haproxy: Update HAProxy to v1.8.25

- Update haproxy download URL and hash
- This fixes CVE-2020-11100 (http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=525fbbe388ba033d638ff2a4efb83ae6526db5ab)

Signed-off-by: Christian Lachner <gladiac@gmail.com>

diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index 022ee764c8d6ff5069cd4ed757154db65a77d5d8..5ced9c5af5ea5c09f73ac0ddc25836a0d9f110b0 100644 (file)
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -10,12 +10,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
-PKG_VERSION:=1.8.23
+PKG_VERSION:=1.8.25
 PKG_RELEASE:=1
 
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.haproxy.org/download/1.8/src/
-PKG_HASH:=de919164876ee0501e1ef01ca5ccc0d3bda2b96003f9d240f7b856010ccbf7eb
+PKG_HASH:=62c0b77de2275a54a443a869947ddcca2bad7bdc1cafd804732a0e0d59b1708b
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0

diff --git a/net/haproxy/get-latest-patches.sh b/net/haproxy/get-latest-patches.sh
index 925895350457669f0d89c70c90c0e7e986621b3a..ea8218932663384f620133d121427a6090946006 100755 (executable)
--- a/net/haproxy/get-latest-patches.sh
+++ b/net/haproxy/get-latest-patches.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 CLONEURL=http://git.haproxy.org/git/haproxy-1.8.git
-BASE_TAG=v1.8.23
+BASE_TAG=v1.8.25
 TMP_REPODIR=tmprepo
 PATCHESDIR=patches
 

diff --git a/net/haproxy/patches/000-deprecated-openssl.patch b/net/haproxy/patches/000-deprecated-openssl.patch
index d31a3e42f5f43d25eee33e02db9074a552d0af59..d6a6603f576a80f8b25b4b3d2820cfa617fcca14 100644 (file)
--- a/net/haproxy/patches/000-deprecated-openssl.patch
+++ b/net/haproxy/patches/000-deprecated-openssl.patch
@@ -46,7 +46,7 @@
                goto mkcert_error;
  
        /* set public key in the certificate */
-@@ -6399,7 +6411,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char
+@@ -6383,7 +6395,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char
                goto out;
  
        smp_trash = get_trash_chunk();
@@ -55,7 +55,7 @@
                goto out;
  
        smp->data.u.str = *smp_trash;
-@@ -6499,7 +6511,7 @@ smp_fetch_ssl_x_notbefore(const struct a
+@@ -6483,7 +6495,7 @@ smp_fetch_ssl_x_notbefore(const struct a
                goto out;
  
        smp_trash = get_trash_chunk();
@@ -64,7 +64,7 @@
                goto out;
  
        smp->data.u.str = *smp_trash;
-@@ -9070,7 +9082,9 @@ static void __ssl_sock_init(void)
+@@ -9054,7 +9066,9 @@ static void __ssl_sock_init(void)
  #endif
  
        xprt_register(XPRT_SSL, &ssl_sock);
@@ -74,7 +74,7 @@
  #if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
        cm = SSL_COMP_get_compression_methods();
        i = sk_SSL_COMP_num(cm);
-@@ -9079,7 +9093,7 @@ static void __ssl_sock_init(void)
+@@ -9063,7 +9077,7 @@ static void __ssl_sock_init(void)
        }
  #endif
  
@@ -83,7 +83,7 @@
        ssl_locking_init();
  #endif
  #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
-@@ -9108,8 +9122,8 @@ static void __ssl_sock_init(void)
+@@ -9092,8 +9106,8 @@ static void __ssl_sock_init(void)
  #else /* OPENSSL_IS_BORINGSSL */
                OPENSSL_VERSION_TEXT
                "\nRunning on OpenSSL version : %s%s",
@@ -94,7 +94,7 @@
  #endif
        memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
  #if OPENSSL_VERSION_NUMBER < 0x00907000L
-@@ -9200,12 +9214,14 @@ static void __ssl_sock_deinit(void)
+@@ -9184,12 +9198,14 @@ static void __ssl_sock_deinit(void)
        }
  #endif