haproxy: fixes from upstream

- [PATCH 10/12] MINOR: stats: fix minor typo in HTML page - [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace - [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1 Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
10 years ago · 4a3440a8c3
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=haproxy
 PKG_VERSION:=1.5.1
 PKG_RELEASE:=09
 PKG_RELEASE:=12
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
 PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4
--- a/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch
+++ b/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch
@ -0,0 +1,28 @@
 From d38f5c0c1cbba00d80cad2640c005794fa5bc4f9 Mon Sep 17 00:00:00 2001
 From: Marco Corte <marco@marcocorte.it>
 Date: Wed, 2 Jul 2014 17:49:34 +0200
 Subject: [PATCH 10/12] MINOR: stats: fix minor typo in HTML page

 There is a very small typo in the statistics interface: a "set" in
 lowercase where allothers are uppercase "Set".
 (cherry picked from commit 8c27bcaea0116247ee055c5481a63507de4fe6e4)
 ---
 src/dumpstats.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/src/dumpstats.c b/src/dumpstats.c
 index c8bac08..5365042 100644
 --- a/src/dumpstats.c
 +++ b/src/dumpstats.c
@@ -3710,7 +3710,7 @@ static void stats_dump_html_px_end(struct stream_interface *si, struct proxy *px
 			      "<option value=\"\"></option>"
 			      "<option value=\"ready\">Set state to READY</option>"
 			      "<option value=\"drain\">Set state to DRAIN</option>"
 -			      "<option value=\"maint\">set state to MAINT</option>"
 +			      "<option value=\"maint\">Set state to MAINT</option>"
 			      "<option value=\"dhlth\">Health: disable checks</option>"
 			      "<option value=\"ehlth\">Health: enable checks</option>"
 			      "<option value=\"hrunn\">Health: force UP</option>"
 -- 
 1.8.5.5

--- a/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch
+++ b/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch
@ -0,0 +1,45 @@
 From 76ad998e2b6ae852567ff53edb84a0b467c0c9cb Mon Sep 17 00:00:00 2001
 From: Jan Seda <hodor@hodor.cz>
 Date: Thu, 26 Jun 2014 20:44:05 +0200
 Subject: [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace
 sockets upon failure.

 When bind() fails (function uxst_bind_listener()), the fail path doesn't
 consider the abstract namespace and tries to unlink paths held in
 uninitiliazed memory (tempname and backname). See the strace excerpt;
 the strings still hold the path from test1.

 ===============================================================================================
 23722 bind(5, {sa_family=AF_FILE, path=@"test2"}, 110) = -1 EADDRINUSE (Address already in use)
 23722 unlink("/tmp/test1.sock.23722.tmp") = -1 ENOENT (No such file or directory)
 23722 close(5)                          = 0
 23722 unlink("/tmp/test1.sock.23722.bak") = -1 ENOENT (No such file or directory)
 ===============================================================================================

 This patch should be backported to 1.5.
 (cherry picked from commit 7319b64fc4c9b7e04726816c6cc02f6ecf66a0a4)
 ---
 src/proto_uxst.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

 diff --git a/src/proto_uxst.c b/src/proto_uxst.c
 index f83d34e..c9a52ff 100644
 --- a/src/proto_uxst.c
 +++ b/src/proto_uxst.c
@@ -309,11 +309,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
 	if (ret < 0 && errno == ENOENT)
 		unlink(path);
  err_unlink_temp:
 -	if (!ext)
 +	if (!ext && path[0])
 		unlink(tempname);
 	close(fd);
  err_unlink_back:
 -	if (!ext)
 +	if (!ext && path[0])
 		unlink(backname);
  err_return:
 	if (msg && errlen) {
 -- 
 1.8.5.5

--- a/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch
+++ b/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch
@ -0,0 +1,29 @@
 From 9fe4cb64cd9514a72bcd4b2fd8781620da9e1f76 Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Wed, 2 Jul 2014 19:01:22 +0200
 Subject: [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1

 As suggested by Aydan Yumerefendi, a little bit of examples never hurts.
 (cherry picked from commit 2d0caa38e040b081903e50faa56bae52599b3949)
 ---
 doc/configuration.txt | 4 ++++
 1 file changed, 4 insertions(+)

 diff --git a/doc/configuration.txt b/doc/configuration.txt
 index e53bb21..fcc6454 100644
 --- a/doc/configuration.txt
 +++ b/doc/configuration.txt
@@ -10722,6 +10722,10 @@ ssl_c_sha1 : binary
   Returns the SHA-1 fingerprint of the certificate presented by the client when
   the incoming connection was made over an SSL/TLS transport layer. This can be
   used to stick a client to a server, or to pass this information to a server.
 +  Note that the output is binary, so if you want to pass that signature to the
 +  server, you need to encode it in hex or base64, such as in the example below:
 +
 +     http-request set-header X-SSL-Client-SHA1 %[ssl_c_sha1,hex]
 
 ssl_c_sig_alg : string
   Returns the name of the algorithm used to sign the certificate presented by
 -- 
 1.8.5.5