LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12706 Commits
1 Branch
46 MiB
Tree: 485db8a770
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '485db8a770'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0041-BUG-MINOR-config-bette...

43 lines
2.2 KiB
Raw Normal View History

haproxy: Update all patches for HAProxy v1.8.14 - Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.14.html) - Raise PKG_RELEASE to 5 - Improve version-handling Signed-off-by: Christian Lachner <gladiac@gmail.com>
6 years ago
 
  1. commit c990c7fe448248c4e2a34b84b593cc1b3536b328
  2. Author: Willy Tarreau <w@1wt.eu>
  3. Date:   Sun Nov 11 10:36:25 2018 +0100
  4. 

  5.     BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
  6.     
  7.     In 1.8, commit 45a66cc ("MEDIUM: config: ensure that tune.bufsize is at
  8.     least 16384 when using HTTP/2") tried to avoid an annoying issue making
  9.     H2 fail when haproxy is built with default buffer sizes smaller than 16kB,
  10.     which used to be the case for a very long time. Sadly, the test only sees
  11.     when NPN/ALPN exactly match "h2" and not when it's combined like
  12.     "h2,http/1.1" nor "http/1.1,h2". We can safely use strstr() there because
  13.     the string is prefixed by the token's length (0x02) which is unambiguous
  14.     as it cannot be part of any other token.
  15.     
  16.     This fix should be backported to 1.8 as a safety guard against bad
  17.     configurations.
  18.     
  19.     (cherry picked from commit 4db49c0704898e51892a176505299de3e022c5ea)
  20.     Signed-off-by: William Lallemand <wlallemand@haproxy.org>
  21. 

  22. diff --git a/src/cfgparse.c b/src/cfgparse.c

  23. index 87a4d803..618ffd39 100644

  24. --- a/src/cfgparse.c

  25. +++ b/src/cfgparse.c

  26. @@ -7629,7 +7629,7 @@ int check_config_validity()

  27.  			if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize < 16384) {
  28.  #ifdef OPENSSL_NPN_NEGOTIATED
  29.  				/* check NPN */
  30. -				if (bind_conf->ssl_conf.npn_str && strcmp(bind_conf->ssl_conf.npn_str, "\002h2") == 0) {

  31. +				if (bind_conf->ssl_conf.npn_str && strstr(bind_conf->ssl_conf.npn_str, "\002h2")) {

  32.  					ha_alert("config : HTTP frontend '%s' enables HTTP/2 via NPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
  33.  						 curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
  34.  					cfgerr++;
  35. @@ -7637,7 +7637,7 @@ int check_config_validity()

  36.  #endif
  37.  #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
  38.  				/* check ALPN */
  39. -				if (bind_conf->ssl_conf.alpn_str && strcmp(bind_conf->ssl_conf.alpn_str, "\002h2") == 0) {

  40. +				if (bind_conf->ssl_conf.alpn_str && strstr(bind_conf->ssl_conf.alpn_str, "\002h2")) {

  41.  					ha_alert("config : HTTP frontend '%s' enables HTTP/2 via ALPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
  42.  						 curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
  43.  					cfgerr++;