forked from pool/haproxy
Accepting request 241695 from network:ha-clustering:Factory
1 OBS-URL: https://build.opensuse.org/request/show/241695 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=8
This commit is contained in:
parent
23e7c6db83
commit
1767f8e3d7
@ -1,44 +0,0 @@
|
|||||||
From f86d9bb6dd56d56e7425246f91a6c105a5f38659 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Willy Tarreau <w@1wt.eu>
|
|
||||||
Date: Tue, 24 Jun 2014 17:27:02 +0200
|
|
||||||
Subject: [PATCH 1/6] BUG/MEDIUM: http: fetch "base" is not compatible with
|
|
||||||
set-header
|
|
||||||
|
|
||||||
The sample fetch function "base" makes use of the trash which is also
|
|
||||||
used by set-header/add-header etc... everything which builds a formated
|
|
||||||
line. So we end up with some junk in the header if base is in use. Let's
|
|
||||||
fix this as all other fetches by using a trash chunk instead.
|
|
||||||
|
|
||||||
This bug was reported by Baptiste Assmann, and also affects 1.5.
|
|
||||||
---
|
|
||||||
src/proto_http.c | 6 ++++--
|
|
||||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/proto_http.c b/src/proto_http.c
|
|
||||||
index 231d49a12875..5321f7d53e6a 100644
|
|
||||||
--- a/src/proto_http.c
|
|
||||||
+++ b/src/proto_http.c
|
|
||||||
@@ -10247,6 +10247,7 @@ smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
|
||||||
struct http_txn *txn = l7;
|
|
||||||
char *ptr, *end, *beg;
|
|
||||||
struct hdr_ctx ctx;
|
|
||||||
+ struct chunk *temp;
|
|
||||||
|
|
||||||
CHECK_HTTP_MESSAGE_FIRST();
|
|
||||||
|
|
||||||
@@ -10255,9 +10256,10 @@ smp_fetch_base(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
|
|
||||||
return smp_fetch_path(px, l4, l7, opt, args, smp, kw);
|
|
||||||
|
|
||||||
/* OK we have the header value in ctx.line+ctx.val for ctx.vlen bytes */
|
|
||||||
- memcpy(trash.str, ctx.line + ctx.val, ctx.vlen);
|
|
||||||
+ temp = get_trash_chunk();
|
|
||||||
+ memcpy(temp->str, ctx.line + ctx.val, ctx.vlen);
|
|
||||||
smp->type = SMP_T_STR;
|
|
||||||
- smp->data.str.str = trash.str;
|
|
||||||
+ smp->data.str.str = temp->str;
|
|
||||||
smp->data.str.len = ctx.vlen;
|
|
||||||
|
|
||||||
/* now retrieve the path */
|
|
||||||
--
|
|
||||||
1.8.4.5
|
|
||||||
|
|
@ -0,0 +1,29 @@
|
|||||||
|
From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Willy Tarreau <w@1wt.eu>
|
||||||
|
Date: Sat, 12 Jul 2014 17:31:07 +0200
|
||||||
|
Subject: [PATCH 1/5] DOC: mention that Squid correctly responds 400 to PPv2
|
||||||
|
header
|
||||||
|
|
||||||
|
Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630
|
||||||
|
were confirmed to respond correctly here and that any version will do
|
||||||
|
the same.
|
||||||
|
(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad)
|
||||||
|
---
|
||||||
|
doc/proxy-protocol.txt | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
|
||||||
|
index a2dbcea..a3925a4 100644
|
||||||
|
--- a/doc/proxy-protocol.txt
|
||||||
|
+++ b/doc/proxy-protocol.txt
|
||||||
|
@@ -692,6 +692,7 @@ presented, even with minimal implementations :
|
||||||
|
- thttpd 2.20c : 400 Bad Request + abort => pass/optimal
|
||||||
|
- mini-httpd-1.19 : 400 Bad Request + abort => pass/optimal
|
||||||
|
- haproxy 1.4.21 : 400 Bad Request + abort => pass/optimal
|
||||||
|
+ - Squid 3 : 400 Bad Request + abort => pass/optimal
|
||||||
|
- SSL :
|
||||||
|
- stud 0.3.47 : connection abort => pass/optimal
|
||||||
|
- stunnel 4.45 : connection abort => pass/optimal
|
||||||
|
--
|
||||||
|
1.8.4.5
|
||||||
|
|
@ -1,100 +0,0 @@
|
|||||||
From 87e56ce15591dbb98046fe9fb923f28769eb6056 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Emeric Brun <ebrun@haproxy.com>
|
|
||||||
Date: Tue, 24 Jun 2014 18:26:41 +0200
|
|
||||||
Subject: [PATCH 2/6] BUG/MINOR: ssl: Fix external function in order not to
|
|
||||||
return a pointer on an internal trash buffer.
|
|
||||||
|
|
||||||
'ssl_sock_get_common_name' applied to a connection was also renamed
|
|
||||||
'ssl_sock_get_remote_common_name'. Currently, this function is only used
|
|
||||||
with protocol PROXYv2 to retrieve the client certificate's common name.
|
|
||||||
A further usage could be to retrieve the server certificate's common name
|
|
||||||
on an outgoing connection.
|
|
||||||
---
|
|
||||||
include/proto/ssl_sock.h | 2 +-
|
|
||||||
src/connection.c | 5 ++---
|
|
||||||
src/ssl_sock.c | 23 +++++++++++------------
|
|
||||||
3 files changed, 14 insertions(+), 16 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
|
|
||||||
index 0902fde989bb..3e111cd68490 100644
|
|
||||||
--- a/include/proto/ssl_sock.h
|
|
||||||
+++ b/include/proto/ssl_sock.h
|
|
||||||
@@ -52,7 +52,7 @@ const char *ssl_sock_get_cipher_name(struct connection *conn);
|
|
||||||
const char *ssl_sock_get_proto_version(struct connection *conn);
|
|
||||||
char *ssl_sock_get_version(struct connection *conn);
|
|
||||||
int ssl_sock_get_cert_used(struct connection *conn);
|
|
||||||
-char *ssl_sock_get_common_name(struct connection *conn);
|
|
||||||
+int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out);
|
|
||||||
unsigned int ssl_sock_get_verify_result(struct connection *conn);
|
|
||||||
#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
|
|
||||||
int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
|
|
||||||
diff --git a/src/connection.c b/src/connection.c
|
|
||||||
index 0b154d802a80..20a911bcd41f 100644
|
|
||||||
--- a/src/connection.c
|
|
||||||
+++ b/src/connection.c
|
|
||||||
@@ -682,9 +682,8 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
|
|
||||||
tlv->verify = htonl(ssl_sock_get_verify_result(remote));
|
|
||||||
}
|
|
||||||
if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
|
|
||||||
- value = ssl_sock_get_common_name(remote);
|
|
||||||
- if (value) {
|
|
||||||
- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, strlen(value), value);
|
|
||||||
+ if (ssl_sock_get_remote_common_name(remote, &trash) > 0) {
|
|
||||||
+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str);
|
|
||||||
ssl_tlv_len += tlv_len;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
|
||||||
index 328b97880b8d..375225d19f72 100644
|
|
||||||
--- a/src/ssl_sock.c
|
|
||||||
+++ b/src/ssl_sock.c
|
|
||||||
@@ -2654,21 +2654,25 @@ char *ssl_sock_get_version(struct connection *conn)
|
|
||||||
return (char *)SSL_get_version(conn->xprt_ctx);
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* returns common name, NULL terminated, from client certificate, or NULL if none */
|
|
||||||
-char *ssl_sock_get_common_name(struct connection *conn)
|
|
||||||
+/* Extract peer certificate's common name into the chunk dest
|
|
||||||
+ * Returns
|
|
||||||
+ * the len of the extracted common name
|
|
||||||
+ * or 0 if no CN found in DN
|
|
||||||
+ * or -1 on error case (i.e. no peer certificate)
|
|
||||||
+ */
|
|
||||||
+int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
|
|
||||||
{
|
|
||||||
X509 *crt = NULL;
|
|
||||||
X509_NAME *name;
|
|
||||||
- struct chunk *cn_trash;
|
|
||||||
const char find_cn[] = "CN";
|
|
||||||
const struct chunk find_cn_chunk = {
|
|
||||||
.str = (char *)&find_cn,
|
|
||||||
.len = sizeof(find_cn)-1
|
|
||||||
};
|
|
||||||
- char *result = NULL;
|
|
||||||
+ int result = -1;
|
|
||||||
|
|
||||||
if (!ssl_sock_is_ssl(conn))
|
|
||||||
- return NULL;
|
|
||||||
+ goto out;
|
|
||||||
|
|
||||||
/* SSL_get_peer_certificate, it increase X509 * ref count */
|
|
||||||
crt = SSL_get_peer_certificate(conn->xprt_ctx);
|
|
||||||
@@ -2679,13 +2683,8 @@ char *ssl_sock_get_common_name(struct connection *conn)
|
|
||||||
if (!name)
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
- cn_trash = get_trash_chunk();
|
|
||||||
- if (ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, cn_trash) <= 0)
|
|
||||||
- goto out;
|
|
||||||
- cn_trash->str[cn_trash->len] = '\0';
|
|
||||||
- result = cn_trash->str;
|
|
||||||
-
|
|
||||||
- out:
|
|
||||||
+ result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
|
|
||||||
+out:
|
|
||||||
if (crt)
|
|
||||||
X509_free(crt);
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.4.5
|
|
||||||
|
|
29
0002-DOC-fix-typo-in-Unix-Socket-commands.patch
Normal file
29
0002-DOC-fix-typo-in-Unix-Socket-commands.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
|
||||||
|
Date: Sat, 12 Jul 2014 18:22:42 +0200
|
||||||
|
Subject: [PATCH 2/5] DOC: fix typo in Unix Socket commands
|
||||||
|
|
||||||
|
Konstantin Romanenko reported a typo in the HTML documentation. The typo is
|
||||||
|
already present in the raw text version : the "shutdown sessions" command
|
||||||
|
should be "shutdown sessions server".
|
||||||
|
(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e)
|
||||||
|
---
|
||||||
|
doc/configuration.txt | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/doc/configuration.txt b/doc/configuration.txt
|
||||||
|
index ca21f7d..2d71555 100644
|
||||||
|
--- a/doc/configuration.txt
|
||||||
|
+++ b/doc/configuration.txt
|
||||||
|
@@ -13869,7 +13869,7 @@ shutdown session <id>
|
||||||
|
endless transfer is ongoing. Such terminated sessions are reported with a 'K'
|
||||||
|
flag in the logs.
|
||||||
|
|
||||||
|
-shutdown sessions <backend>/<server>
|
||||||
|
+shutdown sessions server <backend>/<server>
|
||||||
|
Immediately terminate all the sessions attached to the specified server. This
|
||||||
|
can be used to terminate long-running sessions after a server is put into
|
||||||
|
maintenance mode, for instance. Such terminated sessions are reported with a
|
||||||
|
--
|
||||||
|
1.8.4.5
|
||||||
|
|
101
0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
Normal file
101
0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
From 60d7aeb6e1450995e721d01f48f60b7db4c44e2b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Remi Gacogne <rgacogne[at]aquaray[dot]fr>
|
||||||
|
Date: Tue, 15 Jul 2014 11:36:40 +0200
|
||||||
|
Subject: [PATCH 3/5] BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
|
||||||
|
|
||||||
|
OpenSSL does not free the DH * value returned by the callback specified with SSL_CTX_set_tmp_dh_callback(),
|
||||||
|
leading to a memory leak for SSL/TLS connections using Diffie Hellman Ephemeral key exchange.
|
||||||
|
This patch fixes the leak by allocating the DH * structs holding the DH parameters once, at configuration time.
|
||||||
|
|
||||||
|
Note: this fix must be backported to 1.5.
|
||||||
|
(cherry picked from commit 8de5415b85512da871d58d1e9a0a33bd67f3b570)
|
||||||
|
---
|
||||||
|
src/ssl_sock.c | 43 ++++++++++++++++++++++++++++++++++++-------
|
||||||
|
1 file changed, 36 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
||||||
|
index 375225d..cf8adc7 100644
|
||||||
|
--- a/src/ssl_sock.c
|
||||||
|
+++ b/src/ssl_sock.c
|
||||||
|
@@ -105,6 +105,13 @@ enum {
|
||||||
|
int sslconns = 0;
|
||||||
|
int totalsslconns = 0;
|
||||||
|
|
||||||
|
+#ifndef OPENSSL_NO_DH
|
||||||
|
+static DH *local_dh_1024 = NULL;
|
||||||
|
+static DH *local_dh_2048 = NULL;
|
||||||
|
+static DH *local_dh_4096 = NULL;
|
||||||
|
+static DH *local_dh_8192 = NULL;
|
||||||
|
+#endif /* OPENSSL_NO_DH */
|
||||||
|
+
|
||||||
|
#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
|
||||||
|
struct certificate_ocsp {
|
||||||
|
struct ebmb_node key;
|
||||||
|
@@ -1034,16 +1041,16 @@ static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (keylen >= 8192) {
|
||||||
|
- dh = ssl_get_dh_8192();
|
||||||
|
+ dh = local_dh_8192;
|
||||||
|
}
|
||||||
|
else if (keylen >= 4096) {
|
||||||
|
- dh = ssl_get_dh_4096();
|
||||||
|
+ dh = local_dh_4096;
|
||||||
|
}
|
||||||
|
else if (keylen >= 2048) {
|
||||||
|
- dh = ssl_get_dh_2048();
|
||||||
|
+ dh = local_dh_2048;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
- dh = ssl_get_dh_1024();
|
||||||
|
+ dh = local_dh_1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
return dh;
|
||||||
|
@@ -1079,11 +1086,11 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
|
||||||
|
|
||||||
|
if (global.tune.ssl_default_dh_param <= 1024) {
|
||||||
|
/* we are limited to DH parameter of 1024 bits anyway */
|
||||||
|
- dh = ssl_get_dh_1024();
|
||||||
|
- if (dh == NULL)
|
||||||
|
+ local_dh_1024 = ssl_get_dh_1024();
|
||||||
|
+ if (local_dh_1024 == NULL)
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
- SSL_CTX_set_tmp_dh(ctx, dh);
|
||||||
|
+ SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
|
||||||
|
@@ -1594,6 +1601,28 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
|
||||||
|
global.tune.ssl_default_dh_param = 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifndef OPENSSL_NO_DH
|
||||||
|
+ if (global.tune.ssl_default_dh_param >= 1024) {
|
||||||
|
+ if (local_dh_1024 == NULL) {
|
||||||
|
+ local_dh_1024 = ssl_get_dh_1024();
|
||||||
|
+ }
|
||||||
|
+ if (global.tune.ssl_default_dh_param >= 2048) {
|
||||||
|
+ if (local_dh_2048 == NULL) {
|
||||||
|
+ local_dh_2048 = ssl_get_dh_2048();
|
||||||
|
+ }
|
||||||
|
+ if (global.tune.ssl_default_dh_param >= 4096) {
|
||||||
|
+ if (local_dh_4096 == NULL) {
|
||||||
|
+ local_dh_4096 = ssl_get_dh_4096();
|
||||||
|
+ }
|
||||||
|
+ if (global.tune.ssl_default_dh_param >= 8192 &&
|
||||||
|
+ local_dh_8192 == NULL) {
|
||||||
|
+ local_dh_8192 = ssl_get_dh_8192();
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif /* OPENSSL_NO_DH */
|
||||||
|
+
|
||||||
|
SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||||
|
SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
|
||||||
|
--
|
||||||
|
1.8.4.5
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
From ecde57996941ab79f8e3ee5d6114ede49adaaf17 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Willy Tarreau <w@1wt.eu>
|
|
||||||
Date: Wed, 25 Jun 2014 15:36:04 +0200
|
|
||||||
Subject: [PATCH 3/6] BUG/MINOR: counters: do not untrack counters before
|
|
||||||
logging
|
|
||||||
|
|
||||||
Baptiste Assmann reported a corner case in the releasing of stick-counters:
|
|
||||||
we release content-aware counters before logging. In the past it was not a
|
|
||||||
problem, but since now we can log them it, it prevents one from logging
|
|
||||||
their value. Simply switching the log production and the release of the
|
|
||||||
counter fixes the issue.
|
|
||||||
|
|
||||||
This should be backported into 1.5.
|
|
||||||
---
|
|
||||||
src/proto_http.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/proto_http.c b/src/proto_http.c
|
|
||||||
index 5321f7d53e6a..d566bcc819ec 100644
|
|
||||||
--- a/src/proto_http.c
|
|
||||||
+++ b/src/proto_http.c
|
|
||||||
@@ -4808,7 +4808,6 @@ void http_end_txn_clean_session(struct session *s)
|
|
||||||
|
|
||||||
s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
|
|
||||||
session_process_counters(s);
|
|
||||||
- session_stop_content_counters(s);
|
|
||||||
|
|
||||||
if (s->txn.status) {
|
|
||||||
int n;
|
|
||||||
@@ -4842,6 +4841,8 @@ void http_end_txn_clean_session(struct session *s)
|
|
||||||
s->do_log(s);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* stop tracking content-based counters */
|
|
||||||
+ session_stop_content_counters(s);
|
|
||||||
session_update_time_stats(s);
|
|
||||||
|
|
||||||
s->logs.accept_date = date; /* user-visible date for logging */
|
|
||||||
--
|
|
||||||
1.8.4.5
|
|
||||||
|
|
@ -1,64 +0,0 @@
|
|||||||
From 6747e44f116b7f20c96514454174cf0c0a2e1a4b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Willy Tarreau <w@1wt.eu>
|
|
||||||
Date: Wed, 25 Jun 2014 16:56:41 +0200
|
|
||||||
Subject: [PATCH 4/6] BUG/MAJOR: sample: correctly reinitialize sample fetch
|
|
||||||
context before calling sample_process()
|
|
||||||
|
|
||||||
We used to only clear flags when reusing the static sample before calling
|
|
||||||
sample_process(), but that's not enough because there's a context in samples
|
|
||||||
that can be used by some fetch functions such as auth, headers and cookies,
|
|
||||||
and not reinitializing it risks that a pointer of a different type is used
|
|
||||||
in the wrong context.
|
|
||||||
|
|
||||||
An example configuration which triggers the case consists in mixing hdr()
|
|
||||||
and http_auth_group() which both make use of contexts :
|
|
||||||
|
|
||||||
http-request add-header foo2 %[hdr(host)],%[http_auth_group(foo)]
|
|
||||||
|
|
||||||
The solution is simple, initialize all the sample and not just the flags.
|
|
||||||
This fix must be backported into 1.5 since it was introduced in 1.5-dev19.
|
|
||||||
---
|
|
||||||
src/proto_http.c | 3 +++
|
|
||||||
src/sample.c | 5 +++--
|
|
||||||
2 files changed, 6 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/proto_http.c b/src/proto_http.c
|
|
||||||
index d566bcc819ec..01fe62d09246 100644
|
|
||||||
--- a/src/proto_http.c
|
|
||||||
+++ b/src/proto_http.c
|
|
||||||
@@ -9748,6 +9748,9 @@ smp_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int op
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Note: these functinos *do* modify the sample. Even in case of success, at
|
|
||||||
+ * least the type and uint value are modified.
|
|
||||||
+ */
|
|
||||||
#define CHECK_HTTP_MESSAGE_FIRST() \
|
|
||||||
do { int r = smp_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
|
|
||||||
|
|
||||||
diff --git a/src/sample.c b/src/sample.c
|
|
||||||
index 9f22ef97156f..3a0f3fbbcff2 100644
|
|
||||||
--- a/src/sample.c
|
|
||||||
+++ b/src/sample.c
|
|
||||||
@@ -905,7 +905,7 @@ struct sample *sample_process(struct proxy *px, struct session *l4, void *l7,
|
|
||||||
|
|
||||||
if (p == NULL) {
|
|
||||||
p = &temp_smp;
|
|
||||||
- p->flags = 0;
|
|
||||||
+ memset(p, 0, sizeof(*p));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!expr->fetch->process(px, l4, l7, opt, expr->arg_p, p, expr->fetch->kw))
|
|
||||||
@@ -1160,7 +1160,8 @@ struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l
|
|
||||||
{
|
|
||||||
struct sample *smp = &temp_smp;
|
|
||||||
|
|
||||||
- smp->flags = 0;
|
|
||||||
+ memset(smp, 0, sizeof(*smp));
|
|
||||||
+
|
|
||||||
if (!sample_process(px, l4, l7, opt, expr, smp)) {
|
|
||||||
if ((smp->flags & SMP_F_MAY_CHANGE) && !(opt & SMP_OPT_FINAL))
|
|
||||||
return smp;
|
|
||||||
--
|
|
||||||
1.8.4.5
|
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Willy Tarreau <w@1wt.eu>
|
||||||
|
Date: Tue, 15 Jul 2014 21:34:06 +0200
|
||||||
|
Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
|
||||||
|
version of base32
|
||||||
|
|
||||||
|
We're using the internal memory representation of base32 here, which is
|
||||||
|
wrong since these data might be exported to headers for logs or be used
|
||||||
|
to stick to a server and replicated to other peers. Let's convert base32
|
||||||
|
to big endian (network representation) when building the binary block.
|
||||||
|
|
||||||
|
This mistake is also present in 1.5, it would be better to backport it.
|
||||||
|
(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568)
|
||||||
|
---
|
||||||
|
src/proto_http.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/proto_http.c b/src/proto_http.c
|
||||||
|
index 94afed7..b7ed85d 100644
|
||||||
|
--- a/src/proto_http.c
|
||||||
|
+++ b/src/proto_http.c
|
||||||
|
@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
temp = get_trash_chunk();
|
||||||
|
- memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
|
||||||
|
- temp->len += sizeof(smp->data.uint);
|
||||||
|
+ *(unsigned int *)temp->str = htonl(smp->data.uint);
|
||||||
|
+ temp->len += sizeof(unsigned int);
|
||||||
|
|
||||||
|
switch (cli_conn->addr.from.ss_family) {
|
||||||
|
case AF_INET:
|
||||||
|
--
|
||||||
|
1.8.4.5
|
||||||
|
|
@ -0,0 +1,42 @@
|
|||||||
|
From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dave McCowan <11235david@gmail.com>
|
||||||
|
Date: Thu, 17 Jul 2014 14:34:01 -0400
|
||||||
|
Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when
|
||||||
|
building a proxy v2 header
|
||||||
|
|
||||||
|
Use temporary trash chunk, instead of global trash chunk in
|
||||||
|
make_proxy_line_v2() to avoid memory overwrite.
|
||||||
|
|
||||||
|
This fix must also be backported to 1.5.
|
||||||
|
(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b)
|
||||||
|
---
|
||||||
|
src/connection.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/connection.c b/src/connection.c
|
||||||
|
index 20a911b..3435b1a 100644
|
||||||
|
--- a/src/connection.c
|
||||||
|
+++ b/src/connection.c
|
||||||
|
@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
|
||||||
|
char *value = NULL;
|
||||||
|
struct tlv_ssl *tlv;
|
||||||
|
int ssl_tlv_len = 0;
|
||||||
|
+ struct chunk *cn_trash;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (buf_len < PP2_HEADER_LEN)
|
||||||
|
@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
|
||||||
|
tlv->verify = htonl(ssl_sock_get_verify_result(remote));
|
||||||
|
}
|
||||||
|
if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
|
||||||
|
- if (ssl_sock_get_remote_common_name(remote, &trash) > 0) {
|
||||||
|
- tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str);
|
||||||
|
+ cn_trash = get_trash_chunk();
|
||||||
|
+ if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
|
||||||
|
+ tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
|
||||||
|
ssl_tlv_len += tlv_len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.8.4.5
|
||||||
|
|
@ -1,108 +0,0 @@
|
|||||||
From f0b3bcc98e0d3fc372f0ec658e6c402af8b98412 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Willy Tarreau <w@1wt.eu>
|
|
||||||
Date: Wed, 25 Jun 2014 16:20:53 +0200
|
|
||||||
Subject: [PATCH 5/6] MINOR: stick-table: make stktable_fetch_key() indicate
|
|
||||||
why it failed
|
|
||||||
|
|
||||||
stktable_fetch_key() does not indicate whether it returns NULL because
|
|
||||||
the input sample was not found or because it's unstable. It causes trouble
|
|
||||||
with track-sc* rules. Just like with sample_fetch_string(), we want it to
|
|
||||||
be able to give more information to the caller about what it found. Thus,
|
|
||||||
now we use the pointer to a sample passed by the caller, and fill it with
|
|
||||||
the information we have about the sample. That way, even if we return NULL,
|
|
||||||
the caller has the ability to check whether a sample was found and if it is
|
|
||||||
still changing or not.
|
|
||||||
---
|
|
||||||
include/proto/stick_table.h | 2 +-
|
|
||||||
src/proto_tcp.c | 4 ++--
|
|
||||||
src/session.c | 4 ++--
|
|
||||||
src/stick_table.c | 12 +++++++-----
|
|
||||||
4 files changed, 12 insertions(+), 10 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/proto/stick_table.h b/include/proto/stick_table.h
|
|
||||||
index 0c26fbea3052..57ca2234317c 100644
|
|
||||||
--- a/include/proto/stick_table.h
|
|
||||||
+++ b/include/proto/stick_table.h
|
|
||||||
@@ -48,7 +48,7 @@ struct stksess *stktable_lookup_key(struct stktable *t, struct stktable_key *key
|
|
||||||
struct stksess *stktable_update_key(struct stktable *table, struct stktable_key *key);
|
|
||||||
struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px,
|
|
||||||
struct session *l4, void *l7, unsigned int opt,
|
|
||||||
- struct sample_expr *expr);
|
|
||||||
+ struct sample_expr *expr, struct sample *smp);
|
|
||||||
int stktable_compatible_sample(struct sample_expr *expr, unsigned long table_type);
|
|
||||||
int stktable_get_data_type(char *name);
|
|
||||||
struct proxy *find_stktable(const char *name);
|
|
||||||
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
|
|
||||||
index 65c4fdad379e..1aac0d9225d9 100644
|
|
||||||
--- a/src/proto_tcp.c
|
|
||||||
+++ b/src/proto_tcp.c
|
|
||||||
@@ -1027,7 +1027,7 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
t = rule->act_prm.trk_ctr.table.t;
|
|
||||||
- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr);
|
|
||||||
+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
|
|
||||||
|
|
||||||
if (key && (ts = stktable_get_entry(t, key))) {
|
|
||||||
session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
|
|
||||||
@@ -1228,7 +1228,7 @@ int tcp_exec_req_rules(struct session *s)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
t = rule->act_prm.trk_ctr.table.t;
|
|
||||||
- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr);
|
|
||||||
+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
|
|
||||||
|
|
||||||
if (key && (ts = stktable_get_entry(t, key)))
|
|
||||||
session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
|
|
||||||
diff --git a/src/session.c b/src/session.c
|
|
||||||
index e26f5ad17a6b..df85170cd13a 100644
|
|
||||||
--- a/src/session.c
|
|
||||||
+++ b/src/session.c
|
|
||||||
@@ -1458,7 +1458,7 @@ static int process_sticking_rules(struct session *s, struct channel *req, int an
|
|
||||||
if (ret) {
|
|
||||||
struct stktable_key *key;
|
|
||||||
|
|
||||||
- key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr);
|
|
||||||
+ key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr, NULL);
|
|
||||||
if (!key)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
@@ -1561,7 +1561,7 @@ static int process_store_rules(struct session *s, struct channel *rep, int an_bi
|
|
||||||
if (ret) {
|
|
||||||
struct stktable_key *key;
|
|
||||||
|
|
||||||
- key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr);
|
|
||||||
+ key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr, NULL);
|
|
||||||
if (!key)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
diff --git a/src/stick_table.c b/src/stick_table.c
|
|
||||||
index c6463ec7b95a..a708d3c53386 100644
|
|
||||||
--- a/src/stick_table.c
|
|
||||||
+++ b/src/stick_table.c
|
|
||||||
@@ -601,15 +601,17 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = {
|
|
||||||
* Process a fetch + format conversion as defined by the sample expression <expr>
|
|
||||||
* on request or response considering the <opt> parameter. Returns either NULL if
|
|
||||||
* no key could be extracted, or a pointer to the converted result stored in
|
|
||||||
- * static_table_key in format <table_type>.
|
|
||||||
+ * static_table_key in format <table_type>. If <smp> is not NULL, it will be reset
|
|
||||||
+ * and its flags will be initialized so that the caller gets a copy of the input
|
|
||||||
+ * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present).
|
|
||||||
*/
|
|
||||||
struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7,
|
|
||||||
- unsigned int opt,
|
|
||||||
- struct sample_expr *expr)
|
|
||||||
+ unsigned int opt, struct sample_expr *expr, struct sample *smp)
|
|
||||||
{
|
|
||||||
- struct sample *smp;
|
|
||||||
+ if (smp)
|
|
||||||
+ memset(smp, 0, sizeof(*smp));
|
|
||||||
|
|
||||||
- smp = sample_process(px, l4, l7, opt, expr, NULL);
|
|
||||||
+ smp = sample_process(px, l4, l7, opt, expr, smp);
|
|
||||||
if (!smp)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
--
|
|
||||||
1.8.4.5
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
|||||||
From 08901b038aa0837786fbb1049508fb28c92a15d7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Willy Tarreau <w@1wt.eu>
|
|
||||||
Date: Wed, 25 Jun 2014 17:01:56 +0200
|
|
||||||
Subject: [PATCH 6/6] BUG/MEDIUM: counters: fix track-sc* to wait on unstable
|
|
||||||
contents
|
|
||||||
|
|
||||||
I've been facing multiple configurations which involved track-sc* rules
|
|
||||||
in tcp-request content without the "if ..." to force it to wait for the
|
|
||||||
contents, resulting in random behaviour with contents sometimes retrieved
|
|
||||||
and sometimes not.
|
|
||||||
|
|
||||||
Reading the doc doesn't make it clear either that the tracking will be
|
|
||||||
performed only if data are already there and that waiting on an ACL is
|
|
||||||
the only way to avoid this.
|
|
||||||
|
|
||||||
Since this behaviour is not natural and we now have the ability to fix
|
|
||||||
it, this patch ensures that if input data are still moving, instead of
|
|
||||||
silently dropping them, we naturally wait for them to stabilize up to
|
|
||||||
the inspect-delay. This way it's not needed anymore to implement an
|
|
||||||
ACL-based condition to force to wait for data, eventhough the behaviour
|
|
||||||
is not changed for when an ACL is present.
|
|
||||||
|
|
||||||
The most obvious usage will be when track-sc is followed by any HTTP
|
|
||||||
sample expression, there's no need anymore for adding "if HTTP".
|
|
||||||
|
|
||||||
It's probably worth backporting this to 1.5 to avoid further configuration
|
|
||||||
issues. Note that it requires previous patch.
|
|
||||||
---
|
|
||||||
src/proto_tcp.c | 6 +++++-
|
|
||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
|
|
||||||
index 1aac0d9225d9..e9dbc9c0b6de 100644
|
|
||||||
--- a/src/proto_tcp.c
|
|
||||||
+++ b/src/proto_tcp.c
|
|
||||||
@@ -1022,12 +1022,16 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit)
|
|
||||||
* applies.
|
|
||||||
*/
|
|
||||||
struct stktable_key *key;
|
|
||||||
+ struct sample smp;
|
|
||||||
|
|
||||||
if (stkctr_entry(&s->stkctr[tcp_trk_idx(rule->action)]))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
t = rule->act_prm.trk_ctr.table.t;
|
|
||||||
- key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->act_prm.trk_ctr.expr, NULL);
|
|
||||||
+ key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp);
|
|
||||||
+
|
|
||||||
+ if (smp.flags & SMP_F_MAY_CHANGE)
|
|
||||||
+ goto missing_data;
|
|
||||||
|
|
||||||
if (key && (ts = stktable_get_entry(t, key))) {
|
|
||||||
session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
|
|
||||||
--
|
|
||||||
1.8.4.5
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:69b54be39247b4a7556b4a7d3bd90ffd4acf35799ffa7125bbadebab8e5df5b4
|
|
||||||
size 1329710
|
|
3
haproxy-1.5.2.tar.gz
Normal file
3
haproxy-1.5.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:f9cc9fcb30e5d998d4690331a0183a6970ca768833cc0ac68ad2a89600403d53
|
||||||
|
size 1334897
|
@ -1,3 +1,71 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 18 15:01:53 UTC 2014 - mrueckert@suse.de
|
||||||
|
|
||||||
|
- added
|
||||||
|
0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch:
|
||||||
|
BUG/MEDIUM: connection: fix memory corruption when building a
|
||||||
|
proxy v2 header
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 17 10:45:28 UTC 2014 - mrueckert@suse.de
|
||||||
|
|
||||||
|
- pulled a few fixes from the 1.5 branch: most notable the DHE
|
||||||
|
memleak fix. Adds the following patches:
|
||||||
|
0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
||||||
|
0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
||||||
|
0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
||||||
|
0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jul 12 16:56:27 UTC 2014 - mrueckert@suse.de
|
||||||
|
|
||||||
|
- update to 1.5.2
|
||||||
|
- BUG/MEDIUM: backend: Update hash to use unsigned int throughout
|
||||||
|
- BUG/MINOR: ssl: Fix external function in order not to return a
|
||||||
|
pointer on an internal trash buffer.
|
||||||
|
- DOC: expand the docs for the provided stats.
|
||||||
|
- BUG/MEDIUM: unix: do not unlink() abstract namespace sockets
|
||||||
|
upon failure.
|
||||||
|
- MINOR: stats: fix minor typo in HTML page
|
||||||
|
- BUG/MEDIUM: http: fetch "base" is not compatible with
|
||||||
|
set-header
|
||||||
|
- BUG/MINOR: counters: do not untrack counters before logging
|
||||||
|
- BUG/MAJOR: sample: correctly reinitialize sample fetch context
|
||||||
|
before calling sample_process()
|
||||||
|
- MINOR: stick-table: make stktable_fetch_key() indicate why it
|
||||||
|
failed
|
||||||
|
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable
|
||||||
|
contents
|
||||||
|
- BUILD: remove TODO from the spec file and add README
|
||||||
|
- MINOR: log: make MAX_SYSLOG_LEN overridable at build time
|
||||||
|
- MEDIUM: log: support a user-configurable max log line length
|
||||||
|
- DOC: provide an example of how to use ssl_c_sha1
|
||||||
|
- BUILD: http: fix isdigit & isspace warnings on Solaris
|
||||||
|
- BUG/MINOR: listener: set the listener's fd to -1 after deletion
|
||||||
|
- BUG/MEDIUM: unix: failed abstract socket binding is retryable
|
||||||
|
- MEDIUM: listener: implement a per-protocol pause() function
|
||||||
|
- MEDIUM: listener: support rebinding during resume()
|
||||||
|
- BUG/MEDIUM: unix: completely unbind abstract sockets during a
|
||||||
|
pause()
|
||||||
|
- DOC: explicitly mention the limits of abstract namespace
|
||||||
|
sockets
|
||||||
|
- DOC: minor fix on {sc,src}_kbytes_{in,out}
|
||||||
|
- DOC: fix alphabetical sort of converters
|
||||||
|
- BUG/MAJOR: http: correctly rewind the request body after start
|
||||||
|
of forwarding
|
||||||
|
- DOC: remove references to CPU=native in the README
|
||||||
|
- DOC: mention that "compression offload" is ignored in defaults
|
||||||
|
section
|
||||||
|
- drop patches including in version upgrade.
|
||||||
|
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
||||||
|
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
||||||
|
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
||||||
|
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
||||||
|
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
||||||
|
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
||||||
|
- use www.haproxy.org now instead of the old domain which is just
|
||||||
|
redirecting to haproxy.org now.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jul 1 12:13:33 UTC 2014 - kgronlund@suse.com
|
Tue Jul 1 12:13:33 UTC 2014 - kgronlund@suse.com
|
||||||
|
|
||||||
|
26
haproxy.spec
26
haproxy.spec
@ -33,7 +33,7 @@
|
|||||||
%bcond_without apparmor
|
%bcond_without apparmor
|
||||||
|
|
||||||
Name: haproxy
|
Name: haproxy
|
||||||
Version: 1.5.1
|
Version: 1.5.2
|
||||||
Release: 0
|
Release: 0
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
@ -51,28 +51,21 @@ BuildRequires: vim
|
|||||||
%define pkg_name haproxy
|
%define pkg_name haproxy
|
||||||
%define pkg_home /var/lib/%{pkg_name}
|
%define pkg_home /var/lib/%{pkg_name}
|
||||||
#
|
#
|
||||||
Url: http://haproxy.1wt.eu/
|
Url: http://www.haproxy.org/
|
||||||
Source: http://haproxy.1wt.eu/download/1.5/src/haproxy-%{version}.tar.gz
|
Source: http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz
|
||||||
Source1: %{pkg_name}.init
|
Source1: %{pkg_name}.init
|
||||||
Source2: http://haproxy.1wt.eu/download/contrib/haproxy.vim
|
Source2: http://www.haproxy.org/download/contrib/haproxy.vim
|
||||||
Source3: usr.sbin.haproxy.apparmor
|
Source3: usr.sbin.haproxy.apparmor
|
||||||
Source4: local.usr.sbin.haproxy.apparmor
|
Source4: local.usr.sbin.haproxy.apparmor
|
||||||
Patch1: haproxy-1.2.16_config_haproxy_user.patch
|
Patch1: haproxy-1.2.16_config_haproxy_user.patch
|
||||||
Patch2: haproxy-makefile_lib.patch
|
Patch2: haproxy-makefile_lib.patch
|
||||||
Patch3: sec-options.patch
|
Patch3: sec-options.patch
|
||||||
Patch4: haproxy-1.5_check_config_before_start.patch
|
Patch4: haproxy-1.5_check_config_before_start.patch
|
||||||
# PATCH-FIX-UPSTREAM: http: fetch "base" is not compatible with set-header
|
Patch5: 0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
||||||
Patch5: 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
Patch6: 0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
||||||
# PATCH-FIX-UPSTREAM: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
|
Patch7: 0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
||||||
Patch6: 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
Patch8: 0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
||||||
# PATCH-FIX-UPSTREAM: counters: do not untrack counters before logging
|
Patch9: 0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
|
||||||
Patch7: 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
|
||||||
# PATCH-FIX-UPSTREAM: sample: correctly reinitialize sample fetch context before calling sample_process()
|
|
||||||
Patch8: 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
|
||||||
# PATCH-FIX-UPSTREAM: stick-table: make stktable_fetch_key() indicate why it failed
|
|
||||||
Patch9: 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
|
||||||
# PATCH-FIX-UPSTREAM: counters: fix track-sc* to wait on unstable contents
|
|
||||||
Patch10: 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
|
||||||
Source99: haproxy-rpmlintrc
|
Source99: haproxy-rpmlintrc
|
||||||
#
|
#
|
||||||
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
||||||
@ -111,7 +104,6 @@ the most work done from every CPU cycle.
|
|||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%{__make} \
|
%{__make} \
|
||||||
|
Loading…
Reference in New Issue
Block a user