2021/09/20 : 2.0r1 (1.0.0-236.1239) - MINOR: hapee: Update the list of dropped/hapee patches - BUG/MINOR: stats: fix the POST requests processing in legacy mode - BUG/MEDIUM: http: check for a channel pending data before waiting - BUG/MINOR: cli/payload: do not search for args inside payload - BUG/MINOR: compat: make sure __WORDSIZE is always defined - BUG/MINOR: systemd: ExecStartPre must use -Ws - REGTESTS: mark http_abortonclose as broken - MINOR: action: Use a generic function to check validity of an action rule list - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" 2021/09/07 : 2.0r1 (1.0.0-236.1230) 2021/09/03 : 2.0r1 (1.0.0-235.1230) - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer - CLEANUP: htx: remove comments about "must be < 256 MB" - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB - DOC: configuration: remove wrong tcp-request examples in tcp-response - CLEANUP: Add missing include guard to signal.h - BUG/MINOR: tools: Fix loop condition in dump_text() - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords - MINOR: compiler: implement an ONLY_ONCE() macro - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} - REGTESTS: abortonclose: after retries, 503 is expected, not close - BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- - DOC/MINOR: fix typo in management document - MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade 2021/08/13 : 2.0r1 (1.0.0-234.1215) - REGTESTS: add a test to prevent h2 desync attacks - BUG/MAJOR: h2: enforce checks on the method syntax before translating to HTX 2021/08/13 : 2.0r1 (1.0.0-234.1213) - DOC: config: Fix 'http-response send-spoe-group' documentation - DOC: Improve the lua documentation - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure - BUG/MINOR: server: update last_change on maint->ready transitions too - BUG/MINOR: connection: Add missing error labels to conn_err_code_str - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames - BUG/MINOR: mux-h2: Obey dontlognull option during the preface - BUG/MINOR: systemd: must check the configuration using -Ws - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUILD: add detection of missing important CFLAGS - BUG/MEDIUM: tcp-check: Do not dereference inexisting connection - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled - BUG/MINOR: server-state: load SRV resolution only if params match the config 2021/07/09 : 2.0r1 (1.0.0-232.1197) - CLEANUP: pools: remove now unused seq and pool_free_list - BUG/MAJOR: pools: fix possible race with free() in the lockless variant - MEDIUM: pools: use a single pool_gc() function for locked and lockless - MEDIUM: memory: make pool_gc() run under thread isolation - BUG/MEDIUM: pools: Always update free_list in pool_gc(). - MINOR: pools: do not maintain the lock during pool_flush() - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response - DOC: config: use CREATE USER for mysql-check - DOC: peers: fix the protocol tag name in the doc - DOC: stick-table: add missing documentation about gpt0 stored type - BUG/MINOR: stick-table: fix several printf sign errors dumping tables - BUG/MINOR: cli: fix server name output in "show fd" - BUG/MEDIUM: sock: make sure to never miss early connection failures - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - BUG/MINOR: resolvers: answser item list was randomly purged or errors - DOC: config: Add missing actions in "tcp-request session" documentation - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check 2021/06/28 : 2.0r1 (1.0.0-232.1173) - BUG/MEDIUM: spoe: Register pre/post analyzers in start_analyze callback function 2021/06/18 : 2.0r1 (1.0.0-232.1172) - MINOR: hapee: Update the list of backported/hapee patches - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default - BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken - MINOR: mux-h2: obey http-ignore-probes during the preface - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue - BUG/MINOR: mworker: fix typo in chroot error message - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id - DOC: lua: Add a warning about buffers modification in HTTP - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded 2021/06/17 : 2.0r1 (1.0.0-232.1161) - BUG/MEDIUM: dns: reset file descriptor if send returns an error - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree - BUG/MINOR: http: Missing calloc return value check in make_arg_list - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine - BUG/MINOR: peers: Missing calloc return value check in peers_register_table - BUG/MINOR: server: Missing calloc return value check in srv_parse_source - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - REGTESTS: Add script to test abortonclose option - MEDIUM: mux-h1: Don't block reads when waiting for the other side - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry - BUG/MINOR: stream: properly clear the previous error mask on L7 retries - BUG/MINOR: stream: Decrement server current session counter on L7 retry - BUG/MEDIUM: cli: prevent memory leak on write errors - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode 2021/04/29 : 2.0r1 (1.0.0-232.1129) - MINOR: peers: add informative flags about resync process for debugging - BUG/MEDIUM: peers: reset tables stage flags stages on new conns - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly - BUG/MEDIUM: peers: reset commitupdate value in new conns - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync - BUG/MINOR: applet: Notify the other side if data were consumed by an applet - BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush - BUG/MEDIUM: peers: re-work connection to new process during reload. - BUG/MINOR: peers: remove useless table check if initial resync is finished - BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data - BUG/MINOR: mworker: don't use oldpids[] anymore for reload - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases - BUG/MEDIUM: config: fix cpu-map notation with both process and threads - BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames - BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers - BUG/MINOR: server: free srv.lb_nodes in free_server - BUG/MINOR: mux-h1: Release idle server H1 connection if data are received - BUG/MINOR: logs: Report the true number of retries if there was no connection - BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function - BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded - BUG/MEDIUM: threads: Ignore current thread to end its harmless period - BUG/MEDIUM: sample: Fix adjusting size in field converter - DOC: clarify that compression works for HTTP/2 - BUG/MINOR: tools: fix parsing "us" unit for timers - DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options - BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks - MINOR: resolvers: Directly call srvrq_update_srv_state() when possible - MINOR: resolvers: Add function to change the srv status based on SRV resolution - MINOR: resolvers: Purge answer items when a SRV resolution triggers an error - MINOR: resolvers: Use a function to remove answers attached to a resolution - BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution - BUG/MAJOR: dns: disabled servers through SRV records never recover - BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status 2021/04/02 : 2.0r1 (1.0.0-232.1092) - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 - BUG/MINOR: stats: Apply proper styles in HTML status page. - BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters - MINOR: tools: make url2ipv4 return the exact number of bytes parsed - BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless - BUG/MEDIUM: time: make sure to always initialize the global tick 2021/03/24 : 2.0r1 (1.0.0-231.1083) - BUG/MEDIUM: lua: Always init the lua stack before referencing the context - BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback - MINOR: lua: Slightly improve function dumping the lua traceback - MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable - MINOR: time: also provide a global, monotonic global_now_ms timer 2021/03/18 : 2.0r1 (1.0.0-231.1077) - MINOR: hapee: Update the list of backported/hapee patches - BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams - BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert" - BUG/MINOR: freq_ctr/threads: make use of the last updated global time - MINOR: time: export the global_now variable - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames - BUG/MINOR: resolvers: Reset server address on DNS error only on status change - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error - CLEANUP: tcp-rules: add missing actions in the tcp-request error message - BUG/MINOR: session: Add some forgotten tests on session's listener - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached - BUG/MEDIUM: session: NULL dereference possible when accessing the listener - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() - BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive - BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout - DOC: spoe: Add a note about fragmentation support in HAProxy - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 - BUG/MINOR: connection: Use the client's dst family for adressless servers - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule - BUG/MINOR: http-ana: Only consider dst address to process originalto option - BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() - BUG/MEDIUM: resolvers: Reset address for unresolved servers - BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records - BUG/MINOR: resolvers: new callback to properly handle SRV record errors - BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop - BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe - BUG/MINOR: sample: secure convs that accept base64 string and var name as args - BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok - BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line - BUG/MINOR: server: Init params before parsing a new server-state line - BUG/MINOR: sample: Always consider zero size string samples as unsafe - BUG/MINOR: checks: properly handle wrapping time in __health_adjust() - BUG/MINOR: session: atomically increment the tracked sessions counter - BUG/MINOR: server: Remove RMAINT from admin state when loading server state - CLEANUP: channel: fix comment in ci_putblk. - BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL - BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines - BUG/MEDIUM: config: don't pick unset values from last defaults section - CLEANUP: deinit: release global and per-proxy server-state variables on deinit - BUG/MINOR: server: Fix server-state-file-name directive - BUG/MINOR: backend: hold correctly lock when killing idle conn - BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() - BUG/MINOR: server: re-align state file fields number - BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state 2021/03/16 : 2.0r1 (1.0.0-231.1029) 2021/02/12 : 2.0r1 (1.0.0-229.1029) - BUG/MEDIUM: mux-h2: Be sure to enter in demux loop even if dbuf is empty 2021/02/05 : 2.0r1 (1.0.0-229.1028) - BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED - BUG/MEDIUM: mux-h2: handle remaining read0 cases - BUILD: Makefile: move REGTESTST_TYPE default setting - MINOR: hapee: Update the list of backported/hapee patches - BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store - BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() - BUG/MINOR: xxhash: make sure armv6 uses memcpy() - BUG/MEDIUM: ssl: check a connection's status before computing a handshake - BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list - DOC: management: fix "show resolvers" alphabetical ordering - BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name 2021/02/01 : 2.0r1 (1.0.0-228.1017) - BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown 2021/01/28 : 2.0r1 (1.0.0-228.1016) - BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition - BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX - BUG/MEDIUM: mux-h2: fix read0 handling on partial frames - BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() - BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. - BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable - BUG/MINOR: sample: Memory leak of sample_expr structure in case of error - BUG/MINOR: sample: check alloc_trash_chunk return value in concat() 2021/01/08 : 2.0r1 (1.0.0-228.1008) - BUG/MINOR: sample: fix concat() converter's corruption with non-string variables - DOC: Add maintainers for the Prometheus exporter - SCRIPTS: announce-release: fix typo in help message - DOC: fix some spelling issues over multiple files - MINOR: contrib/prometheus-exporter: export build_info - BUILD: Makefile: exclude broken tests by default - BUG/MINOR: srv: do not init address if backend is disabled - SCRIPTS: make announce release support preparing announces before tag exists - SCRIPTS: improve announce-release to support different tag and versions - BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails - MINOR: atomic: don't use ; to separate instruction on aarch64. - BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h - BUILD: plock: remove dead code that causes a warning in gcc 11 - CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps - CONTRIB: halog: mark the has_zero* functions unused - CONTRIB: halog: fix build issue caused by %L printf format - BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode - BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests - BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well - REGTESTS: make use of HAPROXY_ARGS and pass -dM by default - CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric 2020/12/14 : 2.0r1 (1.0.0-227.987) - CLEANUP: lua: Remove declaration of an inexistant function - BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight - BUG/MINOR: tools: Reject size format not starting by a digit - BUG/MINOR: tools: make parse_time_err() more strict on the timer validity - DOC: email change of the DeviceAtlas maintainer - BUG/MEDIUM: spoa/python: Fixing references to None - BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments - BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails - BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations - DOC: spoa/python: Fixing typos in comments - DOC: spoa/python: Rephrasing memory related error messages - DOC: spoa/python: Fixing typo in IP related error messages - BUG/MAJOR: spoa/python: Fixing return None - DOC/MINOR: Fix formatting in Management Guide - BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times - MINOR: cli: add a function to look up a CLI service description - MINOR: actions: add a function returning a service pointer from its name - MINOR: actions: Export actions lookup functions - BUG/MINOR: lua: Some lua init operation are processed unsafe - BUG/MINOR: lua: Post init register function are not executed beyond the first one - BUG/MINOR: lua: lua-load doesn't check its parameters - MINOR: plock: use an ARMv8 instruction barrier for the pause instruction - DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section - BUG/MAJOR: peers: fix partial message decoding 2020/11/24 : 2.0r1 (1.0.0-226.963) - BUG/MAJOR: filters: Always keep all offsets up to date during data filtering 2020/11/18 : 2.0r1 (1.0.0-226.962) - BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests - BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering - BUILD: http-htx: fix build warning regarding long type in printf - MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error. - MINOR: spoe: Don't close connection in sync mode on processing timeout - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet - BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches - BUG/MINOR: http-fetch: Extract cookie value even when no cookie name - BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages - BUG/MINOR: peers: Missing TX cache entries reset. - BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries. - BUG/MINOR: lua: set buffer size during map lookups - BUG/MINOR: pattern: a sample marked as const could be written - BUG/MINOR: http-htx: Just warn if payload of an errorfile doesn't match the C-L - MINOR: http-htx: Add understandable errors for the errorfiles parsing 2020/11/04 : 2.0r1 (1.0.0-225.947) - BUG/MEDIUM: ssl: OCSP must work with BoringSSL - BUG/MEDIUM: stick-table: limit the time spent purging old entries - BUG/MINOR: filters: Skip disabled proxies during startup only - BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade - MINOR: server: Copy configuration file and line for server templates - BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup - BUG/MEDIUM: filters: Don't try to init filters for disabled proxies - BUG/MINOR: cache: Inverted variables in http_calc_maxage function - BUG/MINOR: lua: initialize sample before using it - BUG/MINOR: server: fix down_time report for stats - BUG/MINOR: server: fix srv downtime calcul on starting - BUG/MINOR: log: fix memory leak on logsrv parse error - BUG/MINOR: extcheck: add missing checks on extchk_setenv() - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible - BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests - BUG/MEDIUM: server: support changing the slowstart value from state-file - BUG/MINOR: queue: properly report redistributed connections 2020/10/19 : 2.0r1 (1.0.0-225.930) - MINOR: hapee: Update the list of backported/hapee patches - MINOR: backend: Add sample fetches to get the server's weight - BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions. - BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn - BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages - BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided - BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once - MINOR: fd: report an error message when failing initial allocations - BUG/MINOR: mux-h2: do not stop outgoing connections on stopping - BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited - BUG/MEDIUM: h1: Always try to receive more in h1_rcv_buf(). - BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses - BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams 2020/10/08 : 2.0r1 (1.0.0-224.917) - MINOR: hapee: Update the list of backported patches - MINOR: ssl: reach a ckch_store from a sni_ctx - BUG/MEDIUM: ssl: crt-list negative filters don't work - BUG/MINOR: mux-h1: Always set the session on frontend h1 stream - BUG/MINOR: peers: Inconsistency when dumping peer status codes. - MINOR: hlua: Display debug messages on stderr only in debug mode - BUG/MINOR: stats: fix validity of the json schema - MINOR: counters: fix a typo in comment - BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe - BUG/MINOR: Fix several leaks of 'log_tag' in init(). - BUILD: makefile: Fix building with closefrom() support enabled - DOC: ssl: crt-list negative filters are only a hint 2020/10/02 : 2.0r1 (1.0.0-224.905) - MINOR: hapee: add a .hapee directory to list backporting notes - BUG/MINOR: ssl: verifyhost is case sensitive - BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate - BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free() - BUG/MINOR: ssl: fix memory leak at OCSP loading - BUG/MEDIUM: ssl: crt-list must continue parsing on ERR_WARN - BUG/MINOR: ssl: fix a trash buffer leak in some error cases - BUG/MINOR: ssl: memleak of the struct cert_key_and_chain - BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' - MINOR: ssl: improve the errors when a crt can't be open - BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore - BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers - BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT - BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding - BUG/MINOR: mux-fcgi: Handle empty STDERR record - REGTEST: make map_regm_with_backref require 1.7 - REGTEST: make abns_socket.vtc require 1.8 - REGTEST: fix host part in balance-uri-path-only.vtc - REGTESTS: add a few load balancing tests - DOC: agent-check: fix typo in "fail" word expected reply - DOC: spoa-server: fix false friends `actually` - BUG/MEDIUM: listeners: do not pause foreign listeners - BUG/MINOR: config: Fix memory leak on config parse listen - BUG/MINOR: Fix memory leaks cfg_parse_peers - BUG/MEDIUM: h2: report frame bits only for handled types - BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch - BUG/MINOR: server: report correct error message for invalid port on "socks4" - BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers 2020/09/18 : 2.0r1 (1.0.0-224.877) - BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned - BUILD: threads: better workaround for late loading of libgcc_s - BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections - BUG/MINOR: auth: report valid crypto(3) support depending on build options - CLEANUP: Update .gitignore - MINOR: Commit .gitattributes - BUILD: thread: limit the libgcc_s workaround to glibc only - BUG/MINOR: threads: work around a libgcc_s issue with chrooting - BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() - BUG/MEDIUM: doc: Fix replace-path action description - BUG/MINOR: startup: haproxy -s cause 100% cpu - BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address - BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure - BUG/MINOR: contrib/spoa-server: Do not free reference to NULL - BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed - BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak - DOC: cache: Use '<name>' instead of '<id>' in error message - BUG/MINOR: reload: do not fail when no socket is sent 2020/08/13 : 2.0r1 (1.0.0-224.859) - BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction - BUG/MINOR: stats: use strncmp() instead of memcmp() on health states - BUG/MINOR: snapshots: leak of snapshots on deinit() - BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation - BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation - BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime - BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send - BUG/MEDIUM: mux-h2: Don't fail if nothing is parsed for a legacy chunk response 2020/07/31 : 2.0r1 (1.0.0-222.851) - SCRIPTS: git-show-backports: emit the shell command to backport a commit - SCRIPTS: git-show-backports: make -m most only show the left branch - SCRIPTS: announce-release: add the link to the wiki in the announce messages - MINOR: stream-int: Be sure to have a mux to do sends and receives - MINOR: connection: Preinstall the mux for non-ssl connect - BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields - BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation - MEDIUM: lua: Add support for the Lua 5.4 - BUG/MINOR: debug: Don't dump the lua stack if it is not initialized - BUG/MEDIUM: mux-h1: Disable the splicing when nothing is received - BUG/MEDIUM: mux-h1: Wakeup the H1C in h1_rcv_buf() if more data are expected - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed - BUG/MAJOR: dns: Make the do-resolve action thread-safe - BUG/MEDIUM: mux-h2: Emit an error if the response chunk formatting is incomplete - BUG/MEDIUM: resolve: fix init resolving for ring and peers section. - BUG/MINOR: cfgparse: don't increment linenum on incomplete lines - BUILD: thread: add parenthesis around values of locking macros - MINOR: pools: increase MAX_BASE_POOLS to 64 - BUG/MINOR: threads: Don't forget to init each thread toremove_lock. - REGEST: Add reg tests about error files - BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp() - BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked - BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. - BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode - CONTRIB: da: fix memory leak in dummy function da_atlas_open() - BUG/MINOR: sample: Free str.area in smp_check_const_meth - BUG/MINOR: sample: Free str.area in smp_check_const_bool - DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x - BUG/MEDIUM: stream-int: Disable connection retries on plain HTTP proxy mode - BUG/MAJOR: stream: Mark the server address as unset on new outgoing connection - MINOR: http: Add support for http 413 status - BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server - BUG/MEDIUM: connection: Continue to recv data to a pipe when the FD is not ready - MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only - BUG/MEDIUM: mux-h1: Subscribe rather than waking up in h1_rcv_buf() - BUG/MEDIUM: mux-h1: Disable splicing for the conn-stream if read0 is received - BUG/MINOR: mux-h1: Disable splicing only if input data was processed - BUG/MINOR: mux-h1: Don't read data from a pipe if the mux is unable to receive - BUG/MINOR: mux-h1: Fix the splicing in TUNNEL mode - BUG/MINOR: http_act: don't check capture id in backend (2) - DOC: configuration: fix alphabetical ordering for tune.pool-{high,low}-fd-ratio - DOC: configuration: add missing index entries for tune.pool-{low,high}-fd-ratio - BUG/MINOR: proxy: always initialize the trash in show servers state - BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash - BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible - DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list - MINOR: cli: make "show sess" stop at the last known session - BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL - REGTEST: ssl: add some ssl_c_* sample fetches test - REGTEST: ssl: tests the ssl_f_* sample fetches - MINOR: spoe: Don't systematically create new applets if processing rate is low - BUG/MINOR: http_ana: clarify connection pointer check on L7 retry - BUG/MINOR: spoe: correction of setting bits for analyzer - REGTEST: Add a simple script to tests errorfile directives in proxy sections - BUG/MINOR: systemd: Wait for network to be online - MEDIUM: map: make the "clear map" operation yield - REGTEST: http-rules: test spaces in ACLs with master CLI - REGTEST: http-rules: test spaces in ACLs - BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI - BUG/MINOR: mworker/cli: fix the escaping in the master CLI - BUG/MINOR: cli: allow space escaping on the CLI - BUG/MINOR: spoe: add missing key length check before checking key names - BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks - BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness - MINOR: http: Add 404 to http-request deny - MINOR: http: Add 410 to http-request deny - REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used - BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 - REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation - REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv - BUG/MEDIUM: pattern: fix thread safety of pattern matching - BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor - BUG/MINOR: mworker: fix a memleak when execvp() failed - BUG/MEDIUM: mworker: fix the reload with an -- option - BUG/MINOR: init: -S can have a parameter starting with a dash - BUG/MINOR: init: -x can have a parameter starting with a dash - BUG/MEDIUM: mworker: fix the copy of options in copy_argv() - BUILD: makefile: adjust the sed expression of "make help" for solaris 2020/06/30 : 2.0r1 (1.0.0-222.773) - MINOR: peers: do not use localpeer as an array anymore - MEDIUM: peers: add the "localpeer" global option 2020/06/05 : 2.0r1 (1.0.0-222.771) - BUG/MINOR: proto-http: Fix detection of NTLM for the legacy HTTP version - BUG/MEDIUM: logs: fix trailing zeros on log message. - BUG/MINOR: logs: prevent double line returns in some events. - BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics - BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations - BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action - BUG/MINOR: peers: fix internal/network key type mapping. - SCRIPTS: publish-release: pass -n to gzip to remove timestamp - Revert "BUG/MEDIUM: connections: force connections cleanup on server changes" - BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf - BUG/MINOR: lua: Add missing string length for lua sticktable lookup 2020/05/26 : 2.0r1 (1.0.0-222.760) - BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable - BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified - BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() - BUILD: select: only declare existing local labels to appease clang - BUG/MINOR: soft-stop: always wake up waiting threads on stopping - BUG/MINOR: pollers: remove uneeded free in global init - BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" - BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered - BUG/MEDIUM: http_ana: make the detection of NTLM variants safer - BUG/MINOR: http-ana: fix NTLM response parsing again - BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur - BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() - BUG/MINOR: sample: Set the correct type when a binary is converted to a string - CLEANUP: connections: align function declaration - BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() - BUG/MEDIUM: connections: force connections cleanup on server changes - BUG/MEDIUM: mux-fcgi: Call destroy method with the mux context as argument - BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason - BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach() - BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release() - BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it - MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex - BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param 2020/05/22 : 2.0r1 (1.0.0-222.735) - BUG/MEDIUM: ring: write-lock the ring while attaching/detaching - BUG/MAJOR: stream-int: always detach a faulty endpoint on connect failure - BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. - BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. - BUG/MINOR: checks: Remove a warning about http health checks - BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks 2020/05/12 : 2.0r1 (1.0.0-222.729) - BUG/MEDIUM: checks: Always initialize checks before starting them - BUG/MEDIUM: server/checks: Init server check during config validity check - Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" - BUG/MEDIUM: backend: don't access a non-existing mux from a previous connection - REGTEST: ssl: test the client certificate authentication - MINOR: stream: report the list of active filters on stream crashes - BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock - BUG/MEDIUM: shctx: really check the lock's value while waiting - BUG/MINOR: debug: properly use long long instead of long for the thread ID - MINOR: threads: export the POSIX thread ID in panic dumps - BUG/MEDIUM: listener: mark the thread as not stuck inside the loop - BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream - BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam - BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam - BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream - BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream - BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function - BUG/MINOR: checks: chained expect will not properly wait for enough data - BUG/MINOR: checks/server: use_ssl member must be signed - BUG/MINOR: checks: Respect the no-check-ssl option - MINOR: checks: Add a way to send custom headers and payload during http chekcs - BUG/MINOR: check: Update server address and port to execute an external check - DOC: option logasap does not depend on mode - BUG/MINOR: http: make url_decode() optionally convert '+' to SP - BUG/MINOR: tools: fix the i386 version of the div64_32 function - BUG/MEDIUM: http-ana: Handle NTLM messages correctly. - BUG/MINOR: ssl: default settings for ssl server options are not used - DOC: Improve documentation on http-request set-src - DOC: hashing: update link to hashing functions - BUG/MINOR: peers: Incomplete peers sections should be validated. - BUG/MINOR: protocol_buffer: Wrong maximum shifting. 2020/04/21 : 2.0r1 (1.0.0-221.698) 2020/04/01 : 2.0r1 (1.0.0-220.698) - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping - BUG/MINOR: http-ana: Reset request analysers on a response side error - BUG/MINOR: http-ana: Reset request analysers on error when waiting for response - BUG/MINOR: filters: Forward everything if no data filters are called - BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data - MINOR: http-rules: Handle the rule direction when a redirect is evaluated - BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits - MINOR: http-rules: Add a flag on redirect rules to know the rule direction - DOC: internals: Fix spelling errors in filters.txt - BUG/MINOR: stats: Fix color of draining servers on stats page - BUILD: ssl: only pass unsigned chars to isspace() - MINOR: listener: add so_name sample fetch - BUG/MINOR: peers: Use after free of "peers" section. - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized - BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection - REGTEST: increase timeouts on the seamless-reload test - REGTESTS: use "command -v" instead of "which" - BUG/MINOR: connections: Make sure we free the connection on failure. - MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc. - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue(). - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h. - DOC: assorted typo fixes in the documentation - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases. - BUILD: makefile: fix expression again to detect ARM platform - BUILD: makefile: fix regex syntax in ARM platform detection - BUILD: on ARM, must be linked to libatomic. - DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID - BUG/MINOR: haproxy/threads: try to make all threads leave together - BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping - BUG/MINOR: haproxy: always initialize sleeping_thread_mask - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64 - BUILD: wdt: only test for SI_TKILL when compiled with thread support - DOC: ssl: clarify security implications of TLS tickets - DOC: improve description of no-tls-tickets - DOC: fix typo about no-tls-tickets - BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action - BUG/MINOR: http-rules: Fix a typo in the reject action function - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action - BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload - MINOR: htx: Add a function to return a block at a specific offset - REGTEST: make the PROXY TLV validation depend on version 2.2 - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths - BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits - DOC: assorted typo fixes in the documentation and Makefile - DOC: configuration.txt: fix various typos - BUG/MINOR: pattern: Do not pass len = 0 to calloc() - OPTIM: startup: fast unique_id allocation for acl. - DOC: fix incorrect indentation of http_auth_* - BUG/MAJOR: list: fix invalid element address calculation 2020/03/27 : 2.0r1 (1.0.0-219.645) 2020/03/17 : 2.0r1 (1.0.0-217.645) - BUG/MINOR: checks/threads: use ha_random() and not rand() - MINOR: backend: use a single call to ha_random32() for the random LB algo - BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG - MINOR: tools: add 64-bit rotate operators - BUG/MEDIUM: random: initialize the random pool a bit better 2020/03/06 : 2.0r1 (1.0.0-217.640) 2020/03/05 : 2.0r1 (1.0.0-215.640) - BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr() - BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms - MINOR: debug: dump the whole trace if we can't spot the starting point - MINOR: debug: use our own backtrace function on clang+x86_64 - MINOR: debug: improve backtrace() on aarch64 and possibly other systems - MINOR: debug: report the number of entries in the backtrace - MINOR: wdt: do not depend on USE_THREAD - BUILD: Makefile: include librt before libpthread - BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled - MINOR: debug: call backtrace() once upon startup - MEDIUM: debug: add support for dumping backtraces of stuck threads - MINOR: cli: make "show fd" rely on resolve_sym_name() - MINOR: debug: use resolve_sym_name() to dump task handlers - MINOR: tools: add resolve_sym_name() to resolve function pointers - MINOR: tools: add new function dump_addr_and_bytes() - MINOR: haproxy: export run_poll_loop - MINOR: haproxy: export main to ease access from debugger - BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump - MINOR: debug: report the task handler's pointer relative to main 2020/03/04 : 2.0r1 (1.0.0-213.621) - MINOR: ssl/cli: reorder 'show ssl cert' output - MINOR: ssl/cli: 'show ssl cert'displays the issuer in the chain - MINOR: ssl/cli: 'show ssl cert' displays the chain - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions - BUG/MINOR: ssl: load .key in a directory only after PEM - MINOR: ssl: load the key from a dedicated file - MINOR: ssl: ssl-load-extra-files configure loading of files - MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric - MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics - BUG/MINOR: dns: ignore trailing dot - BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch - BUILD: ebtree: improve architecture-specific alignment - MINOR: compiler: add new alignment macros - BUG/MINOR: connection: make sure to correctly tag local PROXY connections - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions - BUG/MINOR: sample: fix the json converter's endian-sensitivity - CLEANUP: cfgparse: Fix type of second calloc() parameter - BUILD: fix recent build failure on unaligned archs - BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support - MINOR: compiler: move CPU capabilities definition from config.h and complete them - BUG/MEDIUM: shctx: make sure to keep all blocks aligned - BUG/MINOR: http: http-request replace-path duplicates the query string - MINOR: ist: add an iststop() function - BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered - BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive - BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them - MINOR: filters: Forward data only if the last filter forwards something - MINOR: http-htx: Add a function to retrieve the headers size of an HTX message - SCRIPTS: announce-release: use mutt -H instead of -i to include the draft - BUG/MEDIUM: muxes: Use the right argument when calling the destroy method. - BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat - SCRIPTS: make announce-release executable again - BUG/MINOR: tcp: don't try to set defaultmss when value is negative - DOC: word converter ignores delimiters at the start or end of input string - BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener - BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init - BUG/MEDIUM: listener: only consider running threads when resuming listeners - BUG/MINOR: dns: allow 63 char in hostname - CLEANUP: bind: handle warning label on bind keywords parsing. 2020/02/20 : 2.0r1 (1.0.0-213.582) - BUG/MINOR: ssl: clear the SSL errors on DH loading failure 2020/02/12 : 2.0r1 (1.0.0-213.581) - BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init 2020/02/11 : 2.0r1 (1.0.0-213.580) - BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer. - MINOR: http: add a new "replace-path" action - BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit - MINOR: build: add linux-glibc-legacy build TARGET - SCRIPTS: announce-release: allow the user to force to overwrite old files - SCRIPTS: announce-release: place the send command in the mail's header - CONTRIB: debug: also support reading values from stdin - MINOR: acl: Warn when an ACL is named 'or' - CONTRIB: debug: support reporting multiple values at once - CONTRIB: debug: add the possibility to decode the value as certain types only - CONTRIB: debug: add missing flags SF_HTX and SF_MUX - BUG/MINOR: ssl: we may only ignore the first 64 errors - BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty. - BUG/MEDIUM: memory: Add a rwlock before freeing memory. - MINOR: memory: Only init the pool spinlock once. - BUG/MEDIUM: memory_pool: Update the seq number in pool_flush(). - BUG/MEDIUM: connections: Don't forget to unlock when killing a connection. - BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2 - BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error - BUG/MINOR: ssl/cli: fix unused variable with openssl < 1.0.2 2020/01/27 : 2.0r1 (1.0.0-211.560) - REGTESTS: make the set_ssl_cert test require version 2.2 - MINOR: ssl: accept 'verify' bind option with 'set ssl cert' - CLEANUP: ssl: remove opendir call in ssl_sock_load_cert - REGTEST: set_ssl_cert.vtc: replace "echo" with "printf" - REGTEST: make the "set ssl cert" require version 2.1 - REGTEST: ssl: test the "set ssl cert" CLI command - BUG/MINOR: ssl/cli: fix build for openssl < 1.0.2 - MINOR: ssl/cli: 'show ssl cert' give information on the certificates - BUG/MINOR: ssl: fix X509 compatibility for openssl < 1.1.0 - MINOR: ssl: deduplicate crl-file - MINOR: ssl: compute ca-list from deduplicate ca-file - MINOR: ssl: deduplicate ca-file - CLEANUP: ssl: Clean up error handling - BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert" - BUG/MINOR: ssl: typo in previous patch - BUG/MINOR: ssl: memory leak w/ the ocsp_issuer - BUG/MINOR: ssl: increment issuer refcount if in chain - BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded - BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent - BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak - BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak - BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak - BUG/MINOR: ssl/cli: don't overwrite the filters variable - BUG/MINOR: ssl/cli: 'ssl cert' cmd only usable w/ admin rights - BUG/MINOR: ssl: fix SSL_CTX_set1_chain compatibility for openssl < 1.0.2 - DOC: ssl/cli: set/commit/abort ssl cert - BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack - BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure. - MEDIUM: dns: Add resolve-opts "ignore-weight" - BUG/MINOR: dns: allow srv record weight set to 0 - BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines - BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers" - BUG/MINOR: stktable: report the current proxy name in error messages - BUG/MEDIUM: 0rtt: Only consider the SSL handshake. - BUG/MINOR: http_act: don't check capture id in backend - MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive - BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing - BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing - BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules - BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters - BUILD: pattern: include errno.h - BUG/MINOR: 51d: Fix bug when HTX is enabled - BUG/MINOR: dns: Make dns_query_id_seed unsigned - BUG/MINOR: cache: Fix leak of cache name in error path - BUG/MINOR: pattern: handle errors from fgets when trying to load patterns - BUG/MEDIUM: connection: add a mux flag to indicate splice usability - BUG/MINOR: stream: don't mistake match rules for store-request rules - BUG/MEDIUM: cli: _getsocks must send the peers sockets - REGTEST: add sample_fetches/hashes.vtc to validate hashes - BUG/MAJOR: hashes: fix the signedness of the hash inputs - BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed(). - BUG/MEDIUM: mworker: remain in mworker mode during reload - REGTEST: mcli/mcli_start_progs: start 2 programs - BUG/MINOR: cli/mworker: can't start haproxy with 2 programs - BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary - BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch - BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send() - BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached - BUG/MEDIUM: session: do not report a failure when rejecting a session - BUG/MINOR: channel: inject output data at the end of output - BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied - BUG/MINOR: proxy: Fix input data copy when an error is captured - BUG/MINOR: h1: Report the right error position when a header value is invalid - MINOR: ssl: Remove unused variable "need_out". - MINOR: config: disable busy polling on old processes - BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection. - BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready. - BUG/MINOR: checks: refine which errno values are really errors. - BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility - BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream 2019/12/20 : 2.0r1 (1.0.0-208.490) - BUG/MINOR: ssl: openssl-compat: Fix getm_ defines - BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd - MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute - BUG/MEDIUM: ssl: Revamp the way early data are handled. - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing - MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task - BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. - BUG/MINOR: sample: always check converters' arguments - BUG/MINOR: sample: fix the closing bracket and LF in the debug converter - DOC: clarify the fact that replace-uri works on a full URI - DOC: Improve documentation of http-re(quest|sponse) replace-(header|value|uri) 2019/12/11 : 2.0r1 (1.0.0-208.479) - BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() - BUG/MINOR: listener: fix off-by-one in state name check - BUG/MINOR: server: make "agent-addr" work on default-server line - BUG/MINOR: listener: do not immediately resume on transient error - BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers - BUG/MINOR: log: fix minor resource leaks on logformat error path - DOC: remove references to the outdated architecture.txt - BUILD: do not disable -Wformat-truncation anymore - BUILD/MINOR: tools: shut up the format truncation warning in get_gmt_offset() - DOC: proxies: HAProxy only supports 3 connection modes - BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted - BUG/MINOR: fcgi-app: Make the directive pass-header case insensitive - BUG/MINOR: tasks: only requeue a task if it was already in the queue - DOC: listeners: add a few missing transitions - BUG/MEDIUM: kqueue: Make sure we report read events even when no data. - BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. - BUG/MAJOR: dns: add minimalist error processing on the Rx path - DOC: document the listener state transitions - BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() - BUG/MINOR: listener: also clear the error flag on a paused listener - BUG/MINOR: listener/threads: always use atomic ops to clear the FD events - BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state - BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added 2019/12/06 : 2.0r1 (1.0.0-208.456) - BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting. - BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity(). - BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data - BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN - BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending - BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1 - BUG/MEDIUM: listener/thread: fix a race when pausing a listener - BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible - BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data - DOC: move the "group" keyword at the right place - DOC: clarify matching strings on binary fetches - DOC: Clarify behavior of server maxconn in HTTP mode - BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty - CLEANUP: ssl: check if a transaction exists once before setting it - BUG/MINOR: ssl: Stop passing dynamic strings as format arguments - MINOR: ssl: fix possible null dereference in error handling - MINOR: ssl/cli: display warning during 'commit ssl cert' - MEDIUM: ssl/cli: apply SSL configuration on SSL_CTX during commit - MINOR: ssl: ssl_sock_prepare_ctx() return an error code - BUILD/MINOR: ssl: fix compiler warning about useless statement - MINOR: ssl/cli: 'abort ssl cert' deletes an on-going transaction - BUG/MINOR: ssl: ssl_pkey_info_index ex_data can store a dereferenced pointer - MINOR: ssl/cli: replace the default_ctx during 'commit ssl cert' - BUG/MINOR: ssl/cli: fix an error when a file is not found - BUG/MINOR: ssl/cli: unable to update a certificate without bundle extension - BUG/MEDIUM: ssl/cli: don't alloc path when cert not found - MINOR: ssl: BoringSSL ocsp_response does not need issuer - BUG/MEDIUM: ssl/cli: fix dot research in cli_parse_set_cert - BUG/MINOR: ssl: double free on error for ckch->{key,cert} - BUG/MINOR: ssl: ckch->chain must be initialized - BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl - BUG/MINOR: ssl/cli: check trash allocation in cli_io_handler_commit_cert() - CLEANUP: ssl/cli: remove leftovers of bundle/certs (it < 2) - MINOR: ssl/cli: rework 'set ssl cert' as 'set/commit' - BUILD/MINOR: ssl: shut up a build warning about format truncation - MINOR: ssl/cli: rework the 'set ssl cert' IO handler - BUG/MINOR: ssl/cli: cleanup on cli_parse_set_cert error - BUG/MINOR: ssl: fix build of X509_chain_up_ref() w/ libreSSL - BUG/MINOR: ssl: fix build with openssl < 1.1.0 - BUG/MINOR: ssl/cli: out of bounds when built without ocsp/sctl - BUG/MINOR: ssl/cli: fix build of SCTL and OCSP - MEDIUM: cli/ssl: handle the creation of SSL_CTX in an IO handler - MINOR: ssl/cli: assignate a new ckch_store - MINOR: ssl: new functions duplicate and free a ckch_store - MINOR: ssl: copy a ckch from src to dst - MINOR: ssl: update ssl_sock_free_cert_key_and_chain_contents - MINOR: ssl/cli: update ocsp/issuer/sctl file from the CLI - BUG/MINOR: ssl/cli: fix looking up for a bundle - MINOR: ssl: split ssl_sock_load_crt_file_into_ckch() - MINOR: ssl: load issuer from file or from buffer - MINOR: ssl: load sctl from buf OR from a file - MINOR: ssl: OCSP functions can load from file or buffer - CLEANUP: ssl: fix SNI/CKCH lock labels - CLEANUP: ssl: remove old TODO commentary - BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1 - CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn - CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn - CLEANUP: ssl: make ckch_inst_new_load_(multi_)store handle errcode/warn - CLEANUP: ssl: make cli_parse_set_cert handle errcode and warnings. - CLEANUP: ssl: make ssl_sock_load_ckchs() return a set of ERR_* - CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes - BUG/MINOR: ssl: can't load ocsp files - BUG/MINOR: ssl: fix error messages for OCSP loading - BUG/MINOR: ssl: fix OCSP build with BoringSSL - BUG/MINOR: ssl: fix build without multi-cert bundles - BUG/MINOR: ssl: fix build without SSL - BUG/MEDIUM: ssl: NULL dereference in ssl_sock_load_cert_sni() - MINOR: ssl: load the ocsp in/from the ckch - MINOR: ssl: load the sctl in/from the ckch - MEDIUM: ssl/cli: 'set ssl cert' updates a certificate from the CLI - MINOR: ssl: ssl_sock_load_crt_file_into_ckch() is filling from a BIO - MEDIUM: ssl: ssl_sock_load_ckchs() alloc a ckch_inst - MINOR: ssl: ssl_sock_load_multi_ckchs() can properly fail - MINOR: ssl: ssl_sock_load_ckchn() can properly fail - MEDIUM: ssl: split ssl_sock_add_cert_sni() - MEDIUM: ssl: introduce the ckch instance structure - MINOR: ssl: initialize explicitly the sni_ctx trees - MINOR: ssl: initialize the sni_keytypes_map as EB_ROOT - REORG: ssl: move structures to ssl_sock.h - REORG: ssl: rename ckch_node to ckch_store - MINOR: ssl: crt-list do ckchn_lookup 2019/11/27 : 2.0r1 (1.0.0-208.375) - BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only - BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones - BUG/MINOR: stream: init variables when the list is empty - SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands - SCRIPTS: create-release: show the correct origin name in suggested commands - BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state - BUG/MAJOR: h2: make header field name filtering stronger - BUG/MAJOR: h2: reject header values containing invalid chars - MINOR: ist: add ist_find_ctl() - BUG/MINOR: ssl: fix curve setup with LibreSSL - BUG/MINOR: cli: fix out of bounds in -S parser - DOC: Add documentation about the use-service action - DOC: Add missing stats fields in the management manual - BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message - BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser() - MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps - REGTEST: vtest can now enable mcli with its own flag - MINOR: stats: Report max times in addition of the averages for sessions - BUG/MINOR: stream-int: Fix si_cs_recv() return value - MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance - MINOR: contrib/prometheus-exporter: filter exported metrics by scope - MINOR: contrib/prometheus-exporter: report the number of idle conns per server - BUG/MINOR: contrib/prometheus-exporter: Rename some metrics - MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions - MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time - MINOR: stream: Remove the lock on the proxy to update time stats - MINOR: freq_ctr: Make the sliding window sums thread-safe - BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding - BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path - BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests - BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported - BUG/MINOR: peers: "peer alive" flag not reset when deconnecting. - BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec - BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1 - BUG/MINOR: peers: Wrong null "server_name" data field handling. - MINOR: peers: Add debugging information to "show peers". - MINOR: peers: Add TX/RX heartbeat counters. - MINOR: peers: Alway show the table info for disconnected peers. - BUG/MINOR: init: fix set-dumpable when using uid/gid - BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe - BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams - BUG/MINOR: mux-h1: Properly catch parsing errors on payload and trailers - MINOR: h1-htx: Update h1_copy_msg_data() to ease the traces in the mux-h1 2019/11/15 : 2.0r1 (1.0.0-208.332) - BUG/MINOR: log: limit the size of the startup-logs - BUILD: contrib/da: remove an "unused" warning - MINOR: memory: also poison the area on freeing - BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition - CLEANUP: session: slightly simplify idle connection cleanup logic - BUG/MEDIUM: Make sure we leave the session list in session_free(). 2019/11/14 : 2.0r1 (1.0.0-208.326) - DOC: management: fix typo on "cache_lookups" stats output - BUG: dns: timeout resolve not applied for valid resolutions - BUG/MINOR: action: do-resolve now use cached response - BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams - MINOR: doc: http-reuse connection pool fix - BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it - BUG/MEDIUM: mux-h1: Disable splicing for chunked messages - BUG/MEDIUM: mux-h2: immediately report connection errors on streams - BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list - BUG/MEDIUM: mux-h2: report no available stream on a connection having errors - BUG/MINOR: config: Update cookie domain warn to RFC6265 - BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready. - BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready. - MINOR: mux: Add a new method to get informations about a mux. - BUG/MINOR: spoe: fix off-by-one length in UUID format string - BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached - BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent - BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed - MINOR: tcp: avoid confusion in time parsing init - BUG/MINOR: mux-h2: do not emit logs on backend connections - MINOR: config: warn on presence of "\n" in header values/replacements - BUG/MEDIUM: http: unbreak redirects in legacy mode - BUG/MINOR: queue/threads: make the queue unlinking atomic - BUG/MINOR: server: check return value of fopen() in apply_server_state() 2019/10/23 : 2.0r1 (1.0.0-207.302) - BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless - BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion 2019/10/22 : 2.0r1 (1.0.0-207.300) - BUG/MINOR: ssl: fix memcpy overlap without consequences. - BUG/MINOR: mux-h2: also make sure blocked legacy connections may expire - BUG/MINOR: sample: Make the `field` converter compatible with `-m found` - BUG/MINOR: cache: alloc shctx after check config - BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr - BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed - BUG/MINOR: mworker/cli: reload fail with inherited FD - REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI - BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to receive. - BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream attached. - Revert e8826ded5fea3593d89da2be5c2d81c522070995. - BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads - BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing. - BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers - BUG/MINOR: mworker/ssl: close openssl FDs unconditionally - MINOR: mux-h2: also support emitting CONTINUATION on trailers - MEDIUM: mux-h2: support emitting CONTINUATION frames after HEADERS - BUG/MINOR: http-htx: Properly set htx flags on error files to support keep-alive - MINOR: version: make the version strings variables, not constants - BUG/MINOR: WURFL: fix send_log() function arguments - BUG/MINOR: mux-h1: Capture ignored parsing errors - BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is interrupted - BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data - BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are formatted to h1 - BUILD: ssl: wrong #ifdef for SSL engines code - BUG/MINOR: ssl: abort on sni_keytypes allocation failure - BUG/MINOR: ssl: free the sni_keytype nodes - BUG/MINOR: ssl: abort on sni allocation failure 2019/10/11 : 2.0r1 (1.0.0-207.272) - BUG/MEDIUM: applet: always check a fast running applet's activity before killing - MINOR: stats: mention in the help message support for "json" and "typed" - DOC: fix typo in Prometheus exporter doc - DOC: clarify some points around http-send-name-header's behavior - BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri - BUG/MINOR: peers: crash on reload without local peer. - BUG/MEDIUM: mux-h2: do not enforce timeout on long connections - BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const - MINOR: mux-h2: add a per-connection list of blocked streams - BUG/MINOR: action: do-resolve does not yield on requests with body - BUG/MEDIUM: lua: Store stick tables into the sample's `t` field - BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg) 2019/10/04 : 2.0r1 (1.0.0-207.260) 2019/09/30 : 2.0r1 (1.0.0-204.260) - DOC: replace utf-8 quotes by ascii ones - BUILD: ssl: fix a warning when built with openssl < 1.0.2 - BUG/MINOR: stats: Add a missing break in a switch statement - BUG/MEDIUM: fcgi: fix missing list tail in sample fetch registration - BUG/MEDIUM: namespace: fix fd leak in master-worker mode - DOC: Fix documentation about the cli command to get resolver stats - BUG/MINOR: contrib/prometheus-exporter: Return the time averages in seconds - MINOR: stats: Add the support of float fields in stats - MINOR: spoe: Support the async mode with several threads - MINOR: spoe: Improve generation of the engine-id - BUG/MEDIUM: spoe: Use a different engine-id per process - BUG/MINOR: mux-h1: Do h2 upgrade only on the first request - BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames - BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed stream - BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams - BUG/MEDIUM: namespace: close open namespaces during soft shutdown - BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready - MINOR: backend: Add srv_queue converter - BUG/MINOR: build: Fix compilation of mux_fcgi.c when compiled without SSL - BUG/MINOR: mux-fcgi: silence a gcc warning about null dereference - MINOR: mux-h1: Report a processing error during output processing - BUG/MINOR: mux-fcgi: Use a literal string as format in app_log() - CLEANUP: mux-fcgi: Remove the unused function fcgi_strm_id() - BUG/MINOR: mux-fcgi: Don't compare the filter name in its parsing callback - CLEANUP: fcgi-app: Remove useless test on fcgi_conf pointer - BUG/MINOR: mux-fcgi: Be sure to have a connection to unsubcribe - MINOR: doc: Add documentation about the FastCGI support - MEDIUM: mux-fcgi: Add the FCGI multiplexer - MINOR: connection: add conn_get_src() and conn_get_dst() - MEDIUM: fcgi-app: Add FCGI application and filter - MINOR: fcgi: Add code related to FCGI protocol - MINOR: muxes/htx: Ignore pseudo header during message formatting - MINOR: htx: Add a flag on HTX message to report processing errors - MINOR: http-ana: Handle HTX errors first during message analysis - MINOR: h1-htx: Use the same function to copy message payload in all cases - MEDIUM: mux-h1/h1-htx: move HTX convertion of H1 messages in dedicated file - MINOR: http: Add function to parse value of the header Status - MINOR: log: Provide a function to emit a log for an application - MINOR: istbuf: Add the function b_isteqi() - MINOR: http_fetch: Add sample fetches to get auth method/user/pass - MINOR: stats: Add JSON export from the stats page - MEDIUM: log: add support for logging to a ring buffer - MEDIUM: log: use the new generic fd_write_frag_line() function - MINOR: log: add a target type instead of hacking the address family - MINOR: fd/log/sink: make the non-blocking initialization depend on the initialized bit - MINOR: fd: add a new "initialized" bit in the fdtab struct - MEDIUM: ring: implement a wait mode for watchers - MINOR: sink: now report the number of dropped events on output - MINOR: sink: implement "show events" to show supported sinks and dump the rings - MINOR: sink: add support for ring buffers - MINOR: sink: now call the generic fd write function - MINOR: fd: add fd_write_frag_line() to send a fragmented line to an fd - MINOR: sink: set the fd-type sinks to non-blocking - MINOR: sink: add a support for file descriptors - MINOR: sink: create definitions a minimal code for event sinks - BUG/MINOR: ring: b_peek_varint() returns a uint64_t, not a size_t - BUG/MINOR: ring: fix the way watchers are counted - MINOR: ring: add a generic CLI io_handler to dump a ring buffer - MINOR: ring: add a ring_write() function - MINOR: ring: add a new mechanism for retrieving/storing ring data in buffers - MINOR: buffer: add functions to read/write varints from/to buffers - MINOR: tools: add a function varint_bytes() to report the size of a varint - MINOR: cli: extend the CLI context with a list and two offsets - MINOR: cli: add cli_msg(), cli_err(), cli_dynmsg(), cli_dynerr() - MINOR: cli: add two new states to print messages on the CLI - BUG/MEDIUM: ssl: open the right path for multi-cert bundle - BUG/MINOR: ssl: fix ressource leaks on error - BUG/MEDIUM: ssl: don't free the ckch in multi-cert bundle - BUILD: ssl: BoringSSL add EVP_PKEY_base_id - BUG/MEDIUM: ssl: does not try to free a DH in a ckch - BUG/BUILD: ssl: fix build with openssl < 1.0.2 - MINOR: ssl: clean ret variable in ssl_sock_load_ckchn - CLEANUP: ssl: ssl_sock_load_crt_file_into_ckch - MINOR: ssl: do not look at DHparam with OPENSSL_NO_DH - MINOR: ssl: check private key consistency in loading - MINOR: ssl: add extra chain compatibility - MINOR: ssl: use STACK_OF for chain certs - MEDIUM: ssl: load DH param in struct cert_key_and_chain - MEDIUM: ssl: lookup and store in a ckch_node tree - MEDIUM: ssl: split the loading of the certificates - MEDIUM: ssl: use cert_key_and_chain struct in ssl_sock_load_cert_file() - MINOR: ssl: merge ssl_sock_load_cert_file() and ssl_sock_load_cert_chain_file() - MINOR: global: Preset tune.max_http_hdr to its default value - DOC: management: document cache_hits and cache_lookups in the CSV format - DOC: management: document reuse and connect counters in the CSV format - MEDIUM: server: server-state global file stored in a tree - MINOR: sample: Add sha2([<bits>]) converter - BUG/MEDIUM: checks: make sure the connection is ready before trying to recv - BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous sends - BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send() - BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1 - BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame - BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe - BUG/MEDIUM: stick-table: Properly handle "show table" with a data type argument - MINOR: sample: Add UUID-fetch - BUG/MINOR: Missing stat_field_names (since f21d17bb) - BUG/MINOR: backend: Fix a possible null pointer dereference - BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed - BUG/MINOR: filters: Properly set the HTTP status code on analysis error - BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context - BUG/MINOR: listener: Fix a possible null pointer dereference - MINOR: stats: report the number of idle connections for each server - BUG/MEDIUM: connection: don't keep more idle connections than ever needed - BUG/MAJOR: ssl: ssl_sock was not fully initialized. - BUG/MINOR: lb/leastconn: ignore the server weights for empty servers - MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers - BUG/MINOR: checks: do not uselessly poll for reads before the connection is up - BUG/MINOR: checks: make __event_chk_srv_r() report success before closing - BUG/MINOR: checks: start sending the request right after connect() - BUG/MINOR: checks: stop polling for write when we have nothing left to send - BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big - BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks - BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers - BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached - BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing - BUG/MINOR: h1: Properly reset h1m when parsing is restarted - BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled - BUG/MEDIUM: peers: local peer socket not bound. - BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data - BUG/MEDIUM: url32 does not take the path part into account in the returned hash. - BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener() - BUG/MINOR: mworker: disable SIGPROF on re-exec - DOC: fixed typo in management.txt - BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full - BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary - MEDIUM: debug: make the thread dump code show Lua backtraces - MINOR: lua: export applet and task handlers - MINOR: tools: add append_prefixed_str() - MINOR: debug: indicate the applet name when the task is task_run_applet() - BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe. - MINOR: fd: make sure to mark the thread as not stuck in fd_update_events() - BUG/MINOR: stats: Wait the body before processing POST requests - BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout - BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected. - BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers - BUG/MINOR: lua: fix setting netfilter mark - BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream. - BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX. - BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it - MINOR: ssl: ssl_fc_has_early should work for BoringSSL - BUG/MINOR: ssl: fix 0-RTT for BoringSSL - BUG/MEDIUM: stick-table: Wrong stick-table backends parsing. - BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak - BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame - BUG/MINOR: mux-h2: always send stream window update before connection's - BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition - BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads - BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data() - BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one - BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete(). - BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2 - BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes - BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames - BUG/MINOR: stream-int: also update analysers timeouts on activity - BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion - BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased - MINOR: wdt: also consider that waiting in the thread dumper is normal - BUG/MINOR: debug: fix a small race in the thread dumping code - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() - BUG/MINOR: htx: Fix free space addresses calculation during a block expansion - BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready - MINOR: hlua: Add a flag on the lua txn to know in which context it can be used - MINOR: hlua: Don't set request analyzers on response channel for lua actions - BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class - BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called - DOC: improve the wording in CONTRIBUTING about how to document a bug fix - BUG/MINOR: log: make sure writev() is not interrupted on a file output - BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send. - BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased - BUILD: threads: add the definition of PROTO_LOCK - BUG/MINOR: proxy: always lock stop_proxy() - BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff - BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter - BUG/MINOR: http_htx: Support empty errorfiles - BUG/MINOR: http_ana: Be sure to have an allocated buffer to generate an error - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream - BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach() - BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction - BUG/MINOR: checks: do not exit tcp-checks from the middle of the loop - BUG/MINOR: session: Send a default HTTP error if accept fails for a H1 socket - BUG/MINOR: session: Emit an HTTP error if accept fails only for H1 connection - BUG/MINOR: debug: Remove flags CO_FL_SOCK_WR_ENA/CO_FL_SOCK_RD_ENA - DOC: htx: Update comments in HTX files - BUG/MINOR: hlua: Make the function txn:done() HTX aware - BUG/MINOR: cache/htx: Make maxage calculation HTX aware - BUG/MINOR: http_htx: Initialize HTX error messages for TCP proxies - BUG/MINOR: http_fetch: Fix http_auth/http_auth_group when called from TCP rules - BUG/MINOR: backend: do not try to install a mux when the connection failed - BUG/MEDIUM: http/htx: unbreak option http_proxy - BUG/MEDIUM: checks: Don't attempt to receive data if we already subscribed. - BUG/MINOR: dns: remove irrelevant dependency on a client connection - BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored - BUG/MEDIUM: tcp-check: unbreak multiple connect rules again - BUG/MINOR: mux-pt: do not pretend there's more data after a read0 - BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't set. - BUG/MEDIUM: streams: Don't give up if we couldn't send the request. - BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are used - BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to send - BUG/MAJOR: listener: fix thread safety in resume_listener() - MINOR: task: introduce work lists - BUG/MEDIUM: servers: Fix a race condition with idle connections. - DOC: Fix typos and grammer in configuration.txt - BUG/MEDIUM: da: cast the chunk to string. - BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection. - BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections - BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept - BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2 - BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it. - BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si - MINOR: stream-int: Factorize processing done after sending data in si_cs_send() - BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred - BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted - BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock - BUG/MEDIUM: http/applet: Finish request processing when a service is registered - MINOR: action: Add the return code ACT_RET_DONE for actions - BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks - MINOR: server: Add "no-tfo" option. - BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions. - BUG/MEDIUM: servers: Authorize tfo in default-server. - BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux. - BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent - BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent - BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit() - BUG/MINOR: hlua: Don't use channel_htx_recv_max() - BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max() - BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed. - BUG/MEDIUM: connections: Always call shutdown, with no linger. - BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses - BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages - BUG/MEDIUM: checks: unblock signals in external checks - BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported - BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL. - BUG/MINOR: mworker/cli: don't output a \n before the response - BUILD: hapee/51d: fix error when building with 51Degrees enabled - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - BUILD: hapee/modules: clean(up) the copts-hash file not copts_hash - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MINOR: hapee/modules: register function called after the main config check - MEDIUM: hapee/modules: add memory reservation support for the modules - BUILD: hapee/modules: update HAPEE version macro to 2.0r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support