import haproxy-2.4.17-3.el9

This commit is contained in:
CentOS Sources 2022-09-27 05:08:32 -04:00 committed by Stepan Oksanichenko
parent a6d444d4a3
commit eb6bc4b548
5 changed files with 20 additions and 56 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/haproxy-2.4.7.tar.gz
SOURCES/haproxy-2.4.17.tar.gz

View File

@ -1 +1 @@
d3f3a4ff293cb2d9ec2085cac324698d260e2739 SOURCES/haproxy-2.4.7.tar.gz
28a0b8de9a6a4095406d190b83a024a11d7aedf6 SOURCES/haproxy-2.4.17.tar.gz

View File

@ -1,45 +0,0 @@
From f22b032956bc492dcf47b2a909f91a6fb2c6e49b Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Wed, 2 Jun 2021 16:09:11 +0200
Subject: [PATCH] BUILD: fix compilation for OpenSSL-3.0.0-alpha17
Some changes in the OpenSSL syntax API broke this syntax:
#if SSL_OP_NO_TLSv1_3
OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852:
-# define SSL_OP_NO_TLSv1_3 (uint64_t)0x20000000
+#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n)
+# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29)
Which can't be evaluated by the preprocessor anymore.
This patch replace the test by an openssl version test.
This fix part of #1276 issue.
---
src/ssl_sock.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f596a831d..27a4c3531 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
: SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
}
static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
-#if SSL_OP_NO_TLSv1_3
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
: SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
#endif
}
static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
-#if SSL_OP_NO_TLSv1_3
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
: SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
#endif
--
2.31.1

View File

@ -5,10 +5,10 @@ Wants=network-online.target
[Service]
EnvironmentFile=-/etc/sysconfig/haproxy
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid"
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $OPTIONS
ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "CFGDIR=/etc/haproxy/conf.d"
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -f $CFGDIR -c -q $OPTIONS
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -f $CFGDIR -p $PIDFILE $OPTIONS
ExecReload=/usr/sbin/haproxy -f $CONFIG -f $CFGDIR -c -q $OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
SuccessExitStatus=143

View File

@ -7,8 +7,8 @@
%global _hardened_build 1
Name: haproxy
Version: 2.4.7
Release: 1%{?dist}
Version: 2.4.17
Release: 3%{?dist}
Summary: HAProxy reverse proxy for high availability environments
License: GPLv2+
@ -21,8 +21,6 @@ Source3: %{name}.logrotate
Source4: %{name}.sysconfig
Source5: halog.1
Patch0: bz1984786-fix-openssl-build.patch
BuildRequires: gcc
BuildRequires: lua-devel
BuildRequires: pcre2-devel
@ -50,7 +48,6 @@ availability environments. Indeed, it can:
%prep
%setup -q
%patch0 -p1
%build
regparm_opts=
@ -77,6 +74,7 @@ popd
%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
%{__install} -d -m 0755 %{buildroot}%{haproxy_homedir}
%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}
%{__install} -d -m 0755 %{buildroot}%{haproxy_confdir}/conf.d
%{__install} -d -m 0755 %{buildroot}%{_bindir}
%{__install} -p -m 0755 ./admin/halog/halog %{buildroot}%{_bindir}/halog
%{__install} -p -m 0755 ./admin/iprange/iprange %{buildroot}%{_bindir}/iprange
@ -121,6 +119,7 @@ exit 0
%license LICENSE
%dir %{haproxy_homedir}
%dir %{haproxy_confdir}
%dir %{haproxy_confdir}/conf.d
%dir %{haproxy_datadir}
%{haproxy_datadir}/*
%config(noreplace) %{haproxy_confdir}/%{name}.cfg
@ -134,6 +133,16 @@ exit 0
%{_mandir}/man1/*
%changelog
* Mon Jul 25 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-3
- Fix changelog and rebuild
* Wed Jun 08 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-2
- Add configuration directory and update systemd unit file (#2093482)
* Wed May 25 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-1
- Update to 2.4.17 #(2088532)
- Fix unbound loop when Set-Cookie2 header is present (#2070448)
* Wed Oct 13 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.7-1
- Update to 2.4.7 (#1966688)
- Fix domain parts in :scheme and :path fields (CVE-2021-39240, #1998196)