Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2020-04-04 12:20:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Sat Apr 4 12:20:54 2020 rev:83 rq:790908 version:2.1.4+git0.3cfc2f1d9 Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2020-02-19 12:41:01.971681506 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new.3248/haproxy.changes 2020-04-04 12:20:58.899704425 +0200 @@ -1,0 +2,158 @@ +Thu Apr 2 13:24:34 UTC 2020 - Marcus Rueckert <[email protected]> + +- Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100 + - SCRIPTS: make announce-release executable again + - BUG/MINOR: namespace: avoid closing fd when socket failed in + my_socketat + - BUG/MEDIUM: muxes: Use the right argument when calling the + destroy method. + - BUG/MINOR: mux-fcgi: Forbid special characters when matching + PATH_INFO param + - MINOR: mux-fcgi: Make the capture of the path-info optional in + pathinfo regex + - SCRIPTS: announce-release: use mutt -H instead of -i to include + the draft + - MINOR: http-htx: Add a function to retrieve the headers size of + an HTX message + - MINOR: filters: Forward data only if the last filter forwards + something + - BUG/MINOR: filters: Count HTTP headers as filtered data but + don't forward them + - BUG/MINOR: http-htx: Don't return error if authority is updated + without changes + - BUG/MINOR: http-ana: Matching on monitor-uri should be + case-sensitive + - MINOR: http-ana: Match on the path if the monitor-uri starts by + a / + - BUG/MAJOR: http-ana: Always abort the request when a tarpit is + triggered + - MINOR: ist: add an iststop() function + - BUG/MINOR: http: http-request replace-path duplicates the query + string + - BUG/MEDIUM: shctx: make sure to keep all blocks aligned + - MINOR: compiler: move CPU capabilities definition from config.h + and complete them + - BUG/MEDIUM: ebtree: don't set attribute packed without + unaligned access support + - BUILD: fix recent build failure on unaligned archs + - CLEANUP: cfgparse: Fix type of second calloc() parameter + - BUG/MINOR: sample: fix the json converter's endian-sensitivity + - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few + sample fetch functions + - BUG/MINOR: connection: make sure to correctly tag local PROXY + connections + - MINOR: compiler: add new alignment macros + - BUILD: ebtree: improve architecture-specific alignment + - BUG/MINOR: h2: reject again empty :path pseudo-headers + - BUG/MINOR: sample: Make sure to return stable IDs in the + unique-id fetch + - BUG/MINOR: dns: ignore trailing dot + - BUG/MINOR: http-htx: Do case-insensive comparisons on Host + header name + - MINOR: contrib/prometheus-exporter: Add heathcheck status/code + in server metrics + - MINOR: contrib/prometheus-exporter: Add the last heathcheck + duration metric + - BUG/MEDIUM: random: initialize the random pool a bit better + - MINOR: tools: add 64-bit rotate operators + - BUG/MEDIUM: random: implement a thread-safe and process-safe + PRNG + - MINOR: backend: use a single call to ha_random32() for the + random LB algo + - BUG/MINOR: checks/threads: use ha_random() and not rand() + - BUG/MAJOR: list: fix invalid element address calculation + - MINOR: debug: report the task handler's pointer relative to + main + - BUG/MEDIUM: debug: make the debug_handler check for the thread + in threads_to_dump + - MINOR: haproxy: export main to ease access from debugger + - BUILD: tools: remove obsolete and conflicting trace() from + standard.c + - BUG/MINOR: wdt: do not return an error when the watchdog + couldn't be enabled + - DOC: fix incorrect indentation of http_auth_* + - OPTIM: startup: fast unique_id allocation for acl. + - BUG/MINOR: pattern: Do not pass len = 0 to calloc() + - DOC: configuration.txt: fix various typos + - DOC: assorted typo fixes in the documentation and Makefile + - BUG/MINOR: init: make the automatic maxconn consider the max of + soft/hard limits + - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths + - REGTEST: make the PROXY TLV validation depend on version 2.2 + - BUG/MINOR: filters: Use filter offset to decude the amount of + forwarded data + - BUG/MINOR: filters: Forward everything if no data filters are + called + - MINOR: htx: Add a function to return a block at a specific + offset + - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the + response payload + - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks + compressing the payload + - BUG/MINOR: http-ana: Reset request analysers on a response side + error + - BUG/MINOR: lua: Ignore the reserve to know if a channel is full + or not + - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject + action + - BUG/MINOR: http-rules: Fix a typo in the reject action function + - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop + action + - BUG/MINOR: rules: Increment be_counters if backend is assigned + for a silent-drop + - DOC: fix typo about no-tls-tickets + - DOC: improve description of no-tls-tickets + - DOC: assorted typo fixes in the documentation + - DOC: ssl: clarify security implications of TLS tickets + - BUILD: wdt: only test for SI_TKILL when compiled with thread + support + - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to + NULL; + - MINOR: mt_lists: Appease gcc. + - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64 + - BUG/MEDIUM: pools: Always update free_list in pool_gc(). + - BUG/MINOR: haproxy: always initialize sleeping_thread_mask + - BUG/MINOR: listener/mq: do not dispatch connections to remote + threads when stopping + - BUG/MINOR: haproxy/threads: try to make all threads leave + together + - DOC: proxy_protocol: Reserve TLV type 0x05 as + PP2_TYPE_UNIQUE_ID + - DOC: correct typo in alert message about rspirep + - BUILD: on ARM, must be linked to libatomic. + - BUILD: makefile: fix regex syntax in ARM platform detection + - BUILD: makefile: fix expression again to detect ARM platform + - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong + cases. + - DOC: assorted typo fixes in the documentation + - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into + types/signal.h. + - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in + __signal_process_queue(). + - MINOR: memory: Change the flush_lock to a spinlock, and don't + get it in alloc. + - BUG/MINOR: connections: Make sure we free the connection on + failure. + - REGTESTS: use "command -v" instead of "which" + - REGTEST: increase timeouts on the seamless-reload test + - BUG/MINOR: haproxy/threads: close a possible race in soft-stop + detection + - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized + - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL + - BUG/MINOR: peers: Use after free of "peers" section. + - MINOR: listener: add so_name sample fetch + - BUILD: ssl: only pass unsigned chars to isspace() + - BUG/MINOR: stats: Fix color of draining servers on stats page + - DOC: internals: Fix spelling errors in filters.txt + - MINOR: http-rules: Add a flag on redirect rules to know the + rule direction + - BUG/MINOR: http_ana: make sure redirect flags don't have + overlapping bits + - MINOR: http-rules: Handle the rule direction when a redirect is + evaluated + - BUG/MINOR: http-ana: Reset request analysers on error when + waiting for response + - BUG/CRITICAL: hpack: never index a header into the headroom + after wrapping + +------------------------------------------------------------------- Old: ---- haproxy-2.1.3+git0.5c020bbdd.tar.gz New: ---- haproxy-2.1.4+git0.3cfc2f1d9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.jP4Uc5/_old 2020-04-04 12:20:59.811705208 +0200 +++ /var/tmp/diff_new_pack.jP4Uc5/_new 2020-04-04 12:20:59.811705208 +0200 @@ -53,7 +53,7 @@ %endif Name: haproxy -Version: 2.1.3+git0.5c020bbdd +Version: 2.1.4+git0.3cfc2f1d9 Release: 0 # # ++++++ _service ++++++ --- /var/tmp/diff_new_pack.jP4Uc5/_old 2020-04-04 12:20:59.843705236 +0200 +++ /var/tmp/diff_new_pack.jP4Uc5/_new 2020-04-04 12:20:59.843705236 +0200 @@ -6,7 +6,7 @@ <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v2.1.3</param> + <param name="revision">v2.1.4</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.jP4Uc5/_old 2020-04-04 12:20:59.859705249 +0200 +++ /var/tmp/diff_new_pack.jP4Uc5/_new 2020-04-04 12:20:59.859705249 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-2.1.git</param> - <param name="changesrevision">5c020bbddc3d9573f02cde383abc983ad0781fc1</param> + <param name="changesrevision">3cfc2f1d978f475c258dcd8c60b2bff8d02be92c</param> </service> </servicedata> \ No newline at end of file ++++++ haproxy-2.1.3+git0.5c020bbdd.tar.gz -> haproxy-2.1.4+git0.3cfc2f1d9.tar.gz ++++++ ++++ 4003 lines of diff (skipped)
