Accepting request 280162 from network:ha-clustering:Factory

1 OBS-URL: https://build.opensuse.org/request/show/280162 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=22
2015-01-08 22:02:32 +00:00 · 2015-01-08 22:02:32 +00:00 · e34dc6d53d
commit e34dc6d53d
parent 087642f75c
6 changed files with 259 additions and 4 deletions
--- a/0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
+++ b/0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
@ -0,0 +1,83 @@
+From 7ccea2642c54f9a07f4fbd29d3b005008cd457a3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Cyril=20Bont=C3=A9?= <cyril.bonte@free.fr>
+Date: Sun, 4 Jan 2015 15:17:36 +0100
+Subject: [PATCH] BUG/MEDIUM: backend: correctly detect the domain when
+ use_domain_only is used
+
+balance hdr(<name>) provides on option 'use_domain_only' to match only the
+domain part in a header (designed for the Host header).
+
+Olivier Fredj reported that the hashes were not the same for
+'subdomain.domain.tld' and 'domain.tld'.
+
+This is because the pointer was rewinded one step to far, resulting in a hash
+calculated against wrong values :
+- '.domai' for 'subdomain.domain.tld'
+- ' domai' for 'domain.tld' (beginning with the space in the header line)
+
+Another special case is when no dot can be found in the header : the hash will
+be calculated against an empty string.
+
+The patch addresses both cases : 'domain' will be used to compute the hash for
+'subdomain.domain.tld', 'domain.tld' and 'domain' (using the whole header value
+for the last case).
+
+The fix must be backported to haproxy 1.5 and 1.4.
+(cherry picked from commit f607d81d09ab839fb1143b749ff231d6093f2038)
+---
+ src/backend.c | 28 ++++++++++++++++------------
+ 1 file changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/src/backend.c b/src/backend.c
+index ada8370..9980cf8 100644
+--- a/src/backend.c
+++ b/src/backend.c
+@@ -408,29 +408,33 @@ struct server *get_server_hh(struct session *s)
+ 		hash = gen_hash(px, p, len);
+ 	} else {
+ 		int dohash = 0;
+-		p += len - 1;
+-		start = end = p;
+		p += len;
+ 		/* special computation, use only main domain name, not tld/host
+ 		 * going back from the end of string, start hashing at first
+ 		 * dot stop at next.
+ 		 * This is designed to work with the 'Host' header, and requires
+ 		 * a special option to activate this.
+ 		 */
+		end = p;
+ 		while (len) {
+-			if (*p == '.') {
+-				if (!dohash) {
+-					dohash = 1;
+-					start = end = p - 1;
+-				}
+-				else
+			if (dohash) {
+				/* Rewind the pointer until the previous char
+				 * is a dot, this will allow to set the start
+				 * position of the domain. */
+				if (*(p - 1) == '.')
+ 					break;
+-			} else {
+-				if (dohash)
+-					start--;
+ 			}
+-			len--;
+			else if (*p == '.') {
+				/* The pointer is rewinded to the dot before the
+				 * tld, we memorize the end of the domain and
+				 * can enter the domain processing. */
+				end = p;
+				dohash = 1;
+			}
+ 			p--;
+			len--;
+ 		}
+		start = p;
+ 		hash = gen_hash(px, start, (end - start));
+ 	}
+ 	if ((px->lbprm.algo & BE_LB_HASH_MOD) == BE_LB_HMOD_AVAL)
+-- 
+2.1.2
+
--- a/haproxy-1.5.10.tar.gz
+++ b/haproxy-1.5.10.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:090264c834477c290f6ad6da558731d50aede0800996742d15e870b9947fe517
+size 1339873
--- a/haproxy-1.5.8-fix-bashisms.patch
+++ b/haproxy-1.5.8-fix-bashisms.patch
@ -0,0 +1,76 @@
+diff -Ndur haproxy-1.5.8/examples/build.cfg haproxy-1.5.8-fix-bashisms/examples/build.cfg
+--- haproxy-1.5.8/examples/build.cfg	2014-10-31 11:06:53.000000000 +0200
+++ haproxy-1.5.8-fix-bashisms/examples/build.cfg	2014-11-17 04:09:42.408078486 +0200
+@@ -5,12 +5,12 @@
+ PATCH_LIST=
+ FILE_LIST=
+ 
+-function do_compile_only {
+do_compile_only() {
+     $FLXMAKE CPU_OPTS="-march=$arch -mcpu=$cpu -Os -mpreferred-stack-boundary=2 -momit-leaf-frame-pointer -malign-jumps=0" \
+ 	     TARGET=linux24
+ }
+ 
+-function do_prepack {
+do_prepack() {
+     mkdir -p $ROOTDIR/sbin/init.d ; cp examples/init.haproxy.flx0 $ROOTDIR/sbin/init.d/haproxy
+     mkdir -p $ROOTDIR/usr/sbin ; cp haproxy $ROOTDIR/usr/sbin
+     mkdir -p $ROOTDIR/usr/share/examples/$PKGRADIX/$PKGRADIX-$PKGVER/etc/haproxy/
+diff -Ndur haproxy-1.5.8/examples/haproxy-1.1.21-flx.1.pkg haproxy-1.5.8-fix-bashisms/examples/haproxy-1.1.21-flx.1.pkg
+--- haproxy-1.5.8/examples/haproxy-1.1.21-flx.1.pkg	2014-10-31 11:06:53.000000000 +0200
+++ haproxy-1.5.8-fix-bashisms/examples/haproxy-1.1.21-flx.1.pkg	2014-11-17 04:09:28.396079434 +0200
+@@ -1,10 +1,10 @@
+ #!/bin/sh
+ 
+-function do_compile {
+do_compile() {
+     $FLXMAKE COPTS="-march=$arch -mcpu=$cpu -Os -mpreferred-stack-boundary=2 -momit-leaf-frame-pointer -malign-jumps=0 -DNETFILTER -DTRANSPARENT"
+ }
+ 
+-function do_prepack {
+do_prepack() {
+     mkdir -p $ROOTDIR/sbin/init.d ; cp init.d/haproxy $ROOTDIR/sbin/init.d
+     mkdir -p $ROOTDIR/usr/sbin ; cp haproxy $ROOTDIR/usr/sbin
+     mkdir -p $ROOTDIR/usr/share/examples/$PKGRADIX/$PKGRADIX-$PKGVER/etc
+diff -Ndur haproxy-1.5.8/examples/haproxy.init haproxy-1.5.8-fix-bashisms/examples/haproxy.init
+--- haproxy-1.5.8/examples/haproxy.init	2014-10-31 11:06:53.000000000 +0200
+++ haproxy-1.5.8-fix-bashisms/examples/haproxy.init	2014-11-17 04:10:05.127076949 +0200
+@@ -116,7 +116,7 @@
+     check
+     ;;
+   *)
+-    echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
+    echo "Usage: $BASENAME {start|stop|restart|reload|condrestart|status|check}"
+     exit 1
+ esac
+  
+diff -Ndur haproxy-1.5.8/examples/init.haproxy haproxy-1.5.8-fix-bashisms/examples/init.haproxy
+--- haproxy-1.5.8/examples/init.haproxy	2014-10-31 11:06:53.000000000 +0200
+++ haproxy-1.5.8-fix-bashisms/examples/init.haproxy	2014-11-17 04:10:58.897073312 +0200
+@@ -19,7 +19,7 @@
+    maintfd=0
+ fi
+ 
+-maxfd=$[$maxconn*2 + $maintfd]
+maxfd=$(($maxconn * 2 + $maintfd))
+ if [ $maxfd -lt 100 ]; then
+    maxfd=100;
+ fi
+@@ -31,7 +31,7 @@
+ # ulimit -c unlimited
+ 
+ # soft stop
+-function do_stop {
+do_stop() {
+    pids=`pidof -o $$ -- $PNAME`
+    if [ ! -z "$pids" ]; then
+       echo "Asking $PNAME to terminate gracefully..."
+@@ -41,7 +41,7 @@
+ }
+ 
+ # dump status
+-function do_status {
+do_status() {
+    pids=`pidof -o $$ -- $PNAME`
+    if [ ! -z "$pids" ]; then
+       echo "Dumping $PNAME status in logs."
--- a/haproxy-1.5.9.tar.gz
+++ b/haproxy-1.5.9.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5f51aa8e20a8a3a11be16bd5f5ef382a5e95526803a89182fe1c15a428564722
-size 1339917
--- a/haproxy.changes
+++ b/haproxy.changes
@ -1,3 +1,93 @@
+-------------------------------------------------------------------
+Tue Jan  6 09:28:16 UTC 2015 - mrueckert@suse.de
+
+- pull fix from usptream:
+  0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
+  BUG/MEDIUM: backend: correctly detect the domain when
+  use_domain_only is used
+
+-------------------------------------------------------------------
+Wed Dec 31 22:17:18 UTC 2014 - mrueckert@suse.de
+
+- update to 1.5.10
+  - DOC: fix a few typos
+  - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407
+    Unauthorized"
+  - BUG/MINOR: parse: refer curproxy instead of proxy
+  - DOC: httplog does not support 'no'
+  - MINOR: map/acl/dumpstats: remove the "Done." message
+  - BUG/MEDIUM: sample: fix random number upper-bound
+  - BUG/MEDIUM: patterns: previous fix was incomplete
+  - BUG/MEDIUM: payload: ensure that a request channel is available
+  - BUG/MINOR: tcp-check: don't condition data polling on check
+    type
+  - BUG/MEDIUM: tcp-check: don't rely on random memory contents
+  - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is
+    an expect
+  - BUG/MINOR: config: fix typo in condition when propagating
+    process binding
+  - BUG/MEDIUM: config: do not propagate processes between stopped
+    processes
+  - BUG/MAJOR: stream-int: properly check the memory allocation
+    return
+  - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
+  - BUG/MEDIUM: compression: correctly report zlib_mem
+- drop patches that we pulled from git before:
+  0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
+  0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
+  0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
+  0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
+  0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
+  0006-DOC-fix-a-few-typos.patch
+  0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
+  0008-DOC-httplog-does-not-support-no.patch
+  0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
+  0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
+  0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
+  0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
+
+-------------------------------------------------------------------
+Sat Dec 20 01:20:07 UTC 2014 - mrueckert@suse.de
+
+- pulled some more fixes from git:
+  0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
+  0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
+  0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
+  0006-DOC-fix-a-few-typos.patch
+  0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
+  0008-DOC-httplog-does-not-support-no.patch
+  0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
+  0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
+  0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
+  0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
+
+  see patch headers for details.
+
+-------------------------------------------------------------------
+Fri Nov 28 18:21:43 UTC 2014 - mrueckert@suse.de
+
+- pulled 2 fixes from git:
+  - 0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
+    Dmitry Sivachenko <trtrmitya@gmail.com> reported that commit
+    315ec42 ("BUG/MEDIUM: pattern: don't load more than once a
+    pattern list.") relies on an uninitialised variable in the
+    stack. While it used to work fine during the tests, if the
+    uninitialized variable is non-null, some patterns may be
+    aggregated if loaded multiple times, resulting in slower
+    processing, which was the original issue it tried to address.
+  - 0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
+    Denys Fedoryshchenko reported a segfault when using certain
+    sample fetch functions in the "tcp-request connection" rulesets
+    despite the warnings. This is because some tests for the
+    existence of the channel were missing.
+
+-------------------------------------------------------------------
+Wed Nov 26 12:29:42 UTC 2014 - ledest@gmail.com
+
+- fix bashisms in example scripts
+- add patches:
+  * haproxy-1.5.8-fix-bashisms.patch
+
 -------------------------------------------------------------------
 Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de

--- a/haproxy.spec
+++ b/haproxy.spec
@ -33,7 +33,7 @@
 %bcond_without  apparmor

 Name:           haproxy
-Version:        1.5.9
+Version:        1.5.10
 Release:        0
 #
 #
@ -60,6 +60,10 @@ Source4:        local.usr.sbin.haproxy.apparmor
 Patch1:         haproxy-1.2.16_config_haproxy_user.patch
 Patch2:         haproxy-makefile_lib.patch
 Patch3:         sec-options.patch
+Patch4:         haproxy-1.5.8-fix-bashisms.patch
+# PATCH-UPSTREAM
+Patch5:         0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
+#
 Source99:       haproxy-rpmlintrc
 #
 Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
@ -92,6 +96,8 @@ the most work done from every CPU cycle.
 %patch1
 %patch2
 %patch3
+%patch4 -p1
+%patch5 -p1

 %build
 %{__make} \