From fdf30b4e39f20ab1103f35a866a389858727aa02 Mon Sep 17 00:00:00 2001 From: xh Date: Mon, 24 Jun 2024 09:08:10 +0000 Subject: [PATCH] backport upstream patches (cherry picked from commit dd6bca601df69630b08394741d61a08a11f9dfdc) --- ...-source-interface-ignored-from-defau.patch | 45 +++++++++++++++++++ haproxy.spec | 9 +++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch diff --git a/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch b/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch new file mode 100644 index 0000000..cc0b736 --- /dev/null +++ b/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch @@ -0,0 +1,45 @@ +From ada8c0e37df568c58e3a328c171d6f27bcfbe652 Mon Sep 17 00:00:00 2001 +From: Aurelien DARRAGON +Date: Tue, 26 Mar 2024 10:42:48 +0100 +Subject: [PATCH] BUG/MINOR: server: 'source' interface ignored from + 'default-server' directive + +Sebastien Gross reported that 'interface' keyword ('source' subargument) +is silently ignored when used from 'default-server' directive despite the +documentation implicitly stating that the keyword should be supported +there. + +When support for 'source' keyword was added to 'default-server' directive +in dba97077 ("MINOR: server: Make 'default-server' support 'source' +keyword."), we properly duplicated the conn iface_name from the default- +server but we forgot to copy the conn iface_len which must be set as well +since it is used as setsockopt()'s 'optlen' argument in +tcp_connect_server(). + +It should be backported to all stable versions. + +(cherry picked from commit bd98db50785b6cef946d38715b48f72e7ca73a59) +Signed-off-by: Christopher Faulet + +Conflict: NA +Reference: https://git.haproxy.org/?p=haproxy-2.9.git;a=patch;h=ada8c0e37df568c58e3a328c171d6f27bcfbe652 +--- + src/server.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/server.c b/src/server.c +index ef70a8f27583..1d88e4a3df1e 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -2507,8 +2507,10 @@ static void srv_conn_src_cpy(struct server *srv, const struct server *src) + srv->conn_src.bind_hdr_occ = src->conn_src.bind_hdr_occ; + srv->conn_src.tproxy_addr = src->conn_src.tproxy_addr; + #endif +- if (src->conn_src.iface_name != NULL) ++ if (src->conn_src.iface_name != NULL) { + srv->conn_src.iface_name = strdup(src->conn_src.iface_name); ++ srv->conn_src.iface_len = src->conn_src.iface_len; ++ } + } + + /* diff --git a/haproxy.spec b/haproxy.spec index b3963b1..df428f1 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -5,7 +5,7 @@ Name: haproxy Version: 2.9.5 -Release: 2 +Release: 3 Summary: The Reliable, High Performance TCP/HTTP Load Balancer License: GPLv2+ @@ -16,6 +16,7 @@ Source2: %{name}.cfg Source3: %{name}.logrotate Source4: %{name}.sysconfig +Patch1: backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic Requires(pre): shadow-utils @@ -120,6 +121,12 @@ exit 0 %{_mandir}/man1/* %changelog +* Mon Jun 24 2024 xinghe - 2.9.5-3 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:server: 'source' interface ignored from 'default-server' directive + * Thu Feb 22 2024 luofng - 2.9.5-2 - Type:enhencement - CVE:NA -- Gitee