Bug 947987
Summary: | haproxy: Rebase to upstream version 1.4.24 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Ryan O'Hara <rohara> |
Component: | haproxy | Assignee: | Ryan O'Hara <rohara> |
Status: | CLOSED ERRATA | QA Contact: | Brandon Perkins <bperkins> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.5 | CC: | djansa, lnovich, mnovacek, perobins |
Target Milestone: | rc | Keywords: | Rebase, TechPreview |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | haproxy-1.4.24-1.el6 | Doc Type: | Technology Preview |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-21 11:27:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 903303, 947701, 974263 |
Description
Ryan O'Hara
2013-04-03 17:25:13 UTC
Changelog for haproxy 1.4.23: ----------------------------- 2013/04/03 : 1.4.23 - CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read - BUG: fix garbage data when http-send-name-header replaces an existing header - BUG/MEDIUM: remove supplementary groups when changing gid - BUG/MINOR: Correct logic in cut_crlf() - BUG/MINOR: config: use a copy of the file name in proxy configurations - BUG/MINOR: epoll: correctly disable FD polling in fd_rem() - MINOR: halog: sort output by cookie code - BUG/MINOR: halog: -ad/-ac report the correct number of output lines - BUG/MINOR: halog: fix help message for -ut/-uto - BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode - BUG/MEDIUM: command-line option -D must have precedence over "debug" - OPTIM: halog: keep a fast path for the lines-count only - MINOR: halog: add a parameter to limit output line count - BUG: halog: fix broken output limitation - MEDIUM: checks: avoid accumulating TIME_WAITs during checks - MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts - BUG/MAJOR: cli: show sess <id> may randomly corrupt the back-ref list - BUG/MINOR: http: don't report client aborts as server errors - BUG/MINOR: http: don't log a 503 on client errors while waiting for requests - BUG/MEDIUM: tcp: process could theorically crash on lack of source ports - BUG/MINOR: http: don't abort client connection on premature responses - BUILD: no need to clean up when making git-tar - MINOR: http: always report PR-- flags for redirect rules - BUG/MINOR: time: frequency counters are not totally accurate - BUG/MINOR: http: don't process abortonclose when request was sent - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait() - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser - BUG/MEDIUM: checks: ensure the health_status is always within bounds - CLEANUP: http: remove a useless null check - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage - CLEANUP: config: slowstart is never negative - BUILD: improve the makefile's support for libpcre - BUG/MINOR: checks: fix an warning introduced by commit 2f61455a - MEDIUM: halog: add support for counting per source address (-ic) - DOC: mention the new HTTP 307 and 308 redirect statues (cherry picked from commit b67fdc4cd8bde202f2805d98683ddab929469a05) - MEDIUM: poll: do not use FD_* macros anymore - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE - BUILD: enable poll() by default in the makefile - BUILD: add explicit support for Mac OS/X - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process - MEDIUM: http: implement redirect 307 and 308 - MINOR: http: status 301 should not be marked non-cacheable Also note that haproxy is considered "Tech Preview" in rhel-6.4. (In reply to Ryan O'Hara from comment #0) > A new upstream release of haproxy has been release that contains several bug > fixes, including fixes for rhbz#947701 (CVE-2013-1912) and rhbz#903303. > Recommend that we rebase haproxy in rhel-6.5 to upstream release 1.4.23. Changing to target rebase of upstream release 1.4.24, which contains fix for rhbz#974263 (CVE-2013-2175). Changelog for haproxy 1.4.24: ----------------------------- 2013/06/17 : 1.4.24 - BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances - BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks are used - MEDIUM: protocol: implement a "drain" function in protocol layers - BUG/CRITICAL: fix a possible crash when using negative header occurrences I have verified that haproxy version is 1.4.24. # yum install haproxy Loaded plugins: product-id, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package haproxy.x86_64 0:1.4.24-2.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================== Package Arch Version Repository Size ====================================================================== Installing: haproxy x86_64 1.4.24-2.el6 beaker-LoadBalancer 456 k Transaction Summary ====================================================================== Install 1 Package(s) Total download size: 456 k Installed size: 1.5 M Is this ok [y/N]: y Downloading Packages: haproxy-1.4.24-2.el6.x86_64.rpm | 456 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : haproxy-1.4.24-2.el6.x86_64 1/1 Verifying : haproxy-1.4.24-2.el6.x86_64 1/1 Installed: haproxy.x86_64 0:1.4.24-2.el6 Complete! # rpm -ql haproxy | grep bin /usr/bin/halog /usr/sbin/haproxy # /usr/sbin/haproxy -v HA-Proxy version 1.4.24 2013/06/17 Copyright 2000-2013 Willy Tarreau <w> # service haproxy start Starting haproxy: [ OK ] # ps axf | grep haproxy 5712 pts/0 S+ 0:00 \_ grep haproxy 5696 ? Ss 0:00 /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg \ -p /var/run/haproxy.pid Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1619.html |