Commit 4cfede87a313456fcbce7a185312460b4e1d05b7 removed
`exit-on-failure` in favor of `no-exit-on-failure`, but failed
to update references to the former in user facing messages.
This should be backported to haproxy 1.8.
---
src/cfgparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Replace "left" / "leaving" with "exit" / "exiting".
---
src/haproxy.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/haproxy.c b/src/haproxy.c
index df8d34e74..108a02ab0 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -739,7 +739,7 @@ restart_wait:
This makes haproxy aware of HTTP 421 Misdirected Request, which
is defined in RFC 7540, section 9.1.2.
---
include/types/proto_http.h | 1 +
src/proto_http.c | 11 +++
2 files changed, 12 insertions(+)
diff --git a/include/types/proto_http.h b/include/types/proto_http.h
index
This converter supplements the existing string matching by allowing
strings to be converted to a variable.
Example usage:
http-request set-var(txn.host) hdr(host)
# Check whether the client is attempting domain fronting.
acl ssl_sni_http_host_match ssl_fc_sni,strcmp(txn.host) eq 0
---
wsers, because it does not apply to me):
> http-request set-var(txn.host) hdr(host)
> acl ssl_sni_http_host_match ssl_fc_sni,strcmp(txn.host) eq 0
> http-request deny deny_status 421 if ! ssl_sni_http_host_match
Best regards
Tim Duesterhus (2):
MINOR: sample: Add strcmp sample converter
MIN
Willy,
attached is a first attempt at a patch that adds logging (without any rate
limiting). I have a few questions regarding the whole counters and logging
infrastructure:
1. I noticed that there is ha_warning(...) and send_log(p, LOG_WARNING, ...),
usually both are used in the same place.
This patch changes the sending side of proxy protocol to convert IP
addresses to IPv4 when possible (and converts them IPv6 otherwise).
Previously the code failed to properly provide information under
certain circumstances:
1. haproxy is being accessed using IPv4, http-request set-src sets
a
This commit completes the incomplete segmentation fault fix
in commit ac1f3ed64b58bd178865c6f2cc8f6f306d9e1e15.
Likewise it must be backported to haproxy 1.8.
---
reg-tests/stick-table/h0.vtc | 30 ++
src/stick_table.c| 6 --
2 files changed,
regards
Tim Duesterhus (1):
BUG/MAJOR: stick_table: Complete incomplete SEGV fix
reg-tests/stick-table/h0.vtc | 30 ++
src/stick_table.c| 6 --
2 files changed, 34 insertions(+), 2 deletions(-)
create mode 100644 reg-tests/stick-table/h0.vtc
The default value of the pattern in `Socket.receive` is `*l` according
to the documentation and in the `socket.tcp.receive` method of Lua.
The default value of `wanted` in `int hlua_socket_receive(struct lua_State *)`
reflects this requirement, but the function fails to ensure this
nonetheless:
---
src/hlua.c | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/hlua.c b/src/hlua.c
index 285d25589..3b4fc3b54 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -1810,19 +1810,19 @@ connection_empty:
return 0;
}
-/* This Lus function gets two parameters.
The `socket.tcp.connect` method of Lua requires at least two parameters:
The host and the port. The `Socket.connect` method of haproxy requires
only one when a host with a combined port is provided. This stems from
the fact that `str2sa_range` is used internally in `hlua_socket_connect`.
This very
The `socket.tcp.settimeout` method of Lua returns `1` in all cases,
while the `Socket.settimeout` method of haproxy returns `0` in all
cases. This breaks the `socket.http` module, because it validates
the return value of `settimeout`.
This bug was introduced in commit
Add an optional second parameter to the ipmask converter that specifies
the number of bits to mask off IPv6 addresses.
If the second parameter is not given IPv6 addresses fail to mask (resulting
in an empty string), preserving backwards compatibility: Previously
a sample like `src,ipmask(24)`
Add an optional second parameter to the ipmask converter that specifies
the number of bits to mask off IPv6 addresses.
If the second parameter is not given IPv6 addresses fail to mask (resulting
in an empty string), preserving backwards compatibility: Previously
a sample like `src,ipmask(24)`
Hi
attached is a patch that fixes a memory leak in str2ip2. I wasn't sure
about the severity of this bug (it's only 140 Bytes per call for me) and
opted for MEDIUM. Change if you think MAJOR (?) is more warranted for a
memory leak.
Also I wasn't sure how I would structure the code best. I did
Add an optional second parameter to the ipmask converter that specifies
the number of bits to mask off IPv6 addresses.
If the second parameter is not given IPv6 addresses fail to mask (resulting
in an empty string), preserving backwards compatibility: Previously
a sample like `src,ipmask(24)`
The len2mask4 function was introduced in commit:
70473a5f8c56d8ec2e837b9b66443dc252b24da9
which is about six years later than the commit that introduced the
str2mask function:
2937c0dd20f2f3c0065b671bbfe3fafcd8862eaf
This is a clean up in preparation for a str2mask6 function which
will use
This new function mirrors the str2mask() function for IPv4 addresses.
This commit is in preparation to support ARGT_MSK6.
---
include/common/standard.h | 6 ++
src/standard.c| 22 ++
2 files changed, 28 insertions(+)
diff --git a/include/common/standard.h
This commit adds support for ARGT_MSK6 to make_arg_list().
---
src/arg.c | 11 +--
src/hlua.c | 7 +++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/arg.c b/src/arg.c
index 52977b718..b31858d3b 100644
--- a/src/arg.c
+++ b/src/arg.c
@@ -206,8 +206,15 @@ int
The incorrect comment was introduced in commit:
2ac5718dbd4ec722ece228e9f613d2be74eee9da
v1.5-dev9 is the first tag containing this comment, the fix
should be backported to haproxy 1.5 and newer.
---
include/types/arg.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
The cast functions modify their output type as of commit:
b805f71d1bb1487f01f78a6ffab26d44919e9944
v1.5-dev20 is the first tag containing this comment, the fix
should be backported to haproxy 1.5 and newer.
---
src/sample.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/sample.c
logical patch series when reviewing.
Tim Duesterhus (8):
BUG/MINOR: sample: Fix encoding of sample.c
DOC: sample: Fix outdated comment about sample casts functions
BUG/MINOR: sample: Fix output type of c_ipv62ip
DOC: Fix typo in ARGT_MSK6 comment
CLEANUP: standard: Use len2mask4
c_ipv62ip failed to set the output type of the cast to SMP_T_IPV4
even for a successful conversion.
This bug exists as of commit cc4d1716a2e72516c2505a6459a9ddbbfb186da2
which is the first commit adding this function.
v1.6-dev4 is the first tag containing this commit, the fix should
be
The file contained an 'e' with an gravis accent and thus was
not US-ASCII, but ISO-8859-1.
Also correct the spelling in the incorrect comment.
The incorrect character was introduced in commit:
4d9a1d1a5c4720a169654ee47f9a4364261ffab4
v1.6-dev1 is the first tag containing this comment, the fix
I was made aware of a typo in private. Attached is the updated
patch. Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
Subject: [PATCH v2 1/8] BUG/MINOR: sample: Fix encoding of sample.c
The file contained an 'e' with an gravis accent and thus was
not US-ASCII,
The incorrect comment was introduced in commit:
2ac5718dbd4ec722ece228e9f613d2be74eee9da
v1.5-dev9 is the first tag containing this comment, the fix
should be backported to haproxy 1.5 and newer.
---
include/types/arg.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
The cast functions modify their output type as of commit:
b805f71d1bb1487f01f78a6ffab26d44919e9944
v1.5-dev20 is the first tag containing this comment, the fix
should be backported to haproxy 1.5 and newer.
---
src/sample.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/sample.c
The len2mask4 function was introduced in commit:
70473a5f8c56d8ec2e837b9b66443dc252b24da9
which is about six years later than the commit that introduced the
str2mask function:
2937c0dd20f2f3c0065b671bbfe3fafcd8862eaf
This is a clean up in preparation for a str2mask6 function which
will use
This commit adds support for ARGT_MSK6 to make_arg_list().
---
src/arg.c | 11 +--
src/hlua.c | 7 +++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/arg.c b/src/arg.c
index 52977b718..b31858d3b 100644
--- a/src/arg.c
+++ b/src/arg.c
@@ -206,8 +206,15 @@ int
This new function mirrors the str2mask() function for IPv4 addresses.
This commit is in preparation to support ARGT_MSK6.
---
include/common/standard.h | 6 ++
src/standard.c| 22 ++
2 files changed, 28 insertions(+)
diff --git a/include/common/standard.h
Add an optional second parameter to the ipmask converter that specifies
the number of bits to mask off IPv6 addresses.
If the second parameter is not given IPv6 addresses fail to mask (resulting
in an empty string), preserving backwards compatibility: Previously
a sample like `src,ipmask(24)`
The file contained an 'e' with an gravis accent and thus was
not US-ASCII, but ISO-8859-1.
Also correct the spelling in the incorrect comment.
The incorrect character was introduced in commit:
4d9a1d1a5c4720a169654ee47f9a4364261ffab4
v1.6-dev1 is the first tag containing this comment, the fix
c_ipv62ip failed to set the output type of the cast to SMP_T_IPV4
even for a successful conversion.
This bug exists as of commit cc4d1716a2e72516c2505a6459a9ddbbfb186da2
which is the first commit adding this function.
v1.6-dev4 is the first tag containing this commit, the fix should
be
to modify the messages anyway.
Attached comes the complete series (v5). Again: Be extra careful
with the first patch, because it contains 8bit characters.
Best regards
Tim Duesterhus
Tim Duesterhus (8):
BUG/MINOR: sample: Fix encoding of sample.c
DOC: sample: Fix outdated comment about sample casts
The option does not seem to have any effect since at least haproxy
1.3. Also the `log-format` directive already warns when being used
in a backend.
---
doc/configuration.txt | 8 ++--
src/cfgparse.c| 12
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git
This removes the retry labels from spoe_send_frame and spoe_recv_frame
which are unused since d5216d474d69856a282e4443f180af2093a80d6c, which
is unreleased, but was backported to haproxy 1.8 as
f13f3a4babdb1ce23a7e982c765704bca728111a.
---
src/flt_spoe.c | 2 --
1 file changed, 2 deletions(-)
This removes the end label from memory.h.
The labels are unused as of cf975d46bca2515056a4f55e55fedbbc7b4eda59
which is unreleased (and incidentally the first commit containing
those labels, thus they never have been used).
---
include/common/memory.h | 4 ++--
1 file changed, 2 insertions(+), 2
This removes the end label from parse_process_number() which
is unused since 5ab51775e736511b7e54f42e080dcef76a284da9, which
first was released in haproxy 1.8.0.
---
src/cfgparse.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 40facd5da..27d7eee7b 100644
This removes the unused next_header_block and try_again labels
from mux_h2.c.
try_again is unused as of a76e4c21839cafd036fbe755416569206502c1d9,
which first appeared in haproxy 1.8.0.
next_header_block is unused as of 872855998bd03d5224e0e5cd6aef9b91e2a6de1d,
which was backported to haproxy
IPv6 addresses with two double colons are invalid.
This typo was introduced in commit 471851713af20d84b67b8966471ea758dc8c12b9.
---
include/common/standard.h | 2 +-
src/standard.c| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/common/standard.h
This option takes away system calls that are unneeded for haproxy's
operation and thus is a good defense in depth measure.
There are more system call sets available in newer SystemD versions,
but using those would make SystemD ignore the whole option when they
are not supported. This patch adds a
I'm running this exact settings on my Debian Stretch machine using haproxy
1.8.x, without issues so far.
The first patch could cause issues for users that store their configuration
in /home or /root, but I consider this unlikely.
Tim Duesterhus (2):
MINOR: systemd: Add SystemD's Protect
While the haproxy workers usually are running chrooted the master
process is not. This patch is a pretty safe defense in depth measure
to ensure haproxy cannot touch sensitive parts of the file system.
ProtectSystem takes non-boolean arguments in newer SystemD versions,
but setting those would
Willy,
attached is an updated patch that:
1. Only converts the addresses to IPv6 if at least one of them is IPv6.
But it does not convert them to IPv4 if both of them can be converted to
IPv4.
2. Does not copy the whole `struct connection`, but performs the conversion
inside
see https://www.mail-archive.com/haproxy@formilux.org/msg31015.html
---
reg-tests/lua/h1.lua | 15 +++
reg-tests/lua/h1.vtc | 36
2 files changed, 51 insertions(+)
create mode 100644 reg-tests/lua/h1.lua
create mode 100644
Düsterhus
Tim Duesterhus (1):
TMP: Add reg-test to check scoping of txn:get_priv()
reg-tests/lua/h1.lua | 15 +++
reg-tests/lua/h1.vtc | 36
2 files changed, 51 insertions(+)
create mode 100644 reg-tests/lua/h1.lua
create mode 100644
Currently only md5 signatures are generated. While md5
still is not broken with regard to preimage attacks, sha256
clearly is the current secure solution.
This patch should be backported to all supported branches.
---
scripts/publish-release | 7 ---
1 file changed, 4 insertions(+), 3
This option takes away system calls that are unneeded for haproxy's
operation and thus is a good defense in depth measure.
---
contrib/systemd/haproxy.service.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/contrib/systemd/haproxy.service.in
b/contrib/systemd/haproxy.service.in
index
While the haproxy workers usually are running chrooted the master
process is not. This patch is a pretty safe defense in depth measure
to ensure haproxy cannot touch sensitive parts of the file system.
ProtectSystem takes non-boolean arguments in newer SystemD versions,
but setting those would
This commit adds a warning for settings that possibly provide better
sandboxing and explains their tradeoffs.
---
contrib/systemd/haproxy.service.in | 6 ++
1 file changed, 6 insertions(+)
diff --git a/contrib/systemd/haproxy.service.in
b/contrib/systemd/haproxy.service.in
index
n this thread
as well!
Best regards
Tim Duesterhus (3):
MINOR: systemd: Add section for SystemD sandboxing to unit file
MINOR: systemd: Add SystemD's Protect*= options to the unit file
MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
contrib/systemd/haproxy.se
Pieter,
try the attached patch, please.
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
Subject: [PATCH] BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
PiBa-NL reported that haproxy crashes with a segmentation fault
if a function registered using
Valgrind's memcheck reports memory leaks in cli.c, because
the out parameter of memprintf is not properly freed:
==31035== 11 bytes in 1 blocks are definitely lost in loss record 16 of 101
==31035==at 0x4C2DB8F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31035==
It now makes use of the __AFL_LOOP macro to save on expensive exec(3)
calls.
---
contrib/hpack/decode.c | 77 +++---
1 file changed, 43 insertions(+), 34 deletions(-)
diff --git a/contrib/hpack/decode.c b/contrib/hpack/decode.c
index 9ef80f03..880c4571 100644
Valgrind reports:
==3389== Warning: invalid file descriptor -1 in syscall close()
Check for >= 0 before closing.
This bug was introduced in commit ce83b4a5dd48c000dec68f9d551945d21e9ac7ac
and is specific to 1.9. No backport needed.
---
src/haproxy.c | 3 ++-
1 file changed, 2 insertions(+), 1
Valgrind reports an invalid close of file descriptor -1. After this
patch haproxy that is started with:
./haproxy -d -Sa /scratch/haproxy/cli.sock -Ws -f ./haproxy.cfg
aborts in the child process to outline the place where the bug needs
to be fixed.
Best regards
---
src/haproxy.c | 2 ++
1
It read "non-zero" where it should read zero.
---
src/http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/http.c b/src/http.c
index 932f3cf7..1ca1805b 100644
--- a/src/http.c
+++ b/src/http.c
@@ -905,7 +905,7 @@ int http_find_next_url_param(const char **chunks,
}
It was introduced by 1915ca273832ba542d72eb0645dd7ccb6d5b945f
and should be backported to 1.9.
---
src/mux_h2.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/mux_h2.c b/src/mux_h2.c
index 586ff516..2972ca29 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2092,8 +2092,6 @@ static int
The if-statement was converted into a while-loop in
7fe45698f58a53dda9182a5970a2ea4bda9f92fe to handle EINTR.
This special handling was later replaced in
0a03c0f022faf2773995fc8b9d14256c8a306e5a by conn_sock_send.
The while-loop was not changed back and is not unconditionally
exited after one
`len` has already been checked to be strictly positive a few lines above.
This unreachable code was introduced in
82bf70dff4eff42397fecfcb9e97a0a7ce721c49.
---
src/http_act.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/src/http_act.c b/src/http_act.c
index 4f51d4a2..0346be0c 100644
ed completely.
One more thing: brotli theoretically supports passing a custom allocator.
I attempted to use a pool for that, but `BrotliEncoderState` is an opaque
struct.
Best regards
Tim Duesterhus
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
with it.
Best regards
Tim Duesterhus
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
RFC 7232 section 2.3.3 states:
> Note: Content codings are a property of the representation data,
> so a strong entity-tag for a content-encoded represent
od you can merge despite the RFC tag. I don't
plan doing any more changes unless you complain.
Best regards
Tim Duesterhus
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
RFC 7232 section 2.3.3 states:
> Note: Content codings are a property of the represent
- Update the list of status codes to include 201 - 203.
- Remove the fact about the temporary workaround for chunked responses
(this is verified using reg-test compression/h0.vtc).
- Add malformed ETags
see b229f018eedef4d18571ce6da23d8e153249a836
This commit should be backported together
Fixes typos introduced in 09e0d7422e64645ad6b03b66e94e5df80a6177fa
as well as anything found by `spell`.
---
CONTRIBUTING | 41 +
1 file changed, 21 insertions(+), 20 deletions(-)
diff --git a/CONTRIBUTING b/CONTRIBUTING
index 29a5c8d78..0fcd921e8 100644
Make HAProxy set the `Vary: Accept-Encoding` response header if it compressed
the server response.
Technically the `Vary` header SHOULD also be set for responses that would
normally be compressed based off the current configuration, but are not due
to a missing or invalid `Accept-Encoding`
This adds a converter for the SHA-2 family, supporting SHA-224, SHA-256
SHA-384 and SHA-512.
The converter relies on the OpenSSL implementation, thus only being available
when HAProxy is compiled with USE_OPENSSL.
See GitHub issue #123. The hypothetical `ssl_?_sha256` fetch can then be
simulated
Make HAProxy set the `Vary: Accept-Encoding` response header if the server
response would normally be compressed based off the current configuration.
Specifically make sure to:
1. Disregard the *request* headers ...
2. Disregard the current compression rate and other temporary conditions ...
...
ing cached multiple times (once
per `Accept-Encoding` request header).
Best regards
Tim Duesterhus (1):
BUG/MEDIUM: compression: Set Vary: Accept-Encoding if the response
would be compressed
reg-tests/compression/vary.vtc | 187 +
src/flt_http_comp.c
Willy,
read the cover letter of this thread before ignoring the first patch, just
because this one has a higher version number to avoid mistakes.
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
Make HAProxy set the `Vary: Accept-Encoding` response header if the
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.11) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
complains:
> src/debug.c: In function
We can't use `shut_your_big_mouth_gcc` here. Use the `!` trick suggested
by Vincent Bernat in the list in Message-ID: m3ftoek0k6@luffy.cx
---
include/common/debug.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/common/debug.h b/include/common/debug.h
index
Technically harmless, but it annoys clang analyzer.
This bug was introduced in 336d3ef0e77192582c98b3c578927a529ceadd9b.
This fix should be backported to HAProxy 1.9+.
---
src/flt_spoe.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/flt_spoe.c b/src/flt_spoe.c
index
Consider a config like:
global
log 127.0.0.1:10001 sample :10 local0
No sampling ranges are given here, leading to NULL being passed
as the first argument to qsort.
This configuration does not make sense anyway, a log without ranges
would never log. Thus output an error if no ranges
*
adjustments. The one in `proxy_parse_declare` might be questionable, though.
2. Actually fix an issue I could reproduce with a carefully crafted example
configuration.
Cc'd William on patch 4 (worker) and Christopher on 5 (spoe).
Tim Duesterhus (9):
BUG/MINOR: cfgparse: Pass correct type
clang analyzer had issues detecting that the status line is constructed
whenever the `H2_PHDR_FND_NONE` flag is set. Help it by BUG_ON(!sl).
Another possibility might be just replacing the check for `H2_PHDR_FND_NONE`
by a check for the existance of the status line: `!sl`. I'll leave the
Consider this configuration:
frontend fe_http
mode http
bind *:8080
default_backend be_http
backend be_http
mode http
server example example.com:80
program foo bar
Running with valgrind results in:
==16252== Invalid read of size 8
If an environment variable does not exist then `getenv` returns NULL.
This is accounted for in the calculation of `val_len`, setting `val_len`
to `0` if the variable does not exist.
However clang analzyer complains about passing NULL to `memcpy`, even if
the number of bytes to copy is `0`:
>
clang analyzer was unable to detect that at either the `request` or
the `response` case must match (this is ensured in line 455/456).
---
src/proxy.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/proxy.c b/src/proxy.c
index 731f5e2a6..97ae0fd55 100644
---
clang analzyer complains:
> Result of 'calloc' is converted to a pointer of type 'unsigned int', which
> is incompatible with sizeof operand type 'int'
This bug was introduced in f131481a0af79037bc6616edf450ae81d80084d7.
This fix must be backported to all branches containing that commit (2.0,
Apparently the analyzer does not detect that assigning the `1`
address will never return.
---
include/common/debug.h | 4
1 file changed, 4 insertions(+)
diff --git a/include/common/debug.h b/include/common/debug.h
index d6bc3c208..c38acdf53 100644
--- a/include/common/debug.h
+++
The struct mworker_proc is not uniformly freed everywhere, sometimes leading
to leaks of the `id` string (and possibly the other strings).
Introduce a mworker_free_child function instead of duplicating the freeing
logic everywhere to prevent this kind of issues.
This leak was reported in issue
This was found by reading the code while investigating issue #96 and not
verified with any tools:
If `child->pid` is falsy `child` will be freed instead of being added to
`proc_list`. The setting of `PROC_O_LEAVING` happens unconditionally after
this check.
Fix the issue by mising the setting of
They were deprecated with HAProxy 1.5. Time to remove them.
---
doc/configuration.txt | 139 ++---
examples/haproxy.vim | 4 +-
include/types/global.h | 6 +-
src/proxy.c| 29 -
4 files changed, 25 insertions(+), 153 deletions(-)
It is deprecated with HAProxy 1.5. Time to remove it.
---
doc/configuration.txt | 4
src/proxy.c | 1 -
2 files changed, 5 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 85309bcc9..86251768c 100644
--- a/doc/configuration.txt
+++
parser it appears to set different flags compared to 'option transparent'.
Can you please take a look at this and either add an appropriate warning or
remove the deprecated note from the docs?
Best regards
Tim Duesterhus (6):
CLEANUP: Make 'resolution_pool_size' directive fatal
CLEANUP: Make
It was deprecated with HAProxy 1.5. Time to remove it.
---
doc/configuration.txt | 30 --
include/types/global.h | 2 +-
src/cfgparse-listen.c | 30 --
3 files changed, 5 insertions(+), 57 deletions(-)
diff --git a/doc/configuration.txt
It is deprecated since 315b39c3914f4c2301ce19a93564566caa2ede50 (1.9-dev),
but only was deprecated in the docs.
Make it warn when being used and remove it from the docs.
---
doc/configuration.txt | 8
examples/haproxy.vim | 2 +-
include/types/global.h | 1 +
src/cfgparse-listen.c |
This directive never appeared in a stable release and instead was
introduced and deprecated within 1.8-dev. While it technically could
be outright removed we detect it and error out for good measure.
---
doc/configuration.txt | 5 -
src/cfgparse.c| 4 ++--
2 files changed, 2
It was deprecated with HAProxy 1.5. Time to remove it.
---
doc/configuration.txt | 26 --
include/types/global.h | 2 +-
src/cfgparse-listen.c | 14 +++---
3 files changed, 4 insertions(+), 38 deletions(-)
diff --git a/doc/configuration.txt
The struct mworker_proc is not uniformly freed everywhere, sometimes leading
to leaks of the `id` string (and possibly the other strings).
Introduce a mworker_free_child function instead of duplicating the freeing
logic everywhere to prevent this kind of issues.
This leak was reported in issue
Oops, my patch was incomplete, because I noticed that I missed one
location after creating the commit and forgot to amend after making
the necessary adjustments.
So here's version 2 that fixes the leak on SIGTERM in addition to the
leak on SIGUSR2.
Best regards
Tim Duesterhus
Tim Duesterhus (2
This was found by reading the code while investigating issue #96 and not
verified with any tools:
If `child->pid` is falsy `child` will be freed instead of being added to
`proc_list`. The setting of `PROC_O_LEAVING` happens unconditionally after
this check.
Fix the issue by mising the setting of
vars_check_arg previously leaked the string containing the variable
name:
Consider this config:
frontend fe1
mode http
bind :8080
http-request set-header X %[var(txn.host)]
Starting HAProxy and immediately stopping it by sending a SIGINT makes
Valgrind report this
William,
rebased the memory leak fix on top of master. Please review.
Best regards
Tim Duesterhus (1):
BUG/MINOR: mworker: Fix memory leak of mworker_proc members
include/proto/mworker.h | 2 ++
src/haproxy.c | 3 ++-
src/mworker-prog.c | 19 +--
src
The struct mworker_proc is not uniformly freed everywhere, sometimes leading
to leaks of the `id` string (and possibly the other strings).
Introduce a mworker_free_child function instead of duplicating the freeing
logic everywhere to prevent this kind of issues.
This leak was reported in issue
cfg_parse_peers previously leaked the contents of the `kws` string,
as it was unconditionally filled using bind_dump_kws, but only used
(and freed) within the error case.
Move the dumping into the error case to:
1. Ensure that the registered keywords are actually printed as least once.
2. The
://salsa.debian.org/haproxy-team/haproxy/blob/master/debian/patches/haproxy.service-use-environment-variables.patch
Co-authored-by: Tim Duesterhus
---
contrib/systemd/haproxy.service.in | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/contrib/systemd/haproxy.service.in
b/contrib/systemd
Unless the EXTRAOPTS variable is overriden in /etc/default/haproxy
the unit file will use the master socket by default.
This patch may be backported to 1.9 and depends on
MINOR: systemd: Use the variables from /etc/default/haproxy.
---
contrib/systemd/haproxy.service.in | 2 +-
1 file changed, 1
1 - 100 of 496 matches
Mail list logo
