backport upstream patches

2024-06-24 09:28:57 +00:00 · 2024-06-24 09:28:57 +00:00 · 3ce43447d9
commit 3ce43447d9
parent 9021ac06be
2 changed files with 63 additions and 1 deletions
--- a/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch
+++ b/backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch
@ -0,0 +1,55 @@
+From 0013757152ef499539377943e556a7f96acf605c Mon Sep 17 00:00:00 2001
+From: Aurelien DARRAGON <adarragon@haproxy.com>
+Date: Tue, 26 Mar 2024 10:42:48 +0100
+Subject: [PATCH] BUG/MINOR: server: 'source' interface ignored from
+ 'default-server' directive
+
+Sebastien Gross reported that 'interface' keyword ('source' subargument)
+is silently ignored when used from 'default-server' directive despite the
+documentation implicitly stating that the keyword should be supported
+there.
+
+When support for 'source' keyword was added to 'default-server' directive
+in dba97077 ("MINOR: server: Make 'default-server' support 'source'
+keyword."), we properly duplicated the conn iface_name from the default-
+server but we forgot to copy the conn iface_len which must be set as well
+since it is used as setsockopt()'s 'optlen' argument in
+tcp_connect_server().
+
+It should be backported to all stable versions.
+
+(cherry picked from commit bd98db50785b6cef946d38715b48f72e7ca73a59)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit ada8c0e37df568c58e3a328c171d6f27bcfbe652)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 92b935e99aef7573e658ff53858619bca737aeaf)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 8acf8e51f8a0cbeea778f2c392dad7a7e068a075)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit b7ff822695e72695dfd753be23ff11fc97696fb3)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit e34253add4973de6082795706cd105f2f5d8247e)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+Conflict: NA
+Reference: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=0013757152ef499539377943e556a7f96acf605c
+---
+ src/server.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/server.c b/src/server.c
+index 2b9340734cff0..d011d397aecff 100644
+--- a/src/server.c
+++ b/src/server.c
+@@ -1539,8 +1539,10 @@ static void srv_conn_src_cpy(struct server *srv, const struct server *src)
+ 	srv->conn_src.bind_hdr_occ = src->conn_src.bind_hdr_occ;
+ 	srv->conn_src.tproxy_addr  = src->conn_src.tproxy_addr;
+ #endif
+-	if (src->conn_src.iface_name != NULL)
+	if (src->conn_src.iface_name != NULL) {
+ 		srv->conn_src.iface_name = strdup(src->conn_src.iface_name);
+		srv->conn_src.iface_len = src->conn_src.iface_len;
+	}
+ }
+ 
+ /*
--- a/haproxy.spec
+++ b/haproxy.spec
@ -5,7 +5,7 @@

 Name:             haproxy
 Version:          2.2.16
-Release:          7
+Release:          8
 Summary:          The Reliable, High Performance TCP/HTTP Load Balancer

 License:          GPLv2+
@ -24,6 +24,7 @@ Patch0005:        CVE-2023-40225.patch
 Patch0006:        CVE-2023-0836.patch
 # https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6
 Patch0007:        CVE-2023-45539.patch
+Patch0008:        backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch

 BuildRequires:    gcc lua-devel pcre-devel zlib-devel openssl-devel systemd-devel systemd-units libatomic
 Requires:         %{name}-help = %{version}-%{release}
@ -131,6 +132,12 @@ exit 0
 %{_mandir}/man1/*

 %changelog
+* Mon Jun 24 2024 xinghe <xinghe2@h-partners.com> - 2.2.16-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:server: 'source' interface ignored from 'default-server' directive
+
 * Wed Dec 06 2023 yaoxin <yao_xin001@hoperun.com> - 2.2.16-7
 - Fix CVE-2023-45539