Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2024-01-08 23:46:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.21961 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Mon Jan 8 23:46:49 2024 rev:139 rq:1137606 version:2.9.1+git0.f72603ceb Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2023-12-19 23:17:13.316569409 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new.21961/haproxy.changes 2024-01-08 23:46:53.365861577 +0100 @@ -1,0 +2,26 @@ +Fri Dec 15 15:15:07 UTC 2023 - vark...@suse.com + +- Update to version 2.9.1+git0.f72603ceb: + * [RELEASE] Released version 2.9.1 + * DOC: config: also add arguments to the converters in the table + * DOC: config: add arguments to sample fetch methods in the table + * BUG/MEDIUM: mux-quic: report early error on stream + * BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty + * CLEANUP: mux-h1: Fix a trace message about C-L header addition + * BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally + * BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding + * BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side + * BUG/MEDIUM: quic: QUIC CID removed from tree without locking + * MINOR: version: mention that it's stable now + * BUG/MINOR: ext-check: cannot use without preserve-env + * BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions + * BUILD: ssl: update types in wolfssl cert selection callback + * BUG/MEDIUM: quic: Possible buffer overflow when building TLS records + * BUG/MINOR: mworker/cli: fix set severity-output support + * DOC: configuration: typo req.ssl_hello_type + * BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA) + * BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate + * MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback + * BUG/MINOR: ssl: Double free of OCSP Certificate ID + +------------------------------------------------------------------- Old: ---- haproxy-2.9.0+git0.fddb8c13b.tar.gz New: ---- haproxy-2.9.1+git0.f72603ceb.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.mP72jj/_old 2024-01-08 23:46:54.041886157 +0100 +++ /var/tmp/diff_new_pack.mP72jj/_new 2024-01-08 23:46:54.041886157 +0100 @@ -51,7 +51,7 @@ %endif Name: haproxy -Version: 2.9.0+git0.fddb8c13b +Version: 2.9.1+git0.f72603ceb Release: 0 # # ++++++ _service ++++++ --- /var/tmp/diff_new_pack.mP72jj/_old 2024-01-08 23:46:54.069887175 +0100 +++ /var/tmp/diff_new_pack.mP72jj/_new 2024-01-08 23:46:54.073887320 +0100 @@ -6,7 +6,6 @@ <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v2.9.0</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.mP72jj/_old 2024-01-08 23:46:54.089887902 +0100 +++ /var/tmp/diff_new_pack.mP72jj/_new 2024-01-08 23:46:54.093888047 +0100 @@ -1,7 +1,8 @@ <servicedata> <service name="tar_scm"> <param name="url">https://git.haproxy.org/git/haproxy-2.9.git</param> - <param name="changesrevision">fddb8c13b6811b3b34eba0ad58d1f5fd5a3c7f60</param> + <param name="changesrevision">f72603ceb64ae944e9207f26d7dd99dba03e0d01</param> </service> </servicedata> +(No newline at EOF) ++++++ haproxy-2.9.0+git0.fddb8c13b.tar.gz -> haproxy-2.9.1+git0.f72603ceb.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/CHANGELOG new/haproxy-2.9.1+git0.f72603ceb/CHANGELOG --- old/haproxy-2.9.0+git0.fddb8c13b/CHANGELOG 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/CHANGELOG 2023-12-15 14:35:36.000000000 +0100 @@ -1,6 +1,28 @@ ChangeLog : =========== +2023/12/15 : 2.9.1 + - BUG/MINOR: ssl: Double free of OCSP Certificate ID + - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback + - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate + - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA) + - DOC: configuration: typo req.ssl_hello_type + - BUG/MINOR: mworker/cli: fix set severity-output support + - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records + - BUILD: ssl: update types in wolfssl cert selection callback + - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions + - BUG/MINOR: ext-check: cannot use without preserve-env + - MINOR: version: mention that it's stable now + - BUG/MEDIUM: quic: QUIC CID removed from tree without locking + - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side + - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding + - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally + - CLEANUP: mux-h1: Fix a trace message about C-L header addition + - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty + - BUG/MEDIUM: mux-quic: report early error on stream + - DOC: config: add arguments to sample fetch methods in the table + - DOC: config: also add arguments to the converters in the table + 2023/12/05 : 2.9.0 - DOC: config: add missing colon to "bytes_out" sample fetch keyword (2) - BUG/MINOR: cfgparse-listen: fix warning being reported as an alert diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/INSTALL new/haproxy-2.9.1+git0.f72603ceb/INSTALL --- old/haproxy-2.9.0+git0.fddb8c13b/INSTALL 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/INSTALL 2023-12-15 14:35:36.000000000 +0100 @@ -1,13 +1,12 @@ Installation instructions for HAProxy ===================================== -This is a development version, so it is expected to break from time to time, -to add and remove features without prior notification and it should not be used -in production, unless you're an experienced user and are willing to follow -weekly updates. If you are not used to build from sources or if you are not -used to follow updates then it is recommended that instead you use the packages -provided by your software vendor or Linux distribution. Most of them are taking -this task seriously and are doing a good job at backporting important fixes. +HAProxy 2.9 is a stable version, which means that it will get fixes for bugs as +they are discovered till around Q1 2025 and should not receive new features. +This version is mostly suited at experienced users who are willing to quickly +follow updates. New users are encouraged to use long term supported versions +such as the ones provided by their software vendor or Linux distribution, as +such versions require far less common updates. If for any reason you'd prefer to use a different version than the one packaged for your system, you want to be certain to have all the fixes or to get some diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/VERDATE new/haproxy-2.9.1+git0.f72603ceb/VERDATE --- old/haproxy-2.9.0+git0.fddb8c13b/VERDATE 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/VERDATE 2023-12-15 14:35:36.000000000 +0100 @@ -1,2 +1,2 @@ $Format:%ci$ -2023/12/05 +2023/12/15 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/VERSION new/haproxy-2.9.1+git0.f72603ceb/VERSION --- old/haproxy-2.9.0+git0.fddb8c13b/VERSION 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/VERSION 2023-12-15 14:35:36.000000000 +0100 @@ -1 +1 @@ -2.9.0 +2.9.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/doc/configuration.txt new/haproxy-2.9.1+git0.f72603ceb/doc/configuration.txt --- old/haproxy-2.9.0+git0.fddb8c13b/doc/configuration.txt 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/doc/configuration.txt 2023-12-15 14:35:36.000000000 +0100 @@ -3,7 +3,7 @@ Configuration Manual ---------------------- version 2.9 - 2023/12/05 + 2023/12/15 This document covers the configuration language as implemented in the version @@ -12076,7 +12076,7 @@ stick-table type binary len 32 size 30k expire 30m acl clienthello req.ssl_hello_type 1 - acl serverhello rep.ssl_hello_type 2 + acl serverhello res.ssl_hello_type 2 # use tcp content accepts to detects ssl client and server hello. tcp-request inspect-delay 5s @@ -18239,135 +18239,135 @@ The following keywords are supported: - keyword input type output type -------------------------------+----------------+------------ -51d.single string string -add integer integer -add_item string string -aes_gcm_dec binary binary -and integer integer -b64dec string binary -base64 binary string -be2dec binary string -be2hex binary string -bool integer boolean -bytes binary binary -capture-req string string -capture-res string string -concat string string -cpl integer integer -crc32 binary integer -crc32c binary integer -cut_crlf string string -da-csv-conv string string -debug any <same> --- keyword -------------------+- input type ---+ output type -- -digest binary binary -div integer integer -djb2 binary integer -even integer boolean -field string string -fix_is_valid binary boolean -fix_tag_value binary binary -hex binary string -hex2i binary integer -hmac binary binary -host_only string string -htonl integer integer -http_date integer string -iif boolean string -in_table string boolean -ipmask address address -json string string -json_query string any -jwt_header_query string string -jwt_payload_query string string --- keyword -------------------+- input type ---+ output type -- -jwt_verify string integer -language string string -length string integer -lower string string -ltime integer string -ltrim string string -map string string -map_<match> <match> string -map_<match>_<output> <match> <output> -mod integer integer -mqtt_field_value binary binary -mqtt_is_valid bianry boolean -ms_ltime integer string -ms_utime integer string -mul integer integer -nbsrv string integer -neg integer integer -not integer boolean -odd integer boolean -or integer integer --- keyword -------------------+- input type ---+ output type -- -param string string -port_only string integer -protobuf binary binary -regsub string string -rfc7239_field string string -rfc7239_is_valid string boolean -rfc7239_n2nn string address / string -rfc7239_n2np string integer / string -rtrim string string -sdbm binary integer -secure_memcmp string boolean -set-var any <same> -sha1 binary binary -sha2 binary binary -srv_queue string integer -strcmp string boolean -sub integer integer -table_bytes_in_rate string integer -table_bytes_out_rate string integer -table_conn_cnt string integer --- keyword -------------------+- input type ---+ output type -- -table_conn_cur string integer -table_conn_rate string integer -table_expire string integer -table_gpc string integer -table_gpc0 string integer -table_gpc0_rate string integer -table_gpc1 string integer -table_gpc1_rate string integer -table_gpc_rate string integer -table_gpt string integer -table_gpt0 string integer -table_http_err_cnt string integer -table_http_err_rate string integer -table_http_fail_cnt string integer -table_http_fail_rate string integer -table_http_req_cnt string integer -table_http_req_rate string integer -table_idle string integer -table_kbytes_in string integer --- keyword -------------------+- input type ---+ output type -- -table_kbytes_out string integer -table_server_id string integer -table_sess_cnt string integer -table_sess_rate string integer -table_trackers string integer -ub64dec string string -ub64enc string string -ungrpc binary binary / integer -unset-var any <same> -upper string string -url_dec string string -url_enc string string -us_ltime integer string -us_utime integer string -utime integer string -word string string -wt6 binary integer -x509_v_err_str integer string -xor integer integer --- keyword -------------------+- input type ---+ output type -- -xxh3 binary integer -xxh32 binary integer -xxh64 binary integer + keyword input type output type +------------------------------------------------+-------------+---------------- +51d.single(prop[,prop*]) string string +add(value) integer integer +add_item(delim,[var][,suff]]) string string +aes_gcm_dec(bits,nonce,key,aead_tag) binary binary +and(value) integer integer +b64dec string binary +base64 binary string +be2dec(separator,chunk_size,[truncate]) binary string +be2hex([separator],[chunk_size],[truncate]) binary string +bool integer boolean +bytes(offset[,length]) binary binary +capture-req(id) string string +capture-res(id) string string +concat([start],[var],[end]) string string +cpl integer integer +crc32([avalanche]) binary integer +crc32c([avalanche]) binary integer +cut_crlf string string +da-csv-conv(prop[,prop*]) string string +debug([prefix][,destination]) any same +-- keyword -------------------------------------+- input type + output type - +digest(algorithm) binary binary +div(value) integer integer +djb2([avalanche]) binary integer +even integer boolean +field(index,delimiters[,count]) string string +fix_is_valid binary boolean +fix_tag_value(tag) binary binary +hex binary string +hex2i binary integer +hmac(algorithm,key) binary binary +host_only string string +htonl integer integer +http_date([offset],[unit]) integer string +iif(true,false) boolean string +in_table(table) string boolean +ipmask(mask4,[mask6]) address address +json([input-code]) string string +json_query(json_path,[output_type]) string _outtype_ +jwt_header_query([json_path],[output_type]) string string +jwt_payload_query([json_path],[output_type]) string string +-- keyword -------------------------------------+- input type + output type - +jwt_verify(alg,key) string integer +language(value[,default]) string string +length string integer +lower string string +ltime(format[,offset]) integer string +ltrim(chars) string string +map(map_name[,default_value]) string string +map_match(map_name[,default_value]) _match_ string +map_match_output(map_name[,default_value]) _match_ _output_ +mod(value) integer integer +mqtt_field_value(pkt_type,fieldname_or_prop_ID) binary binary +mqtt_is_valid binary boolean +ms_ltime(format[,offset]) integer string +ms_utime(format[,offset]) integer string +mul(value) integer integer +nbsrv string integer +neg integer integer +not integer boolean +odd integer boolean +or(value) integer integer +-- keyword -------------------------------------+- input type + output type - +param(name,[delim]) string string +port_only string integer +protobuf(field_number,[field_type]) binary binary +regsub(regex,subst[,flags]) string string +rfc7239_field(field) string string +rfc7239_is_valid string boolean +rfc7239_n2nn string address / str +rfc7239_n2np string integer / str +rtrim(chars) string string +sdbm([avalanche]) binary integer +secure_memcmp(var) string boolean +set-var(var[,cond...]) any same +sha1 binary binary +sha2([bits]) binary binary +srv_queue string integer +strcmp(var) string boolean +sub(value) integer integer +table_bytes_in_rate(table) string integer +table_bytes_out_rate(table) string integer +table_conn_cnt(table) string integer +-- keyword -------------------------------------+- input type + output type - +table_conn_cur(table) string integer +table_conn_rate(table) string integer +table_expire(table[,default_value]) string integer +table_gpc(idx,table) string integer +table_gpc0(table) string integer +table_gpc0_rate(table) string integer +table_gpc1(table) string integer +table_gpc1_rate(table) string integer +table_gpc_rate(idx,table) string integer +table_gpt(idx,table) string integer +table_gpt0(table) string integer +table_http_err_cnt(table) string integer +table_http_err_rate(table) string integer +table_http_fail_cnt(table) string integer +table_http_fail_rate(table) string integer +table_http_req_cnt(table) string integer +table_http_req_rate(table) string integer +table_idle(table[,default_value]) string integer +table_kbytes_in(table) string integer +-- keyword -------------------------------------+- input type + output type - +table_kbytes_out(table) string integer +table_server_id(table) string integer +table_sess_cnt(table) string integer +table_sess_rate(table) string integer +table_trackers(table) string integer +ub64dec string string +ub64enc string string +ungrpc(field_number,[field_type]) binary binary / int +unset-var(var) any same +upper string string +url_dec([in_form]) string string +url_enc([enc_type]) string string +us_ltime(format[,offset]) integer string +us_utime(format[,offset]) integer string +utime(format[,offset]) integer string +word(index,delimiters[,count]) string string +wt6([avalanche]) binary integer +x509_v_err_str integer string +xor(value) integer integer +-- keyword -------------------------------------+- input type + output type - +xxh3([seed]) binary integer +xxh32([seed]) binary integer +xxh64([seed]) binary integer The detailed list of converter keywords follows: @@ -20045,60 +20045,60 @@ keyword output type -------------------------------------------------+------------- act_conn integer -acl boolean +acl([!]<name>[,...]) boolean always_false boolean always_true boolean -avg_queue integer -be_conn integer -be_conn_free integer -be_sess_rate integer -bin bin -bool bool -connslots integer +avg_queue([<backend>]) integer +be_conn([<backend>]) integer +be_conn_free([<backend>]) integer +be_sess_rate([<backend>]) integer +bin(<hex>) bin +bool(<bool>) bool +connslots([<backend>]) integer cpu_calls integer cpu_ns_avg integer cpu_ns_tot integer -date integer +date([<offset>],[<unit>]) integer date_us integer -env string -fe_conn integer -fe_req_rate integer -fe_sess_rate integer +env(<name>) string +fe_conn([<frontend>]) integer +fe_req_rate([<frontend>]) integer +fe_sess_rate([<frontend>]) integer hostname string -int signed -ipv4 ipv4 -ipv6 ipv6 +int(<integer>) signed +ipv4(<ipv4>) ipv4 +ipv6(<ipv6>) ipv6 last_rule_file string last_rule_line integer lat_ns_avg integer lat_ns_tot integer -meth method -nbsrv integer +meth(<method>) method +nbsrv([<backend>]) integer prio_class integer prio_offset integer pid integer proc integer -queue integer +queue([<backend>]) integer quic_enabled boolean -rand integer -srv_conn integer -srv_conn_free integer -srv_is_up boolean -srv_queue integer -srv_sess_rate integer -srv_iweight integer -srv_uweight integer -srv_weight integer +rand([<range>]) integer +srv_conn([<backend>/]<server>) integer +srv_conn_free([<backend>/]<server>) integer +srv_is_up([<backend>/]<server>) boolean +srv_queue([<backend>/]<server>) integer +srv_sess_rate([<backend>/]<server>) integer +srv_iweight([<backend>/]<server>) integer +srv_uweight([<backend>/]<server>) integer +srv_weight([<backend>/]<server>) integer stopping boolean -str string -table_avl integer -table_cnt integer +str(<string>) string +table_avl([<table>]) integer +table_cnt([<table>]) integer thread integer txn.id32 integer txn.conn_retries integer txn.sess_term_state string -uuid string -var undefined +uuid([<version>]) string +var(<var-name>[,<default>]) undefined -------------------------------------------------+------------- Detailed list: @@ -20611,7 +20611,7 @@ keyword output type -------------------------------------------------+------------- -accept_date integer +accept_date([<unit>]) integer bc.timer.connect integer bc_dst ip bc_dst_port integer @@ -20622,8 +20622,8 @@ bc_src_port integer be_id integer be_name string -bc_rtt integer -bc_rttvar integer +bc_rtt(<unit>) integer +bc_rttvar(<unit>) integer be_server_timeout integer be_tunnel_timeout integer cur_server_timeout integer @@ -20645,12 +20645,12 @@ fc_lost integer fc_pp_authority string fc_pp_unique_id string -fc_pp_tlv string +fc_pp_tlv(<id>) string fc_rcvd_proxy boolean fc_reordering integer fc_retrans integer -fc_rtt integer -fc_rttvar integer +fc_rtt(<unit>) integer +fc_rttvar(<unit>) integer fc_sacked integer fc_src ip fc_src_is_local boolean @@ -20661,150 +20661,150 @@ fe_name string fe_client_timeout integer res.timer.data integer -sc_bytes_in_rate integer -sc0_bytes_in_rate integer -sc1_bytes_in_rate integer -sc2_bytes_in_rate integer -sc_bytes_out_rate integer -sc0_bytes_out_rate integer -sc1_bytes_out_rate integer -sc2_bytes_out_rate integer -sc_clr_gpc integer -sc_clr_gpc0 integer -sc0_clr_gpc0 integer -sc1_clr_gpc0 integer -sc2_clr_gpc0 integer -sc_clr_gpc1 integer -sc0_clr_gpc1 integer -sc1_clr_gpc1 integer -sc2_clr_gpc1 integer -sc_conn_cnt integer -sc0_conn_cnt integer -sc1_conn_cnt integer -sc2_conn_cnt integer -sc_conn_cur integer -sc0_conn_cur integer -sc1_conn_cur integer -sc2_conn_cur integer -sc_conn_rate integer -sc0_conn_rate integer -sc1_conn_rate integer -sc2_conn_rate integer -sc_get_gpc integer -sc_get_gpc0 integer -sc0_get_gpc0 integer -sc1_get_gpc0 integer -sc2_get_gpc0 integer -sc_get_gpc1 integer -sc0_get_gpc1 integer -sc1_get_gpc1 integer -sc2_get_gpc1 integer -sc_get_gpt integer -sc_get_gpt0 integer -sc0_get_gpt0 integer -sc1_get_gpt0 integer -sc2_get_gpt0 integer -sc_gpc_rate integer -sc_gpc0_rate integer -sc0_gpc0_rate integer -sc1_gpc0_rate integer -sc2_gpc0_rate integer -sc_gpc1_rate integer -sc0_gpc1_rate integer -sc1_gpc1_rate integer -sc2_gpc1_rate integer -sc_http_err_cnt integer -sc0_http_err_cnt integer -sc1_http_err_cnt integer -sc2_http_err_cnt integer -sc_http_err_rate integer -sc0_http_err_rate integer -sc1_http_err_rate integer -sc2_http_err_rate integer -sc_http_fail_cnt integer -sc0_http_fail_cnt integer -sc1_http_fail_cnt integer -sc2_http_fail_cnt integer -sc_http_fail_rate integer -sc0_http_fail_rate integer -sc1_http_fail_rate integer -sc2_http_fail_rate integer -sc_http_req_cnt integer -sc0_http_req_cnt integer -sc1_http_req_cnt integer -sc2_http_req_cnt integer -sc_http_req_rate integer -sc0_http_req_rate integer -sc1_http_req_rate integer -sc2_http_req_rate integer -sc_inc_gpc integer -sc_inc_gpc0 integer -sc0_inc_gpc0 integer -sc1_inc_gpc0 integer -sc2_inc_gpc0 integer -sc_inc_gpc1 integer -sc0_inc_gpc1 integer -sc1_inc_gpc1 integer -sc2_inc_gpc1 integer -sc_kbytes_in integer -sc0_kbytes_in integer -sc1_kbytes_in integer -sc2_kbytes_in integer -sc_kbytes_out integer -sc0_kbytes_out integer -sc1_kbytes_out integer -sc2_kbytes_out integer -sc_sess_cnt integer -sc0_sess_cnt integer -sc1_sess_cnt integer -sc2_sess_cnt integer -sc_sess_rate integer -sc0_sess_rate integer -sc1_sess_rate integer -sc2_sess_rate integer -sc_tracked boolean -sc0_tracked boolean -sc1_tracked boolean -sc2_tracked boolean -sc_trackers integer -sc0_trackers integer -sc1_trackers integer -sc2_trackers integer +sc_bytes_in_rate(<ctr>[,<table>]) integer +sc0_bytes_in_rate([<table>]) integer +sc1_bytes_in_rate([<table>]) integer +sc2_bytes_in_rate([<table>]) integer +sc_bytes_out_rate(<ctr>[,<table>]) integer +sc0_bytes_out_rate([<table>]) integer +sc1_bytes_out_rate([<table>]) integer +sc2_bytes_out_rate([<table>]) integer +sc_clr_gpc(<idx>,<ctr>[,<table>]) integer +sc_clr_gpc0(<ctr>[,<table>]) integer +sc0_clr_gpc0([<table>]) integer +sc1_clr_gpc0([<table>]) integer +sc2_clr_gpc0([<table>]) integer +sc_clr_gpc1(<ctr>[,<table>]) integer +sc0_clr_gpc1([<table>]) integer +sc1_clr_gpc1([<table>]) integer +sc2_clr_gpc1([<table>]) integer +sc_conn_cnt(<ctr>[,<table>]) integer +sc0_conn_cnt([<table>]) integer +sc1_conn_cnt([<table>]) integer +sc2_conn_cnt([<table>]) integer +sc_conn_cur(<ctr>[,<table>]) integer +sc0_conn_cur([<table>]) integer +sc1_conn_cur([<table>]) integer +sc2_conn_cur([<table>]) integer +sc_conn_rate(<ctr>[,<table>]) integer +sc0_conn_rate([<table>]) integer +sc1_conn_rate([<table>]) integer +sc2_conn_rate([<table>]) integer +sc_get_gpc(<idx>,<ctr>[,<table>]) integer +sc_get_gpc0(<ctr>[,<table>]) integer +sc0_get_gpc0([<table>]) integer +sc1_get_gpc0([<table>]) integer +sc2_get_gpc0([<table>]) integer +sc_get_gpc1(<ctr>[,<table>]) integer +sc0_get_gpc1([<table>]) integer +sc1_get_gpc1([<table>]) integer +sc2_get_gpc1([<table>]) integer +sc_get_gpt(<idx>,<ctr>[,<table>]) integer +sc_get_gpt0(<ctr>[,<table>]) integer +sc0_get_gpt0([<table>]) integer +sc1_get_gpt0([<table>]) integer +sc2_get_gpt0([<table>]) integer +sc_gpc_rate(<idx>,<ctr>[,<table>]) integer +sc_gpc0_rate(<ctr>[,<table>]) integer +sc0_gpc0_rate([<table>]) integer +sc1_gpc0_rate([<table>]) integer +sc2_gpc0_rate([<table>]) integer +sc_gpc1_rate(<ctr>[,<table>]) integer +sc0_gpc1_rate([<table>]) integer +sc1_gpc1_rate([<table>]) integer +sc2_gpc1_rate([<table>]) integer +sc_http_err_cnt(<ctr>[,<table>]) integer +sc0_http_err_cnt([<table>]) integer +sc1_http_err_cnt([<table>]) integer +sc2_http_err_cnt([<table>]) integer +sc_http_err_rate(<ctr>[,<table>]) integer +sc0_http_err_rate([<table>]) integer +sc1_http_err_rate([<table>]) integer +sc2_http_err_rate([<table>]) integer +sc_http_fail_cnt(<ctr>[,<table>]) integer +sc0_http_fail_cnt([<table>]) integer +sc1_http_fail_cnt([<table>]) integer +sc2_http_fail_cnt([<table>]) integer +sc_http_fail_rate(<ctr>[,<table>]) integer +sc0_http_fail_rate([<table>]) integer +sc1_http_fail_rate([<table>]) integer +sc2_http_fail_rate([<table>]) integer +sc_http_req_cnt(<ctr>[,<table>]) integer +sc0_http_req_cnt([<table>]) integer +sc1_http_req_cnt([<table>]) integer +sc2_http_req_cnt([<table>]) integer +sc_http_req_rate(<ctr>[,<table>]) integer +sc0_http_req_rate([<table>]) integer +sc1_http_req_rate([<table>]) integer +sc2_http_req_rate([<table>]) integer +sc_inc_gpc(<idx>,<ctr>[,<table>]) integer +sc_inc_gpc0(<ctr>[,<table>]) integer +sc0_inc_gpc0([<table>]) integer +sc1_inc_gpc0([<table>]) integer +sc2_inc_gpc0([<table>]) integer +sc_inc_gpc1(<ctr>[,<table>]) integer +sc0_inc_gpc1([<table>]) integer +sc1_inc_gpc1([<table>]) integer +sc2_inc_gpc1([<table>]) integer +sc_kbytes_in(<ctr>[,<table>]) integer +sc0_kbytes_in([<table>]) integer +sc1_kbytes_in([<table>]) integer +sc2_kbytes_in([<table>]) integer +sc_kbytes_out(<ctr>[,<table>]) integer +sc0_kbytes_out([<table>]) integer +sc1_kbytes_out([<table>]) integer +sc2_kbytes_out([<table>]) integer +sc_sess_cnt(<ctr>[,<table>]) integer +sc0_sess_cnt([<table>]) integer +sc1_sess_cnt([<table>]) integer +sc2_sess_cnt([<table>]) integer +sc_sess_rate(<ctr>[,<table>]) integer +sc0_sess_rate([<table>]) integer +sc1_sess_rate([<table>]) integer +sc2_sess_rate([<table>]) integer +sc_tracked(<ctr>[,<table>]) boolean +sc0_tracked([<table>]) boolean +sc1_tracked([<table>]) boolean +sc2_tracked([<table>]) boolean +sc_trackers(<ctr>[,<table>]) integer +sc0_trackers([<table>]) integer +sc1_trackers([<table>]) integer +sc2_trackers([<table>]) integer so_id integer so_name string src ip -src_bytes_in_rate integer -src_bytes_out_rate integer -src_clr_gpc integer -src_clr_gpc0 integer -src_clr_gpc1 integer -src_conn_cnt integer -src_conn_cur integer -src_conn_rate integer -src_get_gpc integer -src_get_gpc0 integer -src_get_gpc1 integer -src_get_gpt integer -src_get_gpt0 integer -src_gpc_rate integer -src_gpc0_rate integer -src_gpc1_rate integer -src_http_err_cnt integer -src_http_err_rate integer -src_http_fail_cnt integer -src_http_fail_rate integer -src_http_req_cnt integer -src_http_req_rate integer -src_inc_gpc integer -src_inc_gpc0 integer -src_inc_gpc1 integer +src_bytes_in_rate([<table>]) integer +src_bytes_out_rate([<table>]) integer +src_clr_gpc(<idx>,[<table>]) integer +src_clr_gpc0([<table>]) integer +src_clr_gpc1([<table>]) integer +src_conn_cnt([<table>]) integer +src_conn_cur([<table>]) integer +src_conn_rate([<table>]) integer +src_get_gpc(<idx>,[<table>]) integer +src_get_gpc0([<table>]) integer +src_get_gpc1([<table>]) integer +src_get_gpt(<idx>[,<table>]) integer +src_get_gpt0([<table>]) integer +src_gpc_rate(<idx>[,<table>]) integer +src_gpc0_rate([<table>]) integer +src_gpc1_rate([<table>]) integer +src_http_err_cnt([<table>]) integer +src_http_err_rate([<table>]) integer +src_http_fail_cnt([<table>]) integer +src_http_fail_rate([<table>]) integer +src_http_req_cnt([<table>]) integer +src_http_req_rate([<table>]) integer +src_inc_gpc(<idx>,[<table>]) integer +src_inc_gpc0([<table>]) integer +src_inc_gpc1([<table>]) integer src_is_local boolean -src_kbytes_in integer -src_kbytes_out integer +src_kbytes_in([<table>]) integer +src_kbytes_out([<table>]) integer src_port integer -src_sess_cnt integer -src_sess_rate integer -src_updt_conn_cnt integer +src_sess_cnt([<table>]) integer +src_sess_rate([<table>]) integer +src_updt_conn_cnt([<table>]) integer srv_id integer srv_name string -------------------------------------------------+------------- @@ -21811,7 +21811,7 @@ keyword output type -------------------------------------------------+------------- -51d.all string +51d.all(<prop>[,<prop>*]) string ssl_bc boolean ssl_bc_alg_keysize integer ssl_bc_alpn string @@ -21833,12 +21833,12 @@ ssl_c_chain_der binary ssl_c_der binary ssl_c_err integer -ssl_c_i_dn string +ssl_c_i_dn([<entry>[,<occ>[,<format>]]]) string ssl_c_key_alg string ssl_c_notafter string ssl_c_notbefore string -ssl_c_r_dn string -ssl_c_s_dn string +ssl_c_r_dn([<entry>[,<occ>[,<format>]]]) string +ssl_c_s_dn([<entry>[,<occ>[,<format>]]]) string ssl_c_serial binary ssl_c_sha1 binary ssl_c_sig_alg string @@ -21846,11 +21846,11 @@ ssl_c_verify integer ssl_c_version integer ssl_f_der binary -ssl_f_i_dn string +ssl_f_i_dn([<entry>[,<occ>[,<format>]]]) string ssl_f_key_alg string ssl_f_notafter string ssl_f_notbefore string -ssl_f_s_dn string +ssl_f_s_dn([<entry>[,<occ>[,<format>]]]) string ssl_f_serial binary ssl_f_sha1 binary ssl_f_sig_alg string @@ -21859,14 +21859,14 @@ ssl_fc_alg_keysize integer ssl_fc_alpn string ssl_fc_cipher string -ssl_fc_cipherlist_bin binary -ssl_fc_cipherlist_hex string -ssl_fc_cipherlist_str string +ssl_fc_cipherlist_bin([<filter_option>]) binary +ssl_fc_cipherlist_hex([<filter_option>]) string +ssl_fc_cipherlist_str([<filter_option>]) string ssl_fc_cipherlist_xxh integer ssl_fc_curve string ssl_fc_ecformats_bin binary -ssl_fc_eclist_bin binary -ssl_fc_extlist_bin binary +ssl_fc_eclist_bin([<filter_option>]) binary +ssl_fc_extlist_bin([<filter_option>]) binary ssl_fc_client_random binary ssl_fc_client_early_traffic_secret string ssl_fc_client_handshake_traffic_secret string @@ -21895,8 +21895,8 @@ ssl_s_key_alg string ssl_s_notafter string ssl_s_notbefore string -ssl_s_i_dn string -ssl_s_s_dn string +ssl_s_i_dn([<entry>[,<occ>[,<format>]]]) string +ssl_s_s_dn([<entry>[,<occ>[,<format>]]]) string ssl_s_serial binary ssl_s_sha1 binary ssl_s_sig_alg string @@ -22663,37 +22663,37 @@ keyword output type ----------------------------------------------------+------------- -bs.id integer -distcc_body binary -distcc_param integer -fs.id integer -payload binary -payload_lv binary -req.len integer -req_len integer -req.payload binary -req.payload_lv binary -req.proto_http boolean -req_proto_http boolean -req.rdp_cookie string -rdp_cookie string -req.rdp_cookie_cnt integer -rdp_cookie_cnt integer -req.ssl_alpn string -req.ssl_ec_ext boolean -req.ssl_hello_type integer -req_ssl_hello_type integer -req.ssl_sni string -req_ssl_sni string -req.ssl_st_ext integer -req.ssl_ver integer -req_ssl_ver integer -res.len integer -res.payload binary -res.payload_lv binary -res.ssl_hello_type integer -rep_ssl_hello_type integer -wait_end boolean +bs.id integer +distcc_body(<token>[,<occ>]) binary +distcc_param(<token>[,<occ>]) integer +fs.id integer +payload(<offset>,<length>) binary +payload_lv(<offset1>,<length>[,<offset2>]) binary +req.len integer +req_len integer +req.payload(<offset>,<length>) binary +req.payload_lv(<offset1>,<length>[,<offset2>]) binary +req.proto_http boolean +req_proto_http boolean +req.rdp_cookie([<name>]) string +rdp_cookie([<name>]) string +req.rdp_cookie_cnt([name]) integer +rdp_cookie_cnt([name]) integer +req.ssl_alpn string +req.ssl_ec_ext boolean +req.ssl_hello_type integer +req_ssl_hello_type integer +req.ssl_sni string +req_ssl_sni string +req.ssl_st_ext integer +req.ssl_ver integer +req_ssl_ver integer +res.len integer +res.payload(<offset>,<length>) binary +res.payload_lv(<offset1>,<length>[,<offset2>]) binary +res.ssl_hello_type integer +rep_ssl_hello_type integer +wait_end boolean ----------------------------------------------------+------------- Detailed list: @@ -23019,35 +23019,35 @@ baseq string bytes_in integer bytes_out integer -capture.req.hdr string +capture.req.hdr(<idx>) string capture.req.method string capture.req.uri string capture.req.ver string -capture.res.hdr string +capture.res.hdr(<idx>) string capture.res.ver string req.body binary -req.body_param string +req.body_param([<name>[,i]]) string req.body_len integer req.body_size integer -req.cook string -cook string -req.cook_cnt integer -cook_cnt integer -req.cook_val integer -cook_val integer -req.cook_names string -cookie string -hdr string -request_date integer -req.fhdr string -req.fhdr_cnt integer -req.hdr string -req.hdr_cnt integer -hdr_cnt integer -req.hdr_ip ip -hdr_ip ip -req.hdr_val integer -hdr_val integer +req.cook([<name>]) string +cook([<name>]) string +req.cook_cnt([<name>]) integer +cook_cnt([<name>]) integer +req.cook_val([<name>]) integer +cook_val([<name>]) integer +req.cook_names([<delim>]) string +cookie([<name>]) string +hdr([<name>[,<occ>]]) string +request_date([<unit>]) integer +req.fhdr(<name>[,<occ>]) string +req.fhdr_cnt([<name>]) integer +req.hdr([<name>[,<occ>]]) string +req.hdr_cnt([<name>]) integer +hdr_cnt([<header>]) integer +req.hdr_ip([<name>[,<occ>]]) ip +hdr_ip([<name>[,<occ>]]) ip +req.hdr_val([<name>[,<occ>]]) integer +hdr_val([<name>[,<occ>]]) integer req.hdrs string req.hdrs_bin binary req.timer.hdr integer @@ -23055,9 +23055,9 @@ req.timer.queue integer req.timer.tq integer res.timer.hdr integer -http_auth boolean -http_auth_bearer string -http_auth_group string +http_auth(<userlist>) boolean +http_auth_bearer([<header>]) string +http_auth_group(<userlist>) string http_auth_pass string http_auth_type string http_auth_user string @@ -23066,7 +23066,7 @@ path string pathq string query string -req.hdr_names string +req.hdr_names([<delim>]) string req.ver string req_ver string res.body binary @@ -23076,30 +23076,30 @@ res.cache_name string res.comp boolean res.comp_algo string -res.cook string -scook string -res.cook_cnt integer -scook_cnt integer -res.cook_val integer -scook_val integer -res.cook_names string -res.fhdr string -res.fhdr_cnt integer -res.hdr string -shdr string -res.hdr_cnt integer -shdr_cnt integer -res.hdr_ip ip -shdr_ip ip -res.hdr_names string -res.hdr_val integer -shdr_val integer +res.cook([<name>]) string +scook([<name>]) string +res.cook_cnt([<name>]) integer +scook_cnt([<name>]) integer +res.cook_val([<name>]) integer +scook_val([<name>]) integer +res.cook_names([<delim>]) string +res.fhdr([<name>[,<occ>]]) string +res.fhdr_cnt([<name>]) integer +res.hdr([<name>[,<occ>]]) string +shdr([<name>[,<occ>]]) string +res.hdr_cnt([<name>]) integer +shdr_cnt([<name>]) integer +res.hdr_ip([<name>[,<occ>]]) ip +shdr_ip([<name>[,<occ>]]) ip +res.hdr_names([<delim>]) string +res.hdr_val([<name>[,<occ>]]) integer +shdr_val([<name>[,<occ>]]) integer res.hdrs string res.hdrs_bin binary res.ver string resp_ver string server_status integer -set-cookie string +set-cookie([<name>]) string status integer txn.status integer txn.timer.total integer @@ -23107,9 +23107,9 @@ url string url_ip ip url_port integer -urlp string -url_param string -urlp_val integer +urlp([<name>[,<delim>[,i]]]) string +url_param([<name>[,<delim>[,i]]]) string +urlp_val([<name>[,<delim>[,i]]]) integer url32 integer url32+src binary -------------------------------------------------+------------- @@ -23893,12 +23893,12 @@ internal.htx.nbblks integer internal.htx.size integer internal.htx.used integer -internal.htx_blk.size integer -internal.htx_blk.type string -internal.htx_blk.data binary -internal.htx_blk.hdrname string -internal.htx_blk.hdrval string -internal.htx_blk.start_line string +internal.htx_blk.size(<idx>) integer +internal.htx_blk.type(<idx>) string +internal.htx_blk.data(<idx>) binary +internal.htx_blk.hdrname(<idx>) string +internal.htx_blk.hdrval(<idx>) string +internal.htx_blk.start_line(<idx>) string internal.strm.is_htx boolean -------------------------------------------------+------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/cli-t.h new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/cli-t.h --- old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/cli-t.h 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/cli-t.h 2023-12-15 14:35:36.000000000 +0100 @@ -37,6 +37,8 @@ #define ACCESS_EXPERT 0x0020 /* access to dangerous commands reserved to experts */ #define ACCESS_EXPERIMENTAL 0x0040 #define ACCESS_MCLI_DEBUG 0x0080 /* allow the master CLI to use any command without the flag ACCESS_MASTER */ +#define ACCESS_MCLI_SEVERITY_NB 0x0100 /* 'set severity-output number' on master CLI */ +#define ACCESS_MCLI_SEVERITY_STR 0x0200 /* 'set severity-output string' on master CLI */ /* flags for appctx->st1 */ #define APPCTX_CLI_ST1_PROMPT (1 << 0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/stconn.h new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/stconn.h --- old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/stconn.h 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/stconn.h 2023-12-15 14:35:36.000000000 +0100 @@ -511,6 +511,16 @@ se->iobuf.flags &= ~IOBUF_FL_FF_BLOCKED; if (mux->nego_fastfwd && mux->done_fastfwd) { + /* Declare SE as blocked if EOS or an error was reported. + * This may happen if fast-forward was scheduled before the I/O processing on <SC>. + * Wake <SC> up in this case. + */ + if (se_fl_test(se, SE_FL_EOS|SE_FL_ERROR|SE_FL_ERR_PENDING)) { + se->iobuf.flags |= IOBUF_FL_FF_BLOCKED; + tasklet_wakeup(se->sc->wait_event.tasklet); + goto end; + } + ret = mux->nego_fastfwd(se->sc, input, count, may_splice); if ((se->iobuf.flags & IOBUF_FL_FF_BLOCKED) && !(se->sc->wait_event.events & SUB_RETRY_SEND)) { /* The SC must be subs for send to be notify when some diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/version.h new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/version.h --- old/haproxy-2.9.0+git0.fddb8c13b/include/haproxy/version.h 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/include/haproxy/version.h 2023-12-15 14:35:36.000000000 +0100 @@ -39,7 +39,7 @@ #ifdef CONFIG_PRODUCT_STATUS #define PRODUCT_STATUS CONFIG_PRODUCT_STATUS #else -#define PRODUCT_STATUS "Status: development branch - not safe for use in production." +#define PRODUCT_STATUS "Status: stable branch - will stop receiving fixes around Q1 2025." #endif #ifdef CONFIG_PRODUCT_URL_BUGS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/cfgparse-global.c new/haproxy-2.9.1+git0.f72603ceb/src/cfgparse-global.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/cfgparse-global.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/cfgparse-global.c 2023-12-15 14:35:36.000000000 +0100 @@ -591,7 +591,7 @@ global.external_check = 1; if (strcmp(args[1], "preserve-env") == 0) { global.external_check = 2; - } else { + } else if (*args[1]) { ha_alert("parsing [%s:%d] : '%s' only supports 'preserve-env' as an argument, found '%s'.\n", file, linenum, args[0], args[1]); err_code |= ERR_ALERT | ERR_FATAL; goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/cli.c new/haproxy-2.9.1+git0.f72603ceb/src/cli.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/cli.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/cli.c 2023-12-15 14:35:36.000000000 +0100 @@ -1759,6 +1759,10 @@ /* parse a "set severity-output" command. */ static int cli_parse_set_severity_output(char **args, char *payload, struct appctx *appctx, void *private) { + /* this will ask the applet to not output a \n after the command */ + if (strcmp(args[3], "-") == 0) + appctx->st1 |= APPCTX_CLI_ST1_NOLF; + if (*args[2] && set_severity_output(&appctx->cli_severity_output, args[2])) return 0; @@ -2453,7 +2457,6 @@ * >= 0 : number of words to escape * = -1 : error */ - int pcli_find_and_exec_kw(struct stream *s, char **args, int argl, char **errmsg, int *next_pid) { if (argl < 1) @@ -2533,6 +2536,21 @@ if ((argl > 1) && (strcmp(args[1], "on") == 0)) s->pcli_flags |= ACCESS_MCLI_DEBUG; return argl; + } else if (strcmp(args[0], "set") == 0) { + if ((argl > 1) && (strcmp(args[1], "severity-output") == 0)) { + if ((argl > 2) &&strcmp(args[2], "none") == 0) { + s->pcli_flags &= ~(ACCESS_MCLI_SEVERITY_NB|ACCESS_MCLI_SEVERITY_STR); + } else if ((argl > 2) && strcmp(args[2], "string") == 0) { + s->pcli_flags |= ACCESS_MCLI_SEVERITY_STR; + } else if ((argl > 2) && strcmp(args[2], "number") == 0) { + s->pcli_flags |= ACCESS_MCLI_SEVERITY_NB; + } else { + memprintf(errmsg, "one of 'none', 'number', 'string' is a required argument\n"); + return -1; + } + /* only skip argl if we have "set severity-output" not only "set" */ + return argl; + } } return 0; @@ -2711,6 +2729,16 @@ ci_insert_line2(req, 0, "expert-mode on -", strlen("expert-mode on -")); ret += strlen("expert-mode on -") + 2; } + if (s->pcli_flags & ACCESS_MCLI_SEVERITY_STR) { + const char *cmd = "set severity-output string -"; + ci_insert_line2(req, 0, cmd, strlen(cmd)); + ret += strlen(cmd) + 2; + } + if (s->pcli_flags & ACCESS_MCLI_SEVERITY_NB) { + const char *cmd = "set severity-output number -"; + ci_insert_line2(req, 0, cmd, strlen(cmd)); + ret += strlen(cmd) + 2; + } if (pcli_has_level(s, ACCESS_LVL_ADMIN)) { goto end; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/hlua.c new/haproxy-2.9.1+git0.f72603ceb/src/hlua.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/hlua.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/hlua.c 2023-12-15 14:35:36.000000000 +0100 @@ -12911,6 +12911,13 @@ goto end; } + /* Reset the OCSP CID */ + if (cert_ext->type == CERT_TYPE_PEM || cert_ext->type == CERT_TYPE_KEY || + cert_ext->type == CERT_TYPE_ISSUER) { + OCSP_CERTID_free(new_ckchs->data->ocsp_cid); + new_ckchs->data->ocsp_cid = NULL; + } + /* apply the change on the duplicate */ if (cert_ext->load(filename, payload, data, &err) != 0) { memprintf(&err, "%sCan't load the payload for '%s'", err ? err : "", cert_ext->ext); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h1.c new/haproxy-2.9.1+git0.f72603ceb/src/mux_h1.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h1.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/mux_h1.c 2023-12-15 14:35:36.000000000 +0100 @@ -2046,7 +2046,7 @@ if (sl->flags & HTX_SL_F_XFER_ENC) h1m->flags |= H1_MF_XFER_ENC; - if (sl->flags & HTX_SL_F_BODYLESS) { + if (sl->flags & HTX_SL_F_BODYLESS && !(h1m->flags & H1_MF_CLEN)) { h1m->flags = (h1m->flags & ~H1_MF_CHNK) | H1_MF_CLEN; h1s->flags |= H1S_F_HAVE_CLEN; } @@ -2392,7 +2392,7 @@ h1_adjust_case_outgoing_hdr(h1s, h1m, &n); if (!h1_format_htx_hdr(n, v, &outbuf)) goto full; - TRACE_STATE("add \"Content-Length: chunked\"", H1_EV_TX_DATA|H1_EV_TX_HDRS, h1c->conn, h1s); + TRACE_STATE("add \"Content-Length: <LEN>\"", H1_EV_TX_DATA|H1_EV_TX_HDRS, h1c->conn, h1s); h1s->flags |= H1S_F_HAVE_CLEN; } @@ -4633,6 +4633,7 @@ } total += sdo->iobuf.data; + count -= sdo->iobuf.data; #if defined(USE_LINUX_SPLICE) if (sdo->iobuf.pipe) { /* Here, not data was xferred */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h2.c new/haproxy-2.9.1+git0.f72603ceb/src/mux_h2.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/mux_h2.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/mux_h2.c 2023-12-15 14:35:36.000000000 +0100 @@ -5212,7 +5212,7 @@ b_sub(&h2c->dbuf, hole); } - if (b_full(&h2c->dbuf) && h2c->dfl) { + if (b_full(&h2c->dbuf) && h2c->dfl && (!htx || htx_is_empty(htx))) { /* too large frames */ h2c_error(h2c, H2_ERR_INTERNAL_ERROR); ret = -1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/mux_quic.c new/haproxy-2.9.1+git0.f72603ceb/src/mux_quic.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/mux_quic.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/mux_quic.c 2023-12-15 14:35:36.000000000 +0100 @@ -690,6 +690,19 @@ se_fl_set(qcs->sd, SE_FL_EOI); } + /* A QCS can be already locally closed before stream layer + * instantiation. This notably happens if STOP_SENDING was the first + * frame received for this instance. In this case, an error is + * immediately to the stream layer to prevent transmission. + * + * TODO it could be better to not instantiate at all the stream layer. + * However, extra care is required to ensure QCS instance is released. + */ + if (unlikely(qcs_is_close_local(qcs) || (qcs->flags & QC_SF_TO_RESET))) { + TRACE_STATE("report early error", QMUX_EV_STRM_RECV, qcc->conn, qcs); + se_fl_set_error(qcs->sd); + } + return qcs->sd->sc; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/pattern.c new/haproxy-2.9.1+git0.f72603ceb/src/pattern.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/pattern.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/pattern.c 2023-12-15 14:35:36.000000000 +0100 @@ -1602,17 +1602,25 @@ free(elt); } -/* This function removes all the patterns matching the pointer <refelt> from +/* This function removes the pattern matching the pointer <refelt> from * the reference and from each expr member of this reference. This function * returns 1 if the entry was found and deleted, otherwise zero. + * + * <refelt> is user input: it is provided as an ID and should never be + * dereferenced without making sure that it is valid. */ int pat_ref_delete_by_id(struct pat_ref *ref, struct pat_ref_elt *refelt) { - int ret = !!refelt->node.node.leaf_p; + struct pat_ref_elt *elt, *safe; - ebmb_delete(&refelt->node); - - return ret; + /* delete pattern from reference */ + list_for_each_entry_safe(elt, safe, &ref->head, list) { + if (elt == refelt) { + pat_ref_delete_by_ptr(ref, elt); + return 1; + } + } + return 0; } /* This function removes all patterns matching <key> from the reference @@ -1735,13 +1743,21 @@ /* This function modifies the sample of pat_ref_elt <refelt> in all expressions * found under <ref> to become <value>, after checking that <refelt> really * belongs to <ref>. + * + * <refelt> is user input: it is provided as an ID and should never be + * dereferenced without making sure that it is valid. */ int pat_ref_set_by_id(struct pat_ref *ref, struct pat_ref_elt *refelt, const char *value, char **err) { - if (refelt->node.node.leaf_p) { - if (!pat_ref_set_elt(ref, refelt, value, err)) - return 0; - return 1; + struct pat_ref_elt *elt; + + /* Look for pattern in the reference. */ + list_for_each_entry(elt, &ref->head, list) { + if (elt == refelt) { + if (!pat_ref_set_elt(ref, elt, value, err)) + return 0; + return 1; + } } memprintf(err, "key or pattern not found"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/quic_openssl_compat.c new/haproxy-2.9.1+git0.f72603ceb/src/quic_openssl_compat.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/quic_openssl_compat.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/quic_openssl_compat.c 2023-12-15 14:35:36.000000000 +0100 @@ -347,7 +347,7 @@ nonce, rec->payload, rec->payload_len, ad, adlen)) goto leave; - ret = adlen + outlen; + ret = outlen; leave: TRACE_LEAVE(QUIC_EV_CONN_SSL_COMPAT, qc); return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/quic_rx.c new/haproxy-2.9.1+git0.f72603ceb/src/quic_rx.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/quic_rx.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/quic_rx.c 2023-12-15 14:35:36.000000000 +0100 @@ -996,6 +996,7 @@ break; case QUIC_FT_RETIRE_CONNECTION_ID: { + struct quic_cid_tree *tree; struct quic_connection_id *conn_id = NULL; if (!qc_handle_retire_connection_id_frm(qc, &frm, &pkt->dcid, &conn_id)) @@ -1004,7 +1005,10 @@ if (!conn_id) break; + tree = &quic_cid_trees[quic_cid_tree_idx(&conn_id->cid)]; + HA_RWLOCK_WRLOCK(QC_CID_LOCK, &tree->lock); ebmb_delete(&conn_id->node); + HA_RWLOCK_WRUNLOCK(QC_CID_LOCK, &tree->lock); eb64_delete(&conn_id->seq_num); pool_free(pool_head_quic_connection_id, conn_id); TRACE_PROTO("CID retired", QUIC_EV_CONN_PSTRM, qc); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_ckch.c new/haproxy-2.9.1+git0.f72603ceb/src/ssl_ckch.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_ckch.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/ssl_ckch.c 2023-12-15 14:35:36.000000000 +0100 @@ -2147,6 +2147,7 @@ struct ckch_store *old_ckchs, *new_ckchs = NULL; struct ckch_inst *ckchi; + usermsgs_clr("CLI"); /* FIXME: Don't watch the other side !*/ if (unlikely(sc_opposite(sc)->flags & SC_FL_SHUT_DONE)) goto end; @@ -2220,7 +2221,8 @@ ctx->state = CERT_ST_SUCCESS; __fallthrough; case CERT_ST_SUCCESS: - if (applet_putstr(appctx, "\nSuccess!\n") == -1) + chunk_printf(&trash, "\n%sSuccess!\n", usermsgs_str()); + if (applet_putchk(appctx, &trash) == -1) goto yield; ctx->state = CERT_ST_FIN; __fallthrough; @@ -2233,7 +2235,7 @@ case CERT_ST_ERROR: error: - chunk_printf(&trash, "\n%sFailed!\n", ctx->err); + chunk_printf(&trash, "\n%s%sFailed!\n", usermsgs_str(), ctx->err); if (applet_putchk(appctx, &trash) == -1) goto yield; ctx->state = CERT_ST_FIN; @@ -2241,10 +2243,12 @@ } } end: + usermsgs_clr(NULL); /* success: call the release function and don't come back */ return 1; yield: + usermsgs_clr(NULL); return 0; /* should come back */ } @@ -2420,6 +2424,13 @@ goto end; } + /* Reset the OCSP CID */ + if (cert_ext->type == CERT_TYPE_PEM || cert_ext->type == CERT_TYPE_KEY || + cert_ext->type == CERT_TYPE_ISSUER) { + OCSP_CERTID_free(new_ckchs->data->ocsp_cid); + new_ckchs->data->ocsp_cid = NULL; + } + data = new_ckchs->data; /* apply the change on the duplicate */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_sock.c new/haproxy-2.9.1+git0.f72603ceb/src/ssl_sock.c --- old/haproxy-2.9.0+git0.fddb8c13b/src/ssl_sock.c 2023-12-05 16:15:30.000000000 +0100 +++ new/haproxy-2.9.1+git0.f72603ceb/src/ssl_sock.c 2023-12-15 14:35:36.000000000 +0100 @@ -1292,8 +1292,10 @@ } out: - if (ret && data->ocsp_cid) + if (ret && data->ocsp_cid) { OCSP_CERTID_free(data->ocsp_cid); + data->ocsp_cid = NULL; + } if (!ret && data->ocsp_response) { ha_free(&data->ocsp_response->area); @@ -2857,8 +2859,8 @@ has_rsa_sig = 0; } for (idx = 0; idx < hashSigAlgoSz; idx += 2) { - enum wc_HashType hashAlgo; - enum Key_Sum sigAlgo; + int hashAlgo; + int sigAlgo; wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1], &hashAlgo, &sigAlgo);