-
haproxy (2.4.22-0ubuntu0.22.10.1) kinetic; urgency=medium
* New upstream release (LP: #2012557).
- Major and critical bug fixes according to the upstream changelog:
+ BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
+ BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
+ BUG/MAJOR: stick-tables: do not try to index a server name for applets
+ BUG/MAJOR: stick-table: don't process store-response rules for applets
+ BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
+ BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
+ BUG/CRITICAL: http: properly reject empty http header field names
- Remove patches applied by upstream in debian/patches:
+ CVE-2023-0056.patch
+ CVE-2023-25725.patch
+ CVE-2023-0836.patch
- Refresh existing patches in debian/patches:
+ reproducible.patch
-- Lucas Kanashiro <email address hidden> Wed, 22 Mar 2023 18:39:05 -0300
-
haproxy (2.4.18-1ubuntu1.3) kinetic-security; urgency=medium
* SECURITY UPDATE: information leak via uninitialized bytes
- debian/patches/CVE-2023-0836.patch: initialize output buffer in
src/fcgi.c.
- CVE-2023-0836
-- Marc Deslauriers <email address hidden> Fri, 31 Mar 2023 13:16:27 -0400
-
haproxy (2.4.18-1ubuntu1.2) kinetic-security; urgency=medium
* SECURITY UPDATE: incorrect handling of empty http header field names
- debian/patches/CVE-2023-25725.patch: properly reject empty http
header field names in src/h1.c, src/hpack-dec.c.
- CVE-2023-25725
-- Marc Deslauriers <email address hidden> Mon, 13 Feb 2023 07:40:42 -0500
-
haproxy (2.4.18-1ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: DoS via certain interim responses
- debian/patches/CVE-2023-0056.patch: refuse interim responses with
end-stream flag set in src/mux_h2.c.
- CVE-2023-0056
-- Marc Deslauriers <email address hidden> Thu, 19 Jan 2023 10:47:25 -0500
-
haproxy (2.4.18-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/{control,rules}: Removing support for OpenTracing due to it is
in universe.
* Dropped (in 2.4.18-1):
- d/t/utils: add helper functions to be re-used in tests.
- d/t/proxy-localhost: refactor to use the check_index_file helper function.
- d/t/proxy-ssl-termination: add test for the SSL termination proxy feature.
- d/t/proxy-ssl-pass-through: add test for the SSL Pass-Through proxy feature.
- d/t/control: add both SSL related tests.
-- Andreas Hasenack <email address hidden> Mon, 15 Aug 2022 09:46:33 -0300
-
haproxy (2.4.17-1ubuntu2) kinetic; urgency=medium
* d/t/utils: add helper functions to be re-used in tests.
* d/t/proxy-localhost: refactor to use the check_index_file helper function.
* d/t/proxy-ssl-termination: add test for the SSL termination proxy feature.
* d/t/proxy-ssl-pass-through: add test for the SSL Pass-Through proxy feature.
* d/t/control: add both SSL related tests.
-- Lucas Kanashiro <email address hidden> Wed, 15 Jun 2022 17:34:52 -0300
-
haproxy (2.4.17-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1971279). Remaining changes:
- d/{control,rules}: Removing support for OpenTracing due to it is
in universe.
-- Andreas Hasenack <email address hidden> Mon, 16 May 2022 10:41:37 -0300
-
haproxy (2.4.14-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/{control,rules}: Removing support for OpenTracing due to it is
in universe.
* Dropped:
- d/p/fix-ftbfs-openssl3.patch: Cherry-picked from upstream to fix
the build against OpenSSL3 (LP #1945773)
[Fixed upstream]
-- Andreas Hasenack <email address hidden> Mon, 28 Feb 2022 13:48:21 -0300