Update to 2.4.7

Resolves: (#1966688, #1998196, #1998198, #1998200, #2000621)
2021-10-13 11:31:44 -05:00 · 2021-10-13 11:31:44 -05:00 · df17da57cf
commit df17da57cf
parent e567237d4f
2 changed files with 9 additions and 2 deletions
--- a/haproxy.spec
+++ b/haproxy.spec
@ -7,7 +7,7 @@
 %global _hardened_build 1

 Name:           haproxy
-Version:        2.4.3
+Version:        2.4.7
 Release:        1%{?dist}
 Summary:        HAProxy reverse proxy for high availability environments

@ -134,6 +134,13 @@ exit 0
 %{_mandir}/man1/*

 %changelog
+* Wed Oct 13 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.7-1
+- Update to 2.4.7 (#1966688)
+- Fix domain parts in :scheme and :path fields (CVE-2021-39240, #1998196)
+- Fix spaces in the :method field (CVE-2021-39241, #1998198)
+- Fix mismatch between :authority and Host fields (CVE-2021-39242, #1998200)
+- Fix request smuggling attack or response splitting (CVE-2021-40346, #2000621)
+
 * Tue Aug 17 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.3-1
 - Update to 2.4.3 (#1966688)

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (haproxy-2.4.3.tar.gz) = 4ee11b6fd4c76d6ec3060f26bda67a8916c4f52bf1a800b921e04d2cec78b47b8b1343081935bc211f1e081b92db88130ec365161460b35ab88aa982917f82ee
+SHA512 (haproxy-2.4.7.tar.gz) = 7ad8e9bd506d6f5919ff9ea97b08a4ec283bf580baefc7945632ea5a88a73081bb3d82586855efc7b7b9194558f12823c26b7a7498ac08c3efc158ea6583ec9f