projects / haproxy.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
haproxy.git
2 years agoBUG/MAJOR: h3: reject header values containing invalid chars
commit | commitdiff | tree
Willy Tarreau [Tue, 8 Aug 2023 15:18:27 +0000 (17:18 +0200)]
BUG/MAJOR: h3: reject header values containing invalid chars

Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=20a35c4d505475215122d37405ce173075338032

In practice it's exactly the same for h3 as 54f53ef7c ("BUG/MAJOR: h2:
reject header values containing invalid chars") was for h2: we must
make sure never to accept NUL/CR/LF in any header value because this
may be used to construct splitted headers on the backend. Hence we
apply the same solution. Here pseudo-headers, headers and trailers are
checked separately, which explains why we have 3 locations instead of
2 for h2 (+1 for response which we don't have here).

This is marked major for consistency and due to the impact if abused,
but the reality is that at the time of writing, this problem is limited
by the scarcity of the tools which would permit to build such a request
in the first place. But this may change over time.

This must be backported to 2.6. This depends on the following commit
that exposes the filtering function:

    REORG: http: move has_forbidden_char() from h2.c to http.h

(cherry picked from commit d13a80abb7c1badaa42045c37cfff79f24f05726)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 0404bf14c900d6ac879ec432a198435e0741d835)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit f58b63af68f239464c29e698a34f08ff3eef862f)
 [ad: no http/3 trailer support in 2.6]
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
Gbp-Pq: Name BUG-MAJOR-h3-reject-header-values-containing-invalid.patch

2 years agoREORG: http: move has_forbidden_char() from h2.c to http.h
commit | commitdiff | tree
Willy Tarreau [Tue, 8 Aug 2023 15:00:50 +0000 (17:00 +0200)]
REORG: http: move has_forbidden_char() from h2.c to http.h

Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=4a776fd01560a8dfa7a57b30b4d5249c8da7b12c

This function is not H2 specific but rather generic to HTTP. We'll
need it in H3 soon, so let's move it to HTTP and rename it to
http_header_has_forbidden_char().

(cherry picked from commit d4069f3cee0f6e94afaec518b6373dd368073f52)
 [ad: backported for next patch BUG/MAJOR: h3: reject header values
 containing invalid chars]
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 21c4ffd025115058994a3e2765c17fc3cee52f90)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 9c0bc4f201cf58c10706416cb4807c0f4794f8ac)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
Gbp-Pq: Name REORG-http-move-has_forbidden_char-from-h2.c-to-http.patch

2 years agoreproducible
commit | commitdiff | tree
Debian HAProxy Maintainers [Sat, 16 Dec 2023 16:41:30 +0000 (17:41 +0100)]
reproducible

Gbp-Pq: Name reproducible.patch

2 years agohaproxy.service: make systemd bind /dev/log inside chroot
commit | commitdiff | tree
Vincent Bernat [Thu, 25 Nov 2021 20:35:48 +0000 (21:35 +0100)]
haproxy.service: make systemd bind /dev/log inside chroot

This enables logging to work without rsyslog being present.

Gbp-Pq: Name haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch

2 years agoAdd documentation field to the systemd unit
commit | commitdiff | tree
Debian HAProxy Maintainers [Sun, 25 Mar 2018 09:31:50 +0000 (11:31 +0200)]
Add documentation field to the systemd unit

Forwarded: no
Last-Update: 2014-01-03

Gbp-Pq: Name haproxy.service-add-documentation.patch

2 years agoStart after rsyslog.service
commit | commitdiff | tree
Apollon Oikonomopoulos [Sun, 25 Mar 2018 09:31:50 +0000 (11:31 +0200)]
Start after rsyslog.service

As HAProxy is running chrooted by default, we rely on an additional syslog
socket created by rsyslog inside the chroot for logging. As this socket cannot
trigger syslog activation, we explicitly order HAProxy after rsyslog.service.
Note that we are not using syslog.service here, since the additional socket is
rsyslog-specific.
Forwarded: no
Last-Update: 2017-12-01

Gbp-Pq: Name haproxy.service-start-after-syslog.patch

2 years agohaproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high
commit | commitdiff | tree
Salvatore Bonaccorso [Sat, 16 Dec 2023 16:41:30 +0000 (17:41 +0100)]
haproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * REORG: http: move has_forbidden_char() from h2.c to http.h
  * BUG/MAJOR: h3: reject header values containing invalid chars
  * BUG/MAJOR: http: reject any empty content-length header value
    (CVE-2023-40225) (Closes: #1043502)
  * MINOR: ist: add new function ist_find_range() to find a character range
  * MINOR: http: add new function http_path_has_forbidden_char()
  * MINOR: h2: pass accept-invalid-http-request down the request parser
  * REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri
    tests
  * BUG/MINOR: h1: do not accept '#' as part of the URI component
    (CVE-2023-45539)
  * BUG/MINOR: h2: reject more chars from the :path pseudo header
  * BUG/MINOR: h3: reject more chars from the :path pseudo header
  * REGTESTS: http-rules: verify that we block '#' by default for
    normalize-uri
  * DOC: clarify the handling of URL fragments in requests

[dgit import unpatched haproxy 2.6.12-1+deb12u1]

2 years agoImport haproxy_2.6.12-1+deb12u1.debian.tar.xz
commit | commitdiff | tree
Salvatore Bonaccorso [Sat, 16 Dec 2023 16:41:30 +0000 (17:41 +0100)]
Import haproxy_2.6.12-1+deb12u1.debian.tar.xz

[dgit import tarball haproxy 2.6.12-1+deb12u1 haproxy_2.6.12-1+deb12u1.debian.tar.xz]

2 years agoImport haproxy_2.6.12.orig.tar.gz
commit | commitdiff | tree
Vincent Bernat [Sat, 1 Apr 2023 09:05:57 +0000 (11:05 +0200)]
Import haproxy_2.6.12.orig.tar.gz

[dgit import orig haproxy_2.6.12.orig.tar.gz]

Unnamed repository; edit this file 'description' to name the repository.