This function generates a version 7 UUID as per
draft-ietf-uuidrev-rfc4122bis-14.
---
include/haproxy/tools.h | 1 +
src/tools.c | 25 +
2 files changed, 26 insertions(+)
diff --git a/include/haproxy/tools.h b/include/haproxy/tools.h
index
This adds support for UUIDv7 to the existing `uuid` sample fetch that was added
in 8a694b859cf98f8b0855b4aa5a50ebf64b501215.
---
doc/configuration.txt | 3 ++-
src/sample.c | 40 +---
2 files changed, 31 insertions(+), 12 deletions(-)
diff --git
No reg-tests added, as those doesn't allow meaningfully testing that the
UUIDv7 is actually a UUIDv7. I have manually checked the output against
https://uuid7.com/.
Best regards
Tim Duesterhus (3):
MINOR: tools: Rename `ha_generate_uuid` to `ha_generate_uuid_v4`
MINOR: Add `ha_generate_uuid_v7`
This is in preparation of adding support for other UUID versions.
---
addons/ot/src/scope.c | 2 +-
include/haproxy/tools.h | 2 +-
src/flt_spoe.c | 2 +-
src/sample.c| 2 +-
src/tools.c | 4 ++--
5 files changed, 6 insertions(+), 6 deletions(-)
diff --git
As per the `sd_notify` manual:
> A field carrying the monotonic timestamp (as per CLOCK_MONOTONIC) formatted
> in decimal in μs, when the notification message was generated by the client.
> This is typically used in combination with "RELOADING=1", to allow the
> service manager to properly
This reapplies strcmp.cocci across the whole src/ tree.
---
src/event_hdl.c | 2 +-
src/hlua_fcn.c | 8
src/sample.c| 2 +-
src/tcp_act.c | 4 ++--
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/event_hdl.c b/src/event_hdl.c
index f5bb5b6e7e..f4f7b19e4d 100644
This reapplies xalloc_cast.cocci across the whole src/ tree.
---
src/cpuset.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cpuset.c b/src/cpuset.c
index 82e350f132..a20b81a25d 100644
--- a/src/cpuset.c
+++ b/src/cpuset.c
@@ -280,7 +280,7 @@ int cpu_map_configured(void)
This reapplies ist.cocci across the whole src/ tree.
---
src/resolvers.c | 4 ++--
src/stick_table.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/resolvers.c b/src/resolvers.c
index f97fb29b01..d68208555f 100644
--- a/src/resolvers.c
+++ b/src/resolvers.c
@@
see also:
2a5fb62ad REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests
---
reg-tests/http-messaging/truncated.vtc | 1 -
1 file changed, 1 deletion(-)
diff --git a/reg-tests/http-messaging/truncated.vtc
b/reg-tests/http-messaging/truncated.vtc
index 7579f6d763..7f262d75dc 100644
---
Introduced in:
dfb1cea69 REGTESTS: promex: Adapt script to be less verbose
36d936dd1 REGTESTS: write a full reverse regtest
b57f15158 REGTESTS: provide a reverse-server test with name argument
f0bff2947 REGTESTS: provide a reverse-server test
see also:
fbbbc33df REGTESTS: Do not use
No functional change, but this upgrade is required, due to the v3 runtime being
deprecated:
> Node.js 16 actions are deprecated. Please update the following actions to use
> Node.js 20: actions/cache@v3. For more information see:
>
This reapplies 1eb049dc677f2de950158615ed3d8306ee5102d6, as the change was
accidentally reverted in 5ef48e063ecf992646c7af374153f106050fb8ec.
---
doc/configuration.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index
This is in preparation of a follow-up patch to fix the word converter.
---
reg-tests/converter/field.vtc | 4
1 file changed, 4 insertions(+)
diff --git a/reg-tests/converter/field.vtc b/reg-tests/converter/field.vtc
index 1243728c01..3b1d8198e3 100644
--- a/reg-tests/converter/field.vtc
Previously an expression like:
path,word(2,/) -m found
always returned `true`.
Bug exists since the `word` converter exists. That is:
c9a0f6d0232cf44d6b08d1964b9097a45a6c65f0
The same bug was previously fixed for the `field` converter in commit
4381d26edc03faa46401eb0fe82fd7be84be14fd.
word() mentions that delimiters at the start and end are ignored, but it does
not mention that consecutive delimiters are merged.
May be backported as far as the patch applies.
---
doc/configuration.txt | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git
This reapplies the xalloc_size.cocci patch across the whole `src/` tree.
see 16cc16dd8235e7eb6c38b7abd210bd1e1d96b1d9
see 63ee0e4c01b94aee5fc6c6dd98cfc4480ae5ea46
see 9fb57e8c175a0b852b06a0780f48eb8eaf321a47
---
src/log.c| 3 ++-
src/proto_quic.c | 2 +-
src/server.c | 4 ++--
No functional change, but we should keep this current.
see 5f4ddb54b05ae0355b1f64c22263a6bc381410df
---
.github/workflows/aws-lc.yml | 2 +-
.github/workflows/codespell.yml| 2 +-
.github/workflows/compliance.yml | 2 +-
.github/workflows/contrib.yml
Introduced in:
424981cde REGTEST: add ifnone-forwardfor test
b015b3eb1 REGTEST: add RFC7239 forwarded header tests
see also:
fbbbc33df REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+
---
reg-tests/http-rules/forwarded-header-7239.vtc | 2 +-
reg-tests/http-rules/ifnone-forwardfor.vtc
Lua's `get_stats` function stopped working in
4cfb0019e65bce79953164eddf54c1bbb61add62, due to the addition a new field
ST_F_PROTO without a corresponding entry in `stat_fields`.
Fix the issue by adding the entry, like
a46b142e8807ea640e041d3a29e3fd427844d559 did previously for a different field.
Previously performing a config check of `.github/h2spec.config` would report a
20 byte leak as reported in GitHub Issue #2082.
The leak was introduced in a6c0a59e9af65180c3ff591b91855bea8d19b352, which is
dev only. No backport needed.
---
src/ssl_sock.c | 2 ++
1 file changed, 2 insertions(+)
HAProxy 2.0 is the lowest supported version, thus this never matches.
---
reg-tests/http-rules/h1_to_h1c.vtc | 186 -
1 file changed, 186 deletions(-)
delete mode 100644 reg-tests/http-rules/h1_to_h1c.vtc
diff --git a/reg-tests/http-rules/h1_to_h1c.vtc
HAProxy 2.0 is the lowest supported version, thus this always matches.
see 1b095cac9468d0c3eeb157e9b1a2947487bd3c83
---
reg-tests/cache/basic.vtc | 2 --
reg-tests/cache/sample_fetches.vtc | 2 --
reg-tests/compression/basic.vtc
HAProxy 2.0 is the lowest supported version, thus this always matches.
see 1b095cac9468d0c3eeb157e9b1a2947487bd3c83
---
reg-tests/balance/balance-uri.vtc | 1 -
reg-tests/checks/tcp-checks-socks4.vtc | 1 -
reg-tests/http-rules/acl_cli_spaces.vtc| 2 --
These functions were previously called once per compiler. Add the `lru_cache`
decorator to only perform one HTTP request each.
---
.github/matrix.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/matrix.py b/.github/matrix.py
index 7cd04e88a6..3df259cd8c 100755
---
The initial version of matrix.py was formatted using `black` [1], but with all
the later changes, the formatting diverged quite a bit. This patch reformats
the script using black, fixing the indentation of some statements and
shortening overlong lines.
[1] https://github.com/psf/black
---
Since 4a04cd35ae89bf6a3bb7620f7a49804de3240ac4 (CI: github: split ssl lib
selection based on git branch) the branch, instead of the workflow type is
passed. The headline should reflect that.
---
.github/matrix.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
For consistency with `GITHUB_OUTPUT` at the bottom.
---
.github/matrix.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/matrix.py b/.github/matrix.py
index e03453aa4d..c58bb7acd4 100755
--- a/.github/matrix.py
+++ b/.github/matrix.py
@@ -29,7 +29,7 @@ def
with.
Best regards
Tim Duesterhus (6):
CI: Improve headline in matrix.py
CI: Add in-memory cache for the latest OpenSSL/LibreSSL
CI: Use proper `if` blocks instead of conditional expressions in
matrix.py
CI: Unify the `GITHUB_TOKEN` name across matrix.py and vtest.yml
CI: Explicitly check
This makes naming a little clearer in matrix.py, because the name matches the
name of the actual secret.
---
.github/matrix.py | 4 ++--
.github/workflows/vtest.yml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/matrix.py b/.github/matrix.py
index
For complex expressions, such as the ones modified, the condition expression is
much less readable, especially with the actual condition in the middle of the
"then" and "else" part.
---
.github/matrix.py | 29 -
1 file changed, 24 insertions(+), 5 deletions(-)
diff
William,
On 12/6/22 19:40, William Lallemand wrote:
> I disagree, porting to a new API is not something you would do just
> before a release, you need to do it progressively if possible, because
> it could introduce heavy development and sometimes discussions with the
> library developers and
See "CI: Replace the deprecated `::set-output` command by writing to
$GITHUB_OUTPUT in matrix.py" for the reasoning behind this commit.
---
.github/workflows/compliance.yml | 4 ++--
.github/workflows/vtest.yml | 4 ++--
.github/workflows/windows.yml| 2 +-
3 files changed, 5
As announced in
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
the `::set-output` command is deprecated, because processes during the workflow
execution might output untrusted information that might include the
`::set-output` command, thus
This reapplies strcmp.cocci across the whole src/ tree.
---
src/cfgparse-quic.c | 4 ++--
src/flt_bwlim.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/cfgparse-quic.c b/src/cfgparse-quic.c
index 5268e9adaf..f6706f2e0d 100644
--- a/src/cfgparse-quic.c
+++
Willy,
as with the past branches, I've reapplied the Coccinelle patches to do
some cleanup before the release.
Best regards
Tim Duesterhus (2):
CLEANUP: Reapply ist.cocci (2)
CLEANUP: Reapply strcmp.cocci
src/cfgparse-quic.c | 4 ++--
src/flt_bwlim.c | 4 ++--
src/hlua.c | 3
This reapplies ist.cocci across the whole src/ tree.
---
src/hlua.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/hlua.c b/src/hlua.c
index 19932a5b12..1595368796 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -6511,8 +6511,7 @@ static void _hlua_http_msg_delete(struct
This reapplies the xalloc_size.cocci patch across the whole `src/` tree.
see 16cc16dd8235e7eb6c38b7abd210bd1e1d96b1d9
see 63ee0e4c01b94aee5fc6c6dd98cfc4480ae5ea46
---
src/ncbuf.c | 2 +-
src/proto_quic.c | 2 +-
src/quic_sock.c | 3 ++-
3 files changed, 4 insertions(+), 3 deletions(-)
2.5 is neither the newest stable version, nor the newest LTS version, thus
there is no reason for it to be highlighted.
---
docs/index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/index.html b/docs/index.html
index 4aa77c9..403fce9 100644
--- a/docs/index.html
+++
The missing space before the colon causes haproxy-dconv to misparse the
configuration.txt.
---
doc/configuration.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3a5728539..6343f9f13 100644
--- a/doc/configuration.txt
Introduced in:
18c13d3bd MEDIUM: http-ana: Add a proxy option to restrict chars in request
header names
see also:
fbbbc33df REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+
---
reg-tests/http-rules/restrict_req_hdr_names.vtc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
This is impossible, because we pass a destination buffer that is appropriately
sized to hold an IPv6 address.
This is related to GitHub issue #1599.
---
src/tools.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/tools.c b/src/tools.c
index 79d1d5c9b..4ecbdc4d7 100644
The given size must be the size of the destination buffer, not the size of the
(binary) address representation.
This fixes GitHub issue #1599.
The bug was introduced in 92149f9a82a9b55c598f1cc815bc330c555f3561 which is in
2.4+. The fix must be backported there.
---
src/tools.c | 2 +-
1 file
This is impossible, because we pass a destination buffer that is appropriately
sized to hold an IPv6 address.
This is related to GitHub issue #1599.
---
src/tools.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/tools.c b/src/tools.c
index b9a1121c6..ce82fea4a 100644
If QUIC support is enabled both branches of the ternary conditional are
identical, upsetting Coverity. Move the full conditional into the non-QUIC
preprocessor branch to make the code more clear.
This resolves GitHub issue #1710.
---
src/tools.c | 7 ---
1 file changed, 4 insertions(+), 3
Even if `unique_id` and `s->unique_id` are identical it is a bit odd to
`isttest()` `unique_id` and then use `s->unique_id` in the call to
`http_add_header()`.
This "issue" was introduced in a17e66289c08a5bfadc1bb5b5f2c618c9299fe1b,
because before that commit the function returned the length of
Found with -Wmissing-prototypes:
src/hlua_fcn.c:53:5: fatal error: no previous prototype for function
'hlua_checkboolean' [-Wmissing-prototypes]
int hlua_checkboolean(lua_State *L, int index)
^
src/hlua_fcn.c:53:1: note: declare 'static' if the function is not intended
to be
This function has no prototype defined in a header and is not used in hlua.c
either, thus it can be safely removed. Found with -Wmissing-prototypes.
---
src/hlua.c | 10 --
1 file changed, 10 deletions(-)
diff --git a/src/hlua.c b/src/hlua.c
index ef967a515..abe3556b6 100644
---
Found with -Wmissing-prototypes:
src/ssl_utils.c:22:5: fatal error: no previous prototype for function
'cert_get_pkey_algo' [-Wmissing-prototypes]
int cert_get_pkey_algo(X509 *crt, struct buffer *out)
^
src/ssl_utils.c:22:1: note: declare 'static' if the function is not
Found with -Wmissing-prototypes:
src/hlua_fcn.c:53:5: fatal error: no previous prototype for function
'hlua_checkboolean' [-Wmissing-prototypes]
int hlua_checkboolean(lua_State *L, int index)
^
src/hlua_fcn.c:53:1: note: declare 'static' if the function is not intended
to be
It appears that it is safe to call perform a clean deinit at this point, so
let's do this to exercise the deinit paths some more.
Running `valgrind --leak-check=full --show-leak-kinds=all ./haproxy -vv` with
this change reports:
==261864== HEAP SUMMARY:
==261864== in use at exit: 344
To make the deinit function a proper inverse of the init function we need to
free the `http_err_chunks`:
==252081== 311,296 bytes in 19 blocks are still reachable in loss record 50
of 50
==252081==at 0x483B7F3: malloc (in
A config like the following:
global
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd
listeners
resolvers unbound
nameserver unbound 127.0.0.1:53
will report the following leak when running a configuration check:
==241882== 6,991 (6,952 direct, 39
No functional change, but we should keep this current.
---
.github/workflows/codespell.yml| 2 +-
.github/workflows/compliance.yml | 2 +-
.github/workflows/contrib.yml | 2 +-
.github/workflows/coverity.yml | 2 +-
.github/workflows/musl.yml
No functional changes for our use case, but we should keep this current.
---
.github/workflows/vtest.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml
index e413b20f5..7a1c1ef62 100644
---
Previous uses of `ist.cocci` did not add `--include-headers-for-types` and
`--recursive-includes` preventing Coccinelle seeing `struct ist` members of
other structs.
Reapply the patch with proper flags to further clean up the use of the ist API.
The command used was:
spatch -sp_file
're seeing.
I've fixed a bug in the ist.cocci, reapplied it on the whole tree and then
turned the bugfix into another rule and applied that one.
Best regards
Tim Duesterhus (4):
DEV: coccinelle: Fix incorrect replacement in ist.cocci
CLEANUP: Reapply ist.cocci with `--include-headers
This was previously ignored in "DEV: coccinelle: Fix incorrect replacement in
ist.cocci",
but is now properly replaced by a simple `ist()` call.
---
dev/coccinelle/ist.cocci | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/dev/coccinelle/ist.cocci
This makes use of the newly added:
- i.ptr = p;
- i.len = strlen(i.ptr);
+ i = ist(p);
patch.
---
src/http_act.c | 15 +--
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/src/http_act.c b/src/http_act.c
index b7ec31241..133a30c6a 100644
---
We must not use `ist2()` if the value of `i.len` is derived from the value of
`i.ptr`:
i.ptr = "foo";
i.len = strlen(i.ptr);
---
dev/coccinelle/ist.cocci | 5 +
1 file changed, 5 insertions(+)
diff --git a/dev/coccinelle/ist.cocci b/dev/coccinelle/ist.cocci
index
Introduced in:
0657b9338 MINOR: stream: add "last_rule_file" and "last_rule_line" samples
---
reg-tests/log/last_rule.vtc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/reg-tests/log/last_rule.vtc b/reg-tests/log/last_rule.vtc
index b57251912..e69516654 100644
---
Found manually, while creating the previous commits to turn `struct proxy`
members into ists.
There is an existing Coccinelle rule to replace this pattern by `istadv()` in
`ist.cocci`:
@@
struct ist i;
expression e;
@@
- i.ptr += e;
- i.len -= e;
+ i = istadv(i, e);
This is a little cleaner, because the length of the resulting string does not
need to be calculated manually.
---
src/mux_fcgi.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index a22bc9391..0a8679019 100644
--- a/src/mux_fcgi.c
+++
, but
I didn't specifically test FCGI (and there are no exiting reg-tests for that).
So please carefully check the patches for dumb mistakes.
Best regards
Tim Duesterhus (6):
MINOR: proxy: Store monitor_uri as a `struct ist`
MINOR: proxy: Store fwdfor_hdr_name as a `struct ist`
MINOR: proxy
The monitor_uri is already processed as an ist in `http_wait_for_request`, lets
also just store it as such.
see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a
very similar past commit.
---
include/haproxy/proxy-t.h | 3 +--
src/cfgparse-listen.c | 9 +++--
The server_id_hdr_name is already processed as an ist in various locations lets
also just store it as such.
see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a
very similar past commit.
---
include/haproxy/proxy-t.h | 3 +--
src/cfgparse-listen.c | 9 -
The orgto_hdr_name is already processed as an ist in `http_process_request`,
lets also just store it as such.
see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a
very similar past commit.
---
include/haproxy/proxy-t.h | 3 +--
src/cfgparse-listen.c | 14
The fwdfor_hdr_name is already processed as an ist in `http_process_request`,
lets also just store it as such.
see 0643b0e7e ("MINOR: proxy: Make `header_unique_id` a `struct ist`") for a
very similar past commit.
---
include/haproxy/proxy-t.h | 3 +--
src/cfgparse-listen.c | 14
see 5cd4bbd7a ("BUG/MAJOR: threads/queue: Fix thread-safety issues on the
queues management")
---
src/queue.c | 15 +++
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/queue.c b/src/queue.c
index b1be766b9..002b94b85 100644
--- a/src/queue.c
+++ b/src/queue.c
@@
With BUG_ON() being enabled by default it is more useful to use a BUG_ON()
instead of an effectively never-taken if, as any incorrect assumptions will
become much more visible.
see 488ee7fb6e4a388bb68153341826a6391da794e9
---
src/connection.c | 9 -
1 file changed, 4 insertions(+), 5
Transform the unreachability comment into a call to `my_unreachable()` to allow
the compiler from benefitting from it.
see d1b15b6e9b4d4d378a6169929a86f25b95eafc57
see 615f81eb5ad3e8c691901db8ce3e6a4a6b6efa49
---
src/connection.c | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
v2 is the current version of the checkout action and faster than v1.
---
.github/workflows/compliance.yml | 2 +-
.github/workflows/musl.yml | 2 +-
.github/workflows/openssl-nodeprecated.yml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git
HAProxy 1.8 is the lowest supported version, thus this always matches.
see 1b095cac9468d0c3eeb157e9b1a2947487bd3c83
---
reg-tests/checks/agent-check.vtc | 1 -
reg-tests/seamless-reload/abns_socket.vtc | 1 -
reg-tests/server/cli_set_fdqn.vtc | 1 -
3 files changed, 3
The function leaked one full buffer per invocation. Fix this by simply removing
the call to alloc_trash_chunk(), the static chunk from get_trash_chunk() is
sufficient.
This bug was introduced in 0a72f5ee7c2a61bdb379436461269315c776b50a, which is
2.5-dev10. This fix needs to be backported to 2.5+.
This makes it clear to static analysis tools that this assignment is
intentional and not a mistyped comparison.
---
src/sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sock.c b/src/sock.c
index e3d4a6e4c..f11c5b0c4 100644
--- a/src/sock.c
+++ b/src/sock.c
@@ -74,7
This is to make use of `chunk_istcat()`.
---
src/cache.c | 2 +-
src/http_fetch.c | 2 +-
src/http_htx.c | 4 ++--
src/mux_fcgi.c | 10 +-
src/tcpcheck.c | 4 ++--
5 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index
Delegate chunk_istcat, chunk_cat and chunk_strncat to the most generic
chunk_memcat.
---
include/haproxy/chunk.h | 41 +
1 file changed, 13 insertions(+), 28 deletions(-)
diff --git a/include/haproxy/chunk.h b/include/haproxy/chunk.h
index
Hi Willy,
find my (probably :-) ) final CLEANUP series for 2.5.
Regarding the final patch:
'chunk_strncat()' appears to be completely redundant, it simply passes through
the arguments and even takes an int instead of a size_t. Should it be removed?
Best regards
Tim Düsterhus
Tim Duesterhus (6
This replaces `if (i.len > e) i.len = e;` by `isttrim(i, e)`.
---
dev/coccinelle/ist.cocci | 8
1 file changed, 8 insertions(+)
diff --git a/dev/coccinelle/ist.cocci b/dev/coccinelle/ist.cocci
index 5b6aa6b2c..7e9a6ac05 100644
--- a/dev/coccinelle/ist.cocci
+++
This replaces `chunk_memcat()` with `chunk_istcat()` if the parameters are the
ist's `.ptr` and `.len`.
---
dev/coccinelle/ist.cocci | 8
1 file changed, 8 insertions(+)
diff --git a/dev/coccinelle/ist.cocci b/dev/coccinelle/ist.cocci
index 7e9a6ac05..4945141b2 100644
---
Make use of the new rules to use `isttrim()`.
---
src/cache.c | 3 +--
src/flt_trace.c | 3 +--
src/hlua.c | 6 ++
src/http_ana.c | 3 +--
src/log.c | 6 ++
5 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index ba2b63c49..e871a7b30
This replaces `chunk_strncat()` with `chunk_istcat()` if the parameters are the
ist's `.ptr` and `.len`.
---
dev/coccinelle/ist.cocci | 8
1 file changed, 8 insertions(+)
diff --git a/dev/coccinelle/ist.cocci b/dev/coccinelle/ist.cocci
index 4945141b2..680afbade 100644
---
Use a consistent size as the parameter for the *alloc family.
---
src/ev_evports.c | 2 +-
src/hlua.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/ev_evports.c b/src/ev_evports.c
index 710d51236..73e97517c 100644
--- a/src/ev_evports.c
+++ b/src/ev_evports.c
@@
Introduced in ef00c533e1ed37b414aab912f492be794ab589cc.
---
dev/coccinelle/ist.cocci | 1 -
1 file changed, 1 deletion(-)
diff --git a/dev/coccinelle/ist.cocci b/dev/coccinelle/ist.cocci
index 97ce0a2ad..598ffa3e2 100644
--- a/dev/coccinelle/ist.cocci
+++ b/dev/coccinelle/ist.cocci
@@ -31,7
Make use of the new rules to use `istend()`.
---
src/h1.c | 4 ++--
src/h2.c | 2 +-
src/hlua.c | 2 +-
src/http_htx.c | 11 ++-
src/htx.c | 11 +++
src/tcpcheck.c | 3 ++-
6 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/src/h1.c
This replaces `i.ptr + i.len` by `istend()`.
---
dev/coccinelle/ist.cocci | 7 +++
1 file changed, 7 insertions(+)
diff --git a/dev/coccinelle/ist.cocci b/dev/coccinelle/ist.cocci
index 598ffa3e2..5b6aa6b2c 100644
--- a/dev/coccinelle/ist.cocci
+++ b/dev/coccinelle/ist.cocci
@@ -41,6 +41,13
Make use of the new rules to use `istnext()`.
---
src/cache.c| 24
src/http_htx.c | 12
src/mqtt.c | 2 +-
3 files changed, 17 insertions(+), 21 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index feab63f07..ba2b63c49 100644
--- a/src/cache.c
This matches both `istadv(..., 1)` as well as raw `.ptr++` uses.
---
dev/coccinelle/ist.cocci | 16
1 file changed, 16 insertions(+)
diff --git a/dev/coccinelle/ist.cocci b/dev/coccinelle/ist.cocci
index c3243302f..97ce0a2ad 100644
--- a/dev/coccinelle/ist.cocci
+++
This patch effectively is identical to 7ba98480cc5b2ede0fd4cca162959f66beb82c82.
---
reg-tests/connection/cli_src_dst.vtc| 3 +--
reg-tests/http-messaging/http_transfer_encoding.vtc | 4 ++--
reg-tests/http-messaging/srv_ws.vtc | 5 ++---
Found using clang's scan-build.
---
admin/halog/halog.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/admin/halog/halog.c b/admin/halog/halog.c
index 900cf5d46..f368c1c6f 100644
--- a/admin/halog/halog.c
+++ b/admin/halog/halog.c
@@ -551,7 +551,8 @@ int
Use `ha_free()` where possible.
---
src/action.c | 3 +--
src/server.c | 3 +--
src/ssl_ckch.c | 6 ++
3 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/src/action.c b/src/action.c
index ba465a253..1de97692e 100644
--- a/src/action.c
+++ b/src/action.c
@@ -39,8 +39,7 @@ int
Taken from 61cfdf4fd8a93dc6fd9922d5b309a71bdc7d2853.
---
dev/coccinelle/ha_free.cocci | 6 ++
1 file changed, 6 insertions(+)
create mode 100644 dev/coccinelle/ha_free.cocci
diff --git a/dev/coccinelle/ha_free.cocci b/dev/coccinelle/ha_free.cocci
new file mode 100644
index
It is not useful to start a configuration where an invalid static string is
provided as the JWT algorithm. Better make the administrator aware of the
suspected typo by failing to start.
---
src/sample.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/sample.c
Hi Remi, Willy,
Is the length check at the start of `jwt_parse_alg()` actually useful? I would
expect that the vast majority of strings passed are valid algorithms that are
*not* `none`. Thus I expect this `if()` to almost never be `true`.
Should the `if()` be removed and a new `case 'n'` be
This branch is no longer required, because the `!nsize` case is handled for any
value of `ptr` now.
see 22586524e32f14c44239063088a38ccea8abc9b7
see a5efdff93c36f75345a2a18f18bffee9b602bc7b
---
src/hlua.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/hlua.c b/src/hlua.c
index
This coccinelle patch finds locations where the return value of `realloc()` is
assigned to the pointer passed to `realloc()`. This calls will leak memory if
`realloc()` returns `NULL`.
---
dev/coccinelle/realloc_leak.cocci | 6 ++
1 file changed, 6 insertions(+)
create mode 100644
`trash` was completely unused within this function.
---
src/jwt.c | 10 +-
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/src/jwt.c b/src/jwt.c
index d075bcfd4..94bfa5adb 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -214,14 +214,9 @@ jwt_jwsverify_rsa_ecdsa(const struct jwt_ctx
The OpenSSL documentation (https://www.openssl.org/docs/man1.1.0/man3/HMAC.html)
specifies:
> It places the result in md (which must have space for the output of the hash
> function, which is no more than EVP_MAX_MD_SIZE bytes). If md is NULL, the
> digest is placed in a static array. The size of
see 6a0dd733906611dea958cf74b9f51bb16028ae20
Found using GitHub's CodeQL scan.
---
include/haproxy/stick_table-t.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/haproxy/stick_table-t.h b/include/haproxy/stick_table-t.h
index 3b1f2b3ef..133f992b5 100644
---
This change locks down the permissions of the access token in GitHub Actions to
only allow reading the repository contents and nothing else.
see
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
---
.github/workflows/codespell.yml
This patch cleans up the formatting within the .yml definition files for GitHub
Actions to ensure a consistent look across all actions.
---
.github/workflows/codespell.yml| 15 +++---
.github/workflows/compliance.yml | 2 +-
.github/workflows/contrib.yml | 2 -
1 - 100 of 495 matches
Mail list logo
