dgit.raspbian.org Git - haproxy.git/commit

haproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * REORG: http: move has_forbidden_char() from h2.c to http.h
  * BUG/MAJOR: h3: reject header values containing invalid chars
  * BUG/MAJOR: http: reject any empty content-length header value
    (CVE-2023-40225) (Closes: #1043502)
  * MINOR: ist: add new function ist_find_range() to find a character range
  * MINOR: http: add new function http_path_has_forbidden_char()
  * MINOR: h2: pass accept-invalid-http-request down the request parser
  * REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri
    tests
  * BUG/MINOR: h1: do not accept '#' as part of the URI component
    (CVE-2023-45539)
  * BUG/MINOR: h2: reject more chars from the :path pseudo header
  * BUG/MINOR: h3: reject more chars from the :path pseudo header
  * REGTESTS: http-rules: verify that we block '#' by default for
    normalize-uri
  * DOC: clarify the handling of URL fragments in requests

[dgit import unpatched haproxy 2.6.12-1+deb12u1]

author	Salvatore Bonaccorso <carnil@debian.org>
	Sat, 16 Dec 2023 16:41:30 +0000 (17:41 +0100)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Sat, 16 Dec 2023 16:41:30 +0000 (17:41 +0100)
commit	8d3df6ed163c043695e4e6bd415c806570bb847b
tree	09ef6df146509f94541c1afe9cbd78b7f75e81e7	tree \| snapshot
parent	9a72692e10d6e4f986f6353204b47ed6b7d89441	commit \| diff
parent	3ccd097a114db5e5453de06148616323da36c0af	commit \| diff

debian/NEWS	\|	\|	blob
debian/changelog	\|	\|	blob
debian/clean	\|	\|	blob
debian/control	\|	\|	blob
debian/copyright	\|	\|	blob
debian/dconv/LICENSE	\|	\|	blob
debian/dconv/NOTICE	\|	\|	blob
debian/dconv/README.md	\|	\|	blob
debian/dconv/css/check.png	\|	\|	blob
debian/dconv/css/cross.png	\|	\|	blob
debian/dconv/css/page.css	\|	\|	blob
debian/dconv/haproxy-dconv.py	\|	\|	blob
debian/dconv/img/logo-med.png	\|	\|	blob
debian/dconv/js/typeahead.bundle.js	\|	\|	blob
debian/dconv/parser/__init__.py	\|	\|	blob
debian/dconv/parser/arguments.py	\|	\|	blob
debian/dconv/parser/example.py	\|	\|	blob
debian/dconv/parser/keyword.py	\|	\|	blob
debian/dconv/parser/seealso.py	\|	\|	blob
debian/dconv/parser/table.py	\|	\|	blob
debian/dconv/parser/underline.py	\|	\|	blob
debian/dconv/templates/parser/arguments.tpl	\|	\|	blob
debian/dconv/templates/parser/example.tpl	\|	\|	blob
debian/dconv/templates/parser/example/comment.tpl	\|	\|	blob
debian/dconv/templates/parser/seealso.tpl	\|	\|	blob
debian/dconv/templates/parser/table.tpl	\|	\|	blob
debian/dconv/templates/parser/table/header.tpl	\|	\|	blob
debian/dconv/templates/parser/table/row.tpl	\|	\|	blob
debian/dconv/templates/parser/underline.tpl	\|	\|	blob
debian/dconv/templates/summary.html	\|	\|	blob
debian/dconv/templates/template.html	\|	\|	blob
debian/dconv/tools/generate-docs.sh	\|	\|	blob
debian/gbp.conf	\|	\|	blob
debian/halog.1	\|	\|	blob
debian/haproxy-doc.doc-base.haproxy	\|	\|	blob
debian/haproxy-doc.doc-base.haproxy-lua	\|	\|	blob
debian/haproxy-doc.docs	\|	\|	blob
debian/haproxy-doc.install	\|	\|	blob
debian/haproxy-doc.links	\|	\|	blob
debian/haproxy-doc.maintscript	\|	\|	blob
debian/haproxy.README.Debian	\|	\|	blob
debian/haproxy.cfg	\|	\|	blob
debian/haproxy.default	\|	\|	blob
debian/haproxy.dirs	\|	\|	blob
debian/haproxy.docs	\|	\|	blob
debian/haproxy.examples	\|	\|	blob
debian/haproxy.init	\|	\|	blob
debian/haproxy.install	\|	\|	blob
debian/haproxy.maintscript	\|	\|	blob
debian/haproxy.manpages	\|	\|	blob
debian/haproxy.postinst	\|	\|	blob
debian/haproxy.postrm	\|	\|	blob
debian/haproxy.tmpfile	\|	\|	blob
debian/haproxy.vim	\|	\|	blob
debian/logrotate.conf	\|	\|	blob
debian/patches/BUG-MAJOR-h3-reject-header-values-containing-invalid.patch	\|	\|	blob
debian/patches/BUG-MAJOR-http-reject-any-empty-content-length-heade.patch	\|	\|	blob
debian/patches/BUG-MINOR-h1-do-not-accept-as-part-of-the-URI-compon.patch	\|	\|	blob
debian/patches/BUG-MINOR-h2-reject-more-chars-from-the-path-pseudo-.patch	\|	\|	blob
debian/patches/BUG-MINOR-h3-reject-more-chars-from-the-path-pseudo-.patch	\|	\|	blob
debian/patches/DOC-clarify-the-handling-of-URL-fragments-in-request.patch	\|	\|	blob
debian/patches/MINOR-h2-pass-accept-invalid-http-request-down-the-r.patch	\|	\|	blob
debian/patches/MINOR-http-add-new-function-http_path_has_forbidden_.patch	\|	\|	blob
debian/patches/MINOR-ist-add-new-function-ist_find_range-to-find-a-.patch	\|	\|	blob
debian/patches/REGTESTS-http-rules-add-accept-invalid-http-request-.patch	\|	\|	blob
debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch	\|	\|	blob
debian/patches/REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch	\|	\|	blob
debian/patches/debianize-dconv.patch	\|	\|	blob
debian/patches/haproxy.service-add-documentation.patch	\|	\|	blob
debian/patches/haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch	\|	\|	blob
debian/patches/haproxy.service-start-after-syslog.patch	\|	\|	blob
debian/patches/reproducible.patch	\|	\|	blob
debian/patches/series	\|	\|	blob
debian/rsyslog.conf	\|	\|	blob
debian/rules	\|	\|	blob
debian/salsa-ci.yml	\|	\|	blob
debian/source/format	\|	\|	blob
debian/source/include-binaries	\|	\|	blob
debian/tests/cli	\|	\|	blob
debian/tests/control	\|	\|	blob
debian/tests/proxy-localhost	\|	\|	blob
debian/tests/proxy-ssl-pass-through	\|	\|	blob
debian/tests/proxy-ssl-termination	\|	\|	blob
debian/tests/utils	\|	\|	blob
debian/vim-haproxy.install	\|	\|	blob
debian/vim-haproxy.yaml	\|	\|	blob
debian/watch	\|	\|	blob