From 37083beefe1d558519a7ba599552758debabb21890578b49fffaf2d2195a8a9b Mon Sep 17 00:00:00 2001 From: Kristoffer Gronlund Date: Mon, 17 Dec 2018 10:05:47 +0000 Subject: [PATCH] Accepting request 658884 from home:KGronlund:branches:server:http - Update to version 1.8.15~git0.6b6a350a: (bsc#1119419) (CVE-2018-20103) (VUL-0) (bsc#1119368) (CVE-2018-20102) * DOC: Update configuration doc about the maximum number of stick counters. * BUG: dns: Fix off-by-one write in dns_validate_dns_response() * BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() * BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() * BUG: dns: Prevent out-of-bounds read in dns_read_name() * BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name * DOC: refer to check-sni in the documentation of sni * DOC: clarify that check-sni needs an argument. * MINOR: servers: Free [idle|safe|priv]_conns on exit. * MINOR: stats: report the number of active jobs and listeners in "show info" * BUG/MINOR: mux-h2: advertise a larger connection window size * BUG/MINOR: mux-h2: refrain from muxing during the preface * BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation * BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. * BUG/MINOR: lb-map: fix unprotected update to server's score * BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed * BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name * BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id * BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field * BUG/MINOR: config: Copy default error messages when parsing of a backend starts * BUG/MEDIUM: Make sure stksess is properly aligned. * BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn * BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe * BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer * BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic * BUG/MINOR: only mark connections private if NTLM is detected * DOC: cache: Missing information about "total-max-size" * BUG/MINOR: ssl: Wrong usage of shctx_init(). * BUG/MINOR: cache: Wrong usage of shctx_init(). OBS-URL: https://build.opensuse.org/request/show/658884 OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=178 --- _service | 2 +- _servicedata | 2 +- haproxy-1.8.14~git0.52e4d43b.tar.gz | 3 -- haproxy-1.8.15~git0.6b6a350a.tar.gz | 3 ++ haproxy.changes | 55 +++++++++++++++++++++++++++++ haproxy.spec | 2 +- 6 files changed, 61 insertions(+), 6 deletions(-) delete mode 100644 haproxy-1.8.14~git0.52e4d43b.tar.gz create mode 100644 haproxy-1.8.15~git0.6b6a350a.tar.gz diff --git a/_service b/_service index e815f93..7cf3e1a 100644 --- a/_service +++ b/_service @@ -6,7 +6,7 @@ @PARENT_TAG@~git@TAG_OFFSET@.%h v(.*) \1 - v1.8.14 + v1.8.15 enable diff --git a/_servicedata b/_servicedata index dc0afa1..ccea970 100644 --- a/_servicedata +++ b/_servicedata @@ -5,4 +5,4 @@ http://git.haproxy.org/git/haproxy-1.7.git 640d526f8cdad00f7f5043b51f6a34f3f6ebb49f http://git.haproxy.org/git/haproxy-1.8.git - 52e4d43ba395c950c9d2121ca55b105ed54a85a4 \ No newline at end of file + 6b6a350afe3b08a1a60c80fe9120a1c9d10448ef \ No newline at end of file diff --git a/haproxy-1.8.14~git0.52e4d43b.tar.gz b/haproxy-1.8.14~git0.52e4d43b.tar.gz deleted file mode 100644 index 327be1b..0000000 --- a/haproxy-1.8.14~git0.52e4d43b.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4acb722dca31ed8b25ced0e5280b7bd8b93962dd4769973752da46a9080db106 -size 2131958 diff --git a/haproxy-1.8.15~git0.6b6a350a.tar.gz b/haproxy-1.8.15~git0.6b6a350a.tar.gz new file mode 100644 index 0000000..dab352b --- /dev/null +++ b/haproxy-1.8.15~git0.6b6a350a.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:954781a7635954548bb190e1bf4fd75a193710e5194a1540055cff3f4703284d +size 2134976 diff --git a/haproxy.changes b/haproxy.changes index 9ecc8fe..c03711f 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Mon Dec 17 09:42:18 UTC 2018 - kgronlund@suse.com + +- Update to version 1.8.15~git0.6b6a350a: (bsc#1119419) (CVE-2018-20103) (VUL-0) (bsc#1119368) (CVE-2018-20102) + * DOC: Update configuration doc about the maximum number of stick counters. + * BUG: dns: Fix off-by-one write in dns_validate_dns_response() + * BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() + * BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() + * BUG: dns: Prevent out-of-bounds read in dns_read_name() + * BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name + * DOC: refer to check-sni in the documentation of sni + * DOC: clarify that check-sni needs an argument. + * MINOR: servers: Free [idle|safe|priv]_conns on exit. + * MINOR: stats: report the number of active jobs and listeners in "show info" + * BUG/MINOR: mux-h2: advertise a larger connection window size + * BUG/MINOR: mux-h2: refrain from muxing during the preface + * BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation + * BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. + * BUG/MINOR: lb-map: fix unprotected update to server's score + * BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed + * BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name + * BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id + * BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field + * BUG/MINOR: config: Copy default error messages when parsing of a backend starts + * BUG/MEDIUM: Make sure stksess is properly aligned. + * BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn + * BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe + * BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer + * BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic + * BUG/MINOR: only mark connections private if NTLM is detected + * DOC: cache: Missing information about "total-max-size" + * BUG/MINOR: ssl: Wrong usage of shctx_init(). + * BUG/MINOR: cache: Wrong usage of shctx_init(). + * BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB). + * BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent. + * BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF. + * DOC: fix reference to map files in MAINTAINERS + * MINOR: peers: use defines instead of enums to appease clang. + * MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80. + * MINOR: server: Use memcpy() instead of strncpy(). + * CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause + * MINOR: lua: all functions calling lua_yieldk() may return + * BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile + * BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point + * BUG/MEDIUM: stream: don't crash on out-of-memory + * BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM. + * BUG/MINOR: checks: queues null-deref + * BUG/MEDIUM: Cur/CumSslConns counters not threadsafe. + * MEDIUM: ssl: add support for ciphersuites option for TLSv1.3 + * BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2. + * BUG/MINOR: backend: check that the mux installed properly + * BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 + * DOC: clarify force-private-cache is an option + * MINOR: threads: Make sure threads_sync_pipe is initialized before using it. + ------------------------------------------------------------------- Thu Sep 20 13:03:31 UTC 2018 - Marcus Rueckert diff --git a/haproxy.spec b/haproxy.spec index d775eab..8deda2d 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -47,7 +47,7 @@ %endif Name: haproxy -Version: 1.8.14~git0.52e4d43b +Version: 1.8.15~git0.6b6a350a Release: 0 # #