kissbac
/
packages
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

haproxy: fixes for upstream version 1.5.14 

 - [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in
 - [PATCH 2/4] DOC: usesrc root privileges requirements
 - [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3.
 - [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works

Signed-off-by: heil <heil@terminal-consulting.de>
heil 9 years ago
parent
da89247736
commit
904a8b70d1
5 changed files with 169 additions and 1 deletions
Split View Show Diff Stats
  1. 1
    1
      net/haproxy/Makefile
  2. 64
    0
      net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
  3. 27
    0
      net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch
  4. 51
    0
      net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
  5. 26
    0
      net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch

+ 1
- 1
net/haproxy/Makefile View File 

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
10 10
11 11 
 PKG_NAME:=haproxy
12 12 
 PKG_VERSION:=1.5.14
13 
-PKG_RELEASE:=00
13 
+PKG_RELEASE:=04
14 14 
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
15 15 
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
16 16 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)

+ 64
- 0
net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch View File 

@@ -0,0 +1,64 @@
1 
+From df0a5960987b3cb663dcfa93d29c21acc13cd3e3 Mon Sep 17 00:00:00 2001
2 
+From: Willy Tarreau <w@1wt.eu>
3 
+Date: Thu, 9 Jul 2015 11:20:00 +0200
4 
+Subject: [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in
5 
+ fmt_directives()
6 
+
7 
+ARGC_CAP was not added to fmt_directives() which is used to format
8 
+error messages when failing to parse log format expressions. The
9 
+whole switch/case has been reorganized to match the declaration
10 
+order making it easier to spot missing values. The default is not
11 
+the "log" directive anymore but "undefined" asking to report the
12 
+bug.
13 
+
14 
+Backport to 1.5 is not strictly needed but is desirable at least
15 
+for code sanity.
16 
+(cherry picked from commit 53e1a6d31743b1bef6063ff30b812521391ae3c3)
17 
+---
18 
+ src/log.c | 24 ++++++++++++++----------
19 
+ 1 file changed, 14 insertions(+), 10 deletions(-)
20 
+
21 
+diff --git a/src/log.c b/src/log.c
22 
+index 1a5ad25..f0a3072 100644
23 
+--- a/src/log.c
24 
++++ b/src/log.c
25 
+@@ -167,22 +167,26 @@ struct logformat_var_args var_args_list[] = {
26 
+ static inline const char *fmt_directive(const struct proxy *curproxy)
27 
+ {
28 
+ 	switch (curproxy->conf.args.ctx) {
29 
+-	case ARGC_UIF:
30 
+-		return "unique-id-format";
31 
++	case ARGC_ACL:
32 
++		return "acl";
33 
++	case ARGC_STK:
34 
++		return "stick";
35 
++	case ARGC_TRK:
36 
++		return "track-sc";
37 
++	case ARGC_LOG:
38 
++		return "log-format";
39 
+ 	case ARGC_HRQ:
40 
+ 		return "http-request";
41 
+ 	case ARGC_HRS:
42 
+ 		return "http-response";
43 
+-	case ARGC_STK:
44 
+-		return "stick";
45 
+-	case ARGC_TRK:
46 
+-		return "track-sc"; break;
47 
++	case ARGC_UIF:
48 
++		return "unique-id-format";
49 
+ 	case ARGC_RDR:
50 
+-		return "redirect"; break;
51 
+-	case ARGC_ACL:
52 
+-		return "acl"; break;
53 
++		return "redirect";
54 
++	case ARGC_CAP:
55 
++		return "capture";
56 
+ 	default:
57 
+-		return "log-format";
58 
++		return "undefined(please report this bug)"; /* must never happen */
59 
+ 	}
60 
+ }
61 
+
62 
+--
63 
+2.3.6
64 
+

+ 27
- 0
net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch View File 

@@ -0,0 +1,27 @@
1 
+From ea31f225c2c93a25b8bef7a9241a89cecfd9d350 Mon Sep 17 00:00:00 2001
2 
+From: Baptiste Assmann <bedis9@gmail.com>
3 
+Date: Fri, 17 Jul 2015 21:59:42 +0200
4 
+Subject: [PATCH 2/4] DOC: usesrc root privileges requirements
5 
+
6 
+The "usesrc" parameter of the source statement requires root privileges.
7 
+(cherry picked from commit 91bd337d90cb347feda34b01402f3471c8a4833c)
8 
+---
9 
+ doc/configuration.txt | 2 ++
10 
+ 1 file changed, 2 insertions(+)
11 
+
12 
+diff --git a/doc/configuration.txt b/doc/configuration.txt
13 
+index 6714afb..64697a4 100644
14 
+--- a/doc/configuration.txt
15 
++++ b/doc/configuration.txt
16 
+@@ -6117,6 +6117,8 @@ source <addr>[:<port>] [interface <name>]
17 
+   is possible at the server level using the "source" server option. Refer to
18 
+   section 5 for more information.
19 
+
20 
++  In order to work, "usesrc" requires root privileges.
21 
++
22 
+   Examples :
23 
+         backend private
24 
+             # Connect to the servers using our 192.168.1.200 source address
25 
+--
26 
+2.3.6
27 
+

+ 51
- 0
net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch View File 

@@ -0,0 +1,51 @@
1 
+From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001
2 
+From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org>
3 
+Date: Sat, 25 Jul 2015 16:50:52 -0600
4 
+Subject: [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3.
5 
+
6 
+If SSLv3 is explicitely requested but not available, warn the user and
7 
+bail out.
8 
+(cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849)
9 
+---
10 
+ src/ssl_sock.c | 16 ++++++++++++++--
11 
+ 1 file changed, 14 insertions(+), 2 deletions(-)
12 
+
13 
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
14 
+index 7d77d36..2ae45ec 100644
15 
+--- a/src/ssl_sock.c
16 
++++ b/src/ssl_sock.c
17 
+@@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
18 
+ 		ssloptions |= SSL_OP_NO_TLSv1_2;
19 
+ 	if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
20 
+ 		ssloptions |= SSL_OP_NO_TICKET;
21 
+-	if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
22 
++	if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) {
23 
++#ifndef OPENSSL_NO_SSL3
24 
+ 		SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
25 
++#else
26 
++		Alert("SSLv3 support requested but unavailable.\n");
27 
++		cfgerr++;
28 
++#endif
29 
++	}
30 
+ 	if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
31 
+ 		SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
32 
+ #if SSL_OP_NO_TLSv1_1
33 
+@@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
34 
+ 		options |= SSL_OP_NO_TLSv1_2;
35 
+ 	if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
36 
+ 		options |= SSL_OP_NO_TICKET;
37 
+-	if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
38 
++	if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) {
39 
++#ifndef OPENSSL_NO_SSL3
40 
+ 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
41 
++#else
42 
++		Alert("SSLv3 support requested but unavailable.");
43 
++		cfgerr++;
44 
++#endif
45 
++	}
46 
+ 	if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
47 
+ 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
48 
+ #if SSL_OP_NO_TLSv1_1
49 
+--
50 
+2.3.6
51 
+

+ 26
- 0
net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch View File 

@@ -0,0 +1,26 @@
1 
+From e4766ba031e1fea8f2ca139316dc4e8209e960c2 Mon Sep 17 00:00:00 2001
2 
+From: Daniel Jakots <vigdis@chown.me>
3 
+Date: Wed, 29 Jul 2015 08:03:08 +0200
4 
+Subject: [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works
5 
+
6 
+(cherry picked from commit 17d228be14762b282e5262262c45ecee4c265552)
7 
+---
8 
+ README | 2 +-
9 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
10 
+
11 
+diff --git a/README b/README
12 
+index add7f06..e267730 100644
13 
+--- a/README
14 
++++ b/README
15 
+@@ -39,7 +39,7 @@ and assign it to the TARGET variable :
16 
+   - solaris     for Solaris 8 or 10 (others untested)
17 
+   - freebsd     for FreeBSD 5 to 10 (others untested)
18 
+   - osx         for Mac OS/X
19 
+-  - openbsd     for OpenBSD 3.1 to 5.2 (others untested)
20 
++  - openbsd     for OpenBSD 3.1 and above
21 
+   - aix51       for AIX 5.1
22 
+   - aix52       for AIX 5.2
23 
+   - cygwin      for Cygwin
24 
+--
25 
+2.3.6
26 
+