From 4ae4a0873c5368a995d36676ba15e36c8644f919 Mon Sep 17 00:00:00 2001 From: zouzhimin Date: Wed, 12 Jun 2024 01:10:50 +0800 Subject: [PATCH] BUG/MINOR: server: 'source' interface ignored from 'default-server' directive --- ...gnored-from-default-server-directive.patch | 50 +++++++++++++++++++ haproxy.spec | 9 +++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 backport-BUG-MINOR-server-source-interface-ignored-from-default-server-directive.patch diff --git a/backport-BUG-MINOR-server-source-interface-ignored-from-default-server-directive.patch b/backport-BUG-MINOR-server-source-interface-ignored-from-default-server-directive.patch new file mode 100644 index 0000000..412b1bf --- /dev/null +++ b/backport-BUG-MINOR-server-source-interface-ignored-from-default-server-directive.patch @@ -0,0 +1,50 @@ +From b7ff822695e72695dfd753be23ff11fc97696fb3 Mon Sep 17 00:00:00 2001 +From: Aurelien DARRAGON +Date: Tue, 26 Mar 2024 10:42:48 +0100 +Subject: [PATCH] BUG/MINOR: server: 'source' interface ignored from + 'default-server' directive + +Sebastien Gross reported that 'interface' keyword ('source' subargument) +is silently ignored when used from 'default-server' directive despite the +documentation implicitly stating that the keyword should be supported +there. + +When support for 'source' keyword was added to 'default-server' directive +in dba97077 ("MINOR: server: Make 'default-server' support 'source' +keyword."), we properly duplicated the conn iface_name from the default- +server but we forgot to copy the conn iface_len which must be set as well +since it is used as setsockopt()'s 'optlen' argument in +tcp_connect_server(). + +It should be backported to all stable versions. + +(cherry picked from commit bd98db50785b6cef946d38715b48f72e7ca73a59) +Signed-off-by: Christopher Faulet +(cherry picked from commit ada8c0e37df568c58e3a328c171d6f27bcfbe652) +Signed-off-by: Christopher Faulet +(cherry picked from commit 92b935e99aef7573e658ff53858619bca737aeaf) +Signed-off-by: Christopher Faulet +(cherry picked from commit 8acf8e51f8a0cbeea778f2c392dad7a7e068a075) +Signed-off-by: Christopher Faulet +--- + src/server.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/server.c b/src/server.c +index ad20623..5bdc31e 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -2052,8 +2052,10 @@ static void srv_conn_src_cpy(struct server *srv, const struct server *src) + srv->conn_src.bind_hdr_occ = src->conn_src.bind_hdr_occ; + srv->conn_src.tproxy_addr = src->conn_src.tproxy_addr; + #endif +- if (src->conn_src.iface_name != NULL) ++ if (src->conn_src.iface_name != NULL) { + srv->conn_src.iface_name = strdup(src->conn_src.iface_name); ++ srv->conn_src.iface_len = src->conn_src.iface_len; ++ } + } + + /* +-- +1.7.10.4 diff --git a/haproxy.spec b/haproxy.spec index 93d2af6..9300ae5 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -5,7 +5,7 @@ Name: haproxy Version: 2.6.6 -Release: 10 +Release: 11 Summary: The Reliable, High Performance TCP/HTTP Load Balancer License: GPLv2+ @@ -36,6 +36,7 @@ Patch15: backport-ssl_sock-add-check-for-ha_meth.patch Patch16: backport-thread-add-a-check-for-pthread_create.patch Patch17: backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch Patch18: backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch +Patch19: backport-BUG-MINOR-server-source-interface-ignored-from-default-server-directive.patch BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic %ifarch sw_64 @@ -140,6 +141,12 @@ exit 0 %{_mandir}/man1/* %changelog +* Mon Jun 24 2024 zouzhimin - 2.6.6-11 +- Type:bugfix +- CVE:NA +- SUG:restart +- DESC:server: 'source' interface ignored from 'default-server' directive + * Mon Mar 11 2024 xinghe - 2.6.6-10 - Type:bugfix - CVE:NA -- Gitee