Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2026-02-06 19:11:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Fri Feb 6 19:11:22 2026 rev:175 rq:1331681 version:3.3.2+git3.bc0fb5969 Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2026-01-30 18:22:40.222494976 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new.1670/haproxy.changes 2026-02-06 19:18:01.791520873 +0100 @@ -1,0 +2,8 @@ +Fri Jan 30 13:28:03 UTC 2026 - Marcus Rueckert <[email protected]> + +- Update to version 3.3.2+git3.bc0fb5969: + * BUG/MEDIUM: applet: Fix test on shut flags for legacy applets + * DOC: internals: cleanup few typos in master-worker documentation + * MEDIUM: h1: strictly verify quoting in chunk extensions + +------------------------------------------------------------------- Old: ---- haproxy-3.3.2+git0.72df9192b.tar.gz New: ---- haproxy-3.3.2+git3.bc0fb5969.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.RFRnkF/_old 2026-02-06 19:18:03.035573508 +0100 +++ /var/tmp/diff_new_pack.RFRnkF/_new 2026-02-06 19:18:03.039573677 +0100 @@ -49,7 +49,7 @@ %bcond_with ech Name: haproxy -Version: 3.3.2+git0.72df9192b +Version: 3.3.2+git3.bc0fb5969 Release: 0 # Summary: The Reliable, High Performance TCP/HTTP Load Balancer ++++++ _service ++++++ --- /var/tmp/diff_new_pack.RFRnkF/_old 2026-02-06 19:18:03.191580109 +0100 +++ /var/tmp/diff_new_pack.RFRnkF/_new 2026-02-06 19:18:03.219581293 +0100 @@ -6,7 +6,10 @@ <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> + <!-- <param name="revision">v3.3.2</param> + --> + <param name="revision">master</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.RFRnkF/_old 2026-02-06 19:18:03.411589417 +0100 +++ /var/tmp/diff_new_pack.RFRnkF/_new 2026-02-06 19:18:03.439590602 +0100 @@ -5,7 +5,7 @@ </service> <service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-3.3.git/</param> - <param name="changesrevision">72df9192b9ff071abce66a040d74cb6f0fe8232c</param> + <param name="changesrevision">bc0fb5969e500ea5702bf885dd1fea110f6b3ce6</param> </service> </servicedata> (No newline at EOF) ++++++ haproxy-3.3.2+git0.72df9192b.tar.gz -> haproxy-3.3.2+git3.bc0fb5969.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-3.3.2+git0.72df9192b/doc/internals/mworker.md new/haproxy-3.3.2+git3.bc0fb5969/doc/internals/mworker.md --- old/haproxy-3.3.2+git0.72df9192b/doc/internals/mworker.md 2026-01-29 16:19:50.000000000 +0100 +++ new/haproxy-3.3.2+git3.bc0fb5969/doc/internals/mworker.md 2026-01-30 09:56:50.000000000 +0100 @@ -11,7 +11,7 @@ At this time HAProxy still had a multi-process model, and the way haproxy is working was incompatible with the daemon mode. -Systemd is compatible with traditionnal forking services, but somehow HAProxy +Systemd is compatible with traditional forking services, but somehow HAProxy is different. To work correctly, systemd needs a main PID, this is the PID of the process that systemd will supervises. @@ -45,7 +45,7 @@ ### mworker V1 -HAProxy 1.8 got ride of the wrapper which was replaced by the master worker +HAProxy 1.8 got rid of the wrapper which was replaced by the master worker mode. This first version was basically a reintegration of the wrapper features within HAProxy. HAProxy is launched with the -W flag, read the configuration and then fork. In mworker mode, the master is usually launched as a root process, @@ -86,7 +86,7 @@ The master is supervising the workers, when a current worker (not a previous one from before the reload) is exiting without being asked for a reload, the master will emit an "exit-on-failure" error and will kill every workers with a SIGTERM -and exits with the same error code than the failed master, this behavior can be +and exits with the same error code than the failed worker, this behavior can be changed by using the "no exit-on-failure" option in the global section. While the master is supervising the workers using the wait() function, the @@ -186,8 +186,8 @@ in the configuration is less useful and everything can be done from the master CLI. -With 2.7, the reload mecanism of the master CLI evolved, with previous versions, -this mecanism was asynchronous, so once the `reload` command was received, the +With 2.7, the reload mechanism of the master CLI evolved, with previous versions, +this mechanism was asynchronous, so once the `reload` command was received, the master would reload, the active master CLI connection was closed, and there was no way to return a status as a response to the `reload` command. To achieve a synchronous reload, a dedicated sockpair is used, one side uses a master CLI diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-3.3.2+git0.72df9192b/include/haproxy/h1.h new/haproxy-3.3.2+git3.bc0fb5969/include/haproxy/h1.h --- old/haproxy-3.3.2+git0.72df9192b/include/haproxy/h1.h 2026-01-29 16:19:50.000000000 +0100 +++ new/haproxy-3.3.2+git3.bc0fb5969/include/haproxy/h1.h 2026-01-30 09:56:50.000000000 +0100 @@ -263,6 +263,8 @@ const char *ptr_old = ptr; const char *end = b_wrap(buf); uint64_t chunk = 0; + int backslash = 0; + int quote = 0; stop -= start; // bytes left start = stop; // bytes to transfer @@ -327,13 +329,37 @@ if (--stop == 0) return 0; - while (!HTTP_IS_CRLF(*ptr)) { + /* The loop seeks the first CRLF or non-tab CTL char + * and stops there. If a backslash/quote is active, + * it's an error. If none, we assume it's the CRLF + * and go back to the top of the loop checking for + * CR then LF. This way CTLs, lone LF etc are handled + * in the fallback path. This allows to protect + * remotes against their own possibly non-compliant + * chunk-ext parser which could mistakenly skip a + * quoted CRLF. Chunk-ext are not used anyway, except + * by attacks. + */ + while (!HTTP_IS_CTL(*ptr) || HTTP_IS_SPHT(*ptr)) { + if (backslash) + backslash = 0; // escaped char + else if (*ptr == '\\' && quote) + backslash = 1; + else if (*ptr == '\\') // backslash not permitted outside quotes + goto error; + else if (*ptr == '"') // begin/end of quoted-pair + quote = !quote; if (++ptr >= end) ptr = b_orig(buf); if (--stop == 0) return 0; } - /* we have a CRLF now, loop above */ + + /* mismatched quotes / backslashes end here */ + if (quote || backslash) + goto error; + + /* CTLs (CRLF) fall to the common check */ continue; } else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-3.3.2+git0.72df9192b/src/applet.c new/haproxy-3.3.2+git3.bc0fb5969/src/applet.c --- old/haproxy-3.3.2+git0.72df9192b/src/applet.c 2026-01-29 16:19:50.000000000 +0100 +++ new/haproxy-3.3.2+git3.bc0fb5969/src/applet.c 2026-01-30 09:56:50.000000000 +0100 @@ -852,7 +852,7 @@ /* Don't call I/O handler if the applet was shut (release callback was * already called) */ - if (se_fl_test(app->sedesc, SE_FL_SHR | SE_FL_SHW)) + if (!se_fl_test(app->sedesc, SE_FL_SHR | SE_FL_SHW)) app->applet->fct(app); TRACE_POINT(APPLET_EV_PROCESS, app); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-3.3.2+git0.72df9192b/src/h1_htx.c new/haproxy-3.3.2+git3.bc0fb5969/src/h1_htx.c --- old/haproxy-3.3.2+git0.72df9192b/src/h1_htx.c 2026-01-29 16:19:50.000000000 +0100 +++ new/haproxy-3.3.2+git3.bc0fb5969/src/h1_htx.c 2026-01-30 09:56:50.000000000 +0100 @@ -724,14 +724,42 @@ break; } else if (likely(end[ridx] == ';')) { + int backslash = 0; + int quote = 0; + /* chunk extension, ends at next CRLF */ if (!++ridx) goto end_parsing; - while (!HTTP_IS_CRLF(end[ridx])) { + + /* The loop seeks the first CRLF or non-tab CTL char + * and stops there. If a backslash/quote is active, + * it's an error. If none, we assume it's the CRLF + * and go back to the top of the loop checking for + * CR then LF. This way CTLs, lone LF etc are handled + * in the fallback path. This allows to protect + * remotes against their own possibly non-compliant + * chunk-ext parser which could mistakenly skip a + * quoted CRLF. Chunk-ext are not used anyway, except + * by attacks. + */ + while (!HTTP_IS_CTL(end[ridx]) || HTTP_IS_SPHT(end[ridx])) { + if (backslash) + backslash = 0; // escaped char + else if (end[ridx] == '\\' && quote) + backslash = 1; + else if (end[ridx] == '\\') // backslash not permitted outside quotes + goto parsing_error; + else if (end[ridx] == '"') // begin/end of quoted-pair + quote = !quote; if (!++ridx) goto end_parsing; } - /* we have a CRLF now, loop above */ + + /* mismatched quotes / backslashes end here */ + if (quote || backslash) + goto parsing_error; + + /* CTLs (CRLF) fall to the common check */ continue; } else {
