Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package haproxy for openSUSE:Factory checked
in at 2024-01-08 23:46:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haproxy (Old)
and /work/SRC/openSUSE:Factory/.haproxy.new.21961 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy"
Mon Jan 8 23:46:49 2024 rev:139 rq:1137606 version:2.9.1+git0.f72603ceb
Changes:
--------
--- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2023-12-19
23:17:13.316569409 +0100
+++ /work/SRC/openSUSE:Factory/.haproxy.new.21961/haproxy.changes
2024-01-08 23:46:53.365861577 +0100
@@ -1,0 +2,26 @@
+Fri Dec 15 15:15:07 UTC 2023 - vark...@suse.com
+
+- Update to version 2.9.1+git0.f72603ceb:
+ * [RELEASE] Released version 2.9.1
+ * DOC: config: also add arguments to the converters in the table
+ * DOC: config: add arguments to sample fetch methods in the table
+ * BUG/MEDIUM: mux-quic: report early error on stream
+ * BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
+ * CLEANUP: mux-h1: Fix a trace message about C-L header addition
+ * BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set
originally
+ * BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
+ * BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer
side
+ * BUG/MEDIUM: quic: QUIC CID removed from tree without locking
+ * MINOR: version: mention that it's stable now
+ * BUG/MINOR: ext-check: cannot use without preserve-env
+ * BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
+ * BUILD: ssl: update types in wolfssl cert selection callback
+ * BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
+ * BUG/MINOR: mworker/cli: fix set severity-output support
+ * DOC: configuration: typo req.ssl_hello_type
+ * BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
+ * BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
+ * MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
+ * BUG/MINOR: ssl: Double free of OCSP Certificate ID
+
+-------------------------------------------------------------------
Old:
----
haproxy-2.9.0+git0.fddb8c13b.tar.gz
New:
----
haproxy-2.9.1+git0.f72603ceb.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haproxy.spec ++++++
--- /var/tmp/diff_new_pack.mP72jj/_old 2024-01-08 23:46:54.041886157 +0100
+++ /var/tmp/diff_new_pack.mP72jj/_new 2024-01-08 23:46:54.041886157 +0100
@@ -51,7 +51,7 @@
%endif
Name: haproxy
-Version: 2.9.0+git0.fddb8c13b
+Version: 2.9.1+git0.f72603ceb
Release: 0
#
#
++++++ _service ++++++
--- /var/tmp/diff_new_pack.mP72jj/_old 2024-01-08 23:46:54.069887175 +0100
+++ /var/tmp/diff_new_pack.mP72jj/_new 2024-01-08 23:46:54.073887320 +0100
@@ -6,7 +6,6 @@
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
- <param name="revision">v2.9.0</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.mP72jj/_old 2024-01-08 23:46:54.089887902 +0100
+++ /var/tmp/diff_new_pack.mP72jj/_new 2024-01-08 23:46:54.093888047 +0100
@@ -1,7 +1,8 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://git.haproxy.org/git/haproxy-2.9.git</param>
- <param
name="changesrevision">fddb8c13b6811b3b34eba0ad58d1f5fd5a3c7f60</param>
+ <param
name="changesrevision">f72603ceb64ae944e9207f26d7dd99dba03e0d01</param>
</service>
</servicedata>
+(No newline at EOF)
++++++ haproxy-2.9.0+git0.fddb8c13b.tar.gz ->
haproxy-2.9.1+git0.f72603ceb.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/CHANGELOG
new/haproxy-2.9.1+git0.f72603ceb/CHANGELOG
--- old/haproxy-2.9.0+git0.fddb8c13b/CHANGELOG 2023-12-05 16:15:30.000000000
+0100
+++ new/haproxy-2.9.1+git0.f72603ceb/CHANGELOG 2023-12-15 14:35:36.000000000
+0100
@@ -1,6 +1,28 @@
ChangeLog :
===========
+2023/12/15 : 2.9.1
+ - BUG/MINOR: ssl: Double free of OCSP Certificate ID
+ - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
+ - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
+ - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
+ - DOC: configuration: typo req.ssl_hello_type
+ - BUG/MINOR: mworker/cli: fix set severity-output support
+ - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
+ - BUILD: ssl: update types in wolfssl cert selection callback
+ - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
+ - BUG/MINOR: ext-check: cannot use without preserve-env
+ - MINOR: version: mention that it's stable now
+ - BUG/MEDIUM: quic: QUIC CID removed from tree without locking
+ - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer
side
+ - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
+ - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set
originally
+ - CLEANUP: mux-h1: Fix a trace message about C-L header addition
+ - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is
empty
+ - BUG/MEDIUM: mux-quic: report early error on stream
+ - DOC: config: add arguments to sample fetch methods in the table
+ - DOC: config: also add arguments to the converters in the table
+
2023/12/05 : 2.9.0
- DOC: config: add missing colon to "bytes_out" sample fetch keyword (2)
- BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/INSTALL
new/haproxy-2.9.1+git0.f72603ceb/INSTALL
--- old/haproxy-2.9.0+git0.fddb8c13b/INSTALL 2023-12-05 16:15:30.000000000
+0100
+++ new/haproxy-2.9.1+git0.f72603ceb/INSTALL 2023-12-15 14:35:36.000000000
+0100
@@ -1,13 +1,12 @@
Installation instructions for HAProxy
=====================================
-This is a development version, so it is expected to break from time to time,
-to add and remove features without prior notification and it should not be used
-in production, unless you're an experienced user and are willing to follow
-weekly updates. If you are not used to build from sources or if you are not
-used to follow updates then it is recommended that instead you use the packages
-provided by your software vendor or Linux distribution. Most of them are taking
-this task seriously and are doing a good job at backporting important fixes.
+HAProxy 2.9 is a stable version, which means that it will get fixes for bugs as
+they are discovered till around Q1 2025 and should not receive new features.
+This version is mostly suited at experienced users who are willing to quickly
+follow updates. New users are encouraged to use long term supported versions
+such as the ones provided by their software vendor or Linux distribution, as
+such versions require far less common updates.
If for any reason you'd prefer to use a different version than the one packaged
for your system, you want to be certain to have all the fixes or to get some
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/VERDATE
new/haproxy-2.9.1+git0.f72603ceb/VERDATE
--- old/haproxy-2.9.0+git0.fddb8c13b/VERDATE 2023-12-05 16:15:30.000000000
+0100
+++ new/haproxy-2.9.1+git0.f72603ceb/VERDATE 2023-12-15 14:35:36.000000000
+0100
@@ -1,2 +1,2 @@
$Format:%ci$
-2023/12/05
+2023/12/15
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/VERSION
new/haproxy-2.9.1+git0.f72603ceb/VERSION
--- old/haproxy-2.9.0+git0.fddb8c13b/VERSION 2023-12-05 16:15:30.000000000
+0100
+++ new/haproxy-2.9.1+git0.f72603ceb/VERSION 2023-12-15 14:35:36.000000000
+0100
@@ -1 +1 @@
-2.9.0
+2.9.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/doc/configuration.txt
new/haproxy-2.9.1+git0.f72603ceb/doc/configuration.txt
--- old/haproxy-2.9.0+git0.fddb8c13b/doc/configuration.txt 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/doc/configuration.txt 2023-12-15
14:35:36.000000000 +0100
@@ -3,7 +3,7 @@
Configuration Manual
----------------------
version 2.9
- 2023/12/05
+ 2023/12/15
This document covers the configuration language as implemented in the version
@@ -12076,7 +12076,7 @@
stick-table type binary len 32 size 30k expire 30m
acl clienthello req.ssl_hello_type 1
- acl serverhello rep.ssl_hello_type 2
+ acl serverhello res.ssl_hello_type 2
# use tcp content accepts to detects ssl client and server hello.
tcp-request inspect-delay 5s
@@ -18239,135 +18239,135 @@
The following keywords are supported:
- keyword input type output type
-------------------------------+----------------+------------
-51d.single string string
-add integer integer
-add_item string string
-aes_gcm_dec binary binary
-and integer integer
-b64dec string binary
-base64 binary string
-be2dec binary string
-be2hex binary string
-bool integer boolean
-bytes binary binary
-capture-req string string
-capture-res string string
-concat string string
-cpl integer integer
-crc32 binary integer
-crc32c binary integer
-cut_crlf string string
-da-csv-conv string string
-debug any <same>
--- keyword -------------------+- input type ---+ output type --
-digest binary binary
-div integer integer
-djb2 binary integer
-even integer boolean
-field string string
-fix_is_valid binary boolean
-fix_tag_value binary binary
-hex binary string
-hex2i binary integer
-hmac binary binary
-host_only string string
-htonl integer integer
-http_date integer string
-iif boolean string
-in_table string boolean
-ipmask address address
-json string string
-json_query string any
-jwt_header_query string string
-jwt_payload_query string string
--- keyword -------------------+- input type ---+ output type --
-jwt_verify string integer
-language string string
-length string integer
-lower string string
-ltime integer string
-ltrim string string
-map string string
-map_<match> <match> string
-map_<match>_<output> <match> <output>
-mod integer integer
-mqtt_field_value binary binary
-mqtt_is_valid bianry boolean
-ms_ltime integer string
-ms_utime integer string
-mul integer integer
-nbsrv string integer
-neg integer integer
-not integer boolean
-odd integer boolean
-or integer integer
--- keyword -------------------+- input type ---+ output type --
-param string string
-port_only string integer
-protobuf binary binary
-regsub string string
-rfc7239_field string string
-rfc7239_is_valid string boolean
-rfc7239_n2nn string address / string
-rfc7239_n2np string integer / string
-rtrim string string
-sdbm binary integer
-secure_memcmp string boolean
-set-var any <same>
-sha1 binary binary
-sha2 binary binary
-srv_queue string integer
-strcmp string boolean
-sub integer integer
-table_bytes_in_rate string integer
-table_bytes_out_rate string integer
-table_conn_cnt string integer
--- keyword -------------------+- input type ---+ output type --
-table_conn_cur string integer
-table_conn_rate string integer
-table_expire string integer
-table_gpc string integer
-table_gpc0 string integer
-table_gpc0_rate string integer
-table_gpc1 string integer
-table_gpc1_rate string integer
-table_gpc_rate string integer
-table_gpt string integer
-table_gpt0 string integer
-table_http_err_cnt string integer
-table_http_err_rate string integer
-table_http_fail_cnt string integer
-table_http_fail_rate string integer
-table_http_req_cnt string integer
-table_http_req_rate string integer
-table_idle string integer
-table_kbytes_in string integer
--- keyword -------------------+- input type ---+ output type --
-table_kbytes_out string integer
-table_server_id string integer
-table_sess_cnt string integer
-table_sess_rate string integer
-table_trackers string integer
-ub64dec string string
-ub64enc string string
-ungrpc binary binary / integer
-unset-var any <same>
-upper string string
-url_dec string string
-url_enc string string
-us_ltime integer string
-us_utime integer string
-utime integer string
-word string string
-wt6 binary integer
-x509_v_err_str integer string
-xor integer integer
--- keyword -------------------+- input type ---+ output type --
-xxh3 binary integer
-xxh32 binary integer
-xxh64 binary integer
+ keyword input type output type
+------------------------------------------------+-------------+----------------
+51d.single(prop[,prop*]) string string
+add(value) integer integer
+add_item(delim,[var][,suff]]) string string
+aes_gcm_dec(bits,nonce,key,aead_tag) binary binary
+and(value) integer integer
+b64dec string binary
+base64 binary string
+be2dec(separator,chunk_size,[truncate]) binary string
+be2hex([separator],[chunk_size],[truncate]) binary string
+bool integer boolean
+bytes(offset[,length]) binary binary
+capture-req(id) string string
+capture-res(id) string string
+concat([start],[var],[end]) string string
+cpl integer integer
+crc32([avalanche]) binary integer
+crc32c([avalanche]) binary integer
+cut_crlf string string
+da-csv-conv(prop[,prop*]) string string
+debug([prefix][,destination]) any same
+-- keyword -------------------------------------+- input type + output type -
+digest(algorithm) binary binary
+div(value) integer integer
+djb2([avalanche]) binary integer
+even integer boolean
+field(index,delimiters[,count]) string string
+fix_is_valid binary boolean
+fix_tag_value(tag) binary binary
+hex binary string
+hex2i binary integer
+hmac(algorithm,key) binary binary
+host_only string string
+htonl integer integer
+http_date([offset],[unit]) integer string
+iif(true,false) boolean string
+in_table(table) string boolean
+ipmask(mask4,[mask6]) address address
+json([input-code]) string string
+json_query(json_path,[output_type]) string _outtype_
+jwt_header_query([json_path],[output_type]) string string
+jwt_payload_query([json_path],[output_type]) string string
+-- keyword -------------------------------------+- input type + output type -
+jwt_verify(alg,key) string integer
+language(value[,default]) string string
+length string integer
+lower string string
+ltime(format[,offset]) integer string
+ltrim(chars) string string
+map(map_name[,default_value]) string string
+map_match(map_name[,default_value]) _match_ string
+map_match_output(map_name[,default_value]) _match_ _output_
+mod(value) integer integer
+mqtt_field_value(pkt_type,fieldname_or_prop_ID) binary binary
+mqtt_is_valid binary boolean
+ms_ltime(format[,offset]) integer string
+ms_utime(format[,offset]) integer string
+mul(value) integer integer
+nbsrv string integer
+neg integer integer
+not integer boolean
+odd integer boolean
+or(value) integer integer
+-- keyword -------------------------------------+- input type + output type -
+param(name,[delim]) string string
+port_only string integer
+protobuf(field_number,[field_type]) binary binary
+regsub(regex,subst[,flags]) string string
+rfc7239_field(field) string string
+rfc7239_is_valid string boolean
+rfc7239_n2nn string address / str
+rfc7239_n2np string integer / str
+rtrim(chars) string string
+sdbm([avalanche]) binary integer
+secure_memcmp(var) string boolean
+set-var(var[,cond...]) any same
+sha1 binary binary
+sha2([bits]) binary binary
+srv_queue string integer
+strcmp(var) string boolean
+sub(value) integer integer
+table_bytes_in_rate(table) string integer
+table_bytes_out_rate(table) string integer
+table_conn_cnt(table) string integer
+-- keyword -------------------------------------+- input type + output type -
+table_conn_cur(table) string integer
+table_conn_rate(table) string integer
+table_expire(table[,default_value]) string integer
+table_gpc(idx,table) string integer
+table_gpc0(table) string integer
+table_gpc0_rate(table) string integer
+table_gpc1(table) string integer
+table_gpc1_rate(table) string integer
+table_gpc_rate(idx,table) string integer
+table_gpt(idx,table) string integer
+table_gpt0(table) string integer
+table_http_err_cnt(table) string integer
+table_http_err_rate(table) string integer
+table_http_fail_cnt(table) string integer
+table_http_fail_rate(table) string integer
+table_http_req_cnt(table) string integer
+table_http_req_rate(table) string integer
+table_idle(table[,default_value]) string integer
+table_kbytes_in(table) string integer
+-- keyword -------------------------------------+- input type + output type -
+table_kbytes_out(table) string integer
+table_server_id(table) string integer
+table_sess_cnt(table) string integer
+table_sess_rate(table) string integer
+table_trackers(table) string integer
+ub64dec string string
+ub64enc string string
+ungrpc(field_number,[field_type]) binary binary / int
+unset-var(var) any same
+upper string string
+url_dec([in_form]) string string
+url_enc([enc_type]) string string
+us_ltime(format[,offset]) integer string
+us_utime(format[,offset]) integer string
+utime(format[,offset]) integer string
+word(index,delimiters[,count]) string string
+wt6([avalanche]) binary integer
+x509_v_err_str integer string
+xor(value) integer integer
+-- keyword -------------------------------------+- input type + output type -
+xxh3([seed]) binary integer
+xxh32([seed]) binary integer
+xxh64([seed]) binary integer
The detailed list of converter keywords follows:
@@ -20045,60 +20045,60 @@
keyword output type
-------------------------------------------------+-------------
act_conn integer
-acl boolean
+acl([!]<name>[,...]) boolean
always_false boolean
always_true boolean
-avg_queue integer
-be_conn integer
-be_conn_free integer
-be_sess_rate integer
-bin bin
-bool bool
-connslots integer
+avg_queue([<backend>]) integer
+be_conn([<backend>]) integer
+be_conn_free([<backend>]) integer
+be_sess_rate([<backend>]) integer
+bin(<hex>) bin
+bool(<bool>) bool
+connslots([<backend>]) integer
cpu_calls integer
cpu_ns_avg integer
cpu_ns_tot integer
-date integer
+date([<offset>],[<unit>]) integer
date_us integer
-env string
-fe_conn integer
-fe_req_rate integer
-fe_sess_rate integer
+env(<name>) string
+fe_conn([<frontend>]) integer
+fe_req_rate([<frontend>]) integer
+fe_sess_rate([<frontend>]) integer
hostname string
-int signed
-ipv4 ipv4
-ipv6 ipv6
+int(<integer>) signed
+ipv4(<ipv4>) ipv4
+ipv6(<ipv6>) ipv6
last_rule_file string
last_rule_line integer
lat_ns_avg integer
lat_ns_tot integer
-meth method
-nbsrv integer
+meth(<method>) method
+nbsrv([<backend>]) integer
prio_class integer
prio_offset integer
pid integer
proc integer
-queue integer
+queue([<backend>]) integer
quic_enabled boolean
-rand integer
-srv_conn integer
-srv_conn_free integer
-srv_is_up boolean
-srv_queue integer
-srv_sess_rate integer
-srv_iweight integer
-srv_uweight integer
-srv_weight integer
+rand([<range>]) integer
+srv_conn([<backend>/]<server>) integer
+srv_conn_free([<backend>/]<server>) integer
+srv_is_up([<backend>/]<server>) boolean
+srv_queue([<backend>/]<server>) integer
+srv_sess_rate([<backend>/]<server>) integer
+srv_iweight([<backend>/]<server>) integer
+srv_uweight([<backend>/]<server>) integer
+srv_weight([<backend>/]<server>) integer
stopping boolean
-str string
-table_avl integer
-table_cnt integer
+str(<string>) string
+table_avl([<table>]) integer
+table_cnt([<table>]) integer
thread integer
txn.id32 integer
txn.conn_retries integer
txn.sess_term_state string
-uuid string
-var undefined
+uuid([<version>]) string
+var(<var-name>[,<default>]) undefined
-------------------------------------------------+-------------
Detailed list:
@@ -20611,7 +20611,7 @@
keyword output type
-------------------------------------------------+-------------
-accept_date integer
+accept_date([<unit>]) integer
bc.timer.connect integer
bc_dst ip
bc_dst_port integer
@@ -20622,8 +20622,8 @@
bc_src_port integer
be_id integer
be_name string
-bc_rtt integer
-bc_rttvar integer
+bc_rtt(<unit>) integer
+bc_rttvar(<unit>) integer
be_server_timeout integer
be_tunnel_timeout integer
cur_server_timeout integer
@@ -20645,12 +20645,12 @@
fc_lost integer
fc_pp_authority string
fc_pp_unique_id string
-fc_pp_tlv string
+fc_pp_tlv(<id>) string
fc_rcvd_proxy boolean
fc_reordering integer
fc_retrans integer
-fc_rtt integer
-fc_rttvar integer
+fc_rtt(<unit>) integer
+fc_rttvar(<unit>) integer
fc_sacked integer
fc_src ip
fc_src_is_local boolean
@@ -20661,150 +20661,150 @@
fe_name string
fe_client_timeout integer
res.timer.data integer
-sc_bytes_in_rate integer
-sc0_bytes_in_rate integer
-sc1_bytes_in_rate integer
-sc2_bytes_in_rate integer
-sc_bytes_out_rate integer
-sc0_bytes_out_rate integer
-sc1_bytes_out_rate integer
-sc2_bytes_out_rate integer
-sc_clr_gpc integer
-sc_clr_gpc0 integer
-sc0_clr_gpc0 integer
-sc1_clr_gpc0 integer
-sc2_clr_gpc0 integer
-sc_clr_gpc1 integer
-sc0_clr_gpc1 integer
-sc1_clr_gpc1 integer
-sc2_clr_gpc1 integer
-sc_conn_cnt integer
-sc0_conn_cnt integer
-sc1_conn_cnt integer
-sc2_conn_cnt integer
-sc_conn_cur integer
-sc0_conn_cur integer
-sc1_conn_cur integer
-sc2_conn_cur integer
-sc_conn_rate integer
-sc0_conn_rate integer
-sc1_conn_rate integer
-sc2_conn_rate integer
-sc_get_gpc integer
-sc_get_gpc0 integer
-sc0_get_gpc0 integer
-sc1_get_gpc0 integer
-sc2_get_gpc0 integer
-sc_get_gpc1 integer
-sc0_get_gpc1 integer
-sc1_get_gpc1 integer
-sc2_get_gpc1 integer
-sc_get_gpt integer
-sc_get_gpt0 integer
-sc0_get_gpt0 integer
-sc1_get_gpt0 integer
-sc2_get_gpt0 integer
-sc_gpc_rate integer
-sc_gpc0_rate integer
-sc0_gpc0_rate integer
-sc1_gpc0_rate integer
-sc2_gpc0_rate integer
-sc_gpc1_rate integer
-sc0_gpc1_rate integer
-sc1_gpc1_rate integer
-sc2_gpc1_rate integer
-sc_http_err_cnt integer
-sc0_http_err_cnt integer
-sc1_http_err_cnt integer
-sc2_http_err_cnt integer
-sc_http_err_rate integer
-sc0_http_err_rate integer
-sc1_http_err_rate integer
-sc2_http_err_rate integer
-sc_http_fail_cnt integer
-sc0_http_fail_cnt integer
-sc1_http_fail_cnt integer
-sc2_http_fail_cnt integer
-sc_http_fail_rate integer
-sc0_http_fail_rate integer
-sc1_http_fail_rate integer
-sc2_http_fail_rate integer
-sc_http_req_cnt integer
-sc0_http_req_cnt integer
-sc1_http_req_cnt integer
-sc2_http_req_cnt integer
-sc_http_req_rate integer
-sc0_http_req_rate integer
-sc1_http_req_rate integer
-sc2_http_req_rate integer
-sc_inc_gpc integer
-sc_inc_gpc0 integer
-sc0_inc_gpc0 integer
-sc1_inc_gpc0 integer
-sc2_inc_gpc0 integer
-sc_inc_gpc1 integer
-sc0_inc_gpc1 integer
-sc1_inc_gpc1 integer
-sc2_inc_gpc1 integer
-sc_kbytes_in integer
-sc0_kbytes_in integer
-sc1_kbytes_in integer
-sc2_kbytes_in integer
-sc_kbytes_out integer
-sc0_kbytes_out integer
-sc1_kbytes_out integer
-sc2_kbytes_out integer
-sc_sess_cnt integer
-sc0_sess_cnt integer
-sc1_sess_cnt integer
-sc2_sess_cnt integer
-sc_sess_rate integer
-sc0_sess_rate integer
-sc1_sess_rate integer
-sc2_sess_rate integer
-sc_tracked boolean
-sc0_tracked boolean
-sc1_tracked boolean
-sc2_tracked boolean
-sc_trackers integer
-sc0_trackers integer
-sc1_trackers integer
-sc2_trackers integer
+sc_bytes_in_rate(<ctr>[,<table>]) integer
+sc0_bytes_in_rate([<table>]) integer
+sc1_bytes_in_rate([<table>]) integer
+sc2_bytes_in_rate([<table>]) integer
+sc_bytes_out_rate(<ctr>[,<table>]) integer
+sc0_bytes_out_rate([<table>]) integer
+sc1_bytes_out_rate([<table>]) integer
+sc2_bytes_out_rate([<table>]) integer
+sc_clr_gpc(<idx>,<ctr>[,<table>]) integer
+sc_clr_gpc0(<ctr>[,<table>]) integer
+sc0_clr_gpc0([<table>]) integer
+sc1_clr_gpc0([<table>]) integer
+sc2_clr_gpc0([<table>]) integer
+sc_clr_gpc1(<ctr>[,<table>]) integer
+sc0_clr_gpc1([<table>]) integer
+sc1_clr_gpc1([<table>]) integer
+sc2_clr_gpc1([<table>]) integer
+sc_conn_cnt(<ctr>[,<table>]) integer
+sc0_conn_cnt([<table>]) integer
+sc1_conn_cnt([<table>]) integer
+sc2_conn_cnt([<table>]) integer
+sc_conn_cur(<ctr>[,<table>]) integer
+sc0_conn_cur([<table>]) integer
+sc1_conn_cur([<table>]) integer
+sc2_conn_cur([<table>]) integer
+sc_conn_rate(<ctr>[,<table>]) integer
+sc0_conn_rate([<table>]) integer
+sc1_conn_rate([<table>]) integer
+sc2_conn_rate([<table>]) integer
+sc_get_gpc(<idx>,<ctr>[,<table>]) integer
+sc_get_gpc0(<ctr>[,<table>]) integer
+sc0_get_gpc0([<table>]) integer
+sc1_get_gpc0([<table>]) integer
+sc2_get_gpc0([<table>]) integer
+sc_get_gpc1(<ctr>[,<table>]) integer
+sc0_get_gpc1([<table>]) integer
+sc1_get_gpc1([<table>]) integer
+sc2_get_gpc1([<table>]) integer
+sc_get_gpt(<idx>,<ctr>[,<table>]) integer
+sc_get_gpt0(<ctr>[,<table>]) integer
+sc0_get_gpt0([<table>]) integer
+sc1_get_gpt0([<table>]) integer
+sc2_get_gpt0([<table>]) integer
+sc_gpc_rate(<idx>,<ctr>[,<table>]) integer
+sc_gpc0_rate(<ctr>[,<table>]) integer
+sc0_gpc0_rate([<table>]) integer
+sc1_gpc0_rate([<table>]) integer
+sc2_gpc0_rate([<table>]) integer
+sc_gpc1_rate(<ctr>[,<table>]) integer
+sc0_gpc1_rate([<table>]) integer
+sc1_gpc1_rate([<table>]) integer
+sc2_gpc1_rate([<table>]) integer
+sc_http_err_cnt(<ctr>[,<table>]) integer
+sc0_http_err_cnt([<table>]) integer
+sc1_http_err_cnt([<table>]) integer
+sc2_http_err_cnt([<table>]) integer
+sc_http_err_rate(<ctr>[,<table>]) integer
+sc0_http_err_rate([<table>]) integer
+sc1_http_err_rate([<table>]) integer
+sc2_http_err_rate([<table>]) integer
+sc_http_fail_cnt(<ctr>[,<table>]) integer
+sc0_http_fail_cnt([<table>]) integer
+sc1_http_fail_cnt([<table>]) integer
+sc2_http_fail_cnt([<table>]) integer
+sc_http_fail_rate(<ctr>[,<table>]) integer
+sc0_http_fail_rate([<table>]) integer
+sc1_http_fail_rate([<table>]) integer
+sc2_http_fail_rate([<table>]) integer
+sc_http_req_cnt(<ctr>[,<table>]) integer
+sc0_http_req_cnt([<table>]) integer
+sc1_http_req_cnt([<table>]) integer
+sc2_http_req_cnt([<table>]) integer
+sc_http_req_rate(<ctr>[,<table>]) integer
+sc0_http_req_rate([<table>]) integer
+sc1_http_req_rate([<table>]) integer
+sc2_http_req_rate([<table>]) integer
+sc_inc_gpc(<idx>,<ctr>[,<table>]) integer
+sc_inc_gpc0(<ctr>[,<table>]) integer
+sc0_inc_gpc0([<table>]) integer
+sc1_inc_gpc0([<table>]) integer
+sc2_inc_gpc0([<table>]) integer
+sc_inc_gpc1(<ctr>[,<table>]) integer
+sc0_inc_gpc1([<table>]) integer
+sc1_inc_gpc1([<table>]) integer
+sc2_inc_gpc1([<table>]) integer
+sc_kbytes_in(<ctr>[,<table>]) integer
+sc0_kbytes_in([<table>]) integer
+sc1_kbytes_in([<table>]) integer
+sc2_kbytes_in([<table>]) integer
+sc_kbytes_out(<ctr>[,<table>]) integer
+sc0_kbytes_out([<table>]) integer
+sc1_kbytes_out([<table>]) integer
+sc2_kbytes_out([<table>]) integer
+sc_sess_cnt(<ctr>[,<table>]) integer
+sc0_sess_cnt([<table>]) integer
+sc1_sess_cnt([<table>]) integer
+sc2_sess_cnt([<table>]) integer
+sc_sess_rate(<ctr>[,<table>]) integer
+sc0_sess_rate([<table>]) integer
+sc1_sess_rate([<table>]) integer
+sc2_sess_rate([<table>]) integer
+sc_tracked(<ctr>[,<table>]) boolean
+sc0_tracked([<table>]) boolean
+sc1_tracked([<table>]) boolean
+sc2_tracked([<table>]) boolean
+sc_trackers(<ctr>[,<table>]) integer
+sc0_trackers([<table>]) integer
+sc1_trackers([<table>]) integer
+sc2_trackers([<table>]) integer
so_id integer
so_name string
src ip
-src_bytes_in_rate integer
-src_bytes_out_rate integer
-src_clr_gpc integer
-src_clr_gpc0 integer
-src_clr_gpc1 integer
-src_conn_cnt integer
-src_conn_cur integer
-src_conn_rate integer
-src_get_gpc integer
-src_get_gpc0 integer
-src_get_gpc1 integer
-src_get_gpt integer
-src_get_gpt0 integer
-src_gpc_rate integer
-src_gpc0_rate integer
-src_gpc1_rate integer
-src_http_err_cnt integer
-src_http_err_rate integer
-src_http_fail_cnt integer
-src_http_fail_rate integer
-src_http_req_cnt integer
-src_http_req_rate integer
-src_inc_gpc integer
-src_inc_gpc0 integer
-src_inc_gpc1 integer
+src_bytes_in_rate([<table>]) integer
+src_bytes_out_rate([<table>]) integer
+src_clr_gpc(<idx>,[<table>]) integer
+src_clr_gpc0([<table>]) integer
+src_clr_gpc1([<table>]) integer
+src_conn_cnt([<table>]) integer
+src_conn_cur([<table>]) integer
+src_conn_rate([<table>]) integer
+src_get_gpc(<idx>,[<table>]) integer
+src_get_gpc0([<table>]) integer
+src_get_gpc1([<table>]) integer
+src_get_gpt(<idx>[,<table>]) integer
+src_get_gpt0([<table>]) integer
+src_gpc_rate(<idx>[,<table>]) integer
+src_gpc0_rate([<table>]) integer
+src_gpc1_rate([<table>]) integer
+src_http_err_cnt([<table>]) integer
+src_http_err_rate([<table>]) integer
+src_http_fail_cnt([<table>]) integer
+src_http_fail_rate([<table>]) integer
+src_http_req_cnt([<table>]) integer
+src_http_req_rate([<table>]) integer
+src_inc_gpc(<idx>,[<table>]) integer
+src_inc_gpc0([<table>]) integer
+src_inc_gpc1([<table>]) integer
src_is_local boolean
-src_kbytes_in integer
-src_kbytes_out integer
+src_kbytes_in([<table>]) integer
+src_kbytes_out([<table>]) integer
src_port integer
-src_sess_cnt integer
-src_sess_rate integer
-src_updt_conn_cnt integer
+src_sess_cnt([<table>]) integer
+src_sess_rate([<table>]) integer
+src_updt_conn_cnt([<table>]) integer
srv_id integer
srv_name string
-------------------------------------------------+-------------
@@ -21811,7 +21811,7 @@
keyword output type
-------------------------------------------------+-------------
-51d.all string
+51d.all(<prop>[,<prop>*]) string
ssl_bc boolean
ssl_bc_alg_keysize integer
ssl_bc_alpn string
@@ -21833,12 +21833,12 @@
ssl_c_chain_der binary
ssl_c_der binary
ssl_c_err integer
-ssl_c_i_dn string
+ssl_c_i_dn([<entry>[,<occ>[,<format>]]]) string
ssl_c_key_alg string
ssl_c_notafter string
ssl_c_notbefore string
-ssl_c_r_dn string
-ssl_c_s_dn string
+ssl_c_r_dn([<entry>[,<occ>[,<format>]]]) string
+ssl_c_s_dn([<entry>[,<occ>[,<format>]]]) string
ssl_c_serial binary
ssl_c_sha1 binary
ssl_c_sig_alg string
@@ -21846,11 +21846,11 @@
ssl_c_verify integer
ssl_c_version integer
ssl_f_der binary
-ssl_f_i_dn string
+ssl_f_i_dn([<entry>[,<occ>[,<format>]]]) string
ssl_f_key_alg string
ssl_f_notafter string
ssl_f_notbefore string
-ssl_f_s_dn string
+ssl_f_s_dn([<entry>[,<occ>[,<format>]]]) string
ssl_f_serial binary
ssl_f_sha1 binary
ssl_f_sig_alg string
@@ -21859,14 +21859,14 @@
ssl_fc_alg_keysize integer
ssl_fc_alpn string
ssl_fc_cipher string
-ssl_fc_cipherlist_bin binary
-ssl_fc_cipherlist_hex string
-ssl_fc_cipherlist_str string
+ssl_fc_cipherlist_bin([<filter_option>]) binary
+ssl_fc_cipherlist_hex([<filter_option>]) string
+ssl_fc_cipherlist_str([<filter_option>]) string
ssl_fc_cipherlist_xxh integer
ssl_fc_curve string
ssl_fc_ecformats_bin binary
-ssl_fc_eclist_bin binary
-ssl_fc_extlist_bin binary
+ssl_fc_eclist_bin([<filter_option>]) binary
+ssl_fc_extlist_bin([<filter_option>]) binary
ssl_fc_client_random binary
ssl_fc_client_early_traffic_secret string
ssl_fc_client_handshake_traffic_secret string
@@ -21895,8 +21895,8 @@
ssl_s_key_alg string
ssl_s_notafter string
ssl_s_notbefore string
-ssl_s_i_dn string
-ssl_s_s_dn string
+ssl_s_i_dn([<entry>[,<occ>[,<format>]]]) string
+ssl_s_s_dn([<entry>[,<occ>[,<format>]]]) string
ssl_s_serial binary
ssl_s_sha1 binary
ssl_s_sig_alg string
@@ -22663,37 +22663,37 @@
keyword output type
----------------------------------------------------+-------------
-bs.id integer
-distcc_body binary
-distcc_param integer
-fs.id integer
-payload binary
-payload_lv binary
-req.len integer
-req_len integer
-req.payload binary
-req.payload_lv binary
-req.proto_http boolean
-req_proto_http boolean
-req.rdp_cookie string
-rdp_cookie string
-req.rdp_cookie_cnt integer
-rdp_cookie_cnt integer
-req.ssl_alpn string
-req.ssl_ec_ext boolean
-req.ssl_hello_type integer
-req_ssl_hello_type integer
-req.ssl_sni string
-req_ssl_sni string
-req.ssl_st_ext integer
-req.ssl_ver integer
-req_ssl_ver integer
-res.len integer
-res.payload binary
-res.payload_lv binary
-res.ssl_hello_type integer
-rep_ssl_hello_type integer
-wait_end boolean
+bs.id integer
+distcc_body(<token>[,<occ>]) binary
+distcc_param(<token>[,<occ>]) integer
+fs.id integer
+payload(<offset>,<length>) binary
+payload_lv(<offset1>,<length>[,<offset2>]) binary
+req.len integer
+req_len integer
+req.payload(<offset>,<length>) binary
+req.payload_lv(<offset1>,<length>[,<offset2>]) binary
+req.proto_http boolean
+req_proto_http boolean
+req.rdp_cookie([<name>]) string
+rdp_cookie([<name>]) string
+req.rdp_cookie_cnt([name]) integer
+rdp_cookie_cnt([name]) integer
+req.ssl_alpn string
+req.ssl_ec_ext boolean
+req.ssl_hello_type integer
+req_ssl_hello_type integer
+req.ssl_sni string
+req_ssl_sni string
+req.ssl_st_ext integer
+req.ssl_ver integer
+req_ssl_ver integer
+res.len integer
+res.payload(<offset>,<length>) binary
+res.payload_lv(<offset1>,<length>[,<offset2>]) binary
+res.ssl_hello_type integer
+rep_ssl_hello_type integer
+wait_end boolean
----------------------------------------------------+-------------
Detailed list:
@@ -23019,35 +23019,35 @@
baseq string
bytes_in integer
bytes_out integer
-capture.req.hdr string
+capture.req.hdr(<idx>) string
capture.req.method string
capture.req.uri string
capture.req.ver string
-capture.res.hdr string
+capture.res.hdr(<idx>) string
capture.res.ver string
req.body binary
-req.body_param string
+req.body_param([<name>[,i]]) string
req.body_len integer
req.body_size integer
-req.cook string
-cook string
-req.cook_cnt integer
-cook_cnt integer
-req.cook_val integer
-cook_val integer
-req.cook_names string
-cookie string
-hdr string
-request_date integer
-req.fhdr string
-req.fhdr_cnt integer
-req.hdr string
-req.hdr_cnt integer
-hdr_cnt integer
-req.hdr_ip ip
-hdr_ip ip
-req.hdr_val integer
-hdr_val integer
+req.cook([<name>]) string
+cook([<name>]) string
+req.cook_cnt([<name>]) integer
+cook_cnt([<name>]) integer
+req.cook_val([<name>]) integer
+cook_val([<name>]) integer
+req.cook_names([<delim>]) string
+cookie([<name>]) string
+hdr([<name>[,<occ>]]) string
+request_date([<unit>]) integer
+req.fhdr(<name>[,<occ>]) string
+req.fhdr_cnt([<name>]) integer
+req.hdr([<name>[,<occ>]]) string
+req.hdr_cnt([<name>]) integer
+hdr_cnt([<header>]) integer
+req.hdr_ip([<name>[,<occ>]]) ip
+hdr_ip([<name>[,<occ>]]) ip
+req.hdr_val([<name>[,<occ>]]) integer
+hdr_val([<name>[,<occ>]]) integer
req.hdrs string
req.hdrs_bin binary
req.timer.hdr integer
@@ -23055,9 +23055,9 @@
req.timer.queue integer
req.timer.tq integer
res.timer.hdr integer
-http_auth boolean
-http_auth_bearer string
-http_auth_group string
+http_auth(<userlist>) boolean
+http_auth_bearer([<header>]) string
+http_auth_group(<userlist>) string
http_auth_pass string
http_auth_type string
http_auth_user string
@@ -23066,7 +23066,7 @@
path string
pathq string
query string
-req.hdr_names string
+req.hdr_names([<delim>]) string
req.ver string
req_ver string
res.body binary
@@ -23076,30 +23076,30 @@
res.cache_name string
res.comp boolean
res.comp_algo string
-res.cook string
-scook string
-res.cook_cnt integer
-scook_cnt integer
-res.cook_val integer
-scook_val integer
-res.cook_names string
-res.fhdr string
-res.fhdr_cnt integer
-res.hdr string
-shdr string
-res.hdr_cnt integer
-shdr_cnt integer
-res.hdr_ip ip
-shdr_ip ip
-res.hdr_names string
-res.hdr_val integer
-shdr_val integer
+res.cook([<name>]) string
+scook([<name>]) string
+res.cook_cnt([<name>]) integer
+scook_cnt([<name>]) integer
+res.cook_val([<name>]) integer
+scook_val([<name>]) integer
+res.cook_names([<delim>]) string
+res.fhdr([<name>[,<occ>]]) string
+res.fhdr_cnt([<name>]) integer
+res.hdr([<name>[,<occ>]]) string
+shdr([<name>[,<occ>]]) string
+res.hdr_cnt([<name>]) integer
+shdr_cnt([<name>]) integer
+res.hdr_ip([<name>[,<occ>]]) ip
+shdr_ip([<name>[,<occ>]]) ip
+res.hdr_names([<delim>]) string
+res.hdr_val([<name>[,<occ>]]) integer
+shdr_val([<name>[,<occ>]]) integer
res.hdrs string
res.hdrs_bin binary
res.ver string
resp_ver string
server_status integer
-set-cookie string
+set-cookie([<name>]) string
status integer
txn.status integer
txn.timer.total integer
@@ -23107,9 +23107,9 @@
url string
url_ip ip
url_port integer
-urlp string
-url_param string
-urlp_val integer
+urlp([<name>[,<delim>[,i]]]) string
+url_param([<name>[,<delim>[,i]]]) string
+urlp_val([<name>[,<delim>[,i]]]) integer
url32 integer
url32+src binary
-------------------------------------------------+-------------
@@ -23893,12 +23893,12 @@
internal.htx.nbblks integer
internal.htx.size integer
internal.htx.used integer
-internal.htx_blk.size integer
-internal.htx_blk.type string
-internal.htx_blk.data binary
-internal.htx_blk.hdrname string
-internal.htx_blk.hdrval string
-internal.htx_blk.start_line string
+internal.htx_blk.size(<idx>) integer
+internal.htx_blk.type(<idx>) string
+internal.htx_blk.data(<idx>) binary
+internal.htx_blk.hdrname(<idx>) string
+internal.htx_blk.hdrval(<idx>) string
+internal.htx_blk.start_line(<idx>) string
internal.strm.is_htx boolean
-------------------------------------------------+-------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/cli-t.h
new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/cli-t.h
--- old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/cli-t.h 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/cli-t.h 2023-12-15
14:35:36.000000000 +0100
@@ -37,6 +37,8 @@
#define ACCESS_EXPERT 0x0020 /* access to dangerous commands reserved
to experts */
#define ACCESS_EXPERIMENTAL 0x0040
#define ACCESS_MCLI_DEBUG 0x0080 /* allow the master CLI to use any command
without the flag ACCESS_MASTER */
+#define ACCESS_MCLI_SEVERITY_NB 0x0100 /* 'set severity-output number' on
master CLI */
+#define ACCESS_MCLI_SEVERITY_STR 0x0200 /* 'set severity-output string' on
master CLI */
/* flags for appctx->st1 */
#define APPCTX_CLI_ST1_PROMPT (1 << 0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/stconn.h
new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/stconn.h
--- old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/stconn.h 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/stconn.h 2023-12-15
14:35:36.000000000 +0100
@@ -511,6 +511,16 @@
se->iobuf.flags &= ~IOBUF_FL_FF_BLOCKED;
if (mux->nego_fastfwd && mux->done_fastfwd) {
+ /* Declare SE as blocked if EOS or an error was
reported.
+ * This may happen if fast-forward was scheduled before
the I/O processing on <SC>.
+ * Wake <SC> up in this case.
+ */
+ if (se_fl_test(se,
SE_FL_EOS|SE_FL_ERROR|SE_FL_ERR_PENDING)) {
+ se->iobuf.flags |= IOBUF_FL_FF_BLOCKED;
+ tasklet_wakeup(se->sc->wait_event.tasklet);
+ goto end;
+ }
+
ret = mux->nego_fastfwd(se->sc, input, count,
may_splice);
if ((se->iobuf.flags & IOBUF_FL_FF_BLOCKED) &&
!(se->sc->wait_event.events & SUB_RETRY_SEND)) {
/* The SC must be subs for send to be notify
when some
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/version.h
new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/version.h
--- old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/version.h 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/version.h 2023-12-15
14:35:36.000000000 +0100
@@ -39,7 +39,7 @@
#ifdef CONFIG_PRODUCT_STATUS
#define PRODUCT_STATUS CONFIG_PRODUCT_STATUS
#else
-#define PRODUCT_STATUS "Status: development branch - not safe for use in
production."
+#define PRODUCT_STATUS "Status: stable branch - will stop receiving fixes
around Q1 2025."
#endif
#ifdef CONFIG_PRODUCT_URL_BUGS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/cfgparse-global.c
new/haproxy-2.9.1+git0.f72603ceb/src/cfgparse-global.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/cfgparse-global.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/cfgparse-global.c 2023-12-15
14:35:36.000000000 +0100
@@ -591,7 +591,7 @@
global.external_check = 1;
if (strcmp(args[1], "preserve-env") == 0) {
global.external_check = 2;
- } else {
+ } else if (*args[1]) {
ha_alert("parsing [%s:%d] : '%s' only supports
'preserve-env' as an argument, found '%s'.\n", file, linenum, args[0], args[1]);
err_code |= ERR_ALERT | ERR_FATAL;
goto out;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/cli.c
new/haproxy-2.9.1+git0.f72603ceb/src/cli.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/cli.c 2023-12-05 16:15:30.000000000
+0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/cli.c 2023-12-15 14:35:36.000000000
+0100
@@ -1759,6 +1759,10 @@
/* parse a "set severity-output" command. */
static int cli_parse_set_severity_output(char **args, char *payload, struct
appctx *appctx, void *private)
{
+ /* this will ask the applet to not output a \n after the command */
+ if (strcmp(args[3], "-") == 0)
+ appctx->st1 |= APPCTX_CLI_ST1_NOLF;
+
if (*args[2] && set_severity_output(&appctx->cli_severity_output,
args[2]))
return 0;
@@ -2453,7 +2457,6 @@
* >= 0 : number of words to escape
* = -1 : error
*/
-
int pcli_find_and_exec_kw(struct stream *s, char **args, int argl, char
**errmsg, int *next_pid)
{
if (argl < 1)
@@ -2533,6 +2536,21 @@
if ((argl > 1) && (strcmp(args[1], "on") == 0))
s->pcli_flags |= ACCESS_MCLI_DEBUG;
return argl;
+ } else if (strcmp(args[0], "set") == 0) {
+ if ((argl > 1) && (strcmp(args[1], "severity-output") == 0)) {
+ if ((argl > 2) &&strcmp(args[2], "none") == 0) {
+ s->pcli_flags &=
~(ACCESS_MCLI_SEVERITY_NB|ACCESS_MCLI_SEVERITY_STR);
+ } else if ((argl > 2) && strcmp(args[2], "string") ==
0) {
+ s->pcli_flags |= ACCESS_MCLI_SEVERITY_STR;
+ } else if ((argl > 2) && strcmp(args[2], "number") ==
0) {
+ s->pcli_flags |= ACCESS_MCLI_SEVERITY_NB;
+ } else {
+ memprintf(errmsg, "one of 'none', 'number',
'string' is a required argument\n");
+ return -1;
+ }
+ /* only skip argl if we have "set severity-output" not
only "set" */
+ return argl;
+ }
}
return 0;
@@ -2711,6 +2729,16 @@
ci_insert_line2(req, 0, "expert-mode on -",
strlen("expert-mode on -"));
ret += strlen("expert-mode on -") + 2;
}
+ if (s->pcli_flags & ACCESS_MCLI_SEVERITY_STR) {
+ const char *cmd = "set severity-output string -";
+ ci_insert_line2(req, 0, cmd, strlen(cmd));
+ ret += strlen(cmd) + 2;
+ }
+ if (s->pcli_flags & ACCESS_MCLI_SEVERITY_NB) {
+ const char *cmd = "set severity-output number -";
+ ci_insert_line2(req, 0, cmd, strlen(cmd));
+ ret += strlen(cmd) + 2;
+ }
if (pcli_has_level(s, ACCESS_LVL_ADMIN)) {
goto end;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/hlua.c
new/haproxy-2.9.1+git0.f72603ceb/src/hlua.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/hlua.c 2023-12-05 16:15:30.000000000
+0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/hlua.c 2023-12-15 14:35:36.000000000
+0100
@@ -12911,6 +12911,13 @@
goto end;
}
+ /* Reset the OCSP CID */
+ if (cert_ext->type == CERT_TYPE_PEM || cert_ext->type ==
CERT_TYPE_KEY ||
+ cert_ext->type == CERT_TYPE_ISSUER) {
+ OCSP_CERTID_free(new_ckchs->data->ocsp_cid);
+ new_ckchs->data->ocsp_cid = NULL;
+ }
+
/* apply the change on the duplicate */
if (cert_ext->load(filename, payload, data, &err) != 0) {
memprintf(&err, "%sCan't load the payload for '%s'",
err ? err : "", cert_ext->ext);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h1.c
new/haproxy-2.9.1+git0.f72603ceb/src/mux_h1.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h1.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/mux_h1.c 2023-12-15
14:35:36.000000000 +0100
@@ -2046,7 +2046,7 @@
if (sl->flags & HTX_SL_F_XFER_ENC)
h1m->flags |= H1_MF_XFER_ENC;
- if (sl->flags & HTX_SL_F_BODYLESS) {
+ if (sl->flags & HTX_SL_F_BODYLESS && !(h1m->flags & H1_MF_CLEN)) {
h1m->flags = (h1m->flags & ~H1_MF_CHNK) | H1_MF_CLEN;
h1s->flags |= H1S_F_HAVE_CLEN;
}
@@ -2392,7 +2392,7 @@
h1_adjust_case_outgoing_hdr(h1s, h1m, &n);
if (!h1_format_htx_hdr(n, v, &outbuf))
goto full;
- TRACE_STATE("add \"Content-Length: chunked\"",
H1_EV_TX_DATA|H1_EV_TX_HDRS, h1c->conn, h1s);
+ TRACE_STATE("add \"Content-Length: <LEN>\"",
H1_EV_TX_DATA|H1_EV_TX_HDRS, h1c->conn, h1s);
h1s->flags |= H1S_F_HAVE_CLEN;
}
@@ -4633,6 +4633,7 @@
}
total += sdo->iobuf.data;
+ count -= sdo->iobuf.data;
#if defined(USE_LINUX_SPLICE)
if (sdo->iobuf.pipe) {
/* Here, not data was xferred */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h2.c
new/haproxy-2.9.1+git0.f72603ceb/src/mux_h2.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h2.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/mux_h2.c 2023-12-15
14:35:36.000000000 +0100
@@ -5212,7 +5212,7 @@
b_sub(&h2c->dbuf, hole);
}
- if (b_full(&h2c->dbuf) && h2c->dfl) {
+ if (b_full(&h2c->dbuf) && h2c->dfl && (!htx || htx_is_empty(htx))) {
/* too large frames */
h2c_error(h2c, H2_ERR_INTERNAL_ERROR);
ret = -1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/mux_quic.c
new/haproxy-2.9.1+git0.f72603ceb/src/mux_quic.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/mux_quic.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/mux_quic.c 2023-12-15
14:35:36.000000000 +0100
@@ -690,6 +690,19 @@
se_fl_set(qcs->sd, SE_FL_EOI);
}
+ /* A QCS can be already locally closed before stream layer
+ * instantiation. This notably happens if STOP_SENDING was the first
+ * frame received for this instance. In this case, an error is
+ * immediately to the stream layer to prevent transmission.
+ *
+ * TODO it could be better to not instantiate at all the stream layer.
+ * However, extra care is required to ensure QCS instance is released.
+ */
+ if (unlikely(qcs_is_close_local(qcs) || (qcs->flags & QC_SF_TO_RESET)))
{
+ TRACE_STATE("report early error", QMUX_EV_STRM_RECV, qcc->conn,
qcs);
+ se_fl_set_error(qcs->sd);
+ }
+
return qcs->sd->sc;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/pattern.c
new/haproxy-2.9.1+git0.f72603ceb/src/pattern.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/pattern.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/pattern.c 2023-12-15
14:35:36.000000000 +0100
@@ -1602,17 +1602,25 @@
free(elt);
}
-/* This function removes all the patterns matching the pointer <refelt> from
+/* This function removes the pattern matching the pointer <refelt> from
* the reference and from each expr member of this reference. This function
* returns 1 if the entry was found and deleted, otherwise zero.
+ *
+ * <refelt> is user input: it is provided as an ID and should never be
+ * dereferenced without making sure that it is valid.
*/
int pat_ref_delete_by_id(struct pat_ref *ref, struct pat_ref_elt *refelt)
{
- int ret = !!refelt->node.node.leaf_p;
+ struct pat_ref_elt *elt, *safe;
- ebmb_delete(&refelt->node);
-
- return ret;
+ /* delete pattern from reference */
+ list_for_each_entry_safe(elt, safe, &ref->head, list) {
+ if (elt == refelt) {
+ pat_ref_delete_by_ptr(ref, elt);
+ return 1;
+ }
+ }
+ return 0;
}
/* This function removes all patterns matching <key> from the reference
@@ -1735,13 +1743,21 @@
/* This function modifies the sample of pat_ref_elt <refelt> in all expressions
* found under <ref> to become <value>, after checking that <refelt> really
* belongs to <ref>.
+ *
+ * <refelt> is user input: it is provided as an ID and should never be
+ * dereferenced without making sure that it is valid.
*/
int pat_ref_set_by_id(struct pat_ref *ref, struct pat_ref_elt *refelt, const
char *value, char **err)
{
- if (refelt->node.node.leaf_p) {
- if (!pat_ref_set_elt(ref, refelt, value, err))
- return 0;
- return 1;
+ struct pat_ref_elt *elt;
+
+ /* Look for pattern in the reference. */
+ list_for_each_entry(elt, &ref->head, list) {
+ if (elt == refelt) {
+ if (!pat_ref_set_elt(ref, elt, value, err))
+ return 0;
+ return 1;
+ }
}
memprintf(err, "key or pattern not found");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/haproxy-2.9.0+git0.fddb8c13b/src/quic_openssl_compat.c
new/haproxy-2.9.1+git0.f72603ceb/src/quic_openssl_compat.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/quic_openssl_compat.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/quic_openssl_compat.c 2023-12-15
14:35:36.000000000 +0100
@@ -347,7 +347,7 @@
nonce, rec->payload, rec->payload_len, ad,
adlen))
goto leave;
- ret = adlen + outlen;
+ ret = outlen;
leave:
TRACE_LEAVE(QUIC_EV_CONN_SSL_COMPAT, qc);
return ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/quic_rx.c
new/haproxy-2.9.1+git0.f72603ceb/src/quic_rx.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/quic_rx.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/quic_rx.c 2023-12-15
14:35:36.000000000 +0100
@@ -996,6 +996,7 @@
break;
case QUIC_FT_RETIRE_CONNECTION_ID:
{
+ struct quic_cid_tree *tree;
struct quic_connection_id *conn_id = NULL;
if (!qc_handle_retire_connection_id_frm(qc, &frm,
&pkt->dcid, &conn_id))
@@ -1004,7 +1005,10 @@
if (!conn_id)
break;
+ tree =
&quic_cid_trees[quic_cid_tree_idx(&conn_id->cid)];
+ HA_RWLOCK_WRLOCK(QC_CID_LOCK, &tree->lock);
ebmb_delete(&conn_id->node);
+ HA_RWLOCK_WRUNLOCK(QC_CID_LOCK, &tree->lock);
eb64_delete(&conn_id->seq_num);
pool_free(pool_head_quic_connection_id, conn_id);
TRACE_PROTO("CID retired", QUIC_EV_CONN_PSTRM, qc);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_ckch.c
new/haproxy-2.9.1+git0.f72603ceb/src/ssl_ckch.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_ckch.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/ssl_ckch.c 2023-12-15
14:35:36.000000000 +0100
@@ -2147,6 +2147,7 @@
struct ckch_store *old_ckchs, *new_ckchs = NULL;
struct ckch_inst *ckchi;
+ usermsgs_clr("CLI");
/* FIXME: Don't watch the other side !*/
if (unlikely(sc_opposite(sc)->flags & SC_FL_SHUT_DONE))
goto end;
@@ -2220,7 +2221,8 @@
ctx->state = CERT_ST_SUCCESS;
__fallthrough;
case CERT_ST_SUCCESS:
- if (applet_putstr(appctx, "\nSuccess!\n") == -1)
+ chunk_printf(&trash, "\n%sSuccess!\n",
usermsgs_str());
+ if (applet_putchk(appctx, &trash) == -1)
goto yield;
ctx->state = CERT_ST_FIN;
__fallthrough;
@@ -2233,7 +2235,7 @@
case CERT_ST_ERROR:
error:
- chunk_printf(&trash, "\n%sFailed!\n", ctx->err);
+ chunk_printf(&trash, "\n%s%sFailed!\n",
usermsgs_str(), ctx->err);
if (applet_putchk(appctx, &trash) == -1)
goto yield;
ctx->state = CERT_ST_FIN;
@@ -2241,10 +2243,12 @@
}
}
end:
+ usermsgs_clr(NULL);
/* success: call the release function and don't come back */
return 1;
yield:
+ usermsgs_clr(NULL);
return 0; /* should come back */
}
@@ -2420,6 +2424,13 @@
goto end;
}
+ /* Reset the OCSP CID */
+ if (cert_ext->type == CERT_TYPE_PEM || cert_ext->type == CERT_TYPE_KEY
||
+ cert_ext->type == CERT_TYPE_ISSUER) {
+ OCSP_CERTID_free(new_ckchs->data->ocsp_cid);
+ new_ckchs->data->ocsp_cid = NULL;
+ }
+
data = new_ckchs->data;
/* apply the change on the duplicate */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_sock.c
new/haproxy-2.9.1+git0.f72603ceb/src/ssl_sock.c
--- old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_sock.c 2023-12-05
16:15:30.000000000 +0100
+++ new/haproxy-2.9.1+git0.f72603ceb/src/ssl_sock.c 2023-12-15
14:35:36.000000000 +0100
@@ -1292,8 +1292,10 @@
}
out:
- if (ret && data->ocsp_cid)
+ if (ret && data->ocsp_cid) {
OCSP_CERTID_free(data->ocsp_cid);
+ data->ocsp_cid = NULL;
+ }
if (!ret && data->ocsp_response) {
ha_free(&data->ocsp_response->area);
@@ -2857,8 +2859,8 @@
has_rsa_sig = 0;
}
for (idx = 0; idx < hashSigAlgoSz; idx += 2) {
- enum wc_HashType hashAlgo;
- enum Key_Sum sigAlgo;
+ int hashAlgo;
+ int sigAlgo;
wolfSSL_get_sigalg_info(hashSigAlgo[idx+0],
hashSigAlgo[idx+1], &hashAlgo, &sigAlgo);
