- [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in - [PATCH 2/4] DOC: usesrc root privileges requirements - [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3. - [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works Signed-off-by: heil <heil@terminal-consulting.de>lilik-openwrt-22.03
@ -0,0 +1,64 @@ | |||||
From df0a5960987b3cb663dcfa93d29c21acc13cd3e3 Mon Sep 17 00:00:00 2001 | |||||
From: Willy Tarreau <w@1wt.eu> | |||||
Date: Thu, 9 Jul 2015 11:20:00 +0200 | |||||
Subject: [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in | |||||
fmt_directives() | |||||
ARGC_CAP was not added to fmt_directives() which is used to format | |||||
error messages when failing to parse log format expressions. The | |||||
whole switch/case has been reorganized to match the declaration | |||||
order making it easier to spot missing values. The default is not | |||||
the "log" directive anymore but "undefined" asking to report the | |||||
bug. | |||||
Backport to 1.5 is not strictly needed but is desirable at least | |||||
for code sanity. | |||||
(cherry picked from commit 53e1a6d31743b1bef6063ff30b812521391ae3c3) | |||||
--- | |||||
src/log.c | 24 ++++++++++++++---------- | |||||
1 file changed, 14 insertions(+), 10 deletions(-) | |||||
diff --git a/src/log.c b/src/log.c | |||||
index 1a5ad25..f0a3072 100644 | |||||
--- a/src/log.c | |||||
+++ b/src/log.c | |||||
@@ -167,22 +167,26 @@ struct logformat_var_args var_args_list[] = { | |||||
static inline const char *fmt_directive(const struct proxy *curproxy) | |||||
{ | |||||
switch (curproxy->conf.args.ctx) { | |||||
- case ARGC_UIF: | |||||
- return "unique-id-format"; | |||||
+ case ARGC_ACL: | |||||
+ return "acl"; | |||||
+ case ARGC_STK: | |||||
+ return "stick"; | |||||
+ case ARGC_TRK: | |||||
+ return "track-sc"; | |||||
+ case ARGC_LOG: | |||||
+ return "log-format"; | |||||
case ARGC_HRQ: | |||||
return "http-request"; | |||||
case ARGC_HRS: | |||||
return "http-response"; | |||||
- case ARGC_STK: | |||||
- return "stick"; | |||||
- case ARGC_TRK: | |||||
- return "track-sc"; break; | |||||
+ case ARGC_UIF: | |||||
+ return "unique-id-format"; | |||||
case ARGC_RDR: | |||||
- return "redirect"; break; | |||||
- case ARGC_ACL: | |||||
- return "acl"; break; | |||||
+ return "redirect"; | |||||
+ case ARGC_CAP: | |||||
+ return "capture"; | |||||
default: | |||||
- return "log-format"; | |||||
+ return "undefined(please report this bug)"; /* must never happen */ | |||||
} | |||||
} | |||||
-- | |||||
2.3.6 | |||||
@ -0,0 +1,27 @@ | |||||
From ea31f225c2c93a25b8bef7a9241a89cecfd9d350 Mon Sep 17 00:00:00 2001 | |||||
From: Baptiste Assmann <bedis9@gmail.com> | |||||
Date: Fri, 17 Jul 2015 21:59:42 +0200 | |||||
Subject: [PATCH 2/4] DOC: usesrc root privileges requirements | |||||
The "usesrc" parameter of the source statement requires root privileges. | |||||
(cherry picked from commit 91bd337d90cb347feda34b01402f3471c8a4833c) | |||||
--- | |||||
doc/configuration.txt | 2 ++ | |||||
1 file changed, 2 insertions(+) | |||||
diff --git a/doc/configuration.txt b/doc/configuration.txt | |||||
index 6714afb..64697a4 100644 | |||||
--- a/doc/configuration.txt | |||||
+++ b/doc/configuration.txt | |||||
@@ -6117,6 +6117,8 @@ source <addr>[:<port>] [interface <name>] | |||||
is possible at the server level using the "source" server option. Refer to | |||||
section 5 for more information. | |||||
+ In order to work, "usesrc" requires root privileges. | |||||
+ | |||||
Examples : | |||||
backend private | |||||
# Connect to the servers using our 192.168.1.200 source address | |||||
-- | |||||
2.3.6 | |||||
@ -0,0 +1,51 @@ | |||||
From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001 | |||||
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org> | |||||
Date: Sat, 25 Jul 2015 16:50:52 -0600 | |||||
Subject: [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3. | |||||
If SSLv3 is explicitely requested but not available, warn the user and | |||||
bail out. | |||||
(cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849) | |||||
--- | |||||
src/ssl_sock.c | 16 ++++++++++++++-- | |||||
1 file changed, 14 insertions(+), 2 deletions(-) | |||||
diff --git a/src/ssl_sock.c b/src/ssl_sock.c | |||||
index 7d77d36..2ae45ec 100644 | |||||
--- a/src/ssl_sock.c | |||||
+++ b/src/ssl_sock.c | |||||
@@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy | |||||
ssloptions |= SSL_OP_NO_TLSv1_2; | |||||
if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS) | |||||
ssloptions |= SSL_OP_NO_TICKET; | |||||
- if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) | |||||
+ if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) { | |||||
+#ifndef OPENSSL_NO_SSL3 | |||||
SSL_CTX_set_ssl_version(ctx, SSLv3_server_method()); | |||||
+#else | |||||
+ Alert("SSLv3 support requested but unavailable.\n"); | |||||
+ cfgerr++; | |||||
+#endif | |||||
+ } | |||||
if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10) | |||||
SSL_CTX_set_ssl_version(ctx, TLSv1_server_method()); | |||||
#if SSL_OP_NO_TLSv1_1 | |||||
@@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) | |||||
options |= SSL_OP_NO_TLSv1_2; | |||||
if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS) | |||||
options |= SSL_OP_NO_TICKET; | |||||
- if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) | |||||
+ if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) { | |||||
+#ifndef OPENSSL_NO_SSL3 | |||||
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method()); | |||||
+#else | |||||
+ Alert("SSLv3 support requested but unavailable."); | |||||
+ cfgerr++; | |||||
+#endif | |||||
+ } | |||||
if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10) | |||||
SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method()); | |||||
#if SSL_OP_NO_TLSv1_1 | |||||
-- | |||||
2.3.6 | |||||
@ -0,0 +1,26 @@ | |||||
From e4766ba031e1fea8f2ca139316dc4e8209e960c2 Mon Sep 17 00:00:00 2001 | |||||
From: Daniel Jakots <vigdis@chown.me> | |||||
Date: Wed, 29 Jul 2015 08:03:08 +0200 | |||||
Subject: [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works | |||||
(cherry picked from commit 17d228be14762b282e5262262c45ecee4c265552) | |||||
--- | |||||
README | 2 +- | |||||
1 file changed, 1 insertion(+), 1 deletion(-) | |||||
diff --git a/README b/README | |||||
index add7f06..e267730 100644 | |||||
--- a/README | |||||
+++ b/README | |||||
@@ -39,7 +39,7 @@ and assign it to the TARGET variable : | |||||
- solaris for Solaris 8 or 10 (others untested) | |||||
- freebsd for FreeBSD 5 to 10 (others untested) | |||||
- osx for Mac OS/X | |||||
- - openbsd for OpenBSD 3.1 to 5.2 (others untested) | |||||
+ - openbsd for OpenBSD 3.1 and above | |||||
- aix51 for AIX 5.1 | |||||
- aix52 for AIX 5.2 | |||||
- cygwin for Cygwin | |||||
-- | |||||
2.3.6 | |||||