Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade HAProxy to 1.5.14 for security fix #283

Closed
djensen47 opened this issue Jul 27, 2015 · 3 comments
Closed

Upgrade HAProxy to 1.5.14 for security fix #283

djensen47 opened this issue Jul 27, 2015 · 3 comments
Assignees
@jperkin

Comments

@djensen47
Copy link

I just installed HAProxy on 14.4.2 14.2.2 and the HAProxy version available is 1.5.9.

It appears there is a security fix and it is recommended that everybody upgrade to 1.5.14

From HAProxy News:

July, 3rd, 2015 : 1.5.14 : fixes an information leak vulnerability (CVE-2015-3281)

A vulnerability was found when HTTP pipelining is used. In some cases, a client might be able to cause a buffer alignment issue and retrieve uninitialized memory contents that exhibit data from a past request or session. I want to address sincere congratulations to Charlie Smurthwaite of aTech Media for the really detailed traces he provided which made it possible to find the cause of this bug. Every user of 1.5-dev, 1.5.x or 1.6-dev must upgrade to 1.5.14 or latest 1.6-dev snapshot to fix this issue, or use the backport of the fix provided by their operating system vendors. CVE-2015-3281 was assigned to this bug. Code and changelog are available here as usual.
@rmustacc
Copy link

It looks like this also effects the 2014 Q4 LTS release. The 2014 Q2 releases are generally no longer being supported.

@djensen47
Copy link
Author

Sorry, typo in the original post should be 14.4.2.

jperkin referenced this issue Jul 29, 2015
net/haproxy: backport updates to 1.5.14
f206d20 
TritonDataCenter/pkgsrc#283
@jperkin jperkin self-assigned this Jul 29, 2015
@jperkin
Copy link
Collaborator

jperkin commented Jul 29, 2015

This is now available.

@jperkin jperkin closed this as completed Jul 29, 2015
jperkin pushed a commit that referenced this issue Aug 9, 2015
Update to 0.9.7.0.
35dc237 
(libreoffice still builds.)

02/08/2015 - GLM 0.9.7.0 released

    Features:
    Added GTC_color_space: convertLinearToSRGB and convertSRGBToLinear functions
    Added 'fmod' overload to GTX_common with tests #308
    Added left handed perspective and lookAt functions #314
    Added functions eulerAngleXYZ and extractEulerAngleXYZ #311
    Added GTX_hash to perform std::hash on GLM types #320 #367
    Added GTX_wrap for texcoord wrapping
    Added static components and precision members to all vector and quat types #350
    Added .gitignore #349
    Added support of defaulted functions to GLM types, to use them in unions #366

    Improvements:
    Changed usage of __has_include to support Intel compiler #307
    Specialized integer implementation of YCoCg-R #310
    Don't show status message in 'FindGLM' if 'QUIET' option is set. #317
    Added master branch continuous integration service on Linux 64 #332
    Clarified manual regarding angle unit in GLM, added FAQ 11 #326
    Updated list of compiler versions

    Fixes:
    Fixed default precision for quat and dual_quat type #312
    Fixed (u)int64 MSB/LSB handling on BE archs #306
    Fixed multi-line comment warning in g++ #315
    Fixed specifier removal by 'std::make_pair' #333
    Fixed perspective fovy argument documentation #327
    Removed -m64 causing build issues on Linux 32 #331
    Fixed isfinite with C++98 compilers #343
    Fixed Intel compiler build error on Linux #354
    Fixed use of libstdc++ with Clang #351
    Fixed quaternion pow #346
    Fixed decompose warnings #373
    Fixed matrix conversions #371

    Deprecation:
    Removed integer specification for 'mod' in GTC_integer #308
    Removed GTX_multiple, replaced by GTC_round

Download: GLM 0.9.7.0 (ZIP, 4.2 MB) (7Z, 2.8 MB)

15/02/2015 - GLM 0.9.6.3 released

    Fixes:
    Fixed Android doesn't have C++ 11 STL #284

Download: GLM 0.9.6.3 (ZIP, 4.1 MB) (7Z, 2.7 MB)

15/02/2015 - GLM 0.9.6.2 released

    Features:
    Added display of GLM version with other GLM_MESSAGES
    Added ARM instruction set detection

    Improvements:
    Removed assert for perspective with zFar < zNear #298
    Added Visual Studio natvis support for vec1, quat and dualqual types
    Cleaned up C++11 feature detections
    Clarify GLM licensing

    Fixes:
    Fixed faceforward build #289
    Fixed conflict with Xlib #define True 1 #293
    Fixed decompose function VS2010 templating issues #294
    Fixed mat4x3 = mat2x3 * mat4x2 operator #297
    Fixed warnings in F2x11_1x10 packing function in GTC_packing #295
    Fixed Visual Studio natvis support for vec4 #288
    Fixed GTC_packing *pack*norm*x* build and added tests #292
    Disabled GTX_scalar_multiplication for GCC, failing to build tests #242
    Fixed Visual C++ 2015 constexpr errors: Disabled only partial support
    Fixed functions not inlined with Clang #302
    Fixed memory corruption (undefined behaviour) #303

Download: GLM 0.9.6.2 (ZIP, 4.1 MB) (7Z, 2.7 MB)

10/12/2014 - GLM 0.9.6.1 released

GLM 0.9.6.0 came with its set of major glitches: C++98 only mode, 32 bit build, Cuda and Android support should all be fixed in GLM 0.9.6.1 release.

    Features:
    Added GLM_LANG_CXX14_FLAG and GLM_LANG_CXX1Z_FLAG language feature flags
    Added C++14 detection

    Improvements:
    Clean up GLM_MESSAGES compilation log to report only detected capabilities

    Fixes:
    Fixed scalar uaddCarry build error with Cuda #276
    Fixed C++11 explicit conversion operators detection #282
    Fixed missing explicit convertion when using integer log2 with *vec1 types
    Fixed 64 bits integer GTX_string_cast to_string on VC 32 bit compiler
    Fixed Android build issue, STL C++11 is not supported by the NDK #284
    Fixed unsupported _BitScanForward64 and _BitScanReverse64 in VC10
    Fixed Visual C++ 32 bit build #283
    Fixed GLM_FORCE_SIZE_FUNC pragma message
    Fixed C++98 only build
    Fixed conflict between GTX_compatibility and GTC_quaternion #286
    Fixed C++ language restriction using GLM_FORCE_CXX**

Download: GLM 0.9.6.1 (ZIP, 4.1 MB) (7Z, 2.7 MB)

30/11/2014 - GLM 0.9.6.0 released

GLM 0.9.6.0 is available with many changes.
Transition from degrees to radians compatibility break and GLM 0.9.5.4 help

One of the long term issue with GLM is that some functions were using radians, functions from GLSL and others were using degrees, functions from GLU or legacy OpenGL.

In GLM 0.9.5, we can use GLM_FORCE_RADIANS to force all GLM functions to adopt radians.
In GLM 0.9.5 in degrees:

    #include <glm/mat4.hpp>
    #include <glm/gtc/matrix_tansform.hpp>
    glm::mat4 my_rotateZ(glm::mat4 const & m, float angleInRadians)
    {
    return glm::rotate(m, glm::degrees(angleInRadians), glm::vec3(0.0, 0.0, 1.0));
    }

In GLM 0.9.5 in radians:

    #define GLM_FORCE_RADIANS
    #include <glm/mat4.hpp>
    #include <glm/gtc/matrix_tansform.hpp>
    glm::mat4 my_rotateZ(glm::mat4 const & m, float angleInRadians)
    {
    return glm::rotate(m, angleInRadians, glm::vec3(0.0, 0.0, 1.0));
    }

In GLM 0.9.6 in radians only:

    #include <glm/mat4.hpp>
    #include <glm/gtc/matrix_tansform.hpp>
    glm::mat4 my_rotateZ(glm::mat4 const & m, float angleInRadians)
    {
    return glm::rotate(m, angleInRadians, glm::vec3(0.0, 0.0, 1.0));
    }

In GLM 0.9.6 if you what to use degrees anyway:

    #include <glm/mat4.hpp>
    #include <glm/gtc/matrix_tansform.hpp>
    glm::mat4 my_rotateZ(glm::mat4 const & m, float angleInDegrees)
    {
    return glm::rotate(m, glm::radians(angleInDegrees), glm::vec3(0.0, 0.0, 1.0));
    }

GLM 0.9.5 will show warning messages at compilation each time a function taking degrees is used.
GLM: rotate function taking degrees as a parameter is deprecated. #define GLM_FORCE_RADIANS before including GLM headers to remove this message.

If you are using a version of GLM older than GLM 0.9.5.1, update to GLM 0.9.5.4 before transitioning to GLM 0.9.6 to get this help in that process.
Make sure to build and run successfully your application with GLM 0.9.5 with GLM_FORCE_RADIANS, before transistioning to GLM 0.9.6

Finally, here is a list of all the functions that could use degrees in GLM 0.9.5.4 that requires radians in GLM 0.9.6: rotate (matrices and quaternions), perspective, perspectiveFov, infinitePerspective, tweakedInfinitePerspective, roll, pitch, yaw, angle, angleAxis, polar, euclidean, rotateNormalizedAxis, rotateX, rotateY, rotateZ and orientedAngle.
Using GLM template types

There are a lot of reasons for using template types: Writing new template classes and functions or defining new types. Unfortunately, until GLM 0.9.5, GLM template types were defined into the detail namespace indicating there are implementation details that may changed.

With GLM 0.9.6, template types are accessible from the GLM namespace and guarantee to be stable onward.
Example of template functions, GLM 0.9.5 and 0.9.6 style:

    #include <glm/geometry.hpp>
    #include <glm/exponential.hpp>
    template <typename vecType>
    typename vecType::value_type normalizeDot(vecType const & a, vecType const & b)
    {
    return glm::dot(a, b) * glm::inversesqrt(glm::dot(a, a) * glm::dot(b, b));
    }
    #include <glm/vec4.hpp>
    int main()
    {
    return normalizeDot(glm::vec4(2.0), glm::vec4(2.0)) > 0.0f ? 0 : 1
    }

Example of template functions, alternative GLM 0.9.6 style:

    #include <glm/geometry.hpp>
    #include <glm/exponential.hpp>
    template <typename T, template <typename, glm::precision> class vecType>
    T normalizeDot(vecType<T, P> const & a, vecType<T, P> const & b)
    {
    return glm::dot(a, b) * glm::inversesqrt(glm::dot(a, a) * glm::dot(b, b));
    }
    #include <glm/vec4.hpp>
    int main()
    {
    return normalizeDot(glm::vec4(2.0), glm::vec4(2.0)) > 0.0f ? 0 : 1
    }

Example of typedefs with GLM 0.9.6:

    #include <cstddef>
    #include <glm/vec4.hpp>
    #include <glm/mat4.hpp>
    typedef glm::tvec4<std::size_t> size4;
    typedef glm::tvec4<long double, glm::highp> ldvec4;
    typedef glm::tmat4x4<long double, glm::highp> ldmat4x4;

Optimizations

With GLM 0.9.5, the library started to tackle the issue of compilation time by introducing forward declarations through <glm/fwd.hpp> but also by providing an alternative to the monolithic <glm/glm.hpp> headers with <glm/vec2.hpp>, <glm/mat3x2.hpp> and <glm/common.hpp>, etc.

With GLM 0.9.6, the library took advantage of dropping old compilers to replace preprocessor instantiation of the code by template instantiation. The issue of preprocessor instantiation (among them!) is that all the code is generated even if it is never used resulting in building and compiling much bigger header files.

Furthermore, a lot of code optimizations have been done to provide better performance at run time by leveraging integer bitfield tricks and compiler intrinsics. The test framework has been extended to include performance tests. The total code size of the tests is now 50% of the library code which is still not enough but pretty solid.
Compilers support

GLM 0.9.6 removed support for a lot of old compiler versions. If you are really insisting in using an older compiler, you are welcome to keep using GLM 0.9.5.

    Supported compilers by GLM 0.9.6:
    Apple Clang 4.0 and higher
    CUDA 4.0 and higher
    GCC 4.4 and higher
    LLVM 3.0 and higher
    Intel C++ Composer XE 2013 and higher
    Visual Studio 2010 and higher
    Any conform C++98 compiler

Lisence

Finally, GLM is changing Lisence to adopt the Happy Bunny Lisence.
Release note

    Features:
    Exposed template vector and matrix types in 'glm' namespace #239, #244
    Added GTX_scalar_multiplication for C++ 11 compiler only #242
    Added GTX_range for C++ 11 compiler only #240
    Added closestPointOnLine function for tvec2 to GTX_closest_point #238
    Added GTC_vec1 extension, *vec1 support to *vec* types
    Updated GTX_associated_min_max with vec1 support
    Added support of precision and integers to linearRand #230
    Added Integer types support to GTX_string_cast #249
    Added vec3 slerp #237
    Added GTX_common with isdenomal #223
    Added GLM_FORCE_SIZE_FUNC to replace .length() by .size() #245
    Added GLM_FORCE_NO_CTOR_INIT
    Added 'uninitialize' to explicitly not initialize a GLM type
    Added GTC_bitfield extension, promoted GTX_bit
    Added GTC_integer extension, promoted GTX_bit and GTX_integer
    Added GTC_round extension, promoted GTX_bit
    Added GLM_FORCE_EXPLICIT_CTOR to require explicit type conversions #269
    Added GTX_type_aligned for aligned vector, matrix and quaternion types

    Improvements:
    Rely on C++11 to implement isinf and isnan
    Removed GLM_FORCE_CUDA, Cuda is implicitly detected
    Separated Apple Clang and LLVM compiler detection
    Used pragma once
    Undetected C++ compiler automatically compile with GLM_FORCE_CXX98 and GLM_FORCE_PURE
    Added not function (from GLSL specification) on VC12
    Optimized bitfieldReverse and bitCount functions
    Optimized findLSB and findMSB functions
    Optimized matrix-vector multiple performance with Cuda #257, #258
    Reduced integer type redifinitions #233
    Rewrited of GTX_fast_trigonometry #264 #265
    Made types trivially copyable #263
    Removed iostream in GLM tests
    Used std features within GLM without redeclaring
    Optimized cot function #272
    Optimized sign function #272
    Added explicit cast from quat to mat3 and mat4 #275

    Fixes:
    Fixed std::nextafter not supported with C++11 on Android #217
    Fixed missing value_type for dual quaternion
    Fixed return type of dual quaternion length
    Fixed infinite loop in isfinite function with GCC #221
    Fixed Visual Studio 14 compiler warnings
    Fixed implicit conversion from another tvec2 type to another tvec2 #241
    Fixed lack of consistency of quat and dualquat constructors
    Fixed uaddCarray #253
    Fixed float comparison warnings #270

    Deprecation:
    Removed degrees for function parameters
    Removed GLM_FORCE_RADIANS, active by default
    Removed VC 2005 / 8 and 2008 / 9 support
    Removed GCC 3.4 to 4.5 support
    Removed LLVM GCC support
    Removed LLVM 2.6 to 2.9 support
    Removed CUDA 3.0 to 4.0 support
jperkin pushed a commit that referenced this issue Jan 9, 2016
Update ruby-http to 1.0.1.
dcb4c0b 
## 1.0.1 (2015-12-27)

* [#283](httprb/http#283):
  Use io/wait on supported platforms.
  ([@tarcieri])

## 1.0.0 (2015-12-25)

* [#265](httprb/http#265):
  Remove deprecations ([@tarcieri]):
  - HTTP::Chainable#with_follow (use #follow)
  - HTTP::Chainable#with, #with_headers (use #headers)
  - HTTP::Chainable#auth(:basic, ...) (use #basic_auth)
  - HTTP::Chainable#default_headers (use #default_options[:headers])
  - HTTP::Headers#append (use #add)
  - HTTP::Options#[] hash-like API deprecated in favor of explicit methods
  - HTTP::Request#request_header (use #headline)
  - HTTP::Response::STATUS_CODES (use HTTP::Status::REASONS)
  - HTTP::Response::SYMBOL_TO_STATUS_CODE (no replacement)
  - HTTP::Response#status_code (use #status or #code)
  - HTTP::Response::Status#symbolize (use #to_sym)

* [#269](httprb/http#273):
  Close connection in case of error during request.
  ([@ixti])

* [#271](httprb/http#273):
  High-level exception wrappers for low-level I/O errors.
  ([@ixti])

* [#273](httprb/http#273):
  Add encoding option.
  ([@Connorhd])

* [#275](httprb/http#273):
  Support for disabling Nagle's algorithm with `HTTP.nodelay`.
  ([@nerdrew])

* [#276](httprb/http#276)
  Use Encoding::BINARY as the default encoding for HTTP::Response::Body.
  ([@tarcieri])

* [#278](httprb/http#278)
  Use an options hash for HTTP::Request initializer API.
  ([@ixti])

* [#279](httprb/http#279)
  Send headers and body in one write if possible.
  This avoids a pathological case in Nagle's algorithm.
  ([@tarcieri])

* [#281](httprb/http#281)
  Remove legacy 'Http' constant alias to 'HTTP'.
  ([@tarcieri])
jperkin pushed a commit that referenced this issue Mar 20, 2017
Update ruby-zip to 1.2.1.
b55f23f 
v1.2.1

* Add accessor to @internal_file_attributes #304
* Extended globbing #303
* README updates #283, #289
* Cleanup after tests #298, #306
* Fix permissions on new zip files #294, #300
* Fix examples #297
* Support cp932 encoding #308
* Fix Directory traversal vulnerability #315
* Allow open_buffer to work without a given block #314
jperkin pushed a commit that referenced this issue Mar 20, 2017
Update ruby-tilt to 2.0.7.
5e6a436 
## 2.0.7 (2017-03-19)

* Do not modify BasicObject during template compilation on ruby 2.0+ (#309, jeremyevans)

## 2.0.6 (2017-01-26)

* Add support for LiveScript (#286, @Announcement Jacob Francis Powers)
* Add support for Sigil (#302, winebarrel)
* Add support for Erubi (#308, jeremyevans)
* Add support for options in Liquid (#298, #299, laCour)
* Always sort locals by strings (#307, jeremyevans)

* Fix test warnings (#305, amatsuda)
* Fix indentation (#293, yui-knk)
* Use SVG badges in README (#294, vasinov)
* Fix typo and trailing space (#295, #296, karloescota)

## 2.0.5 (2016-06-02)

* Add support for reST using Pandoc (#284, mfenner)
* Make lazy loading thread-safe; remove warning (judofyr)

## 2.0.4 (2016-05-16)

* Fix regression in BuilderTemplate (#283, judofyr)

## 2.0.3 (2016-05-12)

* Add Pandoc support (#276, jmuheim)
* Add CommonMark support (#282, raphink)
* Add TypeScript support (#278, nghitran)
* Work with frozen string literal (#274, jeremyevans)
* Add MIME type for Babel (#273, SaitoWu)

## 2.0.2 (2016-01-06)

* Pass options to Redcarpet (#250, hughbien)
* Haml: Improve error message on frozen self (judofyr)
* Add basic support for Babel (judofyr)
* Add support for .litcoffee (#243, judofyr, mr-vinn)
* Document Tilt::Cache (#266, tommay)
* Sort local keys for better caching (#257, jeremyevans)
* Add more CSV options (#256, Juanmcuello)
* Add Prawn template (kematzy)
* Improve cache-miss performance in Tilt::Cache (#251, tommay)
* Add man page (#241, josephholsten)
* Support YAML/JSON data in bin/tilt (#241, josephholsten)

## 2.0.1 (2014-03-21)

* Fix Tilt::Mapping bug in Ruby 2.1.0 (9589652c569760298f2647f7a0f9ed4f85129f20)
* Fix `tilt --list` (#223, Achrome)
* Fix circular require (#221, amarshall)

## 2.0.0 (2013-11-30)

* Support Pathname in Template#new (#219, kabturek)
* Add Mapping#templates_for (judofyr)
* Support old-style #register (judofyr)
* Add Handlebars as external template engine (#204, judofyr, jimothyGator)
* Add org-ruby as external template engine (#207, judofyr, minad)
* Documentation typo (#208, elgalu)

## 2.0.0.beta1 (2013-07-16)

* Documentation typo (#202, chip)
* Use YARD for documentation (#189, judofyr)
* Add Slim as an external template engine (judofyr)
* Add Tilt.templates_for (#121, judofyr)
* Add Tilt.current_template (#151, judofyr)
* Avoid loading all files in tilt.rb (#160, #187, judofyr)
* Implement lazily required templates classes (#178, #187, judofyr)
* Move #allows_script and default_mime_type to metadata (#187, judofyr)
* Introduce Tilt::Mapping (#187, judofyr)
* Make template compilation thread-safe (#191, judofyr)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jperkin jperkin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jperkin @djensen47 @rmustacc