Advisories ยป MGAA-2025-0030

Updated haproxy packages fix some bugs

Publication date: 17 Mar 2025
Modification date: 17 Mar 2025
Type: bugfix
Affected Mageia releases : 9

Description

Haproxy has two major, a few medium and a few minor bugs fixed in the last
upstream version 2.8.14 of branch 2.8.

Fixed major bug list:
- quic: reject too large CRYPTO frames
- quic: fix wrong packet building due to already acked frames

Fixed medium bug list:
- checks: make sure to always apply offsets to now_ms in expiration
- debug: don't set the STUCK flag from debug_handler()
- debug: on panic, make the target thread automatically allocate its buf
- event_hdl: fix uninitialized value in async mode when no data is provided
- h3: Increase max number of headers when sending headers
- h3: Properly limit the number of headers received
- http-ana: Don't release too early the L7 buffer
- http-ana: Reset request flag about data sent to perform a L7 retry
- mailers: make sure to always apply offsets to now_ms in expiration
- mux-h1: Fix how timeouts are applied on H1 connections
- mux-h1/mux-h2: Reject upgrades with payload on H2 side only
- mux-h1: Properly close H1C if an error is reported before sending data
- mux-h2: Check the number of headers in HEADERS frame after decoding
- mux-h2: Don't send RST_STREAM frame for streams with no ID
- mux-h2: Increase max number of headers when encoding HEADERS frames
- pattern: prevent uninitialized reads in pat_match_{str,beg}
- pools/memprofile: always clean stale pool info on pool_destroy()
- queue: always dequeue the backend when redistributing the last server
- queue: Make process_srv_queue return the number of streams
- queue: make sure never to queue when there's no more served conns
- queues: Do not use pendconn_grab_from_px().
- queues: Make sure we call process_srv_queue() when leaving
- quic: handle retransmit for standalone FIN STREAM
- quic: prevent crash due to CRYPTO parsing error
- quic: support wait-for-handshake
- resolvers: Insert a non-executed resulution in front of the wait list
- sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set
- stconn: Don't forward shut for SC in connecting state
- stconn: Only consider I/O timers to update stream's expiration date
- stconn: Really report blocked send if sends are blocked by an error
- stktable: fix missing lock on some table converters
- stream: make stream_shutdown() async-safe
                

References

SRPMS

9/core