summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/changelog2534
1 files changed, 2534 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..05c35e8
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,2534 @@
+haproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * REORG: http: move has_forbidden_char() from h2.c to http.h
+ * BUG/MAJOR: h3: reject header values containing invalid chars
+ * BUG/MAJOR: http: reject any empty content-length header value
+ (CVE-2023-40225) (Closes: #1043502)
+ * MINOR: ist: add new function ist_find_range() to find a character range
+ * MINOR: http: add new function http_path_has_forbidden_char()
+ * MINOR: h2: pass accept-invalid-http-request down the request parser
+ * REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri
+ tests
+ * BUG/MINOR: h1: do not accept '#' as part of the URI component
+ (CVE-2023-45539)
+ * BUG/MINOR: h2: reject more chars from the :path pseudo header
+ * BUG/MINOR: h3: reject more chars from the :path pseudo header
+ * REGTESTS: http-rules: verify that we block '#' by default for
+ normalize-uri
+ * DOC: clarify the handling of URL fragments in requests
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sat, 16 Dec 2023 17:41:30 +0100
+
+haproxy (2.6.12-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 01 Apr 2023 11:05:57 +0200
+
+haproxy (2.6.11-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 18 Mar 2023 14:37:13 +0100
+
+haproxy (2.6.10-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 11 Mar 2023 12:59:22 +0100
+
+haproxy (2.6.9-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 15 Feb 2023 21:45:50 +0100
+
+haproxy (2.6.8-2) unstable; urgency=medium
+
+ * Add a NEWS entry for incompatibilities introduced in HAProxy 2.6.
+ Closes: #1030173.
+ * BUG/CRITICAL: http: properly reject empty http header field names
+ (CVE-2023-25725)
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 13 Feb 2023 20:16:13 +0100
+
+haproxy (2.6.8-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 24 Jan 2023 11:57:14 +0100
+
+haproxy (2.6.7-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 02 Dec 2022 22:20:15 +0100
+
+haproxy (2.6.6-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 22 Oct 2022 10:19:03 +0200
+
+haproxy (2.6.6-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 22 Sep 2022 20:22:23 +0200
+
+haproxy (2.6.5-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 03 Sep 2022 19:33:51 +0200
+
+haproxy (2.6.4-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 22 Aug 2022 19:01:25 +0200
+
+haproxy (2.6.3-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 19 Aug 2022 19:16:11 +0200
+
+haproxy (2.6.2-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 22 Jul 2022 18:21:43 +0200
+
+haproxy (2.6.1-1) experimental; urgency=medium
+
+ [ Lucas Kanashiro ]
+ * d/t/utils: add helper functions to be re-used in tests
+ * d/t/proxy-localhost: refactor to use the check_index_file helper function
+ * d/t/proxy-ssl-termination: add test for the SSL termination proxy feature
+ * d/t/proxy-ssl-pass-through: add test for the SSL Pass-Through proxy feature
+
+ [ Vincent Bernat ]
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 22 Jun 2022 20:06:08 +0200
+
+haproxy (2.6.0-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 02 Jun 2022 08:49:38 +0200
+
+haproxy (2.5.7-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 14 May 2022 12:01:07 +0200
+
+haproxy (2.5.6-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 26 Apr 2022 17:59:23 +0200
+
+haproxy (2.5.5-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 14 Mar 2022 19:26:46 +0100
+
+haproxy (2.5.4-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 25 Feb 2022 17:39:11 +0100
+
+haproxy (2.5.3-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 18 Feb 2022 20:22:25 +0100
+
+haproxy (2.5.2-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 16 Feb 2022 19:09:04 +0100
+
+haproxy (2.5.1-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 11 Jan 2022 19:23:50 +0100
+
+haproxy (2.5.0-1) experimental; urgency=medium
+
+ * New upstream release.
+ * d/patches: patch to make logging work without rsyslog with systemd
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 25 Nov 2021 21:20:30 +0100
+
+haproxy (2.4.19-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 30 Sep 2022 09:07:13 +0200
+
+haproxy (2.4.18-1) unstable; urgency=medium
+
+ [ Lucas Kanashiro ]
+ * d/t/utils: add helper functions to be re-used in tests
+ * d/t/proxy-localhost: refactor to use the check_index_file helper function
+ * d/t/proxy-ssl-termination: add test for the SSL termination proxy feature
+ * d/t/proxy-ssl-pass-through: add test for the SSL Pass-Through proxy feature
+
+ [ Vincent Bernat ]
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 27 Jul 2022 15:59:36 +0200
+
+haproxy (2.4.17-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 14 May 2022 14:27:20 +0200
+
+haproxy (2.4.16-1) unstable; urgency=medium
+
+ * New upstream release.
+ * d/install: do not install halog explicitely.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 29 Apr 2022 17:42:42 +0200
+
+haproxy (2.4.15-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 14 Mar 2022 20:17:04 +0100
+
+haproxy (2.4.14-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Fix compilation with OpenSSL 3.0. Closes: #996423, #1006007.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 25 Feb 2022 18:38:27 +0100
+
+haproxy (2.4.13-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 17 Feb 2022 10:03:46 +0100
+
+haproxy (2.4.12-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 11 Jan 2022 12:06:17 +0100
+
+haproxy (2.4.11-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 07 Jan 2022 17:25:51 +0100
+
+haproxy (2.4.10-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 23 Dec 2021 19:13:26 +0100
+
+haproxy (2.4.9-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 24 Nov 2021 19:42:28 +0100
+
+haproxy (2.4.8-3) unstable; urgency=medium
+
+ * d/logrotate: only use rsyslog-rotate if present. Closes: #1000436.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 24 Nov 2021 09:29:54 +0100
+
+haproxy (2.4.8-2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Enable OpenTracing support.
+
+ -- Stephen Gelman <ssgelm@debian.org> Tue, 09 Nov 2021 23:06:46 -0600
+
+haproxy (2.4.8-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 04 Nov 2021 08:36:56 +0100
+
+haproxy (2.4.7-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 16 Oct 2021 20:43:13 +0200
+
+haproxy (2.4.7-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 07 Oct 2021 09:08:09 +0200
+
+haproxy (2.4.4-1) experimental; urgency=medium
+
+ * New upstream release.
+ * d/patches: remove patches applied upstream.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 08 Sep 2021 08:38:05 +0200
+
+haproxy (2.4.3-2) experimental; urgency=high
+
+ * d/patches: fix missing header name length check in HTX (CVE-2021-40346).
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 04 Sep 2021 11:56:31 +0200
+
+haproxy (2.4.3-1) experimental; urgency=medium
+
+ * New upstream release.
+ * d/patches: remove patches applied upstream.
+ * d/patches: h2: match absolute-path not path-absolute for :path.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 21 Aug 2021 16:32:25 +0200
+
+haproxy (2.4.2-2) experimental; urgency=medium
+
+ * Fix HTTP request smuggling via HTTP/2 desync attacks.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 13 Aug 2021 16:12:31 +0200
+
+haproxy (2.4.2-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 07 Jul 2021 21:47:17 +0200
+
+haproxy (2.4.1-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 17 Jun 2021 13:57:57 +0200
+
+haproxy (2.4.0-1) experimental; urgency=medium
+
+ * New upstream release.
+ * d/rules: switch to SLZ instead of zlib
+ * d/rules: update build for contrib → admin
+ * d/rules: remove use of USE_REGPARM (outdated)
+ * d/rules: remove hack around gcc_s
+ * d/copyright: update
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 18 May 2021 22:00:05 +0200
+
+haproxy (2.3.10-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 24 Apr 2021 18:22:41 +0200
+
+haproxy (2.3.9-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 30 Mar 2021 19:50:42 +0200
+
+haproxy (2.3.8-1) experimental; urgency=medium
+
+ * New upstream release.
+ * d/logrotate: reduce log retention to 7 days. Closes: #985441.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 25 Mar 2021 18:17:18 +0100
+
+haproxy (2.3.7-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 16 Mar 2021 18:41:25 +0100
+
+haproxy (2.3.6-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 04 Mar 2021 13:57:49 +0100
+
+haproxy (2.3.5-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 06 Feb 2021 17:12:53 +0100
+
+haproxy (2.3.4-1) experimental; urgency=medium
+
+ * New upstream release:
+ - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records"
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 15 Jan 2021 14:13:28 +0100
+
+haproxy (2.3.3-1) experimental; urgency=medium
+
+ * d/tests: sleep before test to let Apache2 start.
+ Closes: #976997.
+ * New upstream release:
+ - BUG/MAJOR: ring: tcp forward on ring can break the reader counter.
+ - BUG/MAJOR: spoa/python: Fixing return None
+ - BUG/MEDIUM: local log format regression. Closes: #974977.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 09 Jan 2021 15:18:10 +0100
+
+haproxy (2.3.2-1) experimental; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: connection: reset conn->owner when detaching from session
+ list
+ - BUG/MAJOR: filters: Always keep all offsets up to date during data
+ filtering
+ - BUG/MAJOR: peers: fix partial message decoding
+ - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer
+ pool
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 28 Nov 2020 20:25:34 +0100
+
+haproxy (2.3.1-1) experimental; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe
+ applet
+ * d/patches: remove patches applied upstream.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 14 Nov 2020 23:17:20 +0100
+
+haproxy (2.3.0-1) experimental; urgency=medium
+
+ * New upstream release.
+ * d/gbp, d/watch: prepare for 2.3.0 release
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 11 Nov 2020 16:30:10 +0100
+
+haproxy (2.2.17-1) unstable; urgency=medium
+
+ * New upstream release.
+ * d/patches: remove upstream-applied patch.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 09 Sep 2021 19:42:08 +0200
+
+haproxy (2.2.16-3) unstable; urgency=high
+
+ * d/patches: fix missing header name length check in HTX (CVE-2021-40346).
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 04 Sep 2021 16:14:51 +0200
+
+haproxy (2.2.16-2) unstable; urgency=medium
+
+ * d/patches: h2: match absolute-path not path-absolute for :path
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 21 Aug 2021 16:19:52 +0200
+
+haproxy (2.2.16-1) unstable; urgency=high
+
+ * New upstream release.
+ * Fix CVE-2021-39240, CVE-2021-39241, CVE-2021-39242.
+ * d/patches: remove upstream-applied patch.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 19 Aug 2021 07:22:05 +0200
+
+haproxy (2.2.15-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 16 Jul 2021 11:18:32 +0200
+
+haproxy (2.2.14-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 29 Apr 2021 15:32:49 +0200
+
+haproxy (2.2.13-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 02 Apr 2021 21:18:28 +0200
+
+haproxy (2.2.12-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 31 Mar 2021 20:31:24 +0200
+
+haproxy (2.2.11-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 18 Mar 2021 21:34:40 +0100
+
+haproxy (2.2.10-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 04 Mar 2021 19:08:41 +0100
+
+haproxy (2.2.9-2) unstable; urgency=medium
+
+ * d/patches: fix agent-check regression putting down servers.
+ Closes: #988779.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 27 May 2021 15:00:01 +0200
+
+haproxy (2.2.9-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: connection: reset conn->owner when detaching from session
+ list
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 06 Feb 2021 18:52:20 +0100
+
+haproxy (2.2.8-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records"
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 14 Jan 2021 11:48:52 +0100
+
+haproxy (2.2.7-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: ring: tcp forward on ring can break the reader counter.
+ - BUG/MAJOR: spoa/python: Fixing return None
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 09 Jan 2021 15:31:08 +0100
+
+haproxy (2.2.6-2) unstable; urgency=medium
+
+ * d/tests: sleep before test to let Apache2 start.
+ Closes: #976997.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 07 Jan 2021 07:56:14 +0100
+
+haproxy (2.2.6-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: filters: Always keep all offsets up to date during data
+ filtering
+ - BUG/MAJOR: peers: fix partial message decoding
+ - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe
+ applet
+ - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer
+ pool
+ * d/patches: remove patches applied upstream
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 30 Nov 2020 20:02:49 +0100
+
+haproxy (2.2.5-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 11 Nov 2020 16:21:12 +0100
+
+haproxy (2.2.5-1) experimental; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer
+ possible
+ * d/patches: warn if payload of an errorfile doesn't match the C-L
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 08 Nov 2020 19:12:02 +0100
+
+haproxy (2.2.4-1) experimental; urgency=medium
+
+ * New upstream release.
+ * d/patches: drop patch for ARM32
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 02 Oct 2020 21:29:56 +0200
+
+haproxy (2.2.3-2) experimental; urgency=medium
+
+ * d/patches: add upstream patch to fix build on ARM32
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 09 Sep 2020 19:38:52 +0200
+
+haproxy (2.2.3-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: dns: disabled servers through SRV records never recover
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 08 Sep 2020 23:12:05 +0200
+
+haproxy (2.2.2-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: dns: don't treat Authority records as an error
+ - BUG/MAJOR: dns: fix null pointer dereference in
+ snr_update_srv_status
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 01 Aug 2020 17:06:42 +0200
+
+haproxy (2.2.1-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: tasks: don't requeue global tasks into the local
+ queue
+ - BUG/MAJOR: dns: Make the do-resolve action thread-safe
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 23 Jul 2020 13:39:14 +0200
+
+haproxy (2.2.0-1) experimental; urgency=medium
+
+ * New upstream version.
+ * Upload to experimental
+ * Update d/watch to look for 2.2 stable releases
+ * d/gbp.conf: set branch names for 2.2
+ * d/patches: refresh patches
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 14 Jul 2020 16:53:23 +0200
+
+haproxy (2.1.7-1) experimental; urgency=medium
+
+ * New upstream version.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 12 Jun 2020 07:50:48 +0200
+
+haproxy (2.1.5-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for
+ any reason
+ - Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY
+ connections"
+ - Revert "BUG/MINOR: connection: make sure to correctly tag local
+ PROXY connections"
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 01 Jun 2020 08:52:56 +0200
+
+haproxy (2.1.4-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/CRITICAL: hpack: never index a header into the headroom after
+ wrapping
+ - BUG/MAJOR: http-ana: Always abort the request when a tarpit is
+ triggered
+ - BUG/MAJOR: list: fix invalid element address calculation
+ - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
+ * d/control: fix maintainer address. Closes: #955553.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 12 Apr 2020 13:29:54 +0200
+
+haproxy (2.1.3-3) experimental; urgency=medium
+
+ * d/copryight: document OpenSSL exception. Closes: #951782.
+ * d/haproxy.cfg: use "ssl-min-ver" to set minimum version.
+ * d/patches: fix an overflow in HTTP/2 header handling.
+ Fix CVE-2020-11100.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 01 Apr 2020 21:18:57 +0200
+
+haproxy (2.1.3-2) experimental; urgency=medium
+
+ * d/dconv: use Python 3 to build the documentation.
+ Closes: #948296, #950435.
+ * d/dconv: replace cgi.escape by html.escape. Closes: #951416.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 19 Feb 2020 07:53:53 +0100
+
+haproxy (2.1.3-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: hashes: fix the signedness of the hash inputs
+ - BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is
+ empty.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 20 Jan 2020 06:53:23 +0100
+
+haproxy (2.1.2-1) experimental; urgency=medium
+
+ * New upstream version 2.1.2.
+ - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreign requeuing
+ * d/logrotate.conf: use rsyslog helper instead of SysV init script.
+ Closes: #946973.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 20 Dec 2019 08:20:33 +0100
+
+haproxy (2.1.1-1) experimental; urgency=medium
+
+ * New upstream version 2.1.1.
+ - BUG/MAJOR: dns: add minimalist error processing on the Rx path
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 14 Dec 2019 11:20:32 +0100
+
+haproxy (2.1.0-2) experimental; urgency=medium
+
+ * Link against libatomic on riscv64
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Fri, 29 Nov 2019 14:03:49 +0200
+
+haproxy (2.1.0-1) experimental; urgency=medium
+
+ * New upstream version 2.1.0
+ * Upload to experimental
+ * Update d/watch to look for 2.1 stable releases
+ * d/gbp.conf: set branch names for 2.1
+ * Bump Standards-Version to 4.4.1; no changes needed
+ * Bump dh compat level to 12
+ + B-D on debhelper-compat and remove debian/compat
+ + Override dh_installsystemd with the same args as dh_installinit
+ + Add ${misc:Pre-Depends} to haproxy's Pre-Depends
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 27 Nov 2019 23:30:30 +0200
+
+haproxy (2.0.19-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer
+ possible
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 06 Nov 2020 19:33:59 +0100
+
+haproxy (2.0.18-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 30 Sep 2020 13:41:09 +0200
+
+haproxy (2.0.17-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: dns: Make the do-resolve action thread-safe
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 01 Aug 2020 20:05:01 +0200
+
+haproxy (2.0.16-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: stream: Mark the server address as unset on new outgoing
+ connection
+ * d/patches: refresh patches.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 18 Jul 2020 13:50:56 +0200
+
+haproxy (2.0.15-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: stream-int: always detach a faulty endpoint on connect
+ failure
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 13 Jun 2020 18:48:25 +0200
+
+haproxy (2.0.14-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/CRITICAL: hpack: never index a header into the headroom after
+ wrapping
+ - BUG/MAJOR: http-ana: Always abort the request when a tarpit is
+ triggered
+ - BUG/MAJOR: list: fix invalid element address calculation
+ - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
+ * d/control: fix maintainer address. Closes: #955553.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 16 Apr 2020 18:34:22 +0200
+
+haproxy (2.0.13-2) unstable; urgency=medium
+
+ * d/dconv: replace cgi.escape by html.escape. Closes: #951416.
+ * d/copryight: document OpenSSL exception. Closes: #951782.
+ * d/haproxy.cfg: use "ssl-min-ver" to set minimum version.
+ * Apply one patch to fix an overflow in HTTP/2 header handling.
+ Fix CVE-2020-11100.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 01 Apr 2020 21:49:32 +0200
+
+haproxy (2.0.13-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: hashes: fix the signedness of the hash inputs
+ - BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is
+ empty.
+ * d/dconv: use Python 3 to build the documentation.
+ Closes: #948296, #950435.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 15 Feb 2020 15:32:32 +0100
+
+haproxy (2.0.12-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreign requeuing
+ * d/logrotate.conf: use rsyslog helper instead of SysV init script.
+ Closes: #946973.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 20 Dec 2019 08:20:33 +0100
+
+haproxy (2.0.11-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: dns: add minimalist error processing on the Rx path
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 13 Dec 2019 19:22:03 +0100
+
+haproxy (2.0.10-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: h2: make header field name filtering stronger
+ - BUG/MAJOR: h2: reject header values containing invalid chars
+ - BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in
+ idle state
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 26 Nov 2019 13:22:17 +0100
+
+haproxy (2.0.9-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST
+ is reached
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 16 Nov 2019 17:38:51 +0100
+
+haproxy (2.0.8-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: idle conns: schedule the cleanup task on the correct
+ threads
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 23 Oct 2019 08:55:55 +0200
+
+haproxy (2.0.7-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM
+ frame
+ - BUG/MAJOR: mux_h2: Don't consume more payload than received for
+ skipped frames
+ - BUG/MEDIUM: checks: make sure the connection is ready before trying
+ to recv
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 27 Sep 2019 19:14:12 +0200
+
+haproxy (2.0.6-2) unstable; urgency=medium
+
+ * d/patches: fix regression with checks.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 18 Sep 2019 08:02:53 +0200
+
+haproxy (2.0.6-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: ssl: ssl_sock was not fully initialized.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 13 Sep 2019 21:25:38 +0200
+
+haproxy (2.0.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not
+ connected.
+ - BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
+ - BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading
+ TCP=>H1+HTX.
+ - BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the
+ conn_stream.
+ - BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 16 Aug 2019 19:51:24 +0200
+
+haproxy (2.0.4-1) unstable; urgency=medium
+
+ * New upstream release. Upload to unstable.
+ - BUG/MAJOR: http/sample: use a static buffer for raw -> htx
+ conversion
+ - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in
+ process_srv_queue()
+ * d/haproxy.cfg: update default cipher lists to more secure defaults.
+ TLSv1.0 and TLSv1.1 are disabled, as well as TLS tickets (they are
+ breaking forward secrecy unless correctly rotated).
+ Closes: #932763.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 09 Aug 2019 14:22:23 +0200
+
+haproxy (2.0.3-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by
+ a delimiter (CVE-2019-14241)
+ - BUG/MEDIUM: checks: Don't attempt to receive data if we already
+ subscribed.
+ - BUG/MEDIUM: http/htx: unbreak option http_proxy
+ - DOC: htx: Update comments in HTX files
+ - BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction
+ - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream
+ * Bump Standards-Version to 4.4.0; no changes needed
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Tue, 23 Jul 2019 13:31:31 -0300
+
+haproxy (2.0.2-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: listener: fix thread safety in resume_listener()
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 17 Jul 2019 12:19:54 +0200
+
+haproxy (2.0.1-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL
+ condition.
+ - BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing
+ message is formatted
+ * d/rules: fix crash during reload due to libgcc_s.so missing when
+ chrooted.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 24 Jun 2019 19:28:26 +0200
+
+haproxy (2.0.0-1) experimental; urgency=medium
+
+ * New upstream version.
+ * d/watch: update to follow 2.0.
+ * d/gbp.conf: update for 2.0 and experimental.
+ * d/rules: update to use linux-glibc target.
+ * d/rules: enable prometheus exporter.
+ * d/patches: refresh patches.
+ * d/vim-haproxy.install: update path to vim syntax file.
+ * d/README.Debian: remove outdated information.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 20 Jun 2019 11:40:19 +0200
+
+haproxy (1.9.8-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI
+ - BUG/MAJOR: mux-h2: do not add a stream twice to the send list
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 16 May 2019 01:50:10 +0200
+
+haproxy (1.9.7-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
+ - BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB
+ - BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB
+ - BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP
+ proxies only
+ - BUG/MAJOR: task: make sure never to delete a queued task
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 28 Apr 2019 17:37:04 +0200
+
+haproxy (1.9.6-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: checks: segfault during tcpcheck_main
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 30 Mar 2019 12:43:33 +0100
+
+haproxy (1.9.5-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: cache/htx: Set the start-line offset when a cached object
+ is served
+ - BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are
+ unlocked
+ - BUG/MAJOR: listener: Make sure the listener exist before using it.
+ - BUG/MAJOR: mux-h2: fix race condition between close on both ends
+ - BUG/MAJOR: spoe: Don't try to get agent config during SPOP
+ healthcheck
+ - BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
+ - BUG/MAJOR: stats: Fix how huge POST data are read from the channel
+ - BUG/MAJOR: stream: avoid double free on unique_id
+ - BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the
+ global rq.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 19 Mar 2019 20:13:48 +0100
+
+haproxy (1.9.4-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: config: verify that targets of track-sc and stick rules
+ are present
+ - BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible
+ with HTX
+ - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their
+ callers' processes
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 07 Feb 2019 12:48:42 +0100
+
+haproxy (1.9.3-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: mux-h2: don't destroy the stream on failed allocation in
+ h2_snd_buf()
+ - BUG/MEDIUM: checks: fix recent regression on agent-check making it
+ crash
+ - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 29 Jan 2019 12:59:10 +0100
+
+haproxy (1.9.2-1) experimental; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache
+ key
+ - BUG/MEDIUM: checks: Avoid having an associated server for email
+ checks.
+ - BUG/MEDIUM: connection: properly unregister the mux on failed
+ initialization
+ - BUG/MEDIUM: h1: Get the h1m state when restarting the headers
+ parsing
+ - BUG/MEDIUM: h1: Make sure we destroy an inactive connectin that did
+ shutw.
+ - BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in
+ server-template
+ - BUG/MEDIUM: mux-h2: decode trailers in HEADERS frames
+ - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data
+ with 0RTT.
+ - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key
+ file
+ - BUG/MEDIUM: stats: Get the right scope pointer depending on HTX is
+ used or not
+ * d/patches: removal of CVE-2018-20615.patch (applied upstream)
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 17 Jan 2019 19:19:27 +0100
+
+haproxy (1.9.0-2) experimental; urgency=medium
+
+ * Fix out-of-bounds read in HTTP2 mux (CVE-2018-20615).
+ Possible crash in H2 HEADERS frame decoder when the PRIORITY flag
+ is present, due to a missing frame size check.
+ * Bump Standards-Version to 4.3.0; no changes needed.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Thu, 03 Jan 2019 12:41:02 +0200
+
+haproxy (1.9.0-1) experimental; urgency=medium
+
+ * New upstream version 1.9.0.
+ See https://www.haproxy.com/blog/haproxy-1-9-has-arrived/.
+ * d/watch: update to follow 1.9.
+ * d/gbp.conf: update for 1.9 and experimental.
+ * d/rules: do not override CFLAGS, hijack DEBUG_CFLAGS for this instead.
+ * d/patches: add regression fix for DNS.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 21 Dec 2018 11:13:41 +0100
+
+haproxy (1.8.15-1) unstable; urgency=high
+
+ [ Vincent Bernat ]
+ * d/rules: switch to pcre2. Closes: #911933.
+
+ [ Apollon Oikonomopoulos ]
+ * New upstream version 1.8.15
+ - BUG: dns: Fix off-by-one write in dns_validate_dns_response() (
+ - BUG: dns: Fix out-of-bounds read via signedness error in
+ dns_validate_dns_response()
+ - BUG: dns: Prevent out-of-bounds read in dns_read_name()
+ - BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
+ (CVE-2018-20102, closes: #916308)
+ - BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
+ (CVE-2018-20103, closes: #916307)
+ - BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Fri, 14 Dec 2018 15:31:04 +0200
+
+haproxy (1.8.14-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/CRITICAL: hpack: fix improper sign check on the header index
+ value (already fixed in 1.8.13-2)
+ - BUG/MAJOR: kqueue: Don't reset the changes number by accident.
+ - BUG/MAJOR: thread: lua: Wrong SSL context initialization.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 23 Sep 2018 12:25:03 +0200
+
+haproxy (1.8.13-2) unstable; urgency=high
+
+ * Fix improper sign check on the HPACK header index value (CVE-2018-14645)
+ * Bump Standards-Version to 4.2.1; no changes needed
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 19 Sep 2018 22:46:58 +0300
+
+haproxy (1.8.13-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MEDIUM: h2: don't accept new streams if conn_streams are still
+ in excess
+ - BUG/MEDIUM: h2: make sure the last stream closes the connection
+ after a timeout
+ - BUG/MEDIUM: h2: never leave pending data in the output buffer on close
+ - BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection
+ forever
+ - BUG/MEDIUM: stats: don't ask for more data as long as we're responding
+ - BUG/MEDIUM: stream-int: don't immediately enable reading when the
+ buffer was reportedly full
+ - BUG/MEDIUM: threads/sync: use sched_yield when available
+ - BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
+ - BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
+ - BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread
+ number
+ * d/patches: drop systemd exit status patch (applied upstream).
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 01 Aug 2018 11:36:20 +0200
+
+haproxy (1.8.12-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: stick_table: Complete incomplete SEGV fix
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 27 Jun 2018 20:05:50 +0200
+
+haproxy (1.8.11-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: Stick-tables crash with segfault when the key is not in
+ the stick-table
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 26 Jun 2018 18:26:05 +0200
+
+haproxy (1.8.10-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: lua: Dead lock with sockets
+ - BUG/MAJOR: map: fix a segfault when using http-request set-map
+ - BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
+ - BUG/MAJOR: ssl: Random crash with cipherlist capture
+ - BUG/MEDIUM: cache: don't cache when an Authorization header is present
+ - BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check
+ failure.
+ - BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
+ - BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
+ - BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
+ - BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
+ - BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
+ - BUG/MEDIUM: threads: handle signal queue only in thread 0
+ * Remove patch from CVE. Included upstream.
+ * d/patches: add a patch for clean stop with systemd.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 22 Jun 2018 20:21:37 +0200
+
+haproxy (1.8.9-2) unstable; urgency=high
+
+ * d/patches: fix CVE-2018-11469: do not cache when an Authorization
+ header is present. Closes: #900084.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 26 May 2018 16:05:07 +0200
+
+haproxy (1.8.9-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
+ - BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
+ - BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
+ - BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
+ - BUG/MEDIUM: pollers: Use a global list for fd shared between threads
+ - BUG/MEDIUM: ssl: properly protect SSL cert generation
+ - BUG/MEDIUM: task: Don't free a task that is about to be run
+ - BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
+ * d/rsyslog.conf: use modern syntax and statements, thanks to Guillem
+ Jover. Closes: #897914.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 19 May 2018 15:00:17 +0200
+
+haproxy (1.8.8-1) unstable; urgency=high
+
+ * New upstream version.
+ - BUG/CRITICAL: h2: fix incorrect frame length check
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 19 Apr 2018 17:51:55 +0200
+
+haproxy (1.8.7-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: cache: always initialize newly created objects
+ * d/control: switch maintainer address to tracker.debian.org.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 07 Apr 2018 07:58:34 +0200
+
+haproxy (1.8.6-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on
+ non-first blocks
+ - BUG/MAJOR: h2: remove orphaned streams from the send list before closing
+ - BUG/MEDIUM: h2/threads: never release the task outside of the task
+ handler
+ - BUG/MEDIUM: h2: always add a stream to the send or fctl list when
+ blocked
+ - BUG/MEDIUM: h2: don't consider pending data on detach if connection
+ is in error
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 05 Apr 2018 21:08:12 +0200
+
+haproxy (1.8.5-1) unstable; urgency=medium
+
+ * New upstream version.
+ - BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues
+ management
+ - BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
+ - BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
+ - BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
+ - BUG/MEDIUM: h2: also arm the h2 timeout when sending
+ - BUG/MEDIUM: h2: always consume any trailing data after end of output
+ buffers
+ - BUG/MEDIUM: h2: properly account for DATA padding in flow control
+ - BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier
+ as possible
+ - BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is
+ stopping
+ - BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
+ - BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as
+ unrecovarable.
+ - BUG/MEDIUM: ssl: Shutdown the connection for reading on
+ SSL_ERROR_SYSCALL
+ - BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
+ - BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
+ - BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is
+ temporarily disabled
+ * Upload to unstable.
+ * d/control: update Vcs-* fields to salsa.debian.org.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 25 Mar 2018 11:31:25 +0200
+
+haproxy (1.8.4-1) experimental; urgency=medium
+
+ * New upstream stable release.
+ * d/patches: document why dconv patch is not in series.
+ * d/docs: ship NOTICE file in haproxy-doc.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 10 Feb 2018 08:43:36 +0100
+
+haproxy (1.8.3-1) experimental; urgency=medium
+
+ * New upstream stable release.
+ * Change default configuration of stats socket to support hitless
+ reload.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 02 Jan 2018 18:48:24 +0100
+
+haproxy (1.8.2-1) experimental; urgency=medium
+
+ * New upstream stable release
+ * Refresh patches
+ * Bump Standards-Version to 4.1.2; no changes needed
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Sun, 24 Dec 2017 14:28:28 +0200
+
+haproxy (1.8.1-1) experimental; urgency=medium
+
+ * New upstream stable release.
+ * Enable PCRE JIT.
+ * systemd: replace Wants/After=syslog.service with After=rsyslog.service
+ (Closes: #882610)
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Sun, 03 Dec 2017 23:59:03 +0200
+
+haproxy (1.8.0-2) experimental; urgency=medium
+
+ * Use libatomic on platforms without 64-bit atomics. Fixes FTBFS on armel,
+ mips, mipsel, powerpc, powerpcspe, sh4 and m68k.
+ * d/rules: use variables defined in architecture.mk and buildflags.mk
+ * d/rules: drop unreachable else case.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 29 Nov 2017 01:21:40 +0200
+
+haproxy (1.8.0-1) experimental; urgency=medium
+
+ * New upstream stable series. Notable new features include:
+ + HTTP/2 support
+ + Support for multiple worker threads to allow scalability across CPUs
+ (e.g. for SSL termination)
+ + Seamless reloads
+ + HTTP small object caching
+ + Dynamic backend server configuration
+ See https://www.haproxy.com/blog/whats-new-haproxy-1-8/ and
+ https://www.mail-archive.com/haproxy@formilux.org/msg28004.html for more
+ detailed descriptions of the new features.
+ * Upload to experimental
+ * Refresh all patches.
+ * d/watch: switch to the 1.8.x upstream stable series
+ * Bump Standards to 4.1.1
+ + Switch haproxy-doc to Priority: optional from extra.
+ * Bump compat to 10:
+ + B-D on debhelper (>= 10)
+ + Drop explicit dh-systemd dependency and invocation
+ + Replace --no-restart-on-upgrade with --no-restart-after-upgrade
+ --no-stop-on-upgrade to make up for DH 10 defaults.
+ * B-D on libsystemd-dev and enable sd_notify() support on Linux.
+ * B-D on python3-sphinx instead of python-sphinx.
+ * d/rules: do not call dpkg-parsechangelog directly.
+ * d/copyright: drop obsolete section.
+ * Drop obsolete lintian overrides.
+ * Do a full-service restart when upgrading from pre-1.8 versions and running
+ under systemd, to migrate to the new process model and service type.
+ + Document this in d/NEWS as well.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Tue, 28 Nov 2017 22:25:11 +0200
+
+haproxy (1.7.10-1) unstable; urgency=medium
+
+ * New upstream version release (see CHANGELOG):
+ - BUG/MAJOR: stream-int: don't re-arm recv if send fails
+ - BUG/MAJOR: stream: ensure analysers are always called upon close
+ - BUG/MEDIUM: compression: Fix check on txn in smp_fetch_res_comp_algo
+ - BUG/MEDIUM: connection: remove useless flag CO_FL_DATA_RD_SH
+ - BUG/MEDIUM: deinit: correctly deinitialize the proxy and global
+ listener tasks
+ - BUG/MEDIUM: deviceatlas: ignore not valuable HTTP request data
+ - BUG/MEDIUM: epoll: ensure we always consider HUP and ERR
+ - BUG/MEDIUM: http: Close streams for connections closed before a
+ redirect
+ - BUG/MEDIUM: http: Fix a regression bug when a HTTP response is in
+ TUNNEL mode
+ - BUG/MEDIUM: http: Return an error when url_dec sample converter
+ failed
+ - BUG/MEDIUM: http: don't automatically forward request close
+ - BUG/MEDIUM: http: don't disable lingering on requests with tunnelled
+ responses
+ - BUG/MEDIUM: kqueue: Don't bother closing the kqueue after fork.
+ - BUG/MEDIUM: lua: HTTP services must take care of body-less status
+ codes
+ - BUG/MEDIUM: lua: fix crash when using bogus mode in
+ register_service()
+ - BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface
+ - BUG/MEDIUM: prevent buffers being overwritten during build_logline()
+ execution
+ - BUG/MEDIUM: ssl: fix OCSP expiry calculation
+ - BUG/MEDIUM: stream: don't ignore res.analyse_exp anymore
+ - BUG/MEDIUM: stream: properly set the required HTTP analysers on
+ use-service
+ - BUG/MEDIUM: tcp-check: don't call tcpcheck_main() from the I/O
+ handlers!
+ - BUG/MEDIUM: tcp-check: properly indicate polling state before
+ performing I/O
+ - BUG/MEDIUM: tcp/http: set-dst-port action broken
+ * Fix VERDATE build argument to really use changelog date.
+ * Bump compat to 10.
+ * d/control: B-D on python3-sphinx instead of python-sphinx.
+ * d/control: make haproxy-doc Priority: optional.
+ * d/rules: enable PCRE JIT.
+ * d/rules: use variables defined in *.mk.
+ * d/patches: refresh and replace Wants/After=syslog.service with
+ After=rsyslog.service. Closes: #882610.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 03 Jan 2018 08:29:48 +0100
+
+haproxy (1.7.9-1) unstable; urgency=medium
+
+ * New upstream version release (see CHANGELOG):
+ - BUG/MAJOR: lua/socket: resources not destroyed when the socket is
+ aborted
+ - BUG/MEDIUM: lua: bad memory access
+ - BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body
+ length is undefined
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 19 Aug 2017 12:05:02 +0200
+
+haproxy (1.7.8-1) unstable; urgency=medium
+
+ * New upstream version release (see CHANGELOG):
+ - BUG/MAJOR: cli: fix custom io_release was crushed by NULL.
+ - BUG/MAJOR: compression: Be sure to release the compression state in
+ all cases
+ - BUG/MAJOR: map: fix segfault during 'show map/acl' on cli.
+ - BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both
+ channels
+ - BUG/MEDIUM: map/acl: fix unwanted flags inheritance.
+ * Bump Standards-Version to 4.0.0. No changes needed.
+ * Update d/watch to use https.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 08 Jul 2017 08:24:35 +0200
+
+haproxy (1.7.7-1) unstable; urgency=medium
+
+ * New upstream version release (see CHANGELOG):
+ - BUG/MEDIUM: http: Drop the connection establishment when a redirect
+ is performed
+ - BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range
+ 1..32767
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 26 Jun 2017 14:06:48 +0200
+
+haproxy (1.7.6-1) unstable; urgency=medium
+
+ * New upstream version release (see CHANGELOG):
+ - BUG/MAJOR: Use -fwrapv.
+ - BUG/MAJOR: http: call manage_client_side_cookies() before erasing
+ the buffer
+ - BUG/MAJOR: server: Segfault after parsing server state file.
+ - BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
+ - BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
+ - BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments
+ on error
+ - BUG/MEDIUM: lua: memory leak
+ - BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return
+ anything
+ - BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
+ - BUG/MEDIUM: unix: never unlink a unix socket from the file system
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 18 Jun 2017 12:34:40 +0200
+
+haproxy (1.7.5-2) unstable; urgency=medium
+
+ * Enable getaddrinfo() support, allowing resolution of hostnames to IPv6
+ addresses (Closes: #862780). Thanks to Anton Eliasson
+ <devel@antoneliasson.se>!
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 17 May 2017 13:01:45 +0300
+
+haproxy (1.7.5-1) unstable; urgency=medium
+
+ * New upstream version release (see CHANGELOG):
+ - BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
+ - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
+ - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is
+ enabled
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Tue, 04 Apr 2017 14:25:38 +0300
+
+haproxy (1.7.4-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the
+ data layer
+ - BUG/MAJOR: http: fix typo in http_apply_redirect_rule
+ - BUG/MAJOR: stream-int: do not depend on connection flags to detect
+ connection
+ - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
+ - BUG/MEDIUM: connection: ensure to always report the end of handshakes
+ - BUG/MEDIUM: listener: do not try to rebind another process' socket
+ - BUG/MEDIUM: stream: fix client-fin/server-fin handling
+ - BUG/MEDIUM: tcp: don't require privileges to bind to device
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 31 Mar 2017 11:01:14 +0200
+
+haproxy (1.7.3-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ - BUG/MAJOR: lua segmentation fault when the request is like 'GET
+ ?arg=val HTTP/1.1'
+ - BUG/MAJOR: dns: restart sockets after fork()
+ - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
+ - BUG/MEDIUM: http: prevent redirect from overwriting a buffer
+ - BUG/MEDIUM: filters: Do not truncate HTTP response when body length
+ is undefined
+ - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
+ - BUG/MEDIUM: config: reject anything but "if" or "unless" after a
+ use-backend rule
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 01 Mar 2017 20:03:12 +0100
+
+haproxy (1.7.2-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + Fix a regression whereby fragmented requests were randomly flagged as
+ bad requests depending on previous buffer contents; this was noticable
+ under low load with authenticated requests.
+ + Fix dynamic address resolution for IPv6-only hosts.
+ + Make sure SSL sessions are not reused when the SNI changes. This makes
+ SNI and SSL health checks play nice together.
+ + Minor improvements:
+ - Add the ability to perform actions on multiple servers via the stats
+ page.
+ - Add the ability to specify a custom HTTP reason field in generated
+ responses.
+ - New sample fetch function, `fc_rcvd_proxy', indicating wheter the
+ PROXY protocol was used on the frontend for a connection or not.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Fri, 13 Jan 2017 14:49:05 +0200
+
+haproxy (1.7.1-1) unstable; urgency=medium
+
+ * New upstream stable release.
+ * Upload to unstable.
+ * Notable new features since 1.6:
+ + SPOE (stream processing offload engine) : ability to delegate some
+ slow, unreliable or dangerous processing to external processes.
+ + More statistics in the CSV output.
+ + Support of directories for config files: if the argument to -f
+ is a directory, all files found there are loaded in alphabetical order.
+ + It is now possible to set/unset/preset environment variables directly in
+ the global section and query them through the CLI.
+ + The CLI makes it possible to change a server's address, port, maxconn,
+ check address and port at runtime, without reloading haproxy.
+ + Support for multiple certificates: different certificates for the same
+ domain so that the best one can be picked according to browser support.
+ The main use is to be able to deliver ECDSA certificates to clients
+ supporting them, without breaking compatibility with older clients.
+ + SO_REUSEPORT is now configurable and can be disabled.
+ + Updates to the Lua API, including new classes to access many internal
+ objects like listeners, servers, proxies etc.
+ + Support for a new type of maps consisting of regular expressions with
+ replacement values.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Tue, 13 Dec 2016 12:32:32 +0200
+
+haproxy (1.7.0-1) experimental; urgency=medium
+
+ * New upstream stable series.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Fri, 25 Nov 2016 18:00:55 +0200
+
+haproxy (1.7~dev6-1) experimental; urgency=medium
+
+ * New upstream development release (Closes: #828337)
+ * Upload to experimental
+ * d/watch: look for 1.7
+ * B-D on zlib1g-dev
+ * haproxy: Depend on lsb-base for the initscript
+ * Ship additional plain-text documentation
+ * haproxy-doc: ship HTML version of management.txt
+ * Update the default SSL cipher list and add a link to Mozilla's SSL
+ configuration generator (Closes: #840735)
+ * d/rules: use SUBVERS to pass the Debian revision to HAPROXY_VERSION
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Thu, 10 Nov 2016 16:02:27 +0200
+
+haproxy (1.6.10-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + Fix retransmits in proxy mode and rare cases of unkillable tasks.
+ + systemd wrapper: do not leave old processes behind when reloading too
+ fast.
+ + systemd wrapper: correctly set the status code.
+ + Fix two bugs in the peers' task management possibly causing some
+ CLOSE_WAIT connection after some rare race conditions.
+ + Make SO_REUSEPORT use configurable via the "-dR" command line switch
+ or the "noreuseport" config option in the global section.
+ * B-D on libssl1.0-dev (Closes: #828337); upstream does not currently
+ support OpenSSL 1.1 for the 1.6 series.
+ * haproxy: depend on lsb-base for the initscript's use of
+ /lib/lsb/init-functions.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Mon, 21 Nov 2016 11:46:16 +0200
+
+haproxy (1.6.9-2) unstable; urgency=medium
+
+ * Enable Linux namespace support.
+ * Pass the full Debian version and package release date from d/changelog to
+ the build system.
+ * initscript: reorder the reload command arguments to always parse EXTRAOPTS
+ properly.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 28 Sep 2016 10:45:43 +0300
+
+haproxy (1.6.9-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + BUG/MAJOR: stream: properly mark the server address as unset on
+ connect retry
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 31 Aug 2016 07:44:27 +0200
+
+haproxy (1.6.8-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + BUG/MAJOR: compression: initialize avail_in/next_in even during
+ flush
+ + BUG/MAJOR: server: the "sni" directive could randomly cause trouble
+ + BUG/MAJOR: stick-counters: possible crash when using sc_trackers
+ with wrong table
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 14 Aug 2016 14:17:08 +0200
+
+haproxy (1.6.7-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + BUG/MAJOR: fix use-after-free crash on start
+ + BUG/MEDIUM: dns: fix alignment issues in the DNS response parser
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 14 Jul 2016 08:29:43 +0200
+
+haproxy (1.6.6-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + BUG/MAJOR: fix listening IP address storage for frontends
+ + BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
+ + BUG/MEDIUM: stick-tables: fix breakage in table converters
+ + BUG/MEDIUM: dns: unbreak DNS resolver after header fix
+ + BUG/MEDIUM: stats: show servers state may show an servers from another
+ backend
+ + BUG/MEDIUM: fix risk of segfault with "show tls-keys"
+ + BUG/MEDIUM: sticktables: segfault in some configuration error cases
+ + BUG/MEDIUM: lua: converters doesn't work
+ + BUG/MEDIUM: http: add-header: buffer overwritten
+ + BUG/MEDIUM: external-checks: close all FDs right after the fork()
+ + BUG/MAJOR: external-checks: use asynchronous signal delivery
+ * Drop haproxy.service-check-config-before-reload.patch. Applied
+ upstream.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 28 Jun 2016 10:13:33 +0200
+
+haproxy (1.6.5-2) unstable; urgency=high
+
+ * Add a patch to fix CVE-2016-5360. Closes: #826869.
+ + BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 11 Jun 2016 22:23:50 +0200
+
+haproxy (1.6.5-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + BUG/MAJOR: channel: fix miscalculation of available buffer space
+ + BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY
+ headers
+ + BUG/MEDIUM: channel: don't allow to overwrite the reserve until
+ connected
+ + BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers
+ + BUG/MEDIUM: channel: incorrect polling condition may delay event
+ delivery
+ + BUG/MEDIUM: dns: fix alignment issue when building DNS queries
+ + BUG/MEDIUM: fix maxaccept computation on per-process listeners
+ + BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are
+ present
+ + BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from
+ dead client
+ + BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP
+ mode
+ + BUG/MEDIUM: lua: protects the upper boundary of the argument list for
+ converters/fetches.
+ + BUG/MEDIUM: peers: fix incorrect age in frequency counters
+ + BUG/MEDIUM: sample: initialize the pointer before parse_binary call.
+ + BUG/MEDIUM: stats: show backend may show an empty or incomplete result
+ + BUG/MEDIUM: stats: show servers state may show an empty or incomplete
+ result
+ + BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the
+ connection state.
+ + BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared
+ + BUG/MEDIUM: trace.c: rdtsc() is defined in two files
+ + MEDIUM: unblock signals on startup.
+ * Bump standards to 3.9.8; no changes needed.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 11 May 2016 11:07:24 +0300
+
+haproxy (1.6.4-3) unstable; urgency=medium
+
+ * d/init: remove support for dynamic script name. This enable haproxy to
+ be started on boot.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 24 Mar 2016 20:36:08 +0100
+
+haproxy (1.6.4-2) unstable; urgency=medium
+
+ * d/init: fix SysV init script w/ respect to handling EXTRAOPTS on check.
+ * d/control: add Pre-Depends for dpkg-maintscript-helper support of
+ dir_to_symlink.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 19 Mar 2016 16:35:20 +0100
+
+haproxy (1.6.4-1) unstable; urgency=medium
+
+ * New upstream release (see CHANGELOG):
+ + BUG/MAJOR: http-reuse: fix risk of orphaned connections.
+ + BUG/MAJOR: lua: applets can't sleep.
+ + BUG/MAJOR: samples: check smp->strm before using it.
+ + BUG/MAJOR: servers state: server port is erased when dns resolution is
+ enabled on a server.
+ + BUG/MAJOR: vars: always retrieve the stream and session from the sample
+ + BUG/MEDIUM: buffers: do not round up buffer size during allocation
+ + BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the
+ nameserver
+ + BUG/MEDIUM: servers state: server port is used uninitialized
+ + BUG/MEDIUM: config: Adding validation to stick-table expire value.
+ + BUG/MEDIUM: sample: http_date() doesn't provide the right day of the
+ week
+ + BUG/MEDIUM: channel: fix miscalculation of available buffer space.
+ + BUG/MEDIUM: http-reuse: do not share private connections across backends
+ + BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
+ + BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
+ + BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask
+ correctly
+ + BUG/MEDIUM: chunks: always reject negative-length chunks
+ + BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni"
+ keyword
+
+ [ Vincent Bernat ]
+ * haproxy.init: append ${EXTRAOPTS} when verifying configuration file.
+ * haproxy.init: move EXTRAOPTS after all other parameters.
+ * haproxy.init: management of multiple HAProxy instances with SysV
+ init.d script, courtesy of Ivan Savcic.
+
+ [ Apollon Oikonomopoulos ]
+ * Bump standards to 3.9.7:
+ + haproxy-doc: move the additional documentation from
+ /usr/share/doc/haproxy-doc to /usr/share/doc/haproxy, as per the
+ recommendation in Policy §12.3.
+ + Add compatibility symlinks from /usr/share/doc/haproxy-doc to
+ /usr/share/doc/haproxy.
+ * Enable all hardening flags.
+ * d/control: use HTTPS for Vcs-*
+ * Use www.haproxy.org as the project's homepage in d/control and
+ d/copyright.
+ * d/copyright: adjust debian/* years.
+ * Add basic DEP-8 tests.
+ * Drop the haproxy-dbg binary package in favor of ddebs.
+ * haproxy-doc:
+ + Use dpkg-maintscript-helper dir_to_symlink for the compatibility
+ symlinks.
+ + Add Lua documentation doc-base entry.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Tue, 15 Mar 2016 21:04:11 +0200
+
+haproxy (1.6.3-1) unstable; urgency=medium
+
+ [ Apollon Oikonomopoulos ]
+ * haproxy.init: use s-s-d's --pidfile option.
+ Thanks to Louis Bouchard (Closes: 804530)
+
+ [ Vincent Bernat ]
+ * watch: fix d/watch to look for 1.6 version
+ * Imported Upstream version 1.6.3
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 31 Dec 2015 08:10:10 +0100
+
+haproxy (1.6.2-2) unstable; urgency=medium
+
+ * Enable USE_REGPARM on amd64 as well.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 03 Nov 2015 21:21:30 +0100
+
+haproxy (1.6.2-1) unstable; urgency=medium
+
+ * New upstream release.
+ - BUG/MAJOR: dns: first DNS response packet not matching queried
+ hostname may lead to a loop
+ - BUG/MAJOR: http: don't requeue an idle connection that is already
+ queued
+ * Upload to unstable.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 03 Nov 2015 13:36:22 +0100
+
+haproxy (1.6.1-2) experimental; urgency=medium
+
+ * Build the Lua manpage in -arch, fixes FTBFS in binary-only builds.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Thu, 22 Oct 2015 12:19:41 +0300
+
+haproxy (1.6.1-1) experimental; urgency=medium
+
+ [ Vincent Bernat ]
+ * New upstream release.
+ - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
+ disabled
+ * Drop 0001-BUILD-install-only-relevant-and-existing-documentati.patch.
+
+ [ Apollon Oikonomopoulos ]
+ * Ship and generate Lua API documentation.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 22 Oct 2015 10:45:55 +0200
+
+haproxy (1.6.0+ds1-1) experimental; urgency=medium
+
+ * New upstream release!
+ * Add a patch to fix documentation installation:
+ + 0001-BUILD-install-only-relevant-and-existing-documentati.patch
+ * Update HAProxy documentation converter to a more recent version.
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 14 Oct 2015 17:29:19 +0200
+
+haproxy (1.6~dev7-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 06 Oct 2015 16:01:26 +0200
+
+haproxy (1.6~dev5-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 14 Sep 2015 15:50:28 +0200
+
+haproxy (1.6~dev4-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Refresh debian/copyright.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 30 Aug 2015 23:54:10 +0200
+
+haproxy (1.6~dev3-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Enable Lua support.
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 15 Aug 2015 17:51:29 +0200
+
+haproxy (1.5.15-1) unstable; urgency=medium
+
+ * New upstream stable release including the following fix:
+ - BUG/MAJOR: http: don't call http_send_name_header() after an error
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 02 Nov 2015 07:34:19 +0100
+
+haproxy (1.5.14-1) unstable; urgency=high
+
+ * New upstream version. Fix an information leak (CVE-2015-3281):
+ - BUG/MAJOR: buffers: make the buffer_slow_realign() function
+ respect output data.
+ * Add $named as a dependency for init script. Closes: #790638.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 03 Jul 2015 19:49:02 +0200
+
+haproxy (1.5.13-1) unstable; urgency=medium
+
+ * New upstream stable release including the following fixes:
+ - MAJOR: peers: allow peers section to be used with nbproc > 1
+ - BUG/MAJOR: checks: always check for end of list before proceeding
+ - MEDIUM: ssl: replace standards DH groups with custom ones
+ - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
+ - BUG/MEDIUM: cfgparse: segfault when userlist is misused
+ - BUG/MEDIUM: stats: properly initialize the scope before dumping stats
+ - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
+ except for tunnels
+ - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
+ - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
+ - BUG/MEDIUM: peers: apply a random reconnection timeout
+ - BUG/MEDIUM: config: properly compute the default number of processes
+ for a proxy
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 27 Jun 2015 20:52:07 +0200
+
+haproxy (1.5.12-1) unstable; urgency=medium
+
+ * New upstream stable release including the following fixes:
+ - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
+ - BUG/MAJOR: http: prevent risk of reading past end with balance
+ url_param
+ - BUG/MEDIUM: Do not consider an agent check as failed on L7 error
+ - BUG/MEDIUM: patern: some entries are not deleted with case
+ insensitive match
+ - BUG/MEDIUM: buffer: one byte miss in buffer free space check
+ - BUG/MEDIUM: http: thefunction "(req|res)-replace-value" doesn't
+ respect the HTTP syntax
+ - BUG/MEDIUM: peers: correctly configure the client timeout
+ - BUG/MEDIUM: http: hdr_cnt would not count any header when called
+ without name
+ - BUG/MEDIUM: listener: don't report an error when resuming unbound
+ listeners
+ - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
+ - BUG/MEDIUM: stream-int: always reset si->ops when si->end is
+ nullified
+ - BUG/MEDIUM: http: remove content-length from chunked messages
+ - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to
+ HTTP/1.1
+ - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad
+ request
+ - BUG/MEDIUM: http: remove content-length form responses with bad
+ transfer-encoding
+ - BUG/MEDIUM: http: wait for the exact amount of body bytes in
+ wait_for_request_body
+
+ -- Vincent Bernat <bernat@debian.org> Sat, 02 May 2015 16:38:28 +0200
+
+haproxy (1.5.11-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 26 Apr 2015 17:46:58 +0200
+
+haproxy (1.5.11-1) experimental; urgency=medium
+
+ * New upstream stable release including the following fixes:
+ - BUG/MAJOR: log: don't try to emit a log if no logger is set
+ - BUG/MEDIUM: backend: correctly detect the domain when
+ use_domain_only is used
+ - BUG/MEDIUM: Do not set agent health to zero if server is disabled
+ in config
+ - BUG/MEDIUM: Only explicitly report "DOWN (agent)" if the agent health
+ is zero
+ - BUG/MEDIUM: http: fix header removal when previous header ends with
+ pure LF
+ - BUG/MEDIUM: channel: fix possible integer overflow on reserved size
+ computation
+ - BUG/MEDIUM: channel: don't schedule data in transit for leaving until
+ connected
+ - BUG/MEDIUM: http: make http-request set-header compute the string
+ before removal
+ * Upload to experimental.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 01 Feb 2015 09:22:27 +0100
+
+haproxy (1.5.10-1) experimental; urgency=medium
+
+ * New upstream stable release including the following fixes:
+ - BUG/MAJOR: stream-int: properly check the memory allocation return
+ - BUG/MEDIUM: sample: fix random number upper-bound
+ - BUG/MEDIUM: patterns: previous fix was incomplete
+ - BUG/MEDIUM: payload: ensure that a request channel is available
+ - BUG/MEDIUM: tcp-check: don't rely on random memory contents
+ - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
+ - BUG/MEDIUM: config: do not propagate processes between stopped
+ processes
+ - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
+ - BUG/MEDIUM: compression: correctly report zlib_mem
+ * Upload to experimental.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 04 Jan 2015 13:17:56 +0100
+
+haproxy (1.5.9-1) experimental; urgency=medium
+
+ * New upstream stable release including the following fixes:
+ - BUG/MAJOR: sessions: unlink session from list on out
+ of memory
+ - BUG/MEDIUM: pattern: don't load more than once a pattern
+ list.
+ - BUG/MEDIUM: connection: sanitize PPv2 header length before
+ parsing address information
+ - BUG/MAJOR: frontend: initialize capture pointers earlier
+ - BUG/MEDIUM: checks: fix conflicts between agent checks and
+ ssl healthchecks
+ - BUG/MEDIUM: ssl: force a full GC in case of memory shortage
+ - BUG/MEDIUM: ssl: fix bad ssl context init can cause
+ segfault in case of OOM.
+ * Upload to experimental.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 07 Dec 2014 16:37:36 +0100
+
+haproxy (1.5.8-3) unstable; urgency=medium
+
+ * Remove RC4 from the default cipher string shipped in configuration.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 27 Feb 2015 11:29:23 +0100
+
+haproxy (1.5.8-2) unstable; urgency=medium
+
+ * Cherry-pick the following patches from 1.5.9 release:
+ - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out
+ of memory
+ - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern
+ list.
+ - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before
+ parsing address information
+ - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier
+ - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and
+ ssl healthchecks
+ - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage
+ - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause
+ segfault in case of OOM.
+ * Cherry-pick the following patches from future 1.5.10 release:
+ - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is
+ available
+ - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 07 Dec 2014 11:11:21 +0100
+
+haproxy (1.5.8-1) unstable; urgency=medium
+
+ * New upstream stable release including the following fixes:
+
+ + BUG/MAJOR: buffer: check the space left is enough or not when input
+ data in a buffer is wrapped
+ + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
+ + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
+ + BUG/MEDIUM: regex: fix pcre_study error handling
+ + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
+ + BUG/MINOR: log: fix request flags when keep-alive is enabled
+ + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
+ + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
+ * Also includes the following new features:
+ + MINOR: ssl: add statement to force some ssl options in global.
+ + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER
+ formatted certs
+ * Disable SSLv3 in the default configuration file.
+
+ -- Vincent Bernat <bernat@debian.org> Fri, 31 Oct 2014 13:48:19 +0100
+
+haproxy (1.5.6-1) unstable; urgency=medium
+
+ * New upstream stable release including the following fixes:
+ + BUG/MEDIUM: systemd: set KillMode to 'mixed'
+ + MINOR: systemd: Check configuration before start
+ + BUG/MEDIUM: config: avoid skipping disabled proxies
+ + BUG/MINOR: config: do not accept more track-sc than configured
+ + BUG/MEDIUM: backend: fix URI hash when a query string is present
+ * Drop systemd patches:
+ + haproxy.service-also-check-on-start.patch
+ + haproxy.service-set-killmode-to-mixed.patch
+ * Refresh other patches.
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 20 Oct 2014 18:10:21 +0200
+
+haproxy (1.5.5-1) unstable; urgency=medium
+
+ [ Vincent Bernat ]
+ * initscript: use start-stop-daemon to reliably terminate all haproxy
+ processes. Also treat stopping a non-running haproxy as success.
+ (Closes: #762608, LP: #1038139)
+
+ [ Apollon Oikonomopoulos ]
+ * New upstream stable release including the following fixes:
+ + DOC: Address issue where documentation is excluded due to a gitignore
+ rule.
+ + MEDIUM: Improve signal handling in systemd wrapper.
+ + BUG/MINOR: config: don't propagate process binding for dynamic
+ use_backend
+ + MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
+ + DOC: clearly state that the "show sess" output format is not fixed
+ + MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
+ + DOC: indicate in the doc that track-sc* can wait if data are missing
+ + MEDIUM: http: enable header manipulation for 101 responses
+ + BUG/MEDIUM: config: propagate frontend to backend process binding again.
+ + MEDIUM: config: properly propagate process binding between proxies
+ + MEDIUM: config: make the frontends automatically bind to the listeners'
+ processes
+ + MEDIUM: config: compute the exact bind-process before listener's
+ maxaccept
+ + MEDIUM: config: only warn if stats are attached to multi-process bind
+ directives
+ + MEDIUM: config: report it when tcp-request rules are misplaced
+ + MINOR: config: detect the case where a tcp-request content rule has no
+ inspect-delay
+ + MEDIUM: systemd-wrapper: support multiple executable versions and names
+ + BUG/MEDIUM: remove debugging code from systemd-wrapper
+ + BUG/MEDIUM: http: adjust close mode when switching to backend
+ + BUG/MINOR: config: don't propagate process binding on fatal errors.
+ + BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
+ + BUG/MINOR: tcp-check: report the correct failed step in the status
+ + DOC: indicate that weight zero is reported as DRAIN
+ * Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the
+ systemctl stop action conflicting with the systemd wrapper now catching
+ SIGTERM.
+ * Bump standards to 3.9.6; no changes needed.
+ * haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org.
+ * d/copyright: move debian/dconv/* paragraph after debian/*, so that it
+ actually matches the files it is supposed to.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 08 Oct 2014 12:34:53 +0300
+
+haproxy (1.5.4-1) unstable; urgency=high
+
+ * New upstream version.
+ + Fix a critical bug that, under certain unlikely conditions, allows a
+ client to crash haproxy.
+ * Prefix rsyslog configuration file to ensure to log only to
+ /var/log/haproxy. Thanks to Paul Bourke for the patch.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 02 Sep 2014 19:14:38 +0200
+
+haproxy (1.5.3-1) unstable; urgency=medium
+
+ * New upstream stable release, fixing the following issues:
+ + Memory corruption when building a proxy protocol v2 header
+ + Memory leak in SSL DHE key exchange
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Fri, 25 Jul 2014 10:41:36 +0300
+
+haproxy (1.5.2-1) unstable; urgency=medium
+
+ * New upstream stable release. Important fixes:
+ + A few sample fetch functions when combined in certain ways would return
+ malformed results, possibly crashing the HAProxy process.
+ + Hash-based load balancing and http-send-name-header would fail for
+ requests which contain a body which starts to be forwarded before the
+ data is used.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Mon, 14 Jul 2014 00:42:32 +0300
+
+haproxy (1.5.1-1) unstable; urgency=medium
+
+ * New upstream stable release:
+ + Fix a file descriptor leak for clients that disappear before connecting.
+ + Do not staple expired OCSP responses.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Tue, 24 Jun 2014 12:56:30 +0300
+
+haproxy (1.5.0-1) unstable; urgency=medium
+
+ * New upstream stable series. Notable changes since the 1.4 series:
+ + Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling.
+ + IPv6 and UNIX sockets are supported everywhere
+ + End-to-end HTTP keep-alive for better support of NTLM and improved
+ efficiency in static farms
+ + HTTP/1.1 response compression (deflate, gzip) to save bandwidth
+ + PROXY protocol versions 1 and 2 on both sides
+ + Data sampling on everything in request or response, including payload
+ + ACLs can use any matching method with any input sample
+ + Maps and dynamic ACLs updatable from the CLI
+ + Stick-tables support counters to track activity on any input sample
+ + Custom format for logs, unique-id, header rewriting, and redirects
+ + Improved health checks (SSL, scripted TCP, check agent, ...)
+ + Much more scalable configuration supports hundreds of thousands of
+ backends and certificates without sweating
+
+ * Upload to unstable, merge all 1.5 work from experimental. Most important
+ packaging changes since 1.4.25-1 include:
+ + systemd support.
+ + A more sane default config file.
+ + Zero-downtime upgrades between 1.5 releases by gracefully reloading
+ HAProxy during upgrades.
+ + HTML documentation shipped in the haproxy-doc package.
+ + kqueue support for kfreebsd.
+
+ * Packaging changes since 1.5~dev26-2:
+ + Drop patches merged upstream:
+ o Fix-reference-location-in-manpage.patch
+ o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch
+ + d/watch: look for stable 1.5 releases
+ + systemd: respect CONFIG and EXTRAOPTS when specified in
+ /etc/default/haproxy.
+ + initscript: test the configuration before start or reload.
+ + initscript: remove the ENABLED flag and logic.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Fri, 20 Jun 2014 11:05:17 +0300
+
+haproxy (1.5~dev26-2) experimental; urgency=medium
+
+ * initscript: start should not fail when haproxy is already running
+ + Fixes upgrades from post-1.5~dev24-1 installations
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 04 Jun 2014 13:20:39 +0300
+
+haproxy (1.5~dev26-1) experimental; urgency=medium
+
+ * New upstream development version.
+ + Add a patch to fix compilation with -Werror=format-security
+
+ -- Vincent Bernat <bernat@debian.org> Wed, 28 May 2014 20:32:10 +0200
+
+haproxy (1.5~dev25-1) experimental; urgency=medium
+
+ [ Vincent Bernat ]
+ * New upstream development version.
+ * Rename "contimeout", "clitimeout" and "srvtimeout" in the default
+ configuration file to "timeout connection", "timeout client" and
+ "timeout server".
+
+ [ Apollon Oikonomopoulos ]
+ * Build on kfreebsd using the "freebsd" target; enables kqueue support.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 15 May 2014 00:20:11 +0200
+
+haproxy (1.5~dev24-2) experimental; urgency=medium
+
+ * New binary package: haproxy-doc
+ + Contains the HTML documentation built using a version of Cyril Bonté's
+ haproxy-dconv (https://github.com/cbonte/haproxy-dconv).
+ + Add Build-Depends-Indep on python and python-mako
+ + haproxy Suggests: haproxy-doc
+ * systemd: check config file for validity on reload.
+ * haproxy.cfg:
+ + Enable the stats socket by default and bind it to
+ /run/haproxy/admin.sock, which is accessible by the haproxy group.
+ /run/haproxy creation is handled by the initscript for sysv-rc and a
+ tmpfiles.d config for systemd.
+ + Set the default locations for CA and server certificates to
+ /etc/ssl/certs and /etc/ssl/private respectively.
+ + Set the default cipher list to be used on listening SSL sockets to
+ enable PFS, preferring ECDHE ciphers by default.
+ * Gracefully reload HAProxy on upgrade instead of performing a full restart.
+ * debian/rules: split build into binary-arch and binary-indep.
+ * Build-depend on debhelper >= 9, set compat to 9.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Sun, 27 Apr 2014 13:37:17 +0300
+
+haproxy (1.5~dev24-1) experimental; urgency=medium
+
+ * New upstream development version, fixes major regressions introduced in
+ 1.5~dev23:
+
+ + Forwarding of a message body (request or response) would automatically
+ stop after the transfer timeout strikes, and with no error.
+ + Redirects failed to update the msg->next offset after consuming the
+ request, so if they were made with keep-alive enabled and starting with
+ a slash (relative location), then the buffer was shifted by a negative
+ amount of data, causing a crash.
+ + The code to standardize DH parameters caused an important performance
+ regression for, so it was temporarily reverted for the time needed to
+ understand the cause and to fix it.
+
+ For a complete release announcement, including other bugfixes and feature
+ enhancements, see http://deb.li/yBVA.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Sun, 27 Apr 2014 11:09:37 +0300
+
+haproxy (1.5~dev23-1) experimental; urgency=medium
+
+ * New upstream development version; notable changes since 1.5~dev22:
+ + SSL record size optimizations to speed up both, small and large
+ transfers.
+ + Dynamic backend name support in use_backend.
+ + Compressed chunked transfer encoding support.
+ + Dynamic ACL manipulation via the CLI.
+ + New "language" converter for extracting language preferences from
+ Accept-Language headers.
+ * Remove halog source and systemd unit files from
+ /usr/share/doc/haproxy/contrib, they are built and shipped in their
+ appropriate locations since 1.5~dev19-2.
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Wed, 23 Apr 2014 11:12:34 +0300
+
+haproxy (1.5~dev22-1) experimental; urgency=medium
+
+ * New upstream development version
+ * watch: use the source page and not the main one
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Mon, 03 Feb 2014 17:45:51 +0200
+
+haproxy (1.5~dev21+20140118-1) experimental; urgency=medium
+
+ * New upstream development snapshot, with the following fixes since
+ 1.5-dev21:
+ + 00b0fb9 BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9
+ + 410f810 BUG/MEDIUM: map: segmentation fault with the stats's socket
+ command "set map ..."
+ + abf08d9 BUG/MAJOR: connection: fix mismatch between rcv_buf's API and
+ usage
+ + 35249cb BUG/MINOR: pattern: pattern comparison executed twice
+ + c920096 BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between
+ requests
+ + b800623 BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous
+ patch
+ + 61f7f0a BUG/MINOR: stream-int: do not clear the owner upon unregister
+ + 983eb31 BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned
+ + a3ae932 BUG/MEDIUM: stats: the web interface must check the tracked
+ servers before enabling
+ + e24d963 BUG/MEDIUM: checks: unchecked servers could not be enabled
+ anymore
+ + 7257550 BUG/MINOR: http: always disable compression on HTTP/1.0
+ + 9f708ab BUG/MINOR: checks: successful check completion must not
+ re-enable MAINT servers
+ + ff605db BUG/MEDIUM: backend: do not re-initialize the connection's
+ context upon reuse
+ + ea90063 BUG/MEDIUM: stream-int: fix the keep-alive idle connection
+ handler
+ * Update debian/copyright to reflect the license of ebtree/
+ (closes: #732614)
+ * Synchronize debian/copyright with source
+ * Add Documentation field to the systemd unit file
+
+ -- Apollon Oikonomopoulos <apoikos@debian.org> Mon, 20 Jan 2014 10:07:34 +0200
+
+haproxy (1.5~dev21-1) experimental; urgency=low
+
+ [ Prach Pongpanich ]
+ * Bump Standards-Version to 3.9.5
+
+ [ Thomas Bechtold ]
+ * debian/control: Add haproxy-dbg binary package for debug symbols.
+
+ [ Apollon Oikonomopoulos ]
+ * New upstream development version.
+ * Require syslog to be operational before starting. Closes: #726323.
+
+ -- Vincent Bernat <bernat@debian.org> Tue, 17 Dec 2013 01:38:04 +0700
+
+haproxy (1.5~dev19-2) experimental; urgency=low
+
+ [ Vincent Bernat ]
+ * Really enable systemd support by using dh-systemd helper.
+ * Don't use -L/usr/lib and rely on default search path. Closes: #722777.
+
+ [ Apollon Oikonomopoulos ]
+ * Ship halog.
+
+ -- Vincent Bernat <bernat@debian.org> Thu, 12 Sep 2013 21:58:05 +0200
+
+haproxy (1.5~dev19-1) experimental; urgency=high
+
+ [ Vincent Bernat ]
+ * New upstream version.
+ + CVE-2013-2175: fix a possible crash when using negative header
+ occurrences.
+ + Drop 0002-Fix-typo-in-src-haproxy.patch: applied upstream.
+ * Enable gzip compression feature.
+
+ [ Prach Pongpanich ]
+ * Drop bashism patch. It seems useless to maintain a patch to convert
+ example scripts from /bin/bash to /bin/sh.
+ * Fix reload/restart action of init script (LP: #1187469)
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 17 Jun 2013 22:03:58 +0200
+
+haproxy (1.5~dev18-1) experimental; urgency=low
+
+ [ Apollon Oikonomopoulos ]
+ * New upstream development version
+
+ [ Vincent Bernat ]
+ * Add support for systemd. Currently, /etc/default/haproxy is not used
+ when using systemd.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 26 May 2013 12:33:00 +0200
+
+haproxy (1.4.25-1) unstable; urgency=medium
+
+ [ Prach Pongpanich ]
+ * New upstream version.
+ * Update watch file to use the source page.
+ * Bump Standards-Version to 3.9.5.
+
+ [ Thomas Bechtold ]
+ * debian/control: Add haproxy-dbg binary package for debug symbols.
+
+ [ Apollon Oikonomopoulos ]
+ * Require syslog to be operational before starting. Closes: #726323.
+ * Document how to bind non-local IPv6 addresses.
+ * Add a reference to configuration.txt.gz to the manpage.
+ * debian/copyright: synchronize with source.
+
+ -- Prach Pongpanich <prachpub@gmail.com> Fri, 28 Mar 2014 09:35:09 +0700
+
+haproxy (1.4.24-2) unstable; urgency=low
+
+ [ Apollon Oikonomopoulos ]
+ * Ship contrib/halog as /usr/bin/halog.
+
+ [ Vincent Bernat ]
+ * Don't use -L/usr/lib and rely on default search path. Closes: #722777.
+
+ -- Vincent Bernat <bernat@debian.org> Sun, 15 Sep 2013 14:36:27 +0200
+
+haproxy (1.4.24-1) unstable; urgency=high
+
+ [ Vincent Bernat ]
+ * New upstream version.
+ + CVE-2013-2175: fix a possible crash when using negative header
+ occurrences.
+
+ [ Prach Pongpanich ]
+ * Drop bashism patch. It seems useless to maintain a patch to convert
+ example scripts from /bin/bash to /bin/sh.
+ * Fix reload/restart action of init script (LP: #1187469).
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 17 Jun 2013 21:56:26 +0200
+
+haproxy (1.4.23-1) unstable; urgency=low
+
+ [ Apollon Oikonomopoulos ]
+ * New upstream version (Closes: #643650, #678953)
+ + This fixes CVE-2012-2942 (Closes: #674447)
+ + This fixes CVE-2013-1912 (Closes: #704611)
+ * Ship vim addon as vim-haproxy (Closes: #702893)
+ * Check for the configuration file after sourcing /etc/default/haproxy
+ (Closes: #641762)
+ * Use /dev/log for logging by default (Closes: #649085)
+
+ [ Vincent Bernat ]
+ * debian/control:
+ + add Vcs-* fields
+ + switch maintenance to Debian HAProxy team. (Closes: #706890)
+ + drop dependency to quilt: 3.0 (quilt) format is in use.
+ * debian/rules:
+ + don't explicitly call dh_installchangelog.
+ + use dh_installdirs to install directories.
+ + use dh_install to install error and configuration files.
+ + switch to `linux2628` Makefile target for Linux.
+ * debian/postrm:
+ + remove haproxy user and group on purge.
+ * Ship a more minimal haproxy.cfg file: no `listen` blocks but `global`
+ and `defaults` block with appropriate configuration to use chroot and
+ logging in the expected way.
+
+ [ Prach Pongpanich ]
+ * debian/copyright:
+ + add missing copyright holders
+ + update years of copyright
+ * debian/rules:
+ + build with -Wl,--as-needed to get rid of unnecessary depends
+ * Remove useless files in debian/haproxy.{docs,examples}
+ * Update debian/watch file, thanks to Bart Martens
+
+ -- Vincent Bernat <bernat@debian.org> Mon, 06 May 2013 20:02:14 +0200
+
+haproxy (1.4.15-1) unstable; urgency=low
+
+ * New upstream release with critical bug fix (Closes: #631351)
+
+ -- Christo Buschek <crito@30loops.net> Thu, 14 Jul 2011 18:17:05 +0200
+
+haproxy (1.4.13-1) unstable; urgency=low
+
+ * New maintainer upload (Closes: #615246)
+ * New upstream release
+ * Standards-version goes 3.9.1 (no change)
+ * Added patch bashism (Closes: #581109)
+ * Added a README.source file.
+
+ -- Christo Buschek <crito@30loops.net> Thu, 11 Mar 2011 12:41:59 +0000
+
+haproxy (1.4.8-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Arnaud Cornet <acornet@debian.org> Fri, 18 Jun 2010 00:42:53 +0100
+
+haproxy (1.4.4-1) unstable; urgency=low
+
+ * New upstream release
+ * Add splice and tproxy support
+ * Add regparm optimization on i386
+ * Switch to dpkg-source 3.0 (quilt) format
+
+ -- Arnaud Cornet <acornet@debian.org> Thu, 15 Apr 2010 20:00:34 +0100
+
+haproxy (1.4.2-1) unstable; urgency=low
+
+ * New upstream release
+ * Remove debian/patches/haproxy.1-hyphen.patch gone upstream
+ * Tighten quilt build dep (Closes: #567087)
+ * standards-version goes 3.8.4 (no change)
+ * Add $remote_fs to init.d script required start and stop
+
+ -- Arnaud Cornet <acornet@debian.org> Sat, 27 Mar 2010 15:19:48 +0000
+
+haproxy (1.3.22-1) unstable; urgency=low
+
+ * New upstream bugfix release
+
+ -- Arnaud Cornet <acornet@debian.org> Mon, 19 Oct 2009 22:31:45 +0100
+
+haproxy (1.3.21-1) unstable; urgency=low
+
+ [ Michael Shuler ]
+ * New Upstream Version (Closes: #538992)
+ * Added override for example shell scripts in docs (Closes: #530096)
+ * Added upstream changelog to docs
+ * Added debian/watch
+ * Updated debian/copyright format
+ * Added haproxy.1-hyphen.patch, to fix hyphen in man page
+ * Upgrade Standards-Version to 3.8.3 (no change needed)
+ * Upgrade debian/compat to 7 (no change needed)
+
+ [ Arnaud Cornet ]
+ * New upstream version.
+ * Merge Michael's work, few changelog fixes
+ * Add debian/README.source to point to quilt doc
+ * Depend on debhelper >= 7.0.50~ and use overrides in debian/rules
+
+ -- Arnaud Cornet <acornet@debian.org> Sun, 18 Oct 2009 14:01:29 +0200
+
+haproxy (1.3.18-1) unstable; urgency=low
+
+ * New Upstream Version (Closes: #534583).
+ * Add contrib directory in docs
+
+ -- Arnaud Cornet <acornet@debian.org> Fri, 26 Jun 2009 00:11:01 +0200
+
+haproxy (1.3.15.7-2) unstable; urgency=low
+
+ * Fix build without debian/patches directory (Closes: #515682) using
+ /usr/share/quilt/quilt.make.
+
+ -- Arnaud Cornet <acornet@debian.org> Tue, 17 Feb 2009 08:55:12 +0100
+
+haproxy (1.3.15.7-1) unstable; urgency=low
+
+ * New Upstream Version.
+ * Remove upstream patches:
+ -use_backend-consider-unless.patch
+ -segfault-url_param+check_post.patch
+ -server-timeout.patch
+ -closed-fd-remove.patch
+ -connection-slot-during-retry.patch
+ -srv_dynamic_maxconn.patch
+ -do-not-pause-backends-on-reload.patch
+ -acl-in-default.patch
+ -cookie-capture-check.patch
+ -dead-servers-queue.patch
+
+ -- Arnaud Cornet <acornet@debian.org> Mon, 16 Feb 2009 11:20:21 +0100
+
+haproxy (1.3.15.2-2~lenny1) testing-proposed-updates; urgency=low
+
+ * Rebuild for lenny to circumvent pcre3 shlibs bump.
+
+ -- Arnaud Cornet <acornet@debian.org> Wed, 14 Jan 2009 11:28:36 +0100
+
+haproxy (1.3.15.2-2) unstable; urgency=low
+
+ * Add stable branch bug fixes from upstream (Closes: #510185).
+ - use_backend-consider-unless.patch: consider "unless" in use_backend
+ - segfault-url_param+check_post.patch: fix segfault with url_param +
+ check_post
+ - server-timeout.patch: consider server timeout in all circumstances
+ - closed-fd-remove.patch: drop info about closed file descriptors
+ - connection-slot-during-retry.patch: do not release the connection slot
+ during a retry
+ - srv_dynamic_maxconn.patch: dynamic connection throttling api fix
+ - do-not-pause-backends-on-reload.patch: make reload reliable
+ - acl-in-default.patch: allow acl-related keywords in defaults sections
+ - cookie-capture-check.patch: cookie capture is declared in the frontend
+ but checked on the backend
+ - dead-servers-queue.patch: make dead servers not suck pending connections
+ * Add quilt build-dependancy. Use quilt in debian/rules to apply
+ patches.
+
+ -- Arnaud Cornet <acornet@debian.org> Wed, 31 Dec 2008 08:50:21 +0100
+
+haproxy (1.3.15.2-1) unstable; urgency=low
+
+ * New Upstream Version (Closes: #497186).
+
+ -- Arnaud Cornet <acornet@debian.org> Sat, 30 Aug 2008 18:06:31 +0200
+
+haproxy (1.3.15.1-1) unstable; urgency=low
+
+ * New Upstream Version
+ * Upgrade standards version to 3.8.0 (no change needed).
+ * Build with TARGET=linux26 on linux, TARGET=generic on other systems.
+
+ -- Arnaud Cornet <acornet@debian.org> Fri, 20 Jun 2008 00:38:50 +0200
+
+haproxy (1.3.14.5-1) unstable; urgency=low
+
+ * New Upstream Version (Closes: #484221)
+ * Use debhelper 7, drop CDBS.
+
+ -- Arnaud Cornet <acornet@debian.org> Wed, 04 Jun 2008 19:21:56 +0200
+
+haproxy (1.3.14.3-1) unstable; urgency=low
+
+ * New Upstream Version
+ * Add status argument support to init-script to conform to LSB.
+ * Cleanup pidfile after stop in init script. Init script return code fixups.
+
+ -- Arnaud Cornet <acornet@debian.org> Sun, 09 Mar 2008 21:30:29 +0100
+
+haproxy (1.3.14.2-3) unstable; urgency=low
+
+ * Add init script support for nbproc > 1 in configuration. That is,
+ multiple haproxy processes.
+ * Use 'option redispatch' instead of redispatch in debian default
+ config.
+
+ -- Arnaud Cornet <acornet@debian.org> Sun, 03 Feb 2008 18:22:28 +0100
+
+haproxy (1.3.14.2-2) unstable; urgency=low
+
+ * Fix init scripts's reload function to use -sf instead of -st (to wait for
+ active session to finish cleanly). Also support dash. Thanks to
+ Jean-Baptiste Quenot for noticing.
+
+ -- Arnaud Cornet <acornet@debian.org> Thu, 24 Jan 2008 23:47:26 +0100
+
+haproxy (1.3.14.2-1) unstable; urgency=low
+
+ * New Upstream Version
+ * Simplify DEB_MAKE_INVOKE, as upstream now supports us overriding
+ CFLAGS.
+ * Move haproxy to usr/sbin.
+
+ -- Arnaud Cornet <acornet@debian.org> Mon, 21 Jan 2008 22:42:51 +0100
+
+haproxy (1.3.14.1-1) unstable; urgency=low
+
+ * New upstream release.
+ * Drop dfsg list and hash code rewrite (merged upstream).
+ * Add a HAPROXY variable in init script.
+ * Drop makefile patch, fix debian/rules accordingly. Drop build-dependancy
+ on quilt.
+ * Manpage now upstream. Ship upstream's and drop ours.
+
+ -- Arnaud Cornet <acornet@debian.org> Tue, 01 Jan 2008 22:50:09 +0100
+
+haproxy (1.3.12.dfsg2-1) unstable; urgency=low
+
+ * New upstream bugfix release.
+ * Use new Homepage tag.
+ * Bump standards-version (no change needed).
+ * Add build-depend on quilt and add patch to allow proper CFLAGS passing to
+ make.
+
+ -- Arnaud Cornet <acornet@debian.org> Tue, 25 Dec 2007 21:52:59 +0100
+
+haproxy (1.3.12.dfsg-1) unstable; urgency=low
+
+ * Initial release (Closes: #416397).
+ * The DFSG removes files with GPL-incompabitle license and adds a
+ re-implementation by me.
+
+ -- Arnaud Cornet <acornet@debian.org> Fri, 17 Aug 2007 09:33:41 +0200