haproxy 1.5.3-1~ubuntu14.04.1 source package in Ubuntu

Changelog

haproxy (1.5.3-1~ubuntu14.04.1) trusty-backports; urgency=medium

  * No-change backport to trusty (LP: #1336628)

haproxy (1.5.3-1) unstable; urgency=medium

  * New upstream stable release, fixing the following issues:
    + Memory corruption when building a proxy protocol v2 header
    + Memory leak in SSL DHE key exchange

haproxy (1.5.2-1) unstable; urgency=medium

  * New upstream stable release. Important fixes:
    + A few sample fetch functions when combined in certain ways would return
      malformed results, possibly crashing the HAProxy process.
    + Hash-based load balancing and http-send-name-header would fail for
      requests which contain a body which starts to be forwarded before the
      data is used.

haproxy (1.5.1-1) unstable; urgency=medium

  * New upstream stable release:
    + Fix a file descriptor leak for clients that disappear before connecting.
    + Do not staple expired OCSP responses.

haproxy (1.5.0-1) unstable; urgency=medium

  * New upstream stable series. Notable changes since the 1.4 series:
    + Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
    + IPv6 and UNIX sockets are supported everywhere
    + End-to-end HTTP keep-alive for better support of NTLM and improved
      efficiency in static farms
    + HTTP/1.1 response compression (deflate, gzip) to save bandwidth
    + PROXY protocol versions 1 and 2 on both sides
    + Data sampling on everything in request or response, including payload
    + ACLs can use any matching method with any input sample
    + Maps and dynamic ACLs updatable from the CLI
    + Stick-tables support counters to track activity on any input sample
    + Custom format for logs, unique-id, header rewriting, and redirects
    + Improved health checks (SSL, scripted TCP, check agent, ...)
    + Much more scalable configuration supports hundreds of thousands of
      backends and certificates without sweating

  * Upload to unstable, merge all 1.5 work from experimental. Most important
    packaging changes since 1.4.25-1 include:
    + systemd support.
    + A more sane default config file.
    + Zero-downtime upgrades between 1.5 releases by gracefully reloading
      HAProxy during upgrades.
    + HTML documentation shipped in the haproxy-doc package.
    + kqueue support for kfreebsd.

  * Packaging changes since 1.5~dev26-2:
    + Drop patches merged upstream:
      o Fix-reference-location-in-manpage.patch
      o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
    + d/watch: look for stable 1.5 releases
    + systemd: respect CONFIG and EXTRAOPTS when specified in
      /etc/default/haproxy.
    + initscript: test the configuration before start or reload.
    + initscript: remove the ENABLED flag and logic.

haproxy (1.5~dev26-2) experimental; urgency=medium

  * initscript: start should not fail when haproxy is already running
    + Fixes upgrades from post-1.5~dev24-1 installations

haproxy (1.5~dev26-1) experimental; urgency=medium

  * New upstream development version.
     + Add a patch to fix compilation with -Werror=format-security

haproxy (1.5~dev25-1) experimental; urgency=medium

  [ Vincent Bernat ]
  * New upstream development version.
  * Rename "contimeout", "clitimeout" and "srvtimeout" in the default
    configuration file to "timeout connection", "timeout client" and
    "timeout server".

  [ Apollon Oikonomopoulos ]
  * Build on kfreebsd using the "freebsd" target; enables kqueue support.

haproxy (1.5~dev24-2) experimental; urgency=medium

  * New binary package: haproxy-doc
    + Contains the HTML documentation built using a version of Cyril Bonté's
      haproxy-dconv (https://github.com/cbonte/haproxy-dconv).
    + Add Build-Depends-Indep on python and python-mako
    + haproxy Suggests: haproxy-doc
  * systemd: check config file for validity on reload.
  * haproxy.cfg:
    + Enable the stats socket by default and bind it to
      /run/haproxy/admin.sock, which is accessible by the haproxy group.
      /run/haproxy creation is handled by the initscript for sysv-rc and a
      tmpfiles.d config for systemd.
    + Set the default locations for CA and server certificates to
      /etc/ssl/certs and /etc/ssl/private respectively.
    + Set the default cipher list to be used on listening SSL sockets to
      enable PFS, preferring ECDHE ciphers by default.
  * Gracefully reload HAProxy on upgrade instead of performing a full restart.
  * debian/rules: split build into binary-arch and binary-indep.
  * Build-depend on debhelper >= 9, set compat to 9.

haproxy (1.5~dev24-1) experimental; urgency=medium

  * New upstream development version, fixes major regressions introduced in
    1.5~dev23:

    + Forwarding of a message body (request or response) would automatically
      stop after the transfer timeout strikes, and with no error.
    + Redirects failed to update the msg->next offset after consuming the
      request, so if they were made with keep-alive enabled and starting with
      a slash (relative location), then the buffer was shifted by a negative
      amount of data, causing a crash.
    + The code to standardize DH parameters caused an important performance
      regression for, so it was temporarily reverted for the time needed to
      understand the cause and to fix it.

    For a complete release announcement, including other bugfixes and feature
    enhancements, see http://deb.li/yBVA.

haproxy (1.5~dev23-1) experimental; urgency=medium

  * New upstream development version; notable changes since 1.5~dev22:
    + SSL record size optimizations to speed up both, small and large
      transfers.
    + Dynamic backend name support in use_backend.
    + Compressed chunked transfer encoding support.
    + Dynamic ACL manipulation via the CLI.
    + New "language" converter for extracting language preferences from
      Accept-Language headers.
  * Remove halog source and systemd unit files from
    /usr/share/doc/haproxy/contrib, they are built and shipped in their
    appropriate locations since 1.5~dev19-2.

haproxy (1.5~dev22-1) experimental; urgency=medium

  * New upstream development version
  * watch: use the source page and not the main one

haproxy (1.5~dev21+20140118-1) experimental; urgency=medium

  * New upstream development snapshot, with the following fixes since
    1.5-dev21:
     + 00b0fb9 BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
     + 410f810 BUG/MEDIUM: map: segmentation fault with the stats's socket
                           command "set map ..."
     + abf08d9 BUG/MAJOR: connection: fix mismatch between rcv_buf's API and
                          usage
     + 35249cb BUG/MINOR: pattern: pattern comparison executed twice
     + c920096 BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between
                          requests
     + b800623 BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous
                           patch
     + 61f7f0a BUG/MINOR: stream-int: do not clear the owner upon unregister
     + 983eb31 BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
     + a3ae932 BUG/MEDIUM: stats: the web interface must check the tracked
                           servers before enabling
     + e24d963 BUG/MEDIUM: checks: unchecked servers could not be enabled
                           anymore
     + 7257550 BUG/MINOR: http: always disable compression on HTTP/1.0
     + 9f708ab BUG/MINOR: checks: successful check completion must not
                          re-enable MAINT servers
     + ff605db BUG/MEDIUM: backend: do not re-initialize the connection's
                           context upon reuse
     + ea90063 BUG/MEDIUM: stream-int: fix the keep-alive idle connection
                           handler
  * Update debian/copyright to reflect the license of ebtree/
    (closes: #732614)
  * Synchronize debian/copyright with source
  * Add Documentation field to the systemd unit file

haproxy (1.5~dev21-1) experimental; urgency=low

  [ Prach Pongpanich ]
  * Bump Standards-Version to 3.9.5

  [ Thomas Bechtold ]
  * debian/control: Add haproxy-dbg binary package for debug symbols.

  [ Apollon Oikonomopoulos ]
  * New upstream development version.
  * Require syslog to be operational before starting. Closes: #726323.

haproxy (1.5~dev19-2) experimental; urgency=low

  [ Vincent Bernat ]
  * Really enable systemd support by using dh-systemd helper.
  * Don't use -L/usr/lib and rely on default search path. Closes: #722777.

  [ Apollon Oikonomopoulos ]
  * Ship halog.

haproxy (1.5~dev19-1) experimental; urgency=high

  [ Vincent Bernat ]
  * New upstream version.
     + CVE-2013-2175: fix a possible crash when using negative header
       occurrences.
     + Drop 0002-Fix-typo-in-src-haproxy.patch: applied upstream.
  * Enable gzip compression feature.

  [ Prach Pongpanich ]
  * Drop bashism patch. It seems useless to maintain a patch to convert
    example scripts from /bin/bash to /bin/sh.
  * Fix reload/restart action of init script (LP: #1187469)

haproxy (1.5~dev18-1) experimental; urgency=low

  [ Apollon Oikonomopoulos ]
  * New upstream development version

  [ Vincent Bernat ]
  * Add support for systemd. Currently, /etc/default/haproxy is not used
    when using systemd.

haproxy (1.4.25-1) unstable; urgency=medium

  [ Prach Pongpanich ]
  * New upstream version.
  * Update watch file to use the source page.
  * Bump Standards-Version to 3.9.5.

  [ Thomas Bechtold ]
  * debian/control: Add haproxy-dbg binary package for debug symbols.

  [ Apollon Oikonomopoulos ]
  * Require syslog to be operational before starting. Closes: #726323.
  * Document how to bind non-local IPv6 addresses.
  * Add a reference to configuration.txt.gz to the manpage.
  * debian/copyright: synchronize with source.
 -- Felix Geyer <email address hidden>   Fri, 25 Jul 2014 23:03:34 +0200