pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2020Q1]: pkgsrc/net/haproxy Pullup ticket #6152 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ad3ea9782a6b
branches: pkgsrc-2020Q1
changeset: 426952:ad3ea9782a6b
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Thu Apr 09 10:57:11 2020 +0000
description:
Pullup ticket #6152 - requested by adam
net/haproxy: security fix (CVE-2020-11100)
Revisions pulled up:
- net/haproxy/Makefile 1.60
- net/haproxy/distinfo 1.53
- net/haproxy/options.mk 1.9
---
Module Name: pkgsrc
Committed By: adam
Date: Fri Apr 3 16:34:13 UTC 2020
Modified Files:
pkgsrc/net/haproxy: Makefile distinfo options.mk
Log Message:
haproxy: updated to 2.1.4
2.1.4
- SCRIPTS: make announce-release executable again
- BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
- BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
- BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param
- MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex
- SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
- MINOR: http-htx: Add a function to retrieve the headers size of an HTX message
- MINOR: filters: Forward data only if the last filter forwards something
- BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
- BUG/MINOR: http-htx: Don't return error if authority is updated without changes
- BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
- MINOR: http-ana: Match on the path if the monitor-uri starts by a /
- BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
- MINOR: ist: add an iststop() function
- BUG/MINOR: http: http-request replace-path duplicates the query string
- BUG/MEDIUM: shctx: make sure to keep all blocks aligned
- MINOR: compiler: move CPU capabilities definition from config.h and complete them
- BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
- BUILD: fix recent build failure on unaligned archs
- CLEANUP: cfgparse: Fix type of second calloc() parameter
- BUG/MINOR: sample: fix the json converter's endian-sensitivity
- BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
- BUG/MINOR: connection: make sure to correctly tag local PROXY connections
- MINOR: compiler: add new alignment macros
- BUILD: ebtree: improve architecture-specific alignment
- BUG/MINOR: h2: reject again empty :path pseudo-headers
- BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
- BUG/MINOR: dns: ignore trailing dot
- BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name
- MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics
- MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric
- BUG/MEDIUM: random: initialize the random pool a bit better
- MINOR: tools: add 64-bit rotate operators
- BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
- MINOR: backend: use a single call to ha_random32() for the random LB algo
- BUG/MINOR: checks/threads: use ha_random() and not rand()
- BUG/MAJOR: list: fix invalid element address calculation
- MINOR: debug: report the task handler's pointer relative to main
- BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
- MINOR: haproxy: export main to ease access from debugger
- BUILD: tools: remove obsolete and conflicting trace() from standard.c
- BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
- DOC: fix incorrect indentation of http_auth_*
- OPTIM: startup: fast unique_id allocation for acl.
- BUG/MINOR: pattern: Do not pass len = 0 to calloc()
- DOC: configuration.txt: fix various typos
- DOC: assorted typo fixes in the documentation and Makefile
- BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
- BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
- REGTEST: make the PROXY TLV validation depend on version 2.2
- BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
- BUG/MINOR: filters: Forward everything if no data filters are called
- MINOR: htx: Add a function to return a block at a specific offset
- BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
- BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
- BUG/MINOR: http-ana: Reset request analysers on a response side error
- BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
- BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
- BUG/MINOR: http-rules: Fix a typo in the reject action function
- BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
- BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
- DOC: fix typo about no-tls-tickets
- DOC: improve description of no-tls-tickets
- DOC: assorted typo fixes in the documentation
- DOC: ssl: clarify security implications of TLS tickets
- BUILD: wdt: only test for SI_TKILL when compiled with thread support
- BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
- MINOR: mt_lists: Appease gcc.
- BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
- BUG/MEDIUM: pools: Always update free_list in pool_gc().
- BUG/MINOR: haproxy: always initialize sleeping_thread_mask
- BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
- BUG/MINOR: haproxy/threads: try to make all threads leave together
- DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
- DOC: correct typo in alert message about rspirep
- BUILD: on ARM, must be linked to libatomic.
- BUILD: makefile: fix regex syntax in ARM platform detection
- BUILD: makefile: fix expression again to detect ARM platform
- BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
- DOC: assorted typo fixes in the documentation
- MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
- BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
- MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
- BUG/MINOR: connections: Make sure we free the connection on failure.
- REGTESTS: use "command -v" instead of "which"
- REGTEST: increase timeouts on the seamless-reload test
- BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
- BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
- BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
- BUG/MINOR: peers: Use after free of "peers" section.
- MINOR: listener: add so_name sample fetch
- BUILD: ssl: only pass unsigned chars to isspace()
- BUG/MINOR: stats: Fix color of draining servers on stats page
- DOC: internals: Fix spelling errors in filters.txt
- MINOR: http-rules: Add a flag on redirect rules to know the rule direction
- BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
- MINOR: http-rules: Handle the rule direction when a redirect is evaluated
- BUG/MINOR: http-ana: Reset request analysers on error when waiting for response
- BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
diffstat:
net/haproxy/Makefile | 4 ++--
net/haproxy/distinfo | 14 +++++---------
net/haproxy/options.mk | 23 ++---------------------
3 files changed, 9 insertions(+), 32 deletions(-)
diffs (73 lines):
diff -r 1c8b034db226 -r ad3ea9782a6b net/haproxy/Makefile
--- a/net/haproxy/Makefile Thu Apr 09 10:56:16 2020 +0000
+++ b/net/haproxy/Makefile Thu Apr 09 10:57:11 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.59 2020/02/13 07:57:55 adam Exp $
+# $NetBSD: Makefile,v 1.59.2.1 2020/04/09 10:57:11 bsiegert Exp $
-DISTNAME= haproxy-2.1.3
+DISTNAME= haproxy-2.1.4
CATEGORIES= net www
MASTER_SITES= https://www.haproxy.org/download/${PKGVERSION_NOREV:R}/src/
diff -r 1c8b034db226 -r ad3ea9782a6b net/haproxy/distinfo
--- a/net/haproxy/distinfo Thu Apr 09 10:56:16 2020 +0000
+++ b/net/haproxy/distinfo Thu Apr 09 10:57:11 2020 +0000
@@ -1,13 +1,9 @@
-$NetBSD: distinfo,v 1.52 2020/03/26 06:34:00 rillig Exp $
+$NetBSD: distinfo,v 1.52.2.1 2020/04/09 10:57:11 bsiegert Exp $
-SHA1 (deviceatlas-enterprise-c-2.1.zip) = fbd4a4198307616d51518e50d09666aeac2eea29
-RMD160 (deviceatlas-enterprise-c-2.1.zip) = fc4b78bc18c80cc19e36fa5b8776cbf8b959abd7
-SHA512 (deviceatlas-enterprise-c-2.1.zip) = 99a8e89f3d1c084a93b184685108ea65d1fd925e0c8b52599a42dbe70af3126103da0a9fd284b14ddf59b996204334d360a12651025413bc4d7f76054779275b
-Size (deviceatlas-enterprise-c-2.1.zip) = 504286 bytes
-SHA1 (haproxy-2.1.3.tar.gz) = 6904ebe6b1742d5e70592e85b1f664ac74b7280b
-RMD160 (haproxy-2.1.3.tar.gz) = 613b731a1ec7387b85f200c1eaf3c10b699928fe
-SHA512 (haproxy-2.1.3.tar.gz) = 4728c1177b2bba69465cbc56b1ed73a1b2d36891ba2d94d29bb49714ad98ccfac4b52947735aded211f0cd8070002f5406ddd77cabd2f8230b00438189dd7a60
-Size (haproxy-2.1.3.tar.gz) = 2675529 bytes
+SHA1 (haproxy-2.1.4.tar.gz) = 79bde694574d8cec2d3cc5de593d66654c89b6cb
+RMD160 (haproxy-2.1.4.tar.gz) = 7744d6100b37426a8a5369869aca409fd9f39337
+SHA512 (haproxy-2.1.4.tar.gz) = fd029ac1ec877fa89a9410944439b66795b1392b6c8416aaa7978943170530c3826ba50ea706366f3f7785b7cffed58497cb362fc2480dd6920a99af4f920d98
+Size (haproxy-2.1.4.tar.gz) = 2684568 bytes
SHA1 (patch-Makefile) = 790242ebde13ac1a9d95a16cba29e30a9bccd57c
SHA1 (patch-src_cli.c) = 4bc5cf0116df121ac4c3c38b8f962c3a62d536e5
SHA1 (patch-src_haproxy.c) = badb172013541087d84f03726ea928c6f5634dc3
diff -r 1c8b034db226 -r ad3ea9782a6b net/haproxy/options.mk
--- a/net/haproxy/options.mk Thu Apr 09 10:56:16 2020 +0000
+++ b/net/haproxy/options.mk Thu Apr 09 10:57:11 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: options.mk,v 1.8 2020/01/01 21:18:07 adam Exp $
+# $NetBSD: options.mk,v 1.8.2.1 2020/04/09 10:57:11 bsiegert Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.haproxy
-PKG_SUPPORTED_OPTIONS= deviceatlas lua prometheus ssl
+PKG_SUPPORTED_OPTIONS= lua prometheus ssl
PKG_OPTIONS_OPTIONAL_GROUPS= regex
PKG_OPTIONS_GROUP.regex= pcre pcre2 pcre2-jit
PKG_SUGGESTED_OPTIONS= pcre ssl
@@ -45,25 +45,6 @@
.endif
###
-### Support DeviceAtlas detection.
-###
-.if !empty(PKG_OPTIONS:Mpcre) && !empty(PKG_OPTIONS:Mdeviceatlas)
-DEVICEATLAS_VERSION= 2.1
-DEVICEATLAS_DISTFILE= deviceatlas-enterprise-c-${DEVICEATLAS_VERSION}
-DISTFILES= ${DISTNAME}.tar.gz ${DEVICEATLAS_DISTFILE}.zip
-DEVICEATLAS_HOMEPAGE= https://www.deviceatlas.com/deviceatlas-haproxy-module
-
-BUILD_MAKE_FLAGS+= USE_DEVICEATLAS=1 DEVICEATLAS_SRC=../${DEVICEATLAS_DISTFILE}
-
-. if !exists(${DISTDIR}/${DEVICEATLAS_DISTFILE}.zip)
-FETCH_MESSAGE= "Please fetch ${DEVICEATLAS_DISTFILE}.zip manually from"
-FETCH_MESSAGE+= "${DEVICEATLAS_HOMEPAGE}"
-FETCH_MESSAGE+= "and put into"
-FETCH_MESSAGE+= "${DISTDIR}"
-. endif
-.endif
-
-###
### Support OpenSSL for termination.
###
.if !empty(PKG_OPTIONS:Mssl)
Home |
Main Index |
Thread Index |
Old Index