![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / haproxy
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.10 / (download) - annotate - [select for diffs], Fri May 21 08:36:57 2021 UTC (2 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
HEAD
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored)
haproxy: updated to 2.4.0
What's new in 2.4 compared to 2.3 ? Lots of cool stuff! The work was spread
on several fronts:
- performance and latency: a lot of work was done on locking reduction,
bringing 2.4 a much lower latency than 2.3 had, and a higher scalability.
2.4 is NUMA-aware on Linux and will avoid binding to cross-socket cores
by default. Idle server-side connections are now reusable even when SNI,
proxy protocol or transparent proxy are used, saving costly round trips.
Lua now supports lock-free multi-threading. Idle frontend connections
will now be closed as soon as possible during reloads.
- reliability: "strict-limits" is on by default, experimental features
are protected against accidental use from a copy-paste, a diagnostic
mode was added to report suspicious or uncommon constructs that could
be mistakes, new live debugging tools were added for better in-field
debugging. Backend idle connections will be closed before quitting
so that they don't consume source ports in TIME_WAIT.
- management and integration: maps and ACLs now support atomic updates,
server-side SSL certificates can also be updated without reloading,
servers can be added/removed without reloading (still experimental),
more server settings can be edited at run time, global variables can
be listed/edited at run time, "defaults" section can now be named,
reused an inherited, line numbers and file names can be included in
any command, file paths can now be relative to the config file, some
new ".if/.elif/.else/.endif" config directives permit a smoother
transition between versions using a same config file (particularly
useful for automated rollbacks),
- interoperability / protocol support: WebSocket over HTTP/2 (RFC8441)
is now supported on both sides, regardless of the version on the other
side. The cache now supports the "Vary" header with a few commonly
used headers, including "Accept-encoding" which gets normalized for
optimal cache hit ratio. The Prometheus exporter got a significant
liftup, requires less tricks on the Prometheus side, and supports
listing only certain metrics for faster retrieval. Optional native
support for Opentracing was also integrated (via USE_OT=1). The DNS
resolvers now support talking to servers over TCP. Basic support for
extracting information from MQTT and FIX protocol was added. Timeouts
can now be adjusted on the fly and per-request in order to adapt to
particuarly slow servers or special protocols.
- user-friendliness: TCP loggers now do not require a ring section
declaration anymore, it's transparently done now. Header deletion
using a pattern matching on the name is now supported instead of
having to list many names. Checking for real server-side errors got
easier than before with http_fail_cnt/http_fail_rate. The config
parser and CLI will now provide suggestions when some keywords are
misspelled. The CLI's help output can now be filtered to subsets of
commands and will be sorted for easier finding.
- processing: the new "wait-for-body" HTTP action allows to wait for
a request or response body up to a certain size or delay. This is
convenient to detect POST contents or to detect error patterns or
information leaks in responses. TCP frontends can now be manually
upgraded to HTTP, allowing HTTP rules to be used in a frontend in
a tcp->http scenario. JSON parameters can be decoded to extract some
fields values. A URL encoder is now available to pass some fields in
a way that is suitable for query string parameters. Base64 variants
are now supported (such as the URL-compatible one used by JWT).
- for distros: building optional addons will be easier thanks to the
removal of the contrib/ directory and the cleaner integration with
the regular build process and include files. Libslz was included by
default, simplifying the packaging work. A few example configs were
added into examples/ to serve as starters for users. A CPU entry was
added to produce executables that works well both on old and new
ARMv8 CPUs.
- observability: more stats were added (SSL, H2). "show info" can now
emit floating point values for rates and uptimes if requested.
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Thu Apr 9 10:57:11 2020 UTC (4 years ago) by bsiegert
Branch: pkgsrc-2020Q1
Changes since 1.8: +2 -21
lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
Pullup ticket #6152 - requested by adam
net/haproxy: security fix (CVE-2020-11100)
Revisions pulled up:
- net/haproxy/Makefile 1.60
- net/haproxy/distinfo 1.53
- net/haproxy/options.mk 1.9
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Apr 3 16:34:13 UTC 2020
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo options.mk
Log Message:
haproxy: updated to 2.1.4
2.1.4
- SCRIPTS: make announce-release executable again
- BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
- BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
- BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param
- MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex
- SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
- MINOR: http-htx: Add a function to retrieve the headers size of an HTX message
- MINOR: filters: Forward data only if the last filter forwards something
- BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
- BUG/MINOR: http-htx: Don't return error if authority is updated without changes
- BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
- MINOR: http-ana: Match on the path if the monitor-uri starts by a /
- BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
- MINOR: ist: add an iststop() function
- BUG/MINOR: http: http-request replace-path duplicates the query string
- BUG/MEDIUM: shctx: make sure to keep all blocks aligned
- MINOR: compiler: move CPU capabilities definition from config.h and complete them
- BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
- BUILD: fix recent build failure on unaligned archs
- CLEANUP: cfgparse: Fix type of second calloc() parameter
- BUG/MINOR: sample: fix the json converter's endian-sensitivity
- BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
- BUG/MINOR: connection: make sure to correctly tag local PROXY connections
- MINOR: compiler: add new alignment macros
- BUILD: ebtree: improve architecture-specific alignment
- BUG/MINOR: h2: reject again empty :path pseudo-headers
- BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
- BUG/MINOR: dns: ignore trailing dot
- BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name
- MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics
- MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric
- BUG/MEDIUM: random: initialize the random pool a bit better
- MINOR: tools: add 64-bit rotate operators
- BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
- MINOR: backend: use a single call to ha_random32() for the random LB algo
- BUG/MINOR: checks/threads: use ha_random() and not rand()
- BUG/MAJOR: list: fix invalid element address calculation
- MINOR: debug: report the task handler's pointer relative to main
- BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
- MINOR: haproxy: export main to ease access from debugger
- BUILD: tools: remove obsolete and conflicting trace() from standard.c
- BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
- DOC: fix incorrect indentation of http_auth_*
- OPTIM: startup: fast unique_id allocation for acl.
- BUG/MINOR: pattern: Do not pass len = 0 to calloc()
- DOC: configuration.txt: fix various typos
- DOC: assorted typo fixes in the documentation and Makefile
- BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
- BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
- REGTEST: make the PROXY TLV validation depend on version 2.2
- BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
- BUG/MINOR: filters: Forward everything if no data filters are called
- MINOR: htx: Add a function to return a block at a specific offset
- BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
- BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
- BUG/MINOR: http-ana: Reset request analysers on a response side error
- BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
- BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
- BUG/MINOR: http-rules: Fix a typo in the reject action function
- BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
- BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
- DOC: fix typo about no-tls-tickets
- DOC: improve description of no-tls-tickets
- DOC: assorted typo fixes in the documentation
- DOC: ssl: clarify security implications of TLS tickets
- BUILD: wdt: only test for SI_TKILL when compiled with thread support
- BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
- MINOR: mt_lists: Appease gcc.
- BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
- BUG/MEDIUM: pools: Always update free_list in pool_gc().
- BUG/MINOR: haproxy: always initialize sleeping_thread_mask
- BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
- BUG/MINOR: haproxy/threads: try to make all threads leave together
- DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
- DOC: correct typo in alert message about rspirep
- BUILD: on ARM, must be linked to libatomic.
- BUILD: makefile: fix regex syntax in ARM platform detection
- BUILD: makefile: fix expression again to detect ARM platform
- BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
- DOC: assorted typo fixes in the documentation
- MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
- BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
- MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
- BUG/MINOR: connections: Make sure we free the connection on failure.
- REGTESTS: use "command -v" instead of "which"
- REGTEST: increase timeouts on the seamless-reload test
- BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
- BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
- BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
- BUG/MINOR: peers: Use after free of "peers" section.
- MINOR: listener: add so_name sample fetch
- BUILD: ssl: only pass unsigned chars to isspace()
- BUG/MINOR: stats: Fix color of draining servers on stats page
- DOC: internals: Fix spelling errors in filters.txt
- MINOR: http-rules: Add a flag on redirect rules to know the rule direction
- BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
- MINOR: http-rules: Handle the rule direction when a redirect is evaluated
- BUG/MINOR: http-ana: Reset request analysers on error when waiting for response
- BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
Revision 1.9 / (download) - annotate - [select for diffs], Fri Apr 3 16:34:13 2020 UTC (4 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.8: +2 -21
lines
Diff to previous 1.8 (colored)
haproxy: updated to 2.1.4 2.1.4 - SCRIPTS: make announce-release executable again - BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat - BUG/MEDIUM: muxes: Use the right argument when calling the destroy method. - BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param - MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex - SCRIPTS: announce-release: use mutt -H instead of -i to include the draft - MINOR: http-htx: Add a function to retrieve the headers size of an HTX message - MINOR: filters: Forward data only if the last filter forwards something - BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them - BUG/MINOR: http-htx: Don't return error if authority is updated without changes - BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive - MINOR: http-ana: Match on the path if the monitor-uri starts by a / - BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered - MINOR: ist: add an iststop() function - BUG/MINOR: http: http-request replace-path duplicates the query string - BUG/MEDIUM: shctx: make sure to keep all blocks aligned - MINOR: compiler: move CPU capabilities definition from config.h and complete them - BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support - BUILD: fix recent build failure on unaligned archs - CLEANUP: cfgparse: Fix type of second calloc() parameter - BUG/MINOR: sample: fix the json converter's endian-sensitivity - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions - BUG/MINOR: connection: make sure to correctly tag local PROXY connections - MINOR: compiler: add new alignment macros - BUILD: ebtree: improve architecture-specific alignment - BUG/MINOR: h2: reject again empty :path pseudo-headers - BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch - BUG/MINOR: dns: ignore trailing dot - BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name - MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics - MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric - BUG/MEDIUM: random: initialize the random pool a bit better - MINOR: tools: add 64-bit rotate operators - BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG - MINOR: backend: use a single call to ha_random32() for the random LB algo - BUG/MINOR: checks/threads: use ha_random() and not rand() - BUG/MAJOR: list: fix invalid element address calculation - MINOR: debug: report the task handler's pointer relative to main - BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump - MINOR: haproxy: export main to ease access from debugger - BUILD: tools: remove obsolete and conflicting trace() from standard.c - BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled - DOC: fix incorrect indentation of http_auth_* - OPTIM: startup: fast unique_id allocation for acl. - BUG/MINOR: pattern: Do not pass len = 0 to calloc() - DOC: configuration.txt: fix various typos - DOC: assorted typo fixes in the documentation and Makefile - BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths - REGTEST: make the PROXY TLV validation depend on version 2.2 - BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data - BUG/MINOR: filters: Forward everything if no data filters are called - MINOR: htx: Add a function to return a block at a specific offset - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload - BUG/MINOR: http-ana: Reset request analysers on a response side error - BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action - BUG/MINOR: http-rules: Fix a typo in the reject action function - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action - BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop - DOC: fix typo about no-tls-tickets - DOC: improve description of no-tls-tickets - DOC: assorted typo fixes in the documentation - DOC: ssl: clarify security implications of TLS tickets - BUILD: wdt: only test for SI_TKILL when compiled with thread support - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL; - MINOR: mt_lists: Appease gcc. - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64 - BUG/MEDIUM: pools: Always update free_list in pool_gc(). - BUG/MINOR: haproxy: always initialize sleeping_thread_mask - BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping - BUG/MINOR: haproxy/threads: try to make all threads leave together - DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID - DOC: correct typo in alert message about rspirep - BUILD: on ARM, must be linked to libatomic. - BUILD: makefile: fix regex syntax in ARM platform detection - BUILD: makefile: fix expression again to detect ARM platform - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases. - DOC: assorted typo fixes in the documentation - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h. - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue(). - MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc. - BUG/MINOR: connections: Make sure we free the connection on failure. - REGTESTS: use "command -v" instead of "which" - REGTEST: increase timeouts on the seamless-reload test - BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL - BUG/MINOR: peers: Use after free of "peers" section. - MINOR: listener: add so_name sample fetch - BUILD: ssl: only pass unsigned chars to isspace() - BUG/MINOR: stats: Fix color of draining servers on stats page - DOC: internals: Fix spelling errors in filters.txt - MINOR: http-rules: Add a flag on redirect rules to know the rule direction - BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits - MINOR: http-rules: Handle the rule direction when a redirect is evaluated - BUG/MINOR: http-ana: Reset request analysers on error when waiting for response - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jan 1 21:18:07 2020 UTC (4 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base
Branch point for: pkgsrc-2020Q1
Changes since 1.7: +18 -7
lines
Diff to previous 1.7 (colored)
haproxy: updated to 2.1.2 2.1.2: * BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream * BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility * BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. * BUG/MEDIUM: ssl: Revamp the way early data are handled. * BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd * BUG/MINOR: ssl: openssl-compat: Fix getm_ defines * MINOR: sample: Validate the number of bits for the sha2 converter * DOC: clarify the fact that replace-uri works on a full URI * BUG/MINOR: sample: fix the closing bracket and LF in the debug converter * BUG/MINOR: sample: always check converters' arguments * MINOR: debug: support logging to various sinks * MINOR: http: add a new "replace-path" action * MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task * BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing * MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute * BUG/MEDIUM: state-file: do not allocate a full buffer for each server * BUG/MINOR: state-file: do not store duplicates in the global tree * BUG/MINOR: state-file: do not leak memory on parse errors
Revision 1.7 / (download) - annotate - [select for diffs], Sat Aug 3 20:37:19 2019 UTC (4 years, 8 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.6: +10 -2
lines
Diff to previous 1.6 (colored)
Update to version 2.0.3. ChangeLog too big to list here, please take a look at http://www.haproxy.org/download/2.0/src/CHANGELOG
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jul 4 07:04:17 2017 UTC (6 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.5: +6 -6
lines
Diff to previous 1.5 (colored)
1.7.7:
- BUG/MINOR: Wrong peer task expiration handling during synchronization processing.
- BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed
- BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range 1..32767
- DOC: fix references to the section about the unix socket
- BUG/MINOR: haproxy/cli : fix for solaris/illumos distros for CMSG* macros
- BUG/MINOR: log: pin the front connection when front ip/ports are logged
1.7.6:
- DOC: changed "block"(deprecated) examples to http-request deny
- DOC: add few comments to examples.
- DOC: update sample code for PROXY protocol
- DOC: mention lighttpd 1.4.46 implements PROXY
- DOC: stick-table is available in frontend sections
- BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets.
- BUG/MINOR: config: missing goto out after parsing an incorrect ACL character
- BUG/MINOR: arg: don't try to add an argument on failed memory allocation
- BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error
- BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
- MINOR: lua: ensure the memory allocator is used all the time
- CLEANUP: logs: typo: simgle => single
- BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
- BUG/MAJOR: Use -fwrapv.
- BUG/MINOR: server: don't use "proxy" when px is really meant.
- BUG/MINOR: server: missing default server 'resolvers' setting duplication.
- DOC: add layer 4 links/cross reference to "block" keyword.
- DOC: errloc/errorloc302/errorloc303 missing status codes.
- BUG/MEDIUM: lua: memory leak
- MEDIUM: config: don't check config validity when there are fatal errors
- BUG/MINOR: hash-balance-factor isn't effective in certain circumstances
- MINOR/DOC: lua: just precise one thing
- BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
- DOC: update RFC references
- BUG/MINOR: checks: don't send proxy protocol with agent checks
- BUG/MAJOR: dns: Broken kqueue events handling (BSD systems).
- BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything
- BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04
- BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer
- BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers
- BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map
- BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING
- BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
- BUG/MAJOR: server: Segfault after parsing server state file.
- BUG/MEDIUM: unix: never unlink a unix socket from the file system
- scripts: create-release pass -n to tail
- SCRIPTS: create-release: enforce GIT_COMMITTER_{NAME|EMAIL} validity
Revision 1.5 / (download) - annotate - [select for diffs], Sun Nov 13 19:37:18 2016 UTC (7 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.4: +13 -2
lines
Diff to previous 1.4 (colored)
Add lua option. Fixes PR pkg/51608.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jan 3 17:13:40 2016 UTC (8 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.3: +3 -3
lines
Diff to previous 1.3 (colored)
2015/12/27 : 1.6.3
- BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
- BUG/MINOR: server: check return value of fgets() in apply_server_state()
- BUG/MINOR: acl: don't use record layer in req_ssl_ver
- BUILD: freebsd: double declaration
- BUG/MEDIUM: lua: clean output buffer
- BUILD: check for libressl to be able to build against it
- DOC: lua-api/index.rst small example fixes, spelling correction.
- DOC: lua: architecture and first steps
- DOC: relation between timeout http-request and option http-buffer-request
- BUILD: Make deviceatlas require PCRE
- BUG: http: do not abort keep-alive connections on server timeout
- BUG/MEDIUM: http: switch the request channel to no-delay once done.
- BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket
- BUILD/MINOR: http: proto_http.h needs sample.h
- BUG/MEDIUM: http: don't enable auto-close on the response side
- BUG/MEDIUM: stream: fix half-closed timeout handling
- CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB
- BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
- BUG/MEDIUM: sample: urlp can't match an empty value
- BUILD: dumpstats: silencing warning for printf format specifier / time_t
- CLEANUP: proxy: calloc call inverted arguments
- MINOR: da: silent logging by default and displaying DeviceAtlas support if built.
- BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input.
- DOC: Edited 51Degrees section of README/ (cherry picked from commit a7bbdd955984f0d69812ff055cc145a338e76daa)
- BUG/MEDIUM: checks: email-alert not working when declared in defaults
- BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers section is configured
- BUG/MINOR: checks: typo in an email-alert error message
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and first rule(s) is (are) COMMENT
- BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
- DOC: prefer using http-request/response over reqXXX/rspXXX directives
- BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
- BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
- BUG/MEDIUM: peers: old stick table updates could be repushed.
- CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
- MINOR: lua: service/applet can have access to the HTTP headers when a POST is received
- REORG/MINOR: lua: convert boolean "int" to bitfield
- BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
- BUG/MINOR: lua: Lua applets must not use http_txn
- BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
- BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
- CLEANUP: lua: bad error messages
- DOC: lua: fix lua API
- DOC: mailers: typo in 'hostname' description
- DOC: compression: missing mention of libslz for compression algorithm
- BUILD/MINOR: regex: missing header
- BUG/MINOR: stream: bad return code
- DOC: lua: fix somme errors and add implicit types
While there, add better support for deviceatlas option, from David CARLIER.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Nov 12 16:32:29 2015 UTC (8 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.2: +20 -1
lines
Diff to previous 1.2 (colored)
Update to newest version.
ChangeLog (only stable versions):
2015/11/03 : 1.6.2
- BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL < 1.0.0
- DOC: fix a typo for a "deviceatlas" keyword
- FIX: small typo in an example using the "Referer" header
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
- BUG/MAJOR: dns: first DNS response packet not matching queried hostname may lead to a loop
- BUG/MINOR: dns: unable to parse CNAMEs response
- BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
- DOC: deviceatlas: more example use cases.
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
- BUG/MAJOR: http: don't requeue an idle connection that is already queued
- DOC: typo on capture.res.hdr and capture.req.hdr
- BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section was missing
- CLEANUP: use direction names in place of numeric values
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
2015/10/20 : 1.6.1
- DOC: specify that stats socket doc (section 9.2) is in management
- BUILD: install only relevant and existing documentation
- CLEANUP: don't ignore debian/ directory if present
- BUG/MINOR: dns: parsing error of some DNS response
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled
- MEDIUM: dns: Don't use the ANY query type
2015/10/13 : 1.6.0
- BUG/MINOR: Handle interactive mode in cli handler
- DOC: global section missing parameters
- DOC: backend section missing parameters
- DOC: stats paramaters available in frontend
- MINOR: lru: do not allocate useless memory in lru64_lookup
- BUG/MINOR: http: Add OPTIONS in supported http methods (found by find_http_meth)
- BUG/MINOR: ssl: fix management of the cache where forged certificates are stored
- MINOR: ssl: Release Servers SSL context when HAProxy is shut down
- MINOR: ssl: Read the file used to generate certificates in any order
- MINOR: ssl: Add support for EC for the CA used to sign generated certificates
- MINOR: ssl: Add callbacks to set DH/ECDH params for generated certificates
- BUG/MEDIUM: logs: fix time zone offset format in RFC5424
- BUILD: Fix the build on OSX (htonll/ntohll)
- BUILD: enable build on Linux/s390x
- BUG/MEDIUM: lua: direction test failed
- MINOR: lua: fix a spelling error in some error messages
- CLEANUP: cli: ensure we can never double-free error messages
- BUG/MEDIUM: lua: force server-close mode on Lua services
- MEDIUM: init: support more command line arguments after pid list
- MEDIUM: init: support a list of files on the command line
- MINOR: debug: enable memory poisonning to use byte 0
- BUILD: ssl: fix build error introduced by recent commit
- BUG/MINOR: config: make the stats socket pass the correct proxy to the parsers
- MEDIUM: server: implement TCP_USER_TIMEOUT on the server
- DOC: mention the "namespace" options for bind and server lines
- DOC: add the "management" documentation
- DOC: move the stats socket documentation from config to management
- MINOR: examples: update haproxy.spec to mention new docs
- DOC: mention management.txt in README
- DOC: remove haproxy-{en,fr}.txt
- BUILD: properly report when USE_ZLIB and USE_SLZ are used together
- MINOR: init: report use of libslz instead of "no compression"
- CLEANUP: examples: remove some obsolete and confusing files
- CLEANUP: examples: remove obsolete configuration file samples
- CLEANUP: examples: fix the example file content-sw-sample.cfg
- CLEANUP: examples: update sample file option-http_proxy.cfg
- CLEANUP: examples: update sample file ssl.cfg
- CLEANUP: tests: move a test file from examples/ to tests/
- CLEANUP: examples: shut up warnings in transparent proxy example
- CLEANUP: tests: removed completely obsolete test files
- DOC: update ROADMAP to remove what was done in 1.6
- BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id
Revision 1.2 / (download) - annotate - [select for diffs], Sat Mar 14 20:36:23 2015 UTC (9 years, 1 month ago) by rodent
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
Update to latest stable, 1.5.11. PKG_SUGGESTED_OPTIONS+=ssl. It's 2015.
ChangeLog :
===========
2015/02/01 : 1.5.11
- BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used
- MINOR: ssl: load certificates in alphabetical order
- BUG/MINOR: checks: prevent http keep-alive with http-check expect
- BUG/MEDIUM: Do not set agent health to zero if server is disabled in config
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero
- BUG/MINOR: stats:Fix incorrect printf type.
- DOC: add missing entry for log-format and clarify the text
- BUG/MEDIUM: http: fix header removal when previous header ends with pure LF
- BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation
- BUG/MINOR: channel: compare to_forward with buf->i, not buf->size
- MINOR: channel: add channel_in_transit()
- MEDIUM: channel: make buffer_reserved() use channel_in_transit()
- MEDIUM: channel: make bi_avail() use channel_in_transit()
- BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected
- BUG/MAJOR: log: don't try to emit a log if no logger is set
- BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names
- BUG/MEDIUM: http: make http-request set-header compute the string before removal
- BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value
- BUG/MINOR: http: abort request processing on filter failure
2014/12/31 : 1.5.10
- DOC: fix a few typos
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized"
- BUG/MINOR: parse: refer curproxy instead of proxy
- DOC: httplog does not support 'no'
- MINOR: map/acl/dumpstats: remove the "Done." message
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MINOR: tcp-check: don't condition data polling on check type
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MINOR: config: fix typo in condition when propagating process binding
- BUG/MEDIUM: config: do not propagate processes between stopped processes
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MEDIUM: compression: correctly report zlib_mem
Revision 1.1.2.2 / (download) - annotate - [select for diffs], Sat Sep 13 18:13:24 2014 UTC (9 years, 7 months ago) by tron
Branch: pkgsrc-2014Q2
Changes since 1.1.2.1: +23 -0
lines
Diff to previous 1.1.2.1 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)
Pullup ticket #4499 - requested by morr
net/haproxy: security update
Revisions pulled up:
- net/haproxy/Makefile 1.13-1.15
- net/haproxy/PLIST 1.5
- net/haproxy/distinfo 1.9-1.11
- net/haproxy/options.mk 1.1
- net/haproxy/patches/patch-aa 1.5
- net/haproxy/patches/patch-ab deleted
- net/haproxy/patches/patch-standard_h 1.1
---
Module Name: pkgsrc
Committed By: fhajny
Date: Mon Jul 14 15:30:10 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile PLIST distinfo
pkgsrc/net/haproxy/patches: patch-aa
Added Files:
pkgsrc/net/haproxy: options.mk
pkgsrc/net/haproxy/patches: patch-standard_h
Removed Files:
pkgsrc/net/haproxy/patches: patch-ab
Log Message:
Update haproxy to 1.5.2. Introduce support for OpenSSL, PCRE and Zlib.
1.5.2
-----
Two extra important issues were discovered since 1.5.1 which were fixed
in 1.5.2. The first one can cause some sample fetch combinations to fail
together in a same expression, and one artificial case (but totally
useless) may even crash the process. The second one is an incomplete
fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
algorithms and http-send-name-header may fail if a request contains
a body which starts to be forwarded before the contents are used.
A few other bugs were fixed, and the max syslog line length is now
configurable per logger.
1.5.1
-----
Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
one which can cause some file descriptor leak when dealing with clients
which disappear from the net, resulting in the impossibility to accept
new connections after some time.
1.5.0
-----
1.5 expands 1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
keep-alive for better support of NTLM and improved efficiency in
static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
PROXY protocol versions 1 and 2 on both sides, data sampling on
everything in request or response, including payload, ACLs can use
any matching method with any input sample maps and dynamic ACLs
updatable from the CLI stick-tables support counters to track
activity on any input sample custom format for logs, unique-id,
header rewriting, and redirects, improved health checks (SSL,
scripted TCP, check agent, ...), much more scalable configuration
supports hundreds of thousands of backends and certificates without
sweating.
Full changelog for the 1.5 branch:
http://www.haproxy.org/download/1.5/src/CHANGELOG
---
Module Name: pkgsrc
Committed By: fhajny
Date: Sun Jul 27 16:33:36 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
Log Message:
Update haproxy to 1.5.3.
2014/07/25 : 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy
v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
---
Module Name: pkgsrc
Committed By: morr
Date: Fri Sep 12 21:37:38 UTC 2014
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo
Log Message:
Update to version 1.5.4.
Changes:
- BUG: config: error in http-response replace-header number of arguments
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MEDIUM: http: tarpit timeout is reset
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
Revision 1.1.2.1, Mon Jul 14 15:30:10 2014 UTC (9 years, 9 months ago) by tron
Branch: pkgsrc-2014Q2
Changes since 1.1: +0 -23
lines
FILE REMOVED
file options.mk was added on branch pkgsrc-2014Q2 on 2014-09-13 18:13:24 +0000
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jul 14 15:30:10 2014 UTC (9 years, 9 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Branch point for: pkgsrc-2014Q2
Update haproxy to 1.5.2. Introduce support for OpenSSL, PCRE and Zlib. 1.5.2 ----- Two extra important issues were discovered since 1.5.1 which were fixed in 1.5.2. The first one can cause some sample fetch combinations to fail together in a same expression, and one artificial case (but totally useless) may even crash the process. The second one is an incomplete fix in 1.5-dev23 for the request body forwarding. Hash-based balancing algorithms and http-send-name-header may fail if a request contains a body which starts to be forwarded before the contents are used. A few other bugs were fixed, and the max syslog line length is now configurable per logger. 1.5.1 ----- Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying one which can cause some file descriptor leak when dealing with clients which disappear from the net, resulting in the impossibility to accept new connections after some time. 1.5.0 ----- 1.5 expands 1.4 with many new features and performance improvements, including native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP keep-alive for better support of NTLM and improved efficiency in static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth, PROXY protocol versions 1 and 2 on both sides, data sampling on everything in request or response, including payload, ACLs can use any matching method with any input sample maps and dynamic ACLs updatable from the CLI stick-tables support counters to track activity on any input sample custom format for logs, unique-id, header rewriting, and redirects, improved health checks (SSL, scripted TCP, check agent, ...), much more scalable configuration supports hundreds of thousands of backends and certificates without sweating. Full changelog for the 1.5 branch: http://www.haproxy.org/download/1.5/src/CHANGELOG