haproxy: fixes from upstream

- [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail - [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning - [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes. - [PATCH 08/13] CLEANUP: .gitignore: ignore more test files - [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what - [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without - [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 - [PATCH 12/13] DOC: ssl: missing LF - [PATCH 13/13] DOC: fix example of http-request using Signed-off-by: heil <heil@terminal-consulting.de>
9 years ago · 8ce9ad4b8d
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=haproxy
 PKG_VERSION:=1.5.14
 PKG_RELEASE:=04
 PKG_RELEASE:=13
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
--- a/net/haproxy/patches/0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
+++ b/net/haproxy/patches/0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
@ -0,0 +1,33 @@
 From 955587271031d66e9b7a768e3bb18dae00b60cc6 Mon Sep 17 00:00:00 2001
 From: Thierry FOURNIER <tfournier@arpalert.org>
 Date: Wed, 8 Jul 2015 00:15:20 +0200
 Subject: [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail

 The man said that gmtime() and localtime() can return a NULL value.
 This is not tested. It appears that all the values of a 32 bit integer
 are valid, but it is better to check the return of these functions.

 However, if the integer move from 32 bits to 64 bits, some 64 values
 can be unsupported.
 (cherry picked from commit fac9ccfb705702f211f99e67d5f5d5129002086a)
 [wt: we only have sample_conv_date() in 1.5]
 ---
 src/proto_http.c | 2 ++
 1 file changed, 2 insertions(+)

 diff --git a/src/proto_http.c b/src/proto_http.c
 index 5db64b5..02dc42b 100644
 --- a/src/proto_http.c
 +++ b/src/proto_http.c
@@ -11249,6 +11249,8 @@ static int sample_conv_http_date(const struct arg *args, struct sample *smp)
 		curr_date += args[0].data.sint;
 
 	tm = gmtime(&curr_date);
 +	if (!tm)
 +		return 0;
 
 	temp = get_trash_chunk();
 	temp->len = snprintf(temp->str, temp->size - temp->len,
 -- 
 2.4.6

--- a/net/haproxy/patches/0006-DOC-typo-in-redirect-302-code-meaning.patch
+++ b/net/haproxy/patches/0006-DOC-typo-in-redirect-302-code-meaning.patch
@ -0,0 +1,27 @@
 From 6c7351bdd0778bc171a2b54faed058eadc8c9d0d Mon Sep 17 00:00:00 2001
 From: Baptiste Assmann <bedis9@gmail.com>
 Date: Mon, 3 Aug 2015 11:42:50 +0200
 Subject: [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning

 302 means a temprary move, not a permanent one
 (cherry picked from commit ea849c0cca63b1b56c9c36f9c3504caa5e826816)
 ---
 doc/configuration.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/doc/configuration.txt b/doc/configuration.txt
 index 64697a4..e8d8b2a 100644
 --- a/doc/configuration.txt
 +++ b/doc/configuration.txt
@@ -5443,7 +5443,7 @@ redirect scheme   <sch> [code <code>] <option> [{if | unless} <condition>]
               is desired. Only codes 301, 302, 303, 307 and 308 are supported,
               with 302 used by default if no code is specified. 301 means
               "Moved permanently", and a browser may cache the Location. 302
 -              means "Moved permanently" and means that the browser should not
 +              means "Moved temporarily" and means that the browser should not
               cache the redirection. 303 is equivalent to 302 except that the
               browser will fetch the location with a GET method. 307 is just
               like 302 but makes it clear that the same method must be reused.
 -- 
 2.4.6

--- a/net/haproxy/patches/0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
+++ b/net/haproxy/patches/0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
@ -0,0 +1,27 @@
 From c3453d53f2862b22d8c8e7d2399dfc38ec966aa4 Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Sun, 9 Aug 2015 10:56:35 +0200
 Subject: [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes.

 That's important to emit logs.
 (cherry picked from commit 812c88ec126e8fc4fc0f7853f265594d03c63956)
 ---
 doc/configuration.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/doc/configuration.txt b/doc/configuration.txt
 index e8d8b2a..1d95b5b 100644
 --- a/doc/configuration.txt
 +++ b/doc/configuration.txt
@@ -12381,7 +12381,7 @@ Please refer to the table below for currently defined variables :
   |   | %hrl | captured_request_headers CLF style            | string list |
   |   | %hs  | captured_response_headers default style       | string      |
   |   | %hsl | captured_response_headers CLF style           | string list |
 -  |   | %ms  | accept date milliseconds                      | numeric     |
 +  |   | %ms  | accept date milliseconds (left-padded with 0) | numeric     |
   |   | %pid | PID                                           | numeric     |
   | H | %r   | http_request                                  | string      |
   |   | %rc  | retries                                       | numeric     |
 -- 
 2.4.6

--- a/net/haproxy/patches/0008-CLEANUP-.gitignore-ignore-more-test-files.patch
+++ b/net/haproxy/patches/0008-CLEANUP-.gitignore-ignore-more-test-files.patch
@ -0,0 +1,50 @@
 From 1104336c0ba5f474fce8fe7c0125511b59f4dd3d Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Tue, 11 Aug 2015 11:20:45 +0200
 Subject: [PATCH 08/13] CLEANUP: .gitignore: ignore more test files

 Exclude from "git status" many of the files that often result from
 development tests and bug reports reproducers.
 (cherry picked from commit de365a320ead43168e78facfa337130759783515)
 ---
 .gitignore | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

 diff --git a/.gitignore b/.gitignore
 index 762f5ad..f6ccd0e 100644
 --- a/.gitignore
 +++ b/.gitignore
@@ -18,3 +18,30 @@ make-*
 dlmalloc.c
 00*.patch
 *.service
 +*.bak
 +contrib/base64/base64rev
 +contrib/halog/halog
 +contrib/ip6range/ip6range
 +contrib/iprange/iprange
 +tests/test_hashes
 +/*.cfg
 +/*.conf
 +/*.diff
 +/*.patch
 +/*.c
 +/*.o
 +/*.so
 +/*.txt
 +/*.TXT
 +/*.txt.*
 +/*.prof
 +/*.gprof
 +/*.prof.*
 +/*.gprof.*
 +/*.tar
 +/*.tar.gz
 +/*.tgz
 +/*.mbox
 +/*.sh
 +/bug*
 +/TAGS
 -- 
 2.4.6

--- a/net/haproxy/patches/0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
+++ b/net/haproxy/patches/0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
@ -0,0 +1,44 @@
 From 5e077624951a65e6aae381c7213fc54984768dd4 Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Tue, 11 Aug 2015 11:21:47 +0200
 Subject: [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what
 is known.

 Still too many files remain, it's easier to block everything but
 what we know.
 (cherry picked from commit d71f1766bdbb041f80394662b0d293f033f93005)
 ---
 .gitignore | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

 diff --git a/.gitignore b/.gitignore
 index f6ccd0e..1953ba3 100644
 --- a/.gitignore
 +++ b/.gitignore
@@ -45,3 +45,23 @@ tests/test_hashes
 /*.sh
 /bug*
 /TAGS
 +# Below we forbid everything and only allow what we know, that's much easier
 +# than blocking about 500 different test files and bug report outputs.
 +/.*
 +/*
 +!/.gitignore
 +!/CHANGELOG
 +!/LICENSE
 +!/Makefile
 +!/README
 +!/ROADMAP
 +!/SUBVERS
 +!/VERDATE
 +!/VERSION
 +!/contrib
 +!/doc
 +!/ebtree
 +!/examples
 +!/include
 +!/src
 +!/tests
 -- 
 2.4.6

--- a/net/haproxy/patches/0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
+++ b/net/haproxy/patches/0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
@ -0,0 +1,46 @@
 From c7c1e55f09839727ba7defd37347fc500dabb202 Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Tue, 11 Aug 2015 11:36:45 +0200
 Subject: [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without
 listener

 Commit c6678e2 ("MEDIUM: config: authorize frontend and listen without bind")
 completely removed the test for bind lines in frontends in order to make it
 easier for automated tools to generate configs (eg: replacing a bind with
 another one passing via a temporary config without any bind line). The
 problem is that some common mistakes are totally hidden now. For example,
 this apparently valid entry is silently ignored :

       listen 1.2.3.4:8000
           server s1 127.0.0.1:8000

 Hint: 1.2.3.4:8000 is mistakenly the proxy name here.

 Thus instead we now emit a warning to indicate that a frontend was found
 with no listener. This should be backported to 1.5 to help spot abnormal
 configurations.
 (cherry picked from commit f82d1ca2d7ec83804d6b54e61a35747ad2f85188)
 ---
 src/cfgparse.c | 6 ++++++
 1 file changed, 6 insertions(+)

 diff --git a/src/cfgparse.c b/src/cfgparse.c
 index 2a5f178..d67edc5 100644
 --- a/src/cfgparse.c
 +++ b/src/cfgparse.c
@@ -6193,6 +6193,12 @@ int check_config_validity()
 			break;
 		}
 
 +		if ((curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->conf.listeners)) {
 +			Warning("config : %s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n",
 +			        proxy_type_str(curproxy), curproxy->id);
 +			err_code |= ERR_WARN;
 +		}
 +
 		if ((curproxy->cap & PR_CAP_BE) && (curproxy->mode != PR_MODE_HEALTH)) {
 			if (curproxy->lbprm.algo & BE_LB_KIND) {
 				if (curproxy->options & PR_O_TRANSP) {
 -- 
 2.4.6

--- a/net/haproxy/patches/0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
+++ b/net/haproxy/patches/0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
@ -0,0 +1,93 @@
 From ee12145d38a7dee81a20cf232c724ccb7a46ad8b Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Tue, 18 Aug 2015 17:15:20 +0200
 Subject: [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0
 creates a missing entry

 During 1.5-dev20 there was some code refactoring to make the src_* fetch
 function use the same code as sc_*. Unfortunately this introduced a
 regression where src_* doesn't create an entry anymore if it does not
 exist in the table. The reason is that smp_fetch_sc_stkctr() only calls
 stktable_lookup_key() while src_inc_*/src_clr_* used to make use of
 stktable_update_key() which additionally create the entry if it does
 not exist.

 There's no point modifying the common function for these two exceptions,
 so instead we now have a function dedicated to the creation of this entry
 for src_* only. It is called when the entry didn't exist, so that requires
 minimal modifications to existing code.

 Thanks to Thierry Fournier for helping diagnose the issue.

 This fix must be backported to 1.5.
 (cherry picked from commit 0f4eadd4830279f5ee83aa545728fb750f5c8185)

 [Note: the backport to 1.5 significantly differs from the version in 1.6
 since we need to use the table's type and to retrieve the source address
 directly from the connection. At least it matches the way other src_*
 fetch functions work, and it's been verified to work fine]
 ---
 src/session.c | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

 diff --git a/src/session.c b/src/session.c
 index 5b9e407..6d62e36 100644
 --- a/src/session.c
 +++ b/src/session.c
@@ -2806,6 +2806,33 @@ smp_fetch_sc_stkctr(struct session *l4, const struct arg *args, const char *kw)
 	return &l4->stkctr[num];
 }
 
 +/* same as smp_fetch_sc_stkctr() but dedicated to src_* and can create
 + * the entry if it doesn't exist yet. This is needed for a few fetch
 + * functions which need to create an entry, such as src_inc_gpc* and
 + * src_clr_gpc*.
 + */
 +struct stkctr *
 +smp_create_src_stkctr(struct session *sess, const struct arg *args, const char *kw)
 +{
 +	static struct stkctr stkctr;
 +	struct stktable_key *key;
 +	struct connection *conn = objt_conn(sess->si[0].end);
 +
 +	if (strncmp(kw, "src_", 4) != 0)
 +		return NULL;
 +
 +	if (!conn)
 +		return NULL;
 +
 +	key = addr_to_stktable_key(&conn->addr.from, args->data.prx->table.type);
 +	if (!key)
 +		return NULL;
 +
 +	stkctr.table = &args->data.prx->table;
 +	stkctr_set_entry(&stkctr, stktable_update_key(stkctr.table, key));
 +	return &stkctr;
 +}
 +
 /* set return a boolean indicating if the requested session counter is
  * currently being tracked or not.
  * Supports being called as "sc[0-9]_tracked" only.
@@ -2887,6 +2914,9 @@ smp_fetch_sc_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
 	if (!stkctr)
 		return 0;
 
 +	if (stkctr_entry(stkctr) == NULL)
 +		stkctr = smp_create_src_stkctr(l4, args, kw);
 +
 	smp->flags = SMP_F_VOL_TEST;
 	smp->type = SMP_T_UINT;
 	smp->data.uint = 0;
@@ -2924,6 +2954,9 @@ smp_fetch_sc_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
 	if (!stkctr)
 		return 0;
 
 +	if (stkctr_entry(stkctr) == NULL)
 +		stkctr = smp_create_src_stkctr(l4, args, kw);
 +
 	smp->flags = SMP_F_VOL_TEST;
 	smp->type = SMP_T_UINT;
 	smp->data.uint = 0;
 -- 
 2.4.6

--- a/net/haproxy/patches/0012-DOC-ssl-missing-LF.patch
+++ b/net/haproxy/patches/0012-DOC-ssl-missing-LF.patch
@ -0,0 +1,27 @@
 From 2272b4ffde38c836adfd9a9b43ff5c019ef4190a Mon Sep 17 00:00:00 2001
 From: Thierry FOURNIER <tfournier@arpalert.org>
 Date: Wed, 26 Aug 2015 08:21:26 +0200
 Subject: [PATCH 12/13] DOC: ssl: missing LF

 An error message miss LF
 (cherry picked from commit bc965348d7ccc0a306504232ab85dc240fd31fbf)
 ---
 src/ssl_sock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/src/ssl_sock.c b/src/ssl_sock.c
 index 2ae45ec..8f698c0 100644
 --- a/src/ssl_sock.c
 +++ b/src/ssl_sock.c
@@ -1760,7 +1760,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
 #ifndef OPENSSL_NO_SSL3
 		SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
 #else
 -		Alert("SSLv3 support requested but unavailable.");
 +		Alert("SSLv3 support requested but unavailable.\n");
 		cfgerr++;
 #endif
 	}
 -- 
 2.4.6

--- a/net/haproxy/patches/0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
+++ b/net/haproxy/patches/0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
@ -0,0 +1,30 @@
 From d3a93a932430bc1a4cd5d1350820c2bec706e26d Mon Sep 17 00:00:00 2001
 From: Willy Tarreau <w@1wt.eu>
 Date: Thu, 27 Aug 2015 17:15:05 +0200
 Subject: [PATCH 13/13] DOC: fix example of http-request using
 ssl_fc_session_id

 It was missing the ",hex" resulting in raw binary data being dumped in
 the header or the logs. Now we know where these crazy logs originated
 from!
 (cherry picked from commit fca4261dacab51db960d30120f4bb4201f7e4a51)
 ---
 doc/configuration.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/doc/configuration.txt b/doc/configuration.txt
 index 1d95b5b..67d273b 100644
 --- a/doc/configuration.txt
 +++ b/doc/configuration.txt
@@ -3135,7 +3135,7 @@ http-request { allow | deny | tarpit | auth [realm <realm>] | redirect <rule> |
   Example:
         http-request set-header X-Haproxy-Current-Date %T
         http-request set-header X-SSL                  %[ssl_fc]
 -        http-request set-header X-SSL-Session_ID       %[ssl_fc_session_id]
 +        http-request set-header X-SSL-Session_ID       %[ssl_fc_session_id,hex]
         http-request set-header X-SSL-Client-Verify    %[ssl_c_verify]
         http-request set-header X-SSL-Client-DN        %{+Q}[ssl_c_s_dn]
         http-request set-header X-SSL-Client-CN        %{+Q}[ssl_c_s_dn(cn)]
 -- 
 2.4.6