lp://staging/ubuntu/utopic-security/haproxy

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

25. By Marc Deslauriers on 2015-07-06

* SECURITY UPDATE: information disclosure via uninitialized memory
  - debian/patches/CVE-2015-3281.patch: respect output data in
    src/buffer.c.
  - CVE-2015-3281

24. By Serge Hallyn on 2014-09-23

haproxy.init: return 0 on stop if haproxy was not running. (LP: #1038139)

23. By Vincent Bernat on 2014-09-02

* New upstream version.
  + Fix a critical bug that, under certain unlikely conditions, allows a
    client to crash haproxy.
* Prefix rsyslog configuration file to ensure to log only to
  /var/log/haproxy. Thanks to Paul Bourke for the patch.

22. By Apollon Oikonomopoulos <email address hidden> on 2014-07-25

* New upstream stable release, fixing the following issues:
  + Memory corruption when building a proxy protocol v2 header
  + Memory leak in SSL DHE key exchange

21. By Apollon Oikonomopoulos <email address hidden> on 2014-07-14

* New upstream stable release. Important fixes:
  + A few sample fetch functions when combined in certain ways would return
    malformed results, possibly crashing the HAProxy process.
  + Hash-based load balancing and http-send-name-header would fail for
    requests which contain a body which starts to be forwarded before the
    data is used.

20. By Apollon Oikonomopoulos <email address hidden> on 2014-06-24

* New upstream stable release:
  + Fix a file descriptor leak for clients that disappear before connecting.
  + Do not staple expired OCSP responses.

19. By Apollon Oikonomopoulos <email address hidden> on 2014-06-20

* New upstream stable series. Notable changes since the 1.4 series:
  + Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
  + IPv6 and UNIX sockets are supported everywhere
  + End-to-end HTTP keep-alive for better support of NTLM and improved
    efficiency in static farms
  + HTTP/1.1 response compression (deflate, gzip) to save bandwidth
  + PROXY protocol versions 1 and 2 on both sides
  + Data sampling on everything in request or response, including payload
  + ACLs can use any matching method with any input sample
  + Maps and dynamic ACLs updatable from the CLI
  + Stick-tables support counters to track activity on any input sample
  + Custom format for logs, unique-id, header rewriting, and redirects
  + Improved health checks (SSL, scripted TCP, check agent, ...)
  + Much more scalable configuration supports hundreds of thousands of
    backends and certificates without sweating

* Upload to unstable, merge all 1.5 work from experimental. Most important
  packaging changes since 1.4.25-1 include:
  + systemd support.
  + A more sane default config file.
  + Zero-downtime upgrades between 1.5 releases by gracefully reloading
    HAProxy during upgrades.
  + HTML documentation shipped in the haproxy-doc package.
  + kqueue support for kfreebsd.

* Packaging changes since 1.5~dev26-2:
  + Drop patches merged upstream:
    o Fix-reference-location-in-manpage.patch
    o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
  + d/watch: look for stable 1.5 releases
  + systemd: respect CONFIG and EXTRAOPTS when specified in
    /etc/default/haproxy.
  + initscript: test the configuration before start or reload.
  + initscript: remove the ENABLED flag and logic.

18. By Prach Pongpanich on 2014-03-28

[ Prach Pongpanich ]
* New upstream version.
* Update watch file to use the source page.
* Bump Standards-Version to 3.9.5.

[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.

[ Apollon Oikonomopoulos ]
* Require syslog to be operational before starting. Closes: #726323.
* Document how to bind non-local IPv6 addresses.
* Add a reference to configuration.txt.gz to the manpage.
* debian/copyright: synchronize with source.

17. By Vincent Bernat on 2013-09-15

[ Apollon Oikonomopoulos ]
* Ship contrib/halog as /usr/bin/halog.

[ Vincent Bernat ]
* Don't use -L/usr/lib and rely on default search path. Closes: #722777.

16. By Vincent Bernat on 2013-06-17

[ Vincent Bernat ]
* New upstream version.
   + CVE-2013-2175: fix a possible crash when using negative header
     occurrences.

[ Prach Pongpanich ]
* Drop bashism patch. It seems useless to maintain a patch to convert
  example scripts from /bin/bash to /bin/sh.
* Fix reload/restart action of init script (LP: #1187469).