{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":128791889,"defaultBranch":"master","name":"haproxy","ownerLogin":"haproxy","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2018-04-09T15:17:42.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/38220289?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1718633622.0","currentOid":""},"activityList":{"items":[{"before":"c268313f60fa220a9927eb9d86ab09714959b998","after":"9d312212dfa3eaf678c5fabcc6f1045192b8ef19","ref":"refs/heads/master","pushedAt":"2024-06-17T17:38:01.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try)\n\nAs shown in GH #2608 and (\"BUG/MEDIUM: proxy: fix email-alert invalid\nfree\"), simply calling free_email_alert() from free_proxy() is not the\nright thing to do.\n\nIn this patch, we reuse proxy->email_alert.set memory space to introduce\nproxy->email_alert.flags in order to support 2 flags:\nPR_EMAIL_ALERT_SET (to mimic proxy->email_alert.set) and\nPR_EMAIL_ALERT_RESOLVED (set once init_email_alert() was called on the\nproxy to resolve email_alert.mailer pointer).\n\nThanks to PR_EMAIL_ALERT_RESOLVED flag, free_email_alert() may now\nproperly handle the freeing of proxy email_alert settings: if the RESOLVED\nflag is set, then it means the .email_alert.mailers.name parsing hint was\nreplaced by the actual mailers pointer, thus no free should be attempted.\n\nNo backport needed: as described in (\"BUG/MEDIUM: proxy: fix email-alert\ninvalid free\"), this historical leak is not sensitive as it cannot be\ntriggered during runtime.. thus given that the fix is not backport-\nfriendly, it's not worth the trouble.","shortMessageHtmlLink":"BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try)"}},{"before":"6da0879083749d5f098b8b2f4d459a70260491d2","after":"c268313f60fa220a9927eb9d86ab09714959b998","ref":"refs/heads/master","pushedAt":"2024-06-17T15:48:52.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"REGTESTS: ssl: activate new SSL reg-tests with AWS-LC\n\nPrerequisites are now available in AWS-LC, so we can enable these\nreg-tests.\n\nWith this patch, aws-lc only has 5 reg-tests that are not working:\n- reg-tests/ssl/ssl_reuse.vtc: stateful session resumption is only supported with TLSv1.2\n- reg-tests/ssl/ssl_curve_name.vtc: function to extract curve name is not available\n- reg-tests/ssl/ssl_errors.vtc: errors are not the same than OpenSSL\n- reg-tests/ssl/ssl_dh.vtc: AWS-LC does not support DH\n- reg-tests/ssl/ssl_curves.vtc: not working correctly\n\nWhich means most of the features are working correctly.","shortMessageHtmlLink":"REGTESTS: ssl: activate new SSL reg-tests with AWS-LC"}},{"before":"983513d901bb7511ea6b1e8c3bb00d58a9d432f2","after":"6da0879083749d5f098b8b2f4d459a70260491d2","ref":"refs/heads/master","pushedAt":"2024-06-17T14:27:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"REGTESTS: ssl: fix some regtests 'feature cmd' start condition\n\nSince patch fde517b (\"REGTESTS: wolfssl: temporarly disable some failing\nreg-tests\") some 'feature cmd' lines have an extra quotation mark, so\nthey were disable in every cases.\n\nMust be backported to 2.9.","shortMessageHtmlLink":"REGTESTS: ssl: fix some regtests 'feature cmd' start condition"}},{"before":null,"after":"6da0879083749d5f098b8b2f4d459a70260491d2","ref":"refs/heads/20240617-feature-cmd","pushedAt":"2024-06-17T14:13:42.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"REGTESTS: ssl: fix some regtests 'feature cmd' start condition\n\nSince patch fde517b (\"REGTESTS: wolfssl: temporarly disable some failing\nreg-tests\") some 'feature cmd' lines have an extra quotation mark, so\nthey were disable in every cases.\n\nMust be backported to 2.9.","shortMessageHtmlLink":"REGTESTS: ssl: fix some regtests 'feature cmd' start condition"}},{"before":null,"after":"9fbd08fa748effc4a60005c9733c007ee15d940e","ref":"refs/heads/20240613-awslc-crt-list","pushedAt":"2024-06-17T13:35:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"REGTESTS: ssl: enable the crt-list filters test for AWS-LC\n\nPrerequisites are now available in AWS-LC, so we can enable this\nreg-tests.","shortMessageHtmlLink":"REGTESTS: ssl: enable the crt-list filters test for AWS-LC"}},{"before":"dc1bca4e9f3dde1da2fcc57b2aaf7fc130fd1f87","after":"983513d901bb7511ea6b1e8c3bb00d58a9d432f2","ref":"refs/heads/master","pushedAt":"2024-06-14T16:31:57.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DEBUG: hlua: distinguish burst timeout errors from exec timeout errors\n\nhlua burst timeout was introduced in 58e36e5b1 (\"MEDIUM: hlua: introduce\ntune.lua.burst-timeout\").\n\nIt is a safety measure that allows to detect when too much time is spent\non a single lua execution (between 2 interruptions/yields), meaning that\nthe current thread is not able to perform other tasks. Such scenario\nshould be avoided because it will cause thread contention which may have\nnegative performance impact and could cause the watchdog to trigger. When\nthe burst timeout is exceeded, the current Lua execution is aborted and a\ntimeout error is reported to the user.\n\nUnfortunately, the same error is currently being reported for cumulative\n(AKA execution) timeout and for burst timeout, which may be confusing to\nthe user.\n\nIndeed, \"execution timeout\" error historically results from the current\nhlua context exceeding the total (cumulative) time it's allowed to run.\nIt is set per lua context using the dedicated tunables:\n - tune.lua.session-timeout\n - tune.lua.task-timeout\n - tune.lua.service-timeout\n\nWe've already faced an user report where the user was able to trigger the\nburst timeout and got \"Lua task: execution timeout.\" error while the user\ndidn't set cumulative timeout. Thus the error was actually confusing\nbecause it was indeed the burst timeout which was causing it due to the\nuse of cpu-intensive call from within the task without sufficient manual\n\"yield\" keypoints around the cpu-intensive call to ensure it runs on a\ndedicated scheduler cycle.\n\nIn this patch we make it so burst timeout related errors are reported as\n\"burst timeout\" errors instead of \"execution timeout\" errors (which\nin fact became the generic timeout errors catchall with 58e36e5b1).\n\nTo do this, hlua_timer_check() now returns a different value depending if\nthe exeeded timeout is the burst one or the cumulative one, which allows\nus to return either HLUA_E_ETMOUT or HLUA_E_BTMOUT in hlua_ctx_resume().\n\nIt should improve the situation described in GH #2356 and may possibly be\nbackported with 58e36e5b1 to improve error reporting if it applies without\nresistance.","shortMessageHtmlLink":"DEBUG: hlua: distinguish burst timeout errors from exec timeout errors"}},{"before":"5e361c77670dc7c5ea7f18a2449695df4ba345c7","after":"dc1bca4e9f3dde1da2fcc57b2aaf7fc130fd1f87","ref":"refs/heads/master","pushedAt":"2024-06-14T14:04:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"[RELEASE] Released version 3.1-dev1\n\nReleased version 3.1-dev1 with the following main changes :\n    - REGTESTS: Remove REQUIRE_VERSION=2.1 from all tests\n    - REGTESTS: Remove REQUIRE_VERSION=2.2 from all tests\n    - CI: use \"--no-install-recommends\" for apt-get\n    - CI: switch to lua 5.4\n    - CI: use USE_PCRE2 instead of USE_PCRE\n    - DOC: replace the README by a markdown version\n    - CI: VTest: accelerate package install a bit\n    - ADMIN: acme.sh: remove the old acme.sh code\n    - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning\n    - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser\n    - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory\n    - DOC: configuration: add an example for keywords from crt-store\n    - CI: speedup apt package install\n    - DOC: add the FreeBSD status badge to README.md\n    - DOC: change the link to the FreeBSD CI in README.md\n    - MINOR: stktable: avoid ambiguous stktable_data_ptr() usage in cli_io_handler_table()\n    - BUG/MINOR: hlua: use CertCache.set() from various hlua contexts\n    - CLEANUP: hlua: fix CertCache class comment\n    - CI: FreeBSD: upgrade image, packages\n    - BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless\n    - MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd\n    - BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released\n    - BUG/MINOR: quic: prevent crash on qc_kill_conn()\n    - CLEANUP: hlua: use hlua_pusherror() where relevant\n    - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP\n    - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage\n    - BUG/MINOR: hlua: prevent LJMP in hlua_traceback()\n    - CLEANUP: hlua: get rid of hlua_traceback() security checks\n    - BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path\n    - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume()\n    - BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego\n    - MINOR: mux-quic: Don't send an emtpy H3 DATA frame during zero-copy forwarding\n    - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration\n    - BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL\n    - BUG/MINOR: quic: fix computed length of emitted STREAM frames\n    - BUG/MINOR: quic: ensure Tx buf is always purged\n    - BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts\n    - BUG/MAJOR: mux-h1:  Properly copy chunked input data during zero-copy nego\n    - BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag\n    - DOC: install: remove boringssl from the list of supported libraries\n    - MINOR: log: fix \"http-send-name-header\" ignore warning message\n    - BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit()\n    - BUG/MINOR: proxy: fix log_tag leak on deinit()\n    - BUG/MINOR: proxy: fix email-alert leak on deinit()\n    - BUG/MINOR: proxy: fix check_{command,path} leak on deinit()\n    - BUG/MINOR: proxy: fix dyncookie_key leak on deinit()\n    - BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit()\n    - BUG/MINOR: proxy: fix header_unique_id leak on deinit()\n    - MINOR: proxy: add proxy_free_common() helper function\n    - BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions\n    - MINOR: log: change wording in lf_expr_postcheck() error message\n    - BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section\n    - CLEANUP: log/proxy: fix comment in proxy_free_common()\n    - DOC: config: move \"hash-key\" from proxy to server options\n    - DOC: config: add missing section hint for \"guid\" proxy keyword\n    - DOC: config: add missing context hint for new server and proxy keywords\n    - BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section\n    - DOC: internals: add a documentation about the master worker\n    - BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request\n    - BUG/MINOR: quic: fix padding of INITIAL packets\n    - OPTIM: quic: fill whole Tx buffer if needed\n    - MINOR: quic: refactor qc_build_pkt() error handling\n    - MINOR: quic: use global datagram headlen definition\n    - MINOR: quic: refactor qc_prep_pkts() loop\n    - DOC/MINOR: management: add missed -dR and -dv options\n    - DOC/MINOR: management: add -dZ option\n    - DOC: management: rename show stats domain cli \"dns\" to \"resolvers\"\n    - REORG: log: reorder send log helpers by dependency order\n    - MINOR: session: expose session_embryonic_build_legacy_err() function\n    - MEDIUM: log/session: handle embryonic session log within sess_log()\n    - MINOR: log: provide sending log context to process_send_log() when available\n    - MINOR: log: add log_orig_to_str() function\n    - MINOR: log: provide log origin in logformat expressions using '%OG'\n    - CLEANUP: log: remove ambiguous legacy comment for resolve_logger()\n    - MINOR: log/backend: always free parsing hints in resolve_logger()\n    - MINOR: log: make resolve_logger() static\n    - MINOR: log: provide proxy context to resolve_logger()\n    - MINOR: log: add __send_log_set_metadata_sd helper\n    - MINOR: log: add logger flags\n    - MINOR: log: add log-profile parsing logic\n    - MINOR: log: add log profile buildlines\n    - MEDIUM: log: handle log-profile in process_send_log()\n    - DOC: config: add documentation for log profiles\n    - REGTESTS: log: add a test for log-profile\n    - MINOR: ssl: add ssl_sock_bind_verifycbk() in ssl_sock.h\n    - REORG: ssl: move the SNI selection code in ssl_clienthello.c\n    - BUILD: ssl: fix build with wolfSSL\n    - CI: github: upgrade aws-lc to 1.29.0\n    - Revert \"CI: github: upgrade aws-lc to 1.29.0\"\n    - MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC\n    - BUILD: ssl: disable deprecated functions for AWS-LC 1.29.0\n    - MINOR: ssl: relax the 'ssl.default-dh-param' keyword parsing\n    - CI: github: upgrade aws-lc to 1.29.0\n    - DOC: INSTALL: minimum AWS-LC version is v1.22.0\n    - CI: github: do the AWS-LC weekly build with ERR=1","shortMessageHtmlLink":"[RELEASE] Released version 3.1-dev1"}},{"before":"1950996e831e2030a441db6b9b431cf7e4c7911c","after":"5e361c77670dc7c5ea7f18a2449695df4ba345c7","ref":"refs/heads/master","pushedAt":"2024-06-14T10:24:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: github: do the AWS-LC weekly build with ERR=1\n\nThe weekly CI that tries new version of AWS-LC was not building with\nERR=1, which let us think that everything was good but there was in fact\nnew warning that we missed.\n\nAdd ERR=1 to the build so the CI will failed for any new warning.","shortMessageHtmlLink":"CI: github: do the AWS-LC weekly build with ERR=1"}},{"before":"11e13175d4d425150c65d55d6fe7bb30b3d9c1e9","after":"1950996e831e2030a441db6b9b431cf7e4c7911c","ref":"refs/heads/master","pushedAt":"2024-06-14T10:07:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: INSTALL: minimum AWS-LC version is v1.22.0\n\nChange the minimum AWS-LC version required","shortMessageHtmlLink":"DOC: INSTALL: minimum AWS-LC version is v1.22.0"}},{"before":"5bb0b9b1533157f8347af5b605355c7bd0c21401","after":null,"ref":"refs/heads/20240522-buildssl-script","pushedAt":"2024-06-14T09:39:27.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"}},{"before":"6e5caf4c00df513945ecb232d19456b5462fba54","after":null,"ref":"refs/heads/20240528-ocsp-cleanup","pushedAt":"2024-06-14T09:39:06.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"}},{"before":"b1be86c89f61a2939585c750d5b07d3740d90a18","after":null,"ref":"refs/heads/20240528-wolfssl","pushedAt":"2024-06-14T09:38:49.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"}},{"before":"25aaf9fd8b9d93aecf2947356c891a8567671568","after":null,"ref":"refs/heads/20240606-clienthello","pushedAt":"2024-06-14T09:38:37.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"}},{"before":"e0f2f6969e281aff056ec57aafbbc0e4994954cb","after":null,"ref":"refs/heads/20240613-awslc-clienthello","pushedAt":"2024-06-14T09:38:27.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"}},{"before":"935b3bd1b7e7975c15ecd4f3c1d1d57c9a745102","after":"11e13175d4d425150c65d55d6fe7bb30b3d9c1e9","ref":"refs/heads/master","pushedAt":"2024-06-14T09:37:25.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: github: upgrade aws-lc to 1.29.0\n\nUpgrade aws-lc to 1.29.0 on the push CI.","shortMessageHtmlLink":"CI: github: upgrade aws-lc to 1.29.0"}},{"before":"f3a747b3aede258cf0be314620bcedd53dabf19f","after":"c36776a7a91ab5336e161a6723db39a0c788f69b","ref":"refs/heads/20240614-aws-lc","pushedAt":"2024-06-14T09:30:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"MINOR: ssl: relax the 'ssl.default-dh-param' keyword parsing\n\nSome libraries are ignoring SSL_CTX_set_tmp_dh_callback(), but disabling\nthe 'ssl.default-dh-param' when the keyword is not supported would\nresult in an error instead of silently continuing. This patch emits a\nwarning when the keyword is not supported instead of a loading failure.","shortMessageHtmlLink":"MINOR: ssl: relax the 'ssl.default-dh-param' keyword parsing"}},{"before":null,"after":"f3a747b3aede258cf0be314620bcedd53dabf19f","ref":"refs/heads/20240614-aws-lc","pushedAt":"2024-06-14T08:56:53.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: github: upgrade aws-lc to 1.29.0\n\nUpgrade aws-lc to 1.29.0 on the push CI.","shortMessageHtmlLink":"CI: github: upgrade aws-lc to 1.29.0"}},{"before":null,"after":"e0f2f6969e281aff056ec57aafbbc0e4994954cb","ref":"refs/heads/20240613-awslc-clienthello","pushedAt":"2024-06-13T17:27:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC\n\nAWS-LC does not support the SSL_CTX_set_client_hello_cb() function from\nOpenSSL which allows to analyze ciphers and signatures algorithm of the\nClientHello. However it supports the SSL_CTX_set_select_certificate_cb()\nwhich allows the same thing but was the implementation from the\nboringSSL side.\n\nThis patch uses the SSL_CTX_set_select_certificate_cb() as well as the\nSSL_early_callback_ctx_extension_get() function to get the signature\nalgorithms.\n\nThis was successfully tested with openssl s_client as well as\ntestssl.sh.\n\nThis should allow to enable more reg-tests that depend on certificate\nselection.","shortMessageHtmlLink":"MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC"}},{"before":"6e986e7493ad2aa0c5a11c59d1235b03c02ef71c","after":"935b3bd1b7e7975c15ecd4f3c1d1d57c9a745102","ref":"refs/heads/master","pushedAt":"2024-06-13T15:15:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"Revert \"CI: github: upgrade aws-lc to 1.29.0\"\n\nThis reverts commit 6e986e7493ad2aa0c5a11c59d1235b03c02ef71c.","shortMessageHtmlLink":"Revert \"CI: github: upgrade aws-lc to 1.29.0\""}},{"before":"5149cc4990d447405be5378c19aae49310a51872","after":"6e986e7493ad2aa0c5a11c59d1235b03c02ef71c","ref":"refs/heads/master","pushedAt":"2024-06-13T15:11:32.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CI: github: upgrade aws-lc to 1.29.0\n\nUpgrade aws-lc to 1.29.0 on the push CI.","shortMessageHtmlLink":"CI: github: upgrade aws-lc to 1.29.0"}},{"before":"4ced880d22c67e83d5e134fdc13ec65606fbf21a","after":"5149cc4990d447405be5378c19aae49310a51872","ref":"refs/heads/master","pushedAt":"2024-06-13T15:04:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUILD: ssl: fix build with wolfSSL\n\nfix build with wolfSSL, broken since the reorg in src/ssl_clienthello.c","shortMessageHtmlLink":"BUILD: ssl: fix build with wolfSSL"}},{"before":"bcad26c8147cefe3ae23147551143dd648832609","after":"4ced880d22c67e83d5e134fdc13ec65606fbf21a","ref":"refs/heads/master","pushedAt":"2024-06-13T14:52:24.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"REORG: ssl: move the SNI selection code in ssl_clienthello.c\n\nMove the code which is used to select the final certificate with the\nclienthello callback. ssl_sock_client_sni_pool need to be exposed from\noutside ssl_sock.c","shortMessageHtmlLink":"REORG: ssl: move the SNI selection code in ssl_clienthello.c"}},{"before":"61d66a3d061cfb302f1519e5a774eb7e82f57ab9","after":"bcad26c8147cefe3ae23147551143dd648832609","ref":"refs/heads/master","pushedAt":"2024-06-13T13:48:53.000Z","pushType":"push","commitsCount":18,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"REGTESTS: log: add a test for log-profile\n\nTry to cover some common use-cases for \"log-profile\" feature. The tests\nmainly focus on log-profile section declaration, and testing the behavior\nof logformat / log-tag overriding capabilities.\n\nFor now, the use of log-profiles is somewhat limited because we lack\nthe ability to explicitly trigger the log building process at specific\nsteps during the stream handling. Indeed, for now we rely on\n\"option logasap\" and proxy log-format string content \"hacks\" to force\nthe log emission at some specific steps, thus more tests should be added\nover the time, when new mechanisms allowing the emission of logs at\nexpected processing steps will be added, or if new keywords are added to\nthe log-profile section.\n\nThis test requires versions >= 3.0-dev1","shortMessageHtmlLink":"REGTESTS: log: add a test for log-profile"}},{"before":"cdfceb10ae136b02e51f9bb346321cf0045d58e0","after":"61d66a3d061cfb302f1519e5a774eb7e82f57ab9","ref":"refs/heads/master","pushedAt":"2024-06-12T16:21:49.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC/MINOR: management: add -dZ option\n\nAdd some description for missed -dZ command line option in\nthe \"3. Starting HAProxy\" chapter.\n\nNeed to be backported until 2.9.","shortMessageHtmlLink":"DOC/MINOR: management: add -dZ option"}},{"before":"0e09cce0fdf104994b37a492e256d3bc37880ddc","after":"cdfceb10ae136b02e51f9bb346321cf0045d58e0","ref":"refs/heads/master","pushedAt":"2024-06-12T16:08:22.000Z","pushType":"push","commitsCount":5,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"MINOR: quic: refactor qc_prep_pkts() loop\n\nqc_prep_pkts() is built around a double loop iteration. First, it\niterates over every QEL instance register on sending. The inner loop is\nused to repeatdly called qc_build_pkt() with a QEL instance. If the QEL\ninstance has no more data to sent, the next QEL entry is selected. It\ncan also be interrupted earlier if there is not enough room on the sent\nbuffer.\n\nClarify the inner loop by using qc_may_build_pkt() directly into it\nbesides the check on buffer room left. This function is used to test if\nthe QEL instance has something to send.\n\nThis should simplify send evolution, in particular GSO implementation.","shortMessageHtmlLink":"MINOR: quic: refactor qc_prep_pkts() loop"}},{"before":"82a4dd7df69973c8123c73cf7b140685596a73e0","after":"0e09cce0fdf104994b37a492e256d3bc37880ddc","ref":"refs/heads/master","pushedAt":"2024-06-12T14:13:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request\n\nSince 2.9, it is possible to drain the request payload from the H1\nmultiplexer in case of early reply. When this happens, the upper stream is\ndetached but the H1 stream is not destroyed. Once the whole request is\ndrained, the end of the detach stage is finished. So the H1 stream is\ndestroyed and the H1 connection is ready to be reused, if possible,\notherwise it is released.\n\nAnd here is the issue. If some data of the next request are received with\nlast bytes of the drained one, parsing of the next request is immediately\nstarted. The previous H1 stream is destroyed and a new one is created to\nhandle the parsing.  At this stage the H1 connection may be released, for\ninstance because of a parsing error. This case was not properly handled.\nInstead of immediately exiting the mux, it was still possible to access the\nreleased H1 connection to refresh its timeouts, leading to a UAF issue.\n\nMany thanks to Annika for her invaluable help on this issue.\n\nThe patch should fix the issue #2602. It must be backported as far as 2.9.","shortMessageHtmlLink":"BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a …"}},{"before":"91fe085943cea52d0c3d04e81f8ecb6a51668b09","after":"82a4dd7df69973c8123c73cf7b140685596a73e0","ref":"refs/heads/master","pushedAt":"2024-06-12T12:51:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: internals: add a documentation about the master worker\n\nAdd a documentation about the history of the master-worker and how it\nwas implemented in its first version and how it is currently working.\nThis is a global view of the architecture, and not an exhaustive\nexplanation of all mechanisms.","shortMessageHtmlLink":"DOC: internals: add a documentation about the master worker"}},{"before":"c157894ba97a40f40f777344041841e423f99c2c","after":"91fe085943cea52d0c3d04e81f8ecb6a51668b09","ref":"refs/heads/master","pushedAt":"2024-06-12T06:57:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section\n\nBy default, there is always at least on resolver section, the default one,\nbased on \"/etc/resolv.conf\" content. However, it is possible to have no\nresolver at all if the file is empty or if any error occurred. Errors are\nsilently ignored at this stage.\n\nIn that case, there was a bug in the Prometheus exporter leading to a crash\nbecause the resolver section list is empty. An invalid resolver entity was\nused. To fix the issue we must only take care to not dump resolvers metrics\nwhen there is no resolver.\n\nThanks to Aurelien to have spotted the offending commit.\n\nThis patch should fix the issue #2604. It must be backported to 3.0.","shortMessageHtmlLink":"BUG/MINOR: promex: Skip resolvers metrics when there is no resolver s…"}},{"before":"c6931a4f01a29cb4f36e0b70900a6c97a5a2bdda","after":"c157894ba97a40f40f777344041841e423f99c2c","ref":"refs/heads/master","pushedAt":"2024-06-11T15:07:06.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"DOC: config: add missing context hint for new server and proxy keywords\n\nTo stay consistent with the work started in 54627f991 (\"DOC: config: add\ncontext hint for proxy keywords\") and 3d4e1e682 (\"DOC: config: add context\nhint for server keywords\"), we add missing context hint for \"guid\" (both\nproxy and server) keyword and \"hash-key\" server keyword that were added\nduring 3.0 development.\n\nThis may be backported in 3.0.","shortMessageHtmlLink":"DOC: config: add missing context hint for new server and proxy keywords"}},{"before":"7acdc3f6ffa69ba97d9f25532f2b7dd1ef390564","after":"c6931a4f01a29cb4f36e0b70900a6c97a5a2bdda","ref":"refs/heads/master","pushedAt":"2024-06-11T09:01:14.000Z","pushType":"push","commitsCount":13,"pusher":{"login":"haproxy-mirror","name":null,"path":"/haproxy-mirror","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38239150?s=80&v=4"},"commit":{"message":"CLEANUP: log/proxy: fix comment in proxy_free_common()\n\nThanks to previous commit, logformat expressions for default proxies are\nalso postchecked, adjusting a comment that suggests it's not the case.","shortMessageHtmlLink":"CLEANUP: log/proxy: fix comment in proxy_free_common()"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEZ6PxBQA","startCursor":null,"endCursor":null}},"title":"Activity · haproxy/haproxy"}