From ba3ebe78ca989fba0a0763381669595dabf6e04e3c621f2a2c82c23e20015c66 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Thu, 2 Apr 2020 13:29:08 +0000 Subject: [PATCH] - Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100 OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=214 --- _service | 2 +- _servicedata | 2 +- haproxy-2.1.3+git0.5c020bbdd.tar.gz | 3 - haproxy-2.1.4+git0.3cfc2f1d9.tar.gz | 3 + haproxy.changes | 158 ++++++++++++++++++++++++++++ haproxy.spec | 2 +- 6 files changed, 164 insertions(+), 6 deletions(-) delete mode 100644 haproxy-2.1.3+git0.5c020bbdd.tar.gz create mode 100644 haproxy-2.1.4+git0.3cfc2f1d9.tar.gz diff --git a/_service b/_service index 90e1a6f..544758e 100644 --- a/_service +++ b/_service @@ -6,7 +6,7 @@ @PARENT_TAG@+git@TAG_OFFSET@.%h v(.*) \1 - v2.1.3 + v2.1.4 enable diff --git a/_servicedata b/_servicedata index ced6b8d..48db717 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ http://git.haproxy.org/git/haproxy-2.1.git - 5c020bbddc3d9573f02cde383abc983ad0781fc1 + 3cfc2f1d978f475c258dcd8c60b2bff8d02be92c \ No newline at end of file diff --git a/haproxy-2.1.3+git0.5c020bbdd.tar.gz b/haproxy-2.1.3+git0.5c020bbdd.tar.gz deleted file mode 100644 index 11db92e..0000000 --- a/haproxy-2.1.3+git0.5c020bbdd.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e0a0b380bdd6f34240a7470e86d6c83463e8a2a98e2922b6e9fa8a55dd1bcd41 -size 2752990 diff --git a/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz b/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz new file mode 100644 index 0000000..a38b35c --- /dev/null +++ b/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c79c6152fe32051fee901234f8ccd6722ee5ac255afc090a518b6cf5d5f90781 +size 2762999 diff --git a/haproxy.changes b/haproxy.changes index a56e75e..d6d3b88 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,161 @@ +------------------------------------------------------------------- +Thu Apr 2 13:24:34 UTC 2020 - Marcus Rueckert + +- Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100 + - SCRIPTS: make announce-release executable again + - BUG/MINOR: namespace: avoid closing fd when socket failed in + my_socketat + - BUG/MEDIUM: muxes: Use the right argument when calling the + destroy method. + - BUG/MINOR: mux-fcgi: Forbid special characters when matching + PATH_INFO param + - MINOR: mux-fcgi: Make the capture of the path-info optional in + pathinfo regex + - SCRIPTS: announce-release: use mutt -H instead of -i to include + the draft + - MINOR: http-htx: Add a function to retrieve the headers size of + an HTX message + - MINOR: filters: Forward data only if the last filter forwards + something + - BUG/MINOR: filters: Count HTTP headers as filtered data but + don't forward them + - BUG/MINOR: http-htx: Don't return error if authority is updated + without changes + - BUG/MINOR: http-ana: Matching on monitor-uri should be + case-sensitive + - MINOR: http-ana: Match on the path if the monitor-uri starts by + a / + - BUG/MAJOR: http-ana: Always abort the request when a tarpit is + triggered + - MINOR: ist: add an iststop() function + - BUG/MINOR: http: http-request replace-path duplicates the query + string + - BUG/MEDIUM: shctx: make sure to keep all blocks aligned + - MINOR: compiler: move CPU capabilities definition from config.h + and complete them + - BUG/MEDIUM: ebtree: don't set attribute packed without + unaligned access support + - BUILD: fix recent build failure on unaligned archs + - CLEANUP: cfgparse: Fix type of second calloc() parameter + - BUG/MINOR: sample: fix the json converter's endian-sensitivity + - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few + sample fetch functions + - BUG/MINOR: connection: make sure to correctly tag local PROXY + connections + - MINOR: compiler: add new alignment macros + - BUILD: ebtree: improve architecture-specific alignment + - BUG/MINOR: h2: reject again empty :path pseudo-headers + - BUG/MINOR: sample: Make sure to return stable IDs in the + unique-id fetch + - BUG/MINOR: dns: ignore trailing dot + - BUG/MINOR: http-htx: Do case-insensive comparisons on Host + header name + - MINOR: contrib/prometheus-exporter: Add heathcheck status/code + in server metrics + - MINOR: contrib/prometheus-exporter: Add the last heathcheck + duration metric + - BUG/MEDIUM: random: initialize the random pool a bit better + - MINOR: tools: add 64-bit rotate operators + - BUG/MEDIUM: random: implement a thread-safe and process-safe + PRNG + - MINOR: backend: use a single call to ha_random32() for the + random LB algo + - BUG/MINOR: checks/threads: use ha_random() and not rand() + - BUG/MAJOR: list: fix invalid element address calculation + - MINOR: debug: report the task handler's pointer relative to + main + - BUG/MEDIUM: debug: make the debug_handler check for the thread + in threads_to_dump + - MINOR: haproxy: export main to ease access from debugger + - BUILD: tools: remove obsolete and conflicting trace() from + standard.c + - BUG/MINOR: wdt: do not return an error when the watchdog + couldn't be enabled + - DOC: fix incorrect indentation of http_auth_* + - OPTIM: startup: fast unique_id allocation for acl. + - BUG/MINOR: pattern: Do not pass len = 0 to calloc() + - DOC: configuration.txt: fix various typos + - DOC: assorted typo fixes in the documentation and Makefile + - BUG/MINOR: init: make the automatic maxconn consider the max of + soft/hard limits + - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths + - REGTEST: make the PROXY TLV validation depend on version 2.2 + - BUG/MINOR: filters: Use filter offset to decude the amount of + forwarded data + - BUG/MINOR: filters: Forward everything if no data filters are + called + - MINOR: htx: Add a function to return a block at a specific + offset + - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the + response payload + - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks + compressing the payload + - BUG/MINOR: http-ana: Reset request analysers on a response side + error + - BUG/MINOR: lua: Ignore the reserve to know if a channel is full + or not + - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject + action + - BUG/MINOR: http-rules: Fix a typo in the reject action function + - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop + action + - BUG/MINOR: rules: Increment be_counters if backend is assigned + for a silent-drop + - DOC: fix typo about no-tls-tickets + - DOC: improve description of no-tls-tickets + - DOC: assorted typo fixes in the documentation + - DOC: ssl: clarify security implications of TLS tickets + - BUILD: wdt: only test for SI_TKILL when compiled with thread + support + - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to + NULL; + - MINOR: mt_lists: Appease gcc. + - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64 + - BUG/MEDIUM: pools: Always update free_list in pool_gc(). + - BUG/MINOR: haproxy: always initialize sleeping_thread_mask + - BUG/MINOR: listener/mq: do not dispatch connections to remote + threads when stopping + - BUG/MINOR: haproxy/threads: try to make all threads leave + together + - DOC: proxy_protocol: Reserve TLV type 0x05 as + PP2_TYPE_UNIQUE_ID + - DOC: correct typo in alert message about rspirep + - BUILD: on ARM, must be linked to libatomic. + - BUILD: makefile: fix regex syntax in ARM platform detection + - BUILD: makefile: fix expression again to detect ARM platform + - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong + cases. + - DOC: assorted typo fixes in the documentation + - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into + types/signal.h. + - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in + __signal_process_queue(). + - MINOR: memory: Change the flush_lock to a spinlock, and don't + get it in alloc. + - BUG/MINOR: connections: Make sure we free the connection on + failure. + - REGTESTS: use "command -v" instead of "which" + - REGTEST: increase timeouts on the seamless-reload test + - BUG/MINOR: haproxy/threads: close a possible race in soft-stop + detection + - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized + - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL + - BUG/MINOR: peers: Use after free of "peers" section. + - MINOR: listener: add so_name sample fetch + - BUILD: ssl: only pass unsigned chars to isspace() + - BUG/MINOR: stats: Fix color of draining servers on stats page + - DOC: internals: Fix spelling errors in filters.txt + - MINOR: http-rules: Add a flag on redirect rules to know the + rule direction + - BUG/MINOR: http_ana: make sure redirect flags don't have + overlapping bits + - MINOR: http-rules: Handle the rule direction when a redirect is + evaluated + - BUG/MINOR: http-ana: Reset request analysers on error when + waiting for response + - BUG/CRITICAL: hpack: never index a header into the headroom + after wrapping + ------------------------------------------------------------------- Fri Feb 14 13:23:23 UTC 2020 - Thorsten Kukuk diff --git a/haproxy.spec b/haproxy.spec index b20e967..890ad1d 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -53,7 +53,7 @@ %endif Name: haproxy -Version: 2.1.3+git0.5c020bbdd +Version: 2.1.4+git0.3cfc2f1d9 Release: 0 # #