FreeBSD Bugzilla – Attachment 229917 Details for
Bug 260232
net/haproxy: Update to 2.5.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for haproxy
haproxy250-2.patch (text/plain), 14.95 KB, created by
Daniel Engberg
on 2021-12-05 10:56:34 UTC
(
hide
)
Description:
Patch for haproxy
Filename:
MIME Type:
Creator:
Daniel Engberg
Created:
2021-12-05 10:56:34 UTC
Size:
14.95 KB
patch
obsolete
>diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile >index 20fb5b3e1d8a..e24b1b7c685f 100644 >--- a/net/haproxy/Makefile >+++ b/net/haproxy/Makefile >@@ -1,9 +1,9 @@ > # Created by: Hugo Saro <hugo@barafranca.com> > > PORTNAME= haproxy >-DISTVERSION= 2.4.9 >+DISTVERSION= 2.5.0 > CATEGORIES= net www >-MASTER_SITES= http://www.haproxy.org/download/2.4/src/ >+MASTER_SITES= http://www.haproxy.org/download/2.5/src/ > > MAINTAINER= demon@FreeBSD.org > COMMENT= Reliable, high performance TCP/HTTP load balancer >@@ -14,33 +14,42 @@ LICENSE_COMB= multi > FLAVORS= default lua > FLAVOR?= ${FLAVORS:[1]} > >+USES= compiler:c++11-lang cpe gmake >+USE_RC_SUBR= haproxy >+ > default_CONFLICTS_INSTALL= haproxy-lua > lua_CONFLICTS_INSTALL= haproxy > lua_PKGNAMESUFFIX= -lua > >-CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21 >- >-USES= compiler:c++11-lang cpe gmake >-USE_RC_SUBR= haproxy >+CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21 haproxy22 haproxy23 > > ALL_TARGET= all admin/halog/halog > MAKE_ARGS= TARGET=freebsd DEFINE=-DFREEBSD_PORTS USE_GETADDRINFO=1 \ > USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_ACCEPT4=1 \ >- CC="${CC}" DEBUG_CFLAGS="" CPU_CFLAGS="${CFLAGS}" >+ CC="${CC}" DEBUG_CFLAGS="" CPU_CFLAGS="${CFLAGS}" \ >+ ${MAKE_ARGS_${ARCH}} >+ >+MAKE_ARGS_i386= USE_LIBATOMIC= > > OPTIONS_DEFINE= DOCS EXAMPLES LUA OPENSSL DEVICEATLAS PROMEX > OPTIONS_RADIO= PCRE >-OPTIONS_RADIO_PCRE= DPCRE SPCRE >-DPCRE_DESC= Link dynamically >-SPCRE_DESC= Link statically >+OPTIONS_RADIO_PCRE= DPCRE DPCRE2 SPCRE SPCRE2 >+DPCRE_DESC= Link pcre(1) dynamically >+DPCRE2_DESC= Link pcre2 dynamically >+SPCRE_DESC= Link pcre(1) statically >+SPCRE2_DESC= Link pcre2 statically > DEVICEATLAS_DESC= DeviceAtlas Device Detection support > PROMEX_DESC= Enable Prometheus exporter >-OPTIONS_DEFAULT= SPCRE OPENSSL >+OPTIONS_DEFAULT= DPCRE2 OPENSSL > > DPCRE_LIB_DEPENDS= libpcre.so:devel/pcre > DPCRE_MAKE_ARGS= USE_PCRE=1 USE_PCRE_JIT=1 >-SPCRE_LIB_DEPENDS= libpcre.so:devel/pcre >+DPCRE2_LIB_DEPENDS= libpcre2-8.so:devel/pcre2 >+DPCRE2_MAKE_ARGS= USE_PCRE2=1 USE_PCRE2_JIT=1 >+SPCRE_LIB_DEPENDS= libpcre.a:devel/pcre > SPCRE_MAKE_ARGS= USE_PCRE=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 >+SPCRE2_LIB_DEPENDS= libpcre2-8.a:devel/pcre2 >+SPCRE2_MAKE_ARGS= USE_PCRE2=1 USE_STATIC_PCRE2=1 USE_PCRE2_JIT=1 > DEVICEATLAS_LIB_DEPENDS= libda.so:net/deviceatlas-enterprise-c > DEVICEATLAS_MAKE_ARGS= USE_DEVICEATLAS=1 DEVICEATLAS_LIB=${LOCALBASE}/lib DEVICEATLAS_INC=${LOCALBASE}/include > PROMEX_MAKE_ARGS= USE_PROMEX=1 >@@ -53,12 +62,6 @@ LUA_MAKE_ARGS= USE_LUA=1 LUA_INC=${LUA_INCDIR} LUA_LIB=${LUA_LIBDIR} LUA_LIB_NA > OPTIONS_DEFAULT+= LUA > .endif > >-.include <bsd.port.pre.mk> >- >-.if ${ARCH} == "amd64" || ${ARCH} == "i386" >-MAKE_ARGS+= USE_REGPARM=1 >-.endif >- > do-install: > ${INSTALL_PROGRAM} ${WRKSRC}/haproxy ${STAGEDIR}${PREFIX}/sbin/ > ${INSTALL_PROGRAM} ${WRKSRC}/admin/halog/halog ${STAGEDIR}${PREFIX}/sbin/ >@@ -68,4 +71,4 @@ do-install: > ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} > (cd ${WRKSRC}/examples/ && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}) > >-.include <bsd.port.post.mk> >+.include <bsd.port.mk> >diff --git a/net/haproxy/distinfo b/net/haproxy/distinfo >index cbe087cb50a9..52b2fb44e8d6 100644 >--- a/net/haproxy/distinfo >+++ b/net/haproxy/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1637752468 >-SHA256 (haproxy-2.4.9.tar.gz) = d56c7fe3c5afedd1b9a19e1b7f8f954feaf50a9c2f205f99891043858b72a763 >-SIZE (haproxy-2.4.9.tar.gz) = 3604655 >+TIMESTAMP = 1638696476 >+SHA256 (haproxy-2.5.0.tar.gz) = 16a5ed6256ca3670e41b76366a892b08485643204a3ce72b6e7a2d9a313aa225 >+SIZE (haproxy-2.5.0.tar.gz) = 3803196 >diff --git a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat b/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat >deleted file mode 100644 >index e6f0291f8c89..000000000000 >--- a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat >+++ /dev/null >@@ -1,78 +0,0 @@ >-From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001 >-From: Willy Tarreau <w@1wt.eu> >-Date: Wed, 6 Oct 2021 11:23:32 +0200 >-Subject: CLEANUP: servers: do not include openssl-compat >- >-This is exactly the same as for listeners, servers only include >-openssl-compat to provide the SSL_CTX type to use as two pointers to >-contexts, and to detect if NPN, ALPN, and cipher suites are supported, >-and save up to 5 pointers in the ssl_ctx struct if not supported. This >-is pointless, as these ones have all been supported for about a decade, >-and including this file comes with a long dependency chain that impacts >-lots of other files. The ctx was made a void*. >- >-Now the build time was significantly reduced, from 9.2 to 8.1 seconds, >-thanks to opensslconf.h being included "only" 456 times instead of 2424 >-previously! >- >-The total number of lines of code compiled was reduced by 15%. >- >-(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd) >-[wt: this is backported to get rid of the painful #ifdef around SSL >- fields that regularly break backports] >-Signed-off-by: Willy Tarreau <w@1wt.eu> >---- >- include/haproxy/server-t.h | 10 +--------- >- 1 file changed, 1 insertion(+), 9 deletions(-) >- >-diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h >-index 429195388..32b649bf3 100644 >---- include/haproxy/server-t.h >-+++ include/haproxy/server-t.h >-@@ -35,9 +35,7 @@ >- #include <haproxy/freq_ctr-t.h> >- #include <haproxy/listener-t.h> >- #include <haproxy/obj_type-t.h> >--#include <haproxy/openssl-compat.h> >- #include <haproxy/resolvers-t.h> >--#include <haproxy/ssl_sock-t.h> >- #include <haproxy/stats-t.h> >- #include <haproxy/task-t.h> >- #include <haproxy/thread-t.h> >-@@ -341,7 +339,7 @@ struct server { >- #ifdef USE_OPENSSL >- char *sni_expr; /* Temporary variable to store a sample expression for SNI */ >- struct { >-- SSL_CTX *ctx; >-+ void *ctx; >- struct { >- unsigned char *ptr; >- int size; >-@@ -353,9 +351,7 @@ struct server { >- __decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */ >- >- char *ciphers; /* cipher suite to use if non-null */ >--#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES >- char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */ >--#endif >- int options; /* ssl options */ >- int verify; /* verify method (set of SSL_VERIFY_* flags) */ >- struct tls_version_filter methods; /* ssl methods */ >-@@ -363,14 +359,10 @@ struct server { >- char *ca_file; /* CAfile to use on verify */ >- char *crl_file; /* CRLfile to use on verify */ >- struct sample_expr *sni; /* sample expression for SNI */ >--#ifdef OPENSSL_NPN_NEGOTIATED >- char *npn_str; /* NPN protocol string */ >- int npn_len; /* NPN protocol string length */ >--#endif >--#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation >- char *alpn_str; /* ALPN protocol string */ >- int alpn_len; /* ALPN protocol string length */ >--#endif >- } ssl_ctx; >- #ifdef USE_QUIC >- struct quic_transport_params quic_params; /* QUIC transport parameters */ >--- >-2.28.0 >- >diff --git a/net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se b/net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se >deleted file mode 100644 >index 8e5064790cba..000000000000 >--- a/net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se >+++ /dev/null >@@ -1,163 +0,0 @@ >-From 6d395b766fd816cf2e7feea3286a689e635e35f9 Mon Sep 17 00:00:00 2001 >-From: Willy Tarreau <w@1wt.eu> >-Date: Wed, 6 Oct 2021 14:48:37 +0200 >-Subject: CLEANUP: server: always include the storage for SSL settings >- >-The SSL stuff in struct server takes less than 3% of it and requires >-lots of annoying ifdefs in the code just to take care of the cases >-where the field is absent. Let's get rid of this and stop including >-openssl-compat from server.c to detect NPN and ALPN capabilities. >- >-This reduces the total LoC by another 0.4%. >- >-(cherry picked from commit 80527bcb9d51d8506c8e7ef95de9c30d30722719) >-Signed-off-by: Christopher Faulet <cfaulet@haproxy.com> >-(cherry picked from commit 5279e61cee28b7012619906048edd2c8a9c89059) >-[wt: backported again to fix backport issues around SSL fields. It >- previously broke due to the absence of 'CLEANUP: servers: do not >- include openssl-compat' that was backported now] >-Signed-off-by: Willy Tarreau <w@1wt.eu> >---- >- include/haproxy/server-t.h | 2 -- >- src/server.c | 21 +++------------------ >- 2 files changed, 3 insertions(+), 20 deletions(-) >- >-diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h >-index 32b649bf3..90485f0c4 100644 >---- include/haproxy/server-t.h >-+++ include/haproxy/server-t.h >-@@ -336,7 +336,6 @@ struct server { >- unsigned int init_addr_methods; /* initial address setting, 3-bit per method, ends at 0, enough to store 10 entries */ >- enum srv_log_proto log_proto; /* used proto to emit messages on server lines from ring section */ >- >--#ifdef USE_OPENSSL >- char *sni_expr; /* Temporary variable to store a sample expression for SNI */ >- struct { >- void *ctx; >-@@ -367,7 +366,6 @@ struct server { >- #ifdef USE_QUIC >- struct quic_transport_params quic_params; /* QUIC transport parameters */ >- struct eb_root cids; /* QUIC connections IDs. */ >--#endif >- #endif >- struct resolv_srvrq *srvrq; /* Pointer representing the DNS SRV requeest, if any */ >- struct list srv_rec_item; /* to attach server to a srv record item */ >-diff --git a/src/server.c b/src/server.c >-index 54637dc9c..ea3271957 100644 >---- src/server.c >-+++ src/server.c >-@@ -1943,7 +1943,6 @@ const char *server_parse_maxconn_change_request(struct server *sv, >- return NULL; >- } >- >--#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME >- static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px, >- const char *file, int linenum, char **err) >- { >-@@ -1983,7 +1982,6 @@ static int server_parse_sni_expr(struct server *newsrv, struct proxy *px, char * >- >- return 0; >- } >--#endif >- >- static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err) >- { >-@@ -2080,14 +2078,11 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) >- if (src->ssl_ctx.methods.max) >- srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max; >- >--#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES >- if (src->ssl_ctx.ciphersuites != NULL) >- srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites); >--#endif >- if (src->sni_expr != NULL) >- srv->sni_expr = strdup(src->sni_expr); >- >--#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation >- if (src->ssl_ctx.alpn_str) { >- srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len); >- if (srv->ssl_ctx.alpn_str) { >-@@ -2096,8 +2091,7 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) >- srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len; >- } >- } >--#endif >--#ifdef OPENSSL_NPN_NEGOTIATED >-+ >- if (src->ssl_ctx.npn_str) { >- srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len); >- if (srv->ssl_ctx.npn_str) { >-@@ -2106,7 +2100,6 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) >- srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len; >- } >- } >--#endif >- } >- #endif >- >-@@ -2463,13 +2456,13 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px) >- >- srv_settings_cpy(newsrv, srv, 1); >- srv_prepare_for_resolution(newsrv, srv->hostname); >--#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME >-+ >- if (newsrv->sni_expr) { >- newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL); >- if (!newsrv->ssl_ctx.sni) >- goto err; >- } >--#endif >-+ >- /* append to list of servers available to receive an hostname */ >- if (newsrv->srvrq) >- LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item); >-@@ -2488,9 +2481,7 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px) >- err: >- _srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low); >- if (newsrv) { >--#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME >- release_sample_expr(newsrv->ssl_ctx.sni); >--#endif >- free_check(&newsrv->agent); >- free_check(&newsrv->check); >- LIST_DELETE(&newsrv->global_list); >-@@ -2748,7 +2739,6 @@ static int _srv_parse_kw(struct server *srv, char **args, int *cur_arg, >- return err_code; >- } >- >--#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME >- /* This function is first intended to be used through parse_server to >- * initialize a new server on startup. >- */ >-@@ -2767,7 +2757,6 @@ static int _srv_parse_sni_expr_init(char **args, int cur_arg, >- >- return ret; >- } >--#endif >- >- /* Server initializations finalization. >- * Initialize health check, agent check and SNI expression if enabled. >-@@ -2780,9 +2769,7 @@ static int _srv_parse_finalize(char **args, int cur_arg, >- struct server *srv, struct proxy *px, >- int parse_flags, char **errmsg) >- { >--#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME >- int ret; >--#endif >- >- if (srv->do_check && srv->trackit) { >- memprintf(errmsg, "unable to enable checks and tracking at the same time!"); >-@@ -2795,10 +2782,8 @@ static int _srv_parse_finalize(char **args, int cur_arg, >- return ERR_ALERT | ERR_FATAL; >- } >- >--#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME >- if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, errmsg)) != 0) >- return ret; >--#endif >- >- /* A dynamic server is disabled on startup. It must not be counted as >- * an active backend entry. >--- >-2.28.0 >- >diff --git a/net/haproxy/pkg-plist b/net/haproxy/pkg-plist >index 0d2754938a4b..972a2a81d4c9 100644 >--- a/net/haproxy/pkg-plist >+++ b/net/haproxy/pkg-plist >@@ -29,8 +29,14 @@ sbin/haproxy > %%PORTDOCS%%%%DOCSDIR%%/gpl.txt > %%PORTDOCS%%%%DOCSDIR%%/haproxy.1 > %%PORTDOCS%%%%DOCSDIR%%/internals/acl.txt >+%%PORTDOCS%%%%DOCSDIR%%/internals/api/buffer-api.txt >+%%PORTDOCS%%%%DOCSDIR%%/internals/api/filters.txt >+%%PORTDOCS%%%%DOCSDIR%%/internals/api/htx-api.txt >+%%PORTDOCS%%%%DOCSDIR%%/internals/api/initcalls.txt >+%%PORTDOCS%%%%DOCSDIR%%/internals/api/ist.txt >+%%PORTDOCS%%%%DOCSDIR%%/internals/api/list.txt >+%%PORTDOCS%%%%DOCSDIR%%/internals/api/scheduler.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/body-parsing.txt >-%%PORTDOCS%%%%DOCSDIR%%/internals/buffer-api.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/connect-status.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/connection-header.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/connection-scale.txt >@@ -40,15 +46,12 @@ sbin/haproxy > %%PORTDOCS%%%%DOCSDIR%%/internals/entities.svg > %%PORTDOCS%%%%DOCSDIR%%/internals/entities.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/fd-migration.txt >-%%PORTDOCS%%%%DOCSDIR%%/internals/filters.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/hashing.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/header-parser-speed.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/header-tree.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/http-cookies.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/http-docs.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/http-parsing.txt >-%%PORTDOCS%%%%DOCSDIR%%/internals/htx-api.txt >-%%PORTDOCS%%%%DOCSDIR%%/internals/initcalls.txt > %%PORTDOCS%%%%DOCSDIR%%/internals/list.fig > %%PORTDOCS%%%%DOCSDIR%%/internals/list.png > %%PORTDOCS%%%%DOCSDIR%%/internals/listener-states.fig
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=229917">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 260232
: 229917