Update to net/haproxy 3.2.21 released today.
 
Fixed bugs:
 - one MAJOR
 - few MEDIUM/MINOR
 
Changelog: https://www.haproxy.org/download/3.2/src/CHANGELOG

# CVE
As it has been declared as MINOR and didn't show up on the security
blog, i didn't spot that 3.2.20 (released on June 26th) included a
fix for CVE-2026-55204 rated 8.7, see

https://www.haproxy.com/blog/june-2026-cve-2026-55204-null-pointer-dereference-in-haproxys-hpack-header-handling

According to the haproxy team, risk for a potential attack is low
(that's why MINOR), but better update of course.

Running fine on multiple systems.


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/haproxy/Makefile,v
retrieving revision 1.136
diff -u -p -r1.136 Makefile
--- Makefile    14 May 2026 10:19:03 -0000      1.136
+++ Makefile    3 Jul 2026 09:56:52 -0000
@@ -1,6 +1,6 @@
 COMMENT =      reliable, high performance TCP/HTTP load balancer
 
-DISTNAME =     haproxy-3.2.19
+DISTNAME =     haproxy-3.2.21
 CATEGORIES =   net www
 HOMEPAGE =     https://www.haproxy.org/
 MAINTAINER =   Lucas Gabriel Vuotto <[email protected]>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/haproxy/distinfo,v
retrieving revision 1.95
diff -u -p -r1.95 distinfo
--- distinfo    14 May 2026 10:19:03 -0000      1.95
+++ distinfo    3 Jul 2026 09:56:52 -0000
@@ -1,2 +1,2 @@
-SHA256 (haproxy-3.2.19.tar.gz) = sI671X9XUBLkpetbdychUx+6z2kT/9M08CgXNqGteLY=
-SIZE (haproxy-3.2.19.tar.gz) = 5152214
+SHA256 (haproxy-3.2.21.tar.gz) = DLiBiibF+IjgyxxA8bOsufuVJSfRcz92nOaI/t1oAzk=
+SIZE (haproxy-3.2.21.tar.gz) = 5159225
 


--
Mark Patruck ( mark at wrapped.cx )
GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74  F644 0D3C F66F F286 5E51
 
https://www.wrapped.cx

Reply via email to