Changelog for haproxy-1.5-1.5.dev26-8.1.x86_64.rpm :
Fri Jun 13 14:00:00 2014 mrueckertAATTsuse.de
- update to c1eab8c (updated HEAD.patch)
- MEDIUM: ssl: fix detection of ephemeral diffie-hellman key
exchange by using the cipher description.
- MEDIUM: ssl: Add the option to use standardized DH parameters
>= 1024 bits
- BUG/MEDIUM: Fix unhandled connections problem with systemd
daemon mode and SO_REUSEPORT.
- DOC: fix proxy protocol v2 decoder example
- BUG/MEDIUM: fix ignored values for half-closed timeouts
(client-fin and server-fin) in defaults section.
- MINOR: checks: mysql-check: Add support for v4.1+
authentication

Wed Jun 11 14:00:00 2014 mrueckertAATTsuse.de
- update to 1592d1e (updated HEAD.patch)
- CLEANUP: http: don\'t clear CF_READ_NOEXP twice

Wed Jun 11 14:00:00 2014 mrueckertAATTsuse.de
- update to 77d2902 (adds HEAD.patch)
- BUG/MEDIUM: http: clear CF_READ_NOEXP when preparing a new
transaction
- DOC: Add Exim as Proxy Protocol implementer.
- BUILD: stats: workaround stupid and bogus
- Werror=format-security behaviour
- BUILD: don\'t use type \"uint\" which is not portable

Sun Jun 8 14:00:00 2014 mrueckertAATTsuse.de
- also allow /run/haproxy.pid in the apparmor profile

Thu Jun 5 14:00:00 2014 mrueckertAATTsuse.de
- added haproxy-1.5_check_config_before_start.patch:
Our old init script did check the configuration before startup.
This patch restores the feature.
- fixed typo in sec-options.patch
- added the local file for haproxy, so the apparmor profile loads
- allow apparmor profile to read the configuration

Wed May 28 14:00:00 2014 mrueckertAATTsuse.de
- after refresh the sec options patch also needs -p0

Wed May 28 14:00:00 2014 mrueckertAATTsuse.de
- update to 1.5-dev26
- BUG/MEDIUM: polling: fix possible CPU hogging of worker
processes after receiving SIGUSR1.
- BUG/MINOR: stats: fix a typo on a closing tag for a server
tracking another one
- OPTIM: stats: avoid the calculation of a useless link on
tracking servers in maintenance
- MINOR: fix a few memory usage errors
- CONTRIB: halog: Filter input lines by date and time through
timestamp
- MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a
long, not an int
- BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace()
- MINOR: acl: set \"str\" as default match for strings
- DOC: Add some precisions about acl default matching method
- MEDIUM: acl: strenghten the option parser to report invalid
options
- BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25
- BUG/MINOR: checks: tcp-check must not stop on \'\\0\' for binary
checks
- MINOR: stats: improve alignment of color codes to save one line
of header
- MINOR: checks: simplify and improve reporting of state changes
when using log-health-checks
- MINOR: server: remove the SRV_DRAIN flag which can always be
deduced
- MINOR: server: use functions to detect state changes and to
update them
- MINOR: server: create srv_was_usable() from srv_is_usable() and
use a pointer
- BUG/MINOR: stats: do not report \"100%\" in the thottle column
when server is draining
- BUG/MAJOR: config: don\'t free valid regex memory
- BUG/MEDIUM: session: don\'t clear CF_READ_NOEXP if analysers are
not called
- BUG/MINOR: stats: tracking servers may incorrectly report an
inherited DRAIN status
- MEDIUM: proxy: make timeout parser a bit stricter
- REORG/MEDIUM: server: split server state and flags in two
different variables
- REORG/MEDIUM: server: move the maintenance bits out of the
server state
- MAJOR: server: use states instead of flags to store the server
state
- REORG: checks: put the functions in the appropriate files !
- MEDIUM: server: properly support and propagate the maintenance
status
- MEDIUM: server: allow multi-level server tracking
- CLEANUP: checks: rename the server_status_printf function
- MEDIUM: checks: simplify server up/down/nolb transitions
- MAJOR: checks: move health checks changes to
set_server_check_status()
- MINOR: server: make the status reporting function support a
reason
- MINOR: checks: simplify health check reporting functions
- MINOR: server: implement srv_set_stopped()
- MINOR: server: implement srv_set_running()
- MINOR: server: implement srv_set_stopping()
- MEDIUM: checks: simplify failure notification using
srv_set_stopped()
- MEDIUM: checks: simplify success notification using
srv_set_running()
- MEDIUM: checks: simplify stopping mode notification using
srv_set_stopping()
- MEDIUM: stats: report a server\'s own state instead of the
tracked one\'s
- MINOR: server: make use of srv_is_usable() instead of checking
eweight
- MAJOR: checks: add support for a new \"drain\" administrative
mode
- MINOR: stats: use the admin flags for soft
enable/disable/stop/start on the web page
- MEDIUM: stats: introduce new actions to simplify admin status
management
- MINOR: cli: introduce a new \"set server\" command
- MINOR: stats: report a distinct output for DOWN caused by agent
- MINOR: checks: support specific check reporting for the agent
- MINOR: checks: support a neutral check result
- BUG/MINOR: cli: \"agent\" was missing from the \"enable\"/\"disable\"
help message
- MEDIUM: cli: add support for enabling/disabling health checks.
- MEDIUM: stats: report down caused by agent prior to reporting
up
- MAJOR: agent: rework the response processing and support
additional actions
- MINOR: stats: improve the stats web page to support more
actions
- CONTRIB: halog: avoid calling time/localtime/mktime for each
line
- DOC: document the workarouds for Google Chrome\'s bogus
pre-connect
- MINOR: stats: report SSL key computations per second
- MINOR: stats: add counters for SSL cache lookups and misses
- drop HEAD.patch again
- refreshed patches so they apply without any warnings again
haproxy-makefile_lib.patch
sec-options.patch

Wed May 28 14:00:00 2014 mrueckertAATTsuse.de
- update to ce3f913
- MINOR: stats: add counters for SSL cache lookups and misses
- MINOR: stats: report SSL key computations per second
- BUG/MEDIUM: regex: fix risk of buffer overrun in exp_replace()
- fixed permissions of the systemd service file. it doesnt need to
be executable

Thu May 22 14:00:00 2014 mrueckertAATTsuse.de
- mark apparmor profile as config/noreplace

Thu May 22 14:00:00 2014 mrueckertAATTsuse.de
- update to fac5b59
- MEDIUM: proxy: make timeout parser a bit stricter
- BUG/MINOR: stats: tracking servers may incorrectly report an
inherited DRAIN status
- BUG/MEDIUM: session: don\'t clear CF_READ_NOEXP if analysers are
not called
- BUG/MEDIUM: polling: fix possible CPU hogging of worker
processes after receiving SIGUSR1.

Thu May 22 14:00:00 2014 mrueckertAATTsuse.de
- added apparmor profile

Tue May 20 14:00:00 2014 mrueckertAATTsuse.de
- added HEAD.patch to update to af5c3da:
- MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a
long, not an int
- BUG/MAJOR: config: don\'t free valid regex memory
- MINOR: fix a few memory usage errors
- BUG/MINOR: stats: do not report \"100%\" in the thottle column
when server is draining
- MINOR: server: create srv_was_usable() from srv_is_usable() and
use a pointer
- MINOR: server: use functions to detect state changes and to
update them
- MINOR: server: remove the SRV_DRAIN flag which can always be
deduced
- MINOR: checks: simplify and improve reporting of state changes
when using log-health-checks
- MINOR: stats: improve alignment of color codes to save one line
of header
- BUG/MINOR: checks: tcp-check must not stop on \'\\0\' for binary
checks
- BUG/MEDIUM: config: a stats-less config crashes in 1.5-dev25
- DOC: Add some precisions about acl default matching method
- MINOR: acl: set \"str\" as default match for strings
- OPTIM: stats: avoid the calculation of a useless link on
tracking servers in maintenance
- BUG/MINOR: stats: fix a typo on a closing tag for a server
tracking another one
- MEDIUM: acl: strenghten the option parser to report invalid
options

Sat May 10 14:00:00 2014 mrueckertAATTsuse.de
- update to 1.5.dev25
- MEDIUM: connection: Implement and extented PROXY Protocol V2
- MINOR: ssl: clean unused ACLs declarations
- MINOR: ssl: adds fetchs and ACLs for ssl back connection.
- MINOR: ssl: merge client\'s and frontend\'s certificate
functions.
- MINOR: ssl: adds ssl_f_sha1 fetch to return frontend\'s
certificate fingerprint
- MINOR: ssl: adds sample converter base64 for binary type.
- MINOR: ssl: convert to binary ssl_fc_unique_id and
ssl_bc_unique_id.
- BUG/MAJOR: ssl: Fallback to private session cache if current
lock mode is not supported.
- MAJOR: ssl: Change default locks on ssl session cache.
- BUG/MINOR: chunk: Fix function chunk_strcmp and
chunk_strcasecmp match a substring.
- MINOR: ssl: add global statement tune.ssl.force-private-cache.
- MINOR: ssl: remove fallback to SSL session private cache if
lock init fails.
- BUG/MEDIUM: patterns: last fix was still not enough
- MINOR: http: export the smp_fetch_cookie function
- MINOR: http: generic pointer to rule argument
- BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering
- BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns
- BUG/MINOR: proxy: unsafe initialization of HTTP transaction
when switching from TCP frontend
- BUG/MINOR: http: log 407 in case of proxy auth
- MINOR: http: rely on the message body parser to send
100-continue
- MEDIUM: http: move reqadd after execution of http_request
redirect
- MEDIUM: http: jump to dedicated labels after http-request
processing
- BUG/MINOR: http: block rules forgot to increment the denied_req
counter
- BUG/MINOR: http: block rules forgot to increment the session\'s
request counter
- MEDIUM: http: move Connection header processing earlier
- MEDIUM: http: remove even more of the spaghetti in the request
path
- MINOR: http: silently support the \"block\" action for
http-request
- CLEANUP: proxy: rename \"block_cond\" to \"block_rules\"
- MEDIUM: http: emulate \"block\" rules using \"http-request\" rules
- MINOR: http: remove the now unused loop over \"block\" rules
- MEDIUM: http: factorize the \"auth\" action of http-request and
stats
- MEDIUM: http: make http-request rules processing return a
verdict instead of a rule
- MINOR: config: add minimum support for emitting warnings only
once
- MEDIUM: config: inform the user about the deprecatedness of
\"block\" rules
- MEDIUM: config: inform the user that \"reqsetbe\" is deprecated
- MEDIUM: config: inform the user only once that \"redispatch\" is
deprecated
- MEDIUM: config: warn that \'{cli,con,srv}timeout\' are deprecated
- BUG/MINOR: auth: fix wrong return type in pat_match_auth()
- BUILD: config: remove a warning with clang
- BUG/MAJOR: http: connection setup may stall on balance
url_param
- BUG/MEDIUM: http/session: disable client-side expiration only
after body
- BUG/MEDIUM: http: correctly report request body timeouts
- BUG/MEDIUM: http: disable server-side expiration until client
has sent the body
- MEDIUM: listener: make the accept function more robust against
pauses
- BUILD: syscalls: remove improper inline statement in front of
syscalls
- BUILD: ssl: SSL_CTX_set_msg_callback() needs openssl >= 0.9.7
- BUG/MAJOR: session: recover the correct connection pointer in
half-initialized sessions
- DOC: add some explanation on the shared cache build options in
the readme.
- MEDIUM: proxy: only adjust the backend\'s bind-process when
already set
- MEDIUM: config: limit nbproc to the machine\'s word size
- MEDIUM: config: check the bind-process settings according to
nbproc
- MEDIUM: listener: parse the new \"process\" bind keyword
- MEDIUM: listener: inherit the process mask from the proxy
- MAJOR: listener: only start listeners bound to the same
processes
- MINOR: config: only report a warning when stats sockets are
bound to more than 1 process
- CLEANUP: config: set the maxaccept value for peers listeners
earlier
- BUG/MINOR: backend: only match IPv4 addresses with RDP cookies
- BUG/MINOR: checks: correctly configure the address family and
protocol
- MINOR: tools: split is_addr() and is_inet_addr()
- MINOR: protocols: use is_inet_addr() when only INET addresses
are desired
- MEDIUM: unix: add preliminary support for connecting to servers
over UNIX sockets
- MEDIUM: checks: only complain about the missing port when the
check uses TCP
- MEDIUM: unix: implement support for Linux abstract namespace
sockets
- DOC: map_beg was missing from the table of map_
* converters
- DOC: ebtree: indicate that prefix insertion/lookup may be used
with strings
- MEDIUM: pattern: use ebtree\'s longest match to index/lookup
string beginning
- BUILD: remove the obsolete BSD and OSX makefiles
- MEDIUM: unix: avoid a double connect probe when no data are
sent
- DOC: stop referencing the slow git repository in the README
- BUILD: only build the systemd wrapper on Linux 2.6 and above
- DOC: update roadmap with completed tasks
- MEDIUM: session: implement half-closed timeouts (client-fin and
server-fin)
- dropping HEAD.patch

Thu May 8 14:00:00 2014 mrueckertAATTsuse.de
- drop -fno-strict-aliasing
- added sec-options.patch:
Adding a few makefile options to enable PIE/relro/stack-protector
the same way as other haproxy options.
- also build halog with the same options

Thu May 8 14:00:00 2014 mrueckertAATTsuse.de
- updated HEAD patch to bb66030:
- MEDIUM: listener: make the accept function more robust against
pauses
- MINOR: http: generic pointer to rule argument
- BUG/MEDIUM: http: disable server-side expiration until client
has sent the body
- BUG/MEDIUM: http: correctly report request body timeouts
- BUG/MEDIUM: http/session: disable client-side expiration only
after body
- MINOR: http: export the smp_fetch_cookie function
- MINOR: ssl: convert to binary ssl_fc_unique_id and
ssl_bc_unique_id.
- MINOR: ssl: adds sample converter base64 for binary type.
- MINOR: ssl: adds ssl_f_sha1 fetch to return frontend\'s
certificate fingerprint
- MINOR: ssl: merge client\'s and frontend\'s certificate
functions.
- MINOR: ssl: adds fetchs and ACLs for ssl back connection.
- MINOR: ssl: clean unused ACLs declarations
- BUG/MAJOR: http: connection setup may stall on balance
url_param

Tue Apr 29 14:00:00 2014 mrueckertAATTsuse.de
- add HEAD.patch:
- BUILD: config: remove a warning with clang
- BUG/MINOR: auth: fix wrong return type in pat_match_auth()
- MEDIUM: config: warn that \'{cli,con,srv}timeout\' are deprecated
- MEDIUM: config: inform the user only once that \"redispatch\" is
deprecated
- MEDIUM: config: inform the user that \"reqsetbe\" is deprecated
- MEDIUM: config: inform the user about the deprecatedness of
\"block\" rules
- MINOR: config: add minimum support for emitting warnings only
once
- MEDIUM: http: make http-request rules processing return a
verdict instead of a rule
- MEDIUM: http: factorize the \"auth\" action of http-request and
stats
- MINOR: http: remove the now unused loop over \"block\" rules
- MEDIUM: http: emulate \"block\" rules using \"http-request\" rules
- CLEANUP: proxy: rename \"block_cond\" to \"block_rules\"
- MINOR: http: silently support the \"block\" action for
http-request
- MEDIUM: http: remove even more of the spaghetti in the request
path
- MEDIUM: http: move Connection header processing earlier
- BUG/MINOR: http: block rules forgot to increment the session\'s
request counter
- BUG/MINOR: http: block rules forgot to increment the denied_req
counter
- MEDIUM: http: jump to dedicated labels after http-request
processing
- MEDIUM: http: move reqadd after execution of http_request
redirect
- MINOR: http: rely on the message body parser to send
100-continue
- BUG/MINOR: http: log 407 in case of proxy auth
- BUG/MINOR: proxy: unsafe initialization of HTTP transaction
when switching from TCP frontend
- BUG/MEDIUM: patterns: last fix was still not enough
- BUG/MAJOR: patterns: -i and -n are ignored for inlined patterns
- BUG/MEDIUM: pattern: a typo breaks automatic acl/map numbering
- drop 3b786968584b57659e86964739283b55acfc49da.patch:
included in HEAD.patch

Sat Apr 26 14:00:00 2014 mrueckertAATTsuse.de
- enable building of a few contrib tools:
halog (installed as haproxy-halog)
- package contrib/netsnmp-perl/ and contrib/selinux as
documentation

Sat Apr 26 14:00:00 2014 mrueckertAATTsuse.de
- use systemd unit file on 13.1 and newer

Sat Apr 26 14:00:00 2014 mrueckertAATTsuse.de
- update to 1.5-dev24
- MINOR: pattern: find element in a reference
- MEDIUM: http: ACL and MAP updates through
http-(request|response) rules
- MEDIUM: ssl: explicitly log failed handshakes after a heartbeat
- DOC: Full section dedicated to the converters
- MEDIUM: http: register http-request and http-response keywords
- BUG/MINOR: compression: correctly report incoming byte count
- BUG/MINOR: http: don\'t report server aborts as client aborts
- BUG/MEDIUM: channel: bi_putblk() must not wrap before the end
of buffer
- CLEANUP: buffers: remove unused function
buffer_contig_space_with_res()
- MEDIUM: stats: reimplement HTTP keep-alive on the stats page
- BUG/MAJOR: http: fix timeouts during data forwarding
- BUG/MEDIUM: http: 100-continue responses must process the next
part immediately
- MEDIUM: http: move skipping of 100-continue earlier
- BUILD: stats: let gcc know that last_fwd cannot be used
uninitialized...
- CLEANUP: general: get rid of all old occurrences of \"session

* t\"
- CLEANUP: http: remove the useless \"if (1)\" inherited from
version 1.4
- BUG/MEDIUM: stats: mismatch between behaviour and doc about
front/back
- MEDIUM: http: enable analysers to have keep-alive on stats
- REORG: http: move HTTP Connection response header parsing
earlier
- MINOR: stats: always emit HTTP/1.1 in responses
- MINOR: http: add capture.req.ver and capture.res.ver
- MINOR: checks: add a new global max-spread-checks directive
- BUG/MAJOR: http: fix the \'next\' pointer when performing a
redirect
- MINOR: http: implement the max-keep-alive-queue setting
- DOC: fix alphabetic order of tcp-check
- MINOR: connection: add a new error code for SSL with heartbeat
- MEDIUM: ssl: implement a workaround for the OpenSSL heartbleed
attack
- BUG/MEDIUM: Revert \"MEDIUM: ssl: Add standardized DH parameters
>= 1024 bits\"
- BUILD: http: remove a warning on strndup
- BUILD: ssl: avoid a warning about conn not used with OpenSSL <
1.0.1
- BUG/MINOR: ssl: really block OpenSSL\'s response to heartbleed
attack
- MINOR: ssl: finally catch the heartbeats missing the padding
- additional changes in 1.5-dev23
- BUG/MINOR: reject malformed HTTP/0.9 requests
- MINOR: systemd wrapper: re-execute on SIGUSR2
- MINOR: systemd wrapper: improve logging
- MINOR: systemd wrapper: propagate exit status
- BUG/MINOR: tcpcheck connect wrong behavior
- MEDIUM: proxy: support use_backend with dynamic names
- MINOR: stats: Enhancement to stats page to provide information
of last session time.
- BUG/MEDIUM: peers: fix key consistency for integer stick tables
- DOC: fix a typo on http-server-close and encapsulate options
with double-quotes
- DOC: fix fetching samples syntax
- MINOR: ssl: add ssl_fc_unique_id to fetch TLS Unique ID
- MEDIUM: ssl: Use ALPN support as it will be available in
OpenSSL 1.0.2
- DOC: fix typo
- CLEANUP: code style: use tabs to indent codes instead of spaces
- DOC: fix a few config typos.
- BUG/MINOR: raw_sock: also consider ENOTCONN in addition to
EAGAIN for recv()
- DOC: lowercase format string in unique-id
- MINOR: set IP_FREEBIND on IPv6 sockets in transparent mode
- BUG/MINOR: acl: req_ssl_sni fails with SSLv3 record version
- BUG/MINOR: build: add missing objects in osx and bsd Makefiles
- BUG/MINOR: build: handle whitespaces in wc -l output
- BUG/MINOR: Fix name lookup ordering when compiled with
USE_GETADDRINFO
- MEDIUM: ssl: Add standardized DH parameters >= 1024 bits
- BUG/MEDIUM: map: The map parser includes blank lines.
- BUG/MINOR: log: The log of quotted capture header has been
terminated by 2 quotes.
- MINOR: standard: add function \"encode_chunk\"
- BUG/MINOR: http: fix encoding of samples used in http headers
- MINOR: sample: add hex converter
- MEDIUM: sample: change the behavior of the bin2str cast
- MAJOR: auth: Change the internal authentication system.
- MEDIUM: acl/pattern: standardisation \"of pat_parse_int()\" and
\"pat_parse_dotted_ver()\"
- MEDIUM: pattern: The pattern parser no more uses and
just takes one string.
- MEDIUM: pattern: Change the prototype of the function
pattern_register().
- CONTRIB: ip6range: add a network IPv6 range to mask converter
- MINOR: pattern: separe list element from the data part.
- MEDIUM: pattern: add indexation function.
- MEDIUM: pattern: The parse functions just return \"struct
pattern\" without memory allocation
- MINOR: pattern: Rename \"pat_idx_elt\" to \"pattern_tree\"
- MINOR: sample: dont call the sample cast function \"c_none\"
- MINOR: standard: Add function for converting cidr to network
mask.
- MEDIUM: sample: Remove types SMP_T_CSTR and SMP_T_CBIN, replace
it by SMP_F_CONST flags
- MEDIUM: sample/http_proto: Add new type called method
- MINOR: dumpstats: Group map inline help
- MEDIUM: pattern: The function pattern_exec_match() returns
\"struct pattern\" if the patten match.
- MINOR: dumpstats: change map inline sentences
- MINOR: dumpstats: change the \"get map\" display management
- MINOR: map/dumpstats: The cli cmd \"get map ...\" display the
\"int\" format.
- MEDIUM: pattern: The match function browse itself the list or
the tree.
- MEDIUM: pattern: Index IPv6 addresses in a tree.
- MEDIUM: pattern: add delete functions
- MEDIUM: pattern: add prune function
- MEDIUM: pattern: add sample lookup function.
- MEDIUM: pattern/dumpstats: The function pattern_lookup() is no
longer used
- MINOR: map/pattern: The sample parser is stored in the pattern
- MAJOR: pattern/map: Extends the map edition system in the
patterns
- MEDIUM: pattern: merge same pattern
- MEDIUM: pattern: The expected type is stored in the pattern
head, and conversion is executed once.
- MINOR: pattern: Each pattern is identified by unique id.
- MINOR: pattern/acl: Each pattern of each acl can be load with
specified id
- MINOR: pattern: The function \"pattern_register()\" is no longer
used.
- MINOR: pattern: Merge function pattern_add() with
pat_ref_push().
- MINOR: pattern: store configuration reference for each acl or
map pattern.
- MINOR: pattern: Each pattern expression element store the
reference struct.
- MINOR: dumpstats: display the reference for th key/pattern and
value.
- MEDIUM: pattern: delete() function uses the pat_ref_elt to find
the element to be removed
- MEDIUM: pattern_find_smp: functions find_smp uses the
pat_ref_elt to find the element to be removed
- MEDIUM: dumpstats/pattern: display and use each pointer of each
pattern dumped
- MINOR: pattern/map/acl: Centralization of the file parsers
- MINOR: pattern: Check if the file reference is not used with
acl and map
- MINOR: acl/pattern: Acl \"-M\" option force to load file as map
file with two columns
- MEDIUM: dumpstats: Display error message during add of values.
- MINOR: pattern: The function pat_ref_set() have now atomic
behavior
- MINOR: regex: The pointer regstr in the struc regex is no
longer used.
- MINOR: cli: Block the usage of the command \"acl add\" in many
cases.
- MINOR: doc: Update the documentation about the map and acl
- MINOR: pattern: index duplicates
- MINOR: configuration: File and line propagation
- MINOR: dumpstat/conf: display all the configuration lines that
using pattern reference
- MINOR: standard: Disable ip resolution during the runtime
- MINOR: pattern: Remove the flag \"PAT_F_FROM_FILE\".
- MINOR: pattern: forbid dns resolutions
- DOC: document \"get map\" / \"get acl\" on the CLI
- MEDIUM: acl: Change the acl register struct
- BUG/MEDIUM: acl: boolean only matches were broken by recent
changes
- DOC: pattern: pattern organisation schematics
- MINOR: pattern/cli: Update used terms in documentation and cli
- MINOR: cli: remove information about acl or map owner.
- MINOR: session: don\'t always assume there\'s a listener
- MINOR: pattern: Add function to prune and reload pattern list.
- MINOR: standard: Add ipv6 support in the function url2sa().
- MEDIUM: config: Dynamic sections.
- BUG/MEDIUM: stick-table: fix IPv4-to-IPv6 conversion in src_
*
fetches
- MINOR: http: Add the \"language\" converter to for use with
accept-language
- BUG/MINOR: log: Don\'t dump empty unique-id
- BUG/MAJOR: session: fix a possible crash with src_tracked
- DOC: Update \"language\" documentation
- MINOR: http: add the function \"del-header\" to the directives
http-request and http-response
- DOC: add some information on capture.(req|res).hdr
- MINOR: http: capture.req.method and capture.req.uri
- MINOR: http: optimize capture.req.method and capture.req.uri
- MINOR: session: clean up the connection free code
- BUG/MEDIUM: checks: immediately report a connection success
- MEDIUM: connection: don\'t use real send() flags in snd_buf()
- OPTIM: ssl: implement dynamic record size adjustment
- MINOR: stats: report exact last session time in backend too
- BUG/MEDIUM: stats: the \"lastsess\" field must appear last in the
CSV.
- BUG/MAJOR: check: fix memory leak in \"tcp-check connect\" over
SSL
- BUG/MINOR: channel: initialize xfer_small/xfer_large on new
buffers
- MINOR: channel: add the date of last read in the channel
- MEDIUM: stream-int: automatically disable CF_STREAMER flags
after idle
- MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size
at build time
- MINOR: config: make the stream interface idle timer
user-configurable
- MINOR: config: add global directives to set default SSL ciphers
- MINOR: sample: add a rand() sample fetch to return a sample.
- BUG/MEDIUM: config: immediately abort if peers section has no
name
- BUG/MINOR: ssl: fix syntax in config error message
- BUG/MEDIUM: ssl: always send a full buffer after EAGAIN
- BUG/MINOR: config: server on-marked-
* statement is ignored in
default-server
- BUG/MEDIUM: backend: prefer-last-server breaks redispatch
- BUG/MEDIUM: http: continue to emit 503 on keep-alive to
different server
- MEDIUM: acl: fix pattern type for payload / payload_lv
- BUG/MINOR: config: fix a crash on startup when a disabled
backend references a peer
- BUG/MEDIUM: compression: fix the output type of the compressor
name
- BUG/MEDIUM: http: don\'t start to forward request data before
the connect
- MINOR: http: release compression context only in http_end_txn()
- MINOR: protect ebimtree/ebistree against multiple inclusions
- MEDIUM: proxy: create a tree to store proxies by name
- MEDIUM: proxy: make findproxy() use trees to look up proxies
- MEDIUM: proxy: make get_backend_server() use findproxy() to
lookup proxies
- MEDIUM: stick-table: lookup table names using trees.
- MEDIUM: config: faster lookup for duplicated proxy name
- CLEANUP: acl: remove obsolete test in parse_acl_expr()
- MINOR: sample: move smp_to_type to sample.c
- MEDIUM: compression: consider the \"q=\" attribute in
Accept-Encoding
- REORG: cfgparse: move server keyword parsing to server.c
- BUILD: adjust makefile for AIX 5.1
- BUG/MEDIUM: pattern: fix wrong definition of the pat_prune_fcts
array
- CLEANUP: pattern: move array definitions to proto/ and not
types/
- BUG/MAJOR: counters: check for null-deref when looking up an
alternate table
- BUILD: ssl: previous patch failed
- BUILD/MEDIUM: standard: get rid of the last strcpy()
- BUILD/MEDIUM: standard: get rid of sprintf()
- BUILD/MEDIUM: cfgparse: get rid of sprintf()
- BUILD/MEDIUM: checks: get rid of sprintf()
- BUILD/MEDIUM: http: remove calls to sprintf()
- BUG/MEDIUM: systemd-wrapper: fix locating of haproxy binary
- BUILD/MINOR: ssl: remove one call to sprintf()
- MEDIUM: http: don\'t reject anymore message bodies not
containing the url param
- MEDIUM: http: wait for the first chunk or message body length
in http_process_body
- CLEANUP: http: rename http_process_request_body()
- CLEANUP: http: prepare dedicated processing for chunked encoded
message bodies
- MINOR: http: make msg->eol carry the last CRLF length
- MAJOR: http: do not use msg->sol while processing messages or
forwarding data
- MEDIUM: http: http_parse_chunk_crlf() must not advance the
buffer pointer
- MAJOR: http: don\'t update msg->sov anymore while processing the
body
- MINOR: http: add a small helper to compute the amount of body
bytes present
- MEDIUM: http: add a small helper to compute how far to rewind
to find headers
- MINOR: http: add a small helper to compute how far to rewind to
find URI
- MEDIUM: http: small helpers to compute how far to rewind to
find BODY and DATA
- MAJOR: http: reset msg->sov after headers are forwarded
- MEDIUM: http: forward headers again while waiting for
connection to complete
- BUG/MINOR: http: deinitialize compression after a parsing error
- BUG/MINOR: http: deinitialize compression after a compression
error
- MEDIUM: http: headers must be forwarded even if data was
already inspected
- MAJOR: http: re-enable compression on chunked encoding
- MAJOR: http/compression: fix chunked-encoded response
processing
- MEDIUM: http: cleanup: centralize a little bit HTTP compression
end
- MEDIUM: http: start to centralize the forwarding code
- MINOR: http: further cleanups of response forwarding function
- MEDIUM: http: only allocate the temporary compression buffer
when needed
- MAJOR: http: centralize data forwarding in the request path
- CLEANUP: http: document the response forwarding states
- CLEANUP: http: remove all calls to http_silent_debug()
- DOC: internal: add some reminders about HTTP parsing and
pointer states
- BUG/MAJOR: http: fix bug in parse_qvalue() when selecting
compression algo
- BUG/MINOR: stats: last session was not always set
- DOC: add pointer to the Cyril\'s HTML doc in the README
- MEDIUM: config: relax use_backend check to make the condition
optional
- MEDIUM: config: report misplaced http-request rules
- MEDIUM: config: report misplaced use-server rules
- DOC: update roadmap with what was done.
- added 3b786968584b57659e86964739283b55acfc49da.patch:
This fixes a small typo that could lead to reassignment of IDs
that are still in use.

Thu Feb 27 13:00:00 2014 mrueckertAATTsuse.de
- update to snapshot from 20140225
Changes since dev22
Baptiste Assmann:
BUG/MINOR: tcpcheck connect wrong behavior
Bhaskar Maddala:
MINOR: stats: Enhancement to stats page to provide information of last session time.
Cyril Bonté:
BUG/MEDIUM: peers: fix key consistency for integer stick tables
DOC: fix a typo on http-server-close and encapsulate options with double-quotes
Dirkjan Bussink:
MEDIUM: ssl: Use ALPN support as it will be available in OpenSSL 1.0.2
William Lallemand:
DOC: add some information on capture.(req|res).hdr
MINOR: http: capture.req.method and capture.req.uri
MINOR: http: optimize capture.req.method and capture.req.uri
Willy Tarreau:
MINOR: session: clean up the connection free code
BUG/MEDIUM: checks: immediately report a connection success
MEDIUM: connection: don\'t use real send() flags in snd_buf()
OPTIM: ssl: implement dynamic record size adjustment
MINOR: stats: report exact last session time in backend too
BUG/MEDIUM: stats: the \"lastsess\" field must appear last in the CSV.
BUG/MAJOR: check: fix memory leak in \"tcp-check connect\" over SSL
BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
MINOR: channel: add the date of last read in the channel
MEDIUM: stream-int: automatically disable CF_STREAMER flags after idle
MINOR: ssl: add DEFAULT_SSL_MAX_RECORD to set the record size at build time
MINOR: config: make the stream interface idle timer user-configurable
MINOR: config: add global directives to set default SSL ciphers
MINOR: sample: add a rand() sample fetch to return a sample.
BUG/MEDIUM: config: immediately abort if peers section has no name
BUG/MINOR: ssl: fix syntax in config error message
BUG/MEDIUM: ssl: always send a full buffer after EAGAIN
BUG/MINOR: config: server on-marked-
* statement is ignored in default-server
BUG/MEDIUM: backend: prefer-last-server breaks redispatch
BUG/MEDIUM: http: continue to emit 503 on keep-alive to different server
MEDIUM: acl: fix pattern type for payload / payload_lv
BUG/MINOR: config: fix a crash on startup when a disabled backend references a peer
for the changes in 1.5-dev22 see
/usr/share/doc/packages/haproxy-1.5/CHANGELOG

Wed Dec 18 13:00:00 2013 mrueckertAATTsuse.de
- limit pcre jit to 12.x and newer

Wed Dec 18 13:00:00 2013 mrueckertAATTsuse.de
- enable a few more things:
- pcre jit
- linux splice support
- netfilter
- regparm optimization
- transparent proxy support
- accept4 support
- cpu pinning
- usage of getsockname
- tcp fast open for 12.3 and newer

Wed Dec 18 13:00:00 2013 mrueckertAATTsuse.de
- update to 1.5-dev21
- MINOR: stats: don\'t use a monospace font to report numbers
- MINOR: session: remove debugging code
- BUG/MAJOR: patterns: fix double free caused by loading strings
from files
- MEDIUM: http: make option http_proxy automatically rewrite the
URL
- BUG/MEDIUM: http: cook_cnt() forgets to set its output type
- BUG/MINOR: stats: correctly report throttle rate of low weight
servers
- BUG/MEDIUM: checks: servers must not start in slowstart mode
- BUG/MINOR: acl: parser must also stop at comma on ACL-only
keywords
- MEDIUM: stream-int: implement a very simplistic idle connection
manager
- DOC: update the ROADMAP file
for the changes of dev20 please see
/usr/share/doc/packages/haproxy-1.5/CHANGELOG

Tue Jun 18 14:00:00 2013 mrueckertAATTsuse.de
- update to 1.5-dev19 (bnc#825412)
- MINOR: stats: remove the autofocus on the scope input field
- BUG/MEDIUM: Fix crt-list file parsing error: filtered name was
ignored.
- BUG/MEDIUM: ssl: EDH ciphers are not usable if no DH parameters
present in pem file.
- BUG/MEDIUM: shctx: makes the code independent on SSL runtime
version.
- MEDIUM: ssl: improve crt-list format to support negation
- BUG: ssl: fix crt-list for clients not supporting SNI
- MINOR: stats: show soft-stopped servers in different color
- BUG/MINOR: config: \"source\" does not work in defaults section
- BUG: regex: fix pcre compile error when using JIT
- MINOR: ssl: add pattern fetch \'ssl_c_sha1\'
- BUG: ssl: send payload gets corrupted if tune.ssl.maxrecord is
used
- MINOR: show PCRE version and JIT status in -vv
- BUG/MINOR: jit: don\'t rely on USE flag to detect support
- DOC: readme: add suggestion to link against static openssl
- DOC: examples: provide simplified ssl configuration
- REORG: tproxy: prepare the transparent proxy defines for
accepting other OSes
- MINOR: tproxy: add support for FreeBSD
- MINOR: tproxy: add support for OpenBSD
- DOC: examples: provide an example of transparent proxy
configuration for FreeBSD 8
- CLEANUP: fix minor typo in error message.
- CLEANUP: fix missing include in proto/listener.h
- CLEANUP: protect checks.h from multiple inclusions
- MINOR: compression: acl \"res.comp\" and fetch \"res.comp_algo\"
- BUG/MINOR: http: add-header/set-header did not accept the ACL
condition
- BUILD: mention in the Makefile that USE_PCRE_JIT is for libpcre
>= 8.32
- BUG/MEDIUM: splicing is broken since 1.5-dev12
- BUG/MAJOR: acl: add implicit arguments to the resolve list
- BUG/MINOR: tcp: fix error reporting for TCP rules
- CLEANUP: peers: remove a bit of spaghetti to prepare for the
next bugfix
- MINOR: stick-table: allow to allocate an entry without filling
it
- BUG/MAJOR: peers: fix an overflow when syncing strings larger
than 16 bytes
- MINOR: session: only call http_send_name_header() when changing
the server
- MINOR: tcp: report the erroneous word in tcp-request track
*
- BUG/MAJOR: backend: consistent hash can loop forever in certain
circumstances
- BUG/MEDIUM: log: fix regression on log-format handling
- MEDIUM: log: report file name, line number, and directive name
with log-format errors
- BUG/MINOR: cli: \"clear table\" did not work anymore without a
key
- BUG/MINOR: cli: \"clear table xx data.xx\" does not work anymore
- BUG/MAJOR: http: compression still has defects on chunked
responses
- BUG/MINOR: stats: fix confirmation links on the stats interface
- BUG/MINOR: stats: the status bar does not appear anymore after
a change
- BUG/MEDIUM: stats: allocate the stats frontend also on \"stats
bind-process\"
- BUG/MEDIUM: stats: fix a regression when dealing with POST
requests
- BUG/MINOR: fix unterminated ACL array in compression
- BUILD: last fix broke non-linux platforms
- MINOR: init: indicate the SSL runtime version on -vv.
- BUG/MEDIUM: compression: the deflate algorithm must use global
settings as well
- BUILD: stdbool is not portable (again)
- DOC: readme: add a small reminder about restrictions to respect
in the code
- MINOR: ebtree: add new eb_next_dup/eb_prev_dup() functions to
visit duplicates
- BUG/MINOR: acl: fix a double free during exit when using
PCRE_JIT
- DOC: fix wrong copy-paste in the rspdel example
- MINOR: counters: make it easier to extend the amount of tracked
counters
- MEDIUM: counters: add support for tracking a third counter
- MEDIUM: counters: add a new \"gpc0_rate\" counter in stick-tables
- BUG/MAJOR: http: always ensure response buffer has some room
for a response
- MINOR: counters: add fetch/acl sc
*_tracked to indicate whether
a counter is tracked
- MINOR: defaults: allow REQURI_LEN and CAPTURE_LEN to be
redefined
- MINOR: log: add a new flag \'L\' for locally processed requests
- MINOR: http: add full-length header fetch methods
- MEDIUM: protocol: implement a \"drain\" function in protocol
layers
- MEDIUM: http: add a new \"http-response\" ruleset
- MEDIUM: http: add the \"set-nice\" action to http-request and
http-response
- MEDIUM: log: add a log level override value in struct session
- MEDIUM: http: add support for action \"set-log-level\" in
http-request/http-response
- MEDIUM: http: add support for \"set-tos\" in
http-request/http-response
- MEDIUM: http: add the \"set-mark\" action on
http-request/http-response rules
- MEDIUM: tcp: add \"tcp-request connection expect-proxy layer4\"
- MEDIUM: acl: automatically detect the type of certain fetches
- MEDIUM: acl: remove a lot of useless ACLs that are equivalent
to their fetches
- MEDIUM: acl: remove 15 additional useless ACLs that are
equivalent to their fetches
- DOC: major reorg of ACL + sample fetch
- CLEANUP: http: remove the bogus urlp_ip ACL match
- MINOR: acl: add the new \"env()\" fetch method to retrieve an
environment variable
- BUG/MINOR: acl: correctly consider boolean fetches when doing
casts
- BUG/CRITICAL: fix a possible crash when using negative header
occurrences CVE-2013-2175
- DOC: update ROADMAP file
- MEDIUM: counters: use sc0/sc1/sc2 instead of sc1/sc2/sc3
- MEDIUM: stats: add proxy name filtering on the statistic page

Thu May 16 14:00:00 2013 mrueckertAATTsuse.de
- make sure we use the right haproxy binary:
prefix in the makefile defaults to /usr/local, set this to
_prefix.

Tue May 14 14:00:00 2013 mrueckertAATTsuse.de
- package haproxy-systemd-wrapper

Wed Apr 3 14:00:00 2013 mrueckertAATTsuse.de
- update to 1.5-dev18
This updated fixes among other things a potential crash on TCP
content inspection rules. CVE-2013-1912
For all changes see /usr/share/doc/packages/haproxy-1.5/CHANGELOG
- adapt haproxy-makefile_lib.patch to the rewritten Makefile

Mon Dec 31 13:00:00 2012 e.istominAATTedss.ee
- update to 1.5-dev17
For details see /usr/share/doc/packages/haproxy-1.5/CHANGELOG

Wed Dec 12 13:00:00 2012 e.istominAATTedss.ee
- update to 1.5-dev15
For details see /usr/share/doc/packages/haproxy-1.5/CHANGELOG

Mon Nov 26 13:00:00 2012 mrueckertAATTsuse.de
- update to 1.5-dev14
For details see /usr/share/doc/packages/haproxy-1.5/CHANGELOG

Thu Nov 22 13:00:00 2012 mrueckertAATTsuse.de
- update to 1.5-dev13
For details see /usr/share/doc/packages/haproxy-1.5/CHANGELOG

Thu Nov 8 13:00:00 2012 mrueckertAATTsuse.de
- update to 1.5.12+08289f12
For details see /usr/share/doc/packages/haproxy-1.5/CHANGELOG
- enable openssl and compression support:
3 new dependencies openssl, pkg-config and zlib

Thu May 31 14:00:00 2012 mrueckertAATTsuse.de
- update to 1.5 dev10
For details see /usr/share/doc/packages/haproxy-1.5/CHANGELOG
- drop patch 51b5dcae8506805dae8d4f24ea628c87ad3d21ad.patch

Wed Mar 28 14:00:00 2012 mrueckertAATTsuse.de
- update to 1.5 dev8
For details see /usr/share/doc/packages/haproxy-1.5/CHANGELOG
- added patch 51b5dcae8506805dae8d4f24ea628c87ad3d21ad.patch
patch taken from upstream git. can be dropped with next snapshot
- refreshed haproxy-makefile_lib.patch

Tue Dec 13 13:00:00 2011 mrueckertAATTsuse.de
- initial package of the 1.5 tree