Summary

2023/10/26 : 2.8r1 (1.0.0-307.317) - BUG/MINOR: mux-h2: update tracked counters with req cnt/req err - BUG/MINOR: mux-h2: commit the current stream ID even on reject - BUG/MEDIUM: peers: Fix synchro for huge number of tables - BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task - BUG/MINOR: trace: fix trace parser error reporting - BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again - BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending - BUG/MINOR: mux-h2: make up other blocked streams upon removal from list - BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request - BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash - BUG/MINOR: mux-quic: fix free on qcs-new fail alloc - BUG/MINOR: h3: strengthen host/authority header parsing - BUG/MINOR: mux-quic: support initial 0 max-stream-data - BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream - BUG/MINOR: quic: reject packet with no frame - BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos - BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room() - BUG/MINOR: hq-interop: simplify parser requirement - BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set - BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set - BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried - BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only - MINOR: hlua: Test the hlua struct first when the lua socket is connecting - MINOR: hlua: Save the lua socket's server in its context - MINOR: hlua: Save the lua socket's timeout in its context - MINOR: hlua: Don't preform operations on a not connected socket - MINOR: hlua: Set context's appctx when the lua socket is created - BUG/MEDIUM: http-ana: Try to handle response before handling server abort 2023/10/17 : 2.8r1 (1.0.0-306.289) - BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed 2023/10/16 : 2.8r1 (1.0.0-306.288) - HAPEE: DOC: document the GPTSTR extensions in configuration.txt - HAPEE: Revert GPTSTR - BUILD: hapee/addons: fix build without USE_QUIC=1 2023/10/06 : 2.8r1 (1.0.0-305.285) - BUG/MEDIUM: hapee/addons: fix incorrect gpt index being used in sc-set-gptstr() - HAPEE: addons: use GPT arrays to store regular strings - HAPEE: makefile: automatically build objects in addons/hapee_* - HAPEE: makefile: update the cleanup rule to also remove *.i from addons - MINOR: haproxy: permit to register features during boot - BUG/MEDIUM: actions: always apply a longest match on prefix lookup 2023/10/04 : 2.8r1 (1.0.0-305.279) - BUG/MINOR: mux-quic: remove full demux flag on ncbuf release - BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams - MINOR: pattern: fix pat_{parse,match}_ip() function comments - BUG/MINOR: server: add missing free for server->rdr_pfx - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API - BUG/MEDIUM: master/cli: Pin the master CLI on the first thread of the group 1 - BUG/MINOR: promex: fix backend_agg_check_status - BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records - BUG/MINOR: hlua/init: coroutine may not resume itself - BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() - CI: musl: drop shopt in workflow invocation - CI: musl: highlight section if there are coredumps 2023/09/29 : 2.8r1 (1.0.0-304.266) - MINOR: hapee: update backports list - MINOR: stream: fix output alignment of stuck thread dumps - CLEANUP: stream: remove the now unused stream_dump() function - MINOR: debug: use the more detailed stream dump in panics - MEDIUM: stream: now provide full stream dumps in case of loops - MINOR: streams: add support for line prefixes to strm_dump_to_buffer() - MINOR: stream: make stream_dump() always multi-line - MINOR: stream: make strm_dump_to_buffer() show the list of filters - MINOR: stream: make strm_dump_to_buffer() take an arbitrary buffer - CLEANUP: stream: make strm_dump_to_buffer() take a const stream - CLEANUP: stream: use const filters in the dump function - MINOR: stream: split stats_dump_full_strm_to_buffer() in two - CLEANUP: stream: make the dump code not depend on the CLI appctx - CLEANUP: freq_ctr: make all freq_ctr readers take a const - MEDIUM: server/ssl: pick another thread's session when we have none yet - MINOR: server/ssl: clear the shared good session index on failure - MINOR: server/ssl: maintain an index of the last known valid SSL session - MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session - MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid - CLEANUP: ssl: keep a pointer to the server in ssl_sock_init() - DOC: ssl: add some comments about the non-obvious session allocation stuff - MINOR: ssl_sock: avoid iterating realloc(+1) on stored context - HAPEE: addons: quic CID in -vv - Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token" - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread - MINOR: hlua: add hlua_stream_ctx_prepare helper function - HAPEE: addons: adds quic CID generator to interop with packetshield - MINOR: quic: handle external extra CIDs generator. - BUG/MINOR: quic: Wrong cluster secret initialization - BUG/MINOR: quic: Leak of frames to send. - BUILD: bug: make BUG_ON() void to avoid a rare warning - BUILD: quic: fix build on centos 8 and USE_QUIC_OPENSSL_COMPAT 2023/09/13 : 2.8r1 (1.0.0-302.234) - BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code - BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind - BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help - MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option - MINOR: quic+openssl_compat: Do not start without "limited-quic" - MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic" - BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels - DOC: quic: Add "limited-quic" new tuning setting - MINOR: quic: Add "limited-quic" new tuning setting - MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper. - MINOR: quic: Add a quic_openssl_compat struct to quic_conn struct - MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog() - MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper - MINOR: quic: Export some KDF functions (QUIC-TLS) - MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper - MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled() - MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method() - MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT - MINOR: quic: Include QUIC opensssl wrapper header from TLS stacks compatibility header - MINOR: quic: QUIC openssl wrapper implementation - MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values - MINOR: sample: implement act_conn sample fetch - MINOR: sample: add pid sample - MEDIUM: ssl: new sample fetch method to get curve name - MINOR: ssl: add support for 'curves' keyword on server lines - MINOR: hapee: add a .hapee directory to list backporting notes - BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches - MINOR: sample: Add common TLV types as constants for fc_pp_tlv - MINOR: sample: Refactor fc_pp_unique_id by wrapping the generic TLV fetch - MINOR: sample: Refactor fc_pp_authority by wrapping the generic TLV fetch - MEDIUM: sample: Add fetch for arbitrary TLVs - MEDIUM: connection: Generic, list-based allocation and look-up of PPv2 TLVs - CLEANUP/MINOR: connection: Improve consistency of PPv2 related constants - CI: Update to actions/checkout@v4 - MEDIUM: capabilities: enable support for Linux capabilities - BUG/MINOR: hlua/action: incorrect message on E_YIELD error - BUG/MINOR: ring/cli: Don't expect input data when showing events - BUG/MINOR: applet: Always expect data when CLI is waiting for a new command - NUG/MEDIUM: stconn: Always update stream's expiration date after I/O - BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout - BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC - BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC - BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer - BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) - BUG/MINOR: quic: Wrong RTT adjusments - MINOR: httpclient: allow to configure the timeout.connect - MINOR: httpclient: allow to configure the retries - DOC: configuration: update examples for req.ver - BUG/MINOR: stream: further protect stream_dump() against incomplete sessions - BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer - BUG/MAJOR: quic: Really ignore malformed ACK frames. - BUG/MINOR: quic: Possible skipped RTT sampling - BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown - BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown - BUG/MINOR: stconn: Don't report blocked sends during connection establishment - BUG/MEDIUM: stconn: Update stream expiration date on blocked sends - DEBUG: applet: Properly report opposite SC expiration dates in traces - BUG/MINOR: checks: do not queue/wake a bounced check - DOC: config: mention uid dependency on the tune.quic.socket-owner option - BUG/MINOR: stream: protect stream_dump() against incomplete streams - BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate - BUILD: import: guard plock.h against multiple inclusion - BUG/MINOR: ssl_sock: fix possible memory leak on OOM - DOC: lua: fix core.register_action typo - BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage - CI: fedora: fix "dnf" invocation syntax - IMPORT: xxhash: update xxHash to version 0.8.2 - MINOR: atomic: make sure to always relax after a failed CAS - MINOR: threads: inline the wait function for pthread_rwlock emulation - IMPORT: plock: also support inlining the int code - BUILD: Makefile: add the USE_QUIC option to make help - DOC: jwt: Add explicit list of supported algorithms - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3) - SCRIPTS: git-show-backports: automatic ref and base detection with -m - DOC: typo: fix sc-set-gpt references - BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection - BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection - DEV: flags/show-sess-to-flags: properly decode fd.state - BUG/MINOR: hlua: fix invalid use of lua_pop on error paths - BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing - CI: get rid of travis-ci wrapper for Coverity scan - CI: do not use "groupinstall" for Fedora Rawhide builds - MINOR: ssl: allow to change the client-sigalgs on server lines - MINOR: ssl: allow to change the server signature algorithm on server lines - MINOR: peers: add peers keyword registration - BUG/MINOR: http: skip leading zeroes in content-length values - DOC: clarify the handling of URL fragments in requests - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri - BUG/MINOR: h3: reject more chars from the :path pseudo header - BUG/MINOR: h2: reject more chars from the :path pseudo header - BUG/MINOR: h1: do not accept '#' as part of the URI component - REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests - MINOR: h2: pass accept-invalid-http-request down the request parser - MINOR: http: add new function http_path_has_forbidden_char() - MINOR: ist: add new function ist_find_range() to find a character range - BUG/MAJOR: http: reject any empty content-length header value - BUG/MAJOR: h3: reject header values containing invalid chars - REORG: http: move has_forbidden_char() from h2.c to http.h - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement - BUILD: quic: fix wrong potential NULL dereference - BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error - BUG/MINOR: http-client: Don't forget to commit changes on HTX message - BUG/MEDIUM: quic: consume contig space on requeue datagram - BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends - BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full - DOC: configuration: describe Td in Timing events - BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line - BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX - MINOR: quic: Useless call to SSL_CTX_set_quic_method() - MINOR: quic: Make ->set_encryption_secrets() be callable two times - BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary - BUG/MINOR: server-state: Avoid warning on 'file not found' - BUG/MINOR: server-state: Ignore empty files - BUG/MINOR: quic: Missing parentheses around PTO probe variable. - BUG/MINOR: server: Don't warn on server resolution failure with init-addr none - BUG/MINOR: init: set process' affinity even in foreground - BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct - BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured - MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found - BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses - BUG/MINOR: hlua: add check for lua_newstate - BUILD: quic: fix warning during compilation using gcc-6.5 - CI: explicitely highlight VTest result section if there's something - CI: add naming convention documentation - BUG/MINOR: http: Return the right reason for 302 - BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters - DOC: config: Fix fc_src description to state the source address is returned - BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing - BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers - CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt - BUG/MEDIUM: quic: timestamp shared in token was using internal time clock - BUG/MEDIUM: quic: missing check of dcid for init pkt including a token - BUG/MINOR: quic: retry token remove one useless intermediate expand - BUG/MEDIUM: quic: token IV was not computed using a strong secret - BUG/MINOR: config: Remove final '\n' in error messages - BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size - EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script - BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() - MINOR: hlua_fcn/mailers: handle timeout mail from mailers section - BUG/MINOR: server: set rid default value in new_server() - BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() - BUG/MINOR: sink: invalid sft free in sink_deinit() - BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() - BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() - BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() - BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets - MINOR: sink/api: pass explicit maxlen parameter to sink_write() - BUG/MINOR: log: LF upsets maxlen for UDP targets - BUG/MINOR: ring: maxlen warning reported as alert - BUG/MINOR: ring: size warning incorrectly reported as fatal error - BUG/MINOR: sink: missing sft free in sink_deinit() - BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239() - BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() - BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage - BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT - DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list only aspect - DOC: ssl: Fix typo in 'ocsp-update' option - CLEANUP: quic: Remove server specific about Initial packet number space - MINOR: quic: Reduce the maximum length of TLS secrets - MINOR: quic: Move packet number space related functions - MINOR: quic: Move QUIC encryption level structure definition - BUILD: debug: avoid a build warning related to epoll_wait() in debug code - MINOR: compression/slz: add support for a pure flush of pending bytes - IMPORT: slz: implement a synchronous flush() operation - BUG/MINOR: quic: Wrong endianess for version field in Retry token - BUG/MINOR: quic: Wrong Retry paquet version field endianess - BUG/MINOR: quic: Missing random bits in Retry packet header - BUG/MINOR: config: fix stick table duplicate name check - BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag - BUG/MINOR: quic: Prevent deadlock with CID tree lock - BUG/MINOR: mworker: leak of a socketpair during startup failure - BUG/MINOR: http_ext: fix if-none regression in forwardfor option - DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size - REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages - DOC: Add tune.h2.max-frame-size option to table of contents - DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents - BUG/MINOR: quic: ticks comparison without ticks API use - BUG/MEDIUM: mworker: increase maxsock with each new worker - BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr() - BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update() - BUG/MINOR: quic: Missing initialization (packet number space probing) - BUG/MINOR: namespace: missing free in netns_sig_stop() - BUG/MINOR: server: inherit from netns in srv_settings_cpy() - BUG/MINOR: quic: Address inversion in "show quic full" - BUG/MINOR: quic: Wrong encryption level flags checking - BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure - REG-TESTS: stickiness: Delay haproxys start to properly resolv variables - BUG/MINOR: peers: Improve detection of config errors in peers sections - BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions - BUG/MINOR: proxy/server: free default-server on deinit - MINOR: hapee/WURFL: transfer error status from the _wurfl_reload() function - MINOR: hapee/WURFL: added live update database function - MINOR: hapee/WURFL: added custom API log function - MINOR: hapee/WURFL: added function to check correct module initialization - BUG/MINOR: hapee/WURFL: corrected version check of used wurfl library - BUILD: hapee/da: repaired build in case of using old DeviceAtlas library - MINOR: hapee/da: add function that allow data reload - MINOR: hapee/da: add spin locking - MINOR: hapee/da: add support for loading a precompiled json data - MEDIUM: hapee/da: Revert "MEDIUM: da: update module to handle schedule mode." - MINOR: hapee/51d: add function that returns path to 51Degrees data file - MINOR: hapee/51d: add function that allow data reload - BUG/MINOR: hapee/51d: add spin locking - BUILD: hapee/51d: fix error when building with 51Degrees enabled - BUG/MEDIUM: hapee/51d: fix a segfault on exit when 51d configuration is not loaded - MEDIUM: hapee/51d: use fiftyoneDegreesProvider to access the pool and dataset - BUG/MINOR: proxy: add missing interface bind free in free_proxy - BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line - DOC: config: fix rfc7239 converter examples (again) - DOC: config: fix jwt_verify() example using var() - DOC: quic: fix misspelled tune.quic.socket-owner - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt - CONTRIB: Add vi file extensions to .gitignore - BUG/MINOR: quic: Possible crash when SSL session init fails - BUG/MINOR: stream: do not use client-fin/server-fin with HTX - BUG/MINOR: stats: Fix Lua's `get_stats` function - MEDIUM: hapee: does not pass OPTION_LDFLAGS to modules - MINOR: hapee/modules: check if we generate the API hash correctly - BUG/MINOR: hapee/modules: adjust include match() in gen-modules-config-h.awk - BUG/MINOR: hapee/modules: initialize the module head list - BUILD: hapee/modules: select either md5 or md5sum - MEDIUM: hapee/modules: load the STG_REGISTER initcalls - BUG/MINOR: hapee/modules: display detailed error message on mod_init() failure - MINOR: hapee/modules: add a new label MODULES_LOCK to the lock_label enum - MINOR: hapee/modules: add the ability to register variable and functions. - MEDIUM: hapee/modules: 'modules list' on the cli shows currently loaded modules - MINOR: hapee/modules: terminate properly loaded modules if possible - MEDIUM: hapee/modules: add memory reservation support for the modules - MINOR: hapee: change URLs for 2.8r1 - BUILD: hapee/modules: update HAPEE version macro to 2.8r1 - BUILD: hapee/modules: add macros to compute numerical value of a HAPEE version - BUILD: hapee/modules: add version of the module in the defines - MEDIUM: hapee/modules: add modules support