Merge pull request #7298 from gladiac1337/feature-haproxy-v1.8.14-upd…

…ates2 haproxy: Update all patches for HAProxy v1.8.14 #2
openwrt · Nov 2, 2018 · e776d18 · e776d18
2 parents b0a5438 + ca39a1b
commit e776d18
Show file tree

Hide file tree

Showing 15 changed files with 592 additions and 1 deletion.
diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
@@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=haproxy
 PKG_VERSION:=1.8.14
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.haproxy.org/download/1.8/src/

diff --git a/net/haproxy/patches/0028-DOC-fix-reference-to-map-files-in-MAINTAINERS.patch b/net/haproxy/patches/0028-DOC-fix-reference-to-map-files-in-MAINTAINERS.patch
@@ -0,0 +1,24 @@
+commit c1ef9f5389e5debb132b7e2ab40f178ed413a978
+Author: Lukas Tribus <[email protected]>
+Date:   Wed Oct 17 01:40:11 2018 +0200
+
+    DOC: fix reference to map files in MAINTAINERS
+
+    s/maps/map
+
+    (cherry picked from commit b75e828b298c958beb10c830a1ccb3df0840c30c)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 3a9e435a..df7cc336 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -24,7 +24,7 @@ Files: src/hlua.c, include/*/hlua.h
+
+ Maps and pattern matching
+ Maintainer: Thierry Fournier <[email protected]>
+-Files: src/maps.c, src/pattern.c, include/*/maps.h, include/*/pattern.h
++Files: src/map.c, src/pattern.c, include/*/map.h, include/*/pattern.h
+
+ DNS
+ Maintainer: Baptiste Assmann <[email protected]>
diff --git a/net/haproxy/patches/0029-BUILD-compiler-rename-__unreachable-to-my_unreachable.patch b/net/haproxy/patches/0029-BUILD-compiler-rename-__unreachable-to-my_unreachable.patch
@@ -0,0 +1,41 @@
+commit 9011ff6c9fb5128dd50b4210e05199ea6337b82b
+Author: Willy Tarreau <[email protected]>
+Date:   Sat Oct 20 17:45:48 2018 +0200
+
+    BUILD: compiler: rename __unreachable() to my_unreachable()
+
+    Olivier reported that on FreeBSD __unreachable is already defined
+    and causes build warnings. Let's rename it then.
+
+    (cherry picked from commit 4e7cc3381b27e3971b02b73a113ecc13916e1f20)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/include/common/compiler.h b/include/common/compiler.h
+index 6f4f5a67..60549307 100644
+--- a/include/common/compiler.h
++++ b/include/common/compiler.h
+@@ -89,9 +89,9 @@
+  * below was introduced in gcc 4.5, and before it we didn't care.
+  */
+ #if __GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+-#define __unreachable() __builtin_unreachable()
++#define my_unreachable() __builtin_unreachable()
+ #else
+-#define __unreachable()
++#define my_unreachable()
+ #endif
+
+ /*
+diff --git a/src/hlua.c b/src/hlua.c
+index c3bb269a..085544dc 100644
+--- a/src/hlua.c
++++ b/src/hlua.c
+@@ -64,7 +64,7 @@
+  *   MAY_LJMP() marks an lua function that may use longjmp.
+  */
+ #define __LJMP
+-#define WILL_LJMP(func) do { func; __unreachable(); } while(0)
++#define WILL_LJMP(func) do { func; my_unreachable(); } while(0)
+ #define MAY_LJMP(func) func
+
+ /* This couple of function executes securely some Lua calls outside of
diff --git a/net/haproxy/patches/0030-BUG-MEDIUM-pools-Fix-the-usage-of-mmap-with-DEBUG_UAF.patch b/net/haproxy/patches/0030-BUG-MEDIUM-pools-Fix-the-usage-of-mmap-with-DEBUG_UAF.patch
@@ -0,0 +1,33 @@
+commit 7e751a3c24a7021075fb298025c4a1ce98a5b049
+Author: Olivier Houchard <[email protected]>
+Date:   Sun Oct 21 01:33:11 2018 +0200
+
+    BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
+
+    When mapping memory with mmap(), we should use a fd of -1, not 0. 0 may
+    work on linux, but it doesn't work on FreeBSD, and probably other OSes.
+
+    It would be nice to backport this to 1.8 to help debugging there.
+
+    (cherry picked from commit 62975a7740cba4bdaf1c096dd246feba854d2410)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/include/common/memory.h b/include/common/memory.h
+index a2237da5..da0641de 100644
+--- a/include/common/memory.h
++++ b/include/common/memory.h
+@@ -186,12 +186,13 @@ static inline void pool_free_area(void *area, size_t __maybe_unused size)
+  * some padding is added, the area's start address is copied at the end of the
+  * padding to help detect underflows.
+  */
++#include <errno.h>
+ static inline void *pool_alloc_area(size_t size)
+ {
+ 	size_t pad = (4096 - size) & 0xFF0;
+ 	void *ret;
+
+-	ret = mmap(NULL, (size + 4095) & -4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);
++	ret = mmap(NULL, (size + 4095) & -4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+ 	if (ret == MAP_FAILED)
+ 		return NULL;
+ 	if (pad >= sizeof(void *))
diff --git a/...patches/0031-BUG-MEDIUM-h2-Close-connection-if-no-stream-is-left-an-GOAWAY-was-sent.patch b/...patches/0031-BUG-MEDIUM-h2-Close-connection-if-no-stream-is-left-an-GOAWAY-was-sent.patch
@@ -0,0 +1,28 @@
+commit 105abe2f7a2e518afda9eb3bda5cceb60f6fd1b2
+Author: Olivier Houchard <[email protected]>
+Date:   Sun Oct 21 03:01:20 2018 +0200
+
+    BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
+
+    When we're closing a stream, is there's no stream left and a goaway was sent,
+    close the connection, there's no reason to keep it open.
+
+    [wt: it's likely that this is needed in 1.8 as well, though it's unclear
+     how to trigger this issue, some tests are needed]
+
+    (cherry picked from commit 52b946686c28891a4359e9361676dc62af4fffad)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/src/mux_h2.c b/src/mux_h2.c
+index b1b039fe..6881302b 100644
+--- a/src/mux_h2.c
++++ b/src/mux_h2.c
+@@ -2540,7 +2540,7 @@ static void h2_detach(struct conn_stream *cs)
+ 	if (eb_is_empty(&h2c->streams_by_id) &&     /* don't close if streams exist */
+ 	    ((h2c->conn->flags & CO_FL_ERROR) ||    /* errors close immediately */
+ 	     (h2c->st0 >= H2_CS_ERROR && !h2c->task) || /* a timeout stroke earlier */
+-	     (h2c->flags & H2_CF_GOAWAY_FAILED) ||
++	     (h2c->flags & (H2_CF_GOAWAY_FAILED | H2_CF_GOAWAY_SENT)) ||
+ 	     (!h2c->mbuf->o &&  /* mux buffer empty, also process clean events below */
+ 	      (conn_xprt_read0_pending(h2c->conn) ||
+ 	       (h2c->last_sid >= 0 && h2c->max_id >= h2c->last_sid))))) {
diff --git a/net/haproxy/patches/0032-BUILD-Makefile-add-the-new-ERR-variable-to-force--Werror.patch b/net/haproxy/patches/0032-BUILD-Makefile-add-the-new-ERR-variable-to-force--Werror.patch
@@ -0,0 +1,46 @@
+commit e1b3aa5613a5edbb52a44d69b3e6007d9d631981
+Author: Willy Tarreau <[email protected]>
+Date:   Mon Oct 22 06:22:46 2018 +0200
+
+    BUILD: Makefile: add the new ERR variable to force -Werror
+
+    Instead of having to fiddle with the CFLAGS, let's have ERR=1 to enable
+    -Werror.
+
+    (cherry picked from commit 23cd43e2d6fa2b6892a786a1a720c5f24e657f10)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/Makefile b/Makefile
+index 6ffc1b06..94e04738 100644
+--- a/Makefile
++++ b/Makefile
+@@ -57,6 +57,7 @@
+ #   DEP may be cleared to ignore changes to include files during development
+ #   SMALL_OPTS may be used to specify some options to shrink memory usage.
+ #   DEBUG may be used to set some internal debugging options.
++#   ERR may be set to non-empty to pass -Werror to the compiler
+ #   ADDINC may be used to complete the include path in the form -Ipath.
+ #   ADDLIB may be used to complete the library list in the form -Lpath -llib.
+ #   DEFINE may be used to specify any additional define, which will be reported
+@@ -143,6 +144,9 @@ LD = $(CC)
+ # Those flags only feed CFLAGS so it is not mandatory to use this form.
+ DEBUG_CFLAGS = -g
+
++#### Add -Werror when set to non-empty
++ERR =
++
+ #### Compiler-specific flags that may be used to disable some negative over-
+ # optimization or to silence some warnings. -fno-strict-aliasing is needed with
+ # gcc >= 4.4.
+@@ -807,6 +811,11 @@ EBTREE_DIR := ebtree
+ #### Global compile options
+ VERBOSE_CFLAGS = $(CFLAGS) $(TARGET_CFLAGS) $(SMALL_OPTS) $(DEFINE)
+ COPTS  = -Iinclude -I$(EBTREE_DIR) -Wall
++
++ifneq ($(ERR),)
++COPTS += -Werror
++endif
++
+ COPTS += $(CFLAGS) $(TARGET_CFLAGS) $(SMALL_OPTS) $(DEFINE) $(SILENT_DEFINE)
+ COPTS += $(DEBUG) $(OPTIONS_CFLAGS) $(ADDINC)
+
diff --git a/net/haproxy/patches/0033-BUG-MINOR-cache-Crashes-with-total-max-size-2047MB.patch b/net/haproxy/patches/0033-BUG-MINOR-cache-Crashes-with-total-max-size-2047MB.patch
@@ -0,0 +1,55 @@
+commit bf7b382e528ab62a9f695b07e659d2f77545e93d
+Author: Frédéric Lécaille <[email protected]>
+Date:   Thu Oct 25 20:17:45 2018 +0200
+
+    BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
+
+    With this patch we support cache size larger than 2047 (MB) and prevent haproxy from crashing when "total-max-size" is parsed as negative values by atoi().
+
+    The limit at parsing time is 4095 MB (UINT_MAX >> 20).
+
+    May be backported to 1.8.
+
+    (cherry picked from commit b9b8b6b6beb84b6b942d24eda56bfbe3812cc294)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/src/cache.c b/src/cache.c
+index 39e0bad4..df3649ea 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -770,17 +770,32 @@ int cfg_parse_cache(const char *file, int linenum, char **args, int kwm)
+ 			tmp_cache_config->maxblocks = 0;
+ 		}
+ 	} else if (strcmp(args[0], "total-max-size") == 0) {
+-		int maxsize;
++		unsigned long int maxsize;
++		char *err;
+
+ 		if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
+ 			err_code |= ERR_ABORT;
+ 			goto out;
+ 		}
+
++		maxsize = strtoul(args[1], &err, 10);
++		if (err == args[1] || *err != '\0') {
++			ha_warning("parsing [%s:%d]: total-max-size wrong value '%s'\n",
++			           file, linenum, args[1]);
++			err_code |= ERR_ABORT;
++			goto out;
++		}
++
++		if (maxsize > (UINT_MAX >> 20)) {
++			ha_warning("parsing [%s:%d]: \"total-max-size\" (%s) must not be greater than %u\n",
++			           file, linenum, args[1], UINT_MAX >> 20);
++			err_code |= ERR_ABORT;
++			goto out;
++		}
++
+ 		/* size in megabytes */
+-		maxsize = atoi(args[1]) * 1024 * 1024 / CACHE_BLOCKSIZE;
++		maxsize *= 1024 * 1024 / CACHE_BLOCKSIZE;
+ 		tmp_cache_config->maxblocks = maxsize;
+-
+ 	} else if (strcmp(args[0], "max-age") == 0) {
+ 		if (alertif_too_many_args(1, file, linenum, args, &err_code)) {
+ 			err_code |= ERR_ABORT;
diff --git a/net/haproxy/patches/0034-BUG-MINOR-cache-Wrong-usage-of-shctx_init.patch b/net/haproxy/patches/0034-BUG-MINOR-cache-Wrong-usage-of-shctx_init.patch
@@ -0,0 +1,28 @@
+commit 68c23dedaaae8f29d26c4791b30d138ed1411548
+Author: Frédéric Lécaille <[email protected]>
+Date:   Thu Oct 25 20:18:59 2018 +0200
+
+    BUG/MINOR: cache: Wrong usage of shctx_init().
+
+    With this patch we check that shctx_init() does not returns 0.
+    This is possible if the maxblocks argument, which is passed as an
+    int, is negative due to an implicit conversion.
+
+    Must be backported to 1.8.
+
+    (cherry picked from commit bc584494e625983f16f35982aa6dd6889e8dd222)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/src/cache.c b/src/cache.c
+index df3649ea..667cede3 100644
+--- a/src/cache.c
++++ b/src/cache.c
+@@ -837,7 +837,7 @@ int cfg_post_parse_section_cache()
+
+ 		ret_shctx = shctx_init(&shctx, tmp_cache_config->maxblocks, CACHE_BLOCKSIZE, sizeof(struct cache), 1);
+
+-		if (ret_shctx < 0) {
++		if (ret_shctx <= 0) {
+ 			if (ret_shctx == SHCTX_E_INIT_LOCK)
+ 				ha_alert("Unable to initialize the lock for the cache.\n");
+ 			else
diff --git a/net/haproxy/patches/0035-BUG-MINOR-ssl-Wrong-usage-of-shctx_init.patch b/net/haproxy/patches/0035-BUG-MINOR-ssl-Wrong-usage-of-shctx_init.patch
@@ -0,0 +1,26 @@
+commit 49f82640bf3c9a9c808568344bfa94d279c95b7e
+Author: Frédéric Lécaille <[email protected]>
+Date:   Thu Oct 25 20:22:46 2018 +0200
+
+    BUG/MINOR: ssl: Wrong usage of shctx_init().
+
+    With this patch we check that shctx_init() does not return 0.
+
+    Must be backported to 1.8.
+
+    (cherry picked from commit 4c8aa117f9bda3b5253f03ad5a7135a9165060f5)
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
+index cfbc38b7..19e41743 100644
+--- a/src/ssl_sock.c
++++ b/src/ssl_sock.c
+@@ -4768,7 +4768,7 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
+ 		                       sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
+ 		                       sizeof(*sh_ssl_sess_tree),
+ 		                       ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
+-		if (alloc_ctx < 0) {
++		if (alloc_ctx <= 0) {
+ 			if (alloc_ctx == SHCTX_E_INIT_LOCK)
+ 				ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
+ 			else
diff --git a/net/haproxy/patches/0036-DOC-cache-Missing-information-about-total-max-size.patch b/net/haproxy/patches/0036-DOC-cache-Missing-information-about-total-max-size.patch
@@ -0,0 +1,24 @@
+commit 9c416cf3cc449fd46880d5a7c3fdd1bb98447b68
+Author: Frédéric Lécaille <[email protected]>
+Date:   Thu Oct 25 10:46:40 2018 +0200
+
+    DOC: cache: Missing information about "total-max-size"
+
+    (cherry picked from commit e3c83d80e3aadb7b2641b861725c9d1dd7dc6713)
+    [wt: this only retrieves from the original patch the part related to
+         the max configurable size for total-max-size]
+    Signed-off-by: Willy Tarreau <[email protected]>
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index 7a268386..09980248 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -17132,7 +17132,7 @@ cache <name>
+
+ total-max-size <megabytes>
+   Define the size in RAM of the cache in megabytes. This size is split in
+-  blocks of 1kB which are used by the cache entries.
++  blocks of 1kB which are used by the cache entries. Its maximum value is 4095.
+
+ max-age <seconds>
+   Define the maximum expiration duration. The expiration is set has the lowest