2015-11-03 13:04:29 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Nov 3 12:02:19 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.6.2
|
|
|
|
- BUILD: ssl: fix build error introduced in commit 7969a3 with
|
|
|
|
OpenSSL < 1.0.0
|
|
|
|
- DOC: fix a typo for a "deviceatlas" keyword
|
|
|
|
- FIX: small typo in an example using the "Referer" header
|
|
|
|
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
|
|
|
|
- BUG/MAJOR: dns: first DNS response packet not matching queried
|
|
|
|
hostname may lead to a loop
|
|
|
|
- BUG/MINOR: dns: unable to parse CNAMEs response
|
|
|
|
- BUG/MINOR: examples/haproxy.init: missing brace in
|
|
|
|
quiet_check()
|
|
|
|
- DOC: deviceatlas: more example use cases.
|
|
|
|
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
|
|
|
|
install-bin.
|
|
|
|
- BUG/MAJOR: http: don't requeue an idle connection that is
|
|
|
|
already queued
|
|
|
|
- DOC: typo on capture.res.hdr and capture.req.hdr
|
|
|
|
- BUG/MINOR: dns: check for duplicate nameserver id in a
|
|
|
|
resolvers section was missing
|
|
|
|
- CLEANUP: use direction names in place of numeric values
|
|
|
|
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
|
|
|
|
- drop haproxy-1.6.0-ssl-098.patch: included upstream
|
|
|
|
|
2015-10-22 12:25:40 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.6.1
|
|
|
|
- DOC: specify that stats socket doc (section 9.2) is in
|
|
|
|
management
|
|
|
|
- BUILD: install only relevant and existing documentation
|
|
|
|
- CLEANUP: don't ignore debian/ directory if present
|
|
|
|
- BUG/MINOR: dns: parsing error of some DNS response
|
|
|
|
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
|
|
|
|
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
|
|
|
|
disabled
|
|
|
|
- MEDIUM: dns: Don't use the ANY query type
|
|
|
|
- drop haproxy-1.6.0-ssl.crash.patch included in update
|
|
|
|
|
2015-10-19 18:16:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Oct 19 16:15:57 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- add haproxy-1.6.0-ssl-098.patch:
|
|
|
|
fix building on openssl 0.9.8
|
|
|
|
|
2015-10-16 19:18:31 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Oct 16 17:16:40 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- added haproxy-1.6.0-ssl.crash.patch: fix SNI related crash
|
|
|
|
|
2015-10-16 01:25:07 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 15 23:19:33 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- only use network namespace support on distros newer than 13.2
|
|
|
|
|
2015-10-15 11:38:17 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 13 19:39:12 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.6.0
|
|
|
|
The most user-visible changes, we can cite the simpler handling
|
|
|
|
of multiple configuration files, the support for quotes and
|
|
|
|
environment variables in the configuration, a significant
|
|
|
|
reduction of the memory usage thanks to a new dynamic buffer
|
|
|
|
allocator, notifications over e-mail, server state keeping across
|
|
|
|
reloads, dynamic DNS-based server address resolution, new
|
|
|
|
scripting capabilities thanks to the embedded Lua interpreter,
|
|
|
|
use of variables in the configuration to manipulate samples,
|
|
|
|
request body buffering and analysis, support for two third-party
|
|
|
|
device identification products (DeviceAtlas and 51Degrees), a lot
|
|
|
|
of new sample converters including arithmetic operators and table
|
|
|
|
lookups, TLS ticket secret sharing between nodes, TLS SNI to the
|
|
|
|
server, full tables replication between peers, ability to
|
|
|
|
instruct the kernel to quickly kill dead connections, support for
|
|
|
|
Linux namespaces, and a number of other less visible goodies. The
|
|
|
|
performance has also been improved a lot with support for server
|
|
|
|
connection multiplexing, much faster and cheaper HTTP compression
|
|
|
|
via libslz, and the addition of a pattern cache to speed up
|
|
|
|
certain expensive ACLs. The great flexibility offered by this
|
|
|
|
version will allow many users to significantly simplify their
|
|
|
|
configurations. Some users will notice a huge performance boost
|
|
|
|
after they enable the features designed for them.
|
|
|
|
|
|
|
|
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
|
|
- drop patches we pulled from upstream git:
|
|
|
|
0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
|
|
|
0002-DOC-usesrc-root-privileges-requirements.patch
|
|
|
|
0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
|
|
|
0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
|
|
|
0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
|
|
|
0006-DOC-typo-in-redirect-302-code-meaning.patch
|
|
|
|
0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
|
|
|
0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
|
|
|
0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
|
|
|
0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
|
|
|
0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
|
|
|
0012-DOC-ssl-missing-LF.patch
|
|
|
|
0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
|
|
|
0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
|
|
|
0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
|
|
|
- refresh/redo patches to apply cleanly again:
|
|
|
|
old: haproxy-1.2.16_config_haproxy_user.patch
|
|
|
|
new: haproxy-1.6.0_config_haproxy_user.patch
|
|
|
|
old: haproxy-makefile_lib.patch
|
|
|
|
new: haproxy-1.6.0-makefile_lib.patch
|
|
|
|
old: sec-options.patch
|
|
|
|
new: haproxy-1.6.0-sec-options.patch
|
|
|
|
- added new haproxy.cfg to have a minimal config we can actually
|
|
|
|
launch!
|
|
|
|
- drop patch haproxy-1.5.8-fix-bashisms.patch: patched files no
|
|
|
|
longer exist
|
|
|
|
- drop haproxy.vim: we will use the copy which ships with the
|
|
|
|
upstream tarball now.
|
|
|
|
|
2015-09-08 17:45:55 +02:00
|
|
|
-------------------------------------------------------------------
|
2015-09-27 08:40:21 +02:00
|
|
|
Wed Sep 23 19:26:54 UTC 2015 - dmueller@suse.com
|
|
|
|
|
|
|
|
- fix haproxy status checks (bsc#947204)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2015-09-08 17:45:55 +02:00
|
|
|
Tue Sep 8 09:10:02 UTC 2015 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Backport patches from upstream:
|
|
|
|
- BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
|
|
|
|
- BUG/MAJOR: http: don't call http_send_name_header() after an error
|
|
|
|
- Add 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
|
|
|
- Add 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Aug 26 22:47:34 UTC 2015 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Backport patches from upstream:
|
|
|
|
- BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
|
|
|
|
- DOC: usesrc root privileges requirements
|
|
|
|
- BUILD: ssl: Allow building against libssl without SSLv3.
|
|
|
|
- DOC/MINOR: fix OpenBSD versions where haproxy works
|
|
|
|
- BUG/MINOR: http/sample: gmtime/localtime can fail
|
|
|
|
- DOC: typo in 'redirect', 302 code meaning
|
|
|
|
- DOC: mention that %ms is left-padded with zeroes.
|
|
|
|
- CLEANUP: .gitignore: ignore more test files
|
|
|
|
- CLEANUP: .gitignore: finally ignore everything but what is known.
|
|
|
|
- MEDIUM: config: emit a warning on a frontend without listener
|
|
|
|
- BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
|
|
|
|
- DOC: ssl: missing LF
|
|
|
|
- DOC: fix example of http-request using ssl_fc_session_id
|
|
|
|
|
|
|
|
- Add 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
|
|
|
- Add 0002-DOC-usesrc-root-privileges-requirements.patch
|
|
|
|
- Add 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
|
|
|
- Add 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
|
|
|
- Add 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
|
|
|
- Add 0006-DOC-typo-in-redirect-302-code-meaning.patch
|
|
|
|
- Add 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
|
|
|
- Add 0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
|
|
|
- Add 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
|
|
|
- Add 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
|
|
|
- Add 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
|
|
|
- Add 0012-DOC-ssl-missing-LF.patch
|
|
|
|
- Add 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
|
|
|
|
2015-07-05 18:03:07 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jul 3 16:37:55 UTC 2015 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Update to 1.5.14 (CVE-2015-3281) (bsc#937042)
|
|
|
|
+ BUILD/MINOR: tools: rename popcount to my_popcountl
|
|
|
|
+ BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
|
|
|
|
|
2015-06-30 10:19:18 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jun 26 11:45:33 UTC 2015 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Update to 1.5.13
|
|
|
|
- Dropped all patches backported from git, no further changes
|
|
|
|
than those patches provided.
|
|
|
|
|
|
|
|
- Removed patches:
|
|
|
|
+ Remove 0001-BUG-MEDIUM-stats-properly-initialize-the-scope-befor.patch
|
|
|
|
+ Remove 0002-BUG-MEDIUM-http-don-t-forward-client-shutdown-withou.patch
|
|
|
|
+ Remove 0003-BUG-MINOR-check-fix-tcpcheck-error-message.patch
|
|
|
|
+ Remove 0004-CLEANUP-checks-fix-double-usage-of-cur-current_step-.patch
|
|
|
|
+ Remove 0005-BUG-MEDIUM-checks-do-not-dereference-head-of-a-tcp-c.patch
|
|
|
|
+ Remove 0006-CLEANUP-checks-simplify-the-loop-processing-of-tcp-c.patch
|
|
|
|
+ Remove 0007-BUG-MAJOR-checks-always-check-for-end-of-list-before.patch
|
|
|
|
+ Remove 0008-BUG-MEDIUM-checks-do-not-dereference-a-list-as-a-tcp.patch
|
|
|
|
+ Remove 0009-BUG-MEDIUM-peers-apply-a-random-reconnection-timeout.patch
|
|
|
|
+ Remove 0010-DOC-Update-doc-about-weight-act-and-bck-fields-in-th.patch
|
|
|
|
+ Remove 0011-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
|
|
|
|
+ Remove 0012-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
|
|
|
|
+ Remove 0013-BUG-MINOR-cfgparse-fix-typo-in-option-httplog-error-.patch
|
|
|
|
+ Remove 0014-BUG-MEDIUM-cfgparse-segfault-when-userlist-is-misuse.patch
|
|
|
|
+ Remove 0015-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
|
|
|
|
+ Remove 0016-BUG-MINOR-debug-display-null-in-place-of-meth.patch
|
|
|
|
+ Remove 0017-CLEANUP-deinit-remove-codes-for-cleaning-p-block_rul.patch
|
|
|
|
+ Remove 0018-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
|
|
|
|
+ Remove 0019-MEDIUM-init-don-t-stop-proxies-in-parent-process-whe.patch
|
|
|
|
+ Remove 0020-MINOR-peers-store-the-pointer-to-the-signal-handler.patch
|
|
|
|
+ Remove 0021-MEDIUM-peers-unregister-peers-that-were-never-starte.patch
|
|
|
|
+ Remove 0022-MEDIUM-config-propagate-the-table-s-process-list-to-.patch
|
|
|
|
+ Remove 0023-MEDIUM-init-stop-any-peers-section-not-bound-to-the-.patch
|
|
|
|
+ Remove 0024-MEDIUM-config-validate-that-peers-sections-are-bound.patch
|
|
|
|
+ Remove 0025-MAJOR-peers-allow-peers-section-to-be-used-with-nbpr.patch
|
|
|
|
+ Remove 0026-DOC-relax-the-peers-restriction-to-single-process.patch
|
|
|
|
+ Remove 0027-CLEANUP-config-fix-misleading-information-in-error-m.patch
|
|
|
|
+ Remove 0028-MINOR-config-report-the-number-of-processes-using-a-.patch
|
|
|
|
+ Remove 0029-BUG-MEDIUM-config-properly-compute-the-default-numbe.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jun 25 15:01:34 UTC 2015 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Backport upstream patches:
|
|
|
|
+ DOC: Update doc about weight, act and bck fields in the statistics
|
|
|
|
+ MINOR: ssl: add a destructor to free allocated SSL ressources
|
|
|
|
+ BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
|
|
|
|
+ BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
|
|
|
|
+ BUG/MEDIUM: cfgparse: segfault when userlist is misused
|
|
|
|
+ MEDIUM: ssl: replace standards DH groups with custom ones
|
|
|
|
+ BUG/MINOR: debug: display (null) in place of "meth"
|
|
|
|
+ CLEANUP: deinit: remove codes for cleaning p->block_rules
|
|
|
|
+ BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
|
|
|
|
+ MEDIUM: init: don't stop proxies in parent process when exiting
|
|
|
|
+ MINOR: peers: store the pointer to the signal handler
|
|
|
|
+ MEDIUM: peers: unregister peers that were never started
|
|
|
|
+ MEDIUM: config: propagate the table's process list to the peers sections
|
|
|
|
+ MEDIUM: init: stop any peers section not bound to the correct process
|
|
|
|
+ MEDIUM: config: validate that peers sections are bound to exactly one process
|
|
|
|
+ MAJOR: peers: allow peers section to be used with nbproc > 1
|
|
|
|
+ DOC: relax the peers restriction to single-process
|
|
|
|
+ CLEANUP: config: fix misleading information in error message.
|
|
|
|
+ MINOR: config: report the number of processes using a peers section in the error case
|
|
|
|
+ BUG/MEDIUM: config: properly compute the default number of processes for a proxy
|
|
|
|
|
|
|
|
- Added patches:
|
|
|
|
+ Add 0010-DOC-Update-doc-about-weight-act-and-bck-fields-in-th.patch
|
|
|
|
+ Add 0011-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
|
|
|
|
+ Add 0012-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
|
|
|
|
+ Add 0013-BUG-MINOR-cfgparse-fix-typo-in-option-httplog-error-.patch
|
|
|
|
+ Add 0014-BUG-MEDIUM-cfgparse-segfault-when-userlist-is-misuse.patch
|
|
|
|
+ Add 0015-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
|
|
|
|
+ Add 0016-BUG-MINOR-debug-display-null-in-place-of-meth.patch
|
|
|
|
+ Add 0017-CLEANUP-deinit-remove-codes-for-cleaning-p-block_rul.patch
|
|
|
|
+ Add 0018-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
|
|
|
|
+ Add 0019-MEDIUM-init-don-t-stop-proxies-in-parent-process-whe.patch
|
|
|
|
+ Add 0020-MINOR-peers-store-the-pointer-to-the-signal-handler.patch
|
|
|
|
+ Add 0021-MEDIUM-peers-unregister-peers-that-were-never-starte.patch
|
|
|
|
+ Add 0022-MEDIUM-config-propagate-the-table-s-process-list-to-.patch
|
|
|
|
+ Add 0023-MEDIUM-init-stop-any-peers-section-not-bound-to-the-.patch
|
|
|
|
+ Add 0024-MEDIUM-config-validate-that-peers-sections-are-bound.patch
|
|
|
|
+ Add 0025-MAJOR-peers-allow-peers-section-to-be-used-with-nbpr.patch
|
|
|
|
+ Add 0026-DOC-relax-the-peers-restriction-to-single-process.patch
|
|
|
|
+ Add 0027-CLEANUP-config-fix-misleading-information-in-error-m.patch
|
|
|
|
+ Add 0028-MINOR-config-report-the-number-of-processes-using-a-.patch
|
|
|
|
+ Add 0029-BUG-MEDIUM-config-properly-compute-the-default-numbe.patch
|
|
|
|
|
2015-06-02 10:08:16 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon May 25 09:34:58 UTC 2015 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- BUG/MINOR: check: fix tcpcheck error message
|
|
|
|
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
|
|
|
|
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
|
|
|
|
- CLEANUP: checks: simplify the loop processing of tcp-checks
|
|
|
|
- BUG/MAJOR: checks: always check for end of list before proceeding
|
|
|
|
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
|
|
|
|
- BUG/MEDIUM: peers: apply a random reconnection timeout
|
|
|
|
- Add 0003-BUG-MINOR-check-fix-tcpcheck-error-message.patch
|
|
|
|
- Add 0004-CLEANUP-checks-fix-double-usage-of-cur-current_step-.patch
|
|
|
|
- Add 0005-BUG-MEDIUM-checks-do-not-dereference-head-of-a-tcp-c.patch
|
|
|
|
- Add 0006-CLEANUP-checks-simplify-the-loop-processing-of-tcp-c.patch
|
|
|
|
- Add 0007-BUG-MAJOR-checks-always-check-for-end-of-list-before.patch
|
|
|
|
- Add 0008-BUG-MEDIUM-checks-do-not-dereference-a-list-as-a-tcp.patch
|
|
|
|
- Add 0009-BUG-MEDIUM-peers-apply-a-random-reconnection-timeout.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon May 11 19:27:33 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- added 0002-BUG-MEDIUM-http-don-t-forward-client-shutdown-withou.patch
|
|
|
|
BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
|
|
|
|
except for tunnels
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon May 4 22:02:30 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- added first patch from the 1.5 branch after the update:
|
|
|
|
0001-BUG-MEDIUM-stats-properly-initialize-the-scope-befor.patch
|
|
|
|
|
2015-05-05 00:55:48 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat May 2 22:17:57 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.12
|
|
|
|
- BUG/MINOR: ssl: Display correct filename in error message
|
|
|
|
- DOC: Fix L4TOUT typo in documentation
|
|
|
|
- BUG/MEDIUM: Do not consider an agent check as failed on L7
|
|
|
|
error
|
|
|
|
- BUG/MINOR: pattern: error message missing
|
|
|
|
- BUG/MEDIUM: pattern: some entries are not deleted with case
|
|
|
|
insensitive match
|
|
|
|
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
|
|
|
|
- BUG/MAJOR: http: don't read past buffer's end in
|
|
|
|
http_replace_value
|
|
|
|
- BUG/MEDIUM: http: the function "(req|res)-replace-value"
|
|
|
|
doesn't respect the HTTP syntax
|
|
|
|
- BUG/MEDIUM: peers: correctly configure the client timeout
|
|
|
|
- BUG/MINOR: compression: consider the expansion factor in init
|
|
|
|
- BUG/MEDIUM: http: hdr_cnt would not count any header when
|
|
|
|
called without name
|
|
|
|
- BUG/MEDIUM: listener: don't report an error when resuming
|
|
|
|
unbound listeners
|
|
|
|
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes
|
|
|
|
only
|
|
|
|
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is
|
|
|
|
nullified
|
|
|
|
- BUG/MEDIUM: http: remove content-length from chunked messages
|
|
|
|
- DOC: http: update the comments about the rules for determining
|
|
|
|
transfer-length
|
|
|
|
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding
|
|
|
|
to HTTP/1.1
|
|
|
|
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a
|
|
|
|
bad request
|
|
|
|
- BUG/MEDIUM: http: remove content-length form responses with bad
|
|
|
|
transfer-encoding
|
|
|
|
- MEDIUM: http: restrict the HTTP version token to 1 digit as per
|
|
|
|
RFC7230
|
|
|
|
- MEDIUM: http: add option-ignore-probes to get rid of the floods
|
|
|
|
of 408
|
|
|
|
- BUG/MINOR: config: clear proxy->table.peers.p for disabled
|
|
|
|
proxies
|
|
|
|
- MINOR: stick-table: don't attach to peers in stopped state
|
|
|
|
- MEDIUM: config: initialize stick-tables after peers, not before
|
|
|
|
- MEDIUM: peers: add the ability to disable a peers section
|
|
|
|
- DOC: document option http-ignore-probes
|
|
|
|
- DOC: fix the comments about the meaning of msg->sol in HTTP
|
|
|
|
- BUG/MEDIUM: http: wait for the exact amount of body bytes in
|
|
|
|
wait_for_request_body
|
|
|
|
- BUG/MAJOR: http: prevent risk of reading past end with balance
|
|
|
|
url_param
|
|
|
|
- DOC: update the doc on the proxy protocol
|
|
|
|
- remove patches that we pulled from the 1.5 tree
|
|
|
|
0001-BUG-MINOR-pattern-error-message-missing.patch
|
|
|
|
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
|
|
|
|
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
|
|
|
|
0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
|
|
|
|
0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
|
|
|
|
0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
|
|
|
|
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
|
|
|
|
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
|
|
|
|
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
|
|
|
|
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
|
|
|
|
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
|
|
|
|
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
|
|
|
|
|
2015-04-22 01:19:28 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Apr 20 10:52:12 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pull 3 patches from upstream:
|
|
|
|
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
|
|
|
|
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
|
|
|
|
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
|
|
|
|
|
2015-04-07 09:29:14 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Apr 2 10:54:29 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pull 3 patches from upstream:
|
|
|
|
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
|
|
|
|
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
|
|
|
|
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Mar 16 15:00:13 UTC 2015 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- pull 3 patches from upstream:
|
|
|
|
- BUG/MEDIUM: peers: correctly configure the client timeout
|
|
|
|
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
|
|
|
|
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
|
|
|
|
- Add 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
|
|
|
|
- Add 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
|
|
|
|
- Add 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
|
|
|
|
|
2015-03-11 09:58:15 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 5 22:10:56 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- added another fix from upstream:
|
|
|
|
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
|
|
|
|
|
2015-02-18 11:39:34 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Feb 11 12:38:06 GMT 2015 - aspiers@suse.com
|
|
|
|
|
|
|
|
- haproxy.init: fix reload and force-reload not to start a stopped
|
|
|
|
service
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Feb 6 18:47:17 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pulled 2 patches from upstream:
|
|
|
|
0001-BUG-MINOR-pattern-error-message-missing.patch
|
|
|
|
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
|
|
|
|
|
2015-02-03 15:35:26 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Feb 1 08:27:43 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.11
|
|
|
|
- BUG/MEDIUM: backend: correctly detect the domain when
|
|
|
|
use_domain_only is used
|
|
|
|
- MINOR: ssl: load certificates in alphabetical order
|
|
|
|
- BUG/MINOR: checks: prevent http keep-alive with http-check
|
|
|
|
expect
|
|
|
|
- BUG/MEDIUM: Do not set agent health to zero if server is
|
|
|
|
disabled in config
|
|
|
|
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent
|
|
|
|
health is zero
|
|
|
|
- BUG/MINOR: stats:Fix incorrect printf type.
|
|
|
|
- DOC: add missing entry for log-format and clarify the text
|
|
|
|
- BUG/MEDIUM: http: fix header removal when previous header ends
|
|
|
|
with pure LF
|
|
|
|
- BUG/MEDIUM: channel: fix possible integer overflow on reserved
|
|
|
|
size computation
|
|
|
|
- BUG/MINOR: channel: compare to_forward with buf->i, not
|
|
|
|
buf->size
|
|
|
|
- MINOR: channel: add channel_in_transit()
|
|
|
|
- MEDIUM: channel: make buffer_reserved() use
|
|
|
|
channel_in_transit()
|
|
|
|
- MEDIUM: channel: make bi_avail() use channel_in_transit()
|
|
|
|
- BUG/MEDIUM: channel: don't schedule data in transit for leaving
|
|
|
|
until connected
|
|
|
|
- BUG/MAJOR: log: don't try to emit a log if no logger is set
|
|
|
|
- BUG/MINOR: args: add missing entry for ARGT_MAP in
|
|
|
|
arg_type_names
|
|
|
|
- BUG/MEDIUM: http: make http-request set-header compute the
|
|
|
|
string before removal
|
|
|
|
- BUG/MINOR: http: fix incorrect header value offset in
|
|
|
|
replace-hdr/replace-value
|
|
|
|
- BUG/MINOR: http: abort request processing on filter failure
|
|
|
|
- drop patch included in update:
|
|
|
|
0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
|
|
|
|
|
2015-01-08 23:02:32 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jan 6 09:28:16 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pull fix from usptream:
|
|
|
|
0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
|
|
|
|
BUG/MEDIUM: backend: correctly detect the domain when
|
|
|
|
use_domain_only is used
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Dec 31 22:17:18 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.10
|
|
|
|
- DOC: fix a few typos
|
|
|
|
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407
|
|
|
|
Unauthorized"
|
|
|
|
- BUG/MINOR: parse: refer curproxy instead of proxy
|
|
|
|
- DOC: httplog does not support 'no'
|
|
|
|
- MINOR: map/acl/dumpstats: remove the "Done." message
|
|
|
|
- BUG/MEDIUM: sample: fix random number upper-bound
|
|
|
|
- BUG/MEDIUM: patterns: previous fix was incomplete
|
|
|
|
- BUG/MEDIUM: payload: ensure that a request channel is available
|
|
|
|
- BUG/MINOR: tcp-check: don't condition data polling on check
|
|
|
|
type
|
|
|
|
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
|
|
|
|
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is
|
|
|
|
an expect
|
|
|
|
- BUG/MINOR: config: fix typo in condition when propagating
|
|
|
|
process binding
|
|
|
|
- BUG/MEDIUM: config: do not propagate processes between stopped
|
|
|
|
processes
|
|
|
|
- BUG/MAJOR: stream-int: properly check the memory allocation
|
|
|
|
return
|
|
|
|
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
|
|
|
|
- BUG/MEDIUM: compression: correctly report zlib_mem
|
|
|
|
- drop patches that we pulled from git before:
|
|
|
|
0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
|
|
|
|
0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
|
|
|
|
0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
|
|
|
|
0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
|
|
|
|
0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
|
|
|
|
0006-DOC-fix-a-few-typos.patch
|
|
|
|
0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
|
|
|
|
0008-DOC-httplog-does-not-support-no.patch
|
|
|
|
0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
|
|
|
|
0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
|
|
|
|
0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
|
|
|
|
0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Dec 20 01:20:07 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pulled some more fixes from git:
|
|
|
|
0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
|
|
|
|
0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
|
|
|
|
0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
|
|
|
|
0006-DOC-fix-a-few-typos.patch
|
|
|
|
0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
|
|
|
|
0008-DOC-httplog-does-not-support-no.patch
|
|
|
|
0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
|
|
|
|
0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
|
|
|
|
0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
|
|
|
|
0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
|
|
|
|
|
|
|
|
see patch headers for details.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Nov 28 18:21:43 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pulled 2 fixes from git:
|
|
|
|
- 0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
|
|
|
|
Dmitry Sivachenko <trtrmitya@gmail.com> reported that commit
|
|
|
|
315ec42 ("BUG/MEDIUM: pattern: don't load more than once a
|
|
|
|
pattern list.") relies on an uninitialised variable in the
|
|
|
|
stack. While it used to work fine during the tests, if the
|
|
|
|
uninitialized variable is non-null, some patterns may be
|
|
|
|
aggregated if loaded multiple times, resulting in slower
|
|
|
|
processing, which was the original issue it tried to address.
|
|
|
|
- 0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
|
|
|
|
Denys Fedoryshchenko reported a segfault when using certain
|
|
|
|
sample fetch functions in the "tcp-request connection" rulesets
|
|
|
|
despite the warnings. This is because some tests for the
|
|
|
|
existence of the channel were missing.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Nov 26 12:29:42 UTC 2014 - ledest@gmail.com
|
|
|
|
|
|
|
|
- fix bashisms in example scripts
|
|
|
|
- add patches:
|
|
|
|
* haproxy-1.5.8-fix-bashisms.patch
|
|
|
|
|
2014-11-26 20:55:40 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.9
|
|
|
|
- BUILD: fix "make install" to support spaces in the install dirs
|
|
|
|
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
|
|
|
|
healthchecks
|
|
|
|
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in
|
|
|
|
case of OOM.
|
|
|
|
- BUG/MINOR: samples: fix unnecessary memcopy converting binary
|
|
|
|
to string.
|
|
|
|
- BUG/MEDIUM: connection: sanitize PPv2 header length before
|
|
|
|
parsing address information
|
|
|
|
- BUG/MEDIUM: pattern: don't load more than once a pattern list.
|
|
|
|
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
|
|
|
- BUG/MINOR: config: don't inherit the default balance algorithm
|
|
|
|
in frontends
|
|
|
|
- BUG/MAJOR: frontend: initialize capture pointers earlier
|
|
|
|
- BUG/MINOR: stats: correctly set the request/response analysers
|
|
|
|
- DOC: fix typo in the body parser documentation for msg.sov
|
|
|
|
- BUG/MINOR: peers: the buffer size is global.tune.bufsize, not
|
|
|
|
trash.size
|
|
|
|
- MINOR: sample: add a few basic internal fetches (nbproc, proc,
|
|
|
|
stopping)
|
|
|
|
- BUG/MAJOR: sessions: unlink session from list on out of memory
|
|
|
|
- Drop patches pulled from git
|
|
|
|
- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
|
|
|
- 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
|
|
|
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
|
|
|
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
|
|
|
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
|
|
|
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
|
|
|
|
2014-11-26 10:33:24 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- BUILD: fix "make install" to support spaces in the install dirs
|
|
|
|
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
|
|
|
|
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
|
|
|
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
|
|
|
|
- BUG/MINOR: config: don't inherit the default balance algorithm in frontends
|
|
|
|
- BUG/MAJOR: frontend: initialize capture pointers earlier
|
|
|
|
|
|
|
|
- Add patches:
|
|
|
|
- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
|
|
|
- 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
|
|
|
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
|
|
|
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
|
|
|
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
|
|
|
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
|
|
|
|
2014-11-11 09:59:31 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Nov 09 21:52:00 UTC 2014 - Led <ledest@gmail.com>
|
|
|
|
|
|
|
|
- fix bashisms in pre script
|
|
|
|
|
2014-11-04 17:28:50 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Oct 31 22:24:27 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.8
|
|
|
|
- BUG/MAJOR: buffer: check the space left is enough or not when
|
|
|
|
input data in a buffer is wrapped
|
|
|
|
- BUG/BUILD: revert accidental change in the makefile from latest
|
|
|
|
SSL fix
|
|
|
|
- changes in 1.5.7
|
|
|
|
- BUG/MEDIUM: regex: fix pcre_study error handling
|
|
|
|
- BUG/MINOR: log: fix request flags when keep-alive is enabled
|
|
|
|
- MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return
|
|
|
|
DER formatted certs
|
|
|
|
- MINOR: ssl: add statement to force some ssl options in global.
|
|
|
|
- BUG/MINOR: ssl: correctly initialize ssl ctx for invalid
|
|
|
|
certificates
|
|
|
|
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
|
|
|
|
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon
|
|
|
|
error
|
|
|
|
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
|
|
|
|
- BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET
|
|
|
|
sockets
|
|
|
|
- Dropped patches:
|
|
|
|
- 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
|
|
|
|
- 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
|
|
|
|
- 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
|
|
|
|
- 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Oct 29 08:07:07 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
|
|
|
|
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
|
|
|
|
- BUG/MINOR: log: fix request flags when keep-alive is enabled
|
|
|
|
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
|
|
|
|
|
|
|
|
- Added patches:
|
|
|
|
- 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
|
|
|
|
- 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
|
|
|
|
- 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
|
|
|
|
- 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch
|
|
|
|
|
2014-10-25 08:46:58 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Oct 18 18:23:29 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.6
|
|
|
|
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
|
|
|
|
- MINOR: systemd: Check configuration before start
|
|
|
|
- BUG/MEDIUM: config: avoid skipping disabled proxies
|
|
|
|
- BUG/MINOR: config: do not accept more track-sc than configured
|
|
|
|
- BUG/MEDIUM: backend: fix URI hash when a query string is present
|
|
|
|
- dropped patches that were pulled from upstream
|
|
|
|
0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch
|
|
|
|
0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
|
|
|
|
0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
|
|
|
|
0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch
|
|
|
|
- dropped patch we sent upstream
|
|
|
|
haproxy-1.5_check_config_before_start.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Oct 17 16:03:39 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- BUG/MINOR: config: do not accept more track-sc than configured
|
|
|
|
- BUG/MEDIUM: backend: fix URI hash when a query string is present
|
|
|
|
- Add patch: 0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
|
|
|
|
- Add patch: 0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Oct 10 20:01:33 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- BUG/MEDIUM: config: avoid skipping disabled proxies
|
|
|
|
- Add patch: 0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch
|
|
|
|
|
2014-10-11 19:26:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 9 14:24:45 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Fix check config before start patch to apply after previous patch
|
|
|
|
- Update patch: haproxy-1.5_check_config_before_start.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 9 14:14:35 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
|
|
|
|
- Add patch:
|
|
|
|
- 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
|
|
|
|
|
2014-10-08 22:14:14 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Oct 8 12:53:41 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- update to 1.5.5
|
|
|
|
- DOC: indicate that weight zero is reported as DRAIN
|
|
|
|
- DOC: Address issue where documentation is excluded due to a gitignore rule
|
|
|
|
- This update includes all previous patches since 1.5.4
|
|
|
|
|
|
|
|
- Removed patches:
|
|
|
|
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
|
|
|
|
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
|
|
|
|
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
|
|
|
|
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
|
|
|
|
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
|
|
|
|
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
|
|
|
|
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
|
|
|
|
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
|
|
|
|
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
|
|
|
|
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
|
|
|
|
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
|
|
|
|
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
|
|
|
|
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
|
|
|
|
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
|
|
|
|
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
|
|
|
|
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
|
|
|
|
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
|
|
|
|
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
|
|
|
|
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
|
|
|
|
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
|
|
|
|
|
2014-10-07 16:00:29 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Oct 6 09:09:58 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Backported fixes:
|
|
|
|
- BUG/MEDIUM: http: adjust close mode when switching to backend
|
|
|
|
- BUG/MINOR: config: don't propagate process binding on fatal errors.
|
|
|
|
- BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
|
|
|
|
- BUG/MINOR: tcp-check: report the correct failed step in the status
|
|
|
|
- BUG/MINOR: config: don't propagate process binding for dynamic use_backend
|
|
|
|
|
|
|
|
- Added patches:
|
|
|
|
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
|
|
|
|
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
|
|
|
|
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
|
|
|
|
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
|
|
|
|
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
|
|
|
|
|
2014-09-26 10:52:30 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Sep 25 16:10:08 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Backported fixes (bnc#898498):
|
|
|
|
- DOC: clearly state that the "show sess" output format is not fixed
|
|
|
|
- MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
|
|
|
|
- MEDIUM: Improve signal handling in systemd wrapper.
|
|
|
|
- MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
|
|
|
|
- DOC: indicate in the doc that track-sc* can wait if data are missing
|
|
|
|
- MEDIUM: http: enable header manipulation for 101 responses
|
|
|
|
- BUG/MEDIUM: config: propagate frontend to backend process binding again.
|
|
|
|
- MEDIUM: config: properly propagate process binding between proxies
|
|
|
|
- MEDIUM: config: make the frontends automatically bind to the listeners' processes
|
|
|
|
- MEDIUM: config: compute the exact bind-process before listener's maxaccept
|
|
|
|
- MEDIUM: config: only warn if stats are attached to multi-process bind directives
|
|
|
|
- MEDIUM: config: report it when tcp-request rules are misplaced
|
|
|
|
- MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
|
|
|
|
- MEDIUM: systemd-wrapper: support multiple executable versions and names
|
|
|
|
- BUG/MEDIUM: remove debugging code from systemd-wrapper
|
|
|
|
|
|
|
|
- Added patches:
|
|
|
|
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
|
|
|
|
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
|
|
|
|
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
|
|
|
|
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
|
|
|
|
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
|
|
|
|
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
|
|
|
|
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
|
|
|
|
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
|
|
|
|
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
|
|
|
|
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
|
|
|
|
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
|
|
|
|
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
|
|
|
|
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
|
|
|
|
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
|
|
|
|
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
|
|
|
|
|
2014-09-06 12:18:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Sep 3 07:35:14 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
2014-09-26 10:52:30 +02:00
|
|
|
- update to 1.5.4 (bnc#895849 CVE-2014-6269)
|
2014-09-06 12:18:08 +02:00
|
|
|
- BUG: config: error in http-response replace-header number of arguments
|
|
|
|
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
|
|
|
|
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
|
|
|
|
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
|
|
|
|
- MEDIUM: connection: add new bit in Proxy Protocol V2
|
|
|
|
- BUG/MINOR: server: move the directive #endif to the end of file
|
|
|
|
- BUG/MEDIUM: http: tarpit timeout is reset
|
|
|
|
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
|
|
|
|
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
|
|
|
|
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
|
|
|
|
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
|
|
|
|
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
|
|
|
|
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
|
|
|
|
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
|
|
|
|
|
|
|
|
- Dropped patches:
|
|
|
|
- 0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
|
|
|
|
- 0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
|
|
|
|
- 0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
|
|
|
|
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
|
|
|
|
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
|
|
|
|
|
2014-08-25 11:04:11 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Aug 22 14:38:59 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pull 2 more fixes from git:
|
|
|
|
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
|
|
|
|
A couple of typo fixed in 'http-response replace-header':
|
|
|
|
- an error when counting the number of arguments
|
|
|
|
- a typo in the alert message
|
|
|
|
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
|
|
|
|
Before the commit bbba2a8ecc35daf99317aaff7015c1931779c33b
|
|
|
|
(1.5-dev24-8), the tarpit section set timeout and return, after
|
|
|
|
this commit, the tarpit section set the timeout, and go to the
|
|
|
|
"done" label which reset the timeout.
|
|
|
|
|
2014-08-05 21:11:18 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Jul 30 09:47:38 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pull important fixes from git:
|
|
|
|
0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
|
|
|
|
0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
|
|
|
|
0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
|
|
|
|
Especially the last patch is important:
|
|
|
|
As a consequence of various recent changes on the sample
|
|
|
|
conversion, a corner case has emerged where it is possible to
|
|
|
|
wait forever for a sample in track-sc*.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jul 28 11:33:14 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- update to 1.5.3
|
|
|
|
- DOC: fix typo in Unix Socket commands
|
|
|
|
- BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
|
|
|
|
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
|
|
|
|
- DOC: mention that Squid correctly responds 400 to PPv2 header
|
|
|
|
- BUG/MINOR: http: base32+src should use the big endian version of base32
|
|
|
|
- BUG/MEDIUM: connection: fix proxy v2 header again!
|
|
|
|
- Removed backported patches:
|
|
|
|
- 0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
|
|
|
- 0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
|
|
|
- 0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
|
|
|
- 0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
|
|
|
- 0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
|
|
|
|
- 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jul 21 13:45:40 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- added 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch:
|
|
|
|
Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory
|
|
|
|
corruption when building a proxy v2 header") was wrong, using
|
|
|
|
&cn_trash instead of cn_trash resulting in a warning and the
|
|
|
|
client's SSL cert CN not being stored at the proper location.
|
|
|
|
|
2014-07-21 21:40:10 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jul 18 15:01:53 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- added
|
|
|
|
0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch:
|
|
|
|
BUG/MEDIUM: connection: fix memory corruption when building a
|
|
|
|
proxy v2 header
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jul 17 10:45:28 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pulled a few fixes from the 1.5 branch: most notable the DHE
|
|
|
|
memleak fix. Adds the following patches:
|
|
|
|
0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
|
|
|
0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
|
|
|
0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
|
|
|
0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Jul 12 16:56:27 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.2
|
|
|
|
- BUG/MEDIUM: backend: Update hash to use unsigned int throughout
|
|
|
|
- BUG/MINOR: ssl: Fix external function in order not to return a
|
|
|
|
pointer on an internal trash buffer.
|
|
|
|
- DOC: expand the docs for the provided stats.
|
|
|
|
- BUG/MEDIUM: unix: do not unlink() abstract namespace sockets
|
|
|
|
upon failure.
|
|
|
|
- MINOR: stats: fix minor typo in HTML page
|
|
|
|
- BUG/MEDIUM: http: fetch "base" is not compatible with
|
|
|
|
set-header
|
|
|
|
- BUG/MINOR: counters: do not untrack counters before logging
|
|
|
|
- BUG/MAJOR: sample: correctly reinitialize sample fetch context
|
|
|
|
before calling sample_process()
|
|
|
|
- MINOR: stick-table: make stktable_fetch_key() indicate why it
|
|
|
|
failed
|
|
|
|
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable
|
|
|
|
contents
|
|
|
|
- BUILD: remove TODO from the spec file and add README
|
|
|
|
- MINOR: log: make MAX_SYSLOG_LEN overridable at build time
|
|
|
|
- MEDIUM: log: support a user-configurable max log line length
|
|
|
|
- DOC: provide an example of how to use ssl_c_sha1
|
|
|
|
- BUILD: http: fix isdigit & isspace warnings on Solaris
|
|
|
|
- BUG/MINOR: listener: set the listener's fd to -1 after deletion
|
|
|
|
- BUG/MEDIUM: unix: failed abstract socket binding is retryable
|
|
|
|
- MEDIUM: listener: implement a per-protocol pause() function
|
|
|
|
- MEDIUM: listener: support rebinding during resume()
|
|
|
|
- BUG/MEDIUM: unix: completely unbind abstract sockets during a
|
|
|
|
pause()
|
|
|
|
- DOC: explicitly mention the limits of abstract namespace
|
|
|
|
sockets
|
|
|
|
- DOC: minor fix on {sc,src}_kbytes_{in,out}
|
|
|
|
- DOC: fix alphabetical sort of converters
|
|
|
|
- BUG/MAJOR: http: correctly rewind the request body after start
|
|
|
|
of forwarding
|
|
|
|
- DOC: remove references to CPU=native in the README
|
|
|
|
- DOC: mention that "compression offload" is ignored in defaults
|
|
|
|
section
|
|
|
|
- drop patches including in version upgrade.
|
|
|
|
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
|
|
|
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
|
|
|
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
|
|
|
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
|
|
|
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
|
|
|
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
|
|
|
- use www.haproxy.org now instead of the old domain which is just
|
|
|
|
redirecting to haproxy.org now.
|
|
|
|
|
2014-07-02 15:05:11 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jul 1 12:13:33 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
|
|
|
|
- MINOR: stick-table: make stktable_fetch_key() indicate why it failed
|
|
|
|
- BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process()
|
|
|
|
- BUG/MINOR: counters: do not untrack counters before logging
|
|
|
|
- BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
|
|
|
|
- BUG/MEDIUM: http: fetch "base" is not compatible with set-header
|
|
|
|
|
|
|
|
- Add patches:
|
|
|
|
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
|
|
|
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
|
|
|
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
|
|
|
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
|
|
|
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
|
|
|
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
|
|
|
|
2014-06-25 15:24:23 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 24 15:55:48 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- install the vim file into the versioned directory and dont cover
|
|
|
|
the current symlink with a directory
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 24 13:00:39 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- add Requires to vim to make the ownership of the vim directory
|
|
|
|
clear and not break any symlink handling the vim package might
|
|
|
|
use.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.1
|
|
|
|
- BUG/MINOR: config: http-request replace-header arg typo
|
|
|
|
- BUG/MINOR: ssl: rejects OCSP response without nextupdate.
|
|
|
|
- BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
|
|
|
|
- BUG/MINOR: ssl: Fix OCSP resp update fails with the same
|
|
|
|
certificate configured twice. (cherry picked from commit
|
|
|
|
1d3865b096b43b9a6d6a564ffb424ffa6f1ef79f)
|
|
|
|
- BUG/MEDIUM: Consistently use 'check' in process_chk
|
|
|
|
- BUG/MAJOR: session: revert all the crappy client-side timeout
|
|
|
|
changes
|
|
|
|
- BUG/MINOR: logs: properly initialize and count log sockets
|
|
|
|
- drop haproxy-1.5.0_consistently_use_check.patch:
|
|
|
|
included upstream
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Install vim file to a more appropriate location
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- added pre macro for systemd service file
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Use better systemd detection consistently
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Jun 22 19:48:11 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- pull commit 9ac7cabaf9945fb92c96cb92f5ea85235f54f7d6:
|
|
|
|
Consistently use 'check' in process_chk
|
|
|
|
I am not entirely sure that this is a bug, but it seems
|
|
|
|
to me that it may cause a problem if there agent-check is
|
|
|
|
configured and there is some kind of error making a connection
|
|
|
|
for it.
|
|
|
|
adds patch haproxy-1.5.0_consistently_use_check.patch
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jun 20 14:37:21 UTC 2014 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.5.0
|
|
|
|
For people who don't follow the development versions, 1.5 expands
|
|
|
|
1.4 with many new features and performance improvements,
|
|
|
|
including native SSL support on both sides with SNI/NPN/ALPN and
|
|
|
|
OCSP stapling, IPv6 and UNIX sockets are supported everywhere,
|
|
|
|
full HTTP keep-alive for better support of NTLM and improved
|
|
|
|
efficiency in static farms, HTTP/1.1 compression (deflate, gzip)
|
|
|
|
to save bandwidth, PROXY protocol versions 1 and 2 on both sides,
|
|
|
|
data sampling on everything in request or response, including
|
|
|
|
payload, ACLs can use any matching method with any input sample
|
|
|
|
maps and dynamic ACLs updatable from the CLI stick-tables support
|
|
|
|
counters to track activity on any input sample custom format for
|
|
|
|
logs, unique-id, header rewriting, and redirects, improved health
|
|
|
|
checks (SSL, scripted TCP, check agent, ...), much more scalable
|
|
|
|
configuration supports hundreds of thousands of backends and
|
|
|
|
certificates without sweating.
|
|
|
|
|
|
|
|
For all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
|
|
|
|
|
|
- enable tcp fast open if the kernel is recent enough
|
|
|
|
- enable PCRE JIT if PCRE is recent enough
|
|
|
|
- enable openssl support!
|
|
|
|
- haproxy can finally terminate ssl itself and also talk SSL to
|
|
|
|
the backend servers.
|
|
|
|
- including SNI/NPN/ALPN support.
|
|
|
|
new buildrequires openssl and pkgconfig
|
|
|
|
- enable deflate support
|
|
|
|
new buildrequires zlib-devel
|
|
|
|
- enable transparent proxy support
|
|
|
|
- enable usage of accept4. reduces the syscall amount.
|
|
|
|
- enable building and installing of halog
|
|
|
|
- install vim file into the correct place
|
|
|
|
- dropped patches:
|
|
|
|
0001-MEDIUM-add-systemd-service.patch
|
|
|
|
0002-MEDIUM-add-haproxy-systemd-wrapper.patch
|
|
|
|
0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
|
|
|
|
0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
|
|
|
|
0005-BUILD-stdbool-is-not-portable-again.patch
|
|
|
|
0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
|
|
|
|
0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
|
|
|
|
0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
|
|
|
|
0009-openSUSE-Configure-haproxy-user.patch
|
|
|
|
0010-openSUSE-Fix-path-to-PCRE-library.patch
|
|
|
|
0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
|
|
|
|
0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
|
|
|
|
0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
|
|
|
|
0014-MINOR-systemd-wrapper-improve-logging.patch
|
|
|
|
0015-MINOR-systemd-wrapper-propagate-exit-status.patch
|
|
|
|
- added haproxy-1.2.16_config_haproxy_user.patch:
|
|
|
|
(replaces 0009-openSUSE-Configure-haproxy-user.patch)
|
|
|
|
- added haproxy-1.5_check_config_before_start.patch:
|
|
|
|
systemd allows us to run other things before we start the final
|
|
|
|
daemon. use this to check the configuration before launching.
|
|
|
|
- added haproxy-makefile_lib.patch
|
|
|
|
(replaces 0010-openSUSE-Fix-path-to-PCRE-library.patch)
|
|
|
|
- added sec-options.patch:
|
|
|
|
allow it more easily to build haproxy with PIE, stackprotector
|
|
|
|
and relro. all those options are enabled on our build.
|
|
|
|
- added apparmor profile
|
|
|
|
usr.sbin.haproxy.apparmor
|
|
|
|
local.usr.sbin.haproxy.apparmor
|
|
|
|
- change the conditionals for systemd to use bcond_with to make it
|
|
|
|
more obvious what we are guarding.
|
|
|
|
|
2014-05-23 07:27:51 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed May 21 10:50:21 UTC 2014 - jsegitz@novell.com
|
|
|
|
|
|
|
|
- added necessary macros for systemd files
|
|
|
|
|
2014-05-06 17:38:15 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue May 6 06:12:08 UTC 2014 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- update to 1.4.25 (bnc#876438)
|
|
|
|
- DOC: typo: nosepoll self reference in config guide
|
|
|
|
- BUG/MINOR: deinit: free fdinfo while doing cleanup
|
|
|
|
- BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
|
|
|
|
- BUG/MINOR: use the same check condition for server as other algorithms
|
|
|
|
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv()
|
|
|
|
- BUG/MINOR: fix forcing fastinter in "on-error"
|
|
|
|
- BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
|
|
|
|
- BUG/MAJOR: http: don't emit the send-name-header when no server is available
|
|
|
|
- BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
|
|
|
|
- MEDIUM: session: disable lingering on the server when the client aborts
|
|
|
|
- MINOR: config: warn when a server with no specific port uses rdp-cookie
|
|
|
|
- MEDIUM: increase chunk-size limit to 2GB-1
|
|
|
|
- DOC: add a mention about the limited chunk size
|
|
|
|
- MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
|
|
|
|
- BUILD: proto_tcp: remove a harmless warning
|
|
|
|
- BUG/MINOR: acl: remove patterns from the tree before freeing them
|
|
|
|
- BUG/MEDIUM: checks: fix slow start regression after fix attempt
|
|
|
|
- BUG/MAJOR: server: weight calculation fails for map-based algorithms
|
|
|
|
- BUG/MINOR: backend: fix target address retrieval in transparent mode
|
|
|
|
- BUG/MEDIUM: stick: completely remove the unused flag from the store entries
|
|
|
|
- BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
|
|
|
|
- BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
|
|
|
|
- BUG/MINOR: stats: report correct throttling percentage for servers in slowstart
|
|
|
|
- BUG/MINOR: stats: correctly report throttle rate of low weight servers
|
|
|
|
- BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
|
|
|
|
- BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
|
|
|
|
- BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
|
|
|
|
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN
|
|
|
|
- BUG/MEDIUM: http: don't start to forward request data before the connect
|
|
|
|
- DOC: fix misleading information about SIGQUIT
|
|
|
|
- BUILD: simplify the date and version retrieval in the makefile
|
|
|
|
- BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
|
|
|
|
- BUILD: use format tags in VERDATE and SUBVERS files
|
|
|
|
|
|
|
|
- Reorganized patches and backported fixes for systemd wrapper:
|
|
|
|
- Renamed 0006-haproxy-1.2.16_config_haproxy_user.patch to 0009-openSUSE-Configure-haproxy-user.patch
|
|
|
|
- Renamed 0007-haproxy-makefile_lib.patch to 0010-openSUSE-Fix-path-to-PCRE-library.patch
|
|
|
|
- Removed 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch
|
|
|
|
- Added 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
|
|
|
|
- Added 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
|
|
|
|
- Added 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
|
|
|
|
- Added 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
|
|
|
|
- Added 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
|
|
|
|
- Added 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
|
|
|
|
- Added 0014-MINOR-systemd-wrapper-improve-logging.patch
|
|
|
|
- Added 0015-MINOR-systemd-wrapper-propagate-exit-status.patch
|
|
|
|
|
2013-12-18 16:53:39 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Nov 22 09:54:48 UTC 2013 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Backport haproxy-systemd-wrapper from upstream
|
|
|
|
- Patch haproxy-systemd-wrapper to work on openSUSE
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 31 12:46:04 UTC 2013 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Remove duplicate Requires: from .spec file.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 31 12:41:12 UTC 2013 - kgronlund@suse.com
|
|
|
|
|
|
|
|
- Re-enable sysvinit support for older versions
|
|
|
|
(server:http still builds for older versions)
|
|
|
|
|
2013-10-29 09:25:21 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Oct 28 14:32:00 UTC 2013 - p.drouand@gmail.com
|
|
|
|
|
|
|
|
- Add systemd support
|
|
|
|
Target distributions all support systemd; keep alive sysvinit support
|
|
|
|
is useless
|
|
|
|
|
2013-10-15 10:42:00 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com
|
|
|
|
|
|
|
|
- license update: GPL-2.0+ and LGPL-2.1+
|
|
|
|
only header files are LGPL, the rest is still GPL
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.24 (bnc#825412)
|
|
|
|
- BUG/MAJOR: backend: consistent hash can loop forever in certain
|
|
|
|
circumstances
|
|
|
|
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks
|
|
|
|
are used
|
|
|
|
- MEDIUM: protocol: implement a "drain" function in protocol
|
|
|
|
layers
|
|
|
|
- BUG/CRITICAL: fix a possible crash when using negative header
|
|
|
|
occurrences CVE-2013-2175
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Apr 3 14:47:43 UTC 2013 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.23 CVE-2013-1912
|
|
|
|
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
|
|
|
|
- BUG: fix garbage data when http-send-name-header replaces an
|
|
|
|
existing header
|
|
|
|
- BUG/MEDIUM: remove supplementary groups when changing gid
|
|
|
|
- BUG/MINOR: Correct logic in cut_crlf()
|
|
|
|
- BUG/MINOR: config: use a copy of the file name in proxy
|
|
|
|
configurations
|
|
|
|
- BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
|
|
|
|
- MINOR: halog: sort output by cookie code
|
|
|
|
- BUG/MINOR: halog: -ad/-ac report the correct number of output
|
|
|
|
lines
|
|
|
|
- BUG/MINOR: halog: fix help message for -ut/-uto
|
|
|
|
- BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel
|
|
|
|
mode
|
|
|
|
- BUG/MEDIUM: command-line option -D must have precedence over
|
|
|
|
"debug"
|
|
|
|
- OPTIM: halog: keep a fast path for the lines-count only
|
|
|
|
- MINOR: halog: add a parameter to limit output line count
|
|
|
|
- BUG: halog: fix broken output limitation
|
|
|
|
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
|
|
|
|
- MEDIUM: checks: prevent TIME_WAITs from appearing also on
|
|
|
|
timeouts
|
|
|
|
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the
|
|
|
|
back-ref list
|
|
|
|
- BUG/MINOR: http: don't report client aborts as server errors
|
|
|
|
- BUG/MINOR: http: don't log a 503 on client errors while waiting
|
|
|
|
for requests
|
|
|
|
- BUG/MEDIUM: tcp: process could theorically crash on lack of
|
|
|
|
source ports
|
|
|
|
- BUG/MINOR: http: don't abort client connection on premature
|
|
|
|
responses
|
|
|
|
- BUILD: no need to clean up when making git-tar
|
|
|
|
- MINOR: http: always report PR-- flags for redirect rules
|
|
|
|
- BUG/MINOR: time: frequency counters are not totally accurate
|
|
|
|
- BUG/MINOR: http: don't process abortonclose when request was
|
|
|
|
sent
|
|
|
|
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
|
|
|
|
- BUG/MINOR: config: fix improper check for failed memory alloc
|
|
|
|
in ACL parser
|
|
|
|
- BUG/MEDIUM: checks: ensure the health_status is always within
|
|
|
|
bounds
|
|
|
|
- CLEANUP: http: remove a useless null check
|
|
|
|
- BUG/MEDIUM: signal: signal handler does not properly check for
|
|
|
|
signal bounds
|
|
|
|
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on
|
|
|
|
memory shortage
|
|
|
|
- CLEANUP: config: slowstart is never negative
|
|
|
|
- BUILD: improve the makefile's support for libpcre
|
|
|
|
- BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
|
|
|
|
- MEDIUM: halog: add support for counting per source address
|
|
|
|
(-ic)
|
|
|
|
- DOC: mention the new HTTP 307 and 308 redirect statues
|
|
|
|
(cherry picked from commit
|
|
|
|
b67fdc4cd8bde202f2805d98683ddab929469a05)
|
|
|
|
- MEDIUM: poll: do not use FD_* macros anymore
|
|
|
|
- BUG/MAJOR: ev_select: disable the select() poller if maxsock >
|
|
|
|
FD_SETSIZE
|
|
|
|
- BUILD: enable poll() by default in the makefile
|
|
|
|
- BUILD: add explicit support for Mac OS/X
|
|
|
|
- BUG/CRITICAL: using HTTP information in tcp-request content may
|
|
|
|
crash the process CVE-2013-1912
|
|
|
|
- MEDIUM: http: implement redirect 307 and 308
|
|
|
|
- MINOR: http: status 301 should not be marked non-cacheable
|
|
|
|
- adapt haproxy-makefile_lib.patch to the rewritten Makefile
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- switch license tag to spdx format.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.22
|
|
|
|
- BUG/MEDIUM: option forwardfor if-none doesn't work with some
|
|
|
|
configurations
|
|
|
|
- MINOR: balance uri: added 'whole' parameter to include query
|
|
|
|
string in hash calculation
|
|
|
|
- DOC: specify the default value for maxconn in the context of a
|
|
|
|
proxy
|
|
|
|
- BUG/MINOR: checks: expire on timeout.check if smaller than
|
|
|
|
timeout.connect
|
|
|
|
- REORG/MINOR: use dedicated proxy flags for the cookie handling
|
|
|
|
- BUG/MINOR: config: do not report twice the incompatibility
|
|
|
|
between cookie and non-http
|
|
|
|
- MINOR: http: add support for "httponly" and "secure" cookie
|
|
|
|
attributes
|
|
|
|
- MEDIUM: stats: add support for soft stop/soft start in the
|
|
|
|
admin interface
|
|
|
|
- BUILD: add support for linux kernels >= 2.6.28
|
|
|
|
- MINOR: contrib/iprange: add a network IP range to mask
|
|
|
|
converter
|
|
|
|
- BUILD: add an AIX 5.2 (and later) target.
|
|
|
|
- MINOR: halog: use the more recent dual-mode fgets2
|
|
|
|
implementation
|
|
|
|
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on
|
|
|
|
full-length matches
|
|
|
|
- CLEANUP: halog: make clean should also remove .o files
|
|
|
|
(cherry picked from commit
|
|
|
|
8ad4193100aafa19f04929670371bf823dbe11d0)
|
|
|
|
- OPTIM: halog: make use of memchr() on platforms which provide a
|
|
|
|
fast one
|
|
|
|
- OPTIM: halog: improve cold-cache behaviour when loading a file
|
|
|
|
- [MINOR] config: make it possible to specify a cookie even
|
|
|
|
without a server
|
|
|
|
- MINOR: config: tolerate server "cookie" setting in non-HTTP
|
|
|
|
mode
|
|
|
|
- BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- fix description in the init script
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.21 (bnc#763833) CVE-2012-2391
|
|
|
|
- MINOR: patch for minor typo (ressources/resources)
|
|
|
|
- CLEANUP: fix typo in findserver() log message
|
|
|
|
- DOC: cleanup indentation, alignment, columns and chapters
|
|
|
|
- DOC: fix some keywords arguments documentation
|
|
|
|
- MINOR: stats admin: allow unordered parameters in POST requests
|
|
|
|
- MINOR: stats admin: use the backend id instead of its name in
|
|
|
|
the form
|
|
|
|
- BUG/MAJOR: trash must always be the size of a buffer
|
|
|
|
- DOC: fix minor regex example issue and improve doc on stats
|
|
|
|
- BUG/MAJOR: possible crash when using capture headers on TCP
|
|
|
|
frontends
|
|
|
|
- MINOR: config: disable header captures in TCP mode and complain
|
|
|
|
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
|
|
|
|
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
|
|
|
|
- CLEANUP: remove a few warning about unchecked return values in
|
|
|
|
debug code
|
|
|
|
- CLEANUP: http: remove unused http_msg->col
|
|
|
|
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
|
|
|
|
- BUG/MAJOR: checks: don't call set_server_status_* when no LB
|
|
|
|
algo is set
|
|
|
|
- MINOR: proxy: make findproxy() return proxies from numeric IDs
|
|
|
|
too
|
|
|
|
- BUILD: http: stop gcc-4.1.2 from complaining about possibly
|
|
|
|
uninitialized values
|
|
|
|
- BUG/MINOR: stop connect timeout when connect succeeds
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.20:
|
|
|
|
- BUG/MINOR: fix typo in processing of http-send-name-header
|
|
|
|
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
|
|
|
|
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
|
|
|
|
- MINOR: halog: add some help on the command line (cherry picked from
|
|
|
|
commit 615674cdec067066a42f53f5d55628ab7b207e6c)
|
|
|
|
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
|
|
|
|
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
|
|
|
|
- BUG: checks: fix server maintenance exit sequence
|
|
|
|
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on
|
|
|
|
partial writes
|
|
|
|
- DOC: enumerate valid status codes for "observe layer7"
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Feb 8 15:30:58 UTC 2012 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.19
|
|
|
|
- MEDIUM: http: add support for sending the server's name in the
|
|
|
|
outgoing request
|
|
|
|
- BUG/MINOR: fix options forwardfor if-none when an alternative
|
|
|
|
header name is specified
|
|
|
|
- MINOR: task: new function task_schedule() to schedule a wake up
|
|
|
|
- BUG/MEDIUM: checks: fix slowstart behaviour when server
|
|
|
|
tracking is in use
|
|
|
|
- BUG: tcp: option nolinger does not work on backends
|
|
|
|
- BUG: ebtree: ebst_lookup() could return the wrong entry
|
|
|
|
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP
|
|
|
|
requests
|
|
|
|
- CLEANUP: ebtree: remove a few annoying signedness warnings
|
|
|
|
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates
|
|
|
|
insertion code
|
|
|
|
- CLEANUP: ebtree: remove another typo, a wrong initialization in
|
|
|
|
insertion code
|
|
|
|
- BUG: proto_tcp: set AF_INET on tproxy for use with recent
|
|
|
|
kernels
|
|
|
|
- MINOR: halog: add support for matching queued requests
|
|
|
|
- BUG: http: tighten the list of allowed characters in a URI
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Nov 9 12:09:33 UTC 2011 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.18
|
|
|
|
- [MINOR] http: *_dom matching header functions now also split on
|
|
|
|
":"
|
|
|
|
- [MINOR] halog: support backslash-escaped quotes
|
|
|
|
- BUILD/MINOR: fix the source URL in the spec file
|
|
|
|
- DOC: acl is http_first_req, not http_req_first
|
|
|
|
- BUG/MEDIUM: don't trim last spaces from headers consisting only
|
|
|
|
of spaces
|
|
|
|
- MINOR: acl: add new matches for header/path/url length
|
|
|
|
- [MINOR] halog: do not consider byte 0x8A as end of line
|
|
|
|
- [OPTIM] halog: make fgets parse more bytes by blocks
|
|
|
|
- [OPTIM] halog: add assembly version of the field lookup code
|
|
|
|
- [CLEANUP] startup: report only the basename in the usage
|
|
|
|
message
|
|
|
|
- [DOC] update the README file to reflect new naming rules for
|
|
|
|
patches
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.17:
|
|
|
|
- [MINOR] halog: add support for termination code matching (-tcn/-TCN)
|
|
|
|
- [MINOR] halog: make SKIP_CHAR stop on field delimiters
|
|
|
|
- [MINOR] halog: add support for HTTP log matching (-H)
|
|
|
|
- [MINOR] halog: gain back performance before SKIP_CHAR fix
|
|
|
|
- [OPTIM] halog: cache some common fields positions
|
|
|
|
- [OPTIM] halog: check once for correct line format and reuse the pointer
|
|
|
|
- [OPTIM] halog: remove many 'if' by using a function pointer for the filters
|
|
|
|
- [OPTIM] halog: remove support for tab delimiters in input data
|
|
|
|
- [MINOR] halog: add -hs/-HS to filter by HTTP status code range
|
|
|
|
- [CLEANUP] update the year in the copyright banner
|
|
|
|
- [BUG] check: http-check expect + regex would crash in defaults section
|
|
|
|
- [MEDIUM] http: make x-forwarded-for addition conditional
|
|
|
|
- [DOC] fixed a few "sensible" -> "sensitive" errors
|
|
|
|
- [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
|
|
|
|
- [BUG] http: trailing white spaces must also be trimmed after headers
|
|
|
|
- [MINOR] http: take a capture of too large requests and responses
|
|
|
|
- [MINOR] http: take a capture of truncated responses
|
|
|
|
- [MINOR] http: take a capture of bad content-lengths.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to version 1.4.16
|
|
|
|
- [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
|
|
|
|
- [DOC] Minor spelling fixes and grammatical enhancements
|
|
|
|
- [CLEANUP] Remove assigned but unused variables
|
|
|
|
- [BUG] checks: http-check expect could fail a check on
|
|
|
|
multi-packet responses
|
|
|
|
- [DOC] fix minor typo in the "dispatch" doc
|
|
|
|
- [MINOR] http: make the "HTTP 200" status code configurable.
|
|
|
|
- [MINOR] http: partially revert the chunking optimization for
|
|
|
|
now
|
|
|
|
- [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete
|
|
|
|
transfer
|
|
|
|
- [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out
|
|
|
|
test
|
|
|
|
- [MEDIUM] http: add support for "http-no-delay"
|
|
|
|
- [OPTIM] http: optimize chunking again in non-interactive mode
|
|
|
|
- [OPTIM] stream_sock: avoid fast-forwarding of partial data
|
|
|
|
- [OPTIM] stream_sock: don't use splice on too small payloads
|
|
|
|
- [BUG] stats: support url-encoded forms
|
|
|
|
- [BUG] halog: correctly handle truncated last line
|
|
|
|
- [DOC] fix typos, "#" is a sharp, not a dash
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- revert splitting out the documentation
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- split out documentation and examples into haproxy-doc
|
|
|
|
- add rpmlintrc to suppress false positive warnings about
|
|
|
|
script examples in documentation files (without exec flag)
|
|
|
|
- fix license
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to version 1.4.15
|
|
|
|
- [CRITICAL] fix risk of crash when dealing with space in
|
|
|
|
response cookies
|
|
|
|
- additional changes from 1.4.14
|
|
|
|
- [MINOR] config: fix endianness of server check port
|
|
|
|
- [BUG] http: fix possible incorrect forwarded wrapping chunk
|
|
|
|
size (take 2)
|
|
|
|
- [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
|
|
|
|
- [BUG] http: fix content-length handling on 32-bit platforms
|
|
|
|
- [OPTIM] buffers: uninline buffer_forward()
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.13
|
|
|
|
- config: don't crash on empty pattern files.
|
|
|
|
- additional changes from 1.4.12
|
|
|
|
- stats: add support for several packets in stats admin
|
|
|
|
- stats: admin commands must check the proxy state
|
|
|
|
- stats: admin web interface must check the proxy state
|
|
|
|
- http: update the header list's tail when removing the last
|
|
|
|
header
|
|
|
|
- fix typos (http-request instead of http-check) (cherry
|
|
|
|
picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c)
|
|
|
|
- http: use correct ACL pointer when evaluating authentication
|
|
|
|
- cfgparse: correctly count one socket per port in ranges
|
|
|
|
- startup: set the rlimits before binding ports, not after.
|
|
|
|
- acl: srv_id must return no match when the server is NULL
|
|
|
|
- acl: fd leak when reading patterns from file
|
|
|
|
- fix minor typo in "usesrc"
|
|
|
|
- http: fix possible incorrect forwarded wrapping chunk size
|
|
|
|
- http: fix computation of message body length after forwarding
|
|
|
|
has started
|
|
|
|
- http: balance url_param did not work with first parameters on
|
|
|
|
POST
|
|
|
|
- update the url_param regression test to test check_post too
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
>>>>>>> ./haproxy.changes.r40
|
|
|
|
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.11
|
|
|
|
- cfgparse: Check whether the path given for the stats socket
|
|
|
|
actually fits into the sockaddr_un structure to avoid
|
|
|
|
truncation.
|
|
|
|
- fix a minor typo
|
|
|
|
- fix ignore-persist documentation
|
|
|
|
- http: fix http-pretend-keepalive and httpclose/tunnel mode
|
|
|
|
- add warnings on features not compatible with multi-process mode
|
|
|
|
- acl: add be_id/srv_id to match backend's and server's id
|
|
|
|
- log: add support for passing the forwarded hostname
|
|
|
|
- log: ability to override the syslog tag
|
|
|
|
- fix minor typos in the doc
|
|
|
|
- fix another typo in the doc
|
|
|
|
- http chunking: don't report a parsing error on connection
|
|
|
|
errors
|
|
|
|
- stream_interface: truncate buffers when sending error messages
|
|
|
|
- http: fix incorrect error reporting during data transfers
|
|
|
|
- session: correctly leave turn-around and queue states on abort
|
|
|
|
- session: release slot before processing pending connections
|
|
|
|
- stats: report HTTP message state and buffer flags in error
|
|
|
|
dumps
|
|
|
|
- http: support wrapping messages in error captures
|
|
|
|
- http: capture incorrectly chunked message bodies
|
|
|
|
- stats: add global event ID and count
|
|
|
|
- http: don't send each chunk in a separate packet
|
|
|
|
- acl: fix handling of empty lines in pattern files
|
|
|
|
- ebtree: fix ebmb_lookup() with len smaller than the tree's keys
|
|
|
|
- ebtree: ebmb_lookup: reduce stack usage by moving the return
|
|
|
|
code out of the loop
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.10:
|
|
|
|
* a possible crash when using Cookie-based persistence with
|
|
|
|
appsessions was fixed
|
|
|
|
* header processing could become wrong after a single reqidel
|
|
|
|
rule removed exactly two headers
|
|
|
|
* some out-of-memory conditions were not correctly handled in
|
|
|
|
appsession or cookie captures
|
|
|
|
* users of appsessions are strongly encouraged to upgrade
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Nov 2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.9:
|
|
|
|
* the Web interface now allows you to enable or disable servers
|
|
|
|
* the ECV and LDAPv3 checks were merged
|
|
|
|
* the MySQL check was improved to support a real login sequence
|
|
|
|
* persistence cookies can now be timestamped to support a maximum
|
|
|
|
idle time and a maximum life time, and can be removed by the
|
|
|
|
server if needed (e.g. logout)
|
|
|
|
* the SNMP plugin was improved to report socket stats
|
|
|
|
* some Cacti templates were merged
|
|
|
|
* the halog tool can now instantly report per-URL response times
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- implement graceful restart in the init script
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.4.8:
|
|
|
|
* mention 'option http-server-close' effect in Tq section
|
|
|
|
* summarize and highlight persistent connections behaviour
|
|
|
|
* add configuration samples
|
|
|
|
* stick_table: the fix for the memory leak caused a regression
|
|
|
|
* client: don't add a new session to the list too early
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.7:
|
|
|
|
* fixes problems where consistent hashing was broken when no
|
|
|
|
server ID was specified in the configuration
|
|
|
|
* some errors were incorrectly reported as failed instead of
|
|
|
|
denied in the statistics
|
|
|
|
* the dispatch and http_proxy modes were fixed
|
|
|
|
* a few termination flags in the logs used for troubleshooting
|
|
|
|
were corrected
|
|
|
|
* a few other minor issues were fixed
|
|
|
|
* upgrading is recommended
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.6:
|
|
|
|
* a minor precision about RDP cookies was added to the
|
|
|
|
documentation
|
|
|
|
* a new ACL keyword was added
|
|
|
|
* those who had no problem building and running 1.4.5 don't need
|
|
|
|
to upgrade
|
|
|
|
|
|
|
|
- drop haproxy-fix_dprintf.patch, merged upstream
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.5:
|
|
|
|
* Haproxy can now read huge ACL pattern lists from files and
|
|
|
|
match inputs against them without any noticeable performance
|
|
|
|
impact, making geolocation possible
|
|
|
|
* adds a new "ignore-persist" directive, allowing it to ignore
|
|
|
|
the persistence cookie if an ACL-based condition is matched
|
|
|
|
(which is useful for static objects in stateful farms)
|
|
|
|
* a few other minor improvements
|
|
|
|
* a nice performance boost of the log analyzer, which can now
|
|
|
|
process more than 1 GB of logs per second and report request
|
|
|
|
counts by status codes
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Apr 8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.4:
|
|
|
|
* brings a new option to work around optimization issues with
|
|
|
|
Tomcat and Jetty in server close mode, and for a bug in Jetty's
|
|
|
|
handling of Expect: 100-continue
|
|
|
|
* a very old appsession unexpected match of shorter cookie names
|
|
|
|
was also fixed
|
|
|
|
* a new feature to make it possible to connect to a server from
|
|
|
|
an IP found in a header was merged: it allows you to run
|
|
|
|
stunnel+haproxy in transparent mode together
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Apr 2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.3:
|
|
|
|
* fxes a regression introduced in 1.4.2 which could cause a
|
|
|
|
connection to still be attempted on the server side in case of
|
|
|
|
an error on the client side; this issue could even lead to a
|
|
|
|
crash if a Layer7 hash algorithm was used, so this code was
|
|
|
|
strengthened
|
|
|
|
* the configuration parser now detects many more inappropriate
|
|
|
|
options in TCP mode and emits related warnings
|
|
|
|
* it is now possible to indicate in the configuration that a
|
|
|
|
server will start in the "disabled" state
|
|
|
|
* other very minor issues were fixed
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.2:
|
|
|
|
* fixes a very rare case of stuck client sessions when using
|
|
|
|
keep-alive
|
|
|
|
* fixes a url_param hash bug which could result in a dead server
|
|
|
|
in very rare situations
|
|
|
|
* fixes status codes 501 and 505 which could cause a server to be
|
|
|
|
marked down if on-error was used
|
|
|
|
* fixes a risk of getting truncated HTTP responses when
|
|
|
|
chunk-encoding was used
|
|
|
|
* fixes an issue with anonymous ACLs
|
|
|
|
* improvements on health checks
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.1:
|
|
|
|
* some errors were incorrectly reported as 502 with the flags
|
|
|
|
"SL" in the logs; this is now fixed
|
|
|
|
* other minor issues were fixed
|
|
|
|
* documentation was updated
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
|
|
|
|
- update to 1.4.0:
|
|
|
|
* new features:
|
|
|
|
+ keep-alive
|
|
|
|
+ IP-based stickiness
|
|
|
|
+ consistent hashing
|
|
|
|
+ support for the RDP protocol
|
|
|
|
+ a much nicer stats interface
|
|
|
|
+ a much-improved performance level
|
|
|
|
* add -fno-strict-aliasing
|
|
|
|
|
|
|
|
- changes from 1.4rc1:
|
|
|
|
* new features:
|
|
|
|
+ server maintenance mode
|
|
|
|
+ HTTP authentication (server and proxy)
|
|
|
|
+ secure passwords
|
|
|
|
+ conditional request/response header rewriting using ACLs
|
|
|
|
+ anonymous ACLs that can be declared inline
|
|
|
|
+ support for HTTP/1.1 101+Upgrade status code to support non-
|
|
|
|
HTTP protocols such as WebSocket
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.3.23
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.3.20
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Apr 3 13:54:40 CEST 2009 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.3.17
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Mar 9 16:40:38 CET 2009 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.3.15.8
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Feb 4 15:13:15 CET 2009 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.3.15.7
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.3.15.4
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Nov 4 21:21:35 CET 2007 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.3.13.1:
|
|
|
|
too many changes see changelog file
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Apr 2 00:53:38 CEST 2007 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- prepared spec for easy split out of -snapshot packages.
|
|
|
|
- added vim syntax file
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- update to 1.2.17:
|
|
|
|
- replaced the linked-list with a faster rbtree in the scheduler
|
|
|
|
- add user/group support (Marcus Rueckert)
|
|
|
|
- add the "except" keyword to the "forwardfor" option (Bryan
|
|
|
|
Germann)
|
|
|
|
- re-implemented support for multi-line headers (was
|
|
|
|
incidently reverted)
|
|
|
|
- fixed possible crash when no cookie was set on a server
|
|
|
|
- fixed various length checks in appsession
|
|
|
|
- fixed unlikely memory leak in appsession in case of memory
|
|
|
|
shortage
|
|
|
|
- updates to the architecture guide
|
|
|
|
- remove haproxy-1.2.16_username_groupname_support.patch:
|
|
|
|
patch included upstream
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Jan 8 00:27:17 CET 2007 - mrueckert@suse.de
|
|
|
|
|
|
|
|
- initial package of 1.2.16
|
|
|
|
- added 2 patches:
|
|
|
|
haproxy-1.2.16_config_haproxy_user.patch
|
|
|
|
haproxy-1.2.16_username_groupname_support.patch
|
|
|
|
the patches allow to specify username and groupname instead of
|
|
|
|
uid/gid. The patches are needed as we do not have a static
|
|
|
|
uid/gid for the haproxy user/group.
|
|
|
|
|