Bug 947987

Changelog for haproxy 1.4.23:
-----------------------------

2013/04/03 : 1.4.23
    - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
    - BUG: fix garbage data when http-send-name-header replaces an existing header
    - BUG/MEDIUM: remove supplementary groups when changing gid
    - BUG/MINOR: Correct logic in cut_crlf()
    - BUG/MINOR: config: use a copy of the file name in proxy configurations
    - BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
    - MINOR: halog: sort output by cookie code
    - BUG/MINOR: halog: -ad/-ac report the correct number of output lines
    - BUG/MINOR: halog: fix help message for -ut/-uto
    - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode
    - BUG/MEDIUM: command-line option -D must have precedence over "debug"
    - OPTIM: halog: keep a fast path for the lines-count only
    - MINOR: halog: add a parameter to limit output line count
    - BUG: halog: fix broken output limitation
    - MEDIUM: checks: avoid accumulating TIME_WAITs during checks
    - MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts
    - BUG/MAJOR: cli: show sess <id> may randomly corrupt the back-ref list
    - BUG/MINOR: http: don't report client aborts as server errors
    - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests
    - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports
    - BUG/MINOR: http: don't abort client connection on premature responses
    - BUILD: no need to clean up when making git-tar
    - MINOR: http: always report PR-- flags for redirect rules
    - BUG/MINOR: time: frequency counters are not totally accurate
    - BUG/MINOR: http: don't process abortonclose when request was sent
    - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
    - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser
    - BUG/MEDIUM: checks: ensure the health_status is always within bounds
    - CLEANUP: http: remove a useless null check
    - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
    - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
    - CLEANUP: config: slowstart is never negative
    - BUILD: improve the makefile's support for libpcre
    - BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
    - MEDIUM: halog: add support for counting per source address (-ic)
    - DOC: mention the new HTTP 307 and 308 redirect statues     (cherry picked from commit b67fdc4cd8bde202f2805d98683ddab929469a05)
    - MEDIUM: poll: do not use FD_* macros anymore
    - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
    - BUILD: enable poll() by default in the makefile
    - BUILD: add explicit support for Mac OS/X
    - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process
    - MEDIUM: http: implement redirect 307 and 308
    - MINOR: http: status 301 should not be marked non-cacheable

Also note that haproxy is considered "Tech Preview" in rhel-6.4.

(In reply to Ryan O'Hara from comment #0)
> A new upstream release of haproxy has been release that contains several bug
> fixes, including fixes for rhbz#947701 (CVE-2013-1912) and rhbz#903303.
> Recommend that we rebase haproxy in rhel-6.5 to upstream release 1.4.23.

Changing to target rebase of upstream release 1.4.24, which contains fix for rhbz#974263 (CVE-2013-2175).

Changelog for haproxy 1.4.24:
-----------------------------

2013/06/17 : 1.4.24
    - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances
    - BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks are used
    - MEDIUM: protocol: implement a "drain" function in protocol layers
    - BUG/CRITICAL: fix a possible crash when using negative header occurrences

I have verified that haproxy version is 1.4.24.

# yum install haproxy
Loaded plugins: product-id, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package haproxy.x86_64 0:1.4.24-2.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================
 Package    Arch                  Version                     Repository                          Size
======================================================================
Installing:
 haproxy                x86_64                1.4.24-2.el6                beaker-LoadBalancer                456 k

Transaction Summary
======================================================================
Install       1 Package(s)

Total download size: 456 k
Installed size: 1.5 M
Is this ok [y/N]: y
Downloading Packages:
haproxy-1.4.24-2.el6.x86_64.rpm                                                             | 456 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : haproxy-1.4.24-2.el6.x86_64                         1/1 
  Verifying  : haproxy-1.4.24-2.el6.x86_64                         1/1 

Installed:
  haproxy.x86_64 0:1.4.24-2.el6                                             

Complete!

# rpm -ql haproxy | grep bin
/usr/bin/halog
/usr/sbin/haproxy

# /usr/sbin/haproxy -v
HA-Proxy version 1.4.24 2013/06/17
Copyright 2000-2013 Willy Tarreau <w>

# service haproxy start
Starting haproxy: [  OK  ]

# ps axf | grep haproxy
 5712 pts/0    S+     0:00          \_ grep haproxy
 5696 ?        Ss     0:00 /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg \
-p /var/run/haproxy.pid

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1619.html