From e585b25a3052dbe7164472b632f3c84eaa8cbcc5ba07b4923b5f30d153d6a45b Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Tue, 14 Feb 2023 16:34:41 +0000 Subject: [PATCH] - Update to version 2.7.3+git0.1065b1000: (boo#1208132 CVE-2023-25725) OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=277 --- _service | 2 +- _servicedata | 2 +- haproxy-2.7.1+git0.3e4af0ed7.tar.gz | 3 - haproxy-2.7.3+git0.1065b1000.tar.gz | 3 + haproxy.changes | 179 ++++++++++++++++++++++++++++ haproxy.spec | 2 +- 6 files changed, 185 insertions(+), 6 deletions(-) delete mode 100644 haproxy-2.7.1+git0.3e4af0ed7.tar.gz create mode 100644 haproxy-2.7.3+git0.1065b1000.tar.gz diff --git a/_service b/_service index 7feb1b9..6eccb90 100644 --- a/_service +++ b/_service @@ -6,7 +6,7 @@ @PARENT_TAG@+git@TAG_OFFSET@.%h v(.*) \1 - v2.7.1 + v2.7.3 enable diff --git a/_servicedata b/_servicedata index e8a152e..83ac375 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ http://git.haproxy.org/git/haproxy-2.7.git - 3e4af0ed7e33df3afc0a54a84af7774a3849b5b6 + 1065b10007f4622f2af70fb114594a63af9c8c76 \ No newline at end of file diff --git a/haproxy-2.7.1+git0.3e4af0ed7.tar.gz b/haproxy-2.7.1+git0.3e4af0ed7.tar.gz deleted file mode 100644 index 9539737..0000000 --- a/haproxy-2.7.1+git0.3e4af0ed7.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c642232b6c8042a9d53e7a455c4d061573049d2986731cb828d561cd7b469cb1 -size 4249562 diff --git a/haproxy-2.7.3+git0.1065b1000.tar.gz b/haproxy-2.7.3+git0.1065b1000.tar.gz new file mode 100644 index 0000000..0ce373f --- /dev/null +++ b/haproxy-2.7.3+git0.1065b1000.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a38f3c3fb226814974ed582e3e917f4b67aebc07e4e65d4a81f86378e6aa6bf8 +size 4269024 diff --git a/haproxy.changes b/haproxy.changes index ad8b4d1..f9e56e5 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,182 @@ +------------------------------------------------------------------- +Tue Feb 14 16:32:41 UTC 2023 - mrueckert@suse.de + +- Update to version 2.7.3+git0.1065b1000: (boo#1208132 CVE-2023-25725) + * [RELEASE] Released version 2.7.3 + * BUG/CRITICAL: http: properly reject empty http header field names + * BUG/MINOR: quic: Wrong datagram dispatch because of qc_check_dcid() + * DOC: proxy-protocol: fix wrong byte in provided example + * BUG/MEDIUM: quic: Buffer overflow when looking through QUIC CLI keyword list + * BUG/MINOR: clock/stats: also use start_time not start_date in HTML info + * BUG/MINOR: mworker: fix uptime for master process + * BUG/MINOR: quic: fix type bug on "show quic" for 32-bits arch + * BUG/MINOR: quic: fix filtering of closing connections on "show quic" + * MINOR: quic: filter closing conn on "show quic" + * MINOR: quic: display Tx stream info on "show quic" + * MINOR: quic: display infos about various encryption level on "show quic" + * MINOR: quic: display socket info on "show quic" + * MINOR: quic: display CIDs and state in "show quic" + * MINOR: quic: implement a basic "show quic" CLI handler + * BUG/MEDIUM: quic: fix crash when "option nolinger" is set in the frontend + * BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first + * BUG/MINOR: server/add: ensure minconn/maxconn consistency when adding server + * MINOR: cfgparse/server: move (min/max)conn postparsing logic into dedicated function + * BUG/MINOR: h3: fix crash due to h3 traces + * DOC: config: 'http-send-name-header' option may be used in default section + * DOC: config: fix option spop-check proxy compatibility + * BUG/MEDIUM: cache: use the correct time reference when comparing dates + * BUG/MINOR: clock: do not mix wall-clock and monotonic time in uptime calculation + * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge + * BUG/MINOR: ssl/crt-list: warn when a line is malformated + * MINOR: quic: Update version_information transport parameter to draft-14 + * BUG/MEDIUM: quic: do not split STREAM frames if no space + * BUG/MINOR: quic: Unchecked source connection ID + * MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks + * BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session + * MINOR: quic: When probing Handshake packet number space, also probe the Initial one + * BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans() + * MINOR: quic: Add a trace about variable states in qc_prep_fast_retrans() + * BUG/MINOR: quic: Too big PTO during handshakes + * BUG/MINOR: quic: Possible stream truncations under heavy loss + * CLEANUP: quic: no need for atomics on packet refcnt + * MINOR: quic: add config for retransmit limit + * MEDIUM: quic: implement a retransmit limit per frame + * MINOR: quic: refactor frame deallocation + * MINOR: quic: define new functions for frame alloc + * MINOR: quic: ensure offset is properly set for STREAM frames + * MINOR: quic: remove fin from quic_stream frame type + * BUG/MINOR: stats: Prevent HTTP "other sessions" counter underflows + * MINOR: stats: add by HTTP version cumulated number of sessions and requests + * BUG/MINOR: stats: fix STAT_STARTED behavior with full htx + * BUG/MINOR: stats: fix show stats field ctx for servers + * BUG/MINOR: stats: fix ctx->field update in stats_dump_proxy_to_buffer() + * BUG/MEDIUM: stats: fix resolvers dump + * BUG/MINOR: stats: fix source buffer size for http dump + * BUG/MINOR: stats: use proper buffer size for http dump + * BUG/MINOR: h3: fix crash due to h3 traces + * BUG/MEDIUM: ssl: wrong eviction from the session cache tree + * MINOR: h3: add missing traces on closure + * BUG/MINOR: h3: reject RESET_STREAM received for control stream + * BUG/MEDIUM: h3: handle STOP_SENDING on control stream + * MINOR: mux-quic/h3: define stream close callback + * OPTIM: h3: skip buf realign if no trailer to encode + * BUG/MEDIUM: h3: do not crash if no buf space for trailers + * BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section + * MINOR: trace: add the long awaited TRACE_PRINTF() + * MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback + * MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active + * DEV: hpack: fix `trash` build regression + * BUG/MINOR: sink: free the forwarding task on exit + * BUG/MINOR: ring: release the backing store name on exit + * BUG/MINOR: log: release global log servers on exit + * BUG/MEDIUM: hpack: fix incorrect huffman decoding of some control chars + * BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission + * BUG/MINOR: h3: fix GOAWAY emission + * MINOR: mux-quic/h3: send SETTINGS as soon as transport is ready + * MINOR: connection: add a BUG_ON() to detect destroying connection in idle list + * DEV: haring: add a new option "-r" to automatically repair broken files + * BUG/MINOR: sink: make sure to always properly unmap a file-backed ring + * MEDIUM: quic-sock: fix udp source address for send on listener socket + * BUG/MINOR: quic: Do not request h3 clients to close its unidirection streams + * BUG/MINOR: jwt: Wrong return value checked + +------------------------------------------------------------------- +Tue Feb 14 16:32:26 UTC 2023 - mrueckert@suse.de + +- Update to version 2.7.2+git0.7e295dd2c: + * [RELEASE] Released version 2.7.2 + * BUILD: hpack: include global.h for the trash that is needed in debug mode + * BUG/MINOR: mux-h2: add missing traces on failed headers decoding + * BUG/MINOR: mux-h2: make sure to produce a log on invalid requests + * MINOR: h3: implement TRAILERS decoding + * MINOR: h3: implement TRAILERS encoding + * MINOR: h3: extend function for QUIC varint encoding + * BUG/MINOR: h3: properly handle connection headers + * BUG/MINOR: bwlim: Fix parameters check for set-bandwidth-limit actions + * BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions + * BUG/MEDIUM: debug/thread: make the debug handler not wait for !rdv_requests + * MINOR: threads: add a thread_harmless_end() version that doesn't wait + * BUG/MINOR: thread: always reload threads_enabled in loops + * BUG/MEDIUM: fd/threads: fix again incorrect thread selection in wakeup broadcast + * BUG/MINOR: listener: close tiny race between resume_listener() and stopping + * BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0) + * BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params) + * DOC: config: fix "Address formats" chapter syntax + * BUG/MINOR: mux-fcgi: Correctly set pathinfo + * MINOR: quic: Replace v2 draft definitions by those of the final 2 version + * MINOR: sample: Add "quic_enabled" sample fetch + * MINOR: quic: Add "no-quic" global option + * MINOR: quic: Disable the active connection migrations + * MINOR: quic: Useless test about datagram destination addresses + * BUG/MEDIUM: stconn: also consider SE_FL_EOI to switch to SE_FL_ERROR + * CLEANUP: stconn: always use se_fl_set_error() to set the pending error + * MINOR: listener: also support "quic+" as an address prefix + * DOC: config: mention the missing "quic4@" and "quic6@" in protocol prefixes + * DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" + * DOC: config: fix wrong section number for "protocol prefixes" + * BUG/MINOR: listeners: fix suspend/resume of inherited FDs + * BUG/MINOR: http-ana: make set-status also update txn->status + * BUG/MEDIUM: mux-h2: Don't send CANCEL on shutw when response length is unkown + * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state + * BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body + * BUG/MINOR: promex: Don't forget to consume the request on error + * BUG/MEDIUM: peers: make "show peers" more careful about partial initialization + * DEV: tcploop: add minimal support for unix sockets + * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action + * BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc + * BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses + * MINOR: mux-quic: use send-list for immediate sending retry + * MINOR: mux-quic: use send-list for STOP_SENDING/RESET_STREAM emission + * MEDIUM: h3: send SETTINGS before STREAM frames + * MAJOR: mux-quic: rework stream sending priorization + * MINOR: mux-quic: add traces for flow-control limit reach + * BUG/MINOR: mux-quic: fix transfer of empty HTTP response + * DOC: management: add details about @system-ca in "show ssl ca-file" + * DOC: management: add details on "Used" status + * DOC: config: added optional rst-ttl argument to silent-drop in action lists + * CLEANUP: htx: fix a typo in an error message of http_str_to_htx + * BUG/MINOR: http: Memory leak of http redirect rules' format string + * BUG/MINOR: fd: avoid bad tgid assertion in fd_delete() from deinit() + * REGTEST: fix the race conditions in hmac.vtc + * REGTEST: fix the race conditions in digest.vtc + * REGTEST: fix the race conditions in add_item.vtc + * REGTEST: fix the race conditions in json_query.vtc + * BUG/MINOR: proxy: free orgto_hdr_name in free_proxy() + * DOC: config: remove duplicated "http-response sc-set-gpt0" directive + * DOC: config: fix alphabetical ordering of http-after-response rules + * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned + * BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set + * MINOR: config: add environment variables for default log format + * CI: Reformat `matrix.py` using `black` + * CI: Explicitly check environment variable against `None` in matrix.py + * CI: Unify the `GITHUB_TOKEN` name across matrix.py and vtest.yml + * CI: Use proper `if` blocks instead of conditional expressions in matrix.py + * CI: Add in-memory cache for the latest OpenSSL/LibreSSL + * CI: Improve headline in matrix.py + * BUG/MINOR: stick-table: report the correct action name in error message + * MINOR: cfgparse-ssl: avoid a possible crash on OOM in ssl_bind_parse_npn() + * BUG/MINOR: debug: don't mask the TH_FL_STUCK flag before dumping threads + * BUILD: makefile: make sure to also ignore SSL_INC when using wolfssl + * BUILD: makefile: clean the wolfssl include and lib generation rules + * BUILD: makefile: sort the features list + * BUILD: makefile: build the features list dynamically + * CI: github: use the GITHUB_TOKEN instead of a manually generated token + * BUG/MINOR: mux-quic: ignore remote unidirectional stream close + * CI: github: enable github api authentication for OpenSSL tags read + * MINOR: h3: use stream error when needed instead of connection + * MEDIUM: mux-quic: implement STOP_SENDING emission + * MINOR: mux-quic: handle RESET_STREAM reception + * MINOR: mux-quic: do not count stream flow-control if already closed + * MEDIUM: mux-quic: implement shutw + * MINOR: httpclient: don't add body when istlen is empty + * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats + * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set + * BUG/MINOR: quic: do not allocate more rxbufs than necessary + * BUG/MEDIUM: quic: properly take shards into account on bind lines + * BUG/MEDIUM: mux-quic: fix double delete from qcc.opening_list + * REGTESTS: ssl: enable the ssl_reuse.vtc test for WolfSSL + * OPTIM: pool: split the read_mostly from read_write parts in pool_head + ------------------------------------------------------------------- Sun Dec 25 06:01:14 UTC 2022 - mrueckert@suse.de diff --git a/haproxy.spec b/haproxy.spec index 6e2e053..a6f3611 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -51,7 +51,7 @@ %endif Name: haproxy -Version: 2.7.1+git0.3e4af0ed7 +Version: 2.7.3+git0.1065b1000 Release: 0 # #