PKG_NAME:=haproxy
PKG_VERSION:=1.5.14
-PKG_RELEASE:=00
+PKG_RELEASE:=04
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
--- /dev/null
+From df0a5960987b3cb663dcfa93d29c21acc13cd3e3 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 9 Jul 2015 11:20:00 +0200
+Subject: [PATCH 1/4] BUG/MINOR: log: missing some ARGC_* entries in
+ fmt_directives()
+
+ARGC_CAP was not added to fmt_directives() which is used to format
+error messages when failing to parse log format expressions. The
+whole switch/case has been reorganized to match the declaration
+order making it easier to spot missing values. The default is not
+the "log" directive anymore but "undefined" asking to report the
+bug.
+
+Backport to 1.5 is not strictly needed but is desirable at least
+for code sanity.
+(cherry picked from commit 53e1a6d31743b1bef6063ff30b812521391ae3c3)
+---
+ src/log.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+diff --git a/src/log.c b/src/log.c
+index 1a5ad25..f0a3072 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -167,22 +167,26 @@ struct logformat_var_args var_args_list[] = {
+ static inline const char *fmt_directive(const struct proxy *curproxy)
+ {
+ switch (curproxy->conf.args.ctx) {
+- case ARGC_UIF:
+- return "unique-id-format";
++ case ARGC_ACL:
++ return "acl";
++ case ARGC_STK:
++ return "stick";
++ case ARGC_TRK:
++ return "track-sc";
++ case ARGC_LOG:
++ return "log-format";
+ case ARGC_HRQ:
+ return "http-request";
+ case ARGC_HRS:
+ return "http-response";
+- case ARGC_STK:
+- return "stick";
+- case ARGC_TRK:
+- return "track-sc"; break;
++ case ARGC_UIF:
++ return "unique-id-format";
+ case ARGC_RDR:
+- return "redirect"; break;
+- case ARGC_ACL:
+- return "acl"; break;
++ return "redirect";
++ case ARGC_CAP:
++ return "capture";
+ default:
+- return "log-format";
++ return "undefined(please report this bug)"; /* must never happen */
+ }
+ }
+
+--
+2.3.6
+
--- /dev/null
+From ea31f225c2c93a25b8bef7a9241a89cecfd9d350 Mon Sep 17 00:00:00 2001
+From: Baptiste Assmann <bedis9@gmail.com>
+Date: Fri, 17 Jul 2015 21:59:42 +0200
+Subject: [PATCH 2/4] DOC: usesrc root privileges requirements
+
+The "usesrc" parameter of the source statement requires root privileges.
+(cherry picked from commit 91bd337d90cb347feda34b01402f3471c8a4833c)
+---
+ doc/configuration.txt | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index 6714afb..64697a4 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -6117,6 +6117,8 @@ source <addr>[:<port>] [interface <name>]
+ is possible at the server level using the "source" server option. Refer to
+ section 5 for more information.
+
++ In order to work, "usesrc" requires root privileges.
++
+ Examples :
+ backend private
+ # Connect to the servers using our 192.168.1.200 source address
+--
+2.3.6
+
--- /dev/null
+From eee374c28ea8ea22834ff14515b5584bc3e0c7b5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Courr=C3=A8ges-Anglas?= <jca@wxcvbn.org>
+Date: Sat, 25 Jul 2015 16:50:52 -0600
+Subject: [PATCH 3/4] BUILD: ssl: Allow building against libssl without SSLv3.
+
+If SSLv3 is explicitely requested but not available, warn the user and
+bail out.
+(cherry picked from commit 17c3f6284cf605e47f6525c077bc644c45272849)
+---
+ src/ssl_sock.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
+index 7d77d36..2ae45ec 100644
+--- a/src/ssl_sock.c
++++ b/src/ssl_sock.c
+@@ -1405,8 +1405,14 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
+ ssloptions |= SSL_OP_NO_TLSv1_2;
+ if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
+ ssloptions |= SSL_OP_NO_TICKET;
+- if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
++ if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3) {
++#ifndef OPENSSL_NO_SSL3
+ SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
++#else
++ Alert("SSLv3 support requested but unavailable.\n");
++ cfgerr++;
++#endif
++ }
+ if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
+ SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
+ #if SSL_OP_NO_TLSv1_1
+@@ -1750,8 +1756,14 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
+ options |= SSL_OP_NO_TLSv1_2;
+ if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
+ options |= SSL_OP_NO_TICKET;
+- if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
++ if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3) {
++#ifndef OPENSSL_NO_SSL3
+ SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
++#else
++ Alert("SSLv3 support requested but unavailable.");
++ cfgerr++;
++#endif
++ }
+ if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
+ SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
+ #if SSL_OP_NO_TLSv1_1
+--
+2.3.6
+
--- /dev/null
+From e4766ba031e1fea8f2ca139316dc4e8209e960c2 Mon Sep 17 00:00:00 2001
+From: Daniel Jakots <vigdis@chown.me>
+Date: Wed, 29 Jul 2015 08:03:08 +0200
+Subject: [PATCH 4/4] DOC/MINOR: fix OpenBSD versions where haproxy works
+
+(cherry picked from commit 17d228be14762b282e5262262c45ecee4c265552)
+---
+ README | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/README b/README
+index add7f06..e267730 100644
+--- a/README
++++ b/README
+@@ -39,7 +39,7 @@ and assign it to the TARGET variable :
+ - solaris for Solaris 8 or 10 (others untested)
+ - freebsd for FreeBSD 5 to 10 (others untested)
+ - osx for Mac OS/X
+- - openbsd for OpenBSD 3.1 to 5.2 (others untested)
++ - openbsd for OpenBSD 3.1 and above
+ - aix51 for AIX 5.1
+ - aix52 for AIX 5.2
+ - cygwin for Cygwin
+--
+2.3.6
+
projects / feed / packages.git / commitdiff