[PATCH] haproxy: Update to version 2.5.5

[PATCH] haproxy: Update to version 2.5.5

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 13636 bytes --]

- Update from 2.4.15 to 2.5.5
- Update of rootfile not required
- Changelog
	2.5.5
	    - CI: github actions: add the output of $CC -dM -E-
	    - CI: github actions: use cache for OpenTracing
	    - CI: refactor OpenTracing build script
	    - CI: github actions: use cache for SSL libs
	    - CI: Consistently use actions/checkout(a)v2
	    - BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
	    - BUILD: tree-wide: mark a few numeric constants as explicitly long long
	    - BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
	    - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
	    - REGTESTS: fix the race conditions in normalize_uri.vtc
	    - REGTESTS: fix the race conditions in secure_memcmp.vtc
	    - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
	    - BUG/MINOR: pool: always align pool_heads to 64 bytes
	    - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
	    - BUILD: fix kFreeBSD build.
	    - MINOR: pools: add a new global option "no-memory-trimming"
	    - MINOR: stats: Add dark mode support for socket rows
	    - BUILD: pools: fix backport of no-memory-trimming on non-linux OS
	    - BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
	    - BUG/MINOR: add missing modes in proxy_mode_str()
	    - BUG/MINOR: cli: shows correct mode in "show sess"
	    - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
	    - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
	    - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
	    - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
	    - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
	    - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
	    - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
	    - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
	    - DEBUG: stream: Add the missing descriptions for stream trace events
	    - DEBUG: stream: Fix stream trace message to print response buffer state
	    - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
	    - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
	    - BUG/MEDIUM: httpclient: don't consume data before it was analyzed
	    - CLEANUP: htx: remove unused co_htx_remove_blk()
	    - BUG/MINOR: httpclient: consume partly the blocks when necessary
	    - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
	    - BUG/MEDIUM: httpclient: must manipulate head, not first
	    - REGTESTS: fix the race conditions in be2hex.vtc
	2.5.4
	    - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
	    - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
	    - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
	    - DOC: Fix usage/examples of deprecated ACLs
	    - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
	    - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
	    - CI: github: enable pool debugging by default
	    - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
	2.5.3
	    - MINOR: sock: move the unused socket cleaning code into its own function
	    - BUG/MEDIUM: mworker: close unused transferred FDs on load failure
	    - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
	    - BUG/MINOR: sink: Use the right field in appctx context in release callback
	    - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
	    - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
	    - BUG/MAJOR: compiler: relax alignment constraints on certain structures
	    - MINOR: httpclient: Don't limit data transfer to 1024 bytes
	    - BUG/MINOR: httpclient: reinit flags in httpclient_start()
	    - BUG/MINOR: mailers: negotiate SMTP, not ESMTP
	    - BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
	    - BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
	    - BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
	    - CLEANUP: httpclient/cli: fix indentation alignment of the help message
	    - BUG/MINOR: tools: url2sa reads ipv4 too far
	    - BUG/MEDIUM: httpclient: limit transfers to the maximum available room
	    - DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
	2.5.2
	    - BUG/MEDIUM: connection: properly leave stopping list on error
	    - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
	    - BUG/MINOR: httpclient: don't send an empty body
	    - BUG/MINOR: httpclient: set default Accept and User-Agent headers
	    - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
	    - BUILD/MINOR: fix solaris build with clang.
	    - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
	    - DOC: management: mark "set server ssl" as deprecated
	    - MEDIUM: cli: yield between each pipelined command
	    - MINOR: channel: add new function co_getdelim() to support multiple delimiters
	    - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
	    - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
	    - BUG/MEDIUM: cli: Never wait for more data on client shutdown
	    - BUG/MEDIUM: mcli: do not try to parse empty buffers
	    - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
	    - BUG/MINOR: stream: make the call_rate only count the no-progress calls
	    - DEBUG: cli: add a new "debug dev fd" expert command
	    - BUILD: debug/cli: condition test of O_ASYNC to its existence
	    - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
	    - REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
	    - BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
	    - BUG/MINOR: mworker: does not add the -sf in wait mode
	    - BUG/MINOR: pools: always flush pools about to be destroyed
	    - DEBUG: pools: add extra sanity checks when picking objects from a local cache
	    - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
	    - DEBUG: pools: replace the link pointer with the caller's address on pool_free()
	    - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
	    - BUG/MINOR: mworker: does not erase the pidfile upon reload
	    - DEBUG: fd: make sure we never try to insert/delete an impossible FD number
	    - MINOR: listener: replace the listener's spinlock with an rwlock
	    - BUG/MEDIUM: listener: read-lock the listener during accept()
	    - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
	    - BUG/MEDIUM: httpclient: Xfer the request when the stream is created
	    - BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
	    - BUG/MINOR: jwt: Double free in deinit function
	    - BUG/MINOR: jwt: Missing pkey free during cleanup
	    - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
	    - BUG/MINOR: httpclient/cli: display junk characters in vsn
	    - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
	    - BUG/MAJOR: spoe: properly detach all agents when releasing the applet
	    - REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
	    - REGTESTS: peers: leave a bit more time to peers to synchronize
	    - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
	    - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
	2.5.1
	    - BUG/MINOR: cache: Fix loop on cache entries in "show cache"
	    - BUG/MINOR: httpclient: allow to replace the host header
	    - BUG/MINOR: lua: don't expose internal proxies
	    - BUG/MINOR: lua: remove loop initial declarations
	    - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
	    - BUILD: evports: remove a leftover from the dead_fd cleanup
	    - BUG/MINOR: vars: Fix the set-var and unset-var converters
	    - BUG/MINOR: server: Don't rely on last default-server to init server SSL context
	    - BUG/MEDIUM: resolvers: Detach query item on response error
	    - BUG/MAJOR: segfault using multiple log forward sections.
	    - BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
	    - BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
	    - BUG/MINOR: mworker: deinit of thread poller was called when not initialized
	    - MINOR: mux-h1: Improve H1 traces by adding info about http parsers
	    - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
	    - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
	    - MINOR: cli: "show version" displays the current process version
	    - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
	    - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
	    - MINOR: http-rules: Add capture action to http-after-response ruleset
	    - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
	    - DOC: spoe: Clarify use of the event directive in spoe-message section
	    - DOC: config: Specify %Ta is only available in HTTP mode
	    - DOC: config: retry-on list is space-delimited
	    - DOC: config: fix error-log-format example
	    - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
	    - MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
	    - MINOR: pools: work around possibly slow malloc_trim() during gc
	    - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
	    - BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
	    - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
	    - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
	    - BUILD: ssl: unbreak the build with newer libressl
	    - DOC: fix misspelled keyword "resolve_retries" in resolvers
	    - DEBUG: ssl: make sure we never change a servername on established connections
	    - BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
	    - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
	    - REGTESTS: ssl: fix ssl_default_server.vtc
	    - MINOR: compat: detect support for dl_iterate_phdr()
	    - MINOR: debug: add ability to dump loaded shared libraries
	    - MINOR: debug: add support for -dL to dump library names at boot
	    - MINOR: proxy: add option idle-close-on-response
	    - MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
	    - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
	    - CI: Github Actions: do not show VTest failures if build failed
	    - BUG/MINOR: ssl: free the fields in srv->ssl_ctx
	    - BUG/MEDIUM: ssl: free the ckch instance linked to a server
	    - REGTESTS: ssl: update of a crt with server deletion
	    - BUILD/MINOR: cpuset FreeBSD 14 build fix.
	    - CI: github actions: update OpenSSL to 3.0.1
	    - BUILD/MINOR: tools: solaris build fix on dladdr.
	    - BUG/MINOR: cli: fix _getsocks with musl libc
	    - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
	    - BUG/MEDIUM: mworker: don't use _getsocks in wait mode
	    - BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
	    - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
	    - BUILD: cpuset: fix build issue on macos introduced by previous change
	    - CI: github actions: clean default step conditions
	2.5.0
	    - BUILD: SSL: add quictls build to scripts/build-ssl.sh
	    - BUILD: SSL: add QUICTLS to build matrix
	    - CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis
	    - BUILD: cli: clear a maybe-unused  warning on some older compilers
	    - BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword
	    - BUG/MINOR: ssl: make SSL counters atomic
	    - CLEANUP: assorted typo fixes in the code and comments
	    - BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
	    - MINOR: version: mention that it's stable now

Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 lfs/haproxy | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/haproxy b/lfs/haproxy
index 96911574d..7fa3b024e 100644
--- a/lfs/haproxy
+++ b/lfs/haproxy
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = The Reliable, High Performance TCP/HTTP Load Balancer
 
-VER        = 2.4.15
+VER        = 2.5.5
 
 # From: https://www.haproxy.org/download/2.4/src/haproxy-2.4.15.tar.gz
 
@@ -36,7 +36,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = haproxy
-PAK_VER    = 20
+PAK_VER    = 21
 
 DEPS       =
 
@@ -54,7 +54,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 425444a54e22cca8d15cb808283be3baefcd2ce56447d91bce3b4f4b7f6606e03d2eb8a242891c619cfd0fad9aba5bb84026c68d41f07cd55f083481df234899
+$(DL_FILE)_BLAKE2 = 0680925026edf56f4369c71092c39f4ff3956a8cf04320326623b3031f719d62077acdca457a6cfd82f6bcbf510920113a0328a2d8cd4a208c3d9e49e1d431b5
 
 install : $(TARGET)
 
-- 
2.35.1