SHA256
1
0
forked from pool/haproxy
Commit Graph

121 Commits

Author SHA256 Message Date
a3cff431a4 - Update to version 2.0.10+git14.7caf150a:
* BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
  * BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
  * BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
  * BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
  * BUG/MEDIUM: listener/thread: fix a race when pausing a listener
  * BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
  * BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
  * DOC: move the "group" keyword at the right place
  * DOC: clarify matching strings on binary fetches
  * DOC: Clarify behavior of server maxconn in HTTP mode

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=205
2019-12-05 15:38:20 +00:00
b5054175fe - Update to version 2.0.10+git4.6d9a455d:
* BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=204
2019-11-29 13:44:34 +00:00
792a076089 - Update to version 2.0.10+git3.200c6215:
* BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=203
2019-11-28 16:08:41 +00:00
576cb54390 - Update to version 2.0.10+git2.3a00e5fc:
* BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones
  * BUG/MINOR: stream: init variables when the list is empty

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=202
2019-11-27 11:53:27 +00:00
2f7b766fc1 - Update to version 2.0.10+git0.ac198b92:
* [RELEASE] Released version 2.0.10
  * SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands
  * SCRIPTS: create-release: show the correct origin name in suggested commands
  * BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state
  * BUG/MAJOR: h2: make header field name filtering stronger
  * BUG/MAJOR: h2: reject header values containing invalid chars
  * MINOR: ist: add ist_find_ctl()
  * BUG/MINOR: ssl: fix curve setup with LibreSSL
  * BUG/MINOR: cli: fix out of bounds in -S parser
  * DOC: Add documentation about the use-service action
  * DOC: Add missing stats fields in the management manual
  * BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message
  * BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser()
  * MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps
  * REGTEST: vtest can now enable mcli with its own flag
  * MINOR: stats: Report max times in addition of the averages for sessions
  * BUG/MINOR: stream-int: Fix si_cs_recv() return value
  * MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance
  * MINOR: contrib/prometheus-exporter: filter exported metrics by scope
  * MINOR: contrib/prometheus-exporter: report the number of idle conns per server
  * BUG/MINOR: contrib/prometheus-exporter: Rename some metrics
  * MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions
  * MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time
  * MINOR: stream: Remove the lock on the proxy to update time stats
  * MINOR: freq_ctr: Make the sliding window sums thread-safe
  * BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding
  * BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
  * BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests
  * BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported
  * BUILD/MINOR: ssl: fix compiler warning about useless statement
  * BUG/MINOR: peers: "peer alive" flag not reset when deconnecting.
  * BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=201
2019-11-25 20:12:37 +00:00
Ismail Dönmez
8d13208d60 Fix wrong CVE number
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=200
2019-11-25 17:33:22 +00:00
Ismail Dönmez
8938e79583 Merge with maintenance changelog
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=199
2019-11-25 16:52:41 +00:00
Ismail Dönmez
83d316d6e2 -
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=198
2019-11-22 13:55:34 +00:00
Ismail Dönmez
8f23fd1c65 Add missing CVE
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=197
2019-11-22 13:54:15 +00:00
86577882a0 - Update to version 2.0.9+git6.26b7b800:
* BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
  * BUG/MINOR: peers: Wrong null "server_name" data field handling.
  * MINOR: peers: Add debugging information to "show peers".
  * MINOR: peers: Add TX/RX heartbeat counters.
  * MINOR: peers: Alway show the table info for disconnected peers.

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=196
2019-11-19 14:18:27 +00:00
590a165c90 - Update to version 2.0.9+git1.caf02113:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=195
2019-11-19 13:57:11 +00:00
Marguerite Su
452ad474ed Accepting request 735623 from home:KGronlund:branches:server:http
Update to 2.0.7

OBS-URL: https://build.opensuse.org/request/show/735623
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=194
2019-10-07 08:34:05 +00:00
Kristoffer Gronlund
04b5e98275 Accepting request 731948 from home:KGronlund:branches:server:http
- Update to version 2.0.6+git0.58706ab4:
  * [RELEASE] Released version 2.0.6
  * MINOR: sample: Add UUID-fetch
  * BUG/MINOR: Missing stat_field_names (since f21d17bb)
  * BUG/MINOR: backend: Fix a possible null pointer dereference
  * BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed
  * BUG/MINOR: filters: Properly set the HTTP status code on analysis error
  * BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding
  * BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context
  * BUG/MINOR: listener: Fix a possible null pointer dereference
  * MINOR: stats: report the number of idle connections for each server
  * BUG/MEDIUM: connection: don't keep more idle connections than ever needed
  * BUG/MAJOR: ssl: ssl_sock was not fully initialized.
  * BUG/MINOR: lb/leastconn: ignore the server weights for empty servers
  * MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers
  * BUG/MINOR: checks: do not uselessly poll for reads before the connection is up
  * BUG/MINOR: checks: make __event_chk_srv_r() report success before closing
  * BUG/MINOR: checks: start sending the request right after connect()
  * BUG/MINOR: checks: stop polling for write when we have nothing left to send
  * BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big
  * BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks
  * BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers
  * BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached
  * BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing
  * BUG/MINOR: h1: Properly reset h1m when parsing is restarted
  * BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled
  * BUG/MEDIUM: peers: local peer socket not bound.
  * BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data
  * BUG/MEDIUM: url32 does not take the path part into account in the returned hash.
  * BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener()

OBS-URL: https://build.opensuse.org/request/show/731948
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=193
2019-09-19 12:20:44 +00:00
Kristoffer Gronlund
f2059c30e6 Accepting request 725263 from home:kukuk:branches:server:http
- Use %license instead of %doc [bsc#1082318]
- Recommend apparmor, it's not required to work (make haproxy useable in a container)

OBS-URL: https://build.opensuse.org/request/show/725263
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=192
2019-09-19 11:49:19 +00:00
530d7f588c - enable prometheus exporter
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=191
2019-08-20 15:07:03 +00:00
3991d9682a - enable verbose make output
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=190
2019-08-20 14:06:00 +00:00
0852a3b9d8 - Update to version 2.0.5+git0.d905f49a:
* [RELEASE] Released version 2.0.5
  * BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
  * MINOR: fd: make sure to mark the thread as not stuck in fd_update_events()
  * BUG/MINOR: stats: Wait the body before processing POST requests
  * BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout
  * BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected.
  * BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers
  * BUG/MINOR: lua: fix setting netfilter mark
  * BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream.
  * BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX.
  * BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it
  * MINOR: ssl: ssl_fc_has_early should work for BoringSSL
  * BUG/MINOR: ssl: fix 0-RTT for BoringSSL
  * BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
  * [RELEASE] Released version 2.0.4
  * BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak
  * BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame
  * BUG/MINOR: mux-h2: always send stream window update before connection's
  * BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition
  * BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads
  * BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data()
  * BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one
  * BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete().
  * BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2
  * BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
  * BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
  * BUG/MINOR: stream-int: also update analysers timeouts on activity
  * BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
  * BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=189
2019-08-20 14:02:26 +00:00
Kristoffer Gronlund
52b33deb58 Accepting request 719829 from home:KGronlund:branches:server:http
- Update to version 2.0.3+git14.0ff395c1 (bsc#1142529) (CVE-2019-14241):
  * BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
  * BUG/MINOR: htx: Fix free space addresses calculation during a block expansion
  * BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready
  * MINOR: hlua: Add a flag on the lua txn to know in which context it can be used
  * MINOR: hlua: Don't set request analyzers on response channel for lua actions
  * BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class
  * BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called
  * DOC: improve the wording in CONTRIBUTING about how to document a bug fix
  * BUG/MINOR: log: make sure writev() is not interrupted on a file output
  * BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send.
  * BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
  * BUILD: threads: add the definition of PROTO_LOCK
  * BUG/MINOR: proxy: always lock stop_proxy()
  * BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff
  * [RELEASE] Released version 2.0.3
  * BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter
  * BUG/MINOR: http_htx: Support empty errorfiles
  * BUG/MINOR: http_ana: Be sure to have an allocated buffer to generate an error
  * BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream
  * BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach()
  * BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction
  * BUG/MINOR: checks: do not exit tcp-checks from the middle of the loop
  * BUG/MINOR: session: Send a default HTTP error if accept fails for a H1 socket
  * BUG/MINOR: session: Emit an HTTP error if accept fails only for H1 connection
  * BUG/MINOR: debug: Remove flags CO_FL_SOCK_WR_ENA/CO_FL_SOCK_RD_ENA
  * DOC: htx: Update comments in HTX files
  * BUG/MINOR: hlua: Make the function txn:done() HTX aware
  * BUG/MINOR: cache/htx: Make maxage calculation HTX aware
  * BUG/MINOR: http_htx: Initialize HTX error messages for TCP proxies

OBS-URL: https://build.opensuse.org/request/show/719829
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=188
2019-07-30 14:49:53 +00:00
f088b3cf73 clean up servicedata
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=187
2019-07-09 11:53:39 +00:00
dd9924b71b Accepting request 714216 from home:KGronlund:branches:server:http
- Update to version 2.0.1+git27.5db881ff:
  * BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
  * BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it.
  * BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si
  * MINOR: stream-int: Factorize processing done after sending data in si_cs_send()
  * BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
  * BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted
  * BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
  * BUG/MEDIUM: http/applet: Finish request processing when a service is registered
  * MINOR: action: Add the return code ACT_RET_DONE for actions
  * BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
  * MINOR: server: Add "no-tfo" option.
  * BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
  * BUG/MEDIUM: servers: Authorize tfo in default-server.
  * BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux.
  * BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent
  * BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
  * BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
  * BUG/MINOR: hlua: Don't use channel_htx_recv_max()
  * BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
  * BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.
  * BUG/MEDIUM: connections: Always call shutdown, with no linger.
  * BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
  * BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
  * BUG/MEDIUM: checks: unblock signals in external checks
  * BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
  * BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
  * BUG/MINOR: mworker/cli: don't output a \n before the response
  * BUG/MINOR: mux-h1: Make format errors during output formatting fatal
  * BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages

OBS-URL: https://build.opensuse.org/request/show/714216
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=186
2019-07-09 11:52:16 +00:00
Kristoffer Gronlund
d8bbfd9540 Accepting request 712629 from home:jengelh:branches:server:http
- Correct version line, which should be 2.0.0+git6.

OBS-URL: https://build.opensuse.org/request/show/712629
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=185
2019-07-01 06:33:01 +00:00
16c166eb7b - allow the new master socket path in the apparmor profile
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=184
2019-06-18 12:09:30 +00:00
4a51530556 - Update to version 2.0.0~git6.41dc8432:
* BUG/MEDIUM: htx: Fully update HTX message when the block value is changed
  * MINOR: htx: Add the function htx_change_blk_value_len()
  * BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses
  * BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages
  * BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware
  * BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=183
2019-06-18 12:07:56 +00:00
d7f112bb8f Accepting request 710358 from home:KGronlund:branches:server:http
- Update to version 2.0.0~git0.ba23630a:
  - new internal native HTTP representation called HTX, was already in 1.9
    and is now enabled by default in 2.0 ;
  - end-to-end HTTP/2 support including trailers and continuation frames,
    as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
    the H2 preface;
  - server connection pooling and more advanced reuse, with ALPN protocol
    negotiation (already in 1.9) ;
  - layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
    as well as on the frontend ;
  - much more scalable multi-threading, which is even enabled by default on
    platforms where it was successfully tested ; by default, as many threads
    are started as the number of CPUs haproxy is allowed to run on. This
    removes a lot of configuration burden in VMs and containers ;
  - automatic maxconn setting for the process and the frontends, directly
    based on the number of available FDs (easier configuration in containers
    and with systemd) ;
  - logging to stdout for use in containers and systemd (already in 1.9).
    Logs can now provide micro-second resolution for some events ;
  - peers now support SSL, declaration of multiple stick-tables directly in
    the peers section, and synchronization of server names, not just IDs ;
  - In master-worker mode, the master process now exposes its own CLI and
    can communicate with all other processes (including the stopping ones),
    even allowing to connect to their CLI and check their state. It is also
    possible to start some sidecar programs and monitor them from the master,
    and the master can automatically kill old processes that survived too
    many reloads ;
  - the incoming connections are load-balanced between all threads depending
    on their load to minimize the processing time and maximize the capacity
    (already in 1.9) ;
  - the SPOE connection load-balancing was significantly improved in order
    to reduce high percentiles of SPOA response time (already in 1.9) ;
  - the "random" load balancing algorithm and a power-of-two-choices variant
    were introduced ;
  - statistics improvements with per-thread counters for certain things, and
    a prometheus exporter for all our statistics;
  - lots of debugging help, it's easier to produce a core dump, there are
    new commands on the CLI to control various things, there is a watchdog
    to fail cleanly when a thread deadlock or a spinning task are detected,
    so overall it should provide a better experience in field and less
    round trips between users and developers (hence less stress during an
    incident).
  - all 3 device detection engines are now compatible with multi-threading
    and can be build-tested without any external dependencies ;
  - "do-resolve" http-request action to perform a DNS resolution on any,
    sample, and resolvers now support relying on /etc/resolv.conf to match
    the local resolver ;
  - log sampling and balancing : it's now possible to send 1 log every 10
    to a server, or to spread the logging load over multiple log servers;
  - a new SPOA agent (spoa_server) allows to interface haproxy with Python
    and Lua programs ;
  - support for Solaris' event ports (equivalent of kqueue or epoll) which
    will significantly improve the performance there when dealing with
    numerous connections ;
  - some warnings are now reported for some deprecated options that will
    be removed in 2.1. Since 2.0 is long term supported, there's no
    emergency to convert them, however if you see these warnings, you
    need to understand that you're among their extremely rare users and
    just because of this you may be taking risks by keeping them ;
  - A new SOCKS4 server-side layer was provided ; it allows outgoing
    connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
  - priority- and latency- aware server queues : it is possible now to
    assign priorities to certain requests and/or to give them a time
    bonus or penalty to refine control of the traffic and be able to
    engage on SLAs.
  - internally the architecture was significantly redesigned to allow to
    further improve performance and make it easier to implement protocols
    that span over multiple layers (such as QUIC). This work started in
    1.9 and will continue with 2.1.
  - the I/O, applets and tasks now share the same multi-threaded scheduler,
    giving a much better responsiveness and fairness between all tasks as
    is visible with the CLI which always responds instantly even under
    extreme loads (started in 1.9) ;
  - the internal buffers were redesigned to ease zero-copy operations, so
    that it is possible to sustain a high bandwidth even when forwarding
    HTTP/1 to/from HTTP/2 (already in 1.9) ;

OBS-URL: https://build.opensuse.org/request/show/710358
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=182
2019-06-17 17:09:24 +00:00
Kristoffer Gronlund
5ba20d6b58 Accepting request 700384 from home:KGronlund:branches:server:http
- Update to version 1.8.20~git0.6fb9fadc:
  * [RELEASE] Released version 1.8.20
  * BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler
  * BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
  * BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
  * BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules
  * BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
  * BUG/MEDIUM: maps: only try to parse the default value when it's present
  * BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
  * MINOR: skip get_gmtime where tm is unused
  * BUILD/MINOR: listener: Silent a few signedness warnings.
  * BUG/MEDIUM: listener: make sure the listener never accepts too many conns
  * BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
  * MAJOR: listener: do not hold the listener lock in listener_accept()
  * BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
  * BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
  * BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element
  * MINOR: list: make the delete and pop operations idempotent
  * BUG/MEDIUM: list: add missing store barriers when updating elements and head
  * BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
  * BUG/MEDIUM: list: fix the rollback on addq in the locked liss
  * BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
  * MINOR: lists: Implement locked variations.
  * BUG/MINOR: threads: fix the process range of thread masks
  * BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages
  * BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream
  * BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
  * BUILD: connection: fix naming of ip_v field
  * BUILD: use inttypes.h instead of stdint.h
  * BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release.

OBS-URL: https://build.opensuse.org/request/show/700384
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=181
2019-05-06 11:18:23 +00:00
Kristoffer Gronlund
eac5c83514 Accepting request 673401 from home:KGronlund:branches:server:http
- Update to version 1.8.19~git0.ebf033b4:
  * [RELEASE] Released version 1.8.19
  * BUG/MINOR: config: Reinforce validity check when a process number is parsed
  * BUG/MAJOR: stream: avoid double free on unique_id
  * BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
  * BUG/MEDIUM: server: initialize the idle conns list after parsing the config
  * BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
  * BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
  * BUG/MINOR: spoe: do not assume agent->rt is valid on exit
  * DOC: ssl: Stop documenting ciphers example to use
  * DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
  * [RELEASE] Released version 1.8.18
  * BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules
  * BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
  * BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
  * BUG/MINOR: config: fix bind line thread mask validation
  * BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
  * BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
  * MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
  * MINOR: stream-int: add a new flag to mention that we want the connection to be killed
  * MINOR: stream-int: expand the flags to 32-bit
  * BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection
  * BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
  * BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
  * BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update
  * MINOR: xref: Add missing barriers.
  * BUG/MINOR: stream: don't close the front connection when facing a backend error
  * SCRIPTS: add the issue tracker URL to the announce script
  * SCRIPTS: add the slack channel URL to the announce script
  * BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit

OBS-URL: https://build.opensuse.org/request/show/673401
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=180
2019-02-13 08:21:04 +00:00
Kristoffer Gronlund
18d563cd4b Accepting request 664292 from home:KGronlund:branches:server:http
- Update to version 1.8.17~git0.e89d25b2 (bsc#1121283) (CVE-2018-20615):
  * BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
  * BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
  * BUG/MINOR: lua: bad args are returned for Lua actions
  * BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything
  * BUG/MEDIUM: cli: make "show sess" really thread-safe
  * MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
  * MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
  * MINOR: lb: allow redispatch when using consistent hash
  * BUG/MEDIUM: server: Also copy "check-sni" for server templates.
  * BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
  * MINOR: mux-h2: only increase the connection window with the first update
  * BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
  * BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
  * BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
  * BUG/MINOR: logs: leave startup-logs global and not per-thread

OBS-URL: https://build.opensuse.org/request/show/664292
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=179
2019-01-10 08:51:30 +00:00
Kristoffer Gronlund
37083beefe Accepting request 658884 from home:KGronlund:branches:server:http
- Update to version 1.8.15~git0.6b6a350a: (bsc#1119419) (CVE-2018-20103) (VUL-0) (bsc#1119368) (CVE-2018-20102)
  * DOC: Update configuration doc about the maximum number of stick counters.
  * BUG: dns: Fix off-by-one write in dns_validate_dns_response()
  * BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
  * BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
  * BUG: dns: Prevent out-of-bounds read in dns_read_name()
  * BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
  * DOC: refer to check-sni in the documentation of sni
  * DOC: clarify that check-sni needs an argument.
  * MINOR: servers: Free [idle|safe|priv]_conns on exit.
  * MINOR: stats: report the number of active jobs and listeners in "show info"
  * BUG/MINOR: mux-h2: advertise a larger connection window size
  * BUG/MINOR: mux-h2: refrain from muxing during the preface
  * BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
  * BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
  * BUG/MINOR: lb-map: fix unprotected update to server's score
  * BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
  * BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
  * BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
  * BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
  * BUG/MINOR: config: Copy default error messages when parsing of a backend starts
  * BUG/MEDIUM: Make sure stksess is properly aligned.
  * BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
  * BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
  * BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
  * BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
  * BUG/MINOR: only mark connections private if NTLM is detected
  * DOC: cache: Missing information about "total-max-size"
  * BUG/MINOR: ssl: Wrong usage of shctx_init().
  * BUG/MINOR: cache: Wrong usage of shctx_init().

OBS-URL: https://build.opensuse.org/request/show/658884
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=178
2018-12-17 10:05:47 +00:00
Kristoffer Gronlund
3696cb6079 Accepting request 638408 from home:KGronlund:branches:server:http
* BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846) (CVE-2018-11469)

OBS-URL: https://build.opensuse.org/request/show/638408
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=177
2018-09-26 14:03:33 +00:00
Kristoffer Gronlund
1a550b1bb7 Accepting request 638327 from home:KGronlund:branches:server:http
- Update to version 1.8.14~git0.52e4d43b: (bsc#1108683) (CVE-2018-14645)

OBS-URL: https://build.opensuse.org/request/show/638327
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=176
2018-09-26 06:40:40 +00:00
9aa8092ed2 - also fix the systemd case for the apparmor_reload change
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=175
2018-09-20 13:06:28 +00:00
17536a11cb - only reload the apparmor profile on newer distros, seems older
distros do not have apparmor-rpm-macros yet

- only use network namespaces on 12.x and newer, failed to build on
  sle11

- guard all parts referring to systemd to fix build on sle 11

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=174
2018-09-20 12:51:25 +00:00
414daf069f - Update to version 1.8.14~git0.52e4d43b:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=173
2018-09-20 12:36:21 +00:00
Marguerite Su
518d1cfede Accepting request 630511 from home:KGronlund:branches:server:http
- Require apparmor-abstractions to reduce dependencies (bsc#1100787)

OBS-URL: https://build.opensuse.org/request/show/630511
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=172
2018-08-22 03:07:29 +00:00
a35d5cdebd Accepting request 629492 from home:KGronlund:branches:server:http
- Update to version 1.8.13~git4.c1bfcd00:
  * MINOR: dns: new DNS options to allow/prevent IP address duplication
  * MINOR: dns: fix wrong score computation in dns_get_ip_from_response
  * BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections
  * BUG/MEDIUM: servers: check the queues once enabling a server
  * MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
  * BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
  * MINOR: threads: move "nbthread" parsing to hathreads.c
  * BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
  * BUG/MINOR: threads: Handle nbthread == MAX_THREADS.
  * BUG/MINOR: config: stick-table is not supported in defaults section
  * BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
  * BUG/MEDIUM: threads/sync: use sched_yield when available
  * BUG/MINOR: servers: Don't make "server" in a frontend fatal.
  * BUG/MEDIUM: stats: don't ask for more data as long as we're responding
  * BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
  * MINOR: h2: add the error code and the max/last stream IDs to "show fd"
  * BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
  * MINOR: debug: Add checks for conn_stream flags
  * MINOR: debug: Add check for CO_FL_WILL_UPDATE
  * BUG/MINOR: http: Set brackets for the unlikely macro at the right place
  * BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
  * BUG/MEDIUM: h2: never leave pending data in the output buffer on close
  * BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
  * MINOR: h2: add the mux and demux buffer lengths on "show fd"
  * MINOR: h2: keep a count of the number of conn_streams attached to the mux
  * BUG/MINOR: h2: remove accidental debug code introduced with show_fd function
  * MINOR: h2: implement a basic "show_fd" function
  * MINOR: mux: add a "show_fd" function to dump debugging information for "show fd"
  * BUG/MINOR: ssl: properly ref-count the tls_keys entries

OBS-URL: https://build.opensuse.org/request/show/629492
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=171
2018-08-17 10:25:29 +00:00
7021702e8c Accepting request 619431 from home:KGronlund:branches:server:http
- Update to version 1.8.12~git0.8a200c71:
  * MINOR: stick-tables: make stktable_release() do nothing on NULL
  * BUG/MAJOR: stick_table: Complete incomplete SEGV fix

- Update to version 1.8.11~git0.1d6ef58d:
  * BUG/BUILD: threads: unbreak build without threads
  * BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table

OBS-URL: https://build.opensuse.org/request/show/619431
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=170
2018-06-28 10:29:17 +00:00
Marguerite Su
1f5050c4b7 Accepting request 618843 from home:KGronlund:branches:server:http
- Update to version 1.8.10~git0.ec17d7a9:
  * MINOR: threads: Be sure to remove threads from all_threads_mask on exit
  * BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
  * BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
  * BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
  * BUG/MAJOR: ssl: Random crash with cipherlist capture
  * BUG/MINOR: lua: Segfaults with wrong usage of types.
  * BUG/MAJOR: map: fix a segfault when using http-request set-map
  * MINOR: lua: Increase debug information
  * BUG/MINOR: signals: ha_sigmask macro for multithreading
  * BUG/MINOR: don't ignore SIG{BUS,FPE,ILL,SEGV} during signal processing
  * BUG/MEDIUM: threads: handle signal queue only in thread 0
  * BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload.
  * BUG/MINOR: contrib/modsecurity: update pointer on the end of the frame
  * BUG/MINOR: contrib/mod_defender: update pointer on the end of the frame
  * BUG/MINOR: contrib/modsecurity: Don't reset the status code during disconnect
  * BUG/MINOR: contrib/mod_defender: Don't reset the status code during disconnect
  * BUG/MINOR: contrib/spoa_example: Don't reset the status code during disconnect
  * MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
  * BUG/MEDIUM: lua/socket: Buffer error, may segfault
  * BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
  * BUG/MEDIUM: lua/socket: Notification error
  * BUG/MAJOR: lua: Dead lock with sockets
  * BUG/MEDIUM: lua/socket: wrong scheduling for sockets
  * MINOR: task/notification: Is notifications registered ?
  * BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode
  * BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
  * BUG/MEDIUM: lua/socket: Length required read doesn't work
  * BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
  * BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.

OBS-URL: https://build.opensuse.org/request/show/618843
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=169
2018-06-25 13:00:57 +00:00
51100bdeec Accepting request 612869 from home:KGronlund:branches:server:http
fix version tag (thanks darix)
- Update to version 1.8.9~git9.6d82e611:

OBS-URL: https://build.opensuse.org/request/show/612869
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=168
2018-05-29 12:59:33 +00:00
Marguerite Su
0dcc89ecab Accepting request 612802 from home:KGronlund:branches:server:http
- Update to version 1.8.9~gitv1.8.9.9.6d82e611:
  * BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846)
  * BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
  * BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation
  * BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags
  * BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags
  * BUG/MEDIUM: spoe: Flags are not encoded in network order
  * BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments.
  * BUG/MINOR: spoe: Mistake in error message about SPOE configuration
  * BUG/MEDIUM: ssl: properly protect SSL cert generation
  * BUG/MEDIUM: pollers: Use a global list for fd shared between threads.
  * BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
  * BUG/MINOR: lua: ensure large proxy IDs can be represented
  * BUG/MINOR: lua: schedule socket task upon lua connect()
  * BUG/MEDIUM: task: Don't free a task that is about to be run.
  * BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
  * DOC/MINOR: clean up LUA documentation re: servers & array/table.
  * BUG/MINOR: lua: Put tasks to sleep when waiting for data
  * BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
  * BUG/MINOR: checks: Fix check->health computation for flapping servers
  * BUG/MINOR: config: disable http-reuse on TCP proxies
  * BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread
  * BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
  * MINOR: h2: detect presence of CONNECT and/or content-length
  * BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
  * BUG/MINOR: log: t_idle (%Ti) is not set for some requests
  * BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
  * BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid()

OBS-URL: https://build.opensuse.org/request/show/612802
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=167
2018-05-29 09:24:09 +00:00
Kristoffer Gronlund
90c2067cec Accepting request 605111 from home:KGronlund:branches:server:http
- Update to version 1.8.8:
  * BUG/CRITICAL: h2: fix incorrect frame length check (VUL-0) (bsc#1089837)
  * MINOR: cli: Ensure the CLI always outputs an error when it should
  * BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
  * BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors.
  * BUG/MINOR: http: Return an error in proxy mode when url2sa fails
  * BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
  * BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes

OBS-URL: https://build.opensuse.org/request/show/605111
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=166
2018-05-07 13:36:50 +00:00
a71f91e607 - Update to version 1.8.7:
* [RELEASE] Released version 1.8.7
  * MINOR: servers: Support alphanumeric characters for the server templates names
  * BUG/MAJOR: cache: always initialize newly created objects
  * [RELEASE] Released version 1.8.6
  * BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk
  * BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
  * BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
  * BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
  * BUG/MINOR: cache: fix "show cache" output
  * BUG/MINOR: email-alert: Set the mailer port during alert initialization
  * BUG/MINOR: checks: check the conn_stream's readiness and not the connection
  * BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
  * BUILD/MINOR: threads: always export thread_sync_io_handler()
  * BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
  * BUG/MEDIUM: h2/threads: never release the task outside of the task handler
  * MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
  * MINOR: h2: always call h2s_detach() in h2_detach()
  * BUG/MAJOR: h2: remove orphaned streams from the send list before closing
  * MINOR: h2: provide and use h2s_detach() and h2s_free()
  * CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
  * BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
  * BUILD/MINOR: cli: fix a build warning introduced by last commit
  * MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
  * MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
  * BUILD/MINOR: fix build when USE_THREAD is not defined
  * BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
  * BUG/MINOR: lua: the function returns anything

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=165
2018-04-07 00:20:45 +00:00
Marguerite Su
43d601cc21 Accepting request 590965 from home:KGronlund:branches:server:http
- Update to version 1.8.5:
  * BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected
  * BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
  * BUG/MEDIUM: h2: properly account for DATA padding in flow control
  * DOC: don't suggest using http-server-close
  * DOC: log: more than 2 log servers are allowed
  * BUILD/BUG: enable -fno-strict-overflow by default
  * MINOR: log: stop emitting alerts when it's not possible to write on the socket
  * BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
  * BUG/MINOR: tcp-check: use the server's service port as a fallback
  * BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
  * BUG/MINOR: lua: return bad error messages
  * BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
  * BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
  * BUG/MINOR: seemless reload: Fix crash when an interface is specified.
  * BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
  * BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
  * BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
  * BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
  * BUG/MINOR: force-persist and ignore-persist only apply to backends
  * BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
  * BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
  * BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
  * BUG/MEDIUM: h2: also arm the h2 timeout when sending
  * BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
  * BUG/MINOR: session: Fix tcp-request session failure if handshake.
  * MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
  * MINOR: systemd: Add SystemD's Protect*= options to the unit file
  * MINOR: systemd: Add section for SystemD sandboxing to unit file
  * BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
  * BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
  * BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
  * MINOR: stats: display the number of threads in the statistics.
  * BUG/MINOR: h2: Set the target of dbuf_wait to h2c
  * MINOR: debug/pools: make DEBUG_UAF also detect underflows
  * BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
  * DOC: cfgparse: Warn on option (tcp|http)log in backend
  * DOC: lua: new prototype for function "register_action()"
  * BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
  * BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
  * BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
  * BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
  * BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
  * BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
  * BUG/MINOR: threads: fix missing thread lock labels for 1.8

OBS-URL: https://build.opensuse.org/request/show/590965
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=164
2018-03-26 07:48:16 +00:00
Kristoffer Gronlund
d27ef0296e Accepting request 584997 from home:KGronlund:branches:server:http
- if we lock down the permissions the home directory has to be owned by haproxy (bsc#1077716)

OBS-URL: https://build.opensuse.org/request/show/584997
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=163
2018-03-09 12:08:51 +00:00
00a86a081a - if we lock down the permissions the home directory has to be
owned by haproxy

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=162
2018-03-08 19:19:41 +00:00
Marguerite Su
7a9be1bc6a Accepting request 582333 from home:jengelh:branches:server:http
- Avoid %__-type macro indirections. Remove redundant %clean
  section. Do not ignore errors from useradd.

OBS-URL: https://build.opensuse.org/request/show/582333
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=161
2018-03-07 05:58:33 +00:00
Marguerite Su
7e6d8d08ea Accepting request 582025 from home:KGronlund:branches:server:http
- Ensure haproxy home directory is not world readable (bsc#1077716)

OBS-URL: https://build.opensuse.org/request/show/582025
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=160
2018-03-04 07:09:23 +00:00
392b0f1e5b Accepting request 574248 from home:KGronlund:branches:server:http
- Update to version 1.8.4 (bsc#1080069):
  * BUG/MINOR: config: don't emit a warning when global stats is incompletely configured
  * DOC: Mention -Ws in the list of available options
  * DOC: Describe routing impact of using interface keyword on bind lines
  * MINOR: init: emit warning when -sf/-sd cannot parse argument
  * BUG/MEDIUM: standard: Fix memory leak in str2ip2()
  * BUG/MINOR: time/threads: ensure the adjusted time is always correct
  * BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side
  * BUG/MEDIUM: spoe: Always try to receive or send the frame to detect shutdowns
  * BUG/MINOR: epoll/threads: only call epoll_ctl(DEL) on polled FDs
  * BUG/MINOR: threads: Update labels array because of changes in lock_label enum
  * BUG/MINOR: cli: use global.maxsock and not maxfd to list all FDs
  * CLEANUP: Fix typo in ARGT_MSK6 comment
  * BUG/MINOR: sample: Fix output type of c_ipv62ip
  * CLEANUP: sample: Fix outdated comment about sample casts functions
  * CLEANUP: sample: Fix comment encoding of sample.c
  * BUILD: kqueue/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
  * BUILD: epoll/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
  * MINOR: threads: Use __decl_hathreads instead of #ifdef/#endif
  * BUG/MINOR: kqueue/threads: Don't forget to close kqueue_fd[tid] on each thread
  * BUG/MEDIUM: checks: Don't try to release undefined conn_stream when a check is freed
  * BUG/MEDIUM: threads/server: Fix deadlock in srv_set_stopping/srv_set_admin_flag
  * BUG/MINOR: threads: always set an owner to the thread_sync pipe
  * MINOR: threads: Fix build when we're not compiling with threads.
  * BUG/MINOR: mworker: only write to pidfile if it exists
  * BUG/MEDIUM: threads/mworker: fix a race on startup
  * BUG/MEDIUM: kqueue/threads: use one kqueue_fd per thread
  * BUG/MEDIUM: epoll/threads: use one epoll_fd per thread
  * MINOR: fd: add a bitmask to indicate that an FD is known by the poller
  * BUG/MEDIUM: fd: maintain a per-thread update mask

OBS-URL: https://build.opensuse.org/request/show/574248
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=159
2018-02-08 13:29:47 +00:00
Kristoffer Gronlund
9c5a77bd65 Accepting request 564524 from home:KGronlund:branches:server:http
Updated tarball

OBS-URL: https://build.opensuse.org/request/show/564524
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=158
2018-01-15 22:32:45 +00:00
cc46fa9271 actually switch to new tarball
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=157
2018-01-01 17:18:51 +00:00
fc179e5573 - Update to version 1.8.3:
* [RELEASE] Released version 1.8.3
  * MEDIUM: h2: prepare a graceful shutdown when the frontend is stopped
  * BUG/MAJOR: hpack: don't return direct references to the dynamic headers table
  * BUG/MEDIUM: http: don't automatically forward request close
  * MINOR: don't close stdio anymore
  * BUG/MEDIUM: mworker: don't close stdio several time
  * BUG/MEDIUM: h2: ensure we always know the stream before sending a reset
  * DOC/MINOR: configuration: typo, formatting fixes
  * BUG/MEDIUM: h2: improve handling of frames received on closed streams
  * BUG/MEDIUM: h2: properly handle and report some stream errors

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=156
2017-12-31 02:26:21 +00:00