Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package haproxy for openSUSE:Factory checked
in at 2021-09-13 16:24:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haproxy (Old)
and /work/SRC/openSUSE:Factory/.haproxy.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy"
Mon Sep 13 16:24:10 2021 rev:107 rq:917318 version:2.4.4+git0.acb1d0bea
Changes:
--------
--- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2021-08-23
10:07:51.520268171 +0200
+++ /work/SRC/openSUSE:Factory/.haproxy.new.1899/haproxy.changes
2021-09-13 16:24:11.978721718 +0200
@@ -1,0 +2,27 @@
+Tue Sep 07 15:43:22 UTC 2021 - mrueck...@suse.de
+
+- Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877)
+ * [RELEASE] Released version 2.4.4
+ * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn
may receive"
+ * BUG/MAJOR: htx: fix missing header name length check in
htx_add_header/trailer
+ * CLEANUP: htx: remove comments about "must be < 256 MB"
+ * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
+ * DOC: configuration: remove wrong tcp-request examples in tcp-response
+ * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
+ * CLEANUP: Add missing include guard to signal.h
+ * BUG/MINOR: tools: Fix loop condition in dump_text()
+ * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
+ * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
+ * MINOR: time: add report_idle() to report process-wide idle time
+ * BUG/MINOR: time: fix idle time computation for long sleeps
+ * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
+ * MINOR: compiler: implement an ONLY_ONCE() macro
+ * BUG/MINOR: base64: base64urldec() ignores padding in output size check
+ * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
+ * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
+ * MINOR: hlua: take the global Lua lock inside a global function
+ * REGTESTS: abortonclose: after retries, 503 is expected, not close
+ * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
+ * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
+
+-------------------------------------------------------------------
Old:
----
haproxy-2.4.3+git0.4dd5a5a6c.tar.gz
New:
----
haproxy-2.4.4+git0.acb1d0bea.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haproxy.spec ++++++
--- /var/tmp/diff_new_pack.SDBrX0/_old 2021-09-13 16:24:13.510723489 +0200
+++ /var/tmp/diff_new_pack.SDBrX0/_new 2021-09-13 16:24:13.514723493 +0200
@@ -53,7 +53,7 @@
%endif
Name: haproxy
-Version: 2.4.3+git0.4dd5a5a6c
+Version: 2.4.4+git0.acb1d0bea
Release: 0
#
#
++++++ _service ++++++
--- /var/tmp/diff_new_pack.SDBrX0/_old 2021-09-13 16:24:13.554723539 +0200
+++ /var/tmp/diff_new_pack.SDBrX0/_new 2021-09-13 16:24:13.558723544 +0200
@@ -6,7 +6,7 @@
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
- <param name="revision">v2.4.3</param>
+ <param name="revision">v2.4.4</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.SDBrX0/_old 2021-09-13 16:24:13.574723562 +0200
+++ /var/tmp/diff_new_pack.SDBrX0/_new 2021-09-13 16:24:13.574723562 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-2.4.git</param>
- <param
name="changesrevision">4dd5a5a6cb7f865f897bf945fba30b2498207520</param>
+ <param
name="changesrevision">acb1d0beae32a1749480caa18ecc51e211c5f10a</param>
</service>
</servicedata>
\ No newline at end of file
++++++ haproxy-2.4.3+git0.4dd5a5a6c.tar.gz ->
haproxy-2.4.4+git0.acb1d0bea.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/CHANGELOG
new/haproxy-2.4.4+git0.acb1d0bea/CHANGELOG
--- old/haproxy-2.4.3+git0.4dd5a5a6c/CHANGELOG 2021-08-17 14:11:09.000000000
+0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/CHANGELOG 2021-09-07 16:17:15.000000000
+0200
@@ -1,6 +1,29 @@
ChangeLog :
===========
+2021/09/07 : 2.4.4
+ - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
+ - REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
+ - REGTESTS: abortonclose: after retries, 503 is expected, not close
+ - MINOR: hlua: take the global Lua lock inside a global function
+ - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
+ - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
+ - BUG/MINOR: base64: base64urldec() ignores padding in output size check
+ - MINOR: compiler: implement an ONLY_ONCE() macro
+ - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
+ - BUG/MINOR: time: fix idle time computation for long sleeps
+ - MINOR: time: add report_idle() to report process-wide idle time
+ - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
+ - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
+ - BUG/MINOR: tools: Fix loop condition in dump_text()
+ - CLEANUP: Add missing include guard to signal.h
+ - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
+ - DOC: configuration: remove wrong tcp-request examples in tcp-response
+ - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
+ - CLEANUP: htx: remove comments about "must be < 256 MB"
+ - BUG/MAJOR: htx: fix missing header name length check in
htx_add_header/trailer
+ - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if
chn may receive"
+
2021/08/17 : 2.4.3
- BUILD: http_htx: fix ci compilation error with isdigit for Windows
- MINOR: mux_h2: define config to disable h2 websocket support
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/VERDATE
new/haproxy-2.4.4+git0.acb1d0bea/VERDATE
--- old/haproxy-2.4.3+git0.4dd5a5a6c/VERDATE 2021-08-17 14:11:09.000000000
+0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/VERDATE 2021-09-07 16:17:15.000000000
+0200
@@ -1,2 +1,2 @@
$Format:%ci$
-2021/08/17
+2021/09/07
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/VERSION
new/haproxy-2.4.4+git0.acb1d0bea/VERSION
--- old/haproxy-2.4.3+git0.4dd5a5a6c/VERSION 2021-08-17 14:11:09.000000000
+0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/VERSION 2021-09-07 16:17:15.000000000
+0200
@@ -1 +1 @@
-2.4.3
+2.4.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/doc/configuration.txt
new/haproxy-2.4.4+git0.acb1d0bea/doc/configuration.txt
--- old/haproxy-2.4.3+git0.4dd5a5a6c/doc/configuration.txt 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/doc/configuration.txt 2021-09-07
16:17:15.000000000 +0200
@@ -4,7 +4,7 @@
----------------------
version 2.4
willy tarreau
- 2021/08/17
+ 2021/09/07
This document covers the configuration language as implemented in the version
@@ -12497,7 +12497,7 @@
the rules evaluation. Rejected session are immediately closed.
- set-var(<var-name>) <expr>
- Sets a variable.
+ Sets a variable from an expression.
- unset-var(<var-name>)
Unsets a variable.
@@ -12569,17 +12569,9 @@
<expr> Is a standard HAProxy expression formed by a sample-fetch
followed by some converters.
- Example:
-
- tcp-request content set-var(sess.my_var) src
-
The "unset-var" is used to unset a variable. See above for details about
<var-name>.
- Example:
-
- tcp-request content unset-var(sess.my_var)
-
The "send-spoe-group" is used to trigger sending of a group of SPOE
messages. To do so, the SPOE engine used to send messages must be defined, as
well as the SPOE group to send. Of course, the SPOE engine must refer to an
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/compiler.h
new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/compiler.h
--- old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/compiler.h 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/compiler.h 2021-09-07
16:17:15.000000000 +0200
@@ -128,6 +128,14 @@
*/
#define DISGUISE(v) ({ typeof(v) __v = (v); ALREADY_CHECKED(__v); __v; })
+/* Implements a static event counter where it's used. This is typically made to
+ * report some warnings only once, either during boot or at runtime. It only
+ * returns true on the very first call, and zero later. It's thread-safe and
+ * uses a single byte of memory per call place. It relies on the atomic xchg
+ * defined in atomic.h which is also part of the common API.
+ */
+#define ONLY_ONCE() ({ static char __cnt; !_HA_ATOMIC_XCHG(&__cnt, 1); })
+
/*
* Gcc >= 3 provides the ability for the program to give hints to the
* compiler about what branch of an if is most likely to be taken. This
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/htx.h
new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/htx.h
--- old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/htx.h 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/htx.h 2021-09-07
16:17:15.000000000 +0200
@@ -439,7 +439,6 @@
size = sizeof(*sl) + p1.len + p2.len + p3.len;
- /* FIXME: check size (< 256MB) */
blk = htx_add_blk(htx, type, size);
if (!blk)
return NULL;
@@ -467,7 +466,9 @@
{
struct htx_blk *blk;
- /* FIXME: check name.len (< 256B) and value.len (< 1MB) */
+ if (name.len > 255 || value.len > 1048575)
+ return NULL;
+
blk = htx_add_blk(htx, HTX_BLK_HDR, name.len + value.len);
if (!blk)
return NULL;
@@ -486,7 +487,9 @@
{
struct htx_blk *blk;
- /* FIXME: check name.len (< 256B) and value.len (< 1MB) */
+ if (name.len > 255 || value.len > 1048575)
+ return NULL;
+
blk = htx_add_blk(htx, HTX_BLK_TLR, name.len + value.len);
if (!blk)
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/signal.h
new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/signal.h
--- old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/signal.h 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/signal.h 2021-09-07
16:17:15.000000000 +0200
@@ -11,6 +11,9 @@
*
*/
+#ifndef _HAPROXY_SIGNAL_H
+#define _HAPROXY_SIGNAL_H
+
#include <signal.h>
#include <haproxy/api.h>
@@ -39,6 +42,8 @@
__signal_process_queue();
}
+#endif /* _HAPROXY_SIGNAL_H */
+
/*
* Local variables:
* c-indent-level: 8
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/time.h
new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/time.h
--- old/haproxy-2.4.3+git0.4dd5a5a6c/include/haproxy/time.h 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/include/haproxy/time.h 2021-09-07
16:17:15.000000000 +0200
@@ -577,10 +577,26 @@
if (samp_time < 500000)
return;
- ti->idle_pct = (100 * idle_time + samp_time / 2) / samp_time;
+ HA_ATOMIC_STORE(&ti->idle_pct, (100ULL * idle_time + samp_time / 2) /
samp_time);
idle_time = samp_time = 0;
}
+/* report the average CPU idle percentage over all running threads, between 0
and 100 */
+static inline uint report_idle()
+{
+ uint total = 0;
+ uint rthr = 0;
+ uint thr;
+
+ for (thr = 0; thr < MAX_THREADS; thr++) {
+ if (!(all_threads_mask & (1UL << thr)))
+ continue;
+ total += HA_ATOMIC_LOAD(&ha_thread_info[thr].idle_pct);
+ rthr++;
+ }
+ return rthr ? total / rthr : 0;
+}
+
/* Collect date and time information before calling poll(). This will be used
* to count the run time of the past loop and the sleep time of the next poll.
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.4.3+git0.4dd5a5a6c/include/import/eb64tree.h
new/haproxy-2.4.4+git0.acb1d0bea/include/import/eb64tree.h
--- old/haproxy-2.4.3+git0.4dd5a5a6c/include/import/eb64tree.h 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/include/import/eb64tree.h 2021-09-07
16:17:15.000000000 +0200
@@ -375,17 +375,21 @@
/* walk down */
root = &old->node.branches;
-#if BITS_PER_LONG >= 64
- side = (newkey >> old_node_bit) & EB_NODE_BRANCH_MASK;
-#else
- side = newkey;
- side >>= old_node_bit;
- if (old_node_bit >= 32) {
- side = newkey >> 32;
- side >>= old_node_bit & 0x1F;
+
+ if (sizeof(long) >= 8) {
+ side = newkey >> old_node_bit;
+ } else {
+ /* note: provides the best code on low-register count
archs
+ * such as i386.
+ */
+ side = newkey;
+ side >>= old_node_bit;
+ if (old_node_bit >= 32) {
+ side = newkey >> 32;
+ side >>= old_node_bit & 0x1F;
+ }
}
side &= EB_NODE_BRANCH_MASK;
-#endif
troot = root->b[side];
}
@@ -553,17 +557,21 @@
/* walk down */
root = &old->node.branches;
-#if BITS_PER_LONG >= 64
- side = (newkey >> old_node_bit) & EB_NODE_BRANCH_MASK;
-#else
- side = newkey;
- side >>= old_node_bit;
- if (old_node_bit >= 32) {
- side = newkey >> 32;
- side >>= old_node_bit & 0x1F;
+
+ if (sizeof(long) >= 8) {
+ side = newkey >> old_node_bit;
+ } else {
+ /* note: provides the best code on low-register count
archs
+ * such as i386.
+ */
+ side = newkey;
+ side >>= old_node_bit;
+ if (old_node_bit >= 32) {
+ side = newkey >> 32;
+ side >>= old_node_bit & 0x1F;
+ }
}
side &= EB_NODE_BRANCH_MASK;
-#endif
troot = root->b[side];
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.4.3+git0.4dd5a5a6c/reg-tests/connection/tcp_to_http_upgrade.vtc
new/haproxy-2.4.4+git0.acb1d0bea/reg-tests/connection/tcp_to_http_upgrade.vtc
---
old/haproxy-2.4.3+git0.4dd5a5a6c/reg-tests/connection/tcp_to_http_upgrade.vtc
2021-08-17 14:11:09.000000000 +0200
+++
new/haproxy-2.4.4+git0.acb1d0bea/reg-tests/connection/tcp_to_http_upgrade.vtc
2021-09-07 16:17:15.000000000 +0200
@@ -144,7 +144,8 @@
# TCP > H1 > H2 upgrade not allowed
client c_err2 -connect ${h1_err2h1_sock} {
send "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"
- expect_close
+ rxresp
+ expect resp.status == 400
} -run
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.4.3+git0.4dd5a5a6c/reg-tests/http-messaging/http_abortonclose.vtc
new/haproxy-2.4.4+git0.acb1d0bea/reg-tests/http-messaging/http_abortonclose.vtc
---
old/haproxy-2.4.3+git0.4dd5a5a6c/reg-tests/http-messaging/http_abortonclose.vtc
2021-08-17 14:11:09.000000000 +0200
+++
new/haproxy-2.4.4+git0.acb1d0bea/reg-tests/http-messaging/http_abortonclose.vtc
2021-09-07 16:17:15.000000000 +0200
@@ -84,7 +84,8 @@
# No server, wait all connection retries : SC--
client c1 -connect ${h1_fe1_sock} {
txreq -url /c1
- expect_close
+ rxresp
+ expect resp.status == 503
} -run
# Wait c1 log entry
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/base64.c
new/haproxy-2.4.4+git0.acb1d0bea/src/base64.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/base64.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/base64.c 2021-09-07
16:17:15.000000000 +0200
@@ -167,9 +167,12 @@
*/
/* xx000000 xx001111 xx111122 xx222222 */
- out[convlen] = ((t[0] << 2) + (t[1] >> 4));
- out[convlen+1] = ((t[1] << 4) + (t[2] >> 2));
- out[convlen+2] = ((t[2] << 6) + (t[3] >> 0));
+ if (convlen < olen)
+ out[convlen] = ((t[0] << 2) + (t[1] >> 4));
+ if (convlen+1 < olen)
+ out[convlen+1] = ((t[1] << 4) + (t[2] >> 2));
+ if (convlen+2 < olen)
+ out[convlen+2] = ((t[2] << 6) + (t[3] >> 0));
convlen += 3-pad;
@@ -191,9 +194,6 @@
signed char b;
int convlen = 0, i = 0, pad = 0, padlen = 0;
- if (olen < ((ilen / 4 * 3)))
- return -2;
-
switch (ilen % 4) {
case 0:
break;
@@ -207,6 +207,9 @@
return -1;
}
+ if (olen < (((ilen + pad) / 4 * 3) - pad))
+ return -2;
+
while (ilen + pad) {
if (ilen) {
/* if (*p < UB64CMIN || *p > B64CMAX) */
@@ -237,9 +240,12 @@
*/
/* xx000000 xx001111 xx111122 xx222222 */
- out[convlen] = ((t[0] << 2) + (t[1] >> 4));
- out[convlen + 1] = ((t[1] << 4) + (t[2] >> 2));
- out[convlen + 2] = ((t[2] << 6) + (t[3] >> 0));
+ if (convlen < olen)
+ out[convlen] = ((t[0] << 2) + (t[1] >> 4));
+ if (convlen+1 < olen)
+ out[convlen+1] = ((t[1] << 4) + (t[2] >> 2));
+ if (convlen+2 < olen)
+ out[convlen+2] = ((t[2] << 6) + (t[3] >> 0));
convlen += 3;
i = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/cfgparse.c
new/haproxy-2.4.4+git0.acb1d0bea/src/cfgparse.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/cfgparse.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/cfgparse.c 2021-09-07
16:17:15.000000000 +0200
@@ -2697,6 +2697,11 @@
}
next_pxid++;
+ if (curproxy->mode == PR_MODE_HTTP && global.tune.bufsize >=
(256 << 20) && ONLY_ONCE()) {
+ ha_alert("global.tune.bufsize must be below 256 MB when
HTTP is in use (current value = %d).\n",
+ global.tune.bufsize);
+ cfgerr++;
+ }
if (curproxy->disabled) {
/* ensure we don't keep listeners uselessly bound. We
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/h2.c
new/haproxy-2.4.4+git0.acb1d0bea/src/h2.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/h2.c 2021-08-17 14:11:09.000000000
+0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/h2.c 2021-09-07 16:17:15.000000000
+0200
@@ -279,6 +279,9 @@
/* 7540#8.1.2.3: :path must not be empty, and must be either
* '*' or an RFC3986 "path-absolute" starting with a "/" but
* not with "//".
+ * However, this "path-absolute" was a mistake which was
+ * later fixed in http2bis as "absolute-path" to match
+ * HTTP/1, thus also allowing "//".
*/
if (unlikely(!phdr[H2_PHDR_IDX_PATH].len))
goto fail;
@@ -286,9 +289,6 @@
if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*")))
goto fail;
}
- else if (phdr[H2_PHDR_IDX_PATH].len > 1 &&
- phdr[H2_PHDR_IDX_PATH].ptr[1] == '/')
- goto fail;
}
if (!(flags & HTX_SL_F_HAS_SCHM)) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/hlua.c
new/haproxy-2.4.4+git0.acb1d0bea/src/hlua.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/hlua.c 2021-08-17 14:11:09.000000000
+0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/hlua.c 2021-09-07 16:17:15.000000000
+0200
@@ -143,16 +143,29 @@
lua_State *hlua_init_state(int thread_id);
+/* This function takes the Lua global lock. Keep this function's visibility
+ * global so that it can appear in stack dumps and performance profiles!
+ */
+void lua_take_global_lock()
+{
+ HA_SPIN_LOCK(LUA_LOCK, &hlua_global_lock);
+}
+
+static inline void lua_drop_global_lock()
+{
+ HA_SPIN_UNLOCK(LUA_LOCK, &hlua_global_lock);
+}
+
#define SET_SAFE_LJMP_L(__L, __HLUA) \
({ \
int ret; \
if ((__HLUA)->state_id == 0) \
- HA_SPIN_LOCK(LUA_LOCK, &hlua_global_lock); \
+ lua_take_global_lock(); \
if (setjmp(safe_ljmp_env) != 0) { \
lua_atpanic(__L, hlua_panic_safe); \
ret = 0; \
if ((__HLUA)->state_id == 0) \
- HA_SPIN_UNLOCK(LUA_LOCK, &hlua_global_lock); \
+ lua_drop_global_lock(); \
} else { \
lua_atpanic(__L, hlua_panic_ljmp); \
ret = 1; \
@@ -167,7 +180,7 @@
do { \
lua_atpanic(__L, hlua_panic_safe); \
if ((__HLUA)->state_id == 0) \
- HA_SPIN_UNLOCK(LUA_LOCK, &hlua_global_lock); \
+ lua_drop_global_lock(); \
} while(0)
#define SET_SAFE_LJMP(__HLUA) \
@@ -1274,7 +1287,7 @@
* label "resume_execution".
*/
if (lua->state_id == 0)
- HA_SPIN_LOCK(LUA_LOCK, &hlua_global_lock);
+ lua_take_global_lock();
resume_execution:
@@ -1419,7 +1432,7 @@
/* This is the main exit point, remove the Lua lock. */
if (lua->state_id == 0)
- HA_SPIN_UNLOCK(LUA_LOCK, &hlua_global_lock);
+ lua_drop_global_lock();
return ret;
}
@@ -8972,8 +8985,7 @@
/* gL.Tua doesn't support '.' and '-' in the function names,
replace it
* by an underscore.
*/
- strncpy(trash.area, sf->kw, trash.size);
- trash.area[trash.size - 1] = '\0';
+ strlcpy2(trash.area, sf->kw, trash.size);
for (p = trash.area; *p; p++)
if (*p == '.' || *p == '-' || *p == '+')
*p = '_';
@@ -9011,8 +9023,7 @@
/* gL.Tua doesn't support '.' and '-' in the function names,
replace it
* by an underscore.
*/
- strncpy(trash.area, sc->kw, trash.size);
- trash.area[trash.size - 1] = '\0';
+ strlcpy2(trash.area, sc->kw, trash.size);
for (p = trash.area; *p; p++)
if (*p == '.' || *p == '-' || *p == '+')
*p = '_';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/http_conv.c
new/haproxy-2.4.4+git0.acb1d0bea/src/http_conv.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/http_conv.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/http_conv.c 2021-09-07
16:17:15.000000000 +0200
@@ -44,7 +44,7 @@
const char day[7][4] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri",
"Sat" };
const char mon[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
struct buffer *temp;
- struct tm *tm;
+ struct tm tm;
int sec_frac = 0;
time_t curr_date;
@@ -66,23 +66,21 @@
/* With high numbers, the date returned can be negative, the 55 bits
mask prevent this. */
curr_date = smp->data.u.sint & 0x007fffffffffffffLL;
- tm = gmtime(&curr_date);
- if (!tm)
- return 0;
+ get_gmtime(curr_date, &tm);
temp = get_trash_chunk();
if (args[1].type == ARGT_SINT && args[1].data.sint != TIME_UNIT_S) {
temp->data = snprintf(temp->area, temp->size - temp->data,
"%s, %02d %s %04d %02d:%02d:%02d.%d GMT",
- day[tm->tm_wday], tm->tm_mday,
mon[tm->tm_mon],
- 1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec,
sec_frac);
+ day[tm.tm_wday], tm.tm_mday, mon[tm.tm_mon],
+ 1900+tm.tm_year,
+ tm.tm_hour, tm.tm_min, tm.tm_sec, sec_frac);
} else {
temp->data = snprintf(temp->area, temp->size - temp->data,
"%s, %02d %s %04d %02d:%02d:%02d GMT",
- day[tm->tm_wday], tm->tm_mday,
mon[tm->tm_mon],
- 1900+tm->tm_year,
- tm->tm_hour, tm->tm_min, tm->tm_sec);
+ day[tm.tm_wday], tm.tm_mday, mon[tm.tm_mon],
+ 1900+tm.tm_year,
+ tm.tm_hour, tm.tm_min, tm.tm_sec);
}
smp->data.u.str = *temp;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/htx.c
new/haproxy-2.4.4+git0.acb1d0bea/src/htx.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/htx.c 2021-08-17 14:11:09.000000000
+0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/htx.c 2021-09-07 16:17:15.000000000
+0200
@@ -316,6 +316,7 @@
{
struct htx_blk *blk;
+ BUG_ON(blksz >= 256 << 20);
blk = htx_reserve_nxblk(htx, blksz);
if (!blk)
return NULL;
@@ -546,7 +547,6 @@
goto add_new_block;
append_data:
- /* FIXME: check v.len + data.len < 256MB */
/* Append data and update the block itself */
ptr = htx_get_blk_ptr(htx, tailblk);
memcpy(ptr+sz, data.ptr, len);
@@ -559,7 +559,6 @@
data = istadv(data, len);
add_new_block:
- /* FIXME: check data.len (< 256MB) */
blk = htx_add_blk(htx, HTX_BLK_DATA, data.len);
if (!blk)
return NULL;
@@ -915,7 +914,6 @@
return (struct htx_ret){.ret = sz, .blk = tailblk};
rsv_new_block:
- /* FIXME: check data.len (< 256MB) */
blk = htx_add_blk(htx, HTX_BLK_DATA, len);
if (!blk)
return (struct htx_ret){.ret = 0, .blk = NULL};
@@ -973,7 +971,6 @@
len = room;
append_data:
- /* FIXME: check v.len + data.len < 256MB */
/* Append data and update the block itself */
ptr = htx_get_blk_ptr(htx, tailblk);
memcpy(ptr + sz, data.ptr, len);
@@ -986,7 +983,6 @@
return len;
add_new_block:
- /* FIXME: check data.len (< 256MB) */
blk = htx_add_blk(htx, HTX_BLK_DATA, len);
if (!blk)
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/sample.c
new/haproxy-2.4.4+git0.acb1d0bea/src/sample.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/sample.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/sample.c 2021-09-07
16:17:15.000000000 +0200
@@ -2181,18 +2181,16 @@
struct buffer *temp;
/* With high numbers, the date returned can be negative, the 55 bits
mask prevent this. */
time_t curr_date = smp->data.u.sint & 0x007fffffffffffffLL;
- struct tm *tm;
+ struct tm tm;
/* add offset */
if (args[1].type == ARGT_SINT)
curr_date += args[1].data.sint;
- tm = localtime(&curr_date);
- if (!tm)
- return 0;
+ get_localtime(curr_date, &tm);
+
temp = get_trash_chunk();
- temp->data = strftime(temp->area, temp->size, args[0].data.str.area,
- tm);
+ temp->data = strftime(temp->area, temp->size, args[0].data.str.area,
&tm);
smp->data.u.str = *temp;
smp->data.type = SMP_T_STR;
return 1;
@@ -2218,18 +2216,16 @@
struct buffer *temp;
/* With high numbers, the date returned can be negative, the 55 bits
mask prevent this. */
time_t curr_date = smp->data.u.sint & 0x007fffffffffffffLL;
- struct tm *tm;
+ struct tm tm;
/* add offset */
if (args[1].type == ARGT_SINT)
curr_date += args[1].data.sint;
- tm = gmtime(&curr_date);
- if (!tm)
- return 0;
+ get_gmtime(curr_date, &tm);
+
temp = get_trash_chunk();
- temp->data = strftime(temp->area, temp->size, args[0].data.str.area,
- tm);
+ temp->data = strftime(temp->area, temp->size, args[0].data.str.area,
&tm);
smp->data.u.str = *temp;
smp->data.type = SMP_T_STR;
return 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/stats.c
new/haproxy-2.4.4+git0.acb1d0bea/src/stats.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/stats.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/stats.c 2021-09-07
16:17:15.000000000 +0200
@@ -3390,7 +3390,7 @@
actconn, pipes_used, pipes_used+pipes_free,
read_freq_ctr(&global.conn_per_sec),
bps >= 1000000000UL ? (bps / 1000000000.0) : bps >=
1000000UL ? (bps / 1000000.0) : (bps / 1000.0),
bps >= 1000000000UL ? 'G' : bps >= 1000000UL ? 'M' : 'k',
- total_run_queues(), total_allocated_tasks(), ti->idle_pct
+ total_run_queues(), total_allocated_tasks(), report_idle()
);
/* scope_txt = search query, appctx->ctx.stats.scope_len is always <=
STAT_SCOPE_TXT_MAXLEN */
@@ -4419,7 +4419,7 @@
#endif
info[INF_TASKS] = mkf_u32(0,
total_allocated_tasks());
info[INF_RUN_QUEUE] = mkf_u32(0,
total_run_queues());
- info[INF_IDLE_PCT] = mkf_u32(FN_AVG,
ti->idle_pct);
+ info[INF_IDLE_PCT] = mkf_u32(FN_AVG,
report_idle());
info[INF_NODE] =
mkf_str(FO_CONFIG|FN_OUTPUT|FS_SERVICE, global.node);
if (global.desc)
info[INF_DESCRIPTION] =
mkf_str(FO_CONFIG|FN_OUTPUT|FS_SERVICE, global.desc);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/stick_table.c
new/haproxy-2.4.4+git0.acb1d0bea/src/stick_table.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/stick_table.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/stick_table.c 2021-09-07
16:17:15.000000000 +0200
@@ -2265,9 +2265,13 @@
}
}
+ /* value may be either an integer or an expression */
rule->arg.gpt.expr = NULL;
rule->arg.gpt.value = strtol(args[*arg], &error, 10);
- if (*error != '\0') {
+ if (*error == '\0') {
+ /* valid integer, skip it */
+ (*arg)++;
+ } else {
rule->arg.gpt.expr = sample_parse_expr((char **)args, arg,
px->conf.args.file,
px->conf.args.line, err,
&px->conf.args, NULL);
if (!rule->arg.gpt.expr)
@@ -2290,7 +2294,6 @@
return ACT_RET_PRS_ERR;
}
}
- (*arg)++;
rule->action = ACT_CUSTOM;
rule->action_ptr = action_set_gpt0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/stream_interface.c
new/haproxy-2.4.4+git0.acb1d0bea/src/stream_interface.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/stream_interface.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/stream_interface.c 2021-09-07
16:17:15.000000000 +0200
@@ -838,7 +838,7 @@
else
si_rx_chan_rdy(si);
- if (!channel_may_recv(ic)) {
+ if (!channel_is_empty(ic)) {
/* stop reading, imposed by channel's policy or contents */
si_rx_room_blk(si);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/tools.c
new/haproxy-2.4.4+git0.acb1d0bea/src/tools.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/tools.c 2021-08-17
14:11:09.000000000 +0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/tools.c 2021-09-07
16:17:15.000000000 +0200
@@ -4510,9 +4510,9 @@
int dump_text(struct buffer *out, const char *buf, int bsize)
{
unsigned char c;
- int ptr = 0;
+ size_t ptr = 0;
- while (buf[ptr] && ptr < bsize) {
+ while (ptr < bsize && buf[ptr]) {
c = buf[ptr];
if (isprint((unsigned char)c) && isascii((unsigned char)c) && c
!= '\\' && c != ' ' && c != '=') {
if (out->data > out->size - 1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.4.3+git0.4dd5a5a6c/src/vars.c
new/haproxy-2.4.4+git0.acb1d0bea/src/vars.c
--- old/haproxy-2.4.3+git0.4dd5a5a6c/src/vars.c 2021-08-17 14:11:09.000000000
+0200
+++ new/haproxy-2.4.4+git0.acb1d0bea/src/vars.c 2021-09-07 16:17:15.000000000
+0200
@@ -736,11 +736,11 @@
const char *kw_name;
int flags, set_var = 0;
- if (!strncmp(var_name, "set-var", 7)) {
+ if (strncmp(var_name, "set-var", 7) == 0) {
var_name += 7;
set_var = 1;
}
- if (!strncmp(var_name, "unset-var", 9)) {
+ else if (strncmp(var_name, "unset-var", 9) == 0) {
var_name += 9;
set_var = 0;
}
