diff --git a/0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch b/0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch deleted file mode 100644 index 3c6912a..0000000 --- a/0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 184422d39df1aa27e6ef4c1ae75177489147ec99 Mon Sep 17 00:00:00 2001 -From: Arcadiy Ivanov -Date: Tue, 4 Nov 2014 07:06:13 -0500 -Subject: [PATCH 1/6] BUILD: fix "make install" to support spaces in the - install dirs - -Makefile is unable to install into directories containing spaces. -(cherry picked from commit 3785311e64792787de78370fa126fd806734f7fe) ---- - Makefile | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/Makefile b/Makefile -index 707037b..9556069 100644 ---- a/Makefile -+++ b/Makefile -@@ -710,19 +710,19 @@ src/dlmalloc.o: $(DLMALLOC_SRC) - $(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $< - - install-man: -- install -d $(DESTDIR)$(MANDIR)/man1 -- install -m 644 doc/haproxy.1 $(DESTDIR)$(MANDIR)/man1 -+ install -d "$(DESTDIR)$(MANDIR)"/man1 -+ install -m 644 doc/haproxy.1 "$(DESTDIR)$(MANDIR)"/man1 - - install-doc: -- install -d $(DESTDIR)$(DOCDIR) -+ install -d "$(DESTDIR)$(DOCDIR)" - for x in configuration architecture haproxy-en haproxy-fr; do \ -- install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \ -+ install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \ - done - - install-bin: haproxy haproxy-systemd-wrapper -- install -d $(DESTDIR)$(SBINDIR) -- install haproxy $(DESTDIR)$(SBINDIR) -- install haproxy-systemd-wrapper $(DESTDIR)$(SBINDIR) -+ install -d "$(DESTDIR)$(SBINDIR)" -+ install haproxy "$(DESTDIR)$(SBINDIR)" -+ install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)" - - install: install-bin install-man install-doc - --- -2.1.3 - diff --git a/0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch b/0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch deleted file mode 100644 index 98d6080..0000000 --- a/0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 90951497008967f10ba8f9927b53c6e6bc138540 Mon Sep 17 00:00:00 2001 -From: Emeric Brun -Date: Wed, 12 Nov 2014 17:35:37 +0100 -Subject: [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause - segfault in case of OOM. - -Some SSL context's init functions errors were not handled and -can cause a segfault due to an incomplete SSL context -initialization. - -This fix must be backported to 1.5. -(cherry picked from commit 5547615cdac377797ae351a2e024376dbf6d6963) ---- - src/ssl_sock.c | 52 ++++++++++++++++++++++++++++++++++++++-------------- - 1 file changed, 38 insertions(+), 14 deletions(-) - -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index f8bfbe7..620609f 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -2040,15 +2040,29 @@ static int ssl_sock_init(struct connection *conn) - return -1; - } - -+ /* set fd on SSL session context */ -+ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { -+ SSL_free(conn->xprt_ctx); -+ conn->xprt_ctx = NULL; -+ conn->err_code = CO_ER_SSL_NO_MEM; -+ return -1; -+ } -+ -+ /* set connection pointer */ -+ if (!SSL_set_app_data(conn->xprt_ctx, conn)) { -+ SSL_free(conn->xprt_ctx); -+ conn->xprt_ctx = NULL; -+ conn->err_code = CO_ER_SSL_NO_MEM; -+ return -1; -+ } -+ - SSL_set_connect_state(conn->xprt_ctx); -- if (objt_server(conn->target)->ssl_ctx.reused_sess) -- SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess); -- -- /* set fd on SSL session context */ -- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); -- -- /* set connection pointer */ -- SSL_set_app_data(conn->xprt_ctx, conn); -+ if (objt_server(conn->target)->ssl_ctx.reused_sess) { -+ if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) { -+ SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess); -+ objt_server(conn->target)->ssl_ctx.reused_sess = NULL; -+ } -+ } - - /* leave init state and start handshake */ - conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; -@@ -2065,14 +2079,24 @@ static int ssl_sock_init(struct connection *conn) - return -1; - } - -+ /* set fd on SSL session context */ -+ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { -+ SSL_free(conn->xprt_ctx); -+ conn->xprt_ctx = NULL; -+ conn->err_code = CO_ER_SSL_NO_MEM; -+ return -1; -+ } -+ -+ /* set connection pointer */ -+ if (!SSL_set_app_data(conn->xprt_ctx, conn)) { -+ SSL_free(conn->xprt_ctx); -+ conn->xprt_ctx = NULL; -+ conn->err_code = CO_ER_SSL_NO_MEM; -+ return -1; -+ } -+ - SSL_set_accept_state(conn->xprt_ctx); - -- /* set fd on SSL session context */ -- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); -- -- /* set connection pointer */ -- SSL_set_app_data(conn->xprt_ctx, conn); -- - /* leave init state and start handshake */ - conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; - --- -2.1.3 - diff --git a/0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch b/0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch deleted file mode 100644 index f23139d..0000000 --- a/0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 9bcc01ae25985dd540080f43b160beab1f1a2bc6 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Thu, 13 Nov 2014 13:48:58 +0100 -Subject: [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory - shortage - -When memory becomes scarce and openssl refuses to allocate a new SSL -session, it is worth freeing the pools and trying again instead of -rejecting all incoming SSL connection. This can happen when some -memory usage limits have been assigned to the haproxy process using --m or with ulimit -m/-v. - -This is mostly an enhancement of previous fix and is worth backporting -to 1.5. -(cherry picked from commit fba03cdc5ac6e3ca318b34915596cbc0a0dacc55) ---- - src/ssl_sock.c | 30 ++++++++++++++++++++++++++++++ - 1 file changed, 30 insertions(+) - -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index 620609f..f50efe5 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -2033,9 +2033,16 @@ static int ssl_sock_init(struct connection *conn) - /* If it is in client mode initiate SSL session - in connect state otherwise accept state */ - if (objt_server(conn->target)) { -+ int may_retry = 1; -+ -+ retry_connect: - /* Alloc a new SSL session ctx */ - conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx); - if (!conn->xprt_ctx) { -+ if (may_retry--) { -+ pool_gc2(); -+ goto retry_connect; -+ } - conn->err_code = CO_ER_SSL_NO_MEM; - return -1; - } -@@ -2044,6 +2051,10 @@ static int ssl_sock_init(struct connection *conn) - if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { - SSL_free(conn->xprt_ctx); - conn->xprt_ctx = NULL; -+ if (may_retry--) { -+ pool_gc2(); -+ goto retry_connect; -+ } - conn->err_code = CO_ER_SSL_NO_MEM; - return -1; - } -@@ -2052,6 +2063,10 @@ static int ssl_sock_init(struct connection *conn) - if (!SSL_set_app_data(conn->xprt_ctx, conn)) { - SSL_free(conn->xprt_ctx); - conn->xprt_ctx = NULL; -+ if (may_retry--) { -+ pool_gc2(); -+ goto retry_connect; -+ } - conn->err_code = CO_ER_SSL_NO_MEM; - return -1; - } -@@ -2072,9 +2087,16 @@ static int ssl_sock_init(struct connection *conn) - return 0; - } - else if (objt_listener(conn->target)) { -+ int may_retry = 1; -+ -+ retry_accept: - /* Alloc a new SSL session ctx */ - conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->default_ctx); - if (!conn->xprt_ctx) { -+ if (may_retry--) { -+ pool_gc2(); -+ goto retry_accept; -+ } - conn->err_code = CO_ER_SSL_NO_MEM; - return -1; - } -@@ -2083,6 +2105,10 @@ static int ssl_sock_init(struct connection *conn) - if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { - SSL_free(conn->xprt_ctx); - conn->xprt_ctx = NULL; -+ if (may_retry--) { -+ pool_gc2(); -+ goto retry_accept; -+ } - conn->err_code = CO_ER_SSL_NO_MEM; - return -1; - } -@@ -2091,6 +2117,10 @@ static int ssl_sock_init(struct connection *conn) - if (!SSL_set_app_data(conn->xprt_ctx, conn)) { - SSL_free(conn->xprt_ctx); - conn->xprt_ctx = NULL; -+ if (may_retry--) { -+ pool_gc2(); -+ goto retry_accept; -+ } - conn->err_code = CO_ER_SSL_NO_MEM; - return -1; - } --- -2.1.3 - diff --git a/0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch b/0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch deleted file mode 100644 index 0f90e16..0000000 --- a/0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 1f96a87c4e1412ccdc6cfe81bfd6f20a1782886a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cyril=20Bont=C3=A9?= -Date: Sat, 15 Nov 2014 22:41:27 +0100 -Subject: [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks - and ssl healthchecks - -Lasse Birnbaum Jensen reported an issue when agent checks are used at the same -time as standard healthchecks when SSL is enabled on the server side. - -The symptom is that agent checks try to communicate in SSL while it should -manage raw data. This happens because the transport layer is shared between all -kind of checks. - -To fix the issue, the transport layer is now stored in each check type, -allowing to use SSL healthchecks when required, while an agent check should -always use the raw_sock implementation. - -The fix must be backported to 1.5. -(cherry picked from commit 9ce1311ebc834e20addc7a8392c0fc4e4ad687b7) ---- - include/types/checks.h | 3 ++- - include/types/server.h | 1 - - src/checks.c | 2 +- - src/server.c | 2 +- - src/ssl_sock.c | 2 +- - 5 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/include/types/checks.h b/include/types/checks.h -index a50043b..42b7b07 100644 ---- a/include/types/checks.h -+++ b/include/types/checks.h -@@ -125,6 +125,7 @@ enum { - }; - - struct check { -+ struct xprt_ops *xprt; /* transport layer operations for health checks */ - struct connection *conn; /* connection state for health checks */ - unsigned short port; /* the port to use for the health checks */ - struct buffer *bi, *bo; /* input and output buffers to send/recv check */ -@@ -132,7 +133,7 @@ struct check { - struct timeval start; /* last health check start time */ - long duration; /* time in ms took to finish last health check */ - short status, code; /* check result, check code */ -- char desc[HCHK_DESC_LEN]; /* health check descritpion */ -+ char desc[HCHK_DESC_LEN]; /* health check description */ - int use_ssl; /* use SSL for health checks */ - int send_proxy; /* send a PROXY protocol header with checks */ - struct tcpcheck_rule *current_step; /* current step when using tcpcheck */ -diff --git a/include/types/server.h b/include/types/server.h -index 313f58d..c419b40 100644 ---- a/include/types/server.h -+++ b/include/types/server.h -@@ -194,7 +194,6 @@ struct server { - - struct { /* configuration used by health-check and agent-check */ - struct protocol *proto; /* server address protocol for health checks */ -- struct xprt_ops *xprt; /* transport layer operations for health checks */ - struct sockaddr_storage addr; /* the address to check, if different from */ - } check_common; - -diff --git a/src/checks.c b/src/checks.c -index 5318f35..84bf0e5 100644 ---- a/src/checks.c -+++ b/src/checks.c -@@ -1413,7 +1413,7 @@ static int connect_chk(struct task *t) - - /* prepare a new connection */ - conn_init(conn); -- conn_prepare(conn, s->check_common.proto, s->check_common.xprt); -+ conn_prepare(conn, s->check_common.proto, check->xprt); - conn_attach(conn, check, &check_conn_cb); - conn->target = &s->obj_type; - -diff --git a/src/server.c b/src/server.c -index fdb63cc..94a31b6 100644 ---- a/src/server.c -+++ b/src/server.c -@@ -929,7 +929,7 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr - - newsrv->addr = *sk; - newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family); -- newsrv->xprt = newsrv->check_common.xprt = &raw_sock; -+ newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock; - - if (!newsrv->proto) { - Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n", -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index f50efe5..b73d6f9 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -1812,7 +1812,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) - if (srv->use_ssl) - srv->xprt = &ssl_sock; - if (srv->check.use_ssl) -- srv->check_common.xprt = &ssl_sock; -+ srv->check.xprt = &ssl_sock; - - srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method()); - if (!srv->ssl_ctx.ctx) { --- -2.1.3 - diff --git a/0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch b/0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch deleted file mode 100644 index 2f15b23..0000000 --- a/0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch +++ /dev/null @@ -1,42 +0,0 @@ -From cac307c020db7a938b73d4fef27a3b4ad2ecdf6a Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Tue, 18 Nov 2014 15:04:29 +0100 -Subject: [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance - algorithm in frontends - -Tom Limoncelli from Stack Exchange reported a minor bug : the frontend -inherits the LB parameters from the defaults sections. The impact is -that if a "balance" directive uses any L7 parameter in the defaults -sections and the frontend is in TCP mode, a warning is emitted about -their incompatibility. The warning is harmless but a valid, sane config -should never cause any warning to be reported. - -This fix should be backported into 1.5 and possibly 1.4. -(cherry picked from commit 743c128580ee29c8f073b4a29771a5ce715f3721) ---- - src/cfgparse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/cfgparse.c b/src/cfgparse.c -index 392a692..40d20ab 100644 ---- a/src/cfgparse.c -+++ b/src/cfgparse.c -@@ -2003,7 +2003,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) - curproxy->no_options = defproxy.no_options; - curproxy->no_options2 = defproxy.no_options2; - curproxy->bind_proc = defproxy.bind_proc; -- curproxy->lbprm.algo = defproxy.lbprm.algo; - curproxy->except_net = defproxy.except_net; - curproxy->except_mask = defproxy.except_mask; - curproxy->except_to = defproxy.except_to; -@@ -2037,6 +2036,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) - } - - if (curproxy->cap & PR_CAP_BE) { -+ curproxy->lbprm.algo = defproxy.lbprm.algo; - curproxy->fullconn = defproxy.fullconn; - curproxy->conn_retries = defproxy.conn_retries; - curproxy->max_ka_queue = defproxy.max_ka_queue; --- -2.1.3 - diff --git a/0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch b/0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch deleted file mode 100644 index f3d638b..0000000 --- a/0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 8ba50128832bb31e95f06fe4cb2bd172f2b945fe Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Tue, 18 Nov 2014 18:49:19 +0100 -Subject: [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier - -Denys Fedoryshchenko reported and diagnosed a nasty bug caused by TCP -captures, introduced in late 1.5-dev by commit 18bf01e ("MEDIUM: tcp: -add a new tcp-request capture directive"). The problem is that we're -using the array of capture pointers initially designed for HTTP usage -only, and that this array was only reset when starting to process an -HTTP request. In a tcp-only frontend, the pointers are not reset, and -if the capture pool is shared, we can very well point to whatever other -memory location, resulting in random crashes when tcp-request content -captures are processed. - -The fix simply consists in initializing these pointers when the pools -are prepared. - -A workaround for existing versions consists in either disabling TCP -captures in tcp-only frontends, or in forcing the frontends to work in -HTTP mode. - -Thanks to Denys for the amount of testing and detailed reports. - -This fix must be backported to 1.5. -(cherry picked from commit 9654e57fac86c773091b892f42015ba2ba56be5a) ---- - src/frontend.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/frontend.c b/src/frontend.c -index 3f80774..2928047 100644 ---- a/src/frontend.c -+++ b/src/frontend.c -@@ -106,11 +106,17 @@ int frontend_accept(struct session *s) - if (global.tune.client_rcvbuf) - setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf)); - -- if (unlikely(s->fe->nb_req_cap > 0 && (s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL)) -- goto out_return; /* no memory */ -+ if (unlikely(s->fe->nb_req_cap > 0)) { -+ if ((s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL) -+ goto out_return; /* no memory */ -+ memset(s->txn.req.cap, 0, s->fe->nb_req_cap * sizeof(void *)); -+ } - -- if (unlikely(s->fe->nb_rsp_cap > 0 && (s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL)) -- goto out_free_reqcap; /* no memory */ -+ if (unlikely(s->fe->nb_rsp_cap > 0)) { -+ if ((s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL) -+ goto out_free_reqcap; /* no memory */ -+ memset(s->txn.rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *)); -+ } - - if (s->fe->http_needed) { - /* we have to allocate header indexes only if we know --- -2.1.3 - diff --git a/haproxy-1.5.8.tar.gz b/haproxy-1.5.8.tar.gz deleted file mode 100644 index 14339a9..0000000 --- a/haproxy-1.5.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:db54b3cf08e530fdd5b67100153bb88293e8d6e179e7aa837412d8ea36a03539 -size 1338741 diff --git a/haproxy-1.5.9.tar.gz b/haproxy-1.5.9.tar.gz new file mode 100644 index 0000000..3a2de9d --- /dev/null +++ b/haproxy-1.5.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5f51aa8e20a8a3a11be16bd5f5ef382a5e95526803a89182fe1c15a428564722 +size 1339917 diff --git a/haproxy.changes b/haproxy.changes index 6b875bc..b4bb0c4 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de + +- update to 1.5.9 + - BUILD: fix "make install" to support spaces in the install dirs + - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl + healthchecks + - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in + case of OOM. + - BUG/MINOR: samples: fix unnecessary memcopy converting binary + to string. + - BUG/MEDIUM: connection: sanitize PPv2 header length before + parsing address information + - BUG/MEDIUM: pattern: don't load more than once a pattern list. + - BUG/MEDIUM: ssl: force a full GC in case of memory shortage + - BUG/MINOR: config: don't inherit the default balance algorithm + in frontends + - BUG/MAJOR: frontend: initialize capture pointers earlier + - BUG/MINOR: stats: correctly set the request/response analysers + - DOC: fix typo in the body parser documentation for msg.sov + - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not + trash.size + - MINOR: sample: add a few basic internal fetches (nbproc, proc, + stopping) + - BUG/MAJOR: sessions: unlink session from list on out of memory +- Drop patches pulled from git + - 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch + - 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch + - 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch + - 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch + - 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch + - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch + ------------------------------------------------------------------- Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com diff --git a/haproxy.spec b/haproxy.spec index d0a4c0d..96ad973 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -33,7 +33,7 @@ %bcond_without apparmor Name: haproxy -Version: 1.5.8 +Version: 1.5.9 Release: 0 # # @@ -60,20 +60,6 @@ Source4: local.usr.sbin.haproxy.apparmor Patch1: haproxy-1.2.16_config_haproxy_user.patch Patch2: haproxy-makefile_lib.patch Patch3: sec-options.patch - -# PATCH-FIX-UPSTREAM BUILD: fix "make install" to support spaces in the install dirs -Patch4: 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch -# PATCH-FIX-UPSTREAM BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. -Patch5: 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch -# PATCH-FIX-UPSTREAM BUG/MEDIUM: ssl: force a full GC in case of memory shortage -Patch6: 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch -# PATCH-FIX-UPSTREAM BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks -Patch7: 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch -# PATCH-FIX-UPSTREAM BUG/MINOR: config: don't inherit the default balance algorithm in frontends -Patch8: 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch -# PATCH-FIX-UPSTREAM BUG/MAJOR: frontend: initialize capture pointers earlier -Patch9: 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch - Source99: haproxy-rpmlintrc # Summary: The Reliable, High Performance TCP/HTTP Load Balancer @@ -107,13 +93,6 @@ the most work done from every CPU cycle. %patch2 %patch3 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 - %build %{__make} \ TARGET=linux26 \