diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 82659f0bb..05f7f8048 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy PKG_VERSION:=1.5.5 -PKG_RELEASE:=00 +PKG_RELEASE:=02 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/net/haproxy/patches/0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch b/net/haproxy/patches/0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch new file mode 100644 index 000000000..aa94fd0e3 --- /dev/null +++ b/net/haproxy/patches/0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch @@ -0,0 +1,41 @@ +From 1f24e3fee3aba83fb3338d17589d0ad0f34f6c73 Mon Sep 17 00:00:00 2001 +From: Apollon Oikonomopoulos +Date: Wed, 8 Oct 2014 15:14:41 +0300 +Subject: [PATCH 1/2] BUG/MEDIUM: systemd: set KillMode to 'mixed' + +By default systemd will send SIGTERM to all processes in the service's +control group. In our case, this includes the wrapper, the master +process and all worker processes. + +Since commit c54bdd2a the wrapper actually catches SIGTERM and survives +to see the master process getting killed by systemd and regard this as +an error, placing the unit in a failed state during "systemctl stop". + +Since the wrapper now handles SIGTERM by itself, we switch the kill mode +to 'mixed', which means that systemd will deliver the initial SIGTERM to +the wrapper only, and if the actual haproxy processes don't exit after a +given amount of time (default: 90s), a SIGKILL is sent to all remaining +processes in the control group. See systemd.kill(5) for more +information. + +This should also be backported to 1.5. +(cherry picked from commit 74f016985ab1fa7a6a5afa301d982e77eba9c96a) +--- + contrib/systemd/haproxy.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/contrib/systemd/haproxy.service.in b/contrib/systemd/haproxy.service.in +index 1a3d2c0..0bc5420 100644 +--- a/contrib/systemd/haproxy.service.in ++++ b/contrib/systemd/haproxy.service.in +@@ -5,6 +5,7 @@ After=network.target + [Service] + ExecStart=@SBINDIR@/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid + ExecReload=/bin/kill -USR2 $MAINPID ++KillMode=mixed + Restart=always + + [Install] +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0002-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch b/net/haproxy/patches/0002-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch new file mode 100644 index 000000000..71a437c78 --- /dev/null +++ b/net/haproxy/patches/0002-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch @@ -0,0 +1,39 @@ +From 4ab232ce2fbdaf9b871c411fc7284096219bb854 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Fri, 10 Oct 2014 14:54:25 +0200 +Subject: [PATCH 2/2] BUG/MEDIUM: config: avoid skipping disabled proxies + +Paul Taylor and Bryan Talbot found that after commit 419ead8 ("MEDIUM: +config: compute the exact bind-process before listener's maxaccept"), +a backend marked "disabled" would cause the next backend to be skipped +and if it was the last one it would cause a segfault. + +The reason is that the commit above changed the "while" loop for a "for" +loop but a "continue" statement still incrementing the current proxy was +left in the code for disabled proxies, causing the next one to be skipped +as well and the last one to try to dereference NULL when seeking ->next. + +The quick workaround consists in not disabling backends, or adding an +empty dummy one after a disabled section. + +This fix must be backported to 1.5. +(cherry picked from commit 06cc905813f1858c0606b44d1e271bd0b6a25224) +--- + src/cfgparse.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/cfgparse.c b/src/cfgparse.c +index ec6d923..392a692 100644 +--- a/src/cfgparse.c ++++ b/src/cfgparse.c +@@ -6104,7 +6104,6 @@ int check_config_validity() + if (curproxy->state == PR_STSTOPPED) { + /* ensure we don't keep listeners uselessly bound */ + stop_proxy(curproxy); +- curproxy = curproxy->next; + continue; + } + +-- +1.8.5.5 +