include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
-PKG_VERSION:=2.0.0
-PKG_RELEASE:=3
+PKG_VERSION:=2.0.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.0/src
-PKG_HASH:=fe0a0d69e1091066a91b8d39199c19af8748e0e872961c6fc43c91ec7a28ff20
+PKG_HASH:=9975c475ba6f19aac4b665d8705f7b9f7911df7fc316ba7b9efd6fe263181eb1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
#!/bin/bash
CLONEURL=http://git.haproxy.org/git/haproxy-2.0.git
-BASE_TAG=v2.0.0
+BASE_TAG=v2.0.1
TMP_REPODIR=tmprepo
PATCHESDIR=patches
+++ /dev/null
-commit 032cff38c24d8359dc575423a94d19b6ad8bf848
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Mon Jun 17 11:44:47 2019 +0200
-
- BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built
-
- When an H2 request is converted into an HTX message, All cookie headers are
- grouped into one, each value separated by a semicolon (;). To do so, we add the
- header "cookie" with the first value and then we update the value by appending
- other cookies. But during this operation, only the size of the HTX block is
- updated. And not the data length of the whole HTX message.
-
- It is an old bug and it seems to work by chance till now. But it may lead to
- undefined behaviour by time to time.
-
- This patch must be backported to 2.0 and 1.9
-
- (cherry picked from commit 0c6de00d7c842a682bba7586ef34fb10f69ec63c)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/h2.c b/src/h2.c
-index 9681aca5..32c1ef16 100644
---- a/src/h2.c
-+++ b/src/h2.c
-@@ -737,6 +737,7 @@ int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *ms
- goto fail;
-
- htx_set_blk_value_len(blk, tl);
-+ htx->data += vl+2;
- *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
- *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
- memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);
--- /dev/null
+commit 1bd140ea3fab97ccd37adf9d0c106d52af9e53fa
+Author: William Lallemand <wlallemand@haproxy.com>
+Date: Mon Jul 1 10:56:15 2019 +0200
+
+ BUG/MINOR: mworker/cli: don't output a \n before the response
+
+ When using a level lower than admin on the master CLI, a \n is output
+ before the response, this is caused by the response of the "operator" or
+ "user" that are sent before the actual command.
+
+ To fix this problem we introduce the flag APPCTX_CLI_ST1_NOLF which ask
+ a command response to not be followed by the final \n.
+ This patch made a special case with the command operator and user
+ followed by a - so they are not followed by \n.
+
+ This patch must be backported to 2.0 and 1.9.
+
+ (cherry picked from commit ad03288e6b28d816abb443cf8c6d984a72bb91a6)
+ Signed-off-by: William Lallemand <wlallemand@haproxy.org>
+
+diff --git a/include/types/applet.h b/include/types/applet.h
+index c9e02d17..1f3a4983 100644
+--- a/include/types/applet.h
++++ b/include/types/applet.h
+@@ -50,6 +50,7 @@ struct applet {
+
+ #define APPCTX_CLI_ST1_PROMPT (1 << 0)
+ #define APPCTX_CLI_ST1_PAYLOAD (1 << 1)
++#define APPCTX_CLI_ST1_NOLF (1 << 2)
+
+ /* Context of a running applet. */
+ struct appctx {
+diff --git a/src/cli.c b/src/cli.c
+index 44ddc7bf..9a9f80f9 100644
+--- a/src/cli.c
++++ b/src/cli.c
+@@ -821,7 +821,7 @@ static void cli_io_handler(struct appctx *appctx)
+ prompt = "\n> ";
+ }
+ else {
+- if (!(appctx->st1 & APPCTX_CLI_ST1_PAYLOAD))
++ if (!(appctx->st1 & (APPCTX_CLI_ST1_PAYLOAD|APPCTX_CLI_ST1_NOLF)))
+ prompt = "\n";
+ }
+
+@@ -848,6 +848,8 @@ static void cli_io_handler(struct appctx *appctx)
+
+ /* switch state back to GETREQ to read next requests */
+ appctx->st0 = CLI_ST_GETREQ;
++ /* reactivate the \n at the end of the response for the next command */
++ appctx->st1 &= ~APPCTX_CLI_ST1_NOLF;
+ }
+ }
+
+@@ -1442,6 +1444,10 @@ static int cli_parse_show_lvl(char **args, char *payload, struct appctx *appctx,
+ /* parse and set the CLI level dynamically */
+ static int cli_parse_set_lvl(char **args, char *payload, struct appctx *appctx, void *private)
+ {
++ /* this will ask the applet to not output a \n after the command */
++ if (!strcmp(args[1], "-"))
++ appctx->st1 |= APPCTX_CLI_ST1_NOLF;
++
+ if (!strcmp(args[0], "operator")) {
+ if (!cli_has_level(appctx, ACCESS_LVL_OPER)) {
+ return 1;
+@@ -2097,11 +2103,11 @@ int pcli_parse_request(struct stream *s, struct channel *req, char **errmsg, int
+ if (pcli_has_level(s, ACCESS_LVL_ADMIN)) {
+ goto end;
+ } else if (pcli_has_level(s, ACCESS_LVL_OPER)) {
+- ci_insert_line2(req, 0, "operator", strlen("operator"));
+- ret += strlen("operator") + 2;
++ ci_insert_line2(req, 0, "operator -", strlen("operator -"));
++ ret += strlen("operator -") + 2;
+ } else if (pcli_has_level(s, ACCESS_LVL_USER)) {
+- ci_insert_line2(req, 0, "user", strlen("user"));
+- ret += strlen("user") + 2;
++ ci_insert_line2(req, 0, "user -", strlen("user -"));
++ ret += strlen("user -") + 2;
+ }
+ }
+ end:
--- /dev/null
+commit aa2ecea6f711f50192476b26a5b1d767108bd761
+Author: Olivier Houchard <ohouchard@haproxy.com>
+Date: Fri Jun 28 14:10:33 2019 +0200
+
+ BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
+
+ Checks use ssl_sock_set_alpn() to set the ALPN if check-alpn is used, however
+ check-alpn failed to check if the connection was indeed using SSL, and thus,
+ would crash if check-alpn was used on a non-SSL connection. Fix this by
+ making sure the connection uses SSL before attempting to set the ALPN.
+
+ This should be backported to 2.0 and 1.9.
+
+ (cherry picked from commit e488ea865a433d93efcb14c0c602918070c6b208)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/ssl_sock.c b/src/ssl_sock.c
+index 05240063..c9fffbec 100644
+--- a/src/ssl_sock.c
++++ b/src/ssl_sock.c
+@@ -6411,6 +6411,9 @@ void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int l
+ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ struct ssl_sock_ctx *ctx = conn->xprt_ctx;
+
++ if (!ssl_sock_is_ssl(conn))
++ return;
++
+ SSL_set_alpn_protos(ctx->ssl, alpn, len);
+ #endif
+ }
+++ /dev/null
-commit 5a8549e68225070d0b79cbbb9c5f791e103685e7
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Mon Jun 17 13:36:06 2019 +0200
-
- BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware
-
- These bindings were not updated to support HTX streams.
-
- This patch must be backported to 2.0 and 1.9. It fixes the issue #124.
-
- (cherry picked from commit ea418748dd22331e9798cfd8f5e25b436cd577e3)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/hlua.c b/src/hlua.c
-index 28abd083..32f0e8db 100644
---- a/src/hlua.c
-+++ b/src/hlua.c
-@@ -5375,7 +5375,13 @@ __LJMP static inline int hlua_http_rep_hdr(lua_State *L, struct hlua_txn *htxn,
- if (!(re = regex_comp(reg, 1, 1, NULL)))
- WILL_LJMP(luaL_argerror(L, 3, "invalid regex"));
-
-- http_transform_header_str(htxn->s, msg, name, name_len, value, re, action);
-+ if (IS_HTX_STRM(htxn->s)) {
-+ struct htx *htx = htxbuf(&msg->chn->buf);
-+
-+ htx_transform_header_str(htxn->s, msg->chn, htx, ist2(name, name_len), value, re, action);
-+ }
-+ else
-+ http_transform_header_str(htxn->s, msg, name, name_len, value, re, action);
- regex_free(re);
- return 0;
- }
--- /dev/null
+commit 9fa93f6220a374f724491fd781d44d31f307671f
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Fri Jun 28 17:41:42 2019 +0200
+
+ BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
+
+ We must take care of this when the stream is detached from the
+ connection. Otherwise, on the server side, the connexion is inserted in the list
+ of idle connections of the session. But when reused, because the shutdown for
+ writes was already catched, nothing is sent to the server and the session is
+ blocked with a freezed connection.
+
+ This patch must be backported to 2.0 and 1.9. It is related to the issue #136
+ reported on Github.
+
+ (cherry picked from commit 3ac0f43020e1cd77198020201e4e482a1c2ef8ac)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/mux_h1.c b/src/mux_h1.c
+index 3d2bd8b8..e497e6f6 100644
+--- a/src/mux_h1.c
++++ b/src/mux_h1.c
+@@ -2192,9 +2192,9 @@ static void h1_detach(struct conn_stream *cs)
+ }
+ }
+
+- /* We don't want to close right now unless the connection is in error */
+- if ((h1c->flags & (H1C_F_CS_ERROR|H1C_F_CS_SHUTDOWN|H1C_F_UPG_H2C)) ||
+- (h1c->conn->flags & CO_FL_ERROR) || !h1c->conn->owner)
++ /* We don't want to close right now unless the connection is in error or shut down for writes */
++ if ((h1c->flags & (H1C_F_CS_ERROR|H1C_F_CS_SHUTW_NOW|H1C_F_CS_SHUTDOWN|H1C_F_UPG_H2C)) ||
++ (h1c->conn->flags & (CO_FL_ERROR|CO_FL_SOCK_WR_SH)) || !h1c->conn->owner)
+ h1_release(h1c);
+ else {
+ tasklet_wakeup(h1c->wait_event.tasklet);
+++ /dev/null
-commit 661bfc3d0e1b7756db59d00d86e316f694cae3c6
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Mon Jun 17 14:07:46 2019 +0200
-
- BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages
-
- When necessary, this header is directly added in outgoing messages by the H1
- multiplexer. Because there is no HTX conversion first, the header name is not
- converserted to its lower case version. So, it must be added in lower case by
- the multiplexer.
-
- This patch must be backported to 2.0 and 1.9.
-
- (cherry picked from commit a110ecbd843e156dd01c6ac581c735be5e240d5b)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/mux_h1.c b/src/mux_h1.c
-index 317f1a55..21deb354 100644
---- a/src/mux_h1.c
-+++ b/src/mux_h1.c
-@@ -1642,7 +1642,7 @@ static size_t h1_process_output(struct h1c *h1c, struct buffer *buf, size_t coun
- /* There is no "Connection:" header and
- * it the conn_mode must be
- * processed. So do it */
-- n = ist("Connection");
-+ n = ist("connection");
- v = ist("");
- h1_process_output_conn_mode(h1s, h1m, &v);
- if (v.len) {
--- /dev/null
+commit afc313e6cd4be32f3c3d212e875d4dbcef8a0c70
+Author: Willy Tarreau <w@1wt.eu>
+Date: Mon Jul 1 07:51:29 2019 +0200
+
+ BUG/MEDIUM: checks: unblock signals in external checks
+
+ As discussed in issue #140, processes are forked with signals blocked
+ resulting in haproxy's kill being ignored. This happens when the command
+ takes more time to complete than the configured check timeout or interval.
+ Just calling "sleep 30" every second makes the problem obvious.
+
+ The fix simply consists in unblocking the signals in the child after the
+ fork. It needs to be backported to all stable branches containing external
+ checks and where signals are blocked on startup. It's unclear when it
+ started, but the following config exhibits the issue :
+
+ global
+ external-check
+
+ listen www
+ bind :8001
+ timeout client 5s
+ timeout server 5s
+ timeout connect 5s
+ option external-check
+ external-check command "$PWD/sleep10.sh"
+ server local 127.0.0.1:80 check inter 200
+
+ $ cat sleep10.sh
+ #!/bin/sh
+ exec /bin/sleep 10
+
+ The "sleep" processes keep accumulating for 10 seconds and stabilize
+ around 25 when the bug is present. Just issuing "killall sleep" has no
+ effect on them, and stopping haproxy leaves these processes behind.
+
+ (cherry picked from commit 2df8cad0fea2d1a4ca8dd58f384df3c3c3f5d7ee)
+ Signed-off-by: Willy Tarreau <w@1wt.eu>
+
+diff --git a/src/checks.c b/src/checks.c
+index c175a752..e31eb173 100644
+--- a/src/checks.c
++++ b/src/checks.c
+@@ -1997,6 +1997,7 @@ static int connect_proc_chk(struct task *t)
+
+ environ = check->envp;
+ extchk_setenv(check, EXTCHK_HAPROXY_SERVER_CURCONN, ultoa_r(s->cur_sess, buf, sizeof(buf)));
++ haproxy_unblock_signals();
+ execvp(px->check_command, check->argv);
+ ha_alert("Failed to exec process for external health check: %s. Aborting.\n",
+ strerror(errno));
+++ /dev/null
-commit eaf650083924a697cde3379703984c5e7a5ebd41
-Author: Tim Duesterhus <tim@bastelstu.be>
-Date: Mon Jun 17 16:10:07 2019 +0200
-
- BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses
-
- Make HAProxy set the `Vary: Accept-Encoding` response header if it compressed
- the server response.
-
- Technically the `Vary` header SHOULD also be set for responses that would
- normally be compressed based off the current configuration, but are not due
- to a missing or invalid `Accept-Encoding` request header or due to the
- maximum compression rate being exceeded.
-
- Not setting the header in these cases does no real harm, though: An
- uncompressed response might be returned by a Cache, even if a compressed
- one could be retrieved from HAProxy. This increases the traffic to the end
- user if the cache is unable to compress itself, but it saves another
- roundtrip to HAProxy.
-
- see the discussion on the mailing list: https://www.mail-archive.com/haproxy@formilux.org/msg34221.html
- Message-ID: 20190617121708.GA2964@1wt.eu
-
- A small issue remains: The User-Agent is not added to the `Vary` header,
- despite being relevant to the response. Adding the User-Agent header would
- make responses effectively uncacheable and it's unlikely to see a Mozilla/4
- in the wild in 2019.
-
- Add a reg-test to ensure the behaviour as described in this commit message.
-
- see issue #121
- Should be backported to all branches with compression (i.e. 1.6+).
-
- (cherry picked from commit 721d686bd10dc6993859f9026ad907753d1d2064)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/reg-tests/compression/vary.vtc b/reg-tests/compression/vary.vtc
-new file mode 100644
-index 00000000..0a060e4b
---- /dev/null
-+++ b/reg-tests/compression/vary.vtc
-@@ -0,0 +1,187 @@
-+varnishtest "Compression sets Vary header"
-+
-+#REQUIRE_VERSION=1.9
-+#REQUIRE_OPTION=ZLIB|SLZ
-+
-+feature ignore_unknown_macro
-+
-+server s1 {
-+ rxreq
-+ expect req.url == "/plain/accept-encoding-gzip"
-+ expect req.http.accept-encoding == "gzip"
-+ txresp \
-+ -hdr "Content-Type: text/plain" \
-+ -bodylen 100
-+
-+ rxreq
-+ expect req.url == "/plain/accept-encoding-invalid"
-+ expect req.http.accept-encoding == "invalid"
-+ txresp \
-+ -hdr "Content-Type: text/plain" \
-+ -bodylen 100
-+
-+ rxreq
-+ expect req.url == "/plain/accept-encoding-null"
-+ expect req.http.accept-encoding == "<undef>"
-+ txresp \
-+ -hdr "Content-Type: text/plain" \
-+ -bodylen 100
-+
-+ rxreq
-+ expect req.url == "/html/accept-encoding-gzip"
-+ expect req.http.accept-encoding == "gzip"
-+ txresp \
-+ -hdr "Content-Type: text/html" \
-+ -bodylen 100
-+
-+ rxreq
-+ expect req.url == "/html/accept-encoding-invalid"
-+ expect req.http.accept-encoding == "invalid"
-+ txresp \
-+ -hdr "Content-Type: text/html" \
-+ -bodylen 100
-+
-+
-+ rxreq
-+ expect req.url == "/html/accept-encoding-null"
-+ expect req.http.accept-encoding == "<undef>"
-+ txresp \
-+ -hdr "Content-Type: text/html" \
-+ -bodylen 100
-+
-+ rxreq
-+ expect req.url == "/dup-etag/accept-encoding-gzip"
-+ expect req.http.accept-encoding == "gzip"
-+ txresp \
-+ -hdr "Content-Type: text/plain" \
-+ -hdr "ETag: \"123\"" \
-+ -hdr "ETag: \"123\"" \
-+ -bodylen 100
-+} -repeat 2 -start
-+
-+
-+haproxy h1 -conf {
-+ defaults
-+ mode http
-+ ${no-htx} option http-use-htx
-+ timeout connect 1s
-+ timeout client 1s
-+ timeout server 1s
-+
-+ frontend fe-gzip
-+ bind "fd@${fe_gzip}"
-+ default_backend be-gzip
-+
-+ backend be-gzip
-+ compression algo gzip
-+ compression type text/plain
-+ server www ${s1_addr}:${s1_port}
-+
-+ frontend fe-nothing
-+ bind "fd@${fe_nothing}"
-+ default_backend be-nothing
-+
-+ backend be-nothing
-+ server www ${s1_addr}:${s1_port}
-+} -start
-+
-+client c1 -connect ${h1_fe_gzip_sock} {
-+ txreq -url "/plain/accept-encoding-gzip" \
-+ -hdr "Accept-Encoding: gzip"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.content-encoding == "gzip"
-+ expect resp.http.vary == "Accept-Encoding"
-+ gunzip
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/plain/accept-encoding-invalid" \
-+ -hdr "Accept-Encoding: invalid"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/plain/accept-encoding-null"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/html/accept-encoding-gzip" \
-+ -hdr "Accept-Encoding: gzip"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/html/accept-encoding-invalid" \
-+ -hdr "Accept-Encoding: invalid"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/html/accept-encoding-null"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/dup-etag/accept-encoding-gzip" \
-+ -hdr "Accept-Encoding: gzip"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+} -run
-+
-+# This Client duplicates c1, against the "nothing" frontend, ensuring no Vary header is ever set.
-+client c2 -connect ${h1_fe_nothing_sock} {
-+ txreq -url "/plain/accept-encoding-gzip" \
-+ -hdr "Accept-Encoding: gzip"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/plain/accept-encoding-invalid" \
-+ -hdr "Accept-Encoding: invalid"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/plain/accept-encoding-null"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/html/accept-encoding-gzip" \
-+ -hdr "Accept-Encoding: gzip"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/html/accept-encoding-invalid" \
-+ -hdr "Accept-Encoding: invalid"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/html/accept-encoding-null"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+
-+ txreq -url "/dup-etag/accept-encoding-gzip" \
-+ -hdr "Accept-Encoding: gzip"
-+ rxresp
-+ expect resp.status == 200
-+ expect resp.http.vary == "<undef>"
-+ expect resp.bodylen == 100
-+} -run
-diff --git a/src/flt_http_comp.c b/src/flt_http_comp.c
-index b04dcd14..37f237fe 100644
---- a/src/flt_http_comp.c
-+++ b/src/flt_http_comp.c
-@@ -523,6 +523,9 @@ http_set_comp_reshdr(struct comp_state *st, struct stream *s, struct http_msg *m
- }
- }
-
-+ if (http_header_add_tail2(msg, &txn->hdr_idx, "Vary: Accept-Encoding", 21) < 0)
-+ goto error;
-+
- return 1;
-
- error:
-@@ -577,6 +580,9 @@ htx_set_comp_reshdr(struct comp_state *st, struct stream *s, struct http_msg *ms
- }
- }
-
-+ if (!http_add_header(htx, ist("Vary"), ist("Accept-Encoding")))
-+ goto error;
-+
- return 1;
-
- error:
--- /dev/null
+commit 52131680c42ddbfa6f2b5d109ffc79c28f44e42a
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Thu Jun 27 17:40:14 2019 +0200
+
+ BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
+
+ Unlike H1, H2 messages may contains trailers while the header "Content-Length"
+ is set. Indeed, because of the framed structure of HTTP/2, it is no longer
+ necessary to use the chunked transfer encoding. So Trailing HEADERS frames,
+ after all DATA frames, may be added on messages with an explicit content length.
+
+ But in H1, it is impossible to have trailers on non-chunked messages. So when
+ outgoing messages are formatted by the H1 multiplexer, if the message is not
+ chunked, all trailers must be dropped.
+
+ This patch must be backported to 2.0 and 1.9. However, the patch will have to be
+ adapted for the 1.9.
+
+ (cherry picked from commit 5433a0b0215c791b4165bddd360a254fa141c6e9)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/mux_h1.c b/src/mux_h1.c
+index e497e6f6..e7d769b4 100644
+--- a/src/mux_h1.c
++++ b/src/mux_h1.c
+@@ -1696,7 +1696,9 @@ static size_t h1_process_output(struct h1c *h1c, struct buffer *buf, size_t coun
+ goto done;
+ }
+ else if (type == HTX_BLK_EOT || type == HTX_BLK_TLR) {
+- if (!chunk_memcat(&tmp, "0\r\n", 3))
++ /* If the message is not chunked, never
++ * add the last chunk. */
++ if ((h1m->flags & H1_MF_CHNK) && !chunk_memcat(&tmp, "0\r\n", 3))
+ goto copy;
+ goto trailers;
+ }
+@@ -1715,6 +1717,11 @@ static size_t h1_process_output(struct h1c *h1c, struct buffer *buf, size_t coun
+ goto error;
+ trailers:
+ h1m->state = H1_MSG_TRAILERS;
++ /* If the message is not chunked, ignore
++ * trailers. It may happen with H2 messages. */
++ if (!(h1m->flags & H1_MF_CHNK))
++ break;
++
+ if (type == HTX_BLK_EOT) {
+ if (!chunk_memcat(&tmp, "\r\n", 2))
+ goto copy;
+++ /dev/null
-commit 8d09dc21dc913d1540d07d1019a51c430317eae1
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Tue Jun 18 09:37:00 2019 +0200
-
- MINOR: htx: Add the function htx_change_blk_value_len()
-
- As its name suggest, this function change the value length of a block. But it
- also update the HTX message accordingly. It simplifies the HTX API. The function
- htx_set_blk_value_len() is still available and must be used with caution because
- this one does not update the HTX message. It just updates the HTX block. It
- should be considered as an internal function. When possible,
- htx_change_blk_value_len() should be used instead.
-
- This function is used to fix a bug affecting the 2.0. So, this patch must be
- backported to 2.0.
-
- (cherry picked from commit bb0efcdd293de33607a6eba075971b49857375e2)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/include/common/htx.h b/include/common/htx.h
-index 9631c618..7d15365a 100644
---- a/include/common/htx.h
-+++ b/include/common/htx.h
-@@ -470,7 +470,41 @@ static inline struct htx_blk *htx_get_next_blk(const struct htx *htx,
- }
-
- /* Changes the size of the value. It is the caller responsibility to change the
-- * value itself, make sure there is enough space and update allocated value.
-+ * value itself, make sure there is enough space and update allocated
-+ * value. This function updates the HTX message accordingly.
-+ */
-+static inline void htx_change_blk_value_len(struct htx *htx, struct htx_blk *blk, uint32_t newlen)
-+{
-+ enum htx_blk_type type = htx_get_blk_type(blk);
-+ uint32_t oldlen, sz;
-+ int32_t delta;
-+
-+ sz = htx_get_blksz(blk);
-+ switch (type) {
-+ case HTX_BLK_HDR:
-+ case HTX_BLK_TLR:
-+ oldlen = (blk->info >> 8) & 0xfffff;
-+ blk->info = (type << 28) + (newlen << 8) + (blk->info & 0xff);
-+ break;
-+ default:
-+ oldlen = blk->info & 0xfffffff;
-+ blk->info = (type << 28) + newlen;
-+ break;
-+ }
-+
-+ /* Update HTTP message */
-+ delta = (newlen - oldlen);
-+ htx->data += delta;
-+ if (blk->addr+sz == htx->tail_addr)
-+ htx->tail_addr += delta;
-+ else if (blk->addr+sz == htx->head_addr)
-+ htx->head_addr += delta;
-+}
-+
-+/* Changes the size of the value. It is the caller responsibility to change the
-+ * value itself, make sure there is enough space and update allocated
-+ * value. Unlike the function htx_change_blk_value_len(), this one does not
-+ * update the HTX message. So it should be used with caution.
- */
- static inline void htx_set_blk_value_len(struct htx_blk *blk, uint32_t vlen)
- {
+++ /dev/null
-commit 41dc8432f87622145390dc1b1467a5ee14ba184c
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Tue Jun 18 09:49:16 2019 +0200
-
- BUG/MEDIUM: htx: Fully update HTX message when the block value is changed
-
- Everywhere the value length of a block is changed, calling the function
- htx_set_blk_value_len(), the HTX message must be updated. But at many places,
- because of the recent changes in the HTX structure, this update was only
- partially done. tail_addr and head_addr values were not systematically updated.
-
- In fact, the function htx_set_blk_value_len() was designed as an internal
- function to the HTX API. And we used it from outside by convenience. But it is
- really painfull and error prone to let the caller update the HTX message. So
- now, we use the function htx_change_blk_value_len() wherever is possible. It
- changes the value length of a block and updates the HTX message accordingly.
-
- This patch must be backported to 2.0.
-
- (cherry picked from commit 3e2638ee04407a1d9e9376f0c518f67fca7deaa4)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/h2.c b/src/h2.c
-index 32c1ef16..990d602b 100644
---- a/src/h2.c
-+++ b/src/h2.c
-@@ -736,8 +736,7 @@ int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *ms
- if (tl > fs)
- goto fail;
-
-- htx_set_blk_value_len(blk, tl);
-- htx->data += vl+2;
-+ htx_change_blk_value_len(htx, blk, tl);
- *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
- *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
- memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);
-diff --git a/src/http_htx.c b/src/http_htx.c
-index 7322b337..bc26e5ba 100644
---- a/src/http_htx.c
-+++ b/src/http_htx.c
-@@ -461,10 +461,7 @@ int http_remove_header(struct htx *htx, struct http_hdr_ctx *ctx)
- }
- /* Update the block content and its len */
- memmove(start, start+len, v.len-len);
-- htx_set_blk_value_len(blk, v.len-len);
--
-- /* Update HTX msg */
-- htx->data -= len;
-+ htx_change_blk_value_len(htx, blk, v.len-len);
-
- /* Finally update the ctx */
- ctx->value.ptr = start;
-diff --git a/src/htx.c b/src/htx.c
-index bfd136f4..81492598 100644
---- a/src/htx.c
-+++ b/src/htx.c
-@@ -406,15 +406,8 @@ void htx_truncate(struct htx *htx, uint32_t offset)
- offset -= sz;
- continue;
- }
-- if (type == HTX_BLK_DATA) {
-- htx_set_blk_value_len(blk, offset);
-- htx->data -= (sz - offset);
--
-- if (blk->addr+sz == htx->tail_addr)
-- htx->tail_addr -= offset;
-- else if (blk->addr+sz == htx->head_addr)
-- htx->head_addr -= offset;
-- }
-+ if (type == HTX_BLK_DATA)
-+ htx_change_blk_value_len(htx, blk, offset);
- offset = 0;
- }
- while (blk)
-@@ -522,14 +515,7 @@ struct htx_blk *htx_add_data_atonce(struct htx *htx, struct ist data)
- /* Append data and update the block itself */
- ptr = htx_get_blk_ptr(htx, tailblk);
- memcpy(ptr+sz, data.ptr, len);
-- htx_set_blk_value_len(tailblk, sz+len);
--
-- /* Update HTTP message */
-- htx->data += len;
-- if (tailblk->addr+sz == htx->tail_addr)
-- htx->tail_addr += len;
-- else if (tailblk->addr+sz == htx->head_addr)
-- htx->head_addr += len;
-+ htx_change_blk_value_len(htx, tailblk, sz+len);
-
- if (data.len == len) {
- blk = tailblk;
-@@ -988,14 +974,7 @@ size_t htx_add_data(struct htx *htx, const struct ist data)
- /* Append data and update the block itself */
- ptr = htx_get_blk_ptr(htx, tailblk);
- memcpy(ptr + sz, data.ptr, len);
-- htx_set_blk_value_len(tailblk, sz + len);
--
-- /* Update HTTP message */
-- htx->data += len;
-- if (tailblk->addr+sz == htx->tail_addr)
-- htx->tail_addr += len;
-- else if (tailblk->addr+sz == htx->head_addr)
-- htx->head_addr += len;
-+ htx_change_blk_value_len(htx, tailblk, sz+len);
-
- BUG_ON((int32_t)htx->tail_addr < 0);
- BUG_ON((int32_t)htx->head_addr < 0);
-diff --git a/src/proto_htx.c b/src/proto_htx.c
-index 7f501366..d821e38c 100644
---- a/src/proto_htx.c
-+++ b/src/proto_htx.c
-@@ -4314,10 +4314,8 @@ static void htx_manage_client_side_cookies(struct stream *s, struct channel *req
- hdr_end = (preserve_hdr ? del_from : hdr_beg);
- }
- if ((hdr_end - hdr_beg) != ctx.value.len) {
-- if (hdr_beg != hdr_end) {
-- htx_set_blk_value_len(ctx.blk, hdr_end - hdr_beg);
-- htx->data -= ctx.value.len - (hdr_end - hdr_beg);
-- }
-+ if (hdr_beg != hdr_end)
-+ htx_change_blk_value_len(htx, ctx.blk, hdr_end - hdr_beg);
- else
- http_remove_header(htx, &ctx);
- }
-@@ -4495,8 +4493,7 @@ static void htx_manage_server_side_cookies(struct stream *s, struct channel *res
- next += stripped_before;
- hdr_end += stripped_before;
-
-- htx_set_blk_value_len(ctx.blk, hdr_end - hdr_beg);
-- htx->data -= ctx.value.len - (hdr_end - hdr_beg);
-+ htx_change_blk_value_len(htx, ctx.blk, hdr_end - hdr_beg);
- ctx.value.len = hdr_end - hdr_beg;
- }
-
--- /dev/null
+commit 33d58b51e0f1bf68603aa86c9125ae75d6964454
+Author: Christopher Faulet <cfaulet@haproxy.com>
+Date: Mon Jul 1 16:17:30 2019 +0200
+
+ BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
+
+ HEAD responses must not have any body payload. But, because of a bug, for chunk
+ reponses, the empty chunk was always added.
+
+ This patch fixes the Github issue #146. It must be backported to 2.0 and 1.9.
+
+ (cherry picked from commit b8fc304e8f996f0d9835e4d6524ef8961d3be076)
+ Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
+
+diff --git a/src/mux_h1.c b/src/mux_h1.c
+index e7d769b4..37cc8252 100644
+--- a/src/mux_h1.c
++++ b/src/mux_h1.c
+@@ -1682,6 +1682,8 @@ static size_t h1_process_output(struct h1c *h1c, struct buffer *buf, size_t coun
+ h1m->flags |= (H1_MF_NO_PHDR|H1_MF_CLEAN_CONN_HDR);
+ h1s->flags &= ~H1S_F_HAVE_O_CONN;
+ }
++ else if ((h1m->flags & H1_MF_RESP) && h1s->meth == HTTP_METH_HEAD)
++ h1m->state = H1_MSG_DONE;
+ else
+ h1m->state = H1_MSG_DATA;
+ break;
+++ /dev/null
-commit 3d574a587dc3704e93bcd29b16d54d96069667b4
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Tue Jun 18 12:22:38 2019 +0200
-
- BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux
-
- In the function h2_process_demux(), if several frames are parsed, the padding
- length must be reset between each frame. Otherwise we may wrongly think a frame
- has a padding block because the previous one was padded.
-
- This patch must be backported to 2.0 and 1.9.
-
- (cherry picked from commit dd2a5620d594523cd515a629e105a9a2b64345bb)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/mux_h2.c b/src/mux_h2.c
-index d02168df..c06d5d68 100644
---- a/src/mux_h2.c
-+++ b/src/mux_h2.c
-@@ -2316,6 +2316,7 @@ static void h2_process_demux(struct h2c *h2c)
- break;
- }
-
-+ padlen = 0;
- if (h2_ft_bit(hdr.ft) & H2_FT_PADDED_MASK && hdr.ff & H2_F_PADDED) {
- /* If the frame is padded (HEADERS, PUSH_PROMISE or DATA),
- * we read the pad length and drop it from the remaining
+++ /dev/null
-commit 4fb65f421b4d650711e5d8b9dbcbf4bf589d26cc
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Wed Jun 19 09:25:58 2019 +0200
-
- BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked
-
- When a DATA frame is processed for a message with a content-length, we first
- take care to not have a frame size that exceeds the remaining to
- read. Otherwise, an error is triggered. But we must remove the padding length
- from the frame size because the padding is not included in the announced
- content-length.
-
- This patch must be backported to 2.0 and 1.9.
-
- (cherry picked from commit 4f09ec812adbd9336cddc054660a7fb5cd54b459)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/mux_h2.c b/src/mux_h2.c
-index c06d5d68..5bb85181 100644
---- a/src/mux_h2.c
-+++ b/src/mux_h2.c
-@@ -2177,7 +2177,7 @@ static int h2c_frt_handle_data(struct h2c *h2c, struct h2s *h2s)
- goto strm_err;
- }
-
-- if ((h2s->flags & H2_SF_DATA_CLEN) && h2c->dfl > h2s->body_len) {
-+ if ((h2s->flags & H2_SF_DATA_CLEN) && (h2c->dfl - h2c->dpl) > h2s->body_len) {
- /* RFC7540#8.1.2 */
- error = H2_ERR_PROTOCOL_ERROR;
- goto strm_err;
+++ /dev/null
-commit 3f0b1de623d09f8668db34c1be696f7245de7d50
-Author: Christopher Faulet <cfaulet@haproxy.com>
-Date: Wed Jun 19 10:50:38 2019 +0200
-
- BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock
-
- In the function fwlc_srv_reposition(), the server's lb_tree is tested from
- outside the lock. So it is possible to remove it after the test and then call
- eb32_insert() in fwlc_queue_srv() with a NULL root pointer, which is
- invalid. Moving the test in the scope of the lock fixes the bug.
-
- This issue was reported on Github, issue #126.
-
- This patch must be backported to 2.0, 1.9 and 1.8.
-
- (cherry picked from commit 1ae2a8878170ded922f2c4d32b6704af7689bbfd)
- Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
-
-diff --git a/src/lb_fwlc.c b/src/lb_fwlc.c
-index 174dc67e..5fa81739 100644
---- a/src/lb_fwlc.c
-+++ b/src/lb_fwlc.c
-@@ -66,12 +66,11 @@ static inline void fwlc_queue_srv(struct server *s)
- */
- static void fwlc_srv_reposition(struct server *s)
- {
-- if (!s->lb_tree)
-- return;
--
- HA_SPIN_LOCK(LBPRM_LOCK, &s->proxy->lbprm.lock);
-- fwlc_dequeue_srv(s);
-- fwlc_queue_srv(s);
-+ if (s->lb_tree) {
-+ fwlc_dequeue_srv(s);
-+ fwlc_queue_srv(s);
-+ }
- HA_SPIN_UNLOCK(LBPRM_LOCK, &s->proxy->lbprm.lock);
- }
-
+++ /dev/null
-commit 9eae8935663bc0b27c23018e8cc24ae9a3e31732
-Author: Frédéric Lécaille <flecaille@haproxy.com>
-Date: Thu Jun 20 09:31:04 2019 +0200
-
- BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL condition.
-
- This bug was introduced by 1b8e68e commit which supposed the stick-table was always
- stored in struct arg at parsing time. This is never the case with the usage of
- "if/unless" conditions in stick-table declared as backends. In this case, this is
- the name of the proxy which must be considered as the stick-table name.
-
- This must be backported to 2.0.
-
- (cherry picked from commit 9417f4534ad742eda35c4cc3d1ccb390f75ea4b1)
- Signed-off-by: Willy Tarreau <w@1wt.eu>
-
-diff --git a/src/sample.c b/src/sample.c
-index 67f59e84..77ec9b1e 100644
---- a/src/sample.c
-+++ b/src/sample.c
-@@ -1245,15 +1245,11 @@ int smp_resolve_args(struct proxy *p)
- break;
-
- case ARGT_TAB:
-- if (!arg->data.str.data) {
-- ha_alert("parsing [%s:%d] : missing table name in arg %d of %s%s%s%s '%s' %s proxy '%s'.\n",
-- cur->file, cur->line,
-- cur->arg_pos + 1, conv_pre, conv_ctx, conv_pos, ctx, cur->kw, where, p->id);
-- cfgerr++;
-- continue;
-- }
-+ if (arg->data.str.data)
-+ stktname = arg->data.str.area;
-+ else
-+ stktname = px->id;
-
-- stktname = arg->data.str.area;
- t = stktable_find_by_name(stktname);
- if (!t) {
- ha_alert("parsing [%s:%d] : unable to find table '%s' referenced in arg %d of %s%s%s%s '%s' %s proxy '%s'.\n",
git.99rst.org / openwrt-packages.git / commitdiff