cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
156,615 Commits 1 Branch 0 Tags
Commit Graph

88 Commits

Author SHA1 Message Date
danj
0ec190057a Update to haproxy-2.3.9 2021-04-03 14:53:30 +00:00
danj
8a85ad21ba Update to haproxy-2.3.7 2021-03-21 13:45:56 +00:00
danj
cd084c4e1b Update to haproxy-2.3.6 2021-03-06 18:13:48 +00:00
danj
c6ce35a2f5 Enable TLSv1.3 
This mimics what has been done in www/nginx.

Lack of TLSv1.3 pointed out by Brandon (theriverlethe at gmail).
From and ok tb@
 2021-02-21 15:05:21 +00:00
danj
825997f877 Update to haproxy-2.3.5 2021-02-13 22:09:37 +00:00
danj
824a5c3a3b Update to haproxy-2.3.4 
"Haproxy now supports keeping the private and public keys in
separate files, while previously, they needed to be in the same
file. This allows us to directly use the output of acme-client(1)
without doing extra scripting."

Based on a diff from Aisha Tammy who also authored the quote.
 2021-01-30 22:10:01 +00:00
danj
4de718f109 Update to haproxy-2.0.20 2021-01-17 15:22:56 +00:00
danj
104fe2bb47 Update to haproxy-2.0.19 2020-12-14 23:26:59 +00:00
danj
b8be89cd6d Add support for encrypted passwords in Userlists 
This is a backport from upstream:
BUILD: makefile: enable crypt(3) for OpenBSD (496374e)

Upstream diff from Matthieu Guegan, port one from brad. Prodded by both.
 2020-11-26 23:28:27 +00:00
danj
6ef539baf3 Backport two commits to support closefrom() 
From brad
 2020-10-24 18:27:51 +00:00
danj
73e1f9da9d Fix CFLAGS handling 
The proper variable to override for optimizations is CPU_CFLAGS.
Upstream Makefile adds -fno-strict-aliasing so remove it.

From brad
 2020-10-24 18:27:05 +00:00
danj
ffdc5178d6 Update to haproxy-2.0.18 2020-10-22 22:03:36 +00:00
danj
05464cc878 Add patch to fix vfprintf %s NULL in syslog 
From Willy Tarreau, via Matthieu Guegan
 2020-09-22 14:12:21 +00:00
danj
0859186aeb Update to haproxy-2.0.17 2020-09-21 19:19:05 +00:00
danj
da2a3863a9 Update to haproxy-2.0.15 2020-06-23 17:35:41 +00:00
cwen
250d5aaa37 haproxy: don't require `-latomic' anymore on powerpc, now that this arch 
switched to clang

OK danj@ (maintainer), also built by kettenis@
 2020-04-06 13:36:08 +00:00
sthen
b5edc4961c haproxy: use V=1 for building to unhide command lines. ok danj 2020-04-05 19:28:09 +00:00
danj
6f88c608f0 Update to haproxy-2.0.14 
From the Announce email:
The main driver for this release is that it contains a fix for a
serious vulnerability that was responsibly reported last week by
Felix Wilhelm from Google Project Zero, affecting the HPACK
decoder used for HTTP/2.  CVE-2020-11100 was assigned to this
issue.

This vulnerability makes it possible under certain circumstances
to write to a wide range of memory locations within the process'
heap, with the limitation that the attacker doesn't control the
absolute address, so the most likely result and by a far margin
will be a process crash, but it is not possible to completely
rule out the faint possibility of a remote code execution, at
least in a lab-controlled environment.
 2020-04-02 23:01:17 +00:00
danj
31b52064ac Update to haproxy-2.0.12 2020-02-06 20:16:26 +00:00
danj
b5cb592a59 Update to haproxy-2.0.8 
Enable zlib
From Matthieu Guegan (matthieu dot guegan at deindeal dot ch)
 2019-11-09 15:52:53 +00:00
danj
3a4e833600 Update to haproxy-1.9.10 2019-08-13 00:34:03 +00:00
sthen
48b0b9660c replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes 2019-07-12 20:48:23 +00:00
danj
20fb1d8c8f Update to haproxy-1.9.8 
With some help from tb@ for the LibreSSL part.
 2019-06-10 23:01:13 +00:00
cwen
235b5eb19d haproxy: needs atomics on macppc (and probably hppa) 
Successfully tested on macppc.

OK jca@, "no objection" danj@ (maintainer)
 2019-03-14 21:37:20 +00:00
jca
8642cc437b ports-gcc should bring atomic ops support on hppa, remove workaround 
"no objection" maintainer
 2019-01-14 18:18:59 +00:00
jca
e6f3ebf319 haproxy now uses TLS (__thread) by default, switch to ports-gcc on gcc archs 
"no objection" maintainer
 2019-01-14 18:17:50 +00:00
danj
5bdbf63dbc Update to haproxy-1.8.17 
Fix CVE-2018-20615: """BUG/CRITICAL: mux-h2: re-check the frame
length when PRIORITY is used

An incorrect frame length check is performed on HEADERS frame having
the PRIORITY flag, possibly resulting in a read-past-bound which can
cause a crash depending how the frame is crafted. All 1.9 and 1.8
versions are affected. As a result, all HTTP/2 users must either
upgrade or temporarily disable HTTP/2 by commenting the "npn h2" and
"alpn h2" statements on their related "bind" lines."""
 2019-01-11 01:09:50 +00:00
danj
2ea6f71113 Update to haproxy-1.8.16 2018-12-27 21:28:28 +00:00
danj
453877888b Update to haproxy-1.8.15 
2 CVEs are fixed with this update
 2018-12-15 20:25:54 +00:00
danj
dee14f1fc3 Update to haproxy-1.8.14 
This update brings HTTP/2 support.

Most libressl patching done by jsing@
ok tb@ jsing@
 2018-12-05 16:32:13 +00:00
danj
a4f3eb6c2e Update to haproxy-1.7.11 2018-05-26 16:40:04 +00:00
sthen
3d9171fba7 unbreak; we now have all functions that haproxy uses in openssl-compat.h 
(there are more !LIBRESSL pieces src/ssl_sock.c)
 2018-03-20 21:57:55 +00:00
sthen
139e13f31b we have all functions other than SSL_SESSION_set1_id now; unbreak, from jsing 2018-03-18 12:24:43 +00:00
sthen
03c18e5bcd fix now we have X509_get0_tbs_sigalg 2018-02-23 10:25:17 +00:00
sthen
671eca8fb6 cope with DH_set0_pqg addition 2018-02-19 10:26:10 +00:00
sthen
811c606bd1 add "defined(LIBRESSL_VERSION_NUMBER) && " to the ifdef 2018-02-15 13:58:25 +00:00
sthen
e9cb28456b adapt compat code conditionals for ASN1_STRING_get0_data() to unbreak 
since it was added in libressl, ok jsing
 2018-02-15 13:45:49 +00:00
danj
a66cab4eed Update to haproxy-1.7.10 2018-01-21 17:14:08 +00:00
jsg
9a190ffe23 Now that arm has switched to clang the base compiler has atomic builtins 
and accepts -mfpu=neon.

ok jca@ sthen@
 2018-01-20 14:03:39 +00:00
rpe
9a8b5ccd06 Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d 
daemon scripts and bump subpackages that contain the *.rc scripts.

discussed with and OK aja@
OK tb
 2018-01-11 19:27:01 +00:00
danj
5ba8a1c7fb Update to haproxy-1.7.9 
From ChangeLog: BUG/MAJOR: http: Fix possible infinity loop in
http_sync_(req|res)_state
 2017-08-21 01:32:19 +00:00
danj
88dc65fb0a Update to haproxy-1.7.8 
This moves the port to the latest stable branch. Thanks to Bernard Spil
for patching haproxy to make it work with libressl and pointing it to me!

OK gonzalo@
 2017-08-12 14:20:11 +00:00
danj
09168d30e1 Update to haproxy-1.6.13 2017-06-20 17:38:40 +00:00
danj
0737c10470 Update to haproxy-1.6.12 2017-04-05 03:34:57 +00:00
naddy
2e12ef0622 Unbreak after libressl change: remove direct access to field now private. 
Similar to upstream changes for OpenSSL 1.1.0.  Not tested at run time.
ok danj@ sthen@
 2017-02-01 15:49:34 +00:00
danj
892545f724 Update to haproxy-1.6.11 2016-12-30 14:02:17 +00:00
jca
d4b8d537c2 Needs __sync_sub_and_fetch_4 and friends, build with lang/gcc on arm. 
ok danj (maintainer)
 2016-12-29 14:05:08 +00:00
jca
898293df04 Move NO_TEST, and kill a trailing whitespace. 
ok danj@ (maintainer)
 2016-12-29 13:52:14 +00:00
danj
c0dee63708 Update to haproxy-1.6.10 2016-11-26 12:29:50 +00:00
danj
04a92c12b7 Patch has been (finally, yay) committed upstream 2016-10-20 16:19:11 +00:00