haproxy: bump to version 1.5.18 and pending patches

Signed-off-by: heil <heil@terminal-consulting.de>

net/haproxy/Makefile

@@ -9,12 +9,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
-PKG_VERSION:=1.5.16
-PKG_RELEASE:=01
+PKG_VERSION:=1.5.18
+PKG_RELEASE:=04
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_MD5SUM:=294fdb5aaaccba00c2070e5f4baf9f0e
+PKG_MD5SUM:=21d35f114583ef731bc96af05b46c75a
 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
 PKG_LICENSE:=GPL-2.0
 

net/haproxy/patches/0001-BUG-MAJOR-fix-listening-IP-address-storage-for-front.patch

@@ -0,0 +1,131 @@
+From a72d39058a7a5d004e0c6b69a91663591bb3bf89 Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.im>
+Date: Thu, 19 May 2016 11:15:51 +0200
+Subject: [PATCH 1/4] BUG/MAJOR: fix listening IP address storage for frontends
+
+When compiled with GCC 6, the IP address specified for a frontend was
+ignored and HAProxy was listening on all addresses instead. This is
+caused by an incomplete copy of a "struct sockaddr_storage".
+
+With the GNU Libc, "struct sockaddr_storage" is defined as this:
+
+    struct sockaddr_storage
+      {
+        sa_family_t ss_family;
+        unsigned long int __ss_align;
+        char __ss_padding[(128 - (2 * sizeof (unsigned long int)))];
+      };
+
+Doing an aggregate copy (ss1 = ss2) is different than using memcpy():
+only members of the aggregate have to be copied. Notably, padding can be
+or not be copied. In GCC 6, some optimizations use this fact and if a
+"struct sockaddr_storage" contains a "struct sockaddr_in", the port and
+the address are part of the padding (between sa_family and __ss_align)
+and can be not copied over.
+
+Therefore, we replace any aggregate copy by a memcpy(). There is another
+place using the same pattern. We also fix a function receiving a "struct
+sockaddr_storage" by copy instead of by reference. Since it only needs a
+read-only copy, the function is converted to request a reference.
+
+This is a backport for 1.5 of 6e6158 and 6e46ff1.
+---
+ src/cfgparse.c   |  4 ++--
+ src/connection.c |  2 +-
+ src/proto_http.c | 12 ++++++------
+ src/proto_tcp.c  |  2 +-
+ 4 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/cfgparse.c b/src/cfgparse.c
+index 39abf6b..9331415 100644
+--- a/src/cfgparse.c
++++ b/src/cfgparse.c
+@@ -280,7 +280,7 @@ int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf,
+ 		}
+ 
+ 		/* OK the address looks correct */
+-		ss = *ss2;
++		memcpy(&ss, ss2, sizeof(ss));
+ 
+ 		for (; port <= end; port++) {
+ 			l = (struct listener *)calloc(1, sizeof(struct listener));
+@@ -291,7 +291,7 @@ int str2listener(char *str, struct proxy *curproxy, struct bind_conf *bind_conf,
+ 			l->bind_conf = bind_conf;
+ 
+ 			l->fd = fd;
+-			l->addr = ss;
++			memcpy(&l->addr, &ss, sizeof(ss));
+ 			l->xprt = &raw_sock;
+ 			l->state = LI_INIT;
+ 
+diff --git a/src/connection.c b/src/connection.c
+index dab1c90..09fd04e 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -620,7 +620,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
+ 	const char pp2_signature[] = PP2_SIGNATURE;
+ 	int ret = 0;
+ 	struct proxy_hdr_v2 *hdr = (struct proxy_hdr_v2 *)buf;
+-	struct sockaddr_storage null_addr = {0};
++	struct sockaddr_storage null_addr = { .ss_family = 0 };
+ 	struct sockaddr_storage *src = &null_addr;
+ 	struct sockaddr_storage *dst = &null_addr;
+ #ifdef USE_OPENSSL
+diff --git a/src/proto_http.c b/src/proto_http.c
+index b3aa4d8..0b13c5e 100644
+--- a/src/proto_http.c
++++ b/src/proto_http.c
+@@ -3220,15 +3220,15 @@ int http_handle_stats(struct session *s, struct channel *req)
+ /* Sets the TOS header in IPv4 and the traffic class header in IPv6 packets
+  * (as per RFC3260 #4 and BCP37 #4.2 and #5.2).
+  */
+-static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos)
++static inline void inet_set_tos(int fd, struct sockaddr_storage *from, int tos)
+ {
+ #ifdef IP_TOS
+-	if (from.ss_family == AF_INET)
++	if (from->ss_family == AF_INET)
+ 		setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+ #endif
+ #ifdef IPV6_TCLASS
+-	if (from.ss_family == AF_INET6) {
+-		if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&from)->sin6_addr))
++	if (from->ss_family == AF_INET6) {
++		if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)from)->sin6_addr))
+ 			/* v4-mapped addresses need IP_TOS */
+ 			setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
+ 		else
+@@ -3366,7 +3366,7 @@ http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session
+ 
+ 		case HTTP_REQ_ACT_SET_TOS:
+ 			if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
+-				inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
++				inet_set_tos(cli_conn->t.sock.fd, &cli_conn->addr.from, rule->arg.tos);
+ 			break;
+ 
+ 		case HTTP_REQ_ACT_SET_MARK:
+@@ -3563,7 +3563,7 @@ http_res_get_intercept_rule(struct proxy *px, struct list *rules, struct session
+ 
+ 		case HTTP_RES_ACT_SET_TOS:
+ 			if ((cli_conn = objt_conn(s->req->prod->end)) && conn_ctrl_ready(cli_conn))
+-				inet_set_tos(cli_conn->t.sock.fd, cli_conn->addr.from, rule->arg.tos);
++				inet_set_tos(cli_conn->t.sock.fd, &cli_conn->addr.from, rule->arg.tos);
+ 			break;
+ 
+ 		case HTTP_RES_ACT_SET_MARK:
+diff --git a/src/proto_tcp.c b/src/proto_tcp.c
+index cfa62f7..8c06441 100644
+--- a/src/proto_tcp.c
++++ b/src/proto_tcp.c
+@@ -394,7 +394,7 @@ int tcp_connect_server(struct connection *conn, int data, int delack)
+ 			struct sockaddr_storage sa;
+ 
+ 			ret = 1;
+-			sa = src->source_addr;
++			memcpy(&sa, &src->source_addr, sizeof(sa));
+ 
+ 			do {
+ 				/* note: in case of retry, we may have to release a previously
+-- 
+2.7.3
+

net/haproxy/patches/0002-CLEANUP-connection-fix-double-negation-on-memcmp.patch

@@ -0,0 +1,39 @@
+From fab41521192c6f62f0284faf53d6ad40955ef3db Mon Sep 17 00:00:00 2001
+From: David CARLIER <devnexen@gmail.com>
+Date: Thu, 24 Mar 2016 09:22:36 +0000
+Subject: [PATCH 2/4] CLEANUP: connection: fix double negation on memcmp()
+
+Nothing harmful in here, just clarify that it applies to the whole
+expression.
+
+(cherry picked from commit 42ff05e2d3d10e8a1e070e66e8883c5eabe196d7)
+(cherry picked from commit c4809151b4c9ccc312cb451e99fd556e867242fc)
+---
+ src/connection.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/connection.c b/src/connection.c
+index 09fd04e..af18878 100644
+--- a/src/connection.c
++++ b/src/connection.c
+@@ -289,7 +289,7 @@ int conn_recv_proxy(struct connection *conn, int flag)
+ 	if (trash.len < 9) /* shortest possible line */
+ 		goto missing;
+ 
+-	if (!memcmp(line, "TCP4 ", 5) != 0) {
++	if (memcmp(line, "TCP4 ", 5) == 0) {
+ 		u32 src3, dst3, sport, dport;
+ 
+ 		line += 5;
+@@ -330,7 +330,7 @@ int conn_recv_proxy(struct connection *conn, int flag)
+ 		((struct sockaddr_in *)&conn->addr.to)->sin_port          = htons(dport);
+ 		conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
+ 	}
+-	else if (!memcmp(line, "TCP6 ", 5) != 0) {
++	else if (memcmp(line, "TCP6 ", 5) == 0) {
+ 		u32 sport, dport;
+ 		char *src_s;
+ 		char *dst_s, *sport_s, *dport_s;
+-- 
+2.7.3
+

net/haproxy/patches/0003-BUG-MEDIUM-sticktables-segfault-in-some-configuratio.patch

@@ -0,0 +1,52 @@
+From 294c8d2f81847e0e2d26aa0700564ac2f6aaffa6 Mon Sep 17 00:00:00 2001
+From: Thierry Fournier <thierry.fournier@ozon.io>
+Date: Mon, 6 Jun 2016 18:28:05 +0200
+Subject: [PATCH 3/4] BUG/MEDIUM: sticktables: segfault in some configuration
+ error cases
+
+When a stick table is tracked, and another one is used later on the
+configuration, a segfault occurs.
+
+The function "smp_create_src_stkctr" can return a NULL value, and
+its value is not tested, so one other function try to dereference
+a NULL pointer. This patch just add a verification of the NULL
+pointer.
+
+The problem is reproduced with this configuration:
+
+   listen www
+       mode http
+       bind :12345
+       tcp-request content track-sc0 src table IPv4
+       http-request allow if { sc0_inc_gpc0(IPv6) gt 0 }
+       server dummy 127.0.0.1:80
+   backend IPv4
+       stick-table type ip size 10 expire 60s store gpc0
+   backend IPv6
+       stick-table type ipv6 size 10 expire 60s store gpc0
+
+Thank to kabefuna@gmail.com for the bug report.
+
+This patch must be backported in the 1.6 and 1.5 version.
+(cherry picked from commit 6fc340ff07171bb85d11d835fa4158bbdef240a0)
+(cherry picked from commit 4693e2302271252044038c9be38487fb16218e5b)
+---
+ src/session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/session.c b/src/session.c
+index 4e84803..fbd5094 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -2908,7 +2908,7 @@ smp_fetch_sc_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
+ 	smp->flags = SMP_F_VOL_TEST;
+ 	smp->type = SMP_T_UINT;
+ 	smp->data.uint = 0;
+-	if (stkctr_entry(stkctr) != NULL) {
++	if (stkctr && stkctr_entry(stkctr)) {
+ 		void *ptr;
+ 
+ 		/* First, update gpc0_rate if it's tracked. Second, update its
+-- 
+2.7.3
+

net/haproxy/patches/0004-BUG-MINOR-http-add-header-header-name-copied-twice.patch

@@ -0,0 +1,32 @@
+From cba3bd6e5ce9b0be83c701c3c7a103d01d5b516d Mon Sep 17 00:00:00 2001
+From: Thierry Fournier <thierry.fournier@ozon.io>
+Date: Wed, 1 Jun 2016 13:36:20 +0200
+Subject: [PATCH 4/4] BUG/MINOR: http: add-header: header name copied twice
+
+The header name is copied two time in the buffer. The first copy is a printf-like
+function writing the name and the http separators in the buffer, and the second
+form is a memcopy. This seems to be inherited from some changes. This patch
+removes the printf like, format.
+
+This patch must be backported in 1.6 and 1.5 versions
+(cherry picked from commit 53c1a9b7cb8f3fe79b5492218363b6c0ff608fc1)
+(cherry picked from commit d281d68d3aa010f7e1a635c92ab486f7f2c666b9)
+---
+ src/proto_http.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/proto_http.c b/src/proto_http.c
+index 0b13c5e..8801592 100644
+--- a/src/proto_http.c
++++ b/src/proto_http.c
+@@ -3399,7 +3399,6 @@ http_req_get_intercept_rule(struct proxy *px, struct list *rules, struct session
+ 
+ 		case HTTP_REQ_ACT_SET_HDR:
+ 		case HTTP_REQ_ACT_ADD_HDR:
+-			chunk_printf(&trash, "%s: ", rule->arg.hdr_add.name);
+ 			memcpy(trash.str, rule->arg.hdr_add.name, rule->arg.hdr_add.name_len);
+ 			trash.len = rule->arg.hdr_add.name_len;
+ 			trash.str[trash.len++] = ':';
+-- 
+2.7.3
+