projects / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 5e5d7c5 24c47f9)
haproxy (2.2.9-2+deb11u6) bullseye-security; urgency=high
authorSalvatore Bonaccorso <carnil@debian.org>
Sat, 23 Dec 2023 10:02:19 +0000 (11:02 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Sat, 23 Dec 2023 10:02:19 +0000 (11:02 +0100)
commitf10e9cf0119c05ed7957bf54f55ae3435a5d477a
tree991b91f9ec34ac152d432864fd05df18455c880dtree | snapshot
parent5e5d7c518e4f324f489823c644f6f39976669750commit | diff
parent24c47f9682028f3439595232ac68f399dea8413acommit | diff
haproxy (2.2.9-2+deb11u6) bullseye-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * BUG/MAJOR: http: reject any empty content-length header value
    (CVE-2023-40225) (Closes: #1043502)
  * MINOR: ist: add new function ist_find_range() to find a character range
  * MINOR: ist: Add istend() function to return a pointer to the end of the
    string
  * MINOR: http: add new function http_path_has_forbidden_char()
  * MINOR: h2: pass accept-invalid-http-request down the request parser
  * BUG/MINOR: h1: do not accept '#' as part of the URI component
    (CVE-2023-45539)
  * BUG/MINOR: h2: reject more chars from the :path pseudo header
  * REGTESTS: http-rules: verify that we block '#' by default for
    normalize-uri
  * DOC: clarify the handling of URL fragments in requests

[dgit import unpatched haproxy 2.2.9-2+deb11u6]
91 files changed:
debian/NEWS | | blob
debian/changelog | | blob
debian/clean | | blob
debian/control | | blob
debian/copyright | | blob
debian/dconv/LICENSE | | blob
debian/dconv/NOTICE | | blob
debian/dconv/README.md | | blob
debian/dconv/css/check.png | | blob
debian/dconv/css/cross.png | | blob
debian/dconv/css/page.css | | blob
debian/dconv/haproxy-dconv.py | | blob
debian/dconv/img/logo-med.png | | blob
debian/dconv/js/typeahead.bundle.js | | blob
debian/dconv/parser/__init__.py | | blob
debian/dconv/parser/arguments.py | | blob
debian/dconv/parser/example.py | | blob
debian/dconv/parser/keyword.py | | blob
debian/dconv/parser/seealso.py | | blob
debian/dconv/parser/table.py | | blob
debian/dconv/parser/underline.py | | blob
debian/dconv/templates/parser/arguments.tpl | | blob
debian/dconv/templates/parser/example.tpl | | blob
debian/dconv/templates/parser/example/comment.tpl | | blob
debian/dconv/templates/parser/seealso.tpl | | blob
debian/dconv/templates/parser/table.tpl | | blob
debian/dconv/templates/parser/table/header.tpl | | blob
debian/dconv/templates/parser/table/row.tpl | | blob
debian/dconv/templates/parser/underline.tpl | | blob
debian/dconv/templates/summary.html | | blob
debian/dconv/templates/template.html | | blob
debian/dconv/tools/generate-docs.sh | | blob
debian/gbp.conf | | blob
debian/halog.1 | | blob
debian/haproxy-doc.doc-base.haproxy | | blob
debian/haproxy-doc.doc-base.haproxy-lua | | blob
debian/haproxy-doc.docs | | blob
debian/haproxy-doc.install | | blob
debian/haproxy-doc.links | | blob
debian/haproxy-doc.maintscript | | blob
debian/haproxy.README.Debian | | blob
debian/haproxy.cfg | | blob
debian/haproxy.default | | blob
debian/haproxy.dirs | | blob
debian/haproxy.docs | | blob
debian/haproxy.examples | | blob
debian/haproxy.init | | blob
debian/haproxy.install | | blob
debian/haproxy.maintscript | | blob
debian/haproxy.manpages | | blob
debian/haproxy.postinst | | blob
debian/haproxy.postrm | | blob
debian/haproxy.tmpfile | | blob
debian/haproxy.vim | | blob
debian/logrotate.conf | | blob
debian/patches/0001-2.0-2.3-BUG-MAJOR-htx-fix-missing-header-name-length-check-i.patch | | blob
debian/patches/0001-BUG-MAJOR-http-htx-prevent-unbounded-loop-in-http_ma.patch | | blob
debian/patches/0001-BUG-MEDIUM-h2-match-absolute-path-not-path-absolute-.patch | | blob
debian/patches/0001-BUG-MEDIUM-mux-h2-Refuse-interim-responses-with-end-.patch | | blob
debian/patches/0001-BUG-MINOR-tcpcheck-Update-.health-threshold-of-agent.patch | | blob
debian/patches/0002-Use-dpkg-buildflags-to-build-halog.patch | | blob
debian/patches/2.0-2.5-BUG-CRITICAL-http-properly-reject-empty-http-header-.patch | | blob
debian/patches/2.2-0001-MINOR-http-add-a-new-function-http_validate_scheme-t.patch | | blob
debian/patches/2.2-0002-BUG-MAJOR-h2-verify-early-that-non-http-https-scheme.patch | | blob
debian/patches/2.2-0003-BUG-MAJOR-h2-verify-that-path-starts-with-a-before-c.patch | | blob
debian/patches/2.2-0004-BUG-MAJOR-h2-enforce-checks-on-the-method-syntax-bef.patch | | blob
debian/patches/2.2-0005-BUG-MEDIUM-h2-give-authority-precedence-over-Host.patch | | blob
debian/patches/2.2-BUG-MAJOR-fcgi-Fix-uninitialized-reserved-bytes.patch | | blob
debian/patches/BUG-MAJOR-http-reject-any-empty-content-length-heade.patch | | blob
debian/patches/BUG-MINOR-h1-do-not-accept-as-part-of-the-URI-compon.patch | | blob
debian/patches/BUG-MINOR-h2-reject-more-chars-from-the-path-pseudo-.patch | | blob
debian/patches/DOC-clarify-the-handling-of-URL-fragments-in-request.patch | | blob
debian/patches/MINOR-h2-pass-accept-invalid-http-request-down-the-r.patch | | blob
debian/patches/MINOR-http-add-new-function-http_path_has_forbidden_.patch | | blob
debian/patches/MINOR-ist-Add-istend-function-to-return-a-pointer-to.patch | | blob
debian/patches/MINOR-ist-add-new-function-ist_find_range-to-find-a-.patch | | blob
debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch | | blob
debian/patches/debianize-dconv.patch | | blob
debian/patches/haproxy.service-add-documentation.patch | | blob
debian/patches/haproxy.service-start-after-syslog.patch | | blob
debian/patches/series | | blob
debian/rsyslog.conf | | blob
debian/rules | | blob
debian/source/format | | blob
debian/source/include-binaries | | blob
debian/tests/cli | | blob
debian/tests/control | | blob
debian/tests/proxy-localhost | | blob
debian/vim-haproxy.install | | blob
debian/vim-haproxy.yaml | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.