From a266b8a87d2ce1f70bccd8c195e9de2771b15bed Mon Sep 17 00:00:00 2001
From: lyn1001 <thistleslyn@163.com>
Date: Thu, 14 Dec 2023 14:16:32 +0800
Subject: [PATCH] Sync 22.03_next to 22.03_sp2

---
 CVE-2023-0836.patch |  8 +-------
 haproxy.spec        | 18 +++++++++++++-----
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/CVE-2023-0836.patch b/CVE-2023-0836.patch
index f708696..6767772 100644
--- a/CVE-2023-0836.patch
+++ b/CVE-2023-0836.patch
@@ -1,4 +1,4 @@
-From f988992d16f45ef03d5bbb024a1042ed8123e4c5 Mon Sep 17 00:00:00 2001
+From 2e6bf0a2722866ae0128a4392fa2375bd1f03ff8 Mon Sep 17 00:00:00 2001
 From: Youfu Zhang <zhangyoufu@gmail.com>
 Date: Fri, 9 Dec 2022 19:15:48 +0800
 Subject: [PATCH] BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
@@ -7,11 +7,6 @@ The output buffer is not zero-initialized. If we don't clear reserved
 bytes, fcgi requests sent to backend will leak sensitive data.
 
 This patch must be backported as far as 2.2.
-
-(cherry picked from commit 2e6bf0a2722866ae0128a4392fa2375bd1f03ff8)
-Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-(cherry picked from commit db03179fee55c60a92ce6b86a0f04dbb9ba0328b)
-Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
 ---
  src/fcgi.c |    8 ++++++--
  1 file changed, 6 insertions(+), 2 deletions(-)
@@ -44,4 +39,3 @@ index dcf2db2..1d1a82b 100644
  	return 1;
 -- 
 1.7.10.4
-
diff --git a/haproxy.spec b/haproxy.spec
index b28dc23..c585a84 100644
--- a/haproxy.spec
+++ b/haproxy.spec
@@ -5,7 +5,7 @@
 
 Name:             haproxy
 Version:          2.6.6
-Release:          6
+Release:          8
 Summary:          The Reliable, High Performance TCP/HTTP Load Balancer
 
 License:          GPLv2+
@@ -28,12 +28,14 @@ Patch8:           backport-BUG-MEDIUM-connection-Preserve-flags-when-a-conn-is-.
 Patch9:           backport-BUG-MINOR-protocol-fix-minor-memory-leak-in-protocol.patch
 Patch10:          backport-BUG-MEDIUM-stream-do-not-try-to-free-a-failed-stream.patch
 Patch11:          backport-BUG-MINOR-server-inherit-from-netns-in-srv_settings_.patch
-# https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5
 Patch12:          CVE-2023-0836.patch
 # https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6
 Patch13:          CVE-2023-45539.patch
 
 BuildRequires:    gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
+%ifarch sw_64
+#!BuildIgnore: gcc_secure
+%endif
 Requires(pre):    shadow-utils
 %{?systemd_requires}
 
@@ -133,10 +135,13 @@ exit 0
 %{_mandir}/man1/*
 
 %changelog
-* Wed Dec 06 2023 yaoxin <yao_xin001@hoperun.com> - 2.6.6-6
-- Fix CVE-2023-0836 and CVE-2023-45539
+* Wed Dec 06 2023 yaoxin <yao_xin001@hoperun.com> - 2.6.6-8
+- Fix CVE-2023-45539
 
-* Wed Sep 27 2023 xinghe <xinghe2@h-partners.com> - 2.6.6-5
+* Fri Dec 1 2023 liningjie <liningjie@xfusion.com> - 2.6.6-7
+- Fix CVE-2023-0836
+
+* Wed Sep 27 2023 xinghe <xinghe2@h-partners.com> - 2.6.6-6
 - Type:bugfix
 - CVE:NA
 - SUG:restart
@@ -148,6 +153,9 @@ exit 0
        protocol: fix minor memory leak in protocol_bind_all()
        stream: Perform errors handling in right order in stream_new()
        
+* Fri Aug 25 2023 panchenbo <panchenbo@kylinsec.com.cn> - 2.6.6-5
+- fix sw_64 build error
+
 * Mon Aug 21 2023 wangkai <wang_kai001@hoperun.com> - 2.6.6-4
 - Fix CVE-2023-40225
 
-- 
Gitee