File _patchinfo of Package patchinfo.14774

<patchinfo incident="14774">
  <issue tracker="bnc" id="1169457">Update Haproxy with the latest bugfixing from Upstream</issue>
  <packager>yandroskaos</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for haproxy</summary>
  <description>This update for haproxy fixes the following issues:

- Update from version 2.0.10+git0.ac198b92 to version 2.0.14. (bsc#1169457)
  * BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
  * BUG/MAJOR: dns: add minimalist error processing on the Rx path
  * BUG/MAJOR: hashes: fix the signedness of the hash inputs
  * BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
  * BUG/MAJOR: list: fix invalid element address calculation
  * BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty.
  * BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
  * BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
  * BUG/MEDIUM: 0rtt: Only consider the SSL handshake.
  * BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
  * BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting.
  * BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready.
  * BUG/MEDIUM: cli: _getsocks must send the peers sockets
  * BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
  * BUG/MEDIUM: connection: add a mux flag to indicate splice usability
  * BUG/MEDIUM: connections: Don't forget to unlock when killing a connection.
  * BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection.
  * BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
  * BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
  * BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd
  * BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied
  * BUG/MEDIUM: kqueue: Make sure we report read events even when no data.
  * BUG/MEDIUM: listener/thread: fix a race when pausing a listener
  * BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept()
  * BUG/MEDIUM: listener: only consider running threads when resuming listeners
  * BUG/MEDIUM: memory: Add a rwlock before freeing memory.
  * BUG/MEDIUM: memory_pool: Update the seq number in pool_flush().
  * BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
  * BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary
  * BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch
  * BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers"
  * BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed().
  * BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
  * BUG/MEDIUM: mworker: remain in mworker mode during reload
  * BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
  * BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error
  * BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
  * BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
  * BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
  * BUG/MEDIUM: random: initialize the random pool a bit better
  * BUG/MEDIUM: session: do not report a failure when rejecting a session
  * BUG/MEDIUM: shctx: make sure to keep all blocks aligned
  * BUG/MEDIUM: ssl: Don't forget to free ctx-&gt;ssl on failure.
  * BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
  * BUG/MEDIUM: ssl: Revamp the way early data are handled.
  * BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
  * BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
  * BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
  * BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity().
  * BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
  * BUG/MINOR: 51d: Fix bug when HTX is enabled
  * BUG/MINOR: cache: Fix leak of cache name in error path
  * BUG/MINOR: channel: inject output data at the end of output
  * BUG/MINOR: checks/threads: use ha_random() and not rand()
  * BUG/MINOR: checks: refine which errno values are really errors.
  * BUG/MINOR: cli/mworker: can't start haproxy with 2 programs
  * BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2
  * BUG/MINOR: connection: make sure to correctly tag local PROXY connections
  * BUG/MINOR: connections: Make sure we free the connection on failure.
  * BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones
  * BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only
  * BUG/MINOR: dns: Make dns_query_id_seed unsigned
  * BUG/MINOR: dns: allow 63 char in hostname
  * BUG/MINOR: dns: allow srv record weight set to 0
  * BUG/MINOR: dns: ignore trailing dot
  * BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
  * BUG/MINOR: filters: Forward everything if no data filters are called
  * BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
  * BUG/MINOR: h1: Report the right error position when a header value is invalid
  * BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
  * BUG/MINOR: haproxy/threads: try to make all threads leave together
  * BUG/MINOR: haproxy: always initialize sleeping_thread_mask
  * BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters
  * BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
  * BUG/MINOR: http-ana: Reset request analysers on a response side error
  * BUG/MINOR: http-ana: Reset request analysers on error when waiting for response
  * BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty
  * BUG/MINOR: http-rules: Fix a typo in the reject action function
  * BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
  * BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
  * BUG/MINOR: http: http-request replace-path duplicates the query string
  * BUG/MINOR: http_act: don't check capture id in backend
  * BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
  * BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
  * BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
  * BUG/MINOR: listener/threads: always use atomic ops to clear the FD events
  * BUG/MINOR: listener: also clear the error flag on a paused listener
  * BUG/MINOR: listener: do not immediately resume on transient error
  * BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
  * BUG/MINOR: listener: fix off-by-one in state name check
  * BUG/MINOR: log: fix minor resource leaks on logformat error path
  * BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
  * BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added
  * BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
  * BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
  * BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send()
  * BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers
  * BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
  * BUG/MINOR: pattern: Do not pass len = 0 to calloc()
  * BUG/MINOR: pattern: handle errors from fgets when trying to load patterns
  * BUG/MINOR: peers: Use after free of "peers" section.
  * BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
  * BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
  * BUG/MINOR: proxy: Fix input data copy when an error is captured
  * BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state
  * BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
  * BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
  * BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
  * BUG/MINOR: sample: always check converters' arguments
  * BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
  * BUG/MINOR: sample: fix the json converter's endian-sensitivity
  * BUG/MINOR: server: make "agent-addr" work on default-server line
  * BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer.
  * BUG/MINOR: ssl: certificate choice can be unexpected with openssl &gt;= 1.1.1
  * BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
  * BUG/MINOR: ssl: we may only ignore the first 64 errors
  * BUG/MINOR: stats: Fix color of draining servers on stats page
  * BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing
  * BUG/MINOR: stktable: report the current proxy name in error messages
  * BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached
  * BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
  * BUG/MINOR: stream: don't mistake match rules for store-request rules
  * BUG/MINOR: stream: init variables when the list is empty
  * BUG/MINOR: tasks: only requeue a task if it was already in the queue
  * BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing
  * BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
  * BUG/MINOR: tcp: don't try to set defaultmss when value is negative
  * BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack
  * BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
  * BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
  * DOC: Clarify behavior of server maxconn in HTTP mode
  * DOC: Improve documentation of http-re(quest|sponse) replace-(header|value|uri)
  * DOC: assorted typo fixes in the documentation
  * DOC: assorted typo fixes in the documentation and Makefile
  * DOC: clarify matching strings on binary fetches
  * DOC: clarify the fact that replace-uri works on a full URI
  * DOC: configuration.txt: fix various typos
  * DOC: document the listener state transitions
  * DOC: fix incorrect indentation of http_auth_*
  * DOC: fix typo about no-tls-tickets
  * DOC: improve description of no-tls-tickets
  * DOC: internals: Fix spelling errors in filters.txt
  * DOC: listeners: add a few missing transitions
  * DOC: move the "group" keyword at the right place
  * DOC: proxies: HAProxy only supports 3 connection modes
  * DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
  * DOC: remove references to the outdated architecture.txt
  * DOC: ssl: clarify security implications of TLS tickets
  * DOC: word converter ignores delimiters at the start or end of input string
  * MINOR: acl: Warn when an ACL is named 'or'
  * MINOR: backend: use a single call to ha_random32() for the random LB algo
  * MINOR: build: add linux-glibc-legacy build TARGET
  * MINOR: compiler: add new alignment macros
  * MINOR: compiler: move CPU capabilities definition from config.h and complete them
  * MINOR: config: disable busy polling on old processes
  * MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics
  * MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric
  * MINOR: debug: report the task handler's pointer relative to main
  * MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
  * MINOR: filters: Forward data only if the last filter forwards something
  * MINOR: haproxy: export main to ease access from debugger
  * MINOR: http-htx: Add a function to retrieve the headers size of an HTX message
  * MINOR: http-rules: Add a flag on redirect rules to know the rule direction
  * MINOR: http-rules: Handle the rule direction when a redirect is evaluated
  * MINOR: http: add a new "replace-path" action
  * MINOR: htx: Add a function to return a block at a specific offset
  * MINOR: ist: add an iststop() function
  * MINOR: listener: add so_name sample fetch
  * MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
  * MINOR: memory: Only init the pool spinlock once.
  * MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive
  * MINOR: ssl: Remove unused variable "need_out".
  * MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
  * MINOR: tools: add 64-bit rotate operators
  * MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
  * OPTIM: startup: fast unique_id allocation for acl.
  * SCRIPTS: announce-release: allow the user to force to overwrite old files
  * SCRIPTS: announce-release: place the send command in the mail's header
  * SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
  * SCRIPTS: make announce-release executable again
</description>
</patchinfo>
openSUSE Build Service is sponsored by