package/haproxy: security bump to version 2.2.17

Fixes the following security issues: - CVE-2021-40346: An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_header() can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. For more details, see the advisory: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-12 21:04:25 +02:00 · 2021-09-12 21:04:25 +02:00 · 2f68843249
commit 2f68843249
parent 1a100f6ec8
2 changed files with 3 additions and 3 deletions
--- a/package/haproxy/haproxy.hash
+++ b/package/haproxy/haproxy.hash
@ -1,5 +1,5 @@
-# From: http://www.haproxy.org/download/2.2/src/haproxy-2.2.16.tar.gz.sha256
-sha256  b81e03a181070d1f7bcdaeec9f09af701fb1ab015c3c9c997a881f4773e29375  haproxy-2.2.16.tar.gz
+# From: http://www.haproxy.org/download/2.2/src/haproxy-2.2.17.tar.gz.sha256
+sha256  68af4aa3807d9c9f29b976d0ed57fb2e06acf7a185979059584862cc20d85be0  haproxy-2.2.17.tar.gz
 # Locally computed:
 sha256  0717ca51fceaa25ac9e5ccc62e0c727dcf27796057201fb5fded56a25ff6ca28  LICENSE
 sha256  5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a  doc/lgpl.txt
--- a/package/haproxy/haproxy.mk
+++ b/package/haproxy/haproxy.mk
@ -5,7 +5,7 @@
 ################################################################################

 HAPROXY_VERSION_MAJOR = 2.2
-HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).16
+HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).17
 HAPROXY_SITE = http://www.haproxy.org/download/$(HAPROXY_VERSION_MAJOR)/src
 HAPROXY_LICENSE = GPL-2.0+ and LGPL-2.1+ with exceptions
 HAPROXY_LICENSE_FILES = LICENSE doc/lgpl.txt doc/gpl.txt