./net/haproxy, Reliable, high performance TCP/HTTP load balancer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.5.0, Package name: haproxy-2.5.0, Maintainer: morr

HAProxy is a free, very fast and reliable solution offering high
availability, load balancing, and proxying for TCP and HTTP-based
applications. It is particularly suited for web sites crawling under
very high loads while needing persistence or Layer7 processing.
Supporting tens of thousands of connections is clearly realistic with
todays hardware.


Required to run:
[security/openssl] [devel/pcre]

Required to build:
[pkgtools/cwrappers]

Package options: pcre, ssl

Master sites:

Filesize: 3714.059 KB

Version history: (Expand)


CVS history: (Expand)


   2021-11-29 21:31:01 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
haproxy: updated to 2.5.0

2.5.0
- BUILD: SSL: add quictls build to scripts/build-ssl.sh
- BUILD: SSL: add QUICTLS to build matrix
- CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis
- BUILD: cli: clear a maybe-unused  warning on some older compilers
- BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword
- BUG/MINOR: ssl: make SSL counters atomic
- CLEANUP: assorted typo fixes in the code and comments
- BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
- MINOR: version: mention that it's stable now
   2021-11-04 09:17:12 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
haproxy: updated to 2.4.8

2.4.8
- CLEANUP: server: always include the storage for SSL settings
- CLEANUP: sample: rename sample_conv_var2smp() to *_sint
- CLEANUP: sample: uninline sample_conv_var2smp_str()
- MINOR: sample: provide a generic var-to-sample conversion function
- BUG/MEDIUM: sample: properly verify that variables cast to sample
- BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames
- DOC: configuration: add clarification on escaping in keyword arguments
- MINOR: initcall: Rename __GLOBL and __GLOBL1.
- BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back
- BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data
- BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD
- BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error
- Revert "CLEANUP: server: always include the storage for SSL settings"
- BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors
- BUG/MAJOR: dns: tcp session can remain attached to a list after a free
- BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier
- MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero
- BUG/MEDIUM: resolver: make sure to always use the correct hostname length
- BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records
- MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero
- BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix
- BUG/MEDIUM: resolvers: use correct storage for the target address
- MINOR: resolvers: merge address and target into a union "data"
- BUG/MAJOR: resolvers: add other missing references during resolution removal
- BUILD: resolvers: avoid a possible warning on null-deref
- BUG/MEDIUM: resolvers: always check a valid item in query_list
- BUG/MAJOR: buf: fix varint API post- vs pre- increment
- BUG/MINOR: task: do not set TASK_F_USR1 for no reason
- BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame
- BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems
- MINOR: memprof: report the delta between alloc and free on realloc()
- MINOR: memprof: add one pointer size to the size of allocations
- BUILD: fix compilation on NetBSD
- BUG/MINOR: backend: fix improper insert in avail tree for always reuse
- BUILD: atomic: fix build on mac/arm64
- BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed
- BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released
- CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records()
- CLEANUP: always initialize the answer_list
- CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters
- CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT
- MEDIUM: resolvers: use a kill list to preserve the list consistency
- MEDIUM: resolvers: remove the last occurrences of the "safe" argument
- BUG/MEDIUM: resolvers: Don't recursively perform requester unlink
- BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions
- MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX
- DOC: halog: Move the `-qry` parameter into the correct section in help text
- MINOR: halog: Rename -qry to -query
- CLEANUP: halog: Use consistent indentation in help()
- BUG/MINOR: halog: Add missing newlines in die() messages
- MINOR: halog: Add support for extracting captures using -hdr
- BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration
- BUG/MINOR: http: Authorization value can have multiple spaces after the scheme
- BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data
- BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags
- BUG/MINOR: sample: fix backend direction flags consecutive to last fix
- DOC: config: Fix alphabetical order of fc_* samples
- BUILD/MINOR: cpuset freebsd build fix
- MINOR: stream: Improve dump of bogus streams
- DOC/peers: some grammar fixes for peers 2.1 spec
- SCRIPTS: git-show-backports: re-enable file-based filtering
   2021-10-28 11:07:21 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
haproxy: updated to 2.4.7

2.4.7
- BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
   2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2021-10-04 11:07:12 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
haproxy: update to 2.4.6.

2021/10/04 : 2.4.6
    - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release

2021/10/01 : 2.4.5
    - MINOR: lua: Add a flag on lua context to know the yield capability at run time
    - BUG/MINOR: lua: Yield in channel functions only if lua context can yield
    - BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
    - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
    - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
    - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
    - BUG/MINOR: filters: Set right FLT_END analyser depending on channel
    - BUG/MINOR: systemd: ExecStartPre must use -Ws
    - BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with \ 
payload
    - MINOR: htx: Skip headers with no value when adding a header list to a message
    - CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
    - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
    - BUG/MINOR: compat: make sure __WORDSIZE is always defined
    - CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
    - MINOR: pools: automatically disable malloc_trim() with external allocators
    - MINOR: pools: use mallinfo2() when available instead of mallinfo()
    - BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
    - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
    - DOC: management: certificate files must be sanitized before injection
    - BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
    - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
    - BUG/MINOR: cli/payload: do not search for args inside payload
    - BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
    - BUILD: tools: get the absolute path of the current binary on NetBSD.
    - MINOR: tools: add FreeBSD support to get_exec_path()
    - MINOR: proc: setting the process to produce a core dump on FreeBSD.
    - BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
    - BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
    - BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
    - IMPORT: slz: silence a build warning with -Wundef
    - BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
    - BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
    - BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
    - BUILD: tools: properly guard __GLIBC__ with defined()
    - BUG/MINOR: vars: improve accuracy of the rules used to check expression \ 
validity
    - MINOR: sample: add missing ARGC_ entries
    - BUG/MINOR: vars: properly set the argument parsing context in the expression
    - BUG/MINOR: vars: truncate the variable name in error reports about scope.
    - BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
    - BUILD: fix dragonfly build again on __read_mostly
    - BUILD: compiler: fixed a missing test on  defined(__GNUC__)
    - BUILD: halog: fix a -Wundef warning on non-glibc systems
    - BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
    - BUG/MINOR: server: allow 'enable health' only if check configured
    - BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
    - BUG/MINOR: h1-htx: Fix a typo when request parser is reset
    - BUG/MINOR: http-ana: increment internal_errors counter on response error
    - MINOR: server: implement a refcount for dynamic servers
    - MINOR: global: define MODE_STOPPING
    - BUG/MINOR: server: do not use refcount in free_server in stopping mode
    - MINOR: server: return the next srv instance on free_server
    - BUG/MINOR: stats: use refcount to protect dynamic server on dump
    - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
    - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
    - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
    - MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
    - MINOR: htx: Add an HTX flag to know when a message is fragmented
    - MINOR: htx: Add a function to know if the free space wraps
    - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
    - MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
    - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send \ 
"trailers"
    - DOC: peers: fix doc "enable" statement on "peers" sections
    - MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
    - BUG/MEDIUM: lua: fix wakeup condition from sleep()
    - BUG/MAJOR: lua: use task_wakeup() to properly run a task once
    - MINOR: arg: Be able to forbid unresolved args when building an argument list
    - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
    - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
    - MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
   2021-09-08 11:56:33 by Jonathan Perkin | Files touched by this commit (2) | Package updated
Log message:
haproxy: Update to 2.4.4.

The ChangeLog doesn't explicitly mention, but this fixes the CVE-2021-40346
vulnerability as described in:

  https://www.mail-archive.com/haproxy@formilux.org/msg41114.html

While here switch to inserting CFLAGS via CPU_CFLAGS, as that feels a little
more appropriate than DEBUG_CFLAGS after re-reading the Makefile.

2021/09/07 : 2.4.4
    - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
    - REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
    - REGTESTS: abortonclose: after retries, 503 is expected, not close
    - MINOR: hlua: take the global Lua lock inside a global function
    - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
    - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
    - BUG/MINOR: base64: base64urldec() ignores padding in output size check
    - MINOR: compiler: implement an ONLY_ONCE() macro
    - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
    - BUG/MINOR: time: fix idle time computation for long sleeps
    - MINOR: time: add report_idle() to report process-wide idle time
    - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
    - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
    - BUG/MINOR: tools: Fix loop condition in dump_text()
    - CLEANUP: Add missing include guard to signal.h
    - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
    - DOC: configuration: remove wrong tcp-request examples in tcp-response
    - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
    - CLEANUP: htx: remove comments about "must be < 256 MB"
    - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
    - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if \ 
chn may receive"
   2021-07-16 15:29:56 by Nia Alarie | Files touched by this commit (1)
Log message:
haproxy: Only include libatomic if the compiler is gcc