Accepting request 790908 from server:http

- Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100 OBS-URL: https://build.opensuse.org/request/show/790908 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=83
2020-04-04 10:20:54 +00:00 · 2020-04-04 10:20:54 +00:00 · 8ef101d465
commit 8ef101d465
parent e54ac01865 ba3ebe78ca
6 changed files with 164 additions and 6 deletions
--- a/2
+++ b/2
@ -6,7 +6,7 @@
    <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
-    <param name="revision">v2.1.3</param>
+    <param name="revision">v2.1.4</param>
    <param name="changesgenerate">enable</param>
  </service>

--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <servicedata>
  <service name="tar_scm">
    <param name="url">http://git.haproxy.org/git/haproxy-2.1.git</param>
-    <param name="changesrevision">5c020bbddc3d9573f02cde383abc983ad0781fc1</param>
+    <param name="changesrevision">3cfc2f1d978f475c258dcd8c60b2bff8d02be92c</param>
  </service>
 </servicedata>
--- a/haproxy-2.1.3+git0.5c020bbdd.tar.gz
+++ b/haproxy-2.1.3+git0.5c020bbdd.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e0a0b380bdd6f34240a7470e86d6c83463e8a2a98e2922b6e9fa8a55dd1bcd41
-size 2752990
--- a/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz
+++ b/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c79c6152fe32051fee901234f8ccd6722ee5ac255afc090a518b6cf5d5f90781
+size 2762999
--- a/haproxy.changes
+++ b/haproxy.changes
@ -1,3 +1,161 @@
+-------------------------------------------------------------------
+Thu Apr  2 13:24:34 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100
+  - SCRIPTS: make announce-release executable again
+  - BUG/MINOR: namespace: avoid closing fd when socket failed in
+    my_socketat
+  - BUG/MEDIUM: muxes: Use the right argument when calling the
+    destroy method.
+  - BUG/MINOR: mux-fcgi: Forbid special characters when matching
+    PATH_INFO param
+  - MINOR: mux-fcgi: Make the capture of the path-info optional in
+    pathinfo regex
+  - SCRIPTS: announce-release: use mutt -H instead of -i to include
+    the draft
+  - MINOR: http-htx: Add a function to retrieve the headers size of
+    an HTX message
+  - MINOR: filters: Forward data only if the last filter forwards
+    something
+  - BUG/MINOR: filters: Count HTTP headers as filtered data but
+    don't forward them
+  - BUG/MINOR: http-htx: Don't return error if authority is updated
+    without changes
+  - BUG/MINOR: http-ana: Matching on monitor-uri should be
+    case-sensitive
+  - MINOR: http-ana: Match on the path if the monitor-uri starts by
+    a /
+  - BUG/MAJOR: http-ana: Always abort the request when a tarpit is
+    triggered
+  - MINOR: ist: add an iststop() function
+  - BUG/MINOR: http: http-request replace-path duplicates the query
+    string
+  - BUG/MEDIUM: shctx: make sure to keep all blocks aligned
+  - MINOR: compiler: move CPU capabilities definition from config.h
+    and complete them
+  - BUG/MEDIUM: ebtree: don't set attribute packed without
+    unaligned access support
+  - BUILD: fix recent build failure on unaligned archs
+  - CLEANUP: cfgparse: Fix type of second calloc() parameter
+  - BUG/MINOR: sample: fix the json converter's endian-sensitivity
+  - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few
+    sample fetch functions
+  - BUG/MINOR: connection: make sure to correctly tag local PROXY
+    connections
+  - MINOR: compiler: add new alignment macros
+  - BUILD: ebtree: improve architecture-specific alignment
+  - BUG/MINOR: h2: reject again empty :path pseudo-headers
+  - BUG/MINOR: sample: Make sure to return stable IDs in the
+    unique-id fetch
+  - BUG/MINOR: dns: ignore trailing dot
+  - BUG/MINOR: http-htx: Do case-insensive comparisons on Host
+    header name
+  - MINOR: contrib/prometheus-exporter: Add heathcheck status/code
+    in server metrics
+  - MINOR: contrib/prometheus-exporter: Add the last heathcheck
+    duration metric
+  - BUG/MEDIUM: random: initialize the random pool a bit better
+  - MINOR: tools: add 64-bit rotate operators
+  - BUG/MEDIUM: random: implement a thread-safe and process-safe
+    PRNG
+  - MINOR: backend: use a single call to ha_random32() for the
+    random LB algo
+  - BUG/MINOR: checks/threads: use ha_random() and not rand()
+  - BUG/MAJOR: list: fix invalid element address calculation
+  - MINOR: debug: report the task handler's pointer relative to
+    main
+  - BUG/MEDIUM: debug: make the debug_handler check for the thread
+    in threads_to_dump
+  - MINOR: haproxy: export main to ease access from debugger
+  - BUILD: tools: remove obsolete and conflicting trace() from
+    standard.c
+  - BUG/MINOR: wdt: do not return an error when the watchdog
+    couldn't be enabled
+  - DOC: fix incorrect indentation of http_auth_*
+  - OPTIM: startup: fast unique_id allocation for acl.
+  - BUG/MINOR: pattern: Do not pass len = 0 to calloc()
+  - DOC: configuration.txt: fix various typos
+  - DOC: assorted typo fixes in the documentation and Makefile
+  - BUG/MINOR: init: make the automatic maxconn consider the max of
+    soft/hard limits
+  - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
+  - REGTEST: make the PROXY TLV validation depend on version 2.2
+  - BUG/MINOR: filters: Use filter offset to decude the amount of
+    forwarded data
+  - BUG/MINOR: filters: Forward everything if no data filters are
+    called
+  - MINOR: htx: Add a function to return a block at a specific
+    offset
+  - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the
+    response payload
+  - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks
+    compressing the payload
+  - BUG/MINOR: http-ana: Reset request analysers on a response side
+    error
+  - BUG/MINOR: lua: Ignore the reserve to know if a channel is full
+    or not
+  - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject
+    action
+  - BUG/MINOR: http-rules: Fix a typo in the reject action function
+  - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop
+    action
+  - BUG/MINOR: rules: Increment be_counters if backend is assigned
+    for a silent-drop
+  - DOC: fix typo about no-tls-tickets
+  - DOC: improve description of no-tls-tickets
+  - DOC: assorted typo fixes in the documentation
+  - DOC: ssl: clarify security implications of TLS tickets
+  - BUILD: wdt: only test for SI_TKILL when compiled with thread
+    support
+  - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to
+    NULL;
+  - MINOR: mt_lists: Appease gcc.
+  - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
+  - BUG/MEDIUM: pools: Always update free_list in pool_gc().
+  - BUG/MINOR: haproxy: always initialize sleeping_thread_mask
+  - BUG/MINOR: listener/mq: do not dispatch connections to remote
+    threads when stopping
+  - BUG/MINOR: haproxy/threads: try to make all threads leave
+    together
+  - DOC: proxy_protocol: Reserve TLV type 0x05 as
+    PP2_TYPE_UNIQUE_ID
+  - DOC: correct typo in alert message about rspirep
+  - BUILD: on ARM, must be linked to libatomic.
+  - BUILD: makefile: fix regex syntax in ARM platform detection
+  - BUILD: makefile: fix expression again to detect ARM platform
+  - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong
+    cases.
+  - DOC: assorted typo fixes in the documentation
+  - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into
+    types/signal.h.
+  - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in
+    __signal_process_queue().
+  - MINOR: memory: Change the flush_lock to a spinlock, and don't
+    get it in alloc.
+  - BUG/MINOR: connections: Make sure we free the connection on
+    failure.
+  - REGTESTS: use "command -v" instead of "which"
+  - REGTEST: increase timeouts on the seamless-reload test
+  - BUG/MINOR: haproxy/threads: close a possible race in soft-stop
+    detection
+  - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
+  - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
+  - BUG/MINOR: peers: Use after free of "peers" section.
+  - MINOR: listener: add so_name sample fetch
+  - BUILD: ssl: only pass unsigned chars to isspace()
+  - BUG/MINOR: stats: Fix color of draining servers on stats page
+  - DOC: internals: Fix spelling errors in filters.txt
+  - MINOR: http-rules: Add a flag on redirect rules to know the
+    rule direction
+  - BUG/MINOR: http_ana: make sure redirect flags don't have
+    overlapping bits
+  - MINOR: http-rules: Handle the rule direction when a redirect is
+    evaluated
+  - BUG/MINOR: http-ana: Reset request analysers on error when
+    waiting for response
+  - BUG/CRITICAL: hpack: never index a header into the headroom
+    after wrapping
+
 -------------------------------------------------------------------
 Fri Feb 14 13:23:23 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>

--- a/haproxy.spec
+++ b/haproxy.spec
@ -53,7 +53,7 @@
 %endif

 Name:           haproxy
-Version:        2.1.3+git0.5c020bbdd
+Version:        2.1.4+git0.3cfc2f1d9
 Release:        0
 #
 #