Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2018-06-27 10:21:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Wed Jun 27 10:21:30 2018 rev:62 rq:618961 version:1.8.10~git0.ec17d7a9 Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2018-05-29 16:53:36.352880201 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2018-06-27 10:21:32.323781056 +0200 @@ -1,0 +2,34 @@ +Mon Jun 25 05:16:57 UTC 2018 - kgronl...@suse.com + +- Update to version 1.8.10~git0.ec17d7a9: + * MINOR: threads: Be sure to remove threads from all_threads_mask on exit + * BUG/MEDIUM: threads: Use the sync point to check active jobs and exit + * BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete(). + * BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot + * BUG/MAJOR: ssl: Random crash with cipherlist capture + * BUG/MINOR: lua: Segfaults with wrong usage of types. + * BUG/MAJOR: map: fix a segfault when using http-request set-map + * MINOR: lua: Increase debug information + * BUG/MINOR: signals: ha_sigmask macro for multithreading + * BUG/MINOR: don't ignore SIG{BUS,FPE,ILL,SEGV} during signal processing + * BUG/MEDIUM: threads: handle signal queue only in thread 0 + * BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload. + * BUG/MINOR: contrib/modsecurity: update pointer on the end of the frame + * BUG/MINOR: contrib/mod_defender: update pointer on the end of the frame + * BUG/MINOR: contrib/modsecurity: Don't reset the status code during disconnect + * BUG/MINOR: contrib/mod_defender: Don't reset the status code during disconnect + * BUG/MINOR: contrib/spoa_example: Don't reset the status code during disconnect + * MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0 + * BUG/MEDIUM: lua/socket: Buffer error, may segfault + * BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock + * BUG/MEDIUM: lua/socket: Notification error + * BUG/MAJOR: lua: Dead lock with sockets + * BUG/MEDIUM: lua/socket: wrong scheduling for sockets + * MINOR: task/notification: Is notifications registered ? + * BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode + * BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters + * BUG/MEDIUM: lua/socket: Length required read doesn't work + * BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file + * BUG/MEDIUM: fd: Only check update_mask against all_threads_mask. + +------------------------------------------------------------------- Old: ---- haproxy-1.8.9~git9.6d82e611.tar.gz New: ---- haproxy-1.8.10~git0.ec17d7a9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.mA7fTx/_old 2018-06-27 10:21:32.975757276 +0200 +++ /var/tmp/diff_new_pack.mA7fTx/_new 2018-06-27 10:21:32.975757276 +0200 @@ -40,7 +40,7 @@ %bcond_without apparmor Name: haproxy -Version: 1.8.9~git9.6d82e611 +Version: 1.8.10~git0.ec17d7a9 Release: 0 # # ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.mA7fTx/_old 2018-06-27 10:21:33.043754796 +0200 +++ /var/tmp/diff_new_pack.mA7fTx/_new 2018-06-27 10:21:33.047754651 +0200 @@ -5,4 +5,4 @@ <param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param> <param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param> - <param name="changesrevision">6d82e6114f393a764aa5cf423bf3782e36cebe54</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">ec17d7a98f30326918219ba876fcfc56f6ad6823</param></service></servicedata> \ No newline at end of file ++++++ haproxy-1.8.9~git9.6d82e611.tar.gz -> haproxy-1.8.10~git0.ec17d7a9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/CHANGELOG new/haproxy-1.8.10~git0.ec17d7a9/CHANGELOG --- old/haproxy-1.8.9~git9.6d82e611/CHANGELOG 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/CHANGELOG 2018-06-22 15:58:22.000000000 +0200 @@ -1,6 +1,48 @@ ChangeLog : =========== +2018/06/22 : 1.8.10 + - BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments. + - BUG/MEDIUM: spoe: Flags are not encoded in network order + - BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags + - BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags + - BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation + - BUG/MEDIUM: cache: don't cache when an Authorization header is present + - BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure. + - BUG/BUILD: threads: unbreak build without threads + - BUG/BUILD: fd: fix typo causing a warning when threads are disabled + - BUG/MEDIUM: fd: Only check update_mask against all_threads_mask. + - BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file + - BUG/MEDIUM: lua/socket: Length required read doesn't work + - BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters + - BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode + - MINOR: task/notification: Is notifications registered ? + - BUG/MEDIUM: lua/socket: wrong scheduling for sockets + - BUG/MAJOR: lua: Dead lock with sockets + - BUG/MEDIUM: lua/socket: Notification error + - BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock + - BUG/MEDIUM: lua/socket: Buffer error, may segfault + - MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0 + - BUG/MINOR: contrib/spoa_example: Don't reset the status code during disconnect + - BUG/MINOR: contrib/mod_defender: Don't reset the status code during disconnect + - BUG/MINOR: contrib/modsecurity: Don't reset the status code during disconnect + - BUG/MINOR: contrib/mod_defender: update pointer on the end of the frame + - BUG/MINOR: contrib/modsecurity: update pointer on the end of the frame + - DOC: SPOE.txt: fix a typo + - DOC: contrib/modsecurity: few typo fixes + - BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload. + - BUG/MEDIUM: threads: handle signal queue only in thread 0 + - BUG/MINOR: don't ignore SIG{BUS,FPE,ILL,SEGV} during signal processing + - BUG/MINOR: signals: ha_sigmask macro for multithreading + - MINOR: lua: Increase debug information + - BUG/MAJOR: map: fix a segfault when using http-request set-map + - BUG/MINOR: lua: Segfaults with wrong usage of types. + - BUG/MAJOR: ssl: Random crash with cipherlist capture + - BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot + - BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete(). + - BUG/MEDIUM: threads: Use the sync point to check active jobs and exit + - MINOR: threads: Be sure to remove threads from all_threads_mask on exit + 2018/05/18 : 1.8.9 - BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid() - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/README new/haproxy-1.8.10~git0.ec17d7a9/README --- old/haproxy-1.8.9~git9.6d82e611/README 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/README 2018-06-22 15:58:22.000000000 +0200 @@ -3,7 +3,7 @@ ---------------------- version 1.8 willy tarreau - 2018/05/18 + 2018/06/22 1) How to build it diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/VERDATE new/haproxy-1.8.10~git0.ec17d7a9/VERDATE --- old/haproxy-1.8.9~git9.6d82e611/VERDATE 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/VERDATE 2018-06-22 15:58:22.000000000 +0200 @@ -1,2 +1,2 @@ $Format:%ci$ -2018/05/18 +2018/06/22 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/VERSION new/haproxy-1.8.10~git0.ec17d7a9/VERSION --- old/haproxy-1.8.9~git9.6d82e611/VERSION 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/VERSION 2018-06-22 15:58:22.000000000 +0200 @@ -1 +1 @@ -1.8.9 +1.8.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/contrib/mod_defender/spoa.c new/haproxy-1.8.10~git0.ec17d7a9/contrib/mod_defender/spoa.c --- old/haproxy-1.8.9~git9.6d82e611/contrib/mod_defender/spoa.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/contrib/mod_defender/spoa.c 2018-06-22 15:58:22.000000000 +0200 @@ -43,7 +43,7 @@ #define CONNECTION_BACKLOG 10 #define NUM_WORKERS 10 #define MAX_FRAME_SIZE 16384 -#define SPOP_VERSION "1.0" +#define SPOP_VERSION "2.0" #define SLEN(str) (sizeof(str)-1) @@ -1345,7 +1345,8 @@ frame->flags = 0; ret = prepare_agentack(frame); - p = frame->buf + ret; + p = frame->buf + ret; + end = frame->buf+max_frame_size; if (frame->defender_status != -1) { DEBUG(frame->worker, "Add action : set variable status=%u", @@ -1452,7 +1453,6 @@ if (client->status_code != SPOE_FRM_ERR_NONE) LOG(client->worker, "<%lu> Peer closed connection: %s", client->id, spoe_frm_err_reasons[client->status_code]); - client->status_code = SPOE_FRM_ERR_NONE; goto disconnect; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/contrib/modsecurity/README new/haproxy-1.8.10~git0.ec17d7a9/contrib/modsecurity/README --- old/haproxy-1.8.9~git9.6d82e611/contrib/modsecurity/README 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/contrib/modsecurity/README 2018-06-22 15:58:22.000000000 +0200 @@ -1,7 +1,7 @@ ModSecurity for HAProxy ----------------------- -This is a third party deamon whoch speaks SPOE. It give requests send by HAProxy +This is a third party deamon which speaks SPOE. It gives requests send by HAProxy to ModSecurity and returns the verdict. Compilation @@ -24,7 +24,7 @@ cp standalone/*.h $PWD/INSTALL/include cp apache2/*.h $PWD/INSTALL/include -Note that this compilation method works, but is a litle bit rustic. I cant +Note that this compilation method works, but is a litle bit rustic. I can't deal with Lua, I supposed that is a dependecies problem on my computer. Start the service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/contrib/modsecurity/spoa.c new/haproxy-1.8.10~git0.ec17d7a9/contrib/modsecurity/spoa.c --- old/haproxy-1.8.9~git9.6d82e611/contrib/modsecurity/spoa.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/contrib/modsecurity/spoa.c 2018-06-22 15:58:22.000000000 +0200 @@ -1,7 +1,7 @@ /* * Modsecurity wrapper for haproxy * - * This file contains the bootstrap for laucnching and scheduling modsecurity + * This file contains the bootstrap for launching and scheduling modsecurity * for working with HAProxy SPOE protocol. * * Copyright 2016 OZON, Thierry Fournier <thierry.fourn...@ozon.io> @@ -48,7 +48,7 @@ #define CONNECTION_BACKLOG 10 #define NUM_WORKERS 10 #define MAX_FRAME_SIZE 16384 -#define SPOP_VERSION "1.0" +#define SPOP_VERSION "2.0" #define SLEN(str) (sizeof(str)-1) @@ -1374,7 +1374,8 @@ frame->flags = 0; ret = prepare_agentack(frame); - p = frame->buf + ret; + p = frame->buf + ret; + end = frame->buf+max_frame_size; if (frame->modsec_code != -1) { DEBUG(frame->worker, "Add action : set variable code=%u", @@ -1481,7 +1482,6 @@ if (client->status_code != SPOE_FRM_ERR_NONE) LOG(client->worker, "<%lu> Peer closed connection: %s", client->id, spoe_frm_err_reasons[client->status_code]); - client->status_code = SPOE_FRM_ERR_NONE; goto disconnect; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/contrib/spoa_example/spoa.c new/haproxy-1.8.10~git0.ec17d7a9/contrib/spoa_example/spoa.c --- old/haproxy-1.8.9~git9.6d82e611/contrib/spoa_example/spoa.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/contrib/spoa_example/spoa.c 2018-06-22 15:58:22.000000000 +0200 @@ -43,7 +43,7 @@ #define CONNECTION_BACKLOG 10 #define NUM_WORKERS 10 #define MAX_FRAME_SIZE 16384 -#define SPOP_VERSION "1.0" +#define SPOP_VERSION "2.0" #define SLEN(str) (sizeof(str)-1) @@ -1473,7 +1473,6 @@ if (client->status_code != SPOE_FRM_ERR_NONE) LOG(client->worker, "<%lu> Peer closed connection: %s", client->id, spoe_frm_err_reasons[client->status_code]); - client->status_code = SPOE_FRM_ERR_NONE; goto disconnect; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/doc/SPOE.txt new/haproxy-1.8.10~git0.ec17d7a9/doc/SPOE.txt --- old/haproxy-1.8.9~git9.6d82e611/doc/SPOE.txt 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/doc/SPOE.txt 2018-06-22 15:58:22.000000000 +0200 @@ -1004,7 +1004,7 @@ * set-var set the value for an existing variable. 3 arguments must be attached to this action: the variable scope (proc, sess, txn, - req or req), the variable name (a string) and its value. + req or res), the variable name (a string) and its value. ACTION-SET-VAR : <SET-VAR:1 byte><NB-ARGS:1 byte><VAR-SCOPE:1 byte><VAR-NAME><VAR-VALUE> @@ -1022,7 +1022,7 @@ * unset-var unset the value for an existing variable. 2 arguments must be attached to this action: the variable scope (proc, sess, txn, - req or req) and the variable name (a string). + req or res) and the variable name (a string). ACTION-UNSET-VAR : <UNSET-VAR:1 byte><NB-ARGS:1 byte><VAR-SCOPE:1 byte><VAR-NAME> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/doc/configuration.txt new/haproxy-1.8.10~git0.ec17d7a9/doc/configuration.txt --- old/haproxy-1.8.9~git9.6d82e611/doc/configuration.txt 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/doc/configuration.txt 2018-06-22 15:58:22.000000000 +0200 @@ -4,7 +4,7 @@ ---------------------- version 1.8 willy tarreau - 2018/05/18 + 2018/06/22 This document covers the configuration language as implemented in the version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/examples/haproxy.spec new/haproxy-1.8.10~git0.ec17d7a9/examples/haproxy.spec --- old/haproxy-1.8.9~git9.6d82e611/examples/haproxy.spec 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/examples/haproxy.spec 2018-06-22 15:58:22.000000000 +0200 @@ -1,6 +1,6 @@ Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments Name: haproxy -Version: 1.8.9 +Version: 1.8.10 Release: 1 License: GPL Group: System Environment/Daemons @@ -74,6 +74,9 @@ %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name} %changelog +* Fri Jun 22 2018 William Lallemand <wlallem...@haproxy.org> +- updated to 1.8.10 + * Fri May 18 2018 William Lallemand <wlallem...@haproxy.org> - updated to 1.8.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/include/common/hathreads.h new/haproxy-1.8.10~git0.ec17d7a9/include/common/hathreads.h --- old/haproxy-1.8.9~git9.6d82e611/include/common/hathreads.h 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/include/common/hathreads.h 2018-06-22 15:58:22.000000000 +0200 @@ -90,6 +90,8 @@ #define HA_RWLOCK_TRYRDLOCK(lbl, l) ({ 0; }) #define HA_RWLOCK_RDUNLOCK(lbl, l) do { /* do nothing */ } while(0) +#define ha_sigmask(how, set, oldset) sigprocmask(how, set, oldset) + #else /* USE_THREAD */ #include <stdio.h> @@ -204,6 +206,9 @@ extern unsigned long all_threads_mask; +#define ha_sigmask(how, set, oldset) pthread_sigmask(how, set, oldset) + + #if defined(DEBUG_THREAD) || defined(DEBUG_FULL) /* WARNING!!! if you update this enum, please also keep lock_label() up to date below */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/include/proto/fd.h new/haproxy-1.8.10~git0.ec17d7a9/include/proto/fd.h --- old/haproxy-1.8.9~git9.6d82e611/include/proto/fd.h 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/include/proto/fd.h 2018-06-22 15:58:22.000000000 +0200 @@ -126,7 +126,7 @@ /* If update_mask is non-nul, then it's already in the list * so we don't have to add it. */ - if (fdtab[fd].update_mask == 0) { + if ((fdtab[fd].update_mask & all_threads_mask) == 0) { if (update_list.first == -1) { update_list.first = update_list.last = fd; fdtab[fd].update.next = fdtab[fd].update.prev = -1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/include/proto/task.h new/haproxy-1.8.10~git0.ec17d7a9/include/proto/task.h --- old/haproxy-1.8.9~git9.6d82e611/include/proto/task.h 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/include/proto/task.h 2018-06-22 15:58:22.000000000 +0200 @@ -388,6 +388,13 @@ } } +/* This function returns true is some notification are pending + */ +static inline int notification_registered(struct list *wake) +{ + return !LIST_ISEMPTY(wake); +} + /* * This does 3 things : * - wake up all expired tasks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/checks.c new/haproxy-1.8.10~git0.ec17d7a9/src/checks.c --- old/haproxy-1.8.9~git9.6d82e611/src/checks.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/checks.c 2018-06-22 15:58:22.000000000 +0200 @@ -1618,7 +1618,7 @@ sigset_t set; sigemptyset(&set); sigaddset(&set, SIGCHLD); - assert(sigprocmask(SIG_BLOCK, &set, NULL) == 0); + assert(ha_sigmask(SIG_BLOCK, &set, NULL) == 0); } void unblock_sigchld(void) @@ -1626,7 +1626,7 @@ sigset_t set; sigemptyset(&set); sigaddset(&set, SIGCHLD); - assert(sigprocmask(SIG_UNBLOCK, &set, NULL) == 0); + assert(ha_sigmask(SIG_UNBLOCK, &set, NULL) == 0); } static struct pid_list *pid_list_add(pid_t pid, struct task *t) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/fd.c new/haproxy-1.8.10~git0.ec17d7a9/src/fd.c --- old/haproxy-1.8.9~git9.6d82e611/src/fd.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/fd.c 2018-06-22 15:58:22.000000000 +0200 @@ -202,7 +202,6 @@ port_range_release_port(fdinfo[fd].port_range, fdinfo[fd].local_port); fdinfo[fd].port_range = NULL; fdtab[fd].owner = NULL; - fdtab[fd].update_mask &= ~tid_bit; fdtab[fd].new = 0; fdtab[fd].thread_mask = 0; if (do_close) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/flt_spoe.c new/haproxy-1.8.10~git0.ec17d7a9/src/flt_spoe.c --- old/haproxy-1.8.9~git9.6d82e611/src/flt_spoe.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/flt_spoe.c 2018-06-22 15:58:22.000000000 +0200 @@ -310,12 +310,13 @@ /* All supported versions */ static struct spoe_version supported_versions[] = { - {"1.0", 1000, 1000}, + /* 1.0 is now unsupported because of a bug about frame's flags*/ + {"2.0", 2000, 2000}, {NULL, 0, 0} }; /* Comma-separated list of supported versions */ -#define SUPPORTED_VERSIONS_VAL "1.0" +#define SUPPORTED_VERSIONS_VAL "2.0" /* Convert a string to a SPOE version value. The string must follow the format * "MAJOR.MINOR". It will be concerted into the integer (1000 * MAJOR + MINOR). @@ -1027,6 +1028,8 @@ (unsigned int)stream_id, (unsigned int)frame_id); SPOE_APPCTX(appctx)->status_code = SPOE_FRM_ERR_FRAMEID_NOTFOUND; + if (appctx->st0 == SPOE_APPCTX_ST_WAITING_SYNC_ACK) + return -1; return 0; found: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/haproxy.c new/haproxy-1.8.10~git0.ec17d7a9/src/haproxy.c --- old/haproxy-1.8.9~git9.6d82e611/src/haproxy.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/haproxy.c 2018-06-22 15:58:22.000000000 +0200 @@ -509,7 +509,7 @@ sigaddset(&set, SIGHUP); sigaddset(&set, SIGINT); sigaddset(&set, SIGTERM); - sigprocmask(SIG_SETMASK, &set, NULL); + ha_sigmask(SIG_SETMASK, &set, NULL); } static void mworker_unblock_signals() @@ -522,7 +522,7 @@ sigaddset(&set, SIGHUP); sigaddset(&set, SIGINT); sigaddset(&set, SIGTERM); - sigprocmask(SIG_UNBLOCK, &set, NULL); + ha_sigmask(SIG_UNBLOCK, &set, NULL); } static void mworker_unregister_signals() @@ -2368,10 +2368,12 @@ fd_want_recv(mworker_pipe[0]); } -static void sync_poll_loop() +static int sync_poll_loop() { + int stop = 0; + if (THREAD_NO_SYNC()) - return; + return stop; THREAD_ENTER_SYNC(); @@ -2385,7 +2387,9 @@ /* *** } */ exit: + stop = (jobs == 0); /* stop when there's nothing left to do */ THREAD_EXIT_SYNC(); + return stop; } /* Runs the polling loop */ @@ -2398,15 +2402,18 @@ /* Process a few tasks */ process_runnable_tasks(); - /* check if we caught some signals and process them */ - signal_process_queue(); + /* check if we caught some signals and process them in the + first thread */ + if (tid == 0) + signal_process_queue(); /* Check if we can expire some tasks */ next = wake_expired_tasks(); - /* stop when there's nothing left to do */ - if (jobs == 0) - break; + /* the first thread requests a synchronization to exit when + * there is no active jobs anymore */ + if (tid == 0 && jobs == 0) + THREAD_WANT_SYNC(); /* expire immediately if events are pending */ exp = now_ms; @@ -2416,7 +2423,7 @@ activity[tid].wake_tasks++; else if (active_applets_mask & tid_bit) activity[tid].wake_applets++; - else if (signal_queue_len) + else if (signal_queue_len && tid == 0) activity[tid].wake_signal++; else exp = next; @@ -2428,7 +2435,9 @@ /* Synchronize all polling loops */ - sync_poll_loop(); + if (sync_poll_loop()) + break; + activity[tid].loops++; } } @@ -2463,6 +2472,8 @@ list_for_each_entry(ptdf, &per_thread_deinit_list, list) ptdf->fct(); + HA_ATOMIC_AND(&all_threads_mask, ~tid_bit); + #ifdef USE_THREAD if (tid > 0) pthread_exit(NULL); @@ -3006,6 +3017,7 @@ unsigned int *tids = calloc(global.nbthread, sizeof(unsigned int)); pthread_t *threads = calloc(global.nbthread, sizeof(pthread_t)); int i; + sigset_t blocked_sig, old_sig; THREAD_SYNC_INIT((1UL << global.nbthread) - 1); @@ -3013,6 +3025,15 @@ for (i = 0; i < global.nbthread; i++) tids[i] = i; + /* ensure the signals will be blocked in every thread */ + sigfillset(&blocked_sig); + sigdelset(&blocked_sig, SIGPROF); + sigdelset(&blocked_sig, SIGBUS); + sigdelset(&blocked_sig, SIGFPE); + sigdelset(&blocked_sig, SIGILL); + sigdelset(&blocked_sig, SIGSEGV); + pthread_sigmask(SIG_SETMASK, &blocked_sig, &old_sig); + /* Create nbthread-1 thread. The first thread is the current process */ threads[0] = pthread_self(); for (i = 1; i < global.nbthread; i++) @@ -3046,6 +3067,9 @@ } #endif /* !USE_CPU_AFFINITY */ + /* when multithreading we need to let only the thread 0 handle the signals */ + pthread_sigmask(SIG_SETMASK, &old_sig, NULL); + /* Finally, start the poll loop for the first thread */ run_thread_poll_loop(&tids[0]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/hlua.c new/haproxy-1.8.10~git0.ec17d7a9/src/hlua.c --- old/haproxy-1.8.9~git9.6d82e611/src/hlua.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/hlua.c 2018-06-22 15:58:22.000000000 +0200 @@ -286,6 +286,63 @@ return lua_tostring(L, -1); } +__LJMP static const char *hlua_traceback(lua_State *L) +{ + lua_Debug ar; + int level = 0; + struct chunk *msg = get_trash_chunk(); + int filled = 0; + + while (lua_getstack(L, level++, &ar)) { + + /* Add separator */ + if (filled) + chunk_appendf(msg, ", "); + filled = 1; + + /* Fill fields: + * 'S': fills in the fields source, short_src, linedefined, lastlinedefined, and what; + * 'l': fills in the field currentline; + * 'n': fills in the field name and namewhat; + * 't': fills in the field istailcall; + */ + lua_getinfo(L, "Slnt", &ar); + + /* Append code localisation */ + if (ar.currentline > 0) + chunk_appendf(msg, "%s:%d ", ar.short_src, ar.currentline); + else + chunk_appendf(msg, "%s ", ar.short_src); + + /* + * Get function name + * + * if namewhat is no empty, name is defined. + * what contains "Lua" for Lua function, "C" for C function, + * or "main" for main code. + */ + if (*ar.namewhat != '\0' && ar.name != NULL) /* is there a name from code? */ + chunk_appendf(msg, "%s '%s'", ar.namewhat, ar.name); /* use it */ + + else if (*ar.what == 'm') /* "main", the code is not executed in a function */ + chunk_appendf(msg, "main chunk"); + + else if (*ar.what != 'C') /* for Lua functions, use <file:line> */ + chunk_appendf(msg, "C function line %d", ar.linedefined); + + else /* nothing left... */ + chunk_appendf(msg, "?"); + + + /* Display tailed call */ + if (ar.istailcall) + chunk_appendf(msg, " ..."); + } + + return msg->str; +} + + /* This function check the number of arguments available in the * stack. If the number of arguments available is not the same * then <nb> an error is throwed. @@ -984,6 +1041,7 @@ { int ret; const char *msg; + const char *trace; /* Initialise run time counter. */ if (!HLUA_IS_RUNNING(lua)) @@ -1078,10 +1136,11 @@ msg = lua_tostring(lua->T, -1); lua_settop(lua->T, 0); /* Empty the stack. */ lua_pop(lua->T, 1); + trace = hlua_traceback(lua->T); if (msg) - lua_pushfstring(lua->T, "runtime error: %s", msg); + lua_pushfstring(lua->T, "runtime error: %s from %s", msg, trace); else - lua_pushfstring(lua->T, "unknown runtime error"); + lua_pushfstring(lua->T, "unknown runtime error from %s", trace); ret = HLUA_E_ERRMSG; break; @@ -1569,6 +1628,18 @@ /* Wake the tasks which wants to read if the buffer contains data. */ if (!channel_is_empty(si_oc(si))) notification_wake(&appctx->ctx.hlua_cosocket.wake_on_read); + + /* Some data were injected in the buffer, notify the stream + * interface. + */ + if (!channel_is_empty(si_ic(si))) + stream_int_update(si); + + /* If write notifications are registered, we considers we want + * to write, so we set the flag cant put + */ + if (notification_registered(&appctx->ctx.hlua_cosocket.wake_on_write)) + si_applet_cant_put(si); } /* This function is called when the "struct stream" is destroyed. @@ -1685,6 +1756,7 @@ struct stream_interface *si; struct stream *s; struct xref *peer; + int missing_bytes; /* Check if this lua stack is schedulable. */ if (!hlua || !hlua->task) @@ -1754,11 +1826,12 @@ if (nblk == 0) /* No data avalaible. */ goto connection_empty; - if (len1 > wanted) { + missing_bytes = wanted - socket->b.n; + if (len1 > missing_bytes) { nblk = 1; - len1 = wanted; - } if (nblk == 2 && len1 + len2 > wanted) - len2 = wanted - len1; + len1 = missing_bytes; + } if (nblk == 2 && len1 + len2 > missing_bytes) + len2 = missing_bytes - len1; } len = len1; @@ -1773,15 +1846,14 @@ co_skip(oc, len + skip_at_end); /* Don't wait anything. */ - stream_int_notify(&s->si[0]); - stream_int_update_applet(&s->si[0]); + appctx_wakeup(appctx); /* If the pattern reclaim to read all the data * in the connection, got out. */ if (wanted == HLSR_READ_ALL) goto connection_empty; - else if (wanted >= 0 && len < wanted) + else if (wanted >= 0 && socket->b.n < wanted) goto connection_empty; /* Return result. */ @@ -1806,7 +1878,6 @@ connection_empty: - appctx = objt_appctx(s->si[0].end); if (!notification_new(&hlua->com, &appctx->ctx.hlua_cosocket.wake_on_read, hlua->task)) { xref_unlock(&socket->xref, peer); WILL_LJMP(luaL_error(L, "out of memory")); @@ -1958,7 +2029,6 @@ * the request buffer if its not required. */ if (s->req.buf->size == 0) { - appctx = hlua->task->context; if (!channel_alloc_buffer(&s->req, &appctx->buffer_wait)) goto hlua_socket_write_yield_return; } @@ -1966,18 +2036,13 @@ /* Check for avalaible space. */ len = buffer_total_space(s->req.buf); if (len <= 0) { - appctx = objt_appctx(s->si[0].end); - if (!notification_new(&hlua->com, &appctx->ctx.hlua_cosocket.wake_on_write, hlua->task)) { - xref_unlock(&socket->xref, peer); - WILL_LJMP(luaL_error(L, "out of memory")); - } goto hlua_socket_write_yield_return; } /* send data */ if (len < send_len) send_len = len; - len = ci_putblk(&s->req, buf+sent, send_len); + len = ci_putblk(&s->req, buf, send_len); /* "Not enough space" (-1), "Buffer too little to contain * the data" (-2) are not expected because the available length @@ -1996,8 +2061,7 @@ } /* update buffers. */ - stream_int_notify(&s->si[0]); - stream_int_update_applet(&s->si[0]); + appctx_wakeup(appctx); s->req.rex = TICK_ETERNITY; s->res.wex = TICK_ETERNITY; @@ -2013,6 +2077,10 @@ } hlua_socket_write_yield_return: + if (!notification_new(&hlua->com, &appctx->ctx.hlua_cosocket.wake_on_write, hlua->task)) { + xref_unlock(&socket->xref, peer); + WILL_LJMP(luaL_error(L, "out of memory")); + } xref_unlock(&socket->xref, peer); WILL_LJMP(hlua_yieldk(L, 0, 0, hlua_socket_write_yield, TICK_ETERNITY, 0)); return 0; @@ -3189,7 +3257,7 @@ { struct hlua_smp *hsmp; struct sample_fetch *f; - struct arg args[ARGM_NBARGS + 1]; + struct arg args[ARGM_NBARGS + 1] = {{0}}; int i; struct sample smp; @@ -3303,7 +3371,7 @@ { struct hlua_smp *hsmp; struct sample_conv *conv; - struct arg args[ARGM_NBARGS + 1]; + struct arg args[ARGM_NBARGS + 1] = {{0}}; int i; struct sample smp; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/pattern.c new/haproxy-1.8.10~git0.ec17d7a9/src/pattern.c --- old/haproxy-1.8.9~git9.6d82e611/src/pattern.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/pattern.c 2018-06-22 15:58:22.000000000 +0200 @@ -1815,12 +1815,14 @@ list_for_each_entry(elt, &ref->head, list) { if (strcmp(key, elt->pattern) == 0) { if (!pat_ref_set_elt(ref, elt, value, merr)) { - if (!found) - *err = *merr; - else { - memprintf(err, "%s, %s", *err, *merr); - free(*merr); - *merr = NULL; + if (err && merr) { + if (!found) { + *err = *merr; + } else { + memprintf(err, "%s, %s", *err, *merr); + free(*merr); + *merr = NULL; + } } } found = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/proto_uxst.c new/haproxy-1.8.10~git0.ec17d7a9/src/proto_uxst.c --- old/haproxy-1.8.9~git9.6d82e611/src/proto_uxst.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/proto_uxst.c 2018-06-22 15:58:22.000000000 +0200 @@ -146,7 +146,12 @@ after_sockname++; if (!strcmp(after_sockname, ".tmp")) break; - } + /* abns sockets sun_path starts with a \0 */ + } else if (un1->sun_path[0] == 0 + && un2->sun_path[0] == 0 + && !memcmp(&un1->sun_path[1], &un2->sun_path[1], + sizeof(un1->sun_path) - 1)) + break; } xfer_sock = xfer_sock->next; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/proxy.c new/haproxy-1.8.10~git0.ec17d7a9/src/proxy.c --- old/haproxy-1.8.9~git9.6d82e611/src/proxy.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/proxy.c 2018-06-22 15:58:22.000000000 +0200 @@ -1450,6 +1450,9 @@ inet_ntop(srv->addr.ss_family, &((struct sockaddr_in6 *)&srv->addr)->sin6_addr, srv_addr, INET6_ADDRSTRLEN + 1); break; + default: + memcpy(srv_addr, "-\0", 2); + break; } srv_time_since_last_change = now.tv_sec - srv->last_change; bk_f_forced_id = px->options & PR_O_FORCED_ID ? 1 : 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/server.c new/haproxy-1.8.10~git0.ec17d7a9/src/server.c --- old/haproxy-1.8.9~git9.6d82e611/src/server.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/server.c 2018-06-22 15:58:22.000000000 +0200 @@ -2898,7 +2898,8 @@ server_recalc_eweight(srv); /* load server IP address */ - srv->lastaddr = strdup(params[0]); + if (strcmp(params[0], "-")) + srv->lastaddr = strdup(params[0]); if (fqdn && srv->hostname) { if (!strcmp(srv->hostname, fqdn)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/signal.c new/haproxy-1.8.10~git0.ec17d7a9/src/signal.c --- old/haproxy-1.8.9~git9.6d82e611/src/signal.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/signal.c 2018-06-22 15:58:22.000000000 +0200 @@ -13,6 +13,8 @@ #include <signal.h> #include <string.h> +#include <common/hathreads.h> + #include <proto/signal.h> #include <proto/log.h> #include <proto/task.h> @@ -31,7 +33,6 @@ sigset_t blocked_sig; int signal_pending = 0; /* non-zero if t least one signal remains unprocessed */ -__decl_hathreads(HA_SPINLOCK_T signals_lock); /* Common signal handler, used by all signals. Received signals are queued. * Signal number zero has a specific status, as it cannot be delivered by the @@ -71,11 +72,8 @@ struct signal_descriptor *desc; sigset_t old_sig; - if (HA_SPIN_TRYLOCK(SIGNALS_LOCK, &signals_lock)) - return; - /* block signal delivery during processing */ - sigprocmask(SIG_SETMASK, &blocked_sig, &old_sig); + ha_sigmask(SIG_SETMASK, &blocked_sig, &old_sig); /* It is important that we scan the queue forwards so that we can * catch any signal that would have been queued by another signal @@ -99,8 +97,7 @@ signal_queue_len = 0; /* restore signal delivery */ - sigprocmask(SIG_SETMASK, &old_sig, NULL); - HA_SPIN_UNLOCK(SIGNALS_LOCK, &signals_lock); + ha_sigmask(SIG_SETMASK, &old_sig, NULL); } /* perform minimal intializations, report 0 in case of error, 1 if OK. */ @@ -112,8 +109,6 @@ memset(signal_queue, 0, sizeof(signal_queue)); memset(signal_state, 0, sizeof(signal_state)); - HA_SPIN_INIT(&signals_lock); - /* Ensure signals are not blocked. Some shells or service managers may * accidently block all of our signals unfortunately, causing lots of * zombie processes to remain in the background during reloads. @@ -123,10 +118,18 @@ * parsing We don't want the process to be killed by an unregistered * USR2 signal when the master-worker is reloading */ sigaddset(&blocked_sig, SIGUSR2); - sigprocmask(SIG_SETMASK, &blocked_sig, NULL); + ha_sigmask(SIG_SETMASK, &blocked_sig, NULL); sigfillset(&blocked_sig); sigdelset(&blocked_sig, SIGPROF); + /* man sigprocmask: If SIGBUS, SIGFPE, SIGILL, or SIGSEGV are + generated while they are blocked, the result is undefined, unless + the signal was generated by kill(2), + sigqueue(3), or raise(3) */ + sigdelset(&blocked_sig, SIGBUS); + sigdelset(&blocked_sig, SIGFPE); + sigdelset(&blocked_sig, SIGILL); + sigdelset(&blocked_sig, SIGSEGV); for (sig = 0; sig < MAX_SIGNAL; sig++) LIST_INIT(&signal_state[sig].handlers); @@ -148,7 +151,6 @@ pool_free(pool_head_sig_handlers, sh); } } - HA_SPIN_DESTROY(&signals_lock); } /* Register a function and an integer argument on a signal. A pointer to the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/ssl_sock.c new/haproxy-1.8.10~git0.ec17d7a9/src/ssl_sock.c --- old/haproxy-1.8.9~git9.6d82e611/src/ssl_sock.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/ssl_sock.c 2018-06-22 15:58:22.000000000 +0200 @@ -260,6 +260,7 @@ }; struct pool_head *pool_head_ssl_capture = NULL; static int ssl_capture_ptr_index = -1; +static int ssl_app_data_index = -1; #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference); @@ -825,7 +826,7 @@ int i; int ret = -1; /* error by default */ - conn = SSL_get_app_data(s); + conn = SSL_get_ex_data(s, ssl_app_data_index); ref = objt_listener(conn->target)->bind_conf->keys_ref; HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock); @@ -1389,7 +1390,7 @@ void ssl_sock_infocbk(const SSL *ssl, int where, int ret) { - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); BIO *write_bio; (void)ret; /* shut gcc stupid warning */ @@ -1427,7 +1428,7 @@ int err, depth; ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx()); - conn = SSL_get_app_data(ssl); + conn = SSL_get_ex_data(ssl, ssl_app_data_index); conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE; @@ -1575,7 +1576,7 @@ /* test heartbeat received (write_p is set to 0 for a received record) */ if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) { - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); const unsigned char *p = buf; unsigned int payload; @@ -1903,7 +1904,7 @@ ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl) { unsigned int key; - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); conn_get_to_addr(conn); if (conn->flags & CO_FL_ADDR_TO_SET) { @@ -2099,7 +2100,7 @@ int allow_early = 0; int i; - conn = SSL_get_app_data(ssl); + conn = SSL_get_ex_data(ssl, ssl_app_data_index); s = objt_listener(conn->target)->bind_conf; if (s->ssl_conf.early_data) @@ -3876,7 +3877,7 @@ /* SSL callback used when a new session is created while connecting to a server */ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess) { - struct connection *conn = SSL_get_app_data(ssl); + struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index); struct server *s; s = objt_server(conn->target); @@ -4373,7 +4374,7 @@ return ok; ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - conn = SSL_get_app_data(ssl); + conn = SSL_get_ex_data(ssl, ssl_app_data_index); /* We're checking if the provided hostnames match the desired one. The * desired hostname comes from the SNI we presented if any, or if not @@ -4948,7 +4949,7 @@ } /* set connection pointer */ - if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) { SSL_free(conn->xprt_ctx); conn->xprt_ctx = NULL; if (may_retry--) { @@ -5007,7 +5008,7 @@ } /* set connection pointer */ - if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) { SSL_free(conn->xprt_ctx); conn->xprt_ctx = NULL; if (may_retry--) { @@ -8805,7 +8806,8 @@ #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER) sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func); #endif - ssl_capture_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func); + ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func); sample_register_fetches(&sample_fetch_keywords); acl_register_keywords(&acl_kws); bind_register_keywords(&bind_kws); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.8.9~git9.6d82e611/src/stick_table.c new/haproxy-1.8.10~git0.ec17d7a9/src/stick_table.c --- old/haproxy-1.8.9~git9.6d82e611/src/stick_table.c 2018-05-23 20:02:04.000000000 +0200 +++ new/haproxy-1.8.10~git0.ec17d7a9/src/stick_table.c 2018-06-22 15:58:22.000000000 +0200 @@ -873,6 +873,7 @@ smp->data.type = SMP_T_BOOL; smp->data.u.sint = !!ts; smp->flags = SMP_F_VOL_TEST; + stktable_release(t, ts); return 1; } @@ -905,12 +906,12 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_BYTES_IN_RATE); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, bytes_in_rate), + t->data_arg[STKTABLE_DT_BYTES_IN_RATE].u); - smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, bytes_in_rate), - t->data_arg[STKTABLE_DT_BYTES_IN_RATE].u); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -942,11 +943,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_CONN_CNT); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, conn_cnt); - smp->data.u.sint = stktable_data_cast(ptr, conn_cnt); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -978,11 +979,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_CONN_CUR); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, conn_cur); - smp->data.u.sint = stktable_data_cast(ptr, conn_cur); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1014,12 +1015,12 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_CONN_RATE); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, conn_rate), + t->data_arg[STKTABLE_DT_CONN_RATE].u); - smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, conn_rate), - t->data_arg[STKTABLE_DT_CONN_RATE].u); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1051,12 +1052,12 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_BYTES_OUT_RATE); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, bytes_out_rate), + t->data_arg[STKTABLE_DT_BYTES_OUT_RATE].u); - smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, bytes_out_rate), - t->data_arg[STKTABLE_DT_BYTES_OUT_RATE].u); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1088,11 +1089,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_GPT0); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, gpt0); - smp->data.u.sint = stktable_data_cast(ptr, gpt0); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1124,11 +1125,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_GPC0); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, gpc0); - smp->data.u.sint = stktable_data_cast(ptr, gpc0); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1160,12 +1161,12 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_GPC0_RATE); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, gpc0_rate), + t->data_arg[STKTABLE_DT_GPC0_RATE].u); - smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, gpc0_rate), - t->data_arg[STKTABLE_DT_GPC0_RATE].u); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1197,11 +1198,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_ERR_CNT); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, http_err_cnt); - smp->data.u.sint = stktable_data_cast(ptr, http_err_cnt); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1233,12 +1234,12 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_ERR_RATE); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, http_err_rate), + t->data_arg[STKTABLE_DT_HTTP_ERR_RATE].u); - smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, http_err_rate), - t->data_arg[STKTABLE_DT_HTTP_ERR_RATE].u); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1270,11 +1271,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_REQ_CNT); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, http_req_cnt); - smp->data.u.sint = stktable_data_cast(ptr, http_req_cnt); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1306,12 +1307,12 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_HTTP_REQ_RATE); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, http_req_rate), + t->data_arg[STKTABLE_DT_HTTP_REQ_RATE].u); - smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, http_req_rate), - t->data_arg[STKTABLE_DT_HTTP_REQ_RATE].u); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1343,11 +1344,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_BYTES_IN_CNT); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, bytes_in_cnt) >> 10; - smp->data.u.sint = stktable_data_cast(ptr, bytes_in_cnt) >> 10; - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1379,11 +1380,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_BYTES_OUT_CNT); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, bytes_out_cnt) >> 10; - smp->data.u.sint = stktable_data_cast(ptr, bytes_out_cnt) >> 10; - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1415,11 +1416,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_SERVER_ID); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, server_id); - smp->data.u.sint = stktable_data_cast(ptr, server_id); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1451,11 +1452,11 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_SESS_CNT); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = stktable_data_cast(ptr, sess_cnt); - smp->data.u.sint = stktable_data_cast(ptr, sess_cnt); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1487,12 +1488,12 @@ return 1; ptr = stktable_data_ptr(t, ts, STKTABLE_DT_SESS_RATE); - if (!ptr) - return 0; /* parameter not stored */ + if (ptr) + smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, sess_rate), + t->data_arg[STKTABLE_DT_SESS_RATE].u); - smp->data.u.sint = read_freq_ctr_period(&stktable_data_cast(ptr, sess_rate), - t->data_arg[STKTABLE_DT_SESS_RATE].u); - return 1; + stktable_release(t, ts); + return !!ptr; } /* Casts sample <smp> to the type of the table specified in arg(0), and looks @@ -1522,6 +1523,7 @@ if (ts) smp->data.u.sint = ts->ref_cnt; + stktable_release(t, ts); return 1; }