haproxy: Update all patches for HAProxy v1.8.14

- Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.14.html)
- Raise PKG_RELEASE to 5
- Improve version-handling

Signed-off-by: Christian Lachner <gladiac@gmail.com>

net/haproxy/Makefile

@@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
 PKG_VERSION:=1.8.14
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.haproxy.org/download/1.8/src/
@@ -137,15 +137,15 @@ define Build/Compile
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		CC="$(TARGET_CC)" \
 		PCREDIR="$(STAGING_DIR)/usr/" \
-		SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 " \
+		SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \
 		USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 USE_TFO=1 \
 		USE_ZLIB=yes USE_PCRE=1 USE_PCRE_JIT=1 USE_GETADDRINFO=1 \
-		VERSION="$(PKG_VERSION)-$(PKG_RELEASE)" \
+		VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \
+		VERDATE="$(shell date -d @$(SOURCE_DATE_EPOCH) '+%Y/%m/%d')" IGNOREGIT=1 \
 		$(ADDON) \
 		CFLAGS="$(TARGET_CFLAGS)" \
 		LD="$(TARGET_CC)" \
-		LDFLAGS="$(TARGET_LDFLAGS) -latomic" \
+		LDFLAGS="$(TARGET_LDFLAGS) -latomic"
-		IGNOREGIT=1
 
 	$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
@@ -158,7 +158,6 @@ define Build/Compile
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		$(MAKE_FLAGS) \
 		ADDLIB="-lcrypto" \
-		VERSION="$(PKG_VERSION)-$(PKG_RELEASE)" \
 		halog
 endef
 

net/haproxy/patches/0041-BUG-MINOR-config-better-detect-the-presence-of-the-h2-pattern-in-npn-alpn.patch

@@ -0,0 +1,43 @@
+commit c990c7fe448248c4e2a34b84b593cc1b3536b328
+Author: Willy Tarreau <w@1wt.eu>
+Date:   Sun Nov 11 10:36:25 2018 +0100
+
+    BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
+    
+    In 1.8, commit 45a66cc ("MEDIUM: config: ensure that tune.bufsize is at
+    least 16384 when using HTTP/2") tried to avoid an annoying issue making
+    H2 fail when haproxy is built with default buffer sizes smaller than 16kB,
+    which used to be the case for a very long time. Sadly, the test only sees
+    when NPN/ALPN exactly match "h2" and not when it's combined like
+    "h2,http/1.1" nor "http/1.1,h2". We can safely use strstr() there because
+    the string is prefixed by the token's length (0x02) which is unambiguous
+    as it cannot be part of any other token.
+    
+    This fix should be backported to 1.8 as a safety guard against bad
+    configurations.
+    
+    (cherry picked from commit 4db49c0704898e51892a176505299de3e022c5ea)
+    Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/cfgparse.c b/src/cfgparse.c
+index 87a4d803..618ffd39 100644
+--- a/src/cfgparse.c
++++ b/src/cfgparse.c
+@@ -7629,7 +7629,7 @@ int check_config_validity()
+ 			if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize < 16384) {
+ #ifdef OPENSSL_NPN_NEGOTIATED
+ 				/* check NPN */
+-				if (bind_conf->ssl_conf.npn_str && strcmp(bind_conf->ssl_conf.npn_str, "\002h2") == 0) {
++				if (bind_conf->ssl_conf.npn_str && strstr(bind_conf->ssl_conf.npn_str, "\002h2")) {
+ 					ha_alert("config : HTTP frontend '%s' enables HTTP/2 via NPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
+ 						 curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
+ 					cfgerr++;
+@@ -7637,7 +7637,7 @@ int check_config_validity()
+ #endif
+ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ 				/* check ALPN */
+-				if (bind_conf->ssl_conf.alpn_str && strcmp(bind_conf->ssl_conf.alpn_str, "\002h2") == 0) {
++				if (bind_conf->ssl_conf.alpn_str && strstr(bind_conf->ssl_conf.alpn_str, "\002h2")) {
+ 					ha_alert("config : HTTP frontend '%s' enables HTTP/2 via ALPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
+ 						 curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
+ 					cfgerr++;

net/haproxy/patches/0042-BUG-MEDIUM-Make-sure-stksess-is-properly-aligned.patch

@@ -0,0 +1,61 @@
+commit 5b259db1160fa12820cc5ba6399e4dbcefa6ab22
+Author: Olivier Houchard <ohouchard@haproxy.com>
+Date:   Wed Nov 14 17:54:36 2018 +0100
+
+    BUG/MEDIUM: Make sure stksess is properly aligned.
+    
+    When we allocate struct stksess, we also allocate memory to store the
+    associated data before the struct itself.
+    As the data can be of different types, they can have different size. However,
+    we need the struct stksess to be properly aligned, as it can do 64bits
+    load/store (including atomic load/stores) on 64bits platforms, and some of
+    them doesn't support unaligned access.
+    So, when allocating the struct stksess, round the size up to the next
+    multiple of sizeof(void *), and make sure the struct stksess itself is
+    properly aligned.
+    Many thanks to Paul Martin for investigating and reporting that bug.
+    
+    This should be backported to earlier releases.
+    
+    (cherry picked from commit 52dabbc4fad338233c7f0c96f977a43f8f81452a)
+    Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/stick_table.c b/src/stick_table.c
+index f1442603..0a238378 100644
+--- a/src/stick_table.c
++++ b/src/stick_table.c
+@@ -44,6 +44,7 @@
+ /* structure used to return a table key built from a sample */
+ static THREAD_LOCAL struct stktable_key static_table_key;
+ 
++#define round_ptr_size(i) (((i) + (sizeof(void *) - 1)) &~ (sizeof(void *) - 1))
+ /*
+  * Free an allocated sticky session <ts>, and decrease sticky sessions counter
+  * in table <t>.
+@@ -51,7 +52,7 @@ static THREAD_LOCAL struct stktable_key static_table_key;
+ void __stksess_free(struct stktable *t, struct stksess *ts)
+ {
+ 	t->current--;
+-	pool_free(t->pool, (void *)ts - t->data_size);
++	pool_free(t->pool, (void *)ts - round_ptr_size(t->data_size));
+ }
+ 
+ /*
+@@ -229,7 +230,7 @@ struct stksess *__stksess_new(struct stktable *t, struct stktable_key *key)
+ 	ts = pool_alloc(t->pool);
+ 	if (ts) {
+ 		t->current++;
+-		ts = (void *)ts + t->data_size;
++		ts = (void *)ts + round_ptr_size(t->data_size);
+ 		__stksess_init(t, ts);
+ 		if (key)
+ 			stksess_setkey(t, ts, key);
+@@ -597,7 +598,7 @@ int stktable_init(struct stktable *t)
+ 		t->updates = EB_ROOT_UNIQUE;
+ 		HA_SPIN_INIT(&t->lock);
+ 
+-		t->pool = create_pool("sticktables", sizeof(struct stksess) + t->data_size + t->key_size, MEM_F_SHARED);
++		t->pool = create_pool("sticktables", sizeof(struct stksess) + round_ptr_size(t->data_size) + t->key_size, MEM_F_SHARED);
+ 
+ 		t->exp_next = TICK_ETERNITY;
+ 		if ( t->expire ) {

net/haproxy/patches/0043-BUG-MINOR-config-Copy-default-error-messages-when-parsing-of-a-backend-starts.patch

@@ -0,0 +1,38 @@
+commit 54824cf35520b11ff97e0937beeb429dcdc55fd0
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date:   Mon Nov 12 11:57:31 2018 +0100
+
+    BUG/MINOR: config: Copy default error messages when parsing of a backend starts
+    
+    To be used, error messages declared in a default section must be copied when the
+    parsing of a proxy section starts. But this was only done for frontends.
+    
+    This patch may be backported to older versions.
+    
+    (cherry picked from commit 6b44975fbd2f7d81074e20bc07fc0e01466cc9c9)
+    Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/cfgparse.c b/src/cfgparse.c
+index 618ffd39..6bc6b259 100644
+--- a/src/cfgparse.c
++++ b/src/cfgparse.c
+@@ -2787,15 +2787,15 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
+ 			curproxy->server_id_hdr_name = strdup(defproxy.server_id_hdr_name);
+ 		}
+ 
++		/* initialize error relocations */
++		for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
++			chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
++
+ 		if (curproxy->cap & PR_CAP_FE) {
+ 			curproxy->maxconn = defproxy.maxconn;
+ 			curproxy->backlog = defproxy.backlog;
+ 			curproxy->fe_sps_lim = defproxy.fe_sps_lim;
+ 
+-			/* initialize error relocations */
+-			for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
+-				chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
+-
+ 			curproxy->to_log = defproxy.to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR;
+ 		}
+ 

net/haproxy/patches/0044-BUG-MEDIUM-hpack-fix-encoding-of-accept-ranges-field.patch

@@ -0,0 +1,32 @@
+commit 64a7cbf4ea3276b72ffb121acab676542cebde1b
+Author: Willy Tarreau <w@1wt.eu>
+Date:   Tue Nov 20 04:47:38 2018 +0100
+
+    BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
+    
+    James Brown reported that when an "accept-ranges" header field is sent
+    through haproxy and converted from HTTP/1.1 to H2, it's mis-encoded as
+    "accept-language". It happens that it's one of the few very common header
+    fields encoded using its index value and that this index value was misread
+    in the spec as 17 instead of 18, resulting in the wrong name being sent.
+    Thanks to Lukas for spotting the issue in the HPACK encoder itself.
+    
+    This fix must be backported to 1.8.
+    
+    (cherry picked from commit 4bf194cbdbcda8ec4ce83d7f12d2fe9b08483c94)
+    [wla: buffer API edit]
+    Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/hpack-enc.c b/src/hpack-enc.c
+index d1f68c58..99c73103 100644
+--- a/src/hpack-enc.c
++++ b/src/hpack-enc.c
+@@ -101,7 +101,7 @@ int hpack_encode_header(struct chunk *out, const struct ist n, const struct ist
+ 	else if (isteq(n, ist("last-modified")))
+ 		out->str[len++] = 0x6c; // literal with indexing -- name="last-modified" (idx 44)
+ 	else if (isteq(n, ist("accept-ranges")))
+-		out->str[len++] = 0x51; // literal with indexing -- name="accept-ranges" (idx 17)
++		out->str[len++] = 0x52; // literal with indexing -- name="accept-ranges" (idx 18)
+ 	else if (isteq(n, ist("cache-control")))
+ 		out->str[len++] = 0x58; // literal with indexing -- name="cache-control" (idx 24)
+ 	else if (isteq(n, ist("content-length")))