Debian Bug report logs -
#674447
CVE-2012-2942
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 24 May 2012 18:09:01 UTC
Severity: grave
Tags: patch, security
Fixed in version haproxy/1.4.23-1
Done: Vincent Bernat <bernat@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Thu, 24 May 2012 18:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Christo Buschek <crito@30loops.net>
.
(Thu, 24 May 2012 18:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: haproxy
Severity: grave
Tags: security
Please see here for details and a patch:
https://secunia.com/advisories/49261/
http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b
Can you please check, whether stable is affected?
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Wed, 06 Jun 2012 05:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Prach Pongpanich <prachpub@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Wed, 06 Jun 2012 05:09:03 GMT) (full text, mbox, link).
Message #10 received at 674447@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This bug fixed in haproxy version 1.4.21 (- BUG/MAJOR: trash must always be
the size of a buffer).
Cheers,
--
ปรัชญ์ พงษ์พานิช
Prach Pongpanich
http://prach-public.blogspot.com
[Message part 2 (text/html, inline)]
Marked as fixed in versions haproxy/1.4.15-1.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org
.
(Sat, 23 Jun 2012 10:03:19 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org
.
(Sat, 23 Jun 2012 10:03:20 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sat, 23 Jun 2012 10:03:21 GMT) (full text, mbox, link).
Changed Bug title to 'CVE-2012-2942' from 'CVE-2012-2391'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 02 Apr 2013 18:21:12 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Tue, 02 Apr 2013 19:39:19 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Tue, 02 Apr 2013 19:39:19 GMT) (full text, mbox, link).
Message #23 received at 674447@bugs.debian.org (full text, mbox, reply):
Control: reopen -1
Hi Luk
On Sat, Jun 23, 2012 at 10:03:21AM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the haproxy package:
>
> #674447: CVE-2012-2391
>
> It has been closed by Luk Claes <luk@debian.org>.
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Luk Claes <luk@debian.org> by
> replying to this email.
I was currently looking at the list of bugs with security tag but not
tracked in the security tracker[1] and noticed #674447.
[1]: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security@lists.debian.org;exclude=tracked
Noticed that you closed this bug with version 1.4.15-1. Is this
correct? Looking at the code and the information the pach from [2]
still applies and corrects the trash and trashlen. However
/usr/share/doc/haproxy/configuration.txt.gz clearly says:
tune.bufsize <number>
Sets the buffer size to this size (in bytes). Lower values allow more
sessions to coexist in the same amount of RAM, and higher values allow some
applications with very large cookies to work. The default value is 16384 and
can be changed at build time. It is strongly recommended not to change this
from the default value, as very low values will break some services such as
statistics, and values larger than default size will increase memory usage,
possibly causing the system to run out of memory. At least the global maxconn
parameter should be decreased by the same factor as this one is increased.
So changing this from non-default value can result in the problem
(downgrading severity for the bugreport?)
[2]: http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commitdiff;h=30297cb17147a8d339eb160226bcc08c91d9530b
The mentioned patch was only applied 1.4.21 upstream.
Would be great if you could doublecheck my comment above. Or why is it
fixed in 1.4.15?
Regards,
Salvatore
Bug reopened
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 674447-submit@bugs.debian.org
.
(Tue, 02 Apr 2013 19:39:19 GMT) (full text, mbox, link).
No longer marked as fixed in versions haproxy/1.4.15-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 674447-submit@bugs.debian.org
.
(Tue, 02 Apr 2013 19:39:20 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug#674447.
(Tue, 02 Apr 2013 19:39:23 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Wed, 03 Apr 2013 06:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Wed, 03 Apr 2013 06:18:04 GMT) (full text, mbox, link).
Message #35 received at 674447@bugs.debian.org (full text, mbox, reply):
Hi Salvatore
I must have thought that the patch could not be applied as I can see
that I have looked at the path to see if I could NMU.
Cheers
Luk
On 04/02/2013 09:34 PM, Salvatore Bonaccorso wrote:
> Control: reopen -1
>
> Hi Luk
>
> On Sat, Jun 23, 2012 at 10:03:21AM +0000, Debian Bug Tracking System wrote:
>> This is an automatic notification regarding your Bug report
>> which was filed against the haproxy package:
>>
>> #674447: CVE-2012-2391
>>
>> It has been closed by Luk Claes <luk@debian.org>.
>>
>> Their explanation is attached below along with your original report.
>> If this explanation is unsatisfactory and you have not received a
>> better one in a separate message then please contact Luk Claes <luk@debian.org> by
>> replying to this email.
>
> I was currently looking at the list of bugs with security tag but not
> tracked in the security tracker[1] and noticed #674447.
>
> [1]: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=security;users=debian-security@lists.debian.org;exclude=tracked
>
> Noticed that you closed this bug with version 1.4.15-1. Is this
> correct? Looking at the code and the information the pach from [2]
> still applies and corrects the trash and trashlen. However
> /usr/share/doc/haproxy/configuration.txt.gz clearly says:
>
> tune.bufsize <number>
> Sets the buffer size to this size (in bytes). Lower values allow more
> sessions to coexist in the same amount of RAM, and higher values allow some
> applications with very large cookies to work. The default value is 16384 and
> can be changed at build time. It is strongly recommended not to change this
> from the default value, as very low values will break some services such as
> statistics, and values larger than default size will increase memory usage,
> possibly causing the system to run out of memory. At least the global maxconn
> parameter should be decreased by the same factor as this one is increased.
>
> So changing this from non-default value can result in the problem
> (downgrading severity for the bugreport?)
>
> [2]: http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commitdiff;h=30297cb17147a8d339eb160226bcc08c91d9530b
>
> The mentioned patch was only applied 1.4.21 upstream.
>
> Would be great if you could doublecheck my comment above. Or why is it
> fixed in 1.4.15?
>
> Regards,
> Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Wed, 03 Apr 2013 09:12:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Wed, 03 Apr 2013 09:12:03 GMT) (full text, mbox, link).
Message #40 received at 674447@bugs.debian.org (full text, mbox, reply):
Hi Luk
On Wed, Apr 03, 2013 at 08:14:50AM +0200, Luk Claes wrote:
> I must have thought that the patch could not be applied as I can see
> that I have looked at the path to see if I could NMU.
Thanks for the quick reply.
I will try to have second look at it too. If this is correct (needs
checking) that this is only when using non default values for
tune.bufsize then it might be downgraded to important.
Regards,
Salvatore
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug#674447.
(Wed, 03 Apr 2013 09:12:14 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Wed, 03 Apr 2013 10:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Prach Pongpanich <prachpub@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Wed, 03 Apr 2013 10:09:04 GMT) (full text, mbox, link).
Message #48 received at 674447@bugs.debian.org (full text, mbox, reply):
Hi,
CC:674447@bugs.debian.org
Thanks for your quick response.
> Why would you insist on patching a version as old as 1.4.15 ?
For the next Debain stable release.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674447
On Wed, Apr 3, 2013 at 3:09 PM, Willy Tarreau <w@1wt.eu> wrote:
> Hi,
>
> I'm not surprized, I remember that this one changed a number of things.
> And also it was bogus, I had to stuff a few other ones on top of it.
>
> Why would you insist on patching a version as old as 1.4.15 ? I'm
> maintaining a stable branch exactly to save you this painful work.
> No less than 57 bugs were fixed since, including the security issue
> I fixed last night with 1.4.23.
>
> I strongly suggest that you upgrade to 1.4.23, or that you pick all
> patches between 1.4.15 and 1.4.23 and try to removes the ones you're
> not interested in, but I don't really see the point then.
>
> Regards,
> Willy
>
Regrads,
--
Prach Pongpanich
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Wed, 03 Apr 2013 11:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Willy Tarreau <w@1wt.eu>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Wed, 03 Apr 2013 11:06:04 GMT) (full text, mbox, link).
Message #53 received at 674447@bugs.debian.org (full text, mbox, reply):
On Wed, Apr 03, 2013 at 05:08:22PM +0700, Prach Pongpanich wrote:
> Hi,
>
> CC:674447@bugs.debian.org
>
> Thanks for your quick response.
>
> > Why would you insist on patching a version as old as 1.4.15 ?
> For the next Debain stable release.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674447
Great, so I'm assuming that debian now accepts to backport bugfixes into
stable releases. This is excellent news for end users, as they will finally
be able to use the haproxy package from the distro instead of rebuilding
their own from sources!
Then at least the following list of commits should be considered since 1.4.15
for the package to be reasonable usable in production :
haproxy-1.4$ git log --oneline v1.4.15..v1.4.23 |grep BUG |grep -v MINOR
dc80672 BUG/CRITICAL: using HTTP information in tcp-request content may crash the process
f409605 BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
022ff7d BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
cf196ab BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
9e98076 BUG/MEDIUM: checks: ensure the health_status is always within bounds
e35cc95 BUG/MEDIUM: remove supplementary groups when changing gid
3072270 BUG/MEDIUM: tcp: process could theorically crash on lack of source ports
475b5ec BUG/MAJOR: cli: show sess <id> may randomly corrupt the back-ref list
ce64f84 BUG/MEDIUM: command-line option -D must have precedence over "debug"
7a883f8 BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode
3a29a1b BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches
cf7617b BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations
3cf5e41 BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
30297cb BUG/MAJOR: trash must always be the size of a buffer
497d258 BUG/MEDIUM: balance source did not properly hash IPv6 addresses
bc26a52 BUG/MAJOR: possible crash when using capture headers on TCP frontends
95e9a2b BUG: http: disable TCP delayed ACKs when forwarding content-length data
9e78c99 BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
39030be BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
1a6b510 BUG/MEDIUM: correctly disable servers tracking another disabled servers.
6df28bc BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests
3b1f837 BUG: ebtree: ebst_lookup() could return the wrong entry
445e0cd BUG: tcp: option nolinger does not work on backends
98c43b2 BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use
ad3a1b0 BUG/MEDIUM: don't trim last spaces from headers consisting only of spaces
610538e [BUG] http: trailing white spaces must also be trimmed after headers
9ebe93d [BUG] check: http-check expect + regex would crash in defaults section
And the following ones could be added too :
5083307 BUG: http: tighten the list of allowed characters in a URI
5b4d077 BUG: fix garbage data when http-send-name-header replaces an existing header
bf9e1bd BUG: checks: fix server maintenance exit sequence
f50e75b BUG: proto_tcp: set AF_INET on tproxy for use with recent kernels
ef11c03 [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
74254aa [BUG] checks: http-check expect could fail a check on multi-packet responses
Hoping this helps !
Willy
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Wed, 03 Apr 2013 15:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Prach Pongpanich <prachpub@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Wed, 03 Apr 2013 15:42:04 GMT) (full text, mbox, link).
Message #58 received at 674447@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
I attach a patch (adapt from [1]) and build passed.
[1] http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b
Regrads,
--
Prach Pongpanich
[fix-CVE-2012-2942.patch (application/octet-stream, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Fri, 05 Apr 2013 13:57:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Fri, 05 Apr 2013 13:57:09 GMT) (full text, mbox, link).
Message #63 received at 674447@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 674447 + patch
Control: tags 704611 + patch
Attached is a possible debdiff for these two (but not yet tested).
TODO remain:
- is #674447 considered to be RC or should we downgrade ad it needs a
extra tuning of tune.bufsize
- In case of an upload, will the Release Team also accept a patch for
#704611, else it should be removed again.
Regards,
Salvatore
[haproxy_1.4.15-1.1.debdiff (text/plain, attachment)]
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 674447-submit@bugs.debian.org
.
(Fri, 05 Apr 2013 13:57:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Sat, 20 Apr 2013 21:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Tomas Pospisek <tpo@sourcepole.ch>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Sat, 20 Apr 2013 21:54:04 GMT) (full text, mbox, link).
Message #70 received at 674447@bugs.debian.org (full text, mbox, reply):
As far as I can see, none of the current bug reports have any comments of
its maintainer. Is the maintainer still active and intends to maintain
this package? If not then it'd be good to officially abandon it, then it
could be picked up by somebody else.
?
*t
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Sun, 21 Apr 2013 07:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Tomas Pospisek <tpo_deb@sourcepole.ch>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Sun, 21 Apr 2013 07:15:04 GMT) (full text, mbox, link).
Message #75 received at 674447@bugs.debian.org (full text, mbox, reply):
On Sat, 20 Apr 2013, Tomas Pospisek wrote:
> As far as I can see, none of the current bug reports have any comments of its
> maintainer. Is the maintainer still active and intends to maintain this
> package? If not then it'd be good to officially abandon it, then it could be
> picked up by somebody else.
It seems that Vincent Bernat is intending to take over the package (many
thanks Vincent):
http://lists.debian.org/debian-qa/2013/04/msg00043.html
Wrt to fixing the open security problems: Ubuntu have been more actively
maintaining their haproxy package, which is based on the Debian package.
Their changelog reports fixes for CVE-2012-2942 and CVE-2013-1912:
http://changelogs.ubuntu.com/changelogs/pool/main/h/haproxy/haproxy_1.4.15-1ubuntu0.1/changelog
The package from oneiric installs cleanly on wheezy:
http://packages.ubuntu.com/oneiric/haproxy
Thanks,
*t
Information forwarded
to debian-bugs-dist@lists.debian.org, Christo Buschek <crito@30loops.net>
:
Bug#674447
; Package haproxy
.
(Sun, 21 Apr 2013 09:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Vincent Bernat <bernat@debian.org>
:
Extra info received and forwarded to list. Copy sent to Christo Buschek <crito@30loops.net>
.
(Sun, 21 Apr 2013 09:21:04 GMT) (full text, mbox, link).
Message #80 received at 674447@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
❦ 21 avril 2013 09:11 CEST, Tomas Pospisek <tpo_deb@sourcepole.ch> :
>> As far as I can see, none of the current bug reports have any
>> comments of its maintainer. Is the maintainer still active and
>> intends to maintain this package? If not then it'd be good to
>> officially abandon it, then it could be picked up by somebody else.
>
> It seems that Vincent Bernat is intending to take over the package
> (many thanks Vincent):
>
> http://lists.debian.org/debian-qa/2013/04/msg00043.html
>
> Wrt to fixing the open security problems: Ubuntu have been more
> actively maintaining their haproxy package, which is based on the
> Debian package. Their changelog reports fixes for CVE-2012-2942 and
> CVE-2013-1912:
>
> http://changelogs.ubuntu.com/changelogs/pool/main/h/haproxy/haproxy_1.4.15-1ubuntu0.1/changelog
>
> The package from oneiric installs cleanly on wheezy:
>
> http://packages.ubuntu.com/oneiric/haproxy
We will provide backports of recent haproxy versions for Wheezy shortly
after the release.
--
Keep it simple to make it faster.
- The Elements of Programming Style (Kernighan & Plauger)
[Message part 2 (application/pgp-signature, inline)]
Added tag(s) pending.
Request was from Anibal Monsalve Salazar <anibal@debian.org>
to control@bugs.debian.org
.
(Mon, 06 May 2013 20:09:11 GMT) (full text, mbox, link).
Reply sent
to Vincent Bernat <bernat@debian.org>
:
You have taken responsibility.
(Fri, 10 May 2013 15:03:35 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Fri, 10 May 2013 15:03:35 GMT) (full text, mbox, link).
Message #87 received at 674447-close@bugs.debian.org (full text, mbox, reply):
Source: haproxy
Source-Version: 1.4.23-1
We believe that the bug you reported is fixed in the latest version of
haproxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 674447@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Bernat <bernat@debian.org> (supplier of updated haproxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 06 May 2013 20:02:14 +0200
Source: haproxy
Binary: haproxy vim-haproxy
Architecture: source amd64 all
Version: 1.4.23-1
Distribution: unstable
Urgency: low
Maintainer: Debian HAProxy Maintainers <pkg-haproxy-maintainers@lists.alioth.debian.org>
Changed-By: Vincent Bernat <bernat@debian.org>
Description:
haproxy - fast and reliable load balancing reverse proxy
vim-haproxy - syntax highlighting for HAProxy configuration files
Closes: 641762 643650 649085 674447 678953 702893 704611 706890
Changes:
haproxy (1.4.23-1) unstable; urgency=low
.
[ Apollon Oikonomopoulos ]
* New upstream version (Closes: #643650, #678953)
+ This fixes CVE-2012-2942 (Closes: #674447)
+ This fixes CVE-2013-1912 (Closes: #704611)
* Ship vim addon as vim-haproxy (Closes: #702893)
* Check for the configuration file after sourcing /etc/default/haproxy
(Closes: #641762)
* Use /dev/log for logging by default (Closes: #649085)
.
[ Vincent Bernat ]
* debian/control:
+ add Vcs-* fields
+ switch maintenance to Debian HAProxy team. (Closes: #706890)
+ drop dependency to quilt: 3.0 (quilt) format is in use.
* debian/rules:
+ don't explicitly call dh_installchangelog.
+ use dh_installdirs to install directories.
+ use dh_install to install error and configuration files.
+ switch to `linux2628` Makefile target for Linux.
* debian/postrm:
+ remove haproxy user and group on purge.
* Ship a more minimal haproxy.cfg file: no `listen` blocks but `global`
and `defaults` block with appropriate configuration to use chroot and
logging in the expected way.
.
[ Prach Pongpanich ]
* debian/copyright:
+ add missing copyright holders
+ update years of copyright
* debian/rules:
+ build with -Wl,--as-needed to get rid of unnecessary depends
* Remove useless files in debian/haproxy.{docs,examples}
* Update debian/watch file, thanks to Bart Martens
Checksums-Sha1:
f398a8443724f3c6896237fb3b76dc93d66a47f9 2059 haproxy_1.4.23-1.dsc
841c6d0f9ad3fcbc7b01c17e40edc980853790f4 835938 haproxy_1.4.23.orig.tar.gz
6b8e87da4539b611f29de0570f37838183bd2010 9245 haproxy_1.4.23-1.debian.tar.gz
35034c465055b451632d5424a8e9fecf795bcdfb 417024 haproxy_1.4.23-1_amd64.deb
ccae0ca7b65097044054fc2585091895a3c2d85d 50018 vim-haproxy_1.4.23-1_all.deb
Checksums-Sha256:
cae90ad3fb7f2e0847b38822c94935ec0495200fb9001380e77e2e8e5b579e28 2059 haproxy_1.4.23-1.dsc
8d0676027a0eca9d1eb8409977ae916fe94913fbbcaf7c278021cc21d897ee6d 835938 haproxy_1.4.23.orig.tar.gz
745697404c2c5ed82fa5065da79deead850917bd399005e0167d1a07b16bc3a1 9245 haproxy_1.4.23-1.debian.tar.gz
a69b2f7dc09bb9207882d42b332e4e3577be71b1c2605fc417402227165049ac 417024 haproxy_1.4.23-1_amd64.deb
eb4a5dbc00ecf8ff1e4f733cf4618df9d638be6ea244e0d063fede3279d5b52d 50018 vim-haproxy_1.4.23-1_all.deb
Files:
cf8b6676bd27d1c65ee633a4d65e6ecf 2059 net optional haproxy_1.4.23-1.dsc
5803664782f8f1692ccbbd03555061f1 835938 net optional haproxy_1.4.23.orig.tar.gz
3f5d5dd4463792e585bc1d493574f41e 9245 net optional haproxy_1.4.23-1.debian.tar.gz
17e1d62b7c1107b1917a2636578c01c9 417024 net optional haproxy_1.4.23-1_amd64.deb
94e059c7a6af20461f6693500a4ea987 50018 net optional vim-haproxy_1.4.23-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRh/NaAAoJEJWkL+g1NSX5o8QP/inbDHXysUDT5McNBbKjvgVK
/pUUF1yU08ra2dOPHHKWBzdS2WwnZiULuuIsOrE7NRiyLCNUqnhL8rSQmVwlI0I+
vmi9yXmO21FfMxV0O8mOqxLZk4gIR1zDSGviT2AIjg/kIsHsH2gryG1KPvriCIzV
DcVLzW+x7lI+zm71GGC+QbbcaHzpzoU8YTckPoHx8zcCcOsr4Q4gFzK1MIRucCdj
109pFTu/nQYtTYRL/zM4pnd26ENDQaOjC0+NSPeVIEn5BMbXr6TDvK5Kdd5jWEYZ
7MPE6b2/49DWVBC2lbqu/zuqfNjiy6PkSx2j3EVEkw3U9kqO8cwIG5pYUvrmDgOo
IVmhdcQ2weZIsS9nws/I+DT3uiIe5ezo0tmTXE3wuD/zqHMWHRe2b+++1DTs+jyj
Ky5XaSQLd7+T4Te2JRCheWBR1OB+8er+Tk4ffY3233vy2ToMAGy5dn5zEYzKw+bo
XJWzHzKvrt6URU4Qyfvz7uMckJvqnvFAnaxtZEREbqRkHlAeCoxxucQDpR8zyAnf
p0Wt6roDJfY0V/XaKX38RI/4P+DorRi5AQzjmKzfC9b5vLuiy9aqIE9c68cCokuW
3mmGe1LlDV1KL9bwqtqTAN8Mv4IJMJBEmEexI6KbLTIlr3w2I9JfABrvDTSpgQGh
JUI3ggs8XjbOGKAiS5bB
=Yd7g
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 20 Jun 2013 07:40:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:56:35 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.