rpm/haproxy
SHA256
1
0
Fork 0
forked from pool/haproxy
Code Pull Requests Activity

Accepting request 305164 from network:ha-clustering:Factory

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/305164
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=28
This commit is contained in:
Dominique Leuenberger 2015-05-04 22:55:48 +00:00 committed by Git OBS Bridge
parent 20b0b77293
commit 4341af3d61
16 changed files with 69 additions and 647 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001-BUG-MINOR-pattern-error-message-missing.patch
View File

@ -1,30 +0,0 @@
From e338a8741983acc9a4501a03ecd593d89e6fade3 Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER <tfournier@exceliance.fr>
Date: Fri, 6 Feb 2015 17:50:55 +0100
Subject: [PATCH 1/9] BUG/MINOR: pattern: error message missing
This patch must be backported in 1.5 version.
(cherry picked from commit 8aa8384e22dd0b66ded00c70a9c6034278b4bb69)
---
src/pattern.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/pattern.c b/src/pattern.c
index 208e33a..a6fc52d 100644
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -989,8 +989,10 @@ int pat_idx_list_ptr(struct pattern_expr *expr, struct pattern *pat, char **err)
/* allocate pattern */
patl = calloc(1, sizeof(*patl));
- if (!patl)
+ if (!patl) {
+ memprintf(err, "out of memory while indexing pattern");
return 0;
+ }
/* duplicate pattern */
memcpy(&patl->pat, pat, sizeof(*pat));
--
2.1.4

38
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
View File

@ -1,38 +0,0 @@
From 623401b983185c1e0f6507e96557de3bc46fd41b Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER <tfournier@exceliance.fr>
Date: Fri, 6 Feb 2015 17:53:54 +0100
Subject: [PATCH 2/9] BUG/MEDIUM: pattern: some entries are not deleted with
case insensitive match
ACL or map entries are not deleted with the command "del acl" or "del map"
if the case insentive flag is set.
This is because the the case insensitive string are stored in a list and the
default delete function associated with string looks in a tree. I add a check
of the case insensitive flag and execute the delete function for lists if it
is set.
This patch must be backported in 1.5 version.
(cherry picked from commit 73bc285be194f443dc7eab9c949e87e1dbe8f70c)
---
src/pattern.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/pattern.c b/src/pattern.c
index a6fc52d..b19ffe2 100644
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -1308,6 +1308,10 @@ void pat_del_tree_str(struct pattern_expr *expr, struct pat_ref_elt *ref)
struct ebmb_node *node, *next_node;
struct pattern_tree *elt;
+ /* If the flag PAT_F_IGNORE_CASE is set, we cannot use trees */
+ if (expr->mflags & PAT_MF_IGNORE_CASE)
+ return pat_del_list_ptr(expr, ref);
+
/* browse each node of the tree. */
for (node = ebmb_first(&expr->pattern_tree), next_node = node ? ebmb_next(node) : NULL;
node;
--
2.1.4

43
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
View File

@ -1,43 +0,0 @@
From bfb8f885955efa1ef90f79595f16a01e30fd0dcf Mon Sep 17 00:00:00 2001
From: Simon Horman <horms@verge.net.au>
Date: Thu, 26 Feb 2015 11:26:17 +0900
Subject: [PATCH 3/9] BUG/MEDIUM: Do not consider an agent check as failed on
L7 error
As failure to connect to the agent check is not sufficient to mark it as
failed it stands to reason that an L7 error shouldn't either.
Without this fix if an L7 error occurs, for example of connectivity to the
agent is lost immediately after establishing a connection to it, then the
agent check will be considered to have failed and thus may end up with zero
health. Once this has occurred if the primary health check also reaches
zero health, which is likely if connectivity to the server is lost, then
the server will be marked as down and not be marked as up again until a
successful agent check occurs regardless of the success of any primary
health checks.
This behaviour is not correct as a failed agent check should never cause a
server to be marked as down or by extension continue to be marked as down.
Signed-off-by: Simon Horman <horms@verge.net.au>
(cherry picked from commit eaabd52e29a29187f9829fe727028a6ca530cbf9)
---
src/checks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/checks.c b/src/checks.c
index b9048da..71debb6 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -246,7 +246,7 @@ static void set_server_check_status(struct check *check, short status, const cha
* cause the server to be marked down.
*/
if ((!(check->state & CHK_ST_AGENT) ||
- (check->status >= HCHK_STATUS_L7TOUT)) &&
+ (check->status >= HCHK_STATUS_L57DATA)) &&
(check->health >= check->rise)) {
s->counters.failed_checks++;
report = 1;
--
2.1.4

33
0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
View File

@ -1,33 +0,0 @@
From fc940eb2bf0bbd7adf5b283f28bcff136501ae7f Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Fri, 13 Mar 2015 16:18:25 +0100
Subject: [PATCH 4/9] BUG/MEDIUM: peers: correctly configure the client timeout
The peers frontend timeout was mistakenly set on timeout.connect instead
of timeout.client, resulting in no timeout being applied to the peers
connections. The impact is just that peers can establish connections and
remain connected until they speak. Once they start speaking, only one of
them will still be accepted, and old sessions will be killed, so the
problem is limited. This fix should however be backported to 1.5 since
it was introduced in 1.5-dev3 with peers.
(cherry picked from commit 9ff95bb18c4cd9ae747fa5b3bef6d3f94e54172f)
---
src/cfgparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cfgparse.c b/src/cfgparse.c
index a91e027..b7613b8 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1834,7 +1834,7 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm)
curpeers->peers_fe->cap = PR_CAP_FE;
curpeers->peers_fe->maxconn = 0;
curpeers->peers_fe->conn_retries = CONN_RETRIES;
- curpeers->peers_fe->timeout.connect = 5000;
+ curpeers->peers_fe->timeout.client = MS_TO_TICKS(5000);
curpeers->peers_fe->accept = peer_accept;
curpeers->peers_fe->options2 |= PR_O2_INDEPSTR | PR_O2_SMARTCON | PR_O2_SMARTACC;
curpeers->peers_fe->conf.args.file = curpeers->peers_fe->conf.file = strdup(file);
--
2.1.4

30
0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
View File

@ -1,30 +0,0 @@
From b92902814f796bb1dc24bab2179000caceb5b151 Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER <tfournier@exceliance.fr>
Date: Tue, 10 Mar 2015 01:55:01 +0100
Subject: [PATCH 5/9] BUG/MEDIUM: buffer: one byte miss in buffer free space
check
Space is not avalaible only if the end of the data inserted
is strictly greater than the end of buffer. If these two value
are equal, the space is avamaible.
(cherry picked from commit fdda6777bffb4f933569c609ba54e24ea5eabf29)
---
src/buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/buffer.c b/src/buffer.c
index 9037dd3..8d2644e 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -46,7 +46,7 @@ int buffer_replace2(struct buffer *b, char *pos, char *end, const char *str, int
delta = len - (end - pos);
- if (bi_end(b) + delta >= b->data + b->size)
+ if (bi_end(b) + delta > b->data + b->size)
return 0; /* no space left */
if (buffer_not_empty(b) &&
--
2.1.4

52
0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
View File

@ -1,52 +0,0 @@
From 8e05ac2044c6523c867ceaaae1f10486370eec89 Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER <tfournier@haproxy.com>
Date: Mon, 16 Mar 2015 11:14:41 +0100
Subject: [PATCH 6/9] BUG/MAJOR: http: don't read past buffer's end in
http_replace_value
The function http_replace_value use bad variable to detect the end
of the input string.
Regression introduced by the patch "MEDIUM: regex: Remove null
terminated strings." (c9c2daf2)
We need to backport this patch int the 1.5 stable branch.
WT: there is no possibility to overwrite existing data as we only read
past the end of the request buffer, to copy into the trash. The copy
is bounded by buffer_replace2(), just like the replacement performed
by exp_replace(). However if a buffer happens to contain non-zero data
up to the next unmapped page boundary, there's a theorical risk of
crashing the process despite this not being reproducible in tests.
The risk is low because "http-request replace-value" did not work due
to this bug so that probably means it's not used yet.
(cherry picked from commit 534101658d6e19aeb598bf7833a8ce167498c4ed)
---
src/proto_http.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index 705f3b4..f53b5e2 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3206,7 +3206,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha
/* look for delim. */
p_delim = p;
- while (p_delim < p + len && *p_delim != delim)
+ while (p_delim < val + len && *p_delim != delim)
p_delim++;
if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) {
@@ -3230,7 +3230,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha
return -1;
/* end of the replacements. */
- if (p_delim >= p + len)
+ if (p_delim >= val + len)
break;
/* Next part. */
--
2.1.4

171
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
View File

@ -1,171 +0,0 @@
From 06170c50ae5cd0fb23510b832826f7e63a5a8894 Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER <tfournier@haproxy.com>
Date: Mon, 16 Mar 2015 23:23:53 +0100
Subject: [PATCH 7/9] BUG/MEDIUM: http: the function "(req|res)-replace-value"
doesn't respect the HTTP syntax
These function used an invalid header parser.
- The trailing white-spaces were embedded in the replacement regex,
- The double-quote (") containing comma (,) were not respected.
This patch replace this parser by the "official" parser http_find_header2().
(cherry picked from commit 191f9efdc58f21af1d9dde3db5ba198d7f1ce22e)
---
src/proto_http.c | 126 +++++++++++++++----------------------------------------
1 file changed, 34 insertions(+), 92 deletions(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index f53b5e2..c49c4f4 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3179,113 +3179,55 @@ static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos)
#endif
}
-/* Returns the number of characters written to destination,
- * -1 on internal error and -2 if no replacement took place.
- */
-static int http_replace_header(struct my_regex *re, char *dst, uint dst_size, char *val, int len,
- const char *rep_str)
-{
- if (!regex_exec_match2(re, val, len, MAX_MATCH, pmatch))
- return -2;
-
- return exp_replace(dst, dst_size, val, rep_str, pmatch);
-}
-
-/* Returns the number of characters written to destination,
- * -1 on internal error and -2 if no replacement took place.
- */
-static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, char *val, int len, char delim,
- const char *rep_str)
-{
- char* p = val;
- char* dst_end = dst + dst_size;
- char* dst_p = dst;
-
- for (;;) {
- char *p_delim;
-
- /* look for delim. */
- p_delim = p;
- while (p_delim < val + len && *p_delim != delim)
- p_delim++;
-
- if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) {
- int replace_n = exp_replace(dst_p, dst_end - dst_p, p, rep_str, pmatch);
-
- if (replace_n < 0)
- return -1;
-
- dst_p += replace_n;
- } else {
- uint len = p_delim - p;
-
- if (dst_p + len >= dst_end)
- return -1;
-
- memcpy(dst_p, p, len);
- dst_p += len;
- }
-
- if (dst_p >= dst_end)
- return -1;
-
- /* end of the replacements. */
- if (p_delim >= val + len)
- break;
-
- /* Next part. */
- *dst_p++ = delim;
- p = p_delim + 1;
- }
-
- return dst_p - dst;
-}
-
static int http_transform_header(struct session* s, struct http_msg *msg, const char* name, uint name_len,
char* buf, struct hdr_idx* idx, struct list *fmt, struct my_regex *re,
struct hdr_ctx* ctx, int action)
{
+ int (*http_find_hdr_func)(const char *name, int len, char *sol,
+ struct hdr_idx *idx, struct hdr_ctx *ctx);
+ struct chunk *replace = get_trash_chunk();
+ struct chunk *output = get_trash_chunk();
+
+ replace->len = build_logline(s, replace->str, replace->size, fmt);
+ if (replace->len >= replace->size - 1)
+ return -1;
+
ctx->idx = 0;
- while (http_find_full_header2(name, name_len, buf, idx, ctx)) {
+ /* Choose the header browsing function. */
+ switch (action) {
+ case HTTP_REQ_ACT_REPLACE_VAL:
+ case HTTP_RES_ACT_REPLACE_VAL:
+ http_find_hdr_func = http_find_header2;
+ break;
+ case HTTP_REQ_ACT_REPLACE_HDR:
+ case HTTP_RES_ACT_REPLACE_HDR:
+ http_find_hdr_func = http_find_full_header2;
+ break;
+ default: /* impossible */
+ return -1;
+ }
+
+ while (http_find_hdr_func(name, name_len, buf, idx, ctx)) {
struct hdr_idx_elem *hdr = idx->v + ctx->idx;
int delta;
- char* val = (char*)ctx->line + ctx->val;
- char* val_end = (char*)ctx->line + hdr->len;
- char* reg_dst_buf;
- uint reg_dst_buf_size;
- int n_replaced;
-
- trash.len = build_logline(s, trash.str, trash.size, fmt);
-
- if (trash.len >= trash.size - 1)
- return -1;
+ char *val = ctx->line + ctx->val;
+ char* val_end = val + ctx->vlen;
- reg_dst_buf = trash.str + trash.len + 1;
- reg_dst_buf_size = trash.size - trash.len - 1;
+ if (!regex_exec_match2(re, val, val_end-val, MAX_MATCH, pmatch))
+ continue;
- switch (action) {
- case HTTP_REQ_ACT_REPLACE_VAL:
- case HTTP_RES_ACT_REPLACE_VAL:
- n_replaced = http_replace_value(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, ',', trash.str);
- break;
- case HTTP_REQ_ACT_REPLACE_HDR:
- case HTTP_RES_ACT_REPLACE_HDR:
- n_replaced = http_replace_header(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, trash.str);
- break;
- default: /* impossible */
+ output->len = exp_replace(output->str, output->size, val, replace->str, pmatch);
+ if (output->len == -1)
return -1;
- }
- switch (n_replaced) {
- case -1: return -1;
- case -2: continue;
- }
-
- delta = buffer_replace2(msg->chn->buf, val, val_end, reg_dst_buf, n_replaced);
+ delta = buffer_replace2(msg->chn->buf, val, val_end, output->str, output->len);
hdr->len += delta;
http_msg_move_end(msg, delta);
+
+ /* Adjust the length of the current value of the index. */
+ ctx->vlen += delta;
}
return 0;
--
2.1.4

43
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
View File

@ -1,43 +0,0 @@
From 9b9531d90dfd8a334958d23394afafd0185bfa21 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sat, 28 Mar 2015 12:20:33 +0100
Subject: [PATCH 8/9] BUG/MINOR: compression: consider the expansion factor in
init
When checking if the buffer is large enough, we used to rely on a fixed
size that was "apparently" enough. We need to consider the expansion
factor of deflate-encoded streams instead, which is of 5 bytes per 32kB.
The previous value was OK till 128kB buffers but became wrong past that.
It's totally harmless since we always keep the reserve when compressiong,
so there's 1kB or so available, which is enough for buffers as large as
6.5 MB, but better fix the check anyway.
This fix could be backported into 1.5 since compression was added there.
(cherry picked from commit 2aee2215c908c6997addcd1714b5b10f73c0703d)
---
src/compression.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/compression.c b/src/compression.c
index 3d6085e..d55f14e 100644
--- a/src/compression.c
+++ b/src/compression.c
@@ -130,9 +130,12 @@ int http_compression_buffer_init(struct session *s, struct buffer *in, struct bu
{
int left;
- /* not enough space */
- if (in->size - buffer_len(in) < 40)
- return -1;
+ /* output stream requires at least 10 bytes for the gzip header, plus
+ * at least 8 bytes for the gzip trailer (crc+len), plus a possible
+ * plus at most 5 bytes per 32kB block and 2 bytes to close the stream.
+ */
+ if (in->size - buffer_len(in) < 20 + 5 * ((in->i + 32767) >> 15))
+ return -1;
/* We start by copying the current buffer's pending outgoing data into
* a new temporary buffer that we initialize with a new empty chunk.
--
2.1.4

70
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
View File

@ -1,70 +0,0 @@
From 2943734024525d4b9aeec13cca2c1d230c358ee5 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 1 Apr 2015 19:16:09 +0200
Subject: [PATCH 9/9] BUG/MEDIUM: http: hdr_cnt would not count any header when
called without name
It's documented that these sample fetch functions should count all headers
and/or all values when called with no name but in practice it's not what is
being done as a missing name causes an immediate return and an absence of
result.
This bug is present in 1.5 as well and must be backported.
(cherry picked from commit 601a4d1741100d7a861b6d9b66561335c9911277)
---
src/proto_http.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/src/proto_http.c b/src/proto_http.c
index c49c4f4..ccd52ad 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -10014,15 +10014,19 @@ smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int
struct hdr_ctx ctx;
const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
int cnt;
+ const char *name = NULL;
+ int len = 0;
- if (!args || args->type != ARGT_STR)
- return 0;
+ if (args && args->type == ARGT_STR) {
+ name = args->data.str.str;
+ len = args->data.str.len;
+ }
CHECK_HTTP_MESSAGE_FIRST();
ctx.idx = 0;
cnt = 0;
- while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
+ while (http_find_full_header2(name, len, msg->chn->buf->p, idx, &ctx))
cnt++;
smp->type = SMP_T_UINT;
@@ -10101,15 +10105,19 @@ smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int o
struct hdr_ctx ctx;
const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
int cnt;
+ const char *name = NULL;
+ int len = 0;
- if (!args || args->type != ARGT_STR)
- return 0;
+ if (args && args->type == ARGT_STR) {
+ name = args->data.str.str;
+ len = args->data.str.len;
+ }
CHECK_HTTP_MESSAGE_FIRST();
ctx.idx = 0;
cnt = 0;
- while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx))
+ while (http_find_header2(name, len, msg->chn->buf->p, idx, &ctx))
cnt++;
smp->type = SMP_T_UINT;
--
2.1.4

28
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
View File

@ -1,28 +0,0 @@
From 37dc94cde496e83e00af0580c1a7bfb06e98aafe Mon Sep 17 00:00:00 2001
From: Alexander Rigbo <alexander.rigbo@blocket.se>
Date: Tue, 7 Apr 2015 14:02:16 +0200
Subject: [PATCH 10/12] BUG/MINOR: ssl: Display correct filename in error
message
This patch should be backported to 1.5.
(cherry picked from commit fc65af0c6180d1682f6bf76cf804cd003541b3e9)
---
src/ssl_sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2614dd6..d0f4d01 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1569,7 +1569,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
if (!store || !X509_STORE_load_locations(store, bind_conf->crl_file, NULL)) {
Alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
- curproxy->id, bind_conf->ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
+ curproxy->id, bind_conf->crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
cfgerr++;
}
else {
--
2.1.4

49
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
View File

@ -1,49 +0,0 @@
From 06f823d50473c3dc31732b38c81a6010587f01a4 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 14 Apr 2015 12:07:16 +0200
Subject: [PATCH 11/12] BUG/MEDIUM: listener: don't report an error when
resuming unbound listeners
Pavlos Parissis reported that a sequence of disable/enable on a frontend
performed on the CLI can result in an error if the frontend has several
"bind" lines each bound to different processes. This is because the
resume_listener() function returns a failure for frontends not part of
the current process instead of returning a success to pretend there was
no failure.
This fix should be backported to 1.5.
(cherry picked from commit af2fd584f32ec72b3d6d27a915f15df8041b56e7)
---
src/listener.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/listener.c b/src/listener.c
index 11df69f..21eba52 100644
--- a/src/listener.c
+++ b/src/listener.c
@@ -120,9 +120,10 @@ int pause_listener(struct listener *l)
* may replace enable_listener(). The resulting state will either be LI_READY
* or LI_FULL. 0 is returned in case of failure to resume (eg: dead socket).
* Listeners bound to a different process are not woken up unless we're in
- * foreground mode. If the listener was only in the assigned state, it's totally
- * rebound. This can happen if a pause() has completely stopped it. If the
- * resume fails, 0 is returned and an error might be displayed.
+ * foreground mode, and are ignored. If the listener was only in the assigned
+ * state, it's totally rebound. This can happen if a pause() has completely
+ * stopped it. If the resume fails, 0 is returned and an error might be
+ * displayed.
*/
int resume_listener(struct listener *l)
{
@@ -146,7 +147,7 @@ int resume_listener(struct listener *l)
if ((global.mode & (MODE_DAEMON | MODE_SYSTEMD)) &&
l->bind_conf->bind_proc &&
!(l->bind_conf->bind_proc & (1UL << (relative_pid - 1))))
- return 0;
+ return 1;
if (l->proto->sock_prot == IPPROTO_TCP &&
l->state == LI_PAUSED &&
--
2.1.4

32
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
View File

@ -1,32 +0,0 @@
From b34c00cd92deec0db473ffcf2c1da093c9337870 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 20 Apr 2015 11:36:57 +0200
Subject: [PATCH 12/12] BUG/MEDIUM: init: don't limit cpu-map to the first 32
processes only
We have to allow 32 or 64 processes depending on the machine's word
size, and on 64-bit machines only the first 32 processes were properly
bound.
This fix should be backported to 1.5.
(cherry picked from commit e759749b50417895632c4e4481434f947176f28c)
---
src/haproxy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/haproxy.c b/src/haproxy.c
index 7ec596c..0dddd53 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1579,7 +1579,7 @@ int main(int argc, char **argv)
#ifdef USE_CPU_AFFINITY
if (proc < global.nbproc && /* child */
- proc < 32 && /* only the first 32 processes may be pinned */
+ proc < LONGBITS && /* only the first 32/64 processes may be pinned */
global.cpu_map[proc]) /* only do this if the process has a CPU map */
sched_setaffinity(0, sizeof(unsigned long), (void *)&global.cpu_map[proc]);
#endif
--
2.1.4

3
haproxy-1.5.11.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8b5aa462988405f09c8a6169294b202d7f524a5450a02dd92e7c216680f793bf
size 1340429

3
haproxy-1.5.12.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6648dd7d6b958d83dd7101eab5792178212a66c884bec0ebcd8abc39df83bb78
size 1344813

65
haproxy.changes
View File

@ -1,3 +1,68 @@
-------------------------------------------------------------------
Sat May 2 22:17:57 UTC 2015 - mrueckert@suse.de
- update to 1.5.12
- BUG/MINOR: ssl: Display correct filename in error message
- DOC: Fix L4TOUT typo in documentation
- BUG/MEDIUM: Do not consider an agent check as failed on L7
error
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case
insensitive match
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- BUG/MAJOR: http: don't read past buffer's end in
http_replace_value
- BUG/MEDIUM: http: the function "(req|res)-replace-value"
doesn't respect the HTTP syntax
- BUG/MEDIUM: peers: correctly configure the client timeout
- BUG/MINOR: compression: consider the expansion factor in init
- BUG/MEDIUM: http: hdr_cnt would not count any header when
called without name
- BUG/MEDIUM: listener: don't report an error when resuming
unbound listeners
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes
only
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is
nullified
- BUG/MEDIUM: http: remove content-length from chunked messages
- DOC: http: update the comments about the rules for determining
transfer-length
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding
to HTTP/1.1
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a
bad request
- BUG/MEDIUM: http: remove content-length form responses with bad
transfer-encoding
- MEDIUM: http: restrict the HTTP version token to 1 digit as per
RFC7230
- MEDIUM: http: add option-ignore-probes to get rid of the floods
of 408
- BUG/MINOR: config: clear proxy->table.peers.p for disabled
proxies
- MINOR: stick-table: don't attach to peers in stopped state
- MEDIUM: config: initialize stick-tables after peers, not before
- MEDIUM: peers: add the ability to disable a peers section
- DOC: document option http-ignore-probes
- DOC: fix the comments about the meaning of msg->sol in HTTP
- BUG/MEDIUM: http: wait for the exact amount of body bytes in
wait_for_request_body
- BUG/MAJOR: http: prevent risk of reading past end with balance
url_param
- DOC: update the doc on the proxy protocol
- remove patches that we pulled from the 1.5 tree
0001-BUG-MINOR-pattern-error-message-missing.patch
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
-------------------------------------------------------------------
Mon Apr 20 10:52:12 UTC 2015 - mrueckert@suse.de

26
haproxy.spec
View File

@ -33,7 +33,7 @@
%bcond_without apparmor
Name: haproxy
Version: 1.5.11
Version: 1.5.12
Release: 0
#
#
@ -61,18 +61,6 @@ Patch1: haproxy-1.2.16_config_haproxy_user.patch
Patch2: haproxy-makefile_lib.patch
Patch3: sec-options.patch
Patch4: haproxy-1.5.8-fix-bashisms.patch
Patch5: 0001-BUG-MINOR-pattern-error-message-missing.patch
Patch6: 0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
Patch7: 0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
Patch8: 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
Patch9: 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
Patch10: 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
Patch11: 0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
Patch12: 0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
Patch13: 0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
Patch14: 0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
Patch15: 0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
Patch16: 0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
#
Source99: haproxy-rpmlintrc
#
@ -107,18 +95,6 @@ the most work done from every CPU cycle.
%patch2
%patch3
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%build
%{__make} \