Accepting request 658884 from home:KGronlund:branches:server:http

- Update to version 1.8.15~git0.6b6a350a: (bsc#1119419) (CVE-2018-20103) (VUL-0) (bsc#1119368) (CVE-2018-20102)
  * DOC: Update configuration doc about the maximum number of stick counters.
  * BUG: dns: Fix off-by-one write in dns_validate_dns_response()
  * BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
  * BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
  * BUG: dns: Prevent out-of-bounds read in dns_read_name()
  * BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
  * DOC: refer to check-sni in the documentation of sni
  * DOC: clarify that check-sni needs an argument.
  * MINOR: servers: Free [idle|safe|priv]_conns on exit.
  * MINOR: stats: report the number of active jobs and listeners in "show info"
  * BUG/MINOR: mux-h2: advertise a larger connection window size
  * BUG/MINOR: mux-h2: refrain from muxing during the preface
  * BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
  * BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
  * BUG/MINOR: lb-map: fix unprotected update to server's score
  * BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
  * BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
  * BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
  * BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
  * BUG/MINOR: config: Copy default error messages when parsing of a backend starts
  * BUG/MEDIUM: Make sure stksess is properly aligned.
  * BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
  * BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
  * BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
  * BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
  * BUG/MINOR: only mark connections private if NTLM is detected
  * DOC: cache: Missing information about "total-max-size"
  * BUG/MINOR: ssl: Wrong usage of shctx_init().
  * BUG/MINOR: cache: Wrong usage of shctx_init().

OBS-URL: https://build.opensuse.org/request/show/658884
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=178

_service

@@ -6,7 +6,7 @@
     <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>    
-    <param name="revision">v1.8.14</param>
+    <param name="revision">v1.8.15</param>
     <param name="changesgenerate">enable</param>
   </service>
 

_servicedata

@@ -5,4 +5,4 @@
             <param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param>
           <param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm">
                 <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param>
-              <param name="changesrevision">52e4d43ba395c950c9d2121ca55b105ed54a85a4</param></service></servicedata>
+              <param name="changesrevision">6b6a350afe3b08a1a60c80fe9120a1c9d10448ef</param></service></servicedata>

haproxy-1.8.14~git0.52e4d43b.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4acb722dca31ed8b25ced0e5280b7bd8b93962dd4769973752da46a9080db106
-size 2131958

haproxy-1.8.15~git0.6b6a350a.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:954781a7635954548bb190e1bf4fd75a193710e5194a1540055cff3f4703284d
+size 2134976

haproxy.changes

@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Mon Dec 17 09:42:18 UTC 2018 - kgronlund@suse.com
+
+- Update to version 1.8.15~git0.6b6a350a: (bsc#1119419) (CVE-2018-20103) (VUL-0) (bsc#1119368) (CVE-2018-20102)
+  * DOC: Update configuration doc about the maximum number of stick counters.
+  * BUG: dns: Fix off-by-one write in dns_validate_dns_response()
+  * BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
+  * BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
+  * BUG: dns: Prevent out-of-bounds read in dns_read_name()
+  * BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
+  * DOC: refer to check-sni in the documentation of sni
+  * DOC: clarify that check-sni needs an argument.
+  * MINOR: servers: Free [idle|safe|priv]_conns on exit.
+  * MINOR: stats: report the number of active jobs and listeners in "show info"
+  * BUG/MINOR: mux-h2: advertise a larger connection window size
+  * BUG/MINOR: mux-h2: refrain from muxing during the preface
+  * BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
+  * BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
+  * BUG/MINOR: lb-map: fix unprotected update to server's score
+  * BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
+  * BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
+  * BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
+  * BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
+  * BUG/MINOR: config: Copy default error messages when parsing of a backend starts
+  * BUG/MEDIUM: Make sure stksess is properly aligned.
+  * BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
+  * BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
+  * BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
+  * BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
+  * BUG/MINOR: only mark connections private if NTLM is detected
+  * DOC: cache: Missing information about "total-max-size"
+  * BUG/MINOR: ssl: Wrong usage of shctx_init().
+  * BUG/MINOR: cache: Wrong usage of shctx_init().
+  * BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
+  * BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
+  * BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
+  * DOC: fix reference to map files in MAINTAINERS
+  * MINOR: peers: use defines instead of enums to appease clang.
+  * MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
+  * MINOR: server: Use memcpy() instead of strncpy().
+  * CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause
+  * MINOR: lua: all functions calling lua_yieldk() may return
+  * BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile
+  * BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
+  * BUG/MEDIUM: stream: don't crash on out-of-memory
+  * BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.
+  * BUG/MINOR: checks: queues null-deref
+  * BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
+  * MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
+  * BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2.
+  * BUG/MINOR: backend: check that the mux installed properly
+  * BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2
+  * DOC: clarify force-private-cache is an option
+  * MINOR: threads: Make sure threads_sync_pipe is initialized before using it.
+
 -------------------------------------------------------------------
 Thu Sep 20 13:03:31 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
 

haproxy.spec

@@ -47,7 +47,7 @@
 %endif
 
 Name:           haproxy
-Version:        1.8.14~git0.52e4d43b
+Version:        1.8.15~git0.6b6a350a
 Release:        0
 #
 #