Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2014-11-26 20:55:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2014-11-26 10:33:31.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2014-11-26 22:57:07.000000000 +0100 @@ -1,0 +2,33 @@ +Wed Nov 26 11:50:42 UTC 2014 - [email protected] + +- update to 1.5.9 + - BUILD: fix "make install" to support spaces in the install dirs + - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl + healthchecks + - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in + case of OOM. + - BUG/MINOR: samples: fix unnecessary memcopy converting binary + to string. + - BUG/MEDIUM: connection: sanitize PPv2 header length before + parsing address information + - BUG/MEDIUM: pattern: don't load more than once a pattern list. + - BUG/MEDIUM: ssl: force a full GC in case of memory shortage + - BUG/MINOR: config: don't inherit the default balance algorithm + in frontends + - BUG/MAJOR: frontend: initialize capture pointers earlier + - BUG/MINOR: stats: correctly set the request/response analysers + - DOC: fix typo in the body parser documentation for msg.sov + - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not + trash.size + - MINOR: sample: add a few basic internal fetches (nbproc, proc, + stopping) + - BUG/MAJOR: sessions: unlink session from list on out of memory +- Drop patches pulled from git + - 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch + - 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch + - 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch + - 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch + - 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch + - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch + +------------------------------------------------------------------- Old: ---- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch haproxy-1.5.8.tar.gz New: ---- haproxy-1.5.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.6ca5wt/_old 2014-11-26 22:57:08.000000000 +0100 +++ /var/tmp/diff_new_pack.6ca5wt/_new 2014-11-26 22:57:08.000000000 +0100 @@ -33,7 +33,7 @@ %bcond_without apparmor Name: haproxy -Version: 1.5.8 +Version: 1.5.9 Release: 0 # # @@ -60,20 +60,6 @@ Patch1: haproxy-1.2.16_config_haproxy_user.patch Patch2: haproxy-makefile_lib.patch Patch3: sec-options.patch - -# PATCH-FIX-UPSTREAM BUILD: fix "make install" to support spaces in the install dirs -Patch4: 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch -# PATCH-FIX-UPSTREAM BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. -Patch5: 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch -# PATCH-FIX-UPSTREAM BUG/MEDIUM: ssl: force a full GC in case of memory shortage -Patch6: 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch -# PATCH-FIX-UPSTREAM BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks -Patch7: 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch -# PATCH-FIX-UPSTREAM BUG/MINOR: config: don't inherit the default balance algorithm in frontends -Patch8: 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch -# PATCH-FIX-UPSTREAM BUG/MAJOR: frontend: initialize capture pointers earlier -Patch9: 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch - Source99: haproxy-rpmlintrc # Summary: The Reliable, High Performance TCP/HTTP Load Balancer @@ -107,13 +93,6 @@ %patch2 %patch3 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 - %build %{__make} \ TARGET=linux26 \ ++++++ haproxy-1.5.8.tar.gz -> haproxy-1.5.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/CHANGELOG new/haproxy-1.5.9/CHANGELOG --- old/haproxy-1.5.8/CHANGELOG 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/CHANGELOG 2014-11-26 00:38:07.000000000 +0100 @@ -1,6 +1,22 @@ ChangeLog : =========== +2014/11/26 : 1.5.9 + - BUILD: fix "make install" to support spaces in the install dirs + - BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks + - BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM. + - BUG/MINOR: samples: fix unnecessary memcopy converting binary to string. + - BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information + - BUG/MEDIUM: pattern: don't load more than once a pattern list. + - BUG/MEDIUM: ssl: force a full GC in case of memory shortage + - BUG/MINOR: config: don't inherit the default balance algorithm in frontends + - BUG/MAJOR: frontend: initialize capture pointers earlier + - BUG/MINOR: stats: correctly set the request/response analysers + - DOC: fix typo in the body parser documentation for msg.sov + - BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size + - MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping) + - BUG/MAJOR: sessions: unlink session from list on out of memory + 2014/10/31 : 1.5.8 - BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped - BUG/BUILD: revert accidental change in the makefile from latest SSL fix diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/Makefile new/haproxy-1.5.9/Makefile --- old/haproxy-1.5.8/Makefile 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/Makefile 2014-11-26 00:38:07.000000000 +0100 @@ -710,19 +710,19 @@ $(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $< install-man: - install -d $(DESTDIR)$(MANDIR)/man1 - install -m 644 doc/haproxy.1 $(DESTDIR)$(MANDIR)/man1 + install -d "$(DESTDIR)$(MANDIR)"/man1 + install -m 644 doc/haproxy.1 "$(DESTDIR)$(MANDIR)"/man1 install-doc: - install -d $(DESTDIR)$(DOCDIR) + install -d "$(DESTDIR)$(DOCDIR)" for x in configuration architecture haproxy-en haproxy-fr; do \ - install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \ + install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \ done install-bin: haproxy haproxy-systemd-wrapper - install -d $(DESTDIR)$(SBINDIR) - install haproxy $(DESTDIR)$(SBINDIR) - install haproxy-systemd-wrapper $(DESTDIR)$(SBINDIR) + install -d "$(DESTDIR)$(SBINDIR)" + install haproxy "$(DESTDIR)$(SBINDIR)" + install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)" install: install-bin install-man install-doc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/README new/haproxy-1.5.9/README --- old/haproxy-1.5.8/README 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/README 2014-11-26 00:38:07.000000000 +0100 @@ -1,9 +1,9 @@ ---------------------- HAProxy how-to ---------------------- - version 1.5.8 + version 1.5.9 willy tarreau - 2014/10/31 + 2014/11/25 1) How to build it diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/VERDATE new/haproxy-1.5.9/VERDATE --- old/haproxy-1.5.8/VERDATE 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/VERDATE 2014-11-26 00:38:07.000000000 +0100 @@ -1,2 +1,2 @@ $Format:%ci$ -2014/10/31 +2014/11/25 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/VERSION new/haproxy-1.5.9/VERSION --- old/haproxy-1.5.8/VERSION 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/VERSION 2014-11-26 00:38:07.000000000 +0100 @@ -1 +1 @@ -1.5.8 +1.5.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/doc/configuration.txt new/haproxy-1.5.9/doc/configuration.txt --- old/haproxy-1.5.8/doc/configuration.txt 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/doc/configuration.txt 2014-11-26 00:38:07.000000000 +0100 @@ -2,9 +2,9 @@ HAProxy Configuration Manual ---------------------- - version 1.5.8 + version 1.5.9 willy tarreau - 2014/10/31 + 2014/11/25 This document covers the configuration language as implemented in the version @@ -10180,6 +10180,11 @@ tcp-request content accept if ! too_fast tcp-request content accept if WAIT_END +nbproc : integer + Returns an integer value corresponding to the number of processes that were + started (it equals the global "nbproc" setting). This is useful for logging + and debugging purposes. + nbsrv([<backend>]) : integer Returns an integer value corresponding to the number of usable servers of either the current backend or the named backend. This is mostly used with @@ -10188,6 +10193,11 @@ to handle some load. It is useful to report a failure when combined with "monitor fail". +proc : integer + Returns an integer value corresponding to the position of the process calling + the function, between 1 and global.nbproc. This is useful for logging and + debugging purposes. + queue([<backend>]) : integer Returns the total number of queued connections of the designated backend, including all the connections in server queues. If no backend name is @@ -10238,6 +10248,11 @@ acl srv2_full srv_sess_rate(be1/srv2) gt 50 use_backend be2 if srv1_full or srv2_full +stopping : boolean + Returns TRUE if the process calling the function is currently stopping. This + can be useful for logging, or for relaxing certain checks or helping close + certain connections upon graceful shutdown. + table_avl([<table>]) : integer Returns the total number of available entries in the current proxy's stick-table or in the designated stick-table. See also table_cnt. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/doc/internals/body-parsing.txt new/haproxy-1.5.9/doc/internals/body-parsing.txt --- old/haproxy-1.5.8/doc/internals/body-parsing.txt 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/doc/internals/body-parsing.txt 2014-11-26 00:38:07.000000000 +0100 @@ -69,7 +69,7 @@ msg.sov : start of value. First character of the header's value in the header states, start of the body in the data states. Strictly positive values indicate that headers were not forwarded yet (<buf.p> is - before the start of the body), and null or positive values are seen + before the start of the body), and null or negative values are seen after headers are forwarded (<buf.p> is at or past the start of the body). The value stops changing when data start to leave the buffer (in order to avoid integer overflows). So the maximum possible range diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/examples/haproxy.spec new/haproxy-1.5.9/examples/haproxy.spec --- old/haproxy-1.5.8/examples/haproxy.spec 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/examples/haproxy.spec 2014-11-26 00:38:07.000000000 +0100 @@ -1,6 +1,6 @@ Summary: HA-Proxy is a TCP/HTTP reverse proxy for high availability environments Name: haproxy -Version: 1.5.8 +Version: 1.5.9 Release: 1 License: GPL Group: System Environment/Daemons @@ -76,6 +76,9 @@ %attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/%{name} %changelog +* Wed Nov 26 2014 Willy Tarreau <[email protected]> +- updated to 1.5.9 + * Fri Oct 31 2014 Willy Tarreau <[email protected]> - updated to 1.5.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/include/proto/pattern.h new/haproxy-1.5.9/include/proto/pattern.h --- old/haproxy-1.5.8/include/proto/pattern.h 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/include/proto/pattern.h 2014-11-26 00:38:07.000000000 +0100 @@ -206,7 +206,8 @@ */ void pattern_init_expr(struct pattern_expr *expr); struct pattern_expr *pattern_lookup_expr(struct pattern_head *head, struct pat_ref *ref); -struct pattern_expr *pattern_new_expr(struct pattern_head *head, struct pat_ref *ref, char **err); +struct pattern_expr *pattern_new_expr(struct pattern_head *head, struct pat_ref *ref, + char **err, int *reuse); struct sample_storage **pattern_find_smp(struct pattern_expr *expr, struct pat_ref_elt *elt); int pattern_delete(struct pattern_expr *expr, struct pat_ref_elt *ref); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/include/types/checks.h new/haproxy-1.5.9/include/types/checks.h --- old/haproxy-1.5.8/include/types/checks.h 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/include/types/checks.h 2014-11-26 00:38:07.000000000 +0100 @@ -125,6 +125,7 @@ }; struct check { + struct xprt_ops *xprt; /* transport layer operations for health checks */ struct connection *conn; /* connection state for health checks */ unsigned short port; /* the port to use for the health checks */ struct buffer *bi, *bo; /* input and output buffers to send/recv check */ @@ -132,7 +133,7 @@ struct timeval start; /* last health check start time */ long duration; /* time in ms took to finish last health check */ short status, code; /* check result, check code */ - char desc[HCHK_DESC_LEN]; /* health check descritpion */ + char desc[HCHK_DESC_LEN]; /* health check description */ int use_ssl; /* use SSL for health checks */ int send_proxy; /* send a PROXY protocol header with checks */ struct tcpcheck_rule *current_step; /* current step when using tcpcheck */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/include/types/server.h new/haproxy-1.5.9/include/types/server.h --- old/haproxy-1.5.8/include/types/server.h 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/include/types/server.h 2014-11-26 00:38:07.000000000 +0100 @@ -194,7 +194,6 @@ struct { /* configuration used by health-check and agent-check */ struct protocol *proto; /* server address protocol for health checks */ - struct xprt_ops *xprt; /* transport layer operations for health checks */ struct sockaddr_storage addr; /* the address to check, if different from <addr> */ } check_common; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/acl.c new/haproxy-1.5.9/src/acl.c --- old/haproxy-1.5.8/src/acl.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/acl.c 2014-11-26 00:38:07.000000000 +0100 @@ -532,7 +532,7 @@ } /* Create new pattern expression associated to this reference. */ - pattern_expr = pattern_new_expr(&expr->pat, ref, err); + pattern_expr = pattern_new_expr(&expr->pat, ref, err, NULL); if (!pattern_expr) goto out_free_expr; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/cfgparse.c new/haproxy-1.5.9/src/cfgparse.c --- old/haproxy-1.5.8/src/cfgparse.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/cfgparse.c 2014-11-26 00:38:07.000000000 +0100 @@ -2003,7 +2003,6 @@ curproxy->no_options = defproxy.no_options; curproxy->no_options2 = defproxy.no_options2; curproxy->bind_proc = defproxy.bind_proc; - curproxy->lbprm.algo = defproxy.lbprm.algo; curproxy->except_net = defproxy.except_net; curproxy->except_mask = defproxy.except_mask; curproxy->except_to = defproxy.except_to; @@ -2037,6 +2036,7 @@ } if (curproxy->cap & PR_CAP_BE) { + curproxy->lbprm.algo = defproxy.lbprm.algo; curproxy->fullconn = defproxy.fullconn; curproxy->conn_retries = defproxy.conn_retries; curproxy->max_ka_queue = defproxy.max_ka_queue; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/checks.c new/haproxy-1.5.9/src/checks.c --- old/haproxy-1.5.8/src/checks.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/checks.c 2014-11-26 00:38:07.000000000 +0100 @@ -1413,7 +1413,7 @@ /* prepare a new connection */ conn_init(conn); - conn_prepare(conn, s->check_common.proto, s->check_common.xprt); + conn_prepare(conn, s->check_common.proto, check->xprt); conn_attach(conn, check, &check_conn_cb); conn->target = &s->obj_type; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/connection.c new/haproxy-1.5.9/src/connection.c --- old/haproxy-1.5.8/src/connection.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/connection.c 2014-11-26 00:38:07.000000000 +0100 @@ -424,6 +424,9 @@ case 0x01: /* PROXY command */ switch (hdr_v2->fam) { case 0x11: /* TCPv4 */ + if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET) + goto bad_header; + ((struct sockaddr_in *)&conn->addr.from)->sin_family = AF_INET; ((struct sockaddr_in *)&conn->addr.from)->sin_addr.s_addr = hdr_v2->addr.ip4.src_addr; ((struct sockaddr_in *)&conn->addr.from)->sin_port = hdr_v2->addr.ip4.src_port; @@ -433,6 +436,9 @@ conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; break; case 0x21: /* TCPv6 */ + if (ntohs(hdr_v2->len) < PP2_ADDR_LEN_INET6) + goto bad_header; + ((struct sockaddr_in6 *)&conn->addr.from)->sin6_family = AF_INET6; memcpy(&((struct sockaddr_in6 *)&conn->addr.from)->sin6_addr, hdr_v2->addr.ip6.src_addr, 16); ((struct sockaddr_in6 *)&conn->addr.from)->sin6_port = hdr_v2->addr.ip6.src_port; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/frontend.c new/haproxy-1.5.9/src/frontend.c --- old/haproxy-1.5.8/src/frontend.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/frontend.c 2014-11-26 00:38:07.000000000 +0100 @@ -106,11 +106,17 @@ if (global.tune.client_rcvbuf) setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf)); - if (unlikely(s->fe->nb_req_cap > 0 && (s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL)) - goto out_return; /* no memory */ + if (unlikely(s->fe->nb_req_cap > 0)) { + if ((s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL) + goto out_return; /* no memory */ + memset(s->txn.req.cap, 0, s->fe->nb_req_cap * sizeof(void *)); + } - if (unlikely(s->fe->nb_rsp_cap > 0 && (s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL)) - goto out_free_reqcap; /* no memory */ + if (unlikely(s->fe->nb_rsp_cap > 0)) { + if ((s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL) + goto out_free_reqcap; /* no memory */ + memset(s->txn.rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *)); + } if (s->fe->http_needed) { /* we have to allocate header indexes only if we know diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/pattern.c new/haproxy-1.5.9/src/pattern.c --- old/haproxy-1.5.8/src/pattern.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/pattern.c 2014-11-26 00:38:07.000000000 +0100 @@ -1855,12 +1855,19 @@ * <ref> can be NULL. If an error is occured, the function returns NULL and * <err> is filled. Otherwise, the function returns new pattern_expr linked * with <head> and <ref>. + * + * The returned value can be a alredy filled pattern list, in this case the + * flag <reuse> is set. */ -struct pattern_expr *pattern_new_expr(struct pattern_head *head, struct pat_ref *ref, char **err) +struct pattern_expr *pattern_new_expr(struct pattern_head *head, struct pat_ref *ref, + char **err, int *reuse) { struct pattern_expr *expr; struct pattern_expr_list *list; + if (reuse) + *reuse = 0; + /* Memory and initialization of the chain element. */ list = malloc(sizeof(*list)); if (!list) { @@ -1915,6 +1922,8 @@ * with ref and we must not free it. */ list->do_free = 0; + if (reuse) + *reuse = 1; } /* The new list element reference the pattern_expr. */ @@ -2087,6 +2096,7 @@ struct pat_ref *ref; struct pattern_expr *expr; struct pat_ref_elt *elt; + int reuse; /* Lookup for the existing reference. */ ref = pat_ref_lookup(filename); @@ -2161,12 +2171,20 @@ */ expr = pattern_lookup_expr(head, ref); if (!expr || (expr->mflags != patflags)) { - expr = pattern_new_expr(head, ref, err); + expr = pattern_new_expr(head, ref, err, &reuse); if (!expr) return 0; expr->mflags = patflags; } + /* The returned expression may be not empty, because the function + * "pattern_new_expr" lookup for similar pattern list and can + * reuse a already filled pattern list. In this case, we can not + * reload the patterns. + */ + if (reuse) + return 1; + /* Load reference content in the pattern expression. */ list_for_each_entry(elt, &ref->head, list) { if (!pat_ref_push(elt, expr, patflags, err)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/peers.c new/haproxy-1.5.9/src/peers.c --- old/haproxy-1.5.8/src/peers.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/peers.c 2014-11-26 00:38:07.000000000 +0100 @@ -1240,7 +1240,7 @@ if ((s->req->buf = pool_alloc2(pool2_buffer)) == NULL) goto out_fail_req_buf; /* no memory */ - s->req->buf->size = trash.size; + s->req->buf->size = global.tune.bufsize; channel_init(s->req); s->req->prod = &s->si[0]; s->req->cons = &s->si[1]; @@ -1266,7 +1266,7 @@ if ((s->rep->buf = pool_alloc2(pool2_buffer)) == NULL) goto out_fail_rep_buf; /* no memory */ - s->rep->buf->size = trash.size; + s->rep->buf->size = global.tune.bufsize; channel_init(s->rep); s->rep->prod = &s->si[1]; s->rep->cons = &s->si[0]; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/proto_http.c new/haproxy-1.5.9/src/proto_http.c --- old/haproxy-1.5.8/src/proto_http.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/proto_http.c 2014-11-26 00:38:07.000000000 +0100 @@ -4086,8 +4086,7 @@ select_compression_request_header(s, req->buf); /* enable the minimally required analyzers to handle keep-alive and compression on the HTTP response */ - req->analysers = (req->analysers & AN_REQ_HTTP_BODY) | - AN_REQ_HTTP_XFER_BODY | AN_RES_WAIT_HTTP | AN_RES_HTTP_PROCESS_BE | AN_RES_HTTP_XFER_BODY; + req->analysers = (req->analysers & AN_REQ_HTTP_BODY) | AN_REQ_HTTP_XFER_BODY; goto done; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/sample.c new/haproxy-1.5.9/src/sample.c --- old/haproxy-1.5.8/src/sample.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/sample.c 2014-11-26 00:38:07.000000000 +0100 @@ -497,27 +497,20 @@ return 1; } -/* The sample is always copied into a new one so that smp->size is always - * valid. The NULL char always enforces the end of string if it is met. +/* + * The NULL char always enforces the end of string if it is met. + * Data is never changed, so we can ignore the CONST case */ static int c_bin2str(struct sample *smp) { - struct chunk *trash = get_trash_chunk(); - unsigned char c; - int ptr = 0; + int i; - while (ptr < smp->data.str.len) { - c = smp->data.str.str[ptr]; - if (!c) + for (i = 0; i < smp->data.str.len; i++) { + if (!smp->data.str.str[i]) { + smp->data.str.len = i; break; - trash->str[ptr] = c; - ptr++; + } } - trash->len = ptr; - trash->str[ptr] = 0; - smp->data.str = *trash; - smp->type = SMP_T_STR; - smp->flags &= ~SMP_F_CONST; return 1; } @@ -1345,6 +1338,26 @@ return 1; } +/* returns the number of processes */ +static int +smp_fetch_nbproc(struct proxy *px, struct session *s, void *l7, unsigned int opt, + const struct arg *args, struct sample *smp, const char *kw) +{ + smp->type = SMP_T_UINT; + smp->data.uint = global.nbproc; + return 1; +} + +/* returns the number of the current process (between 1 and nbproc */ +static int +smp_fetch_proc(struct proxy *px, struct session *s, void *l7, unsigned int opt, + const struct arg *args, struct sample *smp, const char *kw) +{ + smp->type = SMP_T_UINT; + smp->data.uint = relative_pid; + return 1; +} + /* generate a random 32-bit integer for whatever purpose, with an optional * range specified in argument. */ @@ -1363,6 +1376,16 @@ return 1; } +/* returns true if the current process is stopping */ +static int +smp_fetch_stopping(struct proxy *px, struct session *s, void *l7, unsigned int opt, + const struct arg *args, struct sample *smp, const char *kw) +{ + smp->type = SMP_T_BOOL; + smp->data.uint = stopping; + return 1; +} + /* Note: must not be declared <const> as its list will be overwritten. * Note: fetches that may return multiple types must be declared as the lowest * common denominator, the type that can be casted into all other ones. For @@ -1373,7 +1396,10 @@ { "always_true", smp_fetch_true, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN }, { "env", smp_fetch_env, ARG1(1,STR), NULL, SMP_T_STR, SMP_USE_INTRN }, { "date", smp_fetch_date, ARG1(0,SINT), NULL, SMP_T_UINT, SMP_USE_INTRN }, + { "nbproc", smp_fetch_nbproc,0, NULL, SMP_T_UINT, SMP_USE_INTRN }, + { "proc", smp_fetch_proc, 0, NULL, SMP_T_UINT, SMP_USE_INTRN }, { "rand", smp_fetch_rand, ARG1(0,UINT), NULL, SMP_T_UINT, SMP_USE_INTRN }, + { "stopping", smp_fetch_stopping, 0, NULL, SMP_T_BOOL, SMP_USE_INTRN }, { /* END */ }, }}; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/server.c new/haproxy-1.5.9/src/server.c --- old/haproxy-1.5.8/src/server.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/server.c 2014-11-26 00:38:07.000000000 +0100 @@ -929,7 +929,7 @@ newsrv->addr = *sk; newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family); - newsrv->xprt = newsrv->check_common.xprt = &raw_sock; + newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock; if (!newsrv->proto) { Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/session.c new/haproxy-1.5.9/src/session.c --- old/haproxy-1.5.8/src/session.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/session.c 2014-11-26 00:38:07.000000000 +0100 @@ -579,6 +579,7 @@ /* and restore the connection pointer in case we destroyed it, * because kill_mini_session() will need it. */ + LIST_DEL(&s->list); s->target = &conn->obj_type; return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-1.5.8/src/ssl_sock.c new/haproxy-1.5.9/src/ssl_sock.c --- old/haproxy-1.5.8/src/ssl_sock.c 2014-10-31 10:06:53.000000000 +0100 +++ new/haproxy-1.5.9/src/ssl_sock.c 2014-11-26 00:38:07.000000000 +0100 @@ -1812,7 +1812,7 @@ if (srv->use_ssl) srv->xprt = &ssl_sock; if (srv->check.use_ssl) - srv->check_common.xprt = &ssl_sock; + srv->check.xprt = &ssl_sock; srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method()); if (!srv->ssl_ctx.ctx) { @@ -2033,22 +2033,51 @@ /* If it is in client mode initiate SSL session in connect state otherwise accept state */ if (objt_server(conn->target)) { + int may_retry = 1; + + retry_connect: /* Alloc a new SSL session ctx */ conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx); if (!conn->xprt_ctx) { + if (may_retry--) { + pool_gc2(); + goto retry_connect; + } conn->err_code = CO_ER_SSL_NO_MEM; return -1; } - SSL_set_connect_state(conn->xprt_ctx); - if (objt_server(conn->target)->ssl_ctx.reused_sess) - SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess); - /* set fd on SSL session context */ - SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); + if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_connect; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } /* set connection pointer */ - SSL_set_app_data(conn->xprt_ctx, conn); + if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_connect; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } + + SSL_set_connect_state(conn->xprt_ctx); + if (objt_server(conn->target)->ssl_ctx.reused_sess) { + if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) { + SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess); + objt_server(conn->target)->ssl_ctx.reused_sess = NULL; + } + } /* leave init state and start handshake */ conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; @@ -2058,20 +2087,45 @@ return 0; } else if (objt_listener(conn->target)) { + int may_retry = 1; + + retry_accept: /* Alloc a new SSL session ctx */ conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->default_ctx); if (!conn->xprt_ctx) { + if (may_retry--) { + pool_gc2(); + goto retry_accept; + } conn->err_code = CO_ER_SSL_NO_MEM; return -1; } - SSL_set_accept_state(conn->xprt_ctx); - /* set fd on SSL session context */ - SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); + if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_accept; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } /* set connection pointer */ - SSL_set_app_data(conn->xprt_ctx, conn); + if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; + if (may_retry--) { + pool_gc2(); + goto retry_accept; + } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } + + SSL_set_accept_state(conn->xprt_ctx); /* leave init state and start handshake */ conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
