Path to this page:
Subject: CVS commit: [pkgsrc-2014Q2] pkgsrc/net/haproxy
From: Matthias Scheler
Date: 2014-09-13 20:13:24
Message id: 20140913181324.2FA9498@cvs.netbsd.org
Log Message:
Pullup ticket #4499 - requested by morr
net/haproxy: security update
Revisions pulled up:
- net/haproxy/Makefile 1.13-1.15
- net/haproxy/PLIST 1.5
- net/haproxy/distinfo 1.9-1.11
- net/haproxy/options.mk 1.1
- net/haproxy/patches/patch-aa 1.5
- net/haproxy/patches/patch-ab deleted
- net/haproxy/patches/patch-standard_h 1.1
---
Module Name: pkgsrc
Committed By: fhajny
Date: Mon Jul 14 15:30:10 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile PLIST distinfo
pkgsrc/net/haproxy/patches: patch-aa
Added Files:
pkgsrc/net/haproxy: options.mk
pkgsrc/net/haproxy/patches: patch-standard_h
Removed Files:
pkgsrc/net/haproxy/patches: patch-ab
Log Message:
Update haproxy to 1.5.2. Introduce support for OpenSSL, PCRE and Zlib.
1.5.2
-----
Two extra important issues were discovered since 1.5.1 which were fixed
in 1.5.2. The first one can cause some sample fetch combinations to fail
together in a same expression, and one artificial case (but totally
useless) may even crash the process. The second one is an incomplete
fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
algorithms and http-send-name-header may fail if a request contains
a body which starts to be forwarded before the contents are used.
A few other bugs were fixed, and the max syslog line length is now
configurable per logger.
1.5.1
-----
Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
one which can cause some file descriptor leak when dealing with clients
which disappear from the net, resulting in the impossibility to accept
new connections after some time.
1.5.0
-----
1.5 expands 1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
keep-alive for better support of NTLM and improved efficiency in
static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
PROXY protocol versions 1 and 2 on both sides, data sampling on
everything in request or response, including payload, ACLs can use
any matching method with any input sample maps and dynamic ACLs
updatable from the CLI stick-tables support counters to track
activity on any input sample custom format for logs, unique-id,
header rewriting, and redirects, improved health checks (SSL,
scripted TCP, check agent, ...), much more scalable configuration
supports hundreds of thousands of backends and certificates without
sweating.
Full changelog for the 1.5 branch:
http://www.haproxy.org/download/1.5/src/CHANGELOG
---
Module Name: pkgsrc
Committed By: fhajny
Date: Sun Jul 27 16:33:36 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
Log Message:
Update haproxy to 1.5.3.
2014/07/25 : 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy
v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
---
Module Name: pkgsrc
Committed By: morr
Date: Fri Sep 12 21:37:38 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
Log Message:
Update to version 1.5.4.
Changes:
- BUG: config: error in http-response replace-header number of arguments
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an \
unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are \
supported
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MEDIUM: http: tarpit timeout is reset
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
Files: