Hi Lukas,
On Mon, Oct 18, 2021 at 04:47:12PM +0200, Lukas Tribus wrote:
> Hello,
>
> PCRE (1) is end of life and unmaintained now (see below).
Thanks for bringing this!
> Not a huge
> problem, because PCRE2 has been supported since haproxy 1.8.
>
> However going forward (haproxy 2.5+) should
` to GitHub Actions
CI: Clean up formatting in GitHub Action definitions
CLEANUP: Consistently `unsigned int` for bitfields
William Lallemand (2):
MINOR: httpclient/cli: access should be only done from expert mode
DOC: management: doc about the CLI httpclient
Willy Tarreau
On Mon, Oct 18, 2021 at 09:18:12AM +0200, Tim Düsterhus wrote:
> Hu, interesting. Is the GitHub Mirror Sync broken? I'm seeing changes in
> https://git.haproxy.org/?p=haproxy.git, but not in GitHub.
So it was in relation with the Painful Access Token apparently. The
mirror user was not allowed
On Mon, Oct 18, 2021 at 09:18:12AM +0200, Tim Düsterhus wrote:
> Willy,
>
> On 10/18/21 9:15 AM, Willy Tarreau wrote:
> > On Mon, Oct 18, 2021 at 09:09:01AM +0200, Tim Düsterhus wrote:
> > > Feel free to replace 'unsigned int' with 'uint' and reformat the struct as
>
On Mon, Oct 18, 2021 at 09:09:01AM +0200, Tim Düsterhus wrote:
> Feel free to replace 'unsigned int' with 'uint' and reformat the struct as
> needed.
Done an pushed, thank you!
Willy
Hi Elias,
On Fri, Oct 15, 2021 at 11:45:30AM +0200, Elias Abacioglu wrote:
> Hi
>
> I have backends with `default-server tfo`.
> I also have `retry-on conn-failure` on every backend except one where I
> have `retry-on all-retryable-errors`.
>
> I still get this warning for every backend.
>
>
On Fri, Oct 15, 2021 at 04:18:21PM +0500, Ilya Shipitsin wrote:
> This is 27th iteration of typo fixes
Merged, thanks Ilya!
Willy
On Fri, Oct 15, 2021 at 04:38:29PM +0200, Björn Jacke wrote:
> Hi,
>
> are there any objections for adding ::1 to the LOCALHOST acl? See attached
> patch...
No objection from me and I think it totally makes sense, of course.
I've added a small description to it and merged it.
Thanks Björn!
On Sat, Oct 16, 2021 at 06:24:18PM +0200, Tim Duesterhus wrote:
> see 6a0dd733906611dea958cf74b9f51bb16028ae20
>
> Found using GitHub's CodeQL scan.
> ---
> include/haproxy/stick_table-t.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git
On Sat, Oct 16, 2021 at 06:10:26PM +0200, Tim Duesterhus wrote:
> This change locks down the permissions of the access token in GitHub Actions
> to
> only allow reading the repository contents and nothing else.
(...)
This series and the coccinelle one applied, thanks Tim!
Willy
MINOR: ssl: add ssl_fc_is_resumed to "option httpslog"
BUILD: jwt: fix declaration of EVP_KEY in jwt-h.h
Willy Tarreau (25):
MINOR: rules: add a new function new_act_rule() to allocate act_rules
MINOR: rules: add a file name and line number to act_rules
MINOR:
and get_trash_chunk()
MINOR: httpclient: destroy checks if a client was started but not stopped
BUG/MINOR: httpclient/lua: does not process headers when failed
MINOR: httpclient/lua: supports headers via named arguments
Willy Tarreau (109):
MINOR: config: use a standard p
On Thu, Oct 07, 2021 at 11:30:54AM +0500, ??? wrote:
> > Just thinking about something, given that the new API was already adopted
> > by BoringSSL and will probably be at some point in time by LibreSSL, would
> > it not be better to have a single macro "HA_SSL_USE_API_V3" or something
>
This is the second patch. Some of your comments in it were useful to
raise some concerns about issues that could be difficult to address,
namely about the hard-coded use of IPPROTO_TCP at some places where
you'd have preferred to use protocol->sock_prot, but this one is not
correct since we're
into yours.
Now switching to the second patch :-)
Thanks,
Willy
>From 9866bea00f11ab0091da752dc66e0d402244a298 Mon Sep 17 00:00:00 2001
From: Willy Tarreau
Date: Thu, 7 Oct 2021 08:44:38 +0200
Subject: [PATCH] EXP with better formatting
---
src/proto_tcp.c | 22 +++---
src/protocol.c
On Sat, Sep 18, 2021 at 03:05:10PM +0500, ??? wrote:
> Hello,
>
> I checked how looks binary shipped in several popular distributions
> (ppa:vbernat/haproxy-2.4, docker haproxytech/haproxy-ubuntu, docker
> haproxy).
>
> are we aware of those security features ? shall we move them to
Hi Ilya,
On Wed, Oct 06, 2021 at 11:26:13PM +0500, Ilya Shipitsin wrote:
> +/* ERR_func_error_string is deprecated in OpenSSL-3.0.0 */
> +#if (OPENSSL_VERSION_NUMBER >= 0x3000L)
> +#define HA_ERR_func_error_string(ret) "OPENSSL_internal"
> +#else
> +#define HA_ERR_func_error_string(ret)
On Mon, Oct 04, 2021 at 01:02:58AM -0600, astrotha...@gmail.com wrote:
> From: Thayne McCombs
>
> Add a more precise description on how backslash escaping is different
> than the top-level parser, and give examples of how to handle single
> quotes inside arguments.
This looks good, and thanks
Hi Björn,
On Mon, Oct 04, 2021 at 04:22:32PM +0200, Björn Jacke wrote:
> Hi Willy,
>
> I lost track of this issue but I caught this up finally again.
>
> I updated the setsockopt error patch as part of the mptcp branch here:
>
> https://gitlab.com/bjacke/haproxy/-/commits/bjacke-mptcp
Thanks
On Fri, Sep 24, 2021 at 08:25:23PM +0500, ??? wrote:
> I thought that it would be overcomplicating, but I've got your idea.
> I will send v2 this weekend or early next week
Thank you :-) No rush anyway.
Willy
On Fri, Sep 24, 2021 at 08:09:29PM +0500, ??? wrote:
> ??, 24 . 2021 ?. ? 19:49, Willy Tarreau :
>
> > On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote:
> > > > I'd really prefer that we address all this API stuff through the
> > > >
Hi Rainer,
On Fri, Sep 17, 2021 at 11:22:02AM +0200, rai...@ultra-secure.de wrote:
> Hi,
>
> I run two FreeBSD 12.2 servers with haproxy 2.0.22 in a CARP setup.
>
> The frontend-interfaces have multiple IPs and I need to have this statement
> in at least one backend service:
>
> source
Hi,
On Fri, Sep 24, 2021 at 07:36:20PM +0530, Suvarna Pattayil wrote:
> Hi,
>
> Yes, it does make sense. The original issue actually pertains to making the
> messages uniform.
But why ? Most of them are just partial messages that are combined in
larger and more detailed messages, like "parsing
On Fri, Sep 24, 2021 at 07:14:40PM +0500, ??? wrote:
> > I'd really prefer that we address all this API stuff through the
> > openssl-compat stuff, so that over time we can more easily drop
> > unneeded stuff. Above that could be done this way:
> >
> > #if (OPENSSL_VERSION_NUMBER >=
t: httpclient_ended() returns 1 if the client ended
MINOR: httpclient/lua: httpclient:get() API in lua
MINOR: httpclient/lua: implement the headers in the response object
BUG/MINOR: httpclient/lua: return an error on argument check
Willy Tarreau (18):
BUILD: compiler: fixed a mis
Hi Ilya,
On Mon, Sep 20, 2021 at 10:37:04PM +0500, ??? wrote:
> Subject: [PATCH] BUILD: SSL: function "ERR_func_error_string" is deprecated in
> OpenSSL-3.0.0
>
> let us prepare for using OpenSSL-3.0.0 in no deprecation mode
> ---
> src/ssl_sock.c | 7 ++-
> 1 file changed, 6
Hello,
On Sat, Sep 18, 2021 at 05:23:01PM +0200, PR Bot wrote:
> Dear list!
>
> Author: SuvP
> Number of patches: 1
>
> This is an automated relay of the Github pull request:
>Using standard 'OOM' instead of 'Out of Memory'
>
> Patch title(s):
>Using standard 'OOM' instead of 'Out of
On Fri, Sep 24, 2021 at 03:33:14PM +0200, Tim Düsterhus wrote:
> Willy,
>
> On 9/24/21 3:09 PM, Willy Tarreau wrote:
> > > please also apply to https://github.com/wtarreau/libslz/.
> > > [...]
> >
> > Now applied, thanks!
>
> Not seeing anything
On Fri, Sep 24, 2021 at 10:05:19AM +0200, Christopher Faulet wrote:
> > So I guess I did just misunderstand the documentation and it would be nice
> > to just clarify it in the docs that haproxy does not support HTTP/1.1
> > pipelining.
>
> I agree. Pipelining should at least be removed from
Hi Tim,
On Mon, Sep 20, 2021 at 07:59:42PM +0200, Tim Duesterhus wrote:
> Willy,
>
> please also apply to https://github.com/wtarreau/libslz/.
> Best regards
> Tim Düsterhus
>
> Apply with `git am --scissors` to automatically cut the commit message.
>
> -- >8 --
> This function has no
Hi Tim,
On Wed, Sep 15, 2021 at 01:58:42PM +0200, Tim Duesterhus wrote:
> Willy,
>
> not sure about the "DOC" tag for the coccinelle patches and the placement
> within the directory structure. Feel free to adjust.
Good idea. I even remember that I was about to store some of my few
coccinelle
On Tue, Sep 14, 2021 at 02:00:16PM +0200, Thierry Fournier wrote:
(...)
> So, I guess this ommit is not a great bug, but the experieence learn
> when we play with longjmp, MEDIUM is the right level for a patch.
Thanks Thierry for the detailed analysis!
Willy
Hi Dmitry,
On Sun, Sep 12, 2021 at 05:54:33PM +0300, Dmitry Sivachenko wrote:
> there is a new warning in -dev branch (on FreeBSD):
>
> admin/halog/fgets2.c:38:30: warning: '__GLIBC__' is not defined, evaluates to
> 0 [-Wundef]
> #if defined(__x86_64__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 &&
the empty header
Tim Duesterhus (3):
CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h
CLEANUP: Move XXH3 macro from haproxy/compat.h to haproxy/xxhash.h
BUG/MEDIUM lua: Add missing call to RESET_SAFE_LJMP in hlua_filter_new()
Tim Düsterhus (1):
CLEANUP: ebmbtr
On Sat, Sep 11, 2021 at 11:17:25PM +0200, Tim Duesterhus wrote:
> In one case before exiting leaving the function the panic handler was not
> reset.
>
> Introduced in 69c581a09271e91d306e7b9080502a36abdc415e, which is 2.5+.
> No backport required.
Good catch, applied as medium since it seems
On Sat, Sep 11, 2021 at 12:27:30AM +0200, Miroslav Zagorac wrote:
> On 09/11/2021 12:05 AM, Miroslav Zagorac wrote:
> > Hello all,
> >
> > the second patch from the last series of patches has been redesigned
> > here, the ist() function is used to set an empty string instead of
> > working
Hi guys,
thanks for working on fixing this, it's now merged. I've added a
tiny change to make sure that text_map is always initialized in
flt_ot_scope_run() because that made clang rightfully upset,
re-enabled OT in the CI since it's now OK.
Cheers,
Willy
On Sat, Sep 11, 2021 at 08:29:46PM +0200, Tim Duesterhus wrote:
> This moves all the xxhash functionality into a single location.
Wow that was fast, now merged, thanks!
Willy
On Sat, Sep 11, 2021 at 08:06:01PM +0200, Dragan Dosen wrote:
> Hi Tim,
>
> On 11. 09. 2021. 17:51, Tim Duesterhus wrote:
> > This solves setting XXH_INLINE_ALL in a cleaner way, because the imported
> > header is not modified, easing future updates.
> >
> > see
Hi Tim,
On Sat, Sep 11, 2021 at 05:51:13PM +0200, Tim Duesterhus wrote:
> This solves setting XXH_INLINE_ALL in a cleaner way, because the imported
> header is not modified, easing future updates.
Excellent idea, I like this. It's indeed much cleaner and more logical
this way. This may also
Hi Bjoern,
On Thu, Sep 09, 2021 at 08:18:24PM +0200, bjun...@gmail.com wrote:
> Hi,
>
> is HAProxy 2.0.x with "no option http-use-htx" also affected by
> this vulnerability?
No it's not. I thought I mentioned it but it's possible that I forgot
it in the end.
Regards,
Willy
Hi Miroslav,
On Wed, Sep 08, 2021 at 08:02:35PM +0200, Miroslav Zagorac wrote:
> On 09/08/2021 07:57 PM, Miroslav Zagorac wrote:
> > On 09/08/2021 07:42 PM, Willy Tarreau wrote:
> > > No rush on this one, I'll let you think about it, just let me know if we
> > >
On Wed, Sep 08, 2021 at 07:23:59PM +0200, Miroslav Zagorac wrote:
> On 09/08/2021 06:46 PM, Willy Tarreau wrote:
> > I have no doubt about this, what I mean is that once such needs are
> > identified, as much as possible we should try to move these parts into
> > the
On Wed, Sep 08, 2021 at 06:30:15PM +0200, Miroslav Zagorac wrote:
> there is a reason why i used some functions related to
> reading/setting/searching variables. If I could use the original haproxy
> functions, I wouldn't write these because duplicating the
> code doesn't make sense.
I have no
Hi Miroslav,
I just discovered that the changes I've made to the totally broken
variables API now broke opentracing because apparently it's using
some of the variable code's internals for its own use:
https://github.com/haproxy/haproxy/runs/3545475810
That's annoying because unbreaking the
On Wed, Sep 08, 2021 at 12:34:49PM +0200, Aleksandar Lazic wrote:
> On 08.09.21 11:07, Willy Tarreau wrote:
> > On Wed, Sep 08, 2021 at 01:58:00PM +0500, ??? wrote:
> > > ??, 8 . 2021 ?. ? 13:54, Willy Tarreau :
> > >
> > > > O
On Wed, Sep 08, 2021 at 01:58:00PM +0500, ??? wrote:
> ??, 8 . 2021 ?. ? 13:54, Willy Tarreau :
>
> > On Wed, Sep 08, 2021 at 12:05:23PM +0500, ??? wrote:
> > > Hello, Bob
> > >
> > > I tracked an issue https://github.com/haproxy/hapr
On Wed, Sep 08, 2021 at 12:05:23PM +0500, ??? wrote:
> Hello, Bob
>
> I tracked an issue https://github.com/haproxy/haproxy/issues/1386
>
>
> let's track activity there
Quite frankly, I'm seriously wondering how long we'll want to keep
supporting that constantly breaking library.
On Tue, Sep 07, 2021 at 09:39:41PM +0200, Vincent Bernat wrote:
> ? 7 September 2021 17:27 +02, Willy Tarreau:
>
> > I'd like to thank the usual distro maintainers for having accepted to
> > produce yet another version of their packages in a short time. Hopefully
> >
BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
Tim Duesterhus (3):
BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
BUG/MINOR: tools: Fix loop condition in dump_text()
CLEANUP: Add missing include guard to signal.h
Willy Tarreau (10):
BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
Tim Duesterhus (3):
BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
BUG/MINOR: tools: Fix loop condition in dump_text()
CLEANUP: Add missing include guard to signal.h
Willy Tarreau (12):
BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
Tim Duesterhus (3):
BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
BUG/MINOR: tools: Fix loop condition in dump_text()
CLEANUP: Add missing include guard to signal.h
Willy Tarreau (13):
put boundaries within base64{dec,urldec}
BUG/MINOR: base64: base64urldec() ignores padding in output size check
Tim Duesterhus (3):
BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
BUG/MINOR: tools: Fix loop condition in dump_text()
CLEANUP: Add mi
Hi everyone,
Right after the previous announce of HTTP/2 vulnerabilities, a group
of security researchers from JFrog Security have been looking for the
possibility of remaining issues around the same topic. While there was
nothing
Hi David,
On Sat, Sep 04, 2021 at 09:01:11AM +0100, David CARLIER wrote:
> Hi here a little fix proposal for this platform.
>
> Cheers.
> From 6cfa1fce839504e04584d1bfedee188bc21c32b1 Mon Sep 17 00:00:00 2001
> From: DC
> Date: Sat, 4 Sep 2021 09:58:57 +0100
> Subject: [PATCH] BUILD/MINOR:
e instead of (local|gm)time
BUG/MINOR: tools: Fix loop condition in dump_text()
CLEANUP: Add missing include guard to signal.h
Willy Tarreau (24):
BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
BUILD: ssl: fix two remaining occurrences of #if USE_OPENS
Hello,
On Sun, Aug 29, 2021 at 11:28:43AM +, Prytoegrian wrote:
> I think I found a bug in Haproxy but I first want to be sure it's a real one.
> It might just be a semantic misunderstanding of mine.
>
> I described a backend with two servers, one of them with "slowstart" option.
> When I
On Wed, Sep 01, 2021 at 09:23:25PM +0200, Tim Duesterhus wrote:
> Willy,
>
> this also affects include/import/lru.h, include/import/xxhash.h, and
> include/import/sha1.h. But I did not touch these, as they are within import/*
Yes, good point, I also prefer to really limit the amount of changes
On Tue, Aug 31, 2021 at 06:37:45PM +0200, Willy Tarreau wrote:
> > As such: Your patches LGTM, thanks. Please proceed :-)
>
> Will do, and reference the issue above and update the doc regarding ifexist,
> just mentioning that it's now ignored for legacy compatibility.
I'
On Tue, Aug 31, 2021 at 04:41:16PM +0200, Tim Düsterhus wrote:
> Willy,
>
> On 8/31/21 9:07 AM, Willy Tarreau wrote:
> > I've finally implemented the replacement of the global variables table
>
> Okay, please refer to issue #624 in the commit:
> https://github.com/hapro
tly ignore the ifexist
argument now. Do you agree with this ? I'd really like it if we could
definitely get rid of this old mess!
For reference I'm appending the current patch series.
Thanks!
Willy
>From 6abb2e9fd745311c091029933a86fe363d09a7fb Mon Sep 17 00:00:00 2001
From: Willy Tarreau
Date
On Sat, Aug 28, 2021 at 11:57:01PM +0200, Tim Duesterhus wrote:
> Willy,
>
> please fill in the severity yourself.
Good catch, I didn't notice we still had those. Applied as minor as
I don't think anyone really noticed it (it would require different
arguments in different converters to be used
On Sun, Aug 29, 2021 at 12:58:22AM +0200, Tim Duesterhus wrote:
> The condition should first check whether `bsize` is reached, before
> dereferencing the offset. Even if this always works fine, due to the
> string being null-terminated, this certainly looks odd.
Applied as well, thank you!
Willy
roxy
BUG/MINOR: httpclient: fix Host header
BUILD: httpclient: fix build without OpenSSL
BUG/MINOR: proxy: don't dump servers of internal proxies
Willy Tarreau (19):
BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
BUG/MEDIUM: cfgparse: do not alloc
Hi Marcin,
On Thu, Aug 26, 2021 at 06:56:20PM +0200, Marcin Deranek wrote:
> Hi Willy,
(...)
> No worries. Hopefully soon this will get merged. Attaching latest patches
> with all modification included.
Thanks for detailing all the points. I trust that you did them as you
said, in the worst case
On Wed, Aug 25, 2021 at 07:17:28PM +0200, Tim Duesterhus wrote:
> HAProxy 1.5 is EOL, thus this always matches.
>
> 1.6 / 1.7 were already removed in:
> d8be0018fe85b5f815d59cdf1e0400274a99a9b1 (1.6)
> 1b095cac9468d0c3eeb157e9b1a2947487bd3c83 (1.7)
Good catch. Both patches applied (this one and
On Sat, Aug 21, 2021 at 04:06:59PM +0500, ??? wrote:
> hello,
>
> starting with 3.0.0beta2 we need to specify libdir.
Thanks Ilya, now applied!
Willy
Now applied, thanks to you both.
Willy
On Sun, Aug 22, 2021 at 10:22:38PM +0500, ??? wrote:
> hello,
>
> yet another spell fixes.
Applied, thanks Ilya!
Willy
Hi Marcin,
I'm finally back to your patch set! Overall that looks fine, but I have
some comments, mostly cosmetic.
> From b3a254b41411f22307a622250a6e95ac39fefee8 Mon Sep 17 00:00:00 2001
> From: Marcin Deranek
> Date: Mon, 12 Jul 2021 14:16:55 +0200
> Subject: [PATCH 1/5] MEDIUM: ssl: Capture
Hi David,
On Tue, Aug 17, 2021 at 12:58:29PM +0100, David CARLIER wrote:
> Hi,
>
> same as earlier but for FreeBSD this time.
Applied after rewording a bit the commit message.
Thanks,
Willy
On Fri, Aug 20, 2021 at 03:10:05PM +0200, Willy Tarreau wrote:
> BTW maybe we should arrange to take the Lua lock inside an externally
> visible function that could be resolved. It would more easily show up in
> case of trouble so that the issue becomes more obvious.
And it works pr
Hi Robin,
sorry for the delay, we've been quite busy these last days :-/
On Mon, Aug 09, 2021 at 09:06:36PM +, Robin H. Johnson wrote:
> After months searching, at work we stumbled onto an internally usable-only
> reproduction case using a tool we wrote that made millions of requests:
>
Hi all,
On Fri, Aug 20, 2021 at 02:52:32PM +0300, Jarno Huuskonen wrote:
> Hi,
>
> On 8/20/21 2:20 PM, Lukas Tribus wrote:
> > On Fri, 20 Aug 2021 at 13:08, ??? wrote:
> > >
> > > double slashes behaviour is changed in BUG/MEDIUM:
> > > h2: match absolute-path not path-absolute for
Hi James,
On Wed, Aug 18, 2021 at 04:53:09PM -0700, James Brown wrote:
> Are there CVE numbers coming for these vulnerabilities?
Yes, for what it's worth, Robert Frohl from SuSE got 3 assigned to this:
- CVE-2021-39240: -> Domain parts in ":scheme" and ":path"
-
On Tue, Aug 17, 2021 at 06:57:28PM +0200, Tim Düsterhus wrote:
> Hi Willy, Everyone,
>
> On 8/17/21 5:13 PM, Willy Tarreau wrote:
> > 2) Domain parts in ":scheme" and ":path"
> >
> > [...] As such HTTP/1 servers are safe and only HTTP/
On Tue, Aug 17, 2021 at 05:56:15PM +0200, Tim Düsterhus wrote:
> Vincent,
>
> On 8/17/21 5:49 PM, Vincent Bernat wrote:
> > For users of haproxy.debian.net or Launchpad PPA, the vulnerabilities
> > are fixed by patching the previous versions. Launchpad PPA builders are
> > still running but it
rr_code_str
William Lallemand (1):
BUG/MINOR: systemd: must check the configuration using -Ws
Willy Tarreau (5):
BUILD: add detection of missing important CFLAGS
BUG/MEDIUM: mworker: do not register an exit handler if exit is expected
BUG/MINOR: mworker: do not export HAPRO
INOR: fix typo in management document
Remi Tricot-Le Breton (1):
BUG/MINOR: connection: Add missing error labels to conn_err_code_str
William Lallemand (2):
BUG/MINOR: systemd: must check the configuration using -Ws
BUG/MINOR: buffer: fix buffer_dump() formatting
Willy Tarreau
tion: Add missing error labels to conn_err_code_str
William Lallemand (2):
BUG/MINOR: systemd: must check the configuration using -Ws
BUG/MINOR: buffer: fix buffer_dump() formatting
Willy Tarreau (15):
BUILD: add detection of missing important CFLAGS
BUILD: lua: si
R: ssl: Default-server configuration ignored by server
BUG/MINOR: connection: Add missing error labels to conn_err_code_str
William Lallemand (2):
BUG/MINOR: systemd: must check the configuration using -Ws
BUG/MINOR: buffer: fix buffer_dump() formatting
Willy Tarreau (19):
BUIL
ble warnings for internal proxies
Willy Tarreau (15):
CLEANUP: thread: fix fantaisist indentation of thread_harmless_till_end()
MINOR: threads: make thread_release() not wait for other ones to complete
MEDIUM: threads: add a stronger thread_isolate_full() call
MEDIUM: serve
Hi everyone,
HAProxy is affected by 4 vulnerabilities in its HTTP/2 implementation in
recent versions (starting with 2.0). Three of them are considered as having
a moderate impact as they only affect the interpretation of the authority
(Host header field) in H2->H2 communications in versions 2.2
Hi Alex,
On Tue, Aug 17, 2021 at 02:19:38PM +0200, Aleksandar Lazic wrote:
> ```
> 3424 if ((curproxy->mode != PR_MODE_HTTP) &&
> (curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR)
> 3425 curproxy->options &= ~PR_O_REUSE_MASK;
> ```
On Wed, Aug 04, 2021 at 09:17:21AM +0200, PR Bot wrote:
> Dear list!
>
> Author: Jonathon Lacher <6679714+jonathonlac...@users.noreply.github.com>
> Number of patches: 1
>
> This is an automated relay of the Github pull request:
>DOC/MINOR: fix typo in management document
>
> Patch
looks good, now applied, thank you!
Willy
Hi Marcin,
On Mon, Aug 16, 2021 at 01:55:02PM +0200, Marcin Deranek wrote:
> Hi,
>
> Do you have any update on merging this?
Sorry, I think we've missed it :-( Worse, I was wondering if you
managed to make any progress on it :-/
I'm currently working on preparing a set of stable branches,
Hi David,
On Tue, Aug 17, 2021 at 08:49:29AM +0100, David CARLIER wrote:
> Hi,
>
> here a little patch proposal.
Applied, thank you!
Willy
On Sat, Aug 14, 2021 at 10:27:54AM +0500, ??? wrote:
> Gentle ping
Sorry Ilya, I missed this one being busy dealing with bugs. Now
merged, thank you!
Willy
On Sat, Aug 14, 2021 at 02:36:55PM +0200, Tim Duesterhus wrote:
> Using SLZ is a default, thus this build is equivalent to the "no features"
> build.
Applied, thank you Tim!
Willy
On Wed, Aug 11, 2021 at 01:13:25PM +0200, Aleksandar Lazic wrote:
> > > But from my point of view and for server-template and dynamic-cookie-key
> > > make
> > > this message no sense or am I wrong?
> >
> > The problem is that when using dynamic cookies, the dynamic-cookie-key,
> > the server's
Hi Aleks,
On Mon, Aug 09, 2021 at 06:40:29PM +0200, Aleksandar Lazic wrote:
> Hi.
>
> We use the HAProxy 2.4 image which have now HAProxy 2.4.2.
>
On Mon, Aug 09, 2021 at 08:19:40PM +0530, Amol Arote wrote:
> Dear Willy,
>
> We are referring below reference links for configuration.where as per links
> we need to install hapee-2.3r1-lb-maxmind module.
> Need to know from where we can get this hapee-2.3r1-lb-maxmind module.
>
>
Hello,
On Mon, Aug 09, 2021 at 07:54:09PM +0530, Amol Arote wrote:
> Dear Team,
>
> We want to configure MaxMind GeoIP2 Country DB with HAProxy.
> Please help with installation steps or help with which module of haproxy we
> need to configure for the same. PFB our server details.
>
> HAProxy
Hi Martin,
On Mon, Aug 09, 2021 at 11:04:34AM +0300, Martin Grigorov wrote:
> TravisCI just announced some improvements related to 'arch: arm64' (using
> Equnix Metal machines) - https://blog.travis-ci.com/2021-08-06-oss-equinix.
Thanks for the info!
> But I also had some similar problems with
Hi Ilya,
On Tue, Aug 03, 2021 at 02:58:40PM +0500, ??? wrote:
> Hello,
>
> it looks like "something on travis-ci side".
>
> CC src/raw_sock.o
> gcc: fatal error: Killed signal terminated program cc1
> compilation terminated.
>
> let us disable arm64 for a while.
Yes I noticed a
()
CLEANUP: mworker: PR_CAP already initialized with alloc_new_proxy()
REGTESTS: ssl: ssl_errors.vtc does not work with old openssl version
Willy Tarreau (22):
BUG/MINOR: arg: free all args on make_arg_list()'s error path
BUG/MINOR: cfgcond: revisit the condition freeing mechanism to
Hi Miroslav,
On Thu, Jul 29, 2021 at 11:37:27AM +0200, Miroslav Zagorac wrote:
> Hello all,
>
> I am sending a patch that fixes building of the HAProxy in case the
> system-installed opentracing c wrapper is used for the opentracing
> addon.
>
> This resolves GitHub issue #1323.
Applied now,
Hi David,
On Sun, Jul 25, 2021 at 11:07:00AM +0100, David CARLIER wrote:
> +/* OpenBSD does not have anything close to malloc_usable_size, thus
> profiling will be wrong regardless */
> +#if defined(USE_MEMORY_PROFILING) && defined(__OpenBSD__)
> +#undef USE_MEMORY_PROFILING
> +#endif
I
On Fri, Jul 23, 2021 at 02:22:34PM +0200, Vincent Bernat wrote:
> ? 23 July 2021 12:55 +02, Willy Tarreau:
>
> > The list looks uncommonly quiet after having touched some
> > anti-spam rules, just testing.
>
> It's the holidays Willy! :)
Yep, that's what I
801 - 900 of 8247 matches
Mail list logo