forked from pool/haproxy
Accepting request 263108 from network:ha-clustering:Factory
1 OBS-URL: https://build.opensuse.org/request/show/263108 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=21
This commit is contained in:
parent
aa795aba83
commit
087642f75c
@ -1,46 +0,0 @@
|
||||
From 184422d39df1aa27e6ef4c1ae75177489147ec99 Mon Sep 17 00:00:00 2001
|
||||
From: Arcadiy Ivanov <arcadiy.ivanov@servicemesh.com>
|
||||
Date: Tue, 4 Nov 2014 07:06:13 -0500
|
||||
Subject: [PATCH 1/6] BUILD: fix "make install" to support spaces in the
|
||||
install dirs
|
||||
|
||||
Makefile is unable to install into directories containing spaces.
|
||||
(cherry picked from commit 3785311e64792787de78370fa126fd806734f7fe)
|
||||
---
|
||||
Makefile | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 707037b..9556069 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -710,19 +710,19 @@ src/dlmalloc.o: $(DLMALLOC_SRC)
|
||||
$(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $<
|
||||
|
||||
install-man:
|
||||
- install -d $(DESTDIR)$(MANDIR)/man1
|
||||
- install -m 644 doc/haproxy.1 $(DESTDIR)$(MANDIR)/man1
|
||||
+ install -d "$(DESTDIR)$(MANDIR)"/man1
|
||||
+ install -m 644 doc/haproxy.1 "$(DESTDIR)$(MANDIR)"/man1
|
||||
|
||||
install-doc:
|
||||
- install -d $(DESTDIR)$(DOCDIR)
|
||||
+ install -d "$(DESTDIR)$(DOCDIR)"
|
||||
for x in configuration architecture haproxy-en haproxy-fr; do \
|
||||
- install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \
|
||||
+ install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \
|
||||
done
|
||||
|
||||
install-bin: haproxy haproxy-systemd-wrapper
|
||||
- install -d $(DESTDIR)$(SBINDIR)
|
||||
- install haproxy $(DESTDIR)$(SBINDIR)
|
||||
- install haproxy-systemd-wrapper $(DESTDIR)$(SBINDIR)
|
||||
+ install -d "$(DESTDIR)$(SBINDIR)"
|
||||
+ install haproxy "$(DESTDIR)$(SBINDIR)"
|
||||
+ install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)"
|
||||
|
||||
install: install-bin install-man install-doc
|
||||
|
||||
--
|
||||
2.1.3
|
||||
|
@ -1,92 +0,0 @@
|
||||
From 90951497008967f10ba8f9927b53c6e6bc138540 Mon Sep 17 00:00:00 2001
|
||||
From: Emeric Brun <ebrun@haproxy.comw>
|
||||
Date: Wed, 12 Nov 2014 17:35:37 +0100
|
||||
Subject: [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause
|
||||
segfault in case of OOM.
|
||||
|
||||
Some SSL context's init functions errors were not handled and
|
||||
can cause a segfault due to an incomplete SSL context
|
||||
initialization.
|
||||
|
||||
This fix must be backported to 1.5.
|
||||
(cherry picked from commit 5547615cdac377797ae351a2e024376dbf6d6963)
|
||||
---
|
||||
src/ssl_sock.c | 52 ++++++++++++++++++++++++++++++++++++++--------------
|
||||
1 file changed, 38 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index f8bfbe7..620609f 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -2040,15 +2040,29 @@ static int ssl_sock_init(struct connection *conn)
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ /* set fd on SSL session context */
|
||||
+ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
|
||||
+ SSL_free(conn->xprt_ctx);
|
||||
+ conn->xprt_ctx = NULL;
|
||||
+ conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* set connection pointer */
|
||||
+ if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
|
||||
+ SSL_free(conn->xprt_ctx);
|
||||
+ conn->xprt_ctx = NULL;
|
||||
+ conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
SSL_set_connect_state(conn->xprt_ctx);
|
||||
- if (objt_server(conn->target)->ssl_ctx.reused_sess)
|
||||
- SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess);
|
||||
-
|
||||
- /* set fd on SSL session context */
|
||||
- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);
|
||||
-
|
||||
- /* set connection pointer */
|
||||
- SSL_set_app_data(conn->xprt_ctx, conn);
|
||||
+ if (objt_server(conn->target)->ssl_ctx.reused_sess) {
|
||||
+ if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) {
|
||||
+ SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);
|
||||
+ objt_server(conn->target)->ssl_ctx.reused_sess = NULL;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
/* leave init state and start handshake */
|
||||
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
|
||||
@@ -2065,14 +2079,24 @@ static int ssl_sock_init(struct connection *conn)
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ /* set fd on SSL session context */
|
||||
+ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
|
||||
+ SSL_free(conn->xprt_ctx);
|
||||
+ conn->xprt_ctx = NULL;
|
||||
+ conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* set connection pointer */
|
||||
+ if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
|
||||
+ SSL_free(conn->xprt_ctx);
|
||||
+ conn->xprt_ctx = NULL;
|
||||
+ conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
SSL_set_accept_state(conn->xprt_ctx);
|
||||
|
||||
- /* set fd on SSL session context */
|
||||
- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);
|
||||
-
|
||||
- /* set connection pointer */
|
||||
- SSL_set_app_data(conn->xprt_ctx, conn);
|
||||
-
|
||||
/* leave init state and start handshake */
|
||||
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
|
||||
|
||||
--
|
||||
2.1.3
|
||||
|
@ -1,104 +0,0 @@
|
||||
From 9bcc01ae25985dd540080f43b160beab1f1a2bc6 Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Thu, 13 Nov 2014 13:48:58 +0100
|
||||
Subject: [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory
|
||||
shortage
|
||||
|
||||
When memory becomes scarce and openssl refuses to allocate a new SSL
|
||||
session, it is worth freeing the pools and trying again instead of
|
||||
rejecting all incoming SSL connection. This can happen when some
|
||||
memory usage limits have been assigned to the haproxy process using
|
||||
-m or with ulimit -m/-v.
|
||||
|
||||
This is mostly an enhancement of previous fix and is worth backporting
|
||||
to 1.5.
|
||||
(cherry picked from commit fba03cdc5ac6e3ca318b34915596cbc0a0dacc55)
|
||||
---
|
||||
src/ssl_sock.c | 30 ++++++++++++++++++++++++++++++
|
||||
1 file changed, 30 insertions(+)
|
||||
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index 620609f..f50efe5 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -2033,9 +2033,16 @@ static int ssl_sock_init(struct connection *conn)
|
||||
/* If it is in client mode initiate SSL session
|
||||
in connect state otherwise accept state */
|
||||
if (objt_server(conn->target)) {
|
||||
+ int may_retry = 1;
|
||||
+
|
||||
+ retry_connect:
|
||||
/* Alloc a new SSL session ctx */
|
||||
conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
|
||||
if (!conn->xprt_ctx) {
|
||||
+ if (may_retry--) {
|
||||
+ pool_gc2();
|
||||
+ goto retry_connect;
|
||||
+ }
|
||||
conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
return -1;
|
||||
}
|
||||
@@ -2044,6 +2051,10 @@ static int ssl_sock_init(struct connection *conn)
|
||||
if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
|
||||
SSL_free(conn->xprt_ctx);
|
||||
conn->xprt_ctx = NULL;
|
||||
+ if (may_retry--) {
|
||||
+ pool_gc2();
|
||||
+ goto retry_connect;
|
||||
+ }
|
||||
conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
return -1;
|
||||
}
|
||||
@@ -2052,6 +2063,10 @@ static int ssl_sock_init(struct connection *conn)
|
||||
if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
|
||||
SSL_free(conn->xprt_ctx);
|
||||
conn->xprt_ctx = NULL;
|
||||
+ if (may_retry--) {
|
||||
+ pool_gc2();
|
||||
+ goto retry_connect;
|
||||
+ }
|
||||
conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
return -1;
|
||||
}
|
||||
@@ -2072,9 +2087,16 @@ static int ssl_sock_init(struct connection *conn)
|
||||
return 0;
|
||||
}
|
||||
else if (objt_listener(conn->target)) {
|
||||
+ int may_retry = 1;
|
||||
+
|
||||
+ retry_accept:
|
||||
/* Alloc a new SSL session ctx */
|
||||
conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->default_ctx);
|
||||
if (!conn->xprt_ctx) {
|
||||
+ if (may_retry--) {
|
||||
+ pool_gc2();
|
||||
+ goto retry_accept;
|
||||
+ }
|
||||
conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
return -1;
|
||||
}
|
||||
@@ -2083,6 +2105,10 @@ static int ssl_sock_init(struct connection *conn)
|
||||
if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
|
||||
SSL_free(conn->xprt_ctx);
|
||||
conn->xprt_ctx = NULL;
|
||||
+ if (may_retry--) {
|
||||
+ pool_gc2();
|
||||
+ goto retry_accept;
|
||||
+ }
|
||||
conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
return -1;
|
||||
}
|
||||
@@ -2091,6 +2117,10 @@ static int ssl_sock_init(struct connection *conn)
|
||||
if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
|
||||
SSL_free(conn->xprt_ctx);
|
||||
conn->xprt_ctx = NULL;
|
||||
+ if (may_retry--) {
|
||||
+ pool_gc2();
|
||||
+ goto retry_accept;
|
||||
+ }
|
||||
conn->err_code = CO_ER_SSL_NO_MEM;
|
||||
return -1;
|
||||
}
|
||||
--
|
||||
2.1.3
|
||||
|
@ -1,102 +0,0 @@
|
||||
From 1f96a87c4e1412ccdc6cfe81bfd6f20a1782886a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
|
||||
Date: Sat, 15 Nov 2014 22:41:27 +0100
|
||||
Subject: [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks
|
||||
and ssl healthchecks
|
||||
|
||||
Lasse Birnbaum Jensen reported an issue when agent checks are used at the same
|
||||
time as standard healthchecks when SSL is enabled on the server side.
|
||||
|
||||
The symptom is that agent checks try to communicate in SSL while it should
|
||||
manage raw data. This happens because the transport layer is shared between all
|
||||
kind of checks.
|
||||
|
||||
To fix the issue, the transport layer is now stored in each check type,
|
||||
allowing to use SSL healthchecks when required, while an agent check should
|
||||
always use the raw_sock implementation.
|
||||
|
||||
The fix must be backported to 1.5.
|
||||
(cherry picked from commit 9ce1311ebc834e20addc7a8392c0fc4e4ad687b7)
|
||||
---
|
||||
include/types/checks.h | 3 ++-
|
||||
include/types/server.h | 1 -
|
||||
src/checks.c | 2 +-
|
||||
src/server.c | 2 +-
|
||||
src/ssl_sock.c | 2 +-
|
||||
5 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/include/types/checks.h b/include/types/checks.h
|
||||
index a50043b..42b7b07 100644
|
||||
--- a/include/types/checks.h
|
||||
+++ b/include/types/checks.h
|
||||
@@ -125,6 +125,7 @@ enum {
|
||||
};
|
||||
|
||||
struct check {
|
||||
+ struct xprt_ops *xprt; /* transport layer operations for health checks */
|
||||
struct connection *conn; /* connection state for health checks */
|
||||
unsigned short port; /* the port to use for the health checks */
|
||||
struct buffer *bi, *bo; /* input and output buffers to send/recv check */
|
||||
@@ -132,7 +133,7 @@ struct check {
|
||||
struct timeval start; /* last health check start time */
|
||||
long duration; /* time in ms took to finish last health check */
|
||||
short status, code; /* check result, check code */
|
||||
- char desc[HCHK_DESC_LEN]; /* health check descritpion */
|
||||
+ char desc[HCHK_DESC_LEN]; /* health check description */
|
||||
int use_ssl; /* use SSL for health checks */
|
||||
int send_proxy; /* send a PROXY protocol header with checks */
|
||||
struct tcpcheck_rule *current_step; /* current step when using tcpcheck */
|
||||
diff --git a/include/types/server.h b/include/types/server.h
|
||||
index 313f58d..c419b40 100644
|
||||
--- a/include/types/server.h
|
||||
+++ b/include/types/server.h
|
||||
@@ -194,7 +194,6 @@ struct server {
|
||||
|
||||
struct { /* configuration used by health-check and agent-check */
|
||||
struct protocol *proto; /* server address protocol for health checks */
|
||||
- struct xprt_ops *xprt; /* transport layer operations for health checks */
|
||||
struct sockaddr_storage addr; /* the address to check, if different from <addr> */
|
||||
} check_common;
|
||||
|
||||
diff --git a/src/checks.c b/src/checks.c
|
||||
index 5318f35..84bf0e5 100644
|
||||
--- a/src/checks.c
|
||||
+++ b/src/checks.c
|
||||
@@ -1413,7 +1413,7 @@ static int connect_chk(struct task *t)
|
||||
|
||||
/* prepare a new connection */
|
||||
conn_init(conn);
|
||||
- conn_prepare(conn, s->check_common.proto, s->check_common.xprt);
|
||||
+ conn_prepare(conn, s->check_common.proto, check->xprt);
|
||||
conn_attach(conn, check, &check_conn_cb);
|
||||
conn->target = &s->obj_type;
|
||||
|
||||
diff --git a/src/server.c b/src/server.c
|
||||
index fdb63cc..94a31b6 100644
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -929,7 +929,7 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
|
||||
|
||||
newsrv->addr = *sk;
|
||||
newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family);
|
||||
- newsrv->xprt = newsrv->check_common.xprt = &raw_sock;
|
||||
+ newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock;
|
||||
|
||||
if (!newsrv->proto) {
|
||||
Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n",
|
||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||
index f50efe5..b73d6f9 100644
|
||||
--- a/src/ssl_sock.c
|
||||
+++ b/src/ssl_sock.c
|
||||
@@ -1812,7 +1812,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
|
||||
if (srv->use_ssl)
|
||||
srv->xprt = &ssl_sock;
|
||||
if (srv->check.use_ssl)
|
||||
- srv->check_common.xprt = &ssl_sock;
|
||||
+ srv->check.xprt = &ssl_sock;
|
||||
|
||||
srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
|
||||
if (!srv->ssl_ctx.ctx) {
|
||||
--
|
||||
2.1.3
|
||||
|
@ -1,42 +0,0 @@
|
||||
From cac307c020db7a938b73d4fef27a3b4ad2ecdf6a Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Tue, 18 Nov 2014 15:04:29 +0100
|
||||
Subject: [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance
|
||||
algorithm in frontends
|
||||
|
||||
Tom Limoncelli from Stack Exchange reported a minor bug : the frontend
|
||||
inherits the LB parameters from the defaults sections. The impact is
|
||||
that if a "balance" directive uses any L7 parameter in the defaults
|
||||
sections and the frontend is in TCP mode, a warning is emitted about
|
||||
their incompatibility. The warning is harmless but a valid, sane config
|
||||
should never cause any warning to be reported.
|
||||
|
||||
This fix should be backported into 1.5 and possibly 1.4.
|
||||
(cherry picked from commit 743c128580ee29c8f073b4a29771a5ce715f3721)
|
||||
---
|
||||
src/cfgparse.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/cfgparse.c b/src/cfgparse.c
|
||||
index 392a692..40d20ab 100644
|
||||
--- a/src/cfgparse.c
|
||||
+++ b/src/cfgparse.c
|
||||
@@ -2003,7 +2003,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
|
||||
curproxy->no_options = defproxy.no_options;
|
||||
curproxy->no_options2 = defproxy.no_options2;
|
||||
curproxy->bind_proc = defproxy.bind_proc;
|
||||
- curproxy->lbprm.algo = defproxy.lbprm.algo;
|
||||
curproxy->except_net = defproxy.except_net;
|
||||
curproxy->except_mask = defproxy.except_mask;
|
||||
curproxy->except_to = defproxy.except_to;
|
||||
@@ -2037,6 +2036,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
|
||||
}
|
||||
|
||||
if (curproxy->cap & PR_CAP_BE) {
|
||||
+ curproxy->lbprm.algo = defproxy.lbprm.algo;
|
||||
curproxy->fullconn = defproxy.fullconn;
|
||||
curproxy->conn_retries = defproxy.conn_retries;
|
||||
curproxy->max_ka_queue = defproxy.max_ka_queue;
|
||||
--
|
||||
2.1.3
|
||||
|
@ -1,59 +0,0 @@
|
||||
From 8ba50128832bb31e95f06fe4cb2bd172f2b945fe Mon Sep 17 00:00:00 2001
|
||||
From: Willy Tarreau <w@1wt.eu>
|
||||
Date: Tue, 18 Nov 2014 18:49:19 +0100
|
||||
Subject: [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier
|
||||
|
||||
Denys Fedoryshchenko reported and diagnosed a nasty bug caused by TCP
|
||||
captures, introduced in late 1.5-dev by commit 18bf01e ("MEDIUM: tcp:
|
||||
add a new tcp-request capture directive"). The problem is that we're
|
||||
using the array of capture pointers initially designed for HTTP usage
|
||||
only, and that this array was only reset when starting to process an
|
||||
HTTP request. In a tcp-only frontend, the pointers are not reset, and
|
||||
if the capture pool is shared, we can very well point to whatever other
|
||||
memory location, resulting in random crashes when tcp-request content
|
||||
captures are processed.
|
||||
|
||||
The fix simply consists in initializing these pointers when the pools
|
||||
are prepared.
|
||||
|
||||
A workaround for existing versions consists in either disabling TCP
|
||||
captures in tcp-only frontends, or in forcing the frontends to work in
|
||||
HTTP mode.
|
||||
|
||||
Thanks to Denys for the amount of testing and detailed reports.
|
||||
|
||||
This fix must be backported to 1.5.
|
||||
(cherry picked from commit 9654e57fac86c773091b892f42015ba2ba56be5a)
|
||||
---
|
||||
src/frontend.c | 14 ++++++++++----
|
||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/frontend.c b/src/frontend.c
|
||||
index 3f80774..2928047 100644
|
||||
--- a/src/frontend.c
|
||||
+++ b/src/frontend.c
|
||||
@@ -106,11 +106,17 @@ int frontend_accept(struct session *s)
|
||||
if (global.tune.client_rcvbuf)
|
||||
setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf));
|
||||
|
||||
- if (unlikely(s->fe->nb_req_cap > 0 && (s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL))
|
||||
- goto out_return; /* no memory */
|
||||
+ if (unlikely(s->fe->nb_req_cap > 0)) {
|
||||
+ if ((s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL)
|
||||
+ goto out_return; /* no memory */
|
||||
+ memset(s->txn.req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
|
||||
+ }
|
||||
|
||||
- if (unlikely(s->fe->nb_rsp_cap > 0 && (s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL))
|
||||
- goto out_free_reqcap; /* no memory */
|
||||
+ if (unlikely(s->fe->nb_rsp_cap > 0)) {
|
||||
+ if ((s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL)
|
||||
+ goto out_free_reqcap; /* no memory */
|
||||
+ memset(s->txn.rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
|
||||
+ }
|
||||
|
||||
if (s->fe->http_needed) {
|
||||
/* we have to allocate header indexes only if we know
|
||||
--
|
||||
2.1.3
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:db54b3cf08e530fdd5b67100153bb88293e8d6e179e7aa837412d8ea36a03539
|
||||
size 1338741
|
3
haproxy-1.5.9.tar.gz
Normal file
3
haproxy-1.5.9.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5f51aa8e20a8a3a11be16bd5f5ef382a5e95526803a89182fe1c15a428564722
|
||||
size 1339917
|
@ -1,3 +1,36 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de
|
||||
|
||||
- update to 1.5.9
|
||||
- BUILD: fix "make install" to support spaces in the install dirs
|
||||
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
|
||||
healthchecks
|
||||
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in
|
||||
case of OOM.
|
||||
- BUG/MINOR: samples: fix unnecessary memcopy converting binary
|
||||
to string.
|
||||
- BUG/MEDIUM: connection: sanitize PPv2 header length before
|
||||
parsing address information
|
||||
- BUG/MEDIUM: pattern: don't load more than once a pattern list.
|
||||
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
||||
- BUG/MINOR: config: don't inherit the default balance algorithm
|
||||
in frontends
|
||||
- BUG/MAJOR: frontend: initialize capture pointers earlier
|
||||
- BUG/MINOR: stats: correctly set the request/response analysers
|
||||
- DOC: fix typo in the body parser documentation for msg.sov
|
||||
- BUG/MINOR: peers: the buffer size is global.tune.bufsize, not
|
||||
trash.size
|
||||
- MINOR: sample: add a few basic internal fetches (nbproc, proc,
|
||||
stopping)
|
||||
- BUG/MAJOR: sessions: unlink session from list on out of memory
|
||||
- Drop patches pulled from git
|
||||
- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
||||
- 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
||||
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
||||
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
||||
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
||||
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com
|
||||
|
||||
|
23
haproxy.spec
23
haproxy.spec
@ -33,7 +33,7 @@
|
||||
%bcond_without apparmor
|
||||
|
||||
Name: haproxy
|
||||
Version: 1.5.8
|
||||
Version: 1.5.9
|
||||
Release: 0
|
||||
#
|
||||
#
|
||||
@ -60,20 +60,6 @@ Source4: local.usr.sbin.haproxy.apparmor
|
||||
Patch1: haproxy-1.2.16_config_haproxy_user.patch
|
||||
Patch2: haproxy-makefile_lib.patch
|
||||
Patch3: sec-options.patch
|
||||
|
||||
# PATCH-FIX-UPSTREAM BUILD: fix "make install" to support spaces in the install dirs
|
||||
Patch4: 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
||||
# PATCH-FIX-UPSTREAM BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
|
||||
Patch5: 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
||||
# PATCH-FIX-UPSTREAM BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
||||
Patch6: 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
||||
# PATCH-FIX-UPSTREAM BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
|
||||
Patch7: 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
||||
# PATCH-FIX-UPSTREAM BUG/MINOR: config: don't inherit the default balance algorithm in frontends
|
||||
Patch8: 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
||||
# PATCH-FIX-UPSTREAM BUG/MAJOR: frontend: initialize capture pointers earlier
|
||||
Patch9: 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
||||
|
||||
Source99: haproxy-rpmlintrc
|
||||
#
|
||||
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
||||
@ -107,13 +93,6 @@ the most work done from every CPU cycle.
|
||||
%patch2
|
||||
%patch3
|
||||
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
|
||||
%build
|
||||
%{__make} \
|
||||
TARGET=linux26 \
|
||||
|
Loading…
Reference in New Issue
Block a user