Browse Source

haproxy: Update HAProxy to v2.0.3

- Update haproxy download URL and hash
- Add new patches

Signed-off-by: Christian Lachner <gladiac@gmail.com>
lilik-openwrt-22.03
Christian Lachner 5 years ago
committed by Yousong Zhou
parent
commit
e7faabcf11
10 changed files with 3 additions and 275 deletions
  1. +2
    -2
      net/haproxy/Makefile
  2. +1
    -1
      net/haproxy/get-latest-patches.sh
  3. +0
    -81
      net/haproxy/patches/000-BUG-MINOR-mworker-cli-dont-output-a-n-before-the-response.patch
  4. +0
    -0
      net/haproxy/patches/000-OPENWRT-add-uclibc-support.patch
  5. +0
    -30
      net/haproxy/patches/001-BUG-MEDIUM-ssl-Dont-attempt-to-set-alpn-if-were-not-using-SSL.patch
  6. +0
    -0
      net/haproxy/patches/001-OPENWRT-openssl-deprecated.patch
  7. +0
    -35
      net/haproxy/patches/002-BUG-MEDIUM-mux-h1-Always-release-H1C-if-a-shutdown-for-writes-was-reported.patch
  8. +0
    -51
      net/haproxy/patches/003-BUG-MEDIUM-checks-unblock-signals-in-external-checks.patch
  9. +0
    -48
      net/haproxy/patches/004-BUG-MINOR-mux-h1-Skip-trailers-for-non-chunked-outgoing-messages.patch
  10. +0
    -27
      net/haproxy/patches/005-BUG-MINOR-mux-h1-Dont-return-the-empty-chunk-on-HEAD-responses.patch

+ 2
- 2
net/haproxy/Makefile View File

@ -10,12 +10,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=2.0.1
PKG_VERSION:=2.0.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.0/src
PKG_HASH:=9975c475ba6f19aac4b665d8705f7b9f7911df7fc316ba7b9efd6fe263181eb1
PKG_HASH:=aac1ff3e5079997985b6560f46bf265447d0cd841f11c4d77f15942c9fe4b770
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \


+ 1
- 1
net/haproxy/get-latest-patches.sh View File

@ -1,7 +1,7 @@
#!/bin/bash
CLONEURL=http://git.haproxy.org/git/haproxy-2.0.git
BASE_TAG=v2.0.1
BASE_TAG=v2.0.3
TMP_REPODIR=tmprepo
PATCHESDIR=patches


+ 0
- 81
net/haproxy/patches/000-BUG-MINOR-mworker-cli-dont-output-a-n-before-the-response.patch View File

@ -1,81 +0,0 @@
commit 1bd140ea3fab97ccd37adf9d0c106d52af9e53fa
Author: William Lallemand <wlallemand@haproxy.com>
Date: Mon Jul 1 10:56:15 2019 +0200
BUG/MINOR: mworker/cli: don't output a \n before the response
When using a level lower than admin on the master CLI, a \n is output
before the response, this is caused by the response of the "operator" or
"user" that are sent before the actual command.
To fix this problem we introduce the flag APPCTX_CLI_ST1_NOLF which ask
a command response to not be followed by the final \n.
This patch made a special case with the command operator and user
followed by a - so they are not followed by \n.
This patch must be backported to 2.0 and 1.9.
(cherry picked from commit ad03288e6b28d816abb443cf8c6d984a72bb91a6)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/include/types/applet.h b/include/types/applet.h
index c9e02d17..1f3a4983 100644
--- a/include/types/applet.h
+++ b/include/types/applet.h
@@ -50,6 +50,7 @@ struct applet {
#define APPCTX_CLI_ST1_PROMPT (1 << 0)
#define APPCTX_CLI_ST1_PAYLOAD (1 << 1)
+#define APPCTX_CLI_ST1_NOLF (1 << 2)
/* Context of a running applet. */
struct appctx {
diff --git a/src/cli.c b/src/cli.c
index 44ddc7bf..9a9f80f9 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -821,7 +821,7 @@ static void cli_io_handler(struct appctx *appctx)
prompt = "\n> ";
}
else {
- if (!(appctx->st1 & APPCTX_CLI_ST1_PAYLOAD))
+ if (!(appctx->st1 & (APPCTX_CLI_ST1_PAYLOAD|APPCTX_CLI_ST1_NOLF)))
prompt = "\n";
}
@@ -848,6 +848,8 @@ static void cli_io_handler(struct appctx *appctx)
/* switch state back to GETREQ to read next requests */
appctx->st0 = CLI_ST_GETREQ;
+ /* reactivate the \n at the end of the response for the next command */
+ appctx->st1 &= ~APPCTX_CLI_ST1_NOLF;
}
}
@@ -1442,6 +1444,10 @@ static int cli_parse_show_lvl(char **args, char *payload, struct appctx *appctx,
/* parse and set the CLI level dynamically */
static int cli_parse_set_lvl(char **args, char *payload, struct appctx *appctx, void *private)
{
+ /* this will ask the applet to not output a \n after the command */
+ if (!strcmp(args[1], "-"))
+ appctx->st1 |= APPCTX_CLI_ST1_NOLF;
+
if (!strcmp(args[0], "operator")) {
if (!cli_has_level(appctx, ACCESS_LVL_OPER)) {
return 1;
@@ -2097,11 +2103,11 @@ int pcli_parse_request(struct stream *s, struct channel *req, char **errmsg, int
if (pcli_has_level(s, ACCESS_LVL_ADMIN)) {
goto end;
} else if (pcli_has_level(s, ACCESS_LVL_OPER)) {
- ci_insert_line2(req, 0, "operator", strlen("operator"));
- ret += strlen("operator") + 2;
+ ci_insert_line2(req, 0, "operator -", strlen("operator -"));
+ ret += strlen("operator -") + 2;
} else if (pcli_has_level(s, ACCESS_LVL_USER)) {
- ci_insert_line2(req, 0, "user", strlen("user"));
- ret += strlen("user") + 2;
+ ci_insert_line2(req, 0, "user -", strlen("user -"));
+ ret += strlen("user -") + 2;
}
}
end:

net/haproxy/patches/006-OPENWRT-add-uclibc-support.patch → net/haproxy/patches/000-OPENWRT-add-uclibc-support.patch View File


+ 0
- 30
net/haproxy/patches/001-BUG-MEDIUM-ssl-Dont-attempt-to-set-alpn-if-were-not-using-SSL.patch View File

@ -1,30 +0,0 @@
commit aa2ecea6f711f50192476b26a5b1d767108bd761
Author: Olivier Houchard <ohouchard@haproxy.com>
Date: Fri Jun 28 14:10:33 2019 +0200
BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
Checks use ssl_sock_set_alpn() to set the ALPN if check-alpn is used, however
check-alpn failed to check if the connection was indeed using SSL, and thus,
would crash if check-alpn was used on a non-SSL connection. Fix this by
making sure the connection uses SSL before attempting to set the ALPN.
This should be backported to 2.0 and 1.9.
(cherry picked from commit e488ea865a433d93efcb14c0c602918070c6b208)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 05240063..c9fffbec 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6411,6 +6411,9 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
struct ssl_sock_ctx *ctx = conn->xprt_ctx;
+ if (!ssl_sock_is_ssl(conn))
+ return;
+
SSL_set_alpn_protos(ctx->ssl, alpn, len);
#endif
}

net/haproxy/patches/007-OPENWRT-openssl-deprecated.patch → net/haproxy/patches/001-OPENWRT-openssl-deprecated.patch View File


+ 0
- 35
net/haproxy/patches/002-BUG-MEDIUM-mux-h1-Always-release-H1C-if-a-shutdown-for-writes-was-reported.patch View File

@ -1,35 +0,0 @@
commit 9fa93f6220a374f724491fd781d44d31f307671f
Author: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri Jun 28 17:41:42 2019 +0200
BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
We must take care of this when the stream is detached from the
connection. Otherwise, on the server side, the connexion is inserted in the list
of idle connections of the session. But when reused, because the shutdown for
writes was already catched, nothing is sent to the server and the session is
blocked with a freezed connection.
This patch must be backported to 2.0 and 1.9. It is related to the issue #136
reported on Github.
(cherry picked from commit 3ac0f43020e1cd77198020201e4e482a1c2ef8ac)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/mux_h1.c b/src/mux_h1.c
index 3d2bd8b8..e497e6f6 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -2192,9 +2192,9 @@ static void h1_detach(struct conn_stream *cs)
}
}
- /* We don't want to close right now unless the connection is in error */
- if ((h1c->flags & (H1C_F_CS_ERROR|H1C_F_CS_SHUTDOWN|H1C_F_UPG_H2C)) ||
- (h1c->conn->flags & CO_FL_ERROR) || !h1c->conn->owner)
+ /* We don't want to close right now unless the connection is in error or shut down for writes */
+ if ((h1c->flags & (H1C_F_CS_ERROR|H1C_F_CS_SHUTW_NOW|H1C_F_CS_SHUTDOWN|H1C_F_UPG_H2C)) ||
+ (h1c->conn->flags & (CO_FL_ERROR|CO_FL_SOCK_WR_SH)) || !h1c->conn->owner)
h1_release(h1c);
else {
tasklet_wakeup(h1c->wait_event.tasklet);

+ 0
- 51
net/haproxy/patches/003-BUG-MEDIUM-checks-unblock-signals-in-external-checks.patch View File

@ -1,51 +0,0 @@
commit afc313e6cd4be32f3c3d212e875d4dbcef8a0c70
Author: Willy Tarreau <w@1wt.eu>
Date: Mon Jul 1 07:51:29 2019 +0200
BUG/MEDIUM: checks: unblock signals in external checks
As discussed in issue #140, processes are forked with signals blocked
resulting in haproxy's kill being ignored. This happens when the command
takes more time to complete than the configured check timeout or interval.
Just calling "sleep 30" every second makes the problem obvious.
The fix simply consists in unblocking the signals in the child after the
fork. It needs to be backported to all stable branches containing external
checks and where signals are blocked on startup. It's unclear when it
started, but the following config exhibits the issue :
global
external-check
listen www
bind :8001
timeout client 5s
timeout server 5s
timeout connect 5s
option external-check
external-check command "$PWD/sleep10.sh"
server local 127.0.0.1:80 check inter 200
$ cat sleep10.sh
#!/bin/sh
exec /bin/sleep 10
The "sleep" processes keep accumulating for 10 seconds and stabilize
around 25 when the bug is present. Just issuing "killall sleep" has no
effect on them, and stopping haproxy leaves these processes behind.
(cherry picked from commit 2df8cad0fea2d1a4ca8dd58f384df3c3c3f5d7ee)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/checks.c b/src/checks.c
index c175a752..e31eb173 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1997,6 +1997,7 @@ static int connect_proc_chk(struct task *t)
environ = check->envp;
extchk_setenv(check, EXTCHK_HAPROXY_SERVER_CURCONN, ultoa_r(s->cur_sess, buf, sizeof(buf)));
+ haproxy_unblock_signals();
execvp(px->check_command, check->argv);
ha_alert("Failed to exec process for external health check: %s. Aborting.\n",
strerror(errno));

+ 0
- 48
net/haproxy/patches/004-BUG-MINOR-mux-h1-Skip-trailers-for-non-chunked-outgoing-messages.patch View File

@ -1,48 +0,0 @@
commit 52131680c42ddbfa6f2b5d109ffc79c28f44e42a
Author: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu Jun 27 17:40:14 2019 +0200
BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
Unlike H1, H2 messages may contains trailers while the header "Content-Length"
is set. Indeed, because of the framed structure of HTTP/2, it is no longer
necessary to use the chunked transfer encoding. So Trailing HEADERS frames,
after all DATA frames, may be added on messages with an explicit content length.
But in H1, it is impossible to have trailers on non-chunked messages. So when
outgoing messages are formatted by the H1 multiplexer, if the message is not
chunked, all trailers must be dropped.
This patch must be backported to 2.0 and 1.9. However, the patch will have to be
adapted for the 1.9.
(cherry picked from commit 5433a0b0215c791b4165bddd360a254fa141c6e9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/mux_h1.c b/src/mux_h1.c
index e497e6f6..e7d769b4 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -1696,7 +1696,9 @@ static size_t h1_process_output(struct h1c *h1c, struct buffer *buf, size_t coun
goto done;
}
else if (type == HTX_BLK_EOT || type == HTX_BLK_TLR) {
- if (!chunk_memcat(&tmp, "0\r\n", 3))
+ /* If the message is not chunked, never
+ * add the last chunk. */
+ if ((h1m->flags & H1_MF_CHNK) && !chunk_memcat(&tmp, "0\r\n", 3))
goto copy;
goto trailers;
}
@@ -1715,6 +1717,11 @@ static size_t h1_process_output(struct h1c *h1c, struct buffer *buf, size_t coun
goto error;
trailers:
h1m->state = H1_MSG_TRAILERS;
+ /* If the message is not chunked, ignore
+ * trailers. It may happen with H2 messages. */
+ if (!(h1m->flags & H1_MF_CHNK))
+ break;
+
if (type == HTX_BLK_EOT) {
if (!chunk_memcat(&tmp, "\r\n", 2))
goto copy;

+ 0
- 27
net/haproxy/patches/005-BUG-MINOR-mux-h1-Dont-return-the-empty-chunk-on-HEAD-responses.patch View File

@ -1,27 +0,0 @@
commit 33d58b51e0f1bf68603aa86c9125ae75d6964454
Author: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon Jul 1 16:17:30 2019 +0200
BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
HEAD responses must not have any body payload. But, because of a bug, for chunk
reponses, the empty chunk was always added.
This patch fixes the Github issue #146. It must be backported to 2.0 and 1.9.
(cherry picked from commit b8fc304e8f996f0d9835e4d6524ef8961d3be076)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/mux_h1.c b/src/mux_h1.c
index e7d769b4..37cc8252 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -1682,6 +1682,8 @@ static size_t h1_process_output(struct h1c *h1c, struct buffer *buf, size_t coun
h1m->flags |= (H1_MF_NO_PHDR|H1_MF_CLEAN_CONN_HDR);
h1s->flags &= ~H1S_F_HAVE_O_CONN;
}
+ else if ((h1m->flags & H1_MF_RESP) && h1s->meth == HTTP_METH_HEAD)
+ h1m->state = H1_MSG_DONE;
else
h1m->state = H1_MSG_DATA;
break;

Loading…
Cancel
Save