Ubuntu
haproxy package

Change log for haproxy package in Ubuntu

175 of 203 results FirstPreviousLast
Published in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
haproxy (2.8.5-1ubuntu3) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- William Grant <email address hidden>  Mon, 01 Apr 2024 16:52:53 +1100

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
haproxy (2.8.5-1ubuntu2) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden>  Mon, 04 Mar 2024 18:10:10 +0000

Available diffs

Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
haproxy (2.8.5-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2040383). Remaining changes:
    - d/{control,rules}: Remove support for OpenTracing due to it being
      in universe.
    - d/control: Upgrade lua build dependency to 5.4
    - d/rules: Change lua include location to /usr/include/lua5.4
  * New changes:
    - d/{control,rules}: do not link against jemalloc (universe).

 -- Athos Ribeiro <email address hidden>  Fri, 05 Jan 2024 11:05:29 -0300

Available diffs

Superseded in jammy-updates
Published in jammy-security 
haproxy (2.4.22-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: info disclosure or end_rule issue via hash character
    - debian/patches/CVE-2023-45539.patch: do not accept '#' as part of the
      URI component in src/h1.c.
    - CVE-2023-45539

 -- Marc Deslauriers <email address hidden>  Mon, 04 Dec 2023 13:00:27 -0500
Superseded in focal-updates
Published in focal-security 
haproxy (2.0.31-0ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: info disclosure or end_rule issue via hash character
    - debian/patches/CVE-2023-45539.patch: do not accept '#' as part of the
      URI component in src/h1.c.
    - CVE-2023-45539

 -- Marc Deslauriers <email address hidden>  Mon, 04 Dec 2023 13:02:34 -0500
Published in lunar-updates
Published in lunar-security 
haproxy (2.6.9-1ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: info disclosure or end_rule issue via hash character
    - debian/patches/CVE-2023-45539.patch: do not accept '#' as part of the
      URI component in src/h1.c.
    - CVE-2023-45539

 -- Marc Deslauriers <email address hidden>  Mon, 04 Dec 2023 12:57:44 -0500
Published in focal-updates
Deleted in focal-proposed (Reason: moved to -updates) 
haproxy (2.0.33-0ubuntu0.1) focal; urgency=medium

  * New upstream release (LP: #2028418)
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value
        replacement
      + BUG/MAJOR: http: reject any empty content-length header value
    - For further information, refer to the upstream changelog at
      https://www.haproxy.org/download/2.0/src/CHANGELOG and to the upstream
      release announcements at
      https://<email address hidden>/msg43668.html
      (2.0.32), and
      https://<email address hidden>/msg43904.html (2.0.33)
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-40225-1.patch
      + CVE-2023-40225-2.patch

 -- Athos Ribeiro <email address hidden>  Tue, 31 Oct 2023 16:00:44 -0300
Published in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
haproxy (2.4.24-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2028418)
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value
        replacement
      + BUG/MAJOR: http: reject any empty content-length header value
    - For further information, refer to the upstream changelog at
      https://www.haproxy.org/download/2.4/src/CHANGELOG and to the upstream
      release announcements at
      https://<email address hidden>/msg43664.html
      (2.4.23), and
      https://<email address hidden>/msg43901.html (2.4.24)
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-40225-1.patch
      + CVE-2023-40225-2.patch

 -- Athos Ribeiro <email address hidden>  Tue, 31 Oct 2023 11:16:29 -0300
Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
haproxy (2.6.15-1ubuntu2) mantic; urgency=medium

  * d/control: Upgrade lua build dependency to 5.4
  * d/rules: Change lua include location to /usr/include/lua5.4

 -- Lena Voytek <email address hidden>  Thu, 17 Aug 2023 09:53:22 -0700
Superseded in focal-updates
Superseded in focal-security 
haproxy (2.0.31-0ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty content-length header
    - debian/patches/CVE-2023-40225-1.patch: add a proper check for empty
      content-length header buffer in src/h1.c and src/h2.c. Also add
      tests for it in reg-tests/http-messaging/h1_to_h1.vtc and
      reg-tests/http-messaging/h2_to_h1.vtc.
    - debian/patches/CVE-2023-40225-2.patch: add a check for leading zero
      in content-length header buffer in src/h1.c and src/h2.c. Also add
      tests in reg-tests/http-rules/h1or2_to_h1c.vtc.
    - CVE-2023-40225

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Wed, 16 Aug 2023 18:14:42 -0300
Superseded in mantic-proposed 
haproxy (2.6.15-1ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/{control,rules}: Remove support for OpenTracing due to it being
      in universe.
Superseded in lunar-updates
Superseded in lunar-security 
haproxy (2.6.9-1ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty content-length header
    - debian/patches/CVE-2023-40225-1.patch: add a proper check for empty
      content-length header buffer in src/h1.c and src/http.c. Also add
      tests for it in reg-tests/http-messaging/h1_to_h1.vtc and
      reg-tests/http-messaging/h2_to_h1.vtc.
    - debian/patches/CVE-2023-40225-2.patch: add a check for leading zero
      in content-length header buffer in src/h1.c and src/http.c. Also add
      tests in reg-tests/http-rules/h1or2_to_h1c.vtc.
    - CVE-2023-40225

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Tue, 15 Aug 2023 12:16:02 -0300
Superseded in jammy-updates
Superseded in jammy-security 
haproxy (2.4.22-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty content-length header
    - debian/patches/CVE-2023-40225-1.patch: add a proper check for empty
      content-length header buffer in src/h1.c and src/h2.c. Also add
      tests for it in reg-tests/http-messaging/h1_to_h1.vtc and
      reg-tests/http-messaging/h2_to_h1.vtc.
    - debian/patches/CVE-2023-40225-2.patch: add a check for leading zero
      in content-length header buffer in src/h1.c and src/h2.c. Also add
      tests in reg-tests/http-rules/h1or2_to_h1c.vtc.
    - CVE-2023-40225

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Mon, 14 Aug 2023 20:00:52 -0300
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
haproxy (2.6.14-1ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable (LP: #2018073). Remaining changes:
    - d/{control,rules}: Remove support for OpenTracing due to it being
      in universe.

 -- Athos Ribeiro <email address hidden>  Fri, 16 Jun 2023 11:08:54 -0300
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
haproxy (2.6.13-1ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/{control,rules}: Remove support for OpenTracing due to it being
      in universe.

Available diffs

Obsolete in kinetic-updates
Deleted in kinetic-proposed (Reason: moved to -updates) 
haproxy (2.4.22-0ubuntu0.22.10.1) kinetic; urgency=medium

  * New upstream release (LP: #2012557).
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
      + BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
      + BUG/MAJOR: stick-tables: do not try to index a server name for applets
      + BUG/MAJOR: stick-table: don't process store-response rules for applets
      + BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
      + BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
      + BUG/CRITICAL: http: properly reject empty http header field names
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-0056.patch
      + CVE-2023-25725.patch
      + CVE-2023-0836.patch
    - Refresh existing patches in debian/patches:
      + reproducible.patch

 -- Lucas Kanashiro <email address hidden>  Wed, 22 Mar 2023 18:39:05 -0300
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
haproxy (2.4.22-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2012557).
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
      + BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
      + BUG/MAJOR: stick-tables: do not try to index a server name for applets
      + BUG/MAJOR: stick-table: don't process store-response rules for applets
      + BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
      + BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
      + BUG/CRITICAL: http: properly reject empty http header field names
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-0056.patch
      + CVE-2023-25725.patch
      + CVE-2023-0836.patch
    - Refresh existing patches in debian/patches:
      + haproxy.service-start-after-syslog.patch
      + reproducible.patch
  * Backport DEP-8 tests from Lunar:
    - d/t/proxy-ssl-termination
    - d/t/proxy-ssl-pass-through

 -- Lucas Kanashiro <email address hidden>  Wed, 22 Mar 2023 18:18:54 -0300
Superseded in focal-updates
Deleted in focal-proposed (Reason: moved to -updates) 
haproxy (2.0.31-0ubuntu0.1) focal; urgency=medium

  * New upstream release (LP: #2012557).
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: stick-tables: do not try to index a server name for applets
      + BUG/MAJOR: stick-table: don't process store-response rules for applets
      + BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is
        realigned
      + BUG/CRITICAL: http: properly reject empty http header field names
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-0056.patch
      + CVE-2023-25725.patch
    - Refresh existing patches in debian/patches:
      + 0002-Use-dpkg-buildflags-to-build-halog.patch
  * Backport DEP-8 tests from Lunar:
    - d/t/proxy-ssl-termination
    - d/t/proxy-ssl-pass-through

 -- Lucas Kanashiro <email address hidden>  Wed, 22 Mar 2023 17:39:46 -0300
Superseded in kinetic-updates
Obsolete in kinetic-security 
haproxy (2.4.18-1ubuntu1.3) kinetic-security; urgency=medium

  * SECURITY UPDATE: information leak via uninitialized bytes
    - debian/patches/CVE-2023-0836.patch: initialize output buffer in
      src/fcgi.c.
    - CVE-2023-0836

 -- Marc Deslauriers <email address hidden>  Fri, 31 Mar 2023 13:16:27 -0400
Superseded in jammy-updates
Superseded in jammy-security 
haproxy (2.4.18-0ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: information leak via uninitialized bytes
    - debian/patches/CVE-2023-0836.patch: initialize output buffer in
      src/fcgi.c.
    - CVE-2023-0836

 -- Marc Deslauriers <email address hidden>  Fri, 31 Mar 2023 13:18:03 -0400
Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
haproxy (2.6.9-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/{control,rules}: Remove support for OpenTracing due to it is
      in universe.
  * Dropped changes:
    - debian/patches/CVE-2023-0056.patch: removed, included in new version.

Available diffs

Published in bionic-updates
Published in bionic-security 
haproxy (1.8.8-1ubuntu0.13) bionic-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty http header field names
    - debian/patches/CVE-2023-25725.patch: properly reject empty http
      header field names in src/h1.c, src/hpack-dec.c,
      include/common/hpack-tbl.h.
    - CVE-2023-25725

 -- Marc Deslauriers <email address hidden>  Mon, 13 Feb 2023 07:59:11 -0500
Superseded in focal-updates
Superseded in focal-security 
haproxy (2.0.29-0ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty http header field names
    - debian/patches/CVE-2023-25725.patch: properly reject empty http
      header field names in src/h1.c, src/hpack-dec.c, src/http_msg.c.
    - CVE-2023-25725

 -- Marc Deslauriers <email address hidden>  Mon, 13 Feb 2023 07:42:58 -0500
Superseded in jammy-updates
Superseded in jammy-security 
haproxy (2.4.18-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty http header field names
    - debian/patches/CVE-2023-25725.patch: properly reject empty http
      header field names in src/h1.c, src/hpack-dec.c.
    - CVE-2023-25725

 -- Marc Deslauriers <email address hidden>  Mon, 13 Feb 2023 07:42:24 -0500
Superseded in kinetic-updates
Superseded in kinetic-security 
haproxy (2.4.18-1ubuntu1.2) kinetic-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty http header field names
    - debian/patches/CVE-2023-25725.patch: properly reject empty http
      header field names in src/h1.c, src/hpack-dec.c.
    - CVE-2023-25725

 -- Marc Deslauriers <email address hidden>  Mon, 13 Feb 2023 07:40:42 -0500
Superseded in jammy-updates
Superseded in jammy-security 
haproxy (2.4.18-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via certain interim responses
    - debian/patches/CVE-2023-0056.patch: refuse interim responses with
      end-stream flag set in src/mux_h2.c.
    - CVE-2023-0056

 -- Marc Deslauriers <email address hidden>  Thu, 19 Jan 2023 10:47:52 -0500
Superseded in kinetic-updates
Superseded in kinetic-security 
haproxy (2.4.18-1ubuntu1.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: DoS via certain interim responses
    - debian/patches/CVE-2023-0056.patch: refuse interim responses with
      end-stream flag set in src/mux_h2.c.
    - CVE-2023-0056

 -- Marc Deslauriers <email address hidden>  Thu, 19 Jan 2023 10:47:25 -0500
Superseded in focal-updates
Superseded in focal-security 
haproxy (2.0.29-0ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via certain interim responses
    - debian/patches/CVE-2023-0056.patch: refuse interim responses with
      end-stream flag set in src/mux_h2.c.
    - CVE-2023-0056

 -- Marc Deslauriers <email address hidden>  Thu, 19 Jan 2023 10:50:52 -0500
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
haproxy (2.6.7-1ubuntu2) lunar; urgency=medium

  * SECURITY UPDATE: DoS via certain interim responses
    - debian/patches/CVE-2023-0056.patch: refuse interim responses with
      end-stream flag set in src/mux_h2.c.
    - CVE-2023-0056

 -- Marc Deslauriers <email address hidden>  Thu, 19 Jan 2023 10:33:43 -0500

Available diffs

Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
haproxy (2.6.7-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1993402). Remaining changes:
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Lucas Kanashiro <email address hidden>  Wed, 14 Dec 2022 11:49:52 -0300
Superseded in focal-updates
Deleted in focal-proposed (Reason: moved to -updates) 
haproxy (2.0.29-0ubuntu1) focal; urgency=medium

  * New upstream release (LP: #1987914).
    - Major and critical bug fixes according to the upstream changelog:
      + http-ana: Always abort the request when a tarpit is triggered
      + list: fix invalid element address calculation
      + proxy_protocol: Properly validate TLV lengths
      + hpack: never index a header into the headroom after wrapping
      + stream-int: always detach a faulty endpoint on connect failure
      + stream: Mark the server address as unset on new outgoing connection
      + dns: Make the do-resolve action thread-safe
      + contrib/spoa-server: Fix unhandled python call leading to memory leak
      + mux-h2: Don't try to send data if we know it is no longer possible
      + spoe: Be sure to remove all references on a released spoe applet
      + filters: Always keep all offsets up to date during data filtering
      + peers: fix partial message decoding
      + spoa/python: Fixing return None
      + dns: fix null pointer dereference in snr_update_srv_status
      + dns: disabled servers through SRV records never recover
      + mux-h2: Properly detect too large frames when decoding headers
      + server: prevent deadlock when using 'set maxconn server'
      + htx: Fix htx_defrag() when an HTX block is expanded
      + queue: set SF_ASSIGNED when setting strm->target on dequeue
      + server: fix deadlock when changing maxconn via agent-check
      + h2: enforce stricter syntax checks on the :method pseudo-header
      + htx: fix missing header name length check in htx_add_header/trailer
      + lua: use task_wakeup() to properly run a task once
      + http/htx: prevent unbounded loop in http_manage_server_side_cookies
      + spoe: properly detach all agents when releasing the applet
      + mux-h2: Be sure to always report HTX parsing error to the app layer
      + sched: prevent rare concurrent wakeup of multi-threaded tasks
      + mux-pt: Always destroy the backend connection on detach
      + dns: multi-thread concurrency issue on UDP socket
      + mux_pt: always report the connection error to the conn_stream
    - Refresh haproxy.service-*.patch.
    - Remove patches applied by upstream in debian/patches:
      + 0001-2.0-2.3-BUG-MAJOR-htx-fix-missing-header-name-length-check-i.patch
      + 0001-BUG-CRITICAL-hpack-never-index-a-header-into-the-hea.patch
      + 2.0-0001-BUG-MAJOR-h2-enforce-checks-on-the-method-syntax-bef.patch
      + CVE-2022-0711.patch
      + lp1894879-BUG-MEDIUM-dns-*.patch

 -- Lucas Kanashiro <email address hidden>  Fri, 26 Aug 2022 17:07:24 -0300
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
haproxy (2.4.18-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1987914). Major bug fixes according to the
    upstream changelog:
    - mux-pt: Always destroy the backend connection on detach
    - mux_pt: always report the connection error to the conn_stream
    - connection: Never remove connection from idle lists outside the lock
    - dns: multi-thread concurrency issue on UDP socket

 -- Lucas Kanashiro <email address hidden>  Thu, 25 Aug 2022 15:52:23 -0300
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
haproxy (2.4.18-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.
  * Dropped (in 2.4.18-1):
    - d/t/utils: add helper functions to be re-used in tests.
    - d/t/proxy-localhost: refactor to use the check_index_file helper function.
    - d/t/proxy-ssl-termination: add test for the SSL termination proxy feature.
    - d/t/proxy-ssl-pass-through: add test for the SSL Pass-Through proxy feature.
    - d/t/control: add both SSL related tests.

 -- Andreas Hasenack <email address hidden>  Mon, 15 Aug 2022 09:46:33 -0300
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
haproxy (2.4.17-1ubuntu2) kinetic; urgency=medium

  * d/t/utils: add helper functions to be re-used in tests.
  * d/t/proxy-localhost: refactor to use the check_index_file helper function.
  * d/t/proxy-ssl-termination: add test for the SSL termination proxy feature.
  * d/t/proxy-ssl-pass-through: add test for the SSL Pass-Through proxy feature.
  * d/t/control: add both SSL related tests.

 -- Lucas Kanashiro <email address hidden>  Wed, 15 Jun 2022 17:34:52 -0300
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
haproxy (2.4.17-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1971279). Remaining changes:
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Andreas Hasenack <email address hidden>  Mon, 16 May 2022 10:41:37 -0300
Superseded in focal-updates
Superseded in focal-security 
haproxy (2.0.13-2ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop via Set-Cookie2 header
    - debian/patches/CVE-2022-0711.patch: prevent unbounded loop in
      src/http_ana.c.
    - CVE-2022-0711
  * debian/rules: link against libatomic on riscv64.

 -- Marc Deslauriers <email address hidden>  Wed, 02 Mar 2022 07:56:19 -0500
Obsolete in impish-updates
Obsolete in impish-security 
haproxy (2.2.9-2ubuntu2.1) impish-security; urgency=medium

  * SECURITY UPDATE: infinite loop via Set-Cookie2 header
    - debian/patches/CVE-2022-0711.patch: prevent unbounded loop in
      src/http_ana.c.
    - CVE-2022-0711

 -- Marc Deslauriers <email address hidden>  Wed, 02 Mar 2022 07:53:41 -0500
Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
haproxy (2.4.14-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.
  * Dropped:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
      [Fixed upstream]

 -- Andreas Hasenack <email address hidden>  Mon, 28 Feb 2022 13:48:21 -0300
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
haproxy (2.4.13-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1961195). Remaining changes:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Andreas Hasenack <email address hidden>  Fri, 18 Feb 2022 15:27:14 -0300
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
haproxy (2.4.12-1ubuntu2) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

 -- Dave Jones <email address hidden>  Wed, 16 Feb 2022 17:01:23 +0000

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
haproxy (2.4.12-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1957099). Remaining changes:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Andreas Hasenack <email address hidden>  Tue, 11 Jan 2022 14:40:07 -0300
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
haproxy (2.4.11-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946859). Remaining changes:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Andreas Hasenack <email address hidden>  Sat, 08 Jan 2022 18:58:44 -0300

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
haproxy (2.4.8-2ubuntu3) jammy; urgency=medium

  * d/{control,rules}: Remove support for OpenTracing because it is
    in universe.

 -- Miriam EspaƱa Acebal <email address hidden>  Thu, 09 Dec 2021 11:57:06 +0100
Superseded in jammy-proposed 
haproxy (2.4.8-2ubuntu2) jammy; urgency=medium

  * No-change rebuild against libssl3

 -- Steve Langasek <email address hidden>  Wed, 08 Dec 2021 23:32:48 +0000

Available diffs

Superseded in jammy-proposed 
haproxy (2.4.8-2ubuntu1) jammy; urgency=medium

  [ Simon Chopin ]
  * d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix the build
    against OpenSSL3 (LP: #1945773)

 -- Lucas Kanashiro <email address hidden>  Fri, 19 Nov 2021 18:36:04 -0300
Superseded in jammy-proposed 
haproxy (2.4.8-2) unstable; urgency=medium

  * Non-maintainer upload.
  * Enable OpenTracing support.

 -- Stephen Gelman <email address hidden>  Tue, 09 Nov 2021 23:06:46 -0600

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
haproxy (2.4.8-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <email address hidden>  Thu, 04 Nov 2021 08:36:56 +0100
Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
haproxy (2.2.9-2ubuntu2) impish; urgency=medium

  * SECURITY UPDATE: duplicate content-length header check bypass in HTX
    - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length
      check in htx_add_header/trailer in src/htx.c.
    - CVE-2021-40346

 -- Marc Deslauriers <email address hidden>  Wed, 08 Sep 2021 08:12:20 -0400

Available diffs

Superseded in focal-updates
Superseded in focal-security 
haproxy (2.0.13-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: duplicate content-length header check bypass in HTX
    - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length
      check in htx_add_header/trailer in src/htx.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden>  Fri, 27 Aug 2021 07:48:39 -0400
Obsolete in hirsute-updates
Obsolete in hirsute-security 
haproxy (2.2.9-1ubuntu0.2) hirsute-security; urgency=medium

  * SECURITY UPDATE: duplicate content-length header check bypass in HTX
    - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length
      check in htx_add_header/trailer in src/htx.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden>  Fri, 27 Aug 2021 07:32:02 -0400
Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
haproxy (2.2.9-2ubuntu1) impish; urgency=medium

  * SECURITY UPDATE: Multiple issues in HTTP/2 implementation
    - d/p/2.2-0001*.patch: add a new function http_validate_scheme() to
      validate a scheme.
    - d/p/2.2-0002*.patch: verify early that non-http/https schemes match
      the valid syntax.
    - d/p/2.2-0003*.patch: verify that :path starts with a / before
      concatenating it.
    - d/p/2.2-0004*.patch: enforce checks on the method syntax before
      translating to HTX.
    - d/p/2.2-0005*.patch: give :authority precedence over Host.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Mon, 16 Aug 2021 07:37:53 -0400
Superseded in hirsute-updates
Superseded in hirsute-security 
haproxy (2.2.9-1ubuntu0.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: Multiple issues in HTTP/2 implementation
    - d/p/2.2-0001*.patch: add a new function http_validate_scheme() to
      validate a scheme.
    - d/p/2.2-0002*.patch: verify early that non-http/https schemes match
      the valid syntax.
    - d/p/2.2-0003*.patch: verify that :path starts with a / before
      concatenating it.
    - d/p/2.2-0004*.patch: enforce checks on the method syntax before
      translating to HTX.
    - d/p/2.2-0005*.patch: give :authority precedence over Host.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Mon, 16 Aug 2021 07:37:53 -0400
Superseded in focal-updates
Superseded in focal-security 
haproxy (2.0.13-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Security issue in HTTP/2 implementation
    - d/p/2.0-0001*.patch: enforce checks on the method syntax before
      translating to HTX.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Mon, 16 Aug 2021 07:42:00 -0400
Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
haproxy (2.2.9-2) unstable; urgency=medium

  * d/patches: fix agent-check regression putting down servers.
    Closes: #988779.

 -- Vincent Bernat <email address hidden>  Thu, 27 May 2021 15:00:01 +0200
Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
haproxy (2.2.9-1build1) hirsute; urgency=medium

  * No change rebuild with fixed ownership.

 -- Dimitri John Ledkov <email address hidden>  Tue, 16 Feb 2021 15:15:35 +0000
Superseded in hirsute-proposed 
haproxy (2.2.9-1) unstable; urgency=medium

  * New upstream release.
    - BUG/MAJOR: connection: reset conn->owner when detaching from session
                 list

 -- Vincent Bernat <email address hidden>  Sat, 06 Feb 2021 18:52:20 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
haproxy (2.2.8-1) unstable; urgency=medium

  * New upstream release.
    - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records"

 -- Vincent Bernat <email address hidden>  Thu, 14 Jan 2021 11:48:52 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
haproxy (2.2.7-1) unstable; urgency=medium

  * New upstream release.
    - BUG/MAJOR: ring: tcp forward on ring can break the reader counter.
    - BUG/MAJOR: spoa/python: Fixing return None

 -- Vincent Bernat <email address hidden>  Sat, 09 Jan 2021 15:31:08 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
haproxy (2.2.6-2) unstable; urgency=medium

  * d/tests: sleep before test to let Apache2 start.
    Closes: #976997.

 -- Vincent Bernat <email address hidden>  Thu, 07 Jan 2021 07:56:14 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
haproxy (2.2.6-1) unstable; urgency=medium

  * New upstream release.
    - BUG/MAJOR: filters: Always keep all offsets up to date during data
                 filtering
    - BUG/MAJOR: peers: fix partial message decoding
    - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe
                 applet
    - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer
                 pool
  * d/patches: remove patches applied upstream

 -- Vincent Bernat <email address hidden>  Mon, 30 Nov 2020 20:02:49 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
haproxy (2.2.5-2) unstable; urgency=medium

  * Upload to unstable.

 -- Vincent Bernat <email address hidden>  Wed, 11 Nov 2020 16:21:12 +0100

Available diffs

Superseded in focal-updates
Deleted in focal-proposed (Reason: moved to -updates) 
haproxy (2.0.13-2ubuntu0.1) focal; urgency=medium

  * Backport dns related fixes from git to resolve crashes when
    using do-resolve action (LP: #1894879)
    - BUG/CRITICAL: dns: Make the do-resolve action thread safe
    - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
    - BUG/MEDIUM: dns: Don't yield in do resolve action on a final

 -- Simon Deziel <email address hidden>  Tue, 08 Sep 2020 17:16:14 +0000
Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
haproxy (2.2.3-2) experimental; urgency=medium

  * d/patches: add upstream patch to fix build on ARM32

 -- Vincent Bernat <email address hidden>  Wed, 09 Sep 2020 19:38:52 +0200

Available diffs

Superseded in groovy-proposed 
haproxy (2.2.3-1) experimental; urgency=medium

  * New upstream version.
    - BUG/MAJOR: dns: disabled servers through SRV records never recover

 -- Vincent Bernat <email address hidden>  Tue, 08 Sep 2020 23:12:05 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
haproxy (2.0.17-1) unstable; urgency=medium

  * New upstream release.
    - BUG/MAJOR: dns: Make the do-resolve action thread-safe

 -- Vincent Bernat <email address hidden>  Sat, 01 Aug 2020 20:05:01 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
haproxy (2.2.2-1) experimental; urgency=medium

  * New upstream version.
    - BUG/MAJOR: dns: don't treat Authority records as an error
    - BUG/MAJOR: dns: fix null pointer dereference in
                 snr_update_srv_status

 -- Vincent Bernat <email address hidden>  Sat, 01 Aug 2020 17:06:42 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
haproxy (2.0.16-1) unstable; urgency=medium

  * New upstream release.
    - BUG/MAJOR: stream: Mark the server address as unset on new outgoing
                 connection
  * d/patches: refresh patches.

 -- Vincent Bernat <email address hidden>  Sat, 18 Jul 2020 13:50:56 +0200

Available diffs

Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates) 
haproxy (1.8.8-1ubuntu0.11) bionic; urgency=medium

  * Avoid crashes on idle connections between http requests (LP: #1884149)

 -- Christian Ehrhardt <email address hidden>  Mon, 22 Jun 2020 10:41:43 +0200
Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
haproxy (2.0.15-1) unstable; urgency=medium

  * New upstream release.
    - BUG/MAJOR: stream-int: always detach a faulty endpoint on connect
                 failure

 -- Vincent Bernat <email address hidden>  Sat, 13 Jun 2020 18:48:25 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
haproxy (2.0.14-1) unstable; urgency=medium

  * New upstream release.
    - BUG/CRITICAL: hpack: never index a header into the headroom after
                    wrapping
    - BUG/MAJOR: http-ana: Always abort the request when a tarpit is
                 triggered
    - BUG/MAJOR: list: fix invalid element address calculation
    - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
  * d/control: fix maintainer address. Closes: #955553.

 -- Vincent Bernat <email address hidden>  Thu, 16 Apr 2020 18:34:22 +0200

Available diffs

Obsolete in eoan-updates
Obsolete in eoan-security 
haproxy (2.0.5-1ubuntu0.4) eoan-security; urgency=medium

  * SECURITY UPDATE: Arbitrary memory write
    - debian/patches/CVE-2020-11100.patch: make sure the headroom is
      considered only when the buffer does not wrap in src/hpack-tbl.c.
    - CVE-2020-11100

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 03 Apr 2020 16:36:11 -0300
Superseded in bionic-updates
Superseded in bionic-security 
haproxy (1.8.8-1ubuntu0.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary memory write
    - debian/patches/CVE-2020-11100.patch: make sure the headroom is
      considered only when the buffer does not wrap in src/hpack-tbl.c.
    - CVE-2020-11100

 -- <email address hidden> (Leonidas S. Barbosa)  Fri, 03 Apr 2020 16:33:07 -0300
Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
haproxy (2.0.13-2) unstable; urgency=medium

  * d/dconv: replace cgi.escape by html.escape. Closes: #951416.
  * d/copryight: document OpenSSL exception. Closes: #951782.
  * d/haproxy.cfg: use "ssl-min-ver" to set minimum version.
  * Apply one patch to fix an overflow in HTTP/2 header handling.
    Fix CVE-2020-11100.

 -- Vincent Bernat <email address hidden>  Wed, 01 Apr 2020 21:49:32 +0200
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
haproxy (2.0.13-1ubuntu2) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add Ubuntu version to block automatic sync from Debian, as we want
      to stay in the 2.0.x LTS series for Focal (LP #1854988)
    - convert cgi.escape into html.escape to fix a python3.8 failure

 -- Gianfranco Costamagna <email address hidden>  Sun, 16 Feb 2020 10:34:53 +0100
Superseded in focal-proposed 
haproxy (2.0.13-1ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add Ubuntu version to block automatic sync from Debian, as we want
      to stay in the 2.0.x LTS series for Focal (LP #1854988)
175 of 203 results FirstPreviousLast