diff options
author | Dmitry Sivachenko <demon@FreeBSD.org> | 2022-01-12 08:34:46 +0000 |
---|---|---|
committer | Dmitry Sivachenko <demon@FreeBSD.org> | 2022-01-12 08:58:14 +0000 |
commit | 14b3a4d9d0fb701cac10215daa1475cdac31cee2 (patch) | |
tree | 0331dbc228ef040ce5951d0234a5e6498f76e965 | |
parent | 649fbfd15a9b2d83c64b754b1ecf4a9b5dd03f19 (diff) | |
download | ports-14b3a4d9d0fb701cac10215daa1475cdac31cee2.tar.gz ports-14b3a4d9d0fb701cac10215daa1475cdac31cee2.zip |
net/haproxy: update to version 2.5.1.
PR: 260232
Submitted by: diizzy
-rw-r--r-- | net/haproxy/Makefile | 44 | ||||
-rw-r--r-- | net/haproxy/distinfo | 6 | ||||
-rw-r--r-- | net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat | 78 | ||||
-rw-r--r-- | net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se | 163 | ||||
-rw-r--r-- | net/haproxy/pkg-plist | 11 |
5 files changed, 30 insertions, 272 deletions
diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 195b35221776..205da80f720e 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -1,9 +1,9 @@ # Created by: Hugo Saro <hugo@barafranca.com> PORTNAME= haproxy -DISTVERSION= 2.4.12 +DISTVERSION= 2.5.1 CATEGORIES= net www -MASTER_SITES= http://www.haproxy.org/download/2.4/src/ +MASTER_SITES= http://www.haproxy.org/download/2.5/src/ MAINTAINER= demon@FreeBSD.org COMMENT= Reliable, high performance TCP/HTTP load balancer @@ -14,35 +14,43 @@ LICENSE_COMB= multi FLAVORS= default lua FLAVOR?= ${FLAVORS:[1]} +USES= compiler:c++11-lang cpe gmake +USE_RC_SUBR= haproxy + default_CONFLICTS_INSTALL= haproxy-lua lua_CONFLICTS_INSTALL= haproxy lua_PKGNAMESUFFIX= -lua -CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21 - -USES= compiler:c++11-lang cpe gmake -USE_RC_SUBR= haproxy +CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21 haproxy22 haproxy23 haproxy24 ALL_TARGET= all admin/halog/halog MAKE_ARGS= TARGET=freebsd DEFINE=-DFREEBSD_PORTS USE_GETADDRINFO=1 \ USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_ACCEPT4=1 \ CC="${CC}" DEBUG_CFLAGS="" CPU_CFLAGS="${CFLAGS}" \ ${MAKE_ARGS_${ARCH}} + MAKE_ARGS_i386= USE_LIBATOMIC= +MAKE_ARGS_powerpc= USE_LIBATOMIC= OPTIONS_DEFINE= DOCS EXAMPLES LUA OPENSSL DEVICEATLAS PROMEX OPTIONS_RADIO= PCRE -OPTIONS_RADIO_PCRE= DPCRE SPCRE -DPCRE_DESC= Link dynamically -SPCRE_DESC= Link statically +OPTIONS_RADIO_PCRE= DPCRE DPCRE2 SPCRE SPCRE2 +DPCRE_DESC= Link pcre(1) dynamically +DPCRE2_DESC= Link pcre2 dynamically +SPCRE_DESC= Link pcre(1) statically +SPCRE2_DESC= Link pcre2 statically DEVICEATLAS_DESC= DeviceAtlas Device Detection support PROMEX_DESC= Enable Prometheus exporter -OPTIONS_DEFAULT= SPCRE OPENSSL +OPTIONS_DEFAULT= DPCRE2 OPENSSL DPCRE_LIB_DEPENDS= libpcre.so:devel/pcre DPCRE_MAKE_ARGS= USE_PCRE=1 USE_PCRE_JIT=1 -SPCRE_LIB_DEPENDS= libpcre.so:devel/pcre +DPCRE2_LIB_DEPENDS= libpcre2-8.so:devel/pcre2 +DPCRE2_MAKE_ARGS= USE_PCRE2=1 USE_PCRE2_JIT=1 +SPCRE_LIB_DEPENDS= libpcre.a:devel/pcre SPCRE_MAKE_ARGS= USE_PCRE=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 +SPCRE2_LIB_DEPENDS= libpcre2-8.a:devel/pcre2 +SPCRE2_MAKE_ARGS= USE_PCRE2=1 USE_STATIC_PCRE2=1 USE_PCRE2_JIT=1 DEVICEATLAS_LIB_DEPENDS= libda.so:net/deviceatlas-enterprise-c DEVICEATLAS_MAKE_ARGS= USE_DEVICEATLAS=1 DEVICEATLAS_LIB=${LOCALBASE}/lib DEVICEATLAS_INC=${LOCALBASE}/include PROMEX_MAKE_ARGS= USE_PROMEX=1 @@ -55,18 +63,6 @@ LUA_MAKE_ARGS= USE_LUA=1 LUA_INC=${LUA_INCDIR} LUA_LIB=${LUA_LIBDIR} LUA_LIB_NA OPTIONS_DEFAULT+= LUA .endif -.include <bsd.port.options.mk> - -.if ${ARCH} == powerpc -MAKE_ARGS+= USE_LIBATOMIC= -.endif - -.include <bsd.port.pre.mk> - -.if ${ARCH} == "amd64" || ${ARCH} == "i386" -MAKE_ARGS+= USE_REGPARM=1 -.endif - do-install: ${INSTALL_PROGRAM} ${WRKSRC}/haproxy ${STAGEDIR}${PREFIX}/sbin/ ${INSTALL_PROGRAM} ${WRKSRC}/admin/halog/halog ${STAGEDIR}${PREFIX}/sbin/ @@ -76,4 +72,4 @@ do-install: ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} (cd ${WRKSRC}/examples/ && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR}) -.include <bsd.port.post.mk> +.include <bsd.port.mk> diff --git a/net/haproxy/distinfo b/net/haproxy/distinfo index 29b1590a04af..44d05cb2cfaf 100644 --- a/net/haproxy/distinfo +++ b/net/haproxy/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1641898062 -SHA256 (haproxy-2.4.12.tar.gz) = 6984a94466739e5e8188949a3d1731634087226a12aada8bf6f81f9d316ca4f3 -SIZE (haproxy-2.4.12.tar.gz) = 3607497 +TIMESTAMP = 1641976596 +SHA256 (haproxy-2.5.1.tar.gz) = 3e90790dfc832afa6ca4fdf4528de2ce2e74f3e1f74bed0d70ad54bd5920e954 +SIZE (haproxy-2.5.1.tar.gz) = 3811260 diff --git a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat b/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat deleted file mode 100644 index e6f0291f8c89..000000000000 --- a/net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat +++ /dev/null @@ -1,78 +0,0 @@ -From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001 -From: Willy Tarreau <w@1wt.eu> -Date: Wed, 6 Oct 2021 11:23:32 +0200 -Subject: CLEANUP: servers: do not include openssl-compat - -This is exactly the same as for listeners, servers only include -openssl-compat to provide the SSL_CTX type to use as two pointers to -contexts, and to detect if NPN, ALPN, and cipher suites are supported, -and save up to 5 pointers in the ssl_ctx struct if not supported. This -is pointless, as these ones have all been supported for about a decade, -and including this file comes with a long dependency chain that impacts -lots of other files. The ctx was made a void*. - -Now the build time was significantly reduced, from 9.2 to 8.1 seconds, -thanks to opensslconf.h being included "only" 456 times instead of 2424 -previously! - -The total number of lines of code compiled was reduced by 15%. - -(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd) -[wt: this is backported to get rid of the painful #ifdef around SSL - fields that regularly break backports] -Signed-off-by: Willy Tarreau <w@1wt.eu> ---- - include/haproxy/server-t.h | 10 +--------- - 1 file changed, 1 insertion(+), 9 deletions(-) - -diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h -index 429195388..32b649bf3 100644 ---- include/haproxy/server-t.h -+++ include/haproxy/server-t.h -@@ -35,9 +35,7 @@ - #include <haproxy/freq_ctr-t.h> - #include <haproxy/listener-t.h> - #include <haproxy/obj_type-t.h> --#include <haproxy/openssl-compat.h> - #include <haproxy/resolvers-t.h> --#include <haproxy/ssl_sock-t.h> - #include <haproxy/stats-t.h> - #include <haproxy/task-t.h> - #include <haproxy/thread-t.h> -@@ -341,7 +339,7 @@ struct server { - #ifdef USE_OPENSSL - char *sni_expr; /* Temporary variable to store a sample expression for SNI */ - struct { -- SSL_CTX *ctx; -+ void *ctx; - struct { - unsigned char *ptr; - int size; -@@ -353,9 +351,7 @@ struct server { - __decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */ - - char *ciphers; /* cipher suite to use if non-null */ --#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES - char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */ --#endif - int options; /* ssl options */ - int verify; /* verify method (set of SSL_VERIFY_* flags) */ - struct tls_version_filter methods; /* ssl methods */ -@@ -363,14 +359,10 @@ struct server { - char *ca_file; /* CAfile to use on verify */ - char *crl_file; /* CRLfile to use on verify */ - struct sample_expr *sni; /* sample expression for SNI */ --#ifdef OPENSSL_NPN_NEGOTIATED - char *npn_str; /* NPN protocol string */ - int npn_len; /* NPN protocol string length */ --#endif --#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - char *alpn_str; /* ALPN protocol string */ - int alpn_len; /* ALPN protocol string length */ --#endif - } ssl_ctx; - #ifdef USE_QUIC - struct quic_transport_params quic_params; /* QUIC transport parameters */ --- -2.28.0 - diff --git a/net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se b/net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se deleted file mode 100644 index 8e5064790cba..000000000000 --- a/net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se +++ /dev/null @@ -1,163 +0,0 @@ -From 6d395b766fd816cf2e7feea3286a689e635e35f9 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau <w@1wt.eu> -Date: Wed, 6 Oct 2021 14:48:37 +0200 -Subject: CLEANUP: server: always include the storage for SSL settings - -The SSL stuff in struct server takes less than 3% of it and requires -lots of annoying ifdefs in the code just to take care of the cases -where the field is absent. Let's get rid of this and stop including -openssl-compat from server.c to detect NPN and ALPN capabilities. - -This reduces the total LoC by another 0.4%. - -(cherry picked from commit 80527bcb9d51d8506c8e7ef95de9c30d30722719) -Signed-off-by: Christopher Faulet <cfaulet@haproxy.com> -(cherry picked from commit 5279e61cee28b7012619906048edd2c8a9c89059) -[wt: backported again to fix backport issues around SSL fields. It - previously broke due to the absence of 'CLEANUP: servers: do not - include openssl-compat' that was backported now] -Signed-off-by: Willy Tarreau <w@1wt.eu> ---- - include/haproxy/server-t.h | 2 -- - src/server.c | 21 +++------------------ - 2 files changed, 3 insertions(+), 20 deletions(-) - -diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h -index 32b649bf3..90485f0c4 100644 ---- include/haproxy/server-t.h -+++ include/haproxy/server-t.h -@@ -336,7 +336,6 @@ struct server { - unsigned int init_addr_methods; /* initial address setting, 3-bit per method, ends at 0, enough to store 10 entries */ - enum srv_log_proto log_proto; /* used proto to emit messages on server lines from ring section */ - --#ifdef USE_OPENSSL - char *sni_expr; /* Temporary variable to store a sample expression for SNI */ - struct { - void *ctx; -@@ -367,7 +366,6 @@ struct server { - #ifdef USE_QUIC - struct quic_transport_params quic_params; /* QUIC transport parameters */ - struct eb_root cids; /* QUIC connections IDs. */ --#endif - #endif - struct resolv_srvrq *srvrq; /* Pointer representing the DNS SRV requeest, if any */ - struct list srv_rec_item; /* to attach server to a srv record item */ -diff --git a/src/server.c b/src/server.c -index 54637dc9c..ea3271957 100644 ---- src/server.c -+++ src/server.c -@@ -1943,7 +1943,6 @@ const char *server_parse_maxconn_change_request(struct server *sv, - return NULL; - } - --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px, - const char *file, int linenum, char **err) - { -@@ -1983,7 +1982,6 @@ static int server_parse_sni_expr(struct server *newsrv, struct proxy *px, char * - - return 0; - } --#endif - - static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err) - { -@@ -2080,14 +2078,11 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) - if (src->ssl_ctx.methods.max) - srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max; - --#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES - if (src->ssl_ctx.ciphersuites != NULL) - srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites); --#endif - if (src->sni_expr != NULL) - srv->sni_expr = strdup(src->sni_expr); - --#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - if (src->ssl_ctx.alpn_str) { - srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len); - if (srv->ssl_ctx.alpn_str) { -@@ -2096,8 +2091,7 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) - srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len; - } - } --#endif --#ifdef OPENSSL_NPN_NEGOTIATED -+ - if (src->ssl_ctx.npn_str) { - srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len); - if (srv->ssl_ctx.npn_str) { -@@ -2106,7 +2100,6 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src) - srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len; - } - } --#endif - } - #endif - -@@ -2463,13 +2456,13 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px) - - srv_settings_cpy(newsrv, srv, 1); - srv_prepare_for_resolution(newsrv, srv->hostname); --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -+ - if (newsrv->sni_expr) { - newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL); - if (!newsrv->ssl_ctx.sni) - goto err; - } --#endif -+ - /* append to list of servers available to receive an hostname */ - if (newsrv->srvrq) - LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item); -@@ -2488,9 +2481,7 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px) - err: - _srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low); - if (newsrv) { --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - release_sample_expr(newsrv->ssl_ctx.sni); --#endif - free_check(&newsrv->agent); - free_check(&newsrv->check); - LIST_DELETE(&newsrv->global_list); -@@ -2748,7 +2739,6 @@ static int _srv_parse_kw(struct server *srv, char **args, int *cur_arg, - return err_code; - } - --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - /* This function is first intended to be used through parse_server to - * initialize a new server on startup. - */ -@@ -2767,7 +2757,6 @@ static int _srv_parse_sni_expr_init(char **args, int cur_arg, - - return ret; - } --#endif - - /* Server initializations finalization. - * Initialize health check, agent check and SNI expression if enabled. -@@ -2780,9 +2769,7 @@ static int _srv_parse_finalize(char **args, int cur_arg, - struct server *srv, struct proxy *px, - int parse_flags, char **errmsg) - { --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - int ret; --#endif - - if (srv->do_check && srv->trackit) { - memprintf(errmsg, "unable to enable checks and tracking at the same time!"); -@@ -2795,10 +2782,8 @@ static int _srv_parse_finalize(char **args, int cur_arg, - return ERR_ALERT | ERR_FATAL; - } - --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, errmsg)) != 0) - return ret; --#endif - - /* A dynamic server is disabled on startup. It must not be counted as - * an active backend entry. --- -2.28.0 - diff --git a/net/haproxy/pkg-plist b/net/haproxy/pkg-plist index 0d2754938a4b..972a2a81d4c9 100644 --- a/net/haproxy/pkg-plist +++ b/net/haproxy/pkg-plist @@ -29,8 +29,14 @@ sbin/haproxy %%PORTDOCS%%%%DOCSDIR%%/gpl.txt %%PORTDOCS%%%%DOCSDIR%%/haproxy.1 %%PORTDOCS%%%%DOCSDIR%%/internals/acl.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/api/buffer-api.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/api/filters.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/api/htx-api.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/api/initcalls.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/api/ist.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/api/list.txt +%%PORTDOCS%%%%DOCSDIR%%/internals/api/scheduler.txt %%PORTDOCS%%%%DOCSDIR%%/internals/body-parsing.txt -%%PORTDOCS%%%%DOCSDIR%%/internals/buffer-api.txt %%PORTDOCS%%%%DOCSDIR%%/internals/connect-status.txt %%PORTDOCS%%%%DOCSDIR%%/internals/connection-header.txt %%PORTDOCS%%%%DOCSDIR%%/internals/connection-scale.txt @@ -40,15 +46,12 @@ sbin/haproxy %%PORTDOCS%%%%DOCSDIR%%/internals/entities.svg %%PORTDOCS%%%%DOCSDIR%%/internals/entities.txt %%PORTDOCS%%%%DOCSDIR%%/internals/fd-migration.txt -%%PORTDOCS%%%%DOCSDIR%%/internals/filters.txt %%PORTDOCS%%%%DOCSDIR%%/internals/hashing.txt %%PORTDOCS%%%%DOCSDIR%%/internals/header-parser-speed.txt %%PORTDOCS%%%%DOCSDIR%%/internals/header-tree.txt %%PORTDOCS%%%%DOCSDIR%%/internals/http-cookies.txt %%PORTDOCS%%%%DOCSDIR%%/internals/http-docs.txt %%PORTDOCS%%%%DOCSDIR%%/internals/http-parsing.txt -%%PORTDOCS%%%%DOCSDIR%%/internals/htx-api.txt -%%PORTDOCS%%%%DOCSDIR%%/internals/initcalls.txt %%PORTDOCS%%%%DOCSDIR%%/internals/list.fig %%PORTDOCS%%%%DOCSDIR%%/internals/list.png %%PORTDOCS%%%%DOCSDIR%%/internals/listener-states.fig |