From bee294f65fc4770d844e95a0d9443896818b271f Mon Sep 17 00:00:00 2001 From: Carl George Date: Jul 26 2019 16:29:27 +0000 Subject: Latest upstream 2.0.3 https://bugzilla.redhat.com/show_bug.cgi?id=1690492 --- diff --git a/.gitignore b/.gitignore index d8c6efa..73fb3c8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,60 +1 @@ -*~ -haproxy-1.4.8.tar.gz -/haproxy-1.4.11.tar.gz -/haproxy-1.4.15.tar.gz -/haproxy-1.4.18.tar.gz -/haproxy-1.4.19.tar.gz -/haproxy-1.4.20.tar.gz -/haproxy-1.4.22.tar.gz -/haproxy-1.4.23.tar.gz -/haproxy-1.4.24.tar.gz -/haproxy-1.4.25.tar.gz -/haproxy-1.5.0.tar.gz -/haproxy-1.5.1.tar.gz -/haproxy-1.5.2.tar.gz -/haproxy-1.5.3.tar.gz -/haproxy-1.5.4.tar.gz -/haproxy-1.5.5.tar.gz -/haproxy-1.5.6.tar.gz -/haproxy-1.5.7.tar.gz -/haproxy-1.5.8.tar.gz -/haproxy-1.5.9.tar.gz -/haproxy-1.5.10.tar.gz -/haproxy-1.5.11.tar.gz -/haproxy-1.5.12.tar.gz -/haproxy-1.5.13.tar.gz -/haproxy-1.5.14.tar.gz -/haproxy-1.6.0.tar.gz -/haproxy-1.6.1.tar.gz -/haproxy-1.6.2.tar.gz -/haproxy-1.6.3.tar.gz -/haproxy-1.6.5.tar.gz -/haproxy-1.6.6.tar.gz -/haproxy-1.6.7.tar.gz -/haproxy-1.6.9.tar.gz -/haproxy-1.6.10.tar.gz -/haproxy-1.7.0.tar.gz -/haproxy-1.7.1.tar.gz -/haproxy-1.7.2.tar.gz -/haproxy-1.7.3.tar.gz -/haproxy-1.7.8.tar.gz -/haproxy-1.7.9.tar.gz -/haproxy-1.8.1.tar.gz -/haproxy-1.8.2.tar.gz -/haproxy-1.8.3.tar.gz -/haproxy-1.8.4.tar.gz -/haproxy-1.8.5.tar.gz -/haproxy-1.8.6.tar.gz -/haproxy-1.8.7.tar.gz -/haproxy-1.8.8.tar.gz -/haproxy-1.8.9.tar.gz -/haproxy-1.8.10.tar.gz -/haproxy-1.8.11.tar.gz -/haproxy-1.8.12.tar.gz -/haproxy-1.8.13.tar.gz -/haproxy-1.8.14.tar.gz -/haproxy-1.8.15.tar.gz -/haproxy-1.8.16.tar.gz -/haproxy-1.8.17.tar.gz -/haproxy-1.8.19.tar.gz -/haproxy-1.8.20.tar.gz +haproxy-*.tar.gz diff --git a/0001-BUG-MEDIUM-auth-threads-use-of-crypt-not-thread-safe.patch b/0001-BUG-MEDIUM-auth-threads-use-of-crypt-not-thread-safe.patch deleted file mode 100644 index a0149e5..0000000 --- a/0001-BUG-MEDIUM-auth-threads-use-of-crypt-not-thread-safe.patch +++ /dev/null @@ -1,83 +0,0 @@ -From a873c161d251abd025008034c0ddef8cd7f39511 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Mon, 29 Oct 2018 18:02:54 +0100 -Subject: BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe - -It was reported here that authentication may fail when threads are -enabled : - - https://bugzilla.redhat.com/show_bug.cgi?id=1643941 - -While I couldn't reproduce the issue, it's obvious that there is a -problem with the use of the non-reentrant crypt() function there. -On Linux systems there's crypt_r() but not on the vast majority of -other ones. Thus a first approach consists in placing a lock around -this crypt() call. Another patch may relax it when crypt_r() is -available. - -This fix must be backported to 1.8. Thanks to Ryan O'Hara for the -quick notification. - -(cherry picked from commit 34d4b525a129baa6f52a930ae629ddb1ba4255c2) -Signed-off-by: Willy Tarreau ---- - include/common/hathreads.h | 2 ++ - src/auth.c | 7 +++++++ - 2 files changed, 9 insertions(+) - -diff --git a/include/common/hathreads.h b/include/common/hathreads.h -index 44bd66d1d..24fb1d1a7 100644 ---- a/include/common/hathreads.h -+++ b/include/common/hathreads.h -@@ -373,6 +373,7 @@ enum lock_label { - START_LOCK, - TLSKEYS_REF_LOCK, - PENDCONN_LOCK, -+ AUTH_LOCK, - LOCK_LABELS - }; - struct lock_stat { -@@ -495,6 +496,7 @@ static inline const char *lock_label(enum lock_label label) - case START_LOCK: return "START"; - case TLSKEYS_REF_LOCK: return "TLSKEYS_REF"; - case PENDCONN_LOCK: return "PENDCONN"; -+ case AUTH_LOCK: return "AUTH"; - case LOCK_LABELS: break; /* keep compiler happy */ - }; - /* only way to come here is consecutive to an internal bug */ -diff --git a/src/auth.c b/src/auth.c -index a2c689f76..e0fb13522 100644 ---- a/src/auth.c -+++ b/src/auth.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -37,6 +38,10 @@ - - struct userlist *userlist = NULL; /* list of all existing userlists */ - -+#ifdef CONFIG_HAP_CRYPT -+__decl_hathreads(static HA_SPINLOCK_T auth_lock); -+#endif -+ - /* find targets for selected gropus. The function returns pointer to - * the userlist struct ot NULL if name is NULL/empty or unresolvable. - */ -@@ -245,7 +250,9 @@ check_user(struct userlist *ul, const char *user, const char *pass) - - if (!(u->flags & AU_O_INSECURE)) { - #ifdef CONFIG_HAP_CRYPT -+ HA_SPIN_LOCK(AUTH_LOCK, &auth_lock); - ep = crypt(pass, u->pass); -+ HA_SPIN_UNLOCK(AUTH_LOCK, &auth_lock); - #else - return 0; - #endif --- -2.14.4 - diff --git a/haproxy.spec b/haproxy.spec index 7ed414d..d434632 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -7,14 +7,14 @@ %global _hardened_build 1 Name: haproxy -Version: 1.8.20 +Version: 2.0.3 Release: 1%{?dist} Summary: HAProxy reverse proxy for high availability environments License: GPLv2+ URL: http://www.haproxy.org/ -Source0: http://www.haproxy.org/download/1.8/src/haproxy-%{version}.tar.gz +Source0: http://www.haproxy.org/download/2.0/src/haproxy-%{version}.tar.gz Source1: %{name}.service Source2: %{name}.cfg Source3: %{name}.logrotate @@ -55,7 +55,7 @@ regparm_opts= regparm_opts="USE_REGPARM=1" %endif -%{__make} %{?_smp_mflags} CPU="generic" TARGET="linux2628" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 ${regparm_opts} ADDINC="%{optflags}" ADDLIB="%{__global_ldflags}" +%{__make} %{?_smp_mflags} CPU="generic" TARGET="linux-glibc" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 ${regparm_opts} ADDINC="%{optflags}" ADDLIB="%{__global_ldflags}" pushd contrib/halog %{__make} ${halog} OPTIMIZE="%{optflags} %{build_ldflags}" @@ -66,7 +66,7 @@ pushd contrib/iprange popd %install -%{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux2628" +%{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux-glibc" %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service @@ -132,6 +132,9 @@ exit 0 %{_mandir}/man1/* %changelog +* Fri Jul 26 2019 Carl George - 2.0.3-1 +- Latest upstream rhbz#1690492 + * Fri May 17 2019 Ryan O'Hara - 1.8.20-1 - Update to 1.8.20 diff --git a/sources b/sources index 2eddcb3..b13b6a7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (haproxy-1.8.20.tar.gz) = c288ccf223da71a29ae0f08f3c9753002735816229ea83ca497d46c860fb8a4bd422077a94652aa475e48aefb78787979cdce7f1bd0b5919dc671ba25212c133 +SHA512 (haproxy-2.0.3.tar.gz) = dd7eaf7e05c9b3ee162fcc17bc116f81184523437d6f4dbd940b0a6a8e4d01e1984fc8fabafcfc20261203e60e8bd0bc5b0bf813f5eff47b9ba364465bd0633c