Commit graph

28 commits

Author SHA1 Message Date
Fabrice Fontaine ac70f179f6 package/haproxy: bump to version 2.6.5
http://git.haproxy.org/?p=haproxy-2.6.git;a=blob;f=CHANGELOG;h=5e4ca2c913fa117587652a6a08844e3e2e3b62eb;hb=987a4e248bbccf4bffe955b27ccfbcbb626348c2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-09-21 22:20:18 +02:00
Fabrice Fontaine 7d69820376 package/haproxy: bump to version 2.6.1
https://www.mail-archive.com/haproxy@formilux.org/msg42473.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-07-17 15:15:38 +02:00
Fabrice Fontaine 79f92631fd package/haproxy: bump to version 2.6.0
This is a long term supported version that will be maintained till 2027.

https://www.mail-archive.com/haproxy@formilux.org/msg42371.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-06-09 22:43:12 +02:00
Fabrice Fontaine f09fc6f958 package/haproxy: security bump to version 2.4.15
Fix CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP
responses containing the "Set-Cookie2" header. This flaw could allow an
attacker to send crafted HTTP response packets which lead to an infinite
loop, eventually resulting in a denial of service condition. The highest
threat from this vulnerability is availability.

https://www.mail-archive.com/haproxy@formilux.org/msg41963.html
https://www.mail-archive.com/haproxy@formilux.org/msg41873.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-04-10 22:04:08 +02:00
Fabrice Fontaine 0e60d4f11c package/haproxy: bump to version 2.4.13
https://www.mail-archive.com/haproxy@formilux.org/msg41834.html
https://www.mail-archive.com/haproxy@formilux.org/msg41698.html
https://www.mail-archive.com/haproxy@formilux.org/msg41685.html
https://www.mail-archive.com/haproxy@formilux.org/msg41618.html
https://www.mail-archive.com/haproxy@formilux.org/msg41512.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-03-07 11:31:54 +01:00
Fabrice Fontaine f82a835825 package/haproxy: bump to version 2.4.8
This is a bug fix release which addresses quite a number of issues

https://www.mail-archive.com/haproxy@formilux.org/msg41404.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-11-13 15:26:42 +01:00
Fabrice Fontaine e064f9bb52 package/haproxy: bump to version 2.4.7
https://www.mail-archive.com/haproxy@formilux.org/msg41239.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-10-10 12:01:53 +02:00
Peter Korsgaard 36c115d0bc package/haproxy: security bump to version 2.4.4
Fixes the following security issues:

- CVE-2021-40346: An integer overflow exists in HAProxy 2.0 through 2.5 in
  the htx_add_header() can be exploited to perform an HTTP request smuggling
  attack, allowing an attacker to bypass all configured http-request HAProxy
  ACLs and possibly other ACLs.

For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41114.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-10 22:03:15 +02:00
Peter Korsgaard a380e05833 package/haproxy: security bump to version 2.4.3
Fixes the following security issues:

- CVE-2021-39240: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
  before 2.3.13, and 2.4 before 2.4.3.  It does not ensure that the scheme
  and path portions of a URI have the expected characters.  For example, the
  authority field (as observed on a target HTTP/2 server) might differ from
  what the routing rules were intended to achieve.

- CVE-2021-39241: An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2
  before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3.  An HTTP method
  name may contain a space followed by the name of a protected resource.  It
  is possible that a server would interpret this as a request for that
  protected resource, such as in the "GET /admin?  HTTP/1.1 /static/images
  HTTP/1.1" example.

- CVE-2021-39242: An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3
  before 2.3.13, and 2.4 before 2.4.3.  It can lead to a situation with an
  attacker-controlled HTTP Host header, because a mismatch between Host and
  authority is mishandled.

For more details, see the advisory:
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-08-19 22:49:30 +02:00
Fabrice Fontaine 514a909de2 package/haproxy: bump to version 2.4.2
http://git.haproxy.org/?p=haproxy-2.4.git;a=blob;f=CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-19 23:03:06 +02:00
Fabrice Fontaine 5fe4fcdb64 package/haproxy: bump to version 2.2.14
http://www.haproxy.org/download/2.2/src/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-05-08 18:19:53 +02:00
Fabrice Fontaine 398103fbdd package/haproxy: bump to version 2.2.13
http://www.haproxy.org/download/2.2/src/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-05 18:18:16 +02:00
Fabrice Fontaine 31f6fc2bde package/haproxy: bump to version 2.2.10
https://www.mail-archive.com/haproxy@formilux.org/msg39916.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-03-20 22:20:11 +01:00
Fabrice Fontaine dfd44046f3 package/haproxy: bump to version 2.2.9
https://www.mail-archive.com/haproxy@formilux.org/msg39744.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-01 16:57:45 +01:00
Fabrice Fontaine a2a165eb49 package/haproxy: bump to version 2.2.8
https://www.mail-archive.com/haproxy@formilux.org/msg39408.html
https://www.mail-archive.com/haproxy@formilux.org/msg39470.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-30 22:15:10 +01:00
Fabrice Fontaine ed5082f012 package/haproxy: bump to version 2.2.6
Two major bugs were fixed in this versions, both leading to a memory
corruption and random crashes.

https://www.mail-archive.com/haproxy@formilux.org/msg39068.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-12-14 15:51:44 +01:00
Fabrice Fontaine 17a220d154 package/haproxy: bump to version 2.2.5
https://www.mail-archive.com/haproxy@formilux.org/msg38809.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-11-07 13:23:43 +01:00
Fabrice Fontaine b5881e19e4 package/haproxy: bump to version 2.2.4
https://www.mail-archive.com/haproxy@formilux.org/msg38543.html
http://www.haproxy.org/download/2.2/src/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-10-08 22:01:48 +02:00
Fabrice Fontaine 0947cbb470 package/haproxy: bump to version 2.2.2
Drop patch (already in version)

http://www.haproxy.org/download/2.2/src/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-08-29 18:50:21 +02:00
Fabrice Fontaine 4447f34dd3 package/haproxy: bump to version 2.2.0
This is the new LTS branch (EOL in 2025-Q2)

https://www.mail-archive.com/haproxy@formilux.org/msg37852.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-13 21:27:50 +02:00
Fabrice Fontaine 5ec43086bc package/haproxy: security bump to version 2.1.4
- Fix CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK
  decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can
  write arbitrary bytes around a certain location on the heap via a
  crafted HTTP/2 request, possibly causing remote code execution.
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-09 08:33:10 +02:00
Fabrice Fontaine 41ceedabf8 package/haproxy: bump to version 2.1.2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-03 22:42:58 +01:00
Peter Korsgaard dbd4c6028e package/haproxy: security bump to version 2.0.10
Fixes the following security vulnerabilities:

- CVE-2019-19330: The HTTP/2 implementation in HAProxy before 2.0.10
  mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd),
  line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka
  Intermediary Encapsulation Attacks.

In addition, 2.0.6..10 fixes a number of bugs.  See the changelog for
details:

https://www.haproxy.org/download/2.0/src/CHANGELOG

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-29 10:10:09 +01:00
Christopher McCrory eb1e323eed package/haproxy: bump to version 2.0.5
Signed-off-by: Christopher McCrory <chrismcc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-08 18:59:18 +02:00
Fabrice Fontaine 06aa19df63 package/haproxy: bump to version 2.0.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-15 14:39:27 +02:00
Fabrice Fontaine 14cb4d2ab3 package/haproxy: bump to version 1.9.1
Remove patch and tweak haproxy.mk to adapt pcre-config/pcre2-config
workaround with upstream solution.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-01-13 21:53:51 +01:00
Fabrice Fontaine 8e4f6b2fc5 haproxy: security bump to 1.8.14
Fix CVE-2018-14645 (see
https://www.mail-archive.com/haproxy@formilux.org/msg31253.html)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-28 15:08:05 +02:00
Fabrice Fontaine 169fc99ef2 haproxy: new package
HAProxy is a free, very fast and reliable solution offering
high availability, load balancing, and proxying for TCP and
HTTP-based applications.

http://www.haproxy.org

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-27 21:40:34 +02:00