From 67809aa6e7f4ba8225dde7ca0cd96da71d3293fa2a0c46fd5223ed5d449a35cd Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Tue, 7 Sep 2021 15:46:15 +0000 Subject: [PATCH] - Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877) * [RELEASE] Released version 2.4.4 * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * MINOR: time: add report_idle() to report process-wide idle time * BUG/MINOR: time: fix idle time computation for long sleeps * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MINOR: base64: base64urldec() ignores padding in output size check * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions * MINOR: hlua: take the global Lua lock inside a global function * REGTESTS: abortonclose: after retries, 503 is expected, not close * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=249 --- _service | 2 +- _servicedata | 2 +- haproxy-2.4.3+git0.4dd5a5a6c.tar.gz | 3 --- haproxy-2.4.4+git0.acb1d0bea.tar.gz | 3 +++ haproxy.changes | 27 +++++++++++++++++++++++++++ haproxy.spec | 2 +- 6 files changed, 33 insertions(+), 6 deletions(-) delete mode 100644 haproxy-2.4.3+git0.4dd5a5a6c.tar.gz create mode 100644 haproxy-2.4.4+git0.acb1d0bea.tar.gz diff --git a/_service b/_service index 102c057..b7cc52a 100644 --- a/_service +++ b/_service @@ -6,7 +6,7 @@ @PARENT_TAG@+git@TAG_OFFSET@.%h v(.*) \1 - v2.4.3 + v2.4.4 enable diff --git a/_servicedata b/_servicedata index 038adfb..3f642ac 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ http://git.haproxy.org/git/haproxy-2.4.git - 4dd5a5a6cb7f865f897bf945fba30b2498207520 + acb1d0beae32a1749480caa18ecc51e211c5f10a \ No newline at end of file diff --git a/haproxy-2.4.3+git0.4dd5a5a6c.tar.gz b/haproxy-2.4.3+git0.4dd5a5a6c.tar.gz deleted file mode 100644 index f0f17ad..0000000 --- a/haproxy-2.4.3+git0.4dd5a5a6c.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:862f2934e84435ebc5a587d0b811b71721da04c242d025a38aded786d4efb517 -size 3686431 diff --git a/haproxy-2.4.4+git0.acb1d0bea.tar.gz b/haproxy-2.4.4+git0.acb1d0bea.tar.gz new file mode 100644 index 0000000..0713929 --- /dev/null +++ b/haproxy-2.4.4+git0.acb1d0bea.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6b771080be886dd77d6ea1c15e3bfda2988f321b8409ba81e6bef46cdfe5dab3 +size 3686796 diff --git a/haproxy.changes b/haproxy.changes index 17b152c..207f722 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Tue Sep 07 15:43:22 UTC 2021 - mrueckert@suse.de + +- Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877) + * [RELEASE] Released version 2.4.4 + * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" + * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer + * CLEANUP: htx: remove comments about "must be < 256 MB" + * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB + * DOC: configuration: remove wrong tcp-request examples in tcp-response + * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser + * CLEANUP: Add missing include guard to signal.h + * BUG/MINOR: tools: Fix loop condition in dump_text() + * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time + * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long + * MINOR: time: add report_idle() to report process-wide idle time + * BUG/MINOR: time: fix idle time computation for long sleeps + * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords + * MINOR: compiler: implement an ONLY_ONCE() macro + * BUG/MINOR: base64: base64urldec() ignores padding in output size check + * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} + * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions + * MINOR: hlua: take the global Lua lock inside a global function + * REGTESTS: abortonclose: after retries, 503 is expected, not close + * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 + * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path + ------------------------------------------------------------------- Tue Aug 17 15:50:01 UTC 2021 - mrueckert@suse.de diff --git a/haproxy.spec b/haproxy.spec index 1d2cd4c..2bb1250 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -53,7 +53,7 @@ %endif Name: haproxy -Version: 2.4.3+git0.4dd5a5a6c +Version: 2.4.4+git0.acb1d0bea Release: 0 # #