parent
df17da57cf
commit
9b60d54d0f
@ -1,45 +0,0 @@
|
||||
From f22b032956bc492dcf47b2a909f91a6fb2c6e49b Mon Sep 17 00:00:00 2001
|
||||
From: William Lallemand <wlallemand@haproxy.org>
|
||||
Date: Wed, 2 Jun 2021 16:09:11 +0200
|
||||
Subject: [PATCH] BUILD: fix compilation for OpenSSL-3.0.0-alpha17
|
||||
|
||||
Some changes in the OpenSSL syntax API broke this syntax:
|
||||
#if SSL_OP_NO_TLSv1_3
|
||||
|
||||
OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852:
|
||||
|
||||
-# define SSL_OP_NO_TLSv1_3 (uint64_t)0x20000000
|
||||
+#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n)
|
||||
+# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29)
|
||||
|
||||
Which can't be evaluated by the preprocessor anymore.
|
||||
This patch replace the test by an openssl version test.
|
||||
|
||||
This fix part of #1276 issue.
|
||||
---
|
||||
src/ssl_sock.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index f596a831d..27a4c3531 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
|
||||
: SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
|
||||
}
|
||||
static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
|
||||
-#if SSL_OP_NO_TLSv1_3
|
||||
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
|
||||
: SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
|
||||
#endif
|
||||
}
|
||||
static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
|
||||
-#if SSL_OP_NO_TLSv1_3
|
||||
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
|
||||
: SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
|
||||
#endif
|
||||
--
|
||||
2.31.1
|
||||
|
@ -7,7 +7,7 @@
|
||||
%global _hardened_build 1
|
||||
|
||||
Name: haproxy
|
||||
Version: 2.4.7
|
||||
Version: 2.4.17
|
||||
Release: 1%{?dist}
|
||||
Summary: HAProxy reverse proxy for high availability environments
|
||||
|
||||
@ -21,8 +21,6 @@ Source3: %{name}.logrotate
|
||||
Source4: %{name}.sysconfig
|
||||
Source5: halog.1
|
||||
|
||||
Patch0: bz1984786-fix-openssl-build.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: lua-devel
|
||||
BuildRequires: pcre2-devel
|
||||
@ -50,7 +48,6 @@ availability environments. Indeed, it can:
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
regparm_opts=
|
||||
@ -134,6 +131,10 @@ exit 0
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Wed May 25 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-1
|
||||
- Update to 2.4.17 #(2088532)
|
||||
- Fix unbound loop when Set-Cookie2 header is present (#2070448)
|
||||
|
||||
* Wed Oct 13 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.7-1
|
||||
- Update to 2.4.7 (#1966688)
|
||||
- Fix domain parts in :scheme and :path fields (CVE-2021-39240, #1998196)
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (haproxy-2.4.7.tar.gz) = 7ad8e9bd506d6f5919ff9ea97b08a4ec283bf580baefc7945632ea5a88a73081bb3d82586855efc7b7b9194558f12823c26b7a7498ac08c3efc158ea6583ec9f
|
||||
SHA512 (haproxy-2.4.17.tar.gz) = 98d46b6dbafd95977a32a6479266f3b9fe6e6ed57e39182a3d031add60dabfdaa7494083109a75eaa3e4b15d0293b11081f9b06556eee1777ede40ed6c002a7f
|
||||
|
Loading…
Reference in New Issue
Block a user