Browse Source

haproxy: update to version 1.5.10

- DOC: fix a few typos
 - BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized"
 - BUG/MINOR: parse: refer curproxy instead of proxy
 - DOC: httplog does not support 'no'
 - MINOR: map/acl/dumpstats: remove the "Done." message
 - BUG/MEDIUM: sample: fix random number upper-bound
 - BUG/MEDIUM: patterns: previous fix was incomplete
 - BUG/MEDIUM: payload: ensure that a request channel is available
 - BUG/MINOR: tcp-check: don't condition data polling on check type
 - BUG/MEDIUM: tcp-check: don't rely on random memory contents
 - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
 - BUG/MINOR: config: fix typo in condition when propagating process binding
 - BUG/MEDIUM: config: do not propagate processes between stopped processes
 - BUG/MAJOR: stream-int: properly check the memory allocation return
 - BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
 - BUG/MEDIUM: compression: correctly report zlib_mem

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
lilik-openwrt-22.03
Thomas Heil 10 years ago
parent
commit
a393c6b021
3 changed files with 3 additions and 86 deletions
  1. +3
    -3
      net/haproxy/Makefile
  2. +0
    -34
      net/haproxy/patches/0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
  3. +0
    -49
      net/haproxy/patches/0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch

+ 3
- 3
net/haproxy/Makefile View File

@ -9,12 +9,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=1.5.9
PKG_RELEASE:=02
PKG_VERSION:=1.5.10
PKG_RELEASE:=00
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MD5SUM:=b7672bb6a8aa188a655b418f3c96f65c
PKG_MD5SUM:=5631457ea1f84b3c0d8e5bc8015ed329
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=GPL-2.0


+ 0
- 34
net/haproxy/patches/0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch View File

@ -1,34 +0,0 @@
From bad3c6f1b6d776e5d9951a3b3054b4dce8922c54 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 26 Nov 2014 13:17:03 +0100
Subject: [PATCH 1/2] BUG/MEDIUM: patterns: previous fix was incomplete
Dmitry Sivachenko <trtrmitya@gmail.com> reported that commit 315ec42
("BUG/MEDIUM: pattern: don't load more than once a pattern list.")
relies on an uninitialised variable in the stack. While it used to
work fine during the tests, if the uninitialized variable is non-null,
some patterns may be aggregated if loaded multiple times, resulting in
slower processing, which was the original issue it tried to address.
The fix needs to be backported to 1.5.
(cherry picked from commit 4deaf39243c4d941998b1b0175bad05b8a287c0b)
---
src/pattern.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pattern.c b/src/pattern.c
index 20547f9..208e33a 100644
--- a/src/pattern.c
+++ b/src/pattern.c
@@ -2096,7 +2096,7 @@ int pattern_read_from_file(struct pattern_head *head, unsigned int refflags,
struct pat_ref *ref;
struct pattern_expr *expr;
struct pat_ref_elt *elt;
- int reuse;
+ int reuse = 0;
/* Lookup for the existing reference. */
ref = pat_ref_lookup(filename);
--
2.0.4

+ 0
- 49
net/haproxy/patches/0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch View File

@ -1,49 +0,0 @@
From 1e89acb6be9ba6400fe4defd3b6b2cc94c6667d9 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 26 Nov 2014 13:24:24 +0100
Subject: [PATCH 2/2] BUG/MEDIUM: payload: ensure that a request channel is
available
Denys Fedoryshchenko reported a segfault when using certain
sample fetch functions in the "tcp-request connection" rulesets
despite the warnings. This is because some tests for the existence
of the channel were missing.
The fetches which were fixed are :
- req.ssl_hello_type
- rep.ssl_hello_type
- req.ssl_sni
This fix must be backported to 1.5.
(cherry picked from commit 83f2592bcd2e186beeabcba16be16faaab82bd39)
---
src/payload.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/payload.c b/src/payload.c
index 4057f6f..f62163c 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -72,6 +72,9 @@ smp_fetch_ssl_hello_type(struct proxy *px, struct session *s, void *l7, unsigned
chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
+ if (!chn)
+ goto not_ssl_hello;
+
bleft = chn->buf->i;
data = (const unsigned char *)chn->buf->p;
@@ -276,6 +279,9 @@ smp_fetch_ssl_hello_sni(struct proxy *px, struct session *s, void *l7, unsigned
chn = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? s->rep : s->req;
+ if (!chn)
+ goto not_ssl_hello;
+
bleft = chn->buf->i;
data = (unsigned char *)chn->buf->p;
--
2.0.4

Loading…
Cancel
Save