From: Raspbian automatic forward porter <root@raspbian.org>
Date: Sat, 6 Jan 2024 09:27:30 +0000 (+0000)
Subject: Merge version 2.6.12-1+rpi1 and 2.6.12-1+deb12u1 to produce 2.6.12-1+rpi1+deb12u1
X-Git-Tag: archive/raspbian/2.6.12-1+rpi1+deb12u1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d3992cd7a1a3a7167dee97ec02aabad1dbc8cab9;p=haproxy.git

Merge version 2.6.12-1+rpi1 and 2.6.12-1+deb12u1 to produce 2.6.12-1+rpi1+deb12u1
---

d3992cd7a1a3a7167dee97ec02aabad1dbc8cab9
diff --cc debian/changelog
index 8d4c5ea,05c35e8..28c147c
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,24 +1,31 @@@
- haproxy (2.6.12-1+rpi1) bookworm-staging; urgency=medium
++haproxy (2.6.12-1+rpi1+deb12u1) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 1.8.19-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 14 Mar 2019 20:25:01 +0000]
 +  * Link with libatomic on armhf too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Sun, 14 May 2023 19:45:32 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sat, 06 Jan 2024 09:27:30 +0000
++
+ haproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high
+ 
+   * Non-maintainer upload by the Security Team.
+   * REORG: http: move has_forbidden_char() from h2.c to http.h
+   * BUG/MAJOR: h3: reject header values containing invalid chars
+   * BUG/MAJOR: http: reject any empty content-length header value
+     (CVE-2023-40225) (Closes: #1043502)
+   * MINOR: ist: add new function ist_find_range() to find a character range
+   * MINOR: http: add new function http_path_has_forbidden_char()
+   * MINOR: h2: pass accept-invalid-http-request down the request parser
+   * REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri
+     tests
+   * BUG/MINOR: h1: do not accept '#' as part of the URI component
+     (CVE-2023-45539)
+   * BUG/MINOR: h2: reject more chars from the :path pseudo header
+   * BUG/MINOR: h3: reject more chars from the :path pseudo header
+   * REGTESTS: http-rules: verify that we block '#' by default for
+     normalize-uri
+   * DOC: clarify the handling of URL fragments in requests
+ 
+  -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 16 Dec 2023 17:41:30 +0100
  
  haproxy (2.6.12-1) unstable; urgency=medium