backport upstream patches

(cherry picked from commit 240a7ab9bc06216b27bb493c94984d118f7e2abe)

backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch

@@ -0,0 +1,51 @@
+From b7ff822695e72695dfd753be23ff11fc97696fb3 Mon Sep 17 00:00:00 2001
+From: Aurelien DARRAGON <adarragon@haproxy.com>
+Date: Tue, 26 Mar 2024 10:42:48 +0100
+Subject: [PATCH] BUG/MINOR: server: 'source' interface ignored from
+ 'default-server' directive
+
+Sebastien Gross reported that 'interface' keyword ('source' subargument)
+is silently ignored when used from 'default-server' directive despite the
+documentation implicitly stating that the keyword should be supported
+there.
+
+When support for 'source' keyword was added to 'default-server' directive
+in dba97077 ("MINOR: server: Make 'default-server' support 'source'
+keyword."), we properly duplicated the conn iface_name from the default-
+server but we forgot to copy the conn iface_len which must be set as well
+since it is used as setsockopt()'s 'optlen' argument in
+tcp_connect_server().
+
+It should be backported to all stable versions.
+
+(cherry picked from commit bd98db50785b6cef946d38715b48f72e7ca73a59)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit ada8c0e37df568c58e3a328c171d6f27bcfbe652)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 92b935e99aef7573e658ff53858619bca737aeaf)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+(cherry picked from commit 8acf8e51f8a0cbeea778f2c392dad7a7e068a075)
+Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+Conflict: NA
+Reference: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=b7ff822695e72695dfd753be23ff11fc97696fb3
+---
+ src/server.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/server.c b/src/server.c
+index ad206237295c8..5bdc31e427cc4 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -2052,8 +2052,10 @@ static void srv_conn_src_cpy(struct server *srv, const struct server *src)
+ 	srv->conn_src.bind_hdr_occ = src->conn_src.bind_hdr_occ;
+ 	srv->conn_src.tproxy_addr  = src->conn_src.tproxy_addr;
+ #endif
+-	if (src->conn_src.iface_name != NULL)
++	if (src->conn_src.iface_name != NULL) {
+ 		srv->conn_src.iface_name = strdup(src->conn_src.iface_name);
++		srv->conn_src.iface_len = src->conn_src.iface_len;
++	}
+ }
+ 
+ /*

haproxy.spec

@@ -5,7 +5,7 @@
 
 Name:             haproxy
 Version:          2.6.6
-Release:          10
+Release:          11
 Summary:          The Reliable, High Performance TCP/HTTP Load Balancer
 
 License:          GPLv2+
@@ -36,6 +36,7 @@ Patch15:          backport-ssl_sock-add-check-for-ha_meth.patch
 Patch16:          backport-thread-add-a-check-for-pthread_create.patch
 Patch17:          backport-BUG-MINOR-server-add-missing-free-for-server-rdr_pfx.patch
 Patch18:          backport-BUG-MINOR-server-do-not-leak-default-server-in-defau.patch
+Patch19:          backport-BUG-MINOR-server-source-interface-ignored-from-defau.patch
 
 BuildRequires:    gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
 %ifarch sw_64
@@ -140,6 +141,12 @@ exit 0
 %{_mandir}/man1/*
 
 %changelog
+* Mon Jun 24 2024 xinghe <xinghe2@h-partners.com> - 2.6.6-11
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:server: 'source' interface ignored from 'default-server' directive
+
 * Mon Mar 11 2024 xinghe <xinghe2@h-partners.com> - 2.6.6-10
 - Type:bugfix
 - CVE:NA