2020/08/03 : 2.1r1 (1.0.0-223.272) - SCRIPTS: git-show-backports: emit the shell command to backport a commit - SCRIPTS: git-show-backports: make -m most only show the left branch - BUG/MEDIUM: backend: always attach the transport before installing the mux - SCRIPTS: announce-release: add the link to the wiki in the announce messages - MINOR: stream-int: Be sure to have a mux to do sends and receives - MINOR: connection: Preinstall the mux for non-ssl connect - BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort - BUG/MAJOR: dns: don't treat Authority records as an error - BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status - BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields - BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation - MEDIUM: lua: Add support for the Lua 5.4 - BUG/MINOR: debug: Don't dump the lua stack if it is not initialized - BUILD: tools: fix build with static only toolchains - BUG/MEDIUM: mux-h1: Disable the splicing when nothing is received - BUG/MEDIUM: mux-h1: Wakeup the H1C in h1_rcv_buf() if more data are expected - BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed - BUG/MAJOR: dns: Make the do-resolve action thread-safe - BUG/MEDIUM: resolve: fix init resolving for ring and peers section. - BUG/MINOR: cfgparse: don't increment linenum on incomplete lines - BUILD: thread: add parenthesis around values of locking macros - BUILD: ebtree: fix build on libmusl after recent introduction of eb_memcmp() - BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked 2020/07/17 : 2.1r1 (1.0.0-223.248) - MINOR: ssl: add a new function ssl_sock_get_ssl_object() - MEDIUM: ssl: split ssl_sock_msgcbk() and use a new callback mechanism - MEDIUM: ssl: allow to register callbacks for SSL/TLS protocol messages 2020/07/16 : 2.1r1 (1.0.0-223.245) - BUG/MEDIUM: server: fix possibly uninitialized state file on close - BUG/MEDIUM: server: resolve state file handle leak on reload - BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers - BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. - BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT - BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding - BUG/MINOR: mux-fcgi: Handle empty STDERR record - BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode - CONTRIB: da: fix memory leak in dummy function da_atlas_open() - BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ - BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD() - BUG/MINOR: sample: Free str.area in smp_check_const_meth - BUG/MINOR: sample: Free str.area in smp_check_const_bool - DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x - MINOR: pools: increase MAX_BASE_POOLS to 64 - BUG/MINOR: threads: Don't forget to init each thread toremove_lock. - MINOR: http: Add support for http 413 status - BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server - BUG/MEDIUM: connection: Continue to recv data to a pipe when the FD is not ready - MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only - BUG/MEDIUM: mux-h1: Subscribe rather than waking up in h1_rcv_buf() - MINOR: mux-h1: Improve traces about the splicing - BUG/MEDIUM: mux-h1: Disable splicing for the conn-stream if read0 is received - BUG/MINOR: mux-h1: Disable splicing only if input data was processed - BUG/MINOR: mux-h1: Don't read data from a pipe if the mux is unable to receive - BUG/MINOR: mux-h1: Fix the splicing in TUNNEL mode - BUG/MINOR: http_act: don't check capture id in backend (2) - BUILD: haproxy: fix build error when RLIMIT_AS is not set - DOC: configuration: fix alphabetical ordering for tune.pool-{high,low}-fd-ratio - DOC: configuration: add missing index entries for tune.pool-{low,high}-fd-ratio - BUG/MINOR: proxy: always initialize the trash in show servers state - BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash - BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible - DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list - MINOR: cli: make "show sess" stop at the last known session - BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL - REGTEST: ssl: add some ssl_c_* sample fetches test - REGTEST: ssl: tests the ssl_f_* sample fetches - MINOR: spoe: Don't systematically create new applets if processing rate is low - BUG/MINOR: http_ana: clarify connection pointer check on L7 retry - BUG/MINOR: spoe: correction of setting bits for analyzer - REGTEST: Add a simple script to tests errorfile directives in proxy sections - BUG/MINOR: systemd: Wait for network to be online - MEDIUM: map: make the "clear map" operation yield - REGTEST: http-rules: test spaces in ACLs with master CLI - REGTEST: http-rules: test spaces in ACLs - BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI - BUG/MINOR: mworker/cli: fix the escaping in the master CLI - BUG/MINOR: cli: allow space escaping on the CLI - BUG/MINOR: spoe: add missing key length check before checking key names - BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks - BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness - BUG/MINOR: http: make smp_fetch_body() report that the contents may change - BUG/MEDIUM: ssl: crt-list must continue parsing on ERR_WARN - BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 - REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation - REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv - BUILD: make dladdr1 depend on glibc version and not __USE_GNU - BUG/MEDIUM: pattern: fix thread safety of pattern matching - BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor 2020/06/30 : 2.1r1 (1.0.0-223.185) - MEDIUM: peers: add the "localpeer" global option - MINOR: peers: do not use localpeer as an array anymore 2020/06/08 : 2.1r1 (1.0.0-223.183) - BUG/MINOR: mworker: fix a memleak when execvp() failed - BUG/MINOR: ssl: fix a trash buffer leak in some error cases - BUG/MEDIUM: mworker: fix the reload with an -- option - BUG/MINOR: init: -S can have a parameter starting with a dash - BUG/MINOR: init: -x can have a parameter starting with a dash - BUG/MEDIUM: mworker: fix the copy of options in copy_argv() 2020/06/05 : 2.1r1 (1.0.0-223.177) - BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics - BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations - BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action - BUG/MINOR: peers: fix internal/network key type mapping. - SCRIPTS: publish-release: pass -n to gzip to remove timestamp - Revert "BUG/MEDIUM: connections: force connections cleanup on server changes" - BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf - BUG/MINOR: lua: Add missing string length for lua sticktable lookup - BUG/MEDIUM: logs: fix trailing zeros on log message. - REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used - BUG/MINOR: logs: prevent double line returns in some events. - DOC: SPOE is no longer experimental - DOC/MINOR: halog: Add long help info for ic flag - DOC: retry-on can only be used with mode http 2020/05/26 : 2.1r1 (1.0.0-223.163) - BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable - BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified - BUG/MEDIUM: ring: write-lock the ring while attaching/detaching - BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason - BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() - BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. - BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. - BUILD: select: only declare existing local labels to appease clang - BUG/MINOR: soft-stop: always wake up waiting threads on stopping - BUG/MINOR: pollers: remove uneeded free in global init - BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" - BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered - BUG/MEDIUM: http_ana: make the detection of NTLM variants safer - BUG/MINOR: http-ana: fix NTLM response parsing again - BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur - BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() - BUG/MINOR: sample: Set the correct type when a binary is converted to a string - CLEANUP: connections: align function declaration - BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() - BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed - BUG/MEDIUM: connections: force connections cleanup on server changes - BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach() - BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release() - BUG/MINOR: checks: Remove a warning about http health checks - BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks - BUG/MINOR: checks/server: use_ssl member must be signed - Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" - Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY connections" 2020/05/19 : 2.1r1 (1.0.0-223.133) - MEDIUM: stats: Enable more accurate moving average calculation for stats - MINOR: stats: Expose native cum_req metric for a server - MINOR: stats: Prepare for more accurate moving averages 2020/05/06 : 2.1r1 (1.0.0-223.130) 2020/05/04 : 2.1r1 (1.0.0-222.130) - REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script - REGTEST: ssl: test the client certificate authentication - BUILD: Makefile: add linux-musl to TARGET - MINOR: stream: report the list of active filters on stream crashes - BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock - BUG/MEDIUM: shctx: really check the lock's value while waiting - BUG/MINOR: debug: properly use long long instead of long for the thread ID - MINOR: threads: export the POSIX thread ID in panic dumps - BUG/MEDIUM: listener: mark the thread as not stuck inside the loop - BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream - BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam - BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam - BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream - BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream - BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it - BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function - BUG/MINOR: checks: chained expect will not properly wait for enough data - BUG/MEDIUM: server/checks: Init server check during config validity check - BUG/MINOR: checks: Respect the no-check-ssl option - MINOR: checks: Add a way to send custom headers and payload during http chekcs - BUG/MINOR: check: Update server address and port to execute an external check - MINOR: contrib: make the peers wireshark dissector a plugin - MEDIUM: memory: make pool_gc() run under thread isolation - DOC: option logasap does not depend on mode - BUG/MINOR: http: make url_decode() optionally convert '+' to SP - BUG/MINOR: tools: fix the i386 version of the div64_32 function - BUG/MEDIUM: http-ana: Handle NTLM messages correctly. - BUG/MINOR: ssl: default settings for ssl server options are not used - DOC: Improve documentation on http-request set-src - MINOR: version: Show uname output in display_version() - DOC: hashing: update link to hashing functions - BUG/MINOR: peers: Incomplete peers sections should be validated. - BUG/MINOR: connection: always send address-less LOCAL PROXY connections - BUG/MINOR: ssl: memleak of the struct cert_key_and_chain - BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' - MINOR: ssl: improve the errors when a crt can't be open - BUG/MINOR: protocol_buffer: Wrong maximum shifting. 2020/04/21 : 2.1r1 (1.0.0-222.93) 2020/04/01 : 2.1r1 (1.0.0-221.93) - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping - BUG/MINOR: http-ana: Reset request analysers on error when waiting for response - BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits - DOC: internals: Fix spelling errors in filters.txt - BUG/MINOR: stats: Fix color of draining servers on stats page - BUILD: ssl: only pass unsigned chars to isspace() - MINOR: listener: add so_name sample fetch - BUG/MINOR: peers: Use after free of "peers" section. - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized - BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection - REGTEST: increase timeouts on the seamless-reload test - REGTESTS: use "command -v" instead of "which" - BUG/MINOR: connections: Make sure we free the connection on failure. - MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc. - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue(). - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h. - DOC: assorted typo fixes in the documentation - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases. - BUILD: makefile: fix expression again to detect ARM platform - BUILD: makefile: fix regex syntax in ARM platform detection - BUILD: on ARM, must be linked to libatomic. - DOC: correct typo in alert message about rspirep - DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID - BUG/MINOR: haproxy/threads: try to make all threads leave together - BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping - BUG/MINOR: haproxy: always initialize sleeping_thread_mask - BUG/MEDIUM: pools: Always update free_list in pool_gc(). - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64 - MINOR: mt_lists: Appease gcc. - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL; - BUILD: wdt: only test for SI_TKILL when compiled with thread support - DOC: ssl: clarify security implications of TLS tickets - DOC: assorted typo fixes in the documentation - DOC: improve description of no-tls-tickets - DOC: fix typo about no-tls-tickets - BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action - BUG/MINOR: http-rules: Fix a typo in the reject action function - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action - BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not - BUG/MINOR: http-ana: Reset request analysers on a response side error - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload - MINOR: htx: Add a function to return a block at a specific offset - BUG/MINOR: filters: Forward everything if no data filters are called - BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data - REGTEST: make the PROXY TLV validation depend on version 2.2 - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths - BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits - DOC: assorted typo fixes in the documentation and Makefile - DOC: configuration.txt: fix various typos - BUG/MINOR: pattern: Do not pass len = 0 to calloc() - OPTIM: startup: fast unique_id allocation for acl. - DOC: fix incorrect indentation of http_auth_* 2020/03/31 : 2.1r1 (1.0.0-221.38) - BUG/MEDIUM: dns: improper parsing of aditional records 2020/03/27 : 2.1r1 (1.0.0-220.37) 2020/03/18 : 2.1r1 (1.0.0-219.37) - Revert "BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG" - BUG/MAJOR: list: fix invalid element address calculation - BUG/MINOR: checks/threads: use ha_random() and not rand() - MINOR: backend: use a single call to ha_random32() for the random LB algo - BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG - BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG - MINOR: tools: add 64-bit rotate operators - BUG/MEDIUM: random: initialize the random pool a bit better - MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric - BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name - BUG/MINOR: dns: ignore trailing dot - BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch - BUG/MINOR: h2: reject again empty :path pseudo-headers - BUILD: ebtree: improve architecture-specific alignment - MINOR: compiler: add new alignment macros - BUG/MINOR: connection: make sure to correctly tag local PROXY connections - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions - BUG/MINOR: sample: fix the json converter's endian-sensitivity - CLEANUP: cfgparse: Fix type of second calloc() parameter - BUILD: fix recent build failure on unaligned archs - BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support - MINOR: compiler: move CPU capabilities definition from config.h and complete them - BUG/MEDIUM: shctx: make sure to keep all blocks aligned - BUG/MINOR: http: http-request replace-path duplicates the query string - MINOR: ist: add an iststop() function - BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered - MINOR: http-ana: Match on the path if the monitor-uri starts by a / - BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive - BUG/MINOR: http-htx: Don't return error if authority is updated without changes - BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them - MINOR: filters: Forward data only if the last filter forwards something - MINOR: http-htx: Add a function to retrieve the headers size of an HTX message - SCRIPTS: announce-release: use mutt -H instead of -i to include the draft - MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex - BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param - BUG/MEDIUM: muxes: Use the right argument when calling the destroy method. - BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat 2020/03/06 : 2.1r1 (1.0.0-217.0)