DESCR:
This is the Python 'netsnmp' extension module. The 'netsnmp' module
provides a full featured, tri-lingual SNMP (SNMPv3, SNMPv2c,
SNMPv1) client API. The 'netsnmp' module internals rely on the
Net-SNMP toolkit library.
- The following vulnerabilities have been fixed.
* wnpa-sec-2014-08
The Catapult DCT2000 and IrDA dissectors could underrun a
buffer.
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-09
The GSM Management dissector could crash. (Bug 10216)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-10
The RLC dissector could crash. (Bug 9795)
Versions affected: 1.10.0 to 1.10.8
* wnpa-sec-2014-11
The ASN.1 BER dissector could crash. (Bug 10187)
Versions affected: 1.10.0 to 1.10.8
- The following bugs have been fixed:
* GSM MAP: ensure that p2p_dir is always initialized before
calling GSM SMS dissector (Bug 10234)
* BFCP: include padding length in calculation of correct
attribute length (Bug 10240)
* GTP: allow empty Data Record Packet IE (Bug 10277)
* WebSocket: increase max unmask payload size to 256K and
indicate that packet is truncated is going above the new
limit (Bug 10283)
when it's defined otherwise than a separate file with a matching
name. When committing to the NetBSD wiki, I'm seeing RPC::XML errors
that suggest otherwise ("Can't locate RPC/XML/datatype.pm" and so on).
I don't know why we're having this problem on wiki.n.o and I haven't
managed to reproduce it elsewhere, but it sure looks fixed after
switching to `use parent -norequire`. `use parent` seems to be
generally preferred usage anyway.
Bump PKGREVISION.
* lib/RPC/XML.pm
A patch to loop detection in smart_encode from Dag-Erling
Smørgrav. Some other minor bits.
* lib/RPC/XML/Procedure.pm
RT #83108: Fixed a spelling error. Some other fixes, too.
* lib/RPC/XML.pm
RT #86187: Force key-ordering in struct as_string and
serialize. Was getting some intermittent bug reports of
failures in t/15_serialize.t that amounted to the keys in a
fault struct not being in consistent order.
* lib/RPC/XML.pm
* t/15_serialize.t
Undo the previous change and fix the test. The previous change
didn't feel right, so this rolls it back and fixes the problem
at the level of the test, instead.
* Makefile.PL
* lib/RPC/XML.pm
* lib/RPC/XML/Client.pm
* lib/RPC/XML/Server.pm
Replace direct evals for loading optional modules with
Module::Load. Required adding this to Makefile.PL because
Module::Load is not core in 5.8.8. Also did some slight doc
tweaking.
* lib/RPC/XML.pm
* lib/RPC/XML/Client.pm
Merge pull request #5 from alexrj/utf8-encode. Use
utf8::encode() instead of utf8::downgrade().
* lib/RPC/XML.pm
* lib/RPC/XML/Client.pm
* lib/RPC/XML/Server.pm
Finish the uft8 encode vs. downgrade change from the previous
commit. Changed in places that were overlooked, and adjusted
the version number in all three modules.
* lib/RPC/XML.pm
* lib/RPC/XML/Parser/XMLLibXML.pm
Merge pull request #6 from dctabuyz/master. Added 'no_blanks'
libxml option to skip blank XML::LibXML::Text nodes.
* lib/RPC/XML/Server.pm
Merge pull request #7 from kvar/master. Initialize $do_compress
in RPC::XML::Server between requests.
* lib/RPC/XML.pm
* lib/RPC/XML/Parser/XMLLibXML.pm
* lib/RPC/XML/Server.pm
Bump version numbers on modules changed in github pulls.
* t/15_serialize.t
Fix a test failure on Windows.
* lib/RPC/XML.pm
RT #70408: Fix spelling error in man page, reported by Debian
group.
* t/90_rt54183_sigpipe.t
Fix to handle cases where server creation fails. Now skips the
tests rather than dying.
* lib/RPC/XML/Client.pm
RT #67486: Add port to Host header in client requests.
* lib/RPC/XML/Server.pm
RT #65341: Added "use" of forgotten library File::Temp. This
was causing failure when "message_file_thresh" kicked in.
* t/10_data.t
RT #78602: Changed 64-bit test from use64bitint to longsize. On
some systems (such as OS X), use64bitint can be true even when
in 32-bit mode.
* t/21_xml_libxml.t
Fix from Christian Walde, skip passed test on Windows.
* lib/RPC/XML/Server.pm
* t/40_server.t
Checkpoint refactoring and additional tests. Work is not
complete here, but the Net::Server changes demand immediate
attention
* t/20_xml_parser.t
RT #72780: Check for a possible parser failure. One instance of
XML::Parser failing to parse the extern entities test. Cannot
reproduce, so wrap it in a "skip" block for now.
* lib/RPC/XML/Procedure.pm
* t/30_method.t
RT #71452: Correct handling of dateTime parameters. Existing
code in lib/RPC/XML/Procedure.pm did not properly handle
parameters of the dateTime.iso8601 type. Also, there were no
tests for these.
* MANIFEST
* t/30_method.t (deleted)
* t/30_proceudre.t (added)
Renamed t/30_method.t to t/30_procedure.t.
* lib/RPC/XML/Server.pm
RT #77992: Make RPC::XML::Server work with Net::Server again,
after the API changes of Net::Server 2.x.
* Correct DHCPv6 Prefix Delegation option decoding
* Ensure that a given buffer is at least BUFSIZ (for getline compat)
* Poll interfaces on BSD for IFF_RUNNING if link state cannot be obtained
* Check for an IA to use in DHCPv6 lease validation
* Fix compile on NetBSD-6 (and possibly earlier NetBSDs)
* Warn about exceeding IDGEN_RETRIES when a stable private address cannot
be obtained
* Fix DHCP option overload handling, thanks to Tobias Stoeckmann
Changes in version 0.2.4.23 - 2014-07-28
Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
guard rotation, and also backports several important fixes from the
Tor 0.2.5 alpha release series.
o Major features:
- Clients now look at the "usecreatefast" consensus parameter to
decide whether to use CREATE_FAST or CREATE cells for the first hop
of their circuit. This approach can improve security on connections
where Tor's circuit handshake is stronger than the available TLS
connection security levels, but the tradeoff is more computational
load on guard relays. Implements proposal 221. Resolves ticket 9386.
- Make the number of entry guards configurable via a new
NumEntryGuards consensus parameter, and the number of directory
guards configurable via a new NumDirectoryGuards consensus
parameter. Implements ticket 12688.
o Major bugfixes:
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
implementation that caused incorrect results on 32-bit
implementations when certain malformed inputs were used along with
a small class of private ntor keys. This bug does not currently
appear to allow an attacker to learn private keys or impersonate a
Tor server, but it could provide a means to distinguish 32-bit Tor
implementations from 64-bit Tor implementations. Fixes bug 12694;
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
Adam Langley.
o Minor bugfixes:
- Warn and drop the circuit if we receive an inbound 'relay early'
cell. Those used to be normal to receive on hidden service circuits
due to bug 1038, but the buggy Tor versions are long gone from
the network so we can afford to resume watching for them. Resolves
the rest of bug 1038; bugfix on 0.2.1.19.
- Correct a confusing error message when trying to extend a circuit
via the control protocol but we don't know a descriptor or
microdescriptor for one of the specified relays. Fixes bug 12718;
bugfix on 0.2.3.1-alpha.
- Avoid an illegal read from stack when initializing the TLS
module using a version of OpenSSL without all of the ciphers
used by the v2 link handshake. Fixes bug 12227; bugfix on
0.2.4.8-alpha. Found by "starlight".
o Minor features:
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
Country database.
Upstream changes:
Version 0.81 (2013-04-08)
* Correct reverseName() for IPv6 addresses, so IP('::1').reverseName() returns correct.
* Add network mask awareness to v46map()
* Fix Python 3 errors in IPSet class
* Make IPSet base class be object when MutableSet isn't available, fixing
errors in Python 2.5
Version 0.80 (2013-03-26)
------------
* Drop support of Python older than 2.4
* Python 3 does not need 2to3 conversion anymore (same code base)
* Fix adding of non-adjacent networks:
192.168.0.0/24 + 192.168.255.0/24 made 192.168.0.0/23
* Fix adding networks that don't create a valid subnet:
192.168.1.0/24 + 192.168.2.0/24 made 192.168.1.0/23
* Fix adding with an IPv6 address where .int() was < 32 bits made IPy believe it
was an IPv4 address:
::ffff:0/112 + ::1:0:0/112 made 255.255.0.0/111
* Add support of IPSets
* Add support for subtracting a network range
* Prevent IPv4 and IPv6 ranges from saying they contain each other
* Add a .v46map() method to convert mapped address ranges
such as IP('::ffff:192.168.1.1'); RFC 4291
* Change sort order to more natural:
IPv4 before IPv6; less-specific prefixes first (/0 before /32)
Version 0.76 (2013-03-19)
-------------------------
* ip == other and ip != other doesn't fail with an exception anymore if other
is not a IP object
* Add IP.get_mac() method: get the 802.3 MAC address from IPv6 RFC 2464
address.
* Fix IP('::/0')[0]: return an IPv6 instead of an IPv4 address
2014/07/25 : 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy
v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
Some parts are ported to python-3, but most parts not, so leave
it disabled for now.
Twisted Core 14.0.0 (2014-05-08)
================================
Features
--------
- twisted.internet.interfaces.IUDPTransport - and that interface's
implementations in Twisted - now supports enabling broadcasting.
(#454)
- trial's TestCase will now report a test method as an error if that
test method is a generator function, preventing an issue when a
user forgets to decorate a test method with defer.inlineCallbacks,
causing the test method to not run. (#3917)
- twisted.positioning, a new API for positioning systems such as GPS,
has been added. It comes with an implementation of NMEA, the most
common wire protocol for GPS devices. It will supersede
twisted.protoocols.gps. (#3926)
- The new interface twisted.internet.interfaces.IStreamClientEndpoint
StringParserWithReactor will supply the reactor to its
parseStreamClient method, passed along from
twisted.internet.endpoints.clientFromString. (#5069)
- IReactorUDP.listenUDP, IUDPTransport.write and
IUDPTransport.connect now accept ipv6 address literals. (#5086)
- A new API, twisted.internet.ssl.optionsForClientTLS, allows clients
to specify and verify the identity of the peer they're communicating
with. When used with the service_identity library from PyPI, this
provides support for service identity verification from RFC 6125, as
well as server name indication from RFC 6066. (#5190)
- Twisted's TLS support now provides a way to ask for user-configured
trust roots rather than having to manually configure such
certificate authority certificates yourself.
twisted.internet.ssl.CertificateOptions now accepts a new argument,
trustRoot, which combines verification flags and trust sources, as
well as a new function that provides a value for that argument,
twisted.internet.ssl.platformTrust, which allows using the trusted
platform certificate authorities from OpenSSL for certificate
verification. (#5446)
- Constants are now comparable/orderable based on the order in which
they are defined. (#6523)
- "setup.py install" and "pip install" now work on Python 3.3,
installing the subset of Twisted that has been ported to Python 3.
(#6539)
- twisted.internet.ssl.CertificateOptions now supports ECDHE for
servers by default on pyOpenSSL 0.14 and later, if the underlying
versions of cryptography.io and OpenSSL support it. (#6586)
- twisted.internet.ssl.CertificateOptions now allows the user to set
acceptable ciphers and uses secure ones by default. (#6663)
- The Deferred returned by
twisted.internet.defer.DeferredFilesystemLock.deferUntilLocked can
now be cancelled. (#6720)
- twisted.internet.ssl.CertificateOptions now enables TLSv1.1 and
TLSv1.2 by default (in addition to TLSv1.0) if the underlying
version of OpenSSL supports these protocol versions. (#6772)
- twisted.internet.ssl.CertificateOptions now supports Diffie-Hellman
key exchange. (#6799)
- twisted.internet.ssl.CertificateOptions now disables TLS
compression to avoid CRIME attacks and, for servers, uses server
preference to choose the cipher. (#6801)
- SSL server endpoint string descriptions now support the
specification of Diffie-Hellman key exchange parameter files.
(#6924)
- twisted.python.reflect.requireModule was added to handle
conditional imports of python modules and work around pyflakes
warnings of unused imports code. (#7014)
Bugfixes
--------
- If a ProcessProtocol.processExited method raised an exception a
broken process handler would be left in the global process state
leading to errors later on. This has been fixed and now an error
will be logged instead. (#5151)
- Twisted now builds on Solaris. Note that lacking a Buildbot slave
(see http://buildbot.twistedmatrix.com/boxes-supported) Solaris is
not a supported Twisted platform. (#5728)
- twisted.internet.utils is now correctly installed on Python 3.
(#6929)
- twisted.python.threadpool.ThreadPool no longer starts new workers
when its pool size is changed while the pool is not running.
(#7011)
Improved Documentation
----------------------
- Twisted now uses the Sphinx documentation generator for its
narrative documentation, which means that the source format for
narrative documentation has been converted to ReStructuredText.
(#4500)
- The Sphinx documentation is now also configured to allow
intersphinx links to standard library documentation. (#4582)
- The docstring for twisted.internet.task.react now better documents
the main parameter (#6071)
- The writing standard now explicitly mandates the usage of
ungendered pronouns. (#6858)
Deprecations and Removals
-------------------------
- test_import.py was removed as it was redundant. (#2053)
- Support for versions of pyOpenSSL older than 0.10 has been removed.
Affected users should upgrade pyOpenSSL. (#5014)
- twisted.internet.interfaces.IStreamClientEndpointStringParser is
now deprecated in favor of twisted.internet.interfaces.IStreamClien
tEndpointStringParserWithReactor. (#5069)
- unsignedID and setIDFunction, previously part of
twisted.python.util and deprecated since 13.0, have now been
removed. (#6707)
- FTPClient.changeDirectory was deprecated in 8.2 and is now removed.
(#6759)
- twisted.internet.stdio.StandardIO.closeStdin, an alias for
loseWriteConnection only available on POSIX and deprecated since
2.1, has been removed. (#6785)
- twisted.python.reflect.getcurrent is now deprecated and must not be
used. twisted.python.reflect.isinst is now deprecated in favor of
the built-in isinstance. (#6859)
Other
-----
- #1822, #5929, #6239, #6537, #6565, #6614, #6632, #6690, #6784,
#6792, #6795, #6821, #6843, #6846, #6854, #6856, #6857, #6872,
#6892, #6902, #6906, #6922, #6926, #6936, #6941, #6942, #6943,
#6944, #6945, #6946, #6948, #6979, #7001, #7049, #7051, #7094,
#7098
Twisted Conch 14.0.0 (2014-05-08)
=================================
Improved Documentation
----------------------
- The docstring for twisted.conch.ssh.userauth.SSHUserAuthClient is
now clearer on how the preferredOrder instance variable is handled.
(#6850)
Other
-----
- #6696, #6807, #7054
Twisted Lore 14.0.0 (2014-05-08)
================================
Deprecations and Removals
-------------------------
- twisted.lore is now deprecated in favor of Sphinx. (#6907)
Other
-----
- #6998
Twisted Mail 14.0.0 (2014-05-08)
================================
Improved Documentation
----------------------
- twisted.mail.alias now has full API documentation. (#6637)
- twisted.mail.tap now has full API documentation. (#6648)
- twisted.mail.maildir now has full API documentation. (#6651)
- twisted.mail.pop3client now has full API documentation. (#6653)
- twisted.mail.protocols now has full API documentation. (#6654)
- twisted.mail.pop now has full API documentation. (#6666)
- twisted.mail.relay and twisted.mail.relaymanager now have full API
documentation. (#6739)
- twisted.mail.pop3client public classes now appear as part of the
twisted.mail.pop3 API. (#6761)
Other
-----
- #6696
Twisted Names 14.0.0 (2014-05-08)
=================================
Features
--------
- twisted.names.root.Resolver now accepts a resolverFactory argument,
which makes it possible to control how root.Resolver performs
iterative queries to authoritative nameservers. (#6095)
- twisted.names.dns.Message now has a repr method which shows only
those instance flags, fields and sections which are set to non-
default values. (#6847)
- twisted.names.dns.Message now support rich comparison. (#6848)
Bugfixes
--------
- twisted.names.server.DNSServerFactory now responds with messages
whose flags and fields are reset to their default values instead of
copying these from the request. This means that AD and CD flags,
and EDNS OPT records in the request are no longer mirrored back to
the client. (#6645)
Improved Documentation
----------------------
- twisted.names now has narrative documentation showing how to create
a custom DNS server. (#6864)
- twisted.names.server now has full API documentation. (#6886)
- twisted.names now has narrative documentation explaining how to use
its client APIs. (#6925)
- twisted.names now has narrative documentation and examples showing
how to perform reverse DNS lookups. (#6969)
Other
-----
- #5675, #6222, #6672, #6696, #6887, #6940, #6975, #6990
Twisted News 14.0.0 (2014-05-08)
================================
No significant changes have been made for this release.
Other
-----
- #6991
Twisted Pair 14.0.0 (2014-05-08)
================================
Features
--------
- twisted.pair.tuntap now has complete test coverage, basic
documentation, and works without the difficult-to-find system
bindings it used to require. (#6169)
Other
-----
- #6898, #6931, #6993
Twisted Runner 14.0.0 (2014-05-08)
==================================
No significant changes have been made for this release.
Other
-----
- #6992
Twisted Web 14.0.0 (2014-05-08)
===============================
Features
--------
- twisted.web.http.proxiedLogFormatter can now be used with
twisted.web.http.HTTPFactory (and subclasses) to record X
-Forwarded-For values to the access log when the HTTP server is
deployed behind a reverse proxy. (#1468)
- twisted.web.client.Agent now uses
twisted.internet.ssl.CertificateOptions for SSL/TLS and benefits
from its continuous improvements. (#6893)
Bugfixes
--------
- twisted.web.client.Agent now correctly manage flow-control on
pooled connections, and therefore requests will no longer hang
sometimes when deliverBody is not called synchronously within the
callback on Request. (#6751)
- twisted.web.client.Agent now verifies that the provided server
certificate in a TLS connection is trusted by the platform. (#7042)
- When requesting an HTTPS URL with twisted.web.client.Agent, the
hostname of the presented certificate will be checked against the
requested hostname; mismatches will now result in an error rather
than a man-in-the-middle opportunity for attackers. This may break
existing code that incorrectly depended on insecure behavior, but
such code was erroneous and should be updated. (#4888)
Other
-----
- #5004, #6881, #6956
Twisted Words 14.0.0 (2014-05-08)
=================================
Bugfixes
--------
- twisted.words.protocols.jabber.sasl_mechansisms.DigestMD5 now works
with unicode arguments. (#5066)
Other
-----
- #6696
NEWS for rsync 3.1.1 (22 Jun 2014)
Protocol: 31 (unchanged)
Changes since 3.1.0:
BUG FIXES:
- If the receiver gets bogus filenames from the sender (an unexpected
leading slash or a ".." infix dir), exit with an error. This prevents a
malicious sender from trying to inject filenames that would affect an
area outside the destination directories.
- Fixed a failure to remove the partial-transfer temp file when interrupted
(and rsync is not saving the partial files).
- Changed the chown/group/xattr-set order to avoid losing some security-
related xattr info (that would get cleared by a chown).
- Fixed a bug in the xattr-finding code that could make a non-root-run
receiver not able to find some xattr numbers.
- Fixed a bug in the early daemon protocol where a timeout failed to be
honored (e.g. if the remote side fails to send us the initial protocol
greeting).
- Fixed unintended inclusion of commas in file numbers in the daemon log.
- We once again send the 'f' sub-flag (of -e) to the server side so it
knows that we can handle incremental-recursion directory errors properly
in older protocols.
- Fixed an issue with too-aggressive keep-alive messages causing a problem
for older rsync versions early in the transfer.
- Fixed an incorrect message about backup-directory-creation when using
--dry-run and the backup dir is not an absolute path.
- Fixed a bug where a failed deletion and/or a failed sender-side removal
would not affect the exit code.
- Fixed a bug that caused a failure when combining --delete-missing-args
with --xattrs and/or --acls.
- Fixed a strange dir_depth assertion error that was caused by empty-dir
removals and/or duplicate files in the transfer.
- Fixed a problem with --info=progress2's output stats where rsync would
only update the stats at the end of each file's transfer. It now uses
the data that is flowing for the current file, making the stats more
accurate and less jumpy.
- Fixed an itemize bug that affected the combo of --link-dest, -X, and -n.
- Fixed a problem with delete messages not appearing in the log file when
the user didn't use --verbose.
- Improve chunked xattr reading for OS X.
- Removed an attempted hard-link xattr optimization that was causing a
transfer failure. This removal is flagged in the compatibility code, so
if a better fix can be discovered, we have a way to flip it on again.
- Fixed a bug when the receiver is not configured to be able to hard link
symlimks/devices/special-file items but the sender sent some of these
items flagged as hard-linked.
- We now generate a better error if the buffer overflows in do_mknod().
- Fixed a problem reading more than 16 ACLs on some OSes.
- Fixed the reading of the secrets file to avoid an infinite wait when
the username is missing.
- Fixed a parsing problem in the --usermap/--groupmap options when using
MIN-MAX numbers.
- Switched Cygwin back to using socketpair "pipes" to try to speed it up.
- Added knowledge of a few new options to rrsync.
ENHANCEMENTS:
- Tweaked the temp-file naming when --temp-dir=DIR is used: the temp-file
names will not get a '.' prepended.
- Added support for a new-compression idiom that does not compress all the
matching data in a transfer. This can help rsync to use less cpu when a
transfer has a lot of matching data, and also makes rsync compatible with
a non-bundled zlib. See the --new-compress and --old-compress options in
the manpage.
- Added the support/rsync-no-vanished wrapper script.
- Made configure more prominently mention when we failed to find yodl (in
case the user wants to be able to generate manpages from *.yo files).
- Have manpage mention how a daemon's max-verbosity setting affects info
and debug options. Also added more clarification on backslash removals
for excludes that contain wildcards.
- Have configure check if for the attr lib (for getxattr) for those systems
that need to link against it explicitly.
- Change the early dir-creation logic to only use that idiom in an
inc-recursive copy that is preserving directory times. e.g. using
--omit-dir-times will avoid these early directories being created.
- Fix a bug in cmp_time() that would return a wrong result if the 2 times
differed by an amount greater than what a time_t can hold.
DEVELOPER RELATED:
- We now include an example systemd file (in packaging/systemd).
- Tweaked configure to make sure that any intended use of the included popt
and/or zlib code is put early in the CFLAGS.
The most important change in this release is that TLS version negotiation is no longer used unless it's explicitly turned on in the configuration files, thus reverting back to the 2.3.2 behaviour as interoperability issues were encountered in 2.3.3. Other notable changes include addition of SSL library version reporting, fixing of SOCKSv5 authentication logic and making serial env exporting consistent between OpenSSL and PolarSSL. This release also contains a number of other bug fixes and small enhancements.
mk/krb5.buildlink3.mk.
It prevent link libcrypt twice with PREFER_PKGSRC=openssl.
Fix was provided Chuck Silvers via private e-mail about two weeks ago and
I've confirmed the problem.
Bump PKGREVISION.
Upstream changes:
2.1.0
Changelog:
* New feature: Filter::matches() can do simple filtering on entry sets (supported: equals, contain, begin, end, any; NOT, AND, OR. Filtering is simple based on regexp, no schema checks and matchRules yet!)
* Fixed minor bugs in Filter, LDAP and Entry class
* Util::split_attribute_string(): Added support for extended match operators from filters
* Util::split_attribute_string(): Added support for delimeter retrieval
======
- Fixed remaining bug in ``maybe_declare`` for ``auto_delete`` exchanges.
- MongoDB: Creating a channel now properly evaluates a connection (Issue #363).
3.0.20
======
- Reverts change in 3.0.17 where ``maybe_declare`` caches the declaration
of auto_delete queues and exchanges.
- Redis: Fixed race condition when using gevent and the channel is closed.
1.5.2
-----
Two extra important issues were discovered since 1.5.1 which were fixed
in 1.5.2. The first one can cause some sample fetch combinations to fail
together in a same expression, and one artificial case (but totally
useless) may even crash the process. The second one is an incomplete
fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
algorithms and http-send-name-header may fail if a request contains
a body which starts to be forwarded before the contents are used.
A few other bugs were fixed, and the max syslog line length is now
configurable per logger.
1.5.1
-----
Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
one which can cause some file descriptor leak when dealing with clients
which disappear from the net, resulting in the impossibility to accept
new connections after some time.
1.5.0
-----
1.5 expands 1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
keep-alive for better support of NTLM and improved efficiency in
static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
PROXY protocol versions 1 and 2 on both sides, data sampling on
everything in request or response, including payload, ACLs can use
any matching method with any input sample maps and dynamic ACLs
updatable from the CLI stick-tables support counters to track
activity on any input sample custom format for logs, unique-id,
header rewriting, and redirects, improved health checks (SSL,
scripted TCP, check agent, ...), much more scalable configuration
supports hundreds of thousands of backends and certificates without
sweating.
Full changelog for the 1.5 branch:
http://www.haproxy.org/download/1.5/src/CHANGELOG
* If just given a domain and no search list, make the search list the domain
* Skip arpping directives if we have a profile but not parsing one
* Allow the request of a DHCPv6 address or prefix, a prefix length must be
specified
* Add the ability to dump DHCPv6 leases
* Improve startup with regards to carrier checking and adding a link-local
IPv6 address
* Start the correct interface reference for added devices
* Support
http://datatracker.ietf.org/doc/draft-ietf-dhc-dhcpv6-stateful-issues-06
via the ia_pd_mix option
* Fix link handling where kernel reported flags in LINK_UP may not be
valid when we actually process them
* Fix defining new options in dhcpcd.conf and requesting them
* Fix a potential segfault when reloading configurations
* Print user defined options via -V
* Add support for RFC6603, Prefix Exclude option
* When requesting a IA_PD and another IA type, create a psuedo interface
to handle the IA_PD
* Handle truncated DHCPv6 saved leases
