Browse Source
haproxy: fixes for upstream version 1.5.14
- [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in - [PATCH 2/4] DOC: usesrc root privileges requirements - [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3. - [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works Signed-off-by: heil <heil@terminal-consulting.de>lilik-openwrt-22.03
heil
9 years ago
5 changed files with 169 additions and 1 deletions
Split View
Diff Options
-
+1 -1net/haproxy/Makefile
-
+64 -0net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
-
+27 -0net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch
-
+51 -0net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
-
+26 -0net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
+ 1
- 1
net/haproxy/Makefile
View File
+ 64
- 0
net/haproxy/patches/0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
View File
| @ -0,0 +1,64 @@ | |||
| From df0a5960987b3cb663dcfa93d29c21acc13cd3e3 Mon Sep 17 00:00:00 2001 | |||
| From: Willy Tarreau <w@1wt.eu> | |||
| Date: Thu, 9 Jul 2015 11:20:00 +0200 | |||
| Subject: [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in | |||
| fmt_directives() | |||
| ARGC_CAP was not added to fmt_directives() which is used to format | |||
| error messages when failing to parse log format expressions. The | |||
| whole switch/case has been reorganized to match the declaration | |||
| order making it easier to spot missing values. The default is not | |||
| the "log" directive anymore but "undefined" asking to report the | |||
| bug. | |||
| Backport to 1.5 is not strictly needed but is desirable at least | |||
| for code sanity. | |||
| (cherry picked from commit 53e1a6d31743b1bef6063ff30b812521391ae3c3) | |||
| --- | |||
| src/log.c | 24 ++++++++++++++---------- | |||
| 1 file changed, 14 insertions(+), 10 deletions(-) | |||
| diff --git a/src/log.c b/src/log.c | |||
| index 1a5ad25..f0a3072 100644 | |||
| --- a/src/log.c | |||
| +++ b/src/log.c | |||
| @@ -167,22 +167,26 @@ struct logformat_var_args var_args_list[] = { | |||
| static inline const char *fmt_directive(const struct proxy *curproxy) | |||
| { | |||
| switch (curproxy->conf.args.ctx) { | |||
| - case ARGC_UIF: | |||
| - return "unique-id-format"; | |||
| + case ARGC_ACL: | |||
| + return "acl"; | |||
| + case ARGC_STK: | |||
| + return "stick"; | |||
| + case ARGC_TRK: | |||
| + return "track-sc"; | |||
| + case ARGC_LOG: | |||
| + return "log-format"; | |||
| case ARGC_HRQ: | |||
| return "http-request"; | |||
| case ARGC_HRS: | |||
| return "http-response"; | |||
| - case ARGC_STK: | |||
| - return "stick"; | |||
| - case ARGC_TRK: | |||
| - return "track-sc"; break; | |||
| + case ARGC_UIF: | |||
| + return "unique-id-format"; | |||
| case ARGC_RDR: | |||
| - return "redirect"; break; | |||
| - case ARGC_ACL: | |||
| - return "acl"; break; | |||
| + return "redirect"; | |||
| + case ARGC_CAP: | |||
| + return "capture"; | |||
| default: | |||
| - return "log-format"; | |||
| + return "undefined(please report this bug)"; /* must never happen */ | |||
| } | |||
| } | |||
| -- | |||
| 2.3.6 | |||
+ 27
- 0
net/haproxy/patches/0002-DOC-usesrc-root-privileges-requirements.patch
View File
| @ -0,0 +1,27 @@ | |||
| From ea31f225c2c93a25b8bef7a9241a89cecfd9d350 Mon Sep 17 00:00:00 2001 | |||
| From: Baptiste Assmann <bedis9@gmail.com> | |||
| Date: Fri, 17 Jul 2015 21:59:42 +0200 | |||
| Subject: [PATCH 2/4] DOC: usesrc root privileges requirements | |||
| The "usesrc" parameter of the source statement requires root privileges. | |||
| (cherry picked from commit 91bd337d90cb347feda34b01402f3471c8a4833c) | |||
| --- | |||
| doc/configuration.txt | 2 ++ | |||
| 1 file changed, 2 insertions(+) | |||
| diff --git a/doc/configuration.txt b/doc/configuration.txt | |||
| index 6714afb..64697a4 100644 | |||
| --- a/doc/configuration.txt | |||
| +++ b/doc/configuration.txt | |||
| @@ -6117,6 +6117,8 @@ source <addr>[:<port>] [interface <name>] | |||
| is possible at the server level using the "source" server option. Refer to | |||
| section 5 for more information. | |||
| + In order to work, "usesrc" requires root privileges. | |||
| + | |||
| Examples : | |||
| backend private | |||
| # Connect to the servers using our 192.168.1.200 source address | |||
| -- | |||
| 2.3.6 | |||
+ 51
- 0
net/haproxy/patches/0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
View File
| @ -0,0 +1,51 @@ | |||
| From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001 | |||
| From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org> | |||
| Date: Sat, 25 Jul 2015 16:50:52 -0600 | |||
| Subject: [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3. | |||
| If SSLv3 is explicitely requested but not available, warn the user and | |||
| bail out. | |||
| (cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849) | |||
| --- | |||
| src/ssl_sock.c | 16 ++++++++++++++-- | |||
| 1 file changed, 14 insertions(+), 2 deletions(-) | |||
| diff --git a/src/ssl_sock.c b/src/ssl_sock.c | |||
| index 7d77d36..2ae45ec 100644 | |||
| --- a/src/ssl_sock.c | |||
| +++ b/src/ssl_sock.c | |||
| @@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy | |||
| ssloptions |= SSL_OP_NO_TLSv1_2; | |||
| if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS) | |||
| ssloptions |= SSL_OP_NO_TICKET; | |||
| - if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) | |||
| + if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) { | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| SSL_CTX_set_ssl_version(ctx, SSLv3_server_method()); | |||
| +#else | |||
| + Alert("SSLv3 support requested but unavailable.\n"); | |||
| + cfgerr++; | |||
| +#endif | |||
| + } | |||
| if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10) | |||
| SSL_CTX_set_ssl_version(ctx, TLSv1_server_method()); | |||
| #if SSL_OP_NO_TLSv1_1 | |||
| @@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) | |||
| options |= SSL_OP_NO_TLSv1_2; | |||
| if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS) | |||
| options |= SSL_OP_NO_TICKET; | |||
| - if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) | |||
| + if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) { | |||
| +#ifndef OPENSSL_NO_SSL3 | |||
| SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method()); | |||
| +#else | |||
| + Alert("SSLv3 support requested but unavailable."); | |||
| + cfgerr++; | |||
| +#endif | |||
| + } | |||
| if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10) | |||
| SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method()); | |||
| #if SSL_OP_NO_TLSv1_1 | |||
| -- | |||
| 2.3.6 | |||
+ 26
- 0
net/haproxy/patches/0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
View File
| @ -0,0 +1,26 @@ | |||
| From e4766ba031e1fea8f2ca139316dc4e8209e960c2 Mon Sep 17 00:00:00 2001 | |||
| From: Daniel Jakots <vigdis@chown.me> | |||
| Date: Wed, 29 Jul 2015 08:03:08 +0200 | |||
| Subject: [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works | |||
| (cherry picked from commit 17d228be14762b282e5262262c45ecee4c265552) | |||
| --- | |||
| README | 2 +- | |||
| 1 file changed, 1 insertion(+), 1 deletion(-) | |||
| diff --git a/README b/README | |||
| index add7f06..e267730 100644 | |||
| --- a/README | |||
| +++ b/README | |||
| @@ -39,7 +39,7 @@ and assign it to the TARGET variable : | |||
| - solaris for Solaris 8 or 10 (others untested) | |||
| - freebsd for FreeBSD 5 to 10 (others untested) | |||
| - osx for Mac OS/X | |||
| - - openbsd for OpenBSD 3.1 to 5.2 (others untested) | |||
| + - openbsd for OpenBSD 3.1 and above | |||
| - aix51 for AIX 5.1 | |||
| - aix52 for AIX 5.2 | |||
| - cygwin for Cygwin | |||
| -- | |||
| 2.3.6 | |||