PKG_NAME:=haproxy
PKG_VERSION:=1.8.14
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/1.8/src/
DESTDIR="$(PKG_INSTALL_DIR)" \
CC="$(TARGET_CC)" \
PCREDIR="$(STAGING_DIR)/usr/" \
- SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 " \
+ SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \
USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 USE_TFO=1 \
USE_ZLIB=yes USE_PCRE=1 USE_PCRE_JIT=1 USE_GETADDRINFO=1 \
- VERSION="$(PKG_VERSION)-$(PKG_RELEASE)" \
+ VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \
+ VERDATE="$(shell date -d @$(SOURCE_DATE_EPOCH) '+%Y/%m/%d')" IGNOREGIT=1 \
$(ADDON) \
CFLAGS="$(TARGET_CFLAGS)" \
LD="$(TARGET_CC)" \
- LDFLAGS="$(TARGET_LDFLAGS) -latomic" \
- IGNOREGIT=1
+ LDFLAGS="$(TARGET_LDFLAGS) -latomic"
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
LD="$(TARGET_CC)" \
- LDFLAGS="$(TARGET_LDFLAGS)" \
+ LDFLAGS="$(TARGET_LDFLAGS)" \
$(MAKE_FLAGS) \
install
DESTDIR="$(PKG_INSTALL_DIR)" \
$(MAKE_FLAGS) \
ADDLIB="-lcrypto" \
- VERSION="$(PKG_VERSION)-$(PKG_RELEASE)" \
halog
endef
--- /dev/null
+commit c990c7fe448248c4e2a34b84b593cc1b3536b328
+Author: Willy Tarreau <w@1wt.eu>
+Date: Sun Nov 11 10:36:25 2018 +0100
+
+ BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
+
+ In 1.8, commit 45a66cc ("MEDIUM: config: ensure that tune.bufsize is at
+ least 16384 when using HTTP/2") tried to avoid an annoying issue making
+ H2 fail when haproxy is built with default buffer sizes smaller than 16kB,
+ which used to be the case for a very long time. Sadly, the test only sees
+ when NPN/ALPN exactly match "h2" and not when it's combined like
+ "h2,http/1.1" nor "http/1.1,h2". We can safely use strstr() there because
+ the string is prefixed by the token's length (0x02) which is unambiguous
+ as it cannot be part of any other token.
+
+ This fix should be backported to 1.8 as a safety guard against bad
+ configurations.
+
+ (cherry picked from commit 4db49c0704898e51892a176505299de3e022c5ea)
+ Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/cfgparse.c b/src/cfgparse.c
+index 87a4d803..618ffd39 100644
+--- a/src/cfgparse.c
++++ b/src/cfgparse.c
+@@ -7629,7 +7629,7 @@ int check_config_validity()
+ if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize < 16384) {
+ #ifdef OPENSSL_NPN_NEGOTIATED
+ /* check NPN */
+- if (bind_conf->ssl_conf.npn_str && strcmp(bind_conf->ssl_conf.npn_str, "\002h2") == 0) {
++ if (bind_conf->ssl_conf.npn_str && strstr(bind_conf->ssl_conf.npn_str, "\002h2")) {
+ ha_alert("config : HTTP frontend '%s' enables HTTP/2 via NPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
+ curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
+ cfgerr++;
+@@ -7637,7 +7637,7 @@ int check_config_validity()
+ #endif
+ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ /* check ALPN */
+- if (bind_conf->ssl_conf.alpn_str && strcmp(bind_conf->ssl_conf.alpn_str, "\002h2") == 0) {
++ if (bind_conf->ssl_conf.alpn_str && strstr(bind_conf->ssl_conf.alpn_str, "\002h2")) {
+ ha_alert("config : HTTP frontend '%s' enables HTTP/2 via ALPN at [%s:%d], so global.tune.bufsize must be at least 16384 bytes (%d now).\n",
+ curproxy->id, bind_conf->file, bind_conf->line, global.tune.bufsize);
+ cfgerr++;
--- /dev/null
+commit 5b259db1160fa12820cc5ba6399e4dbcefa6ab22
+Author: Olivier Houchard <ohouchard@haproxy.com>
+Date: Wed Nov 14 17:54:36 2018 +0100
+
+ BUG/MEDIUM: Make sure stksess is properly aligned.
+
+ When we allocate struct stksess, we also allocate memory to store the
+ associated data before the struct itself.
+ As the data can be of different types, they can have different size. However,
+ we need the struct stksess to be properly aligned, as it can do 64bits
+ load/store (including atomic load/stores) on 64bits platforms, and some of
+ them doesn't support unaligned access.
+ So, when allocating the struct stksess, round the size up to the next
+ multiple of sizeof(void *), and make sure the struct stksess itself is
+ properly aligned.
+ Many thanks to Paul Martin for investigating and reporting that bug.
+
+ This should be backported to earlier releases.
+
+ (cherry picked from commit 52dabbc4fad338233c7f0c96f977a43f8f81452a)
+ Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/stick_table.c b/src/stick_table.c
+index f1442603..0a238378 100644
+--- a/src/stick_table.c
++++ b/src/stick_table.c
+@@ -44,6 +44,7 @@
+ /* structure used to return a table key built from a sample */
+ static THREAD_LOCAL struct stktable_key static_table_key;
+
++#define round_ptr_size(i) (((i) + (sizeof(void *) - 1)) &~ (sizeof(void *) - 1))
+ /*
+ * Free an allocated sticky session <ts>, and decrease sticky sessions counter
+ * in table <t>.
+@@ -51,7 +52,7 @@ static THREAD_LOCAL struct stktable_key static_table_key;
+ void __stksess_free(struct stktable *t, struct stksess *ts)
+ {
+ t->current--;
+- pool_free(t->pool, (void *)ts - t->data_size);
++ pool_free(t->pool, (void *)ts - round_ptr_size(t->data_size));
+ }
+
+ /*
+@@ -229,7 +230,7 @@ struct stksess *__stksess_new(struct stktable *t, struct stktable_key *key)
+ ts = pool_alloc(t->pool);
+ if (ts) {
+ t->current++;
+- ts = (void *)ts + t->data_size;
++ ts = (void *)ts + round_ptr_size(t->data_size);
+ __stksess_init(t, ts);
+ if (key)
+ stksess_setkey(t, ts, key);
+@@ -597,7 +598,7 @@ int stktable_init(struct stktable *t)
+ t->updates = EB_ROOT_UNIQUE;
+ HA_SPIN_INIT(&t->lock);
+
+- t->pool = create_pool("sticktables", sizeof(struct stksess) + t->data_size + t->key_size, MEM_F_SHARED);
++ t->pool = create_pool("sticktables", sizeof(struct stksess) + round_ptr_size(t->data_size) + t->key_size, MEM_F_SHARED);
+
+ t->exp_next = TICK_ETERNITY;
+ if ( t->expire ) {
--- /dev/null
+commit 54824cf35520b11ff97e0937beeb429dcdc55fd0
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Mon Nov 12 11:57:31 2018 +0100
+
+ BUG/MINOR: config: Copy default error messages when parsing of a backend starts
+
+ To be used, error messages declared in a default section must be copied when the
+ parsing of a proxy section starts. But this was only done for frontends.
+
+ This patch may be backported to older versions.
+
+ (cherry picked from commit 6b44975fbd2f7d81074e20bc07fc0e01466cc9c9)
+ Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/cfgparse.c b/src/cfgparse.c
+index 618ffd39..6bc6b259 100644
+--- a/src/cfgparse.c
++++ b/src/cfgparse.c
+@@ -2787,15 +2787,15 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
+ curproxy->server_id_hdr_name = strdup(defproxy.server_id_hdr_name);
+ }
+
++ /* initialize error relocations */
++ for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
++ chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
++
+ if (curproxy->cap & PR_CAP_FE) {
+ curproxy->maxconn = defproxy.maxconn;
+ curproxy->backlog = defproxy.backlog;
+ curproxy->fe_sps_lim = defproxy.fe_sps_lim;
+
+- /* initialize error relocations */
+- for (rc = 0; rc < HTTP_ERR_SIZE; rc++)
+- chunk_dup(&curproxy->errmsg[rc], &defproxy.errmsg[rc]);
+-
+ curproxy->to_log = defproxy.to_log & ~LW_COOKIE & ~LW_REQHDR & ~ LW_RSPHDR;
+ }
+
--- /dev/null
+commit 64a7cbf4ea3276b72ffb121acab676542cebde1b
+Author: Willy Tarreau <w@1wt.eu>
+Date: Tue Nov 20 04:47:38 2018 +0100
+
+ BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
+
+ James Brown reported that when an "accept-ranges" header field is sent
+ through haproxy and converted from HTTP/1.1 to H2, it's mis-encoded as
+ "accept-language". It happens that it's one of the few very common header
+ fields encoded using its index value and that this index value was misread
+ in the spec as 17 instead of 18, resulting in the wrong name being sent.
+ Thanks to Lukas for spotting the issue in the HPACK encoder itself.
+
+ This fix must be backported to 1.8.
+
+ (cherry picked from commit 4bf194cbdbcda8ec4ce83d7f12d2fe9b08483c94)
+ [wla: buffer API edit]
+ Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/src/hpack-enc.c b/src/hpack-enc.c
+index d1f68c58..99c73103 100644
+--- a/src/hpack-enc.c
++++ b/src/hpack-enc.c
+@@ -101,7 +101,7 @@ int hpack_encode_header(struct chunk *out, const struct ist n, const struct ist
+ else if (isteq(n, ist("last-modified")))
+ out->str[len++] = 0x6c; // literal with indexing -- name="last-modified" (idx 44)
+ else if (isteq(n, ist("accept-ranges")))
+- out->str[len++] = 0x51; // literal with indexing -- name="accept-ranges" (idx 17)
++ out->str[len++] = 0x52; // literal with indexing -- name="accept-ranges" (idx 18)
+ else if (isteq(n, ist("cache-control")))
+ out->str[len++] = 0x58; // literal with indexing -- name="cache-control" (idx 24)
+ else if (isteq(n, ist("content-length")))
git.99rst.org / openwrt-packages.git / commitdiff