-
haproxy (1.5.10-1ubuntu0.2) vivid; urgency=medium
* Ensure that haproxy processes are terminated correctly when executing
stop/restart operations, easing backports to pre-systemd versions of
Ubuntu (LP: #1481737).
-- Louis Bouchard <email address hidden> Wed, 09 Dec 2015 08:45:27 -0600
-
haproxy (1.5.10-1ubuntu0.1) vivid-security; urgency=medium
* SECURITY UPDATE: information disclosure via uninitialized memory
- debian/patches/CVE-2015-3281.patch: respect output data in
src/buffer.c.
- CVE-2015-3281
-- Marc Deslauriers <email address hidden> Mon, 06 Jul 2015 16:19:52 -0400
-
haproxy (1.5.10-1) experimental; urgency=medium
* New upstream stable release including the following fixes:
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MEDIUM: config: do not propagate processes between stopped
processes
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MEDIUM: compression: correctly report zlib_mem
* Upload to experimental.
-- Vincent Bernat <email address hidden> Sun, 04 Jan 2015 13:17:56 +0100
-
haproxy (1.5.8-2) unstable; urgency=medium
* Cherry-pick the following patches from 1.5.9 release:
- 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
of memory
- bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
list.
- 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
parsing address information
- 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
- 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
ssl healthchecks
- 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
segfault in case of OOM.
* Cherry-pick the following patches from future 1.5.10 release:
- 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
available
- bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete
-- Vincent Bernat <email address hidden> Sun, 07 Dec 2014 11:11:21 +0100
-
haproxy (1.5.8-1) unstable; urgency=medium
* New upstream stable release including the following fixes:
+ BUG/MAJOR: buffer: check the space left is enough or not when input
data in a buffer is wrapped
+ BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
+ BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
+ BUG/MEDIUM: regex: fix pcre_study error handling
+ BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
+ BUG/MINOR: log: fix request flags when keep-alive is enabled
+ BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
+ BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
* Also includes the following new features:
+ MINOR: ssl: add statement to force some ssl options in global.
+ MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
formatted certs
* Disable SSLv3 in the default configuration file.
-- Vincent Bernat <email address hidden> Fri, 31 Oct 2014 13:48:19 +0100
-
haproxy (1.5.4-1ubuntu1) utopic; urgency=medium
* haproxy.init: return 0 on stop if haproxy was not running. (LP: #1038139)
-- Serge Hallyn <email address hidden> Tue, 23 Sep 2014 12:06:17 -0500
