Package "haproxy"

  haproxy (2.0.29-0ubuntu1) focal; urgency=medium

  * New upstream release (LP: #1987914).
    - Major and critical bug fixes according to the upstream changelog:
      + http-ana: Always abort the request when a tarpit is triggered
      + list: fix invalid element address calculation
      + proxy_protocol: Properly validate TLV lengths
      + hpack: never index a header into the headroom after wrapping
      + stream-int: always detach a faulty endpoint on connect failure
      + stream: Mark the server address as unset on new outgoing connection
      + dns: Make the do-resolve action thread-safe
      + contrib/spoa-server: Fix unhandled python call leading to memory leak
      + mux-h2: Don't try to send data if we know it is no longer possible
      + spoe: Be sure to remove all references on a released spoe applet
      + filters: Always keep all offsets up to date during data filtering
      + peers: fix partial message decoding
      + spoa/python: Fixing return None
      + dns: fix null pointer dereference in snr_update_srv_status
      + dns: disabled servers through SRV records never recover
      + mux-h2: Properly detect too large frames when decoding headers
      + server: prevent deadlock when using 'set maxconn server'
      + htx: Fix htx_defrag() when an HTX block is expanded
      + queue: set SF_ASSIGNED when setting strm->target on dequeue
      + server: fix deadlock when changing maxconn via agent-check
      + h2: enforce stricter syntax checks on the :method pseudo-header
      + htx: fix missing header name length check in htx_add_header/trailer
      + lua: use task_wakeup() to properly run a task once
      + http/htx: prevent unbounded loop in http_manage_server_side_cookies
      + spoe: properly detach all agents when releasing the applet
      + mux-h2: Be sure to always report HTX parsing error to the app layer
      + sched: prevent rare concurrent wakeup of multi-threaded tasks
      + mux-pt: Always destroy the backend connection on detach
      + dns: multi-thread concurrency issue on UDP socket
      + mux_pt: always report the connection error to the conn_stream
    - Refresh haproxy.service-*.patch.
    - Remove patches applied by upstream in debian/patches:
      + 0001-2.0-2.3-BUG-MAJOR-htx-fix-missing-header-name-length-check-i.patch
      + 0001-BUG-CRITICAL-hpack-never-index-a-header-into-the-hea.patch
      + 2.0-0001-BUG-MAJOR-h2-enforce-checks-on-the-method-syntax-bef.patch
      + CVE-2022-0711.patch
      + lp1894879-BUG-MEDIUM-dns-*.patch

 -- Lucas Kanashiro <email address hidden> Fri, 26 Aug 2022 17:07:24 -0300

  haproxy (2.0.13-2ubuntu0.1) focal; urgency=medium

  * Backport dns related fixes from git to resolve crashes when
    using do-resolve action (LP: #1894879)
    - BUG/CRITICAL: dns: Make the do-resolve action thread safe
    - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
    - BUG/MEDIUM: dns: Don't yield in do resolve action on a final

 -- Simon Deziel <email address hidden> Tue, 08 Sep 2020 17:16:14 +0000