Change log for haproxy package in Ubuntu
| 76 → 150 of 206 results | First • Previous • Next • Last |
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
haproxy (2.0.13-2) unstable; urgency=medium
* d/dconv: replace cgi.escape by html.escape. Closes: #951416.
* d/copryight: document OpenSSL exception. Closes: #951782.
* d/haproxy.cfg: use "ssl-min-ver" to set minimum version.
* Apply one patch to fix an overflow in HTTP/2 header handling.
Fix CVE-2020-11100.
-- Vincent Bernat <email address hidden> Wed, 01 Apr 2020 21:49:32 +0200
Available diffs
haproxy (2.0.13-1ubuntu2) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add Ubuntu version to block automatic sync from Debian, as we want
to stay in the 2.0.x LTS series for Focal (LP #1854988)
- convert cgi.escape into html.escape to fix a python3.8 failure
-- Gianfranco Costamagna <email address hidden> Sun, 16 Feb 2020 10:34:53 +0100
Available diffs
- diff from 2.0.12-1ubuntu2 to 2.0.13-1ubuntu2 (27.9 KiB)
- diff from 2.0.13-1ubuntu1 to 2.0.13-1ubuntu2 (898 bytes)
| Superseded in focal-proposed |
haproxy (2.0.13-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add Ubuntu version to block automatic sync from Debian, as we want
to stay in the 2.0.x LTS series for Focal (LP #1854988)
Available diffs
- diff from 2.0.12-1ubuntu2 to 2.0.13-1ubuntu1 (27.4 KiB)
haproxy (2.0.12-1ubuntu2) focal; urgency=medium * Use python3 to build the documentation (LP: #1858485, Closes: #948296): - d/control, d/rules: switch to python3 - d/dconv/*: convert to python3 - d/p/debianize-dconv.patch: small update for python3 -- Andreas Hasenack <email address hidden> Fri, 17 Jan 2020 18:54:13 +0000
Available diffs
- diff from 2.0.11-1ubuntu1 to 2.0.12-1ubuntu2 (11.7 KiB)
- diff from 2.0.12-1ubuntu1 to 2.0.12-1ubuntu2 (3.4 KiB)
| Superseded in focal-proposed |
haproxy (2.0.12-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Add Ubuntu version to block automatic sync from Debian, as we want
to stay in the 2.0.x LTS series for Focal (LP #1854988)
Available diffs
haproxy (2.0.11-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Add Ubuntu version to block automatic sync from Debian, as we want
to stay in the 2.0.x LTS series for Focal (LP #1854988)
Available diffs
- diff from 2.0.10-1ubuntu1 to 2.0.11-1ubuntu1 (14.6 KiB)
haproxy (2.0.10-1ubuntu1) focal; urgency=medium
* Add Ubuntu version to block automatic sync from Debian, as we want
to stay in the 2.0.x LTS series for Focal (LP: #1854988)
-- Andreas Hasenack <email address hidden> Tue, 03 Dec 2019 15:38:53 -0300
Available diffs
haproxy (1.8.8-1ubuntu0.9) bionic-security; urgency=medium
* SECURITY UPDATE: Intermediary Encapsulation attacks
- debian/patches/CVE-2019-19330-*.patch: reject header values containing
invalid chars and make header field name filtering stronger in
src/h2.c, include/common/ist.h, include/common/h2.h.
- CVE-2019-19330
-- <email address hidden> (Leonidas S. Barbosa) Mon, 02 Dec 2019 12:38:31 -0300
Available diffs
haproxy (1.8.19-1ubuntu1.3) disco-security; urgency=medium
* SECURITY UPDATE: Intermediary Encapsulation attacks
- debian/patches/CVE-2019-19330.patch: reject header values containing
invalid chars and make header field name filtering stronger in
src/h2.c, include/common/ist.h, include/common/h2.h.
- CVE-2019-19330
-- <email address hidden> (Leonidas S. Barbosa) Mon, 02 Dec 2019 13:55:16 -0300
Available diffs
haproxy (2.0.5-1ubuntu0.3) eoan-security; urgency=medium
* SECURITY UPDATE: Intermediary Encapsulation attacks
- debian/patches/CVE-2019-19330-*.patch: reject header values containing
invalid chars and make header field name filtering stronger in
src/h2.c, include/common/ist.h.
- CVE-2019-19330
-- <email address hidden> (Leonidas S. Barbosa) Mon, 02 Dec 2019 16:12:00 -0300
Available diffs
haproxy (2.0.10-1) unstable; urgency=medium
* New upstream release.
- BUG/MAJOR: h2: make header field name filtering stronger
- BUG/MAJOR: h2: reject header values containing invalid chars
- BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in
idle state
-- Vincent Bernat <email address hidden> Tue, 26 Nov 2019 13:22:17 +0100
Available diffs
- diff from 2.0.9-1 to 2.0.10-1 (22.0 KiB)
haproxy (1.8.8-1ubuntu0.8) bionic; urgency=medium
* d/p/lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch:
fix potential hang in haproxy (LP: #1848902)
-- Christian Ehrhardt <email address hidden> Tue, 12 Nov 2019 13:16:22 +0100
Available diffs
haproxy (2.0.9-1) unstable; urgency=medium
* New upstream release.
- BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST
is reached
-- Vincent Bernat <email address hidden> Sat, 16 Nov 2019 17:38:51 +0100
Available diffs
- diff from 2.0.8-1 to 2.0.9-1 (9.7 KiB)
haproxy (2.0.5-1ubuntu0.2) eoan-security; urgency=medium
* SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"
value were not being correctly rejected
- debian/patches/CVE-2019-18277.patch: also reject messages where
"chunked" is missing from transfer-enoding in.
src/proto_http.c.
- CVE-2019-18277
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Nov 2019 11:07:29 -0300
Available diffs
haproxy (1.8.19-1ubuntu1.2) disco-security; urgency=medium
* SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"
value were not being correctly rejected
- debian/patches/CVE-2019-18277.patch: also reject messages where
"chunked" is missing from transfer-enoding in.
src/proto_http.c.
- CVE-2019-18277
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Nov 2019 11:04:10 -0300
Available diffs
haproxy (1.8.8-1ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"
value were not being correctly rejected
- debian/patches/CVE-2019-18277.patch: also reject messages where
"chunked" is missing from transfer-enoding in.
src/proto_http.c.
- CVE-2019-18277
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Nov 2019 11:03:13 -0300
Available diffs
haproxy (1.6.3-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"
value were not being correctly rejected
- debian/patches/CVE-2019-18277.patch: also reject messages where
"chunked" is missing from transfer-enoding in.
src/proto_http.c.
- CVE-2019-18277
-- <email address hidden> (Leonidas S. Barbosa) Fri, 25 Oct 2019 13:12:29 -0300
Available diffs
haproxy (2.0.5-1ubuntu0.1) eoan; urgency=medium
* Fix configurability of dh_params that regressed since building
against openssl 1.1.1 (LP: #1841936)
- d/p/lp-1841936-BUG-MEDIUM-ssl-tune.ssl.default-dh-param-value-ignor.patch
- d/p/lp-1841936-CLEANUP-ssl-make-ssl_sock_load_dh_params-handle-errc.patch
-- Christian Ehrhardt <email address hidden> Wed, 23 Oct 2019 12:58:09 +0200
Available diffs
haproxy (1.8.19-1ubuntu1.1) disco; urgency=medium
* Fix configurability of dh_params that regressed since building
against openssl 1.1.1 (LP: #1841936)
- d/p/lp-1841936-BUG-MEDIUM-ssl-tune.ssl.default-dh-param-value-ignor.patch
- d/p/lp-1841936-CLEANUP-ssl-make-ssl_sock_load_dh_params-handle-errc.patch
-- Christian Ehrhardt <email address hidden> Wed, 23 Oct 2019 12:34:38 +0200
Available diffs
haproxy (1.8.8-1ubuntu0.6) bionic; urgency=medium
* Fix issues around dh_params when building against openssl 1.1.1
to avoid regressing the minimal key size (LP: 1841936)
- d/p/lp-1841936-BUG-MEDIUM-ssl-tune.ssl.default-dh-param-value-ignor.patch
- d/p/lp-1841936-CLEANUP-ssl-make-ssl_sock_load_dh_params-handle-errc.patch
Available diffs
haproxy (2.0.8-1) unstable; urgency=medium
* New upstream release.
- BUG/MAJOR: idle conns: schedule the cleanup task on the correct
threads
-- Vincent Bernat <email address hidden> Wed, 23 Oct 2019 08:55:55 +0200
Available diffs
- diff from 2.0.5-1 to 2.0.8-1 (39.3 KiB)
| Superseded in bionic-proposed |
haproxy (1.8.8-1ubuntu0.5) bionic; urgency=medium
* no change rebuild to pick up openssl 1.1.1 and via that
TLSv1.3 (LP: #1841936)
-- Christian Ehrhardt <email address hidden> Tue, 03 Sep 2019 12:14:43 +0200
Available diffs
- diff from 1.8.8-1ubuntu0.4 to 1.8.8-1ubuntu0.5 (385 bytes)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
haproxy (2.0.5-1) unstable; urgency=medium
* New upstream release.
- BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not
connected.
- BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
- BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading
TCP=>H1+HTX.
- BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the
conn_stream.
- BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
-- Vincent Bernat <email address hidden> Fri, 16 Aug 2019 19:51:24 +0200
Available diffs
- diff from 2.0.4-1 to 2.0.5-1 (3.7 KiB)
haproxy (2.0.4-1) unstable; urgency=medium
* New upstream release. Upload to unstable.
- BUG/MAJOR: http/sample: use a static buffer for raw -> htx
conversion
- BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in
process_srv_queue()
* d/haproxy.cfg: update default cipher lists to more secure defaults.
TLSv1.0 and TLSv1.1 are disabled, as well as TLS tickets (they are
breaking forward secrecy unless correctly rotated).
Closes: #932763.
-- Vincent Bernat <email address hidden> Fri, 09 Aug 2019 14:22:23 +0200
Available diffs
haproxy (2.0.3-1ubuntu1) eoan; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/t/control, d/t/proxy-localhost: simple DEP8 test to actually
generate traffic through haproxy.
[Updated to use "service" instead of "systemctl" to match what was
submitted to Debian.]
* Dropped:
- SECURITY UPDATE: DoS in htx_manage_client_side_cookies
+ debian/patches/CVE-2019-14241.patch: fix parsing of malformed cookies
which start by a delimiter in src/proto_htx.c.
+ CVE-2019-14241
[Fixed upstream]
Available diffs
- diff from 2.0.1-1ubuntu2 to 2.0.3-1ubuntu1 (34.6 KiB)
haproxy (2.0.1-1ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: DoS in htx_manage_client_side_cookies
- debian/patches/CVE-2019-14241.patch: fix parsing of malformed cookies
which start by a delimiter in src/proto_htx.c.
- CVE-2019-14241
-- Marc Deslauriers <email address hidden> Thu, 25 Jul 2019 13:04:51 -0400
Available diffs
haproxy (2.0.1-1ubuntu1) eoan; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/t/control, d/t/proxy-localhost: simple DEP8 test to actually
generate traffic through haproxy.
[Updated to use "service" instead of "systemctl" to match what was
submitted to Debian.]
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
haproxy (1.8.19-1ubuntu1) disco; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/t/control, d/t/proxy-localhost: simple DEP8 test to actually
generate traffic through haproxy.
[Updated to use "service" instead of "systemctl" to match what was
submitted to Debian.]
Available diffs
- diff from 1.8.17-1ubuntu1 to 1.8.19-1ubuntu1 (16.6 KiB)
haproxy (1.8.8-1ubuntu0.4) bionic; urgency=medium
* d/p/stksess-align.patch: Make sure stksess is properly aligned.
(LP: #1804069)
* d/t/control, d/t/proxy-localhost: simple DEP8 test to actually
generate traffic through haproxy.
-- Andreas Hasenack <email address hidden> Thu, 24 Jan 2019 10:20:49 -0200
Available diffs
haproxy (1.8.13-2ubuntu0.2) cosmic; urgency=medium
* d/p/stksess-align.patch: Make sure stksess is properly aligned.
(LP: #1804069)
* d/t/control, d/t/proxy-localhost: simple DEP8 test to actually
generate traffic through haproxy.
-- Andreas Hasenack <email address hidden> Wed, 23 Jan 2019 17:24:30 -0200
Available diffs
haproxy (1.8.17-1ubuntu1) disco; urgency=medium
* d/t/control, d/t/proxy-localhost: simple DEP8 test to actually
generate traffic through haproxy.
-- Andreas Hasenack <email address hidden> Thu, 24 Jan 2019 18:11:39 -0200
Available diffs
haproxy (1.8.17-1) unstable; urgency=medium
* New upstream version 1.8.17
- BUG/MAJOR: stream-int: Update the stream expiration date in
stream_int_notify()
- BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than
the max
- BUG/MEDIUM: server: Also copy "check-sni" for server templates.
- BUG/MEDIUM: cli: make "show sess" really thread-safe
- BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
* Drop CVE-2018-20615.patch; merged upstream
-- Apollon Oikonomopoulos <email address hidden> Mon, 14 Jan 2019 20:58:05 +0200
Available diffs
- diff from 1.8.14-1 to 1.8.17-1 (38.0 KiB)
- diff from 1.8.16-2 to 1.8.17-1 (8.2 KiB)
haproxy (1.8.13-2ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2018-20102.patch: check the bounds
in src/dns.c.
- CVE-2018-20102
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20103.patch: fix in
src/dns.c.
- CVE-2018-20103
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20615.patch: fix in
src/mux_h2.c.
- CVE-2018-20615
-- <email address hidden> (Leonidas S. Barbosa) Fri, 11 Jan 2019 12:37:38 -0300
Available diffs
haproxy (1.8.8-1ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2018-20102.patch: check the bounds
in src/dns.c.
- CVE-2018-20102
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20103.patch: fix in
src/dns.c.
- CVE-2018-20103
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20615.patch: fix in
src/mux_h2.c.
- CVE-2018-20615
-- <email address hidden> (Leonidas S. Barbosa) Fri, 11 Jan 2019 11:06:19 -0300
Available diffs
haproxy (1.6.3-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2018-20102.patch: check the bounds
in src/dns.c.
- CVE-2018-20102
-- <email address hidden> (Leonidas S. Barbosa) Fri, 11 Jan 2019 10:34:44 -0300
Available diffs
haproxy (1.8.16-2) unstable; urgency=high
* Fix out-of-bounds read in HTTP2 mux (CVE-2018-20615).
This would possibly lead to a crash in H2 HEADERS frame decoder when the
PRIORITY flag is present, due to a missing frame size check.
* Bump Standards-Version to 4.3.0; no changes needed.
-- Apollon Oikonomopoulos <email address hidden> Thu, 03 Jan 2019 12:08:07 +0200
Available diffs
- diff from 1.8.16-1 to 1.8.16-2 (1.4 KiB)
haproxy (1.8.16-1) unstable; urgency=high
* New upstream version 1.8.16.
- BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload
in dns_validate_response()
- BUG/MEDIUM: dns: overflowed dns name start position causing invalid
dns error
* d/rules: do not override CFLAGS, hijack DEBUG_CFLAGS for this instead.
-- Vincent Bernat <email address hidden> Sun, 23 Dec 2018 14:27:11 +0100
Available diffs
- diff from 1.8.15-1 to 1.8.16-1 (1.8 KiB)
haproxy (1.8.15-1) unstable; urgency=high
[ Vincent Bernat ]
* d/rules: switch to pcre2. Closes: #911933.
[ Apollon Oikonomopoulos ]
* New upstream version 1.8.15
- BUG: dns: Fix off-by-one write in dns_validate_dns_response() (
- BUG: dns: Fix out-of-bounds read via signedness error in
dns_validate_dns_response()
- BUG: dns: Prevent out-of-bounds read in dns_read_name()
- BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
(CVE-2018-20102, closes: #916308)
- BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
(CVE-2018-20103, closes: #916307)
- BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
-- Apollon Oikonomopoulos <email address hidden> Fri, 14 Dec 2018 15:31:04 +0200
Available diffs
- diff from 1.8.14-1 to 1.8.15-1 (31.7 KiB)
haproxy (1.8.8-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-14645.patch: fix in include/common/hpack-tbl.h,
src/hpack-dec.c, src/hpack-tbl.c.
- CVE-2018-14645
-- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Oct 2018 08:32:44 -0300
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
haproxy (1.8.13-2build1) cosmic; urgency=high * No change rebuild against openssl 1.1.1 with TLS 1.3 support. -- Dimitri John Ledkov <email address hidden> Sat, 29 Sep 2018 01:36:44 +0100
Available diffs
- diff from 1.8.13-2 (in Debian) to 1.8.13-2build1 (588 bytes)
haproxy (1.8.14-1) unstable; urgency=medium
* New upstream version.
- BUG/CRITICAL: hpack: fix improper sign check on the header index
value (already fixed in 1.8.13-2)
- BUG/MAJOR: kqueue: Don't reset the changes number by accident.
- BUG/MAJOR: thread: lua: Wrong SSL context initialization.
-- Vincent Bernat <email address hidden> Sun, 23 Sep 2018 12:25:03 +0200
Available diffs
haproxy (1.8.13-2) unstable; urgency=high * Fix improper sign check on the HPACK header index value (CVE-2018-14645) * Bump Standards-Version to 4.2.1; no changes needed -- Apollon Oikonomopoulos <email address hidden> Wed, 19 Sep 2018 22:46:58 +0300
Available diffs
- diff from 1.8.13-1 to 1.8.13-2 (1.9 KiB)
haproxy (1.8.13-1) unstable; urgency=medium
* New upstream version.
- BUG/MEDIUM: h2: don't accept new streams if conn_streams are still
in excess
- BUG/MEDIUM: h2: make sure the last stream closes the connection
after a timeout
- BUG/MEDIUM: h2: never leave pending data in the output buffer on close
- BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection
forever
- BUG/MEDIUM: stats: don't ask for more data as long as we're responding
- BUG/MEDIUM: stream-int: don't immediately enable reading when the
buffer was reportedly full
- BUG/MEDIUM: threads/sync: use sched_yield when available
- BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
- BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
- BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread
number
* d/patches: drop systemd exit status patch (applied upstream).
-- Vincent Bernat <email address hidden> Wed, 01 Aug 2018 11:36:20 +0200
Available diffs
- diff from 1.8.12-1 to 1.8.13-1 (12.8 KiB)
haproxy (1.8.12-1) unstable; urgency=medium
* New upstream version.
- BUG/MAJOR: stick_table: Complete incomplete SEGV fix
-- Vincent Bernat <email address hidden> Wed, 27 Jun 2018 20:05:50 +0200
Available diffs
- diff from 1.8.11-1 to 1.8.12-1 (1.8 KiB)
haproxy (1.8.11-1) unstable; urgency=medium
* New upstream version.
- BUG/MAJOR: Stick-tables crash with segfault when the key is not in
the stick-table
-- Vincent Bernat <email address hidden> Tue, 26 Jun 2018 18:26:05 +0200
Available diffs
- diff from 1.8.10-1 to 1.8.11-1 (1.4 KiB)
haproxy (1.8.10-1) unstable; urgency=medium
* New upstream version.
- BUG/MAJOR: lua: Dead lock with sockets
- BUG/MAJOR: map: fix a segfault when using http-request set-map
- BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
- BUG/MAJOR: ssl: Random crash with cipherlist capture
- BUG/MEDIUM: cache: don't cache when an Authorization header is present
- BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check
failure.
- BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
- BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
- BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
- BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
- BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
- BUG/MEDIUM: threads: handle signal queue only in thread 0
* Remove patch from CVE. Included upstream.
* d/patches: add a patch for clean stop with systemd.
-- Vincent Bernat <email address hidden> Fri, 22 Jun 2018 20:21:37 +0200
Available diffs
- diff from 1.8.9-2 to 1.8.10-1 (14.5 KiB)
haproxy (1.8.8-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Information disclosure
- debian/patches/CVE-2018-11469.patch: fix in src/protp_http.c and
adds some config notes.
- CVE-2018-11469
-- <email address hidden> (Leonidas S. Barbosa) Tue, 29 May 2018 16:29:29 -0300
Available diffs
haproxy (1.8.9-2) unstable; urgency=high
* d/patches: fix CVE-2018-11469: do not cache when an Authorization
header is present. Closes: #900084.
-- Vincent Bernat <email address hidden> Sat, 26 May 2018 16:05:07 +0200
Available diffs
- diff from 1.8.9-1 to 1.8.9-2 (1.6 KiB)
haproxy (1.8.9-1) unstable; urgency=medium
* New upstream version.
- BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
- BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
- BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
- BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
- BUG/MEDIUM: pollers: Use a global list for fd shared between threads
- BUG/MEDIUM: ssl: properly protect SSL cert generation
- BUG/MEDIUM: task: Don't free a task that is about to be run
- BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
* d/rsyslog.conf: use modern syntax and statements, thanks to Guillem
Jover. Closes: #897914.
-- Vincent Bernat <email address hidden> Sat, 19 May 2018 15:00:17 +0200
Available diffs
- diff from 1.8.8-1 to 1.8.9-1 (13.8 KiB)
| Deleted in trusty-proposed (Reason: The package was removed due to its SRU bug(s) not being v...) |
haproxy (1.4.24-2ubuntu0.5) trusty; urgency=medium
* debian/haproxy.init: Ensure /run/haproxy exists and has the correct
permissions on haproxy start (LP: #1755061).
-- James Page <email address hidden> Fri, 18 May 2018 10:02:06 +0100
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
haproxy (1.8.8-1) unstable; urgency=high
* New upstream version.
- BUG/CRITICAL: h2: fix incorrect frame length check
-- Vincent Bernat <email address hidden> Thu, 19 Apr 2018 17:51:55 +0200
Available diffs
- diff from 1.8.7-1 to 1.8.8-1 (4.7 KiB)
haproxy (1.8.7-1) unstable; urgency=medium
* New upstream version.
- BUG/MAJOR: cache: always initialize newly created objects
* d/control: switch maintainer address to tracker.debian.org.
-- Vincent Bernat <email address hidden> Sat, 07 Apr 2018 07:58:34 +0200
Available diffs
- diff from 1.8.4-1 to 1.8.7-1 (28.6 KiB)
haproxy (1.8.4-1) experimental; urgency=medium * New upstream stable release. * d/patches: document why dconv patch is not in series. * d/docs: ship NOTICE file in haproxy-doc. -- Vincent Bernat <email address hidden> Sat, 10 Feb 2018 08:43:36 +0100
Available diffs
- diff from 1.7.9-1ubuntu2 (in Ubuntu) to 1.8.4-1 (834.2 KiB)
haproxy (1.7.9-1ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:49:35 +0000
Available diffs
- diff from 1.7.9-1ubuntu1 to 1.7.9-1ubuntu2 (350 bytes)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
haproxy (1.7.9-1ubuntu1) artful; urgency=medium
* Backport of -x option from upstream haproxy to enable seamless
reloading of haproxy without dropping connections. This is enabled
by adding
" stats socket <stats file> expose-fd listeners
stats bind-process 1 "
to the global section of your haproxy config, and
setting HAPROXY_STATS_SOCKET in the haproxy.service unit file.
(LP: #1712925)
-- Dave Chiluk <email address hidden> Thu, 14 Sep 2017 12:32:36 -0500
Available diffs
haproxy (1.7.9-1) unstable; urgency=medium
* New upstream version release (see CHANGELOG):
- BUG/MAJOR: lua/socket: resources not destroyed when the socket is
aborted
- BUG/MEDIUM: lua: bad memory access
- BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body
length is undefined
-- Vincent Bernat <email address hidden> Sat, 19 Aug 2017 12:05:02 +0200
Available diffs
- diff from 1.7.8-1 to 1.7.9-1 (10.6 KiB)
haproxy (1.7.8-1) unstable; urgency=medium
* New upstream version release (see CHANGELOG):
- BUG/MAJOR: cli: fix custom io_release was crushed by NULL.
- BUG/MAJOR: compression: Be sure to release the compression state in
all cases
- BUG/MAJOR: map: fix segfault during 'show map/acl' on cli.
- BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both
channels
- BUG/MEDIUM: map/acl: fix unwanted flags inheritance.
* Bump Standards-Version to 4.0.0. No changes needed.
* Update d/watch to use https.
-- Vincent Bernat <email address hidden> Sat, 08 Jul 2017 08:24:35 +0200
Available diffs
- diff from 1.7.7-1 to 1.7.8-1 (6.4 KiB)
haproxy (1.7.7-1) unstable; urgency=medium
* New upstream version release (see CHANGELOG):
- BUG/MEDIUM: http: Drop the connection establishment when a redirect
is performed
- BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range
1..32767
-- Vincent Bernat <email address hidden> Mon, 26 Jun 2017 14:06:48 +0200
Available diffs
- diff from 1.7.6-1 to 1.7.7-1 (3.3 KiB)
haproxy (1.7.6-1) unstable; urgency=medium
* New upstream version release (see CHANGELOG):
- BUG/MAJOR: Use -fwrapv.
- BUG/MAJOR: http: call manage_client_side_cookies() before erasing
the buffer
- BUG/MAJOR: server: Segfault after parsing server state file.
- BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
- BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
- BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments
on error
- BUG/MEDIUM: lua: memory leak
- BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return
anything
- BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
- BUG/MEDIUM: unix: never unlink a unix socket from the file system
-- Vincent Bernat <email address hidden> Sun, 18 Jun 2017 12:34:40 +0200
Available diffs
- diff from 1.7.5-2 to 1.7.6-1 (15.0 KiB)
haproxy (1.7.5-2) unstable; urgency=medium
* Enable getaddrinfo() support, allowing resolution of hostnames to IPv6
addresses (Closes: #862780). Thanks to Anton Eliasson
<email address hidden>!
-- Apollon Oikonomopoulos <email address hidden> Wed, 17 May 2017 13:01:45 +0300
Available diffs
- diff from 1.7.5-1 to 1.7.5-2 (565 bytes)
haproxy (1.7.5-1) unstable; urgency=medium
* New upstream version release (see CHANGELOG):
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is
enabled
-- Apollon Oikonomopoulos <email address hidden> Tue, 04 Apr 2017 14:25:38 +0300
Available diffs
- diff from 1.7.2-1 to 1.7.5-1 (36.1 KiB)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
haproxy (1.7.2-1) unstable; urgency=medium
* New upstream release (see CHANGELOG):
+ Fix a regression whereby fragmented requests were randomly flagged as
bad requests depending on previous buffer contents; this was noticable
under low load with authenticated requests.
+ Fix dynamic address resolution for IPv6-only hosts.
+ Make sure SSL sessions are not reused when the SNI changes. This makes
SNI and SSL health checks play nice together.
+ Minor improvements:
- Add the ability to perform actions on multiple servers via the stats
page.
- Add the ability to specify a custom HTTP reason field in generated
responses.
- New sample fetch function, `fc_rcvd_proxy', indicating wheter the
PROXY protocol was used on the frontend for a connection or not.
-- Apollon Oikonomopoulos <email address hidden> Fri, 13 Jan 2017 14:49:05 +0200
Available diffs
- diff from 1.7.1-1 to 1.7.2-1 (27.6 KiB)
haproxy (1.7.1-1) unstable; urgency=medium
* New upstream stable release.
* Upload to unstable.
* Notable new features since 1.6:
+ SPOE (stream processing offload engine) : ability to delegate some
slow, unreliable or dangerous processing to external processes.
+ More statistics in the CSV output.
+ Support of directories for config files: if the argument to -f
is a directory, all files found there are loaded in alphabetical order.
+ It is now possible to set/unset/preset environment variables directly in
the global section and query them through the CLI.
+ The CLI makes it possible to change a server's address, port, maxconn,
check address and port at runtime, without reloading haproxy.
+ Support for multiple certificates: different certificates for the same
domain so that the best one can be picked according to browser support.
The main use is to be able to deliver ECDSA certificates to clients
supporting them, without breaking compatibility with older clients.
+ SO_REUSEPORT is now configurable and can be disabled.
+ Updates to the Lua API, including new classes to access many internal
objects like listeners, servers, proxies etc.
+ Support for a new type of maps consisting of regular expressions with
replacement values.
-- Apollon Oikonomopoulos <email address hidden> Tue, 13 Dec 2016 12:32:32 +0200
Available diffs
- diff from 1.6.10-1 to 1.7.1-1 (446.6 KiB)
haproxy (1.6.10-1) unstable; urgency=medium
* New upstream release (see CHANGELOG):
+ Fix retransmits in proxy mode and rare cases of unkillable tasks.
+ systemd wrapper: do not leave old processes behind when reloading too
fast.
+ systemd wrapper: correctly set the status code.
+ Fix two bugs in the peers' task management possibly causing some
CLOSE_WAIT connection after some rare race conditions.
+ Make SO_REUSEPORT use configurable via the "-dR" command line switch
or the "noreuseport" config option in the global section.
* B-D on libssl1.0-dev (Closes: #828337); upstream does not currently
support OpenSSL 1.1 for the 1.6 series.
* haproxy: depend on lsb-base for the initscript's use of
/lib/lsb/init-functions.
-- Apollon Oikonomopoulos <email address hidden> Mon, 21 Nov 2016 11:46:16 +0200
Available diffs
- diff from 1.6.9-2 to 1.6.10-1 (14.9 KiB)
haproxy (1.6.9-2) unstable; urgency=medium
* Enable Linux namespace support.
* Pass the full Debian version and package release date from d/changelog to
the build system.
* initscript: reorder the reload command arguments to always parse EXTRAOPTS
properly.
-- Apollon Oikonomopoulos <email address hidden> Wed, 28 Sep 2016 10:45:43 +0300
Available diffs
- diff from 1.6.8-1 to 1.6.9-2 (2.7 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
haproxy (1.6.8-1) unstable; urgency=medium
* New upstream release (see CHANGELOG):
+ BUG/MAJOR: compression: initialize avail_in/next_in even during
flush
+ BUG/MAJOR: server: the "sni" directive could randomly cause trouble
+ BUG/MAJOR: stick-counters: possible crash when using sc_trackers
with wrong table
-- Vincent Bernat <email address hidden> Sun, 14 Aug 2016 14:17:08 +0200
Available diffs
- diff from 1.6.7-1 to 1.6.8-1 (8.0 KiB)
haproxy (1.6.7-1) unstable; urgency=medium
* New upstream release (see CHANGELOG):
+ BUG/MAJOR: fix use-after-free crash on start
+ BUG/MEDIUM: dns: fix alignment issues in the DNS response parser
-- Vincent Bernat <email address hidden> Thu, 14 Jul 2016 08:29:43 +0200
Available diffs
- diff from 1.6.6-1 to 1.6.7-1 (3.8 KiB)
haproxy (1.6.6-1) unstable; urgency=medium
* New upstream release (see CHANGELOG):
+ BUG/MAJOR: fix listening IP address storage for frontends
+ BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
+ BUG/MEDIUM: stick-tables: fix breakage in table converters
+ BUG/MEDIUM: dns: unbreak DNS resolver after header fix
+ BUG/MEDIUM: stats: show servers state may show an servers from another
backend
+ BUG/MEDIUM: fix risk of segfault with "show tls-keys"
+ BUG/MEDIUM: sticktables: segfault in some configuration error cases
+ BUG/MEDIUM: lua: converters doesn't work
+ BUG/MEDIUM: http: add-header: buffer overwritten
+ BUG/MEDIUM: external-checks: close all FDs right after the fork()
+ BUG/MAJOR: external-checks: use asynchronous signal delivery
* Drop haproxy.service-check-config-before-reload.patch. Applied
upstream.
-- Vincent Bernat <email address hidden> Tue, 28 Jun 2016 10:13:33 +0200
Available diffs
- diff from 1.6.5-2 to 1.6.6-1 (12.6 KiB)
haproxy (1.6.3-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service via reqdeny
- debian/patches/CVE-2016-5360.patch: use temporary variable to store
status in include/types/proto_http.h, src/proto_http.c.
- CVE-2016-5360
-- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 09:35:08 +0300
Available diffs
haproxy (1.6.5-2) unstable; urgency=high
* Add a patch to fix CVE-2016-5360. Closes: #826869.
+ BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
-- Vincent Bernat <email address hidden> Sat, 11 Jun 2016 22:23:50 +0200
Available diffs
- diff from 1.6.5-1 to 1.6.5-2 (2.6 KiB)
haproxy (1.6.5-1) unstable; urgency=medium
* New upstream release (see CHANGELOG):
+ BUG/MAJOR: channel: fix miscalculation of available buffer space
+ BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY
headers
+ BUG/MEDIUM: channel: don't allow to overwrite the reserve until
connected
+ BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers
+ BUG/MEDIUM: channel: incorrect polling condition may delay event
delivery
+ BUG/MEDIUM: dns: fix alignment issue when building DNS queries
+ BUG/MEDIUM: fix maxaccept computation on per-process listeners
+ BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are
present
+ BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from
dead client
+ BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP
mode
+ BUG/MEDIUM: lua: protects the upper boundary of the argument list for
converters/fetches.
+ BUG/MEDIUM: peers: fix incorrect age in frequency counters
+ BUG/MEDIUM: sample: initialize the pointer before parse_binary call.
+ BUG/MEDIUM: stats: show backend may show an empty or incomplete result
+ BUG/MEDIUM: stats: show servers state may show an empty or incomplete
result
+ BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the
connection state.
+ BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared
+ BUG/MEDIUM: trace.c: rdtsc() is defined in two files
+ MEDIUM: unblock signals on startup.
* Bump standards to 3.9.8; no changes needed.
-- Apollon Oikonomopoulos <email address hidden> Wed, 11 May 2016 11:07:24 +0300
Available diffs
- diff from 1.6.4-3 to 1.6.5-1 (25.0 KiB)
haproxy (1.6.4-3) unstable; urgency=medium
* d/init: remove support for dynamic script name. This enable haproxy to
be started on boot.
-- Vincent Bernat <email address hidden> Thu, 24 Mar 2016 20:36:08 +0100
Available diffs
- diff from 1.6.3-1 to 1.6.4-3 (40.4 KiB)
| Published in trusty-backports |
haproxy (1.5.14-1ubuntu0.15.10.1~ubuntu14.04.1) trusty-backports; urgency=medium * No-change backport to trusty (LP: #1494141)
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
haproxy (1.6.3-1) unstable; urgency=medium
[ Apollon Oikonomopoulos ]
* haproxy.init: use s-s-d's --pidfile option.
Thanks to Louis Bouchard (Closes: 804530)
[ Vincent Bernat ]
* watch: fix d/watch to look for 1.6 version
* Imported Upstream version 1.6.3
-- Vincent Bernat <email address hidden> Thu, 31 Dec 2015 08:10:10 +0100
Available diffs
haproxy (1.4.24-2ubuntu0.4) trusty; urgency=medium
* debian/haproxy.init: Ensure that EXIT trap does not override the
return status of the init script, which causes issues in tools that
check return codes such as pacemaker (LP: #1526271).
-- James Page <email address hidden> Tue, 15 Dec 2015 15:07:13 +0000
Available diffs
| 76 → 150 of 206 results | First • Previous • Next • Last |
