|
|
- drop haproxy-1.5.0_consistently_use_check.patch:
|
|
included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Install vim file to a more appropriate location
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com
|
|
|
|
- added pre macro for systemd service file
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Use better systemd detection consistently
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 22 19:48:11 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pull commit 9ac7cabaf9945fb92c96cb92f5ea85235f54f7d6:
|
|
Consistently use 'check' in process_chk
|
|
I am not entirely sure that this is a bug, but it seems
|
|
to me that it may cause a problem if there agent-check is
|
|
configured and there is some kind of error making a connection
|
|
for it.
|
|
adds patch haproxy-1.5.0_consistently_use_check.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 20 14:37:21 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.0
|
|
For people who don't follow the development versions, 1.5 expands
|
|
1.4 with many new features and performance improvements,
|
|
including native SSL support on both sides with SNI/NPN/ALPN and
|
|
OCSP stapling, IPv6 and UNIX sockets are supported everywhere,
|
|
full HTTP keep-alive for better support of NTLM and improved
|
|
efficiency in static farms, HTTP/1.1 compression (deflate, gzip)
|
|
to save bandwidth, PROXY protocol versions 1 and 2 on both sides,
|
|
data sampling on everything in request or response, including
|
|
payload, ACLs can use any matching method with any input sample
|
|
maps and dynamic ACLs updatable from the CLI stick-tables support
|
|
counters to track activity on any input sample custom format for
|
|
logs, unique-id, header rewriting, and redirects, improved health
|
|
checks (SSL, scripted TCP, check agent, ...), much more scalable
|
|
configuration supports hundreds of thousands of backends and
|
|
certificates without sweating.
|
|
|
|
For all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
|
|
- enable tcp fast open if the kernel is recent enough
|
|
- enable PCRE JIT if PCRE is recent enough
|
|
- enable openssl support!
|
|
- haproxy can finally terminate ssl itself and also talk SSL to
|
|
the backend servers.
|
|
- including SNI/NPN/ALPN support.
|
|
new buildrequires openssl and pkgconfig
|
|
- enable deflate support
|
|
new buildrequires zlib-devel
|
|
- enable transparent proxy support
|
|
- enable usage of accept4. reduces the syscall amount.
|
|
- enable building and installing of halog
|
|
- install vim file into the correct place
|
|
- dropped patches:
|
|
0001-MEDIUM-add-systemd-service.patch
|
|
0002-MEDIUM-add-haproxy-systemd-wrapper.patch
|
|
0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
|
|
0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
|
|
0005-BUILD-stdbool-is-not-portable-again.patch
|
|
0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
|
|
0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
|
|
0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
|
|
0009-openSUSE-Configure-haproxy-user.patch
|
|
0010-openSUSE-Fix-path-to-PCRE-library.patch
|
|
0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
|
|
0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
|
|
0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
|
|
0014-MINOR-systemd-wrapper-improve-logging.patch
|
|
0015-MINOR-systemd-wrapper-propagate-exit-status.patch
|
|
- added haproxy-1.2.16_config_haproxy_user.patch:
|
|
(replaces 0009-openSUSE-Configure-haproxy-user.patch)
|
|
- added haproxy-1.5_check_config_before_start.patch:
|
|
systemd allows us to run other things before we start the final
|
|
daemon. use this to check the configuration before launching.
|
|
- added haproxy-makefile_lib.patch
|
|
(replaces 0010-openSUSE-Fix-path-to-PCRE-library.patch)
|
|
- added sec-options.patch:
|
|
allow it more easily to build haproxy with PIE, stackprotector
|
|
and relro. all those options are enabled on our build.
|
|
- added apparmor profile
|
|
usr.sbin.haproxy.apparmor
|
|
local.usr.sbin.haproxy.apparmor
|
|
- change the conditionals for systemd to use bcond_with to make it
|
|
more obvious what we are guarding.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 21 10:50:21 UTC 2014 - jsegitz@novell.com
|
|
|
|
- added necessary macros for systemd files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 6 06:12:08 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.4.25 (bnc#876438)
|
|
- DOC: typo: nosepoll self reference in config guide
|
|
- BUG/MINOR: deinit: free fdinfo while doing cleanup
|
|
- BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
|
|
- BUG/MINOR: use the same check condition for server as other algorithms
|
|
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv()
|
|
- BUG/MINOR: fix forcing fastinter in "on-error"
|
|
- BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
|
|
- BUG/MAJOR: http: don't emit the send-name-header when no server is available
|
|
- BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
|
|
- MEDIUM: session: disable lingering on the server when the client aborts
|
|
- MINOR: config: warn when a server with no specific port uses rdp-cookie
|
|
- MEDIUM: increase chunk-size limit to 2GB-1
|
|
- DOC: add a mention about the limited chunk size
|
|
- MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
|
|
- BUILD: proto_tcp: remove a harmless warning
|
|
- BUG/MINOR: acl: remove patterns from the tree before freeing them
|
|
- BUG/MEDIUM: checks: fix slow start regression after fix attempt
|
|
- BUG/MAJOR: server: weight calculation fails for map-based algorithms
|
|
- BUG/MINOR: backend: fix target address retrieval in transparent mode
|
|
- BUG/MEDIUM: stick: completely remove the unused flag from the store entries
|
|
- BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
|
|
- BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
|
|
- BUG/MINOR: stats: report correct throttling percentage for servers in slowstart
|
|
- BUG/MINOR: stats: correctly report throttle rate of low weight servers
|
|
- BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
|
|
- BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
|
|
- BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
|
|
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN
|
|
- BUG/MEDIUM: http: don't start to forward request data before the connect
|
|
- DOC: fix misleading information about SIGQUIT
|
|
- BUILD: simplify the date and version retrieval in the makefile
|
|
- BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
|
|
- BUILD: use format tags in VERDATE and SUBVERS files
|
|
|
|
- Reorganized patches and backported fixes for systemd wrapper:
|
|
- Renamed 0006-haproxy-1.2.16_config_haproxy_user.patch to 0009-openSUSE-Configure-haproxy-user.patch
|
|
- Renamed 0007-haproxy-makefile_lib.patch to 0010-openSUSE-Fix-path-to-PCRE-library.patch
|
|
- Removed 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch
|
|
- Added 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
|
|
- Added 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
|
|
- Added 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
|
|
- Added 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
|
|
- Added 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
|
|
- Added 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
|
|
- Added 0014-MINOR-systemd-wrapper-improve-logging.patch
|
|
- Added 0015-MINOR-systemd-wrapper-propagate-exit-status.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 22 09:54:48 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Backport haproxy-systemd-wrapper from upstream
|
|
- Patch haproxy-systemd-wrapper to work on openSUSE
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 12:46:04 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Remove duplicate Requires: from .spec file.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 12:41:12 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Re-enable sysvinit support for older versions
|
|
(server:http still builds for older versions)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 28 14:32:00 UTC 2013 - p.drouand@gmail.com
|
|
|
|
- Add systemd support
|
|
Target distributions all support systemd; keep alive sysvinit support
|
|
is useless
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com
|
|
|
|
- license update: GPL-2.0+ and LGPL-2.1+
|
|
only header files are LGPL, the rest is still GPL
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de
|
|
|
|
- update to 1.4.24 (bnc#825412)
|
|
- BUG/MAJOR: backend: consistent hash can loop forever in certain
|
|
circumstances
|
|
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks
|
|
are used
|
|
- MEDIUM: protocol: implement a "drain" function in protocol
|
|
layers
|
|
- BUG/CRITICAL: fix a possible crash when using negative header
|
|
occurrences CVE-2013-2175
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 3 14:47:43 UTC 2013 - mrueckert@suse.de
|
|
|
|
- update to 1.4.23 CVE-2013-1912
|
|
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
|
|
- BUG: fix garbage data when http-send-name-header replaces an
|
|
existing header
|
|
- BUG/MEDIUM: remove supplementary groups when changing gid
|
|
- BUG/MINOR: Correct logic in cut_crlf()
|
|
- BUG/MINOR: config: use a copy of the file name in proxy
|
|
configurations
|
|
- BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
|
|
- MINOR: halog: sort output by cookie code
|
|
- BUG/MINOR: halog: -ad/-ac report the correct number of output
|
|
lines
|
|
- BUG/MINOR: halog: fix help message for -ut/-uto
|
|
- BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel
|
|
mode
|
|
- BUG/MEDIUM: command-line option -D must have precedence over
|
|
"debug"
|
|
- OPTIM: halog: keep a fast path for the lines-count only
|
|
- MINOR: halog: add a parameter to limit output line count
|
|
- BUG: halog: fix broken output limitation
|
|
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
|
|
- MEDIUM: checks: prevent TIME_WAITs from appearing also on
|
|
timeouts
|
|
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the
|
|
back-ref list
|
|
- BUG/MINOR: http: don't report client aborts as server errors
|
|
- BUG/MINOR: http: don't log a 503 on client errors while waiting
|
|
for requests
|
|
- BUG/MEDIUM: tcp: process could theorically crash on lack of
|
|
source ports
|
|
- BUG/MINOR: http: don't abort client connection on premature
|
|
responses
|
|
- BUILD: no need to clean up when making git-tar
|
|
- MINOR: http: always report PR-- flags for redirect rules
|
|
- BUG/MINOR: time: frequency counters are not totally accurate
|
|
- BUG/MINOR: http: don't process abortonclose when request was
|
|
sent
|
|
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
|
|
- BUG/MINOR: config: fix improper check for failed memory alloc
|
|
in ACL parser
|
|
- BUG/MEDIUM: checks: ensure the health_status is always within
|
|
bounds
|
|
- CLEANUP: http: remove a useless null check
|
|
- BUG/MEDIUM: signal: signal handler does not properly check for
|
|
signal bounds
|
|
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on
|
|
memory shortage
|
|
- CLEANUP: config: slowstart is never negative
|
|
- BUILD: improve the makefile's support for libpcre
|
|
- BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
|
|
- MEDIUM: halog: add support for counting per source address
|
|
(-ic)
|
|
- DOC: mention the new HTTP 307 and 308 redirect statues
|
|
(cherry picked from commit
|
|
b67fdc4cd8bde202f2805d98683ddab929469a05)
|
|
- MEDIUM: poll: do not use FD_* macros anymore
|
|
- BUG/MAJOR: ev_select: disable the select() poller if maxsock >
|
|
FD_SETSIZE
|
|
- BUILD: enable poll() by default in the makefile
|
|
- BUILD: add explicit support for Mac OS/X
|
|
- BUG/CRITICAL: using HTTP information in tcp-request content may
|
|
crash the process CVE-2013-1912
|
|
- MEDIUM: http: implement redirect 307 and 308
|
|
- MINOR: http: status 301 should not be marked non-cacheable
|
|
- adapt haproxy-makefile_lib.patch to the rewritten Makefile
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de
|
|
|
|
- switch license tag to spdx format.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de
|
|
|
|
- update to 1.4.22
|
|
- BUG/MEDIUM: option forwardfor if-none doesn't work with some
|
|
configurations
|
|
- MINOR: balance uri: added 'whole' parameter to include query
|
|
string in hash calculation
|
|
- DOC: specify the default value for maxconn in the context of a
|
|
proxy
|
|
- BUG/MINOR: checks: expire on timeout.check if smaller than
|
|
timeout.connect
|
|
- REORG/MINOR: use dedicated proxy flags for the cookie handling
|
|
- BUG/MINOR: config: do not report twice the incompatibility
|
|
between cookie and non-http
|
|
- MINOR: http: add support for "httponly" and "secure" cookie
|
|
attributes
|
|
- MEDIUM: stats: add support for soft stop/soft start in the
|
|
admin interface
|
|
- BUILD: add support for linux kernels >= 2.6.28
|
|
- MINOR: contrib/iprange: add a network IP range to mask
|
|
converter
|
|
- BUILD: add an AIX 5.2 (and later) target.
|
|
- MINOR: halog: use the more recent dual-mode fgets2
|
|
implementation
|
|
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on
|
|
full-length matches
|
|
- CLEANUP: halog: make clean should also remove .o files
|
|
(cherry picked from commit
|
|
8ad4193100aafa19f04929670371bf823dbe11d0)
|
|
- OPTIM: halog: make use of memchr() on platforms which provide a
|
|
fast one
|
|
- OPTIM: halog: improve cold-cache behaviour when loading a file
|
|
- [MINOR] config: make it possible to specify a cookie even
|
|
without a server
|
|
- MINOR: config: tolerate server "cookie" setting in non-HTTP
|
|
mode
|
|
- BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de
|
|
|
|
- fix description in the init script
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.21 (bnc#763833) CVE-2012-2391
|
|
- MINOR: patch for minor typo (ressources/resources)
|
|
- CLEANUP: fix typo in findserver() log message
|
|
- DOC: cleanup indentation, alignment, columns and chapters
|
|
- DOC: fix some keywords arguments documentation
|
|
- MINOR: stats admin: allow unordered parameters in POST requests
|
|
- MINOR: stats admin: use the backend id instead of its name in
|
|
the form
|
|
- BUG/MAJOR: trash must always be the size of a buffer
|
|
- DOC: fix minor regex example issue and improve doc on stats
|
|
- BUG/MAJOR: possible crash when using capture headers on TCP
|
|
frontends
|
|
- MINOR: config: disable header captures in TCP mode and complain
|
|
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
|
|
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
|
|
- CLEANUP: remove a few warning about unchecked return values in
|
|
debug code
|
|
- CLEANUP: http: remove unused http_msg->col
|
|
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
|
|
- BUG/MAJOR: checks: don't call set_server_status_* when no LB
|
|
algo is set
|
|
- MINOR: proxy: make findproxy() return proxies from numeric IDs
|
|
too
|
|
- BUILD: http: stop gcc-4.1.2 from complaining about possibly
|
|
uninitialized values
|
|
- BUG/MINOR: stop connect timeout when connect succeeds
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.20:
|
|
- BUG/MINOR: fix typo in processing of http-send-name-header
|
|
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
|
|
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
|
|
- MINOR: halog: add some help on the command line (cherry picked from
|
|
commit 615674cdec067066a42f53f5d55628ab7b207e6c)
|
|
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
|
|
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
|
|
- BUG: checks: fix server maintenance exit sequence
|
|
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on
|
|
partial writes
|
|
- DOC: enumerate valid status codes for "observe layer7"
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 8 15:30:58 UTC 2012 - mrueckert@suse.de
|
|
|
|
- update to 1.4.19
|
|
- MEDIUM: http: add support for sending the server's name in the
|
|
outgoing request
|
|
- BUG/MINOR: fix options forwardfor if-none when an alternative
|
|
header name is specified
|
|
- MINOR: task: new function task_schedule() to schedule a wake up
|
|
- BUG/MEDIUM: checks: fix slowstart behaviour when server
|
|
tracking is in use
|
|
- BUG: tcp: option nolinger does not work on backends
|
|
- BUG: ebtree: ebst_lookup() could return the wrong entry
|
|
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP
|
|
requests
|
|
- CLEANUP: ebtree: remove a few annoying signedness warnings
|
|
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates
|
|
insertion code
|
|
- CLEANUP: ebtree: remove another typo, a wrong initialization in
|
|
insertion code
|
|
- BUG: proto_tcp: set AF_INET on tproxy for use with recent
|
|
kernels
|
|
- MINOR: halog: add support for matching queued requests
|
|
- BUG: http: tighten the list of allowed characters in a URI
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 9 12:09:33 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to 1.4.18
|
|
- [MINOR] http: *_dom matching header functions now also split on
|
|
":"
|
|
- [MINOR] halog: support backslash-escaped quotes
|
|
- BUILD/MINOR: fix the source URL in the spec file
|
|
- DOC: acl is http_first_req, not http_req_first
|
|
- BUG/MEDIUM: don't trim last spaces from headers consisting only
|
|
of spaces
|
|
- MINOR: acl: add new matches for header/path/url length
|
|
- [MINOR] halog: do not consider byte 0x8A as end of line
|
|
- [OPTIM] halog: make fgets parse more bytes by blocks
|
|
- [OPTIM] halog: add assembly version of the field lookup code
|
|
- [CLEANUP] startup: report only the basename in the usage
|
|
message
|
|
- [DOC] update the README file to reflect new naming rules for
|
|
patches
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.17:
|
|
- [MINOR] halog: add support for termination code matching (-tcn/-TCN)
|
|
- [MINOR] halog: make SKIP_CHAR stop on field delimiters
|
|
- [MINOR] halog: add support for HTTP log matching (-H)
|
|
- [MINOR] halog: gain back performance before SKIP_CHAR fix
|
|
- [OPTIM] halog: cache some common fields positions
|
|
- [OPTIM] halog: check once for correct line format and reuse the pointer
|
|
- [OPTIM] halog: remove many 'if' by using a function pointer for the filters
|
|
- [OPTIM] halog: remove support for tab delimiters in input data
|
|
- [MINOR] halog: add -hs/-HS to filter by HTTP status code range
|
|
- [CLEANUP] update the year in the copyright banner
|
|
- [BUG] check: http-check expect + regex would crash in defaults section
|
|
- [MEDIUM] http: make x-forwarded-for addition conditional
|
|
- [DOC] fixed a few "sensible" -> "sensitive" errors
|
|
- [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
|
|
- [BUG] http: trailing white spaces must also be trimmed after headers
|
|
- [MINOR] http: take a capture of too large requests and responses
|
|
- [MINOR] http: take a capture of truncated responses
|
|
- [MINOR] http: take a capture of bad content-lengths.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to version 1.4.16
|
|
- [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
|
|
- [DOC] Minor spelling fixes and grammatical enhancements
|
|
- [CLEANUP] Remove assigned but unused variables
|
|
- [BUG] checks: http-check expect could fail a check on
|
|
multi-packet responses
|
|
- [DOC] fix minor typo in the "dispatch" doc
|
|
- [MINOR] http: make the "HTTP 200" status code configurable.
|
|
- [MINOR] http: partially revert the chunking optimization for
|
|
now
|
|
- [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete
|
|
transfer
|
|
- [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out
|
|
test
|
|
- [MEDIUM] http: add support for "http-no-delay"
|
|
- [OPTIM] http: optimize chunking again in non-interactive mode
|
|
- [OPTIM] stream_sock: avoid fast-forwarding of partial data
|
|
- [OPTIM] stream_sock: don't use splice on too small payloads
|
|
- [BUG] stats: support url-encoded forms
|
|
- [BUG] halog: correctly handle truncated last line
|
|
- [DOC] fix typos, "#" is a sharp, not a dash
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
- revert splitting out the documentation
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
- split out documentation and examples into haproxy-doc
|
|
- add rpmlintrc to suppress false positive warnings about
|
|
script examples in documentation files (without exec flag)
|
|
- fix license
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to version 1.4.15
|
|
- [CRITICAL] fix risk of crash when dealing with space in
|
|
response cookies
|
|
- additional changes from 1.4.14
|
|
- [MINOR] config: fix endianness of server check port
|
|
- [BUG] http: fix possible incorrect forwarded wrapping chunk
|
|
size (take 2)
|
|
- [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
|
|
- [BUG] http: fix content-length handling on 32-bit platforms
|
|
- [OPTIM] buffers: uninline buffer_forward()
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to 1.4.13
|
|
- config: don't crash on empty pattern files.
|
|
- additional changes from 1.4.12
|
|
- stats: add support for several packets in stats admin
|
|
- stats: admin commands must check the proxy state
|
|
- stats: admin web interface must check the proxy state
|
|
- http: update the header list's tail when removing the last
|
|
header
|
|
- fix typos (http-request instead of http-check) (cherry
|
|
picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c)
|
|
- http: use correct ACL pointer when evaluating authentication
|
|
- cfgparse: correctly count one socket per port in ranges
|
|
- startup: set the rlimits before binding ports, not after.
|
|
- acl: srv_id must return no match when the server is NULL
|
|
- acl: fd leak when reading patterns from file
|
|
- fix minor typo in "usesrc"
|
|
- http: fix possible incorrect forwarded wrapping chunk size
|
|
- http: fix computation of message body length after forwarding
|
|
has started
|
|
- http: balance url_param did not work with first parameters on
|
|
POST
|
|
- update the url_param regression test to test check_post too
|
|
|
|
-------------------------------------------------------------------
|
|
>>>>>>> ./haproxy.changes.r40
|
|
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to 1.4.11
|
|
- cfgparse: Check whether the path given for the stats socket
|
|
actually fits into the sockaddr_un structure to avoid
|
|
truncation.
|
|
- fix a minor typo
|
|
- fix ignore-persist documentation
|
|
- http: fix http-pretend-keepalive and httpclose/tunnel mode
|
|
- add warnings on features not compatible with multi-process mode
|
|
- acl: add be_id/srv_id to match backend's and server's id
|
|
- log: add support for passing the forwarded hostname
|
|
- log: ability to override the syslog tag
|
|
- fix minor typos in the doc
|
|
- fix another typo in the doc
|
|
- http chunking: don't report a parsing error on connection
|
|
errors
|
|
- stream_interface: truncate buffers when sending error messages
|
|
- http: fix incorrect error reporting during data transfers
|
|
- session: correctly leave turn-around and queue states on abort
|
|
- session: release slot before processing pending connections
|
|
- stats: report HTTP message state and buffer flags in error
|
|
dumps
|
|
- http: support wrapping messages in error captures
|
|
- http: capture incorrectly chunked message bodies
|
|
- stats: add global event ID and count
|
|
- http: don't send each chunk in a separate packet
|
|
- acl: fix handling of empty lines in pattern files
|
|
- ebtree: fix ebmb_lookup() with len smaller than the tree's keys
|
|
- ebtree: ebmb_lookup: reduce stack usage by moving the return
|
|
code out of the loop
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.10:
|
|
* a possible crash when using Cookie-based persistence with
|
|
appsessions was fixed
|
|
* header processing could become wrong after a single reqidel
|
|
rule removed exactly two headers
|
|
* some out-of-memory conditions were not correctly handled in
|
|
appsession or cookie captures
|
|
* users of appsessions are strongly encouraged to upgrade
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.9:
|
|
* the Web interface now allows you to enable or disable servers
|
|
* the ECV and LDAPv3 checks were merged
|
|
* the MySQL check was improved to support a real login sequence
|
|
* persistence cookies can now be timestamped to support a maximum
|
|
idle time and a maximum life time, and can be removed by the
|
|
server if needed (e.g. logout)
|
|
* the SNMP plugin was improved to report socket stats
|
|
* some Cacti templates were merged
|
|
* the halog tool can now instantly report per-URL response times
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de
|
|
|
|
- implement graceful restart in the init script
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de
|
|
|
|
- update to 1.4.8:
|
|
* mention 'option http-server-close' effect in Tq section
|
|
* summarize and highlight persistent connections behaviour
|
|
* add configuration samples
|
|
* stick_table: the fix for the memory leak caused a regression
|
|
* client: don't add a new session to the list too early
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.7:
|
|
* fixes problems where consistent hashing was broken when no
|
|
server ID was specified in the configuration
|
|
* some errors were incorrectly reported as failed instead of
|
|
denied in the statistics
|
|
* the dispatch and http_proxy modes were fixed
|
|
* a few termination flags in the logs used for troubleshooting
|
|
were corrected
|
|
* a few other minor issues were fixed
|
|
* upgrading is recommended
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.6:
|
|
* a minor precision about RDP cookies was added to the
|
|
documentation
|
|
* a new ACL keyword was added
|
|
* those who had no problem building and running 1.4.5 don't need
|
|
to upgrade
|
|
|
|
- drop haproxy-fix_dprintf.patch, merged upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.5:
|
|
* Haproxy can now read huge ACL pattern lists from files and
|
|
match inputs against them without any noticeable performance
|
|
impact, making geolocation possible
|
|
* adds a new "ignore-persist" directive, allowing it to ignore
|
|
the persistence cookie if an ACL-based condition is matched
|
|
(which is useful for static objects in stateful farms)
|
|
* a few other minor improvements
|
|
* a nice performance boost of the log analyzer, which can now
|
|
process more than 1 GB of logs per second and report request
|
|
counts by status codes
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.4:
|
|
* brings a new option to work around optimization issues with
|
|
Tomcat and Jetty in server close mode, and for a bug in Jetty's
|
|
handling of Expect: 100-continue
|
|
* a very old appsession unexpected match of shorter cookie names
|
|
was also fixed
|
|
* a new feature to make it possible to connect to a server from
|
|
an IP found in a header was merged: it allows you to run
|
|
stunnel+haproxy in transparent mode together
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.3:
|
|
* fxes a regression introduced in 1.4.2 which could cause a
|
|
connection to still be attempted on the server side in case of
|
|
an error on the client side; this issue could even lead to a
|
|
crash if a Layer7 hash algorithm was used, so this code was
|
|
strengthened
|
|
* the configuration parser now detects many more inappropriate
|
|
options in TCP mode and emits related warnings
|
|
* it is now possible to indicate in the configuration that a
|
|
server will start in the "disabled" state
|
|
* other very minor issues were fixed
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.2:
|
|
* fixes a very rare case of stuck client sessions when using
|
|
keep-alive
|
|
* fixes a url_param hash bug which could result in a dead server
|
|
in very rare situations
|
|
* fixes status codes 501 and 505 which could cause a server to be
|
|
marked down if on-error was used
|
|
* fixes a risk of getting truncated HTTP responses when
|
|
chunk-encoding was used
|
|
* fixes an issue with anonymous ACLs
|
|
* improvements on health checks
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.1:
|
|
* some errors were incorrectly reported as 502 with the flags
|
|
"SL" in the logs; this is now fixed
|
|
* other minor issues were fixed
|
|
* documentation was updated
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.0:
|
|
* new features:
|
|
+ keep-alive
|
|
+ IP-based stickiness
|
|
+ consistent hashing
|
|
+ support for the RDP protocol
|
|
+ a much nicer stats interface
|
|
+ a much-improved performance level
|
|
* add -fno-strict-aliasing
|
|
|
|
- changes from 1.4rc1:
|
|
* new features:
|
|
+ server maintenance mode
|
|
+ HTTP authentication (server and proxy)
|
|
+ secure passwords
|
|
+ conditional request/response header rewriting using ACLs
|
|
+ anonymous ACLs that can be declared inline
|
|
+ support for HTTP/1.1 101+Upgrade status code to support non-
|
|
HTTP protocols such as WebSocket
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de
|
|
|
|
- update to 1.3.23
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.20
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 3 13:54:40 CEST 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.17
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 9 16:40:38 CET 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.15.8
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 4 15:13:15 CET 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.15.7
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de
|
|
|
|
- update to 1.3.15.4
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 4 21:21:35 CET 2007 - mrueckert@suse.de
|
|
|
|
- update to 1.3.13.1:
|
|
too many changes see changelog file
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 2 00:53:38 CEST 2007 - mrueckert@suse.de
|
|
|
|
- prepared spec for easy split out of -snapshot packages.
|
|
- added vim syntax file
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de
|
|
|
|
- update to 1.2.17:
|
|
- replaced the linked-list with a faster rbtree in the scheduler
|
|
- add user/group support (Marcus Rueckert)
|
|
- add the "except" keyword to the "forwardfor" option (Bryan
|
|
Germann)
|
|
- re-implemented support for multi-line headers (was
|
|
incidently reverted)
|
|
- fixed possible crash when no cookie was set on a server
|
|
- fixed various length checks in appsession
|
|
- fixed unlikely memory leak in appsession in case of memory
|
|
shortage
|
|
- updates to the architecture guide
|
|
- remove haproxy-1.2.16_username_groupname_support.patch:
|
|
patch included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 8 00:27:17 CET 2007 - mrueckert@suse.de
|
|
|
|
- initial package of 1.2.16
|
|
- added 2 patches:
|
|
haproxy-1.2.16_config_haproxy_user.patch
|
|
haproxy-1.2.16_username_groupname_support.patch
|
|
the patches allow to specify username and groupname instead of
|
|
uid/gid. The patches are needed as we do not have a static
|
|
uid/gid for the haproxy user/group.
|
|
|