From 323cc82399577fa2f6759dfe70277e138d236ac7 Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Thu, 25 May 2023 18:12:32 +0800
Subject: [PATCH] haproxy: upgrade to 2.2.9-2+deb11u5

Fix the CVE-2023-0836 issue:
5 bytes left uninitialized in the connection buffer

Refer to:
https://www.debian.org/security/2023/dsa-5388

Test Plan:
PASS: $downloader
PASS: $build-pkgs --clean --parallel 10
PASS: $build-image
PASS: Jenkins Installation
PASS: dpkg -l |grep haproxy
ii  haproxy                       2.2.9-2+deb11u5.stx.3

Closes-Bug: 2020732

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Change-Id: I8c5a938ace4b81d6adf3ddb242a6b80555c6c7d4
---
 base/haproxy/debian/meta_data.yaml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/base/haproxy/debian/meta_data.yaml b/base/haproxy/debian/meta_data.yaml
index ad1c3c412..9f053e11d 100644
--- a/base/haproxy/debian/meta_data.yaml
+++ b/base/haproxy/debian/meta_data.yaml
@@ -1,10 +1,9 @@
 ---
-debver: 2.2.9-2+deb11u4
+debver: 2.2.9-2+deb11u5
 dl_path:
-  name: haproxy-debian-2.2.9-2+deb11u4.tar.gz
-  url: https://salsa.debian.org/haproxy-team/haproxy/-/archive/debian/2.2.9-2+deb11u4/haproxy-debian-2.2.9-2+deb11u4.tar.gz
-  md5sum: c5a8b73ff2b5c359bb1289c15c8f20d0
-  sha256sum: dfa52c0f8da5b3585dbb2160d248e8f4961ea590ad1dd4119458e58196917803
+  name: haproxy-debian-2.2.9-2+deb11u5.tar.gz
+  url: https://salsa.debian.org/haproxy-team/haproxy/-/archive/debian/2.2.9-2+deb11u5/haproxy-debian-2.2.9-2+deb11u5.tar.gz
+  sha256sum: 7ac0fbbe15a733fe291031b71e550577310d9a839502102b79598d26f4501a0e
 revision:
   dist: $STX_DIST
   PKG_GITREVCOUNT: true