Update to haproxy-1.8.15
2 CVEs are fixed with this update
This commit is contained in:
parent
b69d74ec7b
commit
453877888b
@ -1,11 +1,11 @@
|
||||
# $OpenBSD: Makefile,v 1.666 2018/12/15 15:37:28 danj Exp $
|
||||
# $OpenBSD: Makefile,v 1.667 2018/12/15 20:25:54 danj Exp $
|
||||
|
||||
COMMENT = exceptions to pkg_add rules
|
||||
CATEGORIES = devel databases
|
||||
DISTFILES =
|
||||
|
||||
# API.rev
|
||||
PKGNAME = quirks-3.59
|
||||
PKGNAME = quirks-3.60
|
||||
PKG_ARCH = *
|
||||
MAINTAINER = Marc Espie <espie@openbsd.org>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#! /usr/bin/perl
|
||||
|
||||
# ex:ts=8 sw=4:
|
||||
# $OpenBSD: Quirks.pm,v 1.680 2018/12/15 15:37:28 danj Exp $
|
||||
# $OpenBSD: Quirks.pm,v 1.681 2018/12/15 20:25:54 danj Exp $
|
||||
#
|
||||
# Copyright (c) 2009 Marc Espie <espie@openbsd.org>
|
||||
#
|
||||
@ -1248,6 +1248,7 @@ my $cve = {
|
||||
'mail/p5-Mail-SpamAssassin' => 'p5-Mail-SpamAssassin-<3.4.2',
|
||||
'mail/roundcubemail' => 'roundcubemail-<1.3.8',
|
||||
'net/curl' => 'curl-<7.62.0',
|
||||
'net/haproxy' => 'haproxy-<1.8.15',
|
||||
'net/icecast' => 'icecast-<2.4.4',
|
||||
'net/isc-bind' => 'isc-bind-<9.11.4pl2',
|
||||
'net/lldpd' => 'lldpd-<0.7.18p0',
|
||||
|
@ -1,8 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.50 2018/12/05 16:32:13 danj Exp $
|
||||
# $OpenBSD: Makefile,v 1.51 2018/12/15 20:25:54 danj Exp $
|
||||
|
||||
COMMENT = reliable, high performance TCP/HTTP load balancer
|
||||
|
||||
DISTNAME = haproxy-1.8.14
|
||||
DISTNAME = haproxy-1.8.15
|
||||
CATEGORIES = net www
|
||||
HOMEPAGE = http://www.haproxy.org/
|
||||
MAINTAINER = Daniel Jakots <obsd@chown.me>
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (haproxy-1.8.14.tar.gz) = sX5AJXi+heWK96PqyZsfZ1lTvqn2evLpZM+L29G9P98=
|
||||
SIZE (haproxy-1.8.14.tar.gz) = 2070813
|
||||
SHA256 (haproxy-1.8.15.tar.gz) = cROGLxFG196LjmT0WCarNTPH9/e3dn4kwI98diICoDI=
|
||||
SIZE (haproxy-1.8.15.tar.gz) = 2076583
|
||||
|
@ -1,9 +1,9 @@
|
||||
$OpenBSD: patch-src_ssl_sock_c,v 1.9 2018/12/05 16:32:13 danj Exp $
|
||||
$OpenBSD: patch-src_ssl_sock_c,v 1.10 2018/12/15 20:25:54 danj Exp $
|
||||
|
||||
Index: src/ssl_sock.c
|
||||
--- src/ssl_sock.c.orig
|
||||
+++ src/ssl_sock.c
|
||||
@@ -2067,7 +2067,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *
|
||||
@@ -2088,7 +2088,7 @@ static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *
|
||||
SSL_set_SSL_CTX(ssl, ctx);
|
||||
}
|
||||
|
||||
@ -12,7 +12,7 @@ Index: src/ssl_sock.c
|
||||
|
||||
static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
|
||||
{
|
||||
@@ -3795,7 +3795,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
|
||||
@@ -3820,7 +3820,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
|
||||
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
|
||||
@ -21,7 +21,7 @@ Index: src/ssl_sock.c
|
||||
SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
|
||||
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
|
||||
#else
|
||||
@@ -5019,7 +5019,7 @@ static int ssl_sock_init(struct connection *conn)
|
||||
@@ -5067,7 +5067,7 @@ static int ssl_sock_init(struct connection *conn)
|
||||
|
||||
/* leave init state and start handshake */
|
||||
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
|
||||
@ -30,7 +30,7 @@ Index: src/ssl_sock.c
|
||||
conn->flags |= CO_FL_EARLY_SSL_HS;
|
||||
#endif
|
||||
|
||||
@@ -5049,7 +5049,7 @@ int ssl_sock_handshake(struct connection *conn, unsign
|
||||
@@ -5097,7 +5097,7 @@ int ssl_sock_handshake(struct connection *conn, unsign
|
||||
if (!conn->xprt_ctx)
|
||||
goto out_error;
|
||||
|
||||
@ -39,7 +39,7 @@ Index: src/ssl_sock.c
|
||||
/*
|
||||
* Check if we have early data. If we do, we have to read them
|
||||
* before SSL_do_handshake() is called, And there's no way to
|
||||
@@ -5117,11 +5117,11 @@ int ssl_sock_handshake(struct connection *conn, unsign
|
||||
@@ -5165,11 +5165,11 @@ int ssl_sock_handshake(struct connection *conn, unsign
|
||||
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
|
||||
conn->flags &= ~CO_FL_WAIT_L4_CONN;
|
||||
if (!conn->err_code) {
|
||||
@ -53,7 +53,7 @@ Index: src/ssl_sock.c
|
||||
OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
|
||||
empty_handshake = state == TLS_ST_BEFORE;
|
||||
#else
|
||||
@@ -5201,11 +5201,11 @@ check_error:
|
||||
@@ -5249,11 +5249,11 @@ check_error:
|
||||
if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
|
||||
conn->flags &= ~CO_FL_WAIT_L4_CONN;
|
||||
if (!conn->err_code) {
|
||||
@ -67,7 +67,7 @@ Index: src/ssl_sock.c
|
||||
OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
|
||||
empty_handshake = state == TLS_ST_BEFORE;
|
||||
#else
|
||||
@@ -5249,7 +5249,7 @@ check_error:
|
||||
@@ -5297,7 +5297,7 @@ check_error:
|
||||
goto out_error;
|
||||
}
|
||||
}
|
||||
@ -76,7 +76,7 @@ Index: src/ssl_sock.c
|
||||
else {
|
||||
/*
|
||||
* If the server refused the early data, we have to send a
|
||||
@@ -5372,7 +5372,7 @@ static int ssl_sock_to_buf(struct connection *conn, st
|
||||
@@ -5420,7 +5420,7 @@ static int ssl_sock_to_buf(struct connection *conn, st
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -85,7 +85,7 @@ Index: src/ssl_sock.c
|
||||
if (conn->flags & CO_FL_EARLY_SSL_HS) {
|
||||
size_t read_length;
|
||||
|
||||
@@ -5509,7 +5509,7 @@ static int ssl_sock_from_buf(struct connection *conn,
|
||||
@@ -5557,7 +5557,7 @@ static int ssl_sock_from_buf(struct connection *conn,
|
||||
* in which case we accept to do it once again.
|
||||
*/
|
||||
while (buf->o) {
|
||||
@ -94,7 +94,7 @@ Index: src/ssl_sock.c
|
||||
size_t written_data;
|
||||
#endif
|
||||
|
||||
@@ -5528,7 +5528,7 @@ static int ssl_sock_from_buf(struct connection *conn,
|
||||
@@ -5576,7 +5576,7 @@ static int ssl_sock_from_buf(struct connection *conn,
|
||||
conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user