import haproxy-2.4.17-3.el9
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
a6d444d4a3
commit
eb6bc4b548
|
|
@ -1 +1 @@
|
|||
SOURCES/haproxy-2.4.7.tar.gz
|
||||
SOURCES/haproxy-2.4.17.tar.gz
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
d3f3a4ff293cb2d9ec2085cac324698d260e2739 SOURCES/haproxy-2.4.7.tar.gz
|
||||
28a0b8de9a6a4095406d190b83a024a11d7aedf6 SOURCES/haproxy-2.4.17.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,45 +0,0 @@
|
|||
From f22b032956bc492dcf47b2a909f91a6fb2c6e49b Mon Sep 17 00:00:00 2001
|
||||
From: William Lallemand <wlallemand@haproxy.org>
|
||||
Date: Wed, 2 Jun 2021 16:09:11 +0200
|
||||
Subject: [PATCH] BUILD: fix compilation for OpenSSL-3.0.0-alpha17
|
||||
|
||||
Some changes in the OpenSSL syntax API broke this syntax:
|
||||
#if SSL_OP_NO_TLSv1_3
|
||||
|
||||
OpenSSL made this change which broke our usage in commit f04bb0bce490de847ed0482b8ec9eabedd173852:
|
||||
|
||||
-# define SSL_OP_NO_TLSv1_3 (uint64_t)0x20000000
|
||||
+#define SSL_OP_BIT(n) ((uint64_t)1 << (uint64_t)n)
|
||||
+# define SSL_OP_NO_TLSv1_3 SSL_OP_BIT(29)
|
||||
|
||||
Which can't be evaluated by the preprocessor anymore.
|
||||
This patch replace the test by an openssl version test.
|
||||
|
||||
This fix part of #1276 issue.
|
||||
---
|
||||
src/ssl_sock.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index f596a831d..27a4c3531 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -2217,13 +2217,13 @@ static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
|
||||
: SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
|
||||
}
|
||||
static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
|
||||
-#if SSL_OP_NO_TLSv1_3
|
||||
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
|
||||
: SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
|
||||
#endif
|
||||
}
|
||||
static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
|
||||
-#if SSL_OP_NO_TLSv1_3
|
||||
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
|
||||
c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
|
||||
: SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
|
||||
#endif
|
||||
--
|
||||
2.31.1
|
||||
|
||||
|
|
@ -5,10 +5,10 @@ Wants=network-online.target
|
|||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/sysconfig/haproxy
|
||||
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid"
|
||||
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS
|
||||
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $OPTIONS
|
||||
ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS
|
||||
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "CFGDIR=/etc/haproxy/conf.d"
|
||||
ExecStartPre=/usr/sbin/haproxy -f $CONFIG -f $CFGDIR -c -q $OPTIONS
|
||||
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -f $CFGDIR -p $PIDFILE $OPTIONS
|
||||
ExecReload=/usr/sbin/haproxy -f $CONFIG -f $CFGDIR -c -q $OPTIONS
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
KillMode=mixed
|
||||
SuccessExitStatus=143
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@
|
|||
%global _hardened_build 1
|
||||
|
||||
Name: haproxy
|
||||
Version: 2.4.7
|
||||
Release: 1%{?dist}
|
||||
Version: 2.4.17
|
||||
Release: 3%{?dist}
|
||||
Summary: HAProxy reverse proxy for high availability environments
|
||||
|
||||
License: GPLv2+
|
||||
|
|
@ -21,8 +21,6 @@ Source3: %{name}.logrotate
|
|||
Source4: %{name}.sysconfig
|
||||
Source5: halog.1
|
||||
|
||||
Patch0: bz1984786-fix-openssl-build.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: lua-devel
|
||||
BuildRequires: pcre2-devel
|
||||
|
|
@ -50,7 +48,6 @@ availability environments. Indeed, it can:
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
regparm_opts=
|
||||
|
|
@ -77,6 +74,7 @@ popd
|
|||
%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
|
||||
%{__install} -d -m 0755 %{buildroot}%{haproxy_homedir}
|
||||
%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}
|
||||
%{__install} -d -m 0755 %{buildroot}%{haproxy_confdir}/conf.d
|
||||
%{__install} -d -m 0755 %{buildroot}%{_bindir}
|
||||
%{__install} -p -m 0755 ./admin/halog/halog %{buildroot}%{_bindir}/halog
|
||||
%{__install} -p -m 0755 ./admin/iprange/iprange %{buildroot}%{_bindir}/iprange
|
||||
|
|
@ -121,6 +119,7 @@ exit 0
|
|||
%license LICENSE
|
||||
%dir %{haproxy_homedir}
|
||||
%dir %{haproxy_confdir}
|
||||
%dir %{haproxy_confdir}/conf.d
|
||||
%dir %{haproxy_datadir}
|
||||
%{haproxy_datadir}/*
|
||||
%config(noreplace) %{haproxy_confdir}/%{name}.cfg
|
||||
|
|
@ -134,6 +133,16 @@ exit 0
|
|||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 25 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-3
|
||||
- Fix changelog and rebuild
|
||||
|
||||
* Wed Jun 08 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-2
|
||||
- Add configuration directory and update systemd unit file (#2093482)
|
||||
|
||||
* Wed May 25 2022 Ryan O'Hara <rohara@redhat.com> - 2.4.17-1
|
||||
- Update to 2.4.17 #(2088532)
|
||||
- Fix unbound loop when Set-Cookie2 header is present (#2070448)
|
||||
|
||||
* Wed Oct 13 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.7-1
|
||||
- Update to 2.4.7 (#1966688)
|
||||
- Fix domain parts in :scheme and :path fields (CVE-2021-39240, #1998196)
|
||||
|
|
|
|||
Loading…
Reference in New Issue