SHA256
1
0
forked from pool/haproxy

- update to 1.6.2

- BUILD: ssl: fix build error introduced in commit 7969a3 with
    OpenSSL < 1.0.0
  - DOC: fix a typo for a "deviceatlas" keyword
  - FIX: small typo in an example using the "Referer" header
  - BUG/MEDIUM: config: count memory limits on 64 bits, not 32
  - BUG/MAJOR: dns: first DNS response packet not matching queried
    hostname may lead to a loop
  - BUG/MINOR: dns: unable to parse CNAMEs response
  - BUG/MINOR: examples/haproxy.init: missing brace in
    quiet_check()
  - DOC: deviceatlas: more example use cases.
  - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
    install-bin.
  - BUG/MAJOR: http: don't requeue an idle connection that is
    already queued
  - DOC: typo on capture.res.hdr and capture.req.hdr
  - BUG/MINOR: dns: check for duplicate nameserver id in a
    resolvers section was missing
  - CLEANUP: use direction names in place of numeric values
  - BUG/MEDIUM: lua: sample fetches based on response doesn't work
- drop haproxy-1.6.0-ssl-098.patch: included upstream

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=122
This commit is contained in:
Marcus Rückert 2015-11-03 12:04:29 +00:00 committed by Git OBS Bridge
parent a0ac0e2dfc
commit 873fbe6a22
5 changed files with 30 additions and 58 deletions

View File

@ -1,52 +0,0 @@
From 76e79a8c8a98474f3caf701b75370f50729516b2 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@qualys.com>
Date: Mon, 19 Oct 2015 13:59:24 +0200
Subject: [PATCH 2/2] BUILD: ssl: fix build error introduced in commit 7969a3
with OpenSSL < 1.0.0
The function 'EVP_PKEY_get_default_digest_nid()' was introduced in OpenSSL
1.0.0. So for older version of OpenSSL, compiled with the SNI support, the
HAProxy compilation fails with the following error:
src/ssl_sock.c: In function 'ssl_sock_do_create_cert':
src/ssl_sock.c:1096:7: warning: implicit declaration of function 'EVP_PKEY_get_default_digest_nid'
if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
[...]
src/ssl_sock.c:1096: undefined reference to `EVP_PKEY_get_default_digest_nid'
collect2: error: ld returned 1 exit status
Makefile:760: recipe for target 'haproxy' failed
make: *** [haproxy] Error 1
So we must add a #ifdef to check the OpenSSL version (>= 1.0.0) to use this
function. It is used to get default signature digest associated to the private
key used to sign generated X509 certificates. It is called when the private key
differs than EVP_PKEY_RSA, EVP_PKEY_DSA and EVP_PKEY_EC. It should be enough for
most of cases.
---
src/ssl_sock.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 35a3edf..7c82464 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1091,12 +1091,16 @@ ssl_sock_do_create_cert(const char *servername, unsigned int serial,
else if (EVP_PKEY_type (capkey->type) == EVP_PKEY_EC)
digest = EVP_sha256();
else {
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
int nid;
if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
goto mkcert_error;
if (!(digest = EVP_get_digestbynid(nid)))
goto mkcert_error;
+#else
+ goto mkcert_error;
+#endif
}
if (!(X509_sign(newcrt, capkey, digest)))
--
2.4.3

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:71da2abe610ed42afd6678c2e95321db5f3c416fe2803235f75fc459d8246289
size 1538337

3
haproxy-1.6.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bd4a7eee79e1bfd25af59d956bb60e82acbb6f146f3fb3b30636036f4c9548d3
size 1538976

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Tue Nov 3 12:02:19 UTC 2015 - mrueckert@suse.de
- update to 1.6.2
- BUILD: ssl: fix build error introduced in commit 7969a3 with
OpenSSL < 1.0.0
- DOC: fix a typo for a "deviceatlas" keyword
- FIX: small typo in an example using the "Referer" header
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
- BUG/MAJOR: dns: first DNS response packet not matching queried
hostname may lead to a loop
- BUG/MINOR: dns: unable to parse CNAMEs response
- BUG/MINOR: examples/haproxy.init: missing brace in
quiet_check()
- DOC: deviceatlas: more example use cases.
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
install-bin.
- BUG/MAJOR: http: don't requeue an idle connection that is
already queued
- DOC: typo on capture.res.hdr and capture.req.hdr
- BUG/MINOR: dns: check for duplicate nameserver id in a
resolvers section was missing
- CLEANUP: use direction names in place of numeric values
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
- drop haproxy-1.6.0-ssl-098.patch: included upstream
-------------------------------------------------------------------
Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de

View File

@ -41,7 +41,7 @@
%bcond_without apparmor
Name: haproxy
Version: 1.6.1
Version: 1.6.2
Release: 0
#
#
@ -71,7 +71,6 @@ Source4: haproxy.cfg
Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch
Patch4: haproxy-1.6.0-ssl-098.patch
#
Source99: haproxy-rpmlintrc
#
@ -105,7 +104,6 @@ the most work done from every CPU cycle.
%patch1 -p1
%patch2
%patch3
%patch4 -p1
%build
%{__make} \