Change logs for haproxy source package in Jammy

haproxy (2.4.24-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2028418)
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value
        replacement
      + BUG/MAJOR: http: reject any empty content-length header value
    - For further information, refer to the upstream changelog at
      https://www.haproxy.org/download/2.4/src/CHANGELOG and to the upstream
      release announcements at
      https://<email address hidden>/msg43664.html
      (2.4.23), and
      https://<email address hidden>/msg43901.html (2.4.24)
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-40225-1.patch
      + CVE-2023-40225-2.patch

 -- Athos Ribeiro <email address hidden>  Tue, 31 Oct 2023 11:16:29 -0300

haproxy (2.4.22-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: info disclosure or end_rule issue via hash character
    - debian/patches/CVE-2023-45539.patch: do not accept '#' as part of the
      URI component in src/h1.c.
    - CVE-2023-45539

 -- Marc Deslauriers <email address hidden>  Mon, 04 Dec 2023 13:00:27 -0500

haproxy (2.4.22-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty content-length header
    - debian/patches/CVE-2023-40225-1.patch: add a proper check for empty
      content-length header buffer in src/h1.c and src/h2.c. Also add
      tests for it in reg-tests/http-messaging/h1_to_h1.vtc and
      reg-tests/http-messaging/h2_to_h1.vtc.
    - debian/patches/CVE-2023-40225-2.patch: add a check for leading zero
      in content-length header buffer in src/h1.c and src/h2.c. Also add
      tests in reg-tests/http-rules/h1or2_to_h1c.vtc.
    - CVE-2023-40225

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Mon, 14 Aug 2023 20:00:52 -0300

haproxy (2.4.22-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2012557).
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
      + BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
      + BUG/MAJOR: stick-tables: do not try to index a server name for applets
      + BUG/MAJOR: stick-table: don't process store-response rules for applets
      + BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
      + BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
      + BUG/CRITICAL: http: properly reject empty http header field names
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-0056.patch
      + CVE-2023-25725.patch
      + CVE-2023-0836.patch
    - Refresh existing patches in debian/patches:
      + haproxy.service-start-after-syslog.patch
      + reproducible.patch
  * Backport DEP-8 tests from Lunar:
    - d/t/proxy-ssl-termination
    - d/t/proxy-ssl-pass-through

 -- Lucas Kanashiro <email address hidden>  Wed, 22 Mar 2023 18:18:54 -0300

haproxy (2.4.18-0ubuntu1.3) jammy-security; urgency=medium

  * SECURITY UPDATE: information leak via uninitialized bytes
    - debian/patches/CVE-2023-0836.patch: initialize output buffer in
      src/fcgi.c.
    - CVE-2023-0836

 -- Marc Deslauriers <email address hidden>  Fri, 31 Mar 2023 13:18:03 -0400

haproxy (2.4.18-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty http header field names
    - debian/patches/CVE-2023-25725.patch: properly reject empty http
      header field names in src/h1.c, src/hpack-dec.c.
    - CVE-2023-25725

 -- Marc Deslauriers <email address hidden>  Mon, 13 Feb 2023 07:42:24 -0500

haproxy (2.4.18-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via certain interim responses
    - debian/patches/CVE-2023-0056.patch: refuse interim responses with
      end-stream flag set in src/mux_h2.c.
    - CVE-2023-0056

 -- Marc Deslauriers <email address hidden>  Thu, 19 Jan 2023 10:47:52 -0500

haproxy (2.4.18-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1987914). Major bug fixes according to the
    upstream changelog:
    - mux-pt: Always destroy the backend connection on detach
    - mux_pt: always report the connection error to the conn_stream
    - connection: Never remove connection from idle lists outside the lock
    - dns: multi-thread concurrency issue on UDP socket

 -- Lucas Kanashiro <email address hidden>  Thu, 25 Aug 2022 15:52:23 -0300

haproxy (2.4.14-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.
  * Dropped:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
      [Fixed upstream]

 -- Andreas Hasenack <email address hidden>  Mon, 28 Feb 2022 13:48:21 -0300

haproxy (2.4.13-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1961195). Remaining changes:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Andreas Hasenack <email address hidden>  Fri, 18 Feb 2022 15:27:14 -0300

haproxy (2.4.12-1ubuntu2) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

 -- Dave Jones <email address hidden>  Wed, 16 Feb 2022 17:01:23 +0000

haproxy (2.4.12-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1957099). Remaining changes:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Andreas Hasenack <email address hidden>  Tue, 11 Jan 2022 14:40:07 -0300

haproxy (2.4.11-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1946859). Remaining changes:
    - d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
      the build against OpenSSL3 (LP #1945773)
    - d/{control,rules}: Removing support for OpenTracing due to it is
      in universe.

 -- Andreas Hasenack <email address hidden>  Sat, 08 Jan 2022 18:58:44 -0300

haproxy (2.4.8-2ubuntu3) jammy; urgency=medium

  * d/{control,rules}: Remove support for OpenTracing because it is
    in universe.

 -- Miriam España Acebal <email address hidden>  Thu, 09 Dec 2021 11:57:06 +0100

haproxy (2.4.8-2ubuntu2) jammy; urgency=medium

  * No-change rebuild against libssl3

 -- Steve Langasek <email address hidden>  Wed, 08 Dec 2021 23:32:48 +0000

haproxy (2.4.8-2ubuntu1) jammy; urgency=medium

  [ Simon Chopin ]
  * d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix the build
    against OpenSSL3 (LP: #1945773)

 -- Lucas Kanashiro <email address hidden>  Fri, 19 Nov 2021 18:36:04 -0300

haproxy (2.4.8-2) unstable; urgency=medium

  * Non-maintainer upload.
  * Enable OpenTracing support.

 -- Stephen Gelman <email address hidden>  Tue, 09 Nov 2021 23:06:46 -0600

haproxy (2.4.8-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <email address hidden>  Thu, 04 Nov 2021 08:36:56 +0100

haproxy (2.2.9-2ubuntu2) impish; urgency=medium

  * SECURITY UPDATE: duplicate content-length header check bypass in HTX
    - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length
      check in htx_add_header/trailer in src/htx.c.
    - CVE-2021-40346

 -- Marc Deslauriers <email address hidden>  Wed, 08 Sep 2021 08:12:20 -0400