UbuntuUpdates.org

Package "haproxy"

Name: haproxy

Description:

fast and reliable load balancing reverse proxy

Latest version: 2.0.29-0ubuntu1
Release: focal (20.04)
Level: updates
Repository: main
Homepage: http://www.haproxy.org/

Links


Download "haproxy"


Other versions of "haproxy" in Focal

Repository Area Version
base main 2.0.13-2
base universe 2.0.13-2
security main 2.0.13-2ubuntu0.5
security universe 2.0.13-2ubuntu0.5
updates universe 2.0.29-0ubuntu1

Changelog

Version: 2.0.29-0ubuntu1 2022-09-22 11:07:12 UTC

  haproxy (2.0.29-0ubuntu1) focal; urgency=medium

  * New upstream release (LP: #1987914).
    - Major and critical bug fixes according to the upstream changelog:
      + http-ana: Always abort the request when a tarpit is triggered
      + list: fix invalid element address calculation
      + proxy_protocol: Properly validate TLV lengths
      + hpack: never index a header into the headroom after wrapping
      + stream-int: always detach a faulty endpoint on connect failure
      + stream: Mark the server address as unset on new outgoing connection
      + dns: Make the do-resolve action thread-safe
      + contrib/spoa-server: Fix unhandled python call leading to memory leak
      + mux-h2: Don't try to send data if we know it is no longer possible
      + spoe: Be sure to remove all references on a released spoe applet
      + filters: Always keep all offsets up to date during data filtering
      + peers: fix partial message decoding
      + spoa/python: Fixing return None
      + dns: fix null pointer dereference in snr_update_srv_status
      + dns: disabled servers through SRV records never recover
      + mux-h2: Properly detect too large frames when decoding headers
      + server: prevent deadlock when using 'set maxconn server'
      + htx: Fix htx_defrag() when an HTX block is expanded
      + queue: set SF_ASSIGNED when setting strm->target on dequeue
      + server: fix deadlock when changing maxconn via agent-check
      + h2: enforce stricter syntax checks on the :method pseudo-header
      + htx: fix missing header name length check in htx_add_header/trailer
      + lua: use task_wakeup() to properly run a task once
      + http/htx: prevent unbounded loop in http_manage_server_side_cookies
      + spoe: properly detach all agents when releasing the applet
      + mux-h2: Be sure to always report HTX parsing error to the app layer
      + sched: prevent rare concurrent wakeup of multi-threaded tasks
      + mux-pt: Always destroy the backend connection on detach
      + dns: multi-thread concurrency issue on UDP socket
      + mux_pt: always report the connection error to the conn_stream
    - Refresh haproxy.service-*.patch.
    - Remove patches applied by upstream in debian/patches:
      + 0001-2.0-2.3-BUG-MAJOR-htx-fix-missing-header-name-length-check-i.patch
      + 0001-BUG-CRITICAL-hpack-never-index-a-header-into-the-hea.patch
      + 2.0-0001-BUG-MAJOR-h2-enforce-checks-on-the-method-syntax-bef.patch
      + CVE-2022-0711.patch
      + lp1894879-BUG-MEDIUM-dns-*.patch

 -- Lucas Kanashiro <email address hidden> Fri, 26 Aug 2022 17:07:24 -0300

Source diff to previous version
1987914 Microrelease update in all supported releases
CVE-2022-0711 A flaw was found in the way HAProxy processed HTTP responses containin ...

Version: 2.0.13-2ubuntu0.5 2022-03-03 16:06:30 UTC

  haproxy (2.0.13-2ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop via Set-Cookie2 header
    - debian/patches/CVE-2022-0711.patch: prevent unbounded loop in
      src/http_ana.c.
    - CVE-2022-0711
  * debian/rules: link against libatomic on riscv64.

 -- Marc Deslauriers <email address hidden> Wed, 02 Mar 2022 07:56:19 -0500

Source diff to previous version
CVE-2022-0711 A flaw was found in the way HAProxy processed HTTP responses containin ...

Version: 2.0.13-2ubuntu0.3 2021-09-08 13:06:52 UTC

  haproxy (2.0.13-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: duplicate content-length header check bypass in HTX
    - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length
      check in htx_add_header/trailer in src/htx.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Fri, 27 Aug 2021 07:48:39 -0400

Source diff to previous version

Version: 2.0.13-2ubuntu0.2 2021-08-17 18:06:21 UTC

  haproxy (2.0.13-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: Security issue in HTTP/2 implementation
    - d/p/2.0-0001*.patch: enforce checks on the method syntax before
      translating to HTX.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Mon, 16 Aug 2021 07:42:00 -0400

Source diff to previous version

Version: 2.0.13-2ubuntu0.1 2020-09-24 09:06:52 UTC

  haproxy (2.0.13-2ubuntu0.1) focal; urgency=medium

  * Backport dns related fixes from git to resolve crashes when
    using do-resolve action (LP: #1894879)
    - BUG/CRITICAL: dns: Make the do-resolve action thread safe
    - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
    - BUG/MEDIUM: dns: Don't yield in do resolve action on a final

 -- Simon Deziel <email address hidden> Tue, 08 Sep 2020 17:16:14 +0000

1894879 frequent crashes when using do-resolve()



About   -   Send Feedback to @ubuntu_updates