[ubuntu/focal-proposed] haproxy 2.0.29-0ubuntu1 (Accepted)

Lucas Kanashiro kanashiro at ubuntu.com
Fri Sep 9 12:40:55 UTC 2022 

haproxy (2.0.29-0ubuntu1) focal; urgency=medium

  * New upstream release (LP: #1987914).
    - Major and critical bug fixes according to the upstream changelog:
      + http-ana: Always abort the request when a tarpit is triggered
      + list: fix invalid element address calculation
      + proxy_protocol: Properly validate TLV lengths
      + hpack: never index a header into the headroom after wrapping
      + stream-int: always detach a faulty endpoint on connect failure
      + stream: Mark the server address as unset on new outgoing connection
      + dns: Make the do-resolve action thread-safe
      + contrib/spoa-server: Fix unhandled python call leading to memory leak
      + mux-h2: Don't try to send data if we know it is no longer possible
      + spoe: Be sure to remove all references on a released spoe applet
      + filters: Always keep all offsets up to date during data filtering
      + peers: fix partial message decoding
      + spoa/python: Fixing return None
      + dns: fix null pointer dereference in snr_update_srv_status
      + dns: disabled servers through SRV records never recover
      + mux-h2: Properly detect too large frames when decoding headers
      + server: prevent deadlock when using 'set maxconn server'
      + htx: Fix htx_defrag() when an HTX block is expanded
      + queue: set SF_ASSIGNED when setting strm->target on dequeue
      + server: fix deadlock when changing maxconn via agent-check
      + h2: enforce stricter syntax checks on the :method pseudo-header
      + htx: fix missing header name length check in htx_add_header/trailer
      + lua: use task_wakeup() to properly run a task once
      + http/htx: prevent unbounded loop in http_manage_server_side_cookies
      + spoe: properly detach all agents when releasing the applet
      + mux-h2: Be sure to always report HTX parsing error to the app layer
      + sched: prevent rare concurrent wakeup of multi-threaded tasks
      + mux-pt: Always destroy the backend connection on detach
      + dns: multi-thread concurrency issue on UDP socket
      + mux_pt: always report the connection error to the conn_stream
    - Refresh haproxy.service-*.patch.
    - Remove patches applied by upstream in debian/patches:
      + 0001-2.0-2.3-BUG-MAJOR-htx-fix-missing-header-name-length-check-i.patch
      + 0001-BUG-CRITICAL-hpack-never-index-a-header-into-the-hea.patch
      + 2.0-0001-BUG-MAJOR-h2-enforce-checks-on-the-method-syntax-bef.patch
      + CVE-2022-0711.patch
      + lp1894879-BUG-MEDIUM-dns-*.patch

Date: Fri, 26 Aug 2022 17:07:24 -0300
Changed-By: Lucas Kanashiro <kanashiro at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/haproxy/2.0.29-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 26 Aug 2022 17:07:24 -0300
Source: haproxy
Architecture: source
Version: 2.0.29-0ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lucas Kanashiro <kanashiro at ubuntu.com>
Launchpad-Bugs-Fixed: 1987914
Changes:
 haproxy (2.0.29-0ubuntu1) focal; urgency=medium
 .
   * New upstream release (LP: #1987914).
     - Major and critical bug fixes according to the upstream changelog:
       + http-ana: Always abort the request when a tarpit is triggered
       + list: fix invalid element address calculation
       + proxy_protocol: Properly validate TLV lengths
       + hpack: never index a header into the headroom after wrapping
       + stream-int: always detach a faulty endpoint on connect failure
       + stream: Mark the server address as unset on new outgoing connection
       + dns: Make the do-resolve action thread-safe
       + contrib/spoa-server: Fix unhandled python call leading to memory leak
       + mux-h2: Don't try to send data if we know it is no longer possible
       + spoe: Be sure to remove all references on a released spoe applet
       + filters: Always keep all offsets up to date during data filtering
       + peers: fix partial message decoding
       + spoa/python: Fixing return None
       + dns: fix null pointer dereference in snr_update_srv_status
       + dns: disabled servers through SRV records never recover
       + mux-h2: Properly detect too large frames when decoding headers
       + server: prevent deadlock when using 'set maxconn server'
       + htx: Fix htx_defrag() when an HTX block is expanded
       + queue: set SF_ASSIGNED when setting strm->target on dequeue
       + server: fix deadlock when changing maxconn via agent-check
       + h2: enforce stricter syntax checks on the :method pseudo-header
       + htx: fix missing header name length check in htx_add_header/trailer
       + lua: use task_wakeup() to properly run a task once
       + http/htx: prevent unbounded loop in http_manage_server_side_cookies
       + spoe: properly detach all agents when releasing the applet
       + mux-h2: Be sure to always report HTX parsing error to the app layer
       + sched: prevent rare concurrent wakeup of multi-threaded tasks
       + mux-pt: Always destroy the backend connection on detach
       + dns: multi-thread concurrency issue on UDP socket
       + mux_pt: always report the connection error to the conn_stream
     - Refresh haproxy.service-*.patch.
     - Remove patches applied by upstream in debian/patches:
       + 0001-2.0-2.3-BUG-MAJOR-htx-fix-missing-header-name-length-check-i.patch
       + 0001-BUG-CRITICAL-hpack-never-index-a-header-into-the-hea.patch
       + 2.0-0001-BUG-MAJOR-h2-enforce-checks-on-the-method-syntax-bef.patch
       + CVE-2022-0711.patch
       + lp1894879-BUG-MEDIUM-dns-*.patch
Checksums-Sha1:
 2b84e026f4fe4c7eb5bb02bd0f602cb32058b4b2 2415 haproxy_2.0.29-0ubuntu1.dsc
 6e45a2c3aa4076e1d466508bc97b1c479d0692ac 2722893 haproxy_2.0.29.orig.tar.gz
 53f727c4057d5d8df51234adc484134673ad57bc 69932 haproxy_2.0.29-0ubuntu1.debian.tar.xz
 90e135e5db1a408fc406677e6e0e178c8111ef4e 8042 haproxy_2.0.29-0ubuntu1_source.buildinfo
Checksums-Sha256:
 31721eda450694fb2d64548c37e3c928cbb8cb1f543cd8c4d1642ed114452364 2415 haproxy_2.0.29-0ubuntu1.dsc
 39801aeede2e945aeae14e41bcbe7fe38bc63971c5d046ae11125b2da513ea5d 2722893 haproxy_2.0.29.orig.tar.gz
 e6a51b01a7f3d31cb81fe4198f6af5591425703a00c38be0aa5cbe544979c300 69932 haproxy_2.0.29-0ubuntu1.debian.tar.xz
 a27853267359133816a475b064f5a53f414e180cf0c42064556d5c5c4f359453 8042 haproxy_2.0.29-0ubuntu1_source.buildinfo
Files:
 22945b6b08a4d52c7885437fc3d5ebd6 2415 net optional haproxy_2.0.29-0ubuntu1.dsc
 a4c4983c7ed51946bdde1d0eceedd527 2722893 net optional haproxy_2.0.29.orig.tar.gz
 f2d17cc618960bbfb286f72545dcd38c 69932 net optional haproxy_2.0.29-0ubuntu1.debian.tar.xz
 e0d4273adc9de68ab9e48a0cdd8c2226 8042 net optional haproxy_2.0.29-0ubuntu1_source.buildinfo
Original-Maintainer: Debian HAProxy Maintainers <haproxy at tracker.debian.org>
Vcs-Git: https://git.launchpad.net/~lucaskanashiro/ubuntu/+source/haproxy
Vcs-Git-Commit: 79026a252a02524cbfd0c5620d667fa8f19b48cc
Vcs-Git-Ref: refs/heads/focal-mre

More information about the Focal-changes mailing list