-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 09 Aug 2019 14:34:56 +0200 Source: haproxy Binary: haproxy haproxy-dbgsym haproxy-doc vim-haproxy Architecture: source amd64 all Version: 2.0.4-1~bpo10+1 Distribution: buster-backports Urgency: medium Maintainer: Debian HAProxy Maintainers <haproxy@tracker.debian.org> Changed-By: Vincent Bernat <bernat@debian.org> Description: haproxy - fast and reliable load balancing reverse proxy haproxy-doc - fast and reliable load balancing reverse proxy (HTML documentatio vim-haproxy - syntax highlighting for HAProxy configuration files Closes: 932763 Changes: haproxy (2.0.4-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . haproxy (2.0.4-1) unstable; urgency=medium . * New upstream release. Upload to unstable. - BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() * d/haproxy.cfg: update default cipher lists to more secure defaults. TLSv1.0 and TLSv1.1 are disabled, as well as TLS tickets (they are breaking forward secrecy unless correctly rotated). Closes: #932763. . haproxy (2.0.3-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . haproxy (2.0.3-1) experimental; urgency=medium . * New upstream version. - BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter (CVE-2019-14241) - BUG/MEDIUM: checks: Don't attempt to receive data if we already subscribed. - BUG/MEDIUM: http/htx: unbreak option http_proxy - DOC: htx: Update comments in HTX files - BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream * Bump Standards-Version to 4.4.0; no changes needed . haproxy (2.0.2-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . haproxy (2.0.2-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: listener: fix thread safety in resume_listener() . haproxy (2.0.1-1~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . haproxy (2.0.1-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL condition. - BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is formatted * d/rules: fix crash during reload due to libgcc_s.so missing when chrooted. . haproxy (2.0.0-1) experimental; urgency=medium . * New upstream version. * d/watch: update to follow 2.0. * d/gbp.conf: update for 2.0 and experimental. * d/rules: update to use linux-glibc target. * d/rules: enable prometheus exporter. * d/patches: refresh patches. * d/vim-haproxy.install: update path to vim syntax file. * d/README.Debian: remove outdated information. . haproxy (1.9.8-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI - BUG/MAJOR: mux-h2: do not add a stream twice to the send list . haproxy (1.9.7-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: http_fetch: Get the channel depending on the keyword used - BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB - BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB - BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP proxies only - BUG/MAJOR: task: make sure never to delete a queued task . haproxy (1.9.6-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: checks: segfault during tcpcheck_main . haproxy (1.9.5-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: cache/htx: Set the start-line offset when a cached object is served - BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked - BUG/MAJOR: listener: Make sure the listener exist before using it. - BUG/MAJOR: mux-h2: fix race condition between close on both ends - BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck - BUG/MAJOR: spoe: Fix initialization of thread-dependent fields - BUG/MAJOR: stats: Fix how huge POST data are read from the channel - BUG/MAJOR: stream: avoid double free on unique_id - BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the global rq. . haproxy (1.9.4-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: config: verify that targets of track-sc and stick rules are present - BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with HTX - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes . haproxy (1.9.3-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: mux-h2: don't destroy the stream on failed allocation in h2_snd_buf() - BUG/MEDIUM: checks: fix recent regression on agent-check making it crash - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages . haproxy (1.9.2-1) experimental; urgency=medium . * New upstream version. - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key - BUG/MEDIUM: checks: Avoid having an associated server for email checks. - BUG/MEDIUM: connection: properly unregister the mux on failed initialization - BUG/MEDIUM: h1: Get the h1m state when restarting the headers parsing - BUG/MEDIUM: h1: Make sure we destroy an inactive connectin that did shutw. - BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in server-template - BUG/MEDIUM: mux-h2: decode trailers in HEADERS frames - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT. - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file - BUG/MEDIUM: stats: Get the right scope pointer depending on HTX is used or not * d/patches: removal of CVE-2018-20615.patch (applied upstream) . haproxy (1.9.0-2) experimental; urgency=medium . * Fix out-of-bounds read in HTTP2 mux (CVE-2018-20615). Possible crash in H2 HEADERS frame decoder when the PRIORITY flag is present, due to a missing frame size check. * Bump Standards-Version to 4.3.0; no changes needed. . haproxy (1.9.0-1) experimental; urgency=medium . * New upstream version 1.9.0. See https://www.haproxy.com/blog/haproxy-1-9-has-arrived/. * d/watch: update to follow 1.9. * d/gbp.conf: update for 1.9 and experimental. * d/rules: do not override CFLAGS, hijack DEBUG_CFLAGS for this instead. * d/patches: add regression fix for DNS. Checksums-Sha1: d779387601b43bdb1bcb7aacc0ef27d80452089a 2327 haproxy_2.0.4-1~bpo10+1.dsc 164624c82e8fdfc7496b6185b19ac65a6e94376e 2538442 haproxy_2.0.4.orig.tar.gz f34f7613b0e49ec4442252400251102d57e369a1 68036 haproxy_2.0.4-1~bpo10+1.debian.tar.xz e54258392cd48b512f357503a242204ba0bb363f 5055640 haproxy-dbgsym_2.0.4-1~bpo10+1_amd64.deb 1501def92ddba3082dd82fa6c2624bb6211c1be5 605288 haproxy-doc_2.0.4-1~bpo10+1_all.deb c79aeee8bcb16f0699b1b606a90bef77ed1a8a8e 8269 haproxy_2.0.4-1~bpo10+1_amd64.buildinfo 896dec5e56a0c0cbeb5e1da379ded621c4f22e50 1711088 haproxy_2.0.4-1~bpo10+1_amd64.deb 8c5e212372e4ad97a4c1168167ef8626fea30497 228892 vim-haproxy_2.0.4-1~bpo10+1_all.deb Checksums-Sha256: e7776df5a21e5d1c09cb0f9a3197af90c7f82019aa7b730fac1c9ce42389bc57 2327 haproxy_2.0.4-1~bpo10+1.dsc e2680696032c8b957cd26fd948fff239d2cfc17b00964e6d2dc5adf8155fcef1 2538442 haproxy_2.0.4.orig.tar.gz dba7e20614ecdca3acc1697bcd9a26c5c35e4c62bafb20c0da40c518e2e9936d 68036 haproxy_2.0.4-1~bpo10+1.debian.tar.xz 5492723d2ebc69e46d4c459576d300e4505db552a75e6b1b44d4769870e4e5ae 5055640 haproxy-dbgsym_2.0.4-1~bpo10+1_amd64.deb 194c483f4c4a7252b586f836c2a5b3bdf92d3f72da998c22a4cac264c4f0535a 605288 haproxy-doc_2.0.4-1~bpo10+1_all.deb ff936c18363259ff6e1c96963c5110f3a14f4203e5d843d3927ca0959bab4b42 8269 haproxy_2.0.4-1~bpo10+1_amd64.buildinfo 66e8328e6386f051c81d802d49511ae854e9b90d061d28dde8ccbfc1372d4049 1711088 haproxy_2.0.4-1~bpo10+1_amd64.deb 4b20579c7a4328696d3753ba6f45ea10d1a2fa24be397006697c68e69025d566 228892 vim-haproxy_2.0.4-1~bpo10+1_all.deb Files: 227a5f467b1c341387c296cec5011b05 2327 net optional haproxy_2.0.4-1~bpo10+1.dsc e0a295b3aa468f70ba261cc5ae9a5f83 2538442 net optional haproxy_2.0.4.orig.tar.gz 64f7d27c603c12102baf5187b6daa31c 68036 net optional haproxy_2.0.4-1~bpo10+1.debian.tar.xz a50a6b90988755fa500f9c12e6c88e4e 5055640 debug optional haproxy-dbgsym_2.0.4-1~bpo10+1_amd64.deb b7cad90f91b14d6795f9db9bf85654cd 605288 doc optional haproxy-doc_2.0.4-1~bpo10+1_all.deb ffdab5250aeda392b1240443c948b574 8269 net optional haproxy_2.0.4-1~bpo10+1_amd64.buildinfo 3fed4711d3e1a20a298ea56798dfa3fa 1711088 net optional haproxy_2.0.4-1~bpo10+1_amd64.deb fb4ac77d87541113fda0aff8ea744404 228892 net optional vim-haproxy_2.0.4-1~bpo10+1_all.deb -----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAl1QC9MSHGJlcm5hdEBk ZWJpYW4ub3JnAAoJEJWkL+g1NSX5RS0P/jqX+VQoa8s3PcENykcfn//1iWDxpkQR sciNFozOavvWS79L+qhqAWjMd9Mm+p/mvjQbAX2URO0xTuH60piS656VtRIr5FMZ cg4fHyrMwlzG8iAQiIvJ2xEpBjz0cGKK8oQIdjpYY/DfCwpAhduU4tV7poVzpd6d GmpiaAgZCLMmfpLBWiOaROtFD8Fkj4Fw6y00ben/uqVmPzEJ3xWr/1HbMVp8QVkO S8L+OqW49/NlSIvEmS6i6Ce3TRJsIKcsnlaf81FfFkMxCLD9yPh96pSKVD8018+v LRCibT6zsdZAS+e2jor9CyjCq/m62sj6LzQZKCTnoG/4jASrlUdibUgCXFco7jd9 sGH8L1bwqLS5xH3VRyYeHPs1JDOekzdPMUsIuHv5hc0ohKa+wTjauFF1F6s05xnY lREAC01m3zVxWd7krZjRjkr2HMi3X+38mku3pBKayvAIocmWUTSu5W8jCgZr/kSe VZcofvfa5tnxaiQdhM26MuqWlUMtc4f9Ipy8FMZ0ea54TtYX8hg+ktBPjy/9OPTf 7oOfH8zBB4NISUTlOGEgGCcKUleGzJX4iwsE33CfANtS31eyIfHerHslv8OVPPnh 7ptHB/ivEAP8BIfUpSbjyx0QGflCFE8WC7M1yXLfk3vPBYsjRagNBGKepxyyo80S NcXsGgr+00oZ =rSKy -----END PGP SIGNATURE-----