- Update haproxy PKG_VERSION and PKG_HASH
- This release includes a fix for an OOB write. The official notes
do not list a CVE entry but I guess there is a chance for
security implications
- See changes: http://git.haproxy.org/?p=haproxy-2.6.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
The haproxy hotplug script creates a 'combined' certificate bundle that
contains both the certificate chain and the private key. However, having a
daemon hotplug script write into CERT_DIR is not great; so let's provide
the bundle as part of the main acme framework, keeping it in $domain_dir
and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a
collection of links for everything, that no consumers should need to write
into.
Also make sure to set the umask correctly so the combined file is not
world-readable (since it contains the private key).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Directly calling `/etc/init.d/<service> reload` in a hotplug script can
inadvertently start a stopped service.
Signed-off-by: Glen Huang <i@glenhuang.com>
- New major LTS release (https://www.mail-archive.com/haproxy@formilux.org/msg42371.html)
- Sadly, no QUIC/H3 support for now because the QuicTLS library - which is a fork of OpenSSL - would be needed. However, we do not have a package for that and I currently do not want to build and statically link it into the haproxy package
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Both packages provide the same packages and should conflict to each
other.
Fixes:
```
Packages 'haproxy' and 'haproxy-nossl' do not conflict while providing same file: /usr/sbin/haproxy
Packages 'haproxy' and 'haproxy-nossl' do not conflict while providing same file: /etc/haproxy.cfg
Packages 'haproxy' and 'haproxy-nossl' do not conflict while providing same file: /etc/init.d/haproxy
```
They should not be installed side by side.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- There should be shorter TITLE in Package/haproxy/Default
otherwise it is not shown
- No need to call Build/Prepare/Default
- Remove twice TITLE in non-SSL variant
- Make conffiles more clear
- Remove empty menu for halog
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- Update haproxy download URL and hash
- Switched over to using USE_LIBATOMIC in favor of -latomic
- Added a patch which fixes nossl builds
Signed-off-by: Christian Lachner <gladiac@gmail.com>
- Update haproxy download URL and hash
- Make build-target and parameters dependant on configured c-library
- Removed duplicate build-parameters
Signed-off-by: Christian Lachner <gladiac@gmail.com>
- New upstream major release with tons of new features and LTS (see: https://www.haproxy.com/blog/announcing-haproxy-2-4/)
- Update haproxy download URL and hash
- Activate promtheus exporter support the new way (using USE_PROMEX=1)
- Cleaned up haproxy-specific CFLAGS
- Changed the halog build to make use of the new Makefile target (admin/halog/halog)
Signed-off-by: Christian Lachner <gladiac@gmail.com>
- New major version (LTS release)
- Update haproxy download URL and hash
- Remove obsolete dladdr1-dependency-patch as it has been upstreamed
- USE_REGPARM is obsolete and therefore removed from our Makefile
Signed-off-by: Christian Lachner <gladiac@gmail.com>
