SUSE-FU-2023:2118-1: moderate: Feature update for haproxy
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Mon May 8 09:04:58 UTC 2023
# Feature update for haproxy
Announcement ID: SUSE-FU-2023:2118-1
Rating: moderate
References:
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that contains one feature can now be installed.
## Description:
This update for haproxy fixes the following issues:
Update to version 2.4.22. (jsc#PED-3821):
* BUG/CRITICAL: http: properly reject empty http header field names
* CI: github: don't warn on deprecated openssl functions on windows
* BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first
* DOC: proxy-protocol: fix wrong byte in provided example
* DOC: config: 'http-send-name-header' option may be used in default section
* DOC: config: fix option spop-check proxy compatibility
* BUG/MEDIUM: cache: use the correct time reference when comparing dates
* BUG/MEDIUM: stick-table: do not leave entries in end of window during purge
* BUG/MINOR: ssl/crt-list: warn when a line is malformated
* BUG/MEDIUM: ssl: wrong eviction from the session cache tree
* BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section
* BUG/MINOR: sink: free the forwarding task on exit
* BUILD: hpack: include global.h for the trash that is needed in debug mode
* BUG/MINOR: mux-h2: add missing traces on failed headers decoding
* BUG/MINOR: listener: close tiny race between resume_listener() and stopping
* DOC: config: fix "Address formats" chapter syntax
* BUG/MINOR: mux-fcgi: Correctly set pathinfo
* DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@"
* DOC: config: fix wrong section number for "protocol prefixes"
* BUG/MINOR: listeners: fix suspend/resume of inherited FDs
* BUG/MINOR: http-ana: make set-status also update txn->status
* BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR
state
* BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request
body
* BUG/MINOR: promex: Don't forget to consume the request on error
* BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action
* BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses
* CLEANUP: htx: fix a typo in an error message of http_str_to_htx
* BUG/MINOR: http: Memory leak of http redirect rules' format string
* REGTEST: fix the race conditions in hmac.vtc
* REGTEST: fix the race conditions in digest.vtc
* REGTEST: fix the race conditions in json_query.vtc
* BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
* BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already
set
* BUILD: makefile: sort the features list
* BUILD: makefile: build the features list dynamically
* BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in
stats
* BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set
* BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain
* LICENSE: wurfl: clarify the dummy library license.
* BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout
* REGTESTS: startup: check maxconn computation
* REGTESTS: fix the race conditions in iff.vtc
* BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
* DOC: promex: Add missing backend metrics
* MINOR: promex: introduce haproxy_backend_agg_check_status
* BUG/MINOR: promex: create haproxy_backend_agg_server_status
* BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers
* BUG/MINOR: ssl: Fix potential overflow
* BUG/MEDIUM: ssl: Verify error codes can exceed 63
* BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure
* BUILD: peers: peers-t.h depends on stick-table-t.h
* CI: github: change "ubuntu-latest" to "ubuntu-20.04"
* BUG/MEDIIM: stconn: Flush output data before forwarding close to write side
* BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri
action
* [RELEASE] Released version 2.4.20
* Revert "CI: determine actual OpenSSL version dynamically"
* Revert "CI: switch to the "latest" LibreSSL"
* SCRIPTS: announce-release: add a link to the data plane API
* DOC: config: clarify the -m dir and -m dom pattern matching methods
* DOC: config: clarify the fact that "retries" is not just for connections
* DOC: config: explain how default matching method for ACL works
* DOC: config: mention that a single monitor-uri rule is supported
* DOC: config: clarify the fact that SNI should not be used in HTTP scenarios
* DOC: config: provide some configuration hints for "http-reuse"
* Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a
set-uri action"
* BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out
* BUILD: http-htx: Silent build error about a possible NULL start-line
* BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri
action
* BUG/MINOR: log: fix parse_log_message rfc5424 size check
* BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy
"from" inheritance
* BUILD: listener: fix build warning on global_listener_rwlock without threads
* BUG/MINOR: server/idle: at least use atomic stores when updating
max_used_conns
* BUILD: peers: Remove unused variables
* BUG/MEDIUM: peers: messages about unkown tables not correctly ignored
* BUG/MINOR: ssl: don't initialize the keylog callback when not required
* BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists
* BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task
* BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes
* BUG/MEDIUM: ring: fix creation of server in uninitialized ring
* DOC: config: fix alphabetical ordering of global section
* REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses
* BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers
* BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at
once
* BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-
copy
* BUG/MINOR: resolvers: Set port before IP address when processing SRV records
* BUG/MINOR: http-htx: Fix error handling during parsing http replies
* BUG/MEDIUM: wdt/clock: properly handle early task hangs
* CI: emit the compiler's version in the build reports
* CI: switch to the "latest" LibreSSL
* BUG/MINOR: ssl: ocsp structure not freed properly in case of error
* BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer
* CI: add monthly gcc cross compile jobs
* BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting
* BUG/MEDIUM: stick-table: fix a race condition when updating the expiration
task
* BUG/MAJOR: stick-table: don't process store-response rules for applets
* DOC: management: add forgotten "show startup-logs"
* BUG/MINOR: stick-table: Use server_id instead of std_t_sint in
process_store_rules()
* CI: SSL: temporarily stick to LibreSSL=3.5.3
* CI: SSL: use proper version generating when "latest" semantic is used
* BUG/MINOR: sink: Set default connect/server timeout for implicit ring
buffers
* BUG/MINOR: sink: Only use backend capability for the sink proxies
* BUG/MEDIUM: compression: handle rewrite errors when updating response
headers
* BUG/MINOR: ring: Properly parse connect timeout
* BUG/MINOR: log: Preserve message facility when the log target is a ring
buffer
* CI: Replace the deprecated `::set-output` command by writing to
$GITHUB_OUTPUT in workflow definition
* CI: Replace the deprecated `::set-output` command by writing to
$GITHUB_OUTPUT in matrix.py
* BUG/MINOR: server: make sure "show servers state" hides private bits
* BUG/MAJOR: stick-tables: do not try to index a server name for applets
* DOC: configuration: missing 'if' in tcp-request content example
* BUG/MINOR: backend: only enforce turn-around state when not redispatching
* BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP
transaction
* MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands
* BUG/MINOR: mux-h1: Account consumed output data on synchronous connection
error
* BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os
* BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth()
* BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os
* BUG/MEDIUM: lua: handle stick table implicit arguments right.
* BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure
* DOC: config: Fix pgsql-check documentation to make user param mandatory
* BUG/MINOR: checks: update pgsql regex on auth packet
* [RELEASE] Released version 2.4.19
* BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree
* REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies
* BUG/MINOR: log: improper behavior when escaping log data
* SCRIPTS: announce-release: update some URLs to https
* BUILD: fd: fix a build warning on the DWCAS
* BUG/MEDIUM: captures: free() an error capture out of the proxy lock
* DOC: fix TOC in starter guide for subsection 3.3.8. Statistics
* REGTESTS: ssl/log: test the log-forward with SSL
* BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring.
* REGTESTS: log: test the log-forward feature
* REGTESTS: healthcheckmail: Relax matching on the healthcheck log message
* BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN'
* MINOR: listener: small API change
* BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK
* CI: cirrus-ci: bump FreeBSD image to 13-1
* BUG/MINOR: signals/poller: ensure wakeup from signals
* BUG/MINOR: signals/poller: set the poller timeout to 0 when there are
signals
* BUG/MINOR: task: always reset a new tasklet's call date
* BUG/MINOR: h1: Support headers case adjustment for TCP proxies
* BUILD: makefile: enable crypt(3) for NetBSD
* BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support
* BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber
* BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber
* BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber
* BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools
* REGTESTS: http_request_buffer: Add a barrier to not mix up log messages
* BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input
* BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule)
* BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets
* BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-
date
* BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
* BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
* BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
* DOC: configuration: do-resolve doesn't work with a port in the string
* REGTESTS: Fix prometheus script to perform HTTP health-checks
* BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after
connect
* BUG/MINOR: resolvers: return the correct value in
resolvers_finalize_config()
* BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
* BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
* BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle
* BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-
req-hdr-names
* BUILD: http: silence an uninitialized warning affecting gcc-5
* BUG/MEDIUM: ring: fix too lax 'size' parser
* BUILD: debug: silence warning on gcc-5
* BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq()
* BUG/MEDIUM: poller: use fd_delete() to release the poller pipes
* BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h
* BUG/MINOR: sink: fix a race condition between the writer and the reader
* BUG/MINOR: ring/cli: fix a race condition between the writer and the reader
* BUG/MEDIUM: proxy: Perform a custom copy for default server settings
* REORG: server: Export srv_settings_cpy() function
* MINOR: server: Constify source server to copy its settings
* BUG/MEDIUM: dns: Properly initialize new DNS session
* BUG/MINOR: peers: Use right channel flag to consider the peer as connected
* BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload
* MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer
* BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions
* MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups
* MINOR: http-htx: Use new HTTP functions for the scheme based normalization
* BUG/MEDIUM: h1: Improve authority validation for CONNCET request
* MINOR: http: Add function to detect default port
* MINOR: http: Add function to get port part of a host
* BUG/MEDIUM: mworker: use default maxconn in wait mode
* [RELEASE] Released version 2.4.18
* BUG/MINOR: sockpair: wrong return value for fd_send_uxst()
* BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible
* BUILD: add detection for unsupported compiler models
* BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload
* REGTESTS: Fix some scripts to be compatible with 2.4 and prior
* BUG/MINOR: tools: fix statistical_prng_range()'s output range
* BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2)
* BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX
* BUG/MEDIUM: tools: avoid calling dlsym() in static builds
* MEDIUM: mworker: set the iocb of the socketpair without using fd_insert()
* BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send
* BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL
state
* BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer
* REGTEESTS: filters: Fix CONNECT request in random-forwarding script
* BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream
* BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo
* BUG/MINOR: peers: fix possible NULL dereferences at config parsing
* BUG/MINOR: http-act: Properly generate 103 responses when several rules are
used
* BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule
* BUG/MINOR: peers/config: always fill the bind_conf's argument
* MINOR: fd: Add BUG_ON checks on fd_insert()
* CI: re-enable gcc asan builds
* BUILD: Makefile: Add Lua 5.4 autodetect
* BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
* MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD
* BUG/MINOR: http-fetch: Use integer value when possible in "method" sample
fetch
* BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is
created
* BUG/MINOR: ssl: Do not look for key in extra files if already in pem
* MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames
* BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list
* BUG/MINOR: tcp-rules: Make action call final on read error and delay
expiration
* BUG/MINOR: cli/stats: add missing trailing LF after "show info json"
* BUG/MINOR: server: do not enable DNS resolution on disabled proxies
* BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs
* REGTESTS: healthcheckmail: Relax health-check failure condition
* REGTESTS: healthcheckmail: Update the test to be functionnal again
* BUG/MINOR: checks: Properly handle email alerts in trace messages
* BUG/MINOR: trace: Test server existence for health-checks to get proxy
* BUG/MEDIUM: mailers: Set the object type for check attached to an email
alert
* BUILD: compiler: implement unreachable for older compilers too
* REGTESTS: restrict_req_hdr_names: Extend supported versions
* REGTESTS: http_abortonclose: Extend supported versions
* BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O
handler
* BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield
* REGTESTS: http_request_buffer: Increase client timeout to wait "slow"
clients
* REGTESTS: abortonclose: Add a barrier to not mix up log messages
* MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs
* BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer
cases
* BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases
* BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry
* BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified
* BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails
* DOC: intro: adjust the numbering of paragrams to keep the output ordered
* DOC: peers: fix port number and addresses on new peers section format
* DOC: peers: clarify when entry expiration date is renewed.
* DOC: peers: indicate that some server settings are not usable
* SCRIPTS: make publish-release try to launch make-releases-json
* SCRIPTS: add make-releases-json to recreate a releases.json file in download
dirs
* REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2)
* BUG/MEDIUM: sample: Fix adjusting size in word converter
* BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section
* BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections
* BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function
* BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols
* BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str
* CI: determine actual OpenSSL version dynamically
* BUILD/MINOR: cpuset fix build for FreeBSD 13.1
* BUG/MINOR: peers: fix error reporting of "bind" lines
* BUG/MINOR: cfgparse: abort earlier in case of allocation error
* BUG/MINOR: check: Reinit the buffer wait list at the end of a check
* BUG/MEDIUM: config: Reset outline buffer size on realloc error in
readcfgfile()
* REGTESTS: abortonclose: Fix some race conditions
* BUG/MINOR: ssl: Fix crash when no private key is found in pem
* MINOR: tools: add get_exec_path implementation for solaris based systems.
* BUILD: fix build warning on solaris based systems with __maybe_unused.
* MEDIUM: http-ana: Add a proxy option to restrict chars in request header
names
* CI: determine actual LibreSSL version dynamically
* [RELEASE] Released version 2.4.17
* CLEANUP: mux-h1: Fix comments and error messages for global options
* BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized
* BUG/MINOR: conn_stream: do not confirm a connection from the frontend path
* BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000
bytes).
* DOC: install: update gcc version requirements
* BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-(
* BUILD: listener: shut report of possible null-deref in listener_accept()
* BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
* BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation
* CI: dynamically determine actual version of h2spec
* DOC: fix typo "ant" for "and" in INSTALL
* BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init
* BUG/MINOR: map/cli: protect the backref list during "show map" errors
* BUG/MEDIUM: cli: make "show cli sockets" really yield
* BUG/MEDIUM: resolvers: make "show resolvers" properly yield
* BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port]
* DOC: config: Update doc for PR/PH session states to warn about rewrite
failures
* MINOR: mux-h2: report a trace event when failing to create a new stream
* BUG/MINOR: mux-h2: mark the stream as open before processing it not after
* BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket
* BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified
* BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message
* SCRIPTS: announce-release: add URL of dev packages
* CI: github actions: update LibreSSL to 3.5.2
* [RELEASE] Released version 2.4.16
* BUILD: opentracing: Fix OT build due to misuse of var_clear()
* BUILD: proto_uxst: do not set unused flag
* BUILD: sockpair: do not set unused flag
* BUILD: fd: remove unused variable totlen in fd_write_frag_line()
* CLEANUP: acl: Remove unused variable when releasing an acl expression
* BUG/MINOR: pools: make sure to also destroy shared pools in
pool_destroy_all()
* BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit()
* BUILD: compiler: properly distinguish weak and global symbols
* REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
* MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
* MINOR: task: add a new task_instant_wakeup() function
* BUG/MINOR: rules: Fix check_capture() function to use the right rule
arguments
* DOC: remove my name from the config doc
* BUG/MAJOR: connection: Never remove connection from idle lists outside the
lock
* BUG/MINOR: cache: Disable cache if applet creation fails
* SCRIPTS: announce-release: add shortened links to pending issues
* DOC: lua: update a few doc URLs
* SCRIPTS: announce-release: update the doc's URL
* BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
* BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added
* BUG/MEDIUM: stream: do not abort connection setup too early
* BUILD: compiler: use a more portable set of asm(".weak") statements
* BUILD: sched: workaround crazy and dangerous warning in Clang 14
* BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
* BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-
alive
* BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
* BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
* BUG/MINOR: cache: do not display expired entries in "show cache"
* BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
* CI: cirrus: switch to FreeBSD-13.0
* CI: Update to actions/cache at v3
* CI: Update to actions/checkout at v3
* DEBUG: opentracing: show return values of all functions in the debug output
* CLEANUP: opentracing: added variable to store variable length
* CLEANUP: opentracing: added flt_ot_smp_init() function
* CLEANUP: opentracing: removed unused function flt_ot_var_get()
* CLEANUP: opentracing: removed unused function flt_ot_var_unset()
* DOC: opentracing: corrected comments in function descriptions
* EXAMPLES: opentracing: refined shell scripts for testing filter performance
* BUG/MINOR: opentracing: setting the return value in function
flt_ot_var_set()
* BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
* BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
* BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is
reached
* BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
* BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet
* BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
* BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
* CI: github actions: update OpenSSL to 3.0.2
* BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
* BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
* BUG/MINOR: samples: add missing context names for sample fetch functions
* DOC: reflect H2 timeout changes
* BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
* MEDIUM: mux-h2: slightly relax timeout management rules
* BUG/MEDIUM: stream-int: do not rely on the connection error once established
* BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing
* BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers
parsing
* BUG/MINOR: tools: url2sa reads too far when no port nor path
* DOC: config: Explictly add supported MQTT versions
* MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for
MQTTv3.1
* BUG/MEDIUM: trace: avoid race condition when retrieving session from
conn->owner
* BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
* CI: github actions: switch to LibreSSL-3.5.1
* BUG/MINOR: server/ssl: free the SNI sample expression
* BUG/MINOR: tools: fix url2sa return value with IPv4
* [RELEASE] Released version 2.4.15
* BUILD: tree-wide: mark a few numeric constants as explicitly long long
* DOC: Fix usage/examples of deprecated ACLs
* BUG/MINOR: stream: make the call_rate only count the no-progress calls
* BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
* BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
* DEBUG: stream: Fix stream trace message to print response buffer state
* DEBUG: stream: Add the missing descriptions for stream trace events
* BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse
processing
* DEBUG: cache: Update underlying buffer when loading HTX message in cache
applet
* BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
* BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
* BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
* BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
* BUG/MINOR: cli: shows correct mode in "show sess"
* BUG/MINOR: add missing modes in proxy_mode_str()
* BUILD: pools: fix backport of no-memory-trimming on non-linux OS
* MINOR: pools: add a new global option "no-memory-trimming"
* BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
* BUG/MINOR: pool: always align pool_heads to 64 bytes
* REGTESTS: fix the race conditions in secure_memcmp.vtc
* REGTESTS: fix the race conditions in normalize_uri.vtc
* BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
* CI: github actions: use cache for SSL libs
* CI: github actions: use cache for OpenTracing
* CI: github actions: add OpenTracing builds
* CI: github actions: add the output of $CC -dM -E-
* [RELEASE] Released version 2.4.14
* BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
* CI: github: enable pool debugging by default
* REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
* BUG/MINOR: proxy: preset the error message pointer to NULL in
parse_new_proxy()
* BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app
layer
* BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output
buffer
* BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
* BUG/MINOR: tools: url2sa reads ipv4 too far
* BUG/MINOR: mailers: negotiate SMTP, not ESMTP
* CI: github actions: update OpenSSL to 3.0.1
* CI: github: switch to OpenSSL 3.0.0
* CI: github actions: relax OpenSSL-3.0.0 version comparision
* CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0
* CI: github actions: add OpenSSL-3.0.0 builds
* BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2
* BUILD: fix compilation for OpenSSL-3.0.0-alpha17
* CI: ssl: keep the old method for ancient OpenSSL versions
* CI: ssl: do not needlessly build the OpenSSL docs
* CI: ssl: enable parallel builds for OpenSSL on Linux
* BUG/MAJOR: compiler: relax alignment constraints on certain structures
* BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
* BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
* BUG/MINOR: sink: Use the right field in appctx context in release callback
* BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
* BUG/MEDIUM: mworker: close unused transferred FDs on load failure
* MINOR: sock: move the unused socket cleaning code into its own function
* [RELEASE] Released version 2.4.13
* BUG/MINOR: mux-h2: update the session's idle delay before creating the
stream
* BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
* REGTESTS: peers: leave a bit more time to peers to synchronize
* BUG/MAJOR: spoe: properly detach all agents when releasing the applet
* BUG/MAJOR: http/htx: prevent unbounded loop in
http_manage_server_side_cookies
* BUG/MEDIUM: listener: read-lock the listener during accept()
* MINOR: listener: replace the listener's spinlock with an rwlock
* BUG/MINOR: mworker: does not erase the pidfile upon reload
* BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
* DEBUG: pools: replace the link pointer with the caller's address on
pool_free()
* DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
* DEBUG: pools: add extra sanity checks when picking objects from a local
cache
* BUG/MINOR: pools: always flush pools about to be destroyed
* BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
* DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
* BUILD: debug/cli: condition test of O_ASYNC to its existence
* DEBUG: cli: add a new "debug dev fd" expert command
* MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
* BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
* BUG/MEDIUM: mcli: do not try to parse empty buffers
* BUG/MEDIUM: cli: Never wait for more data on client shutdown
* BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
* MINOR: channel: add new function co_getdelim() to support multiple
delimiters
* MEDIUM: cli: yield between each pipelined command
* BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
* BUILD/MINOR: fix solaris build with clang.
* BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
* BUG/MEDIUM: connection: properly leave stopping list on error
* [RELEASE] Released version 2.4.12
* BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
* BUG/MEDIUM: mworker: don't use _getsocks in wait mode
* [RELEASE] Released version 2.4.11
* BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
* BUG/MINOR: cli: fix _getsocks with musl libc
* BUILD/MINOR: tools: solaris build fix on dladdr.
* BUILD/MINOR: cpuset FreeBSD 14 build fix.
* BUG/MEDIUM: ssl: free the ckch instance linked to a server
* BUG/MINOR: ssl: free the fields in srv->ssl_ctx
* MINOR: debug: add support for -dL to dump library names at boot
* MINOR: debug: add ability to dump loaded shared libraries
* MINOR: compat: detect support for dl_iterate_phdr()
* BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
* BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
* BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive
warning
* MINOR: proxy: add option idle-close-on-response
* REGTESTS: ssl: fix ssl_default_server.vtc
* BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
* DOC: fix misspelled keyword "resolve_retries" in resolvers
* BUILD: ssl: unbreak the build with newer libressl
* BUILD: cli: clear a maybe-unused warning on some older compilers
* BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode
* BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
* [RELEASE] Released version 2.4.10
* BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose
* BUG/MINOR: backend: do not set sni on connection reuse
* MINOR: pools: work around possibly slow malloc_trim() during gc
* BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt
mode
* DOC: config: retry-on list is space-delimited
* DOC: config: Specify %Ta is only available in HTTP mode
* DOC: spoe: Clarify use of the event directive in spoe-message section
* BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
* IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
* BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
* MINOR: cli: "show version" displays the current process version
* CI: Github Actions: temporarily disable BoringSSL builds
* BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
* MINOR: mux-h1: Improve H1 traces by adding info about http parsers
* BUG/MAJOR: segfault using multiple log forward sections.
* BUG/MEDIUM: resolvers: Detach query item on response error
* BUG/MINOR: server: Don't rely on last default-server to init server SSL
context
* BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a
time
* BUILD/MINOR: server: fix compilation without SSL
* [RELEASE] Released version 2.4.9
* BUG/MINOR: cache: Fix loop on cache entries in "show cache"
* MINOR: promex: backend aggregated server check status
* MINOR: server: add ws keyword
* MEDIUM: server/backend: implement websocket protocol selection
* MINOR: connection: add alternative mux_ops param for conn_install_mux_be
* MINOR: connection: implement function to update ALPN
* MINOR: stream/mux: implement websocket stream flag
* BUG/MINOR: ssl: make SSL counters atomic
* MINOR: shctx: add a few BUG_ON() for consistency checks
* BUG/MINOR: shctx: do not look for available blocks when the first one is
enough
* BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found
* BUG/MEDIUM: cache/cli: make "show cache" thread-safe
* BUG/MEDIUM: mux-h2: always process a pending shut read
* BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found
* CLEANUP: ssl: fix wrong #else commentary
* BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
* BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3
* BUILD: makefile: simplify detection of libatomic
* BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release
H1C
* BUG/MINOR: stick-table/cli: Check for invalid ipv6 key
* BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent
* BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value
* BUG/MINOR: mworker: doesn't launch the program postparser
* BUG/MEDIUM: conn-stream: Don't reset CS flags on close
* MINOR: mux-h1: Slightly Improve H1 traces
* DOC: lua: Be explicit with the Reply object limits
* Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if
stopped on back"
* BUG/MINOR: http-ana: Apply stop to the current section for http-response
rules
* DOC: config: Fix typo in ssl_fc_unique_id description
* BUG/MINOR: cache: properly ignore unparsable max-age in quotes
* BUG/MINOR: resolvers: throw log message if trash not large enough for query
* BUG/MINOR: resolvers: fix sent messages were counted twice
* BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support
* MINOR: mux-h2: add trace on extended connect usage
* MINOR: mux-h2: perform a full cycle shutdown+drain on close
* MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close
## Patch Instructions:
To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2118=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-2118=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-2118=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-2118=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-2118=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-2118=1
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2118=1
## Package List:
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* haproxy-debuginfo-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-debugsource-2.4.22+git0.f8e3218e2-150400.3.13.1
* haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1
## References:
* https://jira.suse.com/browse/PED-3821
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20230508/03e62b64/attachment-0001.htm>
More information about the sle-updates
mailing list