haproxy: Update HAProxy to v2.4.9

- Update haproxy download URL and hash - Switched over to using USE_LIBATOMIC in favor of -latomic - Added a patch which fixes nossl builds Signed-off-by: Christian Lachner <gladiac@gmail.com>
2021-11-26 12:00:44 +01:00 · 2021-11-26 12:00:44 +01:00 · 7b7366b1d9
commit 7b7366b1d9
parent a419d35d2f
3 changed files with 92 additions and 5 deletions
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -10,12 +10,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=haproxy
-PKG_VERSION:=2.4.7
+PKG_VERSION:=2.4.9
 PKG_RELEASE:=$(AUTORELEASE)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.haproxy.org/download/2.4/src
-PKG_HASH:=52af97f72f22ffd8a7a995fafc696291d37818feda50a23caef7dc0622421845
+PKG_HASH:=d56c7fe3c5afedd1b9a19e1b7f8f954feaf50a9c2f205f99891043858b72a763
 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
 		Christian Lachner <gladiac@gmail.com>
@ -102,13 +102,13 @@ define Build/Compile
 		PCREDIR="$(STAGING_DIR)/usr/" \
 		USE_LUA=1 LUA_LIB_NAME="lua5.3" LUA_INC="$(STAGING_DIR)/usr/include/lua5.3" LUA_LIB="$(STAGING_DIR)/usr/lib" \
 		SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \
-		USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_PROMEX=1 \
+		USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_LIBATOMIC=1 USE_PROMEX=1 \
 		VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \
 		VERDATE="$(shell date -d @$(SOURCE_DATE_EPOCH) '+%Y/%m/%d')" IGNOREGIT=1 \
 		$(ADDON) \
 		CFLAGS="$(TARGET_CFLAGS) -fno-strict-aliasing -Wdeclaration-after-statement -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-address-of-packed-member -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -fasynchronous-unwind-tables -Wno-null-dereference" \
 		LD="$(TARGET_CC)" \
-		LDFLAGS="$(TARGET_LDFLAGS) -latomic"
+		LDFLAGS="$(TARGET_LDFLAGS)"
 	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
--- a/net/haproxy/get-latest-patches.sh
+++ b/net/haproxy/get-latest-patches.sh
@ -1,7 +1,7 @@
 #!/bin/sh
 CLONEURL=https://git.haproxy.org/git/haproxy-2.4.git
-BASE_TAG=v2.4.4
+BASE_TAG=v2.4.9
 TMP_REPODIR=tmprepo
 PATCHESDIR=patches
--- a/net/haproxy/patches/000-BUILD-MINOR-server-fix-compilation-without-SSL.patch
+++ b/net/haproxy/patches/000-BUILD-MINOR-server-fix-compilation-without-SSL.patch
@ -0,0 +1,87 @@
 commit ea489aa18caacf057880c67b933689c363307a23
 Author: Amaury Denoyelle <adenoyelle@haproxy.com>
 Date:   Thu Nov 25 10:20:19 2021 +0100
    BUILD/MINOR: server: fix compilation without SSL
    The build without SSL was broken by the following backported commit:
      8e99b84dba7755e73563093a8fcedb25e70e7b94
      MEDIUM: server/backend: implement websocket protocol selection
    Fix this by checking the ALPN only if USE_OPENSSL and
    TLSEXT_TYPE_application_layer_protocol_negotiation are defined. Else
    always use the server mux-proto.
    No need to backport.
 --- a/src/server.c
 +++ b/src/server.c
@@ -204,7 +204,33 @@ void srv_set_dyncookie(struct server *s)
  */
 int srv_check_reuse_ws(struct server *srv)
 {
 -	if (srv->mux_proto || srv->use_ssl != 1 || !srv->ssl_ctx.alpn_str) {
 +#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
 +	if (!srv->mux_proto && srv->use_ssl && srv->ssl_ctx.alpn_str) {
 +		/* ALPN selection.
 +		 * Based on the assumption that only "h2" and "http/1.1" token
 +		 * are used on server ALPN.
 +		 */
 +		const struct ist alpn = ist2(srv->ssl_ctx.alpn_str,
 +		                             srv->ssl_ctx.alpn_len);
 +
 +		switch (srv->ws) {
 +		case SRV_WS_AUTO:
 +			/* for auto mode, consider reuse as possible if the
 +			 * server uses a single protocol ALPN
 +			 */
 +			if (!istchr(alpn, ','))
 +				return 1;
 +			break;
 +
 +		case SRV_WS_H2:
 +			return isteq(alpn, ist("\x02h2"));
 +
 +		case SRV_WS_H1:
 +			return isteq(alpn, ist("\x08http/1.1"));
 +		}
 +	}
 +	else {
 +#endif /* defined(OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) */
 		/* explicit srv.mux_proto or no ALPN : srv.mux_proto is used
 		 * for mux selection.
 		 */
@@ -232,31 +258,9 @@ int srv_check_reuse_ws(struct server *sr
 				return 1;
 			break;
 		}
 +#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
 	}
 -	else {
 -		/* ALPN selection.
 -		 * Based on the assumption that only "h2" and "http/1.1" token
 -		 * are used on server ALPN.
 -		 */
 -		const struct ist alpn = ist2(srv->ssl_ctx.alpn_str,
 -		                             srv->ssl_ctx.alpn_len);
 -
 -		switch (srv->ws) {
 -		case SRV_WS_AUTO:
 -			/* for auto mode, consider reuse as possible if the
 -			 * server uses a single protocol ALPN
 -			 */
 -			if (!istchr(alpn, ','))
 -				return 1;
 -			break;
 -
 -		case SRV_WS_H2:
 -			return isteq(alpn, ist("\x02h2"));
 -
 -		case SRV_WS_H1:
 -			return isteq(alpn, ist("\x08http/1.1"));
 -		}
 -	}
 +#endif /* defined(OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation) */
 	return 0;
 }