diff --git a/.github/workflows/contrib.yml b/.github/workflows/contrib.yml index cd41673945364..f7935ebd2504d 100644 --- a/.github/workflows/contrib.yml +++ b/.github/workflows/contrib.yml @@ -11,9 +11,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - name: Compile admin/halog/halog - run: | - make admin/halog/halog - name: Compile dev/flags/flags run: | make dev/flags/flags diff --git a/.github/workflows/quic-interop-aws-lc.yml b/.github/workflows/quic-interop-aws-lc.yml index 17d586b5af74b..5a0ac3f49686c 100644 --- a/.github/workflows/quic-interop-aws-lc.yml +++ b/.github/workflows/quic-interop-aws-lc.yml @@ -21,6 +21,9 @@ jobs: steps: - uses: actions/checkout@v5 + - name: Update Docker to the latest + uses: docker/setup-docker-action@v4 + - name: Build Docker image id: push uses: docker/build-push-action@v6 diff --git a/.github/workflows/quic-interop-libressl.yml b/.github/workflows/quic-interop-libressl.yml index 14b724e145192..7fdbdee90c8b6 100644 --- a/.github/workflows/quic-interop-libressl.yml +++ b/.github/workflows/quic-interop-libressl.yml @@ -21,6 +21,9 @@ jobs: steps: - uses: actions/checkout@v5 + - name: Update Docker to the latest + uses: docker/setup-docker-action@v4 + - name: Build Docker image id: push uses: docker/build-push-action@v6 diff --git a/admin/cli/haproxy-dump-certs b/admin/cli/haproxy-dump-certs index 59a507711220a..e15bb66d11f23 100755 --- a/admin/cli/haproxy-dump-certs +++ b/admin/cli/haproxy-dump-certs @@ -149,7 +149,7 @@ usage() { echo "Options:" echo " -S, --master-socket Use the master socket at (default: ${SOCKET})" echo " -s, --socket Use the stats socket at " - echo " -p, --path Specifiy a base path for relative files (default: ${BASEPATH})" + echo " -p, --path Specify a base path for relative files (default: ${BASEPATH})" echo " -n, --dry-run Read certificates on the socket but don't dump them" echo " -d, --debug Debug mode, set -x" echo " -v, --verbose Verbose mode" diff --git a/doc/configuration.txt b/doc/configuration.txt index 6c14abfe72953..28a51503dfba3 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -5345,7 +5345,7 @@ tune.ssl.certificate-compression { auto | off } When set to "auto" it uses the default value of the TLS library. - With "off" it tries to explicitely disable the support of the feature. + With "off" it tries to explicitly disable the support of the feature. HAProxy won't try to send compressed certificates anymore nor accept compressed certificates. @@ -7171,7 +7171,7 @@ default_backend used when no rule has matched. It generally is the dynamic backend which will catch all undetermined requests. - If a backend is disabled or unpublished, default_backend rules targetting it + If a backend is disabled or unpublished, default_backend rules targeting it will be ignored and stream processing will remain on the original proxy. Example : @@ -21478,7 +21478,7 @@ jwt_decrypt_cert() decrypted thanks to the certificate provided. The parameter must be a path to an already loaded certificate (that can be dumped via the "dump ssl cert" CLI command). The certificate must have - its "jwt" option explicitely set to "on" (see "jwt" crt-list option). It can + its "jwt" option explicitly set to "on" (see "jwt" crt-list option). It can be provided directly or via a variable. The only tokens managed yet are the ones using the Compact Serialization format (five dot-separated base64-url encoded strings). @@ -31269,9 +31269,9 @@ user [password|insecure-password ] slower than their glibc counterparts when calculating hashes, so you might want to consider this aspect too. - All passwords are considered normal arguments and are therefor subject to + All passwords are considered normal arguments and are therefore subject to regular section 2.2 Quoting and escaping. Single quoting passwords is - therefor recommended. + therefore recommended. Example: userlist L1 diff --git a/doc/management.txt b/doc/management.txt index cee9f5b56fe5b..dbaf781961b4c 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -1731,7 +1731,7 @@ add backend from [mode ] [guid ] [ EXPERIMENTAL ] Only TCP or HTTP proxies can be created. All of the settings are inherited from default proxy instance. By default, it is mandatory to specify the backend mode via the argument of the same name, unless - already defines it explicitely. It is also possible to use an optional GUID + already defines it explicitly. It is also possible to use an optional GUID argument if wanted. Servers can be added via the command "add server". The backend is initialized diff --git a/include/haproxy/proxy-t.h b/include/haproxy/proxy-t.h index 21c9aae4f4736..ff980e20c2e6b 100644 --- a/include/haproxy/proxy-t.h +++ b/include/haproxy/proxy-t.h @@ -242,12 +242,12 @@ enum PR_SRV_STATE_FILE { /* Proxy flags */ #define PR_FL_DISABLED 0x01 /* The proxy was disabled in the configuration (not at runtime) */ #define PR_FL_STOPPED 0x02 /* The proxy was stopped */ -#define PR_FL_DEF_EXPLICIT_MODE 0x04 /* Proxy mode is explicitely defined - only used for defaults instance */ +#define PR_FL_DEF_EXPLICIT_MODE 0x04 /* Proxy mode is explicitly defined - only used for defaults instance */ #define PR_FL_EXPLICIT_REF 0x08 /* The default proxy is explicitly referenced by another proxy */ #define PR_FL_IMPLICIT_REF 0x10 /* The default proxy is implicitly referenced by another proxy */ #define PR_FL_PAUSED 0x20 /* The proxy was paused at run time (reversible) */ #define PR_FL_CHECKED 0x40 /* The proxy configuration was fully checked (including postparsing checks) */ -#define PR_FL_BE_UNPUBLISHED 0x80 /* The proxy cannot be targetted by content switching rules */ +#define PR_FL_BE_UNPUBLISHED 0x80 /* The proxy cannot be targeted by content switching rules */ struct stream; diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h index 8b18e8241d0ee..6af6dea9f9f58 100644 --- a/include/haproxy/ssl_sock-t.h +++ b/include/haproxy/ssl_sock-t.h @@ -339,7 +339,7 @@ struct global_ssl { char **passphrase_cmd; int passphrase_cmd_args_cnt; - unsigned int certificate_compression:1; /* allow to explicitely disable certificate compression */ + unsigned int certificate_compression:1; /* allow to explicitly disable certificate compression */ }; /* The order here matters for picking a default context, diff --git a/src/backend.c b/src/backend.c index 109fba3aa785d..7094c2f0210a8 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2067,7 +2067,7 @@ int connect_server(struct stream *s) * available. * * This check must be performed before conn_prepare() - * to ensure consistency accross the whole stack, in + * to ensure consistency across the whole stack, in * particular for QUIC between quic-conn and mux layer. */ if (IS_HTX_STRM(s) && srv->use_ssl && @@ -3063,7 +3063,7 @@ int be_downtime(struct proxy *px) { /* Checks if backend supports the addition of servers at runtime. Either a * backend or a defaults proxy are supported. If proxy is incompatible, - * will be allocated to contain a textual explaination. + * will be allocated to contain a textual explanation. */ int be_supports_dynamic_srv(struct proxy *px, char **msg) { diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 8b8d7f5e1dc7e..cb9247ce10b1b 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -496,7 +496,7 @@ static int ssl_parse_global_keylog(char **args, int section_type, struct proxy * } #endif -/* Allow to explicitely disable certificate compression when set to "off" */ +/* Allow to explicitly disable certificate compression when set to "off" */ #ifdef SSL_OP_NO_RX_CERTIFICATE_COMPRESSION static int ssl_parse_certificate_compression(char **args, int section_type, struct proxy *curpx, const struct proxy *defpx, const char *file, int line, diff --git a/src/chunk.c b/src/chunk.c index 54e9561b6b35f..a3d519fc28b99 100644 --- a/src/chunk.c +++ b/src/chunk.c @@ -80,7 +80,7 @@ struct buffer *get_trash_chunk(void) } /* Similar to get_trash_chunk() but return a pre-allocated large chunk - * instead. Becasuse large buffers are not enabled by default, this function may + * instead. Because large buffers are not enabled by default, this function may * return NULL. */ struct buffer *get_large_trash_chunk(void) @@ -127,7 +127,7 @@ struct buffer *get_larger_trash_chunk(struct buffer *chk) if (!chk) return get_trash_chunk(); - /* No large buffers or current chunk is alread a large trash chunk */ + /* No large buffers or current chunk is already a large trash chunk */ if (!large_trash_size || chk->size == large_trash_size) return NULL; diff --git a/src/cpuset.c b/src/cpuset.c index f85c31b9c967d..7d3e7825b5fee 100644 --- a/src/cpuset.c +++ b/src/cpuset.c @@ -27,6 +27,8 @@ int ha_cpuset_set(struct hap_cpuset *set, int cpu) #elif defined(CPUSET_USE_ULONG) set->cpuset |= (0x1 << cpu); return 0; +#else + return 0; #endif } @@ -42,6 +44,8 @@ int ha_cpuset_clr(struct hap_cpuset *set, int cpu) #elif defined(CPUSET_USE_ULONG) set->cpuset &= ~(0x1 << cpu); return 0; +#else + return 0; #endif } @@ -96,6 +100,8 @@ int ha_cpuset_count(const struct hap_cpuset *set) #elif defined(CPUSET_USE_ULONG) return my_popcountl(set->cpuset); +#else + return 0; #endif } @@ -120,6 +126,8 @@ int ha_cpuset_ffs(const struct hap_cpuset *set) return 0; return my_ffsl(set->cpuset); +#else + return 0; #endif } @@ -148,6 +156,8 @@ int ha_cpuset_isequal(const struct hap_cpuset *dst, const struct hap_cpuset *src #elif defined(CPUSET_USE_ULONG) return dst->cpuset == src->cpuset; +#else + return 0; #endif } @@ -159,6 +169,8 @@ int ha_cpuset_size() #elif defined(CPUSET_USE_ULONG) return LONGBITS; +#else + return 0; #endif } diff --git a/src/haproxy.c b/src/haproxy.c index 177df7bcbadbc..2eb48b6ccf0cb 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -2822,7 +2822,7 @@ void deinit(void) * they are respectively cleaned up in sink_deinit() and deinit_log_forward() */ - /* If named defaults were preserved, ensure refcount is resetted. */ + /* If named defaults were preserved, ensure refcount is reset. */ if (!(global.tune.options & GTUNE_PURGE_DEFAULTS)) defaults_px_unref_all(); /* All proxies are removed now, so every defaults should also be freed diff --git a/src/haterm.c b/src/haterm.c index 9299a9f5cda29..4bbafc3a1fd63 100644 --- a/src/haterm.c +++ b/src/haterm.c @@ -47,7 +47,7 @@ const char *HTTP_HELP = " - /?R= Enable sending random data if >0.\n" "\n" "Note that those arguments may be cumulated on one line separated by a set of\n" - "delimitors among [&?,;/] :\n" + "delimiters among [&?,;/] :\n" " - GET /?s=20k&c=1&t=700&K=30r HTTP/1.0\n" " - GET /?r=500?s=0?c=0?t=1000 HTTP/1.0\n" "\n"; @@ -323,7 +323,7 @@ static int hstream_htx_buf_snd(struct connection *conn, struct hstream *hs) } /* The HTX data are not fully sent if the last HTX data - * were not fully transfered or if there are remaining data + * were not fully transferred or if there are remaining data * to send (->to_write > 0). */ if (!htx_is_empty(htxbuf(&hs->res))) { @@ -1007,7 +1007,7 @@ static int hstream_build_responses(void) /* original haterm chunk mode responses are made of 1-byte chunks * but the haproxy muxes do not support this. At this time - * these reponses are handled the same way as for common + * these responses are handled the same way as for common * responses with a pre-built buffer. */ for (i = 0; i < sizeof(common_chunk_resp); i++) diff --git a/src/haterm_init.c b/src/haterm_init.c index 65baad54fa70b..2a7cb3897e651 100644 --- a/src/haterm_init.c +++ b/src/haterm_init.c @@ -106,7 +106,7 @@ static inline size_t hbuf_is_null(const struct hbuf *h) /* Simple function, to append to without without * trailing '\0' character. - * Take into an account the '\t' and '\n' escaped sequeces. + * Take into an account the '\t' and '\n' escaped sequences. */ static void hstream_str_buf_append(struct hbuf *h, const char *line) { @@ -215,7 +215,7 @@ void haproxy_init_args(int argc, char **argv) argc--; argv++; } - /* Restore the argumenst */ + /* Restore the arguments */ argc = sargc; argv = sargv; while (argc > 0) { char *opt; diff --git a/src/http_fetch.c b/src/http_fetch.c index eae140b3b633d..df9de7eb56a92 100644 --- a/src/http_fetch.c +++ b/src/http_fetch.c @@ -44,7 +44,7 @@ /* this struct is used between calls to smp_fetch_hdr() or smp_fetch_cookie() */ static THREAD_LOCAL struct http_hdr_ctx static_http_hdr_ctx; /* this is used to convert raw connection buffers to htx */ -/* NOTE: For now, raw bufers cannot exceeds the standard size */ +/* NOTE: For now, raw buffers cannot exceeds the standard size */ static THREAD_LOCAL struct buffer static_raw_htx_chunk; static THREAD_LOCAL char *static_raw_htx_buf; diff --git a/src/jwe.c b/src/jwe.c index bfa73d901dbae..e095537d57d29 100644 --- a/src/jwe.c +++ b/src/jwe.c @@ -326,7 +326,7 @@ static int decrypt_cek_aeskw(struct buffer *cek, struct buffer *decrypted_cek, s * the one found in the JWE token. * The tag is built out of a HMAC of some concatenated data taken from the JWE * token (see https://datatracker.ietf.org/doc/html/rfc7518#section-5.2). The - * firest half of the previously decrypted cek is used as HMAC key. + * first half of the previously decrypted cek is used as HMAC key. * Returns 0 in case of success, 1 otherwise. */ static int build_and_check_tag(jwe_enc enc, struct jwt_item items[JWE_ELT_MAX], @@ -504,7 +504,7 @@ static inline void clear_decoded_items(struct buffer *decoded_items[JWE_ELT_MAX] /* * Decrypt the contents of a JWE token thanks to the user-provided base64 * encoded secret. This converter can only be used for tokens that have a - * symetric algorithm (AESKW, AESGCMKW or "dir" special case). + * symmetric algorithm (AESKW, AESGCMKW or "dir" special case). * Returns the decrypted contents, or nothing if any error happened. */ static int sample_conv_jwt_decrypt_secret(const struct arg *args, struct sample *smp, void *private) @@ -761,7 +761,7 @@ static int decrypt_cek_rsa(struct buffer *cek, struct buffer *decrypted_cek, /* * Decrypt the contents of a JWE token thanks to the user-provided certificate * and private key. This converter can only be used for tokens that have an - * asymetric algorithm (RSA only for now). + * asymmetric algorithm (RSA only for now). * Returns the decrypted contents, or nothing if any error happened. */ static int sample_conv_jwt_decrypt_cert(const struct arg *args, struct sample *smp, void *private) @@ -827,7 +827,7 @@ static int sample_conv_jwt_decrypt_cert(const struct arg *args, struct sample *s if (chunk_printf(cert, "%.*s", (int)b_data(&cert_smp.data.u.str), b_orig(&cert_smp.data.u.str)) <= 0) goto end; - /* With asymetric crypto algorithms we should always have a CEK */ + /* With asymmetric crypto algorithms we should always have a CEK */ if (!items[JWE_ELT_CEK].length) goto end; diff --git a/src/proxy.c b/src/proxy.c index dadcff0c6949b..8718ce9956967 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -4857,7 +4857,7 @@ static int cli_parse_add_backend(char **args, char *payload, struct appctx *appc return 1; } if (!(defpx->flags & PR_FL_DEF_EXPLICIT_MODE) && !mode) { - cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s' default proxy does not explicitely defines it.\n", def_name)); + cli_dynerr(appctx, memprintf(&msg, "Mode is required as '%s' default proxy does not explicitly defines it.\n", def_name)); return 1; } if (defpx->mode != PR_MODE_TCP && defpx->mode != PR_MODE_HTTP) { diff --git a/src/stream.c b/src/stream.c index b2eef9187f5dc..35ea931eb07dc 100644 --- a/src/stream.c +++ b/src/stream.c @@ -1141,12 +1141,12 @@ enum act_return process_use_service(struct act_rule *rule, struct proxy *px, return ACT_RET_STOP; } -/* Parses persist-rules attached to frontend and report the first macthing +/* Parses persist-rules attached to frontend and report the first matching * entry, using session and stream as sample source. * * As this function is called several times in the same stream context, * will act as a caching value to avoid reprocessing of a similar - * ruleset. It must be set to a negative value for the first invokation. + * ruleset. It must be set to a negative value for the first invocation. * * Returns 1 if a rule matches, else 0. */