pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2020Q1]: pkgsrc/net/haproxy Pullup ticket #6152 - requested by...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ad3ea9782a6b
branches:  pkgsrc-2020Q1
changeset: 426952:ad3ea9782a6b
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Apr 09 10:57:11 2020 +0000

description:
Pullup ticket #6152 - requested by adam
net/haproxy: security fix (CVE-2020-11100)

Revisions pulled up:
- net/haproxy/Makefile                                          1.60
- net/haproxy/distinfo                                          1.53
- net/haproxy/options.mk                                        1.9

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Fri Apr  3 16:34:13 UTC 2020

   Modified Files:
           pkgsrc/net/haproxy: Makefile distinfo options.mk

   Log Message:
   haproxy: updated to 2.1.4

   2.1.4
   - SCRIPTS: make announce-release executable again
   - BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
   - BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
   - BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param
   - MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex
   - SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
   - MINOR: http-htx: Add a function to retrieve the headers size of an HTX message
   - MINOR: filters: Forward data only if the last filter forwards something
   - BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them
   - BUG/MINOR: http-htx: Don't return error if authority is updated without changes
   - BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
   - MINOR: http-ana: Match on the path if the monitor-uri starts by a /
   - BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
   - MINOR: ist: add an iststop() function
   - BUG/MINOR: http: http-request replace-path duplicates the query string
   - BUG/MEDIUM: shctx: make sure to keep all blocks aligned
   - MINOR: compiler: move CPU capabilities definition from config.h and complete them
   - BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support
   - BUILD: fix recent build failure on unaligned archs
   - CLEANUP: cfgparse: Fix type of second calloc() parameter
   - BUG/MINOR: sample: fix the json converter's endian-sensitivity
   - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions
   - BUG/MINOR: connection: make sure to correctly tag local PROXY connections
   - MINOR: compiler: add new alignment macros
   - BUILD: ebtree: improve architecture-specific alignment
   - BUG/MINOR: h2: reject again empty :path pseudo-headers
   - BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch
   - BUG/MINOR: dns: ignore trailing dot
   - BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name
   - MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics
   - MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric
   - BUG/MEDIUM: random: initialize the random pool a bit better
   - MINOR: tools: add 64-bit rotate operators
   - BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG
   - MINOR: backend: use a single call to ha_random32() for the random LB algo
   - BUG/MINOR: checks/threads: use ha_random() and not rand()
   - BUG/MAJOR: list: fix invalid element address calculation
   - MINOR: debug: report the task handler's pointer relative to main
   - BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump
   - MINOR: haproxy: export main to ease access from debugger
   - BUILD: tools: remove obsolete and conflicting trace() from standard.c
   - BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled
   - DOC: fix incorrect indentation of http_auth_*
   - OPTIM: startup: fast unique_id allocation for acl.
   - BUG/MINOR: pattern: Do not pass len = 0 to calloc()
   - DOC: configuration.txt: fix various typos
   - DOC: assorted typo fixes in the documentation and Makefile
   - BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits
   - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
   - REGTEST: make the PROXY TLV validation depend on version 2.2
   - BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data
   - BUG/MINOR: filters: Forward everything if no data filters are called
   - MINOR: htx: Add a function to return a block at a specific offset
   - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload
   - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload
   - BUG/MINOR: http-ana: Reset request analysers on a response side error
   - BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not
   - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action
   - BUG/MINOR: http-rules: Fix a typo in the reject action function
   - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action
   - BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop
   - DOC: fix typo about no-tls-tickets
   - DOC: improve description of no-tls-tickets
   - DOC: assorted typo fixes in the documentation
   - DOC: ssl: clarify security implications of TLS tickets
   - BUILD: wdt: only test for SI_TKILL when compiled with thread support
   - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL;
   - MINOR: mt_lists: Appease gcc.
   - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
   - BUG/MEDIUM: pools: Always update free_list in pool_gc().
   - BUG/MINOR: haproxy: always initialize sleeping_thread_mask
   - BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping
   - BUG/MINOR: haproxy/threads: try to make all threads leave together
   - DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID
   - DOC: correct typo in alert message about rspirep
   - BUILD: on ARM, must be linked to libatomic.
   - BUILD: makefile: fix regex syntax in ARM platform detection
   - BUILD: makefile: fix expression again to detect ARM platform
   - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases.
   - DOC: assorted typo fixes in the documentation
   - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h.
   - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue().
   - MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc.
   - BUG/MINOR: connections: Make sure we free the connection on failure.
   - REGTESTS: use "command -v" instead of "which"
   - REGTEST: increase timeouts on the seamless-reload test
   - BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
   - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
   - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
   - BUG/MINOR: peers: Use after free of "peers" section.
   - MINOR: listener: add so_name sample fetch
   - BUILD: ssl: only pass unsigned chars to isspace()
   - BUG/MINOR: stats: Fix color of draining servers on stats page
   - DOC: internals: Fix spelling errors in filters.txt
   - MINOR: http-rules: Add a flag on redirect rules to know the rule direction
   - BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits
   - MINOR: http-rules: Handle the rule direction when a redirect is evaluated
   - BUG/MINOR: http-ana: Reset request analysers on error when waiting for response
   - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping

diffstat:

 net/haproxy/Makefile   |   4 ++--
 net/haproxy/distinfo   |  14 +++++---------
 net/haproxy/options.mk |  23 ++---------------------
 3 files changed, 9 insertions(+), 32 deletions(-)

diffs (73 lines):

diff -r 1c8b034db226 -r ad3ea9782a6b net/haproxy/Makefile
--- a/net/haproxy/Makefile      Thu Apr 09 10:56:16 2020 +0000
+++ b/net/haproxy/Makefile      Thu Apr 09 10:57:11 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.59 2020/02/13 07:57:55 adam Exp $
+# $NetBSD: Makefile,v 1.59.2.1 2020/04/09 10:57:11 bsiegert Exp $
 
-DISTNAME=      haproxy-2.1.3
+DISTNAME=      haproxy-2.1.4
 CATEGORIES=    net www
 MASTER_SITES=  https://www.haproxy.org/download/${PKGVERSION_NOREV:R}/src/
 
diff -r 1c8b034db226 -r ad3ea9782a6b net/haproxy/distinfo
--- a/net/haproxy/distinfo      Thu Apr 09 10:56:16 2020 +0000
+++ b/net/haproxy/distinfo      Thu Apr 09 10:57:11 2020 +0000
@@ -1,13 +1,9 @@
-$NetBSD: distinfo,v 1.52 2020/03/26 06:34:00 rillig Exp $
+$NetBSD: distinfo,v 1.52.2.1 2020/04/09 10:57:11 bsiegert Exp $
 
-SHA1 (deviceatlas-enterprise-c-2.1.zip) = fbd4a4198307616d51518e50d09666aeac2eea29
-RMD160 (deviceatlas-enterprise-c-2.1.zip) = fc4b78bc18c80cc19e36fa5b8776cbf8b959abd7
-SHA512 (deviceatlas-enterprise-c-2.1.zip) = 99a8e89f3d1c084a93b184685108ea65d1fd925e0c8b52599a42dbe70af3126103da0a9fd284b14ddf59b996204334d360a12651025413bc4d7f76054779275b
-Size (deviceatlas-enterprise-c-2.1.zip) = 504286 bytes
-SHA1 (haproxy-2.1.3.tar.gz) = 6904ebe6b1742d5e70592e85b1f664ac74b7280b
-RMD160 (haproxy-2.1.3.tar.gz) = 613b731a1ec7387b85f200c1eaf3c10b699928fe
-SHA512 (haproxy-2.1.3.tar.gz) = 4728c1177b2bba69465cbc56b1ed73a1b2d36891ba2d94d29bb49714ad98ccfac4b52947735aded211f0cd8070002f5406ddd77cabd2f8230b00438189dd7a60
-Size (haproxy-2.1.3.tar.gz) = 2675529 bytes
+SHA1 (haproxy-2.1.4.tar.gz) = 79bde694574d8cec2d3cc5de593d66654c89b6cb
+RMD160 (haproxy-2.1.4.tar.gz) = 7744d6100b37426a8a5369869aca409fd9f39337
+SHA512 (haproxy-2.1.4.tar.gz) = fd029ac1ec877fa89a9410944439b66795b1392b6c8416aaa7978943170530c3826ba50ea706366f3f7785b7cffed58497cb362fc2480dd6920a99af4f920d98
+Size (haproxy-2.1.4.tar.gz) = 2684568 bytes
 SHA1 (patch-Makefile) = 790242ebde13ac1a9d95a16cba29e30a9bccd57c
 SHA1 (patch-src_cli.c) = 4bc5cf0116df121ac4c3c38b8f962c3a62d536e5
 SHA1 (patch-src_haproxy.c) = badb172013541087d84f03726ea928c6f5634dc3
diff -r 1c8b034db226 -r ad3ea9782a6b net/haproxy/options.mk
--- a/net/haproxy/options.mk    Thu Apr 09 10:56:16 2020 +0000
+++ b/net/haproxy/options.mk    Thu Apr 09 10:57:11 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: options.mk,v 1.8 2020/01/01 21:18:07 adam Exp $
+# $NetBSD: options.mk,v 1.8.2.1 2020/04/09 10:57:11 bsiegert Exp $
 
 PKG_OPTIONS_VAR=               PKG_OPTIONS.haproxy
-PKG_SUPPORTED_OPTIONS=         deviceatlas lua prometheus ssl
+PKG_SUPPORTED_OPTIONS=         lua prometheus ssl
 PKG_OPTIONS_OPTIONAL_GROUPS=   regex
 PKG_OPTIONS_GROUP.regex=       pcre pcre2 pcre2-jit
 PKG_SUGGESTED_OPTIONS=         pcre ssl
@@ -45,25 +45,6 @@
 .endif
 
 ###
-### Support DeviceAtlas detection.
-###
-.if !empty(PKG_OPTIONS:Mpcre) && !empty(PKG_OPTIONS:Mdeviceatlas)
-DEVICEATLAS_VERSION=   2.1
-DEVICEATLAS_DISTFILE=  deviceatlas-enterprise-c-${DEVICEATLAS_VERSION}
-DISTFILES=             ${DISTNAME}.tar.gz ${DEVICEATLAS_DISTFILE}.zip
-DEVICEATLAS_HOMEPAGE=  https://www.deviceatlas.com/deviceatlas-haproxy-module
-
-BUILD_MAKE_FLAGS+=     USE_DEVICEATLAS=1 DEVICEATLAS_SRC=../${DEVICEATLAS_DISTFILE}
-
-.  if !exists(${DISTDIR}/${DEVICEATLAS_DISTFILE}.zip)
-FETCH_MESSAGE=         "Please fetch ${DEVICEATLAS_DISTFILE}.zip manually from"
-FETCH_MESSAGE+=                "${DEVICEATLAS_HOMEPAGE}"
-FETCH_MESSAGE+=                "and put into"
-FETCH_MESSAGE+=                "${DISTDIR}"
-.  endif
-.endif
-
-###
 ### Support OpenSSL for termination.
 ###
 .if !empty(PKG_OPTIONS:Mssl)



Home | Main Index | Thread Index | Old Index