Accepting request 247385 from network:ha-clustering:Factory

1 OBS-URL: https://build.opensuse.org/request/show/247385 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=12
2014-09-06 10:18:08 +00:00 · 2014-09-06 10:18:08 +00:00 · 24c81ab094
commit 24c81ab094
parent 9340af713f
9 changed files with 30 additions and 288 deletions
--- a/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
+++ b/0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
@ -1,42 +0,0 @@
 From ad65af7dab9b8d8033fd09d8031cc774a6fbf768 Mon Sep 17 00:00:00 2001
 From: Godbach <nylzhaowei@gmail.com>
 Date: Mon, 28 Jul 2014 17:31:57 +0800
 Subject: [PATCH 1/5] BUG/MINOR: server: move the directive #endif to the end
 of file
 If a source file includes proto/server.h twice or more, redefinition errors will
 be triggered for such inline functions as server_throttle_rate(),
 server_is_draining(), srv_adm_set_maint() and so on. Just move #endif directive
 to the end of file to solve this issue.
 Signed-off-by: Godbach <nylzhaowei@gmail.com>
 (cherry picked from commit e468d55998e134dac1b18d5d9d075ffd5691c827)
 ---
 include/proto/server.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/include/proto/server.h b/include/proto/server.h
 index 9893266..71c8b13 100644
 --- a/include/proto/server.h
 +++ b/include/proto/server.h
@@ -54,8 +54,6 @@ static void inline srv_set_sess_last(struct server *s)
 	s->counters.last_sess = now.tv_sec;
 }
 -#endif /* _PROTO_SERVER_H */
 -
 /*
  * Registers the server keyword list <kwl> as a list of valid keywords for next
  * parsing sessions.
@@ -200,6 +198,8 @@ static inline void srv_adm_set_ready(struct server *s)
 	srv_clr_admin_flag(s, SRV_ADMF_FMAINT);
 }
 +#endif /* _PROTO_SERVER_H */
 +
 /*
  * Local variables:
  *  c-indent-level: 8
 -- 
 1.8.4.5
--- a/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
+++ b/0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
@ -1,42 +0,0 @@
 From 715e9b892f564e58489f86c125aed2a8994f16e9 Mon Sep 17 00:00:00 2001
 From: Conrad Hoffmann <conrad@soundcloud.com>
 Date: Mon, 28 Jul 2014 23:22:43 +0200
 Subject: [PATCH 2/5] BUG/MINOR: Fix search for -p argument in systemd wrapper.
 Searching for the pid file in the list of arguments did not
 take flags without parameters into account, like e.g. -de. Because
 of this, the wrapper would use a different pid file than haproxy
 if such an argument was specified before -p.
 The new version can still yield a false positive for some crazy
 situations, like your config file name starting with "-p", but
 I think this is as good as it gets without using getopt or some
 library.
 Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
 (cherry picked from commit eb2cf45b72a7e14c581276247381dc1ac76be2c0)
 ---
 src/haproxy-systemd-wrapper.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)
 diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
 index ba07ebe..529b213 100644
 --- a/src/haproxy-systemd-wrapper.c
 +++ b/src/haproxy-systemd-wrapper.c
@@ -130,11 +130,8 @@ static void sigint_handler(int signum __attribute__((unused)))
 static void init(int argc, char **argv)
 {
 	while (argc > 1) {
 -		if (**argv == '-') {
 -			char *flag = *argv + 1;
 -			--argc; ++argv;
 -			if (*flag == 'p')
 -				pid_file = *argv;
 +		if ((*argv)[0] == '-' && (*argv)[1] == 'p') {
 +			pid_file = *(argv + 1);
 		}
 		--argc; ++argv;
 	}
 -- 
 1.8.4.5
--- a/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
+++ b/0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
@ -1,111 +0,0 @@
 From f94735eb76e634d7531f9c903113f64820c4cec0 Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Wed, 30 Jul 2014 08:56:35 +0200
 Subject: [PATCH 3/5] BUG/MAJOR: tcp: fix a possible busy spinning loop in
 content track-sc*
 As a consequence of various recent changes on the sample conversion,
 a corner case has emerged where it is possible to wait forever for a
 sample in track-sc*.
 The issue is caused by the fact that functions relying on sample_process()
 don't all exactly work the same regarding the SMP_F_MAY_CHANGE flag and
 the output result. Here it was possible to wait forever for an output
 sample from stktable_fetch_key() without checking the SMP_OPT_FINAL flag.
 As a result, if the client connects and closes without sending the data
 and haproxy expects a sample which is capable of coming, it will ignore
 this impossible case and will continue to wait.
 This change adds control for SMP_OPT_FINAL before waiting for extra data.
 The various relevant functions have been better documented regarding their
 output values.
 This fix must be backported to 1.5 since it appeared there.
 (cherry picked from commit 6bcb0a84e7256f00793fa8ec8a0d6c19c3b22935)
 ---
 src/proto_tcp.c   |  4 ++--
 src/sample.c      | 23 ++++++++++++++++++++++-
 src/stick_table.c | 11 ++++++++++-
 3 files changed, 34 insertions(+), 4 deletions(-)
 diff --git a/src/proto_tcp.c b/src/proto_tcp.c
 index 9778856..72dc92b 100644
 --- a/src/proto_tcp.c
 +++ b/src/proto_tcp.c
@@ -1048,8 +1048,8 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit)
 				t = rule->act_prm.trk_ctr.table.t;
 				key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp);
 -				if (smp.flags & SMP_F_MAY_CHANGE)
 -					goto missing_data;
 +				if ((smp.flags & SMP_F_MAY_CHANGE) && !(partial & SMP_OPT_FINAL))
 +					goto missing_data; /* key might appear later */
 				if (key && (ts = stktable_get_entry(t, key))) {
 					session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
 diff --git a/src/sample.c b/src/sample.c
 index 3a0f3fb..8e62640 100644
 --- a/src/sample.c
 +++ b/src/sample.c
@@ -896,6 +896,18 @@ out_error:
  * Note: the fetch functions are required to properly set the return type. The
  * conversion functions must do so too. However the cast functions do not need
  * to since they're made to cast mutiple types according to what is required.
 + *
 + * The caller may indicate in <opt> if it considers the result final or not.
 + * The caller needs to check the SMP_F_MAY_CHANGE flag in p->flags to verify
 + * if the result is stable or not, according to the following table :
 + *
 + * return MAY_CHANGE FINAL   Meaning for the sample
 + *  NULL      0        *     Not present and will never be (eg: header)
 + *  NULL      1        0     Not present yet, could change (eg: POST param)
 + *  NULL      1        1     Not present yet, will not change anymore
 + *   smp      0        *     Present and will not change (eg: header)
 + *   smp      1        0     Present, may change (eg: request length)
 + *   smp      1        1     Present, last known value (eg: request length)
  */
 struct sample *sample_process(struct proxy *px, struct session *l4, void *l7,
                               unsigned int opt,
@@ -1153,7 +1165,16 @@ int smp_resolve_args(struct proxy *p)
  * and <opt> does not contain SMP_OPT_FINAL, then the sample is returned as-is
  * with its SMP_F_MAY_CHANGE flag so that the caller can check it and decide to
  * take actions (eg: wait longer). If a sample could not be found or could not
 - * be converted, NULL is returned.
 + * be converted, NULL is returned. The caller MUST NOT use the sample if the
 + * SMP_F_MAY_CHANGE flag is present, as it is used only as a hint that there is
 + * still hope to get it after waiting longer, and is not converted to string.
 + * The possible output combinations are the following :
 + *
 + * return MAY_CHANGE FINAL   Meaning for the sample
 + *  NULL      *        *     Not present and will never be (eg: header)
 + *   smp      0        *     Final value converted (eg: header)
 + *   smp      1        0     Not present yet, may appear later (eg: header)
 + *   smp      1        1     never happens (either flag is cleared on output)
  */
 struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l7,
                                    unsigned int opt, struct sample_expr *expr)
 diff --git a/src/stick_table.c b/src/stick_table.c
 index a708d3c..d39b4ff 100644
 --- a/src/stick_table.c
 +++ b/src/stick_table.c
@@ -603,7 +603,16 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = {
  * no key could be extracted, or a pointer to the converted result stored in
  * static_table_key in format <table_type>. If <smp> is not NULL, it will be reset
  * and its flags will be initialized so that the caller gets a copy of the input
 - * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present).
 + * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present
 + * without SMP_OPT_FINAL). The output will be usable like this :
 + *
 + * return MAY_CHANGE FINAL   Meaning for the sample
 + *  NULL      0        *     Not present and will never be (eg: header)
 + *  NULL      1        0     Not present or unstable, could change (eg: req_len)
 + *  NULL      1        1     Not present, will not change anymore
 + *   smp      0        *     Present and will not change (eg: header)
 + *   smp      1        0     not possible
 + *   smp      1        1     Present, last known value (eg: request length)
  */
 struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7,
                                         unsigned int opt, struct sample_expr *expr, struct sample *smp)
 -- 
 1.8.4.5
--- a/0004-BUG-config-error-in-http-response-replace-header-num.patch
+++ b/0004-BUG-config-error-in-http-response-replace-header-num.patch
@ -1,34 +0,0 @@
 From a772b945d757c25037ac58de64ccc27ceeb4b4a7 Mon Sep 17 00:00:00 2001
 From: Baptiste Assmann <bedis9@gmail.com>
 Date: Fri, 8 Aug 2014 17:29:06 +0200
 Subject: [PATCH 4/5] BUG: config: error in http-response replace-header number
 of arguments
 A couple of typo fixed in 'http-response replace-header':
 - an error when counting the number of arguments
 - a typo in the alert message
 This should be backported to 1.5.
 (cherry picked from commit 12cb00b216d67468b7c4bd84abedcb4ecd1a32bc)
 ---
 src/proto_http.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/proto_http.c b/src/proto_http.c
 index b7ed85d..2b75b32 100644
 --- a/src/proto_http.c
 +++ b/src/proto_http.c
@@ -9281,8 +9281,8 @@ struct http_res_rule *parse_http_res_cond(const char **args, const char *file, i
 		cur_arg = 1;
 		if (!*args[cur_arg] || !*args[cur_arg+1] || !*args[cur_arg+2] ||
 -		    (*args[cur_arg+3] && strcmp(args[cur_arg+2], "if") != 0 && strcmp(args[cur_arg+2], "unless") != 0)) {
 -			Alert("parsing [%s:%d]: 'http-request %s' expects exactly 3 arguments.\n",
 +		    (*args[cur_arg+3] && strcmp(args[cur_arg+3], "if") != 0 && strcmp(args[cur_arg+3], "unless") != 0)) {
 +			Alert("parsing [%s:%d]: 'http-response %s' expects exactly 3 arguments.\n",
 			      file, linenum, args[0]);
 			goto out_err;
 		}
 -- 
 1.8.4.5
--- a/0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
+++ b/0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
@ -1,45 +0,0 @@
 From fc566b541e4c67cfbd8d6b40b627ce27dfc8a7cb Mon Sep 17 00:00:00 2001
 From: Thierry FOURNIER <tfournier@exceliance.fr>
 Date: Fri, 22 Aug 2014 06:55:26 +0200
 Subject: [PATCH 5/5] BUG/MEDIUM: http: tarpit timeout is reset
 Before the commit bbba2a8ecc35daf99317aaff7015c1931779c33b
 (1.5-dev24-8), the tarpit section set timeout and return, after this
 commit, the tarpit section set the timeout, and go to the "done" label
 which reset the timeout.
 Thanks Bryan Talbot for the bug report and analysis.
 This should be backported in 1.5.
 (cherry picked from commit 7566e30477bf5ea4206bda5950d2d83108c4a3dc)
 ---
 src/proto_http.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 diff --git a/src/proto_http.c b/src/proto_http.c
 index 2b75b32..bebc8bf 100644
 --- a/src/proto_http.c
 +++ b/src/proto_http.c
@@ -4117,8 +4117,9 @@ int http_process_req_common(struct session *s, struct channel *req, int an_bit,
  done:	/* done with this analyser, continue with next ones that the calling
 	 * points will have set, if any.
 	 */
 -	req->analysers &= ~an_bit;
 	req->analyse_exp = TICK_ETERNITY;
 + done_without_exp: /* done with this analyser, but dont reset the analyse_exp. */
 +	req->analysers &= ~an_bit;
 	return 1;
  tarpit:
@@ -4144,7 +4145,7 @@ int http_process_req_common(struct session *s, struct channel *req, int an_bit,
 		s->be->be_counters.denied_req++;
 	if (s->listener->counters)
 		s->listener->counters->denied_req++;
 -	goto done;
 +	goto done_without_exp;
  deny:	/* this request was blocked (denied) */
 	txn->flags |= TX_CLDENY;
 -- 
 1.8.4.5
--- a/haproxy-1.5.3.tar.gz
+++ b/haproxy-1.5.3.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:0dad3680e0c3592a165781e1cc9b0d5cc88d8eaa8ebf59719c9bd62bb9c1cd9e
 size 1335245
--- a/haproxy-1.5.4.tar.gz
+++ b/haproxy-1.5.4.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:75056ca5b9121b193d383ba4ebc6e5a3782c537a7499db80fce8d6d5fd265e10
 size 1336140
--- a/haproxy.changes
+++ b/haproxy.changes
@ -1,3 +1,29 @@
 -------------------------------------------------------------------
 Wed Sep  3 07:35:14 UTC 2014 - kgronlund@suse.com
 - update to 1.5.4
  - BUG: config: error in http-response replace-header number of arguments
  - BUG/MINOR: Fix search for -p argument in systemd wrapper.
  - BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
  - BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
  - MEDIUM: connection: add new bit in Proxy Protocol V2
  - BUG/MINOR: server: move the directive #endif to the end of file
  - BUG/MEDIUM: http: tarpit timeout is reset
  - BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
  - BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
  - BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
  - BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
  - BUG/MEDIUM: acl: correctly compute the output type when a converter is used
  - CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
  - BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
 - Dropped patches:
  - 0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
  - 0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
  - 0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
  - 0004-BUG-config-error-in-http-response-replace-header-num.patch
  - 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
 -------------------------------------------------------------------
 Fri Aug 22 14:38:59 UTC 2014 - mrueckert@suse.de
--- a/haproxy.spec
+++ b/haproxy.spec
@ -33,7 +33,7 @@
 %bcond_without  apparmor
 Name:           haproxy
-Version:        1.5.3
+Version:        1.5.4
 Release:        0
 #
 #
@ -61,11 +61,6 @@ Patch1:         haproxy-1.2.16_config_haproxy_user.patch
 Patch2:         haproxy-makefile_lib.patch
 Patch3:         sec-options.patch
 Patch4:         haproxy-1.5_check_config_before_start.patch
 Patch5:         0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
 Patch6:         0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
 Patch7:         0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
 Patch8:         0004-BUG-config-error-in-http-response-replace-header-num.patch
 Patch9:         0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
 Source99:       haproxy-rpmlintrc
 #
 Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
@ -99,11 +94,6 @@ the most work done from every CPU cycle.
 %patch2
 %patch3
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %build
 %{__make} \