PKG_NAME:=haproxy
PKG_VERSION:=1.5.14
-PKG_RELEASE:=04
+PKG_RELEASE:=13
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
--- /dev/null
+From 955587271031d66e9b7a768e3bb18dae00b60cc6 Mon Sep 17 00:00:00 2001
+From: Thierry FOURNIER <tfournier@arpalert.org>
+Date: Wed, 8 Jul 2015 00:15:20 +0200
+Subject: [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail
+
+The man said that gmtime() and localtime() can return a NULL value.
+This is not tested. It appears that all the values of a 32 bit integer
+are valid, but it is better to check the return of these functions.
+
+However, if the integer move from 32 bits to 64 bits, some 64 values
+can be unsupported.
+(cherry picked from commit fac9ccfb705702f211f99e67d5f5d5129002086a)
+[wt: we only have sample_conv_date() in 1.5]
+---
+ src/proto_http.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/proto_http.c b/src/proto_http.c
+index 5db64b5..02dc42b 100644
+--- a/src/proto_http.c
++++ b/src/proto_http.c
+@@ -11249,6 +11249,8 @@ static int sample_conv_http_date(const struct arg *args, struct sample *smp)
+ curr_date += args[0].data.sint;
+
+ tm = gmtime(&curr_date);
++ if (!tm)
++ return 0;
+
+ temp = get_trash_chunk();
+ temp->len = snprintf(temp->str, temp->size - temp->len,
+--
+2.4.6
+
--- /dev/null
+From 6c7351bdd0778bc171a2b54faed058eadc8c9d0d Mon Sep 17 00:00:00 2001
+From: Baptiste Assmann <bedis9@gmail.com>
+Date: Mon, 3 Aug 2015 11:42:50 +0200
+Subject: [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning
+
+302 means a temprary move, not a permanent one
+(cherry picked from commit ea849c0cca63b1b56c9c36f9c3504caa5e826816)
+---
+ doc/configuration.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index 64697a4..e8d8b2a 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -5443,7 +5443,7 @@ redirect scheme <sch> [code <code>] <option> [{if | unless} <condition>]
+ is desired. Only codes 301, 302, 303, 307 and 308 are supported,
+ with 302 used by default if no code is specified. 301 means
+ "Moved permanently", and a browser may cache the Location. 302
+- means "Moved permanently" and means that the browser should not
++ means "Moved temporarily" and means that the browser should not
+ cache the redirection. 303 is equivalent to 302 except that the
+ browser will fetch the location with a GET method. 307 is just
+ like 302 but makes it clear that the same method must be reused.
+--
+2.4.6
+
--- /dev/null
+From c3453d53f2862b22d8c8e7d2399dfc38ec966aa4 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Sun, 9 Aug 2015 10:56:35 +0200
+Subject: [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes.
+
+That's important to emit logs.
+(cherry picked from commit 812c88ec126e8fc4fc0f7853f265594d03c63956)
+---
+ doc/configuration.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index e8d8b2a..1d95b5b 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -12381,7 +12381,7 @@ Please refer to the table below for currently defined variables :
+ | | %hrl | captured_request_headers CLF style | string list |
+ | | %hs | captured_response_headers default style | string |
+ | | %hsl | captured_response_headers CLF style | string list |
+- | | %ms | accept date milliseconds | numeric |
++ | | %ms | accept date milliseconds (left-padded with 0) | numeric |
+ | | %pid | PID | numeric |
+ | H | %r | http_request | string |
+ | | %rc | retries | numeric |
+--
+2.4.6
+
--- /dev/null
+From 1104336c0ba5f474fce8fe7c0125511b59f4dd3d Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 11 Aug 2015 11:20:45 +0200
+Subject: [PATCH 08/13] CLEANUP: .gitignore: ignore more test files
+
+Exclude from "git status" many of the files that often result from
+development tests and bug reports reproducers.
+(cherry picked from commit de365a320ead43168e78facfa337130759783515)
+---
+ .gitignore | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/.gitignore b/.gitignore
+index 762f5ad..f6ccd0e 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -18,3 +18,30 @@ make-*
+ dlmalloc.c
+ 00*.patch
+ *.service
++*.bak
++contrib/base64/base64rev
++contrib/halog/halog
++contrib/ip6range/ip6range
++contrib/iprange/iprange
++tests/test_hashes
++/*.cfg
++/*.conf
++/*.diff
++/*.patch
++/*.c
++/*.o
++/*.so
++/*.txt
++/*.TXT
++/*.txt.*
++/*.prof
++/*.gprof
++/*.prof.*
++/*.gprof.*
++/*.tar
++/*.tar.gz
++/*.tgz
++/*.mbox
++/*.sh
++/bug*
++/TAGS
+--
+2.4.6
+
--- /dev/null
+From 5e077624951a65e6aae381c7213fc54984768dd4 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 11 Aug 2015 11:21:47 +0200
+Subject: [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what
+ is known.
+
+Still too many files remain, it's easier to block everything but
+what we know.
+(cherry picked from commit d71f1766bdbb041f80394662b0d293f033f93005)
+---
+ .gitignore | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/.gitignore b/.gitignore
+index f6ccd0e..1953ba3 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -45,3 +45,23 @@ tests/test_hashes
+ /*.sh
+ /bug*
+ /TAGS
++# Below we forbid everything and only allow what we know, that's much easier
++# than blocking about 500 different test files and bug report outputs.
++/.*
++/*
++!/.gitignore
++!/CHANGELOG
++!/LICENSE
++!/Makefile
++!/README
++!/ROADMAP
++!/SUBVERS
++!/VERDATE
++!/VERSION
++!/contrib
++!/doc
++!/ebtree
++!/examples
++!/include
++!/src
++!/tests
+--
+2.4.6
+
--- /dev/null
+From c7c1e55f09839727ba7defd37347fc500dabb202 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 11 Aug 2015 11:36:45 +0200
+Subject: [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without
+ listener
+
+Commit c6678e2 ("MEDIUM: config: authorize frontend and listen without bind")
+completely removed the test for bind lines in frontends in order to make it
+easier for automated tools to generate configs (eg: replacing a bind with
+another one passing via a temporary config without any bind line). The
+problem is that some common mistakes are totally hidden now. For example,
+this apparently valid entry is silently ignored :
+
+ listen 1.2.3.4:8000
+ server s1 127.0.0.1:8000
+
+Hint: 1.2.3.4:8000 is mistakenly the proxy name here.
+
+Thus instead we now emit a warning to indicate that a frontend was found
+with no listener. This should be backported to 1.5 to help spot abnormal
+configurations.
+(cherry picked from commit f82d1ca2d7ec83804d6b54e61a35747ad2f85188)
+---
+ src/cfgparse.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/cfgparse.c b/src/cfgparse.c
+index 2a5f178..d67edc5 100644
+--- a/src/cfgparse.c
++++ b/src/cfgparse.c
+@@ -6193,6 +6193,12 @@ int check_config_validity()
+ break;
+ }
+
++ if ((curproxy->cap & PR_CAP_FE) && LIST_ISEMPTY(&curproxy->conf.listeners)) {
++ Warning("config : %s '%s' has no 'bind' directive. Please declare it as a backend if this was intended.\n",
++ proxy_type_str(curproxy), curproxy->id);
++ err_code |= ERR_WARN;
++ }
++
+ if ((curproxy->cap & PR_CAP_BE) && (curproxy->mode != PR_MODE_HEALTH)) {
+ if (curproxy->lbprm.algo & BE_LB_KIND) {
+ if (curproxy->options & PR_O_TRANSP) {
+--
+2.4.6
+
--- /dev/null
+From ee12145d38a7dee81a20cf232c724ccb7a46ad8b Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Tue, 18 Aug 2015 17:15:20 +0200
+Subject: [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0
+ creates a missing entry
+
+During 1.5-dev20 there was some code refactoring to make the src_* fetch
+function use the same code as sc_*. Unfortunately this introduced a
+regression where src_* doesn't create an entry anymore if it does not
+exist in the table. The reason is that smp_fetch_sc_stkctr() only calls
+stktable_lookup_key() while src_inc_*/src_clr_* used to make use of
+stktable_update_key() which additionally create the entry if it does
+not exist.
+
+There's no point modifying the common function for these two exceptions,
+so instead we now have a function dedicated to the creation of this entry
+for src_* only. It is called when the entry didn't exist, so that requires
+minimal modifications to existing code.
+
+Thanks to Thierry Fournier for helping diagnose the issue.
+
+This fix must be backported to 1.5.
+(cherry picked from commit 0f4eadd4830279f5ee83aa545728fb750f5c8185)
+
+[Note: the backport to 1.5 significantly differs from the version in 1.6
+ since we need to use the table's type and to retrieve the source address
+ directly from the connection. At least it matches the way other src_*
+ fetch functions work, and it's been verified to work fine]
+---
+ src/session.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+
+diff --git a/src/session.c b/src/session.c
+index 5b9e407..6d62e36 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -2806,6 +2806,33 @@ smp_fetch_sc_stkctr(struct session *l4, const struct arg *args, const char *kw)
+ return &l4->stkctr[num];
+ }
+
++/* same as smp_fetch_sc_stkctr() but dedicated to src_* and can create
++ * the entry if it doesn't exist yet. This is needed for a few fetch
++ * functions which need to create an entry, such as src_inc_gpc* and
++ * src_clr_gpc*.
++ */
++struct stkctr *
++smp_create_src_stkctr(struct session *sess, const struct arg *args, const char *kw)
++{
++ static struct stkctr stkctr;
++ struct stktable_key *key;
++ struct connection *conn = objt_conn(sess->si[0].end);
++
++ if (strncmp(kw, "src_", 4) != 0)
++ return NULL;
++
++ if (!conn)
++ return NULL;
++
++ key = addr_to_stktable_key(&conn->addr.from, args->data.prx->table.type);
++ if (!key)
++ return NULL;
++
++ stkctr.table = &args->data.prx->table;
++ stkctr_set_entry(&stkctr, stktable_update_key(stkctr.table, key));
++ return &stkctr;
++}
++
+ /* set return a boolean indicating if the requested session counter is
+ * currently being tracked or not.
+ * Supports being called as "sc[0-9]_tracked" only.
+@@ -2887,6 +2914,9 @@ smp_fetch_sc_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
+ if (!stkctr)
+ return 0;
+
++ if (stkctr_entry(stkctr) == NULL)
++ stkctr = smp_create_src_stkctr(l4, args, kw);
++
+ smp->flags = SMP_F_VOL_TEST;
+ smp->type = SMP_T_UINT;
+ smp->data.uint = 0;
+@@ -2924,6 +2954,9 @@ smp_fetch_sc_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned i
+ if (!stkctr)
+ return 0;
+
++ if (stkctr_entry(stkctr) == NULL)
++ stkctr = smp_create_src_stkctr(l4, args, kw);
++
+ smp->flags = SMP_F_VOL_TEST;
+ smp->type = SMP_T_UINT;
+ smp->data.uint = 0;
+--
+2.4.6
+
--- /dev/null
+From 2272b4ffde38c836adfd9a9b43ff5c019ef4190a Mon Sep 17 00:00:00 2001
+From: Thierry FOURNIER <tfournier@arpalert.org>
+Date: Wed, 26 Aug 2015 08:21:26 +0200
+Subject: [PATCH 12/13] DOC: ssl: missing LF
+
+An error message miss LF
+(cherry picked from commit bc965348d7ccc0a306504232ab85dc240fd31fbf)
+---
+ src/ssl_sock.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
+index 2ae45ec..8f698c0 100644
+--- a/src/ssl_sock.c
++++ b/src/ssl_sock.c
+@@ -1760,7 +1760,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
+ #ifndef OPENSSL_NO_SSL3
+ SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
+ #else
+- Alert("SSLv3 support requested but unavailable.");
++ Alert("SSLv3 support requested but unavailable.\n");
+ cfgerr++;
+ #endif
+ }
+--
+2.4.6
+
--- /dev/null
+From d3a93a932430bc1a4cd5d1350820c2bec706e26d Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 27 Aug 2015 17:15:05 +0200
+Subject: [PATCH 13/13] DOC: fix example of http-request using
+ ssl_fc_session_id
+
+It was missing the ",hex" resulting in raw binary data being dumped in
+the header or the logs. Now we know where these crazy logs originated
+from!
+(cherry picked from commit fca4261dacab51db960d30120f4bb4201f7e4a51)
+---
+ doc/configuration.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index 1d95b5b..67d273b 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -3135,7 +3135,7 @@ http-request { allow | deny | tarpit | auth [realm <realm>] | redirect <rule> |
+ Example:
+ http-request set-header X-Haproxy-Current-Date %T
+ http-request set-header X-SSL %[ssl_fc]
+- http-request set-header X-SSL-Session_ID %[ssl_fc_session_id]
++ http-request set-header X-SSL-Session_ID %[ssl_fc_session_id,hex]
+ http-request set-header X-SSL-Client-Verify %[ssl_c_verify]
+ http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn]
+ http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
+--
+2.4.6
+
projects / feed / packages.git / commitdiff