Browse Source

Merge pull request #7571 from gladiac1337/feature-haproxy-v1.8.14-updates3

haproxy: Update all patches for HAProxy v1.8.14
lilik-openwrt-22.03
Thomas Heil 6 years ago
committed by GitHub
parent
commit
c4e8ff98c0
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 180 additions and 7 deletions
  1. +6
    -7
      net/haproxy/Makefile
  2. +43
    -0
      net/haproxy/patches/0041-BUG-MINOR-config-better-detect-the-presence-of-the-h2-pattern-in-npn-alpn.patch
  3. +61
    -0
      net/haproxy/patches/0042-BUG-MEDIUM-Make-sure-stksess-is-properly-aligned.patch
  4. +38
    -0
      net/haproxy/patches/0043-BUG-MINOR-config-Copy-default-error-messages-when-parsing-of-a-backend-starts.patch
  5. +32
    -0
      net/haproxy/patches/0044-BUG-MEDIUM-hpack-fix-encoding-of-accept-ranges-field.patch
  6. +0
    -0
      net/haproxy/patches/0045-deprecated-openssl.patch

+ 6
- 7
net/haproxy/Makefile View File

@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=1.8.14
PKG_RELEASE:=4
PKG_RELEASE:=5
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/1.8/src/
@ -137,20 +137,20 @@ define Build/Compile
DESTDIR="$(PKG_INSTALL_DIR)" \
CC="$(TARGET_CC)" \
PCREDIR="$(STAGING_DIR)/usr/" \
SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 " \
SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \
USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 USE_TFO=1 \
USE_ZLIB=yes USE_PCRE=1 USE_PCRE_JIT=1 USE_GETADDRINFO=1 \
VERSION="$(PKG_VERSION)-$(PKG_RELEASE)" \
VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \
VERDATE="$(shell date -d @$(SOURCE_DATE_EPOCH) '+%Y/%m/%d')" IGNOREGIT=1 \
$(ADDON) \
CFLAGS="$(TARGET_CFLAGS)" \
LD="$(TARGET_CC)" \
LDFLAGS="$(TARGET_LDFLAGS) -latomic" \
IGNOREGIT=1
LDFLAGS="$(TARGET_LDFLAGS) -latomic"
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
LD="$(TARGET_CC)" \
LDFLAGS="$(TARGET_LDFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" \
$(MAKE_FLAGS) \
install
@ -158,7 +158,6 @@ define Build/Compile
DESTDIR="$(PKG_INSTALL_DIR)" \
$(MAKE_FLAGS) \
ADDLIB="-lcrypto" \
VERSION="$(PKG_VERSION)-$(PKG_RELEASE)" \
halog
endef


+ 43
- 0
net/haproxy/patches/0041-BUG-MINOR-config-better-detect-the-presence-of-the-h2-pattern-in-npn-alpn.patch View File

@ -0,0 +1,43 @@
commit c990c7fe448248c4e2a34b84b593cc1b3536b328
Author: Willy Tarreau <w@1wt.eu>
Date: Sun Nov 11 10:36:25 2018 +0100
BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
In 1.8, commit 45a66cc ("MEDIUM: config: ensure that tune.bufsize is at
least 16384 when using HTTP/2") tried to avoid an annoying issue making
H2 fail when haproxy is built with default buffer sizes smaller than 16kB,
which used to be the case for a very long time. Sadly, the test only sees
when NPN/ALPN exactly match "h2" and not when it's combined like
"h2,http/1.1" nor "http/1.1,h2". We can safely use strstr() there because
the string is prefixed by the token's length (0x02) which is unambiguous
as it cannot be part of any other token.
This fix should be backported to 1.8 as a safety guard against bad
configurations.
(cherry picked from commit 4db49c0704898e51892a176505299de3e022c5ea)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 87a4d803..618ffd39 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -7629,7 +7629,7 @@ int check_config_validity()
if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize < 16384) {
#ifdef OPENSSL_NPN_NEGOTIATED
/* check NPN */
- if (bind_conf->ssl_conf.npn_str && strcmp(bind_conf->ssl_conf.npn_str, "\002h2") == 0) {
+ if (bind_conf->ssl_conf.npn_str && strstr(bind_conf->ssl_conf.npn_str, "\002h2")) {
ha_alert("config : HTTP frontend '%s' enables HTTP/2 via NPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
cfgerr++;
@@ -7637,7 +7637,7 @@ int check_config_validity()
#endif
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
/* check ALPN */
- if (bind_conf->ssl_conf.alpn_str && strcmp(bind_conf->ssl_conf.alpn_str, "\002h2") == 0) {
+ if (bind_conf->ssl_conf.alpn_str && strstr(bind_conf->ssl_conf.alpn_str, "\002h2")) {
ha_alert("config : HTTP frontend '%s' enables HTTP/2 via ALPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
cfgerr++;

+ 61
- 0
net/haproxy/patches/0042-BUG-MEDIUM-Make-sure-stksess-is-properly-aligned.patch View File

@ -0,0 +1,61 @@
commit 5b259db1160fa12820cc5ba6399e4dbcefa6ab22
Author: Olivier Houchard <ohouchard@haproxy.com>
Date: Wed Nov 14 17:54:36 2018 +0100
BUG/MEDIUM: Make sure stksess is properly aligned.
When we allocate struct stksess, we also allocate memory to store the
associated data before the struct itself.
As the data can be of different types, they can have different size. However,
we need the struct stksess to be properly aligned, as it can do 64bits
load/store (including atomic load/stores) on 64bits platforms, and some of
them doesn't support unaligned access.
So, when allocating the struct stksess, round the size up to the next
multiple of sizeof(void *), and make sure the struct stksess itself is
properly aligned.
Many thanks to Paul Martin for investigating and reporting that bug.
This should be backported to earlier releases.
(cherry picked from commit 52dabbc4fad338233c7f0c96f977a43f8f81452a)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/src/stick_table.c b/src/stick_table.c
index f1442603..0a238378 100644
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -44,6 +44,7 @@
/* structure used to return a table key built from a sample */
static THREAD_LOCAL struct stktable_key static_table_key;
+#define round_ptr_size(i) (((i) + (sizeof(void *) - 1)) &~ (sizeof(void *) - 1))
/*
* Free an allocated sticky session <ts>, and decrease sticky sessions counter
* in table <t>.
@@ -51,7 +52,7 @@ static THREAD_LOCAL struct stktable_key static_table_key;
void __stksess_free(struct stktable *t, struct stksess *ts)
{
t->current--;
- pool_free(t->pool, (void *)ts - t->data_size);
+ pool_free(t->pool, (void *)ts - round_ptr_size(t->data_size));
}
/*
@@ -229,7 +230,7 @@ struct stksess *__stksess_new(struct stktable *t, struct stktable_key *key)
ts = pool_alloc(t->pool);
if (ts) {
t->current++;
- ts = (void *)ts + t->data_size;
+ ts = (void *)ts + round_ptr_size(t->data_size);
__stksess_init(t, ts);
if (key)
stksess_setkey(t, ts, key);
@@ -597,7 +598,7 @@ int stktable_init(struct stktable *t)
t->updates = EB_ROOT_UNIQUE;
HA_SPIN_INIT(&t->lock);
- t->pool = create_pool("sticktables", sizeof(struct stksess) + t->data_size + t->key_size, MEM_F_SHARED);
+ t->pool = create_pool("sticktables", sizeof(struct stksess) + round_ptr_size(t->data_size) + t->key_size, MEM_F_SHARED);
t->exp_next = TICK_ETERNITY;
if ( t->expire ) {

+ 38
- 0
net/haproxy/patches/0043-BUG-MINOR-config-Copy-default-error-messages-when-parsing-of-a-backend-starts.patch View File

@ -0,0 +1,38 @@
commit 54824cf35520b11ff97e0937beeb429dcdc55fd0
Author: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon Nov 12 11:57:31 2018 +0100
BUG/MINOR: config: Copy default error messages when parsing of a backend starts
To be used, error messages declared in a default section must be copied when the
parsing of a proxy section starts. But this was only done for frontends.
This patch may be backported to older versions.
(cherry picked from commit 6b44975fbd2f7d81074e20bc07fc0e01466cc9c9)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 618ffd39..6bc6b259 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -2787,15 +2787,15 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
curproxy->server_id_hdr_name = strdup(defproxy.server_id_hdr_name);
}
+ /* initialize error relocations */
+ for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
+ chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
+
if (curproxy->cap & PR_CAP_FE) {
curproxy->maxconn = defproxy.maxconn;
curproxy->backlog = defproxy.backlog;
curproxy->fe_sps_lim = defproxy.fe_sps_lim;
- /* initialize error relocations */
- for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
- chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
-
curproxy->to_log = defproxy.to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR;
}

+ 32
- 0
net/haproxy/patches/0044-BUG-MEDIUM-hpack-fix-encoding-of-accept-ranges-field.patch View File

@ -0,0 +1,32 @@
commit 64a7cbf4ea3276b72ffb121acab676542cebde1b
Author: Willy Tarreau <w@1wt.eu>
Date: Tue Nov 20 04:47:38 2018 +0100
BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
James Brown reported that when an "accept-ranges" header field is sent
through haproxy and converted from HTTP/1.1 to H2, it's mis-encoded as
"accept-language". It happens that it's one of the few very common header
fields encoded using its index value and that this index value was misread
in the spec as 17 instead of 18, resulting in the wrong name being sent.
Thanks to Lukas for spotting the issue in the HPACK encoder itself.
This fix must be backported to 1.8.
(cherry picked from commit 4bf194cbdbcda8ec4ce83d7f12d2fe9b08483c94)
[wla: buffer API edit]
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/src/hpack-enc.c b/src/hpack-enc.c
index d1f68c58..99c73103 100644
--- a/src/hpack-enc.c
+++ b/src/hpack-enc.c
@@ -101,7 +101,7 @@ int hpack_encode_header(struct chunk *out, const struct ist n, const struct ist
else if (isteq(n, ist("last-modified")))
out->str[len++] = 0x6c; // literal with indexing -- name="last-modified" (idx 44)
else if (isteq(n, ist("accept-ranges")))
- out->str[len++] = 0x51; // literal with indexing -- name="accept-ranges" (idx 17)
+ out->str[len++] = 0x52; // literal with indexing -- name="accept-ranges" (idx 18)
else if (isteq(n, ist("cache-control")))
out->str[len++] = 0x58; // literal with indexing -- name="cache-control" (idx 24)
else if (isteq(n, ist("content-length")))

net/haproxy/patches/0041-deprecated-openssl.patch → net/haproxy/patches/0045-deprecated-openssl.patch View File


Loading…
Cancel
Save