Hello community,
here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2015-04-07 09:29:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haproxy (Old)
and /work/SRC/openSUSE:Factory/.haproxy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy"
Changes:
--------
--- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2015-03-11 09:58:15.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2015-04-07 09:29:15.000000000 +0200
@@ -1,0 +2,19 @@
+Thu Apr 2 10:54:29 UTC 2015 - mrueckert@suse.de
+
+- pull 3 patches from upstream:
+ 0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
+ 0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
+ 0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
+
+-------------------------------------------------------------------
+Mon Mar 16 15:00:13 UTC 2015 - kgronlund@suse.com
+
+- pull 3 patches from upstream:
+ - BUG/MEDIUM: peers: correctly configure the client timeout
+ - BUG/MEDIUM: buffer: one byte miss in buffer free space check
+ - BUG/MAJOR: http: don't read past buffer's end in http_replace_value
+- Add 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
+- Add 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
+- Add 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
+
+-------------------------------------------------------------------
New:
----
0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haproxy.spec ++++++
--- /var/tmp/diff_new_pack.riNh8q/_old 2015-04-07 09:29:15.000000000 +0200
+++ /var/tmp/diff_new_pack.riNh8q/_new 2015-04-07 09:29:15.000000000 +0200
@@ -64,6 +64,12 @@
Patch5: 0001-BUG-MINOR-pattern-error-message-missing.patch
Patch6: 0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
Patch7: 0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
+Patch8: 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
+Patch9: 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
+Patch10: 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
+Patch11: 0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
+Patch12: 0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
+Patch13: 0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
#
Source99: haproxy-rpmlintrc
#
@@ -101,6 +107,12 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
%build
%{__make} \
++++++ 0001-BUG-MINOR-pattern-error-message-missing.patch ++++++
--- /var/tmp/diff_new_pack.riNh8q/_old 2015-04-07 09:29:15.000000000 +0200
+++ /var/tmp/diff_new_pack.riNh8q/_new 2015-04-07 09:29:15.000000000 +0200
@@ -1,7 +1,7 @@
From e338a8741983acc9a4501a03ecd593d89e6fade3 Mon Sep 17 00:00:00 2001
From: Thierry FOURNIER
From fc940eb2bf0bbd7adf5b283f28bcff136501ae7f Mon Sep 17 00:00:00 2001 From: Willy Tarreau
Date: Fri, 13 Mar 2015 16:18:25 +0100 Subject: [PATCH 4/9] BUG/MEDIUM: peers: correctly configure the client timeout
The peers frontend timeout was mistakenly set on timeout.connect instead of timeout.client, resulting in no timeout being applied to the peers connections. The impact is just that peers can establish connections and remain connected until they speak. Once they start speaking, only one of them will still be accepted, and old sessions will be killed, so the problem is limited. This fix should however be backported to 1.5 since it was introduced in 1.5-dev3 with peers. (cherry picked from commit 9ff95bb18c4cd9ae747fa5b3bef6d3f94e54172f) --- src/cfgparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cfgparse.c b/src/cfgparse.c index a91e027..b7613b8 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -1834,7 +1834,7 @@ int cfg_parse_peers(const char *file, int linenum, char **args, int kwm) curpeers->peers_fe->cap = PR_CAP_FE; curpeers->peers_fe->maxconn = 0; curpeers->peers_fe->conn_retries = CONN_RETRIES; - curpeers->peers_fe->timeout.connect = 5000; + curpeers->peers_fe->timeout.client = MS_TO_TICKS(5000); curpeers->peers_fe->accept = peer_accept; curpeers->peers_fe->options2 |= PR_O2_INDEPSTR | PR_O2_SMARTCON | PR_O2_SMARTACC; curpeers->peers_fe->conf.args.file = curpeers->peers_fe->conf.file = strdup(file); -- 2.1.4 ++++++ 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch ++++++
From b92902814f796bb1dc24bab2179000caceb5b151 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER
Date: Tue, 10 Mar 2015 01:55:01 +0100 Subject: [PATCH 5/9] BUG/MEDIUM: buffer: one byte miss in buffer free space check
Space is not avalaible only if the end of the data inserted is strictly greater than the end of buffer. If these two value are equal, the space is avamaible. (cherry picked from commit fdda6777bffb4f933569c609ba54e24ea5eabf29) --- src/buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/buffer.c b/src/buffer.c index 9037dd3..8d2644e 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -46,7 +46,7 @@ int buffer_replace2(struct buffer *b, char *pos, char *end, const char *str, int delta = len - (end - pos); - if (bi_end(b) + delta >= b->data + b->size) + if (bi_end(b) + delta > b->data + b->size) return 0; /* no space left */ if (buffer_not_empty(b) && -- 2.1.4 ++++++ 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch ++++++
From 8e05ac2044c6523c867ceaaae1f10486370eec89 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER
Date: Mon, 16 Mar 2015 11:14:41 +0100 Subject: [PATCH 6/9] BUG/MAJOR: http: don't read past buffer's end in http_replace_value
The function http_replace_value use bad variable to detect the end of the input string. Regression introduced by the patch "MEDIUM: regex: Remove null terminated strings." (c9c2daf2) We need to backport this patch int the 1.5 stable branch. WT: there is no possibility to overwrite existing data as we only read past the end of the request buffer, to copy into the trash. The copy is bounded by buffer_replace2(), just like the replacement performed by exp_replace(). However if a buffer happens to contain non-zero data up to the next unmapped page boundary, there's a theorical risk of crashing the process despite this not being reproducible in tests. The risk is low because "http-request replace-value" did not work due to this bug so that probably means it's not used yet. (cherry picked from commit 534101658d6e19aeb598bf7833a8ce167498c4ed) --- src/proto_http.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index 705f3b4..f53b5e2 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -3206,7 +3206,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha /* look for delim. */ p_delim = p; - while (p_delim < p + len && *p_delim != delim) + while (p_delim < val + len && *p_delim != delim) p_delim++; if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) { @@ -3230,7 +3230,7 @@ static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, cha return -1; /* end of the replacements. */ - if (p_delim >= p + len) + if (p_delim >= val + len) break; /* Next part. */ -- 2.1.4 ++++++ 0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch ++++++
From 06170c50ae5cd0fb23510b832826f7e63a5a8894 Mon Sep 17 00:00:00 2001 From: Thierry FOURNIER
Date: Mon, 16 Mar 2015 23:23:53 +0100 Subject: [PATCH 7/9] BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax
These function used an invalid header parser. - The trailing white-spaces were embedded in the replacement regex, - The double-quote (") containing comma (,) were not respected. This patch replace this parser by the "official" parser http_find_header2(). (cherry picked from commit 191f9efdc58f21af1d9dde3db5ba198d7f1ce22e) --- src/proto_http.c | 126 +++++++++++++++---------------------------------------- 1 file changed, 34 insertions(+), 92 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index f53b5e2..c49c4f4 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -3179,113 +3179,55 @@ static inline void inet_set_tos(int fd, struct sockaddr_storage from, int tos) #endif } -/* Returns the number of characters written to destination, - * -1 on internal error and -2 if no replacement took place. - */ -static int http_replace_header(struct my_regex *re, char *dst, uint dst_size, char *val, int len, - const char *rep_str) -{ - if (!regex_exec_match2(re, val, len, MAX_MATCH, pmatch)) - return -2; - - return exp_replace(dst, dst_size, val, rep_str, pmatch); -} - -/* Returns the number of characters written to destination, - * -1 on internal error and -2 if no replacement took place. - */ -static int http_replace_value(struct my_regex *re, char *dst, uint dst_size, char *val, int len, char delim, - const char *rep_str) -{ - char* p = val; - char* dst_end = dst + dst_size; - char* dst_p = dst; - - for (;;) { - char *p_delim; - - /* look for delim. */ - p_delim = p; - while (p_delim < val + len && *p_delim != delim) - p_delim++; - - if (regex_exec_match2(re, p, p_delim-p, MAX_MATCH, pmatch)) { - int replace_n = exp_replace(dst_p, dst_end - dst_p, p, rep_str, pmatch); - - if (replace_n < 0) - return -1; - - dst_p += replace_n; - } else { - uint len = p_delim - p; - - if (dst_p + len >= dst_end) - return -1; - - memcpy(dst_p, p, len); - dst_p += len; - } - - if (dst_p >= dst_end) - return -1; - - /* end of the replacements. */ - if (p_delim >= val + len) - break; - - /* Next part. */ - *dst_p++ = delim; - p = p_delim + 1; - } - - return dst_p - dst; -} - static int http_transform_header(struct session* s, struct http_msg *msg, const char* name, uint name_len, char* buf, struct hdr_idx* idx, struct list *fmt, struct my_regex *re, struct hdr_ctx* ctx, int action) { + int (*http_find_hdr_func)(const char *name, int len, char *sol, + struct hdr_idx *idx, struct hdr_ctx *ctx); + struct chunk *replace = get_trash_chunk(); + struct chunk *output = get_trash_chunk(); + + replace->len = build_logline(s, replace->str, replace->size, fmt); + if (replace->len >= replace->size - 1) + return -1; + ctx->idx = 0; - while (http_find_full_header2(name, name_len, buf, idx, ctx)) { + /* Choose the header browsing function. */ + switch (action) { + case HTTP_REQ_ACT_REPLACE_VAL: + case HTTP_RES_ACT_REPLACE_VAL: + http_find_hdr_func = http_find_header2; + break; + case HTTP_REQ_ACT_REPLACE_HDR: + case HTTP_RES_ACT_REPLACE_HDR: + http_find_hdr_func = http_find_full_header2; + break; + default: /* impossible */ + return -1; + } + + while (http_find_hdr_func(name, name_len, buf, idx, ctx)) { struct hdr_idx_elem *hdr = idx->v + ctx->idx; int delta; - char* val = (char*)ctx->line + ctx->val; - char* val_end = (char*)ctx->line + hdr->len; - char* reg_dst_buf; - uint reg_dst_buf_size; - int n_replaced; - - trash.len = build_logline(s, trash.str, trash.size, fmt); - - if (trash.len >= trash.size - 1) - return -1; + char *val = ctx->line + ctx->val; + char* val_end = val + ctx->vlen; - reg_dst_buf = trash.str + trash.len + 1; - reg_dst_buf_size = trash.size - trash.len - 1; + if (!regex_exec_match2(re, val, val_end-val, MAX_MATCH, pmatch)) + continue; - switch (action) { - case HTTP_REQ_ACT_REPLACE_VAL: - case HTTP_RES_ACT_REPLACE_VAL: - n_replaced = http_replace_value(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, ',', trash.str); - break; - case HTTP_REQ_ACT_REPLACE_HDR: - case HTTP_RES_ACT_REPLACE_HDR: - n_replaced = http_replace_header(re, reg_dst_buf, reg_dst_buf_size, val, val_end-val, trash.str); - break; - default: /* impossible */ + output->len = exp_replace(output->str, output->size, val, replace->str, pmatch); + if (output->len == -1) return -1; - } - switch (n_replaced) { - case -1: return -1; - case -2: continue; - } - - delta = buffer_replace2(msg->chn->buf, val, val_end, reg_dst_buf, n_replaced); + delta = buffer_replace2(msg->chn->buf, val, val_end, output->str, output->len); hdr->len += delta; http_msg_move_end(msg, delta); + + /* Adjust the length of the current value of the index. */ + ctx->vlen += delta; } return 0; -- 2.1.4 ++++++ 0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch ++++++
From 9b9531d90dfd8a334958d23394afafd0185bfa21 Mon Sep 17 00:00:00 2001 From: Willy Tarreau
Date: Sat, 28 Mar 2015 12:20:33 +0100 Subject: [PATCH 8/9] BUG/MINOR: compression: consider the expansion factor in init
When checking if the buffer is large enough, we used to rely on a fixed size that was "apparently" enough. We need to consider the expansion factor of deflate-encoded streams instead, which is of 5 bytes per 32kB. The previous value was OK till 128kB buffers but became wrong past that. It's totally harmless since we always keep the reserve when compressiong, so there's 1kB or so available, which is enough for buffers as large as 6.5 MB, but better fix the check anyway. This fix could be backported into 1.5 since compression was added there. (cherry picked from commit 2aee2215c908c6997addcd1714b5b10f73c0703d) --- src/compression.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/compression.c b/src/compression.c index 3d6085e..d55f14e 100644 --- a/src/compression.c +++ b/src/compression.c @@ -130,9 +130,12 @@ int http_compression_buffer_init(struct session *s, struct buffer *in, struct bu { int left; - /* not enough space */ - if (in->size - buffer_len(in) < 40) - return -1; + /* output stream requires at least 10 bytes for the gzip header, plus + * at least 8 bytes for the gzip trailer (crc+len), plus a possible + * plus at most 5 bytes per 32kB block and 2 bytes to close the stream. + */ + if (in->size - buffer_len(in) < 20 + 5 * ((in->i + 32767) >> 15)) + return -1; /* We start by copying the current buffer's pending outgoing data into * a new temporary buffer that we initialize with a new empty chunk. -- 2.1.4 ++++++ 0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch ++++++
From 2943734024525d4b9aeec13cca2c1d230c358ee5 Mon Sep 17 00:00:00 2001 From: Willy Tarreau
Date: Wed, 1 Apr 2015 19:16:09 +0200 Subject: [PATCH 9/9] BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
It's documented that these sample fetch functions should count all headers and/or all values when called with no name but in practice it's not what is being done as a missing name causes an immediate return and an absence of result. This bug is present in 1.5 as well and must be backported. (cherry picked from commit 601a4d1741100d7a861b6d9b66561335c9911277) --- src/proto_http.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index c49c4f4..ccd52ad 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -10014,15 +10014,19 @@ smp_fetch_fhdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int struct hdr_ctx ctx; const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; int cnt; + const char *name = NULL; + int len = 0; - if (!args || args->type != ARGT_STR) - return 0; + if (args && args->type == ARGT_STR) { + name = args->data.str.str; + len = args->data.str.len; + } CHECK_HTTP_MESSAGE_FIRST(); ctx.idx = 0; cnt = 0; - while (http_find_full_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx)) + while (http_find_full_header2(name, len, msg->chn->buf->p, idx, &ctx)) cnt++; smp->type = SMP_T_UINT; @@ -10101,15 +10105,19 @@ smp_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int o struct hdr_ctx ctx; const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; int cnt; + const char *name = NULL; + int len = 0; - if (!args || args->type != ARGT_STR) - return 0; + if (args && args->type == ARGT_STR) { + name = args->data.str.str; + len = args->data.str.len; + } CHECK_HTTP_MESSAGE_FIRST(); ctx.idx = 0; cnt = 0; - while (http_find_header2(args->data.str.str, args->data.str.len, msg->chn->buf->p, idx, &ctx)) + while (http_find_header2(name, len, msg->chn->buf->p, idx, &ctx)) cnt++; smp->type = SMP_T_UINT; -- 2.1.4
participants (1)
-
root@hilbert.suse.de