From 7e05bbad575ee25bd9dcf23c013dc4f80051b4f6cbc4d277bf139cd90addef4b Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 7 Apr 2015 07:29:14 +0000 Subject: [PATCH] Accepting request 294149 from network:ha-clustering:Factory 1 OBS-URL: https://build.opensuse.org/request/show/294149 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=26 --- ...-MINOR-pattern-error-message-missing.patch | 2 +- ...rn-some-entries-are-not-deleted-with.patch | 2 +- ...t-consider-an-agent-check-as-failed-.patch | 6 +- ...-correctly-configure-the-client-time.patch | 33 ++++ ...r-one-byte-miss-in-buffer-free-space.patch | 30 +++ ...on-t-read-past-buffer-s-end-in-http_.patch | 52 ++++++ ...the-function-req-res-replace-value-d.patch | 171 ++++++++++++++++++ ...ssion-consider-the-expansion-factor-.patch | 43 +++++ ...hdr_cnt-would-not-count-any-header-w.patch | 70 +++++++ haproxy.changes | 19 ++ haproxy.spec | 12 ++ 11 files changed, 435 insertions(+), 5 deletions(-) create mode 100644 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch create mode 100644 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch create mode 100644 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch create mode 100644 0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch create mode 100644 0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch create mode 100644 0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch diff --git a/0001-BUG-MINOR-pattern-error-message-missing.patch b/0001-BUG-MINOR-pattern-error-message-missing.patch index 4c3209c..bd3dce6 100644 --- a/0001-BUG-MINOR-pattern-error-message-missing.patch +++ b/0001-BUG-MINOR-pattern-error-message-missing.patch @@ -1,7 +1,7 @@ From e338a8741983acc9a4501a03ecd593d89e6fade3 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER Date: Fri, 6 Feb 2015 17:50:55 +0100 -Subject: [PATCH 1/3] BUG/MINOR: pattern: error message missing +Subject: [PATCH 1/9] BUG/MINOR: pattern: error message missing This patch must be backported in 1.5 version. (cherry picked from commit 8aa8384e22dd0b66ded00c70a9c6034278b4bb69) diff --git a/0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch b/0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch index ab8703c..b85a8b6 100644 --- a/0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch +++ b/0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch @@ -1,7 +1,7 @@ From 623401b983185c1e0f6507e96557de3bc46fd41b Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER Date: Fri, 6 Feb 2015 17:53:54 +0100 -Subject: [PATCH 2/3] BUG/MEDIUM: pattern: some entries are not deleted with +Subject: [PATCH 2/9] BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match ACL or map entries are not deleted with the command "del acl" or "del map" diff --git a/0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch b/0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch index 814196a..78040da 100644 --- a/0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch +++ b/0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch @@ -1,8 +1,8 @@ From bfb8f885955efa1ef90f79595f16a01e30fd0dcf Mon Sep 17 00:00:00 2001 From: Simon Horman Date: Thu, 26 Feb 2015 11:26:17 +0900 -Subject: [PATCH] BUG/MEDIUM: Do not consider an agent check as failed on L7 - error +Subject: [PATCH 3/9] BUG/MEDIUM: Do not consider an agent check as failed on + L7 error As failure to connect to the agent check is not sufficient to mark it as failed it stands to reason that an L7 error shouldn't either. @@ -39,5 +39,5 @@ index b9048da..71debb6 100644 s->counters.failed_checks++; report = 1; -- -2.3.0 +2.1.4 diff --git a/0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch b/0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch new file mode 100644 index 0000000..dfb6b06 --- /dev/null +++ b/0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch @@ -0,0 +1,33 @@ +From fc940eb2bf0bbd7adf5b283f28bcff136501ae7f Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Fri, 13 Mar 2015 16:18:25 +0100 +Subject: [PATCH 4/9] BUG/MEDIUM: peers: correctly configure the client timeout + +The peers frontend timeout was mistakenly set on timeout.connect instead +of timeout.client, resulting in no timeout being applied to the peers +connections. The impact is just that peers can establish connections and +remain connected until they speak. Once they start speaking, only one of +them will still be accepted, and old sessions will be killed, so the +problem is limited. This fix should however be backported to 1.5 since +it was introduced in 1.5-dev3 with peers. +(cherry picked from commit 9ff95bb18c4cd9ae747fa5b3bef6d3f94e54172f) +--- + src/cfgparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cfgparse.c b/src/cfgparse.c +index a91e027..b7613b8 100644 +--- a/src/cfgparse.c ++++ b/src/cfgparse.c +@@ -1834,7 +1834,7 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm) + curpeers->peers_fe->cap = PR_CAP_FE; + curpeers->peers_fe->maxconn = 0; + curpeers->peers_fe->conn_retries = CONN_RETRIES; +- curpeers->peers_fe->timeout.connect = 5000; ++ curpeers->peers_fe->timeout.client = MS_TO_TICKS(5000); + curpeers->peers_fe->accept = peer_accept; + curpeers->peers_fe->options2 |= PR_O2_INDEPSTR | PR_O2_SMARTCON | PR_O2_SMARTACC; + curpeers->peers_fe->conf.args.file = curpeers->peers_fe->conf.file = strdup(file); +-- +2.1.4 + diff --git a/0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch b/0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch new file mode 100644 index 0000000..07f1c59 --- /dev/null +++ b/0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch @@ -0,0 +1,30 @@ +From b92902814f796bb1dc24bab2179000caceb5b151 Mon Sep 17 00:00:00 2001 +From: Thierry FOURNIER +Date: Tue, 10 Mar 2015 01:55:01 +0100 +Subject: [PATCH 5/9] BUG/MEDIUM: buffer: one byte miss in buffer free space + check + +Space is not avalaible only if the end of the data inserted +is strictly greater than the end of buffer. If these two value +are equal, the space is avamaible. +(cherry picked from commit fdda6777bffb4f933569c609ba54e24ea5eabf29) +--- + src/buffer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/buffer.c b/src/buffer.c +index 9037dd3..8d2644e 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -46,7 +46,7 @@ int buffer_replace2(struct buffer *b, char *pos, char *end, const char *str, int + + delta = len - (end - pos); + +- if (bi_end(b) + delta >= b->data + b->size) ++ if (bi_end(b) + delta > b->data + b->size) + return 0; /* no space left */ + + if (buffer_not_empty(b) && +-- +2.1.4 + diff --git a/0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch b/0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch new file mode 100644 index 0000000..8f894be --- /dev/null +++ b/0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch @@ -0,0 +1,52 @@ +From 8e05ac2044c6523c867ceaaae1f10486370eec89 Mon Sep 17 00:00:00 2001 +From: Thierry FOURNIER +Date: Mon, 16 Mar 2015 11:14:41 +0100 +Subject: [PATCH 6/9] BUG/MAJOR: http: don't read past buffer's end in + http_replace_value + +The function http_replace_value use bad variable to detect the end +of the input string. + +Regression introduced by the patch "MEDIUM: regex: Remove null +terminated strings." (c9c2daf2) + +We need to backport this patch int the 1.5 stable branch. + +WT: there is no possibility to overwrite existing data as we only read + past the end of the request buffer, to copy into the trash. The copy + is bounded by buffer_replace2(), just like the replacement performed + by exp_replace(). However if a buffer happens to contain non-zero data + up to the next unmapped page boundary, there's a theorical risk of + crashing the process despite this not being reproducible in tests. + The risk is low because "http-request replace-value" did not work due + to this bug so that probably means it's not used yet. +(cherry picked from commit 534101658d6e19aeb598bf7833a8ce167498c4ed) +--- + src/proto_http.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/proto_http.c b/src/proto_http.c +index 705f3b4..f53b5e2 100644 +--- a/src/proto_http.c ++++ b/src/proto_http.c +@@ -3206,7 +3206,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha + + /* look for delim. */ + p_delim = p; +- while (p_delim < p + len && *p_delim != delim) ++ while (p_delim < val + len && *p_delim != delim) + p_delim++; + + if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) { +@@ -3230,7 +3230,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha + return -1; + + /* end of the replacements. */ +- if (p_delim >= p + len) ++ if (p_delim >= val + len) + break; + + /* Next part. */ +-- +2.1.4 + diff --git a/0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch b/0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch new file mode 100644 index 0000000..5cdc1e5 --- /dev/null +++ b/0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch @@ -0,0 +1,171 @@ +From 06170c50ae5cd0fb23510b832826f7e63a5a8894 Mon Sep 17 00:00:00 2001 +From: Thierry FOURNIER +Date: Mon, 16 Mar 2015 23:23:53 +0100 +Subject: [PATCH 7/9] BUG/MEDIUM: http: the function "(req|res)-replace-value" + doesn't respect the HTTP syntax + +These function used an invalid header parser. + - The trailing white-spaces were embedded in the replacement regex, + - The double-quote (") containing comma (,) were not respected. + +This patch replace this parser by the "official" parser http_find_header2(). +(cherry picked from commit 191f9efdc58f21af1d9dde3db5ba198d7f1ce22e) +--- + src/proto_http.c | 126 +++++++++++++++---------------------------------------- + 1 file changed, 34 insertions(+), 92 deletions(-) + +diff --git a/src/proto_http.c b/src/proto_http.c +index f53b5e2..c49c4f4 100644 +--- a/src/proto_http.c ++++ b/src/proto_http.c +@@ -3179,113 +3179,55 @@ static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos) + #endif + } + +-/* Returns the number of characters written to destination, +- * -1 on internal error and -2 if no replacement took place. +- */ +-static int http_replace_header(struct my_regex *re, char *dst, uint dst_size, char *val, int len, +- const char *rep_str) +-{ +- if (!regex_exec_match2(re, val, len, MAX_MATCH, pmatch)) +- return -2; +- +- return exp_replace(dst, dst_size, val, rep_str, pmatch); +-} +- +-/* Returns the number of characters written to destination, +- * -1 on internal error and -2 if no replacement took place. +- */ +-static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, char *val, int len, char delim, +- const char *rep_str) +-{ +- char* p = val; +- char* dst_end = dst + dst_size; +- char* dst_p = dst; +- +- for (;;) { +- char *p_delim; +- +- /* look for delim. */ +- p_delim = p; +- while (p_delim < val + len && *p_delim != delim) +- p_delim++; +- +- if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) { +- int replace_n = exp_replace(dst_p, dst_end - dst_p, p, rep_str, pmatch); +- +- if (replace_n < 0) +- return -1; +- +- dst_p += replace_n; +- } else { +- uint len = p_delim - p; +- +- if (dst_p + len >= dst_end) +- return -1; +- +- memcpy(dst_p, p, len); +- dst_p += len; +- } +- +- if (dst_p >= dst_end) +- return -1; +- +- /* end of the replacements. */ +- if (p_delim >= val + len) +- break; +- +- /* Next part. */ +- *dst_p++ = delim; +- p = p_delim + 1; +- } +- +- return dst_p - dst; +-} +- + static int http_transform_header(struct session* s, struct http_msg *msg, const char* name, uint name_len, + char* buf, struct hdr_idx* idx, struct list *fmt, struct my_regex *re, + struct hdr_ctx* ctx, int action) + { ++ int (*http_find_hdr_func)(const char *name, int len, char *sol, ++ struct hdr_idx *idx, struct hdr_ctx *ctx); ++ struct chunk *replace = get_trash_chunk(); ++ struct chunk *output = get_trash_chunk(); ++ ++ replace->len = build_logline(s, replace->str, replace->size, fmt); ++ if (replace->len >= replace->size - 1) ++ return -1; ++ + ctx->idx = 0; + +- while (http_find_full_header2(name, name_len, buf, idx, ctx)) { ++ /* Choose the header browsing function. */ ++ switch (action) { ++ case HTTP_REQ_ACT_REPLACE_VAL: ++ case HTTP_RES_ACT_REPLACE_VAL: ++ http_find_hdr_func = http_find_header2; ++ break; ++ case HTTP_REQ_ACT_REPLACE_HDR: ++ case HTTP_RES_ACT_REPLACE_HDR: ++ http_find_hdr_func = http_find_full_header2; ++ break; ++ default: /* impossible */ ++ return -1; ++ } ++ ++ while (http_find_hdr_func(name, name_len, buf, idx, ctx)) { + struct hdr_idx_elem *hdr = idx->v + ctx->idx; + int delta; +- char* val = (char*)ctx->line + ctx->val; +- char* val_end = (char*)ctx->line + hdr->len; +- char* reg_dst_buf; +- uint reg_dst_buf_size; +- int n_replaced; +- +- trash.len = build_logline(s, trash.str, trash.size, fmt); +- +- if (trash.len >= trash.size - 1) +- return -1; ++ char *val = ctx->line + ctx->val; ++ char* val_end = val + ctx->vlen; + +- reg_dst_buf = trash.str + trash.len + 1; +- reg_dst_buf_size = trash.size - trash.len - 1; ++ if (!regex_exec_match2(re, val, val_end-val, MAX_MATCH, pmatch)) ++ continue; + +- switch (action) { +- case HTTP_REQ_ACT_REPLACE_VAL: +- case HTTP_RES_ACT_REPLACE_VAL: +- n_replaced = http_replace_value(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, ',', trash.str); +- break; +- case HTTP_REQ_ACT_REPLACE_HDR: +- case HTTP_RES_ACT_REPLACE_HDR: +- n_replaced = http_replace_header(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, trash.str); +- break; +- default: /* impossible */ ++ output->len = exp_replace(output->str, output->size, val, replace->str, pmatch); ++ if (output->len == -1) + return -1; +- } + +- switch (n_replaced) { +- case -1: return -1; +- case -2: continue; +- } +- +- delta = buffer_replace2(msg->chn->buf, val, val_end, reg_dst_buf, n_replaced); ++ delta = buffer_replace2(msg->chn->buf, val, val_end, output->str, output->len); + + hdr->len += delta; + http_msg_move_end(msg, delta); ++ ++ /* Adjust the length of the current value of the index. */ ++ ctx->vlen += delta; + } + + return 0; +-- +2.1.4 + diff --git a/0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch b/0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch new file mode 100644 index 0000000..54542b7 --- /dev/null +++ b/0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch @@ -0,0 +1,43 @@ +From 9b9531d90dfd8a334958d23394afafd0185bfa21 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Sat, 28 Mar 2015 12:20:33 +0100 +Subject: [PATCH 8/9] BUG/MINOR: compression: consider the expansion factor in + init + +When checking if the buffer is large enough, we used to rely on a fixed +size that was "apparently" enough. We need to consider the expansion +factor of deflate-encoded streams instead, which is of 5 bytes per 32kB. +The previous value was OK till 128kB buffers but became wrong past that. +It's totally harmless since we always keep the reserve when compressiong, +so there's 1kB or so available, which is enough for buffers as large as +6.5 MB, but better fix the check anyway. + +This fix could be backported into 1.5 since compression was added there. +(cherry picked from commit 2aee2215c908c6997addcd1714b5b10f73c0703d) +--- + src/compression.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/compression.c b/src/compression.c +index 3d6085e..d55f14e 100644 +--- a/src/compression.c ++++ b/src/compression.c +@@ -130,9 +130,12 @@ int http_compression_buffer_init(struct session *s, struct buffer *in, struct bu + { + int left; + +- /* not enough space */ +- if (in->size - buffer_len(in) < 40) +- return -1; ++ /* output stream requires at least 10 bytes for the gzip header, plus ++ * at least 8 bytes for the gzip trailer (crc+len), plus a possible ++ * plus at most 5 bytes per 32kB block and 2 bytes to close the stream. ++ */ ++ if (in->size - buffer_len(in) < 20 + 5 * ((in->i + 32767) >> 15)) ++ return -1; + + /* We start by copying the current buffer's pending outgoing data into + * a new temporary buffer that we initialize with a new empty chunk. +-- +2.1.4 + diff --git a/0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch b/0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch new file mode 100644 index 0000000..4fe75b6 --- /dev/null +++ b/0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch @@ -0,0 +1,70 @@ +From 2943734024525d4b9aeec13cca2c1d230c358ee5 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Wed, 1 Apr 2015 19:16:09 +0200 +Subject: [PATCH 9/9] BUG/MEDIUM: http: hdr_cnt would not count any header when + called without name + +It's documented that these sample fetch functions should count all headers +and/or all values when called with no name but in practice it's not what is +being done as a missing name causes an immediate return and an absence of +result. + +This bug is present in 1.5 as well and must be backported. +(cherry picked from commit 601a4d1741100d7a861b6d9b66561335c9911277) +--- + src/proto_http.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/src/proto_http.c b/src/proto_http.c +index c49c4f4..ccd52ad 100644 +--- a/src/proto_http.c ++++ b/src/proto_http.c +@@ -10014,15 +10014,19 @@ smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int + struct hdr_ctx ctx; + const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; + int cnt; ++ const char *name = NULL; ++ int len = 0; + +- if (!args || args->type != ARGT_STR) +- return 0; ++ if (args && args->type == ARGT_STR) { ++ name = args->data.str.str; ++ len = args->data.str.len; ++ } + + CHECK_HTTP_MESSAGE_FIRST(); + + ctx.idx = 0; + cnt = 0; +- while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx)) ++ while (http_find_full_header2(name, len, msg->chn->buf->p, idx, &ctx)) + cnt++; + + smp->type = SMP_T_UINT; +@@ -10101,15 +10105,19 @@ smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int o + struct hdr_ctx ctx; + const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; + int cnt; ++ const char *name = NULL; ++ int len = 0; + +- if (!args || args->type != ARGT_STR) +- return 0; ++ if (args && args->type == ARGT_STR) { ++ name = args->data.str.str; ++ len = args->data.str.len; ++ } + + CHECK_HTTP_MESSAGE_FIRST(); + + ctx.idx = 0; + cnt = 0; +- while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx)) ++ while (http_find_header2(name, len, msg->chn->buf->p, idx, &ctx)) + cnt++; + + smp->type = SMP_T_UINT; +-- +2.1.4 + diff --git a/haproxy.changes b/haproxy.changes index 72a4ad5..995ed3c 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Thu Apr 2 10:54:29 UTC 2015 - mrueckert@suse.de + +- pull 3 patches from upstream: + 0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch + 0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch + 0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch + +------------------------------------------------------------------- +Mon Mar 16 15:00:13 UTC 2015 - kgronlund@suse.com + +- pull 3 patches from upstream: + - BUG/MEDIUM: peers: correctly configure the client timeout + - BUG/MEDIUM: buffer: one byte miss in buffer free space check + - BUG/MAJOR: http: don't read past buffer's end in http_replace_value +- Add 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch +- Add 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch +- Add 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch + ------------------------------------------------------------------- Thu Mar 5 22:10:56 UTC 2015 - mrueckert@suse.de diff --git a/haproxy.spec b/haproxy.spec index d3c7cce..7b383bc 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -64,6 +64,12 @@ Patch4: haproxy-1.5.8-fix-bashisms.patch Patch5: 0001-BUG-MINOR-pattern-error-message-missing.patch Patch6: 0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch Patch7: 0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch +Patch8: 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch +Patch9: 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch +Patch10: 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch +Patch11: 0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch +Patch12: 0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch +Patch13: 0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch # Source99: haproxy-rpmlintrc # @@ -101,6 +107,12 @@ the most work done from every CPU cycle. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 %build %{__make} \