[Pkg-haproxy-maintainers] haproxy_1.5.8-3~bpo60+1_amd64.changes ACCEPTED into squeeze-backports-sloppy

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat May 2 22:49:11 UTC 2015


Hash: SHA256

Format: 1.8
Date: Sat, 02 May 2015 22:07:15 +0200
Source: haproxy
Binary: haproxy haproxy-dbg vim-haproxy
Architecture: source amd64 all
Version: 1.5.8-3~bpo60+1
Distribution: squeeze-backports-sloppy
Urgency: high
Maintainer: Debian HAProxy Maintainers <pkg-haproxy-maintainers at lists.alioth.debian.org>
Changed-By: Vincent Bernat <bernat at debian.org>
 haproxy    - fast and reliable load balancing reverse proxy
 haproxy-dbg - fast and reliable load balancing reverse proxy (debug symbols)
 vim-haproxy - syntax highlighting for HAProxy configuration files
Closes: 722777 726323 732614 762608
 haproxy (1.5.8-3~bpo60+1) squeeze-backports-sloppy; urgency=medium
   * Rebuild for squeeze-backports-sloppy.
      + Depends on debhelper 7 instead of 9.
      + Don't depends on dh-systemd.
      + Don't build documentation.
      + Use /var/run instead of /run.
      + Don't use start-stop-daemon to kill (--pid isn't available).
 haproxy (1.5.8-3) unstable; urgency=medium
   * Remove RC4 from the default cipher string shipped in configuration.
 haproxy (1.5.8-2) unstable; urgency=medium
   * Cherry-pick the following patches from 1.5.9 release:
       - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
                                 of memory
       - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
       - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
                                  parsing address information
       - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
       - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
                                  ssl healthchecks
       - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
       - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
                                  segfault in case of OOM.
   * Cherry-pick the following patches from future 1.5.10 release:
       - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
       - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete
 haproxy (1.5.8-1) unstable; urgency=medium
   * New upstream stable release including the following fixes:
      + BUG/MAJOR: buffer: check the space left is enough or not when input
                   data in a buffer is wrapped
      + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
      + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
      + BUG/MEDIUM: regex: fix pcre_study error handling
      + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
      + BUG/MINOR: log: fix request flags when keep-alive is enabled
      + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
      + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
   * Also includes the following new features:
      + MINOR: ssl: add statement to force some ssl options in global.
      + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
               formatted certs
   * Disable SSLv3 in the default configuration file.
 haproxy (1.5.6-1) unstable; urgency=medium
   * New upstream stable release including the following fixes:
     + BUG/MEDIUM: systemd: set KillMode to 'mixed'
     + MINOR: systemd: Check configuration before start
     + BUG/MEDIUM: config: avoid skipping disabled proxies
     + BUG/MINOR: config: do not accept more track-sc than configured
     + BUG/MEDIUM: backend: fix URI hash when a query string is present
   * Drop systemd patches:
     + haproxy.service-also-check-on-start.patch
     + haproxy.service-set-killmode-to-mixed.patch
   * Refresh other patches.
 haproxy (1.5.5-1) unstable; urgency=medium
   [ Vincent Bernat ]
   * initscript: use start-stop-daemon to reliably terminate all haproxy
     processes. Also treat stopping a non-running haproxy as success.
     (Closes: #762608, LP: #1038139)
   [ Apollon Oikonomopoulos ]
   * New upstream stable release including the following fixes:
     + DOC: Address issue where documentation is excluded due to a gitignore
     + MEDIUM: Improve signal handling in systemd wrapper.
     + BUG/MINOR: config: don't propagate process binding for dynamic
     + MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
     + DOC: clearly state that the "show sess" output format is not fixed
     + MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
     + DOC: indicate in the doc that track-sc* can wait if data are missing
     + MEDIUM: http: enable header manipulation for 101 responses
     + BUG/MEDIUM: config: propagate frontend to backend process binding again.
     + MEDIUM: config: properly propagate process binding between proxies
     + MEDIUM: config: make the frontends automatically bind to the listeners'
     + MEDIUM: config: compute the exact bind-process before listener's
     + MEDIUM: config: only warn if stats are attached to multi-process bind
     + MEDIUM: config: report it when tcp-request rules are misplaced
     + MINOR: config: detect the case where a tcp-request content rule has no
     + MEDIUM: systemd-wrapper: support multiple executable versions and names
     + BUG/MEDIUM: remove debugging code from systemd-wrapper
     + BUG/MEDIUM: http: adjust close mode when switching to backend
     + BUG/MINOR: config: don't propagate process binding on fatal errors.
     + BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
     + BUG/MINOR: tcp-check: report the correct failed step in the status
     + DOC: indicate that weight zero is reported as DRAIN
   * Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the
     systemctl stop action conflicting with the systemd wrapper now catching
   * Bump standards to 3.9.6; no changes needed.
   * haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org.
   * d/copyright: move debian/dconv/* paragraph after debian/*, so that it
     actually matches the files it is supposed to.
 haproxy (1.5.4-1) unstable; urgency=high
   * New upstream version.
     + Fix a critical bug that, under certain unlikely conditions, allows a
       client to crash haproxy.
   * Prefix rsyslog configuration file to ensure to log only to
     /var/log/haproxy. Thanks to Paul Bourke for the patch.
 haproxy (1.5.3-1) unstable; urgency=medium
   * New upstream stable release, fixing the following issues:
     + Memory corruption when building a proxy protocol v2 header
     + Memory leak in SSL DHE key exchange
 haproxy (1.5.2-1) unstable; urgency=medium
   * New upstream stable release. Important fixes:
     + A few sample fetch functions when combined in certain ways would return
       malformed results, possibly crashing the HAProxy process.
     + Hash-based load balancing and http-send-name-header would fail for
       requests which contain a body which starts to be forwarded before the
       data is used.
 haproxy (1.5.1-1) unstable; urgency=medium
   * New upstream stable release:
     + Fix a file descriptor leak for clients that disappear before connecting.
     + Do not staple expired OCSP responses.
 haproxy (1.5.0-1) unstable; urgency=medium
   * New upstream stable series. Notable changes since the 1.4 series:
     + Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
     + IPv6 and UNIX sockets are supported everywhere
     + End-to-end HTTP keep-alive for better support of NTLM and improved
       efficiency in static farms
     + HTTP/1.1 response compression (deflate, gzip) to save bandwidth
     + PROXY protocol versions 1 and 2 on both sides
     + Data sampling on everything in request or response, including payload
     + ACLs can use any matching method with any input sample
     + Maps and dynamic ACLs updatable from the CLI
     + Stick-tables support counters to track activity on any input sample
     + Custom format for logs, unique-id, header rewriting, and redirects
     + Improved health checks (SSL, scripted TCP, check agent, ...)
     + Much more scalable configuration supports hundreds of thousands of
       backends and certificates without sweating
   * Upload to unstable, merge all 1.5 work from experimental. Most important
     packaging changes since 1.4.25-1 include:
     + systemd support.
     + A more sane default config file.
     + Zero-downtime upgrades between 1.5 releases by gracefully reloading
       HAProxy during upgrades.
     + HTML documentation shipped in the haproxy-doc package.
     + kqueue support for kfreebsd.
   * Packaging changes since 1.5~dev26-2:
     + Drop patches merged upstream:
       o Fix-reference-location-in-manpage.patch
       o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
     + d/watch: look for stable 1.5 releases
     + systemd: respect CONFIG and EXTRAOPTS when specified in
     + initscript: test the configuration before start or reload.
     + initscript: remove the ENABLED flag and logic.
 haproxy (1.5~dev26-2) experimental; urgency=medium
   * initscript: start should not fail when haproxy is already running
     + Fixes upgrades from post-1.5~dev24-1 installations
 haproxy (1.5~dev26-1) experimental; urgency=medium
   * New upstream development version.
      + Add a patch to fix compilation with -Werror=format-security
 haproxy (1.5~dev25-1) experimental; urgency=medium
   [ Vincent Bernat ]
   * New upstream development version.
   * Rename "contimeout", "clitimeout" and "srvtimeout" in the default
     configuration file to "timeout connection", "timeout client" and
     "timeout server".
   [ Apollon Oikonomopoulos ]
   * Build on kfreebsd using the "freebsd" target; enables kqueue support.
 haproxy (1.5~dev24-2) experimental; urgency=medium
   * New binary package: haproxy-doc
     + Contains the HTML documentation built using a version of Cyril Bonté's
       haproxy-dconv (https://github.com/cbonte/haproxy-dconv).
     + Add Build-Depends-Indep on python and python-mako
     + haproxy Suggests: haproxy-doc
   * systemd: check config file for validity on reload.
   * haproxy.cfg:
     + Enable the stats socket by default and bind it to
       /run/haproxy/admin.sock, which is accessible by the haproxy group.
       /run/haproxy creation is handled by the initscript for sysv-rc and a
       tmpfiles.d config for systemd.
     + Set the default locations for CA and server certificates to
       /etc/ssl/certs and /etc/ssl/private respectively.
     + Set the default cipher list to be used on listening SSL sockets to
       enable PFS, preferring ECDHE ciphers by default.
   * Gracefully reload HAProxy on upgrade instead of performing a full restart.
   * debian/rules: split build into binary-arch and binary-indep.
   * Build-depend on debhelper >= 9, set compat to 9.
 haproxy (1.5~dev24-1) experimental; urgency=medium
   * New upstream development version, fixes major regressions introduced in
     + Forwarding of a message body (request or response) would automatically
       stop after the transfer timeout strikes, and with no error.
     + Redirects failed to update the msg->next offset after consuming the
       request, so if they were made with keep-alive enabled and starting with
       a slash (relative location), then the buffer was shifted by a negative
       amount of data, causing a crash.
     + The code to standardize DH parameters caused an important performance
       regression for, so it was temporarily reverted for the time needed to
       understand the cause and to fix it.
     For a complete release announcement, including other bugfixes and feature
     enhancements, see http://deb.li/yBVA.
 haproxy (1.5~dev23-1) experimental; urgency=medium
   * New upstream development version; notable changes since 1.5~dev22:
     + SSL record size optimizations to speed up both, small and large
     + Dynamic backend name support in use_backend.
     + Compressed chunked transfer encoding support.
     + Dynamic ACL manipulation via the CLI.
     + New "language" converter for extracting language preferences from
       Accept-Language headers.
   * Remove halog source and systemd unit files from
     /usr/share/doc/haproxy/contrib, they are built and shipped in their
     appropriate locations since 1.5~dev19-2.
 haproxy (1.5~dev22-1) experimental; urgency=medium
   * New upstream development version
   * watch: use the source page and not the main one
 haproxy (1.5~dev21+20140118-1) experimental; urgency=medium
   * New upstream development snapshot, with the following fixes since
      + 00b0fb9 BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
      + 410f810 BUG/MEDIUM: map: segmentation fault with the stats's socket
                            command "set map ..."
      + abf08d9 BUG/MAJOR: connection: fix mismatch between rcv_buf's API and
      + 35249cb BUG/MINOR: pattern: pattern comparison executed twice
      + c920096 BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between
      + b800623 BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous
      + 61f7f0a BUG/MINOR: stream-int: do not clear the owner upon unregister
      + 983eb31 BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
      + a3ae932 BUG/MEDIUM: stats: the web interface must check the tracked
                            servers before enabling
      + e24d963 BUG/MEDIUM: checks: unchecked servers could not be enabled
      + 7257550 BUG/MINOR: http: always disable compression on HTTP/1.0
      + 9f708ab BUG/MINOR: checks: successful check completion must not
                           re-enable MAINT servers
      + ff605db BUG/MEDIUM: backend: do not re-initialize the connection's
                            context upon reuse
      + ea90063 BUG/MEDIUM: stream-int: fix the keep-alive idle connection
   * Update debian/copyright to reflect the license of ebtree/
     (closes: #732614)
   * Synchronize debian/copyright with source
   * Add Documentation field to the systemd unit file
 haproxy (1.5~dev21-1) experimental; urgency=low
   [ Prach Pongpanich ]
   * Bump Standards-Version to 3.9.5
   [ Thomas Bechtold ]
   * debian/control: Add haproxy-dbg binary package for debug symbols.
   [ Apollon Oikonomopoulos ]
   * New upstream development version.
   * Require syslog to be operational before starting. Closes: #726323.
 haproxy (1.5~dev19-2) experimental; urgency=low
   [ Vincent Bernat ]
   * Really enable systemd support by using dh-systemd helper.
   * Don't use -L/usr/lib and rely on default search path. Closes: #722777.
   [ Apollon Oikonomopoulos ]
   * Ship halog.
 haproxy (1.5~dev19-1) experimental; urgency=high
   [ Vincent Bernat ]
   * New upstream version.
      + CVE-2013-2175: fix a possible crash when using negative header
      + Drop 0002-Fix-typo-in-src-haproxy.patch: applied upstream.
   * Enable gzip compression feature.
   [ Prach Pongpanich ]
   * Drop bashism patch. It seems useless to maintain a patch to convert
     example scripts from /bin/bash to /bin/sh.
   * Fix reload/restart action of init script (LP: #1187469)
 haproxy (1.5~dev18-1) experimental; urgency=low
   [ Apollon Oikonomopoulos ]
   * New upstream development version
   [ Vincent Bernat ]
   * Add support for systemd. Currently, /etc/default/haproxy is not used
     when using systemd.
 2d329e7f9ff63e808e1094a4eae5beed70fa94c8 2044 haproxy_1.5.8-3~bpo60+1.dsc
 d6ab8b09b9aa764cef1bd5b31173b0828a0cf893 1338741 haproxy_1.5.8.orig.tar.gz
 03808c04346f1faa7b41a268a944383cf58cd1f5 49672 haproxy_1.5.8-3~bpo60+1.debian.tar.gz
 e3aadc74ddcaf312952eb0833fa2473049ae5fea 691596 haproxy_1.5.8-3~bpo60+1_amd64.deb
 2c5f16ec73a94054d61fb108e6e9133d8b0deb1b 1514146 haproxy-dbg_1.5.8-3~bpo60+1_amd64.deb
 fa28e40da5b780b2d91e2d9f5aea2f6013b1862d 100346 vim-haproxy_1.5.8-3~bpo60+1_all.deb
 a484be3b9183c46de83614f442c073a318f003d6576d7cd5e79918827ce45c9b 2044 haproxy_1.5.8-3~bpo60+1.dsc
 db54b3cf08e530fdd5b67100153bb88293e8d6e179e7aa837412d8ea36a03539 1338741 haproxy_1.5.8.orig.tar.gz
 eab7dcfc6491525c1d3a1b4d1b78be9bf313d39720e53ad7829a11871149b35e 49672 haproxy_1.5.8-3~bpo60+1.debian.tar.gz
 7d5d3058b1cfc5765406c63fbcd8d1c698ef4f4190b03e260d4d7640480779dd 691596 haproxy_1.5.8-3~bpo60+1_amd64.deb
 815e9feedd675396657a6cc7cb92741ee532bd5c7eed1d41be750de61b803aca 1514146 haproxy-dbg_1.5.8-3~bpo60+1_amd64.deb
 02246ce32a094e93816feba2bac5814b6f585f7f4adc33253700aae9e7dd4e9e 100346 vim-haproxy_1.5.8-3~bpo60+1_all.deb
 3bd3011f70b060d65b8ba2be9f4f1554 2044 net optional haproxy_1.5.8-3~bpo60+1.dsc
 7bffa1afa069d90ce03b7cd9aa0557cd 1338741 net optional haproxy_1.5.8.orig.tar.gz
 159a5da5ce7dbfed1c5e6e4bbf2089be 49672 net optional haproxy_1.5.8-3~bpo60+1.debian.tar.gz
 bd95ceb22f1be540027b895ddb39642e 691596 net optional haproxy_1.5.8-3~bpo60+1_amd64.deb
 e871fe5585b6835ebd1a7fa79701601d 1514146 debug extra haproxy-dbg_1.5.8-3~bpo60+1_amd64.deb
 44bbb3c097673b430b980251b8f58cfc 100346 net optional vim-haproxy_1.5.8-3~bpo60+1_all.deb

Version: GnuPG v1


Thank you for your contribution to Debian.

More information about the Pkg-haproxy-maintainers mailing list