./net/haproxy, Reliable, high performance TCP/HTTP load balancer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.6.3, Package name: haproxy-1.6.3, Maintainer: morr

HAProxy is a free, very fast and reliable solution offering high
availability, load balancing, and proxying for TCP and HTTP-based
applications. It is particularly suited for web sites crawling under
very high loads while needing persistence or Layer7 processing.
Supporting tens of thousands of connections is clearly realistic with
todays hardware.

Required to run:

Package options: pcre, ssl

Master sites:

SHA1: f7da36b53188fa15551978dfbda80a9e1816fa01
RMD160: 936f280639b24aa29c71f60660c093a3d0da6b2a
Filesize: 1519.396 KB

Version history: (Expand)

CVS history: (Expand)

   2016-02-01 11:07:56 by Jonathan Perkin | Files touched by this commit (4)
Log message:
Fix build on SunOS.  Clean up patches while here.
   2016-01-03 18:13:40 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
2015/12/27 : 1.6.3
    - BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
    - BUG/MINOR: server: check return value of fgets() in apply_server_state()
    - BUG/MINOR: acl: don't use record layer in req_ssl_ver
    - BUILD: freebsd: double declaration
    - BUG/MEDIUM: lua: clean output buffer
    - BUILD: check for libressl to be able to build against it
    - DOC: lua-api/index.rst small example fixes, spelling correction.
    - DOC: lua: architecture and first steps
    - DOC: relation between timeout http-request and option http-buffer-request
    - BUILD: Make deviceatlas require PCRE
    - BUG: http: do not abort keep-alive connections on server timeout
    - BUG/MEDIUM: http: switch the request channel to no-delay once done.
    - BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket
    - BUILD/MINOR: http: proto_http.h needs sample.h
    - BUG/MEDIUM: http: don't enable auto-close on the response side
    - BUG/MEDIUM: stream: fix half-closed timeout handling
    - CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB
    - BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
    - BUG/MEDIUM: sample: urlp can't match an empty value
    - BUILD: dumpstats: silencing warning for printf format specifier / time_t
    - CLEANUP: proxy: calloc call inverted arguments
    - MINOR: da: silent logging by default and displaying DeviceAtlas support if \ 
    - BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is \ 
no input.
    - DOC: Edited 51Degrees section of README/ (cherry picked from commit \ 
    - BUG/MEDIUM: checks: email-alert not working when declared in defaults
    - BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers \ 
section is configured
    - BUG/MINOR: checks: typo in an email-alert error message
    - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server \ 
and last rule is a CONNECT with no port
    - BUG/MINOR: tcpcheck: conf parsing error when no port configured on server \ 
and first rule(s) is (are) COMMENT
    - BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
    - DOC: prefer using http-request/response over reqXXX/rspXXX directives
    - BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
    - BUG/MEDIUM: peers: table entries learned from a remote are pushed to \ 
others after a random delay.
    - BUG/MEDIUM: peers: old stick table updates could be repushed.
    - CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
    - MINOR: lua: service/applet can have access to the HTTP headers when a POST \ 
is received
    - REORG/MINOR: lua: convert boolean "int" to bitfield
    - BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
    - BUG/MINOR: lua: Lua applets must not use http_txn
    - BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
    - BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
    - CLEANUP: lua: bad error messages
    - DOC: lua: fix lua API
    - DOC: mailers: typo in 'hostname' description
    - DOC: compression: missing mention of libslz for compression algorithm
    - BUILD/MINOR: regex: missing header
    - BUG/MINOR: stream: bad return code
    - DOC: lua: fix somme errors and add implicit types

While there, add better support for deviceatlas option, from David CARLIER.
   2015-12-29 05:04:32 by David A. Holland | Files touched by this commit (82)
Log message:
Fix missing/broken rcsids.
   2015-11-12 17:35:28 by Daniel Horecki | Files touched by this commit (1)
Log message:
Remove obsolete patch.
   2015-11-12 17:32:29 by Daniel Horecki | Files touched by this commit (5) | Package updated
Log message:
Update to newest version.

ChangeLog (only stable versions):

2015/11/03 : 1.6.2
    - BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0
    - DOC: fix a typo for a "deviceatlas" keyword
    - FIX: small typo in an example using the "Referer" header
    - BUG/MEDIUM: config: count memory limits on 64 bits, not 32
    - BUG/MAJOR: dns: first DNS response packet not matching queried hostname \ 
may lead to a loop
    - BUG/MINOR: dns: unable to parse CNAMEs response
    - BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
    - DOC: deviceatlas: more example use cases.
    - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
    - BUG/MAJOR: http: don't requeue an idle connection that is already queued
    - DOC: typo on capture.res.hdr and capture.req.hdr
    - BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section \ 
was missing
    - CLEANUP: use direction names in place of numeric values
    - BUG/MEDIUM: lua: sample fetches based on response doesn't work

2015/10/20 : 1.6.1
    - DOC: specify that stats socket doc (section 9.2) is in management
    - BUILD: install only relevant and existing documentation
    - CLEANUP: don't ignore debian/ directory if present
    - BUG/MINOR: dns: parsing error of some DNS response
    - BUG/MEDIUM: namespaces: don't fail if no namespace is used
    - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled
    - MEDIUM: dns: Don't use the ANY query type

2015/10/13 : 1.6.0
    - BUG/MINOR: Handle interactive mode in cli handler
    - DOC: global section missing parameters
    - DOC: backend section missing parameters
    - DOC: stats paramaters available in frontend
    - MINOR: lru: do not allocate useless memory in lru64_lookup
    - BUG/MINOR: http: Add OPTIONS in supported http methods (found by \ 
    - BUG/MINOR: ssl: fix management of the cache where forged certificates are \ 
    - MINOR: ssl: Release Servers SSL context when HAProxy is shut down
    - MINOR: ssl: Read the file used to generate certificates in any order
    - MINOR: ssl: Add support for EC for the CA used to sign generated certificates
    - MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates
    - BUG/MEDIUM: logs: fix time zone offset format in RFC5424
    - BUILD: Fix the build on OSX (htonll/ntohll)
    - BUILD: enable build on Linux/s390x
    - BUG/MEDIUM: lua: direction test failed
    - MINOR: lua: fix a spelling error in some error messages
    - CLEANUP: cli: ensure we can never double-free error messages
    - BUG/MEDIUM: lua: force server-close mode on Lua services
    - MEDIUM: init: support more command line arguments after pid list
    - MEDIUM: init: support a list of files on the command line
    - MINOR: debug: enable memory poisonning to use byte 0
    - BUILD: ssl: fix build error introduced by recent commit
    - BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers
    - MEDIUM: server: implement TCP_USER_TIMEOUT on the server
    - DOC: mention the "namespace" options for bind and server lines
    - DOC: add the "management" documentation
    - DOC: move the stats socket documentation from config to management
    - MINOR: examples: update haproxy.spec to mention new docs
    - DOC: mention management.txt in README
    - DOC: remove haproxy-{en,fr}.txt
    - BUILD: properly report when USE_ZLIB and USE_SLZ are used together
    - MINOR: init: report use of libslz instead of "no compression"
    - CLEANUP: examples: remove some obsolete and confusing files
    - CLEANUP: examples: remove obsolete configuration file samples
    - CLEANUP: examples: fix the example file content-sw-sample.cfg
    - CLEANUP: examples: update sample file option-http_proxy.cfg
    - CLEANUP: examples: update sample file ssl.cfg
    - CLEANUP: tests: move a test file from examples/ to tests/
    - CLEANUP: examples: shut up warnings in transparent proxy example
    - CLEANUP: tests: removed completely obsolete test files
    - DOC: update ROADMAP to remove what was done in 1.6
    - BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id
   2015-07-04 15:13:53 by Daniel Horecki | Files touched by this commit (3) | Package updated
Log message:
Security update to newest version.


Released version 1.5.14 with the following main changes :
  - BUILD/MINOR: tools: rename popcount to my_popcountl
  - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data

Released version 1.5.13 with the following main changes :
  - BUG/MINOR: check: fix tcpcheck error message
  - CLEANUP: deinit: remove codes for cleaning p->block_rules
  - DOC: Update doc about weight, act and bck fields in the statistics
  - MINOR: ssl: add a destructor to free allocated SSL ressources
  - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
  - MEDIUM: ssl: replace standards DH groups with custom ones
  - BUG/MINOR: debug: display (null) in place of "meth"
  - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
  - BUG/MEDIUM: cfgparse: segfault when userlist is misused
  - BUG/MEDIUM: stats: properly initialize the scope before dumping stats
  - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for \ 
  - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
  - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
  - CLEANUP: checks: simplify the loop processing of tcp-checks
  - BUG/MAJOR: checks: always check for end of list before proceeding
  - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
  - BUG/MEDIUM: peers: apply a random reconnection timeout
  - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
  - MEDIUM: init: don't stop proxies in parent process when exiting
  - MINOR: peers: store the pointer to the signal handler
  - MEDIUM: peers: unregister peers that were never started
  - MEDIUM: config: propagate the table's process list to the peers sections
  - MEDIUM: init: stop any peers section not bound to the correct process
  - MEDIUM: config: validate that peers sections are bound to exactly one process
  - MAJOR: peers: allow peers section to be used with nbproc > 1
  - DOC: relax the peers restriction to single-process
  - CLEANUP: config: fix misleading information in error message.
  - MINOR: config: report the number of processes using a peers section in the \ 
error case
  - BUG/MEDIUM: config: properly compute the default number of processes for a proxy

pkgsrc changes:
Thanks to "rename popcount to my_popcountl" one of patches can be removed.
   2015-06-26 15:37:27 by Blue Rats | Files touched by this commit (2) | Package updated
Log message:
Update to 1.5.12. Fixes a pile of bugs. From CHANGELOG:

2015/05/02 : 1.5.12
    - BUG/MINOR: ssl: Display correct filename in error message
    - DOC: Fix L4TOUT typo in documentation
    - BUG/MEDIUM: Do not consider an agent check as failed on L7 error
    - BUG/MINOR: pattern: error message missing
    - BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
    - BUG/MEDIUM: buffer: one byte miss in buffer free space check
    - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
    - BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't \ 
respect the HTTP syntax
    - BUG/MEDIUM: peers: correctly configure the client timeout
    - BUG/MINOR: compression: consider the expansion factor in init
    - BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
    - BUG/MEDIUM: listener: don't report an error when resuming unbound listeners
    - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
    - BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified
    - BUG/MEDIUM: http: remove content-length from chunked messages
    - DOC: http: update the comments about the rules for determining transfer-length
    - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1
    - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request
    - BUG/MEDIUM: http: remove content-length form responses with bad \ 
    - MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230
    - MEDIUM: http: add option-ignore-probes to get rid of the floods of 408
    - BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies
    - MINOR: stick-table: don't attach to peers in stopped state
    - MEDIUM: config: initialize stick-tables after peers, not before
    - MEDIUM: peers: add the ability to disable a peers section
    - DOC: document option http-ignore-probes
    - DOC: fix the comments about the meaning of msg->sol in HTTP
    - BUG/MEDIUM: http: wait for the exact amount of body bytes in \ 
    - BUG/MAJOR: http: prevent risk of reading past end with balance url_param
    - DOC: update the doc on the proxy protocol
   2015-03-14 21:36:23 by Blue Rats | Files touched by this commit (3) | Package updated
Log message:
Update to latest stable, 1.5.11. PKG_SUGGESTED_OPTIONS+=ssl. It's 2015.

ChangeLog :

2015/02/01 : 1.5.11
    - BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used
    - MINOR: ssl: load certificates in alphabetical order
    - BUG/MINOR: checks: prevent http keep-alive with http-check expect
    - BUG/MEDIUM: Do not set agent health to zero if server is disabled in config
    - MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent \ 
health is zero
    - BUG/MINOR: stats:Fix incorrect printf type.
    - DOC: add missing entry for log-format and clarify the text
    - BUG/MEDIUM: http: fix header removal when previous header ends with pure LF
    - BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation
    - BUG/MINOR: channel: compare to_forward with buf->i, not buf->size
    - MINOR: channel: add channel_in_transit()
    - MEDIUM: channel: make buffer_reserved() use channel_in_transit()
    - MEDIUM: channel: make bi_avail() use channel_in_transit()
    - BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected
    - BUG/MAJOR: log: don't try to emit a log if no logger is set
    - BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names
    - BUG/MEDIUM: http: make http-request set-header compute the string before \ 
    - BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value
    - BUG/MINOR: http: abort request processing on filter failure

2014/12/31 : 1.5.10
    - DOC: fix a few typos
    - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 \ 
    - BUG/MINOR: parse: refer curproxy instead of proxy
    - DOC: httplog does not support 'no'
    - MINOR: map/acl/dumpstats: remove the "Done." message
    - BUG/MEDIUM: sample: fix random number upper-bound
    - BUG/MEDIUM: patterns: previous fix was incomplete
    - BUG/MEDIUM: payload: ensure that a request channel is available
    - BUG/MINOR: tcp-check: don't condition data polling on check type
    - BUG/MEDIUM: tcp-check: don't rely on random memory contents
    - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
    - BUG/MINOR: config: fix typo in condition when propagating process binding
    - BUG/MEDIUM: config: do not propagate processes between stopped processes
    - BUG/MAJOR: stream-int: properly check the memory allocation return
    - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
    - BUG/MEDIUM: compression: correctly report zlib_mem