From 0db9f894deb02b49832547167c6e7ce6bd4ea44a Mon Sep 17 00:00:00 2001
From: Christian Lachner <gladiac@gmail.com>
Date: Fri, 3 Apr 2020 09:24:53 +0200
Subject: [PATCH] haproxy: Update HAProxy to v1.8.25

- Update haproxy download URL and hash
- This fixes CVE-2020-11100 (http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=525fbbe388ba033d638ff2a4efb83ae6526db5ab)

Signed-off-by: Christian Lachner <gladiac@gmail.com>
---
 net/haproxy/Makefile                             |  4 ++--
 net/haproxy/get-latest-patches.sh                |  2 +-
 net/haproxy/patches/000-deprecated-openssl.patch | 12 ++++++------
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index 022ee764c8..5ced9c5af5 100644
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -10,12 +10,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
-PKG_VERSION:=1.8.23
+PKG_VERSION:=1.8.25
 PKG_RELEASE:=1
 
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.haproxy.org/download/1.8/src/
-PKG_HASH:=de919164876ee0501e1ef01ca5ccc0d3bda2b96003f9d240f7b856010ccbf7eb
+PKG_HASH:=62c0b77de2275a54a443a869947ddcca2bad7bdc1cafd804732a0e0d59b1708b
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_LICENSE:=GPL-2.0
diff --git a/net/haproxy/get-latest-patches.sh b/net/haproxy/get-latest-patches.sh
index 9258953504..ea82189326 100755
--- a/net/haproxy/get-latest-patches.sh
+++ b/net/haproxy/get-latest-patches.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 CLONEURL=http://git.haproxy.org/git/haproxy-1.8.git
-BASE_TAG=v1.8.23
+BASE_TAG=v1.8.25
 TMP_REPODIR=tmprepo
 PATCHESDIR=patches
 
diff --git a/net/haproxy/patches/000-deprecated-openssl.patch b/net/haproxy/patches/000-deprecated-openssl.patch
index d31a3e42f5..d6a6603f57 100644
--- a/net/haproxy/patches/000-deprecated-openssl.patch
+++ b/net/haproxy/patches/000-deprecated-openssl.patch
@@ -46,7 +46,7 @@
  		goto mkcert_error;
  
  	/* set public key in the certificate */
-@@ -6399,7 +6411,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char
+@@ -6383,7 +6395,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char
  		goto out;
  
  	smp_trash = get_trash_chunk();
@@ -55,7 +55,7 @@
  		goto out;
  
  	smp->data.u.str = *smp_trash;
-@@ -6499,7 +6511,7 @@ smp_fetch_ssl_x_notbefore(const struct a
+@@ -6483,7 +6495,7 @@ smp_fetch_ssl_x_notbefore(const struct a
  		goto out;
  
  	smp_trash = get_trash_chunk();
@@ -64,7 +64,7 @@
  		goto out;
  
  	smp->data.u.str = *smp_trash;
-@@ -9070,7 +9082,9 @@ static void __ssl_sock_init(void)
+@@ -9054,7 +9066,9 @@ static void __ssl_sock_init(void)
  #endif
  
  	xprt_register(XPRT_SSL, &ssl_sock);
@@ -74,7 +74,7 @@
  #if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
  	cm = SSL_COMP_get_compression_methods();
  	i = sk_SSL_COMP_num(cm);
-@@ -9079,7 +9093,7 @@ static void __ssl_sock_init(void)
+@@ -9063,7 +9077,7 @@ static void __ssl_sock_init(void)
  	}
  #endif
  
@@ -83,7 +83,7 @@
  	ssl_locking_init();
  #endif
  #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
-@@ -9108,8 +9122,8 @@ static void __ssl_sock_init(void)
+@@ -9092,8 +9106,8 @@ static void __ssl_sock_init(void)
  #else /* OPENSSL_IS_BORINGSSL */
  	        OPENSSL_VERSION_TEXT
  		"\nRunning on OpenSSL version : %s%s",
@@ -94,7 +94,7 @@
  #endif
  	memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
  #if OPENSSL_VERSION_NUMBER < 0x00907000L
-@@ -9200,12 +9214,14 @@ static void __ssl_sock_deinit(void)
+@@ -9184,12 +9198,14 @@ static void __ssl_sock_deinit(void)
  	}
  #endif
  
-- 
2.30.2