Browse Source

haproxy: fixes for upstream version 1.5.14

- [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in
 - [PATCH 2/4] DOC: usesrc root privileges requirements
 - [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3.
 - [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works

Signed-off-by: heil <heil@terminal-consulting.de>
lilik-openwrt-22.03
heil 9 years ago
parent
commit
904a8b70d1
5 changed files with 169 additions and 1 deletions
  1. +1
    -1
      net/haproxy/Makefile
  2. +64
    -0
      net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
  3. +27
    -0
      net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch
  4. +51
    -0
      net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
  5. +26
    -0
      net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch

+ 1
- 1
net/haproxy/Makefile View File

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=1.5.14
PKG_RELEASE:=00
PKG_RELEASE:=04
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)


+ 64
- 0
net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch View File

@ -0,0 +1,64 @@
From df0a5960987b3cb663dcfa93d29c21acc13cd3e3 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 9 Jul 2015 11:20:00 +0200
Subject: [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in
fmt_directives()
ARGC_CAP was not added to fmt_directives() which is used to format
error messages when failing to parse log format expressions. The
whole switch/case has been reorganized to match the declaration
order making it easier to spot missing values. The default is not
the "log" directive anymore but "undefined" asking to report the
bug.
Backport to 1.5 is not strictly needed but is desirable at least
for code sanity.
(cherry picked from commit 53e1a6d31743b1bef6063ff30b812521391ae3c3)
---
src/log.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/src/log.c b/src/log.c
index 1a5ad25..f0a3072 100644
--- a/src/log.c
+++ b/src/log.c
@@ -167,22 +167,26 @@ struct logformat_var_args var_args_list[] = {
static inline const char *fmt_directive(const struct proxy *curproxy)
{
switch (curproxy->conf.args.ctx) {
- case ARGC_UIF:
- return "unique-id-format";
+ case ARGC_ACL:
+ return "acl";
+ case ARGC_STK:
+ return "stick";
+ case ARGC_TRK:
+ return "track-sc";
+ case ARGC_LOG:
+ return "log-format";
case ARGC_HRQ:
return "http-request";
case ARGC_HRS:
return "http-response";
- case ARGC_STK:
- return "stick";
- case ARGC_TRK:
- return "track-sc"; break;
+ case ARGC_UIF:
+ return "unique-id-format";
case ARGC_RDR:
- return "redirect"; break;
- case ARGC_ACL:
- return "acl"; break;
+ return "redirect";
+ case ARGC_CAP:
+ return "capture";
default:
- return "log-format";
+ return "undefined(please report this bug)"; /* must never happen */
}
}
--
2.3.6

+ 27
- 0
net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch View File

@ -0,0 +1,27 @@
From ea31f225c2c93a25b8bef7a9241a89cecfd9d350 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann <bedis9@gmail.com>
Date: Fri, 17 Jul 2015 21:59:42 +0200
Subject: [PATCH 2/4] DOC: usesrc root privileges requirements
The "usesrc" parameter of the source statement requires root privileges.
(cherry picked from commit 91bd337d90cb347feda34b01402f3471c8a4833c)
---
doc/configuration.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6714afb..64697a4 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -6117,6 +6117,8 @@ source <addr>[:<port>] [interface <name>]
is possible at the server level using the "source" server option. Refer to
section 5 for more information.
+ In order to work, "usesrc" requires root privileges.
+
Examples :
backend private
# Connect to the servers using our 192.168.1.200 source address
--
2.3.6

+ 51
- 0
net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch View File

@ -0,0 +1,51 @@
From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org>
Date: Sat, 25 Jul 2015 16:50:52 -0600
Subject: [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3.
If SSLv3 is explicitely requested but not available, warn the user and
bail out.
(cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849)
---
src/ssl_sock.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7d77d36..2ae45ec 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
ssloptions |= SSL_OP_NO_TLSv1_2;
if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
ssloptions |= SSL_OP_NO_TICKET;
- if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
+ if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) {
+#ifndef OPENSSL_NO_SSL3
SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
+#else
+ Alert("SSLv3 support requested but unavailable.\n");
+ cfgerr++;
+#endif
+ }
if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
#if SSL_OP_NO_TLSv1_1
@@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
options |= SSL_OP_NO_TLSv1_2;
if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
options |= SSL_OP_NO_TICKET;
- if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
+ if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) {
+#ifndef OPENSSL_NO_SSL3
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
+#else
+ Alert("SSLv3 support requested but unavailable.");
+ cfgerr++;
+#endif
+ }
if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
#if SSL_OP_NO_TLSv1_1
--
2.3.6

+ 26
- 0
net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch View File

@ -0,0 +1,26 @@
From e4766ba031e1fea8f2ca139316dc4e8209e960c2 Mon Sep 17 00:00:00 2001
From: Daniel Jakots <vigdis@chown.me>
Date: Wed, 29 Jul 2015 08:03:08 +0200
Subject: [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works
(cherry picked from commit 17d228be14762b282e5262262c45ecee4c265552)
---
README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README b/README
index add7f06..e267730 100644
--- a/README
+++ b/README
@@ -39,7 +39,7 @@ and assign it to the TARGET variable :
- solaris for Solaris 8 or 10 (others untested)
- freebsd for FreeBSD 5 to 10 (others untested)
- osx for Mac OS/X
- - openbsd for OpenBSD 3.1 to 5.2 (others untested)
+ - openbsd for OpenBSD 3.1 and above
- aix51 for AIX 5.1
- aix52 for AIX 5.2
- cygwin for Cygwin
--
2.3.6

Loading…
Cancel
Save