haproxy: Update HAProxy to v2.4.9

author Christian Lachner <gladiac@gmail.com>

Fri, 26 Nov 2021 11:00:44 +0000 (12:00 +0100)

committer Hannu Nyman <hannu.nyman@iki.fi>

Fri, 26 Nov 2021 14:07:09 +0000 (16:07 +0200)
author Christian Lachner <gladiac@gmail.com>
Fri, 26 Nov 2021 11:00:44 +0000 (12:00 +0100)
committer Hannu Nyman <hannu.nyman@iki.fi>
Fri, 26 Nov 2021 14:07:09 +0000 (16:07 +0200)
diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile

index 958132a6c5a7d2b349fdccfa4853900922de88dc..8423882ba8a465e1cd1f53b5ff1469333e510bb4 100644 (file)
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -10,12 +10,12 @@
  include $(TOPDIR)/rules.mk
  
  PKG_NAME:=haproxy
-PKG_VERSION:=2.4.7
+PKG_VERSION:=2.4.9
  PKG_RELEASE:=$(AUTORELEASE)
  
  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  PKG_SOURCE_URL:=https://www.haproxy.org/download/2.4/src
-PKG_HASH:=52af97f72f22ffd8a7a995fafc696291d37818feda50a23caef7dc0622421845
+PKG_HASH:=d56c7fe3c5afedd1b9a19e1b7f8f954feaf50a9c2f205f99891043858b72a763
  
  PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
                 Christian Lachner <gladiac@gmail.com>
@@ -102,13 +102,13 @@ define Build/Compile
                 PCREDIR="$(STAGING_DIR)/usr/" \
                 USE_LUA=1 LUA_LIB_NAME="lua5.3" LUA_INC="$(STAGING_DIR)/usr/include/lua5.3" LUA_LIB="$(STAGING_DIR)/usr/lib" \
                 SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \
-               USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_PROMEX=1 \
+               USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_LIBATOMIC=1 USE_PROMEX=1 \
                 VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \
                 VERDATE="$(shell date -d @$(SOURCE_DATE_EPOCH) '+%Y/%m/%d')" IGNOREGIT=1 \
                 $(ADDON) \
                 CFLAGS="$(TARGET_CFLAGS) -fno-strict-aliasing -Wdeclaration-after-statement -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-address-of-packed-member -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -fasynchronous-unwind-tables -Wno-null-dereference" \
                 LD="$(TARGET_CC)" \
-               LDFLAGS="$(TARGET_LDFLAGS) -latomic"
+               LDFLAGS="$(TARGET_LDFLAGS)"
  
         $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \
                 DESTDIR="$(PKG_INSTALL_DIR)" \
diff --git a/net/haproxy/get-latest-patches.sh b/net/haproxy/get-latest-patches.sh

index f664cfdd6a66baa4ab6013f8e8bda5eeb6dab312..f91c243db5089207347c77bd7846d478b28e7b1f 100755 (executable)
--- a/net/haproxy/get-latest-patches.sh
+++ b/net/haproxy/get-latest-patches.sh
@@ -1,7 +1,7 @@
  #!/bin/sh
  
  CLONEURL=https://git.haproxy.org/git/haproxy-2.4.git
-BASE_TAG=v2.4.4
+BASE_TAG=v2.4.9
  TMP_REPODIR=tmprepo
  PATCHESDIR=patches
  
diff --git a/net/haproxy/patches/000-BUILD-MINOR-server-fix-compilation-without-SSL.patch b/net/haproxy/patches/000-BUILD-MINOR-server-fix-compilation-without-SSL.patch

new file mode 100644 (file)

index 0000000..9cdab59
--- /dev/null
+++ b/net/haproxy/patches/000-BUILD-MINOR-server-fix-compilation-without-SSL.patch
@@ -0,0 +1,87 @@
+commit ea489aa18caacf057880c67b933689c363307a23
+Author: Amaury Denoyelle <adenoyelle@haproxy.com>
+Date:   Thu Nov 25 10:20:19 2021 +0100
+
+    BUILD/MINOR: server: fix compilation without SSL
+    
+    The build without SSL was broken by the following backported commit:
+      8e99b84dba7755e73563093a8fcedb25e70e7b94
+      MEDIUM: server/backend: implement websocket protocol selection
+    
+    Fix this by checking the ALPN only if USE_OPENSSL and
+    TLSEXT_TYPE_application_layer_protocol_negotiation are defined. Else
+    always use the server mux-proto.
+    
+    No need to backport.
+
+--- a/src/server.c
++++ b/src/server.c
+@@ -204,7 +204,33 @@ void srv_set_dyncookie(struct server *s)
+  */
+ int srv_check_reuse_ws(struct server *srv)
+ {
+-      if (srv->mux_proto || srv->use_ssl != 1 || !srv->ssl_ctx.alpn_str) {
++#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
++      if (!srv->mux_proto && srv->use_ssl && srv->ssl_ctx.alpn_str) {
++              /* ALPN selection.
++               * Based on the assumption that only "h2" and "http/1.1" token
++               * are used on server ALPN.
++               */
++              const struct ist alpn = ist2(srv->ssl_ctx.alpn_str,
++                                           srv->ssl_ctx.alpn_len);
++
++              switch (srv->ws) {
++              case SRV_WS_AUTO:
++                      /* for auto mode, consider reuse as possible if the
++                       * server uses a single protocol ALPN
++                       */
++                      if (!istchr(alpn, ','))
++                              return 1;
++                      break;
++
++              case SRV_WS_H2:
++                      return isteq(alpn, ist("\x02h2"));
++
++              case SRV_WS_H1:
++                      return isteq(alpn, ist("\x08http/1.1"));
++              }
++      }
++      else {
++#endif /* defined(OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) */
+               /* explicit srv.mux_proto or no ALPN : srv.mux_proto is used
+                * for mux selection.
+                */
+@@ -232,31 +258,9 @@ int srv_check_reuse_ws(struct server *sr
+                               return 1;
+                       break;
+               }
++#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
+       }
+-      else {
+-              /* ALPN selection.
+-               * Based on the assumption that only "h2" and "http/1.1" token
+-               * are used on server ALPN.
+-               */
+-              const struct ist alpn = ist2(srv->ssl_ctx.alpn_str,
+-                                           srv->ssl_ctx.alpn_len);
+-
+-              switch (srv->ws) {
+-              case SRV_WS_AUTO:
+-                      /* for auto mode, consider reuse as possible if the
+-                       * server uses a single protocol ALPN
+-                       */
+-                      if (!istchr(alpn, ','))
+-                              return 1;
+-                      break;
+-
+-              case SRV_WS_H2:
+-                      return isteq(alpn, ist("\x02h2"));
+-
+-              case SRV_WS_H1:
+-                      return isteq(alpn, ist("\x08http/1.1"));
+-              }
+-      }
++#endif /* defined(OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) */
+ 
+       return 0;
+ }
author	Christian Lachner <gladiac@gmail.com>
	Fri, 26 Nov 2021 11:00:44 +0000 (12:00 +0100)
committer	Hannu Nyman <hannu.nyman@iki.fi>
	Fri, 26 Nov 2021 14:07:09 +0000 (16:07 +0200)
net/haproxy/Makefile		patch \| blob \| history
net/haproxy/get-latest-patches.sh		patch \| blob \| history
net/haproxy/patches/000-BUILD-MINOR-server-fix-compilation-without-SSL.patch	[new file with mode: 0644]	patch \| blob