From 240a7ab9bc06216b27bb493c94984d118f7e2abe Mon Sep 17 00:00:00 2001 From: xh Date: Mon, 24 Jun 2024 09:17:59 +0000 Subject: [PATCH] backport upstream patches --- ...-source-interface-ignored-from-defau.patch | 51 +++++++++++++++++++ haproxy.spec | 9 +++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch diff --git a/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch b/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch new file mode 100644 index 0000000..3bf482b --- /dev/null +++ b/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch @@ -0,0 +1,51 @@ +From b7ff822695e72695dfd753be23ff11fc97696fb3 Mon Sep 17 00:00:00 2001 +From: Aurelien DARRAGON +Date: Tue, 26 Mar 2024 10:42:48 +0100 +Subject: [PATCH] BUG/MINOR: server: 'source' interface ignored from + 'default-server' directive + +Sebastien Gross reported that 'interface' keyword ('source' subargument) +is silently ignored when used from 'default-server' directive despite the +documentation implicitly stating that the keyword should be supported +there. + +When support for 'source' keyword was added to 'default-server' directive +in dba97077 ("MINOR: server: Make 'default-server' support 'source' +keyword."), we properly duplicated the conn iface_name from the default- +server but we forgot to copy the conn iface_len which must be set as well +since it is used as setsockopt()'s 'optlen' argument in +tcp_connect_server(). + +It should be backported to all stable versions. + +(cherry picked from commit bd98db50785b6cef946d38715b48f72e7ca73a59) +Signed-off-by: Christopher Faulet +(cherry picked from commit ada8c0e37df568c58e3a328c171d6f27bcfbe652) +Signed-off-by: Christopher Faulet +(cherry picked from commit 92b935e99aef7573e658ff53858619bca737aeaf) +Signed-off-by: Christopher Faulet +(cherry picked from commit 8acf8e51f8a0cbeea778f2c392dad7a7e068a075) +Signed-off-by: Christopher Faulet + +Conflict: NA +Reference: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=b7ff822695e72695dfd753be23ff11fc97696fb3 +--- + src/server.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/server.c b/src/server.c +index ad206237295c8..5bdc31e427cc4 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -2052,8 +2052,10 @@ static void srv_conn_src_cpy(struct server *srv, const struct server *src) + srv->conn_src.bind_hdr_occ = src->conn_src.bind_hdr_occ; + srv->conn_src.tproxy_addr = src->conn_src.tproxy_addr; + #endif +- if (src->conn_src.iface_name != NULL) ++ if (src->conn_src.iface_name != NULL) { + srv->conn_src.iface_name = strdup(src->conn_src.iface_name); ++ srv->conn_src.iface_len = src->conn_src.iface_len; ++ } + } + + /* diff --git a/haproxy.spec b/haproxy.spec index 93d2af6..c9db87f 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -5,7 +5,7 @@ Name: haproxy Version: 2.6.6 -Release: 10 +Release: 11 Summary: The Reliable, High Performance TCP/HTTP Load Balancer License: GPLv2+ @@ -36,6 +36,7 @@ Patch15: backport-ssl_sock-add-check-for-ha_meth.patch Patch16: backport-thread-add-a-check-for-pthread_create.patch Patch17: backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch Patch18: backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch +Patch19: backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic %ifarch sw_64 @@ -140,6 +141,12 @@ exit 0 %{_mandir}/man1/* %changelog +* Mon Jun 24 2024 xinghe - 2.6.6-11 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:server: 'source' interface ignored from 'default-server' directive + * Mon Mar 11 2024 xinghe - 2.6.6-10 - Type:bugfix - CVE:NA -- Gitee