-
haproxy (1.5.4-1ubuntu2.1) utopic-security; urgency=medium
* SECURITY UPDATE: information disclosure via uninitialized memory
- debian/patches/CVE-2015-3281.patch: respect output data in
src/buffer.c.
- CVE-2015-3281
-- Marc Deslauriers <email address hidden> Mon, 06 Jul 2015 16:24:11 -0400
-
haproxy (1.5.4-1ubuntu2) utopic; urgency=medium
* debian/haproxy.init: Backport of vivid stop routine,
uses start-stop-daemon to reliable terminate all haproxy processes
and return the proper exit code. (LP: #1462495)
-- Jorge Niedbalski <email address hidden> Mon, 08 Jun 2015 15:52:13 -0500
-
haproxy (1.5.4-1ubuntu1) utopic; urgency=medium
* haproxy.init: return 0 on stop if haproxy was not running. (LP: #1038139)
-- Serge Hallyn <email address hidden> Tue, 23 Sep 2014 12:06:17 -0500
-
haproxy (1.5.4-1) unstable; urgency=high
* New upstream version.
+ Fix a critical bug that, under certain unlikely conditions, allows a
client to crash haproxy.
* Prefix rsyslog configuration file to ensure to log only to
/var/log/haproxy. Thanks to Paul Bourke for the patch.
-- Vincent Bernat <email address hidden> Tue, 02 Sep 2014 19:14:38 +0200
-
haproxy (1.5.3-1) unstable; urgency=medium
* New upstream stable release, fixing the following issues:
+ Memory corruption when building a proxy protocol v2 header
+ Memory leak in SSL DHE key exchange
-- Apollon Oikonomopoulos <email address hidden> Fri, 25 Jul 2014 10:41:36 +0300
-
haproxy (1.5.2-1) unstable; urgency=medium
* New upstream stable release. Important fixes:
+ A few sample fetch functions when combined in certain ways would return
malformed results, possibly crashing the HAProxy process.
+ Hash-based load balancing and http-send-name-header would fail for
requests which contain a body which starts to be forwarded before the
data is used.
-- Apollon Oikonomopoulos <email address hidden> Mon, 14 Jul 2014 00:42:32 +0300
-
haproxy (1.5.1-1) unstable; urgency=medium
* New upstream stable release:
+ Fix a file descriptor leak for clients that disappear before connecting.
+ Do not staple expired OCSP responses.
-- Apollon Oikonomopoulos <email address hidden> Tue, 24 Jun 2014 12:56:30 +0300
-
haproxy (1.5.0-1) unstable; urgency=medium
* New upstream stable series. Notable changes since the 1.4 series:
+ Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
+ IPv6 and UNIX sockets are supported everywhere
+ End-to-end HTTP keep-alive for better support of NTLM and improved
efficiency in static farms
+ HTTP/1.1 response compression (deflate, gzip) to save bandwidth
+ PROXY protocol versions 1 and 2 on both sides
+ Data sampling on everything in request or response, including payload
+ ACLs can use any matching method with any input sample
+ Maps and dynamic ACLs updatable from the CLI
+ Stick-tables support counters to track activity on any input sample
+ Custom format for logs, unique-id, header rewriting, and redirects
+ Improved health checks (SSL, scripted TCP, check agent, ...)
+ Much more scalable configuration supports hundreds of thousands of
backends and certificates without sweating
* Upload to unstable, merge all 1.5 work from experimental. Most important
packaging changes since 1.4.25-1 include:
+ systemd support.
+ A more sane default config file.
+ Zero-downtime upgrades between 1.5 releases by gracefully reloading
HAProxy during upgrades.
+ HTML documentation shipped in the haproxy-doc package.
+ kqueue support for kfreebsd.
* Packaging changes since 1.5~dev26-2:
+ Drop patches merged upstream:
o Fix-reference-location-in-manpage.patch
o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
+ d/watch: look for stable 1.5 releases
+ systemd: respect CONFIG and EXTRAOPTS when specified in
/etc/default/haproxy.
+ initscript: test the configuration before start or reload.
+ initscript: remove the ENABLED flag and logic.
-- Apollon Oikonomopoulos <email address hidden> Fri, 20 Jun 2014 11:05:17 +0300
-
haproxy (1.4.25-1) unstable; urgency=medium
[ Prach Pongpanich ]
* New upstream version.
* Update watch file to use the source page.
* Bump Standards-Version to 3.9.5.
[ Thomas Bechtold ]
* debian/control: Add haproxy-dbg binary package for debug symbols.
[ Apollon Oikonomopoulos ]
* Require syslog to be operational before starting. Closes: #726323.
* Document how to bind non-local IPv6 addresses.
* Add a reference to configuration.txt.gz to the manpage.
* debian/copyright: synchronize with source.
-- Prach Pongpanich <email address hidden> Fri, 28 Mar 2014 09:35:09 +0700
-
haproxy (1.4.24-2) unstable; urgency=low
[ Apollon Oikonomopoulos ]
* Ship contrib/halog as /usr/bin/halog.
[ Vincent Bernat ]
* Don't use -L/usr/lib and rely on default search path. Closes: #722777.
-- Vincent Bernat <email address hidden> Sun, 15 Sep 2013 14:36:27 +0200