cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to haproxy-1.8.15

Browse Source 
2 CVEs are fixed with this update
This commit is contained in:
danj 2018-12-15 20:25:54 +00:00
parent b69d74ec7b
commit 453877888b
5 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
devel/quirks/Makefile
View File

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.666 2018/12/15 15:37:28 danj Exp $
# $OpenBSD: Makefile,v 1.667 2018/12/15 20:25:54 danj Exp $
COMMENT = exceptions to pkg_add rules
CATEGORIES = devel databases
DISTFILES =
# API.rev
PKGNAME = quirks-3.59
PKGNAME = quirks-3.60
PKG_ARCH = *
MAINTAINER = Marc Espie <espie@openbsd.org>

3
devel/quirks/files/Quirks.pm
View File

@ -1,7 +1,7 @@
#! /usr/bin/perl
# ex:ts=8 sw=4:
# $OpenBSD: Quirks.pm,v 1.680 2018/12/15 15:37:28 danj Exp $
# $OpenBSD: Quirks.pm,v 1.681 2018/12/15 20:25:54 danj Exp $
#
# Copyright (c) 2009 Marc Espie <espie@openbsd.org>
#
@ -1248,6 +1248,7 @@ my $cve = {
'mail/p5-Mail-SpamAssassin' => 'p5-Mail-SpamAssassin-<3.4.2',
'mail/roundcubemail' => 'roundcubemail-<1.3.8',
'net/curl' => 'curl-<7.62.0',
'net/haproxy' => 'haproxy-<1.8.15',
'net/icecast' => 'icecast-<2.4.4',
'net/isc-bind' => 'isc-bind-<9.11.4pl2',
'net/lldpd' => 'lldpd-<0.7.18p0',

4
net/haproxy/Makefile
View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.50 2018/12/05 16:32:13 danj Exp $
# $OpenBSD: Makefile,v 1.51 2018/12/15 20:25:54 danj Exp $
COMMENT = reliable, high performance TCP/HTTP load balancer
DISTNAME = haproxy-1.8.14
DISTNAME = haproxy-1.8.15
CATEGORIES = net www
HOMEPAGE = http://www.haproxy.org/
MAINTAINER = Daniel Jakots <obsd@chown.me>

4
net/haproxy/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (haproxy-1.8.14.tar.gz) = sX5AJXi+heWK96PqyZsfZ1lTvqn2evLpZM+L29G9P98=
SIZE (haproxy-1.8.14.tar.gz) = 2070813
SHA256 (haproxy-1.8.15.tar.gz) = cROGLxFG196LjmT0WCarNTPH9/e3dn4kwI98diICoDI=
SIZE (haproxy-1.8.15.tar.gz) = 2076583

22
net/haproxy/patches/patch-src_ssl_sock_c
View File

@ -1,9 +1,9 @@
$OpenBSD: patch-src_ssl_sock_c,v 1.9 2018/12/05 16:32:13 danj Exp $
$OpenBSD: patch-src_ssl_sock_c,v 1.10 2018/12/15 20:25:54 danj Exp $
Index: src/ssl_sock.c
--- src/ssl_sock.c.orig
+++ src/ssl_sock.c
@@ -2067,7 +2067,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *
@@ -2088,7 +2088,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *
SSL_set_SSL_CTX(ssl, ctx);
}
@ -12,7 +12,7 @@ Index: src/ssl_sock.c
static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
{
@@ -3795,7 +3795,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
@@ -3820,7 +3820,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
#ifdef OPENSSL_IS_BORINGSSL
SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
@ -21,7 +21,7 @@ Index: src/ssl_sock.c
SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
#else
@@ -5019,7 +5019,7 @@ static int ssl_sock_init(struct connection *conn)
@@ -5067,7 +5067,7 @@ static int ssl_sock_init(struct connection *conn)
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
@ -30,7 +30,7 @@ Index: src/ssl_sock.c
conn->flags |= CO_FL_EARLY_SSL_HS;
#endif
@@ -5049,7 +5049,7 @@ int ssl_sock_handshake(struct connection *conn, unsign
@@ -5097,7 +5097,7 @@ int ssl_sock_handshake(struct connection *conn, unsign
if (!conn->xprt_ctx)
goto out_error;
@ -39,7 +39,7 @@ Index: src/ssl_sock.c
/*
* Check if we have early data. If we do, we have to read them
* before SSL_do_handshake() is called, And there's no way to
@@ -5117,11 +5117,11 @@ int ssl_sock_handshake(struct connection *conn, unsign
@@ -5165,11 +5165,11 @@ int ssl_sock_handshake(struct connection *conn, unsign
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
conn->flags &= ~CO_FL_WAIT_L4_CONN;
if (!conn->err_code) {
@ -53,7 +53,7 @@ Index: src/ssl_sock.c
OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
empty_handshake = state == TLS_ST_BEFORE;
#else
@@ -5201,11 +5201,11 @@ check_error:
@@ -5249,11 +5249,11 @@ check_error:
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
conn->flags &= ~CO_FL_WAIT_L4_CONN;
if (!conn->err_code) {
@ -67,7 +67,7 @@ Index: src/ssl_sock.c
OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
empty_handshake = state == TLS_ST_BEFORE;
#else
@@ -5249,7 +5249,7 @@ check_error:
@@ -5297,7 +5297,7 @@ check_error:
goto out_error;
}
}
@ -76,7 +76,7 @@ Index: src/ssl_sock.c
else {
/*
* If the server refused the early data, we have to send a
@@ -5372,7 +5372,7 @@ static int ssl_sock_to_buf(struct connection *conn, st
@@ -5420,7 +5420,7 @@ static int ssl_sock_to_buf(struct connection *conn, st
continue;
}
@ -85,7 +85,7 @@ Index: src/ssl_sock.c
if (conn->flags & CO_FL_EARLY_SSL_HS) {
size_t read_length;
@@ -5509,7 +5509,7 @@ static int ssl_sock_from_buf(struct connection *conn,
@@ -5557,7 +5557,7 @@ static int ssl_sock_from_buf(struct connection *conn,
* in which case we accept to do it once again.
*/
while (buf->o) {
@ -94,7 +94,7 @@ Index: src/ssl_sock.c
size_t written_data;
#endif
@@ -5528,7 +5528,7 @@ static int ssl_sock_from_buf(struct connection *conn,
@@ -5576,7 +5576,7 @@ static int ssl_sock_from_buf(struct connection *conn,
conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
}