Subject: CVS commit: [pkgsrc-2014Q2] pkgsrc/net/haproxy
From: Matthias Scheler
Date: 2014-09-13 20:13:24
Message id: 20140913181324.2FA9498@cvs.netbsd.org

Log Message:
Pullup ticket #4499 - requested by morr
net/haproxy: security update

Revisions pulled up:
- net/haproxy/Makefile                                          1.13-1.15
- net/haproxy/PLIST                                             1.5
- net/haproxy/distinfo                                          1.9-1.11
- net/haproxy/options.mk                                        1.1
- net/haproxy/patches/patch-aa                                  1.5
- net/haproxy/patches/patch-ab                                  deleted
- net/haproxy/patches/patch-standard_h                          1.1

---
   Module Name:	pkgsrc
   Committed By:	fhajny
   Date:		Mon Jul 14 15:30:10 UTC 2014

   Modified Files:
   	pkgsrc/net/haproxy: Makefile PLIST distinfo
   	pkgsrc/net/haproxy/patches: patch-aa
   Added Files:
   	pkgsrc/net/haproxy: options.mk
   	pkgsrc/net/haproxy/patches: patch-standard_h
   Removed Files:
   	pkgsrc/net/haproxy/patches: patch-ab

   Log Message:
   Update haproxy to 1.5.2. Introduce support for OpenSSL, PCRE and Zlib.

   1.5.2
   -----
   Two extra important issues were discovered since 1.5.1 which were fixed
   in 1.5.2. The first one can cause some sample fetch combinations to fail
   together in a same expression, and one artificial case (but totally
   useless) may even crash the process. The second one is an incomplete
   fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
   algorithms and http-send-name-header may fail if a request contains
   a body which starts to be forwarded before the contents are used.
   A few other bugs were fixed, and the max syslog line length is now
   configurable per logger.

   1.5.1
   -----
   Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
   one which can cause some file descriptor leak when dealing with clients
   which disappear from the net, resulting in the impossibility to accept
   new connections after some time.

   1.5.0
   -----
   1.5 expands 1.4 with many new features and performance improvements,
   including native SSL support on both sides with SNI/NPN/ALPN and OCSP
   stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
   keep-alive for better support of NTLM and improved efficiency in
   static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
   PROXY protocol versions 1 and 2 on both sides, data sampling on
   everything in request or response, including payload, ACLs can use
   any matching method with any input sample maps and dynamic ACLs
   updatable from the CLI stick-tables support counters to track
   activity on any input sample custom format for logs, unique-id,
   header rewriting, and redirects, improved health checks (SSL,
   scripted TCP, check agent, ...), much more scalable configuration
   supports hundreds of thousands of backends and certificates without
   sweating.

   Full changelog for the 1.5 branch:

   http://www.haproxy.org/download/1.5/src/CHANGELOG

---
   Module Name:	pkgsrc
   Committed By:	fhajny
   Date:		Sun Jul 27 16:33:36 UTC 2014

   Modified Files:
   	pkgsrc/net/haproxy: Makefile distinfo

   Log Message:
   Update haproxy to 1.5.3.

   2014/07/25 : 1.5.3
   - DOC: fix typo in Unix Socket commands
   - BUG/MEDIUM: connection: fix memory corruption when building a proxy
     v2 header
   - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
   - DOC: mention that Squid correctly responds 400 to PPv2 header
   - BUG/MINOR: http: base32+src should use the big endian version of base32
   - BUG/MEDIUM: connection: fix proxy v2 header again!

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Fri Sep 12 21:37:38 UTC 2014

   Modified Files:
   	pkgsrc/net/haproxy: Makefile distinfo

   Log Message:
   Update to version 1.5.4.

   Changes:

   - BUG: config: error in http-response replace-header number of arguments
   - BUG/MINOR: Fix search for -p argument in systemd wrapper.
   - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an \ 
unknown encryption algorithm
   - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are \ 
supported
   - MEDIUM: connection: add new bit in Proxy Protocol V2
   - BUG/MINOR: server: move the directive #endif to the end of file
   - BUG/MEDIUM: http: tarpit timeout is reset
   - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
   - BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
   - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
   - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
   - BUG/MEDIUM: acl: correctly compute the output type when a converter is used
   - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
   - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer

Files:
RevisionActionfile
1.12.2.1modifypkgsrc/net/haproxy/Makefile
1.4.4.1modifypkgsrc/net/haproxy/PLIST
1.8.2.1modifypkgsrc/net/haproxy/distinfo
1.4.2.1modifypkgsrc/net/haproxy/patches/patch-aa
1.1.2.2addpkgsrc/net/haproxy/options.mk
1.1.2.2addpkgsrc/net/haproxy/patches/patch-standard_h
1.2removepkgsrc/net/haproxy/patches/patch-ab