diff --git a/_service b/_service
index 90e1a6f..544758e 100644
--- a/_service
+++ b/_service
@@ -6,7 +6,7 @@
@PARENT_TAG@+git@TAG_OFFSET@.%h
v(.*)
\1
- v2.1.3
+ v2.1.4
enable
diff --git a/_servicedata b/_servicedata
index ced6b8d..48db717 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,6 +1,6 @@
http://git.haproxy.org/git/haproxy-2.1.git
- 5c020bbddc3d9573f02cde383abc983ad0781fc1
+ 3cfc2f1d978f475c258dcd8c60b2bff8d02be92c
\ No newline at end of file
diff --git a/haproxy-2.1.3+git0.5c020bbdd.tar.gz b/haproxy-2.1.3+git0.5c020bbdd.tar.gz
deleted file mode 100644
index 11db92e..0000000
--- a/haproxy-2.1.3+git0.5c020bbdd.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e0a0b380bdd6f34240a7470e86d6c83463e8a2a98e2922b6e9fa8a55dd1bcd41
-size 2752990
diff --git a/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz b/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz
new file mode 100644
index 0000000..a38b35c
--- /dev/null
+++ b/haproxy-2.1.4+git0.3cfc2f1d9.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c79c6152fe32051fee901234f8ccd6722ee5ac255afc090a518b6cf5d5f90781
+size 2762999
diff --git a/haproxy.changes b/haproxy.changes
index a56e75e..d6d3b88 100644
--- a/haproxy.changes
+++ b/haproxy.changes
@@ -1,3 +1,161 @@
+-------------------------------------------------------------------
+Thu Apr 2 13:24:34 UTC 2020 - Marcus Rueckert
+
+- Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100
+ - SCRIPTS: make announce-release executable again
+ - BUG/MINOR: namespace: avoid closing fd when socket failed in
+ my_socketat
+ - BUG/MEDIUM: muxes: Use the right argument when calling the
+ destroy method.
+ - BUG/MINOR: mux-fcgi: Forbid special characters when matching
+ PATH_INFO param
+ - MINOR: mux-fcgi: Make the capture of the path-info optional in
+ pathinfo regex
+ - SCRIPTS: announce-release: use mutt -H instead of -i to include
+ the draft
+ - MINOR: http-htx: Add a function to retrieve the headers size of
+ an HTX message
+ - MINOR: filters: Forward data only if the last filter forwards
+ something
+ - BUG/MINOR: filters: Count HTTP headers as filtered data but
+ don't forward them
+ - BUG/MINOR: http-htx: Don't return error if authority is updated
+ without changes
+ - BUG/MINOR: http-ana: Matching on monitor-uri should be
+ case-sensitive
+ - MINOR: http-ana: Match on the path if the monitor-uri starts by
+ a /
+ - BUG/MAJOR: http-ana: Always abort the request when a tarpit is
+ triggered
+ - MINOR: ist: add an iststop() function
+ - BUG/MINOR: http: http-request replace-path duplicates the query
+ string
+ - BUG/MEDIUM: shctx: make sure to keep all blocks aligned
+ - MINOR: compiler: move CPU capabilities definition from config.h
+ and complete them
+ - BUG/MEDIUM: ebtree: don't set attribute packed without
+ unaligned access support
+ - BUILD: fix recent build failure on unaligned archs
+ - CLEANUP: cfgparse: Fix type of second calloc() parameter
+ - BUG/MINOR: sample: fix the json converter's endian-sensitivity
+ - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few
+ sample fetch functions
+ - BUG/MINOR: connection: make sure to correctly tag local PROXY
+ connections
+ - MINOR: compiler: add new alignment macros
+ - BUILD: ebtree: improve architecture-specific alignment
+ - BUG/MINOR: h2: reject again empty :path pseudo-headers
+ - BUG/MINOR: sample: Make sure to return stable IDs in the
+ unique-id fetch
+ - BUG/MINOR: dns: ignore trailing dot
+ - BUG/MINOR: http-htx: Do case-insensive comparisons on Host
+ header name
+ - MINOR: contrib/prometheus-exporter: Add heathcheck status/code
+ in server metrics
+ - MINOR: contrib/prometheus-exporter: Add the last heathcheck
+ duration metric
+ - BUG/MEDIUM: random: initialize the random pool a bit better
+ - MINOR: tools: add 64-bit rotate operators
+ - BUG/MEDIUM: random: implement a thread-safe and process-safe
+ PRNG
+ - MINOR: backend: use a single call to ha_random32() for the
+ random LB algo
+ - BUG/MINOR: checks/threads: use ha_random() and not rand()
+ - BUG/MAJOR: list: fix invalid element address calculation
+ - MINOR: debug: report the task handler's pointer relative to
+ main
+ - BUG/MEDIUM: debug: make the debug_handler check for the thread
+ in threads_to_dump
+ - MINOR: haproxy: export main to ease access from debugger
+ - BUILD: tools: remove obsolete and conflicting trace() from
+ standard.c
+ - BUG/MINOR: wdt: do not return an error when the watchdog
+ couldn't be enabled
+ - DOC: fix incorrect indentation of http_auth_*
+ - OPTIM: startup: fast unique_id allocation for acl.
+ - BUG/MINOR: pattern: Do not pass len = 0 to calloc()
+ - DOC: configuration.txt: fix various typos
+ - DOC: assorted typo fixes in the documentation and Makefile
+ - BUG/MINOR: init: make the automatic maxconn consider the max of
+ soft/hard limits
+ - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
+ - REGTEST: make the PROXY TLV validation depend on version 2.2
+ - BUG/MINOR: filters: Use filter offset to decude the amount of
+ forwarded data
+ - BUG/MINOR: filters: Forward everything if no data filters are
+ called
+ - MINOR: htx: Add a function to return a block at a specific
+ offset
+ - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the
+ response payload
+ - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks
+ compressing the payload
+ - BUG/MINOR: http-ana: Reset request analysers on a response side
+ error
+ - BUG/MINOR: lua: Ignore the reserve to know if a channel is full
+ or not
+ - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject
+ action
+ - BUG/MINOR: http-rules: Fix a typo in the reject action function
+ - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop
+ action
+ - BUG/MINOR: rules: Increment be_counters if backend is assigned
+ for a silent-drop
+ - DOC: fix typo about no-tls-tickets
+ - DOC: improve description of no-tls-tickets
+ - DOC: assorted typo fixes in the documentation
+ - DOC: ssl: clarify security implications of TLS tickets
+ - BUILD: wdt: only test for SI_TKILL when compiled with thread
+ support
+ - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to
+ NULL;
+ - MINOR: mt_lists: Appease gcc.
+ - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
+ - BUG/MEDIUM: pools: Always update free_list in pool_gc().
+ - BUG/MINOR: haproxy: always initialize sleeping_thread_mask
+ - BUG/MINOR: listener/mq: do not dispatch connections to remote
+ threads when stopping
+ - BUG/MINOR: haproxy/threads: try to make all threads leave
+ together
+ - DOC: proxy_protocol: Reserve TLV type 0x05 as
+ PP2_TYPE_UNIQUE_ID
+ - DOC: correct typo in alert message about rspirep
+ - BUILD: on ARM, must be linked to libatomic.
+ - BUILD: makefile: fix regex syntax in ARM platform detection
+ - BUILD: makefile: fix expression again to detect ARM platform
+ - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong
+ cases.
+ - DOC: assorted typo fixes in the documentation
+ - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into
+ types/signal.h.
+ - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in
+ __signal_process_queue().
+ - MINOR: memory: Change the flush_lock to a spinlock, and don't
+ get it in alloc.
+ - BUG/MINOR: connections: Make sure we free the connection on
+ failure.
+ - REGTESTS: use "command -v" instead of "which"
+ - REGTEST: increase timeouts on the seamless-reload test
+ - BUG/MINOR: haproxy/threads: close a possible race in soft-stop
+ detection
+ - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
+ - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
+ - BUG/MINOR: peers: Use after free of "peers" section.
+ - MINOR: listener: add so_name sample fetch
+ - BUILD: ssl: only pass unsigned chars to isspace()
+ - BUG/MINOR: stats: Fix color of draining servers on stats page
+ - DOC: internals: Fix spelling errors in filters.txt
+ - MINOR: http-rules: Add a flag on redirect rules to know the
+ rule direction
+ - BUG/MINOR: http_ana: make sure redirect flags don't have
+ overlapping bits
+ - MINOR: http-rules: Handle the rule direction when a redirect is
+ evaluated
+ - BUG/MINOR: http-ana: Reset request analysers on error when
+ waiting for response
+ - BUG/CRITICAL: hpack: never index a header into the headroom
+ after wrapping
+
-------------------------------------------------------------------
Fri Feb 14 13:23:23 UTC 2020 - Thorsten Kukuk
diff --git a/haproxy.spec b/haproxy.spec
index b20e967..890ad1d 100644
--- a/haproxy.spec
+++ b/haproxy.spec
@@ -53,7 +53,7 @@
%endif
Name: haproxy
-Version: 2.1.3+git0.5c020bbdd
+Version: 2.1.4+git0.3cfc2f1d9
Release: 0
#
#