From 8159ab997f80de0e34a8cb013577eb378dbc3d95f15090aff43c4de3b675c706 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 15 Nov 2024 14:59:32 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main haproxy revision 6569468ff9d6aaaf031f1f077c5a6039 --- _service | 2 +- _servicedata | 2 +- haproxy-3.0.4+git0.7a59afa93.tar.gz | 3 - haproxy-3.0.6+git0.c2c009086.tar.gz | 3 + haproxy.changes | 172 ++++++++++++++++++++++++++++ haproxy.spec | 2 +- 6 files changed, 178 insertions(+), 6 deletions(-) delete mode 100644 haproxy-3.0.4+git0.7a59afa93.tar.gz create mode 100644 haproxy-3.0.6+git0.c2c009086.tar.gz diff --git a/_service b/_service index cd5b4e6..d75eea2 100644 --- a/_service +++ b/_service @@ -6,7 +6,7 @@ @PARENT_TAG@+git@TAG_OFFSET@.%h v(.*) \1 - v3.0.4 + v3.0.6 enable diff --git a/_servicedata b/_servicedata index 5267e6c..9f8e5b3 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ http://git.haproxy.org/git/haproxy-3.0.git/ - 7a59afa93ba909a8219307e62f88f81abe7615ef + c2c009086d300d0f86b1274e0b9ba7cb798f3e1d \ No newline at end of file diff --git a/haproxy-3.0.4+git0.7a59afa93.tar.gz b/haproxy-3.0.4+git0.7a59afa93.tar.gz deleted file mode 100644 index 66871ab..0000000 --- a/haproxy-3.0.4+git0.7a59afa93.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34d7ba5f03b2b7f75aec659c77a75717a5f7535bb2ae70ac18c9142adb9481e1 -size 4831532 diff --git a/haproxy-3.0.6+git0.c2c009086.tar.gz b/haproxy-3.0.6+git0.c2c009086.tar.gz new file mode 100644 index 0000000..a341904 --- /dev/null +++ b/haproxy-3.0.6+git0.c2c009086.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e7db7543b2d1e6c1743a64d2b62621bf9d838a3e33cb24d548f0aad79566898a +size 4853017 diff --git a/haproxy.changes b/haproxy.changes index 84d4d6a..9ea920d 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,175 @@ +------------------------------------------------------------------- +Thu Nov 07 18:40:53 UTC 2024 - mrueckert@suse.de + +- Update to version 3.0.6+git0.c2c009086: + * [RELEASE] Released version 3.0.6 + * MINOR: debug: move the "recover now" warn message after the optional notes + * BUILD: Missing inclusion header for ssize_t type + * BUILD: debug: also declare strlen() in __ABORT_NOW() + * DEBUG: wdt: add a stats counter "BlockedTrafficWarnings" in show info + * DEBUG: wdt: make the blocked traffic warning delay configurable + * DEBUG: cli: make it possible for "debug dev loop" to trigger warnings + * DEBUG: wdt: better detect apparently locked up threads and warn about them + * MINOR: debug: add a function to dump a stuck thread + * MINOR: wdt: move the local timers to a struct + * MINOR: debug: remove the redundant process.thread_info array from post_mortem + * MINOR: debug: also add fdtab and acitvity to struct post_mortem + * MINOR: debug: also add a pointer to struct global to post_mortem + * MINOR: debug: do not limit backtraces to stuck threads + * MINOR: debug: print gdb hints when crashing + * MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name + * MINOR: rawsock: set connection error codes when returning from recv/send/splice + * MINOR: connection: add more connection error codes to cover common errno + * BUG/MINOR: stats: Fix the name for the total number of streams created + * MINOR: stream/stats: Expose the total number of streams ever created in stats + * MINOR: stream/stats: Expose the current number of streams in stats + * MINOR: cli/debug: show dev: add cmdline and version + * BUG/MINOR: quic: fix malformed probing packet building + * CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry + * DOC: config: document connection error 44 (reverse connect failure) + * BUG/MEDIUM: promex: Fix dump of extra counters + * MINOR: stream: Save last evaluated rule on invalid yield + * BUG/MINOR: http-ana: Report internal error if an action yields on a final eval + * BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections + * DOC: config: add missing glitch_{cnt,rate} sample definitions + * DOC: config: add missing glitch_{cnt,rate} data types + * BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly + * BUG/MINOR: trace: stop rewriting argv with -dt + * MINOR: cli: remove non-printable characters from 'debug dev fd' + * MINOR: debug: store important pointers in post_mortem + * MINOR: debug: place the post_mortem struct in its own section. + * MINOR: debug: place a magic pattern at the beginning of post_mortem + * MINOR: pools: export the pools variable + * BUILD: debug: silence a build warning with threads disabled + * BUG/MEDIUM: server: fix race on servers_list during server deletion + * BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side + * BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding + * BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error + * BUG/MINOR: server: fix dynamic server leak with check on failed init + * MINOR: activity/memprofile: show per-DSO stats + * MINOR: activity/memprofile: always return "other" bin on NULL return address + * BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families + * BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF + * BUG/MEDIUM: stats-html: Never dump more data than expected during 0-copy FF + * BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent + * BUG/MINOR: mworker: fix mworker-max-reloads parser + * DOC: config: fix rfc7239 forwarded typo in desc + * BUG/MEDIUM: quic: avoid freezing 0RTT connections + * BUG/MINOR: quic: avoid leaking post handshake frames + * REGTESTS: Never reuse server connection in http-messaging/truncated.vtc + * BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter + * BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify() + * BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid + * BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send + * BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new() + * BUG/MEDIUM: queue: make sure never to queue when there's no more served conns + * BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests + * BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() + * BUG/MEDIUM: hlua: make hlua_ctx_renew() safe + * BUG/MEDIUM: server: server stuck in maintenance after FQDN change + * MEDIUM: debug: on panic, make the target thread automatically allocate its buf + * MINOR: debug: replace ha_thread_dump() with its two components + * MINOR: debug: make ha_thread_dump_done() take the pointer to be used + * MINOR: debug: slightly change the thread_dump_pointer signification + * MINOR: debug: split ha_thread_dump() in two parts + * MINOR: chunk: drop the global thread_dump_buffer + * MINOR: debug: make mark_tainted() return the previous value + * BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade + * BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding + * BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server + * MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute() + * BUG/MINOR: queue: make sure that maintenance redispatches server queue + * BUG/MEDIUM: stream: make stream_shutdown() async-safe + * MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG + * MINOR: tools: do not attempt to use backtrace() on linux without glibc + * BUILD: tools: only include execinfo.h for the real backtrace() function + * BUG/MINOR: cfgparse-global: fix allowed args number for setenv + * BUG/MINOR: server: make sure the HMAINT state is part of MAINT + * BUG/MEDIUM: cli: Deadlock when setting frontend maxconn + * BUG/MEDIUM: cli: Be sure to catch immediate client abort + * BUG/MINOR: mux-quic: report glitches to session + * REGTESTS: shorten a bit the delay for the h1/h2 upgrade test + * REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades + * BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only + * MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state + * BUG/MINOR: h2: reject extended connect for h2c protocol + * BUG/MINOR: h1: do not forward h2c upgrade header token + * MINOR: connection: No longer include stconn type header in connection-t.h + +------------------------------------------------------------------- +Mon Sep 30 19:36:53 UTC 2024 - mrueckert@suse.de + +- Update to version 3.0.5+git0.8e879a52e: (VUL-0: CVE-2024-49214 boo#1231612) + * [RELEASE] Released version 3.0.5 + * BUG/MINOR: quic: prevent freeze after early QCS closure + * BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM + * MINOR: quic: implement function to check if STREAM is fully acked + * MINOR: quic: convert qc_stream_desc release field to flags + * BUG/MINOR: cfgparse-listen: fix option httpslog override warning message + * BUG/MEDIUM: promex: Wait to have the request before sending the response + * BUG/MEDIUM: cache/stats: Wait to have the request before sending the response + * BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send + * DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options + * BUG/MINOR: peers: local entries updates may not be advertised after resync + * BUG/MEDIUM: queue: implement a flag to check for the dequeuing + * BUG/MINOR: clock: validate that now_offset still applies to the current date + * BUG/MINOR: clock: make time jump corrections a bit more accurate + * BUG/MINOR: polling: fix time reporting when using busy polling + * MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option + * BUG/MINOR: pattern: do not leave a leading comma on "set" error messages + * BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established + * BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state + * BUG/MEDIUM: pattern: prevent UAF on reused pattern expr + * BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() + * BUG/MEDIUM: clock: detect and cover jumps during execution + * REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load + * DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line + * BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only) + * BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC) + * BUG/MEDIUM: quic: always validate sender address on 0-RTT + * MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event. + * MINOR: quic: Implement qc_ssl_eary_data_accepted(). + * MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct) + * BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder + * MINOR: quic: Token for future connections implementation. + * MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD + * MINOR: quic: Implement quic_tls_derive_token_secret(). + * MINOR: tools: Implement ipaddrcpy(). + * BUG/MEDIUM: clock: also update the date offset on time jumps + * BUILD: quic: 32bits build broken by wrong integer conversions for printf() + * BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list + * DOC: config: correct the table for option tcplog + * BUG/MINOR: pattern: pat_ref_set: return 0 if err was found + * BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity + * BUG/MINOR: h3: properly reject too long header responses + * BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails + * BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID + * REGTESTS: mcli: test the pipelined commands on master CLI + * BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI + * MINOR: channel: implement ci_insert() function + * BUG/MINOR: proto_tcp: keep error msg if listen() fails + * BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails + * BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE + * BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion + * BUG/MINOR: trace: automatically start in waiting mode with "start " + * BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() + * BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc + * BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn + * DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted + * BUG/MINOR: fcgi-app: handle a possible strdup() failure + * BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync + * BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream + * BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams + * BUG/MEDIUM: http-ana: Report error on write error waiting for the response + * BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content + * BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC + * BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC + * BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect + * BUILD: mux-pt: Use the right name for the sedesc variable + * BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path + * BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set + * BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak + ------------------------------------------------------------------- Tue Sep 03 14:08:47 UTC 2024 - mrueckert@suse.de diff --git a/haproxy.spec b/haproxy.spec index 1bd8b43..9c61cc9 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -53,7 +53,7 @@ %endif Name: haproxy -Version: 3.0.4+git0.7a59afa93 +Version: 3.0.6+git0.c2c009086 Release: 0 # #