Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2020-07-26 16:16:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Sun Jul 26 16:16:06 2020 rev:89 rq:822445 version:2.2.1+git0.0ef71a557 Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2020-07-15 11:28:38.881812048 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new.3592/haproxy.changes 2020-07-26 16:17:30.532705313 +0200 @@ -1,0 +2,35 @@ +Thu Jul 23 15:00:50 UTC 2020 - [email protected] + +- Update to version 2.2.1+git0.0ef71a557: + * [RELEASE] Released version 2.2.1 + * BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering + * BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected + * BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one + * MEDIUM: htx: Add a flag on a HTX message when no more data are expected + * BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed + * BUG/MAJOR: dns: Make the do-resolve action thread-safe + * BUG/MAJOR: tasks: don't requeue global tasks into the local queue + * BUG/MEDIUM: resolve: fix init resolving for ring and peers section. + * BUG/MEDIUM: arg: empty args list must be dropped + * DOC: ssl: req_ssl_sni needs implicit TLS + * BUILD: config: fix again bugs gcc warnings on calloc + * BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed + * BUILD: config: address build warning on raspbian+rpi4 + * BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked + * BUG/MEDIUM: server: fix possibly uninitialized state file on close + * BUG/MEDIUM: server: resolve state file handle leak on reload + * BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers + * BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. + * BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT + * BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding + * BUG/MINOR: mux-fcgi: Handle empty STDERR record + * BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode + * BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list + * BUG/MEDIUM: mux-h2: Don't add private connections in available connection list + * CONTRIB: da: fix memory leak in dummy function da_atlas_open() + * BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ + * BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD() + * BUG/MINOR: sample: Free str.area in smp_check_const_meth + * BUG/MINOR: sample: Free str.area in smp_check_const_bool + +------------------------------------------------------------------- Old: ---- haproxy-2.2.0+git0.3a00c915f.tar.gz New: ---- haproxy-2.2.1+git0.0ef71a557.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.SVMLhA/_old 2020-07-26 16:17:31.648706357 +0200 +++ /var/tmp/diff_new_pack.SVMLhA/_new 2020-07-26 16:17:31.648706357 +0200 @@ -53,7 +53,7 @@ %endif Name: haproxy -Version: 2.2.0+git0.3a00c915f +Version: 2.2.1+git0.0ef71a557 Release: 0 # # ++++++ _service ++++++ --- /var/tmp/diff_new_pack.SVMLhA/_old 2020-07-26 16:17:31.684706391 +0200 +++ /var/tmp/diff_new_pack.SVMLhA/_new 2020-07-26 16:17:31.684706391 +0200 @@ -6,7 +6,7 @@ <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v2.2.0</param> + <param name="revision">v2.2.1</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.SVMLhA/_old 2020-07-26 16:17:31.704706410 +0200 +++ /var/tmp/diff_new_pack.SVMLhA/_new 2020-07-26 16:17:31.704706410 +0200 @@ -1,8 +1,8 @@ <servicedata> <service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-2.1.git</param> - <param name="changesrevision">v2.1.7</param> + <param name="changesrevision">v2.2.0</param> </service> <service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-2.2.git</param> - <param name="changesrevision">3a00c915fd241fc398a080a11ccac9c5c46791ce</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">0ef71a55769353c996166a747b77e0d311867639</param></service></servicedata> \ No newline at end of file ++++++ haproxy-2.2.0+git0.3a00c915f.tar.gz -> haproxy-2.2.1+git0.0ef71a557.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/CHANGELOG new/haproxy-2.2.1+git0.0ef71a557/CHANGELOG --- old/haproxy-2.2.0+git0.3a00c915f/CHANGELOG 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/CHANGELOG 2020-07-23 09:04:24.000000000 +0200 @@ -1,6 +1,37 @@ ChangeLog : =========== +2020/07/23 : 2.2.1 + - BUG/MINOR: sample: Free str.area in smp_check_const_bool + - BUG/MINOR: sample: Free str.area in smp_check_const_meth + - BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD() + - BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ + - CONTRIB: da: fix memory leak in dummy function da_atlas_open() + - BUG/MEDIUM: mux-h2: Don't add private connections in available connection list + - BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list + - BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode + - BUG/MINOR: mux-fcgi: Handle empty STDERR record + - BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding + - BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT + - BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. + - BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers + - BUG/MEDIUM: server: resolve state file handle leak on reload + - BUG/MEDIUM: server: fix possibly uninitialized state file on close + - BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked + - BUILD: config: address build warning on raspbian+rpi4 + - BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed + - BUILD: config: fix again bugs gcc warnings on calloc + - DOC: ssl: req_ssl_sni needs implicit TLS + - BUG/MEDIUM: arg: empty args list must be dropped + - BUG/MEDIUM: resolve: fix init resolving for ring and peers section. + - BUG/MAJOR: tasks: don't requeue global tasks into the local queue + - BUG/MAJOR: dns: Make the do-resolve action thread-safe + - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed + - MEDIUM: htx: Add a flag on a HTX message when no more data are expected + - BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one + - BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected + - BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering + 2020/07/07 : 2.2.0 - BUILD: mux-h2: fix typo breaking build when using DEBUG_LOCK - CLEANUP: makefile: update the outdated list of DEBUG_xxx options diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/Makefile.rej new/haproxy-2.2.1+git0.0ef71a557/Makefile.rej --- old/haproxy-2.2.0+git0.3a00c915f/Makefile.rej 1970-01-01 01:00:00.000000000 +0100 +++ new/haproxy-2.2.1+git0.0ef71a557/Makefile.rej 2020-07-23 09:04:24.000000000 +0200 @@ -0,0 +1,38 @@ +--- Makefile ++++ Makefile +@@ -675,6 +675,35 @@ endif + endif + endif + ++# PIE ++ifneq ($(USE_PIE),) ++OPTIONS_CFLAGS += -DUSE_PIE ++BUILD_OPTIONS += $(call ignore_implicit,USE_PIE) ++OPTIONS_LDFLAGS += -pie ++# still need to figure out how to express this conditional in the makefile ++# %ifarch s390 s390x %sparc ++# PIEFLAGS="-fPIE" ++# %else ++# PIEFLAGS="-fpie" ++# %endif ++# PIE_FLAGS.s390 = -fPIE ++# PIE_FLAGS.i386 = -fpie ++# SEC_FLAGS += $(PIE_FLAGS.$(ARCH)) ++OPTIONS_CFLAGS += -fpie ++endif ++ ++ifneq ($(USE_STACKPROTECTOR),) ++OPTIONS_CFLAGS += -DUSE_STACKPROTECTOR ++BUILD_OPTIONS += $(call ignore_implicit,USE_STACKPROTECTOR) ++OPTIONS_CFLAGS += -fstack-protector ++endif ++ ++ifneq ($(USE_RELRO_NOW),) ++OPTIONS_CFLAGS += -DUSE_RELRO_NOW ++BUILD_OPTIONS += $(call ignore_implicit,USE_RELRO_NOW) ++OPTIONS_LDFLAGS += -Wl,-z,relro,-z,now ++endif ++ + # This one can be changed to look for ebtree files in an external directory + EBTREE_DIR := ebtree + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/VERDATE new/haproxy-2.2.1+git0.0ef71a557/VERDATE --- old/haproxy-2.2.0+git0.3a00c915f/VERDATE 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/VERDATE 2020-07-23 09:04:24.000000000 +0200 @@ -1,2 +1,2 @@ $Format:%ci$ -2020/07/07 +2020/07/23 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/VERSION new/haproxy-2.2.1+git0.0ef71a557/VERSION --- old/haproxy-2.2.0+git0.3a00c915f/VERSION 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/VERSION 2020-07-23 09:04:24.000000000 +0200 @@ -1 +1 @@ -2.2.0 +2.2.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/contrib/deviceatlas/dac.c new/haproxy-2.2.1+git0.0ef71a557/contrib/deviceatlas/dac.c --- old/haproxy-2.2.0+git0.3a00c915f/contrib/deviceatlas/dac.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/contrib/deviceatlas/dac.c 2020-07-23 09:04:24.000000000 +0200 @@ -63,8 +63,9 @@ da_status_t da_atlas_open(da_atlas_t *atlas, da_property_decl_t *extraprops, const void *ptr, size_t len) { - ptr = malloc(len); - return ptr ? DA_OK : DA_NOMEM; + void *ptr2 = malloc(len); + free(ptr2); + return ptr2 ? DA_OK : DA_NOMEM; } void diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/contrib/prometheus-exporter/service-prometheus.c new/haproxy-2.2.1+git0.0ef71a557/contrib/prometheus-exporter/service-prometheus.c --- old/haproxy-2.2.0+git0.3a00c915f/contrib/prometheus-exporter/service-prometheus.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/contrib/prometheus-exporter/service-prometheus.c 2020-07-23 09:04:24.000000000 +0200 @@ -2440,6 +2440,7 @@ case PROMEX_ST_DONE: /* Don't add TLR because mux-h1 will take care of it */ + res_htx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ if (!htx_add_endof(res_htx, HTX_BLK_EOM)) { si_rx_room_blk(si); goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/doc/configuration.txt new/haproxy-2.2.1+git0.0ef71a557/doc/configuration.txt --- old/haproxy-2.2.0+git0.3a00c915f/doc/configuration.txt 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/doc/configuration.txt 2020-07-23 09:04:24.000000000 +0200 @@ -4,7 +4,7 @@ ---------------------- version 2.2 willy tarreau - 2020/07/07 + 2020/07/23 This document covers the configuration language as implemented in the version @@ -12053,15 +12053,16 @@ The "use-server" statement works both in HTTP and TCP mode. This makes it suitable for use with content-based inspection. For instance, a server could - be selected in a farm according to the TLS SNI field. And if these servers - have their weight set to zero, they will not be used for other traffic. + be selected in a farm according to the TLS SNI field when using protocols with + implicit TLS (also see "req_ssl_sni"). And if these servers have their weight + set to zero, they will not be used for other traffic. Example : # intercept incoming TLS requests based on the SNI field use-server www if { req_ssl_sni -i www.example.com } server www 192.168.0.1:443 weight 0 use-server mail if { req_ssl_sni -i mail.example.com } - server mail 192.168.0.1:587 weight 0 + server mail 192.168.0.1:465 weight 0 use-server imap if { req_ssl_sni -i imap.example.com } server imap 192.168.0.1:993 weight 0 # all the rest is forwarded to this server @@ -17449,13 +17450,15 @@ contains data that parse as a complete SSL (v3 or superior) client hello message. Note that this only applies to raw contents found in the request buffer and not to contents deciphered via an SSL data layer, so this will not - work with "bind" lines having the "ssl" option. SNI normally contains the - name of the host the client tries to connect to (for recent browsers). SNI is - useful for allowing or denying access to certain hosts when SSL/TLS is used - by the client. This test was designed to be used with TCP request content - inspection. If content switching is needed, it is recommended to first wait - for a complete client hello (type 1), like in the example below. See also - "ssl_fc_sni". + work with "bind" lines having the "ssl" option. This will only work for actual + implicit TLS based protocols like HTTPS (443), IMAPS (993), SMTPS (465), + however it will not work for explicit TLS based protocols, like SMTP (25/587) + or IMAP (143). SNI normally contains the name of the host the client tries to + connect to (for recent browsers). SNI is useful for allowing or denying access + to certain hosts when SSL/TLS is used by the client. This test was designed to + be used with TCP request content inspection. If content switching is needed, + it is recommended to first wait for a complete client hello (type 1), like in + the example below. See also "ssl_fc_sni". ACL derivatives : req_ssl_sni : exact string match diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/htx-t.h new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/htx-t.h --- old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/htx-t.h 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/htx-t.h 2020-07-23 09:04:24.000000000 +0200 @@ -145,7 +145,9 @@ #define HTX_FL_PROCESSING_ERROR 0x00000002 /* Set when a processing error occurred */ #define HTX_FL_UPGRADE 0x00000004 /* Set when an upgrade is in progress */ #define HTX_FL_PROXY_RESP 0x00000008 /* Set when the response was generated by HAProxy */ - +#define HTX_FL_EOI 0x00000010 /* Set when end-of-input is reached from the HTX point of view + * (at worst, on the EOM block is missing) + */ /* HTX block's type (max 15). */ enum htx_blk_type { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/htx.h new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/htx.h --- old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/htx.h 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/htx.h 2020-07-23 09:04:24.000000000 +0200 @@ -585,6 +585,15 @@ return (htx->head != -1); } +/* Returns 1 if no more data are expected for the message <htx>. Otherwise it + * returns 0. Note that it is illegal to call this with htx == NULL. Note also + * the EOM block may be missing. + */ +static inline int htx_expect_more(const struct htx *htx) +{ + return !(htx->flags & HTX_FL_EOI); +} + /* Copy an HTX message stored in the buffer <msg> to <htx>. We take care to * not overwrite existing data. All the message is copied or nothing. It returns * 1 on success and 0 on error. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/list.h new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/list.h --- old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/list.h 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/list.h 2020-07-23 09:04:24.000000000 +0200 @@ -244,6 +244,7 @@ if ((el)->next != (el) || (el)->prev != (el)) { \ (n)->prev = p; \ (lh)->next = n; \ + __ha_barrier_store(); \ break; \ } \ (el)->next = n; \ @@ -283,6 +284,7 @@ if ((el)->next != (el) || (el)->prev != (el)) { \ p->next = n; \ (lh)->prev = p; \ + __ha_barrier_store(); \ break; \ } \ (el)->next = n; \ @@ -349,6 +351,7 @@ continue; \ if (_p == (lh)) { \ (lh)->prev = _p; \ + __ha_barrier_store(); \ _n = NULL; \ break; \ } \ @@ -361,12 +364,15 @@ if (_n == (lh)) { \ (lh)->next = _n; \ (lh)->prev = _p; \ + __ha_barrier_store(); \ _n = NULL; \ break; \ } \ (lh)->next = (lh); \ (lh)->prev = (lh); \ + __ha_barrier_store(); \ _n->prev = _p; \ + __ha_barrier_store(); \ _p->next = NULL; \ __ha_barrier_store(); \ break; \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/server.h new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/server.h --- old/haproxy-2.2.0+git0.3a00c915f/include/haproxy/server.h 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/include/haproxy/server.h 2020-07-23 09:04:24.000000000 +0200 @@ -43,7 +43,7 @@ int srv_downtime(const struct server *s); int srv_lastsession(const struct server *s); int srv_getinter(const struct check *check); -int parse_server(const char *file, int linenum, char **args, struct proxy *curproxy, struct proxy *defproxy, int parse_addr, int in_peers_section); +int parse_server(const char *file, int linenum, char **args, struct proxy *curproxy, struct proxy *defproxy, int parse_addr, int in_peers_section, int initial_resolve); int update_server_addr(struct server *s, void *ip, int ip_sin_family, const char *updater); const char *update_server_addr_port(struct server *s, const char *addr, const char *port, char *updater); struct server *server_find_by_id(struct proxy *bk, int id); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/arg.c new/haproxy-2.2.1+git0.0ef71a557/src/arg.c --- old/haproxy-2.2.0+git0.3a00c915f/src/arg.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/arg.c 2020-07-23 09:04:24.000000000 +0200 @@ -395,6 +395,14 @@ return -1; empty_err: + /* If we've only got an empty set of parenthesis with nothing + * in between, there is no arg at all. + */ + if (!pos) { + free(*argp); + *argp = NULL; + } + if (pos >= min_arg) goto end_parse; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/cache.c new/haproxy-2.2.1+git0.0ef71a557/src/cache.c --- old/haproxy-2.2.0+git0.3a00c915f/src/cache.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/cache.c 2020-07-23 09:04:24.000000000 +0200 @@ -926,6 +926,7 @@ } if (appctx->st0 == HTX_CACHE_EOM) { + res_htx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ if (!htx_add_endof(res_htx, HTX_BLK_EOM)) { si_rx_room_blk(si); goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/cfgparse-listen.c new/haproxy-2.2.1+git0.0ef71a557/src/cfgparse-listen.c --- old/haproxy-2.2.0+git0.3a00c915f/src/cfgparse-listen.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/cfgparse-listen.c 2020-07-23 09:04:24.000000000 +0200 @@ -531,7 +531,7 @@ if (!strcmp(args[0], "server") || !strcmp(args[0], "default-server") || !strcmp(args[0], "server-template")) { - err_code |= parse_server(file, linenum, args, curproxy, &defproxy, 1, 0); + err_code |= parse_server(file, linenum, args, curproxy, &defproxy, 1, 0, 0); if (err_code & ERR_FATAL) goto out; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/cfgparse.c new/haproxy-2.2.1+git0.0ef71a557/src/cfgparse.c --- old/haproxy-2.2.0+git0.3a00c915f/src/cfgparse.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/cfgparse.c 2020-07-23 09:04:24.000000000 +0200 @@ -677,7 +677,7 @@ err_code |= ERR_ALERT | ERR_ABORT; goto out; } - err_code |= parse_server(file, linenum, args, curpeers->peers_fe, NULL, 0, 1); + err_code |= parse_server(file, linenum, args, curpeers->peers_fe, NULL, 0, 1, 1); } else if (strcmp(args[0], "log") == 0) { if (init_peers_frontend(file, linenum, NULL, curpeers) != 0) { @@ -786,7 +786,7 @@ * The server address is parsed only if we are parsing a "peer" line, * or if we are parsing a "server" line and the current peer is not the local one. */ - err_code |= parse_server(file, linenum, args, curpeers->peers_fe, NULL, peer || !local_peer, 1); + err_code |= parse_server(file, linenum, args, curpeers->peers_fe, NULL, peer || !local_peer, 1, 1); if (!curpeers->peers_fe->srv) { /* Remove the newly allocated peer. */ if (newpeer != curpeers->local) { @@ -3549,7 +3549,7 @@ for (newsrv = curproxy->srv; newsrv; newsrv = newsrv->next) { int i; - newsrv->available_conns = calloc((unsigned)global.nbthread, sizeof(*newsrv->available_conns)); + newsrv->available_conns = calloc(global.nbthread, sizeof(*newsrv->available_conns)); if (!newsrv->available_conns) { ha_alert("parsing [%s:%d] : failed to allocate idle connections for server '%s'.\n", @@ -3581,7 +3581,7 @@ } } - newsrv->idle_conns = calloc((unsigned)global.nbthread, sizeof(*newsrv->idle_conns)); + newsrv->idle_conns = calloc((unsigned short)global.nbthread, sizeof(*newsrv->idle_conns)); if (!newsrv->idle_conns) { ha_alert("parsing [%s:%d] : failed to allocate idle connections for server '%s'.\n", newsrv->conf.file, newsrv->conf.line, newsrv->id); @@ -3592,7 +3592,7 @@ for (i = 0; i < global.nbthread; i++) MT_LIST_INIT(&newsrv->idle_conns[i]); - newsrv->safe_conns = calloc((unsigned)global.nbthread, sizeof(*newsrv->safe_conns)); + newsrv->safe_conns = calloc(global.nbthread, sizeof(*newsrv->safe_conns)); if (!newsrv->safe_conns) { ha_alert("parsing [%s:%d] : failed to allocate idle connections for server '%s'.\n", newsrv->conf.file, newsrv->conf.line, newsrv->id); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/channel.c new/haproxy-2.2.1+git0.0ef71a557/src/channel.c --- old/haproxy-2.2.0+git0.3a00c915f/src/channel.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/channel.c 2020-07-23 09:04:24.000000000 +0200 @@ -259,7 +259,7 @@ int co_getblk_nc(const struct channel *chn, const char **blk1, size_t *len1, const char **blk2, size_t *len2) { if (unlikely(co_data(chn) == 0)) { - if (chn->flags & CF_SHUTW) + if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) return -1; return 0; } @@ -301,7 +301,7 @@ } } - if (chn->flags & CF_SHUTW) { + if (chn->flags & (CF_SHUTW|CF_SHUTW_NOW)) { /* If we have found no LF and the buffer is shut, then * the resulting string is made of the concatenation of * the pending blocks (1 or 2). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/dns.c new/haproxy-2.2.1+git0.0ef71a557/src/dns.c --- old/haproxy-2.2.0+git0.3a00c915f/src/dns.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/dns.c 2020-07-23 09:04:24.000000000 +0200 @@ -1573,6 +1573,7 @@ static void dns_free_resolution(struct dns_resolution *resolution) { struct dns_requester *req, *reqback; + struct dns_answer_item *item, *itemback; /* clean up configuration */ dns_reset_resolution(resolution); @@ -1584,6 +1585,16 @@ req->resolution = NULL; } + list_for_each_entry_safe(item, itemback, &resolution->response.ar_list, list) { + LIST_DEL(&item->list); + pool_free(dns_answer_item_pool, item); + } + + list_for_each_entry_safe(item, itemback, &resolution->response.answer_list, list) { + LIST_DEL(&item->list); + pool_free(dns_answer_item_pool, item); + } + LIST_DEL(&resolution->list); pool_free(dns_resolution_pool, resolution); } @@ -2396,14 +2407,23 @@ struct dns_requester *req; struct dns_resolvers *resolvers; struct dns_resolution *res; - int exp; + int exp, locked = 0; + enum act_return ret = ACT_RET_CONT; + + resolvers = rule->arg.dns.resolvers; /* we have a response to our DNS resolution */ use_cache: if (s->dns_ctx.dns_requester && s->dns_ctx.dns_requester->resolution != NULL) { resolution = s->dns_ctx.dns_requester->resolution; + if (!locked) { + HA_SPIN_LOCK(DNS_LOCK, &resolvers->lock); + locked = 1; + } + if (resolution->step == RSLV_STEP_RUNNING) { - return ACT_RET_YIELD; + ret = ACT_RET_YIELD; + goto end; } if (resolution->step == RSLV_STEP_NONE) { /* We update the variable only if we have a valid response. */ @@ -2445,29 +2465,33 @@ pool_free(dns_requester_pool, s->dns_ctx.dns_requester); s->dns_ctx.dns_requester = NULL; - return ACT_RET_CONT; + goto end; } /* need to configure and start a new DNS resolution */ smp = sample_fetch_as_type(px, sess, s, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->arg.dns.expr, SMP_T_STR); if (smp == NULL) - return ACT_RET_CONT; + goto end; fqdn = smp->data.u.str.area; if (action_prepare_for_resolution(s, fqdn) == -1) - return ACT_RET_CONT; /* on error, ignore the action */ + goto end; /* on error, ignore the action */ s->dns_ctx.parent = rule; + + HA_SPIN_LOCK(DNS_LOCK, &resolvers->lock); + locked = 1; + dns_link_resolution(s, OBJ_TYPE_STREAM, 0); /* Check if there is a fresh enough response in the cache of our associated resolution */ req = s->dns_ctx.dns_requester; if (!req || !req->resolution) { dns_trigger_resolution(s->dns_ctx.dns_requester); - return ACT_RET_YIELD; + ret = ACT_RET_YIELD; + goto end; } - res = req->resolution; - resolvers = res->resolvers; + res = req->resolution; exp = tick_add(res->last_resolution, resolvers->hold.valid); if (resolvers->t && res->status == RSLV_STATUS_VALID && tick_isset(res->last_resolution) @@ -2476,7 +2500,12 @@ } dns_trigger_resolution(s->dns_ctx.dns_requester); - return ACT_RET_YIELD; + ret = ACT_RET_YIELD; + + end: + if (locked) + HA_SPIN_UNLOCK(DNS_LOCK, &resolvers->lock); + return ret; } static void release_dns_action(struct act_rule *rule) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/fcgi-app.c new/haproxy-2.2.1+git0.0ef71a557/src/fcgi-app.c --- old/haproxy-2.2.0+git0.3a00c915f/src/fcgi-app.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/fcgi-app.c 2020-07-23 09:04:24.000000000 +0200 @@ -448,8 +448,10 @@ b_reset(value); value->data = build_logline(s, value->area, value->size, param_rule->value); - if (!value->data) + if (!value->data) { + pool_free(pool_head_fcgi_param_rule, param_rule); continue; + } if (!http_add_header(htx, param_rule->name, ist2(value->area, value->data))) goto rewrite_err; pool_free(pool_head_fcgi_param_rule, param_rule); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/h1_htx.c new/haproxy-2.2.1+git0.0ef71a557/src/h1_htx.c --- old/haproxy-2.2.0+git0.3a00c915f/src/h1_htx.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/h1_htx.c 2020-07-23 09:04:24.000000000 +0200 @@ -616,6 +616,8 @@ dsthtx->flags |= HTX_FL_PARSING_ERROR; return 0; } + + dsthtx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ if (max < sizeof(struct htx_blk) + 1 || !htx_add_endof(dsthtx, HTX_BLK_EOM)) return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/hlua.c new/haproxy-2.2.1+git0.0ef71a557/src/hlua.c --- old/haproxy-2.2.0+git0.3a00c915f/src/hlua.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/hlua.c 2020-07-23 09:04:24.000000000 +0200 @@ -7121,6 +7121,7 @@ goto error; /* Don't add TLR because mux-h1 will take care of it */ + res_htx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ if (!htx_add_endof(res_htx, HTX_BLK_EOM)) { si_rx_room_blk(si); goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/http_ana.c new/haproxy-2.2.1+git0.0ef71a557/src/http_ana.c --- old/haproxy-2.2.0+git0.3a00c915f/src/http_ana.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/http_ana.c 2020-07-23 09:04:24.000000000 +0200 @@ -1246,6 +1246,8 @@ msg->msg_state = HTTP_MSG_ENDING; ending: + req->flags &= ~CF_EXPECT_MORE; /* no more data are expected */ + /* other states, ENDING...TUNNEL */ if (msg->msg_state >= HTTP_MSG_DONE) goto done; @@ -1336,7 +1338,7 @@ * flag with the last block of forwarded data, which would cause an * additional delay to be observed by the receiver. */ - if (msg->flags & HTTP_MSGF_TE_CHNK) + if (HAS_REQ_DATA_FILTERS(s)) req->flags |= CF_EXPECT_MORE; DBG_TRACE_DEVEL("waiting for more data to forward", @@ -2332,6 +2334,8 @@ msg->msg_state = HTTP_MSG_ENDING; ending: + res->flags &= ~CF_EXPECT_MORE; /* no more data are expected */ + /* other states, ENDING...TUNNEL */ if (msg->msg_state >= HTTP_MSG_DONE) goto done; @@ -2411,7 +2415,7 @@ * flag with the last block of forwarded data, which would cause an * additional delay to be observed by the receiver. */ - if ((msg->flags & HTTP_MSGF_TE_CHNK) || (msg->flags & HTTP_MSGF_COMPRESSING)) + if (HAS_RSP_DATA_FILTERS(s)) res->flags |= CF_EXPECT_MORE; /* the stream handler will take care of timeouts and errors */ @@ -4574,6 +4578,7 @@ channel_auto_close(res); channel_shutr_now(res); res->flags |= CF_EOI; /* The response is terminated, add EOI */ + htxbuf(&res->buf)->flags |= HTX_FL_EOI; /* no more data are expected */ } else { /* Send ASAP informational messages. Rely on CF_EOI for final diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/log.c new/haproxy-2.2.1+git0.0ef71a557/src/log.c --- old/haproxy-2.2.0+git0.3a00c915f/src/log.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/log.c 2020-07-23 09:04:24.000000000 +0200 @@ -1832,7 +1832,7 @@ /* Send log messages to syslog server. */ nblogger = 0; list_for_each_entry(logsrv, logsrvs, list) { - static THREAD_LOCAL int in_range = 1; + int in_range = 1; /* we can filter the level of the messages that are sent to each logger */ if (level > logsrv->level) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/mux_fcgi.c new/haproxy-2.2.1+git0.0ef71a557/src/mux_fcgi.c --- old/haproxy-2.2.0+git0.3a00c915f/src/mux_fcgi.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/mux_fcgi.c 2020-07-23 09:04:24.000000000 +0200 @@ -2295,6 +2295,7 @@ goto fail; end_transfer: + fconn->state = FCGI_CS_RECORD_P; fconn->drl += fconn->drp; fconn->drp = 0; ret = MIN(b_data(&fconn->dbuf), fconn->drl); @@ -2335,7 +2336,7 @@ return 0; } fconn->state = FCGI_CS_RECORD_H; - fstrm->state |= FCGI_SF_ES_RCVD; + fstrm->flags |= FCGI_SF_ES_RCVD; TRACE_PROTO("FCGI STDOUT record rcvd", FCGI_EV_RX_RECORD|FCGI_EV_RX_STDOUT, fconn->conn, fstrm,, (size_t[]){0}); TRACE_STATE("stdout data fully send, switching to RECORD_H", FCGI_EV_RX_RECORD|FCGI_EV_RX_FHDR|FCGI_EV_RX_EOI, fconn->conn, fstrm); TRACE_LEAVE(FCGI_EV_RX_RECORD|FCGI_EV_RX_STDOUT, fconn->conn, fstrm); @@ -2355,7 +2356,7 @@ dbuf = &fconn->dbuf; /* Only padding remains */ - if (fconn->state == FCGI_CS_RECORD_P) + if (fconn->state == FCGI_CS_RECORD_P || !fconn->drl) goto end_transfer; if (b_data(dbuf) < (fconn->drl + fconn->drp) && @@ -2379,6 +2380,7 @@ goto fail; end_transfer: + fconn->state = FCGI_CS_RECORD_P; fconn->drl += fconn->drp; fconn->drp = 0; ret = MIN(b_data(&fconn->dbuf), fconn->drl); @@ -3543,26 +3545,33 @@ /* Never ever allow to reuse a connection from a non-reuse backend */ if ((fconn->proxy->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) fconn->conn->flags |= CO_FL_PRIVATE; - if (!fconn->conn->owner && (fconn->conn->flags & CO_FL_PRIVATE)) { - fconn->conn->owner = sess; - if (!session_add_conn(sess, fconn->conn, fconn->conn->target)) { - fconn->conn->owner = NULL; - if (eb_is_empty(&fconn->streams_by_id)) { - /* let's kill the connection right away */ - fconn->conn->mux->destroy(fconn); + if (fconn->conn->flags & CO_FL_PRIVATE) { + if (!fconn->conn->owner) { + fconn->conn->owner = sess; + if (!session_add_conn(sess, fconn->conn, fconn->conn->target)) { + fconn->conn->owner = NULL; + if (eb_is_empty(&fconn->streams_by_id)) { + /* let's kill the connection right away */ + fconn->conn->mux->destroy(fconn); + TRACE_DEVEL("outgoing connection killed", FCGI_EV_STRM_END|FCGI_EV_FCONN_ERR); + return; + } + } + } + if (eb_is_empty(&fconn->streams_by_id) && fconn->conn->owner == sess) { + if (session_check_idle_conn(fconn->conn->owner, fconn->conn) != 0) { + /* The connection is destroyed, let's leave */ TRACE_DEVEL("outgoing connection killed", FCGI_EV_STRM_END|FCGI_EV_FCONN_ERR); return; } } + + /* Be sure to remove the connection from the available_conns list */ + if (!MT_LIST_ISEMPTY(&fconn->conn->list)) + MT_LIST_DEL(&fconn->conn->list); } - if (eb_is_empty(&fconn->streams_by_id)) { - if (sess && fconn->conn->owner == sess && - session_check_idle_conn(fconn->conn->owner, fconn->conn) != 0) { - /* The connection is destroyed, let's leave */ - TRACE_DEVEL("outgoing connection killed", FCGI_EV_STRM_END|FCGI_EV_FCONN_ERR); - return; - } - if (!(fconn->conn->flags & CO_FL_PRIVATE)) { + else { + if (eb_is_empty(&fconn->streams_by_id)) { if (!srv_add_to_idle_list(objt_server(fconn->conn->target), fconn->conn, 1)) { /* The server doesn't want it, let's kill the connection right away */ fconn->conn->mux->destroy(fconn); @@ -3576,11 +3585,11 @@ TRACE_DEVEL("reusable idle connection", FCGI_EV_STRM_END, fconn->conn); return; } - } else if (MT_LIST_ISEMPTY(&fconn->conn->list) && - fcgi_avail_streams(fconn->conn) > 0 && objt_server(fconn->conn->target)) { + else if (MT_LIST_ISEMPTY(&fconn->conn->list) && + fcgi_avail_streams(fconn->conn) > 0 && objt_server(fconn->conn->target)) { LIST_ADD(&__objt_server(fconn->conn->target)->available_conns[tid], mt_list_to_list(&fconn->conn->list)); } - + } } /* We don't want to close right now unless we're removing the last diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/mux_h1.c new/haproxy-2.2.1+git0.0ef71a557/src/mux_h1.c --- old/haproxy-2.2.0+git0.3a00c915f/src/mux_h1.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/mux_h1.c 2020-07-23 09:04:24.000000000 +0200 @@ -1456,8 +1456,10 @@ else if (h1s->req.state < H1_MSG_DONE || h1s->res.state < H1_MSG_DONE) { h1c->flags |= H1C_F_IN_BUSY; TRACE_STATE("switch h1c in busy mode", H1_EV_RX_DATA|H1_EV_H1C_BLK, h1c->conn, h1s); + break; } - break; + else + break; } else if (h1m->state == H1_MSG_TUNNEL) { TRACE_PROTO("parsing tunneled data", H1_EV_RX_DATA, h1c->conn, h1s); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/mux_h2.c new/haproxy-2.2.1+git0.0ef71a557/src/mux_h2.c --- old/haproxy-2.2.0+git0.3a00c915f/src/mux_h2.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/mux_h2.c 2020-07-23 09:04:24.000000000 +0200 @@ -3945,25 +3945,32 @@ /* Never ever allow to reuse a connection from a non-reuse backend */ if ((h2c->proxy->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) h2c->conn->flags |= CO_FL_PRIVATE; - if (!h2c->conn->owner && (h2c->conn->flags & CO_FL_PRIVATE)) { - h2c->conn->owner = sess; - if (!session_add_conn(sess, h2c->conn, h2c->conn->target)) { - h2c->conn->owner = NULL; - if (eb_is_empty(&h2c->streams_by_id)) { - h2c->conn->mux->destroy(h2c); - TRACE_DEVEL("leaving on error after killing outgoing connection", H2_EV_STRM_END|H2_EV_H2C_ERR); + if (h2c->conn->flags & CO_FL_PRIVATE) { + if (!h2c->conn->owner) { + h2c->conn->owner = sess; + if (!session_add_conn(sess, h2c->conn, h2c->conn->target)) { + h2c->conn->owner = NULL; + if (eb_is_empty(&h2c->streams_by_id)) { + h2c->conn->mux->destroy(h2c); + TRACE_DEVEL("leaving on error after killing outgoing connection", H2_EV_STRM_END|H2_EV_H2C_ERR); + return; + } + } + } + if (eb_is_empty(&h2c->streams_by_id) && h2c->conn->owner == sess) { + if (session_check_idle_conn(h2c->conn->owner, h2c->conn) != 0) { + /* At this point either the connection is destroyed, or it's been added to the server idle list, just stop */ + TRACE_DEVEL("leaving without reusable idle connection", H2_EV_STRM_END); return; } } + + /* Be sure to remove the connection from the available_conns list */ + if (!MT_LIST_ISEMPTY(&h2c->conn->list)) + MT_LIST_DEL(&h2c->conn->list); } - if (eb_is_empty(&h2c->streams_by_id)) { - if (sess && h2c->conn->owner == sess && - session_check_idle_conn(h2c->conn->owner, h2c->conn) != 0) { - /* At this point either the connection is destroyed, or it's been added to the server idle list, just stop */ - TRACE_DEVEL("leaving without reusable idle connection", H2_EV_STRM_END); - return; - } - if (!(h2c->conn->flags & CO_FL_PRIVATE)) { + else { + if (eb_is_empty(&h2c->streams_by_id)) { if (!srv_add_to_idle_list(objt_server(h2c->conn->target), h2c->conn, 1)) { /* The server doesn't want it, let's kill the connection right away */ h2c->conn->mux->destroy(h2c); @@ -3978,9 +3985,10 @@ return; } - } else if (MT_LIST_ISEMPTY(&h2c->conn->list) && - h2_avail_streams(h2c->conn) > 0 && objt_server(h2c->conn->target)) { - LIST_ADD(&__objt_server(h2c->conn->target)->available_conns[tid], mt_list_to_list(&h2c->conn->list)); + else if (MT_LIST_ISEMPTY(&h2c->conn->list) && + h2_avail_streams(h2c->conn) > 0 && objt_server(h2c->conn->target)) { + LIST_ADD(&__objt_server(h2c->conn->target)->available_conns[tid], mt_list_to_list(&h2c->conn->list)); + } } } } @@ -4453,6 +4461,7 @@ if ((h2c->dff & H2_F_HEADERS_END_STREAM)) { /* Mark the end of message using EOM */ + htx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ if (!htx_add_endof(htx, HTX_BLK_EOM)) { TRACE_STATE("failed to append HTX EOM block into rxbuf", H2_EV_RX_FRAME|H2_EV_RX_HDR|H2_EV_H2S_ERR, h2c->conn); goto fail; @@ -4588,6 +4597,7 @@ */ if (h2c->dff & H2_F_DATA_END_STREAM) { + htx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ if (!htx_add_endof(htx, HTX_BLK_EOM)) { TRACE_STATE("h2s rxbuf is full, failed to add EOM", H2_EV_RX_FRAME|H2_EV_RX_DATA|H2_EV_H2S_BLK, h2c->conn, h2s); h2c->flags |= H2_CF_DEM_SFULL; @@ -5779,6 +5789,8 @@ if (htx_is_empty(buf_htx)) cs->flags |= CS_FL_EOI; } + else if (htx_is_empty(h2s_htx)) + buf_htx->flags |= (h2s_htx->flags & HTX_FL_EOI); buf_htx->extra = (h2s_htx->extra ? (h2s_htx->data + h2s_htx->extra) : 0); htx_to_buf(buf_htx, buf); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/sample.c new/haproxy-2.2.1+git0.0ef71a557/src/sample.c --- old/haproxy-2.2.0+git0.3a00c915f/src/sample.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/sample.c 2020-07-23 09:04:24.000000000 +0200 @@ -3567,12 +3567,14 @@ { if (strcasecmp(args[0].data.str.area, "true") == 0 || strcasecmp(args[0].data.str.area, "1") == 0) { + free(args[0].data.str.area); args[0].type = ARGT_SINT; args[0].data.sint = 1; return 1; } if (strcasecmp(args[0].data.str.area, "false") == 0 || strcasecmp(args[0].data.str.area, "0") == 0) { + free(args[0].data.str.area); args[0].type = ARGT_SINT; args[0].data.sint = 0; return 1; @@ -3638,6 +3640,8 @@ meth = find_http_meth(args[0].data.str.area, args[0].data.str.data); if (meth != HTTP_METH_OTHER) { + free(args[0].data.str.area); + args[0].type = ARGT_SINT; args[0].data.sint = meth; } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/server.c new/haproxy-2.2.1+git0.0ef71a557/src/server.c --- old/haproxy-2.2.0+git0.3a00c915f/src/server.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/server.c 2020-07-23 09:04:24.000000000 +0200 @@ -1937,7 +1937,8 @@ return i - srv->tmpl_info.nb_low; } -int parse_server(const char *file, int linenum, char **args, struct proxy *curproxy, struct proxy *defproxy, int parse_addr, int in_peers_section) +int parse_server(const char *file, int linenum, char **args, struct proxy *curproxy, + struct proxy *defproxy, int parse_addr, int in_peers_section, int initial_resolve) { struct server *newsrv = NULL; const char *err = NULL; @@ -2053,7 +2054,7 @@ if (!parse_addr) goto skip_addr; - sk = str2sa_range(args[cur_arg], &port, &port1, &port2, &errmsg, NULL, &fqdn, 0); + sk = str2sa_range(args[cur_arg], &port, &port1, &port2, &errmsg, NULL, &fqdn, initial_resolve); if (!sk) { ha_alert("parsing [%s:%d] : '%s %s' : %s\n", file, linenum, args[0], args[1], errmsg); err_code |= ERR_ALERT | ERR_FATAL; @@ -3162,7 +3163,7 @@ struct state_line *st; struct ebmb_node *node, *next_node; - + f = NULL; global_file_version = 0; globalfilepathlen = 0; /* create the globalfilepath variable */ @@ -3268,6 +3269,11 @@ } out_load_server_state_in_tree: + if (f) { + fclose(f); + f = NULL; + } + /* parse all proxies and load states form tree (global file) or from local file */ for (curproxy = proxies_list; curproxy != NULL; curproxy = curproxy->next) { /* servers are only in backends */ @@ -3447,9 +3453,11 @@ /* now we can proceed with server's state update */ srv_update_state(srv, version, srv_params); } + + fileclose: + fclose(f); + } -fileclose: - fclose(f); } /* now free memory allocated for the tree */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/sink.c new/haproxy-2.2.1+git0.0ef71a557/src/sink.c --- old/haproxy-2.2.0+git0.3a00c915f/src/sink.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/sink.c 2020-07-23 09:04:24.000000000 +0200 @@ -857,7 +857,7 @@ } } else if (strcmp(args[0],"server") == 0) { - err_code |= parse_server(file, linenum, args, cfg_sink->forward_px, NULL, 1, 0); + err_code |= parse_server(file, linenum, args, cfg_sink->forward_px, NULL, 1, 0, 1); } else if (strcmp(args[0],"timeout") == 0) { if (!cfg_sink || !cfg_sink->forward_px) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/stats.c new/haproxy-2.2.1+git0.0ef71a557/src/stats.c --- old/haproxy-2.2.0+git0.3a00c915f/src/stats.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/stats.c 2020-07-23 09:04:24.000000000 +0200 @@ -3337,6 +3337,7 @@ if (appctx->st0 == STAT_HTTP_DONE) { /* Don't add TLR because mux-h1 will take care of it */ + res_htx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ if (!htx_add_endof(res_htx, HTX_BLK_EOM)) { si_rx_room_blk(si); goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/stream.c new/haproxy-2.2.1+git0.0ef71a557/src/stream.c --- old/haproxy-2.2.0+git0.3a00c915f/src/stream.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/stream.c 2020-07-23 09:04:24.000000000 +0200 @@ -627,9 +627,13 @@ } if (s->dns_ctx.dns_requester) { + __decl_thread(struct dns_resolvers *resolvers = s->dns_ctx.parent->arg.dns.resolvers); + + HA_SPIN_LOCK(DNS_LOCK, &resolvers->lock); free(s->dns_ctx.hostname_dn); s->dns_ctx.hostname_dn = NULL; s->dns_ctx.hostname_dn_len = 0; dns_unlink_resolution(s->dns_ctx.dns_requester); + HA_SPIN_UNLOCK(DNS_LOCK, &resolvers->lock); pool_free(dns_requester_pool, s->dns_ctx.dns_requester); s->dns_ctx.dns_requester = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/stream_interface.c new/haproxy-2.2.1+git0.0ef71a557/src/stream_interface.c --- old/haproxy-2.2.0+git0.3a00c915f/src/stream_interface.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/stream_interface.c 2020-07-23 09:04:24.000000000 +0200 @@ -698,7 +698,8 @@ if ((!(oc->flags & (CF_NEVER_WAIT|CF_SEND_DONTWAIT)) && ((oc->to_forward && oc->to_forward != CHN_INFINITE_FORWARD) || (oc->flags & CF_EXPECT_MORE) || - (IS_HTX_STRM(si_strm(si)) && !(oc->flags & (CF_EOI|CF_SHUTR))))) || + (IS_HTX_STRM(si_strm(si)) && + (!(oc->flags & (CF_EOI|CF_SHUTR)) && htx_expect_more(htxbuf(&oc->buf)))))) || ((oc->flags & CF_ISRESP) && ((oc->flags & (CF_AUTO_CLOSE|CF_SHUTW_NOW)) == (CF_AUTO_CLOSE|CF_SHUTW_NOW)))) send_flag |= CO_SFL_MSG_MORE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/task.c new/haproxy-2.2.1+git0.0ef71a557/src/task.c --- old/haproxy-2.2.0+git0.3a00c915f/src/task.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/task.c 2020-07-23 09:04:24.000000000 +0200 @@ -316,7 +316,7 @@ */ __task_unlink_wq(task); if (tick_isset(task->expire)) - __task_queue(task, &tt->timers); + __task_queue(task, &timers); goto lookup_next; } else { @@ -477,8 +477,7 @@ else if (!(state & TASK_KILLED) && process != NULL) t = process(t, ctx, state); else { - if (task_in_wq(t)) - __task_unlink_wq(t); + task_unlink_wq(t); __task_free(t); sched->current = NULL; __ha_barrier_store(); @@ -501,8 +500,7 @@ state = _HA_ATOMIC_AND(&t->state, ~TASK_RUNNING); if (unlikely(state & TASK_KILLED)) { - if (task_in_wq(t)) - __task_unlink_wq(t); + task_unlink_wq(t); __task_free(t); } else if (state & TASK_WOKEN_ANY) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/haproxy-2.2.0+git0.3a00c915f/src/tcpcheck.c new/haproxy-2.2.1+git0.0ef71a557/src/tcpcheck.c --- old/haproxy-2.2.0+git0.3a00c915f/src/tcpcheck.c 2020-07-07 16:33:14.000000000 +0200 +++ new/haproxy-2.2.1+git0.0ef71a557/src/tcpcheck.c 2020-07-23 09:04:24.000000000 +0200 @@ -1340,8 +1340,11 @@ if (!htx_add_endof(htx, HTX_BLK_EOH) || - (istlen(body) && !htx_add_data_atonce(htx, body)) || - !htx_add_endof(htx, HTX_BLK_EOM)) + (istlen(body) && !htx_add_data_atonce(htx, body))) + goto error_htx; + + htx->flags |= HTX_FL_EOI; /* no more data are expected. Only EOM remains to add now */ + if (!htx_add_endof(htx, HTX_BLK_EOM)) goto error_htx; htx_to_buf(htx, &check->bo);
