haproxy: fixes for upstream version 1.5.14

- [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in - [PATCH 2/4] DOC: usesrc root privileges requirements - [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3. - [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works Signed-off-by: heil <heil@terminal-consulting.de>
2015-08-24 10:44:59 +02:00 · 2015-08-24 10:44:59 +02:00 · ee8052d459
commit ee8052d459
parent de1b14830d
5 changed files with 169 additions and 1 deletions
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=haproxy
 PKG_VERSION:=1.5.14
-PKG_RELEASE:=00
+PKG_RELEASE:=04
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
--- a/net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
+++ b/net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
@ -0,0 +1,64 @@
+From df0a5960987b3cb663dcfa93d29c21acc13cd3e3 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 9 Jul 2015 11:20:00 +0200
+Subject: [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in
+ fmt_directives()
+
+ARGC_CAP was not added to fmt_directives() which is used to format
+error messages when failing to parse log format expressions. The
+whole switch/case has been reorganized to match the declaration
+order making it easier to spot missing values. The default is not
+the "log" directive anymore but "undefined" asking to report the
+bug.
+
+Backport to 1.5 is not strictly needed but is desirable at least
+for code sanity.
+(cherry picked from commit 53e1a6d31743b1bef6063ff30b812521391ae3c3)
+---
+ src/log.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/src/log.c b/src/log.c
+index 1a5ad25..f0a3072 100644
+--- a/src/log.c
+++ b/src/log.c
+@@ -167,22 +167,26 @@ struct logformat_var_args var_args_list[] = {
+ static inline const char *fmt_directive(const struct proxy *curproxy)
+ {
+ 	switch (curproxy->conf.args.ctx) {
+-	case ARGC_UIF:
+-		return "unique-id-format";
+	case ARGC_ACL:
+		return "acl";
+	case ARGC_STK:
+		return "stick";
+	case ARGC_TRK:
+		return "track-sc";
+	case ARGC_LOG:
+		return "log-format";
+ 	case ARGC_HRQ:
+ 		return "http-request";
+ 	case ARGC_HRS:
+ 		return "http-response";
+-	case ARGC_STK:
+-		return "stick";
+-	case ARGC_TRK:
+-		return "track-sc"; break;
+	case ARGC_UIF:
+		return "unique-id-format";
+ 	case ARGC_RDR:
+-		return "redirect"; break;
+-	case ARGC_ACL:
+-		return "acl"; break;
+		return "redirect";
+	case ARGC_CAP:
+		return "capture";
+ 	default:
+-		return "log-format";
+		return "undefined(please report this bug)"; /* must never happen */
+ 	}
+ }
+ 
+-- 
+2.3.6
+
--- a/net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch
+++ b/net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch
@ -0,0 +1,27 @@
+From ea31f225c2c93a25b8bef7a9241a89cecfd9d350 Mon Sep 17 00:00:00 2001
+From: Baptiste Assmann <bedis9@gmail.com>
+Date: Fri, 17 Jul 2015 21:59:42 +0200
+Subject: [PATCH 2/4] DOC: usesrc root privileges requirements
+
+The "usesrc" parameter of the source statement requires root privileges.
+(cherry picked from commit 91bd337d90cb347feda34b01402f3471c8a4833c)
+---
+ doc/configuration.txt | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index 6714afb..64697a4 100644
+--- a/doc/configuration.txt
+++ b/doc/configuration.txt
+@@ -6117,6 +6117,8 @@ source <addr>[:<port>] [interface <name>]
+   is possible at the server level using the "source" server option. Refer to
+   section 5 for more information.
+ 
+  In order to work, "usesrc" requires root privileges.
+
+   Examples :
+         backend private
+             # Connect to the servers using our 192.168.1.200 source address
+-- 
+2.3.6
+
--- a/net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
+++ b/net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
@ -0,0 +1,51 @@
+From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org>
+Date: Sat, 25 Jul 2015 16:50:52 -0600
+Subject: [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3.
+
+If SSLv3 is explicitely requested but not available, warn the user and
+bail out.
+(cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849)
+---
+ src/ssl_sock.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
+index 7d77d36..2ae45ec 100644
+--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
+@@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
+ 		ssloptions |= SSL_OP_NO_TLSv1_2;
+ 	if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
+ 		ssloptions |= SSL_OP_NO_TICKET;
+-	if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
+	if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) {
+#ifndef OPENSSL_NO_SSL3
+ 		SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
+#else
+		Alert("SSLv3 support requested but unavailable.\n");
+		cfgerr++;
+#endif
+	}
+ 	if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
+ 		SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
+ #if SSL_OP_NO_TLSv1_1
+@@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
+ 		options |= SSL_OP_NO_TLSv1_2;
+ 	if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
+ 		options |= SSL_OP_NO_TICKET;
+-	if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
+	if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) {
+#ifndef OPENSSL_NO_SSL3
+ 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
+#else
+		Alert("SSLv3 support requested but unavailable.");
+		cfgerr++;
+#endif
+	}
+ 	if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
+ 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
+ #if SSL_OP_NO_TLSv1_1
+-- 
+2.3.6
+
--- a/net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
+++ b/net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
@ -0,0 +1,26 @@
+From e4766ba031e1fea8f2ca139316dc4e8209e960c2 Mon Sep 17 00:00:00 2001
+From: Daniel Jakots <vigdis@chown.me>
+Date: Wed, 29 Jul 2015 08:03:08 +0200
+Subject: [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works
+
+(cherry picked from commit 17d228be14762b282e5262262c45ecee4c265552)
+---
+ README | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/README b/README
+index add7f06..e267730 100644
+--- a/README
+++ b/README
+@@ -39,7 +39,7 @@ and assign it to the TARGET variable :
+   - solaris     for Solaris 8 or 10 (others untested)
+   - freebsd     for FreeBSD 5 to 10 (others untested)
+   - osx         for Mac OS/X
+-  - openbsd     for OpenBSD 3.1 to 5.2 (others untested)
+  - openbsd     for OpenBSD 3.1 and above
+   - aix51       for AIX 5.1
+   - aix52       for AIX 5.2
+   - cygwin      for Cygwin
+-- 
+2.3.6
+