[Pkg-haproxy-maintainers] haproxy_1.5.8-3~bpo60+1_amd64.changes ACCEPTED into squeeze-backports-sloppy
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat May 2 22:49:11 UTC 2015
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 02 May 2015 22:07:15 +0200
Source: haproxy
Binary: haproxy haproxy-dbg vim-haproxy
Architecture: source amd64 all
Version: 1.5.8-3~bpo60+1
Distribution: squeeze-backports-sloppy
Urgency: high
Maintainer: Debian HAProxy Maintainers <pkg-haproxy-maintainers at lists.alioth.debian.org>
Changed-By: Vincent Bernat <bernat at debian.org>
Description:
haproxy - fast and reliable load balancing reverse proxy
haproxy-dbg - fast and reliable load balancing reverse proxy (debug symbols)
vim-haproxy - syntax highlighting for HAProxy configuration files
Closes: 722777 726323 732614 762608
Changes:
haproxy (1.5.8-3~bpo60+1) squeeze-backports-sloppy; urgency=medium
.
* Rebuild for squeeze-backports-sloppy.
+ Depends on debhelper 7 instead of 9.
+ Don't depends on dh-systemd.
+ Don't build documentation.
+ Use /var/run instead of /run.
+ Don't use start-stop-daemon to kill (--pid isn't available).
.
haproxy (1.5.8-3) unstable; urgency=medium
.
* Remove RC4 from the default cipher string shipped in configuration.
.
haproxy (1.5.8-2) unstable; urgency=medium
.
* Cherry-pick the following patches from 1.5.9 release:
- 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
of memory
- bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
list.
- 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
parsing address information
- 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
- 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
ssl healthchecks
- 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
segfault in case of OOM.
* Cherry-pick the following patches from future 1.5.10 release:
- 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
available
- bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete
.
haproxy (1.5.8-1) unstable; urgency=medium
.
* New upstream stable release including the following fixes:
.
+ BUG/MAJOR: buffer: check the space left is enough or not when input
data in a buffer is wrapped
+ BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
+ BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
+ BUG/MEDIUM: regex: fix pcre_study error handling
+ BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
+ BUG/MINOR: log: fix request flags when keep-alive is enabled
+ BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
+ BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
* Also includes the following new features:
+ MINOR: ssl: add statement to force some ssl options in global.
+ MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
formatted certs
* Disable SSLv3 in the default configuration file.
.
haproxy (1.5.6-1) unstable; urgency=medium
.
* New upstream stable release including the following fixes:
+ BUG/MEDIUM: systemd: set KillMode to 'mixed'
+ MINOR: systemd: Check configuration before start
+ BUG/MEDIUM: config: avoid skipping disabled proxies
+ BUG/MINOR: config: do not accept more track-sc than configured
+ BUG/MEDIUM: backend: fix URI hash when a query string is present
* Drop systemd patches:
+ haproxy.service-also-check-on-start.patch
+ haproxy.service-set-killmode-to-mixed.patch
* Refresh other patches.
.
haproxy (1.5.5-1) unstable; urgency=medium
.
[ Vincent Bernat ]
* initscript: use start-stop-daemon to reliably terminate all haproxy
processes. Also treat stopping a non-running haproxy as success.
(Closes: #762608, LP: #1038139)
.
[ Apollon Oikonomopoulos ]
* New upstream stable release including the following fixes:
+ DOC: Address issue where documentation is excluded due to a gitignore
rule.
+ MEDIUM: Improve signal handling in systemd wrapper.
+ BUG/MINOR: config: don't propagate process binding for dynamic
use_backend
+ MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
+ DOC: clearly state that the "show sess" output format is not fixed
+ MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
+ DOC: indicate in the doc that track-sc* can wait if data are missing
+ MEDIUM: http: enable header manipulation for 101 responses
+ BUG/MEDIUM: config: propagate frontend to backend process binding again.
+ MEDIUM: config: properly propagate process binding between proxies
+ MEDIUM: config: make the frontends automatically bind to the listeners'
processes
+ MEDIUM: config: compute the exact bind-process before listener's
maxaccept
+ MEDIUM: config: only warn if stats are attached to multi-process bind
directives
+ MEDIUM: config: report it when tcp-request rules are misplaced
+ MINOR: config: detect the case where a tcp-request content rule has no
inspect-delay
+ MEDIUM: systemd-wrapper: support multiple executable versions and names
+ BUG/MEDIUM: remove debugging code from systemd-wrapper
+ BUG/MEDIUM: http: adjust close mode when switching to backend
+ BUG/MINOR: config: don't propagate process binding on fatal errors.
+ BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
+ BUG/MINOR: tcp-check: report the correct failed step in the status
+ DOC: indicate that weight zero is reported as DRAIN
* Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the
systemctl stop action conflicting with the systemd wrapper now catching
SIGTERM.
* Bump standards to 3.9.6; no changes needed.
* haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org.
* d/copyright: move debian/dconv/* paragraph after debian/*, so that it
actually matches the files it is supposed to.
.
haproxy (1.5.4-1) unstable; urgency=high
.
* New upstream version.
+ Fix a critical bug that, under certain unlikely conditions, allows a
client to crash haproxy.
* Prefix rsyslog configuration file to ensure to log only to
/var/log/haproxy. Thanks to Paul Bourke for the patch.
.
haproxy (1.5.3-1) unstable; urgency=medium
.
* New upstream stable release, fixing the following issues:
+ Memory corruption when building a proxy protocol v2 header
+ Memory leak in SSL DHE key exchange
.
haproxy (1.5.2-1) unstable; urgency=medium
.
* New upstream stable release. Important fixes:
+ A few sample fetch functions when combined in certain ways would return
malformed results, possibly crashing the HAProxy process.
+ Hash-based load balancing and http-send-name-header would fail for
requests which contain a body which starts to be forwarded before the
data is used.
.
haproxy (1.5.1-1) unstable; urgency=medium
.
* New upstream stable release:
+ Fix a file descriptor leak for clients that disappear before connecting.
+ Do not staple expired OCSP responses.
.
haproxy (1.5.0-1) unstable; urgency=medium
.
* New upstream stable series. Notable changes since the 1.4 series:
+ Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
+ IPv6 and UNIX sockets are supported everywhere
+ End-to-end HTTP keep-alive for better support of NTLM and improved
efficiency in static farms
+ HTTP/1.1 response compression (deflate, gzip) to save bandwidth
+ PROXY protocol versions 1 and 2 on both sides
+ Data sampling on everything in request or response, including payload
+ ACLs can use any matching method with any input sample
+ Maps and dynamic ACLs updatable from the CLI
+ Stick-tables support counters to track activity on any input sample
+ Custom format for logs, unique-id, header rewriting, and redirects
+ Improved health checks (SSL, scripted TCP, check agent, ...)
+ Much more scalable configuration supports hundreds of thousands of
backends and certificates without sweating
.
* Upload to unstable, merge all 1.5 work from experimental. Most important
packaging changes since 1.4.25-1 include:
+ systemd support.
+ A more sane default config file.
+ Zero-downtime upgrades between 1.5 releases by gracefully reloading
HAProxy during upgrades.
+ HTML documentation shipped in the haproxy-doc package.
+ kqueue support for kfreebsd.
.
* Packaging changes since 1.5~dev26-2:
+ Drop patches merged upstream:
o Fix-reference-location-in-manpage.patch
o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
+ d/watch: look for stable 1.5 releases
+ systemd: respect CONFIG and EXTRAOPTS when specified in
/etc/default/haproxy.
+ initscript: test the configuration before start or reload.
+ initscript: remove the ENABLED flag and logic.
.
haproxy (1.5~dev26-2) experimental; urgency=medium
.
* initscript: start should not fail when haproxy is already running
+ Fixes upgrades from post-1.5~dev24-1 installations
.
haproxy (1.5~dev26-1) experimental; urgency=medium
.
* New upstream development version.
+ Add a patch to fix compilation with -Werror=format-security
.
haproxy (1.5~dev25-1) experimental; urgency=medium
.
[ Vincent Bernat ]
* New upstream development version.
* Rename "contimeout", "clitimeout" and "srvtimeout" in the default
configuration file to "timeout connection", "timeout client" and
"timeout server".
.
[ Apollon Oikonomopoulos ]
* Build on kfreebsd using the "freebsd" target; enables kqueue support.
.
haproxy (1.5~dev24-2) experimental; urgency=medium
.
* New binary package: haproxy-doc
+ Contains the HTML documentation built using a version of Cyril Bonté's
haproxy-dconv (https://github.com/cbonte/haproxy-dconv).
+ Add Build-Depends-Indep on python and python-mako
+ haproxy Suggests: haproxy-doc
* systemd: check config file for validity on reload.
* haproxy.cfg:
+ Enable the stats socket by default and bind it to
/run/haproxy/admin.sock, which is accessible by the haproxy group.
/run/haproxy creation is handled by the initscript for sysv-rc and a
tmpfiles.d config for systemd.
+ Set the default locations for CA and server certificates to
/etc/ssl/certs and /etc/ssl/private respectively.
+ Set the default cipher list to be used on listening SSL sockets to
enable PFS, preferring ECDHE ciphers by default.
* Gracefully reload HAProxy on upgrade instead of performing a full restart.
* debian/rules: split build into binary-arch and binary-indep.
* Build-depend on debhelper >= 9, set compat to 9.
.
haproxy (1.5~dev24-1) experimental; urgency=medium
.
* New upstream development version, fixes major regressions introduced in
1.5~dev23:
.
+ Forwarding of a message body (request or response) would automatically
stop after the transfer timeout strikes, and with no error.
+ Redirects failed to update the msg->next offset after consuming the
request, so if they were made with keep-alive enabled and starting with
a slash (relative location), then the buffer was shifted by a negative
amount of data, causing a crash.
+ The code to standardize DH parameters caused an important performance
regression for, so it was temporarily reverted for the time needed to
understand the cause and to fix it.
.
For a complete release announcement, including other bugfixes and feature
enhancements, see http://deb.li/yBVA.
.
haproxy (1.5~dev23-1) experimental; urgency=medium
.
* New upstream development version; notable changes since 1.5~dev22:
+ SSL record size optimizations to speed up both, small and large
transfers.
+ Dynamic backend name support in use_backend.
+ Compressed chunked transfer encoding support.
+ Dynamic ACL manipulation via the CLI.
+ New "language" converter for extracting language preferences from
Accept-Language headers.
* Remove halog source and systemd unit files from
/usr/share/doc/haproxy/contrib, they are built and shipped in their
appropriate locations since 1.5~dev19-2.
.
haproxy (1.5~dev22-1) experimental; urgency=medium
.
* New upstream development version
* watch: use the source page and not the main one
.
haproxy (1.5~dev21+20140118-1) experimental; urgency=medium
.
* New upstream development snapshot, with the following fixes since
1.5-dev21:
+ 00b0fb9 BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
+ 410f810 BUG/MEDIUM: map: segmentation fault with the stats's socket
command "set map ..."
+ abf08d9 BUG/MAJOR: connection: fix mismatch between rcv_buf's API and
usage
+ 35249cb BUG/MINOR: pattern: pattern comparison executed twice
+ c920096 BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between
requests
+ b800623 BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous
patch
+ 61f7f0a BUG/MINOR: stream-int: do not clear the owner upon unregister
+ 983eb31 BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
+ a3ae932 BUG/MEDIUM: stats: the web interface must check the tracked
servers before enabling
+ e24d963 BUG/MEDIUM: checks: unchecked servers could not be enabled
anymore
+ 7257550 BUG/MINOR: http: always disable compression on HTTP/1.0
+ 9f708ab BUG/MINOR: checks: successful check completion must not
re-enable MAINT servers
+ ff605db BUG/MEDIUM: backend: do not re-initialize the connection's
context upon reuse
+ ea90063 BUG/MEDIUM: stream-int: fix the keep-alive idle connection
handler
* Update debian/copyright to reflect the license of ebtree/
(closes: #732614)
* Synchronize debian/copyright with source
* Add Documentation field to the systemd unit file
.
haproxy (1.5~dev21-1) experimental; urgency=low
.
[ Prach Pongpanich ]
* Bump Standards-Version to 3.9.5
.
[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.
.
[ Apollon Oikonomopoulos ]
* New upstream development version.
* Require syslog to be operational before starting. Closes: #726323.
.
haproxy (1.5~dev19-2) experimental; urgency=low
.
[ Vincent Bernat ]
* Really enable systemd support by using dh-systemd helper.
* Don't use -L/usr/lib and rely on default search path. Closes: #722777.
.
[ Apollon Oikonomopoulos ]
* Ship halog.
.
haproxy (1.5~dev19-1) experimental; urgency=high
.
[ Vincent Bernat ]
* New upstream version.
+ CVE-2013-2175: fix a possible crash when using negative header
occurrences.
+ Drop 0002-Fix-typo-in-src-haproxy.patch: applied upstream.
* Enable gzip compression feature.
.
[ Prach Pongpanich ]
* Drop bashism patch. It seems useless to maintain a patch to convert
example scripts from /bin/bash to /bin/sh.
* Fix reload/restart action of init script (LP: #1187469)
.
haproxy (1.5~dev18-1) experimental; urgency=low
.
[ Apollon Oikonomopoulos ]
* New upstream development version
.
[ Vincent Bernat ]
* Add support for systemd. Currently, /etc/default/haproxy is not used
when using systemd.
Checksums-Sha1:
2d329e7f9ff63e808e1094a4eae5beed70fa94c8 2044 haproxy_1.5.8-3~bpo60+1.dsc
d6ab8b09b9aa764cef1bd5b31173b0828a0cf893 1338741 haproxy_1.5.8.orig.tar.gz
03808c04346f1faa7b41a268a944383cf58cd1f5 49672 haproxy_1.5.8-3~bpo60+1.debian.tar.gz
e3aadc74ddcaf312952eb0833fa2473049ae5fea 691596 haproxy_1.5.8-3~bpo60+1_amd64.deb
2c5f16ec73a94054d61fb108e6e9133d8b0deb1b 1514146 haproxy-dbg_1.5.8-3~bpo60+1_amd64.deb
fa28e40da5b780b2d91e2d9f5aea2f6013b1862d 100346 vim-haproxy_1.5.8-3~bpo60+1_all.deb
Checksums-Sha256:
a484be3b9183c46de83614f442c073a318f003d6576d7cd5e79918827ce45c9b 2044 haproxy_1.5.8-3~bpo60+1.dsc
db54b3cf08e530fdd5b67100153bb88293e8d6e179e7aa837412d8ea36a03539 1338741 haproxy_1.5.8.orig.tar.gz
eab7dcfc6491525c1d3a1b4d1b78be9bf313d39720e53ad7829a11871149b35e 49672 haproxy_1.5.8-3~bpo60+1.debian.tar.gz
7d5d3058b1cfc5765406c63fbcd8d1c698ef4f4190b03e260d4d7640480779dd 691596 haproxy_1.5.8-3~bpo60+1_amd64.deb
815e9feedd675396657a6cc7cb92741ee532bd5c7eed1d41be750de61b803aca 1514146 haproxy-dbg_1.5.8-3~bpo60+1_amd64.deb
02246ce32a094e93816feba2bac5814b6f585f7f4adc33253700aae9e7dd4e9e 100346 vim-haproxy_1.5.8-3~bpo60+1_all.deb
Files:
3bd3011f70b060d65b8ba2be9f4f1554 2044 net optional haproxy_1.5.8-3~bpo60+1.dsc
7bffa1afa069d90ce03b7cd9aa0557cd 1338741 net optional haproxy_1.5.8.orig.tar.gz
159a5da5ce7dbfed1c5e6e4bbf2089be 49672 net optional haproxy_1.5.8-3~bpo60+1.debian.tar.gz
bd95ceb22f1be540027b895ddb39642e 691596 net optional haproxy_1.5.8-3~bpo60+1_amd64.deb
e871fe5585b6835ebd1a7fa79701601d 1514146 debug extra haproxy-dbg_1.5.8-3~bpo60+1_amd64.deb
44bbb3c097673b430b980251b8f58cfc 100346 net optional vim-haproxy_1.5.8-3~bpo60+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVRTFtAAoJEJWkL+g1NSX5DLkP/jzHZPl4sOWYcyLnmlHrhmmM
j8NZft8mt8I7JFcka9S6gD5FiDr7m3UwoFoY928kB+dY/QpUxIe5S/6LvV67Th9Z
ZMNdx9gcOWlt33Ot2jGZarkqd0FsBM4jTgFz3q4YvmC4+S044CCcwdamWHm4kN4l
+sJhSvSgBZYmDiNxf3HzxWXXgz5kJ1pOsBDjqv2sLpD1iW+Aiu6ekWlvIXHkdCwe
PwfLzBpIl7+hJ/2ngwOHn8QpfMLOHxnOoAe/cQY6UYj+ibUs3hvRSlY7whoHc4T7
/TdNL1PZxnc3RmEiuavAzKY//9z8UqFh03MGOcbaU4e1Jj5Smx1tu2jeVzl79CBq
K5Yj7+ZMo64z2HK64CvxdDjB5LOfp882xMFcmvLDRcJJWdonqfwcNCbCrxQ8kx6p
Eb3pzsrtPXKspVxN50DeVOEANnRRjQWWIHGW6Y80nc9JH2DZidZIIegPQrB7zNdH
1V9BEQG0shCXU0tR2+KOXjpYW+SquF6XSpNPynrQ7+rVGSVd82rXtyvz8/xPlWs3
Ubpx8m6ggJD6KGop0101aoA65QTpIQssJ/FgWdFGtf0EDvf0PaF1DyrHsgHcaW4e
PJjYILdnvSDYXhhof7fzHatM1V24g+u2VCqoJhWtboWyTfZq7H3UmXFBDxd7Qply
rGnwNLROQ5c7T8s7lkQ0
=cCnZ
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-haproxy-maintainers
mailing list