package/haproxy: security bump to version 2.0.10

Fixes the following security vulnerabilities:

- CVE-2019-19330: The HTTP/2 implementation in HAProxy before 2.0.10
  mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd),
  line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka
  Intermediary Encapsulation Attacks.

In addition, 2.0.6..10 fixes a number of bugs.  See the changelog for
details:

https://www.haproxy.org/download/2.0/src/CHANGELOG

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/haproxy/haproxy.hash b/package/haproxy/haproxy.hash
index 0b4ecdc25c1321aba6215beb7b9d1c2b703980c5..87a29eeba13180b40bdc9373e129ee901fef4887 100644 (file)
--- a/package/haproxy/haproxy.hash
+++ b/package/haproxy/haproxy.hash
@@ -1,5 +1,5 @@
-# From: http://www.haproxy.org/download/2.0/src/haproxy-2.0.5.tar.gz.sha256
-sha256 3f2e0d40af66dd6df1dc2f6055d3de106ba62836d77b4c2e497a82a4bdbc5422 haproxy-2.0.5.tar.gz
+# From: http://www.haproxy.org/download/2.0/src/haproxy-2.0.10.tar.gz.sha256
+sha256 1d38ab3dd45e930b209e922a360ee8c636103e21e5b5a2656d3795401316a4ea haproxy-2.0.10.tar.gz
 # Locally computed:
 sha256 0717ca51fceaa25ac9e5ccc62e0c727dcf27796057201fb5fded56a25ff6ca28        LICENSE
 sha256 5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a        doc/lgpl.txt

diff --git a/package/haproxy/haproxy.mk b/package/haproxy/haproxy.mk
index 9d0ef5710f1bfea29dbb3036bbc1d766045ac22c..9f6f2818ae6bef33ae5d3ed1cd51d452614d9ae4 100644 (file)
--- a/package/haproxy/haproxy.mk
+++ b/package/haproxy/haproxy.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 HAPROXY_VERSION_MAJOR = 2.0
-HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).5
+HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).10
 HAPROXY_SITE = http://www.haproxy.org/download/$(HAPROXY_VERSION_MAJOR)/src
 HAPROXY_LICENSE = GPL-2.0+ and LGPL-2.1+ with exceptions
 HAPROXY_LICENSE_FILES = LICENSE doc/lgpl.txt doc/gpl.txt