Publishing details
Changelog
haproxy (1.5.3-1ubuntu1~ubuntu12.04.1~ppa1) precise; urgency=medium
* No-change backport to precise
haproxy (1.5.3-1ubuntu1) UNRELEASED; urgency=medium
* Don't build configuration html on precise
haproxy (1.5.3-1) unstable; urgency=medium
* New upstream stable release, fixing the following issues:
+ Memory corruption when building a proxy protocol v2 header
+ Memory leak in SSL DHE key exchange
haproxy (1.5.2-1) unstable; urgency=medium
* New upstream stable release. Important fixes:
+ A few sample fetch functions when combined in certain ways would return
malformed results, possibly crashing the HAProxy process.
+ Hash-based load balancing and http-send-name-header would fail for
requests which contain a body which starts to be forwarded before the
data is used.
haproxy (1.5.1-1) unstable; urgency=medium
* New upstream stable release:
+ Fix a file descriptor leak for clients that disappear before connecting.
+ Do not staple expired OCSP responses.
haproxy (1.5.0-1) unstable; urgency=medium
* New upstream stable series. Notable changes since the 1.4 series:
+ Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
+ IPv6 and UNIX sockets are supported everywhere
+ End-to-end HTTP keep-alive for better support of NTLM and improved
efficiency in static farms
+ HTTP/1.1 response compression (deflate, gzip) to save bandwidth
+ PROXY protocol versions 1 and 2 on both sides
+ Data sampling on everything in request or response, including payload
+ ACLs can use any matching method with any input sample
+ Maps and dynamic ACLs updatable from the CLI
+ Stick-tables support counters to track activity on any input sample
+ Custom format for logs, unique-id, header rewriting, and redirects
+ Improved health checks (SSL, scripted TCP, check agent, ...)
+ Much more scalable configuration supports hundreds of thousands of
backends and certificates without sweating
* Upload to unstable, merge all 1.5 work from experimental. Most important
packaging changes since 1.4.25-1 include:
+ systemd support.
+ A more sane default config file.
+ Zero-downtime upgrades between 1.5 releases by gracefully reloading
HAProxy during upgrades.
+ HTML documentation shipped in the haproxy-doc package.
+ kqueue support for kfreebsd.
* Packaging changes since 1.5~dev26-2:
+ Drop patches merged upstream:
o Fix-reference-location-in-manpage.patch
o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
+ d/watch: look for stable 1.5 releases
+ systemd: respect CONFIG and EXTRAOPTS when specified in
/etc/default/haproxy.
+ initscript: test the configuration before start or reload.
+ initscript: remove the ENABLED flag and logic.
haproxy (1.5~dev26-2) experimental; urgency=medium
* initscript: start should not fail when haproxy is already running
+ Fixes upgrades from post-1.5~dev24-1 installations
haproxy (1.5~dev26-1) experimental; urgency=medium
* New upstream development version.
+ Add a patch to fix compilation with -Werror=format-security
haproxy (1.5~dev25-1) experimental; urgency=medium
[ Vincent Bernat ]
* New upstream development version.
* Rename "contimeout", "clitimeout" and "srvtimeout" in the default
configuration file to "timeout connection", "timeout client" and
"timeout server".
[ Apollon Oikonomopoulos ]
* Build on kfreebsd using the "freebsd" target; enables kqueue support.
haproxy (1.5~dev24-2) experimental; urgency=medium
* New binary package: haproxy-doc
+ Contains the HTML documentation built using a version of Cyril Bonté's
haproxy-dconv (https://github.com/cbonte/haproxy-dconv).
+ Add Build-Depends-Indep on python and python-mako
+ haproxy Suggests: haproxy-doc
* systemd: check config file for validity on reload.
* haproxy.cfg:
+ Enable the stats socket by default and bind it to
/run/haproxy/admin.sock, which is accessible by the haproxy group.
/run/haproxy creation is handled by the initscript for sysv-rc and a
tmpfiles.d config for systemd.
+ Set the default locations for CA and server certificates to
/etc/ssl/certs and /etc/ssl/private respectively.
+ Set the default cipher list to be used on listening SSL sockets to
enable PFS, preferring ECDHE ciphers by default.
* Gracefully reload HAProxy on upgrade instead of performing a full restart.
* debian/rules: split build into binary-arch and binary-indep.
* Build-depend on debhelper >= 9, set compat to 9.
haproxy (1.5~dev24-1) experimental; urgency=medium
* New upstream development version, fixes major regressions introduced in
1.5~dev23:
+ Forwarding of a message body (request or response) would automatically
stop after the transfer timeout strikes, and with no error.
+ Redirects failed to update the msg->next offset after consuming the
request, so if they were made with keep-alive enabled and starting with
a slash (relative location), then the buffer was shifted by a negative
amount of data, causing a crash.
+ The code to standardize DH parameters caused an important performance
regression for, so it was temporarily reverted for the time needed to
understand the cause and to fix it.
For a complete release announcement, including other bugfixes and feature
enhancements, see http://deb.li/yBVA.
haproxy (1.5~dev23-1) experimental; urgency=medium
* New upstream development version; notable changes since 1.5~dev22:
+ SSL record size optimizations to speed up both, small and large
transfers.
+ Dynamic backend name support in use_backend.
+ Compressed chunked transfer encoding support.
+ Dynamic ACL manipulation via the CLI.
+ New "language" converter for extracting language preferences from
Accept-Language headers.
* Remove halog source and systemd unit files from
/usr/share/doc/haproxy/contrib, they are built and shipped in their
appropriate locations since 1.5~dev19-2.
haproxy (1.5~dev22-1) experimental; urgency=medium
* New upstream development version
* watch: use the source page and not the main one
haproxy (1.5~dev21+20140118-1) experimental; urgency=medium
* New upstream development snapshot, with the following fixes since
1.5-dev21:
+ 00b0fb9 BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
+ 410f810 BUG/MEDIUM: map: segmentation fault with the stats's socket
command "set map ..."
+ abf08d9 BUG/MAJOR: connection: fix mismatch between rcv_buf's API and
usage
+ 35249cb BUG/MINOR: pattern: pattern comparison executed twice
+ c920096 BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between
requests
+ b800623 BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous
patch
+ 61f7f0a BUG/MINOR: stream-int: do not clear the owner upon unregister
+ 983eb31 BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
+ a3ae932 BUG/MEDIUM: stats: the web interface must check the tracked
servers before enabling
+ e24d963 BUG/MEDIUM: checks: unchecked servers could not be enabled
anymore
+ 7257550 BUG/MINOR: http: always disable compression on HTTP/1.0
+ 9f708ab BUG/MINOR: checks: successful check completion must not
re-enable MAINT servers
+ ff605db BUG/MEDIUM: backend: do not re-initialize the connection's
context upon reuse
+ ea90063 BUG/MEDIUM: stream-int: fix the keep-alive idle connection
handler
* Update debian/copyright to reflect the license of ebtree/
(closes: #732614)
* Synchronize debian/copyright with source
* Add Documentation field to the systemd unit file
haproxy (1.5~dev21-1) experimental; urgency=low
[ Prach Pongpanich ]
* Bump Standards-Version to 3.9.5
[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.
[ Apollon Oikonomopoulos ]
* New upstream development version.
* Require syslog to be operational before starting. Closes: #726323.
haproxy (1.5~dev19-2) experimental; urgency=low
[ Vincent Bernat ]
* Really enable systemd support by using dh-systemd helper.
* Don't use -L/usr/lib and rely on default search path. Closes: #722777.
[ Apollon Oikonomopoulos ]
* Ship halog.
haproxy (1.5~dev19-1) experimental; urgency=high
[ Vincent Bernat ]
* New upstream version.
+ CVE-2013-2175: fix a possible crash when using negative header
occurrences.
+ Drop 0002-Fix-typo-in-src-haproxy.patch: applied upstream.
* Enable gzip compression feature.
[ Prach Pongpanich ]
* Drop bashism patch. It seems useless to maintain a patch to convert
example scripts from /bin/bash to /bin/sh.
* Fix reload/restart action of init script (LP: #1187469)
haproxy (1.5~dev18-1) experimental; urgency=low
[ Apollon Oikonomopoulos ]
* New upstream development version
[ Vincent Bernat ]
* Add support for systemd. Currently, /etc/default/haproxy is not used
when using systemd.
haproxy (1.4.25-1) unstable; urgency=medium
[ Prach Pongpanich ]
* New upstream version.
* Update watch file to use the source page.
* Bump Standards-Version to 3.9.5.
[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.
[ Apollon Oikonomopoulos ]
* Require syslog to be operational before starting. Closes: #726323.
* Document how to bind non-local IPv6 addresses.
* Add a reference to configuration.txt.gz to the manpage.
* debian/copyright: synchronize with source.
haproxy (1.4.24-2) unstable; urgency=low
[ Apollon Oikonomopoulos ]
* Ship contrib/halog as /usr/bin/halog.
[ Vincent Bernat ]
* Don't use -L/usr/lib and rely on default search path. Closes: #722777.
haproxy (1.4.24-1) unstable; urgency=high
[ Vincent Bernat ]
* New upstream version.
+ CVE-2013-2175: fix a possible crash when using negative header
occurrences.
[ Prach Pongpanich ]
* Drop bashism patch. It seems useless to maintain a patch to convert
example scripts from /bin/bash to /bin/sh.
* Fix reload/restart action of init script (LP: #1187469).
haproxy (1.4.23-1) unstable; urgency=low
[ Apollon Oikonomopoulos ]
* New upstream version (Closes: #643650, #678953)
+ This fixes CVE-2012-2942 (Closes: #674447)
+ This fixes CVE-2013-1912 (Closes: #704611)
* Ship vim addon as vim-haproxy (Closes: #702893)
* Check for the configuration file after sourcing /etc/default/haproxy
(Closes: #641762)
* Use /dev/log for logging by default (Closes: #649085)
[ Vincent Bernat ]
* debian/control:
+ add Vcs-* fields
+ switch maintenance to Debian HAProxy team. (Closes: #706890)
+ drop dependency to quilt: 3.0 (quilt) format is in use.
* debian/rules:
+ don't explicitly call dh_installchangelog.
+ use dh_installdirs to install directories.
+ use dh_install to install error and configuration files.
+ switch to `linux2628` Makefile target for Linux.
* debian/postrm:
+ remove haproxy user and group on purge.
* Ship a more minimal haproxy.cfg file: no `listen` blocks but `global`
and `defaults` block with appropriate configuration to use chroot and
logging in the expected way.
[ Prach Pongpanich ]
* debian/copyright:
+ add missing copyright holders
+ update years of copyright
* debian/rules:
+ build with -Wl,--as-needed to get rid of unnecessary depends
* Remove useless files in debian/haproxy.{docs,examples}
* Update debian/watch file, thanks to Bart Martens
-- Neil Wilson <email address hidden> Mon, 28 Jul 2014 11:47:03 +0000
Builds
Built packages
-
haproxy
fast and reliable load balancing reverse proxy
-
haproxy-dbg
fast and reliable load balancing reverse proxy (debug symbols)
-
haproxy-doc
fast and reliable load balancing reverse proxy (HTML documentation)
-
vim-haproxy
syntax highlighting for HAProxy configuration files
Package files