Advisories » MGAA-2024-0203

Updated haproxy package fixes some bugs

Publication date: 28 Sep 2024
Modification date: 28 Sep 2024
Type: bugfix
Affected Mageia releases : 9

Description

Haproxy has one major, few medium and few minor bugs fixed in last upstream
version 2.8.11 of branch 2.8

Fixed major bug list:
- mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state

Fixed medium bug list:
- bwlim: Be sure to never set the analyze expiration date in past
- cache/stats: Wait to have the request before sending the response
- cli: Always release back endpoint between two commands on the mcli
- clock: also update the date offset on time jumps
- clock: detect and cover jumps during execution
- debug/cli: fix "show threads" crashing with low thread counts
- h1: Reject empty Transfer-encoding header
- h2: Only report early HTX EOM for tunneled streams
- h3: ensure the ":method" pseudo header is totally valid
- h3: ensure the ":scheme" pseudo header is totally valid
- http-ana: Report error on write error waiting for the response
- init: fix fd_hard_limit default in compute_ideal_maxconn
- init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2)
- jwt: Clear SSL error queue on error when checking the signature
- mux-h1: Properly handle empty message when an error is triggered
- mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream
- mux-pt/mux-h1: Release the pipe on connection error on sending path
- mworker/cli: fix pipelined modes on master CLI
- pattern: prevent UAF on reused pattern expr
- promex: Wait to have the request before sending the response
- queue: deal with a rare TOCTOU in assign_server_and_queue()
- queue: implement a flag to check for the dequeuing
- quic: fix possible exit from qc_check_dcid() without unlocking
- quic: fix race-condition in quic_get_cid_tid()
- quic: prevent conn freeze on 0RTT undeciphered content
- spoe: Be sure to create a SPOE applet if none on the current thread
- ssl: initialize the SSL stack explicitely
- ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
- stconn: Report error on SC on send if a previous SE error was set
- stream: Prevent mux upgrades if client connection is no longer ready
- trace: fix null deref in lockon mechanism since TRACE_ENABLED()
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33593
• https://www.haproxy.org/download/2.8/src/CHANGELOG

SRPMS

9/core

• haproxy-2.8.11-1.mga9