Hi,
On Fri, May 17, 2019 at 02:54:05AM +, ??? wrote:
> Recently I found an issue CVE-2019-11323, it already fixed in 1.9.7
>
> But it looks like all other haproxy branches affected by this issue according
> to the following link.
>
>
> https://www.cvedetails.com/cve/CVE-2019-11323/
>
>
Hi guys,
I need your help.
Recently I found an issue CVE-2019-11323, it already fixed in 1.9.7
But it looks like all other haproxy branches affected by this issue according
to the following link.
https://www.cvedetails.com/cve/CVE-2019-11323/
CVE-2019-11323 : HAProxy before 1.9.7
Ilya,
Am 16.05.19 um 20:33 schrieb Илья Шипицин:
> alpine is evil, it uses musl which claims to be libiconv, but actually it
> misses several things.
I am not sure how libiconv is related to a libc?
> do you run reg-tests after build ? do we run valgrind or some sanitizer on
> that images ?
To
---
scripts/run-regtests.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/run-regtests.sh b/scripts/run-regtests.sh
index ccfdd601acf4..19e8a1564b1b 100755
--- a/scripts/run-regtests.sh
+++ b/scripts/run-regtests.sh
@@ -49,12 +49,12 @@ _help()
Including
Hello!
On Thu, 16 May 2019 at 18:37, Aleksandar Lazic wrote:
>
> Hi.
>
> I use the following lines:
>
> use_backend xmppc2s-backend if { req.ssl_sni -i domain.im }
> use_backend cloud-hop-backend if { ssl_fc_sni -i cloud.domain.at }
>
> and asked myself which one is the recommended
чт, 16 мая 2019 г. в 23:22, Tim Düsterhus :
> Aleks,
>
> Am 16.05.19 um 01:04 schrieb Aleksandar Lazic:
> >> As a avid Docker user: I tend to absolutely avoid any Docker images that
> >> are not built using Docker Hub's autobuilder, because I cannot verify
> >> the Dockerfile myself (or cannot
Aleks,
Am 16.05.19 um 18:36 schrieb Aleksandar Lazic:
> I will only accept requests which have sni and only when they are client
> requests.
Consider using strict-sni then:
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-strict-sni
I use it for all my configs without issue.
William,
rebased the memory leak fix on top of master. Please review.
Best regards
Tim Duesterhus (1):
BUG/MINOR: mworker: Fix memory leak of mworker_proc members
include/proto/mworker.h | 2 ++
src/haproxy.c | 3 ++-
src/mworker-prog.c | 19 +--
The struct mworker_proc is not uniformly freed everywhere, sometimes leading
to leaks of the `id` string (and possibly the other strings).
Introduce a mworker_free_child function instead of duplicating the freeing
logic everywhere to prevent this kind of issues.
This leak was reported in issue
Aleks,
Am 16.05.19 um 01:04 schrieb Aleksandar Lazic:
>> As a avid Docker user: I tend to absolutely avoid any Docker images that
>> are not built using Docker Hub's autobuilder, because I cannot verify
>> the Dockerfile myself (or cannot verify that the resulting image
>> actually matches the
чт, 16 мая 2019 г. в 22:59, Tim Düsterhus :
> Willy,
>
> Am 16.05.19 um 09:42 schrieb Willy Tarreau:
> > It would be nice next time to give a bit more information. Maybe for
> > you this cirrus stuff is legacy, but I never heard about it before, am
> > not used at all to this type of tools, and
чт, 16 мая 2019 г. в 22:53, Tim Düsterhus :
> Willy,
>
> Am 16.05.19 um 09:42 schrieb Willy Tarreau:
> > If in the mean time you know how to verify that it was properly enabled
> > and builds there, and share with us the link to consult the status, it
> > would be nice.
>
> These continuous
Jarno,
Joao,
Am 16.05.19 um 17:49 schrieb Jarno Huuskonen:
> Do the myapp.io and anotherapp.com share same certificate (ie.
> certificate has both myapp.io and anotherapp.com SAN) ?
>
> AFAIK browser can reuse the same tls connection if the certificate
> covers both names. When the host/sni
Willy,
Am 16.05.19 um 09:42 schrieb Willy Tarreau:
> It would be nice next time to give a bit more information. Maybe for
> you this cirrus stuff is legacy, but I never heard about it before, am
> not used at all to this type of tools, and don't even know why this one
> and not another one. And
Willy,
Am 16.05.19 um 09:42 schrieb Willy Tarreau:
> If in the mean time you know how to verify that it was properly enabled
> and builds there, and share with us the link to consult the status, it
> would be nice.
These continuous integration services report the commit status back to
GitHub: If
Willy,
Am 16.05.19 um 11:12 schrieb Willy Tarreau:
>> Both frontends will do the correct replacement, but IMO the reqrep one
>> is more readable (not that any of these are really readable):
>
> I'm having a different view on this. The one using the headers hack is
> horrible while the reqrep one
Hi.
I use the following lines:
use_backend xmppc2s-backend if { req.ssl_sni -i domain.im }
use_backend cloud-hop-backend if { ssl_fc_sni -i cloud.domain.at }
and asked myself which one is the recommended line?
Makes this lines sense?
tcp-request content accept if { ssl_fc_sni 1 }
Hi,
On Thu, May 16, Joao Morais wrote:
>
> Hi list! The symptom is as follow: when logging Host: header I receive
> `myapp.io` while in the same request the sni extension says `anotherapp.com`.
>
> This happens in a very few requests (about 0.5%) but this is enough to make
> some noise -
Am 16.05.2019 um 16:37 schrieb Joao Morais:
>
> Hi list! The symptom is as follow: when logging Host: header I receive
> `myapp.io` while in the same request the sni extension says `anotherapp.com`.
>
> This happens in a very few requests (about 0.5%) but this is enough to make
> some noise -
Hi list! The symptom is as follow: when logging Host: header I receive
`myapp.io` while in the same request the sni extension says `anotherapp.com`.
This happens in a very few requests (about 0.5%) but this is enough to make
some noise - regarding server certificate used in the handshake, and
чт, 16 мая 2019 г. в 12:42, Willy Tarreau :
> Hi Ilya,
>
> On Thu, May 16, 2019 at 01:12:40AM +0500, ??? wrote:
> > in order to enable builds, the following steps must be taken
> >
> > 1) must be enabled (using owner account) on
> > https://github.com/marketplace/cirrus-ci , also
Am 16.05.2019 um 11:16 schrieb Willy Tarreau:
> Hi Aleks,
>
> On Wed, May 15, 2019 at 09:09:08PM +0200, Aleksandar Lazic wrote:
>>> The obvious `http-request set-path %[path,regsub(...)]` as suggested in
>>> the docs for `http-request set-query` does *NOT* work, because the
>>> `regsub`
Hi Aleks,
On Wed, May 15, 2019 at 09:09:08PM +0200, Aleksandar Lazic wrote:
> > The obvious `http-request set-path %[path,regsub(...)]` as suggested in
> > the docs for `http-request set-query` does *NOT* work, because the
> > `regsub` parameters cannot contain the closing parenthesis required
Hi Tim,
On Wed, May 15, 2019 at 05:09:31PM +0200, Tim Düsterhus wrote:
> Willy,
>
> Am 15.05.19 um 11:31 schrieb Tim Düsterhus:
> >>> 2. 'req*' and 'rsp*'. I remember that they allow some modification that
> >>>cannot easily be replicated otherwise (but I'll have to check that
> >>>
Hello,
I'm going to enable address sanitizer in travis-ci.
x86_64: (known leak)
https://travis-ci.org/chipitsine/haproxy-1/jobs/533196875
ppc64le:
https://travis-ci.org/chipitsine/haproxy-1/jobs/533196874
can someone have a look at ppc64le ?
thanks!
Ilya Shipitsin
From: Ilya Shipitsin
full list of changes:
use TARGET=osx instead of generic for osx builds,
add USE_PCRE_JIT=1, USE_GETADDRINFO=1 to build matrix,
enable address sanitizer for clang
---
.travis.yml | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git
чт, 16 мая 2019 г. в 02:02, Aleksandar Lazic :
> Am 15.05.2019 um 18:52 schrieb Willy Tarreau:
> > Hi,
> >
> > HAProxy 2.0-dev3 was released on 2019/05/15. It added 393 new commits
> > after version 2.0-dev2.
> >
> > This is another huge version, having been distacted by a number of bugs
> >
Le 14/05/2019 à 11:56, Massimiliano Bellomi a écrit :
Hi All.
Here attached you may find a set of patches related to WURFL module.
Patches from 0001 to 0004 should implements Christopher's last
suggestions/issues.
* segfault when I try to retrieve an unknown data (I mean not listed
in
Hi Ilya,
On Thu, May 16, 2019 at 01:12:40AM +0500, ??? wrote:
> in order to enable builds, the following steps must be taken
>
> 1) must be enabled (using owner account) on
> https://github.com/marketplace/cirrus-ci , also "haproxy/haproxy" repo
> should be enabled there
> 2) build
29 matches
Mail list logo