** Description changed: This bug tracks an update for the HAProxy package in the following Ubuntu releases to the versions below: * questing (25.10): HAProxy 3.0.12 (See entries from 3.0.11 to 3.0.12). * plucky (25.04): HAProxy 3.0.12 (See entries from 3.0.11 to 3.0.12). * noble (24.04): HAProxy 2.8.16. * jammy (22.04): HAProxy 2.4.30. These updates include bugfixes only following the SRU policy exception defined at https://documentation.ubuntu.com/sru/en/latest/reference/exception-HAProxy-Updates [Upstream changes] HAProxy 3.0.12: https://www.haproxy.org/download/3.0/src/CHANGELOG HAProxy 2.8.16: https://www.haproxy.org/download/2.8/src/CHANGELOG HAProxy 2.4.30: https://www.haproxy.org/download/2.4/src/CHANGELOG Important bug fixes include: * questing (25.10) and plucky (25.04) - HAProxy 3.0.12: - BUG/MAJOR: quic: fix INITIAL padding with probing packet only - BUG/MAJOR: mux-quic: fix crash on reload during emission - BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval - BUG/MAJOR: stream: Force channel analysis on successful synchronous send - BUG/MAJOR: listeners: transfer connection accounting when switching listeners - BUG/MAJOR: cache: Crash because of wrong cache entry deleted * noble (24.04) - HAProxy 2.8.16: - BUG/MAJOR: listeners: transfer connection accounting when switching Also, all the new releases being introduced here include a CVE fix: - BUG/CRITICAL: mjson: fix possible DoS when parsing numbers already inapplied by security However, this CVE was already introduced in the security pocket by the security team, so we will be just dropping the Ubuntu patch there. [Test Plan] Since the upstream CI piplines do not run (publicly) for HAProxy 2.4, 2.8, and 3.0, we triggered those using the upstream project github workflows: HAproxy 2.4.29 (jammy): https://github.com/athos-ribeiro/haproxy-2.4/actions HAproxy 2.8.15 (noble): https://github.com/athos-ribeiro/haproxy-2.8/actions HAproxy 3.0.10 (plucky): https://github.com/athos-ribeiro/haproxy-3.0/actions TBD: Result analysis A test build set is available at https://launchpad.net/~athos/+archive/ubuntu/haproxy/+packages. We ran the haproxy DEP8 test suite for the packages built in that PPA. Here are the results: - TBD + * Results: + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [amd64] + + ✅ haproxy on jammy for amd64 @ 04.12.25 10:33:02 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [arm64] + + ✅ haproxy on jammy for arm64 @ 04.12.25 10:33:56 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [armhf] + + ✅ haproxy on jammy for armhf @ 04.12.25 10:36:41 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [ppc64el] + + ✅ haproxy on jammy for ppc64el @ 04.12.25 10:51:14 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [s390x] + + ✅ haproxy on jammy for s390x @ 04.12.25 11:19:32 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [amd64] + + ✅ haproxy on noble for amd64 @ 04.12.25 10:35:07 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [arm64] + + ✅ haproxy on noble for arm64 @ 04.12.25 10:44:40 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [armhf] + + ✅ haproxy on noble for armhf @ 04.12.25 10:36:22 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [ppc64el] + + ✅ haproxy on noble for ppc64el @ 04.12.25 10:35:49 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [s390x] + + ✅ haproxy on noble for s390x @ 04.12.25 10:32:47 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [amd64] + + ✅ haproxy on plucky for amd64 @ 04.12.25 10:34:25 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [arm64] + + ✅ haproxy on plucky for arm64 @ 04.12.25 10:33:38 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [armhf] + + ✅ haproxy on plucky for armhf @ 04.12.25 10:35:54 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [ppc64el] + + ✅ haproxy on plucky for ppc64el @ 04.12.25 10:34:12 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [s390x] + + ✅ haproxy on plucky for s390x @ 04.12.25 10:33:14 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [amd64] + + ✅ haproxy on questing for amd64 @ 04.12.25 10:43:49 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [arm64] + + ✅ haproxy on questing for arm64 @ 04.12.25 10:54:32 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [armhf] + + ✅ haproxy on questing for armhf @ 04.12.25 10:35:43 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [ppc64el] + + ✅ haproxy on questing for ppc64el @ 04.12.25 10:35:28 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [s390x] + + ✅ haproxy on questing for s390x @ 04.12.25 10:53:24 Log️ 🗒️ + [Regression Potential] HAProxy itself does not have many reverse dependencies, however, any upgrade is a risk to introduce some breakage to other packages. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [Regression Potential - Changes Analysis (CA)] TBD [Regression Potential - CA - Upstream changes classification criteria] https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING#L632 describes the upstream guidelines for tagging the entries in the upstream changelog based on their purpose, importance, severity, etc. Below, I summarize the relevant bits of such guidelines. Patches "fixing a bug must have the 'BUG' tag", e.g., "BUG/MAJOR: description" "When the patch cannot be categorized, [...] only use a risk or complexity information [...]. This is commonly the case for new features". For instance, "MINOR: description" For MINOR tags, the patch "is safe enough to be backported to stable branches". Patches tagged MEDIUM "may cause unexpected regressions of low importance [...], the patch is safe but touches working areas". Patches tagged MAJOR carry a "major risk of hidden regression". No changes are tagged MAJOR without a bug classifier, i.e., all of the patches classified as MAJOR are BUG/MAJOR and will be discussed below. There is also a CRITICAL tag but no changes are tagged with it in the new candidate versions other than the CVE patch which was already available in the security pocket. [Regression Potential - CA - Impact] TBD [Regression Potential - CA - Assessment] TBD [Previous updates] - LP: #2012557 - LP: #2028418 - LP: #2112526
** Description changed: This bug tracks an update for the HAProxy package in the following Ubuntu releases to the versions below: * questing (25.10): HAProxy 3.0.12 (See entries from 3.0.11 to 3.0.12). * plucky (25.04): HAProxy 3.0.12 (See entries from 3.0.11 to 3.0.12). * noble (24.04): HAProxy 2.8.16. * jammy (22.04): HAProxy 2.4.30. These updates include bugfixes only following the SRU policy exception defined at https://documentation.ubuntu.com/sru/en/latest/reference/exception-HAProxy-Updates [Upstream changes] HAProxy 3.0.12: https://www.haproxy.org/download/3.0/src/CHANGELOG HAProxy 2.8.16: https://www.haproxy.org/download/2.8/src/CHANGELOG HAProxy 2.4.30: https://www.haproxy.org/download/2.4/src/CHANGELOG Important bug fixes include: * questing (25.10) and plucky (25.04) - HAProxy 3.0.12: - BUG/MAJOR: quic: fix INITIAL padding with probing packet only - BUG/MAJOR: mux-quic: fix crash on reload during emission - BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval - BUG/MAJOR: stream: Force channel analysis on successful synchronous send - BUG/MAJOR: listeners: transfer connection accounting when switching listeners - BUG/MAJOR: cache: Crash because of wrong cache entry deleted * noble (24.04) - HAProxy 2.8.16: - BUG/MAJOR: listeners: transfer connection accounting when switching Also, all the new releases being introduced here include a CVE fix: - BUG/CRITICAL: mjson: fix possible DoS when parsing numbers already inapplied by security However, this CVE was already introduced in the security pocket by the security team, so we will be just dropping the Ubuntu patch there. [Test Plan] Since the upstream CI piplines do not run (publicly) for HAProxy 2.4, 2.8, and 3.0, we triggered those using the upstream project github workflows: - HAproxy 2.4.29 (jammy): https://github.com/athos-ribeiro/haproxy-2.4/actions - HAproxy 2.8.15 (noble): https://github.com/athos-ribeiro/haproxy-2.8/actions - HAproxy 3.0.10 (plucky): https://github.com/athos-ribeiro/haproxy-3.0/actions + HAproxy 2.4.30 (jammy): https://github.com/athos-ribeiro/haproxy-2.4/actions + HAproxy 2.8.16 (noble): https://github.com/athos-ribeiro/haproxy-2.8/actions + HAproxy 3.0.12 (plucky/questing): https://github.com/athos-ribeiro/haproxy-3.0/actions TBD: Result analysis A test build set is available at https://launchpad.net/~athos/+archive/ubuntu/haproxy/+packages. We ran the haproxy DEP8 test suite for the packages built in that PPA. Here are the results: * Results: - - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [amd64] - + ✅ haproxy on jammy for amd64 @ 04.12.25 10:33:02 Log️ 🗒️ - - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [arm64] - + ✅ haproxy on jammy for arm64 @ 04.12.25 10:33:56 Log️ 🗒️ - - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [armhf] - + ✅ haproxy on jammy for armhf @ 04.12.25 10:36:41 Log️ 🗒️ - - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [ppc64el] - + ✅ haproxy on jammy for ppc64el @ 04.12.25 10:51:14 Log️ 🗒️ - - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [s390x] - + ✅ haproxy on jammy for s390x @ 04.12.25 11:19:32 Log️ 🗒️ - - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [amd64] - + ✅ haproxy on noble for amd64 @ 04.12.25 10:35:07 Log️ 🗒️ - - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [arm64] - + ✅ haproxy on noble for arm64 @ 04.12.25 10:44:40 Log️ 🗒️ - - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [armhf] - + ✅ haproxy on noble for armhf @ 04.12.25 10:36:22 Log️ 🗒️ - - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [ppc64el] - + ✅ haproxy on noble for ppc64el @ 04.12.25 10:35:49 Log️ 🗒️ - - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [s390x] - + ✅ haproxy on noble for s390x @ 04.12.25 10:32:47 Log️ 🗒️ - - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [amd64] - + ✅ haproxy on plucky for amd64 @ 04.12.25 10:34:25 Log️ 🗒️ - - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [arm64] - + ✅ haproxy on plucky for arm64 @ 04.12.25 10:33:38 Log️ 🗒️ - - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [armhf] - + ✅ haproxy on plucky for armhf @ 04.12.25 10:35:54 Log️ 🗒️ - - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [ppc64el] - + ✅ haproxy on plucky for ppc64el @ 04.12.25 10:34:12 Log️ 🗒️ - - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [s390x] - + ✅ haproxy on plucky for s390x @ 04.12.25 10:33:14 Log️ 🗒️ - - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [amd64] - + ✅ haproxy on questing for amd64 @ 04.12.25 10:43:49 Log️ 🗒️ - - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [arm64] - + ✅ haproxy on questing for arm64 @ 04.12.25 10:54:32 Log️ 🗒️ - - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [armhf] - + ✅ haproxy on questing for armhf @ 04.12.25 10:35:43 Log️ 🗒️ - - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [ppc64el] - + ✅ haproxy on questing for ppc64el @ 04.12.25 10:35:28 Log️ 🗒️ - - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [s390x] - + ✅ haproxy on questing for s390x @ 04.12.25 10:53:24 Log️ 🗒️ - + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [amd64] + + ✅ haproxy on jammy for amd64 @ 04.12.25 10:33:02 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [arm64] + + ✅ haproxy on jammy for arm64 @ 04.12.25 10:33:56 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [armhf] + + ✅ haproxy on jammy for armhf @ 04.12.25 10:36:41 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [ppc64el] + + ✅ haproxy on jammy for ppc64el @ 04.12.25 10:51:14 Log️ 🗒️ + - haproxy: jammy/haproxy/2.4.30-0ubuntu0.22.04.1~ppa1 [s390x] + + ✅ haproxy on jammy for s390x @ 04.12.25 11:19:32 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [amd64] + + ✅ haproxy on noble for amd64 @ 04.12.25 10:35:07 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [arm64] + + ✅ haproxy on noble for arm64 @ 04.12.25 10:44:40 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [armhf] + + ✅ haproxy on noble for armhf @ 04.12.25 10:36:22 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [ppc64el] + + ✅ haproxy on noble for ppc64el @ 04.12.25 10:35:49 Log️ 🗒️ + - haproxy: noble/haproxy/2.8.16-0ubuntu0.24.04.1~ppa1 [s390x] + + ✅ haproxy on noble for s390x @ 04.12.25 10:32:47 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [amd64] + + ✅ haproxy on plucky for amd64 @ 04.12.25 10:34:25 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [arm64] + + ✅ haproxy on plucky for arm64 @ 04.12.25 10:33:38 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [armhf] + + ✅ haproxy on plucky for armhf @ 04.12.25 10:35:54 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [ppc64el] + + ✅ haproxy on plucky for ppc64el @ 04.12.25 10:34:12 Log️ 🗒️ + - haproxy: plucky/haproxy/3.0.12-0ubuntu0.25.04.1~ppa1 [s390x] + + ✅ haproxy on plucky for s390x @ 04.12.25 10:33:14 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [amd64] + + ✅ haproxy on questing for amd64 @ 04.12.25 10:43:49 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [arm64] + + ✅ haproxy on questing for arm64 @ 04.12.25 10:54:32 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [armhf] + + ✅ haproxy on questing for armhf @ 04.12.25 10:35:43 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [ppc64el] + + ✅ haproxy on questing for ppc64el @ 04.12.25 10:35:28 Log️ 🗒️ + - haproxy: questing/haproxy/3.0.12-0ubuntu0.25.10.1~ppa1 [s390x] + + ✅ haproxy on questing for s390x @ 04.12.25 10:53:24 Log️ 🗒️ [Regression Potential] HAProxy itself does not have many reverse dependencies, however, any upgrade is a risk to introduce some breakage to other packages. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [Regression Potential - Changes Analysis (CA)] TBD [Regression Potential - CA - Upstream changes classification criteria] https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING#L632 describes the upstream guidelines for tagging the entries in the upstream changelog based on their purpose, importance, severity, etc. Below, I summarize the relevant bits of such guidelines. Patches "fixing a bug must have the 'BUG' tag", e.g., "BUG/MAJOR: description" "When the patch cannot be categorized, [...] only use a risk or complexity information [...]. This is commonly the case for new features". For instance, "MINOR: description" For MINOR tags, the patch "is safe enough to be backported to stable branches". Patches tagged MEDIUM "may cause unexpected regressions of low importance [...], the patch is safe but touches working areas". Patches tagged MAJOR carry a "major risk of hidden regression". No changes are tagged MAJOR without a bug classifier, i.e., all of the patches classified as MAJOR are BUG/MAJOR and will be discussed below. There is also a CRITICAL tag but no changes are tagged with it in the new candidate versions other than the CVE patch which was already available in the security pocket. [Regression Potential - CA - Impact] TBD [Regression Potential - CA - Assessment] TBD [Previous updates] - LP: #2012557 - LP: #2028418 - LP: #2112526 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127664 Title: New HAProxy upstream microreleases 2.4.30, 2.8.16, and 3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/2127664/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
