From 89057599f4791f03c1ee5de836fbe2b5ea434aa9 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 11:35:12 +0200
Subject: Adding debian version 2.6.12-1+deb12u1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 ...tp-rules-verify-that-we-block-by-default-.patch | 50 ++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch

(limited to 'debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch')

diff --git a/debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch b/debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch
new file mode 100644
index 0000000..6703482
--- /dev/null
+++ b/debian/patches/REGTESTS-http-rules-verify-that-we-block-by-default-.patch
@@ -0,0 +1,50 @@
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 8 Aug 2023 19:53:51 +0200
+Subject: REGTESTS: http-rules: verify that we block '#' by default for
+ normalize-uri
+Origin: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=b6b330eb117d520a890e5b3cd623eaa73479db1b
+
+Since we now block fragments by default, let's add an extra test there
+to confirm that it's blocked even when stripping it.
+
+(cherry picked from commit 4d0175b54b2b4eeb01aa6e31282b0a5b0d7d8ace)
+ [ad: backported to test conformance of BUG/MINOR: h1: do not accept '#'
+  as part of the URI component]
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit b3f26043df74c661155566a0abd56103e8116078)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+(cherry picked from commit 41d161ccbbfa846b4b17ed0166ff08f6bf0c3ea1)
+Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
+---
+ reg-tests/http-rules/normalize_uri.vtc | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/reg-tests/http-rules/normalize_uri.vtc b/reg-tests/http-rules/normalize_uri.vtc
+index 34905eaf93ae..ad7b44acfe55 100644
+--- a/reg-tests/http-rules/normalize_uri.vtc
++++ b/reg-tests/http-rules/normalize_uri.vtc
+@@ -151,6 +151,11 @@ haproxy h1 -conf {
+ 
+         default_backend be
+ 
++    frontend fe_fragment_block
++        bind "fd@${fe_fragment_block}"
++        http-request normalize-uri fragment-strip
++        default_backend be
++
+     backend be
+         server s1 ${s1_addr}:${s1_port}
+ 
+@@ -536,3 +541,9 @@ client c10 -connect ${h1_fe_fragment_encode_sock} {
+     expect resp.http.before == "*"
+     expect resp.http.after == "*"
+ } -run
++
++client c11 -connect ${h1_fe_fragment_block_sock} {
++    txreq -url "/#foo"
++    rxresp
++    expect resp.status == 400
++} -run
+-- 
+2.43.0
+
-- 
cgit v1.2.3