CVS commit: pkgsrc/net/haproxy

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/haproxy
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Fri, 24 Apr 2026 09:21:10 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Fri Apr 24 09:21:10 UTC 2026

Modified Files:
        pkgsrc/net/haproxy: Makefile distinfo

Log Message:
haproxy: updated to 3.3.7

3.3.7

- BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc'
- BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM
- BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding
- MEDIUM: sched: do not run a same task multiple times in series
- MINOR: sched: do not requeue a tasklet into the current queue
- MINOR: sched: do not punish self-waking tasklets anymore
- MEDIUM: sched: do not punish self-waking tasklets if TASK_WOKEN_ANY
- MEDIUM: sched: change scheduler budgets to lower TL_BULK
- MINOR: mux-h2: assign a limited frames processing budget
- BUILD: sched: fix leftover of debugging test in single-run changes
- BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req()
- BUG/MINOR: acme: leak of ext_san upon insertion error
- BUG/MINOR: acme: wrong error when checking for duplicate section
- BUG/MINOR: acme/cli: wrong argument check in 'acme renew'
- Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream"
- DOC: config: Fix alphabetical ordering of proxy options
- DOC: config: Fix alphabetical ordering of external-check directives
- DOC: config: Add missing 'status-code' param for 'http-check expect' directive
- DOC: config: Reorder params for 'tcp-check expect' directive
- BUG/MINOR: stats-file: manipulate shm-stats-file heartbeat using unsigned int
- BUG/MEDIUM: stats-file: detect and fix inconsistent shared clock when resuming from shm-stats-file
- BUG/MINOR: proxy: detect strdup error on server auto SNI
- BUG/MINOR: server: set auto SNI for dynamic servers
- BUG/MINOR: server: enable no-check-sni-auto for dynamic servers
- BUG/MINOR: quic: fix counters used on BE side
- BUG/MINOR: quic/h3: display QUIC/H3 backend module on HTML stats
- BUG/MINOR: acme: acme_ctx_destroy() leaks auth->dns
- BUG/MINOR: acme: wrong labels logic always memprintf errmsg
- BUG/MINOR: acme: fix incorrect number of arguments allowed in config
- BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame
- MINOR: ncbmbuf: improve itbmap_next() code
- BUG/MINOR: quic: missing app ops init during backend 0-RTT sessions
- BUG/MINOR: acme: free() DER buffer on a2base64url error path
- BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after
- BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready'
- BUILD: tools: potential null pointer dereference in dl_collect_libs_cb
- BUG/MINOR: ech: permission checks on the CLI
- BUG/MINOR: acme: permission checks on the CLI
- BUG/MINOR: config: Properly test warnif_misplaced_* return values
- BUG/MINOR: http-ana: Only consider client abort for abortonclose
- BUG/MEDIUM: acme: skip doing challenge if it is already valid
- BUG/MINOR: acme: fix task allocation leaked upon error
- CI: github: fix tag listing by implementing proper API pagination
- BUG/MINOR: quic: close conn on packet reception with incompatible frame
- BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC
- MINOR: stconn: flag the stream endpoint descriptor when the app has started
- MINOR: mux-h2: report glitches on early RST_STREAM
- SCRIPTS: git-show-backports: list new commits and how to review them with -L
- BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level
- BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level
- BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level
- BUG/MEDIUM: ssl/cli: tls-keys commands are missing permission checks
- BUG/MEDIUM: ssl/ocsp: ocsp commands are missing permission checks
- BUG/MEDIUM: map/cli: CLI commands lack admin permission checks
- DOC: configuration: mention QUIC server support
- BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client
- BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option
- BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples
- BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing
- BUG/MINOR: quic: fix documentation for transport params decoding
- BUG/MINOR: cfgcond: properly set the error pointer on evaluation error
- BUG/MINOR: cfgcond: always set the error string on openssl_version checks
- BUG/MINOR: cfgcond: always set the error string on awslc_api checks
- BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature"
- DOC: config: fix ambiguous info in log-steps directive description
- BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request
- BUG/MINOR: http-act: fix a typo in the "pause" action error message
- BUG/MINOR: counters: fix unexpected 127 char GUID truncation for shm-stats-file objects
- BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni
- BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion
- BUG: hlua: fix stack overflow in httpclient headers conversion
- BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion
- BUG/MINOR: hlua: fix format-string vulnerability in Patref error path
- BUG/MINOR: peers: fix OOB heap write in dictionary cache update
- BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals
- BUG/MINOR: resolvers: fix memory leak on AAAA additional records
- BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer()
- BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples
- BUG/MINOR: sample: fix info leak in regsub when exp_replace fails
- BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize
- BUG/MINOR: hlua: fix use-after-free of HTTP reason string
- BUG/MINOR: ot: fixed wrong NULL check in flt_ot_parse_cfg_group()
- BUG/MINOR: log: Fix error message when using unavailable fetch in logfmt
- BUG/MEDIUM: cli: Properly handle too big payload on a command line
- BUG/MEDIUM: htx: Fix function used to change part of a block value when defrag
- BUG/MEDIUM: htx: Don't count delta twice when block value is replaced
- BUG/MINOR: acme: don't pass NULL into format string
- BUG/MEDIUM: peers: trash of expired entries delayed after fullresync
- BUG/MINOR: threads: properly set the number of tgroups when non using policy
- BUG/MEDIUM: mux-h2: ignore conn->owner when deciding if a connection is dead
- BUG/MINOR: task: fix uninitialised read in run_tasks_from_lists()
- BUG/MINOR: mux_quic: limit avail_streams() to 2^62
- BUG/MINOR: log: consider format expression dependencies to decide when to log
- MINOR: sample: make RQ/RS stats available everywhere
- BUG/MINOR: sample: adjust dependencies for channel output bytes counters
- BUG/MAJOR: sched: protect task->expire on 32-bit platforms
- reg-tests/ssl/ssl_dh.vtc: fix syntax error
- BUG/MINOR: mux-h2: count a protocol error when failing to parse a trailer
- BUG/MINOR: mux-h2: count a proto error when rejecting a stream on parsing error
- BUG/MEDIUM: tasks: Make sure we don't schedule a task already running
- BUG/MINOR: h2: make tune.h2.log-errors actually work
- BUG/MINOR: h2: Don't look at the exclusive bit for PRIORITY frame
- BUG/MINOR: H2: Don't forget to free shared_rx_bufs on failure
- BUG/MINOR: log: also wait for the response when logging response headers
- BUG/MINOR: mux-h1: Fix condition to send null-chunk for bodyless message
- BUG/MINOR: mux-h1: Fix test to skip trailers from chunked messages
- DOC: config: Fix a typo for "external-check" directive
- REGTESTS: Never reuse server connection in jwt/jws_verify.vtc
- REGTESTS: Never reuse server connection in server/cli_delete_dynamic_server.vtc
- REGTESTS: ssl: mark ssl_dh.vtc as broken
- SCRIPTS: build-vtest: allow to set a TMPDIR and a DESTDIR
- CI: VTest build with git clone + cache
- CI: github: only enable OS X on development branches
- BUG/MINOR: compression: properly disable request when setting response
- BUG/MINOR: debug: properly mark the entire libs archive read-only
- BUG/MINOR: server: fix a possible leak of an error message in dynamic servers
- BUG/MAJOR: mux-h2: detect incomplete transfers on HEADERS frames as well
- BUG/MEDIUM: mux-h1: Force close mode for bodyless message announcing a C-L


To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 pkgsrc/net/haproxy/Makefile
cvs rdiff -u -r1.145 -r1.146 pkgsrc/net/haproxy/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/haproxy/Makefile
diff -u pkgsrc/net/haproxy/Makefile:1.153 pkgsrc/net/haproxy/Makefile:1.154
--- pkgsrc/net/haproxy/Makefile:1.153   Thu Mar 26 10:54:31 2026
+++ pkgsrc/net/haproxy/Makefile Fri Apr 24 09:21:10 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.153 2026/03/26 10:54:31 adam Exp $
+# $NetBSD: Makefile,v 1.154 2026/04/24 09:21:10 adam Exp $
 
-DISTNAME=      haproxy-3.3.6
+DISTNAME=      haproxy-3.3.7
 CATEGORIES=    net www
 MASTER_SITES=  https://www.haproxy.org/download/${PKGVERSION_NOREV:R}/src/
 

Index: pkgsrc/net/haproxy/distinfo
diff -u pkgsrc/net/haproxy/distinfo:1.145 pkgsrc/net/haproxy/distinfo:1.146
--- pkgsrc/net/haproxy/distinfo:1.145   Thu Mar 26 10:54:31 2026
+++ pkgsrc/net/haproxy/distinfo Fri Apr 24 09:21:10 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.145 2026/03/26 10:54:31 adam Exp $
+$NetBSD: distinfo,v 1.146 2026/04/24 09:21:10 adam Exp $
 
-BLAKE2s (haproxy-3.3.6.tar.gz) = af54641bc4bc6b91b99c6228c7ba4b99c7e68e995dab640144b80e0ab63a4b6a
-SHA512 (haproxy-3.3.6.tar.gz) = 939ef3eecf73635fa650ec24ddeb0e2e4c462767a8f567d405a9b045487ed051c86894810d0f4d100d566e2c6b10d90c30273245d30dd37a705dd31b467a98b9
-Size (haproxy-3.3.6.tar.gz) = 5268205 bytes
+BLAKE2s (haproxy-3.3.7.tar.gz) = 4c83c89a639b7aa4f91429a2c0784073638fee0a06fc38e822e6a64b1901d4b1
+SHA512 (haproxy-3.3.7.tar.gz) = 86492c9b07728c96e01752de83edab427de9c9e9c538363a46f0275ed162c986e2d21a61302d64def6790f4345736e34862abad30091758cb007d7367c5f949d
+Size (haproxy-3.3.7.tar.gz) = 5276709 bytes
 SHA1 (patch-include_haproxy_proxy-t.h) = 5fb2f6748c57f1f2dab6b355a4191d9ada2d367b
 SHA1 (patch-include_haproxy_queue-t.h) = bf2ea918a6d8ec3d3fb2f88b7b9303a695381d96
 SHA1 (patch-include_haproxy_queue.h) = eed5ea43212462134fb60b50c2a32e619e104d51

Prev by Date: CVS commit: pkgsrc/graphics/jbig2enc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/graphics/jbig2enc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index