mykola/freebsd-ports
1
0
Fork 0
forked from Lainports/freebsd-ports
Code Pull requests Activity

net/haproxy: update to version 2.5.1.

Browse source 
PR: 260232
Submitted by: diizzy
This commit is contained in:
Dmitry Sivachenko 2022-01-12 08:34:46 +00:00
parent 649fbfd15a
commit 14b3a4d9d0
5 changed files with 30 additions and 272 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
net/haproxy/Makefile
View file

@ -1,9 +1,9 @@
# Created by: Hugo Saro <hugo@barafranca.com>
PORTNAME= haproxy
DISTVERSION= 2.4.12
DISTVERSION= 2.5.1
CATEGORIES= net www
MASTER_SITES= http://www.haproxy.org/download/2.4/src/
MASTER_SITES= http://www.haproxy.org/download/2.5/src/
MAINTAINER= demon@FreeBSD.org
COMMENT= Reliable, high performance TCP/HTTP load balancer
@ -14,35 +14,43 @@ LICENSE_COMB= multi
FLAVORS= default lua
FLAVOR?= ${FLAVORS:[1]}
USES= compiler:c++11-lang cpe gmake
USE_RC_SUBR= haproxy
default_CONFLICTS_INSTALL= haproxy-lua
lua_CONFLICTS_INSTALL= haproxy
lua_PKGNAMESUFFIX= -lua
CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21
USES= compiler:c++11-lang cpe gmake
USE_RC_SUBR= haproxy
CONFLICTS_INSTALL= haproxy-devel haproxy17 haproxy18 haproxy19 haproxy20 haproxy21 haproxy22 haproxy23 haproxy24
ALL_TARGET= all admin/halog/halog
MAKE_ARGS= TARGET=freebsd DEFINE=-DFREEBSD_PORTS USE_GETADDRINFO=1 \
USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_ACCEPT4=1 \
CC="${CC}" DEBUG_CFLAGS="" CPU_CFLAGS="${CFLAGS}" \
${MAKE_ARGS_${ARCH}}
MAKE_ARGS_i386= USE_LIBATOMIC=
MAKE_ARGS_powerpc= USE_LIBATOMIC=
OPTIONS_DEFINE= DOCS EXAMPLES LUA OPENSSL DEVICEATLAS PROMEX
OPTIONS_RADIO= PCRE
OPTIONS_RADIO_PCRE= DPCRE SPCRE
DPCRE_DESC= Link dynamically
SPCRE_DESC= Link statically
OPTIONS_RADIO_PCRE= DPCRE DPCRE2 SPCRE SPCRE2
DPCRE_DESC= Link pcre(1) dynamically
DPCRE2_DESC= Link pcre2 dynamically
SPCRE_DESC= Link pcre(1) statically
SPCRE2_DESC= Link pcre2 statically
DEVICEATLAS_DESC= DeviceAtlas Device Detection support
PROMEX_DESC= Enable Prometheus exporter
OPTIONS_DEFAULT= SPCRE OPENSSL
OPTIONS_DEFAULT= DPCRE2 OPENSSL
DPCRE_LIB_DEPENDS= libpcre.so:devel/pcre
DPCRE_MAKE_ARGS= USE_PCRE=1 USE_PCRE_JIT=1
SPCRE_LIB_DEPENDS= libpcre.so:devel/pcre
DPCRE2_LIB_DEPENDS= libpcre2-8.so:devel/pcre2
DPCRE2_MAKE_ARGS= USE_PCRE2=1 USE_PCRE2_JIT=1
SPCRE_LIB_DEPENDS= libpcre.a:devel/pcre
SPCRE_MAKE_ARGS= USE_PCRE=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1
SPCRE2_LIB_DEPENDS= libpcre2-8.a:devel/pcre2
SPCRE2_MAKE_ARGS= USE_PCRE2=1 USE_STATIC_PCRE2=1 USE_PCRE2_JIT=1
DEVICEATLAS_LIB_DEPENDS= libda.so:net/deviceatlas-enterprise-c
DEVICEATLAS_MAKE_ARGS= USE_DEVICEATLAS=1 DEVICEATLAS_LIB=${LOCALBASE}/lib DEVICEATLAS_INC=${LOCALBASE}/include
PROMEX_MAKE_ARGS= USE_PROMEX=1
@ -55,18 +63,6 @@ LUA_MAKE_ARGS= USE_LUA=1 LUA_INC=${LUA_INCDIR} LUA_LIB=${LUA_LIBDIR} LUA_LIB_NA
OPTIONS_DEFAULT+= LUA
.endif
.include <bsd.port.options.mk>
.if ${ARCH} == powerpc
MAKE_ARGS+= USE_LIBATOMIC=
.endif
.include <bsd.port.pre.mk>
.if ${ARCH} == "amd64" || ${ARCH} == "i386"
MAKE_ARGS+= USE_REGPARM=1
.endif
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/haproxy ${STAGEDIR}${PREFIX}/sbin/
${INSTALL_PROGRAM} ${WRKSRC}/admin/halog/halog ${STAGEDIR}${PREFIX}/sbin/
@ -76,4 +72,4 @@ do-install:
${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
(cd ${WRKSRC}/examples/ && ${COPYTREE_SHARE} \* ${STAGEDIR}${EXAMPLESDIR})
.include <bsd.port.post.mk>
.include <bsd.port.mk>

6
net/haproxy/distinfo
View file

@ -1,3 +1,3 @@
TIMESTAMP = 1641898062
SHA256 (haproxy-2.4.12.tar.gz) = 6984a94466739e5e8188949a3d1731634087226a12aada8bf6f81f9d316ca4f3
SIZE (haproxy-2.4.12.tar.gz) = 3607497
TIMESTAMP = 1641976596
SHA256 (haproxy-2.5.1.tar.gz) = 3e90790dfc832afa6ca4fdf4528de2ce2e74f3e1f74bed0d70ad54bd5920e954
SIZE (haproxy-2.5.1.tar.gz) = 3811260

78
net/haproxy/files/patch-0001-CLEANUP-servers-do-not-include-openssl-compat
View file

@ -1,78 +0,0 @@
From ce5ca630697a069ffbd81169663e5dbeb554179a Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 6 Oct 2021 11:23:32 +0200
Subject: CLEANUP: servers: do not include openssl-compat
This is exactly the same as for listeners, servers only include
openssl-compat to provide the SSL_CTX type to use as two pointers to
contexts, and to detect if NPN, ALPN, and cipher suites are supported,
and save up to 5 pointers in the ssl_ctx struct if not supported. This
is pointless, as these ones have all been supported for about a decade,
and including this file comes with a long dependency chain that impacts
lots of other files. The ctx was made a void*.
Now the build time was significantly reduced, from 9.2 to 8.1 seconds,
thanks to opensslconf.h being included "only" 456 times instead of 2424
previously!
The total number of lines of code compiled was reduced by 15%.
(cherry picked from commit 340ef2502eae2a37781e460d3590982c0e437fbd)
[wt: this is backported to get rid of the painful #ifdef around SSL
fields that regularly break backports]
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
include/haproxy/server-t.h | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
index 429195388..32b649bf3 100644
--- include/haproxy/server-t.h
+++ include/haproxy/server-t.h
@@ -35,9 +35,7 @@
#include <haproxy/freq_ctr-t.h>
#include <haproxy/listener-t.h>
#include <haproxy/obj_type-t.h>
-#include <haproxy/openssl-compat.h>
#include <haproxy/resolvers-t.h>
-#include <haproxy/ssl_sock-t.h>
#include <haproxy/stats-t.h>
#include <haproxy/task-t.h>
#include <haproxy/thread-t.h>
@@ -341,7 +339,7 @@ struct server {
#ifdef USE_OPENSSL
char *sni_expr; /* Temporary variable to store a sample expression for SNI */
struct {
- SSL_CTX *ctx;
+ void *ctx;
struct {
unsigned char *ptr;
int size;
@@ -353,9 +351,7 @@ struct server {
__decl_thread(HA_RWLOCK_T lock); /* lock the cache and SSL_CTX during commit operations */
char *ciphers; /* cipher suite to use if non-null */
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
char *ciphersuites; /* TLS 1.3 cipher suite to use if non-null */
-#endif
int options; /* ssl options */
int verify; /* verify method (set of SSL_VERIFY_* flags) */
struct tls_version_filter methods; /* ssl methods */
@@ -363,14 +359,10 @@ struct server {
char *ca_file; /* CAfile to use on verify */
char *crl_file; /* CRLfile to use on verify */
struct sample_expr *sni; /* sample expression for SNI */
-#ifdef OPENSSL_NPN_NEGOTIATED
char *npn_str; /* NPN protocol string */
int npn_len; /* NPN protocol string length */
-#endif
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
char *alpn_str; /* ALPN protocol string */
int alpn_len; /* ALPN protocol string length */
-#endif
} ssl_ctx;
#ifdef USE_QUIC
struct quic_transport_params quic_params; /* QUIC transport parameters */
--
2.28.0

163
net/haproxy/files/patch-0002-CLEANUP-server-always-include-the-storage-for-SSL-se
View file

@ -1,163 +0,0 @@
From 6d395b766fd816cf2e7feea3286a689e635e35f9 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 6 Oct 2021 14:48:37 +0200
Subject: CLEANUP: server: always include the storage for SSL settings
The SSL stuff in struct server takes less than 3% of it and requires
lots of annoying ifdefs in the code just to take care of the cases
where the field is absent. Let's get rid of this and stop including
openssl-compat from server.c to detect NPN and ALPN capabilities.
This reduces the total LoC by another 0.4%.
(cherry picked from commit 80527bcb9d51d8506c8e7ef95de9c30d30722719)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 5279e61cee28b7012619906048edd2c8a9c89059)
[wt: backported again to fix backport issues around SSL fields. It
previously broke due to the absence of 'CLEANUP: servers: do not
include openssl-compat' that was backported now]
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
include/haproxy/server-t.h | 2 --
src/server.c | 21 +++------------------
2 files changed, 3 insertions(+), 20 deletions(-)
diff --git a/include/haproxy/server-t.h b/include/haproxy/server-t.h
index 32b649bf3..90485f0c4 100644
--- include/haproxy/server-t.h
+++ include/haproxy/server-t.h
@@ -336,7 +336,6 @@ struct server {
unsigned int init_addr_methods; /* initial address setting, 3-bit per method, ends at 0, enough to store 10 entries */
enum srv_log_proto log_proto; /* used proto to emit messages on server lines from ring section */
-#ifdef USE_OPENSSL
char *sni_expr; /* Temporary variable to store a sample expression for SNI */
struct {
void *ctx;
@@ -367,7 +366,6 @@ struct server {
#ifdef USE_QUIC
struct quic_transport_params quic_params; /* QUIC transport parameters */
struct eb_root cids; /* QUIC connections IDs. */
-#endif
#endif
struct resolv_srvrq *srvrq; /* Pointer representing the DNS SRV requeest, if any */
struct list srv_rec_item; /* to attach server to a srv record item */
diff --git a/src/server.c b/src/server.c
index 54637dc9c..ea3271957 100644
--- src/server.c
+++ src/server.c
@@ -1943,7 +1943,6 @@ const char *server_parse_maxconn_change_request(struct server *sv,
return NULL;
}
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
static struct sample_expr *srv_sni_sample_parse_expr(struct server *srv, struct proxy *px,
const char *file, int linenum, char **err)
{
@@ -1983,7 +1982,6 @@ static int server_parse_sni_expr(struct server *newsrv, struct proxy *px, char *
return 0;
}
-#endif
static void display_parser_err(const char *file, int linenum, char **args, int cur_arg, int err_code, char **err)
{
@@ -2080,14 +2078,11 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
if (src->ssl_ctx.methods.max)
srv->ssl_ctx.methods.max = src->ssl_ctx.methods.max;
-#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
if (src->ssl_ctx.ciphersuites != NULL)
srv->ssl_ctx.ciphersuites = strdup(src->ssl_ctx.ciphersuites);
-#endif
if (src->sni_expr != NULL)
srv->sni_expr = strdup(src->sni_expr);
-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
if (src->ssl_ctx.alpn_str) {
srv->ssl_ctx.alpn_str = malloc(src->ssl_ctx.alpn_len);
if (srv->ssl_ctx.alpn_str) {
@@ -2096,8 +2091,7 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
srv->ssl_ctx.alpn_len = src->ssl_ctx.alpn_len;
}
}
-#endif
-#ifdef OPENSSL_NPN_NEGOTIATED
+
if (src->ssl_ctx.npn_str) {
srv->ssl_ctx.npn_str = malloc(src->ssl_ctx.npn_len);
if (srv->ssl_ctx.npn_str) {
@@ -2106,7 +2100,6 @@ static void srv_ssl_settings_cpy(struct server *srv, struct server *src)
srv->ssl_ctx.npn_len = src->ssl_ctx.npn_len;
}
}
-#endif
}
#endif
@@ -2463,13 +2456,13 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px)
srv_settings_cpy(newsrv, srv, 1);
srv_prepare_for_resolution(newsrv, srv->hostname);
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
if (newsrv->sni_expr) {
newsrv->ssl_ctx.sni = srv_sni_sample_parse_expr(newsrv, px, NULL, 0, NULL);
if (!newsrv->ssl_ctx.sni)
goto err;
}
-#endif
+
/* append to list of servers available to receive an hostname */
if (newsrv->srvrq)
LIST_APPEND(&newsrv->srvrq->attached_servers, &newsrv->srv_rec_item);
@@ -2488,9 +2481,7 @@ static int _srv_parse_tmpl_init(struct server *srv, struct proxy *px)
err:
_srv_parse_set_id_from_prefix(srv, srv->tmpl_info.prefix, srv->tmpl_info.nb_low);
if (newsrv) {
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
release_sample_expr(newsrv->ssl_ctx.sni);
-#endif
free_check(&newsrv->agent);
free_check(&newsrv->check);
LIST_DELETE(&newsrv->global_list);
@@ -2748,7 +2739,6 @@ static int _srv_parse_kw(struct server *srv, char **args, int *cur_arg,
return err_code;
}
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
/* This function is first intended to be used through parse_server to
* initialize a new server on startup.
*/
@@ -2767,7 +2757,6 @@ static int _srv_parse_sni_expr_init(char **args, int cur_arg,
return ret;
}
-#endif
/* Server initializations finalization.
* Initialize health check, agent check and SNI expression if enabled.
@@ -2780,9 +2769,7 @@ static int _srv_parse_finalize(char **args, int cur_arg,
struct server *srv, struct proxy *px,
int parse_flags, char **errmsg)
{
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
int ret;
-#endif
if (srv->do_check && srv->trackit) {
memprintf(errmsg, "unable to enable checks and tracking at the same time!");
@@ -2795,10 +2782,8 @@ static int _srv_parse_finalize(char **args, int cur_arg,
return ERR_ALERT | ERR_FATAL;
}
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if ((ret = _srv_parse_sni_expr_init(args, cur_arg, srv, px, errmsg)) != 0)
return ret;
-#endif
/* A dynamic server is disabled on startup. It must not be counted as
* an active backend entry.
--
2.28.0

11
net/haproxy/pkg-plist
View file

@ -29,8 +29,14 @@ sbin/haproxy
%%PORTDOCS%%%%DOCSDIR%%/gpl.txt
%%PORTDOCS%%%%DOCSDIR%%/haproxy.1
%%PORTDOCS%%%%DOCSDIR%%/internals/acl.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/api/buffer-api.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/api/filters.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/api/htx-api.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/api/initcalls.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/api/ist.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/api/list.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/api/scheduler.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/body-parsing.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/buffer-api.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/connect-status.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/connection-header.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/connection-scale.txt
@ -40,15 +46,12 @@ sbin/haproxy
%%PORTDOCS%%%%DOCSDIR%%/internals/entities.svg
%%PORTDOCS%%%%DOCSDIR%%/internals/entities.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/fd-migration.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/filters.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/hashing.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/header-parser-speed.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/header-tree.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/http-cookies.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/http-docs.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/http-parsing.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/htx-api.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/initcalls.txt
%%PORTDOCS%%%%DOCSDIR%%/internals/list.fig
%%PORTDOCS%%%%DOCSDIR%%/internals/list.png
%%PORTDOCS%%%%DOCSDIR%%/internals/listener-states.fig