Revert CVE-2021-40346 workaround. Issue #12354

net/pfSense-pkg-haproxy-devel/Makefile

@@ -2,7 +2,7 @@
 
 PORTNAME=	pfSense-pkg-haproxy-devel
 PORTVERSION=	0.62
-PORTREVISION=	9
+PORTREVISION=	10
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty

net/pfSense-pkg-haproxy-devel/files/usr/local/pkg/haproxy/haproxy.inc

@@ -2177,11 +2177,6 @@ function haproxy_writeconf($configpath) {
 			}
 
 			fwrite ($fd, $config_actions);
-			// CVE-2021-40346 workaround
-			if ($backend_type == 'http') {
-				fwrite ($fd, "\thttp-request  deny if { req.hdr_cnt(content-length) gt 1 }\n");
-				fwrite ($fd, "\thttp-response deny if { res.hdr_cnt(content-length) gt 1 }\n");
-			}
 			// Write backends after advanced options so custom use_backend rules can be applied first.
 			fwrite ($fd, $config_usebackends);
 			fwrite ($fd, $config_usedefaultbackends);

net/pfSense-pkg-haproxy/Makefile

@@ -2,7 +2,7 @@
 
 PORTNAME=	pfSense-pkg-haproxy
 PORTVERSION=	0.61
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty

net/pfSense-pkg-haproxy/files/usr/local/pkg/haproxy/haproxy.inc

@@ -2078,11 +2078,6 @@ function haproxy_writeconf($configpath) {
 			}
 
 			fwrite ($fd, $config_actions);
-			// CVE-2021-40346 workaround
-			if ($backend_type == 'http') {
-				fwrite ($fd, "\thttp-request  deny if { req.hdr_cnt(content-length) gt 1 }\n");
-				fwrite ($fd, "\thttp-response deny if { res.hdr_cnt(content-length) gt 1 }\n");
-			}
 			// Write backends after advanced options so custom use_backend rules can be applied first.
 			fwrite ($fd, $config_usebackends);
 			fwrite ($fd, $config_usedefaultbackends);