Accepted haproxy 1.5.4-1~bpo70+2 (source amd64 all) into wheezy-backports, wheezy-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 16 Sep 2014 09:09:26 +0300
Source: haproxy
Binary: haproxy haproxy-dbg haproxy-doc vim-haproxy
Architecture: source amd64 all
Version: 1.5.4-1~bpo70+2
Distribution: wheezy-backports
Urgency: high
Maintainer: Debian HAProxy Maintainers <pkg-haproxy-maintainers@lists.alioth.debian.org>
Changed-By: Apollon Oikonomopoulos <apoikos@debian.org>
Description:
haproxy - fast and reliable load balancing reverse proxy
haproxy-dbg - fast and reliable load balancing reverse proxy (debug symbols)
haproxy-doc - fast and reliable load balancing reverse proxy (HTML documentatio
vim-haproxy - syntax highlighting for HAProxy configuration files
Closes: 722777 726323 732614
Changes:
haproxy (1.5.4-1~bpo70+2) wheezy-backports; urgency=medium
.
* Rebuild for wheezy-backports.
* Add NEWS entry for the new upstream stable series.
* Upload to wheezy-backports proper, use bpo70+2 to facilitate upgrades from
packages in haproxy.debian.net.
.
haproxy (1.5.4-1) unstable; urgency=high
.
* New upstream version.
+ Fix a critical bug that, under certain unlikely conditions, allows a
client to crash haproxy.
* Prefix rsyslog configuration file to ensure to log only to
/var/log/haproxy. Thanks to Paul Bourke for the patch.
.
haproxy (1.5.3-1) unstable; urgency=medium
.
* New upstream stable release, fixing the following issues:
+ Memory corruption when building a proxy protocol v2 header
+ Memory leak in SSL DHE key exchange
.
haproxy (1.5.2-1) unstable; urgency=medium
.
* New upstream stable release. Important fixes:
+ A few sample fetch functions when combined in certain ways would return
malformed results, possibly crashing the HAProxy process.
+ Hash-based load balancing and http-send-name-header would fail for
requests which contain a body which starts to be forwarded before the
data is used.
.
haproxy (1.5.1-1) unstable; urgency=medium
.
* New upstream stable release:
+ Fix a file descriptor leak for clients that disappear before connecting.
+ Do not staple expired OCSP responses.
.
haproxy (1.5.0-1) unstable; urgency=medium
.
* New upstream stable series. Notable changes since the 1.4 series:
+ Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
+ IPv6 and UNIX sockets are supported everywhere
+ End-to-end HTTP keep-alive for better support of NTLM and improved
efficiency in static farms
+ HTTP/1.1 response compression (deflate, gzip) to save bandwidth
+ PROXY protocol versions 1 and 2 on both sides
+ Data sampling on everything in request or response, including payload
+ ACLs can use any matching method with any input sample
+ Maps and dynamic ACLs updatable from the CLI
+ Stick-tables support counters to track activity on any input sample
+ Custom format for logs, unique-id, header rewriting, and redirects
+ Improved health checks (SSL, scripted TCP, check agent, ...)
+ Much more scalable configuration supports hundreds of thousands of
backends and certificates without sweating
.
* Upload to unstable, merge all 1.5 work from experimental. Most important
packaging changes since 1.4.25-1 include:
+ systemd support.
+ A more sane default config file.
+ Zero-downtime upgrades between 1.5 releases by gracefully reloading
HAProxy during upgrades.
+ HTML documentation shipped in the haproxy-doc package.
+ kqueue support for kfreebsd.
.
* Packaging changes since 1.5~dev26-2:
+ Drop patches merged upstream:
o Fix-reference-location-in-manpage.patch
o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
+ d/watch: look for stable 1.5 releases
+ systemd: respect CONFIG and EXTRAOPTS when specified in
/etc/default/haproxy.
+ initscript: test the configuration before start or reload.
+ initscript: remove the ENABLED flag and logic.
.
haproxy (1.5~dev26-2) experimental; urgency=medium
.
* initscript: start should not fail when haproxy is already running
+ Fixes upgrades from post-1.5~dev24-1 installations
.
haproxy (1.5~dev26-1) experimental; urgency=medium
.
* New upstream development version.
+ Add a patch to fix compilation with -Werror=format-security
.
haproxy (1.5~dev25-1) experimental; urgency=medium
.
[ Vincent Bernat ]
* New upstream development version.
* Rename "contimeout", "clitimeout" and "srvtimeout" in the default
configuration file to "timeout connection", "timeout client" and
"timeout server".
.
[ Apollon Oikonomopoulos ]
* Build on kfreebsd using the "freebsd" target; enables kqueue support.
.
haproxy (1.5~dev24-2) experimental; urgency=medium
.
* New binary package: haproxy-doc
+ Contains the HTML documentation built using a version of Cyril Bonté's
haproxy-dconv (https://github.com/cbonte/haproxy-dconv).
+ Add Build-Depends-Indep on python and python-mako
+ haproxy Suggests: haproxy-doc
* systemd: check config file for validity on reload.
* haproxy.cfg:
+ Enable the stats socket by default and bind it to
/run/haproxy/admin.sock, which is accessible by the haproxy group.
/run/haproxy creation is handled by the initscript for sysv-rc and a
tmpfiles.d config for systemd.
+ Set the default locations for CA and server certificates to
/etc/ssl/certs and /etc/ssl/private respectively.
+ Set the default cipher list to be used on listening SSL sockets to
enable PFS, preferring ECDHE ciphers by default.
* Gracefully reload HAProxy on upgrade instead of performing a full restart.
* debian/rules: split build into binary-arch and binary-indep.
* Build-depend on debhelper >= 9, set compat to 9.
.
haproxy (1.5~dev24-1) experimental; urgency=medium
.
* New upstream development version, fixes major regressions introduced in
1.5~dev23:
.
+ Forwarding of a message body (request or response) would automatically
stop after the transfer timeout strikes, and with no error.
+ Redirects failed to update the msg->next offset after consuming the
request, so if they were made with keep-alive enabled and starting with
a slash (relative location), then the buffer was shifted by a negative
amount of data, causing a crash.
+ The code to standardize DH parameters caused an important performance
regression for, so it was temporarily reverted for the time needed to
understand the cause and to fix it.
.
For a complete release announcement, including other bugfixes and feature
enhancements, see http://deb.li/yBVA.
.
haproxy (1.5~dev23-1) experimental; urgency=medium
.
* New upstream development version; notable changes since 1.5~dev22:
+ SSL record size optimizations to speed up both, small and large
transfers.
+ Dynamic backend name support in use_backend.
+ Compressed chunked transfer encoding support.
+ Dynamic ACL manipulation via the CLI.
+ New "language" converter for extracting language preferences from
Accept-Language headers.
* Remove halog source and systemd unit files from
/usr/share/doc/haproxy/contrib, they are built and shipped in their
appropriate locations since 1.5~dev19-2.
.
haproxy (1.5~dev22-1) experimental; urgency=medium
.
* New upstream development version
* watch: use the source page and not the main one
.
haproxy (1.5~dev21+20140118-1) experimental; urgency=medium
.
* New upstream development snapshot, with the following fixes since
1.5-dev21:
+ 00b0fb9 BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
+ 410f810 BUG/MEDIUM: map: segmentation fault with the stats's socket
command "set map ..."
+ abf08d9 BUG/MAJOR: connection: fix mismatch between rcv_buf's API and
usage
+ 35249cb BUG/MINOR: pattern: pattern comparison executed twice
+ c920096 BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between
requests
+ b800623 BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous
patch
+ 61f7f0a BUG/MINOR: stream-int: do not clear the owner upon unregister
+ 983eb31 BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
+ a3ae932 BUG/MEDIUM: stats: the web interface must check the tracked
servers before enabling
+ e24d963 BUG/MEDIUM: checks: unchecked servers could not be enabled
anymore
+ 7257550 BUG/MINOR: http: always disable compression on HTTP/1.0
+ 9f708ab BUG/MINOR: checks: successful check completion must not
re-enable MAINT servers
+ ff605db BUG/MEDIUM: backend: do not re-initialize the connection's
context upon reuse
+ ea90063 BUG/MEDIUM: stream-int: fix the keep-alive idle connection
handler
* Update debian/copyright to reflect the license of ebtree/
(closes: #732614)
* Synchronize debian/copyright with source
* Add Documentation field to the systemd unit file
.
haproxy (1.5~dev21-1) experimental; urgency=low
.
[ Prach Pongpanich ]
* Bump Standards-Version to 3.9.5
.
[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.
.
[ Apollon Oikonomopoulos ]
* New upstream development version.
* Require syslog to be operational before starting. Closes: #726323.
.
haproxy (1.5~dev19-2) experimental; urgency=low
.
[ Vincent Bernat ]
* Really enable systemd support by using dh-systemd helper.
* Don't use -L/usr/lib and rely on default search path. Closes: #722777.
.
[ Apollon Oikonomopoulos ]
* Ship halog.
.
haproxy (1.5~dev19-1) experimental; urgency=high
.
[ Vincent Bernat ]
* New upstream version.
+ CVE-2013-2175: fix a possible crash when using negative header
occurrences.
+ Drop 0002-Fix-typo-in-src-haproxy.patch: applied upstream.
* Enable gzip compression feature.
.
[ Prach Pongpanich ]
* Drop bashism patch. It seems useless to maintain a patch to convert
example scripts from /bin/bash to /bin/sh.
* Fix reload/restart action of init script (LP: #1187469)
.
haproxy (1.5~dev18-1) experimental; urgency=low
.
[ Apollon Oikonomopoulos ]
* New upstream development version
.
[ Vincent Bernat ]
* Add support for systemd. Currently, /etc/default/haproxy is not used
when using systemd.
Checksums-Sha1:
7d99df08846b8f076b75b3a43a45d715fbf87994 2224 haproxy_1.5.4-1~bpo70+2.dsc
1d2183c576e387ed4259a684080e48ebe310677e 40554 haproxy_1.5.4-1~bpo70+2.debian.tar.gz
1fc4478167f5ce6809abb0b3adbd648e62a446b4 695000 haproxy_1.5.4-1~bpo70+2_amd64.deb
bedd1b3f4cdf655cc65d2e43b0e975183d7e42ce 1825246 haproxy-dbg_1.5.4-1~bpo70+2_amd64.deb
ad2ca61fb41ee0ff4e27dd968dbd319ce3cbaf6d 320370 haproxy-doc_1.5.4-1~bpo70+2_all.deb
262e0eb41e7b75fc0dda465cf1b212a3bd6b23c7 98682 vim-haproxy_1.5.4-1~bpo70+2_all.deb
Checksums-Sha256:
2d2f4cf58c0b825a90aa482ce37d9540b76aff5312ff1b8ccceae8bc906a8610 2224 haproxy_1.5.4-1~bpo70+2.dsc
76846943e1c9b769c6e77798e647e2cd5742e5d6f635169bd83ead2933931dc9 40554 haproxy_1.5.4-1~bpo70+2.debian.tar.gz
b9934b322e46713dfc6021abf6a5143c8658d31ed3b9f6a11bead06146af9c2d 695000 haproxy_1.5.4-1~bpo70+2_amd64.deb
1797ab65832b9d22a77b38ae6d4ccba3ba263388bb98080887d8d9497286ee60 1825246 haproxy-dbg_1.5.4-1~bpo70+2_amd64.deb
6184ec417ab1a269dc5705ce4085c43c0b79c0e60fcda3e61cd4cd394f755d14 320370 haproxy-doc_1.5.4-1~bpo70+2_all.deb
b466574e88e95a02cf94ab40ade25021ba4b44994b172ca8315500bff391c98b 98682 vim-haproxy_1.5.4-1~bpo70+2_all.deb
Files:
58cdf8962db6b19e7fd394cf7ece9c4a 2224 net optional haproxy_1.5.4-1~bpo70+2.dsc
0e2414b3394d6d3a55f59c53a2185672 40554 net optional haproxy_1.5.4-1~bpo70+2.debian.tar.gz
de0fe90d26c075789a37322745444a4d 695000 net optional haproxy_1.5.4-1~bpo70+2_amd64.deb
35e07069b1a6f8d1e6b8f6623ec3399f 1825246 debug extra haproxy-dbg_1.5.4-1~bpo70+2_amd64.deb
e7f6613ba0a5cf1f92a6df76bbae9a64 320370 doc extra haproxy-doc_1.5.4-1~bpo70+2_all.deb
82109eaad9d66020218240d25412cc4c 98682 net optional vim-haproxy_1.5.4-1~bpo70+2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUF9VxAAoJEHLTQsHpUUMGlVgP/2twCrF8BPlt+A1QYQnLlQvF
FL0x5ZZY1ohj+n+72TiKVrDeHST24+W7AtNN8t5UzgPtKtHqAvV1c1U9pCVE98XA
GO9PstKatOVJHxBuPirmHRL7gSV1CSFIophfHSaeuDT6n4hKsx0vYD1p6K3o3Bi7
Nucx4GmtIwQNg93Da1PSfR1XVDaWZOSRgb3Ao+jk/7aLqKZpV3IubadAlATwWG6S
fZ3CaYsCcHDHg79l93TxWC9C2s2v1ZifbOCNDyKgvC32XTEAXK49heyiDlpdSpdX
xFHY0B4mtd6qtjBorZtqzCuu3mMs0cZB6iVQIBMcwRYlBj8Gyq/2A9iR7+rMDBaK
NDb9Ne+BZLb/LE7eveKoO6pyMzHdboMPGq0+BfqLVnveoxD+hQLUQJTXdvnb7S3G
yc+We0KPGR4C0lVckW0oxP3k+9ygP+4Ipa5CBwVV1nnwkmtP+tIC8xRsQPROdWtt
tXb6tNS5O77sItUX5g8uo+ZbHFFOCZjIu1I1IidGzSdC/ghIJB6Q6SH1r8EyhYp3
rGZOsAJvllriR8be99zLGrkSVQHqCRVEsB+Ay9HAdaVGfHoAB+CR1yhd6wIQ3dQE
jYiTkNHjoZgCMuxI7SJ9sG3gnXrZgAg32RryKsDLpJ638bxOZNZCmGHhBX0Ed6dG
h1nPoqHbIZnhj7ZlkP2j
=XF78
-----END PGP SIGNATURE-----
Reply to: