Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2018-12-18 14:58:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "haproxy" Tue Dec 18 14:58:57 2018 rev:67 rq:658885 version:1.8.15~git0.6b6a350a Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2018-09-28 08:53:17.437738610 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new.28833/haproxy.changes 2018-12-18 15:00:13.386085808 +0100 @@ -1,0 +2,55 @@ +Mon Dec 17 09:42:18 UTC 2018 - kgronlund@suse.com + +- Update to version 1.8.15~git0.6b6a350a: (bsc#1119419) (CVE-2018-20103) (VUL-0) (bsc#1119368) (CVE-2018-20102) + * DOC: Update configuration doc about the maximum number of stick counters. + * BUG: dns: Fix off-by-one write in dns_validate_dns_response() + * BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() + * BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() + * BUG: dns: Prevent out-of-bounds read in dns_read_name() + * BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name + * DOC: refer to check-sni in the documentation of sni + * DOC: clarify that check-sni needs an argument. + * MINOR: servers: Free [idle|safe|priv]_conns on exit. + * MINOR: stats: report the number of active jobs and listeners in "show info" + * BUG/MINOR: mux-h2: advertise a larger connection window size + * BUG/MINOR: mux-h2: refrain from muxing during the preface + * BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation + * BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. + * BUG/MINOR: lb-map: fix unprotected update to server's score + * BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed + * BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name + * BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id + * BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field + * BUG/MINOR: config: Copy default error messages when parsing of a backend starts + * BUG/MEDIUM: Make sure stksess is properly aligned. + * BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn + * BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe + * BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer + * BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic + * BUG/MINOR: only mark connections private if NTLM is detected + * DOC: cache: Missing information about "total-max-size" + * BUG/MINOR: ssl: Wrong usage of shctx_init(). + * BUG/MINOR: cache: Wrong usage of shctx_init(). + * BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB). + * BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent. + * BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF. + * DOC: fix reference to map files in MAINTAINERS + * MINOR: peers: use defines instead of enums to appease clang. + * MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80. + * MINOR: server: Use memcpy() instead of strncpy(). + * CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause + * MINOR: lua: all functions calling lua_yieldk() may return + * BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile + * BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point + * BUG/MEDIUM: stream: don't crash on out-of-memory + * BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM. + * BUG/MINOR: checks: queues null-deref + * BUG/MEDIUM: Cur/CumSslConns counters not threadsafe. + * MEDIUM: ssl: add support for ciphersuites option for TLSv1.3 + * BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2. + * BUG/MINOR: backend: check that the mux installed properly + * BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 + * DOC: clarify force-private-cache is an option + * MINOR: threads: Make sure threads_sync_pipe is initialized before using it. + +------------------------------------------------------------------- Old: ---- haproxy-1.8.14~git0.52e4d43b.tar.gz New: ---- haproxy-1.8.15~git0.6b6a350a.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.HmCtcq/_old 2018-12-18 15:00:13.926084996 +0100 +++ /var/tmp/diff_new_pack.HmCtcq/_new 2018-12-18 15:00:13.930084991 +0100 @@ -47,7 +47,7 @@ %endif Name: haproxy -Version: 1.8.14~git0.52e4d43b +Version: 1.8.15~git0.6b6a350a Release: 0 # # ++++++ _service ++++++ --- /var/tmp/diff_new_pack.HmCtcq/_old 2018-12-18 15:00:13.958084948 +0100 +++ /var/tmp/diff_new_pack.HmCtcq/_new 2018-12-18 15:00:13.958084948 +0100 @@ -6,7 +6,7 @@ <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v1.8.14</param> + <param name="revision">v1.8.15</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.HmCtcq/_old 2018-12-18 15:00:13.986084906 +0100 +++ /var/tmp/diff_new_pack.HmCtcq/_new 2018-12-18 15:00:13.986084906 +0100 @@ -5,4 +5,4 @@ <param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param> <param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param> - <param name="changesrevision">52e4d43ba395c950c9d2121ca55b105ed54a85a4</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">6b6a350afe3b08a1a60c80fe9120a1c9d10448ef</param></service></servicedata> \ No newline at end of file ++++++ haproxy-1.8.14~git0.52e4d43b.tar.gz -> haproxy-1.8.15~git0.6b6a350a.tar.gz ++++++ ++++ 2744 lines of diff (skipped)