From 4a3440a8c33fb2ea44116db2f18a51073a7c325f Mon Sep 17 00:00:00 2001 From: Thomas Heil Date: Sun, 6 Jul 2014 20:34:33 +0200 Subject: [PATCH] haproxy: fixes from upstream - [PATCH 10/12] MINOR: stats: fix minor typo in HTML page - [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace - [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1 Signed-off-by: Thomas Heil --- net/haproxy/Makefile | 2 +- ...OR-stats-fix-minor-typo-in-HTML-page.patch | 28 ++++++++++++ ...do-not-unlink-abstract-namespace-soc.patch | 45 +++++++++++++++++++ ...-an-example-of-how-to-use-ssl_c_sha1.patch | 29 ++++++++++++ 4 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch create mode 100644 net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch create mode 100644 net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index c74e58aa22..859331f3c6 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy PKG_VERSION:=1.5.1 -PKG_RELEASE:=09 +PKG_RELEASE:=12 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/ PKG_MD5SUM:=49640cf3ddd793a05fbd3394481a1ed4 diff --git a/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch b/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch new file mode 100644 index 0000000000..8496abcb62 --- /dev/null +++ b/net/haproxy/patches/0010-MINOR-stats-fix-minor-typo-in-HTML-page.patch @@ -0,0 +1,28 @@ +From d38f5c0c1cbba00d80cad2640c005794fa5bc4f9 Mon Sep 17 00:00:00 2001 +From: Marco Corte +Date: Wed, 2 Jul 2014 17:49:34 +0200 +Subject: [PATCH 10/12] MINOR: stats: fix minor typo in HTML page + +There is a very small typo in the statistics interface: a "set" in +lowercase where allothers are uppercase "Set". +(cherry picked from commit 8c27bcaea0116247ee055c5481a63507de4fe6e4) +--- + src/dumpstats.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dumpstats.c b/src/dumpstats.c +index c8bac08..5365042 100644 +--- a/src/dumpstats.c ++++ b/src/dumpstats.c +@@ -3710,7 +3710,7 @@ static void stats_dump_html_px_end(struct stream_interface *si, struct proxy *px + "" + "" + "" +- "" ++ "" + "" + "" + "" +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch b/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch new file mode 100644 index 0000000000..4851224c11 --- /dev/null +++ b/net/haproxy/patches/0011-BUG-MEDIUM-unix-do-not-unlink-abstract-namespace-soc.patch @@ -0,0 +1,45 @@ +From 76ad998e2b6ae852567ff53edb84a0b467c0c9cb Mon Sep 17 00:00:00 2001 +From: Jan Seda +Date: Thu, 26 Jun 2014 20:44:05 +0200 +Subject: [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace + sockets upon failure. + +When bind() fails (function uxst_bind_listener()), the fail path doesn't +consider the abstract namespace and tries to unlink paths held in +uninitiliazed memory (tempname and backname). See the strace excerpt; +the strings still hold the path from test1. + +=============================================================================================== +23722 bind(5, {sa_family=AF_FILE, path=@"test2"}, 110) = -1 EADDRINUSE (Address already in use) +23722 unlink("/tmp/test1.sock.23722.tmp") = -1 ENOENT (No such file or directory) +23722 close(5) = 0 +23722 unlink("/tmp/test1.sock.23722.bak") = -1 ENOENT (No such file or directory) +=============================================================================================== + +This patch should be backported to 1.5. +(cherry picked from commit 7319b64fc4c9b7e04726816c6cc02f6ecf66a0a4) +--- + src/proto_uxst.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/proto_uxst.c b/src/proto_uxst.c +index f83d34e..c9a52ff 100644 +--- a/src/proto_uxst.c ++++ b/src/proto_uxst.c +@@ -309,11 +309,11 @@ static int uxst_bind_listener(struct listener *listener, char *errmsg, int errle + if (ret < 0 && errno == ENOENT) + unlink(path); + err_unlink_temp: +- if (!ext) ++ if (!ext && path[0]) + unlink(tempname); + close(fd); + err_unlink_back: +- if (!ext) ++ if (!ext && path[0]) + unlink(backname); + err_return: + if (msg && errlen) { +-- +1.8.5.5 + diff --git a/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch b/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch new file mode 100644 index 0000000000..c9b9898fdd --- /dev/null +++ b/net/haproxy/patches/0012-DOC-provide-an-example-of-how-to-use-ssl_c_sha1.patch @@ -0,0 +1,29 @@ +From 9fe4cb64cd9514a72bcd4b2fd8781620da9e1f76 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Wed, 2 Jul 2014 19:01:22 +0200 +Subject: [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1 + +As suggested by Aydan Yumerefendi, a little bit of examples never hurts. +(cherry picked from commit 2d0caa38e040b081903e50faa56bae52599b3949) +--- + doc/configuration.txt | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/doc/configuration.txt b/doc/configuration.txt +index e53bb21..fcc6454 100644 +--- a/doc/configuration.txt ++++ b/doc/configuration.txt +@@ -10722,6 +10722,10 @@ ssl_c_sha1 : binary + Returns the SHA-1 fingerprint of the certificate presented by the client when + the incoming connection was made over an SSL/TLS transport layer. This can be + used to stick a client to a server, or to pass this information to a server. ++ Note that the output is binary, so if you want to pass that signature to the ++ server, you need to encode it in hex or base64, such as in the example below: ++ ++ http-request set-header X-SSL-Client-SHA1 %[ssl_c_sha1,hex] + + ssl_c_sig_alg : string + Returns the name of the algorithm used to sign the certificate presented by +-- +1.8.5.5 + -- 2.30.2