Accepting request 243677 from network:ha-clustering:Factory

1

OBS-URL: https://build.opensuse.org/request/show/243677
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=9

0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch

@@ -0,0 +1,42 @@
+From ad65af7dab9b8d8033fd09d8031cc774a6fbf768 Mon Sep 17 00:00:00 2001
+From: Godbach <nylzhaowei@gmail.com>
+Date: Mon, 28 Jul 2014 17:31:57 +0800
+Subject: [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end
+ of file
+
+If a source file includes proto/server.h twice or more, redefinition errors will
+be triggered for such inline functions as server_throttle_rate(),
+server_is_draining(), srv_adm_set_maint() and so on. Just move #endif directive
+to the end of file to solve this issue.
+
+Signed-off-by: Godbach <nylzhaowei@gmail.com>
+(cherry picked from commit e468d55998e134dac1b18d5d9d075ffd5691c827)
+---
+ include/proto/server.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/proto/server.h b/include/proto/server.h
+index 9893266..71c8b13 100644
+--- a/include/proto/server.h
++++ b/include/proto/server.h
+@@ -54,8 +54,6 @@ static void inline srv_set_sess_last(struct server *s)
+ 	s->counters.last_sess = now.tv_sec;
+ }
+ 
+-#endif /* _PROTO_SERVER_H */
+-
+ /*
+  * Registers the server keyword list <kwl> as a list of valid keywords for next
+  * parsing sessions.
+@@ -200,6 +198,8 @@ static inline void srv_adm_set_ready(struct server *s)
+ 	srv_clr_admin_flag(s, SRV_ADMF_FMAINT);
+ }
+ 
++#endif /* _PROTO_SERVER_H */
++
+ /*
+  * Local variables:
+  *  c-indent-level: 8
+-- 
+1.8.4.5
+

0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch

@@ -1,29 +0,0 @@
-From a124eb6d7838eff2c52cc9bf027594c11e87fae9 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Sat, 12 Jul 2014 17:31:07 +0200
-Subject: [PATCH 1/5] DOC: mention that Squid correctly responds 400 to PPv2
- header
-
-Amos reported that Squid builds 3.5.0.0_20140624 and 3.5.0.0_20140630
-were confirmed to respond correctly here and that any version will do
-the same.
-(cherry picked from commit 9e1382002aa1ba12dcc637870befd077ff887aad)
----
- doc/proxy-protocol.txt | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/doc/proxy-protocol.txt b/doc/proxy-protocol.txt
-index a2dbcea..a3925a4 100644
---- a/doc/proxy-protocol.txt
-+++ b/doc/proxy-protocol.txt
-@@ -692,6 +692,7 @@ presented, even with minimal implementations :
-     - thttpd 2.20c     : 400 Bad Request + abort => pass/optimal
-     - mini-httpd-1.19  : 400 Bad Request + abort => pass/optimal
-     - haproxy 1.4.21   : 400 Bad Request + abort => pass/optimal
-+    - Squid 3          : 400 Bad Request + abort => pass/optimal
-   - SSL :
-     - stud 0.3.47      : connection abort        => pass/optimal
-     - stunnel 4.45     : connection abort        => pass/optimal
--- 
-1.8.4.5
-

0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch

@@ -0,0 +1,42 @@
+From 715e9b892f564e58489f86c125aed2a8994f16e9 Mon Sep 17 00:00:00 2001
+From: Conrad Hoffmann <conrad@soundcloud.com>
+Date: Mon, 28 Jul 2014 23:22:43 +0200
+Subject: [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper.
+
+Searching for the pid file in the list of arguments did not
+take flags without parameters into account, like e.g. -de. Because
+of this, the wrapper would use a different pid file than haproxy
+if such an argument was specified before -p.
+
+The new version can still yield a false positive for some crazy
+situations, like your config file name starting with "-p", but
+I think this is as good as it gets without using getopt or some
+library.
+
+Signed-off-by: Conrad Hoffmann <conrad@soundcloud.com>
+(cherry picked from commit eb2cf45b72a7e14c581276247381dc1ac76be2c0)
+---
+ src/haproxy-systemd-wrapper.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
+index ba07ebe..529b213 100644
+--- a/src/haproxy-systemd-wrapper.c
++++ b/src/haproxy-systemd-wrapper.c
+@@ -130,11 +130,8 @@ static void sigint_handler(int signum __attribute__((unused)))
+ static void init(int argc, char **argv)
+ {
+ 	while (argc > 1) {
+-		if (**argv == '-') {
+-			char *flag = *argv + 1;
+-			--argc; ++argv;
+-			if (*flag == 'p')
+-				pid_file = *argv;
++		if ((*argv)[0] == '-' && (*argv)[1] == 'p') {
++			pid_file = *(argv + 1);
+ 		}
+ 		--argc; ++argv;
+ 	}
+-- 
+1.8.4.5
+

0002-DOC-fix-typo-in-Unix-Socket-commands.patch

@@ -1,29 +0,0 @@
-From de9789b37466c37547d8c5d52d96a9d4466eb431 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
-Date: Sat, 12 Jul 2014 18:22:42 +0200
-Subject: [PATCH 2/5] DOC: fix typo in Unix Socket commands
-
-Konstantin Romanenko reported a typo in the HTML documentation. The typo is
-already present in the raw text version : the "shutdown sessions" command
-should be "shutdown sessions server".
-(cherry picked from commit e63a1eb290a1c407453dbcaa16535c85a1904f9e)
----
- doc/configuration.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/doc/configuration.txt b/doc/configuration.txt
-index ca21f7d..2d71555 100644
---- a/doc/configuration.txt
-+++ b/doc/configuration.txt
-@@ -13869,7 +13869,7 @@ shutdown session <id>
-   endless transfer is ongoing. Such terminated sessions are reported with a 'K'
-   flag in the logs.
- 
--shutdown sessions <backend>/<server>
-+shutdown sessions server <backend>/<server>
-   Immediately terminate all the sessions attached to the specified server. This
-   can be used to terminate long-running sessions after a server is put into
-   maintenance mode, for instance. Such terminated sessions are reported with a
--- 
-1.8.4.5
-

0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch

@@ -0,0 +1,111 @@
+From f94735eb76e634d7531f9c903113f64820c4cec0 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 30 Jul 2014 08:56:35 +0200
+Subject: [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in
+ content track-sc*
+
+As a consequence of various recent changes on the sample conversion,
+a corner case has emerged where it is possible to wait forever for a
+sample in track-sc*.
+
+The issue is caused by the fact that functions relying on sample_process()
+don't all exactly work the same regarding the SMP_F_MAY_CHANGE flag and
+the output result. Here it was possible to wait forever for an output
+sample from stktable_fetch_key() without checking the SMP_OPT_FINAL flag.
+As a result, if the client connects and closes without sending the data
+and haproxy expects a sample which is capable of coming, it will ignore
+this impossible case and will continue to wait.
+
+This change adds control for SMP_OPT_FINAL before waiting for extra data.
+The various relevant functions have been better documented regarding their
+output values.
+
+This fix must be backported to 1.5 since it appeared there.
+(cherry picked from commit 6bcb0a84e7256f00793fa8ec8a0d6c19c3b22935)
+---
+ src/proto_tcp.c   |  4 ++--
+ src/sample.c      | 23 ++++++++++++++++++++++-
+ src/stick_table.c | 11 ++++++++++-
+ 3 files changed, 34 insertions(+), 4 deletions(-)
+
+diff --git a/src/proto_tcp.c b/src/proto_tcp.c
+index 9778856..72dc92b 100644
+--- a/src/proto_tcp.c
++++ b/src/proto_tcp.c
+@@ -1048,8 +1048,8 @@ int tcp_inspect_request(struct session *s, struct channel *req, int an_bit)
+ 				t = rule->act_prm.trk_ctr.table.t;
+ 				key = stktable_fetch_key(t, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial, rule->act_prm.trk_ctr.expr, &smp);
+ 
+-				if (smp.flags & SMP_F_MAY_CHANGE)
+-					goto missing_data;
++				if ((smp.flags & SMP_F_MAY_CHANGE) && !(partial & SMP_OPT_FINAL))
++					goto missing_data; /* key might appear later */
+ 
+ 				if (key && (ts = stktable_get_entry(t, key))) {
+ 					session_track_stkctr(&s->stkctr[tcp_trk_idx(rule->action)], t, ts);
+diff --git a/src/sample.c b/src/sample.c
+index 3a0f3fb..8e62640 100644
+--- a/src/sample.c
++++ b/src/sample.c
+@@ -896,6 +896,18 @@ out_error:
+  * Note: the fetch functions are required to properly set the return type. The
+  * conversion functions must do so too. However the cast functions do not need
+  * to since they're made to cast mutiple types according to what is required.
++ *
++ * The caller may indicate in <opt> if it considers the result final or not.
++ * The caller needs to check the SMP_F_MAY_CHANGE flag in p->flags to verify
++ * if the result is stable or not, according to the following table :
++ *
++ * return MAY_CHANGE FINAL   Meaning for the sample
++ *  NULL      0        *     Not present and will never be (eg: header)
++ *  NULL      1        0     Not present yet, could change (eg: POST param)
++ *  NULL      1        1     Not present yet, will not change anymore
++ *   smp      0        *     Present and will not change (eg: header)
++ *   smp      1        0     Present, may change (eg: request length)
++ *   smp      1        1     Present, last known value (eg: request length)
+  */
+ struct sample *sample_process(struct proxy *px, struct session *l4, void *l7,
+                               unsigned int opt,
+@@ -1153,7 +1165,16 @@ int smp_resolve_args(struct proxy *p)
+  * and <opt> does not contain SMP_OPT_FINAL, then the sample is returned as-is
+  * with its SMP_F_MAY_CHANGE flag so that the caller can check it and decide to
+  * take actions (eg: wait longer). If a sample could not be found or could not
+- * be converted, NULL is returned.
++ * be converted, NULL is returned. The caller MUST NOT use the sample if the
++ * SMP_F_MAY_CHANGE flag is present, as it is used only as a hint that there is
++ * still hope to get it after waiting longer, and is not converted to string.
++ * The possible output combinations are the following :
++ *
++ * return MAY_CHANGE FINAL   Meaning for the sample
++ *  NULL      *        *     Not present and will never be (eg: header)
++ *   smp      0        *     Final value converted (eg: header)
++ *   smp      1        0     Not present yet, may appear later (eg: header)
++ *   smp      1        1     never happens (either flag is cleared on output)
+  */
+ struct sample *sample_fetch_string(struct proxy *px, struct session *l4, void *l7,
+                                    unsigned int opt, struct sample_expr *expr)
+diff --git a/src/stick_table.c b/src/stick_table.c
+index a708d3c..d39b4ff 100644
+--- a/src/stick_table.c
++++ b/src/stick_table.c
+@@ -603,7 +603,16 @@ static sample_to_key_fct sample_to_key[SMP_TYPES][STKTABLE_TYPES] = {
+  * no key could be extracted, or a pointer to the converted result stored in
+  * static_table_key in format <table_type>. If <smp> is not NULL, it will be reset
+  * and its flags will be initialized so that the caller gets a copy of the input
+- * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present).
++ * sample, and knows why it was not accepted (eg: SMP_F_MAY_CHANGE is present
++ * without SMP_OPT_FINAL). The output will be usable like this :
++ *
++ * return MAY_CHANGE FINAL   Meaning for the sample
++ *  NULL      0        *     Not present and will never be (eg: header)
++ *  NULL      1        0     Not present or unstable, could change (eg: req_len)
++ *  NULL      1        1     Not present, will not change anymore
++ *   smp      0        *     Present and will not change (eg: header)
++ *   smp      1        0     not possible
++ *   smp      1        1     Present, last known value (eg: request length)
+  */
+ struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7,
+                                         unsigned int opt, struct sample_expr *expr, struct sample *smp)
+-- 
+1.8.4.5
+

0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch

@@ -1,101 +0,0 @@
-From 60d7aeb6e1450995e721d01f48f60b7db4c44e2b Mon Sep 17 00:00:00 2001
-From: Remi Gacogne <rgacogne[at]aquaray[dot]fr>
-Date: Tue, 15 Jul 2014 11:36:40 +0200
-Subject: [PATCH 3/5] BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
-
-OpenSSL does not free the DH * value returned by the callback specified with SSL_CTX_set_tmp_dh_callback(),
-leading to a memory leak for SSL/TLS connections using Diffie Hellman Ephemeral key exchange.
-This patch fixes the leak by allocating the DH * structs holding the DH parameters once, at configuration time.
-
-Note: this fix must be backported to 1.5.
-(cherry picked from commit 8de5415b85512da871d58d1e9a0a33bd67f3b570)
----
- src/ssl_sock.c | 43 ++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 36 insertions(+), 7 deletions(-)
-
-diff --git a/src/ssl_sock.c b/src/ssl_sock.c
-index 375225d..cf8adc7 100644
---- a/src/ssl_sock.c
-+++ b/src/ssl_sock.c
-@@ -105,6 +105,13 @@ enum {
- int sslconns = 0;
- int totalsslconns = 0;
- 
-+#ifndef OPENSSL_NO_DH
-+static DH *local_dh_1024 = NULL;
-+static DH *local_dh_2048 = NULL;
-+static DH *local_dh_4096 = NULL;
-+static DH *local_dh_8192 = NULL;
-+#endif /* OPENSSL_NO_DH */
-+
- #ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
- struct certificate_ocsp {
- 	struct ebmb_node key;
-@@ -1034,16 +1041,16 @@ static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
- 	}
- 
- 	if (keylen >= 8192) {
--		dh = ssl_get_dh_8192();
-+		dh = local_dh_8192;
- 	}
- 	else if (keylen >= 4096) {
--		dh = ssl_get_dh_4096();
-+		dh = local_dh_4096;
- 	}
- 	else if (keylen >= 2048) {
--		dh = ssl_get_dh_2048();
-+		dh = local_dh_2048;
- 	}
- 	else {
--		dh = ssl_get_dh_1024();
-+		dh = local_dh_1024;
- 	}
- 
- 	return dh;
-@@ -1079,11 +1086,11 @@ int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
- 
- 		if (global.tune.ssl_default_dh_param <= 1024) {
- 			/* we are limited to DH parameter of 1024 bits anyway */
--			dh = ssl_get_dh_1024();
--			if (dh == NULL)
-+			local_dh_1024 = ssl_get_dh_1024();
-+			if (local_dh_1024 == NULL)
- 				goto end;
- 
--			SSL_CTX_set_tmp_dh(ctx, dh);
-+			SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
- 		}
- 		else {
- 			SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
-@@ -1594,6 +1601,28 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
- 		global.tune.ssl_default_dh_param = 1024;
- 	}
- 
-+#ifndef OPENSSL_NO_DH
-+	if (global.tune.ssl_default_dh_param >= 1024) {
-+		if (local_dh_1024 == NULL) {
-+			local_dh_1024 = ssl_get_dh_1024();
-+		}
-+		if (global.tune.ssl_default_dh_param >= 2048) {
-+			if (local_dh_2048 == NULL) {
-+				local_dh_2048 = ssl_get_dh_2048();
-+			}
-+			if (global.tune.ssl_default_dh_param >= 4096) {
-+				if (local_dh_4096 == NULL) {
-+					local_dh_4096 = ssl_get_dh_4096();
-+				}
-+				if (global.tune.ssl_default_dh_param >= 8192 &&
-+				    local_dh_8192 == NULL) {
-+					local_dh_8192 = ssl_get_dh_8192();
-+				}
-+			}
-+		}
-+	}
-+#endif /* OPENSSL_NO_DH */
-+
- 	SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
- 	SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
--- 
-1.8.4.5
-

0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch

@@ -1,35 +0,0 @@
-From 0dff81c6a5876172bc1d4725a7a07fddd9d1f369 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Tue, 15 Jul 2014 21:34:06 +0200
-Subject: [PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
- version of base32
-
-We're using the internal memory representation of base32 here, which is
-wrong since these data might be exported to headers for logs or be used
-to stick to a server and replicated to other peers. Let's convert base32
-to big endian (network representation) when building the binary block.
-
-This mistake is also present in 1.5, it would be better to backport it.
-(cherry picked from commit 5ad6e1dc09f0a85aabf86f154b1817b9ebffb568)
----
- src/proto_http.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/proto_http.c b/src/proto_http.c
-index 94afed7..b7ed85d 100644
---- a/src/proto_http.c
-+++ b/src/proto_http.c
-@@ -10358,8 +10358,8 @@ smp_fetch_base32_src(struct proxy *px, struct session *l4, void *l7, unsigned in
- 		return 0;
- 
- 	temp = get_trash_chunk();
--	memcpy(temp->str + temp->len, &smp->data.uint, sizeof(smp->data.uint));
--	temp->len += sizeof(smp->data.uint);
-+	*(unsigned int *)temp->str = htonl(smp->data.uint);
-+	temp->len += sizeof(unsigned int);
- 
- 	switch (cli_conn->addr.from.ss_family) {
- 	case AF_INET:
--- 
-1.8.4.5
-

0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch

@@ -1,42 +0,0 @@
-From 66dbae025876a65c81ae3c4011e3aa3b630b42f7 Mon Sep 17 00:00:00 2001
-From: Dave McCowan <11235david@gmail.com>
-Date: Thu, 17 Jul 2014 14:34:01 -0400
-Subject: [PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when
- building a proxy v2 header
-
-Use temporary trash chunk, instead of global trash chunk in
-make_proxy_line_v2() to avoid memory overwrite.
-
-This fix must also be backported to 1.5.
-(cherry picked from commit 77d1f0143e210c13ee8ec6aaf6b3150fa4ce6c5b)
----
- src/connection.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/connection.c b/src/connection.c
-index 20a911b..3435b1a 100644
---- a/src/connection.c
-+++ b/src/connection.c
-@@ -622,6 +622,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
- 	char *value = NULL;
- 	struct tlv_ssl *tlv;
- 	int ssl_tlv_len = 0;
-+	struct chunk *cn_trash;
- #endif
- 
- 	if (buf_len < PP2_HEADER_LEN)
-@@ -682,8 +683,9 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
- 				tlv->verify = htonl(ssl_sock_get_verify_result(remote));
- 			}
- 			if (srv->pp_opts & SRV_PP_V2_SSL_CN) {
--				if (ssl_sock_get_remote_common_name(remote, &trash) > 0) {
--					tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, trash.len, trash.str);
-+				cn_trash = get_trash_chunk();
-+				if (ssl_sock_get_remote_common_name(remote, &cn_trash) > 0) {
-+					tlv_len = make_tlv(&buf[ret+ssl_tlv_len], (buf_len - ret - ssl_tlv_len), PP2_TYPE_SSL_CN, cn_trash->len, cn_trash->str);
- 					ssl_tlv_len += tlv_len;
- 				}
- 			}
--- 
-1.8.4.5
-

haproxy-1.5.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f9cc9fcb30e5d998d4690331a0183a6970ca768833cc0ac68ad2a89600403d53
-size 1334897

haproxy-1.5.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0dad3680e0c3592a165781e1cc9b0d5cc88d8eaa8ebf59719c9bd62bb9c1cd9e
+size 1335245

haproxy.changes

@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Wed Jul 30 09:47:38 UTC 2014 - mrueckert@suse.de
+
+- pull important fixes from git:
+  0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
+  0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
+  0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
+  Especially the last patch is important:
+  As a consequence of various recent changes on the sample
+  conversion, a corner case has emerged where it is possible to
+  wait forever for a sample in track-sc*.
+
+-------------------------------------------------------------------
+Mon Jul 28 11:33:14 UTC 2014 - kgronlund@suse.com
+
+- update to 1.5.3
+  - DOC: fix typo in Unix Socket commands
+  - BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
+  - BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
+  - DOC: mention that Squid correctly responds 400 to PPv2 header
+  - BUG/MINOR: http: base32+src should use the big endian version of base32
+  - BUG/MEDIUM: connection: fix proxy v2 header again!
+- Removed backported patches:
+  - 0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
+  - 0002-DOC-fix-typo-in-Unix-Socket-commands.patch
+  - 0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
+  - 0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
+  - 0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
+  - 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch
+
+-------------------------------------------------------------------
+Mon Jul 21 13:45:40 UTC 2014 - mrueckert@suse.de
+
+- added 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch:
+  Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory
+  corruption when building a proxy v2 header") was wrong, using
+  &cn_trash instead of cn_trash resulting in a warning and the
+  client's SSL cert CN not being stored at the proper location.
+
 -------------------------------------------------------------------
 Fri Jul 18 15:01:53 UTC 2014 - mrueckert@suse.de
 

haproxy.spec

@@ -33,7 +33,7 @@
 %bcond_without  apparmor
 
 Name:           haproxy
-Version:        1.5.2
+Version:        1.5.3
 Release:        0
 #
 #
@@ -61,11 +61,9 @@ Patch1:         haproxy-1.2.16_config_haproxy_user.patch
 Patch2:         haproxy-makefile_lib.patch
 Patch3:         sec-options.patch
 Patch4:         haproxy-1.5_check_config_before_start.patch
-Patch5:         0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
-Patch6:         0002-DOC-fix-typo-in-Unix-Socket-commands.patch
-Patch7:         0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
-Patch8:         0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
-Patch9:         0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
+Patch5:         0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
+Patch6:         0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
+Patch7:         0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
 Source99:       haproxy-rpmlintrc
 #
 Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
@@ -102,8 +100,6 @@ the most work done from every CPU cycle.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
-%patch8 -p1
-%patch9 -p1
 
 %build
 %{__make} \