package/haproxy: security bump to version 2.4.15

Fix CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. https://www.mail-archive.com/haproxy@formilux.org/msg41963.html https://www.mail-archive.com/haproxy@formilux.org/msg41873.html Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-12-12 14:53:28 +08:00 · 2022-04-10 19:32:59 +02:00 · 2022-04-10 19:32:59 +02:00 · f09fc6f958
commit f09fc6f958
parent d485482b69
2 changed files with 3 additions and 3 deletions
--- a/package/haproxy/haproxy.hash
+++ b/package/haproxy/haproxy.hash
@ -1,5 +1,5 @@
-# From: http://www.haproxy.org/download/2.4/src/haproxy-2.4.13.tar.gz.sha256
-sha256  4788fe975fe7e521746f826c25e80bc95cd15983e2bafa33e43bff23a3fe5ba1  haproxy-2.4.13.tar.gz
+# From: http://www.haproxy.org/download/2.4/src/haproxy-2.4.15.tar.gz.sha256
+sha256  3958b17b7ee80eb79712aaf24f0d83e753683104b36e282a8b3dcd2418e30082  haproxy-2.4.15.tar.gz
 # Locally computed:
 sha256  0717ca51fceaa25ac9e5ccc62e0c727dcf27796057201fb5fded56a25ff6ca28  LICENSE
 sha256  5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a  doc/lgpl.txt
--- a/package/haproxy/haproxy.mk
+++ b/package/haproxy/haproxy.mk
@ -5,7 +5,7 @@
 ################################################################################

 HAPROXY_VERSION_MAJOR = 2.4
-HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).13
+HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).15
 HAPROXY_SITE = http://www.haproxy.org/download/$(HAPROXY_VERSION_MAJOR)/src
 HAPROXY_LICENSE = GPL-2.0+ and LGPL-2.1+ with exceptions
 HAPROXY_LICENSE_FILES = LICENSE doc/lgpl.txt doc/gpl.txt