haproxy: fixes from upstream

- [PATCH 10/12] MINOR: stats: fix minor typo in HTML page - [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace - [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1 Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2014-07-06 20:34:33 +02:00 · 2014-07-06 20:34:33 +02:00 · 4a3440a8c3
commit 4a3440a8c3
parent e86c668446
4 changed files with 103 additions and 1 deletions
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=haproxy
 PKG_VERSION:=1.5.1
-PKG_RELEASE:=09
+PKG_RELEASE:=12
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
 PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4
--- a/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch
+++ b/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch
@ -0,0 +1,28 @@
+From d38f5c0c1cbba00d80cad2640c005794fa5bc4f9 Mon Sep 17 00:00:00 2001
+From: Marco Corte <marco@marcocorte.it>
+Date: Wed, 2 Jul 2014 17:49:34 +0200
+Subject: [PATCH 10/12] MINOR: stats: fix minor typo in HTML page
+
+There is a very small typo in the statistics interface: a "set" in
+lowercase where allothers are uppercase "Set".
+(cherry picked from commit 8c27bcaea0116247ee055c5481a63507de4fe6e4)
+---
+ src/dumpstats.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dumpstats.c b/src/dumpstats.c
+index c8bac08..5365042 100644
+--- a/src/dumpstats.c
+++ b/src/dumpstats.c
+@@ -3710,7 +3710,7 @@ static void stats_dump_html_px_end(struct stream_interface *si, struct proxy *px
+ 			      "<option value=\"\"></option>"
+ 			      "<option value=\"ready\">Set state to READY</option>"
+ 			      "<option value=\"drain\">Set state to DRAIN</option>"
+-			      "<option value=\"maint\">set state to MAINT</option>"
+			      "<option value=\"maint\">Set state to MAINT</option>"
+ 			      "<option value=\"dhlth\">Health: disable checks</option>"
+ 			      "<option value=\"ehlth\">Health: enable checks</option>"
+ 			      "<option value=\"hrunn\">Health: force UP</option>"
+-- 
+1.8.5.5
+
--- a/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch
+++ b/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch
@ -0,0 +1,45 @@
+From 76ad998e2b6ae852567ff53edb84a0b467c0c9cb Mon Sep 17 00:00:00 2001
+From: Jan Seda <hodor@hodor.cz>
+Date: Thu, 26 Jun 2014 20:44:05 +0200
+Subject: [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace
+ sockets upon failure.
+
+When bind() fails (function uxst_bind_listener()), the fail path doesn't
+consider the abstract namespace and tries to unlink paths held in
+uninitiliazed memory (tempname and backname). See the strace excerpt;
+the strings still hold the path from test1.
+
+===============================================================================================
+23722 bind(5, {sa_family=AF_FILE, path=@"test2"}, 110) = -1 EADDRINUSE (Address already in use)
+23722 unlink("/tmp/test1.sock.23722.tmp") = -1 ENOENT (No such file or directory)
+23722 close(5)                          = 0
+23722 unlink("/tmp/test1.sock.23722.bak") = -1 ENOENT (No such file or directory)
+===============================================================================================
+
+This patch should be backported to 1.5.
+(cherry picked from commit 7319b64fc4c9b7e04726816c6cc02f6ecf66a0a4)
+---
+ src/proto_uxst.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/proto_uxst.c b/src/proto_uxst.c
+index f83d34e..c9a52ff 100644
+--- a/src/proto_uxst.c
+++ b/src/proto_uxst.c
+@@ -309,11 +309,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
+ 	if (ret < 0 && errno == ENOENT)
+ 		unlink(path);
+  err_unlink_temp:
+-	if (!ext)
+	if (!ext && path[0])
+ 		unlink(tempname);
+ 	close(fd);
+  err_unlink_back:
+-	if (!ext)
+	if (!ext && path[0])
+ 		unlink(backname);
+  err_return:
+ 	if (msg && errlen) {
+-- 
+1.8.5.5
+
--- a/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch
+++ b/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch
@ -0,0 +1,29 @@
+From 9fe4cb64cd9514a72bcd4b2fd8781620da9e1f76 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 2 Jul 2014 19:01:22 +0200
+Subject: [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1
+
+As suggested by Aydan Yumerefendi, a little bit of examples never hurts.
+(cherry picked from commit 2d0caa38e040b081903e50faa56bae52599b3949)
+---
+ doc/configuration.txt | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index e53bb21..fcc6454 100644
+--- a/doc/configuration.txt
+++ b/doc/configuration.txt
+@@ -10722,6 +10722,10 @@ ssl_c_sha1 : binary
+   Returns the SHA-1 fingerprint of the certificate presented by the client when
+   the incoming connection was made over an SSL/TLS transport layer. This can be
+   used to stick a client to a server, or to pass this information to a server.
+  Note that the output is binary, so if you want to pass that signature to the
+  server, you need to encode it in hex or base64, such as in the example below:
+
+     http-request set-header X-SSL-Client-SHA1 %[ssl_c_sha1,hex]
+ 
+ ssl_c_sig_alg : string
+   Returns the name of the algorithm used to sign the certificate presented by
+-- 
+1.8.5.5
+