Commit Graph

33 Commits

Author SHA1 Message Date
Vincent Bernat
bf1473f5e0 haproxy: use getaddrinfo() on Linux (#44489)
As per project's README:

> Recent systems can resolve IPv6 host names using getaddrinfo(). This
> primitive is not present in all libcs and does not work in all of
> them either. Support in glibc was broken before 2.3. Some embedded
> libs may not properly work either, thus, support is disabled by
> default, meaning that some host names which only resolve as IPv6
> addresses will not resolve and configs might emit an error during
> parsing. If you know that your OS libc has reliable support for
> getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command
> line to enable it. This is the recommended option for most Linux
> distro packagers since it's working fine on all recent mainstream
> distros. It is automatically enabled on Solaris 8 and above, as it's
> known to work.

Without this option, it is not possible for HAProxy to solve IPv6-only
names. This option is enabled in Debian builds without any notable
adverse effect.
2018-08-05 18:17:27 +02:00
Vincent Bernat
cc1d82196c haproxy: 1.8.9 -> 1.8.13 (#44487)
The patches previously applied have been included upstream. Upstream
changelog (only MAJOR/MEDIUM):

2018/07/30 : 1.8.13
    - BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
    - BUG/MEDIUM: h2: never leave pending data in the output buffer on close
    - BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
    - BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
    - BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
    - BUG/MEDIUM: stats: don't ask for more data as long as we're responding
    - BUG/MEDIUM: threads/sync: use sched_yield when available
    - BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
    - BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
    - BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
    - MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed

2018/06/27 : 1.8.12
    - BUG/MAJOR: stick_table: Complete incomplete SEGV fix

2018/06/26 : 1.8.11
    - BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table

2018/06/22 : 1.8.10
    - BUG/MEDIUM: spoe: Flags are not encoded in network order
    - BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags
    - BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags
    - BUG/MEDIUM: cache: don't cache when an Authorization header is present
    - BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
    - BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
    - BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
    - BUG/MEDIUM: lua/socket: Length required read doesn't work
    - BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
    - BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode
    - BUG/MEDIUM: lua/socket: wrong scheduling for sockets
    - BUG/MAJOR: lua: Dead lock with sockets
    - BUG/MEDIUM: lua/socket: Notification error
    - BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
    - BUG/MEDIUM: lua/socket: Buffer error, may segfault
    - MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
    - BUG/MEDIUM: threads: handle signal queue only in thread 0
    - BUG/MAJOR: map: fix a segfault when using http-request set-map
    - BUG/MAJOR: ssl: Random crash with cipherlist capture
    - BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
    - BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
    - BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
2018-08-05 16:48:22 +02:00
Andreas Rammhold
4c9c4c0a97
haproxy: fix build on darwin 2018-06-08 23:17:44 +02:00
Andreas Rammhold
ea8b37c1c8
haproxy: fix CVE-2018-11469 2018-06-04 22:11:09 +02:00
Andreas Rammhold
6d03390d12
haproxy: 1.8.4 -> 1.8.9
This fixes CVE-2018-10184 a potential remote denial of service in the
http/2 module. The version bump also includes various other changes that
are described in the changelog [1]:

2018/05/18 : 1.8.9
    - BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid()
    - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
    - BUG/MINOR: log: t_idle (%Ti) is not set for some requests
    - BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
    - MINOR: h2: detect presence of CONNECT and/or content-length
    - BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
    - BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread
    - BUG/MINOR: config: disable http-reuse on TCP proxies
    - BUG/MINOR: checks: Fix check->health computation for flapping servers
    - BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
    - BUG/MINOR: lua: Put tasks to sleep when waiting for data
    - DOC/MINOR: clean up LUA documentation re: servers & array/table.
    - BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
    - BUG/MEDIUM: task: Don't free a task that is about to be run.
    - BUG/MINOR: lua: schedule socket task upon lua connect()
    - BUG/MINOR: lua: ensure large proxy IDs can be represented
    - BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
    - BUG/MEDIUM: pollers: Use a global list for fd shared between threads.
    - BUG/MEDIUM: ssl: properly protect SSL cert generation
    - BUG/MINOR: spoe: Mistake in error message about SPOE configuration

2018/04/19 : 1.8.8
    - BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes
    - BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
    - BUG/MINOR: http: Return an error in proxy mode when url2sa fails
    - BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors.
    - BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
    - MINOR: cli: Ensure the CLI always outputs an error when it should
    - DOC: lua: update the links to the config and Lua API
    - BUG/CRITICAL: h2: fix incorrect frame length check

2018/04/07 : 1.8.7
    - BUG/MAJOR: cache: always initialize newly created objects
    - MINOR: servers: Support alphanumeric characters for the server templates names

2018/04/05 : 1.8.6
    - BUG/MINOR: lua: the function returns anything
    - BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
    - BUILD/MINOR: fix build when USE_THREAD is not defined
    - MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
    - MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
    - BUILD/MINOR: cli: fix a build warning introduced by last commit
    - BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
    - CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
    - MINOR: h2: provide and use h2s_detach() and h2s_free()
    - BUG/MAJOR: h2: remove orphaned streams from the send list before closing
    - MINOR: h2: always call h2s_detach() in h2_detach()
    - MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
    - BUG/MEDIUM: h2/threads: never release the task outside of the task handler
    - BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
    - BUILD/MINOR: threads: always export thread_sync_io_handler()
    - BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
    - BUG/MINOR: checks: check the conn_stream's readiness and not the connection
    - BUG/MINOR: email-alert: Set the mailer port during alert initialization
    - BUG/MINOR: cache: fix "show cache" output
    - BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
    - BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
    - BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
    - BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk

2018/03/23 : 1.8.5
    - BUG/MINOR: threads: fix missing thread lock labels for 1.8
    - BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
    - BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
    - BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
    - BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
    - BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
    - BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
    - DOC: lua: new prototype for function "register_action()"
    - DOC: cfgparse: Warn on option (tcp|http)log in backend
    - BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
    - MINOR: debug/pools: make DEBUG_UAF also detect underflows
    - BUG/MINOR: h2: Set the target of dbuf_wait to h2c
    - MINOR: stats: display the number of threads in the statistics.
    - BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
    - BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
    - BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
    - Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')"
    - MINOR: systemd: Add section for SystemD sandboxing to unit file
    - MINOR: systemd: Add SystemD's Protect*= options to the unit file
    - MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
    - MINOR/BUILD: fix Lua build on Mac OS X
    - BUILD/MINOR: fix Lua build on Mac OS X (again)
    - BUG/MINOR: session: Fix tcp-request session failure if handshake.
    - CLEANUP: .gitignore: Ignore binaries from the contrib directory
    - BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
    - BUG/MEDIUM: h2: also arm the h2 timeout when sending
    - BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
    - CLEANUP: ssl: Remove a duplicated #include
    - CLEANUP: cli: Remove a leftover debug message
    - BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
    - BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
    - BUG/MINOR: force-persist and ignore-persist only apply to backends
    - BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
    - BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
    - BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
    - BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
    - BUG/MINOR: seemless reload: Fix crash when an interface is specified.
    - BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
    - BUILD: ssl: Fix build with OpenSSL without NPN capability
    - BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
    - BUG/MINOR: lua: return bad error messages
    - BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
    - BUG/MINOR: tcp-check: use the server's service port as a fallback
    - BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
    - MINOR: log: stop emitting alerts when it's not possible to write on the socket
    - BUILD/BUG: enable -fno-strict-overflow by default
    - DOC: log: more than 2 log servers are allowed
    - DOC: don't suggest using http-server-close
    - BUG/MEDIUM: h2: properly account for DATA padding in flow control
    - BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
    - BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected

[1] https://www.haproxy.org/download/1.8/src/CHANGELOG
2018-06-04 22:10:49 +02:00
Ryan Mulligan
f03c5eb88a haproxy: 1.7.9 -> 1.8.4
Semi-automatic update. These checks were done:

- built on NixOS
- ran `/nix/store/vh158gs5y12g1rdd1dhbd1ng2mz1761s-haproxy-1.8.4/bin/haproxy -v` and found version 1.8.4
- found 1.8.4 with grep in /nix/store/vh158gs5y12g1rdd1dhbd1ng2mz1761s-haproxy-1.8.4
- found 1.8.4 in filename of file in /nix/store/vh158gs5y12g1rdd1dhbd1ng2mz1761s-haproxy-1.8.4
2018-03-05 00:00:18 +00:00
Ryan Mulligan
1f7fdf6fef haproxy: use lib.versions.majorMinor 2018-03-04 06:28:45 -08:00
Thomas Bach
d34386792d haproxy: 1.7.8 -> 1.7.9 2017-09-09 17:53:20 +08:00
Thomas Bach
fd84128595 haproxy: haproxy.org is now accessible via https 2017-09-09 17:52:37 +08:00
Will Dietz
269976c45a haproxy: 1.7.3 -> 1.7.8 2017-07-24 13:44:53 -05:00
Thomas Bach
ea80cd1f11 haproxy: added fuzzy-id to the list of maintainers 2017-03-29 12:27:50 +02:00
Thomas Bach
45788aeebe haproxy: Provide LUA and PCRE support as configurable options
Both are enabled by default. Except for LUA on Darwin where
compilation fails. (See #23901.)
2017-03-29 12:23:05 +02:00
Thomas Bach
e58e681d9f haproxy: refactor
`preConfigure` line became too long to edit comfortably. Split up
flags into ones necessary during both build and install phase and
install phase only. Makefile defines a target for OS X/Darwin which
automatically sets the `KQUEUE` flag.
2017-03-27 09:54:31 +02:00
Thomas Bach
36bb283941 haproxy: 1.7.2 -> 1.7.3 2017-03-13 23:17:03 +01:00
Patrick Mahoney
ce03c08567 haproxy: build on darwin 2017-03-07 11:50:45 -06:00
Pradeep Chhetri
04b986cd2d haproxy: 1.6.6 -> 1.7.2 2017-01-26 14:07:51 +05:30
Franz Pletz
b8ecb949e6 haproxy: 1.6.5 -> 1.6.6 (security)
Fixes at least CVE-2016-5360.
2016-07-10 10:46:22 +02:00
Franz Pletz
85d0570d14 haproxy: 1.6.4 -> 1.6.5 2016-06-27 00:11:16 +02:00
Teo Klestrup Röijezon
ab29cfefab haproxy: 1.5.14 -> 1.6.4 2016-03-17 16:04:03 +01:00
Danny Wilson
2c80e12e96 Add support for gzip compression 2015-11-16 17:20:14 +01:00
Danny Wilson
bb3d083d63 Fix hardcoded target platform. 2015-11-16 17:20:13 +01:00
Pascal Wittmann
0723117f4c haproxy: update from 1.5.11 to 1.5.14, fixes CVE-2015-3281 2015-07-09 20:21:24 +02:00
Remy Goldschmidt
ab2cb85930 Fixed case in HAProxy nix expr 2015-03-26 16:21:15 -04:00
Remy Goldschmidt
eb54c42ffa Clean up HAProxy nix expression 2015-03-26 16:19:55 -04:00
Remy Goldschmidt
f6d223c773 Add SSL support to HAProxy 2015-03-26 16:19:54 -04:00
Benjamin Staffin
2efd1a4700 haproxy: update to 1.5.11
Change-Id: I6f5d8d62084da89c22e99df2a99b4608ba95f874
2015-02-17 19:57:17 -08:00
Rok Garbas
33e9c4e35f haproxt: update 1.4.25 2014-06-01 14:40:37 +01:00
Domen Kozar
059e8e179b set all licenses to be attributes (and wait for Nix 1.7) 2014-03-12 21:20:43 +01:00
Rok Garbas
562b453b93 nixos: haproxy module 2013-10-29 15:55:25 +01:00
Bjørn Forsman
083d0890f5 More description fixes
* Remove package name
* Start with upper case letter
* Remove trailing period

Also reword some descriptions and move some long descriptions to
longDescription.

I'm not touching generated packages.
2013-10-06 12:01:38 +02:00
Eelco Dolstra
80213cbb05 meta.license is a list of strings (not attribute sets)
http://hydra.nixos.org/build/5453648
2013-07-03 12:41:27 +02:00
Rok Garbas
bf540904de haproxy: update to 1.4.24 (set platform to linux, for now) 2013-07-03 03:36:15 +02:00
Rob Vermaas
1e7dc29a98 add haproxy
svn path=/nixpkgs/trunk/; revision=34165
2012-05-18 07:50:10 +00:00