From 9b60d54d0f91d206a316c7af38869f37ea862aa3 Mon Sep 17 00:00:00 2001 From: Ryan O'Hara Date: Wed, 25 May 2022 10:05:04 -0500 Subject: [PATCH] Update to 2.4.17 Resolves: (#2088532, #2070448) --- bz1984786-fix-openssl-build.patch | 45 ------------------------------- haproxy.spec | 9 ++++--- sources | 2 +- 3 files changed, 6 insertions(+), 50 deletions(-) delete mode 100644 bz1984786-fix-openssl-build.patch diff --git a/bz1984786-fix-openssl-build.patch b/bz1984786-fix-openssl-build.patch deleted file mode 100644 index bac19bd..0000000 --- a/bz1984786-fix-openssl-build.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f22b032956bc492dcf47b2a909f91a6fb2c6e49b Mon Sep 17 00:00:00 2001 -From: William Lallemand -Date: Wed, 2 Jun 2021 16:09:11 +0200 -Subject: [PATCH] BUILD: fix compilation for OpenSSL-3.0.0-alpha17 - -Some changes in the OpenSSL syntax API broke this syntax: - #if SSL_OP_NO_TLSv1_3 - -OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852: - --# define SSL_OP_NO_TLSv1_3 (uint64_t)0x20000000 -+#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n) -+# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29) - -Which can't be evaluated by the preprocessor anymore. -This patch replace the test by an openssl version test. - -This fix part of #1276 issue. ---- - src/ssl_sock.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index f596a831d..27a4c3531 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) { - : SSL_set_min_proto_version(ssl, TLS1_2_VERSION); - } - static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) { --#if SSL_OP_NO_TLSv1_3 -+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) - c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION) - : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); - #endif - } - static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) { --#if SSL_OP_NO_TLSv1_3 -+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) - c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION) - : SSL_set_min_proto_version(ssl, TLS1_3_VERSION); - #endif --- -2.31.1 - diff --git a/haproxy.spec b/haproxy.spec index 98ac95c..b7f8fe7 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -7,7 +7,7 @@ %global _hardened_build 1 Name: haproxy -Version: 2.4.7 +Version: 2.4.17 Release: 1%{?dist} Summary: HAProxy reverse proxy for high availability environments @@ -21,8 +21,6 @@ Source3: %{name}.logrotate Source4: %{name}.sysconfig Source5: halog.1 -Patch0: bz1984786-fix-openssl-build.patch - BuildRequires: gcc BuildRequires: lua-devel BuildRequires: pcre2-devel @@ -50,7 +48,6 @@ availability environments. Indeed, it can: %prep %setup -q -%patch0 -p1 %build regparm_opts= @@ -134,6 +131,10 @@ exit 0 %{_mandir}/man1/* %changelog +* Wed May 25 2022 Ryan O'Hara - 2.4.17-1 +- Update to 2.4.17 #(2088532) +- Fix unbound loop when Set-Cookie2 header is present (#2070448) + * Wed Oct 13 2021 Ryan O'Hara - 2.4.7-1 - Update to 2.4.7 (#1966688) - Fix domain parts in :scheme and :path fields (CVE-2021-39240, #1998196) diff --git a/sources b/sources index 395c84e..50ab96e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (haproxy-2.4.7.tar.gz) = 7ad8e9bd506d6f5919ff9ea97b08a4ec283bf580baefc7945632ea5a88a73081bb3d82586855efc7b7b9194558f12823c26b7a7498ac08c3efc158ea6583ec9f +SHA512 (haproxy-2.4.17.tar.gz) = 98d46b6dbafd95977a32a6479266f3b9fe6e6ed57e39182a3d031add60dabfdaa7494083109a75eaa3e4b15d0293b11081f9b06556eee1777ede40ed6c002a7f