haproxy: fixes from upstream

 - [PATCH 10/12] MINOR: stats: fix minor typo in HTML page
 - [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace
 - [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>

diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index c74e58aa22988317951dd15436b279cb4c6de6d2..859331f3c61c5bf7d787c16935214c680e7e16b7 100644 (file)
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
 PKG_VERSION:=1.5.1
-PKG_RELEASE:=09
+PKG_RELEASE:=12
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
 PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4

diff --git a/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch b/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch
new file mode 100644 (file)
index 0000000..8496abc
--- /dev/null
+++ b/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch
@@ -0,0 +1,28 @@
+From d38f5c0c1cbba00d80cad2640c005794fa5bc4f9 Mon Sep 17 00:00:00 2001
+From: Marco Corte <marco@marcocorte.it>
+Date: Wed, 2 Jul 2014 17:49:34 +0200
+Subject: [PATCH 10/12] MINOR: stats: fix minor typo in HTML page
+
+There is a very small typo in the statistics interface: a "set" in
+lowercase where allothers are uppercase "Set".
+(cherry picked from commit 8c27bcaea0116247ee055c5481a63507de4fe6e4)
+---
+ src/dumpstats.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dumpstats.c b/src/dumpstats.c
+index c8bac08..5365042 100644
+--- a/src/dumpstats.c
++++ b/src/dumpstats.c
+@@ -3710,7 +3710,7 @@ static void stats_dump_html_px_end(struct stream_interface *si, struct proxy *px
+                             "<option value=\"\"></option>"
+                             "<option value=\"ready\">Set state to READY</option>"
+                             "<option value=\"drain\">Set state to DRAIN</option>"
+-                            "<option value=\"maint\">set state to MAINT</option>"
++                            "<option value=\"maint\">Set state to MAINT</option>"
+                             "<option value=\"dhlth\">Health: disable checks</option>"
+                             "<option value=\"ehlth\">Health: enable checks</option>"
+                             "<option value=\"hrunn\">Health: force UP</option>"
+-- 
+1.8.5.5
+

diff --git a/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch b/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch
new file mode 100644 (file)
index 0000000..4851224
--- /dev/null
+++ b/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch
@@ -0,0 +1,45 @@
+From 76ad998e2b6ae852567ff53edb84a0b467c0c9cb Mon Sep 17 00:00:00 2001
+From: Jan Seda <hodor@hodor.cz>
+Date: Thu, 26 Jun 2014 20:44:05 +0200
+Subject: [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace
+ sockets upon failure.
+
+When bind() fails (function uxst_bind_listener()), the fail path doesn't
+consider the abstract namespace and tries to unlink paths held in
+uninitiliazed memory (tempname and backname). See the strace excerpt;
+the strings still hold the path from test1.
+
+===============================================================================================
+23722 bind(5, {sa_family=AF_FILE, path=@"test2"}, 110) = -1 EADDRINUSE (Address already in use)
+23722 unlink("/tmp/test1.sock.23722.tmp") = -1 ENOENT (No such file or directory)
+23722 close(5)                          = 0
+23722 unlink("/tmp/test1.sock.23722.bak") = -1 ENOENT (No such file or directory)
+===============================================================================================
+
+This patch should be backported to 1.5.
+(cherry picked from commit 7319b64fc4c9b7e04726816c6cc02f6ecf66a0a4)
+---
+ src/proto_uxst.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/proto_uxst.c b/src/proto_uxst.c
+index f83d34e..c9a52ff 100644
+--- a/src/proto_uxst.c
++++ b/src/proto_uxst.c
+@@ -309,11 +309,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle
+       if (ret < 0 && errno == ENOENT)
+               unlink(path);
+  err_unlink_temp:
+-      if (!ext)
++      if (!ext && path[0])
+               unlink(tempname);
+       close(fd);
+  err_unlink_back:
+-      if (!ext)
++      if (!ext && path[0])
+               unlink(backname);
+  err_return:
+       if (msg && errlen) {
+-- 
+1.8.5.5
+

diff --git a/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch b/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch
new file mode 100644 (file)
index 0000000..c9b9898
--- /dev/null
+++ b/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch
@@ -0,0 +1,29 @@
+From 9fe4cb64cd9514a72bcd4b2fd8781620da9e1f76 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 2 Jul 2014 19:01:22 +0200
+Subject: [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1
+
+As suggested by Aydan Yumerefendi, a little bit of examples never hurts.
+(cherry picked from commit 2d0caa38e040b081903e50faa56bae52599b3949)
+---
+ doc/configuration.txt | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index e53bb21..fcc6454 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -10722,6 +10722,10 @@ ssl_c_sha1 : binary
+   Returns the SHA-1 fingerprint of the certificate presented by the client when
+   the incoming connection was made over an SSL/TLS transport layer. This can be
+   used to stick a client to a server, or to pass this information to a server.
++  Note that the output is binary, so if you want to pass that signature to the
++  server, you need to encode it in hex or base64, such as in the example below:
++
++     http-request set-header X-SSL-Client-SHA1 %[ssl_c_sha1,hex]
+ 
+ ssl_c_sig_alg : string
+   Returns the name of the algorithm used to sign the certificate presented by
+-- 
+1.8.5.5
+