diff --git a/haproxy-1.6.0-ssl.crash.patch b/haproxy-1.6.0-ssl.crash.patch deleted file mode 100644 index 18e5832..0000000 --- a/haproxy-1.6.0-ssl.crash.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/include/types/connection.h b/include/types/connection.h -index dfbff6a..070d779 100644 ---- a/include/types/connection.h -+++ b/include/types/connection.h -@@ -122,7 +122,10 @@ enum { - /* This connection may not be shared between clients */ - CO_FL_PRIVATE = 0x10000000, - -- /* unused : 0x20000000, 0x40000000 */ -+ /* A dynamically generated SSL certificate was used for this connection */ -+ CO_FL_DYN_SSL_CTX = 0x20000000, -+ -+ /* unused : 0x40000000 */ - - /* This last flag indicates that the transport layer is used (for instance - * by logs) and must not be cleared yet. The last call to conn_xprt_close() -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index 5319532..2829af8 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -1232,6 +1232,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s) - ctx = ssl_sock_get_generated_cert(serial, s); - if (ctx) { - /* switch ctx */ -+ conn->flags |= CO_FL_DYN_SSL_CTX; - SSL_set_SSL_CTX(ssl, ctx); - return SSL_TLSEXT_ERR_OK; - } -@@ -1271,6 +1272,9 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s) - if (s->generate_certs && - (ctx = ssl_sock_generate_certificate(servername, s, ssl))) { - /* switch ctx */ -+ struct connection *conn = (struct connection *)SSL_get_app_data(ssl); -+ -+ conn->flags |= CO_FL_DYN_SSL_CTX; - SSL_set_SSL_CTX(ssl, ctx); - return SSL_TLSEXT_ERR_OK; - } -@@ -3124,11 +3128,11 @@ static void ssl_sock_close(struct connection *conn) { - - if (conn->xprt_ctx) { - #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -- if (!ssl_ctx_lru_tree && objt_listener(conn->target)) { -+ if ((conn->flags & CO_FL_DYN_SSL_CTX) && !ssl_ctx_lru_tree) { - SSL_CTX *ctx = SSL_get_SSL_CTX(conn->xprt_ctx); -- if (ctx != objt_listener(conn->target)->bind_conf->default_ctx) -- SSL_CTX_free(ctx); -+ SSL_CTX_free(ctx); - } -+ conn->flags &= ~CO_FL_DYN_SSL_CTX, - #endif - SSL_free(conn->xprt_ctx); - conn->xprt_ctx = NULL; diff --git a/haproxy-1.6.0.tar.gz b/haproxy-1.6.0.tar.gz deleted file mode 100644 index 058d322..0000000 --- a/haproxy-1.6.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e83a272b7d3638cf1d37bba58d3e75f497c1862315ee5bb7f5efc1d98d26e25b -size 1538022 diff --git a/haproxy-1.6.1.tar.gz b/haproxy-1.6.1.tar.gz new file mode 100644 index 0000000..5b0e1fd --- /dev/null +++ b/haproxy-1.6.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:71da2abe610ed42afd6678c2e95321db5f3c416fe2803235f75fc459d8246289 +size 1538337 diff --git a/haproxy.changes b/haproxy.changes index 07c84dd..03849d3 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de + +- update to 1.6.1 + - DOC: specify that stats socket doc (section 9.2) is in + management + - BUILD: install only relevant and existing documentation + - CLEANUP: don't ignore debian/ directory if present + - BUG/MINOR: dns: parsing error of some DNS response + - BUG/MEDIUM: namespaces: don't fail if no namespace is used + - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is + disabled + - MEDIUM: dns: Don't use the ANY query type +- drop haproxy-1.6.0-ssl.crash.patch included in update + ------------------------------------------------------------------- Mon Oct 19 16:15:57 UTC 2015 - mrueckert@suse.de diff --git a/haproxy.spec b/haproxy.spec index 33a1433..506ac96 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -41,7 +41,7 @@ %bcond_without apparmor Name: haproxy -Version: 1.6.0 +Version: 1.6.1 Release: 0 # # @@ -71,8 +71,7 @@ Source4: haproxy.cfg Patch1: haproxy-1.6.0_config_haproxy_user.patch Patch2: haproxy-1.6.0-makefile_lib.patch Patch3: haproxy-1.6.0-sec-options.patch -Patch4: haproxy-1.6.0-ssl.crash.patch -Patch5: haproxy-1.6.0-ssl-098.patch +Patch4: haproxy-1.6.0-ssl-098.patch # Source99: haproxy-rpmlintrc # @@ -107,7 +106,6 @@ the most work done from every CPU cycle. %patch2 %patch3 %patch4 -p1 -%patch5 -p1 %build %{__make} \