projects / haproxy.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
haproxy.git
2 years agohaproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high
commit | commitdiff | tree
Salvatore Bonaccorso [Sat, 16 Dec 2023 16:41:30 +0000 (17:41 +0100)]
haproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * REORG: http: move has_forbidden_char() from h2.c to http.h
  * BUG/MAJOR: h3: reject header values containing invalid chars
  * BUG/MAJOR: http: reject any empty content-length header value
    (CVE-2023-40225) (Closes: #1043502)
  * MINOR: ist: add new function ist_find_range() to find a character range
  * MINOR: http: add new function http_path_has_forbidden_char()
  * MINOR: h2: pass accept-invalid-http-request down the request parser
  * REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri
    tests
  * BUG/MINOR: h1: do not accept '#' as part of the URI component
    (CVE-2023-45539)
  * BUG/MINOR: h2: reject more chars from the :path pseudo header
  * BUG/MINOR: h3: reject more chars from the :path pseudo header
  * REGTESTS: http-rules: verify that we block '#' by default for
    normalize-uri
  * DOC: clarify the handling of URL fragments in requests

[dgit import unpatched haproxy 2.6.12-1+deb12u1]

2 years agoImport haproxy_2.6.12-1+deb12u1.debian.tar.xz
commit | commitdiff | tree
Salvatore Bonaccorso [Sat, 16 Dec 2023 16:41:30 +0000 (17:41 +0100)]
Import haproxy_2.6.12-1+deb12u1.debian.tar.xz

[dgit import tarball haproxy 2.6.12-1+deb12u1 haproxy_2.6.12-1+deb12u1.debian.tar.xz]

2 years agoImport haproxy_2.6.12.orig.tar.gz
commit | commitdiff | tree
Vincent Bernat [Sat, 1 Apr 2023 09:05:57 +0000 (11:05 +0200)]
Import haproxy_2.6.12.orig.tar.gz

[dgit import orig haproxy_2.6.12.orig.tar.gz]

Unnamed repository; edit this file 'description' to name the repository.