From patchwork Tue Apr 12 10:33:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 5497 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Kd2Bg588zz3x1J for ; Tue, 12 Apr 2022 10:33:47 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Kd2Bf6vm9z4Kd; Tue, 12 Apr 2022 10:33:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Kd2Bf6WvGz2ydN; Tue, 12 Apr 2022 10:33:46 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Kd2Bf24WRz2xbS for ; Tue, 12 Apr 2022 10:33:46 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Kd2Bd71vGzdm; Tue, 12 Apr 2022 10:33:45 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1649759626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=YZpMfOK3HcnCWY5LLtosE+YDZvqMXKE7bT4Fy3DgG74=; b=L7jzxO7IOk6vUaPVpR71Hcje6k7FpKmICvXJRUjycKNKf+rPXkT3KN/eAeSMK4RK0pZgak 1wJNolCZbcoq1PBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1649759626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=YZpMfOK3HcnCWY5LLtosE+YDZvqMXKE7bT4Fy3DgG74=; b=wpxdcDPxsXE/D5e9DwSUEZVyheZ9wMrUV2BIf4cqBUuw9mKvO3W+ZaTU+2ohg9Itwx3bn+ RSEKDJjHbNS9oKnPHxdZpSfAZsaOM1taoxzEoSJHttQs+V6hcmQCS8O8v5P9kfGoF2FXn7 a6S0iLxJmehhGL+q+CYCdbyUjFizBvtTnxcuh6yPtzFSa8UqqSK0SEgHDBc4lsLZY8Qr/c QALAXwKFgGTP3+7kQT8x/rDgU+unrwxPBRX5ns+9tC5oxPNBbI352nJzidLjiL+PVcU7FM DX2aeNFZDcFsOrWbmGBvYJQIRFlNwU/3HEQtObT8rxVUSDis7NMDleGJPkQrQA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] haproxy: Update to version 2.5.5 Date: Tue, 12 Apr 2022 12:33:36 +0200 Message-Id: <20220412103336.59296-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 2.4.15 to 2.5.5 - Update of rootfile not required - Changelog 2.5.5 - CI: github actions: add the output of $CC -dM -E- - CI: github actions: use cache for OpenTracing - CI: refactor OpenTracing build script - CI: github actions: use cache for SSL libs - CI: Consistently use actions/checkout@v2 - BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers - BUILD: tree-wide: mark a few numeric constants as explicitly long long - BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() - REGTESTS: fix the race conditions in normalize_uri.vtc - REGTESTS: fix the race conditions in secure_memcmp.vtc - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST - BUG/MINOR: pool: always align pool_heads to 64 bytes - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed - BUILD: fix kFreeBSD build. - MINOR: pools: add a new global option "no-memory-trimming" - MINOR: stats: Add dark mode support for socket rows - BUILD: pools: fix backport of no-memory-trimming on non-linux OS - BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix - BUG/MINOR: add missing modes in proxy_mode_str() - BUG/MINOR: cli: shows correct mode in "show sess" - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing - DEBUG: stream: Add the missing descriptions for stream trace events - DEBUG: stream: Fix stream trace message to print response buffer state - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() - BUG/MEDIUM: httpclient: don't consume data before it was analyzed - CLEANUP: htx: remove unused co_htx_remove_blk() - BUG/MINOR: httpclient: consume partly the blocks when necessary - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers - BUG/MEDIUM: httpclient: must manipulate head, not first - REGTESTS: fix the race conditions in be2hex.vtc 2.5.4 - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer - DOC: Fix usage/examples of deprecated ACLs - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks - CI: github: enable pool debugging by default - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails 2.5.3 - MINOR: sock: move the unused socket cleaning code into its own function - BUG/MEDIUM: mworker: close unused transferred FDs on load failure - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload - BUG/MINOR: sink: Use the right field in appctx context in release callback - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes - BUG/MAJOR: compiler: relax alignment constraints on certain structures - MINOR: httpclient: Don't limit data transfer to 1024 bytes - BUG/MINOR: httpclient: reinit flags in httpclient_start() - BUG/MINOR: mailers: negotiate SMTP, not ESMTP - BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print - BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command - BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print - CLEANUP: httpclient/cli: fix indentation alignment of the help message - BUG/MINOR: tools: url2sa reads ipv4 too far - BUG/MEDIUM: httpclient: limit transfers to the maximum available room - DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected 2.5.2 - BUG/MEDIUM: connection: properly leave stopping list on error - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer - BUG/MINOR: httpclient: don't send an empty body - BUG/MINOR: httpclient: set default Accept and User-Agent headers - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers - BUILD/MINOR: fix solaris build with clang. - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl - DOC: management: mark "set server ssl" as deprecated - MEDIUM: cli: yield between each pipelined command - MINOR: channel: add new function co_getdelim() to support multiple delimiters - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change - BUG/MEDIUM: cli: Never wait for more data on client shutdown - BUG/MEDIUM: mcli: do not try to parse empty buffers - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them - BUG/MINOR: stream: make the call_rate only count the no-progress calls - DEBUG: cli: add a new "debug dev fd" expert command - BUILD: debug/cli: condition test of O_ASYNC to its existence - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY - REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 - BUG/MEDIUM: mworker: don't lose the stats socket on failed reload - BUG/MINOR: mworker: does not add the -sf in wait mode - BUG/MINOR: pools: always flush pools about to be destroyed - DEBUG: pools: add extra sanity checks when picking objects from a local cache - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool - DEBUG: pools: replace the link pointer with the caller's address on pool_free() - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks - BUG/MINOR: mworker: does not erase the pidfile upon reload - DEBUG: fd: make sure we never try to insert/delete an impossible FD number - MINOR: listener: replace the listener's spinlock with an rwlock - BUG/MEDIUM: listener: read-lock the listener during accept() - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation - BUG/MEDIUM: httpclient: Xfer the request when the stream is created - BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response " output - BUG/MINOR: jwt: Double free in deinit function - BUG/MINOR: jwt: Missing pkey free during cleanup - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls - BUG/MINOR: httpclient/cli: display junk characters in vsn - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies - BUG/MAJOR: spoe: properly detach all agents when releasing the applet - REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc - REGTESTS: peers: leave a bit more time to peers to synchronize - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream 2.5.1 - BUG/MINOR: cache: Fix loop on cache entries in "show cache" - BUG/MINOR: httpclient: allow to replace the host header - BUG/MINOR: lua: don't expose internal proxies - BUG/MINOR: lua: remove loop initial declarations - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time - BUILD: evports: remove a leftover from the dead_fd cleanup - BUG/MINOR: vars: Fix the set-var and unset-var converters - BUG/MINOR: server: Don't rely on last default-server to init server SSL context - BUG/MEDIUM: resolvers: Detach query item on response error - BUG/MAJOR: segfault using multiple log forward sections. - BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted - BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode - BUG/MINOR: mworker: deinit of thread poller was called when not initialized - MINOR: mux-h1: Improve H1 traces by adding info about http parsers - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query - MINOR: cli: "show version" displays the current process version - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode - MINOR: http-rules: Add capture action to http-after-response ruleset - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id - DOC: spoe: Clarify use of the event directive in spoe-message section - DOC: config: Specify %Ta is only available in HTTP mode - DOC: config: retry-on list is space-delimited - DOC: config: fix error-log-format example - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode - MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output - MINOR: pools: work around possibly slow malloc_trim() during gc - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch - BUG/MEDIUM: peers: properly skip conn_cur from incoming messages - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length - BUILD: ssl: unbreak the build with newer libressl - DOC: fix misspelled keyword "resolve_retries" in resolvers - DEBUG: ssl: make sure we never change a servername on established connections - BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server - REGTESTS: ssl: fix ssl_default_server.vtc - MINOR: compat: detect support for dl_iterate_phdr() - MINOR: debug: add ability to dump loaded shared libraries - MINOR: debug: add support for -dL to dump library names at boot - MINOR: proxy: add option idle-close-on-response - MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above. - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning - CI: Github Actions: do not show VTest failures if build failed - BUG/MINOR: ssl: free the fields in srv->ssl_ctx - BUG/MEDIUM: ssl: free the ckch instance linked to a server - REGTESTS: ssl: update of a crt with server deletion - BUILD/MINOR: cpuset FreeBSD 14 build fix. - CI: github actions: update OpenSSL to 3.0.1 - BUILD/MINOR: tools: solaris build fix on dladdr. - BUG/MINOR: cli: fix _getsocks with musl libc - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry - BUG/MEDIUM: mworker: don't use _getsocks in wait mode - BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data - BUILD: cpuset: fix build issue on macos introduced by previous change - CI: github actions: clean default step conditions 2.5.0 - BUILD: SSL: add quictls build to scripts/build-ssl.sh - BUILD: SSL: add QUICTLS to build matrix - CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis - BUILD: cli: clear a maybe-unused warning on some older compilers - BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword - BUG/MINOR: ssl: make SSL counters atomic - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: ssl: free correctly the sni in the backend SSL cache - MINOR: version: mention that it's stable now Signed-off-by: Adolf Belka --- lfs/haproxy | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/haproxy b/lfs/haproxy index 96911574d..7fa3b024e 100644 --- a/lfs/haproxy +++ b/lfs/haproxy @@ -26,7 +26,7 @@ include Config SUMMARY = The Reliable, High Performance TCP/HTTP Load Balancer -VER = 2.4.15 +VER = 2.5.5 # From: https://www.haproxy.org/download/2.4/src/haproxy-2.4.15.tar.gz @@ -36,7 +36,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = haproxy -PAK_VER = 20 +PAK_VER = 21 DEPS = @@ -54,7 +54,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 425444a54e22cca8d15cb808283be3baefcd2ce56447d91bce3b4f4b7f6606e03d2eb8a242891c619cfd0fad9aba5bb84026c68d41f07cd55f083481df234899 +$(DL_FILE)_BLAKE2 = 0680925026edf56f4369c71092c39f4ff3956a8cf04320326623b3031f719d62077acdca457a6cfd82f6bcbf510920113a0328a2d8cd4a208c3d9e49e1d431b5 install : $(TARGET)