Ubuntu
haproxy package

Change logs for haproxy source package in Saucy

  1. Saucy (13.10)
  2. Change log 
  • haproxy (1.4.24-1) unstable; urgency=high


  [ Vincent Bernat ]
  * New upstream version.
     + CVE-2013-2175: fix a possible crash when using negative header
       occurrences.

  [ Prach Pongpanich ]
  * Drop bashism patch. It seems useless to maintain a patch to convert
    example scripts from /bin/bash to /bin/sh.
  * Fix reload/restart action of init script (LP: #1187469).

 -- Vincent Bernat <email address hidden>  Mon, 17 Jun 2013 21:56:26 +0200
  • haproxy (1.4.23-1) unstable; urgency=low


  [ Apollon Oikonomopoulos ]
  * New upstream version (Closes: #643650, #678953)
     + This fixes CVE-2012-2942 (Closes: #674447)
     + This fixes CVE-2013-1912 (Closes: #704611)
  * Ship vim addon as vim-haproxy (Closes: #702893)
  * Check for the configuration file after sourcing /etc/default/haproxy
    (Closes: #641762)
  * Use /dev/log for logging by default (Closes: #649085)

  [ Vincent Bernat ]
  * debian/control:
     + add Vcs-* fields
     + switch maintenance to Debian HAProxy team. (Closes: #706890)
     + drop dependency to quilt: 3.0 (quilt) format is in use.
  * debian/rules:
     + don't explicitly call dh_installchangelog.
     + use dh_installdirs to install directories.
     + use dh_install to install error and configuration files.
     + switch to `linux2628` Makefile target for Linux.
  * debian/postrm:
     + remove haproxy user and group on purge.
  * Ship a more minimal haproxy.cfg file: no `listen` blocks but `global`
    and `defaults` block with appropriate configuration to use chroot and
    logging in the expected way.

  [ Prach Pongpanich ]
  * debian/copyright:
     + add missing copyright holders
     + update years of copyright
  * debian/rules:
     + build with -Wl,--as-needed to get rid of unnecessary depends
  * Remove useless files in debian/haproxy.{docs,examples}
  * Update debian/watch file, thanks to Bart Martens

 -- Vincent Bernat <email address hidden>  Mon, 06 May 2013 20:02:14 +0200
  • haproxy (1.4.18-0ubuntu3) raring; urgency=low

  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via non-default global.tune.bufsize.
    - debian/patches/CVE-2012-2942.patch: check buffer sizes in
      include/types/global.h, src/acl.c, src/cfgparse.c, src/checks.c,
      src/dumpstats.c, src/haproxy.c, src/proto_http.c,
      tests/0000-debug-stats.diff.
    - CVE-2012-2942
  * SECURITY UPDATE: denial of service via HTTP information in tcp-request
    - debian/patches/CVE-2013-1912.patch: properly handle buffers in
      src/proto_http.c.
    - CVE-2013-1912
 -- Marc Deslauriers <email address hidden>   Fri, 05 Apr 2013 10:12:47 -0400