[PR] Fix dequeue proxy listeners deadlock master
Dear list! Author: Oliver Dala Number of patches: 2 This is an automated relay of the Github pull request: Fix dequeue proxy listeners deadlock master Patch title(s): pass PROXY_LOCK status through dequeue_proxy_listeners Merge branch 'master' into fix_dequeue_proxy_listeners_deadlock_master Link: https://github.com/haproxy/haproxy/pull/2724 Edit locally: wget https://github.com/haproxy/haproxy/pull/2724.patch && vi 2724.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2724.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] I need privacy security my account use Create SECURITY.md
Dear list! Author: Shabi khan Number of patches: 1 This is an automated relay of the Github pull request: I need privacy security my account use Create SECURITY.md Patch title(s): Create SECURITY.md Link: https://github.com/haproxy/haproxy/pull/2723 Edit locally: wget https://github.com/haproxy/haproxy/pull/2723.patch && vi 2723.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2723.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUG fix in stream.c where counters will zero because of failed updates
Dear list! Author: shakedm Number of patches: 1 This is an automated relay of the Github pull request: BUG fix in stream.c where counters will zero because of failed updates Patch title(s): fix a BUG in stream.c where counters will zero because of failed updates Link: https://github.com/haproxy/haproxy/pull/2710 Edit locally: wget https://github.com/haproxy/haproxy/pull/2710.patch && vi 2710.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2710.patch | git am - Description: The current code only checked if bytes is initialized but during monitoring I found many instances in which the metrics will randomly drop to zero. this fix handles that scenario. by casting and verifying that bytes are greater than 0. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] 20231027 mux2mux quic 1
Dear list! Author: Christopher Faulet Number of patches: 3 This is an automated relay of the Github pull request: 20231027 mux2mux quic 1 Patch title(s): BUG/MEDIUM: stconn: Report send activity during mux-to-mux fast-forward MEDIUM: mux-quic: Add consumer-side fast-forwarding support MAJOR: h3: Implement zero-copy support to send DATA frame Link: https://github.com/haproxy/haproxy/pull/2680 Edit locally: wget https://github.com/haproxy/haproxy/pull/2680.patch && vi 2680.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2680.patch | git am - Description: Hey Sudahlah gak usah jadi pecundang Email gue Lo ambil Semua Lo retas Kalau mau tetang gue Panggil gue diskusi bareng semakin gue di intimidasi Semakin gue membara Kalian akan liat kedepannya Dan kalian akan mengerti siapa yang kalian hadapi saat ini. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Create SECURITY.md
Dear list! Author: Valen1393 Number of patches: 1 This is an automated relay of the Github pull request: Create SECURITY.md Patch title(s): Create SECURITY.md Link: https://github.com/haproxy/haproxy/pull/2661 Edit locally: wget https://github.com/haproxy/haproxy/pull/2661.patch && vi 2661.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2661.patch | git am - Description: Sabar Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] fix show-sess-to-flags.sh cob fd state
Dear list! Author: zhibin.zhu Number of patches: 1 This is an automated relay of the Github pull request: fix show-sess-to-flags.sh cob fd state Patch title(s): fix show-sess-to-flags.sh cob fd state Link: https://github.com/haproxy/haproxy/pull/2560 Edit locally: wget https://github.com/haproxy/haproxy/pull/2560.patch && vi 2560.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2560.patch | git am - Description: PR to fix show-sess-to-flags.sh Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: management: fix typos
Dear list! Author: Andrey Lebedev Number of patches: 1 This is an automated relay of the Github pull request: DOC: management: fix typos Patch title(s): DOC: management: fix typos Link: https://github.com/haproxy/haproxy/pull/2528 Edit locally: wget https://github.com/haproxy/haproxy/pull/2528.patch && vi 2528.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2528.patch | git am - Description: PR to fix some typos I found while reading `doc/management.txt`. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add destination ip as source ip
Dear list! Author: SriVignessh Pss Number of patches: 2 This is an automated relay of the Github pull request: Add destination ip as source ip Patch title(s): add destination ip as source ip update alerts and doc Link: https://github.com/haproxy/haproxy/pull/2524 Edit locally: wget https://github.com/haproxy/haproxy/pull/2524.patch && vi 2524.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2524.patch | git am - Description: When the Haproxy instance binds to multiple VIPs. We need a feature to identify the forwarded packet from Haproxy instance came from which VIP. Adding a feature to allow destinationip to bind as sourceIP in backend. Allow the haproxy instance to transport the response packet with the Source IP as incoming request destination IP. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files
Dear list! Author: S-P Chan Number of patches: 1 This is an automated relay of the Github pull request: FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files Patch title(s): FEATURE: load private keys from PKCS#11 pkcs11-provider PEM files Link: https://github.com/haproxy/haproxy/pull/2493 Edit locally: wget https://github.com/haproxy/haproxy/pull/2493.patch && vi 2493.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2493.patch | git am - Description: With pkcs11-provider (https://github.com/latchset/pkcs11-provider) a specially formatted PEM stanza can be used to reference a PKCS#11 URI to locate the private key. This PEM stanza can be used inside the crt file so that there is no change to the HAProxy config language. This works with OpenSSL 3 and pkcs11-provider after https://github.com/latchset/pkcs11-provider/commit/0806c3665 which added support for PKCS#11 URI-in-PEM. TODO: This PR works without forking (i.e., not in master-worker mode) as PKCS#11 drivers are fragile after fork. To use PKCS#11 keys in master-worker mode, we need to defer key loading to the child process. Format of PEM stanza: ``` -BEGIN PKCS#11 PROVIDER URI- MIHWGhlQS0NTIzExIFByb3ZpZGVyIFVSSSB2MS4wDIG4cGtjczExOm1vZGVsPU5T UyUyMDM7bWFudWZhY3R1cmVyPU1vemlsbGElMjBGb3VuZGF0aW9uO3NlcmlhbD0w MDAwMDAwMDAwMDAwMDAwO3Rva2VuPU5TUyUyMENlcnRpZmljYXRlJTIwREI7aWQ9 JTczJTQ5JTU1JTFBJTMyJUFFJThDJUIwJTQ1JTQ5JTAzJURDJUE4JTA0JTg0JTlF JUI0JTlGJTQxJUFFO3R5cGU9cHJpdmF0ZQ== -END PKCS#11 PROVIDER URI- ``` Parsed ASN.1: ``` 0:d=0 hl=3 l= 214 cons: SEQUENCE 3:d=1 hl=2 l= 25 prim: VISIBLESTRING :PKCS#11 Provider URI v1.0 30:d=1 hl=3 l= 184 prim: UTF8STRING :pkcs11:model=NSS%203;manufacturer=Mozilla%20Foundation;serial=000 0;token=NSS%20Certificate%20DB;id=%73%49%55%1A%32%AE%8C%B0%45% 49%03%DC%A8%04%84%9E%B4%9F%41%AE;type=private ``` Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Update LICENSE to match license requirement of the upstream repository
Dear list! Author: songliumeng <161319869+songlium...@users.noreply.github.com> Number of patches: 1 This is an automated relay of the Github pull request: Update LICENSE to match license requirement of the upstream repository Patch title(s): Update LICENSE to match license requirement of the upstream repository Link: https://github.com/haproxy/haproxy/pull/2466 Edit locally: wget https://github.com/haproxy/haproxy/pull/2466.patch && vi 2466.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2466.patch | git am - Description: This change is to fix https://github.com/haproxy/haproxy/issues/2463. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUILD: solaris: fix compilation errors
Dear list! Author: matthias sweertvaegher <178714+mx...@users.noreply.github.com> Number of patches: 1 This is an automated relay of the Github pull request: BUILD: solaris: fix compilation errors Patch title(s): BUILD: solaris: fix compilation errors Link: https://github.com/haproxy/haproxy/pull/2465 Edit locally: wget https://github.com/haproxy/haproxy/pull/2465.patch && vi 2465.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2465.patch | git am - Description: Compilation on solaris fails because of usage of names reserved on that platform, i.e. 'queue' and 's_addr'. This patch redefines 'queue' as '_queue' and renames 's_addr' to 'srv_addr' which fixes compilation for now. Future plan: rename 'queue' in code base so define can be removed again. Backporting: 2.9, 2.8 Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUILD: solaris: fix redefinition of queue struct
Dear list! Author: matthias sweertvaegher <178714+mx...@users.noreply.github.com> Number of patches: 1 This is an automated relay of the Github pull request: BUILD: solaris: fix redefinition of queue struct Patch title(s): BUILD: solaris: fix redefinition of queue struct Link: https://github.com/haproxy/haproxy/pull/2460 Edit locally: wget https://github.com/haproxy/haproxy/pull/2460.patch && vi 2460.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2460.patch | git am - Description: Compilation on solaris fails because the name 'queue' is reserved: > include/haproxy/queue-t.h:43:8: error: redefinition of ‘struct queue’ This patch redefines 'queue' as '_queue' which fixes compilation for now. Future plan: rename 'queue' in code base so define can be removed again. Backporting: 2.9, 2.8 Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUG/MEDIUM: server-state: update server if the ports in config and state match
Dear list! Author: Steven Lu Number of patches: 1 This is an automated relay of the Github pull request: BUG/MEDIUM: server-state: update server if the ports in config and state match Patch title(s): BUG/MEDIUM: server-state: Only update server if the ports in config and state still match Link: https://github.com/haproxy/haproxy/pull/2370 Edit locally: wget https://github.com/haproxy/haproxy/pull/2370.patch && vi 2370.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2370.patch | git am - Description: BUG/MEDIUM: server-state: update server if the ports in config and state match When `load-server-state-from-file` is enabled, and change the backend port or check port in the config file (without altering the backend name and server name), restarting haproxy will not apply the port number changes from the new config file. This will result in users being unable to connect to the backend using the new port. The reason is that haproxy only uses the backend name and server name to decide whether to use state information. To fix the issue, we can only update the server info if the ports in the config and the state still match. This patch should solve the issue #2103. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: updated 51Degrees repo URL for v.3.2.10
Dear list! Author: Eugene Dorfman Number of patches: 1 This is an automated relay of the Github pull request: DOC: updated 51Degrees repo URL for v.3.2.10 Patch title(s): DOC: updated 51Degrees repo URL for v.3.2.10 Link: https://github.com/haproxy/haproxy/pull/2354 Edit locally: wget https://github.com/haproxy/haproxy/pull/2354.patch && vi 2354.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2354.patch | git am - Description: the v3.2.10 branch has been migrated from the legacy git.51Degrees.com repo to github.com. the files on the frozen branch are exactly the same. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add 3 features
Dear list! Author: JihoJung Number of patches: 1 This is an automated relay of the Github pull request: Add 3 features Patch title(s): Add 3 features Link: https://github.com/haproxy/haproxy/pull/2283 Edit locally: wget https://github.com/haproxy/haproxy/pull/2283.patch && vi 2283.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2283.patch | git am - Description: 1) http-request options set-proxy-v2-header set- proxy-v2-tlv-header 2) server option set-proxy-v2-tlv 3) done memory leakage detection under valgrind ### do nothing 6205 ==16466== LEAK SUMMARY: 6206 ==16466== definitely lost: 0 bytes in 0 blocks 6207 ==16466==indirectly lost: 0 bytes in 0 blocks 6208 ==16466== possibly lost: 512,353 bytes in 70 blocks 6209 ==16466==still reachable: 239,043,476 bytes in 4,231 blocks 6210 ==16466== suppressed: 0 bytes in 0 blocks ### only http 6600 ==18082== LEAK SUMMARY: 6601 ==18082==definitely lost: 0 bytes in 0 blocks 6602 ==18082==indirectly lost: 0 bytes in 0 blocks 6603 ==18082== possibly lost: 622,001 bytes in 146 blocks 6604 ==18082==still reachable: 239,043,880 bytes in 4,232 blocks 6605 ==18082== suppressed: 0 bytes in 0 blocks 6606 ==18082== 6607 ==18082== ERROR SUMMARY: 58 errors from 58 contexts (suppressed: 0 from 0) 6608 ==18082== could not unlink /tmp/vgdb- pipe-from-vgdb-to-18082-by-root-on-sun 6609 ==18082== could not unlink /tmp/vgdb-pipe-to-vgdb-from-18082-by-root-on-sun 6610 ==18082== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-18082-by- root-on-sun ### only accept-proxy and send-proxy-v2 6895 ==19881== LEAK SUMMARY: 6896 ==19881==definitely lost: 0 bytes in 0 blocks 6897 ==19881==indirectly lost: 0 bytes in 0 blocks 6898 ==19881== possibly lost: 740,801 bytes in 286 blocks 6899 ==19881==still reachable: 239,043,476 bytes in 4,231 blocks 6900 ==19881== suppressed: 0 bytes in 0 blocks 6901 ==19881== 6902 ==19881== ERROR SUMMARY: 77 errors from 77 contexts (suppressed: 0 from 0) 6903 ==19881== could not unlink /tmp/vgdb- pipe-from-vgdb-to-19881-by-root-on-sun 6904 ==19881== could not unlink /tmp/vgdb-pipe-to-vgdb-from-19881-by-root-on-sun 6905 ==19881== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-19881-by- root-on-sun ### my patch 6921 ==21025== LEAK SUMMARY: 6922 ==21025==definitely lost: 0 bytes in 0 blocks 6923 ==21025==indirectly lost: 0 bytes in 0 blocks 6924 ==21025== possibly lost: 698,705 bytes in 222 blocks 6925 ==21025==still reachable: 239,048,325 bytes in 4,269 blocks 6926 ==21025== suppressed: 0 bytes in 0 blocks 6927 ==21025== 6928 ==21025== ERROR SUMMARY: 69 errors from 69 contexts (suppressed: 0 from 0) 6929 ==21025== could not unlink /tmp/vgdb-pipe-from-vgdb-to-21025-by- root-on-sun 6930 ==21025== could not unlink /tmp/vgdb-pipe-to- vgdb-from-21025-by-root-on-sun 6931 ==21025== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-21025-by-root-on-sun ` ` Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer
Dear list! Author: Chris Staite Number of patches: 1 This is an automated relay of the Github pull request: BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer Patch title(s): BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer Link: https://github.com/haproxy/haproxy/pull/2278 Edit locally: wget https://github.com/haproxy/haproxy/pull/2278.patch && vi 2278.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2278.patch | git am - Description: A previous fix to ensure that there is sufficient space on the output buffer to place parsed data (#2053) introduced an issue that if the output buffer is filled on a chunk boundary no data is parsed but the congested flag is not set due to the state not being H1_MSG_DATA. The check to ensure that there is sufficient space in the output buffer is actually already performed in all downstream functions before it is used. This makes the early optimisation that avoids the state transition to H1_MSG_DATA needless. Therefore, in order to allow the chunk parser to continue in this edge case we can simply remove the early check. This ensures that the state can progress and set the congested flag correctly in the caller. This patch fixes #2262. The upstream change that caused this logic error was backported as far as 2.5, therefore it makes sense to backport this fix back that far also. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Fix build error on ppc64le: invalid parameter combination for AltiVec…
Dear list! Author: Peter Varkoly Number of patches: 1 This is an automated relay of the Github pull request: Fix build error on ppc64le: invalid parameter combination for AltiVec… Patch title(s): Fix build error on ppc64le: invalid parameter combination for AltiVec intrinsic __builtin_vec_ld Link: https://github.com/haproxy/haproxy/pull/2260 Edit locally: wget https://github.com/haproxy/haproxy/pull/2260.patch && vi 2260.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2260.patch | git am - Description: I got error haproxy with version 2.8.2: [ 246s] In file included from include/haproxy/xxhash.h:43:0, [ 246s] from src/ssl_sock.c:84: [ 246s] include/import/xxhash.h: In function 'XXH3_accumulate_512_vsx': [ 246s] include/import/xxhash.h:4148:9: error: invalid parameter combination for AltiVec intrinsic __builtin_vec_ld [ 246s] xxh_u64x2 acc_vec= vec_xl(0, xacc + 2 * i); [ 246s] ^ [ 246s] compilation terminated due to -Wfatal-errors. [ 246s] make: *** [Makefile:1027: src/ssl_sock.o] Error 1 [ 246s] make: *** Waiting for unfinished jobs [ 247s] In file included from include/haproxy/xxhash.h:43:0, [ 247s] from src/ssl_ocsp.c:84: [ 247s] include/import/xxhash.h: In function 'XXH3_accumulate_512_vsx': [ 247s] include/import/xxhash.h:4148:9: error: invalid parameter combination for AltiVec intrinsic __builtin_vec_ld [ 247s] xxh_u64x2 acc_vec= vec_xl(0, xacc + 2 * i); [ 247s] ^ [ 247s] compilation terminated due to -Wfatal-errors. [ 247s] make: *** [Makefile:1027: src/ssl_ocsp.o] Error 1 This patch fixes the build problem Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] some typos for sock.c and proxy.c
Dear list! Author: haojue Number of patches: 1 This is an automated relay of the Github pull request: some typos for sock.c and proxy.c Patch title(s): some typos for sock.c and proxy.c Link: https://github.com/haproxy/haproxy/pull/2238 Edit locally: wget https://github.com/haproxy/haproxy/pull/2238.patch && vi 2238.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2238.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] MINOR: lua: Allow reading "proc." scoped vars from LUA core.
Dear list! Author: Daan van Gorkum Number of patches: 1 This is an automated relay of the Github pull request: MINOR: lua: Allow reading "proc." scoped vars from LUA core. Patch title(s): MINOR: lua: Allow reading "proc." scoped vars from LUA core. Link: https://github.com/haproxy/haproxy/pull/2218 Edit locally: wget https://github.com/haproxy/haproxy/pull/2218.patch && vi 2218.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2218.patch | git am - Description: This adds the "core.get_var()" method allow the reading of "proc." scoped variables outside of TXN or HTTP/TCPApplet. Fixes: #2212 Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Allow load of non-existing pattern files.
Dear list! Author: Daan van Gorkum Number of patches: 1 This is an automated relay of the Github pull request: Allow load of non-existing pattern files. Patch title(s): Allow load of non-existing pattern files. Link: https://github.com/haproxy/haproxy/pull/2209 Edit locally: wget https://github.com/haproxy/haproxy/pull/2209.patch && vi 2209.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2209.patch | git am - Description: To allow pure usage of the runtime API/LUA to add/remove entries in Maps/ACLs we should be able to load non-existing patterns. This make deploying easier as otherwise empty files needs to be created. A notice is issued when this config option is used and every time a non-existing file is loaded. Fixes: #2202 Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Implement fetch for arbitrary TLV payloads
Dear list! Author: Alexander Stephan Number of patches: 1 This is an automated relay of the Github pull request: Implement fetch for arbitrary TLV payloads Patch title(s): Fully working version with debug statements and missing test Link: https://github.com/haproxy/haproxy/pull/2199 Edit locally: wget https://github.com/haproxy/haproxy/pull/2199.patch && vi 2199.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2199.patch | git am - Description: TODO: - [ ] Add / adjust test - [ ] Remove debug logs - [ ] Always append to the list and return the first hit or traverse the list and overwrite. This is relevant for duplicate TLV which are technically possible, although unusual. - [ ] Make CRC32 and NETNS fetchable for consistency - [ ] Formatting to meet HAProxy contribution guidelines Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Improve wording of http-request wait-for-body
Dear list! Author: Craig <99729+cr...@users.noreply.github.com> Number of patches: 1 This is an automated relay of the Github pull request: Improve wording of http-request wait-for-body Patch title(s): Improve wording of http-request wait-for-body Link: https://github.com/haproxy/haproxy/pull/2122 Edit locally: wget https://github.com/haproxy/haproxy/pull/2122.patch && vi 2122.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2122.patch | git am - Description: Improve wording of http-request wait-for-body so it's easier to understand. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip()
Dear list! Author: Oto Valek Number of patches: 2 This is an automated relay of the Github pull request: BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip() Patch title(s): BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip() REGTEST: added tests covering smp_fetch_hdr_ip() Link: https://github.com/haproxy/haproxy/pull/2063 Edit locally: wget https://github.com/haproxy/haproxy/pull/2063.patch && vi 2063.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2063.patch | git am - Description: Fixes haproxy/haproxy#2054 To comply with [RFC7239](https://www.rfc-editor.org/rfc/rfc7239.html#section-6.1) and [RFC3986](https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.2), the `req.hdr_ip()` should recognize IPv6 addresses in square brackets. As the `inet_pton()` call does not support this format, the `smp_fetch_hdr_ip()` function was changed to trim possible `'['` and `']'` before calling `inet_pton()`. New reg test cases were added to cover all 4 branches of smp_fetch_hdr_ip(). Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip()
Dear list! Author: Oto Valek Number of patches: 2 This is an automated relay of the Github pull request: BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip() Patch title(s): BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip() REGTEST: enclose one of the IPv6 address in square brackets Link: https://github.com/haproxy/haproxy/pull/2055 Edit locally: wget https://github.com/haproxy/haproxy/pull/2055.patch && vi 2055.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/2055.patch | git am - Description: Fixes haproxy/haproxy#2054 To comply with [RFC7239](https://www.rfc-editor.org/rfc/rfc7239.html#section-6.1) and [RFC3986](https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.2), the `req.hdr_ip()` should recognize IPv6 addresses in square brackets. As the `inet_pton()` call does not support this format, the `smp_fetch_hdr_ip()` function was changed to trim possible `'['` and `']'` before calling `inet_pton()`. Reg tests were updated to cover this case. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] prelim-wolfSSL updates
Dear list! Author: Uriah Pollock Number of patches: 1 This is an automated relay of the Github pull request: prelim-wolfSSL updates Patch title(s): prelim-wolfSSL updates Link: https://github.com/haproxy/haproxy/pull/1908 Edit locally: wget https://github.com/haproxy/haproxy/pull/1908.patch && vi 1908.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1908.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: fix function formatting for http-request set-var and set-var-fmt
Dear list! Author: Nik Number of patches: 1 This is an automated relay of the Github pull request: DOC: fix function formatting for http-request set-var and set-var-fmt Patch title(s): DOC: fix function formatting for http-request set-var and http-request set-var-fmt Link: https://github.com/haproxy/haproxy/pull/1888 Edit locally: wget https://github.com/haproxy/haproxy/pull/1888.patch && vi 1888.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1888.patch | git am - Description: Hi. There is a formatting issue with `http-request set-var` and `http- request set-var-fmt`. When `dconv` builds the documentation it doesn't expect `...` in that part of the keyword so it gets skipped. ![set-var](https://user-images.githubusercontent.com/10053187/19404500 9-b0ecab6a-8595-4fa5-b77d-816dfd112e30.png) I don't feel comfortable editing `dconv` since it relies on a complex regex that might affect other keywords so I added a quick fix by removing `...`. https://user-images.githubuser content.com/10053187/194045023-050ebf13-fb7e-4692-b520-526c06cc38bf.pn g"> _(The formatting on the screenshot above is a bit off because I did a local build and didn't serve the files from a webserver)_ Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Allow "no option forwardfor"
Dear list! Author: Samuel Maftoul Number of patches: 2 This is an automated relay of the Github pull request: Allow "no option forwardfor" Patch title(s): [WIP] allow "no option forwardfor" Require both frontend and backend to have option forwardfor to enable it Link: https://github.com/haproxy/haproxy/pull/1853 Edit locally: wget https://github.com/haproxy/haproxy/pull/1853.patch && vi 1853.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1853.patch | git am - Description: Fixes #130 * Move the `forwardfor` logic before we check the negation of options ( https://github.com/haproxy/haproxy/blob/94f763b5 e4b2aafd2c6d65f074fdc28735556f25/src/cfgparse-listen.c#L2071 ) so we can negate it. * Add logic to differentiate KWM_NO and KWM_STD so we modify options for the proxy. * Modify logic to include the header only if both frontend and backend have the header enabled. About this last point (and the 2nd commit of this PR) , I'm not sure it's what I'm supposed to do. Maybe I should also some `no_options` logic to properly disable the header in the backend ? Also, this PR so far is missing docs, but I want the logic to be clear before writing the document (or should it be done the other way around ?). Finally, it may also miss some tests, should I add them to htt ps://github.com/haproxy/haproxy/blob/025945f12cde56dde22baec286393fd1f 048c0fc/reg-tests/http-rules/except-forwardfor-originalto.vtc ? Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] fix some typos
Dear list! Author: cui fliter Number of patches: 1 This is an automated relay of the Github pull request: fix some typos Patch title(s): fix some typos Link: https://github.com/haproxy/haproxy/pull/1843 Edit locally: wget https://github.com/haproxy/haproxy/pull/1843.patch && vi 1843.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1843.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] haproxy: fix build on older MacOS
Dear list! Author: Sergey Fedorov Number of patches: 1 This is an automated relay of the Github pull request: haproxy: fix build on older MacOS Patch title(s): haproxy: fix build on older MacOS Link: https://github.com/haproxy/haproxy/pull/1833 Edit locally: wget https://github.com/haproxy/haproxy/pull/1833.patch && vi 1833.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1833.patch | git am - Description: The PR adds fixes for older MacOS. Confirmed to build on 10.6.8. 1. `TCP_CONNECTION_INFO` is available in 10.11+. 2. `_malloc_zone_pressure_relief` is available in 10.7+. For details see: https://trac.macports.org/ticket/65699 P. S. Build on the current MacOS is unaffected (confirmed to build fine): https://github.com/macports/macports-ports/pull/15789 (checks pass). Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Fix -v flag usage with install(1) on OpenBSD/NetBSD/Solaris/AIX
Dear list! Author: Brad Smith Number of patches: 1 This is an automated relay of the Github pull request: Fix -v flag usage with install(1) on OpenBSD/NetBSD/Solaris/AIX Patch title(s): Fix -v flag usage with install(1) on OpenBSD/NetBSD/Solaris/AIX Link: https://github.com/haproxy/haproxy/pull/1786 Edit locally: wget https://github.com/haproxy/haproxy/pull/1786.patch && vi 1786.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1786.patch | git am - Description: The install(1) program on OpenBSD/NetBSD/Solaris/AIX do not support the -v verbose flag. FreeBSD / DragonFlyBSD/ macOS and GNU install do. The generic target now has the flag disabled the target is more portable. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] OPTIM/MINOR: h2_settings_initial_window_size default 64k
Dear list! Author: Glenn Strauss Number of patches: 1 This is an automated relay of the Github pull request: OPTIM/MINOR: h2_settings_initial_window_size default 64k Patch title(s): OPTIM/MINOR: h2_settings_initial_window_size default 64k Link: https://github.com/haproxy/haproxy/pull/1732 Edit locally: wget https://github.com/haproxy/haproxy/pull/1732.patch && vi 1732.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1732.patch | git am - Description: OPTIM/MINOR: h2_settings_initial_window_size default 64k change from RFC 7540 default 65535 (64k-1) avoid some degenerative WINDOW_UPDATE behaviors in the wild https://github.com/nghttp2/nghttp2/issues/1722 Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] OPTIM/MINOR: h2_settings_initial_window_size default 64k
Dear list! Author: Glenn Strauss Number of patches: 1 This is an automated relay of the Github pull request: OPTIM/MINOR: h2_settings_initial_window_size default 64k Patch title(s): OPTIM/MINOR: h2_settings_initial_window_size default 64k Link: https://github.com/haproxy/haproxy/pull/1732 Edit locally: wget https://github.com/haproxy/haproxy/pull/1732.patch && vi 1732.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1732.patch | git am - Description: OPTIM/MINOR: h2_settings_initial_window_size default 64k change from RFC 7540 default 65535 (64k-1) avoid some degenerative WINDOW_UPDATE behaviors in the wild https://github.com/nghttp2/nghttp2/issues/1722 Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] chore: Included githubactions in the dependabot config
Dear list! Author: naveen <172697+naveensriniva...@users.noreply.github.com> Number of patches: 1 This is an automated relay of the Github pull request: chore: Included githubactions in the dependabot config Patch title(s): chore: Included githubactions in the dependabot config Link: https://github.com/haproxy/haproxy/pull/1713 Edit locally: wget https://github.com/haproxy/haproxy/pull/1713.patch && vi 1713.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1713.patch | git am - Description: This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure. Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot GitHub actions up to date https://docs.github.com/en/code- security/dependabot/working-with-dependabot/keeping-your-actions-up- to-date-with-dependabot https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency- update-tool Signed-off-by: naveen <172697+naveensriniva...@users.noreply.github.com> Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] fix: Correct data types list
Dear list! Author: Fionera Number of patches: 1 This is an automated relay of the Github pull request: fix: Correct data types list Patch title(s): fix: Correct data types list Link: https://github.com/haproxy/haproxy/pull/1603 Edit locally: wget https://github.com/haproxy/haproxy/pull/1603.patch && vi 1603.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1603.patch | git am - Description: There is a Typo in the peers-v2.0 Doc Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add script to generate JSON and YAML releases files
Dear list! Author: Daniele Rondina Number of patches: 1 This is an automated relay of the Github pull request: Add script to generate JSON and YAML releases files Patch title(s): Add script to generate JSON and YAML releases files Link: https://github.com/haproxy/haproxy/pull/1539 Edit locally: wget https://github.com/haproxy/haproxy/pull/1539.patch && vi 1539.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1539.patch | git am - Description: Related to https://github.com/haproxy/haproxy/issues/1537. I haven't test the DOWNLOAD_TOOLS env option and i dunno if you prefer to set by default to 1. Let me know wdyt and if it works on your tree. ;) To execute this script just: ```shell $> bash scripts/generate-tags-json.sh ``` Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] fix problem which don't support 1-byte atomic instructions natively on RISCV64 architecture
Dear list! Author: xiaobin Number of patches: 1 This is an automated relay of the Github pull request: fix problem which don't support 1-byte atomic instructions natively on RISCV64 architecture Patch title(s): fix __atomic problem for riscv Link: https://github.com/haproxy/haproxy/pull/1455 Edit locally: wget https://github.com/haproxy/haproxy/pull/1455.patch && vi 1455.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1455.patch | git am - Description: When building on RISCV64 architecture, I met the following error. ```shell /usr/bin/ld: src/cfgparse.o: in function `check_config_validity': /home/haproxy/src/cfgparse.c:2476: undefined reference to `__atomic_exchange_1' /usr/bin/ld: src/dns.o: in function `dns_resolve_send': /home/haproxy/src/dns.c:313: undefined reference to `__atomic_fetch_sub_1' /usr/bin/ld: /home/haproxy/src/dns.c:354: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: /home/haproxy/src/dns.c:304: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/dns.o: in function `dns_session_io_handler': /home/haproxy/src/dns.c:726: undefined reference to `__atomic_fetch_sub_1' /usr/bin/ld: /home/haproxy/src/dns.c:713: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/dns.o: in function `b_getblk': /home/haproxy/include/haproxy/buf.h:328: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/dns.o: in function `pool_free': /home/haproxy/include/haproxy/pool.h:291: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/dns.o: in function `__pool_alloc': /home/haproxy/include/haproxy/pool.h:246: undefined reference to `__atomic_fetch_sub_1' /usr/bin/ld: src/dns.o: in function `pool_free': /home/haproxy/include/haproxy/pool.h:291: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/dns.o: in function `dns_process_req': /home/haproxy/src/dns.c:1196: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/sink.o: in function `sink_forward_oc_io_handler': /home/haproxy/src/sink.c:515: undefined reference to `__atomic_fetch_sub_1' /usr/bin/ld: /home/haproxy/src/sink.c:549: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: /home/haproxy/src/sink.c:549: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: /home/haproxy/src/sink.c:501: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/sink.o: in function `sink_forward_io_handler': /home/haproxy/src/sink.c:375: undefined reference to `__atomic_fetch_sub_1' /usr/bin/ld: src/sink.o: in function `b_peek_ofs': /home/haproxy/include/haproxy/buf.h:142: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: /home/haproxy/include/haproxy/buf.h:143: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: /home/haproxy/include/haproxy/buf.h:143: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: src/ring.o: in function `ring_detach_appctx': /home/haproxy/src/ring.c:240: undefined reference to `__atomic_fetch_sub_1' /usr/bin/ld: src/ring.o: in function `cli_io_handler_show_ring': /home/haproxy/src/ring.c:320: undefined reference to `__atomic_fetch_sub_1' /usr/bin/ld: /home/haproxy/src/ring.c:354: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: /home/haproxy/src/ring.c:354: undefined reference to `__atomic_fetch_add_1' /usr/bin/ld: /home/haproxy/src/ring.c:311: undefined reference to `__atomic_fetch_add_1' collect2: error: ld returned 1 exit status make: *** [Makefile:933: haproxy] Error 1 ``` It seems the target platform doesn't support 1-byte atomic instructions natively. So I add `-latomic` to support when compiling. The result: ```shell [root@master0 haproxy]# ./haproxy HAProxy version 2.5-dev13-47940c-45 2021/11/10 - https://haproxy.org/ Status: development branch - not safe for use in production. Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open Running on: Linux 5.4.61 #20 SMP Thu Aug 26 11:50:01 CST 2021 riscv64 Usage : haproxy [-f ]* [ -vdVD ] [ -n ] [ -N ] [ -p ] [ -m ] [ -C ] [-- *] -v displays version ; -vv shows known build options. -d enters debug mode ; -db only disables background mode. -dM[] poisons memory with (defaults to 0x50) -V enters verbose mode (disables quiet mode) -D goes daemon ; -C changes to before loading files. -W master-worker mode. -q quiet mode : don't display messages -c check mode : only check config files and exit -cc check condition : evaluate a condition and exit -n sets the maximum total # of connections (uses ulimit -n) -m limits the usable amount of memory (in MB) -N sets the d
[PR] Some grammar in peers.txt
Dear list! Author: John Roesler Number of patches: 1 This is an automated relay of the Github pull request: Some grammar in peers.txt Patch title(s): Some grammar Link: https://github.com/haproxy/haproxy/pull/1436 Edit locally: wget https://github.com/haproxy/haproxy/pull/1436.patch && vi 1436.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1436.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body
Dear list! Author: vishnu Number of patches: 1 This is an automated relay of the Github pull request: BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body Patch title(s): BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body Link: https://github.com/haproxy/haproxy/pull/1427 Edit locally: wget https://github.com/haproxy/haproxy/pull/1427.patch && vi 1427.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1427.patch | git am - Description: hlua_http_msg_get_body must return either a Lua string or nil. For some HTTPMessage objects, HTX_BLK_EOT blocks are also present in the HTX buffer along with HTX_BLK_DATA blocks. In such cases, _hlua_http_msg_dup will start copying data into a luaL_Buffer until it encounters an HTX_BLK_EOT. But then instead of pushing neither the luaL_Buffer nor `nil` to the Lua stack, the function will return immediately. The end result will be that the caller of the HTTPMessage.get_body() method from a Lua filter will see whatever object was on top of the stack as return value. It may be either a userdata object if HTTPMessage.get_body was called with only two arguments, or the third argument itself if called with three arguments. Hence HTTPMessage.get_body would return either nil, or HTTPMessage body as Lua string, or a userdata objects, or number. This fix ensure that HTTPMessage.get_body() will always return either a string or nil. Fixes #1426 . Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Typos fixed "it" should be "is"
Dear list! Author: Anubhav Number of patches: 1 This is an automated relay of the Github pull request: Typos fixed "it" should be "is" Patch title(s): Typos fixed "it" should be "is" Link: https://github.com/haproxy/haproxy/pull/1415 Edit locally: wget https://github.com/haproxy/haproxy/pull/1415.patch && vi 1415.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1415.patch | git am - Description: Could you please add the label `hacktoberfest-accepted` to the PR (obviously if you feel that it's not invalid/spam and should be merged) Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Using standard 'OOM' instead of 'Out of Memory'
Dear list! Author: SuvP Number of patches: 1 This is an automated relay of the Github pull request: Using standard 'OOM' instead of 'Out of Memory' Patch title(s): Using standard 'OOM' instead of 'Out of Memory' Link: https://github.com/haproxy/haproxy/pull/1397 Edit locally: wget https://github.com/haproxy/haproxy/pull/1397.patch && vi 1397.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1397.patch | git am - Description: Refers to #1025 Using well known word 'OOM' instead of 'Out of Memory' This will reduce binary size as well. Have tried to keep context wherever required. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC/MINOR: fix typo in management document
Dear list! Author: Jonathon Lacher <6679714+jonathonlac...@users.noreply.github.com> Number of patches: 1 This is an automated relay of the Github pull request: DOC/MINOR: fix typo in management document Patch title(s): DOC/MINOR: fix typo in management document Link: https://github.com/haproxy/haproxy/pull/1341 Edit locally: wget https://github.com/haproxy/haproxy/pull/1341.patch && vi 1341.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1341.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Release the lock init_mutex before the program ends for issue#1326.
Dear list! Author: jenny-cheung Number of patches: 2 This is an automated relay of the Github pull request: Release the lock init_mutex before the program ends for issue#1326. Patch title(s): a fix patch for issue#1326 Release the lock and fix the indentation problem. Link: https://github.com/haproxy/haproxy/pull/1332 Edit locally: wget https://github.com/haproxy/haproxy/pull/1332.patch && vi 1332.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1332.patch | git am - Description: Release the lock init_mutex before the program ends for issue#1326. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] a fix patch for issue#1326
Dear list! Author: jenny-cheung Number of patches: 1 This is an automated relay of the Github pull request: a fix patch for issue#1326 Patch title(s): a fix patch for issue#1326 Link: https://github.com/haproxy/haproxy/pull/1329 Edit locally: wget https://github.com/haproxy/haproxy/pull/1329.patch && vi 1329.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1329.patch | git am - Description: a fix patch for issue#1326. Thank you for the checking. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] fix: TYPED_DATA typos for UINT64
Dear list! Author: Willem van der Schyff Number of patches: 1 This is an automated relay of the Github pull request: fix: TYPED_DATA typos for UINT64 Patch title(s): fix: TYPED_DATA typos for UINT64 Link: https://github.com/haproxy/haproxy/pull/1316 Edit locally: wget https://github.com/haproxy/haproxy/pull/1316.patch && vi 1316.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1316.patch | git am - Description: ![image](https://user-images.githubusercontent.com/237710/125155722-13 31af80-e162-11eb-8287-a48160ee8ca7.png) ![image](https://user-images.githubusercontent.com/237710/125155728-16 c53680-e162-11eb-971c-8cf8f33e9cad.png) Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: Fix typo in starter guide
Dear list! Author: Mark Mullan Number of patches: 1 This is an automated relay of the Github pull request: DOC: Fix typo in starter guide Patch title(s): DOC: Fix typo in starter guide Link: https://github.com/haproxy/haproxy/pull/1265 Edit locally: wget https://github.com/haproxy/haproxy/pull/1265.patch && vi 1265.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1265.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Correct example reload command in the document
Dear list! Author: varnav Number of patches: 1 This is an automated relay of the Github pull request: Correct example reload command in the document Patch title(s): Correct example reload command in the document Link: https://github.com/haproxy/haproxy/pull/1245 Edit locally: wget https://github.com/haproxy/haproxy/pull/1245.patch && vi 1245.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1245.patch | git am - Description: Current example is: `echo "reload" | socat /var/run/haproxy- master.sock` it will cause socat error: `exactly 2 addresses required (there are 1); use option "-h" for help` Correct working command is: `echo "reload" | socat /var/run/haproxy-master.sock stdin` Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] proto_tcp.c: fix printing of muliple setsockopt errors
Dear list! Author: Björn Jacke Number of patches: 1 This is an automated relay of the Github pull request: proto_tcp.c: fix printing of muliple setsockopt errors Patch title(s): proto_tcp.c: fix printing of muliple setsockopt errors Link: https://github.com/haproxy/haproxy/pull/1049 Edit locally: wget https://github.com/haproxy/haproxy/pull/1049.patch && vi 1049.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1049.patch | git am - Description: Attached patch is an attempt to fix the output of multiple setsockopt() warnings. Currently only the latest warning is printed because msg is overwritten with each new failed setsockopt() call. Signed-off-by: Bjoern Jacke There is at least one thing left, which should be fixed somehow: if many setsockopt() calls fail, then errlen exceeds and the warning message is truncated, I've seen this happend actually. This is a TODO for someone, who knows the code better :-) Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Fixed null pointer dereference in srv_cleanup_connections()
Dear list! Author: Peter Skarpetis Number of patches: 1 This is an automated relay of the Github pull request: Fixed null pointer dereference in srv_cleanup_connections() Patch title(s): Fixed null pointer dereference in srv_cleanup_connections() Link: https://github.com/haproxy/haproxy/pull/1031 Edit locally: wget https://github.com/haproxy/haproxy/pull/1031.patch && vi 1031.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1031.patch | git am - Description: haproxy_srv_cleanup_connections_crash.cfg causes a null pointer dereference in srv_cleanup_connections . Configuration file works in 2.0.19 branch but crashes in all subsequent versions including the dev branch. I did not track down the cause, I just added the null pointer check to stop the crashing. Crash can be reproduced with the following command: ./haproxy -c -f haproxy_srv_cleanup_connections_crash.cfg haproxy_srv_cleanup_connections_crash.cfg can be grabbed from the gist below: https://gist.github.com/peterska/769f41562f6b045df59df 2294b2c20f0#file-haproxy_srv_cleanup_connections_crash-cfg configuration file has been edited enough to cause the crash while removing all references to certificates and CA authorities. It is not a production config file. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] smp_size and sample_size seems to be mixed in docu
Dear list! Author: Jan Wagner Number of patches: 1 This is an automated relay of the Github pull request: smp_size and sample_size seems to be mixed in docu Patch title(s): smp_size and sample_size seems to be mixed Link: https://github.com/haproxy/haproxy/pull/1012 Edit locally: wget https://github.com/haproxy/haproxy/pull/1012.patch && vi 1012.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1012.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Skip unsupported ciphers for ecdsa cert
Dear list! Author: Marcoen Hirschberg Number of patches: 3 This is an automated relay of the Github pull request: Skip unsupported ciphers for ecdsa cert Patch title(s): MINOR: ssl: variable renames for clarity MINOR: ssl: skip unknown client cipher BUG/MINOR: ssl: only choose ECDSA cert if server and client have common ECDSA ciphers Link: https://github.com/haproxy/haproxy/pull/983 Edit locally: wget https://github.com/haproxy/haproxy/pull/983.patch && vi 983.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/983.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add srvkey option to stick-table
Dear list! Author: Thayne McCombs Number of patches: 2 This is an automated relay of the Github pull request: Add srvkey option to stick-table Patch title(s): Add srvkey option to stick-table Harden sa2str agains 107-byte-long abstract unix domain path Link: https://github.com/haproxy/haproxy/pull/979 Edit locally: wget https://github.com/haproxy/haproxy/pull/979.patch && vi 979.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/979.patch | git am - Description: This allows using the address of the server rather than the name of the server for keeping track of servers in a backend for stickiness. Fixes #814 I haven't tested this at all yet, and it still needs some polish, but here is a draft of how to fix #814. This is my first significant contribution to haproxy, so I would not be surprised if I'm doing something terribly wrong, and I'm sure there are at least some small mistakes in it. Initial feedback would be very welcome. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] hpack-tbl-t.h uses VAR_ARRAY and requires compiler.h to be included
Dear list! Author: Christian Ruppert Number of patches: 1 This is an automated relay of the Github pull request: hpack-tbl-t.h uses VAR_ARRAY and requires compiler.h to be included Patch title(s): hpack-tbl-t.h uses VAR_ARRAY and requires compiler.h to be included Link: https://github.com/haproxy/haproxy/pull/942 Edit locally: wget https://github.com/haproxy/haproxy/pull/942.patch && vi 942.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/942.patch | git am - Description: This fixes building hpack from contrib, which failed because of the undeclared VAR_ARRAY: make -C contrib/hpack ... cc -O2 -Wall -g -I../../include -fwrapv -fno-strict-aliasing -c -o gen- enc.o gen-enc.c In file included from gen-enc.c:18: ../../include/haproxy/hpack-tbl-t.h:105:23: error: 'VAR_ARRAY' undeclared here (not in a function) 105 | struct hpack_dte dte[VAR_ARRAY]; /* dynamic table entries */ ... Signed- off-by: Christian Ruppert Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] SOCKS4(A)
Dear list! Author: alexzk1 Number of patches: 30 This is an automated relay of the Github pull request: SOCKS4(A) Patch title(s): trying to resolve server domain using SOCKS4A added htonl for IP fixed access to non-existing address more checks moved domen dump to backend fixed wrong paste in wrong file added error message updated error text made socks4 to use fake 10.10.10.10 moved struct socks4_request back to header as it could have alignment there added domain to debug out removed htonl call for fake ip fixed user_length added explicit #pragma pack added debug out of socks4a header added back htonl fixed userid, domain must follow it, not replace made single block send for socks4a updated debug text fixed "correction" removed extra if ()?: changed dumper to use unsigned char* updated debug text removed closing domain string in connection updated debug texts, added domain set to tcp check updated conn_set_domain to allow nullptr which just frees then, moved conn_set_domain in tcp_check as it can be couple cases updated debug text moved fake host definitions to separated file, made connection check for fake IP not conditional to debug updated debug output more text update Link: https://github.com/haproxy/haproxy/pull/883 Edit locally: wget https://github.com/haproxy/haproxy/pull/883.patch && vi 883.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/883.patch | git am - Description: So I completely understand that you will dislike what my formatter did there, but you can just reject. I don't care as it was paid update. So what it do: 1. adds support for socks4A, if it cannot resolve dns localy it does ..read file "fake_host.h" 2. you forgot to copy-paste setup from "backend.c" to "tcpcheck.c" for socks4. So since 2.1 it does not do check over socks. I fixed that and removed copy-paste by doing function. Also it is generic rule, if any piece of code met twice -> do a function. 90% of your current can be changed in that way. 3. and at then end I have rhetoric question: if you invented there virtual functions and virtual table, why the hell you keep using C and don't switch to C++ ? Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Prevent favicon.ico requests errors for stats page.
Dear list! Author: zurikus Number of patches: 2 This is an automated relay of the Github pull request: Prevent favicon.ico requests errors for stats page. Patch title(s): Prevent favicon.ico requests for stats page Merge pull request #1 from zurikus/zurikus-patch-1 Link: https://github.com/haproxy/haproxy/pull/824 Edit locally: wget https://github.com/haproxy/haproxy/pull/824.patch && vi 824.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/824.patch | git am - Description: Prevent favicon.ico requests errors for stats page. Haproxy stats page don't have a favicon.ico, but browsers make a request for it. This lead to errors during stats page requests: Aug 18 08:46:41 somehost.example.net haproxy[1521534]: X.X.X.X:61403 [18/Aug/2020:08:46:41.437] stats stats/ -1/-1/-1/-1/0 503 222 - - SC-- 2/2/0/0/0 0/0 "GET /favicon.ico HTTP/1.1" Aug 18 08:46:42 somehost.example.net haproxy[1521534]: X.X.X.X:61403 [18/Aug/2020:08:46:42.650] stats stats/ -1/-1/-1/-1/0 503 222 - - SC-- 2/2/0/0/0 0/0 "GET /favicon.ico HTTP/1.1" Patch provided set empty favicon.ico for haproxy stats page. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: Update docs / comments to be inclusive of all gender identities
Dear list! Author: Jackie Tapia Number of patches: 2 This is an automated relay of the Github pull request: DOC: Update docs / comments to be inclusive of all gender identities Patch title(s): Update docs / comments to be more inclusive of all gender identities Update contributing doc Link: https://github.com/haproxy/haproxy/pull/772 Edit locally: wget https://github.com/haproxy/haproxy/pull/772.patch && vi 772.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/772.patch | git am - Description: To promote an inclusive environment for all communities, this PR converts all references of gender specific pronouns, e.g "he" or "she", into the third-person pronoun "they" as it is inclusive of all people. Furthermore, documentation / comments should use singular "they" when referring to a generic person whose gender is unknown or irrelevant to the context. Also, remove some trailing whitespaces from the files modified. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] http-check send was missing from matrix
Dear list! Author: Peter Gervai Number of patches: 1 This is an automated relay of the Github pull request: http-check send was missing from matrix Patch title(s): http-check send was missing from matrix Link: https://github.com/haproxy/haproxy/pull/678 Edit locally: wget https://github.com/haproxy/haproxy/pull/678.patch && vi 678.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/678.patch | git am - Description: while it probably shouldn't have. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Unindent non-code sentences in the protobuf example
Dear list! Author: Peter Gervai Number of patches: 1 This is an automated relay of the Github pull request: Unindent non-code sentences in the protobuf example Patch title(s): Unindent non-code sentences in the protobuf example Link: https://github.com/haproxy/haproxy/pull/677 Edit locally: wget https://github.com/haproxy/haproxy/pull/677.patch && vi 677.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/677.patch | git am - Description: Unindent to make the explanation go back to text from code formatted example in tyhe HTMLized version. Still it's not perfect since these are not haproxy examples but protobuf config, but... way better. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] The agent-check fail state is represented as "fail"
Dear list! Author: Jack Neely Number of patches: 1 This is an automated relay of the Github pull request: The agent-check fail state is represented as "fail" Patch title(s): The agent-check fail state is represented as "fail" Link: https://github.com/haproxy/haproxy/pull/642 Edit locally: wget https://github.com/haproxy/haproxy/pull/642.patch && vi 642.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/642.patch | git am - Description: Documentation has stated the string is "failed" and this doesn't match the source code. An agent-check returning "failed" causes HAProxy to not make state changes. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Do not build OpenSSL from source for ARM64
Dear list! Author: Martin Tzvetanov Grigorov Number of patches: 1 This is an automated relay of the Github pull request: Do not build OpenSSL from source for ARM64 Patch title(s): Do not build OpenSSL from source for ARM64 Link: https://github.com/haproxy/haproxy/pull/630 Edit locally: wget https://github.com/haproxy/haproxy/pull/630.patch && vi 630.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/630.patch | git am - Description: Use openssl and libssl-dev from Ubuntu repositories. They come pre- installed by TravisCI. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Build and test on AARCH64 at GitHub actions
Dear list! Author: Martin Tzvetanov Grigorov Number of patches: 21 This is an automated relay of the Github pull request: Build and test on AARCH64 at GitHub actions Patch title(s): Add ARM64 testing Fix YAML Do not use '-it' for 'docker run' Create a custom Dockerfile where the build & test will be executed Checkout the project Checkout VTest and install dependencies in Docker Use Ubuntu:20.04 instead of Centos:8 Extract the Shell script into a file Export CC for `make vtest` Add dependency to zlib1g-dev Add gcc to general dependencies Install wget to be able to download OpenSSL Disable LeakSanitizer because it fails with: Do not build OpenSSL. It is too slow with QEMU Remove USE_OPENSSL=0 Remove testing of WURFL Re-enable OpenSSL because without it some tests fail Rename arm64.yml to aarch64.yml for consistency Use checkout@v2 Add a README explaining how the testing on AARCH64 works Re-enable testing for Windows Link: https://github.com/haproxy/haproxy/pull/617 Edit locally: wget https://github.com/haproxy/haproxy/pull/617.patch && vi 617.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/617.patch | git am - Description: Since testing on ARM64/AARCH64 has been [disabled](https://github.com/ haproxy/haproxy/commit/18b303e9f9b38e3a35b05cfe54d57ce3c81599c0#diff-3 54f30a63fb0907d4ad57269548329e3) at TravisCI because there were some infrastructure related problems I propose a new way to test at GitHub Actions. The new approach is based on QEMU and uses Docker images to simplify the setup of QEMU. All is nice and shiny but there is one big problem - few tests fail consistently: ``` ## Starting vtest ## Testing with haproxy version: 2.2-dev0-bbd4d68-993 #top TEST reg-tests/ssl/wrong_ctx_storage.vtc FAILED (0.280) exit=2 #top TEST reg-tests/connection/proxy_protocol_random_fail.vtc FAILED (0.306) exit=2 #top TEST reg-tests/seamless- reload/abns_socket.vtc FAILED (0.711) exit=2 #top TEST reg- tests/http-rules/map_regm_with_backref.vtc FAILED (0.642) exit=2 # top TEST reg-tests/http- rules/converters_ipmask_concat_strcmp_field_word.vtc FAILED (0.778) exit=2 5 tests failed, 0 tests skipped, 48 tests passed ## Gathering results ## ## Test case: reg- tests/connection/proxy_protocol_random_fail.vtc ## ## test results in: "/tmp/haregtests-2020-05-06_11-59-19.fNnEdV/vtc.7747.3fdec118" top shell_exit not as expected: got 0x007f wanted 0x ## Test case: reg-tests/http- rules/converters_ipmask_concat_strcmp_field_word.vtc ## ## test results in: "/tmp/haregtests-2020-05-06_11-59-19.fNnEdV/vtc.7747.4f6aaeeb" c1 HTTP header is incomplete ## Test case: reg- tests/http-rules/map_regm_with_backref.vtc ## ## test results in: "/tmp/haregtests-2020-05-06_11-59-19.fNnEdV/vtc.7747.2a6adc02" c1 HTTP header is incomplete s1 HTTP rx failed (fd:6 read: Connection reset by peer) ## Test case: reg- tests/ssl/wrong_ctx_storage.vtc ## ## test results in: "/tmp/haregtests-2020-05-06_11-59-19.fNnEdV/vtc.7747.6fe1dd3f" top shell_exit not as expected: got 0x007f wanted 0x ## Test case: reg-tests/seamless-reload/abns_socket.vtc ## ## test results in: "/tmp/haregtests-2020-05-06_11-59-19.fNnEdV/vtc.7747.09b9aabe" c1 Failed to open 127.0.0.1 39405: (null) make: *** [Makefile:995: reg-tests] Error 1 ``` I've explained how to run the setup locally in `.github/workflows/aarch64/README.md`. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Updating Documentation for Hashing
Dear list! Author: Adam Mills Number of patches: 1 This is an automated relay of the Github pull request: Updating Documentation for Hashing Patch title(s): Updating Documentation for Hashing Link: https://github.com/haproxy/haproxy/pull/582 Edit locally: wget https://github.com/haproxy/haproxy/pull/582.patch && vi 582.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/582.patch | git am - Description: Bret Mulvey, the author of the article cited in this pulication has migrated his work to papa.bretmulvey.com. I was able to view an archival version of Bret M.'s original post (http://home.comcast.net/~bretm/hash/3.html) and have validated that this is the same paper that is originally cited. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: correct typo in alert message
Dear list! Author: Balvinder Singh Rawat Number of patches: 1 This is an automated relay of the Github pull request: DOC: correct typo in alert message Patch title(s): correct typo in alert message Link: https://github.com/haproxy/haproxy/pull/547 Edit locally: wget https://github.com/haproxy/haproxy/pull/547.patch && vi 547.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/547.patch | git am - Description: This message comes when we run: ``` haproxy -c -V -f /etc/haproxy/haproxy.cfg [ALERT] 072/233727 (30865) : parsing [/etc/haproxy/haproxy.cfg:34] : The 'rspirep' directive is not supported anymore sionce HAProxy 2.1. Use 'http-response replace- header' instead. [ALERT] 072/233727 (30865) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 072/233727 (30865) : Fatal errors found in configuration. ``` Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Docs tls tickets
Dear list! Author: Björn Jacke Number of patches: 2 This is an automated relay of the Github pull request: Docs tls tickets Patch title(s): BUG/MINOR: fix typo of tls-tickets DOC: improve description of no-tls-tickets Link: https://github.com/haproxy/haproxy/pull/537 Edit locally: wget https://github.com/haproxy/haproxy/pull/537.patch && vi 537.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/537.patch | git am - Description: typo in parameter and description improvement Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add missing string length for lua sticktable lookup
Dear list! Author: Nathan Neulinger Number of patches: 1 This is an automated relay of the Github pull request: Add missing string length for lua sticktable lookup Patch title(s): Add missing string length for lua sticktable lookup Link: https://github.com/haproxy/haproxy/pull/530 Edit locally: wget https://github.com/haproxy/haproxy/pull/530.patch && vi 530.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/530.patch | git am - Description: Consider moving this to smp_to_stkey - or at least adding a: ```if ( smp->data.u.str.data == 0 ) { static_table_key.key_len = strlen(smp->data.u.str.key); }``` equivalent to smp_to_stkey Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] MINOR: Add health check duration metric to Prometheus service
Dear list! Author: Seena Fallah Number of patches: 1 This is an automated relay of the Github pull request: MINOR: Add health check duration metric to Prometheus service Patch title(s): MINOR: Add health check duration metric to Prometheus service Link: https://github.com/haproxy/haproxy/pull/520 Edit locally: wget https://github.com/haproxy/haproxy/pull/520.patch && vi 520.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/520.patch | git am - Description: Fixes: #519 Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add verfied chain
Dear list! Author: Arjen Nienhuis Number of patches: 2 This is an automated relay of the Github pull request: Add verfied chain Patch title(s): MINOR: add fetch 'ssl_c_verified_chain' Merge branch 'master' of https://github.com/haproxy/haproxy Link: https://github.com/haproxy/haproxy/pull/396 Edit locally: wget https://github.com/haproxy/haproxy/pull/396.patch && vi 396.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/396.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] modify if condition redundant
Dear list! Author: Weiliang Li Number of patches: 1 This is an automated relay of the Github pull request: modify if condition redundant Patch title(s): modify if condition redundant Link: https://github.com/haproxy/haproxy/pull/355 Edit locally: wget https://github.com/haproxy/haproxy/pull/355.patch && vi 355.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/355.patch | git am - Description: Identical inner 'if' condition is always true (outer condition is 'ext_child->command[i]' and inner condition is 'ext_child->command[i]') Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] MINOR: stick-table: allow sc-set-gpt0 to set value from an expression
Dear list! Author: Cédric Dufour Number of patches: 2 This is an automated relay of the Github pull request: MINOR: stick-table: allow sc-set-gpt0 to set value from an expression Patch title(s): MINOR: stick-table: allow sc-set-gpt0 to set value from an expression coding style (should have been in my previous commit) Link: https://github.com/haproxy/haproxy/pull/354 Edit locally: wget https://github.com/haproxy/haproxy/pull/354.patch && vi 354.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/354.patch | git am - Description: Allow the `sc-set-gpt0()` action to set GPT0 to a value dynamically evaluated from its `` argument (in addition to the existing static `` alternative). Hello HAProxy team! While working on a use-case we have at hand, we ended up desperately needing the ability to set GPT0 from a dynamic value. This patch is mostly copy-paste from the `set-var()` action. Looking forwards to your review and best, Cédric Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] updating req.body_param doc with chunk-encoding limitation
Dear list! Author: fclerg <29798784+fcl...@users.noreply.github.com> Number of patches: 1 This is an automated relay of the Github pull request: updating req.body_param doc with chunk-encoding limitation Patch title(s): updating req.body_param doc with chunk-encoding limitation Link: https://github.com/haproxy/haproxy/pull/333 Edit locally: wget https://github.com/haproxy/haproxy/pull/333.patch && vi 333.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/333.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Fix backend typo
Dear list! Author: Rick Rackow Number of patches: 1 This is an automated relay of the Github pull request: Fix backend typo Patch title(s): Fix backend typ Link: https://github.com/haproxy/haproxy/pull/316 Edit locally: wget https://github.com/haproxy/haproxy/pull/316.patch && vi 316.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/316.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] minor: a type error
Dear list! Author: ArthurMa <4406art...@gmail.com> Number of patches: 1 This is an automated relay of the Github pull request: minor: a type error Patch title(s): minor: a type error Link: https://github.com/haproxy/haproxy/pull/291 Edit locally: wget https://github.com/haproxy/haproxy/pull/291.patch && vi 291.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/291.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] MINOR: remove limit of 1k socket connections with systemd
Dear list! Author: Björn Jacke Number of patches: 1 This is an automated relay of the Github pull request: MINOR: remove limit of 1k socket connections with systemd Patch title(s): MINOR: remove limit of 1k socket connections with systemd Link: https://github.com/haproxy/haproxy/pull/280 Edit locally: wget https://github.com/haproxy/haproxy/pull/280.patch && vi 280.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/280.patch | git am - Description: systemd by default limits the max open files to 1k, which also limits the socket connections to 1k, the service script must be told to remove the limit. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] MINOR: remove limit of 1k socket connections with systemd
Dear list! Author: Björn Jacke Number of patches: 1 This is an automated relay of the Github pull request: MINOR: remove limit of 1k socket connections with systemd Patch title(s): MINOR: remove limit of 1k socket connections with systemd Link: https://github.com/haproxy/haproxy/pull/280 Edit locally: wget https://github.com/haproxy/haproxy/pull/280.patch && vi 280.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/280.patch | git am - Description: systemd by default limits the max open files to 1k, which also limits the socket connections to 1k, the service script must be told to remove the limit. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add UUID fetch
Dear list! Author: Luca Schimweg Number of patches: 3 This is an automated relay of the Github pull request: Add UUID fetch Patch title(s): Add UUID Generator UUID: Use suggestions from mailing list Add documentation for UUID-Fetch Link: https://github.com/haproxy/haproxy/pull/271 Edit locally: wget https://github.com/haproxy/haproxy/pull/271.patch && vi 271.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/271.patch | git am - Description: We discussed this in the mailing list Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Add support for server maintenance
Dear list! Author: Mickaël Martin Number of patches: 1 This is an automated relay of the Github pull request: Add support for server maintenance Patch title(s): Add support for server maintenance Link: https://github.com/haproxy/haproxy/pull/261 Edit locally: wget https://github.com/haproxy/haproxy/pull/261.patch && vi 261.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/261.patch | git am - Description: Linked to https://github.com/haproxy/haproxy/issues/255 Just adding maintenance state for prometheus monitoring. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] MINOR: connection: add TCP keep-alive parameters
Dear list! Author: Sven Ulland Number of patches: 1 This is an automated relay of the Github pull request: MINOR: connection: add TCP keep-alive parameters Patch title(s): MINOR: connection: add TCP keep-alive parameters Link: https://github.com/haproxy/haproxy/pull/252 Edit locally: wget https://github.com/haproxy/haproxy/pull/252.patch && vi 252.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/252.patch | git am - Description: Add configuration parameters to control TCP keep-alives: * tcp- keepalive-time: Idle time before keep-alive probes are sent * tcp- keepalive-interval: Interval between keep-alive probes * tcp- keepalive-count: Number of keep-alive probes to send before giving up Tested with TCP and HTTP, and with different settings in the default, listen, frontend and backend sections. Potential issues: * Only tested on Linux. * Darwin `#ifdef TCP_KEEPALIVE` implemented but untested. * No Windows support. Rationale: * HAProxy only allows enabling/disabling TCP keep- alives; not controlling parameters. * System default parameters controllable using sysctl. * System defaults apply to all connections. Default idle time: 7200 seconds, as required by RFC 1122. * The `sysctl` command does not work on Docker containers due to read- only procfs. * The Docker `privileged` flag could have worked, but is unsupported on AWS Fargate. * The Docker `sysctl` flag could have worked, but is unsupported on AWS Fargate. * The Docker Linux capability flags could have worked, but are unsupported on AWS Fargate. * I'm behind a Cisco Meraki NAT gateway that has a fixed TCP NAT timeout of 300 seconds, meaning connections are dropped before the TCP keep-alive idle time kicks in (default 7200 seconds on Linux). Meraki support confirms the fixed 300 second timeout. * Instead of requiring all clients to increase the TCP keep-alive probe frequency, fix it centrally by enabling parameters in HAProxy. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: fixed typo in management.txt
Dear list! Author: n9 Number of patches: 1 This is an automated relay of the Github pull request: DOC: fixed typo in management.txt Patch title(s): DOC: fixed typo in management.txt Link: https://github.com/haproxy/haproxy/pull/234 Edit locally: wget https://github.com/haproxy/haproxy/pull/234.patch && vi 234.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/234.patch | git am - Description: replaced fot -> for added two periods Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: proxy: Fix typo in PROXY file
Dear list! Author: Alex Gusev Number of patches: 1 This is an automated relay of the Github pull request: DOC: proxy: Fix typo in PROXY file Patch title(s): DOC: proxy: Fix typo in PROXY file Link: https://github.com/haproxy/haproxy/pull/191 Edit locally: wget https://github.com/haproxy/haproxy/pull/191.patch && vi 191.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/191.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] add a vhost setting per backend
Dear list! Author: romain.d.morotti Number of patches: 4 This is an automated relay of the Github pull request: add a vhost setting per backend Patch title(s): add vhost setting per backend. it sets the host header in requests, in healthchecks and in TLS connections (SNI). add unit test on vhost. add documentation on vhost setting. use spaces for alignment. not tabs. Link: https://github.com/haproxy/haproxy/pull/167 Edit locally: wget https://github.com/haproxy/haproxy/pull/167.patch && vi 167.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/167.patch | git am - Description: Add a vhost setting per backend. It sets the host header for the backend in http requests, http healthchecks and TLS connections. This is required to support services using the host header for routing (kube ingress, ALB, other load balancer...). Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Corrected Typo
Dear list! Author: Rajesh Rajendran Number of patches: 1 This is an automated relay of the Github pull request: Corrected Typo Patch title(s): Corrected Typo Link: https://github.com/haproxy/haproxy/pull/160 Edit locally: wget https://github.com/haproxy/haproxy/pull/160.patch && vi 160.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/160.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] MINOR: doc: Remove -Ds option in man page
Dear list! Author: Kazuo Yagi Number of patches: 1 This is an automated relay of the Github pull request: MINOR: doc: Remove -Ds option in man page Patch title(s): MINOR: doc: Remove -Ds option in man page Link: https://github.com/haproxy/haproxy/pull/120 Edit locally: wget https://github.com/haproxy/haproxy/pull/120.patch && vi 120.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/120.patch | git am - Description: `-Ds` option should be removed from man page. It is no longer supported as this commit shows: https://github.com/haproxy/haproxy/com mit/095ba4c2428ec8bcccb134b3d24f07de2aabbdcd I noticed that the option has already gone when upgrading my haproxy from 1.7 to 2.0-dev7. I have had the old and new haproxy running as a pod on my Kubernetes cluster, therefore, it is important for me to know what option is provided to keep the process in the foreground. After upgrading, I was able to make my haproxy running successfully by removing `-Ds` option and `daemon` global parameter in the config. Thank you. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] travis-ci: mark LibreSSL builds as allowed failures
Dear list! Author: Ilya Shipitsin Number of patches: 4 This is an automated relay of the Github pull request: travis-ci: mark LibreSSL builds as allowed failures Patch title(s): BUILD: remove "build_libressl" duplicate declaration BUILD: travis-ci: get back to osx without openssl support BUILD: enable several LibreSSL hacks, including BUILD: temporarily mark LibreSSL builds as allowed to fail Link: https://github.com/haproxy/haproxy/pull/92 Edit locally: wget https://github.com/haproxy/haproxy/pull/92.patch && vi 92.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/92.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUILD: extend travis-ci matrix
Dear list! Author: Ilya Shipitsin Number of patches: 1 This is an automated relay of the Github pull request: BUILD: extend travis-ci matrix Patch title(s): BUILD: extend travis-ci matrix Link: https://github.com/haproxy/haproxy/pull/91 Edit locally: wget https://github.com/haproxy/haproxy/pull/91.patch && vi 91.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/91.patch | git am - Description: added openssl-1.0.2, 1.1.0, 1.1.1, libressl-2.7.5, 2.8.3, 2.9.1 added linux-ppc64le image libressl builds are yet broken. they will get repaired after separate patch (already sent to mailing list) Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] modescurity spoa (contrib) crash if Host header is absent in HTTP request
Dear list! Author: Yann Cézard Number of patches: 1 This is an automated relay of the Github pull request: modescurity spoa (contrib) crash if Host header is absent in HTTP request Patch title(s): If host header is NULL, don't try to strdup it. Link: https://github.com/haproxy/haproxy/pull/86 Edit locally: wget https://github.com/haproxy/haproxy/pull/86.patch && vi 86.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/86.patch | git am - Description: I discovered this bug when running OWASP regression tests against HAProxy + modsecurity-spoa (it's a POC to evaluate how it is working). I found out that modsecurity spoa will crash when the request doesn't have any Host header. ## Output of `haproxy -vv` and `uname -a` All HAProxy version / bug is related to the modsecurity spoa (contrib) and present in all versions. ## What's the configuration? Not linked to any specific configuration, just using the modsecurity spoa makes it vulnerable to this bug. ## Steps to reproduce the behavior 1. Install and configure the modsecurity spoa, configure haproxy to check all its request with modsecuirty (cf. https://github.com/haproxy/haproxy/blob/master/contri b/modsecurity/README which by the way have some erronous information in it, I'll made another pull request later). If you don't want to bother with compiling and such, there is a pretty good Docker image there : https://github.com/jcmoraisjr/modsecurity- spoa/blob/master/rootfs/Dockerfile. You'll stil have to configure HAProxy to use it, as explained in the README file. 2. curl -i -H "Host:" http://your.haproxy.domain ## Actual behavior The modsecurity spoa just crash. That could be annoying, even if it is configured to restart by itself (systemd or docker rule to do so), because during the time it gets up again, haproxy would not check the requests againts modsecurity (this could be mitigated by using an HAProxy rule rejecting all HTTP requests with no Host header). That means someone who wants to attack a site protected using HAProxy + modsecurity-spoa could disable modsecurity checks by doing HTTP requests without host, than all subsequent requests would be treated by HAProxy bypassing all modsecurity checks. ## Expected behavior modsecurity does not crash, and if using the OWASP CRS rules, the request is blocked because it is missing the Host header. ## Do you have any idea what may have caused this? This is because in modsec_wrapper.c, at line 328, strlen(req->hostname) will crash because req->hostname is NULL. ## Do you have an idea how to solve the issue? Checking if req->hostname is NULL before trying to do the chunk_strdup. ``` if (req->hostname != NULL) { req->parsed_uri.hostname = chunk_strdup(req, req->hostname, strlen(req->hostname)); } else { req->parsed_uri.hostname = NULL; } ``` I tried that patch, it works fine, no crash, and the query is then correctly intercepted by the modsecuirty / CRS rules : 1556193994.134313 [00] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/owasp-modsecurity- crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "605"] [id "920280"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language- multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "c3cfbbe6058a"] [uri "http://www.google.com/../../index.html";] [unique_id ""] This patch could be applyed to any versions of HAProxy proposing the modsecurity contrib. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] modsecuirty spoa (contrib) / README Typos and fix to the reject example
Dear list! Author: Yann Cézard Number of patches: 1 This is an automated relay of the Github pull request: modsecuirty spoa (contrib) / README Typos and fix to the reject example Patch title(s): Typos and fix the reject example (thanks to https://www.mail-archive.com/haproxy@formilux.org/msg30056.html). Link: https://github.com/haproxy/haproxy/pull/87 Edit locally: wget https://github.com/haproxy/haproxy/pull/87.patch && vi 87.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/87.patch | git am - Description: Thanks to https://www.mail- archive.com/haproxy@formilux.org/msg30056.html which helped me a lot to have a working setup. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] DOC: The option httplog is no longer valid in a backend.
Dear list! Author: Freddy Spierenburg Number of patches: 1 This is an automated relay of the Github pull request: DOC: The option httplog is no longer valid in a backend. Patch title(s): DOC: The option httplog is no longer valid in a backend. Link: https://github.com/haproxy/haproxy/pull/68 Edit locally: wget https://github.com/haproxy/haproxy/pull/68.patch && vi 68.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/68.patch | git am - Description: Inside the Proxy keywords matrix it looks like the option httplog is stil valid within a backend. This is no longer the case, hence this updates the documentation. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] IPv6: properly format an address coming from IPv6 socket as hex in lf_ip
Dear list! Author: Radek Zajic Number of patches: 1 This is an automated relay of the Github pull request: IPv6: properly format an address coming from IPv6 socket as hex in lf_ip Patch title(s): IPv6: properly format an address coming from IPv6 socket as hex string in lf_ip Link: https://github.com/haproxy/haproxy/pull/59 Edit locally: wget https://github.com/haproxy/haproxy/pull/59.patch && vi 59.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/59.patch | git am - Description: Dear `haproxy` maintainers, we've recently discovered an issue with formatting IPv6 addresses as hex strings (in e.g. `%{+X}ci`). This issue occurs e.g. when formatting `unique-id-format` as recommended in the docs: `%{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid`. This pull request proposes a change that properly formats addresses from IPv4 sockets as 8-char hex-string and addresses from IPv6 sockets as 32-char hex-string. The result looks like this: ``` Mar 8 13:28:21 hostname haproxy[11719]: ::1:38370 [00 01:95E2_0001:1F98_5C825FE5_000 1:2DC7] [1552048101] webfarm webfarm/server1.yourserver.com 0/0/0/0/0/0/0/0 302 183 - - --NN 1/1/0/0/0 0/0 "GET / HTTP/1.1" Mar 8 13:28:21 hostname haproxy[11719]: 127.0.0.1:42268 [7F01:A51C_7F01:1F98_5C825FE5_0002:2DC7] [1552048101] webfarm webfarm/server1.yourserver.com 0/0/0/0/0/0/0/0 302 183 - - --NN 1/1/0/0/0 0/0 "GET / HTTP/1.1 ``` Please also note that in case of an IPv6-bind processing IPv4-packets (e.g. bind to `::`) results in [IPv4-mapped-IPv6 addresses](https://en.wikipedia.org/wiki/ IPv6#IPv4-mapped_IPv6_addresses) in **both text and hex form**, e.g.: ``` Mar 8 13:18:09 hostname haproxy[8586]: :::127.0.0.1:41874 [7F01:A392_7F0 1:1F98_5C825D81_:218A] [1552047489] webfarm webfarm/server1.yourserver.com 0/0/0/0/0/0/1/1 301 219 - - --NN 1/1/0/0/0 0/0 "GET / HTTP/1.1" ``` For the sake of consistency between `inet_ntop` result (IPv4-mapped-IPv6 address) and the hex formatter, the hex representation is kept as 32-char hex string. Comments are welcome. Please consider merging this patch into `master`. Thank you. Radek Zajic [tech.showmax.com](https://tech.showmax.com/) Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Fix typos in comments and documentation
Dear list! Author: Joseph Herlant Number of patches: 1 This is an automated relay of the Github pull request: Fix typos in comments and documentation Patch title(s): Fix typos in comments and documentation Link: https://github.com/haproxy/haproxy/pull/1 Edit locally: wget https://github.com/haproxy/haproxy/pull/1.patch && vi 1.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/1.patch | git am - Description: Hi, I found some typos while reading the documentation so I ended up running a tool called `misspell` on the repo that basically fixes common misspells. Reviewed the result, did some changes, but I think we should be ok with what's left here. Let me know if you want to break this change into smaller changes or if there are some elements I might have missed. Thanks Jospeh Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] avoid overriding external prefix
Dear list! Author: Stephen Number of patches: 1 This is an automated relay of the Github pull request: avoid overriding external prefix Patch title(s): avoid overriding external prefix Link: https://github.com/haproxy/haproxy/pull/82 Edit locally: wget https://github.com/haproxy/haproxy/pull/82.patch && vi 82.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/82.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Fix typo
Dear list! Author: CJ Ting Number of patches: 1 This is an automated relay of the Github pull request: Fix typo Patch title(s): Fix typo Link: https://github.com/haproxy/haproxy/pull/81 Edit locally: wget https://github.com/haproxy/haproxy/pull/81.patch && vi 81.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/81.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Update transparent_proxy.cfg
Dear list! Author: hflamboauto1 Number of patches: 1 This is an automated relay of the Github pull request: Update transparent_proxy.cfg Patch title(s): Update transparent_proxy.cfg Link: https://github.com/haproxy/haproxy/pull/79 Edit locally: wget https://github.com/haproxy/haproxy/pull/79.patch && vi 79.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/79.patch | git am - Description: This is basically a question regarding this value. Everywhere on "internet resources" i see *clientip* ... which one is correct? This example ? Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04
Dear list! Author: Nan Liu Number of patches: 1 This is an automated relay of the Github pull request: BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04 Patch title(s): BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04 Link: https://github.com/haproxy/haproxy/pull/78 Edit locally: wget https://github.com/haproxy/haproxy/pull/78.patch && vi 78.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/78.patch | git am - Description: include/types/hlua.h:6:17: fatal error: lua.h: No such file or directory Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Updating rpmbuild spec file Source0 directive
Dear list! Author: GitHub Number of patches: 1 This is an automated relay of the Github pull request: Updating rpmbuild spec file Source0 directive Patch title(s): Updating rpmbuild spec file Source0 directive Link: https://github.com/haproxy/haproxy/pull/77 Edit locally: wget https://github.com/haproxy/haproxy/pull/77.patch && vi 77.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/77.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Update haproxy.spec URLs to haproxy.org
Dear list! Author: Grant Number of patches: 1 This is an automated relay of the Github pull request: Update haproxy.spec URLs to haproxy.org Patch title(s): Update haproxy.spec URLs to haproxy.org Link: https://github.com/haproxy/haproxy/pull/23 Edit locally: wget https://github.com/haproxy/haproxy/pull/23.patch && vi 23.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/23.patch | git am - Description: Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Minor spelling correction
Dear list! Author: Ian Miell Number of patches: 2 This is an automated relay of the Github pull request: Minor spelling correction Patch title(s): Very minor spelling correction Merge pull request #1 from ianmiell/ianmiell-patch-1 Link: https://github.com/haproxy/haproxy/pull/33 Edit locally: wget https://github.com/haproxy/haproxy/pull/33.patch && vi 33.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/33.patch | git am - Description: 'optionnally' -> 'optionally' Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.
[PR] Cleanup
Dear list! Author: Erwan Velu Number of patches: 8 This is an automated relay of the Github pull request: Cleanup Patch title(s): CLEANUP: don't ignore debian/ directory if present cfgparse: Protect free on NULL pointer proto_http: Removing useless variable assignation proto_http: Removing useless variable proto_http: Removing useless delta assignation dumpstats: Removing useless variables allocation payload: Removing useless pointer arithmetic dns: Removing usless variable & assignation Link: https://github.com/haproxy/haproxy/pull/42 Edit locally: wget https://github.com/haproxy/haproxy/pull/42.patch && vi 42.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/42.patch | git am - Description: Please find in this PR my with contribution to the project. It does contains a few commits targeting a static analysis of possible mistakes or useless code. My changes looks like safe but as I'm new to that code, I could be wrong. Feel free to pick only some commits if some looks like too picky or useless for the project. That was my 2 cents applying to the current master tree. Cheers, Erwan Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.