ChangeLog : =========== 2024/11/26 : 3.2-dev0 - exact copy of 3.1.0 2024/11/26 : 3.1.0 - BUG/MAJOR: mux-h1: Properly handle wrapping on obuf when dumping the first-line - BUILD: activity/memprofile: fix a build warning in the posix_memalign handler - BUG/MINOR: quic: Avoid BUG_ON() on ->on_pkt_lost() BBR callback call - CI: update to the latest AWS-LC version - CI: update to the latest WolfSSL version - DOC: ot: mention planned deprecation of the OT filter - Revert "CI: update to the latest WolfSSL version" - CI: github: add a WolfSSL job which tries the latest version - BUILD: systemd: fix usage of reserved name "sun" in the address field - BUILD: init: use the more portable FD_CLOEXEC for /dev/null - CI: github: improve the Wolfssl job - CI: github: improve the AWS-LC job - BUG/MINOR: mux-quic: fix show quic report of QCS prepared bytes - BUG/MEDIUM: quic: fix sending performance due to qc_prep_pkts() return - MINOR: mux-quic: use sched call time for pacing - CI: github: allow to run the Illumos job manually - BUILD: tcp_sample: var_fc_counter defined but not used - CI: github: add 'workflow_dispatch' on remaining build jobs - DOC: config: refine a little bit the text on QUIC pacing - MINOR: proto_sockpair: send_fd_uxst: init iobuf, cmsghdr, cmsgbuf to zeros - MINOR: startup: rename on_new_child_failure to mworker_on_new_child_failure - REORG: startup: move on_new_child_failure in mworker.c - MINOR: startup: prefix prepare_master and run_master with mworker_* - REORG: startup: move mworker_prepare_master in mworker.c - MINOR: startup: keep updating verbosity modes only in haproxy.c - REORG: startup: move mworker_run_master and mworker_loop in mworker.c - REORG: startup: move mworker_reexec and mworker_reload in mworker.c - MINOR: startup: prefix apply_master_worker_mode with mworker_* - REORG: startup: move mworker_apply_master_worker_mode in mworker.c - MINOR: cfgparse-quic: strengthen quic-cc-algo parsing - BUG/MAJOR: quic: fix wrong packet building due to already acked frames - DEV: lags/show-sess-to-flags: Properly handle fd state on server side - BUG/MEDIUM: http-ana: Don't release too early the L7 buffer - MINOR: quic: make bbr consider the max window size setting - DOC: quic: Amend the pacing information about BBR. - BUG/MEDIUM: quic: prevent EMSGSIZE with GSO for larger bufsize - MINOR: cli: Add a "help" keyword to show sess - MINOR: cli/quic: Add a "help" keyword to show quic - DOC: management: mention "show sess help" and "show quic help" - DOC: install: update the list of supported versions - MINOR: version: mention that 3.1 is stable now 2024/11/21 : 3.1-dev14 - MINOR: acl: export find_acl_default() - MINOR: sample: extend the "when" converter to support an ACL - MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{client,server} as sizes - MINOR: cfgparse: parse tune.{rcvbuf,sndbuf}.{frontend,backend} as sizes - MINOR: cfgparse: parse tune.pipesize as a size - MINOR: cfgparse: parse tune.recv_enough as a size - MINOR: cfgparse: parse tune.bufsize as a size - MINOR: cfgparse: parse tune.bufsize.small as a size - REGTESTS: silence the "log format ignored" warnings - REGTESTS: silence warning "previous 'http-response' action is final" - REGTESTS: make the unit explicit for very short timeouts - REGTESTS: silence warnings about content-type being ignored - REGTESTS: remove a duplicate "option httpslog" in the defaults section - REGTESTS: silence warning "L6 sample fetches ignored" in cond_set_var - REGTESTS: add missing timeouts to 30 tests - REGTESTS: only use tune.ssl.default-dh-param when not using AWS-LC - REGTESTS: enable -dW on almost all tests to fail on warnings - MEDIUM: config: warn on unitless timeouts < 100 ms - MINOR: tools: make parse_size_err() support 32/64 bits - MINOR: ring: support unit suffixes in the size - MINOR: cfgparse-global: parse options to allow non std keywords in discovery mode - BUG/MINOR: mworker-prog: don't warn about deprecated section with expose-deprecated-directives - MINOR: cli: make "show env" accessible via master CLI without enabling debug - MINOR: config: show HAPROXY_BRANCH in "show env" output - MINOR: http-ana: Add option to keep query-string on a localtion-based redirect - MINOR: http-ana: Add support for "set-cookie-fmt" option to redirect rules - MINOR: agent-check: Be able to set absolute weight via an agent - MINOR: stream: Add an option to "show sess" command to dump the captured URI - DOC: config: A a space before ':' for {bs,fs}.aborted and {bs,fs}.rst_code - DOC: config: Fix a typo in "1.3.1. The Request line" - MINOR: http: Add support for HTTP 414/431 status codes - DEV: phash: Update 414 and 431 status codes to phash - MINIR: mux-h1: Return 414 or 431 when appropriate - BUG/MINOR: http_ana: Report -1 for %Tr for invalid response only - DOC: config: Slightly improve the %Tr documentation - DOC: config: Move wait_end in section about internal samples - DOC: config: Move fs.* and bs.* in section about L5 samples - MINOR: stats-file: add the filename in the warning - MEDIUM: stats-file: explicitely ignore comments starting by // - DOC: quic: rename max-window-size as with default prefix - MINOR: mux-quic: add missing values for show flags - MINOR: quic: simplify qc_prep_pkts() exit path - MINOR: quic: support a max number of built packet per send iteration - MINOR: quic: extend qc_send_mux() return type with a dedicated enum - MINOR: quic: define quic_pacing module - MINOR: quic/pacing: implement quic_pacer engine - MINOR: quic/pacing: support pacing emission on quic_conn layer - MINOR: quic/pacing: add burst support - MINOR: mux-quic: define a tx STREAM frame list member - MINOR: mux-quic: encapsulate QCC tasklet wakeup - MAJOR: mux-quic: support pacing emission - MINOR: quic: use dynamic cc_algo on bind_conf - MINOR: quic: extend quic-cc-algo optional parameters - MEDIUM: quic: define cubic-pacing congestion algorithm - MINOR: mux_quic/pacing: display pacing info on show quic - MEDIUM: stats-file: silently ignore be/fe mistmatch - REGTESTS: use -dW by default on every reg-tests - DOC: lua: fix yield-dependent methods expected contexts - DOC: sched: add missing scheduler API documentation for tasklet_wakeup_after() - DOC: sched: document the missing TASK_F_UEVT* flags - CLEANUP: tinfo: move sched_*_date/*_mono_time to the thread-local area - MINOR: stream: don't update s->lat_time when the wakeup date is not set - MINOR: tinfo/clock: turn sched_call_date to 64-bits - MINOR: sched: add TASK_F_WANTS_TIME to make the scheduler update the call date - MINOR: tools: add new macro DEFZERO to provide a default zero argument - MINOR: tasklet: make the low-level tasklet API take a flag - MINOR: tasklet: support an optional set of wakeup flags to tasklet_wakeup_on() - DOC: configuration: explain the rules regarding spaces in arguments - DOC: configuration: explain quotes and spaces in conditional blocks - DOC: configuration: wrap long line for "strstr()" conditional expression - BUG/MINOR: http-ana: Adjust the server status before the L7 retries - MINOR: http-fetch: Add an option to 'query" to get the QS with the '?' - BUG/MINOR: cfgparse-quic: fix renaming of max-window-size - MEDIUM: mworker: remove USE_SYSTEMD requirement for -Ws - CI: vtest: temporarily build from the sd-notify PR - MINOR: systemd: replace SOCK_CLOEXEC by fcntl call to FD_CLOEXEC - BUILD: makefile: make ERR apply to build options as well - MINOR: startup: set HAPROXY_LOCALPEER only once - DOC: configuration: update "Environment variables" chapter - DOC: config: indent the list of environment variables - OPTION: map/hlua: make core.set_map() lookup more efficient - REGTESTS: switch to -Ws for master-worker reg-tests - REGTESTS: disable temporarly mworker test on OSX - MINOR: quic: Add the congestion window initial value to QUIC path - MINOR: window_filter: Implement windowed filter (only max) - MINOR: quic: implement delivery rate sampling algorithm - MINOR: quic: implement BBR congestion control algorithm for QUIC - MINOR: quic: quic_cc modifications to support BBR - MINOR: quic: quic_loss modifications to support BBR - MINOR: quic: RX part modifications to support BBR - MINOR: quic: TX part modifications to support BBR. - MINOR: quic: add "bbr" new "quic-cc-algo" option - BUG/MEDIUM: mux-h2: Increase max number of headers when encoding HEADERS frames - BUG/MEDIUM: mux-h2: Check the number of headers in HEADERS frame after decoding - BUG/MEDIUM: h3: Properly limit the number of headers received - BUG/MEDIUM: h3: Increase max number of headers when sending headers - DOC: config: Improve documentation of tune.http.maxhdr directive - DOC: management: Clearly state "show errors" only reports malformed H1 messages - BUILD: makefile: build flags.c before haproxy to speed up the build - BUILD: makefile: reorder object files by build time - MINOR: config: Improve warnings on misplaced rules by adding an optional arg - CLEANUP: cfgparse: Add direction in functions name that warn on misplaced rules - MINOR: cfgparse: Emit a warning for misplaced "tcp-response content" rules - BUG/MINOR: cfgparse-quic: fix bbr initialization - MINOR: cfgparse-quic: activate pacing only via burst argument - MINOR: quic: Useless rate sample member initialization - BUG/MINOR: cfgparse-quic: fix warning for cc-aglo with 0 burst - MINOR: quic: support pacing for newreno and nocc - BUG/MINOR: quic: Missing application limitations tracking for BBR - MINOR: cfgparse-global: add cfg_parse_global_chroot - MINOR: cfgparse-global: add more checks for "chroot" argument - BUG/MINOR: startup: fix UAF when set the default for log_tag - MINOR: capabilities: rename program_name argument to progname - MINOR: startup: use global progname variable - MINOR: cfgparse-global: add cfg_parse_global_localpeer - BUG/MINOR: config: allow to check HAPROXY_LOCALPEER in config - BUG/MINOR: startup: init_early: remove obsolete comment - BUG/MEDIUM: debug: don't set the STUCK flag from debug_handler() - BUG/MEDIUM: wdt: fix the stuck detection for warnings - BUG/MINOR: activity/memprofile: reinitialize the free calls on DSO summary - MINOR: activity/memprofile: offer a function to unregister stale info - BUG/MEDIUM: pools/memprofile: always clean stale pool info on pool_destroy() - MINOR: activity: better report nil than ffff in unknown callers - CLEANUP: activity: better use a mask to tests freeing methods - MINOR: activity/memprofile: also monitor strdup() activity - MINOR: activity/memprofile: monitor non-portable calls as well - MINOR: activity: interrupt the show profile dump more often - MINOR: tools: resolve main() only once in resolve_sym_name() - MINOR: tools: add a new function "resolve_dso_name" to find a symbol's DSO - MINOR: activity/memprofile: use resolve_dso_name() for the DSO summary - REGTESTS: relax strerror matching to avoid a failure on libmusl - REGTESTS: don't rely on the base64 utility when openssl base64 is already used 2024/11/15 : 3.1-dev13 - MEDIUM: mworker: depreciate the 'program' section - BUILD: ot: use a cebtree instead of a list for variable names - MINOR: startup: replace HAPROXY_LOAD_SUCCESS with global load_status - BUG/MINOR: startup: set HAPROXY_CFGFILES in read_cfg - BUG/MINOR: cli: don't show sockpairs in HAPROXY_CLI and HAPROXY_MASTER_CLI - BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state - BUG/MEDIUM: resolvers: Insert a non-executed resulution in front of the wait list - MINOR: debug: explicitly permit the counter condition to be empty - MINOR: debug: add a new counter type for glitches - MINOR: mux-h2: count glitches when they're reported - BUG/MINOR: deinit: release uri_auth admin rules - MINOR: uri_auth: add stats_uri_auth_free helper - MEDIUM: uri_auth: implement clean uri_auth cleaning - MINOR: mux-quic/h3: count glitches when they're reported - BUG/MEDIUM: mux-h2: Don't send RST_STREAM frame for streams with no ID - BUG/MINOR: Don't report early srv aborts on request forwarding in DONE state - MINOR: promex: Expose the global node and description in process metrics - MINOR: promex: Add global and proxies description as labels to all metrics - OPTIM: pattern: only apply LRU cache for large enough lists - BUG/MEDIUM: checks: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: debug: do not set task expiration to TICK_ETERNITY - BUG/MEDIUM: mailers: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: mux_quic: make sure to always apply offsets to now_ms in expiration - BUG/MINOR: peers: make sure to always apply offsets to now_ms in expiration - BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY - MINOR: debug/cli: replace "debug dev counters" with "debug counters" - DOC: config: add tune.h2.{be,fe}.rxbuf to the global keywords index - MINOR: chunk: add a BUG_ON upon the next init_trash_buffer() 2024/11/08 : 3.1-dev12 - MINOR: startup: tune.renice.{startup,runtime} allow to change priorities - BUG/MEDIUM: promex: Fix dump of extra counters - BUILD: import/mt_list: support building with TCC - BUILD: compiler: define __builtin_prefetch() for tcc - CLEANUP: quic: Remove the useless directive "tune.quic.backend.max-idle-timeou" - DOC: config: document connection error 44 (reverse connect failure) - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry - DEBUG: cli: support closing "hard" using close() in addition to fd_delete() - MINOR: connection: add more connection error codes to cover common errno - MINOR: rawsock: set connection error codes when returning from recv/send/splice - MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name - MINOR: quic: Help diagnosing malformed probing packets - BUG/MINOR: quic: fix malformed probing packet building - MINOR: listener: Remove useless checks on the receiver protocol existence - MINOR: http-conv: Remove unreachable goto statement in sample_conv_q_preferred - MINOR: http: don't %-encode the payload when not relevant - MINOR: quic: simplify qc_parse_pkt_frms() return path - MINOR: quic: use dynamically allocated frame on parsing - MINOR: quic: extend return value of CRYPTO parsing - BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO - BUG/MINOR: mworker: do 'program' postparser checks in read_cfg_in_discovery_mode - EXAMPLES: add "traces.cfg" with traces examples - BUG/MEDIUM: quic: do not consider ACK on released stream as error - CLEANUP: stats: fix misleading comment on top of stat_idx_info - MINOR: wdt: move the local timers to a struct - MINOR: debug: add a function to dump a stuck thread - DEBUG: wdt: better detect apparently locked up threads and warn about them - DEBUG: cli: make it possible for "debug dev loop" to trigger warnings - DEBUG: wdt: make the blocked traffic warning delay configurable - DEBUG: wdt: add a stats counter "BlockedTrafficWarnings" in show info - DEBUG: wdt: set the default blocked task delay to 100 ms - MINOR: debug: move the "recover now" warn message after the optional notes - MINOR: event_hdl: add event_hdl_sub_list_empty() helper func - MINOR: pattern: add _pat_ref_new() helper func - OPTIM: pattern: use malloc() to initialize new pat_ref struct - MINOR: pattern: add pat_ref_free() helper func - CLEANUP: guid: remove global tree export - BUG/MINOR: guid/server: ensure thread-safety on GUID insert/delete - DOC: management: explain the change of behavior of the program section - BUG/MEDIUM: mux-h2: try to wait for the peer to read the GOAWAY - BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error 2024/11/01 : 3.1-dev11 - BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new() - BUG/MEDIUM: mworker/httpclient: initialization skipped by accident in mworker mode - BUG/MINOR: resolvers/mworker: missing default resolvers in mworker mode - MINOR: mworker/ocsp: skip ocsp-update proxy init in master - BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send - MINOR: mux-h1: Show the SD iobuf in trace messages on stream send events - MINOR: mux-h1: Add a trace on shutdown when keep-alive is not possible - BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid - BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify() - BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter - REGTESTS: Never reuse server connection in http-messaging/truncated.vtc - BUG/MINOR: quic: avoid leaking post handshake frames - MINOR: quic: send new tokens (NEW_TOKEN) even for 1RTT sessions - BUG/MEDIUM: quic: avoid freezing 0RTT connections - DOC: config: fix rfc7239 forwarded typo in desc - MINOR: http_ext: implement rfc7239_{nn,np} converters - CLEANUP: http_ext: remove useless BUG_ON() in http_handle_xot_header() - BUG/MINOR: sample: free err2 in smp_resolve_args for type ARGT_REG - MINOR: arg: add an argument type for identifier - BUILD: buffers: keep b_getblk_nc() and b_peek_varint() in buf.h - CLEANUP: buffers: simplify b_get_varint() - OPTIM: buffers: avoid a useless wrapping check for ofs == 0 - MINOR: debug: make mark_tainted() return the previous value - MINOR: chunk: drop the global thread_dump_buffer - MINOR: debug: split ha_thread_dump() in two parts - MINOR: debug: slightly change the thread_dump_pointer signification - MINOR: debug: make ha_thread_dump_done() take the pointer to be used - MINOR: debug: replace ha_thread_dump() with its two components - MEDIUM: debug: on panic, make the target thread automatically allocate its buf - BUILD: mux-h2/traces: fix build on 32-bit due to size of the DATA frame - CI: prepare Coverity build for Ubuntu 24 - CI: bump development builds explicitely to Ubuntu 24.04 - CI: modernize macos builds to macos-15 - BUG/MINOR: mworker: fix mworker-max-reloads parser - MINOR: mux-quic: simplify sending of empty STREAM FIN - BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent - CLEANUP: debug: make the BUG_ON() macros check the condition in the outer one - MEDIUM: debug: add match counters for BUG_ON/WARN_ON/CHECK_IF - MINOR: debug: add a new debug macro COUNT_IF() - MINOR: debug: add "debug dev counters" to list code counters - BUG/MEDIUM: stats-html: Never dump more data than expected during 0-copy FF - BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF - BUG/MINOR: stconn: Pretend the SE have more data to deliver on abortonclose - CLEANUP: stream: remove outdated comments - DEBUG: stream: Add debug counters to track some client/server aborts - DEBUG: mux-h1: Add debug counters to track some errors - MINOR: mux-h1: Add support of the debug string for logs - MINOR: stream: maintain per-stream counters of the number of passes on code - MINOR: filters: add per-filter call counters - MINOR: sample: add the "when" converter to condition some expressions - BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families - BUILD: spoe: fix build warning on older gcc around sub-struct initialization - Revert "OPTIM: mux-h2: make h2_send() report more accurate wake up conditions" - DEBUG: mux-h1: Add debug counters to track errors with in/out pending data - BUG/MINOR: mux-h1: Fix conditions on pipe in some COUNT_IF() - MINOR: activity/memprofile: show per-DSO stats - BUG/MINOR: mworker/cli: show master startup logs in recovery mode - MINOR: mworker: stop MASTER proxy listener on worker mcli sockpair - MINOR: error: simplify startup_logs_init_shm - BUG/MINOR: mworker: show worker warnings in startup logs - CLEANUP: mworker: clean mworker_reexec - MINOR: mworker/cli: split mworker_cli_proxy_create - BUG/MINOR: server: fix dynamic server leak with check on failed init - BUG/MEDIUM: server: fix race on servers_list during server deletion - BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error - BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding - BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side - MINOR: mworker/cli: add 'debug' to 'show proc' - MINOR: mworker/cli: remove comment line for program when useless - MINOR: mworker/cli: 'show proc debug' for old workers - BUILD: debug: silence a build warning with threads disabled - CLEANUP: mux-h2: remove the unused "full" variable in h2_frt_transfer_data() - MINOR: pools: export the pools variable - MINOR: debug: place a magic pattern at the beginning of post_mortem - MINOR: debug: place the post_mortem struct in its own section. - MINOR: debug: store important pointers in post_mortem - MINOR: debug: do not limit backtraces to stuck threads - MINOR: cli: remove non-printable characters from 'debug dev fd' - MINOR: cli: add an 'echo' command - MINOR: debug: also add a pointer to struct global to post_mortem - CLEANUP: mworker: make mworker_create_master_cli more readable - BUG/MEIDUM: mworker: fix fd leak from master to worker - BUG/MINOR: mworker/cli: fix mworker_cli_global_proxy_new_listener - MINOR: tools: add strnlen2() helper - CLEANUP: log: use strnlen2() in _lf_text_len() to compute string length - DOC: design: add notes about more detailed error reporting for logs - MINOR: debug: also add fdtab and acitvity to struct post_mortem - MINOR: debug: remove the redundant process.thread_info array from post_mortem - DEV: gdb: add a number of gdb scripts to navigate in core dumps - BUG/MINOR: trace: stop rewriting argv with -dt - MEDIUM: protocol: make abns a custom unix socket address family - MEDIUM: protocol: rely on AF_CUST_ABNS family to recognize ABNS sockets - CLEANUP: tools: rely on address family to detect ABNS sockets - MINOR: protocol: create abnsz socket address family - MINOR: sock: restore effective UNIX family in sock_get_old_sockets() - MEDIUM: sock: also restore effective unix family in get_{src,dst}() - MEDIUM: sock_unix: use per-family addrcmp function - MEDIUM: socket: add zero-terminated ABNS alternative - BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly - BUG/MINOR: mworker: mworker_reexec: unset MODE_STARTING before free startup logs ring - BUG/MINOR: errors: startup_logs_free: set global startup_logs ptr to NULL - BUG/MINOR: errors: print_message: don't allocate startup logs ring - BUG/MINOR: startup: don't fork worker if started with -c -W - BUG/MINOR: startup: dump libs only in worker if started with -W -dL - BUG/MINOR: startup: dump keywords only in worker if started with -W -dKAll - BUG/MINOR: startup: don't dump polling info for master in verbose mode - CI: switch QUIC Interop on AWS-LC to common docker image - CI: switch QUIC Interop on LibreSSL to common docker image - CI: enable chacha20 test on LibreSSL QUIC Interop - DOC: config: add missing glitch_{cnt,rate} data types - DOC: config: add missing glitch_{cnt,rate} sample definitions - CI: LibreSSL QUIC Interop: fix docker context - DEBUG: mux-h1: Add H1C expiration dates in trace messages - BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections - BUG/MINOR: http-ana: Report internal error if an action yields on a final eval - MINOR: stream: Save last evaluated rule on invalid yield - MINOR: quic: complete trace in qc_may_build_pkt() - MINOR: quic: move qc_send_mux() prototype into quic_tx.h - MINOR: stream: Replace last_rule_file/line fields by a more generic field - MINOR: stream: Save the last filter evaluated interrupting the processing - MINOR: stream: Save the entity waiting to continue its processing - MINOR: stream: Use an enum to identify last and waiting entities for streams - MINOR: stream: Add http-buffer-request option in the waiting entities - DOC: config: Add documentation about last_entity sample fetch - DOC: config: Add documentation about waiting_entity sample fetch 2024/10/16 : 3.1-dev10 - BUG/MAJOR: mux-quic: do not crash on empty STREAM frame emission - BUG/MINOR: stats: Fix the name for the total number of streams created - MINOR: quic: strengthen qc_release_frm() - MEDIUM: quic: decount acknowledged data for MUX txbuf window - MINOR: quic: implement dedicated type for out-of-order stream ACK - MEDIUM: quic: merge contiguous/overlapping buffered ack stream range - MEDIUM: quic: decount out-of-order ACK data range for MUX txbuf window - MINOR: log: add do_log() logging helper - MINOR: log: add do_log_parse_act() helper func - MINOR: action: add do-log action - REGTESTS: add some tests for 'do-log' action - BUG/MEDIUM: hlua: make hlua_ctx_renew() safe - BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - BUG/MINOR: quic: fix discarding of already stored out-of-order ACK - BUG/MEDIUM: quic: properly decount out-of-order ACK on stream release - MINOR: ssl: disable server side default CRL check with WolfSSL - MEDIUM: sink: implement sink_find_early() - MINOR: trace: postresolve sink names - MINOR: sample: postresolve sink names in debug() converter - BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests - MINOR: cfgparse: simulate long configuration parsing with force-cfg-parser-pause - BUILD: cache: silence an uninitialized warning at -Og with gcc-12.2 - BUG/MINOR: mux-h2/traces: present the correct buffer for trailers errors traces - MINOR: mux-h2/traces: print the size of the DATA frames - CLEANUP: muxes: remove useless inclusion of ebmbtree.h - REORG: buffers: move some of the heavy functions from buf.h to buf.c - MINOR: buffer: add a buffer list type with functions - MINOR: mux-h2: split the amount of rx data from the amount to ack - MINOR: mux-h2: create and initialize an rx offset per stream - MEDIUM: mux-h2: start to update stream when sending WU - MEDIUM: mux-h2: start to introduce the window size in the offset calculation - MINOR: mux-h2: count within a connection, how many streams are receiving data - MINOR: mux-h2: allocate the array of shared rx bufs in the h2c - MINOR: mux-h2: add rxbuf head/tail/count management for h2s - MINOR: mux-h2: move H2_CF_WAIT_IN_LIST flag away from the demux flags - MINOR: mux-h2: simplify the exit code in h2_rcv_buf() - MINOR: mux-h2: simplify the wake up code in h2_rcv_buf() - MINOR: mux-h2: clear up H2_CF_DEM_DFULL and H2_CF_DEM_SHORT_READ ambiguity - MAJOR: mux-h2: make streams use the connection's buffers - MAJOR: mux-h2: permit a stream to allocate as many buffers as desired - MAJOR: mux-h2: make the rxbuf allocation algorithm a bit smarter - MINOR: mux-h2: add tune.h2.be.rxbuf and tune.h2.fe.rxbuf global settings - MEDIUM: mux-h2: change the default initial window to 16kB - DOC: design-thoughts: add diagrams illustrating an rx win groth - MEDIUM: mux-h2: rework h2_restart_reading() to differentiate recv and demux - OPTIM: mux-h2: make h2_send() report more accurate wake up conditions - OPTIM: mux-h2: try to continue reading after demuxing when useful - OPTIM: mux-h2: use tasklet_wakeup_after() in h2s_notify_recv() - MINOR: mux-h2/traces: add missing flags and proxy ID in traces - MINOR: mux-h2/traces: add buffer-related info to h2s and h2c - CI: cirrus-ci: bump FreeBSD image to 14-1 - REGTESTS: fix a reload race in abns_socket.vtc - MINOR: activity/memprofile: always return "other" bin on NULL return address - MINOR: quic: notify connection layer on handshake completion - BUG/MINOR: stream: unblock stream on wait-for-handshake completion - BUG/MEDIUM: quic: support wait-for-handshake - BUG/MEDIUM: server: server stuck in maintenance after FQDN change - BUG/MEDIUM: queue: make sure never to queue when there's no more served conns - DEBUG: mux-h2/flags: add H2_CF_DEM_RXBUF & H2_SF_EXPECT_RXDATA for the decoder - REGTESTS: cli: add delay 0.1 before connect to cli - MINOR: startup: add O_CLOEXEC flag to open /dev/null - MEDIUM: startup: move daemonization fork in init - MINOR: startup: refactor "daemonization" fork - MEDIUM: startup: move PID handling in init() - MAJOR: mworker: move master-worker fork in init() - BUG/MINOR: mworker: fix memory leak due to master-worker fork - REORG: mworker: set nbthread=1 for master after fork - MINOR: init: check MODE_MWORKER before creating master CLI - REORG: mworker: move mworker_create_master_cli in master 'case' - MEDIUM: startup: call chroot() if needed in one place - MEDIUM: startup: do set_identity() if needed in one place - MINOR: startup: only worker gets capabilities from bin - CLEANUP: haproxy: rm no longer used mworker_reexec_waitmode - MINOR: startup: rename exit_on_waitmode_failure to exit_on_failure - MINOR: defaults: update MASTER_MAXCONN description - MEDIUM: startup: remove MODE_MWORKER_WAIT - MINOR: global: add MODE_DISCOVERY flag - MEDIUM: cfgparse: add KWF_DISCOVERY keyword flag - MEDIUM: cfgparse: call some parsers only in MODE_DISCOVERY - MEDIUM: cfgparse-global: parse only KWF_DISCOVERY keywords in MODE_DISCOVERY - MEDIUM: cfgparse: parse only "global" section in MODE_DISCOVERY - MEDIUM: startup: introduce load_cfg and read_cfg - MINOR: cfgparse: fix *thread keywords sensitive to global section position - MINOR: mworker/cli: rename mworker_cli_proxy_new_listener - MINOR: mworker/cli: rename and clean mworker_cli_sockpair_new - MINOR: mworker/cli: create master CLI sockpair before fork - MINOR: mworker/cli: create MASTER proxy before mcli listeners - MINOR: mworker: add and set state PROC_O_INIT for new worker - MEDIUM: mworker/cli: close child and parent fds, setup listeners - MINOR: mworker: mworker_catch_sigchld: use fd_delete instead of close - MINOR: startup: rename and adapt reexec_on_failure - MINOR: mworker: add support for case when new worker dies - MINOR: mworker: simplify the code that sets PROC_O_LEAVING - MINOR: mworker/cli: add _send_status to support state transition - MEDIUM: startup: split sending oldpids_sig logic for standalone and mworker modes - MINOR: startup: split init() into separate initialization routines - MINOR: startup: split main: add step_init_3 - MINOR: startup: simplify check for calling sock_get_old_sockets - MINOR: startup: encapsulate sock_get_old_sockets in a function - MINOR: startup: add bind_listeners - MINOR: startup: split main: add step_init_4 - MINOR: startup: encapsulate master's code in run_master - MINOR: startup: add read_cfg_in_discovery_mode - MINOR: mworker: adapt exit_on_failure for master recovery mode - MEDIUM: mworker: add support of master recovery mode - MINOR: startup: add set_verbosity - MEDIUM: mworker: block reloads - MINOR: mworker: slow load status delivery if worker is starting - MINOR: mworker: readapt program support in mworker_catch_sigchld - MINOR: mworker: deserialize process list before read_cfg_in_discovery_mode - MINOR: mworker: parse program only in MODE_DISCOVERY - MINOR: cfgparse: add support for program section - MINOR: startup: reintroduce program support - MINOR: mworker-prog: stop old programs in mworker_ext_launch_all - MINOR: mworker: reintroduce systemd support - MINOR: mworker: report explicitly when worker exits due to max reloads - MINOR: cfgparse-global: parse *env keywords in MODE_DISCOVERY - MINOR: startup: reintroduce *env keywords support - MINOR: startup: close devnullfd, when daemon mode is applied 2024/10/03 : 3.1-dev9 - MINOR: tools: add minimal file name management - CLEANUP: stick-table: make the file location point to a global file name - MINOR: proxy: use the global file names for conf->file - CLEANUP: cfgparse: factor proxy vs log-forward collisions - BUG/MINOR: cfgparse: detect another uncaught case of duplicate defaults - MINOR: proxy: add a list of orphaned defaults sections - MEDIUM: cfgparse: drop duplicate named defaults sections after use - OPTIM: cfgparse: speed up duplicate server detection - MEDIUM: cfgparse: warn about deprecated use of duplicate server names - BUG/MINOR: server: shut down streams under thread isolation - BUG/MINOR: proxy: also make the cli and resolvers use the global name - REGTESTS: log: fix log-profile.vtc - MEDIUM: mailers: warn about deprecated legacy mailers - BUG/MEDIUM: cli: Be sure to catch immediate client abort - DEV: flags/applet: decode appctx flags - BUG/MEDIUM: cli: Deadlock when setting frontend maxconn - MINOR: log: fix indent in strm_log() - MINOR: log: introduce extra log profile steps - MINOR: log: handle extra log origins in _process_send_log_override() - MINOR: log: introduce log_orig flags - MINOR: log: explicitly handle extra log origins as error when relevant - MINOR: log: support extra log origins for '%OG' alias - MINOR: proxy: add log_steps struct member - MINOR: log: introduce "log-steps" proxy keyword - MINOR: log: add log_orig_proxy() helper function - MEDIUM: log: consider log-steps proxy setting for existing log origins - DOC: config: document proxy "log-steps" keyword - REGTESTS: add a test for proxy "log-steps" - Revert "BUG/MINOR: server: shut down streams under thread isolation" - MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG - BUG/MEDIUM: stream: make stream_shutdown() async-safe - BUG/MINOR: server: make sure the HMAINT state is part of MAINT - BUG/MINOR: queue: make sure that maintenance redispatches server queue - MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute() - BUILD: tools: only include execinfo.h for the real backtrace() function - MINOR: tools: do not attempt to use backtrace() on linux without glibc - OPTIM: channel: speed up co_getline()'s search of the end of line - OPTIM: stconn: Don't pretend mux have more data to deliver on EOI/EOS/ERROR - BUG/MINOR: mcli: Pretend the mux have more data to deliver between two commands - MINOR: action: Export release_expr_int_action() release function - MINOR: stream: Rely on a per-stream max connection retries value - MINOR: stream: Support dynamic changes of the number of connection retries - MINOR: stream/stats: Expose the current number of streams in stats - MINOR: stream/stats: Expose the total number of streams ever created in stats - BUG/MINOR: cfgparse-global: fix allowed args number for setenv - MINOR: cfgparse-global: add dedicated parser for *env keywords - MINOR: mux-quic: complete Tx infos for QCS dump - MINOR: quic: ensure txbuf realloc is only performed on empty buffer - MINOR: mux-quic: strengthen qcs_send_metadata() usage - MINOR: quic: remove unneeded notification of txbuf room - MINOR: quic: refactor MUX send notification - MEDIUM: quic: strengthen MUX send notification - MINOR: quic: refactor STREAM room notification - MINOR: quic: do not remove qc_stream_desc automatically on ACK handling - MINOR: quic: store streambuf in a streamdesc tree - MINOR: quic: move buffered ACK to streambuf - MEDIUM: quic: handle out-of-order ACK at streamdesc layer - MEDIUM: quic: refactor buffered STREAM ACK consuming - BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server - MINOR: config/trace: Add a 'traces' section to declare debug traces - MINOR: trace: Be able to chain commands for a source in one line - MINOR: tcpcheck: Add support for an option host header value for httpchk option - BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding - MINOR: mux-h1: Use a dedicated function to conditionnaly set EOI flag on SE - BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade - BUG/MINOR: mux-quic: fix crash on qcc_init() early return - BUG/MINOR: quic: fix trace on releasing STREAM frame after ack 2024/09/18 : 3.1-dev8 - DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line - MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state - BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only - REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades - BUG/MEDIUM: clock: detect and cover jumps during execution - BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg() - BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg} - BUG/MEDIUM: pattern: prevent UAF on reused pattern expr - MEDIUM: ssl/cli: "dump ssl cert" allow to dump a certificate in PEM format - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state - BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established - REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load - BUG/MINOR: pattern: do not leave a leading comma on "set" error messages - REGTESTS: shorten a bit the delay for the h1/h2 upgrade test - MINOR: server: allow init-state for dynamic servers - DOC: server: document what to check for when adding new server keywords - MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option - BUG/MINOR: polling: fix time reporting when using busy polling - BUG/MINOR: clock: make time jump corrections a bit more accurate - BUG/MINOR: clock: validate that now_offset still applies to the current date - BUG/MEDIUM: queue: implement a flag to check for the dequeuing - OPTIM: sample: don't check casts for samples of same type - OPTIM: vars: remove the unneeded lock in vars_prune_* - OPTIM: vars: inline vars_prune() to avoid many calls - MINOR: vars: remove the emptiness tests in callers before pruning - IMPORT: import cebtree (compact elastic binary trees) - OPTIM: vars: use a cebtree instead of a list for variable names - OPTIM: vars: use multiple name heads in the vars struct - BUG/MINOR: peers: local entries updates may not be advertised after resync - DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options - MINOR: proxy: Rename accept-invalid-http-* options - DOC: configuration: Remove dangerous directives from the proxy matrix - BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send - BUG/MEDIUM: cache/stats: Wait to have the request before sending the response - BUG/MEDIUM: promex: Wait to have the request before sending the response - MINOR: clock: test all clock_gettime() return values - MEDIUM: clock: collect the monotonic time in clock_local_update_date() - MEDIUM: clock: opportunistically use CLOCK_MONOTONIC for the internal time - MEDIUM: clock: use the monotonic clock for idle time calculation - MEDIUM: clock: don't compute before_poll when using monotonic clock - BUG/MINOR: fix missing "log-format overrides previous 'option tcplog clf'..." detection - BUG/MINOR: fix missing "'option httpslog' overrides previous 'option tcplog clf'..." detection - BUG/MINOR: cfgparse-listen: fix option httpslog override warning message - BUG/MINOR: cfgparse: detect incorrect overlap of same backend names - MEDIUM: cfgparse: warn about proxies having the same names - DOC: management: add init-state to add server keywords - BUG/MINOR: mux-quic: report glitches to session - BUILD: cebtree: silence a bogus gcc warning on impossible code paths - MEDIUM: cfgparse: warn about colliding names between defaults and proxies - MEDIUM: cfgparse: detect collisions between defaults and log-forward 2024/09/05 : 3.1-dev7 - MINOR: config: Created env variables for http and tcp clf formats - MINOR: mux-quic: add buf_in_flight to QCC debug infos - MINOR: mux-quic: correct qcc_bufwnd_full() documentation - MINOR: tools: add helpers to backup/clean/restore env - MINOR: mworker: restore initial env before wait mode - BUG/MINOR: haproxy: free init_env in deinit only if allocated - BUILD: tools: environ is not defined in OS X and BSD - DEV: coccinelle: add a test to detect unchecked malloc() - DEV: coccinelle: add a test to detect unchecked calloc() - CI: QUIC Interop AWS-LC: enable ngtcp2 client - CI: fix missing comma introduced in 956839c0f68a7722acc586ecd91ffefad2ccb303 - CI: QUIC Interop: do not run bandwidth measurement tests - CI: QUIC Interop: use different artifact names for uploading logs - BUILD: quic: 32bits build broken by wrong integer conversions for printf() - CLEANUP: ssl: cleanup the clienthello capture - MEDIUM: ssl: capture the supported_versions extension from Client Hello - MEDIUM: ssl/sample: add ssl_fc_supported_versions_bin sample fetch - MEDIUM: ssl: capture the signature_algorithms extension from Client Hello - MEDIUM: ssl/sample: add ssl_fc_sigalgs_bin sample fetch - MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status - BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding - BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready - BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry - CLEANUP: haproxy: fix typos in code comment - CLEANUP: mqtt: fix typo in MQTT_REMAINING_LENGHT_MAX_SIZE - MINOR: tools: Implement ipaddrcpy(). - MINOR: quic: Implement quic_tls_derive_token_secret(). - MINOR: quic: Token for future connections implementation. - BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder - MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct) - MINOR: quic: Implement qc_ssl_eary_data_accepted(). - MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event. - BUG/MEDIUM: quic: always validate sender address on 0-RTT - BUILD: quic: fix build errors on FreeBSD since recent GSO changes - MINOR: tools: extend str2sa_range to add an alt parameter - MINOR: server: add a alt_proto field for server - MEDIUM: sock: use protocol when creating socket - MEDIUM: protocol: add MPTCP per address support - BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC) - MEDIUM: stick-table: Add support of a factor for IN/OUT bytes rates - MEDIUM: bwlim: Use a read-lock on the sticky session to apply a shared limit - BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown - BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli - BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. - BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered - MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places - BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf - BUG/MINOR: mux-spop: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf - BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns - BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in mux_pt_shut() - CLEANUP: assorted typo fixes in the code and comments - DEV: patchbot: count the number of backported/non-backported patches - DEV: patchbot: add direct links to show only specific categories - DEV: patchbot: detect commit IDs starting with 7 chars - BUG/MEDIUM: clock: also update the date offset on time jumps - MEDIUM: server: add init-state 2024/08/21 : 3.1-dev6 - BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails - BUG/MINOR: proto_tcp: keep error msg if listen() fails - MINOR: proto_tcp: tcp_bind_listener: copy errno in errmsg - MINOR: channel: implement ci_insert() function - BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI - REGTESTS: mcli: test the pipelined commands on master CLI - MINOR: cfgparse: load_cfg_in_mem: fix null ptr dereference reported by coverity - MINOR: startup: fix unused value reported by coverity - BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID - BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails - BUG/MINOR: cfgparse: parse_cfg: fix null ptr dereference reported by coverity - MINOR: proto_uxst: copy errno in errmsg for syscalls - MINOR: mux-quic: do not trace error in qcc_send_frames() on empty list - BUG/MINOR: h3: properly reject too long header responses - CLEANUP: mworker/cli: clean up the mode handling - BUG/MINOR: tools: make fgets_from_mem() stop at the end of the input - BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity - BUG/MINOR: pattern: pat_ref_set: return 0 if err was found - CI: keep logs for failed QIUC Interop jobs - BUG/MINOR: release-estimator: fix relative scheme in CHANGELOG URL - MINOR: release-estimator: add requirements.txt - MINOR: release-estimator: add installation steps in README.md - MINOR: release-estimator: fix the shebang of the python script - DOC: config: correct the table for option tcplog - MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck() - MINOR: log: "drop" support for log-profile steps - CI: QUIC Interop LibreSSL: document chacha20 test status - CI: modernize codespell action, switch to node 16 - CI: QUIC Interop AWS-LC: enable chrome client - DOC: lua: fix incorrect english in lua.txt - MINOR: Implements new log format of option tcplog clf - MINOR: cfgparse: limit file size loaded via /dev/stdin - BUG/MINOR: stats: fix color of input elements in dark mode - CLEANUP: stats: use modern DOCTYPE tag - BUG/MINOR: stats: add lang attribute to html tag - DOC: quic: fix default minimal value for max window size - DOC: quic: document nocc debug congestion algorithm - MINOR: quic: extract config window-size parsing - MINOR: quic: define max-window-size config setting - MINOR: quic: allocate stream txbuf via qc_stream_desc API - MINOR: mux-quic: account stream txbuf in QCC - MEDIUM: mux-quic: implement API to ignore txbuf limit for some streams - MINOR: h3: mark control stream as metadata - MINOR: mux-quic: define buf_in_flight - MAJOR: mux-quic: allocate Tx buffers based on congestion window - MINOR: quic/config: adapt settings to new conn buffer limit - MINOR: quic: define sbuf pool - MINOR: quic: support sbuf allocation in quic_stream - MEDIUM: h3: allocate small buffers for headers frames - MINOR: mux-quic: retry after small buf alloc failure - BUG/MINOR: cfgparse-global: fix err msg in mworker keyword parser - BUG/MINOR: cfgparse-global: clean common_kw_list - BUG/MINOR: cfgparse-global: remove redundant goto - MINOR: cfgparse-global: move 'pidfile' in global keywords list - MINOR: cfgparse-global: move 'expose-*' in global keywords list - MINOR: cfgparse-global: move tune options in global keywords list - MINOR: cfgparse-global: move unsupported keywords in global list - BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list - MINOR: quic: store the lost packets counter in the quic_cc_event element - MINOR: quic: support a tolerance for spurious losses - MINOR: protocol: properly assign the sock_domain and sock_family - MINOR: protocol: add a family lookup - MEDIUM: socket: always properly use the sock_domain for requested families - MINOR: protocol: add the real address family to the protocol - MINOR: socket: don't ban all custom families from reuseport - MINOR: protocol: always initialize the receivers list on registration - CLEANUP: protocol: no longer initialize .receivers nor .nb_receivers 2024/08/07 : 3.1-dev5 - BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) - MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD - MINOR: quic: rename confusing wording aes to hp - MEDIUM: quic: add key argument to header protection crypto functions - MEDIUM: quic: implement CHACHA20_POLY1305 for AWS-LC - MEDIUM: sink: assume sft appctx stickiness - MINOR: quic: delay Retry emission on quic-force-retry - MEDIUM: quic: implement quic-initial rules - MINOR: quic: support ACL for quic-initial rules - MINOR: quic: pass quic_dgram as obj_type for quic-initial rules - MINOR: quic: implement reject quic-initial action - MINOR: quic: implement send-retry quic-initial rules - BUG/MEDIUM: quic: fix invalid conn reject with CONNECTION_REFUSED - MEDIUM: h1: allow to preserve keep-alive on T-E + C-L - MINOR: quic: Add information to "show quic" for CUBIC cc. - MINOR: quic: Dump TX in flight bytes vs window values ratio. - BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature - BUILD: cfgparse-quic: fix build error on Solaris due to missing netinet/in.h - MINOR: queue: add a function to check for TOCTOU after queueing - BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() - DOC: config: Add documentation about spop mode for backends - BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set - BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path - BUILD: mux-pt: Use the right name for the sedesc variable - BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect - BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC - BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC - BUILD: ssl: replace USE_OPENSSL_AWSLC by OPENSSL_IS_AWSLC - BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content - MINOR: tcp_sample: Move TCP low level sample fetch function to control layer - MINOR: quic: Define ->get_info() control layer callback for QUIC - MINOR: flags/mux-quic: decode qcc and qcs flags - BUG/MINOR: quic: fix fc_rtt/srtt values - BUG/MIONR: quic: fix fc_lost - BUG/MINOR: h1: do not forward h2c upgrade header token - BUG/MINOR: h2: reject extended connect for h2c protocol - BUG/MEDIUM: http-ana: Report error on write error waiting for the response - BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams - BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream - BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync - BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) - CI: add weekly QUIC Interop regression against AWS-LC - CI: harden NetBSD builds by ERR=1 - BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only) - DEV: coccinelle: add a test to detect unchecked strdup() - BUG/MINOR: fcgi-app: handle a possible strdup() failure - BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak - MINOR: quic: convert qc_stream_desc release field to flags - MINOR: quic: implement function to check if STREAM is fully acked - BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM - MINOR: quic: enforce ACK reception is handled in order - DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted - MINOR: stconn: add a new pair of sf functions {bs,fs}.debug_str - MINOR: mux-h2: implement the debug string for logs - MINOR: mux-quic: define dump functions for QCC and QCS - MINOR: mux-quic: implement debug string for logs - MINOR: quic: dump quic_conn debug string for logs - MINOR: time: define tot_time structure - MINOR: mux-quic: measure QCS lifetime and its blocking state - BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn - BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc - BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() - BUG/MINOR: trace: automatically start in waiting mode with "start " - BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion - BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE - MINOR: trace: support setting the sink and level for all sources at once - MINOR: session/trace: enable very minimal session tracing - MEDIUM: trace: implement a "follow" mechanism - MINOR: trace: move the known trace context into a dedicated struct - MINOR: trace: add a per-source helper to pre-fill the context - MINOR: mux-h2: add a trace context filling helper - MINOR: mux-h1: add a trace context filling helper - MINOR: mux-quic: don't leave dangling pointer after freeing qcs->sd - MINOR: mux-quic: add a trace context filling helper - MINOR: mux-h1/trace: add a state trace on stream creation/upgrade - MINOR: mux-h2/trace: add a state trace on stream creation/destruction - MINOR: mux-h3/trace: add a state trace on stream creation/destruction - BUG/MINOR: quic: prevent freeze after early QCS closure - MINOR: server: ensure max_events_at_once > 0 in server_atomic_sync() - MINOR: cfgparse: add struct cfgfile to represent config in memory - REORG: tools: move list_append_word to cfgparse - MINOR: startup: adapt list_append_word to use cfgfile - MINOR: cfgparse: add load_cfg_in_mem - MINOR: cfgparse: load_cfg_in_mem: take in account file size - MINOR: tools: add fgets_from_mem - MEDIUM: startup: make read_cfg() return immediately on ENOMEM - MEDIUM: startup: load and parse configs from memory - MINOR: startup: rename readcfgfile in parse_cfg 2024/07/24 : 3.1-dev4 - MINOR: limits: prepare to keep limits in one place - REORG: fd: move raise_rlim_nofile to limits - CLEANUP: fd: rm struct rlimit definition - REORG: global: move rlim_fd_*_at_boot in limits - MINOR: haproxy: prepare to move limits-related code - REORG: haproxy: move limits handlers to limits - MINOR: limits: add is_any_limit_configured - CLEANUP: quic: remove obsolete comment on send - MINOR: quic: extend detection of UDP API OS features - MINOR: quic: activate UDP GSO for QUIC if supported - MINOR: quic: define quic_cc_path MTU as constant - MINOR: quic: add GSO parameter on quic_sock send API - MAJOR: quic: support GSO when encoding datagrams - MEDIUM: quic: implement GSO fallback mechanism - MINOR: quic: add counters of sent bytes with and without GSO - BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past - CLEANUP: proto: rename TID affinity callbacks - CLEANUP: quic: rename TID affinity elements - BUG/MINOR: limits: fix license type in limits.h - BUG/MINOR: session: Eval L4/L5 rules defined in the default section - CLEANUP: stconn: Fix a typo in comments for SE_ABRT_SRC_* - MEDIUM: spoe: Remove fragmentation support - MEDIUM: spoe: Remove async mode support - MINOR: spoe: Use only a global engine-id per agent - MINOR: spoe: Remove debugging - MAJOR: spoe: Remove idle applets and pipelining support - MINOR: spoe: Remove the dedicated SPOE applet task - MEDIUM: proxy/spoe: Add a SPOP mode - MEDIUM: applet: Add a .shut callback function for applets - MINOR: connection: No longer include stconn type header in connection-t.h - MINOR: stconn: Use a dedicated function to get the opposite sedesc - MINOR: spoe: Rename some flags and constant to use SPOP prefix - MINOR: spoe: Dynamically alloc the message list per event of an agent - MINOR: spoe: Move all stuff regarding the filter/applet in the C file - MINOR: spoe: Move spoe_str_to_vsn() into the header file - MEDIUM: mux-spop: Introduce the SPOP multiplexer - MEDIUM: check/spoe: Use SPOP multiplexer to perform SPOP health-checks - MAJOR: spoe: Rewrite SPOE applet to use the SPOP mux - CLEANUP: spoe: Uniformize function definitions - MINOR: spoe: Add internal sample fetch to retrieve the SPOE engine ID - MEDIUM: spoe: Set a specific name for the connection pool of SPOP servers - MINOR: backend: Remove test on HTX streams to reuse idle connections on connect - MEDIUM: spoe: Force the reuse 'always' mode for SPOP backends - MINOR: mux-spop: Use a dedicated function to update the SPOP connection timeout - MAJOR: mux-spop: Make the SPOP connections reusable - MINOR: stats-html: Display reuse ratio for spop connections - MEDIUM: spoe: Directly xfer NOTIFY frame when SPOE applet is created - MEDIUM: spoe: Directly receive ACK frame in the SPOE context buffer - MEDIUM: mux-spop/spoe: Save negociated max-frame-size value in the mux - MINOR: spoe: Remove the spop version from the SPOE appctx context - MEDIUM: mux-spop: Add checks on received frames - MEDIUM: mux-spop: Announce the pipeling support if possible - MEDIUM: spoe: Forward SPOE context error to the SPOE applet - MEDIUM: spoe: Make the SPOE applet use its own buffers - DOC: spoe: Update SPOE documentation to reflect recent refactoring - BUILD: mux-spop: fix build failure on gcc 4-10 and clang - MINOR: fd: don't scan the full fdtab on all threads - MINOR: server: better mt_list usage for node migration (prev_deleted handling) - BUG/MINOR: do not close uninit FD in quic_test_socketops() - BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts - MINOR: debug: prepare feed_post_mortem_late - CLEANUP: debug: fix indents in debug_parse_cli_show_dev - MINOR: debug: store runtime uid/gid in postmortem - MINOR: debug: keep runtime capabilities in post_mortem - MINOR: debug: use LIM2A to show limits - MINOR: debug: prepare to show runtime limits - MINOR: debug: keep runtime limits in postmortem - DOC: install: don't reference removed CPU arg - BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path - BUG/MAJOR: mux-h2: force a hard error upon short read with pending error - MEDIUM: sink: start applets asynchronously - OPTIM: sink: balance applets accross threads - MEDIUM: ocsp: fix ocsp when the chain is loaded from 'issuers-chain-path' - MEDIUM: ssl: add extra_chain to ckch_data - MINOR: ssl: change issuers-chain for show_cert_detail() - REGTESTS: ssl: test the issuers-chain-path keyword - DOC: configuration: issuers-chain-path not compatible with OCSP - DOC: configuration: issuers-chain-path is compatible with OCSP - BUG/MEDIUM: startup: fix zero-warning mode - BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char (2) - MINOR: cfgparse-global: move mode's keywords in cfg_kw_list - MINOR: cfgparse-global: move no in cfg_kw_list - DOC: config: improve the http-keep-alive section - BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter - BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution - BUG/MINOR: cli: Atomically inc the global request counter between CLI commands - MINOR: stream: Add a pointer to set the parent stream - MINOR: vars: Fill a description instead of hash and scope when a name is parsed - MINOR: vars: Use a description to set/unset a variable instead of its hash and scope - MEDIUM: vars: Be able to parse parent scopes for variables - MINOR: vars: Use a variable description to get variables of a specific scope - MEDIUM: vars: Be able to retrieve variable of the parent stream, if any - MEDIUM: spoe: Set the parent stream for SPOE streams - BUG/MINOR: quic: Non optimal first datagram. - DOC: config: Add a dedicated section about variables - DOC: config: Add info about variable scopes referencing the parent stream - DOC: config: Explicitly state the SPOE streams have a usable parent stream - MINOR: quic: Avoid cc priv buffer overflow. - MINOR: spoe: Add a function to validate a version is supported - MINOR: spoe: export the list of SPOP error reasons - MEDIUM: spoe/tcpcheck: Reintroduce SPOP check as a customized tcp-check - REGTESTS: check/spoe: Re-enable the script performing SPOP health-checks - BUG/MEDIUM: sink: properly init applet under sft lock - MINOR: sink: unify and sink_forward_io_handler() and sink_forward_oc_io_handler() - MINOR: sink: Remove useless test on SE_FL_SHR/SHW flags - MINOR: sink: merge sink_forward_io_handler() with sink_forward_oc_io_handler() - MINOR: sink: add some comments about sft->appctx usage in applet handlers - MINOR: sink: distinguish between hard and soft close in _sink_forward_io_handler() - MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface - MINOR: ring: count processed messages in ring_dispatch_messages() - MINOR: sink: add processed events counter in sft - MEDIUM: sink: "max-reuse" support for sink servers - OPTIM: sink: consider threads' current load when rebalancing applets 2024/07/10 : 3.1-dev3 - BUG/MINOR: quic: Wrong datagram building when probing. - BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking - BUG/MINOR: promex: Remove Help prefix repeated twice for each metric - DOC: configuration: add details about crt-store in bind "crt" keyword - BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers - DOC: configuration: more details about the master-worker mode - BUG/MEDIUM: server: fix race on server_atomic_sync() - BUG/MINOR: jwt: don't try to load files with HMAC algorithm - CLEANUP: quic: cleanup prototypes related to CIDs handling - CLEANUP: quic: remove non-existing quic_cid_tree definition - MINOR: quic: remove access to CID global tree outside of quic_cid module - REORG: quic: remove quic_cid_trees reference from proto_quic - MINOR: quic: add 2 BUG_ON() on datagram dispatch - MINOR: quic: ensure quic_conn is never removed on thread affinity rebind - MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD - DOC: configuration: update maxconn description - MINOR: proto: extend connection thread rebind API - BUG/MEDIUM: quic: prevent crash on accept queue full - BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx - CI: add weekly QUIC Interop regression against LibreSSL - DEV: flags/quic: decode quic_conn flags - MINOR: quic: rename "ssl error" trace - BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn - BUG/MINOR: jwt: fix variable initialisation - MINOR: ssl/sample: ssl_c_san returns a comma separated list of SAN - OPTIM: pool: improve needed_avg cache line access pattern - MAJOR: import: update mt_list to support exponential back-off (try #2) - CI: weekly QUIC Interop: try to fix private image - BUG/MINOR: h1: Fail to parse empty transfer coding names - BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value - BUG/MEDIUM: h1: Reject empty Transfer-encoding header - BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread - BUILD: listener: silence a build warning about unused value without threads - DOC: architecture: remove the totally outdated architecture manual - SCRIPTS: create-release: no more need to skip architecture.txt 2024/06/29 : 3.1-dev2 - BUG/MINOR: log: fix broken '+bin' logformat node option - DEBUG: hlua: distinguish burst timeout errors from exec timeout errors - REGTESTS: ssl: fix some regtests 'feature cmd' start condition - BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configuration - MINOR: ssl: activate sigalgs feature for AWS-LC - REGTESTS: ssl: activate new SSL reg-tests with AWS-LC - BUG/MEDIUM: proxy: fix email-alert invalid free - REORG: mailers: move free_email_alert() to mailers.c - BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try) - DOC: configuration: fix alphabetical order of bind options - DOC: management: document ptr lookup for table commands - BUG/MAJOR: quic: fix padding with short packets - BUG/MAJOR: quic: do not loop on emission on closing/draining state - MINOR: sample: date converter takes HTTP date and output an UNIX timestamp - SCRIPTS: git-show-backports: do not truncate git-show output - DOC: api/event_hdl: small updates, fix an example and add some precisions - BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission - BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure - BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure - BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure - DEV: flags/show-fd-to-flags: adapt to recent versions - MINOR: capabilities: export capget and __user_cap_header_struct - MINOR: capabilities: prepare support for version 3 - MINOR: capabilities: use _LINUX_CAPABILITY_VERSION_3 - MINOR: cli/debug: show dev: add cmdline and version - MINOR: cli/debug: show dev: show capabilities - MINOR: debug: print gdb hints when crashing - BUILD: debug: also declare strlen() in __ABORT_NOW() - BUILD: Missing inclusion header for ssize_t type - BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() - MINOR: cfgparse/log: remove leftover dead code - BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session - MINOR: stick-table: Always decrement ref count before killing a session - REORG: init: do MODE_CHECK_CONDITION logic first - REORG: init: encapsulate CHECK_CONDITION logic in a func - REORG: init: encapsulate 'reload' sockpair and master CLI listeners creation - REORG: init: encapsulate code that reads cfg files - BUG/MINOR: server: fix first server template name lookup UAF - MINOR: activity: make the memory profiling hash size configurable at build time - BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error - BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid - BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid - BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() - BUG/MINOR: quic: fix race condition in qc_check_dcid() - BUG/MINOR: quic: fix race-condition on trace for CID retrieval 2024/06/14 : 3.1-dev1 - REGTESTS: Remove REQUIRE_VERSION=2.1 from all tests - REGTESTS: Remove REQUIRE_VERSION=2.2 from all tests - CI: use "--no-install-recommends" for apt-get - CI: switch to lua 5.4 - CI: use USE_PCRE2 instead of USE_PCRE - DOC: replace the README by a markdown version - CI: VTest: accelerate package install a bit - ADMIN: acme.sh: remove the old acme.sh code - BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning - BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser - BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory - DOC: configuration: add an example for keywords from crt-store - CI: speedup apt package install - DOC: add the FreeBSD status badge to README.md - DOC: change the link to the FreeBSD CI in README.md - MINOR: stktable: avoid ambiguous stktable_data_ptr() usage in cli_io_handler_table() - BUG/MINOR: hlua: use CertCache.set() from various hlua contexts - CLEANUP: hlua: fix CertCache class comment - CI: FreeBSD: upgrade image, packages - BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless - MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd - BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released - BUG/MINOR: quic: prevent crash on qc_kill_conn() - CLEANUP: hlua: use hlua_pusherror() where relevant - BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP - BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage - BUG/MINOR: hlua: prevent LJMP in hlua_traceback() - CLEANUP: hlua: get rid of hlua_traceback() security checks - BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path - CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() - BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego - MINOR: mux-quic: Don't send an emtpy H3 DATA frame during zero-copy forwarding - BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL - BUG/MINOR: quic: fix computed length of emitted STREAM frames - BUG/MINOR: quic: ensure Tx buf is always purged - BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts - BUG/MAJOR: mux-h1: Properly copy chunked input data during zero-copy nego - BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag - DOC: install: remove boringssl from the list of supported libraries - MINOR: log: fix "http-send-name-header" ignore warning message - BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit() - BUG/MINOR: proxy: fix log_tag leak on deinit() - BUG/MINOR: proxy: fix email-alert leak on deinit() - BUG/MINOR: proxy: fix check_{command,path} leak on deinit() - BUG/MINOR: proxy: fix dyncookie_key leak on deinit() - BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit() - BUG/MINOR: proxy: fix header_unique_id leak on deinit() - MINOR: proxy: add proxy_free_common() helper function - BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions - MINOR: log: change wording in lf_expr_postcheck() error message - BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section - CLEANUP: log/proxy: fix comment in proxy_free_common() - DOC: config: move "hash-key" from proxy to server options - DOC: config: add missing section hint for "guid" proxy keyword - DOC: config: add missing context hint for new server and proxy keywords - BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section - DOC: internals: add a documentation about the master worker - BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request - BUG/MINOR: quic: fix padding of INITIAL packets - OPTIM: quic: fill whole Tx buffer if needed - MINOR: quic: refactor qc_build_pkt() error handling - MINOR: quic: use global datagram headlen definition - MINOR: quic: refactor qc_prep_pkts() loop - DOC/MINOR: management: add missed -dR and -dv options - DOC/MINOR: management: add -dZ option - DOC: management: rename show stats domain cli "dns" to "resolvers" - REORG: log: reorder send log helpers by dependency order - MINOR: session: expose session_embryonic_build_legacy_err() function - MEDIUM: log/session: handle embryonic session log within sess_log() - MINOR: log: provide sending log context to process_send_log() when available - MINOR: log: add log_orig_to_str() function - MINOR: log: provide log origin in logformat expressions using '%OG' - CLEANUP: log: remove ambiguous legacy comment for resolve_logger() - MINOR: log/backend: always free parsing hints in resolve_logger() - MINOR: log: make resolve_logger() static - MINOR: log: provide proxy context to resolve_logger() - MINOR: log: add __send_log_set_metadata_sd helper - MINOR: log: add logger flags - MINOR: log: add log-profile parsing logic - MINOR: log: add log profile buildlines - MEDIUM: log: handle log-profile in process_send_log() - DOC: config: add documentation for log profiles - REGTESTS: log: add a test for log-profile - MINOR: ssl: add ssl_sock_bind_verifycbk() in ssl_sock.h - REORG: ssl: move the SNI selection code in ssl_clienthello.c - BUILD: ssl: fix build with wolfSSL - CI: github: upgrade aws-lc to 1.29.0 - Revert "CI: github: upgrade aws-lc to 1.29.0" - MEDIUM: ssl: support for ECDA+RSA certificate selection with AWS-LC - BUILD: ssl: disable deprecated functions for AWS-LC 1.29.0 - MINOR: ssl: relax the 'ssl.default-dh-param' keyword parsing - CI: github: upgrade aws-lc to 1.29.0 - DOC: INSTALL: minimum AWS-LC version is v1.22.0 - CI: github: do the AWS-LC weekly build with ERR=1 2024/05/29 : 3.1-dev0 - MINOR: version: mention that it's development again 2024/05/29 : 3.0.0 - MINOR: sample: implement the uptime sample fetch - CI: scripts: fix build of vtest regarding option -C - CI: scripts: build vtest using multiple CPUs - MINOR: log: rename 'log-format tag' to 'log-format alias' - DOC: config: document logformat item naming and typecasting features - BUILD: makefile: yearly reordering of objects by build time - BUILD: fd: errno is also needed without poll() - DOC: config: fix two typos "RST_STEAM" vs "RST_STREAM" - DOC: config: refer to the non-deprecated keywords in ocsp-update on/off - DOC: streamline http-reuse and connection naming definition - REGTESTS: complete http-reuse test with pool-conn-name - DOC: config: add %ID logformat alias alternative - CLEANUP: ssl/ocsp: readable ifdef in ssl_sock_load_ocsp - BUG/MINOR: ssl/ocsp: init callback func ptr as NULL - CLEANUP: ssl_sock: move dirty openssl-1.0.2 wrapper to openssl-compat - BUG/MINOR: activity: fix Delta_calls and Delta_bytes count - CI: github: upgrade the WolfSSL job to 5.7.0 - DOC: install: update quick build reminders with some missing options - DOC: install: update the range of tested openssl version to cover 3.3 - DEV: patchbot: prepare for new version 3.1-dev - MINOR: version: mention that it's 3.0 LTS now. 2024/05/24 : 3.0-dev13 - CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf - MINOR: ssl: check parameter in ckch_conf_cmp() - BUG/MINOR: ring: free ring's allocated area not ring's usable area when using maps - DOC: configuration: rework the crt-store load documentation - DEBUG: tools: add vma_set_name() helper - DEBUG: shctx: name shared memory using vma_set_name() - DEBUG: sink: add name hint for memory area used by memory-backed sinks - DEBUG: pollers: add name hint for large memory areas used by pollers - DEBUG: errors: add name hint for startup-logs memory area - DEBUG: fd: add name hint for large memory areas - MEDIUM: ssl: don't load file by discovering them in crt-store - DOC: configuration: update the crt-list documentation - DOC: configuration: add the supported crt-store options in crt-list - BUG/MEDIUM: proto: fix fd leak in _connect_server - MINOR: sock: set conn->err_code in case of EPERM - BUG/MINOR: http-ana: Don't crush stream termination condition on internal error - MAJOR: spoe: Let the SPOE back into the game - BUG/MINOR: connection: parse PROXY TLV for LOCAL mode - BUG/MINOR: server: free PROXY v2 TLVs on srv drop - MINOR: rhttp: add log on connection allocation failure - BUG/MEDIUM: rhttp: fix preconnect on single-thread - BUG/MINOR: rhttp: prevent listener suspend - BUG/MINOR: rhttp: fix task_wakeup state - MINOR: session: define flag to explicitely release listener on free - MEDIUM: rhttp: create session for active preconnect - MINOR: rhttp: support PROXY emission on preconnect - MINOR: connection: support PROXY v2 TLV emission without stream - MINOR: traces: enumerate the list of levels/verbosities when not found - BUG/MINOR: sock: fix sock_create_server_socket - MINOR: proto: fix coding style - BUG/MAJOR: quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only) - REGTESTS: scripts: allow to change the vtest timeout - BUG/MEDIUM: quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305 - CI: scripts/build-ssl.sh: loudly fail on unsupported platforms - BUG/MEDIUM: mux-quic: Create sedesc in same time of the QUIC stream - MINOR: mux-quic: Set abort info for SC-less QCS on STOP_SENDING frame - CI: scripts/build-ssl: add a DESTDIR and TMPDIR variable - CI: scripts/buil-ssl: cleanup the boringssl and quictls build - MINOR: config: add thread-hard-limit to set an upper bound to nbthread - BUILD: quic: fix unused variable warning when threads are disabled - BUG/MEDIUM: stick-tables: Fix race with peers when trashing oldest entries - BUG/MEDIUM: stick-tables: Fix race with peers when killing a sticky session - BUG/MEDIUM: stick-tables: make sure never to create two same remote entries - CLEANUP: stick-tables: remove a few unneeded tests for use_wrlock - MINOR: stick-tables: remove the uneeded read lock in stksess_free() - CLEANUP: tools: fix vma_set_name() function comment - DEBUG: tools: add vma_set_name_id() helper - DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints - DOC: config: fix aes_gcm_enc() description text - BUILD: trace: fix warning on null dereference - MEDIUM: config: prevent communication with privileged ports - MAJOR: config: prevent QUIC with clients privileged port by default - BUG/MINOR: quic: adjust restriction for stateless reset emission - MINOR: quic: clarify doc for quic_recv() - MINOR: server: generalize sni expr parsing - MINOR: server: define pool-conn-name keyword - MEDIUM: connection: use pool-conn-name instead of sni on reuse - BUG/MINOR: rhttp: initialize session origin after preconnect reversal - BUG/MEDIUM: server/dns: preserve server's port upon resolution timeout or error - BUG/MINOR: http-htx: Support default path during scheme based normalization - BUG/MINOR: server: Don't reset resolver options on a new default-server line - DOC: quic: specify that connection migration is not supported - DOC: config: fix incorrect section reference about custom log format - DOC: config: uniformize the naming and description of custom log format args - DOC: config: clarify the fact that custom log format is not just for logging - REGTESTS: acl_cli_spaces: avoid a warning caused by undefined logs 2024/05/18 : 3.0-dev12 - CI: drop asan.log umbrella completely - BUG/MINOR: log: fix leak in add_sample_to_logformat_list() error path - BUG/MINOR: log: smp_rgs array issues with inherited global log directives - MINOR: rhttp: Don't require SSL when attach-srv name parsing - REGTESTS: ssl: be more verbose with ocsp_compat_check.vtc - DOC: Update UUID references to RFC 9562 - MINOR: hlua: add hlua_nb_instruction getter - MEDIUM: hlua: take nbthread into account in hlua_get_nb_instruction() - BUG/MEDIUM: server: clear purgeable conns before server deletion - BUG/MINOR: mux-quic: fix error code on shutdown for non HTTP/3 - BUG/MINOR: qpack: fix error code reported on QPACK decoding failure - BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned - BUG/MEDIUM: stick-tables: properly mark stktable_data as packed - SCRIPTS: run-regtests: fix a few occurrences of extended regexes - BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit - MINOR: dynbuf: provide a b_dequeue() variant for multi-thread - BUG/MEDIUM: muxes: enforce buf_wait check in takeover() - BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found - BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme - BUG/MAJOR: h1: Be stricter on request target validation during message parsing - MINOR: qpack: prepare error renaming - MINOR: h3/qpack: adjust naming for errors - MINOR: h3: adjust error reporting on sending - MINOR: h3: adjust error reporting on receive - MINOR: mux-quic: support glitches - MINOR: h3: report glitch on RFC violation - BUILD: stick-tables: better mark the stktable_data as 32-bit aligned - MINOR: ssl: rename tune.ssl.ocsp-update.mode in ocsp-update.mode - REGTESTS: update the ocsp-update tests - BUILD: stats: remove non portable getline() usage - MEDIUM: ssl: add ocsp-update.mindelay and ocsp-update.maxdelay - BUILD: log: get rid of non-portable strnlen() func - BUG/MEDIUM: fd: prevent memory waste in fdtab array - CLEANUP: compat: make the MIN/MAX macros more reliable - Revert: MEDIUM: evports: permit to report multiple events at once" - BUG/MINOR: stats: Don't state the 303 redirect response is chunked - MINOR: mux-h1: Add a flag to ignore the request payload - REORG: mux-h1: Group H1S_F_BODYLESS_* flags - CLEANUP: mux-h1: Remove unused H1S_F_ERROR_MASK mask value - MEDIUM: mux-h1: Support C-L/T-E header suppressions when sending messages - MINOR: ssl: ckch_store_new_load_files_conf() loads filenames from ckch_conf - MEDIUM: ssl/crtlist: loading crt-store keywords from a crt-list - CLEANUP: ssl/ocsp: remove the deprecated parsing code for "ocsp-update" - MINOR: ssl: pass ckch_store instead of ckch_data to ssl_sock_load_ocsp() - MEDIUM: ssl: ckch_conf_parse() uses -1/0/1 for off/default/on - MINOR: ssl: handle PARSE_TYPE_INT and PARSE_TYPE_ONOFF in ckch_store_load_files() - MINOR: ssl/ocsp: use 'ocsp-update' in crt-store - MINOR: ssl: ckch_conf_clean() utility function for ckch_conf - MEDIUM: ssl: add ocsp-update.disable global option - MEDIUM: ssl/cli: handle crt-store keywords in crt-list over the CLI - MINOR: ssl: ckch_conf_cmp() compare multiple ckch_conf structures - MEDIUM: ssl: temporarily load files by detecting their presence in crt-store - REGTESTS: ocsp-update: change the reg-test to support the new crt-store mode - DOC: capabilities: fix chapter header rendering 2024/05/10 : 3.0-dev11 - BUILD: clock: improve check for pthread_getcpuclockid() - CI: add Illumos scheduled workflow - CI: netbsd: limit scheduled workflow to parent repo only - OPTIM: log: resolve logformat options during postparsing - BUG/MINOR: haproxy: only tid 0 must not sleep if got signal - REGTEST: add tests for acl() sample fetch - BUG/MINOR: acl: support built-in ACLs with acl() sample - BUG/MINOR: cfgparse: use curproxy global var from config post validation - MEDIUM: stconn/muxes: Add an abort reason for SE shutdowns on muxes - MINOR: mux-h2: Set the SE abort reason when a RST_STREAM frame is received - MEDIUM: mux-h2: Forward h2 client cancellations to h2 servers - MINOR: mux-quic: Set tha SE abort reason when a STOP_SENDING frame is received - MINOR: stconn: Add samples to retrieve about stream aborts - MINOR: mux-quic: Add .ctl callback function to get info about a mux connection - MINOR: muxes: Add ctl commands to get info on streams for a connection - MINOR: connection: Add samples to retrieve info on streams for a connection - BUG/MEDIUM: log/ring: broken syslog octet counting - BUG/MEDIUM: mux-quic: fix crash on STOP_SENDING received without SD - DOC: lua: fix filters.txt file location - MINOR: dynbuf: pass a criticality argument to b_alloc() - MINOR: dynbuf: add functions to help queue/requeue buffer_wait fields - MINOR: dynbuf: use the b_queue()/b_requeue() functions everywhere - MEDIUM: dynbuf: make the buffer_wq an array of list heads - CLEANUP: tinfo: better align fields in thread_ctx - MINOR: dynbuf: provide a b_dequeue() function to detach a bw from the queue - MEDIUM: dynbuf: generalize the use of b_dequeue() to detach buffer_wait - MEDIUM: dynbuf/stream: re-enable queueing upon failed buffer allocation - MEDIUM: dynbuf/stream: do not allocate the buffers in the callback - MEDIUM: applet: make appctx_buf_available() only wake the applet up, not allocate - MINOR: applet: set the blocking flag in the buffer allocation function - MINOR: applet: adjust the allocation criticity based on the requested buffer - MINOR: dynbuf/mux-h1: use different criticalities for buffer allocations - MEDIUM: dynbuf/mux-h1: do not allocate the buffers in the callback - MEDIUM: dynbuf: refrain from offering a buffer if more critical ones are waiting - MINOR: stconn: report that a buffer allocation succeeded - MINOR: stream: report that a buffer allocation succeeded - MINOR: applet: report about buffer allocation success - MINOR: mux-h1: report that a buffer allocation succeeded - MEDIUM: stream: allocate without queuing when retrying - MEDIUM: channel: allocate without queuing when retrying - MEDIUM: mux-h1: allocate without queuing when retrying - MEDIUM: dynbuf: implement emergency buffers - MEDIUM: dynbuf: use emergency buffers upon failed memory allocations 2024/05/04 : 3.0-dev10 - BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding - REGTESTS: cache: Add test on 'vary' other than accept-encoding - BUG/MINOR: stats: replace objt_* by __objt_* macros - CLEANUP: tools/cbor: rename cbor_encode_ctx struct members - MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx - BUG/MINOR: log: fix global lf_expr node options behavior - CLEANUP: log: add a macro to know if a lf_node is configurable - MINOR: httpclient: allow to use absolute URI with new flag HC_F_HTTPROXY - MINOR: ssl: introduce ocsp_update.http_proxy for ocsp-update keyword - BUG/MINOR: log/encode: consider global options for key encoding - BUG/MINOR: log/encode: fix potential NULL-dereference in LOGCHAR() - BUG/MINOR: log: fix global lf_expr node options behavior (2nd try) - MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx (again) - BUG/MEDIUM: log: don't ignore disabled node's options - BUG/MINOR: stconn: don't wake up an applet waiting on buffer allocation - MINOR: sock: rename sock to sock_fd in sock_create_server_socket - MEDIUM: proto_uxst: take in account server namespace - MEIDUM: unix sock: use my_socketat to create bind socket - MINOR: sock_set_mark: take sock family in account - MEDIUM: proto: make common fd checks in sock_create_server_socket - MINOR: sock: add EPERM case in sock_handle_system_err - MINOR: capabilities: add cap_sys_admin support - CLEANUP: ssl: clean the includes in ssl_ocsp.c - CLEANUP: ssl: move the global ocsp-update options parsing to ssl_ocsp.c - MINOR: stats: fix visual alignment for stat_cols_px definition - MINOR: stats: convert req_tot as generic column - MINOR: stats: prepare stats-file support for values other than FN_COUNTER - MINOR: counters: move freq-ctr from proxy/server into counters struct - MINOR: stats: support rate in stats-file - MINOR: stats: convert rate as generic column for proxy stats - MINOR: counters: move last_change into counters struct - MINOR: stats: support age in stats-file - MINOR: stats: convert age as generic column for proxy stat - CLEANUP: ssl: rename new_ckch_store_load_files_path() to ckch_store_new_load_files_path() - MINOR: ssl: rename ocsp_update.http_proxy into ocsp-update.httpproxy - REORG: stats: define stats-proxy source module - MINOR: stats: extract proxy clear-counter in a dedicated function - REGTESTS: stats: add test stats-file counters preload - CI: netbsd: adjust packages after NetBSD-10 released - CLEANUP: assorted typo fixes in the code and comments - REGTESTS: replace REQUIRE_VERSION by version_atleast - MEDIUM: log: optimizing tmp->type handling in sess_build_logline() - BUG/MINOR: log: prevent double spaces emission in sess_build_logline() - OPTIM: log: declare empty buffer as global variable - OPTIM: log: use thread local lf_buildctx to stop pushing it on the stack - OPTIM: log: use lf_buildctx's buffer instead of temporary stack buffers - OPTIM: log: speedup date printing in sess_build_logline() when no encoding is used 2024/04/27 : 3.0-dev9 - BUILD: ssl: use %zd for sizeof() in ssl_ckch.c - MINOR: backend: use be_counters for health down accounting - BUG/MINOR: backend: use cum_sess counters instead of cum_conn - BUG/MINOR: stats: fix stot metric for listeners - REGTESTS: use -dI for insecure fork by default in the regtest scripts - MINOR: stats: rename proxy stats - MINOR: stats: rename ambiguous stat_l and stat_count - MINOR: stats: rename info stats - MINOR: stats: use stricter naming stats/field/line - MINOR: stats: use STAT_F_* prefix for flags - BUG/MEDIUM: applet: Let's applets decide if they have more data to deliver - BUILD: stick-tables: silence build warnings when threads are disabled - MINOR: tools: Rename `ha_generate_uuid` to `ha_generate_uuid_v4` - MINOR: Add `ha_generate_uuid_v7` - MINOR: Add support for UUIDv7 to the `uuid` sample fetch - MEDIUM: shctx: Naming shared memory context - BUG/MINOR: h1: fix detection of upper bytes in the URI - MINOR: intops: add a pair of functions to check multi-byte ranges - TESTS: add a unit test for the multi-byte range checks - CLEANUP: h1: make use of the multi-byte matching functions - REGTESTS: ssl: Remove "sleep" calls from ocsp auto update test - BUG/MEDIUM: peers: Automatically start to learn on local peer - BUG/MEDIUM: peers: Reprocess peer state after all session shutdowns - MINOR: peers: Remove unused PEERS_F_RESYNC_REQUESTED flag - MINOR: peers: Don't set TEACH flags on a peer from the sync task - MINOR: peers: Use a peer flag to block the applet waiting ack of the sync task - BUG/MEDIUM: peers: Wait for sync task ack when a resynchro is finished - MINOR: peers: Remove unused PEERS_F_RESYNC_PROCESS flag - MINOR: applet: Add a function to know the side where an applet was created - MEDIUM: peers: Simplify the peer flags dealing with the connection state - MEDIUM: peers: Use true states for the peer applets as seen from outside - MEDIUM: peers: Use true states for the learn state of a peer - MINOR: peers: Start learning for local peer before receiving messages - MINOR: peers: Rename PEERS_F_TEACH_COMPLETE to PEERS_F_LOCAL_TEACH_COMPLETE - MINOR: peers: Reorder and slightly rename PEER flags - MINOR: peers: Reorder and rename PEERS flags - REORG: peers: Move peer and peers flags in the corresponding header file - DEV: flags/peers: Decode PEER and PEERS flags - MINOR: peers: Add comment on processing functions of the sync task - MINOR: peers: Use a static variable to wait a resync on reload - BUG/MEDIUM: peers: Use atomic operations on peers flags when necessary - REORG: peers: Rename all occurrences to 'ps' variable - BUG/MINOR: peers: Don't wait for a remote resync if there no remote peer - MINOR: stats: update ambiguous "metrics" naming to "stat_cols" - MINOR: stats: introduce a more expressive stat definition method - MINOR: stats: implement automatic metric generation from stat_col - MINOR: stats: hide some columns in output - MEDIUM: stats: convert counters to new column definition - MINOR: stats: define stats-file output format support - MEDIUM: stats: implement dump stats-file CLI - MINOR: ist: define iststrip() new function - MINOR: guid: define guid_is_valid_fmt() - MINOR: stats: apply stats-file on process startup - MINOR: stats: parse header lines from stats-file - MINOR: stats: parse values from stats-file - MEDIUM: stats: define stats-file keyword - BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null - CLEANUP: log: remove unused checks for encode_{chunk,string} - MINOR: log: store lf_expr nodes inside substruct - MINOR: log: global lf_expr node options - CLEANUP: log: simplify complex values usages in sess_build_logline() - MINOR: log: skip custom logformat_node name if empty - MINOR: log: add lf_int() wrapper to print integers - MINOR: log: add lf_rawtext{_len}() functions - MEDIUM: log: pass date strings to lf_rawtext() - MEDIUM: log: write raw strings using lf_rawtext() - MEDIUM: log: use lf_rawtext for lf_ip() and lf_port() hex strings - MINOR: log: explicitly handle %ts and %tsc as text strings - MINOR: log: use LOG_VARTEXT_{START,END} to enclose text strings - MINOR: log: make all lf_* sess build helper static - MINOR: log: merge lf_encode_string() and lf_encode_chunk() logic - MEDIUM: log: lf_* build helpers now take a ctx argument - MINOR: log: expose node typecast in lf_buildctx struct - MINOR: log: postpone conversion for sample expressions in sess_build_logline() - MINOR: log: add LOG_OPT_NONE flag - MINOR: log: add no_escape_map to bypass escape with _lf_encode_bytes() - MINOR: log: add +bin logformat node option - MINOR: log: add +json encoding option - MINOR: tools: add cbor encode helpers - MINOR: log: add +cbor encoding option - MINOR: log: support true cbor binary encoding - CLEANUP: dynbuf: move the reserve and limit parsers to dynbuf.c - MINOR: list: add a macro to detect that a list contains at most one element - MINOR: cli/wait: rename the condition "srv-unused" to "srv-removable" 2024/04/19 : 3.0-dev8 - BUG/MINOR: cli: Don't warn about a too big command for incomplete commands - BUG/MINOR: listener: always assign distinct IDs to shards - BUG/MINOR: log: fix lf_text_len() truncate inconsistency - BUG/MINOR: tools/log: invalid encode_{chunk,string} usage - BUG/MINOR: log: invalid snprintf() usage in sess_build_logline() - CLEANUP: log: lf_text_len() returns a pointer not an integer - MINOR: quic: simplify qc_send_hdshk_pkts() return - MINOR: quic: uniformize sending methods for handshake - MINOR: quic: improve sending API on retransmit - MINOR: quic: use qc_send_hdshk_pkts() in handshake IO cb - MEDIUM: quic: remove duplicate hdshk/app send functions - OPTIM: quic: do not call qc_send() if nothing to emit - OPTIM: quic: do not call qc_prep_pkts() if everything sent - BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection - BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values - BUILD: makefile: warn about unknown USE_* variables - BUILD: makefile: support USE_xxx=0 as well - BUG/MINOR: guid: fix crash on invalid guid name - BUILD: atomic: fix peers build regression on gcc < 4.7 after recent changes - BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented - BUILD: cache: fix non-inline vs inline declaration mismatch to silence a warning - BUILD: debug: make DEBUG_STRICT=1 the default - BUILD: pools: make DEBUG_MEMORY_POOLS=1 the default option - CI: update the build options to get rid of unneeded DEBUG options - BUILD: makefile: get rid of the config CFLAGS variable - BUILD: makefile: allow to use CFLAGS to append build options - BUILD: makefile: drop the SMALL_OPTS settings - BUILD: makefile: move -O2 from CPU_CFLAGS to OPT_CFLAGS - BUILD: makefile: get rid of the CPU variable - BUILD: makefile: drop the ARCH variable and better document ARCH_FLAGS - BUILD: makefile: extract ARCH_FLAGS out of LDFLAGS - BUILD: makefile: move the fwrapv option to STD_CFLAGS - BUILD: makefile: make the ERR variable also support 0 - BUILD: makefile: add FAILFAST to select the -Wfatal-errors behavior - BUILD: makefile: extract -Werror/-Wfatal-errors from automatic CFLAGS - BUILD: makefile: split WARN_CFLAGS from SPEC_CFLAGS - BUILD: makefile: rename SPEC_CFLAGS to NOWARN_CFLAGS - BUILD: makefile: do not pass warnings to VERBOSE_CFLAGS - BUILD: makefile: also drop DEBUG_CFLAGS - CLEANUP: makefile: make the output of the "opts" target more readable - DOC: install: clarify the build process by splitting it into subsections - BUG/MINOR: server: fix slowstart behavior - BUG/MEDIUM: cache/stats: Handle inbuf allocation failure in the I/O handler - MINOR: ssl: add the section parser for 'crt-store' - DOC: configuration: Add 3.12 Certificate Storage - REGTESTS: ssl: test simple case of crt-store - MINOR: ssl: rename ckchs_load_cert_file to new_ckch_store_load_files_path - MINOR: ssl/crtlist: alloc ssl_conf only when a valid keyword is found - BUG/MEDIUM: stick-tables: fix the task's next expiration date - CLEANUP: stick-tables: always respect the to_batch limit when trashing - BUG/MEDIUM: peers/trace: fix crash when listing event types - BUG/MAJOR: stick-tables: fix race with peers in entry expiration - DEBUG: pool: improve decoding of corrupted pools - REORG: pool: move the area dump with symbol resolution to tools.c - DEBUG: pools: report the data around the offending area in case of mismatch - MINOR: listener/protocol: add proto name in alerts - MINOR: proto_quic: add proto name in alert - BUG/MINOR: lru: fix the standalone test case for invalid revision - DOC: management: fix typos - CI: revert kernel addr randomization introduced in 3a0fc864 - MINOR: ring: clarify the usage of ring_size() and add ring_allocated_size() - BUG/MAJOR: ring: use the correct size to reallocate startup_logs - MINOR: ring: always check that the old ring fits in the new one in ring_dup() - CLEANUP: ssl: remove dead code in cfg_parse_crtstore() - MINOR: ssl: supports crt-base in crt-store - MINOR: ssl: 'key-base' allows to load a 'key' from a specific path - MINOR: net_helper: Add support for floats/doubles. - BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses - MINOR: peers: Split resync process function to separate running/stopping states - MINOR: peers: Add 2 peer flags about the peer learn status - MINOR: peers: Add flags to report the peer state to the resync task - MINOR: peers: sligthly adapt part processing the stopping signal - MINOR: peers: Add functions to commit peer changes from the resync task - BUG/MINOR: peers: Report a resync was explicitly requested from a thread-safe manner - BUG/MAJOR: peers: Update peers section state from a thread-safe manner - MEDIUM: peers: Only lock one peer at a time in the sync process function - MINOR: peer: Restore previous peer flags value to ease debugging - BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered - BUILD: cache: fix a build warning with gcc < 7 - BUILD: xxhash: silence a build warning on Solaris + gcc-5.5 - CI: reduce ASAN log redirection umbrella size - CLEANUP: assorted typo fixes in the code and comments - BUG/MEDIUM: evports: do not clear returned events list on signal - MEDIUM: evports: permit to report multiple events at once - MEDIUM: ssl: support aliases in crt-store - BUG/MINOR: ssl: check on forbidden character on wrong value - BUG/MINOR: ssl: fix crt-store load parsing - BUG/MEDIUM: applet: Fix applet API to put input data in a buffer - BUG/MEDIUM: spoe: Always retry when an applet fails to send a frame - BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached - BUILD: linuxcap: Properly declare prepare_caps_from_permitted_set() - BUG/MEDIUM: peers: fix localpeer regression with 'bind+server' config style - MINOR: peers: stop relying on srv->addr to find peer port - MEDIUM: ssl: support a named crt-store section - MINOR: stats: remove implicit static trash_chunk usage - REORG: stats: extract HTML related functions - REORG: stats: extract JSON related functions - MEDIUM: ssl: crt-base and key-base local keywords for crt-store - MINOR: stats: Get the right prototype for stats_dump_html_end(). - MAJOR: ssl: use the msg callback mecanism for backend connections - MINOR: ssl: implement keylog fetches for backend connections - BUG/MINOR: stconn: Fix sc_mux_strm() return value - MINOR: mux-pt: Test conn flags instead of sedesc ones to perform a full close - MINOR: stconn/connection: Move shut modes at the SE descriptor level - MINOR: stconn: Rewrite shutdown functions to simplify the switch statements - MEDIUM: stconn: Use only one SC function to shut connection endpoints - MEDIUM: stconn: Explicitly pass shut modes to shut applet endpoints - MEDIUM: stconn: Use one function to shut connection and applet endpoints - MEDIUM: muxes: Use one callback function to shut a mux stream - BUG/MINOR: sock: handle a weird condition with connect() - BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets - BUG/MEDIUM: peers: Don't set PEERS_F_RESYNC_PROCESS flag on a peer - BUG/MEDIUM: peers: Fix state transitions of a peer - MINOR: init: use RLIMIT_DATA instead of RLIMIT_AS - CI: modernize macos matrix 2024/04/06 : 3.0-dev7 - BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message - BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities - MEDIUM: ssl: Add 'tune.ssl.ocsp-update.mode' global option - REGTESTS: ssl: Add OCSP update compatibility tests - REGTESTS: ssl: Add functional test for global ocsp-update option - BUG/MINOR: server: reject enabled for dynamic server - BUG/MINOR: server: fix persistence cookie for dynamic servers - MINOR: server: allow cookie for dynamic servers - REGTESTS: Fix script about OCSP update compatibility tests - BUG/MINOR: cli: Report an error to user if command or payload is too big - MINOR: sc_strm: Add generic version to perform sync receives and sends - MEDIUM: stream: Use generic version to perform sync receives and sends - MEDIUM: buf: Add b_getline() and b_getdelim() functions - MEDIUM: applet: Handle applets with their own buffers in put functions - MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands - MINOR: applet: Always use applet API to set appctx flags - BUG/MEDIUM: applet: State appctx have more data if its EOI/EOS/ERROR flag is set - MAJOR: cli: Update the CLI applet to handle its own buffers - MINOR: applet: Let's applets .snd_buf function deal with full input buffers - MINOR: stconn: Add a connection flag to notify sending data are the last ones - MAJOR: cli: Use a custom .snd_buf function to only copy the current command - DOC: config: balance 'first' not usable in LOG mode - BUG/MINOR: log/balance: detect if user tries to use unsupported algo - MINOR: lbprm: implement true "sticky" balance algo - MEDIUM: log/balance: leverage lbprm api for log load-balancing - BUG/BUILD: debug: fix unused variable error - MEDIUM: lb-chash: Deterministic node hashes based on server address - BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4) - REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests (2) - CLEANUP: Reapply ist.cocci (3) - CLEANUP: Reapply strcmp.cocci (2) - CLEANUP: Reapply xalloc_cast.cocci - CLEANUP: Reapply ha_free.cocci - CI: vtest: show coredumps if any - REGTESTS: ssl: disable ssl/ocsp_auto_update.vtc - BUG/MINOR: backend: properly handle redispatch 0 - MINOR: quic: HyStart++ implementation (RFC 9406) - BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty - BUG/MEDIUM: stick-table: use the update lock when reading tables from peers - BUG/MAJOR: applet: fix a MIN vs MAX usage in appctx_raw_rcv_buf() - OPTIM: peers: avoid the locking dance around peer_send_teach_process_msgs() - BUILD: quic: 32 bits compilation issue (QUIC_MIN() usage) - BUG/MEDIUM: server/lbprm: fix crash in _srv_set_inetaddr_port() - MEDIUM: mworker: get rid of libsystemd - BUILD: systemd: fix build error on non-systemd systems with USE_SYSTEMD=1 - BUG/MINOR: bwlim/config: fix missing '\n' after error messages - MINOR: stick-tables: mark the seen stksess with a flag "seen" - OPTIM: stick-tables: check the stksess without taking the read lock - MAJOR: stktable: split the keys across multiple shards to reduce contention - CI: extend Fedora Rawhide, add m32 mode - BUG/MINOR: stick-tables: Missing stick-table key nullity check - BUILD: systemd: enable USE_SYSTEMD by default with TARGET=linux-glibc - MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message - BUG/MINOR: proxy: fix logformat expression leak in use_backend rules - MEDIUM: log: rename logformat var to logformat tag - MINOR: log: expose logformat_tag struct - MEDIUM: log: carry tag context in logformat node - MEDIUM: tree-wide: add logformat expressions wrapper - MINOR: proxy: add PR_FL_CHECKED flag - MAJOR: log: implement proper postparsing for logformat expressions - MEDIUM: log: add compiling logic to logformat expressions - MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing - MINOR: guid: introduce global UID module - MINOR: guid: restrict guid format - MINOR: proxy: implement GUID support - MINOR: server: implement GUID support - MINOR: listener: implement GUID support - DOC: configuration: grammar fixes for strict-sni - BUG/MINOR: init: relax LSTCHK_NETADM checks for non root - MEDIUM: capabilities: check process capabilities sets - CLEANUP: global: remove LSTCHK_CAP_BIND - BUG/MEDIUM: quic: don't blindly rely on unaligned accesses 2024/03/26 : 3.0-dev6 - MINOR: mux-h2: always use h2c_report_glitch() - MEDIUM: mux-h2: allow to set the glitches threshold to kill a connection - MINOR: quic: simplify rescheduling for handshake - MINOR: quic: remove qc_treat_rx_crypto_frms() - DOC: configuration: clarify ciphersuites usage (V2) - MINOR: tools: use public interface for FreeBSD get_exec_path() - BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm() - BUG/MINOR: ssl: do not set the aead_tag flags in sample_conv_aes_gcm() - BUG/MINOR: server: fix first server template not being indexed - MEDIUM: ssl: initialize the SSL stack explicitely - MEDIUM: ssl: allow to change the OpenSSL security level from global section - CLEANUP: ssl: remove useless #ifdef in openssl-compat.h - CI: github: add -DDEBUG_LIST to the default builds - BUG/MINOR: hlua: segfault when loading the same filter from different contexts - BUG/MINOR: hlua: missing lock in hlua_filter_new() - BUG/MINOR: hlua: fix missing lock in hlua_filter_delete() - DEBUG: lua: precisely identify if stream is stuck inside lua or not - MINOR: hlua: use accessors for stream hlua ctx - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try) - MINOR: debug: enable insecure fork on the command line - CI: github: add -dI to haproxy arguments - BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release - BUG/MINOR: listener: Don't schedule frontend without task in listener_release() - MINOR: session: rename private conns elements - BUG/MAJOR: server: do not delete srv referenced by session - BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout - BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop - MAJOR: spoe: Deprecate the SPOE filter - MINOR: cfgparse: Add a global option to expose deprecated directives - MINOR: spoe: Add SPOE filters in the exposed deprecated directives - CLEANUP: assorted typo fixes in the code and comments - CI: temporarily adjust kernel entropy to work with ASAN/clang - BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small - BUG/MINOR: session: ensure conn owner is set after insert into session - BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1 - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe - BUG/MAJOR: ocsp: Separate refcount per instance and per store - REGTESTS: ssl: Add OCSP related tests - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing - BUG/MEDIUM: ssl: Fix crash in ocsp-update log function - MEDIUM: ssl: Change output of ocsp-update log - MINOR: ssl: Change level of ocsp-update logs - CLEANUP: ssl: Remove undocumented ocsp fetches - REGTESTS: ssl: Add checks on ocsp-update log format - MINOR: connection: implement conn_release() - MINOR: connection: extend takeover with release option - MEDIUM: server: close idle conn on server deletion - MEDIUM: mux: prepare for takeover on private connections - MEDIUM: server: close private idle connection before server deletion - BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet - BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block - BUILD: server: fix build regression on old compilers (<= gcc-4.4) - OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6} - MINOR: debug: add "debug dev trace" to flood with traces - MINOR: atomic: add a read-specific variant of __ha_cpu_relax() - MINOR: applet: add new function applet_append_line() - MINOR: log/applet: add new function syslog_applet_append_event() - MEDIUM: ring/sink: use applet_append_line()/syslog_applet_append_event() for readers - REORG: dns/ring: split the ring between the generic one and the DNS one - MEDIUM: ring: move the ring reader code to ring_dispatch_messages() - MEDIUM: sink: move the generic ring forwarder code use ring_dispatch_messages() - MEDIUM: log/sink: make the log forwarder code use ring_dispatch_messages() - MINOR: buf: add b_add_ofs() to add a count to an absolute position - MINOR: buf: add b_rel_ofs() to turn an absolute offset into a relative one - MINOR: buf: add b_putblk_ofs() to copy a block at a specific position - MINOR: buf: add b_getblk_ofs() that works relative to area and not head - MINOR: ring: make the ring reader use only absolute offsets - MINOR: ring: reserve one special value for the readers count - MINOR: vecpair: add new vector pair based data manipulation mechanisms - MINOR: vecpair: add necessary functions to use vecpairss from/to ring APIs - MINOR: ring: rename totlen vs msglen in ring_write() - MINOR: ring: add ring_data() to report the amount of data in a ring - MINOR: ring: add ring_size() to return the ring's size - MINOR: ring: add ring_dup() to copy a ring into another one - MINOR: ring: also add ring_area(), ring_head(), ring_tail() - MINOR: ring: make callers use ring_data() and ring_size(), not ring->buf - MINOR: errors: use ring_dup() to duplicate the startup_logs - MINOR: ring: use ring_size(), ring_area(), ring_head() and ring_tail() - MINOR: ring: add a flag to indicate a mapped file - MAJOR: ring: insert an intermediary ring_storage level - MINOR: ring: resize only under thread isolation - MINOR: ring: allow to reduce a ring size - MEDIUM: ring: replace the buffer API in ring_write() with the vec<->ring API - MEDIUM: ring: change the ring reader to use the new vector-based API now - MEDIUM: ring: remove the struct buffer from the ring - MEDIUM: ring: align the head and tail fields in the ring_storage structure - MINOR: ring: make the reader check the readers count before inc/dec - MEDIUM: ring: lock the tail's readers counters before proceeding with the changes - MEDIUM: ring: protect the reader's positions against writers - MEDIUM: ring: use the topmost bit of the tail as a lock - MEDIUM: move the ring's lock to only protect the readers list - MEDIUM: ring: unlock the ring's tail earlier - MINOR: ring: don't take the readers lock if there are no readers - MEDIUM: ring/applet: turn the wait_entry list to an mt_list instead - MEDIUM: ring: protect the initialization of the initial reader offset - MINOR: ring: make sure ring_dispatch waits when facing a changing message - MAJOR: ring: drop the now unneeded lock - OPTIM: ring: don't even try to update offset when failed to read - OPTIM: ring: have only one thread at a time wake up all readers - MINOR: ring: keep a few frequently used pointers in the local stack - MINOR: ring: add the definition of a ring waiting cell - MINOR: ring: make the number of queues configurable - MAJOR: ring: implement a waiting queue in front of the ring - MEDIUM: ring: significant boost in the loop by checking the ring queue ptr first - MEDIUM: ring: improve speed in the queue waiting loop on x86_64 - MINOR: ring: simplify the write loop a little bit - CLEANUP: ring: further simplify the write loop - MINOR: ring: it's not x86 but all non-ARMv8.1 which needs the read before OR - MINOR: ring: avoid writes to cells during copy - OPTIM: ring: use relaxed stores to release the threads - CLEANUP: ring: use only curr_cell and not next_cell in the main write loop - BUILD: ssl: fix build error on older compilers with openssl-3.2 - BUG/MINOR: server: 'source' interface ignored from 'default-server' directive - BUG/MAJOR: ring: free the ring storage not the ring itself when using maps 2024/03/09 : 3.0-dev5 - BUG/MEDIUM: applet: Fix HTX .rcv_buf callback function to release outbuf buffer - BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI - BUG/MEDIUM: server: fix dynamic servers initial settings - BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist - LICENSE: event_hdl: fix GPL license version - LICENSE: http_ext: fix GPL license version - BUG/MEDIUM: mux-h1: Fix again 0-copy forwarding of chunks with an unknown size - BUG/MINOR: mux-h1: Properly report when mux is blocked during a nego - MINOR: mux-h1: Move checks performed before a shutdown in a dedicated function - MINOR: mux-h1: Move all stuff to detach a stream in an internal function - MAJOR: mux-h1: Drain requests on client side before shut a stream down - MEDIUM: htx/http-ana: No longer close connection on early HAProxy response - MINOR: quic: filter show quic by address - MINOR: quic: specify show quic output fields - MINOR: quic: add MUX output for show quic - CLEANUP: mux-h2: Fix h2s_make_data() comment about the return value - DOC: configuration: clarify ciphersuites usage - BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener - BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel - MINOR: hlua: Be able to disable logging from lua - BUG/MINOR: tools: seed the statistical PRNG slightly better - BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack - BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts - BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load - BUG/MINOR: hlua: improper lock usage in hlua_filter_callback() - BUG/MINOR: hlua: improper lock usage in hlua_filter_new() - BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP() - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe() - MINOR: hlua: use SEND_ERR to report errors in hlua_event_runner() - CLEANUP: hlua: txn class functions may LJMP - BUG/MINOR: sink: fix a race condition in the TCP log forwarding code - BUILD: thread: move lock label definitions to thread-t.h - BUILD: tree-wide: fix a few missing includes in a few files - BUILD: buf: make b_ncat() take a const for the source - CLEANUP: assorted typo fixes in the code and comments - CLEANUP: fix typo in naming for variable "unused" - CI: run more smoke tests on config syntax to check memory related issues - CI: enable monthly build only test on netbsd-9.3 - CI: skip scheduled builds on forks - BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description - BUG/MEDIUM: quic: fix connection freeze on post handshake - BUG/MINOR: mux-quic: fix crash on aborting uni remote stream - CLEANUP: log: fix obsolete comment for add_sample_to_logformat_list() - CLEANUP: tree-wide: use proper ERR_* return values for PRE_CHECK fcts - BUG/MINOR: cfgparse: report proper location for log-format-sd errors - MINOR: vars: export var_set and var_unset functions - MINOR: Add aes_gcm_enc converter - BUG/MEDIUM: quic: fix handshake freeze under high traffic - MINOR: quic: always use ncbuf for rx CRYPTO - BUILD: ssl: define EVP_CTRL_AEAD_GET_TAG for older versions - DOC: design: write first notes about ring-v2 - OPTIM: sink: try to merge "dropped" messages faster - OPTIM: sink: drop the sink lock used to count drops - DEV: haring: make haring not depend on the struct ring itself - DEV: haring: split the code between ring and buffer - DEV: haring: automatically use the advertised ring header size - BUILD: solaris: fix compilation errors 2024/02/23 : 3.0-dev4 - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing - BUG/MEDIUM: quic: Wrong K CUBIC calculation. - MINOR: quic: Update K CUBIC calculation (RFC 9438) - MINOR: quic: Dynamic packet reordering threshold - MINOR: quic: Add a counter for reordered packets - BUG/MAJOR: mux-h1: Fix zero-copy forwarding when sending chunks of unknown size - MINOR: stats: Use a dedicated function to check if output is almost full - BUG/MEDIUM: applet: Add a flag to state an applet is using zero-copy forwarding - BUG/MEDIUM: stconn/applet: Block 0-copy forwarding if producer needs more room - MINOR: applet: Remove uselelss test on SE_FL_SHR/SHW flags - MEDIUM: applet: Add notion of shutdown for write for applets - MINOR: cli: No longer check SC for shutdown to interrupt wait command - BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending - BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up - CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield - MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield - MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side - MINOR: muxes: Announce support for zero-copy forwarding on consumer side - BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides - MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding - BUG/MINOR: quic: reject unknown frame type - MINOR: quic: handle all frame types on reception - BUG/MINOR: quic: reject HANDSHAKE_DONE as server - BUG/MINOR: qpack: reject invalid increment count decoding - BUG/MINOR: qpack: reject invalid dynamic table capacity - DOC/MINOR: userlists: mention solutions to high cpu with hashes - DOC: quic: Missing tuning setting in "Global parameters" - BUG/MEDIUM: applet: Immediately free appctx on early error - BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets - BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data - BUG/MEDIUM: quic: fix transient send error with listener socket - MINOR: log: custom name for logformat node - MINOR: sample: add type_to_smp() helper function - MINOR: log: explicit typecasting for logformat nodes - MINOR: log: simplify last_isspace in sess_build_logline() - MINOR: log: simplify quotes handling in sess_build_logline() - MINOR: log: print metadata prefixes separately in sess_build_logline() - MINOR: log: automate string array construction in sess_build_logline() - DOC: quic: fix recommandation for bind on multiple address - MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support - OPTIM: quic: improve slightly qc_snd_buf() internal - MINOR: quic: move IP_PKTINFO on send on a dedicated function - MINOR: quic: remove sendto() usage variant - MINOR: quic: only use sendmsg() syscall variant - BUILD: applet: fix build on some 32-bit archs - BUG/MINOR: quic: initialize msg_flags before sendmsg - BUG/MEDIUM: mux-h1: Don't emit 0-CRLF chunk in h1_done_ff() when iobuf is empty - CLEANUP: proxy/log: remove unused proxy flag - CLEANUP: log: fix process_send_log() indentation - CLEANUP: log: use free_logformat_list() in parse_logformat_string() - MINOR: log: add free_logformat_node() helper function - BUG/MINOR: log: fix potential lf->name memory leak - BUG/MINOR: ist: allocate nul byte on istdup - BUG/MINOR: stats: drop srv refcount on early release - BUG/MAJOR: promex: fix crash on deleted server - BUG/MAJOR: server: fix stream crash due to deleted server - BUG/MEDIUM: mux-quic: do not crash on qcs_destroy for connection error - MINOR: cli: Remove useless loop on commands to find unescaped semi-colon - BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n - BUG/MAJOR: cli: Restore non-interactive mode behavior with pipelined commands - BUG/MINOR: quic: fix output of show quic - MINOR: ssl: Call callback function after loading SSL CRL data - BUG/MINOR: ist: only store NUL byte on succeeded alloc 2024/02/10 : 3.0-dev3 - DOC: configuration: clarify http-request wait-for-body - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions - MINOR: h3: add traces for stream sending function - BUG/MEDIUM: h3: do not crash on invalid response status code - BUG/MEDIUM: qpack: allow 6xx..9xx status codes - BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON - CLEANUP: log: deinitialization of the log buffer in one function - BUG/MINOR: h1: Don't support LF only at the end of chunks - BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size - MINOR: ssl: add HAVE_SSL_0RTT constant - MINOR: ssl: rename HA_OPENSSL_HAVE_0RTT_SUPPORT constant to HAVE_SSL_0RTT_QUIC - MEDIUM: ssl/quic: always compile the ssl_conf.early_data test - DOC: httpclient: add dedicated httpclient section - BUG/MINOR: h1-htx: properly initialize the err_pos field - BUG/MEDIUM: h1: always reject the NUL character in header values - CLEANUP: h1: remove unused function h1_measure_trailers() - BUG/MINOR: ssl/quic: fix 0RTT define - MINOR: mux-quic: prepare for earlier flow control update - MINOR: mux-quic: define a flow control related type - MEDIUM: mux-quic: limit stream flow control on snd_buf - MEDIUM: mux-quic: limit conn flow control on snd_buf - MINOR: mux-quic: remove unneeded sent-offset fields - MINOR: mux-quic: check fctl during STREAM frame build - MAJOR: mux-quic: remove intermediary Tx buffer - MEDIUM: mux-quic: simplify sending API - MEDIUM: mux-quic: release Tx buf on too small room - MEDIUM: mux-quic: properly handle conn Tx buf exhaustion - MINOR: mux-quic: realign Tx buffer if possible - CLEANUP: connection: remove obsolete comment in header file - OPTIM: connection: progressive hash for conn_calculate_hash() - MINOR: tcp_act: fix alphabetical ordering of tcp request content actions - MINOR: tcp-act: Rename "set-{mark,tos}" to "set-fc-{mark,tos}" - MINOR: hlua: Rename set_{tos, mark} to set_fc_{tos, mark} - MEDIUM: tcp-act: support for set-fc-{mark,tos} actions - MEDIUM: tcp-act/backend: support for set-bc-{mark,tos} actions - MINOR: stats: Be able to access to registered stats modules from anywhere - MEDIUM: stats: Be able to access a specific field into a stats module - MINOR: promex: Add a param to override the description when a metric is dumped - MINOR: promex: Add info in the promex context to dump extra counters - MEDIUM: promex: Dump frontends extra counters if requested - MEDIUM: promex: Dump backends extra counters if requested - MEDIUM: promex: Dump servers extra counters if requested - MEDIUM: promex: Dump listeners extra counters if requested - DOC: promex: Add documentation about extra-counters - MINOR: promex: Always limit the number of labels dumped for each metric - MEDIUM: promex: Simplify the context using generic pointers for restart points - MINOR: promex: Remove unsued htx parameter when a metric is dumped - MEDIUM: promex: Add a registration mechanism to support modules - MEDIUM: promex: Dump metrics of registered modules with a way to filter them - MEDIUM: promex/stick-table: Dump stick-table metrics via a promex module - MEDIUM: promex/resolvers: Dump resolvers metrics via a promex module - MINOR: promex: Rename dump functions to use the right wording - MINOR: promex: Always pass the final name and description to promex_dmp_ts() - MEDIUM: promex: Add support for filters on metric names - REGTESTS: promex: Adapt script to be less verbose - MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding - MINOR: debug: make sure calls to ha_crash_now() are never merged - MINOR: debug: make ABORT_NOW() store the caller's line number when using abort - BUG/MINOR: diag: always show the version before dumping a diag warning - BUG/MINOR: diag: run the final diags before quitting when using -c - MINOR: acl: add extra diagnostics about suspicious string patterns - BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit. - BUILD: quic: Variable name typo inside a BUG_ON(). - DOC: config: fix typo for '%ms' log format alternative - DOC: config: fix ordering for "txn.*" fetches - MINOR: stream: add "txn.redispatch" fetch - BUILD: debug: remove leftover parentheses in ABORT_NOW() - MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT - BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call - MINOR: debug: support passing an optional message in ABORT_NOW() - MINOR: debug: add an optional message argument to the BUG_ON() family - DEBUG: make the "debug dev {debug|warn|check}" command print a message - CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438) - BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation - MINOR: quic: Stop using 1024th of a second. - CI: github: abandon asan matrix.py helper - CI: ssl: add yet another OpenSSL download fallback - DOC: install: clarify WolfSSL chroot requirements - MINOR: task: Move wait_event in the task header file - MINOR: stconn: Be able to detect applets using HTX - MINOR: stconn: Explicitly use an appctx to attach a stconn on it - MINOR: stconn: Be prepared to handle error when a SC is attached to an applet - MINOR: applet: Add dedicated IN/OUT buffers for appctx - MINOR: applet: Add traces to debug receive/send and block/wake events - MINOR: applet: Add support for callback functions to exchange data with channels - MINOR: applet: Implement default functions to exchange data with channels - MEDIUM: stconn: Add functions to handle applets I/O from the SC layer - MEDIM: applet: Add the applet handler based on IN/OUT buffers - MINOR: applet: Show IN/OUT buffers in trace messages when used - MINOR: applet: Add flags on the appctx and stop abusing its state - MINIOR: applet: Add flags to deal with ends of input, ends of stream and errors - MINOR: applet: Remove appctx state field to only used the flags - MINOR: applet: Add an appctx flag to report shutdown to applets - MEDIUM: applet: Use appctx flags to report EOS/EOI/ERROR to SE - MINOR: applet: Add callback function to deal with zero-copy forwarding - MEDIUM: applet: Add support for zero-copy forwarding from an applet - MINOR: applet: Automatically handle applets having more data for the stream - MEDIUM: stats: Don't interrupt processing on partial post - MAJOR: stats: Update HTTP stats applet to handle its own buffers - MEDIUM: cache: Temporarily remove zero-copy forwarding support - MAJOR: cache: Update HTTP cache applet to handle its own buffers - MAJOR: cache: Send cached objects using zero-copy forwarding - MINOR: stconn: Add support for flags during zero-copy forwarding negotiation - MINOR: mux-h1: Be able to define the length of a chunk size when it is prepended - MEDIUM: stconn: Nofify requested size during zero-copy forwarding nego is exact - MINOR: mux-h1: Stop zero-copy forwarding during nego for too big requested size - MEDIUM: mux-h1: Support zero-copy forwarding for chunks with an unknown size - MAJOR: stats: Send stats dump over HTTP using zero-copy forwarding - MEDIUM: applet: Simplify a bit API to exchange data with applets - MINOR: cache: Remove unsed .data_sent field from the cache applet context - MINOR: applet: Use an option to disable zero-copy forwarding for all applets - MINOR: applet: Identify applets using their own buffers via a flag - BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch - MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid - BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line - BUG/MEDIUM: ocsp: Separate refcount per instance and per store - BUG/MINOR: ssl: Destroy ckch instances before the store during deinit - BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list" - REGTESTS: ssl: Add OCSP related tests - REGTESTS: ssl: Fix empty line in cli command input - DOC: install: recommend pcre2 - DOC: config: fix misplaced "txn.conn_retries" - DOC: config: fix typos for "bytes_{in,out}" - DOC: config: fix misplaced "bytes_{in,out}" - DOC: config: add more custom log format table alternatives - MINOR: stream: rename "txn.redispatch" to "txn.redispatched" - MINOR: sample: implement bc_{be,srv}_queue samples - BUG/MINOR: mux-h2: count rejected DATA frames against the connection's flow control - MINOR: mux-h2: count excess of CONTINUATION frames as a glitch - MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch - DOC: internal: update missing data types in peers-v2.0.txt - MEDIUM: stick-tables: add a new stored type for glitch_cnt and glitch_rate - MINOR: session: add the necessary functions to update the per-session glitches - MEDIUM: mux-h2: update session trackers with number of glitches - BUG/MINOR: server/cli: add missing LF at the end of certain notice/error lines - BUG/MINOR: vars/cli: fix missing LF after "get var" output - BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs - MINOR: cli: make sure to always print a pending message after release() - MINOR: cli: always reset the applet task's timeout - MINOR: cli: add a new "wait" command to wait for a certain delay - BUG/MINOR: applet: Always release empty appctx buffers after processing - MINOR: server: split the server deletion code in two parts - MINOR: cli/wait: make the wait command support a more detailed help message - MINOR: cli/wait: also support an unrecoverable failure status - MINOR: cli/wait: also pass up to 4 arguments to the external conditions - MINOR: cli/wait: add a condition to wait on a server to become unused - CI: Update to actions/cache@v4 - BUILD: address a few remaining calloc(size, n) cases - BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush() 2024/01/26 : 3.0-dev2 - MINOR: ot: logsrv struct becomes logger - MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name - CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec() - DEV: patchbot: produce a verdict for too long commit messages - CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec() (part 2) - CLEANUP: quic: Double quic_dgram_parse() prototype declaration. - BUG/MINOR: map: list-based matching potential ordering regression - REGTESTS: add a test to ensure map-ordering is preserved - DOC: config: fix typo about map_*_key converters - DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay - MINOR: map: mapfile ordering also matters for tree-based match types - DEV: phash: add a trivial perfect hash generator for integers - OPTIM: http: simplify http_get_status_idx() using a hash - CLEANUP: http: avoid duplicating literals in find_http_meth() - MINOR: http: add infrastructure to choose status codes for err / fail - MEDIUM: http_act: check status codes against the bit fields for err/fail - MEDIUM: http: add the ability to redefine http-err-codes and http-fail-codes - CI: codespell: ignore some words in URLs - CI: codespell: add more words to whitelist - CLEANUP: fix spelling of "occured" in src/h3.c - BUILD: quic: missing include for quic_tp - BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control - MEDIUM: ssl: allow multiple fallback certificate to allow ECDSA/RSA selection - MEDIUM: ssl: generate '*' SNI filters for default certificates - MEDIUM: ssl: does not use default_ctx for 'generate-certificate' option - REORG: ssl: move 'generate-certificates' code to ssl_gencert.c - DOC: configuration: update configuration on how to have multiple default certs - MEDIUM: ssl: implements 'default-crt' keyword for bind Lines - CI: github: update wolfSSL to 5.6.6 - DOC: INSTALL: require at least WolfSSL 5.6.6 - DEV: h2: add support for multiple flags in mkhdr - DEV: h2: support hex-encoded data sequences in mkhdr - BUG/MINOR: mux-h2: also count streams for refused ones - BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT) - MINOR: vars: fix indentation in var_clear_buffer() - DOC: configuration: fix set-dst in actions keywords matrix - BUG/MEDIUM: mux-h2: refine connection vs stream error on headers - MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc - MINOR: mux-h2: add a counter of "glitches" on a connection - MINOR: connection: add a new mux_ctl to report number of connection glitches - MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES - MINOR: connection: add sample fetches to report per-connection glitches - BUILD: stick-table: fix build error on 32-bit platforms - MINOR: quic: Transport parameters encoding without version_information - MINOR: quic: Enable early data at SSL session level (aws-lc) - MINOR: ssl_sock: Early data disabled during SSL_CTX switching (aws-lc) - MINOR: quic: Correctly wait for the completion of handshakes with early data (aws-lc) - BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI - BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs - BUILD: quic: fix build error when using the compatibility layer - BUILD: quic: Fix build error when building QUIC against wolfssl. - BUILD: quic: Fix build error when building QUIC against libressl. - BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var() - CLEANUP: hlua: fix indent, remove extra return in hlua_core_get_var() - BUG/MEDIUM: cache: Fix crash when deleting secondary entry - BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available - CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro. - MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT) - MINOR: quic: extract qc_stream_buf free in a dedicated function - BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf - CLEANUP: fix spelling of "elemt" - CI: extend spell check white list - CI: enable spell check on git push - BUILD: makefile: also define cmd_CXX to pretty-print C++ build commands - BUILD/MEDIUM: deviceatlas: addon build rework. - DOC: deviceatlas: update to be in line with the v3 api. - BUILD/MEDIUM: deviceatlas: updating the addon part. - BUILD: deviceatlas: remove unneeded depenency on libcurl / libzip - BUILD: deviceatlas: fix empty "-I" left on CFLAGS - Revert "CI: enable spell check on git push" 2024/01/06 : 3.0-dev1 - MINOR: channel: Use dedicated functions to deal with STREAMER flags - MEDIUM: applet: Handle channel's STREAMER flags on applets size - MINOR: applets: Use channel's field to compute amount of data received - MEDIUM: cache: Save body size of cached objects and track it on delivery - MEDIUM: cache: Add support for endp-to-endp fast-forwarding - MINOR: cache: Add global option to enable/disable zero-copy forwarding - MINOR: pattern: Use reference name as filename to read patterns from a file - MEDIUM: pattern: Add support for virtual and optional files for patterns - DOC: config: Add section about name format for maps and ACLs - DOC: management/lua: Update commands about map and acl - MINOR: promex: Add support for specialized front/back/li/srv metric names - MINOR: promex: Export active/backup metrics per-server - BUG/MINOR: ssl: Double free of OCSP Certificate ID - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA) - DOC: configuration: typo req.ssl_hello_type - MINOR: hq-interop: add fastfwd support - CLEANUP: mux_quic: rename ffwd function with prefix qmux_strm_ - MINOR: mux-quic: add traces for 0-copy/fast-forward - BUG/MINOR: mworker/cli: fix set severity-output support - CLEANUP: mworker/cli: add comments about pcli_find_and_exec_kw() - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records - BUILD: ssl: update types in wolfssl cert selection callback - MINOR: ssl: activate the certificate selection callback for WolfSSL - CI: github: switch to wolfssl git-c4b77ad for new PR - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions - BUG/MINOR: ext-check: cannot use without preserve-env - CLEANUP: mux-quic: remove unused prototype - MINOR: mux-quic: clean up qcs Rx buffer allocation API - MINOR: mux-quic: clean up qcs Tx buffer allocation API - CLEANUP: mux-quic: clean up app ops callback definitions - MINOR: mux-quic: factorize QC_SF_UNKNOWN_PL_LENGTH set - MINOR: h3: complete traces for sending - MINOR: h3: adjust zero-copy sending related code - MINOR: hq-interop: use zero-copy to transfer single HTX data block - BUG/MEDIUM: quic: QUIC CID removed from tree without locking - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally - CLEANUP: mux-h1: Fix a trace message about C-L header addition - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty - BUG/MEDIUM: mux-quic: report early error on stream - DOC: config: add arguments to sample fetch methods in the table - DOC: config: also add arguments to the converters in the table - BUG/MINOR: resolvers: default resolvers fails when network not configured - SCRIPTS: mk-patch-list: produce a list of patches - DEV: patchbot: add the AI-based bot to pre-select candidate patches to backport - BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty - BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty - BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C - BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams - DOC: config: Update documentation about local haproxy response - DEV: patchbot: use checked buttons as reference instead of internal table - DEV: patchbot: allow to show/hide backported patches - MINOR: h3: remove quic_conn only reference - BUG/MINOR: server: Use the configured address family for the initial resolution - MINOR: mux-quic: remove qcc_shutdown() from qcc_release() - MINOR: mux-quic: use qcc_release in case of init failure - MINOR: mux-quic: adjust error code in init failure - MINOR: h3: add traces for connection init stage - BUG/MINOR: h3: properly handle alloc failure on finalize - MINOR: h3: use INTERNAL_ERROR code for init failure - BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error - MINOR: stats: store the parent proxy in stats ctx (http) - BUG/MEDIUM: stats: unhandled switching rules with TCP frontend - MEDIUM: proxy: set PR_O_HTTP_UPG on implicit upgrades - MINOR: proxy: monitor-uri works with tcp->http upgrades - OPTIM: server: eb lookup for server_find_by_name() - OPTIM: server: ebtree lookups for findserver_unique_* functions - MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage - MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype - BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event - MINOR: server: ensure connection cleanup on server addr changes - CLEANUP: server/event_hdl: remove purge_conn hint in INETADDR event - MEDIUM: server: merge srv_update_addr() and srv_update_addr_port() logic - CLEANUP: server: remove unused server_parse_addr_change_request() function - CLEANUP: resolvers: remove duplicate func prototype - MINOR: resolvers: add unique numeric id to nameservers - MEDIUM: server: make server_set_inetaddr() updater serializable - MINOR: server/event_hdl: expose updater info through INETADDR event - MINOR: server: add dns hint in server_inetaddr_updater struct - MEDIUM: server/dns: clear RMAINT when addr resolves again - BUG/MINOR: server/dns: use server_set_inetaddr() to unset srv addr from DNS - BUG/MEDIUM: server/dns: perform svc_port updates atomically from SRV records - MEDIUM: peers: use server as stream target - CLEANUP: peers: remove unused sock_init_arg struct member - CLEANUP: peers: remove unused "proto" and "xprt" struct members - MINOR: peers: rely on srv->addr and remove peer->addr - DOC: config: add context hint for server keywords - MINOR: stktable: add table_process_entry helper function - MINOR: stktable: use {show,set,clear} table with ptr - MINOR: map: add map_*_key converters to provide the matching key - DOC: fix typo for fastfwd QUIC option - BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission - MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS - BUG/MINOR: mux-quic: disable fast-fwd if connection on error - BUG/MINOR: quic: Wrong keylog callback setting. - BUG/MINOR: quic: Missing call to TLS message callbacks - MINOR: h3: check connection error during sending - BUG/MINOR: h3: close connection on header list too big - BUG/MINOR: h3: close connection on sending alloc errors - BUG/MINOR: h3: disable fast-forward on buffer alloc failure - Revert "MINOR: mux-quic: Disable zero-copy forwarding for send by default" - MINOR: stktable: stktable_data_ptr() cannot fail in table_process_entry() - CLEANUP: assorted typo fixes in the code and comments - CI: use semantic version compare for determing "latest" OpenSSL - CLEANUP: server: remove ambiguous check in srv_update_addr_port() - CLEANUP: resolvers: remove unused RSLV_UPD_OBSOLETE_IP flag - CLEANUP: resolvers: remove some more unused RSLV_UDP flags - MEDIUM: server: simplify snr_set_srv_down() to prevent confusions - MINOR: backend: export get_server_*() functions - MINOR: tcpcheck: export proxy_parse_tcpcheck() - MEDIUM: udp: allow to retrieve the frontend destination address - MINOR: global: export a way to list build options - MINOR: debug: add features and build options to "show dev" - BUG/MINOR: server: fix server_find_by_name() usage during parsing - REGTESTS: check attach-srv out of order declaration - CLEANUP: quic: Remaining useless code into server part - BUILD: quic: Missing quic_ssl.h header protection - BUG/MEDIUM: h3: fix incorrect snd_buf return value - MINOR: h3: do not consider missing buf room as error on trailers - BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable - BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego - BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up - MINOR: mux-h2: support limiting the total number of H2 streams per connection - CLEANUP: mux-h2: remove the printfs from previous commit on h2 streams limit. - DEV: h2: add the ability to emit literals in mkhdr - DEV: h2: add the preface as well in supported output types - DEV: h2: support passing raw data for a frame - IMPORT: ebtree: implement and use flsnz_long() to count bits - IMPORT: ebtree: switch the sizes and offsets to size_t and ssize_t - IMPORT: ebtree: rework the fls macros to better deal with arch-specific ones - IMPORT: ebtree: make string_equal_bits turn back to unsigned char - IMPORT: ebtree: use unsigned ints for flznz() - IMPORT: ebtree: make string_equal_bits() return an unsigned 2023/12/05 : 3.0-dev0 - exact copy of 2.9.0 2023/12/05 : 2.9.0 - DOC: config: add missing colon to "bytes_out" sample fetch keyword (2) - BUG/MINOR: cfgparse-listen: fix warning being reported as an alert - DOC: config: add matrix entry for "max-session-srv-conns" - DOC: config: fix monitor-fail typo - DOC: config: add context hint for proxy keywords - DEBUG: stream: Report lra/fsb values for front end back SC in stream dump - REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter - BUG/MINOR: sample: Make the `word` converter compatible with `-m found` - DOC: Clarify the differences between field() and word() - BUG/MINOR: server/event_hdl: properly handle AF_UNSPEC for INETADDR event - BUILD: http_htx: silence uninitialized warning on some gcc versions - MINOR: acme.sh: don't use '*' in the filename for wildcard domain - MINOR: global: Use a dedicated bitfield to customize zero-copy fast-forwarding - MINOR: mux-pt: Add global option to enable/disable zero-copy forwarding - MINOR: mux-h1: Add global option to enable/disable zero-copy forwarding - MINOR: mux-h2: Add global option to enable/disable zero-copy forwarding - MINOR: mux-quic: Add global option to enable/disable zero-copy forwarding - MINOR: mux-quic: Disable zero-copy forwarding for send by default - DOC: config: update the reminder on the HTTP model and add some terminology - DOC: config: add a few more differences between HTTP/1 and 2+ - DOC: config: clarify session vs stream - DOC: config: fix typo abandonned -> abandoned - DOC: management: fix two latest typos (optionally, exception) - BUG/MEDIUM: peers: fix partial message decoding - DOC: management: update stream vs session 2023/11/30 : 2.9-dev12 - BUG/MINOR: global: Fix tune.disable-(fast-forward/zero-copy-forwarding) options - DOC: config: removing "log-balance" references - MINOR: server/event_hdl: add SERVER_INETADDR event - MINOR: tools: use const for read only pointers in ip{cmp,cpy} - MINOR: server/ip: centralize server ip updates - MINOR: backend: remove invalid mode test for "hash-balance-factor" - Revert "MINOR: cfgparse-listen: warn when use-server rules is used in wrong mode" - MINOR: proxy: add free_logformat_list() helper function - MINOR: proxy: add free_server_rules() helper function - MINOR: log/backend: prevent "use-server" rules use with LOG mode - MINOR: log/balance: set lbprm tot_weight on server on queue/dequeue - DOC: config: specify supported sections for "max-session-srv-conns" - DOC: config: fix timeout check inheritance restrictions - REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY - DOC: lua: add sticktable class reference from Proxy.stktable - DOC: lua: fix Proxy.get_mode() output - DOC: lua: add "syslog" to Proxy.get_mode() output - MEDIUM: ssl: implement rsa/ecdsa selection with WolfSSL - MINOR: ssl: replace 'trash.area' by 'servername' in ssl_sock_switchctx_cbk() - MINOR: ssl: move certificate selection in a dedicate function - MEDIUM: ssl: use ssl_sock_chose_sni_ctx() in the clienthello callback - MINOR: mworker/cli: implement hard-reload over the master CLI - BUG/MEDIUM: mux-h1: Properly ignore trailers when a content-length is announced - MINOR: task/profiling: do not record task_drop_running() as a caller - OPTIM: pattern: save memory and time using ebst instead of ebis - BUILD: map: fix build warning - MINOR: trace: define simple -dt argument - MINOR: trace: parse level in a function - MINOR: trace: parse verbosity in a function - MINOR: trace: support -dt optional format - OPTIM: mux-h2/zero-copy: don't allocate more buffers per connections than streams - BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding - BUG/MEDIUM: stconn: Don't perform zero-copy FF if opposite SC is blocked - BUG/MEDIUM: mux-h2: Remove H2_SF_NOTIFIED flag for H2S blocked on fast-forward - CLEANUP: quic: Remove dead definitions/declarations - REORG: quic: Move some QUIC CLI code to its C file - REORG: quic: Add a new module to handle QUIC connection IDs - REORG: quic: QUIC connection types header cleaning - BUILD: quic: Missing RX header inclusions - REORG: quic: Move CRYPTO data buffer defintions to QUIC TLS module - REORG: quic: Move QUIC CRYPTO stream definitions/declarations to QUIC TLS - REORG: quic: Move several inlined functions from quic_conn.h - REORG: quic: Move QUIC SSL BIO method related functions to quic_ssl.c - REORG: quic: Move the QUIC DCID parser to quic_sock.c - REORG: quic: Rename some functions used upon ACK receipt - REORG: quic: Move QUIC path definitions/declarations to quic_cc module - REORG: quic: Move qc_handle_conn_migration() to quic_conn.c - REORG: quic: Move quic_build_post_handshake_frames() to quic_conn module - REORG: quic: Move qc_may_probe_ipktns() to quic_tls.h - REORG: quic: Move qc_pkt_long() to quic_rx.h - REORG: quic: Rename some (quic|qc)_conn* objects to quic_conn_closed - REORG: quic: Move NEW_CONNECTION_ID frame builder to quic_cid - REORG: quic: Move ncbuf related function from quic_rx to quic_conn - REORG: quic: Add a new module for QUIC retry - BUILD: quic: Several compiler warns fixes after retry module creation - REORG: quic: Move qc_notify_send() to quic_conn - REORG: quic: Add a new module for retransmissions - REORG: quic: Remove qc_pkt_insert() implementation - REORG: quic: Move quic_increment_curr_handshake() to quic_sock - BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed - MEDIUM: cli: allow custom pattern for payload - CLEANUP: mworker/cli: use a label to return errors - MINOR: mworker/cli: implements the customized payload pattern for master CLI - DOC: management: add documentation about customized payload pattern - BUG/MEDIUM: server/event_hdl: memory overrun in _srv_event_hdl_prepare_inetaddr() - MINOR: event_hdl: add global tunables - BUG/MAJOR: server/addr: fix a race during server addr:svc_port updates - MEDIUM: log/balance: support FQDN for UDP log servers - BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request() - BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1 - BUG/MEDIUM: mux-quic: Stop zero-copy FF during nego if input is not empty - CLEANUP: log: Fix %rc comment in sess_build_logline() - BUG/MINOR: h3: fix TRAILERS encoding - BUG/MINOR: h3: always reject PUSH_PROMISE - MINOR: h3: use correct error code for missing SETTINGS - MINOR: http-fetch: Add a sample to retrieve the server status code - DOC: config: Improve 'status' sample documentation - MINOR: http-fetch: Add a sample to get the transaction status code - MEDIUM: http-ana: Set termination state before returning haproxy response - MINOR: stream: Expose session terminate state via a new sample fetch - MINOR: stream: add a sample fetch to get the number of connection retries - MINOR: stream: Expose the stream's uniq_id via a new sample fetch - MINOR: muxes: Rename mux_ctl_type values to use MUX_CTL_ prefix - MINOR: muxes: Add a callback function to send commands to mux streams - MINOR: muxes: Implement ->sctl() callback for muxes and return the stream id - MINOR: Add sample fetches to get the frontend and backend stream ID - BUG/MEDIUM: cli: Don't look for payload pattern on empty commands - DOC: config: Add argument for tune.lua.maxmem - DOC: config: fix mention of request slot in http-response capture - DOC: config: fix remaining mention of @reverse for attach-srv action - DOC: config: fix missing characters in set-spoe-group action - DOC: config: reorganize actions into their own section - BUG/MINOR: acme.sh: update the deploy script - MINOR: rhttp: mark reverse HTTP as experimental - CLEANUP: quic_cid: remove unused listener arg - BUG/MINOR: quic_tp: fix preferred_address decoding - MINOR: quic_tp: use in_addr/in6_addr for preferred_address - MINOR: acme.sh: use the master CLI for hot update - DOC: config: move the cache-use and cache-store actions to the proper section - DOC: config: fix alphabetical ordering of converter keywords - DOC: config: add missing colon to "bytes_out" sample fetch keyword - DOC: config: add an index of converter keywords - DOC: config: add an index of sample fetch keywords - BUG/MINOR: config: Stopped parsing upon unmatched environment variables - DEBUG: unstatify a few functions that are often present in backtraces - BUILD: server: shut a bogus gcc warning on certain ubuntu 2023/11/24 : 2.9-dev11 - BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly - BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them - BUILD: cache: fix build error on older compilers - BUG/MAJOR: quic: complete thread migration before tcp-rules - BUG/MEDIUM: quic: Possible crash for connections to be killed - MINOR: quic: remove unneeded QUIC specific stopping function - MINOR: acl: define explicit HTTP_3.0 - DEBUG: connection/flags: update flags for reverse HTTP - BUILD: log: silence a build warning when threads are disabled - MINOR: quic: Add traces to debug frames handling during retransmissions - BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load - BUG/MINOR: quic: Possible leak of TX packets under heavy load - BUG/MINOR: quic: Possible RX packet memory leak under heavy load - BUG/MINOR: server: do not leak default-server in defaults sections - DEBUG: tinfo: store the pthread ID and the stack pointer in tinfo - MINOR: debug: start to create a new struct post_mortem - MINOR: debug: add OS/hardware info to the post_mortem struct - MINOR: debug: report in port_mortem whether a container was detected - MINOR: debug: report in post_mortem if the container techno used is docker - MINOR: debug: detect CPU model and store it in post_mortem - MINOR: debug: report any detected hypervisor in post_mortem - MINOR: debug: collect some boot-time info related to the process - MINOR: debug: copy the thread info into the post_mortem struct - MINOR: debug: dump the mapping of the libs into post_mortem - MINOR: debug: add the ability to enter components in the post_mortem struct - MINOR: init: add info about the main program to the post_mortem struct - DOC: management: document "show dev" - CLEANUP: assorted typo fixes in the code and comments - CI: limit codespell checks to main repo, not forks - DOC: 51d: updated 51Degrees repo URL for v3.2.10 - DOC: install: update the list of openssl versions - MINOR: ext-check: add an option to preserve environment variables - BUG/MEDIUM: mux-h1: Don't set CO_SFL_MSG_MORE flag on last fast-forward send - MINOR: rhttp: rename proto_reverse_connect - MINOR: rhttp: large renaming to use rhttp prefix - MINOR: rhttp: add count of active conns per thread - MEDIUM: rhttp: support multi-thread active connect - MINOR: listener: allow thread kw for rhttp bind - DOC: rhttp: replace maxconn by nbconn - MINOR: log/balance: rename "log-sticky" to "sticky" - MEDIUM: mux-quic: Add consumer-side fast-forwarding support - MAJOR: h3: Implement zero-copy support to send DATA frame 2023/11/18 : 2.9-dev10 - CLEANUP: Re-apply xalloc_size.cocci (3) - BUG/MEDIUM: stconn: Report send activity during mux-to-mux fast-forward - BUG/MEDIUM: stconn: Don't report rcv/snd expiration date if SC cannot epxire - MINOR: stconn: Don't queue stream task in past in sc_notify() - BUG/MEDIUM: Don't apply a max value on room_needed in sc_need_room() - BUG/MINOR: stconn: Sanitize report for read activity - CLEANUP: htx: Properly indent htx_reserve_max_data() function - DOC: stconn: Improve comments about lra and fsb usage - BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure - BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure - BUG/MEDIUM: mux-h1: Be sure xprt support splicing to use it during fast-forward - MINOR: proto_reverse_connect: use connect timeout - BUG/MINOR: mux-h1: Release empty ibuf during data fast-forwarding - BUG/MINOR: stick-table/cli: Check for invalid ipv4 key - MEDIUM: stktable/cli: simplify entry key handling - MINOR: stktable/cli: support v6tov4 and v4tov6 conversions - BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts - BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period - BUG/MEDIUM: pool: fix releasable pool calculation when overloaded - BUG/MINOR: pool: check one other random bucket on alloc conflict - BUG/MEDIUM: pool: try once to allocate from another bucket if empty - MEDIUM: stconn/muxes: Loop on data fast-forwarding to forward at least a buffer - MINOR: stconn/mux-h2: Use a iobuf flag to report EOI to consumer side during FF - MEDIUM: quic: Heavy task mode during handshake - MEDIUM: quic: Heavy task mode with non contiguously bufferized CRYPTO data - MINOR: quic: release the TLS context asap from quic_conn_release() - MINOR: quic: Add idle timer task pointer to traces - BUG/MINOR: quic: idle timer task requeued in the past - CLEANUP: quic: Indentation fix in qc_do_build_pkt() - MINOR: quic: Avoid zeroing frame structures - BUG/MEDIUM: quic: Too short Initial packet sent (enc. level allocation failed) - BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree - BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets - BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures - BUG/MEDIUM: quic: Possible crashes during secrets allocations (heavy load) - BUG/MEDIUM: stconn: Don't update stream expiration date if already expired - MINOR: errors: ha_alert() and ha_warning() uses warn_exec_path() - MINOR: errors: does not check MODE_STARTING for log emission - MEDIUM: errors: move the MODE_QUIET test in print_message() - DOC: management: -q is quiet all the time - MEDIUM: mworker: -W is mandatory when using -S - BUG/MEDIUM: mux-h1: Exit early if fast-forward is not supported by opposite SC - MEDIUM: quic: adjust address validation - MINOR: quic: reduce half open counters scope - MEDIUM: quic: limit handshake per listener - MEDIUM: quic: define an accept queue limit - BUG/MINOR: quic: fix retry token check inconsistency - MINOR: task/debug: explicitly support passing a null caller to wakeup functions - MINOR: task/debug: make task_queue() and task_schedule() possible callers - OPTIM: mux-h2: don't allocate more buffers per connections than streams - BUG/MINOR: quic: remove dead code in error path - MEDIUM: quic: respect closing state even on soft-stop - MEDIUM: quic: release conn socket before using quic_cc_conn - DOC: config: use the word 'backend' instead of 'proxy' in 'track' description - BUG/MEDIUM: applet: Remove appctx from buffer wait list on release - MINOR: tools: make str2sa_range() directly return type hints - BUG/MEDIUM: server: invalid address (post)parsing checks - BUG/MINOR: sink: don't learn srv port from srv addr - CLEANUP: sink: bad indent in sink_new_from_logger() - CLEANUP: sink: useless leftover in sink_add_srv() - BUG/MINOR: quic: Useless use of non-contiguous buffer for in order CRYPTO data - MINOR: server: always initialize pp_tlvs for default servers - BUG/MEDIUM: proxy: always initialize the default settings after init - MEDIUM: startup: 'haproxy -c' is quiet when valid - BUG/MINOR: sample: Fix bytes converter if offset is bigger than sample length - BUG/MINOR: log: keep the ref in dup_logger() - BUG/MINOR: quic: fix crash on qc_new_conn alloc failure - BUG/MINOR: quic: fix decrement of half_open counter on qc alloc failure - BUG/MEDIUM: quic: fix FD for quic_cc_conn - DOC: config: Fix name for tune.disable-zero-copy-forwarding global param - REGTESTS: startup: -conf-OK requires -V with current VTest - BUG/MEDIUM: quic: Non initialized CRYPTO data stream deferencing - MINOR: quic: Add a max window parameter to congestion control algorithms - MINOR: quic: Maximum congestion control window for each algo - DOC: quic: Wrong syntax for "quic-cc-algo" keyword. - DOC: quic: Maximum congestion control window configuration - BUG/MINOR: quic: maximum window limits do not match the doc - BUG/MEDIUM: connection: report connection errors even when no mux is installed - BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up - MINOR: connection: Add a CTL flag to notify mux it should wait for reads again - MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads - BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only - MINOR: stconn: Use SC to detect frontend connections in sc_conn_recv() - REGTESTS: http: Improve script testing abortonclose option - MINOR: activity: report profiling duration and age in "show profiling" - BUG/MEDIUM: mworker: set the master variable earlier - BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented - MINOR: connection: update rhttp flags usage - BUG/MINOR: mux_h2: reject passive reverse conn if error on add to idle - MINOR: server: force add to idle on reverse - MINOR: shctx: Set last_append to NULL when reserving block in hot list - MEDIUM: shctx: Move list between hot and avail list in O(1) - MEDIUM: shctx: Simplify shctx_row_reserve_hot loop - MINOR: shctx: Remove explicit 'from' param from shctx_row_data_append - MEDIUM: cache: Use dedicated cache tree lock alongside shctx lock - MINOR: cache: Remove expired entry delete in "show cache" command - MINOR: cache: Add option to avoid removing expired entries in lookup function - MEDIUM: cache: Use rdlock on cache in cache_use - MEDIUM: shctx: Remove 'hot' list from shared_context - MINOR: cache: Use dedicated trash for "show cache" cli command - MEDIUM: cache: Switch shctx spinlock to rwlock and restrict its scope - MEDIUM: cache: Add refcount on cache_entry - MEDIUM: shctx: Descend shctx_lock calls into the shctx_row_reserve_hot - MINOR: shctx: Add new reserve_finish callback call to shctx_row_reserve_hot - MAJOR: cache: Delay cache entry delete in reserve_hot function - MINOR: shctx: Remove redundant arg from free_block callback - MINOR: shctx: Remove 'use_shared_mem' variable - DOC: cache: Specify when function expects a cache lock - BUG/MEDIUM: stconn: Update fsb date on partial sends - MINOR: htx: Use a macro for overhead induced by HTX - MINOR: channel: Add functions to get info on buffers and deal with HTX streams - BUG/MINOR: stconn: Fix streamer detection for HTX streams - BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer - BUG/MINOR: stconn/applet: Report send activity only if there was output data - BUG/MINOR: stconn: Report read activity on non-indep streams for partial sends - BUG/MINOR: shctx: Remove old HA_SPIN_INIT - REGTESTS: try to activate again the seamless reload test with the master CLI - MINOR: proxy: Add "handshake" new timeout (frontend side) - MEDIUM: quic: Add support for "handshake" timeout setting. - MINOR: quic: Dump the expiration date of the idle timer task - BUG/MINOR: quic: Malformed CONNECTION_CLOSE frame - MEDIUM: session: handshake timeout (TCP) - DOC: proxy: Add "handshake" timeout documentation. - MINOR: quic: Rename "handshake" timeout to "client-hs" - CLEANUP: haproxy: remove old comment from 1.1 from the file header - BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() - BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() - MINOR: rhttp: remove the unused outgoing connect() function - MINOR: backend: without ->connect(), allow to pick another thread's connection - BUG/MINOR: stream/cli: report correct stream age in "show sess" - MINOR: stream/cli: add an optional "older" filter for "show sess" - MINOR: stream/cli: add another filter "susp" to "show sess" - MINOR: stktable: add stktable_deinit function - BUG/MINOR: proxy/stktable: missing frees on proxy cleanup - CLEANUP: backend: removing unused LB param - MEDIUM: lbprm: store algo params on 32bits - MEDIUM: log/balance: merge tcp/http algo with log ones - Revert "MINOR: proxy: report a warning for max_ka_queue in proxy_cfg_ensure_no_http()" - Revert "MINOR: tcp_rules: tcp-{request,response} requires TCP or HTTP mode" - Revert "MINOR: stktable: "stick" requires TCP or HTTP mode" - Revert "MINOR: cfgparse-listen: "http-send-name-header" requires TCP or HTTP mode" - Revert "MINOR: cfgparse-listen: "dynamic-cookie-key" requires TCP or HTTP mode" - Revert "MINOR: cfgparse-listen: "http-reuse" requires TCP or HTTP mode" - Revert "MINOR: fcgi-app: "use-fcgi-app" requires TCP or HTTP mode" - Revert "MINOR: http_htx/errors: prevent the use of some keywords when not in tcp/http mode" - Revert "MINOR: flt_http_comp: "compression" requires TCP or HTTP mode" - Revert "MINOR: filter: "filter" requires TCP or HTTP mode" - MINOR: log/backend: ensure log exclusive params are not used in other modes - MINOR: log/backend: prevent tcp-{request,response} use with LOG mode - MINOR: log/backend: prevent stick table and stick rules with LOG mode - MINOR: log/backend: prevent "http-send-name-header" use with LOG mode - MINOR: log/backend: prevent "dynamic-cookie-key" use with LOG mode - REGTESTS: http: add a test to validate chunked responses delivery 2023/11/04 : 2.9-dev9 - DOC: internal: filters: fix reference to entities.pdf - BUG/MINOR: ssl: load correctly @system-ca when ca-base is define - MINOR: lua: Add flags to configure logging behaviour - MINOR: lua: change tune.lua.log.stderr default from 'on' to 'auto' - BUG/MINOR: backend: fix wrong BUG_ON for avail conn - BUG/MAJOR: backend: fix idle conn crash under low FD - MINOR: backend: refactor insertion in avail conns tree - DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder - BUG/MEDIUM: server/log: "mode log" after server keyword causes crash - MINOR: connection: add conn_pr_mode_to_proto_mode() helper func - BUG/MEDIUM: server: "proto" not working for dynamic servers - MINOR: server: add helper function to detach server from proxy list - DEBUG: add a tainted flag when ha_panic() is called - DEBUG: lua: add tainted flags for stuck Lua contexts - DEBUG: pools: detect that malloc_trim() is in progress - BUG/MINOR: quic: do not consider idle timeout on CLOSING state - MINOR: frontend: implement a dedicated actconn increment function - BUG/MINOR: ssl: use a thread-safe sslconns increment - MEDIUM: quic: count quic_conn instance for maxconn - MEDIUM: quic: count quic_conn for global sslconns - BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA - REGTESTS: ssl: update the filters test for TLSv1.3 and sigalgs - BUG/MINOR: mux-quic: fix early close if unset client timeout - BUG/MEDIUM: ssl: segfault when cipher is NULL - BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure - MEDIUM: systemd: be more verbose about the reload - MINOR: sample: Add fetcher for getting all cookie names - BUG/MINOR: proto_reverse_connect: support SNI on active connect - MINOR: proxy/stktable: add resolve_stick_rule helper function - BUG/MINOR: stktable: missing free in parse_stick_table() - BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure - MINOR: stktable: stktable_init() sets err_msg on error - MINOR: stktable: check if a type should be used as-is - MEDIUM: stktable/peers: "write-to" local table on peer updates - CI: github: update wolfSSL to 5.6.4 - DOC: install: update the wolfSSL required version - MINOR: server: Add parser support for set-proxy-v2-tlv-fmt - MINOR: connection: Send out generic, user-defined server TLVs - BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range() - MINOR: mux-h2: always use h2_send() in h2_done_ff(), not h2_process() - OPTIM: mux-h2: call h2_send() directly from h2_snd_buf() - BUG/MINOR: server: remove some incorrect free() calls on null elements 2023/10/20 : 2.9-dev8 - MINOR: ssl: add an explicit error when 'ciphersuites' are not supported - BUILD: ssl: enable 'ciphersuites' for WolfSSL - BUILD: ssl: add 'ssl_c_r_dn' fetch for WolfSSL - BUILD: ssl: add 'secure_memcmp' converter for WolfSSL and awslc - BUILD: ssl: enable keylog for awslc - CLEANUP: ssl: remove compat functions for openssl < 1.0.0 - BUILD: ssl: enable keylog for WolfSSL - REGTESTS: pki: add a pki for SSL tests - REGTESTS: ssl: update common.pem with the new pki - REGTESTS: ssl: disable ssl_dh.vtc for WolfSSL - REGTESTS: wolfssl: temporarly disable some failing reg-tests - CI: ssl: add wolfssl to build-ssl.sh - CI: ssl: add git id support for wolfssl download - CI: github: add a wolfssl entry to the CI - CI: github: update wolfssl to git revision d83f2fa - CI: github: add awslc 1.16.0 to the push CI - BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos - REORG: quic: cleanup traces definition - BUG/MINOR: quic: reject packet with no frame - BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream - BUG/MINOR: mux-quic: support initial 0 max-stream-data - BUG/MINOR: h3: strengthen host/authority header parsing - CLEANUP: connection: drop an uneeded leftover cast - BUG/MAJOR: connection: make sure to always remove a connection from the tree - BUG/MINOR: quic: fix qc.cids access on quic-conn fail alloc - BUG/MINOR: quic: fix free on quic-conn fail alloc - BUG/MINOR: mux-quic: fix free on qcs-new fail alloc - BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash - MEDIUM: tree-wide: logsrv struct becomes logger - MEDIUM: log: introduce log target - DOC: config: log
becomes log in "log" related doc - MEDIUM: sink/log: stop relying on AF_UNSPEC for rings - MINOR: log: support explicit log target as argument in __do_send_log() - MINOR: log: remove the logger dependency in do_send_log() - MEDIUM: log/sink: simplify log header handling - MEDIUM: sink: inherit from caller fmt in ring_write() when rings didn't set one - MINOR: sink: add sink_new_from_srv() function - MAJOR: log: introduce log backends - MINOR: log/balance: support for the "sticky" lb algorithm - MINOR: log/balance: support for the "random" lb algorithm - MINOR: lbprm: support for the "none" hash-type function - MINOR: lbprm: compute the hash avalanche in gen_hash() - MINOR: sample: add sample_process_cnv() function - MEDIUM: log/balance: support for the "hash" lb algorithm - REGTEST: add a test for log-backend used as a log target - MINOR: server: introduce "log-bufsize" kw - BUG/MEDIUM: stconn: Report a send activity everytime data were sent - BUG/MEDIUM: applet: Report a send activity everytime data were sent - BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request - MINOR: support for http-response set-timeout - BUG/MINOR: mux-h2: make up other blocked streams upon removal from list - DEBUG: pool: store the memprof bin on alloc() and update it on free() - BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed - CLEANUP: hlua: Remove dead-code on error path in hlua_socket_new() - BUG/MEDIUM: mux-h1: do not forget TLR/EOT even when no data is sent - BUG/MINOR: htpp-ana/stats: Specify that HTX redirect messages have a C-L header - BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending - MEDIUM: stconn/channel: Move pipes used for the splicing in the SE descriptors - MINOR: stconn: Start to introduce mux-to-mux fast-forwarding notion - MINOR: stconn: Extend iobuf to handle a buffer in addition to a pipe - MINOR: connection: Add new mux callbacks to perform data fast-forwarding - MINOR: stconn: Temporarily remove kernel splicing support - MINOR: mux-pt: Temporarily remove splicing support - MINOR: mux-h1: Temporarily remove splicing support - MINOR: connection: Remove mux callbacks about splicing - MEDIUM: stconn: Add mux-to-mux fast-forward support - MINOR: mux-h1: Use HTX extra field only for responses with known length - MEDIUM: mux-h1: Properly handle state transitions of chunked outgoing messages - MEDIUM: raw-sock: Specifiy amount of data to send via snd_pipe callback - MINOR: mux-h1: Add function to add size of a chunk to an outgoind message - MEDIUM: mux-h1: Simplify zero-copy on sending path - MEDIUM: mux-h1: Simplify payload formatting based on HTX blocks on sending path - MEDIUM: mux-h1: Add fast-forwarding support - MINOR: h2: Set the BODYLESS_RESP flag on the HTX start-line if necessary - MEDIUM: mux-h2: Add consumer-side fast-forwarding support - MEDIUM: channel: don't look at iobuf to report an empty channel - MINOR: tree-wide: Only rely on co_data() to check channel emptyness - REGTESTS: Reenable HTTP tests about splicing - CLEAN: mux-h1: Remove useless __maybe_unused attribute on h1_make_chunk() - MEDIUM: mux-pt: Add fast-forwarding support - MINOR: global: Add an option to disable the zero-copy forwarding - BUILD: mux-h1: Fix build without kernel splicing support - REORG: stconn/muxes: Rename init step in fast-forwarding - MINOR: dgram: allow to set rcv/sndbuf for dgram sockets as well - BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again - BUG/MINOR: trace: fix trace parser error reporting - BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task - BUG/MEDIUM: peers: Fix synchro for huge number of tables - MINOR: cfgparse: forbid mixing reverse and standard listeners - MINOR: listener: add nbconn kw for reverse connect - MINOR: server: convert @reverse to rev@ standard format - MINOR: cfgparse: rename "rev@" prefix to "rhttp@" - REGTESTS: remove maxconn from rhttp bind line - MINOR: listener: forbid most keywords for reverse HTTP bind - MINOR: sample: Added support for Arrays in sample_conv_json_query in sample.c - MINOR: mux-h2/traces: explicitly show the error/refused stream states - MINOR: mux-h2/traces: clarify the "rejected H2 request" event - BUG/MINOR: mux-h2: commit the current stream ID even on reject - BUG/MINOR: mux-h2: update tracked counters with req cnt/req err 2023/10/06 : 2.9-dev7 - MINOR: support for http-request set-timeout client - BUG/MINOR: mux-quic: remove full demux flag on ncbuf release - CLEANUP: freq_ctr: make all freq_ctr readers take a const - CLEANUP: stream: make the dump code not depend on the CLI appctx - MINOR: stream: split stats_dump_full_strm_to_buffer() in two - CLEANUP: stream: use const filters in the dump function - CLEANUP: stream: make strm_dump_to_buffer() take a const stream - MINOR: stream: make strm_dump_to_buffer() take an arbitrary buffer - MINOR: stream: make strm_dump_to_buffer() show the list of filters - MINOR: stream: make stream_dump() always multi-line - MINOR: streams: add support for line prefixes to strm_dump_to_buffer() - MEDIUM: stream: now provide full stream dumps in case of loops - MINOR: debug: use the more detailed stream dump in panics - CLEANUP: stream: remove the now unused stream_dump() function - Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token" - MINOR: stream: fix output alignment of stuck thread dumps - BUG/MINOR: proto_reverse_connect: fix FD leak on connection error - BUG/MINOR: tcp_act: fix attach-srv rule ACL parsing - MINOR: connection: define error for reverse connect - MINOR: connection: define mux flag for reverse support - MINOR: tcp_act: remove limitation on protocol for attach-srv - BUG/MINOR: proto_reverse_connect: fix FD leak upon connect - BUG/MAJOR: plock: fix major bug in pl_take_w() introduced with EBO - Revert "MEDIUM: sample: Small fix in function check_operator for eror reporting" - DOC: sample: Add a comment in 'check_operator' to explain why 'vars_check_arg' should ignore the 'err' buffer - DEV: sslkeylogger: handle file opening error - MINOR: quic: define quic-socket bind setting - MINOR: quic: handle perm error on bind during runtime - MINOR: backend: refactor specific source address allocation - MINOR: proto_reverse_connect: support source address setting - BUILD: pool: Fix GCC error about potential null pointer dereference - MINOR: hlua: Set context's appctx when the lua socket is created - MINOR: hlua: Don't preform operations on a not connected socket - MINOR: hlua: Save the lua socket's timeout in its context - MINOR: hlua: Save the lua socket's server in its context - MINOR: hlua: Test the hlua struct first when the lua socket is connecting - BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only - DEBUG: mux-h1: Fix event label from trace messages about payload formatting - BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried - BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set - BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set - REGTESTS: filters: Don't set C-L header in the successful response to CONNECT - MINOR: mux-h1: Add flags if outgoing msg contains a header about its payload - MINOR: mux-h1: Rely on H1S_F_HAVE_CHNK to add T-E in outgoing messages - BUG/MEDIUM: mux-h1: Add C-L header in outgoing message if it was removed - BUG/MEDIUM: mux-h1; Ignore headers modifications about payload representation - BUG/MINOR: h1-htx: Keep flags about C-L/T-E during HEAD response parsing - MINOR: h1-htx: Declare successful tunnel establishment as bodyless - BUILD: quic: allow USE_QUIC to work with AWSLC - CI: github: add USE_QUIC=1 to aws-lc build - BUG/MINOR: hq-interop: simplify parser requirement - MEDIUM: cache: Add "Origin" header to secondary cache key - MINOR: haproxy: permit to register features during boot - MINOR: tcp_rules: tcp-{request,response} requires TCP or HTTP mode - MINOR: stktable: "stick" requires TCP or HTTP mode - MINOR: filter: "filter" requires TCP or HTTP mode - MINOR: backend/balance: "balance" requires TCP or HTTP mode - MINOR: flt_http_comp: "compression" requires TCP or HTTP mode - MINOR: http_htx/errors: prevent the use of some keywords when not in tcp/http mode - MINOR: fcgi-app: "use-fcgi-app" requires TCP or HTTP mode - MINOR: cfgparse-listen: "http-send-name-header" requires TCP or HTTP mode - MINOR: cfgparse-listen: "dynamic-cookie-key" requires TCP or HTTP mode - MINOR: proxy: dynamic-cookie CLIs require TCP or HTTP mode - MINOR: cfgparse-listen: "http-reuse" requires TCP or HTTP mode - MINOR: proxy: report a warning for max_ka_queue in proxy_cfg_ensure_no_http() - MINOR: cfgparse-listen: warn when use-server rules is used in wrong mode - DOC: config: unify "log" directive doc - MINOR: sink/log: fix some typos around postparsing logic - MINOR: sink: remove useless check after sink creation - MINOR: sink: don't rely on p->parent in sink appctx - MINOR: sink: don't rely on forward_px to init sink forwarding - MINOR: sink: refine forward_px usage - MINOR: sink: function to add new sink servers - BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room() - BUG/MEDIUM: actions: always apply a longest match on prefix lookup 2023/09/22 : 2.9-dev6 - BUG/MINOR: quic: fdtab array underflow access - DEBUG: pools: always record the caller for uncached allocs as well - DEBUG: pools: pass the caller pointer to the check functions and macros - DEBUG: pools: make pool_check_pattern() take a pointer to the pool - DEBUG: pools: inspect pools on fatal error and dump information found - BUG/MEDIUM: quic: quic_cc_conn ->cntrs counters unreachable - DEBUG: pools: also print the item's pointer when crashing - DEBUG: pools: also print the value of the tag when it doesn't match - DEBUG: pools: print the contents surrounding the expected tag location - MEDIUM: pools: refine pool size rounding - BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() - BUG/MINOR: hlua/init: coroutine may not resume itself - BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records - BUG/MINOR: promex: fix backend_agg_check_status - BUG/MEDIUM: master/cli: Pin the master CLI on the first thread of the group 1 - MAJOR: import: update mt_list to support exponential back-off - CLEANUP: pools: simplify the pool expression when no pool was matched in dump - MINOR: samples: implement bytes_in and bytes_out samples - DOC: configuration: add %[req.ver] sample to %HV - BUG/MINOR: quic: Leak of frames to send. - DOC: configuration: add %[query] to %HQ - BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - BUILD: quic: fix build on centos 8 and USE_QUIC_OPENSSL_COMPAT - Revert "MAJOR: import: update mt_list to support exponential back-off" - BUG/MINOR: server: add missing free for server->rdr_pfx - REGTESTS: ssl: skip OCSP test w/ WolfSSL - REGTESTS: ssl: skip generate-certificates test w/ wolfSSL - MINOR: logs: clarify the check of the log range - MINOR: log: remove the unused curr_idx in struct smp_log_range - CLEANUP: logs: rename a confusing local variable "curr_rg" to "smp_rg" - MINOR: logs: use a single index to store the current range and index - MEDIUM: logs: atomically check and update the log sample index - CLEANUP: ring: rename the ring lock "RING_LOCK" instead of "LOGSRV_LOCK" - BUG/MEDIUM: http-ana: Try to handle response before handling server abort - MEDIUM: tools/ip: v4tov6() and v6tov4() rework - MINOR: pattern/ip: offload ip conversion logic to helper functions - MINOR: pattern: fix pat_{parse,match}_ip() function comments - MINOR: pattern/ip: simplify pat_match_ip() function - BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams - MINOR: hlua: Add support for the "http-after-res" action - BUG/MINOR: proto_reverse_connect: fix preconnect with startup name resolution - MINOR: proto_reverse_connect: prevent transparent server for pre-connect - CI: cirrus-ci: display gdb bt if any - MEDIUM: sample: Enhances converter "bytes" to take variable names as arguments - MEDIUM: sample: Small fix in function check_operator for eror reporting - MINOR: quic: handle external extra CIDs generator. - BUG/MINOR: proto_reverse_connect: set default maxconn - MINOR: proto_reverse_connect: refactor preconnect failure - MINOR: proto_reverse_connect: remove unneeded wakeup - MINOR: proto_reverse_connect: emit log for preconnect 2023/09/08 : 2.9-dev5 - BUG/MEDIUM: mux-h2: fix crash when checking for reverse connection after error - BUILD: import: guard plock.h against multiple inclusion - BUILD: pools: import plock.h to build even without thread support - BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate - BUG/MINOR: stream: protect stream_dump() against incomplete streams - DOC: config: mention uid dependency on the tune.quic.socket-owner option - MEDIUM: capabilities: enable support for Linux capabilities - CLEANUP/MINOR: connection: Improve consistency of PPv2 related constants - MEDIUM: connection: Generic, list-based allocation and look-up of PPv2 TLVs - MEDIUM: sample: Add fetch for arbitrary TLVs - MINOR: sample: Refactor fc_pp_authority by wrapping the generic TLV fetch - MINOR: sample: Refactor fc_pp_unique_id by wrapping the generic TLV fetch - MINOR: sample: Add common TLV types as constants for fc_pp_tlv - MINOR: ssl_sock: avoid iterating realloc(+1) on stored context - DOC: ssl: add some comments about the non-obvious session allocation stuff - CLEANUP: ssl: keep a pointer to the server in ssl_sock_init() - MEDIUM: ssl_sock: always use the SSL's server name, not the one from the tid - MEDIUM: server/ssl: place an rwlock in the per-thread ssl server session - MINOR: server/ssl: maintain an index of the last known valid SSL session - MINOR: server/ssl: clear the shared good session index on failure - MEDIUM: server/ssl: pick another thread's session when we have none yet - MINOR: activity: report the current run queue size - BUG/MINOR: checks: do not queue/wake a bounced check - MINOR: checks: start the checks in sleeping state - MINOR: checks: pin the check to its thread upon wakeup - MINOR: check: remember when we migrate a check - MINOR: check/activity: collect some per-thread check activity stats - MINOR: checks: maintain counters of active checks per thread - MINOR: check: also consider the random other thread's active checks - MEDIUM: checks: search more aggressively for another thread on overload - MEDIUM: checks: implement a queue in order to limit concurrent checks - MINOR: checks: also consider the thread's queue for rebalancing - DEBUG: applet: Properly report opposite SC expiration dates in traces - BUG/MEDIUM: stconn: Update stream expiration date on blocked sends - BUG/MINOR: stconn: Don't report blocked sends during connection establishment - BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown - BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown - BUG/MINOR: quic: Possible skipped RTT sampling - MINOR: quic: Add a trace to quic_release_frm() - BUG/MAJOR: quic: Really ignore malformed ACK frames. - BUG/MINOR: quic: Unchecked pointer to packet number space dereferenced - BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches - BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer - BUG/MINOR: stream: further protect stream_dump() against incomplete sessions - DOC: configuration: update examples for req.ver - MINOR: properly mark the end of the CLI command in error messages - BUILD: ssl: Build with new cryptographic library AWS-LC - REGTESTS: ssl: skip ssl_dh test with AWS-LC - BUILD: bug: make BUG_ON() void to avoid a rare warning - BUILD: checks: shut up yet another stupid gcc warning - MINOR: cpuset: add ha_cpuset_isset() to check for the presence of a CPU in a set - MINOR: cpuset: add ha_cpuset_or() to bitwise-OR two CPU sets - MINOR: cpuset: centralize a reliable bound cpu detection - MEDIUM: threads: detect incomplete CPU bindings - MEDIUM: threads: detect excessive thread counts vs cpu-map - BUILD: quic: Compilation issue on 32-bits systems with quic_may_send_bytes() - BUG/MINOR: quic: Unchecked pointer to Handshake packet number space - MINOR: global: export the display_version() symbol - MEDIUM: mworker: display a more accessible message when a worker crash - MINOR: httpclient: allow to configure the retries - MINOR: httpclient: allow to configure the timeout.connect - BUG/MINOR: quic: Wrong RTT adjusments - BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) - BUG/MINOR: stconn: Don't inhibit shutdown on connection on error - BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer - BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC - BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC - BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout - NUG/MEDIUM: stconn: Always update stream's expiration date after I/O - BUG/MINOR: applet: Always expect data when CLI is waiting for a new command - BUG/MINOR: ring/cli: Don't expect input data when showing events - BUG/MINOR: quic: Dereferenced unchecked pointer to Handshke packet number space - BUG/MINOR: hlua/action: incorrect message on E_YIELD error - MINOR: http_ana: position the FINAL flag for http_after_res execution - CI: scripts: add support to build-ssl.sh to download and build AWS-LC - CI: add support to matrix.py to determine the latest AWS-LC release - CI: Update matrix.py so all code is contained in functions. - CI: github: Add a weekly CI run building with AWS-LC - MINOR: ring: add a function to compute max ring payload - BUG/MEDIUM: ring: adjust maxlen consistency check - MINOR: sink: simplify post_sink_resolve function - MINOR: log/sink: detect when log maxlen exceeds sink size - MINOR: sink: inform the user when logs will be implicitly truncated - MEDIUM: sink: don't perform implicit truncations when maxlen is not set - MINOR: log: move log-forwarders cleanup in log.c - MEDIUM: httpclient/logs: rely on per-proxy post-check instead of global one - MINOR: log: add dup_logsrv() helper function - MEDIUM: log/sink: make logsrv postparsing more generic - MEDIUM: fcgi-app: properly postresolve logsrvs - MEDIUM: spoe-agent: properly postresolve log rings - MINOR: sink: add helper function to deallocate sink struct - MEDIUM: sink/ring: introduce high level ring creation helper function - MEDIUM: sink: add sink_finalize() function - CLEANUP: log: remove unnecessary trim in __do_send_log - MINOR: cache: Change hash function in default normalizer used in case of "vary" - MINOR: tasks/stats: report the number of niced tasks in "show info" - CI: Update to actions/checkout@v4 - MINOR: ssl: add support for 'curves' keyword on server lines - BUG/MINOR: quic: Wrong cluster secret initialization - CLEANUP: quic: Remove useless free_quic_tx_pkts() function. - MEDIUM: init: initialize the trash earlier - MINOR: tools: add function read_line_to_trash() to read a line of a file - MINOR: cfgparse: use read_line_from_trash() to read from /sys - MEDIUM: cfgparse: assign NUMA affinity to cpu-maps - MINOR: cpuset: dynamically allocate cpu_map - REORG: cpuset: move parse_cpu_set() and parse_cpumap() to cpuset.c - CI: musl: highlight section if there are coredumps - CI: musl: drop shopt in workflow invocation 2023/08/25 : 2.9-dev4 - DEV: flags/show-sess-to-flags: properly decode fd.state - BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection - BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection - DOC: typo: fix sc-set-gpt references - SCRIPTS: git-show-backports: automatic ref and base detection with -m - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3) - DOC: jwt: Add explicit list of supported algorithms - BUILD: Makefile: add the USE_QUIC option to make help - BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help - BUILD: Makefile: realigned USE_* options in make help - DEV: makefile: fix POSIX compatibility for "range" target - IMPORT: plock: also support inlining the int code - IMPORT: plock: always expose the inline version of the lock wait function - IMPORT: lorw: support inlining the wait call - MINOR: threads: inline the wait function for pthread_rwlock emulation - MINOR: atomic: make sure to always relax after a failed CAS - MINOR: pools: use EBO to wait for unlock during pool_flush() - BUILD/IMPORT: fix compilation with PLOCK_DISABLE_EBO=1 - MINOR: quic+openssl_compat: Do not start without "limited-quic" - MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option - BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind - BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code - MINOR: pattern: do not needlessly lookup the LRU cache for empty lists - IMPORT: xxhash: update xxHash to version 0.8.2 - MINOR: proxy: simplify parsing 'backend/server' - MINOR: connection: centralize init/deinit of backend elements - MEDIUM: connection: implement passive reverse - MEDIUM: h2: reverse connection after SETTINGS reception - MINOR: server: define reverse-connect server - MINOR: backend: only allow reuse for reverse server - MINOR: tcp-act: parse 'tcp-request attach-srv' session rule - REGTESTS: provide a reverse-server test - MINOR: tcp-act: define optional arg name for attach-srv - MINOR: connection: use attach-srv name as SNI reuse parameter on reverse - REGTESTS: provide a reverse-server test with name argument - MINOR: proto: define dedicated protocol for active reverse connect - MINOR: connection: extend conn_reverse() for active reverse - MINOR: proto_reverse_connect: parse rev@ addresses for bind - MINOR: connection: prepare init code paths for active reverse - MEDIUM: proto_reverse_connect: bootstrap active reverse connection - MINOR: proto_reverse_connect: handle early error before reversal - MEDIUM: h2: implement active connection reversal - MEDIUM: h2: prevent stream opening before connection reverse completed - REGTESTS: write a full reverse regtest - BUG/MINOR: h2: fix reverse if no timeout defined - CI: fedora: fix "dnf" invocation syntax - BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage - DOC: lua: fix Sphinx warning from core.get_var() - DOC: lua: fix core.register_action typo - BUG/MINOR: ssl_sock: fix possible memory leak on OOM - MEDIUM: map/acl: Improve pat_ref_set() efficiency (for "set-map", "add-acl" action perfs) - MEDIUM: map/acl: Improve pat_ref_set_elt() efficiency (for "set-map", "add-acl"action perfs) - MEDIUM: map/acl: Accelerate several functions using pat_ref_elt struct ->head list - MEDIUM: map/acl: Replace map/acl spin lock by a read/write lock. - DOC: map/acl: Remove the comments about map/acl performance issue - DOC: Explanation of be_name and be_id fetches - MINOR: connection: simplify removal of idle conns from their trees - MINOR: server: move idle tree insert in a dedicated function - MAJOR: connection: purge idle conn by last usage 2023/08/12 : 2.9-dev3 - BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX - BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line - MINOR: sample: add pid sample - MINOR: sample: implement act_conn sample fetch - MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values - MEDIUM: sample: implement us and ms variant of utime and ltime - BUG/MINOR: sample: check alloc_trash_chunk() in conv_time_common() - DOC: configuration: describe Td in Timing events - MINOR: sample: implement the T* timer tags from the log-format as fetches - DOC: configuration: add sample fetches for timing events - BUG/MINOR: quic: Possible crash when acknowledging Initial v2 packets - MINOR: quic: Export QUIC traces code from quic_conn.c - MINOR: quic: Export QUIC CLI code from quic_conn.c - MINOR: quic: Move TLS related code to quic_tls.c - MINOR: quic: Add new "QUIC over SSL" C module. - MINOR: quic: Add a new quic_ack.c C module for QUIC acknowledgements - CLEANUP: quic: Defined but no more used function (quic_get_tls_enc_levels()) - MINOR: quic: Split QUIC connection code into three parts - CLEANUP: quic: quic_conn struct cleanup - MINOR: quic; Move the QUIC frame pool to its proper location - BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full - BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame - DOC: configuration: rework the custom log format table - BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels - CLEANUP: acl: remove cache_idx from acl struct - REORG: cfgparse: extract curproxy as a global variable - MINOR: acl: add acl() sample fetch - BUILD: cfgparse: keep a single "curproxy" - BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends - MEDIUM: stream: Reset response analyse expiration date if there is no analyzer - BUG/MINOR: htx/mux-h1: Properly handle bodyless responses when splicing is used - BUG/MEDIUM: quic: consume contig space on requeue datagram - BUG/MINOR: http-client: Don't forget to commit changes on HTX message - CLEANUP: stconn: Move comment about sedesc fields on the field line - REGTESTS: http: Create a dedicated script to test spliced bodyless responses - REGTESTS: Test SPLICE feature is enabled to execute script about splicing - BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error - BUILD: quic: fix wrong potential NULL dereference - MINOR: h3: abort request if not completed before full response - BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement - CLEANUP: quic: Remove quic_path_room(). - MINOR: quic: Amplification limit handling sanitization. - MINOR: quic: Move some counters from [rt]x quic_conn anonymous struct - MEDIUM: quic: Send CONNECTION_CLOSE packets from a dedicated buffer. - MINOR: quic: Use a pool for the connection ID tree. - MEDIUM: quic: Allow the quic_conn memory to be asap released. - MINOR: quic: Release asap quic_conn memory (application level) - MINOR: quic: Release asap quic_conn memory from ->close() xprt callback. - MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic" - REORG: http: move has_forbidden_char() from h2.c to http.h - BUG/MAJOR: h3: reject header values containing invalid chars - MINOR: mux-h2/traces: also suggest invalid header upon parsing error - MINOR: ist: add new function ist_find_range() to find a character range - MINOR: http: add new function http_path_has_forbidden_char() - MINOR: h2: pass accept-invalid-http-request down the request parser - REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests - BUG/MINOR: h1: do not accept '#' as part of the URI component - BUG/MINOR: h2: reject more chars from the :path pseudo header - BUG/MINOR: h3: reject more chars from the :path pseudo header - REGTESTS: http-rules: verify that we block '#' by default for normalize-uri - DOC: clarify the handling of URL fragments in requests - BUG/MAJOR: http: reject any empty content-length header value - BUG/MINOR: http: skip leading zeroes in content-length values - BUG/MEDIUM: mux-h1: fix incorrect state checking in h1_process_mux() - BUG/MEDIUM: mux-h1: do not forget EOH even when no header is sent - BUILD: mux-h1: shut a build warning on clang from previous commit - DEV: makefile: add a new "range" target to iteratively build all commits - CI: do not use "groupinstall" for Fedora Rawhide builds - CI: get rid of travis-ci wrapper for Coverity scan - BUG/MINOR: quic: mux started when releasing quic_conn - BUG/MINOR: quic: Possible crash in quic_cc_conn_io_cb() traces. - MINOR: quic: Add a trace for QUIC conn fd ready for receive - BUG/MINOR: quic: Possible crash when issuing "show fd/sess" CLI commands - BUG/MINOR: quic: Missing tasklet (quic_cc_conn_io_cb) memory release (leak) - BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing - BUG/MINOR: hlua: fix invalid use of lua_pop on error paths - MINOR: hlua: add hlua_stream_ctx_prepare helper function - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread - MAJOR: threads/plock: update the embedded library again - MINOR: stick-table: move the task_queue() call outside of the lock - MINOR: stick-table: move the task_wakeup() call outside of the lock - MEDIUM: stick-table: change the ref_cnt atomically - MINOR: stick-table: better organize the struct stktable - MEDIUM: peers: update ->commitupdate out of the lock using a CAS - MEDIUM: peers: drop then re-acquire the wrlock in peer_send_teachmsgs() - MEDIUM: peers: only read-lock peer_send_teachmsgs() - MEDIUM: stick-table: use a distinct lock for the updates tree - MEDIUM: stick-table: touch updates under an upgradable read lock - MEDIUM: peers: drop the stick-table lock before entering peer_send_teachmsgs() - MINOR: stick-table: move the update lock into its own cache line - CLEANUP: stick-table: slightly reorder the stktable struct - BUILD: defaults: use __WORDSIZE not LONGBITS for MAX_THREADS_PER_GROUP - MINOR: tools: make ptr_hash() support 0-bit outputs - MINOR: tools: improve ptr hash distribution on 64 bits - OPTIM: tools: improve hash distribution using a better prime seed - OPTIM: pools: use exponential back-off on shared pool allocation/release - OPTIM: pools: make pool_get_from_os() / pool_put_to_os() not update ->allocated - MINOR: pools: introduce the use of multiple buckets - MEDIUM: pools: spread the allocated counter over a few buckets - MEDIUM: pools: move the used counter over a few buckets - MEDIUM: pools: move the needed_avg counter over a few buckets - MINOR: pools: move the failed allocation counter over a few buckets - MAJOR: pools: move the shared pool's free_list over multiple buckets - MINOR: pools: make pool_evict_last_items() use pool_put_to_os_no_dec() - BUILD: pools: fix build error on clang with inline vs forceinline 2023/07/21 : 2.9-dev2 - BUG/MINOR: quic: Possible leak when allocating an encryption level - BUG/MINOR: quic: Missing QUIC connection path member initialization - BUILD: quic: Compilation fixes for some gcc warnings with -O1 - DOC: ssl: Fix typo in 'ocsp-update' option - DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list only aspect - BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT - MEDIUM: acl/sample: unify sample conv parsing in a single function - MINOR: sample: introduce c_pseudo() conv function - MEDIUM: sample: add missing ADDR=>? compatibility matrix entries - MINOR: sample: fix ipmask sample definition - MEDIUM: tree-wide: fetches that may return IPV4+IPV6 now return ADDR - MEDIUM: sample: introduce 'same' output type - BUG/MINOR: quic: Possible crash in "show quic" dumping packet number spaces - BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage - BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() - BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239() - BUG/MINOR: sink: missing sft free in sink_deinit() - BUG/MINOR: ring: size warning incorrectly reported as fatal error - BUG/MINOR: ring: maxlen warning reported as alert - BUG/MINOR: log: LF upsets maxlen for UDP targets - MINOR: sink/api: pass explicit maxlen parameter to sink_write() - BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets - BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() - BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() - BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() - BUG/MINOR: sink: invalid sft free in sink_deinit() - BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() - BUG/MINOR: server: set rid default value in new_server() - MINOR: hlua_fcn/mailers: handle timeout mail from mailers section - BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() - EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script - BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size - BUG/MINOR: config: Remove final '\n' in error messages - BUG/MINOR: config: Lenient port configuration parsing - BUG/MEDIUM: quic: token IV was not computed using a strong secret - BUG/MINOR: quic: retry token remove one useless intermediate expand - BUG/MEDIUM: quic: missing check of dcid for init pkt including a token - BUG/MEDIUM: quic: timestamp shared in token was using internal time clock - CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt - BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers - BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing - DOC: config: Fix fc_src description to state the source address is returned - BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters - BUG/MINOR: http: Return the right reason for 302 - MEDIUM: ssl: new sample fetch method to get curve name - CI: add naming convention documentation - CI: explicitely highlight VTest result section if there's something - BUG/MINOR: quic: Unckecked encryption levels availability - BUILD: quic: fix warning during compilation using gcc-6.5 - BUG/MINOR: hlua: add check for lua_newstate - BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses - MINOR: lua: Allow reading "proc." scoped vars from LUA core. - MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found - BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured - BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct - BUG/MINOR: init: set process' affinity even in foreground - CLEANUP: cpuset: remove the unused proc_t1 field in cpu_map - CLEANUP: config: make parse_cpu_set() return documented values - BUG/MINOR: server: Don't warn on server resolution failure with init-addr none - MINOR: peers: add peers keyword registration - MINOR: quic: Stop storing the TX encoded transport parameters - MINOR: quic: Dynamic allocation for negotiated Initial TLS cipher context. - MINOR: quic: Release asap the negotiated Initial TLS context. - MINOR: quic: Add traces to qc_may_build_pkt() - MEDIUM: quic: Packet building rework. - CLEANUP: quic: Remove a useless TLS related variable from quic_conn_io_cb(). - MEDIUM: quic: Handshake I/O handler rework. - MINOR: quic: Add traces for qc_frm_free() - MINOR: quic: add trace about pktns packet/frames releasing - BUG/MINOR: quic: Missing parentheses around PTO probe variable. - MINOR: quic: Ping from Initial pktns before reaching anti-amplification limit - BUG/MINOR: server-state: Ignore empty files - BUG/MINOR: server-state: Avoid warning on 'file not found' - BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary - MINOR: quic: QUIC openssl wrapper implementation - MINOR: quic: Include QUIC opensssl wrapper header from TLS stacks compatibility header - MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT - MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method() - MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled() - MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper - MINOR: quic: Export some KDF functions (QUIC-TLS) - MINOR: quic: Make ->set_encryption_secrets() be callable two times - MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper - MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog() - MINOR: quic: Add a quic_openssl_compat struct to quic_conn struct - MINOR: quic: Useless call to SSL_CTX_set_quic_method() - MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper. - MINOR: quic: Missing encoded transport parameters for QUIC OpenSSL wrapper - MINOR: quic: Add "limited-quic" new tuning setting - DOC: quic: Add "limited-quic" new tuning setting - DOC: install: Document how to build a limited support for QUIC 2023/07/02 : 2.9-dev1 - BUG/MINOR: stats: Fix Lua's `get_stats` function - MINOR: stats: protect against future stats fields omissions - BUG/MINOR: stream: do not use client-fin/server-fin with HTX - BUG/MINOR: quic: Possible crash when SSL session init fails - CONTRIB: Add vi file extensions to .gitignore - BUG/MINOR: spoe: Only skip sending new frame after a receive attempt - BUG/MINOR: peers: Improve detection of config errors in peers sections - REG-TESTS: stickiness: Delay haproxys start to properly resolv variables - DOC: quic: fix misspelled tune.quic.socket-owner - DOC: config: fix jwt_verify() example using var() - DOC: config: fix rfc7239 converter examples (again) - BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line - BUG/MINOR: proxy: add missing interface bind free in free_proxy - BUG/MINOR: proxy/server: free default-server on deinit - BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions - BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure - BUG/MINOR: quic: Wrong encryption level flags checking - BUG/MINOR: quic: Address inversion in "show quic full" - BUG/MINOR: server: inherit from netns in srv_settings_cpy() - BUG/MINOR: namespace: missing free in netns_sig_stop() - BUG/MINOR: quic: Missing initialization (packet number space probing) - BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update() - BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr() - MINOR: quic: Remove pool_zalloc() from qc_new_conn() - MINOR: quic: Remove pool_zalloc() from qc_conn_alloc_ssl_ctx() - MINOR: quic: Remove pool_zalloc() from quic_dgram_parse() - BUG/MINOR: quic: Missing transport parameters initializations - BUG/MEDIUM: mworker: increase maxsock with each new worker - BUG/MINOR: quic: ticks comparison without ticks API use - BUG/MINOR: quic: Missing TLS secret context initialization - DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents - DOC: Add tune.h2.max-frame-size option to table of contents - DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size - REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages - MEDIUM: mux-h1: Split h1_process_mux() to make code more readable - REORG: mux-h1: Rename functions to emit chunk size/crlf in the output buffer - MINOR: mux-h1: Add function to append the chunk size to the output buffer - MINOR: mux-h1: Add function to prepend the chunk crlf to the output buffer - MEDIUM: filters/htx: Don't rely on HTX extra field if payload is filtered - MEDIIM: mux-h1: Add splicing support for chunked messages - REGTESTS: Add a script to test the kernel splicing with chunked messages - CLEANUP: mux-h1: Remove useless __maybe_unused statement - BUG/MINOR: http_ext: fix if-none regression in forwardfor option - REGTEST: add an extra testcase for ifnone-forwardfor - BUG/MINOR: mworker: leak of a socketpair during startup failure - BUG/MINOR: quic: Prevent deadlock with CID tree lock - MEDIUM: ssl: handle the SSL_ERROR_ZERO_RETURN during the handshake - BUG/MINOR: ssl: SSL_ERROR_ZERO_RETURN returns CO_ER_SSL_EMPTY - BUILD: mux-h1: silence a harmless fallthrough warning - BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag - MINOR: ssl: allow to change the server signature algorithm on server lines - MINOR: ssl: allow to change the client-sigalgs on server lines - BUG/MINOR: config: fix stick table duplicate name check - BUG/MINOR: quic: Missing random bits in Retry packet header - BUG/MINOR: quic: Wrong Retry paquet version field endianess - BUG/MINOR: quic: Wrong endianess for version field in Retry token - IMPORT: slz: implement a synchronous flush() operation - MINOR: compression/slz: add support for a pure flush of pending bytes - MINOR: quic: Move QUIC TLS encryption level related code (quic_conn_enc_level_init()) - MINOR: quic: Move QUIC encryption level structure definition - MINOR: quic: Implement a packet number space identification function - MINOR: quic: Move packet number space related functions - MEDIUM: quic: Dynamic allocations of packet number spaces - CLEANUP: quic: Remove qc_list_all_rx_pkts() defined but not used - MINOR: quic: Add a pool for the QUIC TLS encryption levels - MEDIUM: quic: Dynamic allocations of QUIC TLS encryption levels - MINOR: quic: Reduce the maximum length of TLS secrets - CLEANUP: quic: Remove two useless pools a low QUIC connection level - MEDIUM: quic: Handle the RX in one pass - MINOR: quic: Remove call to qc_rm_hp_pkts() from I/O callback - CLEANUP: quic: Remove server specific about Initial packet number space - MEDIUM: quic: Release encryption levels and packet number spaces asap - CLEANUP: quic: Remove a useless test about discarded pktns (qc_handle_crypto_frm()) - MINOR: quic: Move the packet number space status at quic_conn level - MINOR: quic: Drop packet with type for discarded packet number space. - BUILD: quic: Add a DISGUISE() to please some compiler to qc_prep_hpkts() 1st parameter - BUILD: debug: avoid a build warning related to epoll_wait() in debug code 2023/05/31 : 2.9-dev0 - MINOR: version: mention that it's development again 2023/05/31 : 2.8.0 - MINOR: compression: Improve the way Vary header is added - BUILD: makefile: search for SSL_INC/wolfssl before SSL_INC - MINOR: init: pre-allocate kernel data structures on init - DOC: install: add details about WolfSSL - BUG/MINOR: ssl_sock: add check for ha_meth - BUG/MINOR: thread: add a check for pthread_create - BUILD: init: print rlim_cur as regular integer - DOC: install: specify the minimum openssl version recommended - CLEANUP: mux-quic: remove unneeded fields in qcc - MINOR: mux-quic: remove nb_streams from qcc - MINOR: quic: fix stats naming for flow control BLOCKED frames - BUG/MEDIUM: mux-quic: only set EOI on FIN - BUG/MEDIUM: threads: fix a tiny race in thread_isolate() - DOC: config: fix rfc7239 converter examples - DOC: quic: remove experimental status for QUIC - CLEANUP: mux-quic: rename functions for mux_ops - CLEANUP: mux-quic: rename internal functions - BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty - DOC: config: Fix bind/server/peer documentation in the peers section - BUILD: Makefile: use -pthread not -lpthread when threads are enabled - CLEANUP: doc: remove 21 totally obsolete docs - DOC: install: mention the common strict-aliasing warning on older compilers - DOC: install: clarify a few points on the wolfSSL build method - MINOR: quic: Add QUIC connection statistical counters values to "show quic" - EXAMPLES: update the basic-config-edge file for 2.8 - MINOR: quic/cli: clarify the "show quic" help message - MINOR: version: mention that it's LTS now. 2023/05/24 : 2.8-dev13 - DOC: add size format section to manual - CLEANUP: mux-quic/h3: complete BUG_ON with comments - MINOR: quic: remove return val of quic_aead_iv_build() - MINOR: quic: use WARN_ON for encrypt failures - BUG/MINOR: quic: handle Tx packet allocation failure properly - MINOR: quic: fix alignment of oneline show quic - MEDIUM: stconn/applet: Allow SF_SL_EOS flag alone - MEDIUM: stconn: make the SE_FL_ERR_PENDING to ERROR transition systematic - DOC: internal: add a bit of documentation for the stconn closing conditions - DOC/MINOR: config: Fix typo in description for `ssl_bc` in configuration.txt - BUILD: quic: re-enable chacha20_poly1305 for libressl - MINOR: mux-quic: set both EOI EOS for stream fin - MINOR: mux-quic: only set EOS on RESET_STREAM recv - MINOR: mux-quic: report error on stream-endpoint earlier - BUILD: makefile: fix build issue on GNU make < 3.82 - BUG/MINOR: mux-h2: Check H2_SF_BODY_TUNNEL on H2S flags and not demux frame ones - MINOR: mux-h2: Set H2_SF_ES_RCVD flag when decoding the HEADERS frame - MINOR: mux-h2: Add a function to propagate termination flags from h2s to SE - BUG/MEDIUM: mux-h2: Propagate termination flags when frontend SC is created - DEV: add a Lua helper script for SSL keys logging - CLEANUP: makefile: don't display a dummy features list without a target - BUILD: makefile: do not erase build options for some build options - MINOR: quic: Add low level traces (addresses, DCID) - BUG/MINOR: quic: Wrong token length check (quic_generate_retry_token()) - BUG/MINOR: quic: Missing Retry token length on receipt - MINOR: quic: Align "show quic" command help information - CLEANUP: quic: Indentation fix quic_rx_pkt_retrieve_conn() - CLEANUP: quic: Useless tests in qc_rx_pkt_handle() - MINOR: quic: Add some counters at QUIC connection level - MINOR: quic: Add a counter for sent packets - MINOR: hlua: hlua_smp2lua_str() may LJMP - MINOR: hlua: hlua_smp2lua() may LJMP - MINOR: hlua: hlua_arg2lua() may LJMP - DOC: hlua: document hlua_lua2arg() function - DOC: hlua: document hlua_lua2smp() function - BUG/MINOR: hlua: unsafe hlua_lua2smp() usage - BUILD: makefile: commit the tiny FreeBSD makefile stub - BUILD: makefile: fix build options when building tools first - BUILD: ist: do not put a cast in an array declaration - BUILD: ist: use the literal declaration for ist_lc/ist_uc under TCC - BUILD: compiler: systematically set USE_OBSOLETE_LINKER with TCC - DOC: install: update reference to known supported versions - SCRIPTS: publish-release: update the umask to keep group write access 2023/05/17 : 2.8-dev12 - BUILD: mjson: Fix warning about unused variables - MINOR: spoe: Don't stop disabled proxies - BUG/MEDIUM: filters: Don't deinit filters for disabled proxies during startup - BUG/MINOR: hlua_fcn/queue: fix broken pop_wait() - BUG/MINOR: hlua_fcn/queue: fix reference leak - CLEANUP: hlua_fcn/queue: make queue:push() easier to read - BUG/MINOR: quic: Buggy acknowlegments of acknowlegments function - DEBUG: list: add DEBUG_LIST to purposely corrupt list heads after delete - MINOR: stats: report the total number of warnings issued - MINOR: stats: report the number of times the global maxconn was reached - BUG/MINOR: mux-quic: do not prevent shutw on error - BUG/MINOR: mux-quic: do not free frame already released by quic-conn - BUG/MINOR: mux-quic: no need to subscribe for detach streams - MINOR: mux-quic: add traces for stream wake - MINOR: mux-quic: do not send STREAM frames if already subscribe - MINOR: mux-quic: factorize send subscribing - MINOR: mux-quic: simplify return path of qc_send() - MEDIUM: quic: streamline error notification - MEDIUM: mux-quic: adjust transport layer error handling - MINOR: stats: report the listener's protocol along with the address in stats - BUG/MEDIUM: mux-fcgi: Never set SE_FL_EOS without SE_FL_EOI or SE_FL_ERROR - BUG/MEDIUM: mux-fcgi: Don't request more room if mux is waiting for more data - MINOR: stconn: Add a cross-reference between SE descriptor - BUG/MINOR: proxy: missing free in free_proxy for redirect rules - MINOR: proxy: add http_free_redirect_rule() function - BUG/MINOR: http_rules: fix errors paths in http_parse_redirect_rule() - CLEANUP: http_act: use http_free_redirect_rule() to clean redirect act - MINOR: tree-wide: use free_acl_cond() where relevant - CLEANUP: acl: discard prune_acl_cond() function - BUG/MINOR: cli: don't complain about empty command on empty lines - MINOR: cli: add an option to display the uptime in the CLI's prompt - MINOR: master/cli: also implement the timed prompt on the master CLI - MINOR: cli: make "show fd" identify QUIC connections and listeners - MINOR: httpclient: allow to disable the DNS resolvers of the httpclient - BUILD: debug: fix build issue on 32-bit platforms in "debug dev task" - MINOR: ncbuf: missing malloc checks in standalone code - DOC: lua: fix core.{proxies,frontends,backends} visibility - EXAMPLES: fix race condition in lua mailers script - BUG/MINOR: errors: handle malloc failure in usermsgs_put() - BUG/MINOR: log: fix memory error handling in parse_logsrv() - BUG/MINOR: quic: Wrong redispatch for external data on connection socket - MINOR: htx: add function to set EOM reliably - MINOR: mux-quic: remove dedicated function to handle standalone FIN - BUG/MINOR: mux-quic: properly handle buf alloc failure - BUG/MINOR: mux-quic: handle properly recv ncbuf alloc failure - BUG/MINOR: quic: do not alloc buf count on alloc failure - BUG/MINOR: mux-quic: differentiate failure on qc_stream_desc alloc - BUG/MINOR: mux-quic: free task on qc_init() app ops failure - MEDIUM: session/ssl: return the SSL error string during a SSL handshake error - CI: enable monthly Fedora Rawhide clang builds - MEDIUM: mworker/cli: does not disconnect the master CLI upon error - MINOR: stconn: Remove useless test on sedesc on detach to release the xref - MEDIUM: proxy: stop emitting logs for internal proxies when stopping - MINOR: ssl: add new sample ssl_c_r_dn - BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle timeout - BUILD: ssl: ssl_c_r_dn fetches uses functiosn only available since 1.1.1 - BUG/MINOR: mux-quic: handle properly Tx buf exhaustion - BUG/MINOR: h3: missing goto on buf alloc failure - BUILD: ssl: get0_verified chain is available on libreSSL - BUG/MINOR: makefile: use USE_LIBATOMIC instead of USE_ATOMIC - MINOR: mux-quic: add trace to stream rcv_buf operation - MINOR: mux-quic: properly report end-of-stream on recv - MINOR: mux-quic: uninline qc_attach_sc() - BUG/MEDIUM: mux-quic: fix EOI for request without payload - MINOR: checks: make sure spread-checks is used also at boot time - BUG/MINOR: tcp-rules: Don't shortened the inspect-delay when EOI is set - REGTESTS: log: Reduce response inspect-delay for last_rule.vtc - DOC: config: Clarify conditions to shorten the inspect-delay for TCP rules - CLEANUP: server: remove useless tmptrash assigments in srv_update_status() - BUG/MINOR: server: memory leak in _srv_update_status_op() on server DOWN - CLEANUP: check; Remove some useless assignments to NULL - CLEANUP: stats: update the trash chunk where it's used - MINOR: clock: measure the total boot time - MINOR: stats: report the boot time in "show info" - BUG/MINOR: checks: postpone the startup of health checks by the boot time - MINOR: clock: provide a function to automatically adjust now_offset - BUG/MINOR: clock: automatically adjust the internal clock with the boot time - CLEANUP: fcgi-app; Remove useless assignment to NULL - REGTESTS: log: Reduce again response inspect-delay for last_rule.vtc - CI: drop Fedora m32 pipeline in favour of cross matrix - MEDIUM: checks: Stop scheduling healthchecks during stopping stage - MEDIUM: resolvers: Stop scheduling resolution during stopping stage - BUG/MINOR: hlua: SET_SAFE_LJMP misuse in hlua_event_runner() - BUG/MINOR: debug: fix pointer check in debug_parse_cli_task() 2023/05/11 : 2.8-dev11 - BUILD: debug: do not check the isolated_thread variable in non-threaded builds - BUILD: quic: fix build warning when threads are disabled - CI: more granular failure on generating build matrix - CLEANUP: quic: No more used q_buf structure - CLEANUP: quic: Rename several variables in quic_frame.(c|h) - CLEANUP: quic: Typo fix for quic_connection_id pool - BUG/MINOR: quic: Wrong key update cipher context initialization for encryption - BUG/MEDIUM: cache: Don't request more room than the max allowed - MEDIUM: stconn: Be sure to always be able to unblock a SC that needs room - EXAMPLES: fix IPV6 support for lua mailers script - BUILD: ssl: buggy -Werror=dangling-pointer since gcc 13.0 - DOC: stconn: Update comments about ABRT/SHUT for stconn structure - BUG/MEDIUM: stats: Require more room if buffer is almost full - DOC: configuration: add info about ssl-engine for 2.6 - BUG/MINOR: mux-quic: fix transport VS app CONNECTION_CLOSE - BUG/MEDIUM: mux-quic: wakeup tasklet to close on error - DEV: flags: add a script to decode most flags in the "show sess all" output - BUG/MINOR: quic: Possible crash when dumping version information - BUG/MINOR: config: make compression work again in defaults section - BUG/MEDIUM: stream: Forward shutdowns when unhandled errors are caught - MEDIUM: stream: Resync analyzers at the end of process_stream() on change - DEV: flags: add missing stream flags to show-sess-to-flags - DEV: flags/show-sess-to-flags: only retrieve hex digits from hex fields - DEV: flags/show-sess-to-flags: add support for color output - CLEANUP: src/listener.c: remove redundant NULL check 2023/05/07 : 2.8-dev10 - BUG/MINOR: stats: fix typo in `TotalSplicedBytesOut` field name - REGTESTS: add success test, "set server" via fqdn - MINOR: ssl: disable CRL checks with WolfSSL when no CRL file - BUG/MINOR: stream/cli: fix stream age calculation in "show sess" - MINOR: debug: clarify "debug dev stream" help message - DEBUG: cli: add "debug dev task" to show/wake/expire/kill tasks and tasklets - BUG/MINOR: ssl/sample: x509_v_err_str converter output when not found - REGTESTS: ssl: simplify X509_V code check in ssl_client_auth.vtc - BUILD: cli: fix build on Windows due to isalnum() implemented as a macro - MINOR: activity: use a single macro to iterate over all fields - MINOR: activity: show the line header inside the SHOW_VAL macro - MINOR: activity: iterate over all fields in a main loop for dumping - MINOR: activity: allow "show activity" to restart dumping on any line - MINOR: activity: allow "show activity" to restart in the middle of a line - DEV: haring: automatically disable DEBUG_STRICT - DEV: haring: update readme to suggest using the same build options for haring - BUG/MINOR: debug: fix incorrect profiling status reporting in show threads - MINOR: debug: permit the "debug dev loop" to run under isolation - BUG/MEDIUM: mux-h2: Properly handle end of request to expect data from server - BUG/MINOR: mux-quic: prevent quic_conn error code to be overwritten - MINOR: mux-quic: add trace event for local error - MINOR: mux-quic: wake up after recv only if avail data - MINOR: mux-quic: adjust local error API - MINOR: mux-quic: report local error on stream endpoint asap - MINOR: mux-quic: close connection asap on local error - BUG/MINOR: debug: do not emit empty lines in thread dumps - BUG/MINOR: mux-h2: Also expect data when waiting for a tunnel establishment - BUG/MINOR: time: fix NS_TO_TV macro - MEDIUM: debug: simplify the thread dump mechanism - MINOR: debug: write panic dump to stderr one thread at a time - MINOR: debug: make "show threads" properly iterate over all threads - CLEANUP: debug: remove the now unused ha_thread_dump_all_to_trash() - MINOR: ssl: allow to change the server signature algorithm - MINOR: ssl: allow to change the signature algorithm for client authentication - MINOR: cli: Use applet API to write output message - MINOR: stats: Use the applet API to write data - MINOR: peers: Use the applet API to send message - MINOR: stconn: Add a field to specify the room needed by the SC to progress - MEDIUM: tree-wide: Change sc API to specify required free space to progress - BUG/MEDIUM: stconn: Unblock SC from stream if there is enough room to progrees - MEDIUM: applet: Check room needed to unblock opposite SC when data was consumed - MEDIUM: stconn: Check room needed to unblock SC on fast-forward - MEDIUM: stconn: Check room needed to unblock opposite SC when data was sent - MINOR: hlua_fcn: fix Server.is_draining() return type - MINOR: hlua_fcn: add Server.is_backup() - MINOR: hlua_fcn: add Server.is_dynamic() - MINOR: hlua_fcn: add Server.tracking() - MINOR: hlua_fcn: add Server.get_trackers() - MINOR: hlua_fcn: add Server.get_proxy() - MINOR: hlua_fcn: add Server.get_pend_conn() and Server.get_cur_sess() - MINOR: hlua_fcn: add Proxy.get_srv_act() and Proxy.get_srv_bck() - DOC: lua/event: add ServerEvent class header - MINOR: server/event_hdl: publish macro helper - MINOR: server/event_hdl: add SERVER_STATE event - OPTIM: server: publish UP/DOWN events from STATE change - MINOR: hlua: expose SERVER_STATE event - MINOR: server/event_hdl: add SERVER_ADMIN event - MINOR: hlua: expose SERVER_ADMIN event - MINOR: checks/event_hdl: SERVER_CHECK event - MINOR: hlua/event_hdl: expose SERVER_CHECK event - MINOR: mailers/hlua: disable email sending from lua - MINOR: hlua: expose proxy mailers - EXAMPLES: add lua mailers script to replace tcpcheck mailers - BUG/MINOR: hlua: spinning loop in hlua_socket_handler() - MINOR: server: fix message report when IDRAIN is set and MAINT is cleared - CLEANUP: hlua: hlua_register_task() may longjmp - REGTESTS: use lua mailer script for mailers tests - MINOR: hlua: declare hlua_{ref,pushref,unref} functions - MINOR: hlua: declare hlua_gethlua() function - MINOR: hlua: declare hlua_yieldk() function - MINOR: hlua_fcn: add Queue class - EXAMPLES: mailqueue for lua mailers script - MINOR: quic: add format argument for "show quic" - MINOR: quic: implement oneline format for "show quic" - MINOR: config: allow cpu-map to take commas in lists of ranges - CLEANUP: fix a few reported typos in code comments - DOC: fix a few reported typos in the config and install doc 2023/04/28 : 2.8-dev9 - MINOR: quic: Move traces at proto level - BUG/MINOR: quic: Possible memory leak from TX packets - BUG/MINOR: quic: Possible leak during probing retransmissions - BUG/MINOR: quic: Useless probing retransmission in draining or killing state - BUG/MINOR: quic: Useless I/O handler task wakeups (draining, killing state) - CLEANUP: quic: rename frame types with an explicit prefix - CLEANUP: quic: rename frame variables - CLEANUP: quic: Remove useless parameters passes to qc_purge_tx_buf() - CLEANUP: quic: Rename variable to in quic_generate_retry_token() - CLEANUP: quic: Rename variable into quic_padding_check() - CLEANUP: quic: Rename variable into quic_rx_pkt_parse() - CLEANUP: quic: Rename variable for several low level functions - CLEANUP: quic: Make qc_build_pkt() be more readable - CLEANUP: quic: Rename quic_get_dgram_dcid() variable - CLEANUP: quic: Rename several variables at low level - CLEANUP: quic: Rename variable into quic_packet_read_long_header() - CLEANUP: quic: Rename variable into qc_parse_hd_form() - CLEANUP: quic: Rename several variables into quic_sock.c - DEBUG: crash using an invalid opcode on x86/x86_64 instead of an invalid access - DEBUG: crash using an invalid opcode on aarch64 instead of an invalid access - DEV: h2: add a script "mkhdr" to build h2 frames from scratch - DEV: h2: support reading frame payload from a file - MINOR: acme.sh: add the deploy script for acme.sh in admin directory - BUG/MEDIUM: mux-quic: do not emit RESET_STREAM for unknown length - BUG/MEDIUM: mux-quic: improve streams fairness to prevent early timeout - BUG/MINOR: quic: prevent buggy memcpy for empty STREAM - MINOR: mux-quic: do not set buffer for empty STREAM frame - MINOR: mux-quic: do not allocate Tx buf for empty STREAM frame - MINOR: quic: finalize affinity change as soon as possible - BUG/MINOR: quic: fix race on quic_conns list during affinity rebind - CI: switch to Fastly CDN to download LibreSSL - BUILD: ssl: switch LibreSSL to Fastly CDN - BUG/MINOR: clock: fix a few occurrences of 'now' being used in place of 'date' - BUG/MINOR: spoe: use "date" not "now" in debug messages - BUG/MINOR: activity: show wall-clock date, not internal date in show activity - BUG/MINOR: opentracing: use 'date' instead of 'now' in debug output - Revert "BUG/MINOR: clock: fix a few occurrences of 'now' being used in place of 'date'" - BUG/MINOR: calltrace: fix 'now' being used in place of 'date' - BUG/MINOR: trace: show wall-clock date, not internal date in show activity - BUG/MINOR: hlua: return wall-clock date, not internal date in core.now() - BUG/MEDIUM: spoe: Don't start new applet if there are enough idle ones - BUG/MINOR: stconn: Fix SC flags with same value - BUG/MINOR: resolvers: Use sc_need_room() to wait more room when dumping stats - BUG/MEDIUM: tcpcheck: Don't eval custom expect rule on an empty buffer - BUG/MINOR: stats: report the correct start date in "show info" - MINOR: time: add conversions to/from nanosecond timestamps - MINOR: time: replace calls to tv_ms_elapsed() with a linear subtract - MINOR: spoe: switch the timeval-based timestamps to nanosecond timestamps - MEDIUM: tree-wide: replace timeval with nanoseconds in tv_accept and tv_request - MINOR: stats: use nanoseconds, not timeval to compute uptime - MINOR: activity: use nanoseconds, not timeval to compute uptime - MINOR: checks: use a nanosecond counters instead of timeval for checks->start - MINOR: clock: do not use now.tv_sec anymore - MEDIUM: clock: replace timeval "now" with integer "now_ns" - MINOR: clock: replace the timeval start_time with start_time_ns - MINOR: sample: Add bc_rtt and bc_rttvar - MINOR: quic: use real sending rate measurement - MINOR: proxy: factorize send rate measurement 2023/04/23 : 2.8-dev8 - BUG/MEDIUM: cli: Set SE_FL_EOI flag for '_getsocks' and 'quit' commands - BUG/MEDIUM: cli: Eat output data when waiting for appctx shutdown - BUG/MEDIUM: http-client: Eat output data when waiting for appctx shutdown - BUG/MEDIUM: stats: Eat output data when waiting for appctx shutdown - BUG/MEDIUM: log: Eat output data when waiting for appctx shutdown - BUG/MEDIUM: dns: Kill idle DNS sessions during stopping stage - BUG/MINOR: resolvers: Wakeup DNS idle task on stopping - BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions - MINOR: hlua: Stop to check the SC state when executing a hlua cli command - BUG/MEDIUM: mux-h1: Report EOI when a TCP connection is upgraded to H2 - BUG/MEDIUM: mux-h2: Never set SE_FL_EOS without SE_FL_EOI or SE_FL_ERROR - MINOR: quic: Trace fix in quic_pto_pktns() (handshaske status) - BUG/MINOR: quic: Wrong packet number space probing before confirmed handshake - MINOR: quic: Modify qc_try_rm_hp() traces - MINOR: quic: Dump more information at proto level when building packets - MINOR: quic: Add a trace for packet with an ACK frame - MINOR: activity: add a line reporting the average CPU usage to "show activity" - BUG/MINOR: stick_table: alert when type len has incorrect characters - MINOR: thread: keep a bitmask of enabled groups in thread_set - MINOR: fd: optimize fd_claim_tgid() for use in fd_insert() - MINOR: fd: add a lock bit with the tgid - MINOR: fd: implement fd_migrate_on() to migrate on a non-local thread - MINOR: receiver: reserve special values for "shards" - MINOR: bind-conf: support a new shards value: "by-group" - BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it. - MINOR: quic: Add packet loss and maximum cc window to "show quic" - BUG/MINOR: quic: Ignored less than 1ms RTTs - MINOR: quic: Add connection flags to traces - BUG/MEDIUM: quic: Code sanitization about acknowledgements requirements - BUG/MINOR: quic: Possible wrapped values used as ACK tree purging limit. - BUG/MINOR: quic: SIGFPE in quic_cubic_update() - MINOR: quic: Display the packet number space flags in traces - MINOR: quic: Remove a useless test about probing in qc_prep_pkts() - BUG/MINOR: quic: Wrong Application encryption level selection when probing - CI: bump "actions/checkout" to v3 for cross zoo matrix - CI: enable monthly test on Fedora Rawhide - BUG/MINOR: stream: Fix test on SE_FL_ERROR on the wrong entity - BUG/MEDIUM: stream: Report write timeouts before testing the flags - BUG/MEDIUM: stconn: Do nothing in sc_conn_recv() when the SC needs more room - MINOR: stream: Uninline and export sess_set_term_flags() function - MINOR: filters: Review and simplify errors handling - REGTESTS: fix the race conditions in log_uri.vtc - MINOR: channel: Forwad close to other side on abort - MINOR: stream: Introduce stream_abort() to abort on both sides in same time - MINOR: stconn: Rename SC_FL_SHUTR_NOW in SC_FL_ABRT_WANTED - MINOR: channel/stconn: Replace channel_shutr_now() by sc_schedule_abort() - MINOR: stconn: Rename SC_FL_SHUTW_NOW in SC_FL_SHUT_WANTED - MINOR: channel/stconn: Replace channel_shutw_now() by sc_schedule_shutdown() - MINOR: stconn: Rename SC_FL_SHUTR in SC_FL_ABRT_DONE - MINOR: channel/stconn: Replace sc_shutr() by sc_abort() - MINOR: stconn: Rename SC_FL_SHUTW in SC_FL_SHUT_DONE - MINOR: channel/stconn: Replace sc_shutw() by sc_shutdown() - MINOR: tree-wide: Replace several chn_cons() by the corresponding SC - MINOR: tree-wide: Replace several chn_prod() by the corresponding SC - BUG/MINOR: cli: Don't close when SE_FL_ERR_PENDING is set in cli analyzer - MINOR: stconn: Stop to set SE_FL_ERROR on sending path - MEDIUM: stconn: Forbid applets with more to deliver if EOI was reached - MINOR: stconn: Don't clear SE_FL_ERROR when endpoint is reset - MINOR: stconn: Add a flag to ack endpoint errors at SC level - MINOR: backend: Set SC_FL_ERROR on connection error - MINOR: stream: Set SC_FL_ERROR on channels' buffer allocation error - MINOR: tree-wide: Test SC_FL_ERROR with SE_FL_ERROR from upper layer - MEDIUM: tree-wide: Stop to set SE_FL_ERROR from upper layer - MEDIUM: backend: Stop to use SE flags to detect connection errors - MEDIUM: stream: Stop to use SE flags to detect read errors from analyzers - MEDIUM: stream: Stop to use SE flags to detect endpoint errors - MEDIUM: stconn: Rely on SC flags to handle errors instead of SE flags - BUG/MINOR: stconn: Don't set SE_FL_ERROR at the end of sc_conn_send() - BUG/MINOR: quic: Do not use ack delay during the handshakes - CLEANUP: use "offsetof" where appropriate - MINOR: ssl: remove OpenSSL 1.0.2 mention into certificate loading error - BUG/MEDIUM: http-ana: Properly switch the request in tunnel mode on upgrade - BUG/MEDIUM: log: Properly handle client aborts in syslog applet - MINOR: stconn: Add a flag to report EOS at the stream-connector level - MINOR: stconn: Propagate EOS from a mux to the attached stream-connector - MINOR: stconn: Propagate EOS from an applet to the attached stream-connector - MINOR: mux-h2: make the initial window size configurable per side - MINOR: mux-h2: make the max number of concurrent streams configurable per side - BUG/MINOR: task: allow to use tasklet_wakeup_after with tid -1 - CLEANUP: quic: remove unused QUIC_LOCK label - CLEANUP: quic: remove unused scid_node - CLEANUP: quic: remove unused qc param on stateless reset token - CLEANUP: quic: rename quic_connection_id vars - MINOR: quic: remove uneeded tasklet_wakeup after accept - MINOR: quic: adjust Rx packet type parsing - MINOR: quic: adjust quic CID derive API - MINOR: quic: remove TID ref from quic_conn - MEDIUM: quic: use a global CID trees list - MINOR: quic: remove TID encoding in CID - MEDIUM: quic: handle conn bootstrap/handshake on a random thread - MINOR: quic: do not proceed to accept for closing conn - MINOR: protocol: define new callback set_affinity - MINOR: quic: delay post handshake frames after accept - MEDIUM: quic: implement thread affinity rebinding - BUG/MINOR: quic: transform qc_set_timer() as a reentrant function - MINOR: quic: properly finalize thread rebinding - MAJOR: quic: support thread balancing on accept - MINOR: listener: remove unneeded local accept flag - BUG/MINOR: http-ana: Update analyzers on both sides when switching in TUNNEL mode - CLEANUP: backend: Remove useless debug message in assign_server() - CLEANUP: cli: Remove useless debug message in cli_io_handler() - BUG/MEDIUM: stconn: Propagate error on the SC on sending path - MINOR: config: add "no-alpn" support for bind lines - REGTESTS: add a new "ssl_alpn" test to test ALPN negotiation - DOC: add missing documentation for "no-alpn" on bind lines - MINOR: ssl: do not set ALPN callback with the empty string - MINOR: ssl_crtlist: dump "no-alpn" on "show crtlist" when "no-alpn" was set - MEDIUM: config: set useful ALPN defaults for HTTPS and QUIC - BUG/MEDIUM: quic: prevent crash on Retry sending - BUG/MINOR: cfgparse: make sure to include openssl-compat - MINOR: clock: add now_mono_time_fast() function - MINOR: clock: add now_cpu_time_fast() function - MEDIUM: hlua: reliable timeout detection - MEDIUM: hlua: introduce tune.lua.burst-timeout - CLEANUP: hlua: avoid confusion between internal timers and tick based timers - MINOR: hlua: hook yield on known lua state - MINOR: hlua: safe coroutine.create() - BUG/MINOR: quic: Stop removing ACK ranges when building packets - MINOR: quic: Do not allocate too much ack ranges - BUG/MINOR: quic: Unchecked buffer length when building the token - BUG/MINOR: quic: Wrong Retry token generation timestamp computing - BUG/MINOR: mux-quic: fix crash with app ops install failure - BUG/MINOR: mux-quic: properly handle STREAM frame alloc failure - BUG/MINOR: h3: fix crash on h3s alloc failure - BUG/MINOR: quic: prevent crash on qc_new_conn() failure - BUG/MINOR: quic: consume Rx datagram even on error - CLEANUP: errors: fix obsolete function comments - CLEANUP: server: fix update_status() function comment - MINOR: server/event_hdl: add proxy_uuid to event_hdl_cb_data_server - MINOR: hlua/event_hdl: rely on proxy_uuid instead of proxy_name for lookups - MINOR: hlua/event_hdl: expose proxy_uuid variable in server events - MINOR: hlua/event_hdl: fix return type for hlua_event_hdl_cb_data_push_args - MINOR: server/event_hdl: prepare for upcoming refactors - BUG/MINOR: event_hdl: don't waste 1 event subtype slot - CLEANUP: event_hdl: updating obsolete comment for EVENT_HDL_CB_DATA - CLEANUP: event_hdl: fix comment typo about _sync assertion - MINOR: event_hdl: dynamically allocated event data members - MINOR: event_hdl: provide event->when for advanced handlers - MINOR: hlua/event_hdl: timestamp for events - DOC: lua: restore 80 char limitation - BUG/MINOR: server: incorrect report for tracking servers leaving drain - MINOR: server: explicitly commit state change in srv_update_status() - BUG/MINOR: server: don't miss proxy stats update on server state transitions - BUG/MINOR: server: don't miss server stats update on server state transitions - BUG/MINOR: server: don't use date when restoring last_change from state file - MINOR: server: central update for server counters on state change - MINOR: server: propagate server state change to lb through single function - MINOR: server: propagate lb changes through srv_lb_propagate() - MINOR: server: change adm_st_chg_cause storage type - MINOR: server: srv_append_status refacto - MINOR: server: change srv_op_st_chg_cause storage type - CLEANUP: server: remove unused variables in srv_update_status() - CLEANUP: server: fix srv_set_{running, stopping, stopped} function comment - MINOR: server: pass adm and op cause to srv_update_status() - MEDIUM: server: split srv_update_status() in two functions - MINOR: server/event_hdl: prepare for server event data wrapper - MINOR: quic: support migrating the listener as well - MINOR: quic_sock: index li->per_thr[] on local thread id, not global one - MINOR: listener: support another thread dispatch mode: "fair" - MINOR: receiver: add a struct shard_info to store info about each shard - MINOR: receiver: add RX_F_MUST_DUP to indicate that an rx must be duped - MEDIUM: proto: duplicate receivers marked RX_F_MUST_DUP - MINOR: proto: skip socket setup for duped FDs - MEDIUM: config: permit to start a bind on multiple groups at once - MINOR: listener: make accept_queue index atomic - MEDIUM: listener: rework thread assignment to consider all groups - MINOR: listener: use a common thr_idx from the reference listener - MINOR: listener: resync with the thread index before heavy calculations - MINOR: listener: make sure to avoid ABA updates in per-thread index - MINOR: listener: always compare the local thread as well - MINOR: Make `tasklet_free()` safe to be called with `NULL` - CLEANUP: Stop checking the pointer before calling `tasklet_free()` - CLEANUP: Stop checking the pointer before calling `pool_free()` - CLEANUP: Stop checking the pointer before calling `task_free()` - CLEANUP: Stop checking the pointer before calling `ring_free()` - BUG/MINOR: cli: clarify error message about stats bind-process - CI: cirrus-ci: bump FreeBSD image to 13-1 - REGTESTS: remove unsupported "stats bind-process" keyword - CI: extend spellchecker whitelist, add "clen" as well - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: sock_inet: use SO_REUSEPORT_LB where available - BUG/MINOR: tools: check libssl and libcrypto separately - BUG/MINOR: config: fix NUMA topology detection on FreeBSD - BUILD: sock_inet: forward-declare struct receiver - BUILD: proto_tcp: export the correct names for proto_tcpv[46] - CLEANUP: protocol: move the l3_addrlen to plug a hole in proto_fam - CLEANUP: protocol: move the nb_receivers to plug a hole in protocol - REORG: listener: move the bind_conf's thread setup code to listener.c - MINOR: proxy: make proxy_type_str() recognize peers sections - MEDIUM: peers: call bind_complete_thread_setup() to finish the config - MINOR: protocol: add a flags field to store info about protocols - MINOR: protocol: move the global reuseport flag to the protocols - MINOR: listener: automatically adjust shards based on support for SO_REUSEPORT - MINOR: protocol: add a function to check if some features are supported - MINOR: sock: add a function to check for SO_REUSEPORT support at runtime - MINOR: protocol: perform a live check for SO_REUSEPORT support - MINOR: listener: do not restrict CLI to first group anymore - MINOR: listener: add a new global tune.listener.default-shards setting - MEDIUM: listener: switch the default sharding to by-group 2023/04/08 : 2.8-dev7 - BUG/MINOR: stats: Don't replace sc_shutr() by SE_FL_EOS flag yet - BUG/MEDIUM: mux-h2: Be able to detect connection error during handshake - BUG/MINOR: quic: Missing padding in very short probe packets - MINOR: proxy/pool: prevent unnecessary calls to pool_gc() - CLEANUP: proxy: remove stop_time related dead code - DOC/MINOR: reformat configuration.txt's "quoting and escaping" table - MINOR: http_fetch: Add support for empty delim in url_param - MINOR: http_fetch: add case insensitive support for smp_fetch_url_param - MINOR: http_fetch: Add case-insensitive argument for url_param/urlp_val - REGTESTS : Add test support for case insentitive for url_param - BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop - BUG/MINOR: backend: make be_usable_srv() consistent when stopping - BUG/MINOR: ssl: Remove dead code in cli_parse_update_ocsp_response - BUG/MINOR: ssl: Fix potential leak in cli_parse_update_ocsp_response - BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list - BUG/MINOR: quic: Wrong use of now_ms timestamps (cubic algo) - MINOR: quic: Add recovery related information to "show quic" - BUG/MINOR: quic: Wrong use of now_ms timestamps (newreno algo) - BUG/MINOR: quic: Missing max_idle_timeout initialization for the connection - MINOR: quic: Implement cubic state trace callback - MINOR: quic: Adjustments for generic control congestion traces - MINOR: quic: Traces adjustments at proto level. - MEDIUM: quic: Ack delay implementation - BUG/MINOR: quic: Wrong rtt variance computing - MINOR: cli: support filtering on FD types in "show fd" - MINOR: quic: Add a fake congestion control algorithm named "nocc" - CI: run smoke tests on config syntax to check memory related issues - CLEANUP: assorted typo fixes in the code and comments - CI: exclude doc/{design-thoughts,internals} from spell check - BUG/MINOR: quic: Remaining useless statements in cubic slow start callback - BUG/MINOR: quic: Cubic congestion control window may wrap - MINOR: quic: Add missing traces in cubic algorithm implementation - BUG/MAJOR: quic: Congestion algorithms states shared between the connection - BUG/MINOR: ssl: Undefined reference when building with OPENSSL_NO_DEPRECATED - BUG/MINOR: quic: Remove useless BUG_ON() in newreno and cubic algo implementation - MINOR: http-act: emit a warning when a header field name contains forbidden chars - DOC: config: strict-sni allows to start without certificate - MINOR: quic: Add trace to debug idle timer task issues - BUG/MINOR: quic: Unexpected connection closures upon idle timer task execution - BUG/MINOR: quic: Wrong idle timer expiration (during 20s) - BUILD: quic: 32bits compilation issue in cli_io_handler_dump_quic() - BUG/MINOR: quic: Possible wrong PTO computing - BUG/MINOR: tcpcheck: Be able to expect an empty response - BUG/MEDIUM: stconn: Add a missing return statement in sc_app_shutr() - BUG/MINOR: stream: Fix test on channels flags to set clientfin/serverfin touts - MINOR: applet: Uninline appctx_free() - MEDIUM: applet/trace: Register a new trace source with its events - CLEANUP: stconn: Remove remaining debug messages - BUG/MEDIUM: channel: Improve reports for shut in co_getblk() - BUG/MEDIUM: dns: Properly handle error when a response consumed - MINOR: stconn: Remove unecessary test on SE_FL_EOS before receiving data - MINOR: stconn/channel: Move CF_READ_DONTWAIT into the SC and rename it - MINOR: stconn/channel: Move CF_SEND_DONTWAIT into the SC and rename it - MINOR: stconn/channel: Move CF_NEVER_WAIT into the SC and rename it - MINOR: stconn/channel: Move CF_EXPECT_MORE into the SC and rename it - MINOR: mux-pt: Report end-of-input with the end-of-stream after a read - BUG/MINOR: mux-h1: Properly report EOI/ERROR on read0 in h1_rcv_pipe() - CLEANUP: mux-h1/mux-pt: Remove useless test on SE_FL_SHR/SE_FL_SHW flags - MINOR: mux-h1: Report an error to the SE descriptor on truncated message - MINOR: stconn: Always ack EOS at the end of sc_conn_recv() - MINOR: stconn/applet: Handle EOI in the applet .wake callback function - MINOR: applet: No longer set EOI on the SC - MINOR: stconn/applet: Handle EOS in the applet .wake callback function - MEDIUM: cache: Use the sedesc to report and detect end of processing - MEDIUM: cli: Use the sedesc to report and detect end of processing - MINOR: dns: Remove the test on the opposite SC state to send requests - MEDIUM: dns: Use the sedesc to report and detect end of processing - MEDIUM: spoe: Use the sedesc to report and detect end of processing - MEDIUM: hlua/applet: Use the sedesc to report and detect end of processing - MEDIUM: log: Use the sedesc to report and detect end of processing - MEDIUM: peers: Use the sedesc to report and detect end of processing - MINOR: sink: Remove the tests on the opposite SC state to process messages - MEDIUM: sink: Use the sedesc to report and detect end of processing - MEDIUM: stats: Use the sedesc to report and detect end of processing - MEDIUM: promex: Use the sedesc to report and detect end of processing - MEDIUM: http_client: Use the sedesc to report and detect end of processing - MINOR: stconn/channel: Move CF_EOI into the SC and rename it - MEDIUM: tree-wide: Move flags about shut from the channel to the SC - MINOR: tree-wide: Simplifiy some tests on SHUT flags by accessing SCs directly - MINOR: stconn/applet: Add BUG_ON_HOT() to be sure SE_FL_EOS is never set alone - MINOR: server: add SRV_F_DELETED flag - BUG/MINOR: server/del: fix srv->next pointer consistency - BUG/MINOR: stats: properly handle server stats dumping resumption - BUG/MINOR: sink: free forward_px on deinit() - BUG/MINOR: log: free log forward proxies on deinit() - MINOR: server: always call ssl->destroy_srv when available - MINOR: server: correctly free servers on deinit() - BUG/MINOR: hlua: hook yield does not behave as expected - MINOR: hlua: properly handle hlua_process_task HLUA_E_ETMOUT - BUG/MINOR: hlua: enforce proper running context for register_x functions - MINOR: hlua: Fix two functions that return nothing useful - MEDIUM: hlua: Dynamic list of frontend/backend in Lua - MINOR: hlua_fcn: alternative to old proxy and server attributes - MEDIUM: hlua_fcn: dynamic server iteration and indexing - MEDIUM: hlua_fcn/api: remove some old server and proxy attributes - CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy() - MINOR: hlua: add simple hlua reference handling API - MINOR: hlua: fix return type for hlua_checkfunction() and hlua_checktable() - BUG/MINOR: hlua: fix reference leak in core.register_task() - BUG/MINOR: hlua: fix reference leak in hlua_post_init_state() - BUG/MINOR: hlua: prevent function and table reference leaks on errors - CLEANUP: hlua: use hlua_ref() instead of luaL_ref() - CLEANUP: hlua: use hlua_pushref() instead of lua_rawgeti() - CLEANUP: hlua: use hlua_unref() instead of luaL_unref() - MINOR: hlua: simplify lua locking - BUG/MEDIUM: hlua: prevent deadlocks with main lua lock - MINOR: hlua_fcn: add server->get_rid() method - MINOR: hlua: support for optional arguments to core.register_task() - DOC: lua: silence "literal block ends without a blank line" Sphinx warnings - DOC: lua: silence "Unexpected indentation" Sphinx warnings - BUG/MINOR: event_hdl: fix rid storage type - BUG/MINOR: event_hdl: make event_hdl_subscribe thread-safe - MINOR: event_hdl: global sublist management clarification - BUG/MEDIUM: event_hdl: clean soft-stop handling - BUG/MEDIUM: event_hdl: fix async data refcount issue - MINOR: event_hdl: normal tasks support for advanced async mode - MINOR: event_hdl: add event_hdl_async_equeue_isempty() function - MINOR: event_hdl: add event_hdl_async_equeue_size() function - MINOR: event_hdl: pause/resume for subscriptions - MINOR: proxy: add findserver_unique_id() and findserver_unique_name() - MEDIUM: hlua/event_hdl: initial support for event handlers - MINOR: hlua/event_hdl: per-server event subscription - EXAMPLES: add basic event_hdl lua example script - MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked - BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload - BUG/MINOR: quic: Possible crashes in qc_idle_timer_task() - MINOR: quic: derive first DCID from client ODCID - MINOR: quic: remove ODCID dedicated tree - MINOR: quic: remove address concatenation to ODCID - BUG/MINOR: mworker: unset more internal variables from program section - BUG/MINOR: errors: invalid use of memprintf in startup_logs_init() - MINOR: applet: Use unsafe version to get stream from SC in the trace function - BUG/MUNOR: http-ana: Use an unsigned integer for http_msg flags - MINOR: compression: Make compression offload a flag - MINOR: compression: Prepare compression code for request compression - MINOR: compression: Store algo and type for both request and response - MINOR: compression: Count separately request and response compression - MEDIUM: compression: Make it so we can compress requests as well. - BUG/MINOR: lua: remove incorrect usage of strncat() - CLEANUP: tcpcheck: remove the only occurrence of sprintf() in the code - CLEANUP: ocsp: do no use strpcy() to copy a path! - CLEANUP: tree-wide: remove strpcy() from constant strings - CLEANUP: opentracing: remove the last two occurrences of strncat() - BUILD: compiler: fix __equals_1() on older compilers - MINOR: compiler: define a __attribute__warning() macro - BUILD: bug.h: add a warning in the base API when unsafe functions are used - BUG/MEDIUM: listeners: Use the right parameters for strlcpy2(). 2023/03/28 : 2.8-dev6 - BUG/MEDIUM: mux-pt: Set EOS on error on sending path if read0 was received - MINOR: ssl: Change the ocsp update log-format - MINOR: ssl: Use ocsp update task for "update ssl ocsp-response" command - BUG/MINOR: ssl: Fix double free in ocsp update deinit - MINOR: ssl: Accept certpath as param in "show ssl ocsp-response" CLI command - MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output - BUG/MEDIUM: proxy: properly stop backends on soft-stop - BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop - DEBUG: cli/show_fd: Display connection error code - DEBUG: ssl-sock/show_fd: Display SSL error code - BUG/MEDIUM: mux-h1: Don't block SE_FL_ERROR if EOS is not reported on H1C - BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches - BUG/MINOR: quic: Missing STREAM frame length updates - BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it - MINOR: buffer: add br_count() to return the number of allocated bufs - MINOR: buffer: add br_single() to check if a buffer ring has more than one buf - BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested - BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data - BUG/MINOR: quic: Missing STREAM frame data pointer updates - MINOR: stick-table: add sc-add-gpc() to http-after-response - MINOR: doc: missing entries for sc-add-gpc() - BUG/MAJOR: qpack: fix possible read out of bounds in static table - OPTIM: mux-h1: limit first read size to avoid wrapping - MINOR: mux-h2: set CO_SFL_MSG_MORE when sending multiple buffers - MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack - MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames) - BUG/MINOR: quic: Dysfunctional 01RTT packet number space probing - BUG/MEDIUM: stream: do not try to free a failed stream-conn - BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path - BUG/MEDIUM: stconn: don't set the type before allocation succeeds - BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure - MINOR: dynbuf: set POOL_F_NO_FAIL on buffer allocation - MINOR: pools: preset the allocation failure rate to 1% with -dMfail - BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s - BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation - BUG/MINOR: quic: wake up MUX on probing only for 01RTT - BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup - BUILD: thread: implement thread_harmless_end_sig() for threadless builds - BUILD: thread: silence a build warning when threads are disabled - MINOR: debug: support dumping the libs addresses when running in verbose mode - BUG/MINOR: illegal use of the malloc_trim() function if jemalloc is used - BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF - BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset - MINOR: mux-quic: complete traces for qcs emission - MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv - MINOR: mux-quic: add flow-control info to minimal trace level - MINOR: pools: make sure 'no-memory-trimming' is always used - MINOR: pools: intercept malloc_trim() instead of trying to plug holes - MEDIUM: pools: move the compat code from trim_all_pools() to malloc_trim() - MINOR: pools: export trim_all_pools() - MINOR: pattern: use trim_all_pools() instead of a conditional malloc_trim() - MINOR: tools: relax dlopen() on malloc/free checks - MEDIUM: tools: further relax dlopen() checks too consider grouped symbols - BUG/MINOR: pools: restore detection of built-in allocator - MINOR: pools: report a replaced memory allocator instead of just malloc_trim() - BUG/MINOR: h3: properly handle incomplete remote uni stream type - BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown - MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled - MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn - MINOR: mux-quic: close on qcs allocation failure - MINOR: mux-quic: close on frame alloc failure - BUG/MINOR: syslog: Request for more data if message was not fully received - BUG/MEDIUM: stats: Consume the request except when parsing the POST payload - DOC: config: set-var() dconv rendering issues - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription - BUG/MINOR: applet/new: fix sedesc freeing logic - BUG/MINOR: quic: Missing STREAM frame type updated - BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards. - BUG/MINOR: ssl: Stop leaking `err` in ssl_sock_load_ocsp() 2023/03/10 : 2.8-dev5 - MINOR: ssl: rename confusing ssl_bind_kws - BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords - BUG/MEDIUM: http-ana: Detect closed SC on opposite side during body forwarding - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached - MINOR: global: Add an option to disable the data fast-forward - MINOR: haproxy: Add an command option to disable data fast-forward - REGTESTS: Remove unsupported feature command in http_splicing.vtc - BUG/MEDIUM: wdt: fix wrong thread being checked for sleeping - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed - MINOR: threads: add flags to know if a thread is started and/or running - MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set - BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame - BUG/MINOR: mworker: prevent incorrect values in uptime - MINOR: h3: add traces on decode_qcs callback - BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors - MINOR: quic: Add new traces about by connection RX buffer handling - MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock - BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer() - MINOR: quic: Simplication for qc_set_timer() - MINOR: quic: Kill the connections on ICMP (port unreachable) packet receipt - MINOR: quic: Add traces to qc_kill_conn() - MINOR: quic: Make qc_dgrams_retransmit() return a status. - BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm() - MINOR: quic: Add a trace to identify connections which sent Initial packet. - MINOR: quic: Add to the traces - BUG/MINOR: quic: Do not probe with too little Initial packets - BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean - BUG/MINOR: quic: Do not drop too small datagrams with Initial packets - BUG/MINOR: quic: Missing padding for short packets - MINOR: quic: adjust request reject when MUX is already freed - BUG/MINOR: quic: also send RESET_STREAM if MUX released - BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released - BUG/MINOR: h3: prevent hypothetical demux failure on int overflow - MEDIUM: h3: enforce GOAWAY by resetting higher unhandled stream - MINOR: mux-quic: define qc_shutdown() - MINOR: mux-quic: define qc_process() - MINOR: mux-quic: implement client-fin timeout - MEDIUM: mux-quic: properly implement soft-stop - MINOR: quic: mark quic-conn as jobs on socket allocation - MEDIUM: quic: trigger fast connection closing on process stopping - MINOR: mux-h2/traces: do not log h2s pointer for dummy streams - MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers() - BUG/MEDIUM: quic: Missing TX buffer draining from qc_send_ppkts() - DEBUG: stream: Add a BUG_ON to never exit process_stream with an expired task - DOC: config: Fix description of options about HTTP connection modes - MINOR: proxy: Only consider backend httpclose option for server connections - BUG/MINOR: haproxy: Fix option to disable the fast-forward - DOC: config: Add the missing tune.fail-alloc option from global listing - MINOR: cfgcond: Implement strstr condition expression - MINOR: cfgcond: Implement enabled condition expression - REGTESTS: Skip http_splicing.vtc script if fast-forward is disabled - REGTESTS: Fix ssl_errors.vtc script to wait for connections close - BUG/MINOR: mworker: stop doing strtok directly from the env - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start - BUG/MINOR: cache: Cache response even if request has "no-cache" directive - BUG/MINOR: cache: Check cache entry is complete in case of Vary - MINOR: compiler: add a TOSTR() macro to turn a value into a string - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send() - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy - MEDIUM: channel: Remove CF_READ_NOEXP flag - MAJOR: channel: Remove flags to report READ or WRITE errors - DEBUG: stream/trace: Add sedesc flags in trace messages - MINOR: channel/stconn: Move rto/wto from the channel to the stconn - MEDIUM: channel/stconn: Move rex/wex timer from the channel to the sedesc - MEDIUM: stconn: Don't requeue the stream's task after I/O - MEDIUM: stconn: Replace read and write timeouts by a unique I/O timeout - MEDIUM: stconn: Add two date to track successful reads and blocked sends - MINOR: applet/stconn: Add a SE flag to specify an endpoint does not expect data - MAJOR: stream: Use SE descriptor date to detect read/write timeouts - MINOR: stream: Dump the task expiration date in trace messages - MINOR: stream: Report rex/wex value using the sedesc date in trace messages - MINOR: stream: Use relative expiration date in trace messages - MINOR: stconn: Always report READ/WRITE event on shutr/shutw - CLEANUP: stconn: Remove old read and write expiration dates - MINOR: stconn: Set half-close timeout using proxy settings - MINOR: stconn: Remove half-closed timeout - REGTESTS: cache: Use rxresphdrs to only get headers for 304 responses - MINOR: stconn: Add functions to set/clear SE_FL_EXP_NO_DATA flag from endpoint - BUG/MINOR: proto_ux: report correct error when bind_listener fails - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all() - MINOR: proto_uxst: add resume method - MINOR: listener/api: add lli hint to listener functions - MINOR: listener: add relax_listener() function - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping - MINOR: listener: make sure we don't pause/resume bypassed listeners - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling - BUG/MINOR: listener: fix resume_listener() resume return value handling - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() - MINOR: listener: pause_listener() becomes suspend_listener() - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp() - MEDIUM: proto_ux: properly suspend named UNIX listeners - MINOR: proto_ux: ability to dump ABNS names in error messages - MINOR: haproxy: always protocol unbind on startup error path - BUILD: quic: 32-bits compilation issue with %zu in quic_rx_pkts_del() - BUG/MINOR: ring: do not realign ring contents on resize - MEDIUM: ring: make the offset relative to the head/tail instead of absolute - CLEANUP: ring: remove the now unused ring's offset - MINOR: config: add HAPROXY_BRANCH environment variable - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables - BUG/MEDIUM: fd: avoid infinite loops in fd_add_to_fd_list and fd_rm_from_fd_list - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing - BUG/MINOR: stream: Remove BUG_ON about the task expiration in process_stream() - MINOR: stream: Handle stream's timeouts in a dedicated function - MEDIUM: stream: Eventually handle stream timeouts when exiting process_stream() - MINOR: stconn: Report a send activity when endpoint is willing to consume data - BUG/MEDIUM: stconn: Report a blocked send if some output data are not consumed - MEDIUM: mux-h1: Don't expect data from server as long as request is unfinished - MEDIUM: mux-h2: Don't expect data from server as long as request is unfinished - MEDIUM: mux-quic: Don't expect data from server as long as request is unfinished - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section - DOC: config: Replace TABs by spaces - BUG/MINOR: fd: used the update list from the fd's group instead of tgid - BUG/MEDIUM: fd: make fd_delete() support being called from a different group - CLEANUP: listener: only store conn counts for local threads - MINOR: tinfo: make thread_set functions return nth group/mask instead of first - MEDIUM: quic: improve fatal error handling on send - MINOR: quic: consider EBADF as critical on send() - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list - BUG/MINOR: mux-h1: Don't report an error on an early response close - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory - BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip() - REGTEST: added tests covering smp_fetch_hdr_ip() - MINOR: quic: simplify return path in send functions - MINOR: quic: implement qc_notify_send() - MINOR: quic: purge txbuf before preparing new packets - MEDIUM: quic: implement poller subscribe on sendto error - MINOR: quic: notify on send ready - BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response - BUG/MEDIUM: http-ana: Don't close request side when waiting for response - BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data - MINOR: ssl: Destroy ocsp update http_client during cleanup - MINOR: ssl: Reinsert ocsp update entries later in case of unknown error - MINOR: ssl: Add ocsp update success/failure counters - MINOR: ssl: Store specific ocsp update errors in response and update ctx - MINOR: ssl: Add certificate's path to certificate_ocsp structure - MINOR: ssl: Add 'show ssl ocsp-updates' CLI command - MINOR: ssl: Add sample fetches related to OCSP update - MINOR: ssl: Use dedicated proxy and log-format for OCSP update - MINOR: ssl: Reorder struct certificate_ocsp members - MINOR: ssl: Increment OCSP update replay delay in case of failure - MINOR: ssl: Add way to dump ocsp response in base64 - MINOR: ssl: Add global options to modify ocsp update min/max delay - REGTESTS: ssl: Fix ocsp update crt-lists - REGTESTS: ssl: Add test for new ocsp update cli commands - MINOR: ssl: Add ocsp-update information to "show ssl crt-list" - BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list" - MINOR: ssl: Replace now.tv_sec with date.tv_sec in ocsp update task - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback - BUG/MEDIUM: quic: properly handle duplicated STREAM frames - BUG/MINOR: cli: fix CLI handler "set anon global-key" call - MINOR: http_ext: adding some documentation, forgot to inline function - BUG/MINOR: quic: Do not send too small datagrams (with Initial packets) - MINOR: quic: Add a BUG_ON_HOT() call for too small datagrams - BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted - BUG/MINOR: quic: v2 Initial packets decryption failed - MINOR: quic: Add traces about QUIC TLS key update - BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets - BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames - BUG/MINOR: quic: Do not resend already acked frames - BUG/MINOR: quic: Missing detections of amplification limit reached - MINOR: quic: Send PING frames when probing Initial packet number space - BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX - BUG/MAJOR: fd/thread: fix race between updates and closing FD - BUG/MEDIUM: dns: ensure ring offset is properly reajusted to head - BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated - MINOR: quic: Do not accept wrong active_connection_id_limit values - MINOR: quic: Store the next connection IDs sequence number in the connection - MINOR: quic: Typo fix for ACK_ECN frame - MINOR: quic: RETIRE_CONNECTION_ID frame handling (RX) - MINOR: quic: Useless TLS context allocations in qc_do_rm_hp() - MINOR: quic: Add spin bit support - MINOR: quic: Add transport parameters to "show quic" - BUG/MEDIUM: sink/forwarder: ensure ring offset is properly readjusted to head - BUG/MINOR: dns: fix ring offset calculation on first read - BUG/MINOR: dns: fix ring offset calculation in dns_resolve_send() - MINOR: jwt: Add support for RSA-PSS signatures (PS256 algorithm) - MINOR: h3: add traces on h3_init_uni_stream() error paths - MINOR: quic: create a global list dedicated for closing QUIC conns - MINOR: quic: handle new closing list in show quic - MEDIUM: quic: release closing connections on stopping - BUG/MINOR: quic: Wrong RETIRE_CONNECTION_ID sequence number check - MINOR: fd/cli: report the polling mask in "show fd" - CLEANUP: sock: always perform last connection updates before wakeup - MINOR: quic: Do not stress the peer during retransmissions of lost packets - BUG/MINOR: init: properly detect NUMA bindings on large systems - BUG/MINOR: thread: report thread and group counts in the correct order - BUG/MAJOR: fd/threads: close a race on closing connections after takeover - MINOR: debug: add random delay injection with "debug dev delay-inj" - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value - BUG/MINOR: quic: Missing listener accept queue tasklet wakeups - MINOR: quic_sock: un-statify quic_conn_sock_fd_iocb() - DOC: config: fix typo "dependeing" in bind thread description - DOC/CLEANUP: fix typos 2023/02/14 : 2.8-dev4 - BUG/MINOR: stats: fix source buffer size for http dump - BUG/MEDIUM: stats: fix resolvers dump - BUG/MINOR: stats: fix ctx->field update in stats_dump_proxy_to_buffer() - BUG/MINOR: stats: fix show stats field ctx for servers - BUG/MINOR: stats: fix STAT_STARTED behavior with full htx - MINOR: quic: Update version_information transport parameter to draft-14 - BUG/MINOR: stats: Prevent HTTP "other sessions" counter underflows - BUG/MEDIUM: thread: fix extraneous shift in the thread_set parser - BUG/MEDIUM: listener/thread: bypass shards setting on failed thread resolution - BUG/MINOR: ssl/crt-list: warn when a line is malformated - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge - BUG/MINOR: clock: do not mix wall-clock and monotonic time in uptime calculation - BUG/MEDIUM: cache: use the correct time reference when comparing dates - MEDIUM: clock: force internal time to wrap early after boot - BUILD: ssl/ocsp: ssl_ocsp-t.h depends on ssl_sock-t.h - MINOR: ssl/ocsp: add a function to check the OCSP update configuration - MINOR: cfgparse/server: move (min/max)conn postparsing logic into dedicated function - BUG/MINOR: server/add: ensure minconn/maxconn consistency when adding server - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first - BUG/MEDIUM: quic: fix crash when "option nolinger" is set in the frontend - MINOR: quic: implement a basic "show quic" CLI handler - MINOR: quic: display CIDs and state in "show quic" - MINOR: quic: display socket info on "show quic" - MINOR: quic: display infos about various encryption level on "show quic" - MINOR: quic: display Tx stream info on "show quic" - MINOR: quic: filter closing conn on "show quic" - BUG/MINOR: quic: fix filtering of closing connections on "show quic" - BUG/MEDIUM: stconn: Don't needlessly wake the stream on send during fast-forward - BUG/MINOR: quic: fix type bug on "show quic" for 32-bits arch - BUG/MINOR: mworker: fix uptime for master process - BUG/MINOR: clock/stats: also use start_time not start_date in HTML info - BUG/MEDIUM: stconn: stop to enable/disable reads from streams via si_update_rx - BUG/MEDIUM: quic: Buffer overflow when looking through QUIC CLI keyword list - DOC: proxy-protocol: fix wrong byte in provided example - MINOR: ssl-ckch: Stop to test CF_WRITE_ERROR to commit CA/CRL file - MINOR: bwlim: Remove useless test on CF_READ_ERROR to detect the last packet - BUG/MINOR: http-ana: Fix condition to set LAST termination flag - BUG/MINOR: mux-h1: Don't report an H1C error on client timeout - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend - BUG/MINOR: quic: Wrong datagram dispatch because of qc_check_dcid() - BUG/CRITICAL: http: properly reject empty http header field names 2023/02/04 : 2.8-dev3 - BUG/MINOR: sink: make sure to always properly unmap a file-backed ring - DEV: haring: add a new option "-r" to automatically repair broken files - BUG/MINOR: ssl: Fix leaks in 'update ssl ocsp-response' CLI command - MINOR: ssl: Remove debug fprintf in 'update ssl ocsp-response' cli command - MINOR: connection: add a BUG_ON() to detect destroying connection in idle list - MINOR: mux-quic/h3: send SETTINGS as soon as transport is ready - BUG/MINOR: h3: fix GOAWAY emission - BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission - BUG/MEDIUM: hpack: fix incorrect huffman decoding of some control chars - BUG/MINOR: log: release global log servers on exit - BUG/MINOR: ring: release the backing store name on exit - BUG/MINOR: sink: free the forwarding task on exit - CLEANUP: trace: remove the QUIC-specific ifdefs - MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active - MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback - MINOR: trace: add the long awaited TRACE_PRINTF() - MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers - MEDIUM: mux-h2/trace: add tracing support for headers - CLEANUP: mux-h2/trace: shorten the name of the header enc/dec functions - DEV: hpack: fix `trash` build regression - MINOR: http_htx: add http_append_header() to append value to header - MINOR: http_htx: add http_prepend_header() to prepend value to header - MINOR: sample: add ARGC_OPT - MINOR: proxy: introduce http only options - MINOR: proxy/http_ext: introduce proxy forwarded option - REGTEST: add ifnone-forwardfor test - MINOR: proxy: move 'forwardfor' option to http_ext - MINOR: proxy: move 'originalto' option to http_ext - MINOR: http_ext: introduce http ext converters - MINOR: http_ext: add rfc7239_is_valid converter - MINOR: http_ext: add rfc7239_field converter - MINOR: http_ext: add rfc7239_n2nn converter - MINOR: http_ext: add rfc7239_n2np converter - REGTEST: add RFC7239 forwarded header tests - OPTIM: http_ext/7239: introduce c_mode to save some space - MINOR: http_ext/7239: warn the user when fetch is not available - MEDIUM: proxy/http_ext: implement dynamic http_ext - MINOR: cfgparse/http_ext: move post-parsing http_ext steps to http_ext - DOC: config: fix option spop-check proxy compatibility - BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section - DOC: config: 'http-send-name-header' option may be used in default section - BUG/MINOR: mux-h2: Fix possible null pointer deref on h2c in _h2_trace_header() - BUG/MINOR: http_ext/7239: ipv6 dumping relies on out of scope variables - BUG/MEDIUM: h3: do not crash if no buf space for trailers - OPTIM: h3: skip buf realign if no trailer to encode - MINOR: mux-quic/h3: define stream close callback - BUG/MEDIUM: h3: handle STOP_SENDING on control stream - BUG/MINOR: h3: reject RESET_STREAM received for control stream - MINOR: h3: add missing traces on closure - BUG/MEDIUM: ssl: wrong eviction from the session cache tree - BUG/MINOR: h3: fix crash due to h3 traces - BUG/MINOR: h3: fix crash due to h3 traces - BUG/MEDIUM: thread: consider secondary threads as idle+harmless during boot - BUG/MINOR: stats: use proper buffer size for http dump - BUILD: makefile: fix PCRE overriding specific lib path - MINOR: quic: remove fin from quic_stream frame type - MINOR: quic: ensure offset is properly set for STREAM frames - MINOR: quic: define new functions for frame alloc - MINOR: quic: refactor frame deallocation - MEDIUM: quic: implement a retransmit limit per frame - MINOR: quic: add config for retransmit limit - OPTIM: htx: inline the most common memcpy(8) - CLEANUP: quic: no need for atomics on packet refcnt - MINOR: stats: add by HTTP version cumulated number of sessions and requests - BUG/MINOR: quic: Possible stream truncations under heavy loss - BUG/MINOR: quic: Too big PTO during handshakes - MINOR: quic: Add a trace about variable states in qc_prep_fast_retrans() - BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans() - MINOR: quic: When probing Handshake packet number space, also probe the Initial one - BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session - MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks - BUG/MINOR: quic: Unchecked source connection ID - MEDIUM: listener: move the analysers mask to the bind_conf - MINOR: listener: move maxseg and tcp_ut to bind_conf - MINOR: listener: move maxaccept from listener to bind_conf - MINOR: listener: move the backlog setting from listener to bind_conf - MINOR: listener: move the maxconn parameter to the bind_conf - MINOR: listener: move the ->accept callback to the bind_conf - MINOR: listener: remove the useless ->default_target field - MINOR: listener: move the nice field to the bind_conf - MINOR: listener: move the NOLINGER option to the bind_conf - MINOR: listener: move the NOQUICKACK option to the bind_conf - MINOR: listener: move the DEF_ACCEPT option to the bind_conf - MINOR: listener: move TCP_FO to bind_conf - MINOR: listener: move the ACC_PROXY and ACC_CIP options to bind_conf - MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf - MINOR: listener: get rid of LI_O_TCP_L4_RULES and LI_O_TCP_L5_RULES - CLEANUP: listener: remove the now unused options field - MINOR: listener: remove the now useless LI_F_QUIC_LISTENER flag - CLEANUP: config: remove test for impossible case regarding bind thread mask - MINOR: thread: add a simple thread_set API - MEDIUM: listener/config: make the "thread" parser rely on thread_sets - CLEANUP: config: stop using bind_tgroup and bind_thread - CLEANUP: listener/thread: remove now unused bind_conf's bind_tgroup/bind_thread - CLEANUP: listener/config: remove the special case for shards==1 - MEDIUM: config: restrict shards, not bind_conf to one group each - BUG/MEDIUM: quic: do not split STREAM frames if no space - BUILD: thread: fix build warnings with older gcc compilers 2023/01/22 : 2.8-dev2 - CLEANUP: htx: fix a typo in an error message of http_str_to_htx - DOC: config: added optional rst-ttl argument to silent-drop in action lists - BUG/MINOR: ssl: Fix crash in 'update ssl ocsp-response' CLI command - BUG/MINOR: ssl: Crash during cleanup because of ocsp structure pointer UAF - MINOR: ssl: Create temp X509_STORE filled with cert chain when checking ocsp response - MINOR: ssl: Only set ocsp->issuer if issuer not in cert chain - MINOR: ssl: Release ssl_ocsp_task_ctx.cur_ocsp when destroying task - MINOR: ssl: Detect more OCSP update inconsistencies - BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times - MINOR: ssl: Limit ocsp_uri buffer size to minimum - MINOR: ssl: Remove mention of ckch_store in error message of cli command - MINOR: channel: Don't test CF_READ_NULL while CF_SHUTR is enough - REORG: channel: Rename CF_READ_NULL to CF_READ_EVENT - REORG: channel: Rename CF_WRITE_NULL to CF_WRITE_EVENT - MEDIUM: channel: Use CF_READ_EVENT instead of CF_READ_PARTIAL - MEDIUM: channel: Use CF_WRITE_EVENT instead of CF_WRITE_PARTIAL - MINOR: channel: Remove CF_READ_ACTIVITY - MINOR: channel: Remove CF_WRITE_ACTIVITY - MINOR: channel: Remove CF_ANA_TIMEOUT and report CF_READ_EVENT instead - MEDIUM: channel: Remove CF_READ_ATTACHED and report CF_READ_EVENT instead - MINOR: channel: Stop to test CF_READ_ERROR flag if CF_SHUTR is enough - MINOR: channel/applets: Stop to test CF_WRITE_ERROR flag if CF_SHUTW is enough - DOC: management: add details on "Used" status - DOC: management: add details about @system-ca in "show ssl ca-file" - BUG/MINOR: mux-quic: fix transfer of empty HTTP response - MINOR: mux-quic: add traces for flow-control limit reach - MAJOR: mux-quic: rework stream sending priorization - MEDIUM: h3: send SETTINGS before STREAM frames - MINOR: mux-quic: use send-list for STOP_SENDING/RESET_STREAM emission - MINOR: mux-quic: use send-list for immediate sending retry - BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses - BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action - BUG/MINOR: ssl: Remove unneeded pointer check in ocsp cli release function - BUG/MINOR: ssl: Missing ssl_conf pointer check when checking ocsp update inconsistencies - DEV: tcploop: add minimal support for unix sockets - BUG/MEDIUM: listener: duplicate inherited FDs if needed - BUG/MINOR: ssl: OCSP minimum update threshold not properly set - MINOR: ssl: Treat ocsp-update inconsistencies as fatal errors - MINOR: ssl: Do not wake ocsp update task if update tree empty - MINOR: ssl: Reinsert updated ocsp response later in tree in case of http error - REGTEST: ssl: Add test for 'update ssl ocsp-response' CLI command - OPTIM: global: move byte counts out of global and per-thread - BUG/MEDIUM: peers: make "show peers" more careful about partial initialization - BUG/MINOR: promex: Don't forget to consume the request on error - MINOR: http-ana: Add a function to set HTTP termination flags - MINOR: http-ana: Use http_set_term_flags() in most of HTTP analyzers - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body - MINOR: http-ana: Use http_set_term_flags() when waiting the request body - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state - MAJOR: http-ana: Review error handling during HTTP payload forwarding - CLEANUP: http-ana: Remove HTTP_MSG_ERROR state - BUG/MEDIUM: mux-h2: Don't send CANCEL on shutw when response length is unkown - MINOR: htx: Add an HTX value for the extra field is payload length is unknown - BUG/MINOR: http-ana: make set-status also update txn->status - BUG/MINOR: listeners: fix suspend/resume of inherited FDs - DOC: config: fix wrong section number for "protocol prefixes" - DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" - DOC: config: mention the missing "quic4@" and "quic6@" in protocol prefixes - MINOR: listener: also support "quic+" as an address prefix - CLEANUP: stconn: always use se_fl_set_error() to set the pending error - BUG/MEDIUM: stconn: also consider SE_FL_EOI to switch to SE_FL_ERROR - MINOR: quic: Useless test about datagram destination addresses - MINOR: quic: Disable the active connection migrations - MINOR: quic: Add "no-quic" global option - MINOR: sample: Add "quic_enabled" sample fetch - MINOR: quic: Replace v2 draft definitions by those of the final 2 version - BUG/MINOR: mux-fcgi: Correctly set pathinfo - DOC: config: fix "Address formats" chapter syntax - BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params) - BUILD: ssl: add ECDSA_SIG_set0() for openssl < 1.1 or libressl < 2.7 - Revert "BUILD: ssl: add ECDSA_SIG_set0() for openssl < 1.1 or libressl < 2.7" - BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0) - BUG/MINOR: listener: close tiny race between resume_listener() and stopping - BUG/MINOR: h3: properly handle connection headers - MINOR: h3: extend function for QUIC varint encoding - MINOR: h3: implement TRAILERS encoding - BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions - MEDIUM: bwlim: Support constants limit or period on set-bandwidth-limit actions - BUG/MINOR: bwlim: Fix parameters check for set-bandwidth-limit actions - MINOR: h3: implement TRAILERS decoding - BUG/MEDIUM: fd/threads: fix again incorrect thread selection in wakeup broadcast - BUG/MINOR: thread: always reload threads_enabled in loops - MINOR: threads: add a thread_harmless_end() version that doesn't wait - BUG/MEDIUM: debug/thread: make the debug handler not wait for !rdv_requests - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests - BUG/MINOR: mux-h2: add missing traces on failed headers decoding - BUILD: hpack: include global.h for the trash that is needed in debug mode - BUG/MINOR: jwt: Wrong return value checked - BUG/MINOR: quic: Do not request h3 clients to close its unidirection streams - MEDIUM: quic-sock: fix udp source address for send on listener socket 2023/01/07 : 2.8-dev1 - MEDIUM: 51d: add support for 51Degrees V4 with Hash algorithm - MINOR: debug: support pool filtering on "debug dev memstats" - MINOR: debug: add a balance of alloc - free at the end of the memstats dump - LICENSE: wurfl: clarify the dummy library license. - MINOR: event_hdl: add event handler base api - DOC/MINOR: api: add documentation for event_hdl feature - MEDIUM: ssl: rename the struct "cert_key_and_chain" to "ckch_data" - MINOR: quic: remove qc from quic_rx_packet - MINOR: quic: complete traces in qc_rx_pkt_handle() - MINOR: quic: extract datagram parsing code - MINOR: tools: add port for ipcmp as optional criteria - MINOR: quic: detect connection migration - MINOR: quic: ignore address migration during handshake - MINOR: quic: startup detect for quic-conn owned socket support - MINOR: quic: test IP_PKTINFO support for quic-conn owned socket - MINOR: quic: define config option for socket per conn - MINOR: quic: allocate a socket per quic-conn - MINOR: quic: use connection socket for emission - MEDIUM: quic: use quic-conn socket for reception - MEDIUM: quic: move receive out of FD handler to quic-conn io-cb - MINOR: mux-quic: rename duplicate function names - MEDIUM: quic: requeue datagrams received on wrong socket - MINOR: quic: reconnect quic-conn socket on address migration - MINOR: quic: activate socket per conn by default - BUG/MINOR: ssl: initialize SSL error before parsing - BUG/MINOR: ssl: initialize WolfSSL before parsing - BUG/MINOR: quic: fix fd leak on startup check quic-conn owned socket - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side - MINOR: server: add srv->rid (revision id) value - MINOR: stats: add server revision id support - MINOR: server/event_hdl: add support for SERVER_ADD and SERVER_DEL events - MINOR: server/event_hdl: add support for SERVER_UP and SERVER_DOWN events - BUG/MEDIUM: checks: do not reschedule a possibly running task on state change - BUG/MINOR: checks: make sure fastinter is used even on forced transitions - CLEANUP: assorted typo fixes in the code and comments - MINOR: mworker: display an alert upon a wait-mode exit - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers - BUG/MEDIUM: mworker: create the mcli_reload socketpairs in case of upgrade - BUG/MINOR: checks: restore legacy on-error fastinter behavior - MINOR: check: use atomic for s->consecutive_errors - MINOR: stats: properly handle ST_F_CHECK_DURATION metric - MINOR: mworker: remove unused legacy code in mworker_cleanlisteners - MINOR: peers: unused code path in process_peer_sync - BUG/MINOR: init/threads: continue to limit default thread count to max per group - CLEANUP: init: remove useless assignment of nbthread - BUILD: atomic: atomic.h may need compiler.h on ARMv8.2-a - BUILD: makefile/da: also clean Os/ in Device Atlas dummy lib dir - BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task - CLEANUP: pools: move the write before free to the uaf-only function - CLEANUP: pool: only include pool-os from pool.c not pool.h - REORG: pool: move all the OS specific code to pool-os.h - CLEANUP: pools: get rid of CONFIG_HAP_POOLS - DEBUG: pool: show a few examples in -dMhelp - MINOR: pools: make DEBUG_UAF a runtime setting - BUG/MINOR: promex: create haproxy_backend_agg_server_status - MINOR: promex: introduce haproxy_backend_agg_check_status - DOC: promex: Add missing backend metrics - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes - REGTESTS: fix the race conditions in iff.vtc - CI: github: reintroduce openssl 1.1.1 - BUG/MINOR: quic: properly handle alloc failure in qc_new_conn() - BUG/MINOR: quic: handle alloc failure on qc_new_conn() for owned socket - CLEANUP: mux-quic: remove unused attribute on qcs_is_close_remote() - BUG/MINOR: mux-quic: remove qcs from opening-list on free - BUG/MINOR: mux-quic: handle properly alloc error in qcs_new() - CI: github: split ssl lib selection based on git branch - REGTESTS: startup: check maxconn computation - BUG/MINOR: startup: don't use internal proxies to compute the maxconn - REGTESTS: startup: change the expected maxconn to 11000 - CI: github: set ulimit -n to a greater value - REGTESTS: startup: activate automatic_maxconn.vtc - MINOR: sample: add param converter - CLEANUP: ssl: remove check on srv->proxy - BUG/MEDIUM: freq-ctr: Don't compute overshoot value for empty counters - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout - REGTESTS: startup: add alternatives values in automatic_maxconn.vtc - BUG/MEDIUM: h3: reject request with invalid header name - BUG/MEDIUM: h3: reject request with invalid pseudo header - MINOR: http: extract content-length parsing from H2 - BUG/MEDIUM: h3: parse content-length and reject invalid messages - CI: github: remove redundant ASAN loop - CI: github: split matrix for development and stable branches - BUG/MEDIUM: mux-h1: Don't release H1 stream upgraded from TCP on error - BUG/MINOR: mux-h1: Fix test instead a BUG_ON() in h1_send_error() - MINOR: http-htx: add BUG_ON to prevent API error on http_cookie_register - BUG/MEDIUM: h3: fix cookie header parsing - BUG/MINOR: h3: fix memleak on HEADERS parsing failure - MINOR: h3: check return values of htx_add_* on headers parsing - MINOR: ssl: Remove unneeded buffer allocation in show ocsp-response - MINOR: ssl: Remove unnecessary alloc'ed trash chunk in show ocsp-response - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain - MINOR: stats: provide ctx for dumping functions - MINOR: stats: introduce stats field ctx - BUG/MINOR: stats: fix show stat json buffer limitation - MINOR: stats: make show info json future-proof - BUG/MINOR: quic: fix crash on PTO rearm if anti-amplification reset - BUILD: 51d: fix build issue with recent compilers - REGTESTS: startup: disable automatic_maxconn.vtc - BUILD: peers: peers-t.h depends on stick-table-t.h - BUG/MEDIUM: tests: use tmpdir to create UNIX socket - BUG/MINOR: mux-h1: Report EOS on parsing/internal error for not running stream - BUG/MINOR:: mux-h1: Never handle error at mux level for running connection - BUG/MEDIUM: stats: Rely on a local trash buffer to dump the stats - OPTIM: pool: split the read_mostly from read_write parts in pool_head - MINOR: pool: make the thread-local hot cache size configurable - MINOR: freq_ctr: add opportunistic versions of swrate_add() - MINOR: pool: only use opportunistic versions of the swrate_add() functions - REGTESTS: ssl: enable the ssl_reuse.vtc test for WolfSSL - BUG/MEDIUM: mux-quic: fix double delete from qcc.opening_list - BUG/MEDIUM: quic: properly take shards into account on bind lines - BUG/MINOR: quic: do not allocate more rxbufs than necessary - MINOR: ssl: Add a lock to the OCSP response tree - MINOR: httpclient: Make the CLI flags public for future use - MINOR: ssl: Add helper function that extracts an OCSP URI from a certificate - MINOR: ssl: Add OCSP request helper function - MINOR: ssl: Add helper function that checks the validity of an OCSP response - MINOR: ssl: Add "update ssl ocsp-response" cli command - MEDIUM: ssl: Add ocsp_certid in ckch structure and discard ocsp buffer early - MINOR: ssl: Add ocsp_update_tree and helper functions - MINOR: ssl: Add crt-list ocsp-update option - MINOR: ssl: Store 'ocsp-update' mode in the ckch_data and check for inconsistencies - MEDIUM: ssl: Insert ocsp responses in update tree when needed - MEDIUM: ssl: Add ocsp update task main function - MEDIUM: ssl: Start update task if at least one ocsp-update option is set to on - DOC: ssl: Add documentation for ocsp-update option - REGTESTS: ssl: Add tests for ocsp auto update mechanism - MINOR: ssl: Move OCSP code to a dedicated source file - BUG/MINOR: ssl/ocsp: check chunk_strcpy() in ssl_ocsp_get_uri_from_cert() - CLEANUP: ssl/ocsp: add spaces around operators - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats - BUG/MINOR: ssl/ocsp: httpclient blocked when doing a GET - MINOR: httpclient: don't add body when istlen is empty - MEDIUM: httpclient: change the default log format to skip duplicate proxy data - BUG/MINOR: httpclient/log: free of invalid ptr with httpclient_log_format - MEDIUM: mux-quic: implement shutw - MINOR: mux-quic: do not count stream flow-control if already closed - MINOR: mux-quic: handle RESET_STREAM reception - MEDIUM: mux-quic: implement STOP_SENDING emission - MINOR: h3: use stream error when needed instead of connection - CI: github: enable github api authentication for OpenSSL tags read - BUG/MINOR: mux-quic: ignore remote unidirectional stream close - CI: github: use the GITHUB_TOKEN instead of a manually generated token - BUILD: makefile: build the features list dynamically - BUILD: makefile: move common options-oriented macros to include/make/options.mk - BUILD: makefile: sort the features list - BUILD: makefile: initialize all build options' variables at once - BUILD: makefile: add a function to collect all options' CFLAGS/LDFLAGS - BUILD: makefile: start to automatically collect CFLAGS/LDFLAGS - BUILD: makefile: ensure that all USE_* handlers appear before CFLAGS are used - BUILD: makefile: clean the wolfssl include and lib generation rules - BUILD: makefile: make sure to also ignore SSL_INC when using wolfssl - BUILD: makefile: reference libdl only once - BUILD: makefile: make sure LUA_INC and LUA_LIB are always initialized - BUILD: makefile: do not restrict Lua's prepend path to empty LUA_LIB_NAME - BUILD: makefile: never force -latomic, set USE_LIBATOMIC instead - BUILD: makefile: add an implicit USE_MATH variable for -lm - BUILD: makefile: properly report USE_PCRE/USE_PCRE2 in features - CLEANUP: makefile: properly indent ifeq/ifneq conditional blocks - BUILD: makefile: rework 51D to split v3/v4 - BUILD: makefile: support LIBCRYPT_LDFLAGS - BUILD: makefile: support RT_LDFLAGS - BUILD: makefile: support THREAD_LDFLAGS - BUILD: makefile: support BACKTRACE_LDFLAGS - BUILD: makefile: support SYSTEMD_LDFLAGS - BUILD: makefile: support ZLIB_CFLAGS and ZLIB_LDFLAGS - BUILD: makefile: support ENGINE_CFLAGS - BUILD: makefile: support OPENSSL_CFLAGS and OPENSSL_LDFLAGS - BUILD: makefile: support WOLFSSL_CFLAGS and WOLFSSL_LDFLAGS - BUILD: makefile: support LUA_CFLAGS and LUA_LDFLAGS - BUILD: makefile: support DEVICEATLAS_CFLAGS and DEVICEATLAS_LDFLAGS - BUILD: makefile: support PCRE[2]_CFLAGS and PCRE[2]_LDFLAGS - BUILD: makefile: refactor support for 51DEGREES v3/v4 - BUILD: makefile: support WURFL_CFLAGS and WURFL_LDFLAGS - BUILD: makefile: make all OpenSSL variants use the same settings - BUILD: makefile: remove the special case of the SSL option - BUILD: makefile: only consider settings from enabled options - BUILD: makefile: also list per-option settings in 'make opts' - BUG/MINOR: debug: don't mask the TH_FL_STUCK flag before dumping threads - MINOR: cfgparse-ssl: avoid a possible crash on OOM in ssl_bind_parse_npn() - BUG/MINOR: ssl: Missing goto in error path in ocsp update code - BUG/MINOR: stick-table: report the correct action name in error message - CI: Improve headline in matrix.py - CI: Add in-memory cache for the latest OpenSSL/LibreSSL - CI: Use proper `if` blocks instead of conditional expressions in matrix.py - CI: Unify the `GITHUB_TOKEN` name across matrix.py and vtest.yml - CI: Explicitly check environment variable against `None` in matrix.py - CI: Reformat `matrix.py` using `black` - MINOR: config: add environment variables for default log format - REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests - REGTESTS: Remove REQUIRE_VERSION=2.0 from all tests - REGTESTS: Remove tests with REQUIRE_VERSION_BELOW=1.9 - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned - DOC: config: fix alphabetical ordering of http-after-response rules - MINOR: http-rules: Add missing actions in http-after-response ruleset - DOC: config: remove duplicated "http-response sc-set-gpt0" directive - BUG/MINOR: proxy: free orgto_hdr_name in free_proxy() - REGTEST: fix the race conditions in json_query.vtc - REGTEST: fix the race conditions in add_item.vtc - REGTEST: fix the race conditions in digest.vtc - REGTEST: fix the race conditions in hmac.vtc - BUG/MINOR: fd: avoid bad tgid assertion in fd_delete() from deinit() - BUG/MINOR: http: Memory leak of http redirect rules' format string - MEDIUM: stick-table: set the track-sc limit at boottime via tune.stick-counters - MINOR: stick-table: implement the sc-add-gpc() action 2022/12/01 : 2.8-dev0 - MINOR: version: mention that it's development again 2022/12/01 : 2.7.0 - MINOR: ssl: forgotten newline in error messages on ca-file - BUG/MINOR: ssl: shut the ca-file errors emitted during httpclient init - DOC: config: provide some configuration hints for "http-reuse" - DOC: config: refer to section about quoting in the "add_item" converter - DOC: halog: explain how to use -ac and -ad in the help message - DOC: config: clarify the fact that SNI should not be used in HTTP scenarios - DOC: config: mention that a single monitor-uri rule is supported - DOC: config: explain how default matching method for ACL works - DOC: config: clarify the fact that "retries" is not just for connections - BUILD: halog: fix missing double-quote at end of help line - DOC: config: clarify the -m dir and -m dom pattern matching methods - MINOR: activity: report uptime in "show activity" - REORG: activity/cli: move the "show activity" handler to activity.c - DEV: poll: add support for epoll - DEV: tcploop: centralize the polling code into wait_for_fd() - DEV: tcploop: add support for POLLRDHUP when supported - DEV: tcploop: do not report an error on POLLERR - DEV: tcploop: add optional support for epoll - SCRIPTS: announce-release: add a link to the data plane API - CLEANUP: stick-table: fill alignment holes in the stktable struct - MINOR: stick-table: store a per-table hash seed and use it - MINOR: stick-table: show the shard number in each entry's "show table" output - CLEANUP: ncbuf: remove ncb_blk args by value - CLEANUP: ncbuf: inline small functions - CLEANUP: ncbuf: use standard BUG_ON with DEBUG_STRICT - BUG/MINOR: quic: Endless loop during retransmissions - MINOR: mux-h2: add the expire task and its expiration date in "show fd" - BUG/MINOR: peers: always initialize the stksess shard value - REGTESTS: fix peers-related regtests regarding "show table" - BUG/MEDIUM: mux-h1: Close client H1C on EOS when there is no output data - MINOR: stick-table: change the API of the function used to calculate the shard - CLEANUP: peers: factor out the key len calculation in received updates - BUG/MINOR: peers: always update the stksess shard number on incoming updates - CLEANUP: assorted typo fixes in the code and comments - MINOR: mux-h1: add the expire task and its expiration date in "show fd" - MINOR: debug: improve error handling on the memstats command parser - BUILD: quic: allow build with USE_QUIC and USE_OPENSSL_WOLFSSL - CLEANUP: anon: clarify the help message on "debug dev hash" - MINOR: debug: relax access restrictions on "debug dev hash" and "memstats" - SCRIPTS: run-regtests: add a version check - MINOR: version: mention that it's stable now 2022/11/24 : 2.7-dev10 - MEDIUM: tcp-act: add parameter rst-ttl to silent-drop - BUG/MAJOR: quic: Crash upon retransmission of dgrams with several packets - MINOR: cli: print parsed command when not found - BUG/MAJOR: quic: Crash after discarding packet number spaces - CLEANUP: quic: replace "choosen" with "chosen" all over the code - MINOR: cli/pools: store "show pools" results into a temporary array - MINOR: cli/pools: add sorting capabilities to "show pools" - MINOR: cli/pools: add pool name filtering capability to "show pools" - DOC: configuration: fix quic prefix typo - MINOR: quic: report error if force-retry without cluster-secret - MINOR: global: generate random cluster.secret if not defined - BUG/MINOR: resolvers: do not run the timeout task when there's no resolution - BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns - MINOR: server/idle: make the next_takeover index per-tgroup - BUILD: listener: fix build warning on global_listener_rwlock without threads - BUG/MAJOR: sched: protect task during removal from wait queue - BUILD: sched: fix build with DEBUG_THREAD with the previous commit - DOC: quic: add note on performance issue with listener contention - BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance - BUG/MINOR: log: fix parse_log_message rfc5424 size check - CLEANUP: arg: remove extra check in make_arg_list arg escaping - CLEANUP: tools: extra check in utoa_pad - MINOR: h1: Consider empty port as invalid in authority for CONNECT - MINOR: http: Considere empty ports as valid default ports - BUG/MINOR: http-htx: Normalized absolute URIs with an empty port - BUG/MINOR: h1: Replace authority validation to conform RFC3986 - REG-TESTS: http: Add more tests about authority/host matching - BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action - BUG/MEDIUM: mux-h1: Don't release H1C on timeout if there is a SC attached - BUG/MEDIUM: mux-h1: Subscribe for reads on error on sending path - BUILD: http-htx: Silent build error about a possible NULL start-line - DOC: configuration.txt: add default_value for table_idle signature - BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk() - BUG/MEDIUM: mux-h1: Remove H1C_F_WAIT_NEXT_REQ flag on a next request - BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out - MINOR: mux-h1: Remove H1C_F_WAIT_NEXT_REQ in functions handling errors - MINOR: mux-h1: Avoid useless call to h1_send() if no error is sent - DOC: configuration.txt: fix typo in table_idle signature - BUILD: stick-tables: fix build breakage in xxhash on older compilers - BUILD: compiler: include compiler's definitions before ours - BUILD: quic: global.h is needed in cfgparse-quic - CLEANUP: tools: do not needlessly include xxhash nor cli from tools.h - BUILD: flags: really restrict the cases where flags are exposed - BUILD: makefile: minor reordering of objects by build time - BUILD: quic: silence two invalid build warnings at -O1 with gcc-6.5 - BUILD: quic: use openssl-compat.h instead of openssl/ssl.h - MEDIUM: ssl: add minimal WolfSSL support with OpenSSL compatibility mode - MINOR: sample: make the rand() sample fetch function use the statistical_prng - MINOR: auth: silence null dereference warning in check_user() - CLEANUP: peers: fix format string for status messages (int signedness) - CLEANUP: qpack: fix format string in debugging code (int signedness) - CLEANUP: qpack: properly use the QPACK macros not HPACK ones in debug code - BUG/MEDIUM: quic: fix datagram dropping on queueing failed 2022/11/18 : 2.7-dev9 - BUILD: quic: QUIC mux build fix for 32-bit build - BUILD: scripts: disable tests build on QuicTLS build - BUG/MEDIUM: httpclient: segfault when the httpclient parser fails - BUILD: ssl_sock: fix null dereference for QUIC build - BUILD: quic: Fix build for m68k cross-compilation - BUG/MINOR: quic: fix buffer overflow on retry token generation - MINOR: quic: add version field on quic_rx_packet - MINOR: quic: extend pn_offset field from quic_rx_packet - MINOR: quic: define first packet flag - MINOR: quic: extract connection retrieval - MINOR: quic: split and rename qc_lstnr_pkt_rcv() - MINOR: quic: refactor packet drop on reception - MINOR: quic: extend Retry token check function - BUG/MINOR: log: Preserve message facility when the log target is a ring buffer - BUG/MINOR: ring: Properly parse connect timeout - BUG/MEDIUM: httpclient/lua: crash when the lua task timeout before the httpclient - BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler - REGTESTS: httpclient/lua: test the lua task timeout with the httpclient - CI: github: dump the backtrace of coredumps in the alpine container - BUILD: Makefile: add "USE_SHM_OPEN" on the linux-musl target - DOC: lua: add a note about compression w/ httpclient - CLEANUP: mworker/cli: rename the status function to loadstatus - MINOR: mworker/cli: does no try to dump the startup-logs w/o USE_SHM_OPEN - MINOR: list: fixing typo in MT_LIST_LOCK_ELT - DOC/MINOR: list: fixing MT_LIST_LOCK_ELT macro documentation - MINOR: list: adding MT_LIST_APPEND_LOCKED macro - BUG/MINOR: mux-quic: complete flow-control for uni streams - BUG/MEDIUM: compression: handle rewrite errors when updating response headers - MINOR: quic: do not crash on unhandled sendto error - MINOR: quic: display unknown error sendto counter on stat page - MINOR: peers: Support for peer shards - MINOR: peers: handle multiple resync requests using shards - BUG/MINOR: sink: Only use backend capability for the sink proxies - BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers - MINOR: ssl: add the SSL error string when failing to load a certificate - MINOR: ssl: add the SSL error string before the chain - MEDIUM: ssl: be stricter about chain error - BUG/MAJOR: stick-table: don't process store-response rules for applets - MINOR: quic: remove unnecessary quic_session_accept() - BUG/MINOR: quic: fix subscribe operation - BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting - MINOR: ssl: dump the SSL string error when SSL_CTX_use_PrivateKey() failed. - MINOR: quic: add counter for interrupted reception - BUG/MINOR: quic: fix race condition on datagram purging - CI: add monthly gcc cross compile jobs - CLEANUP: assorted typo fixes in the code and comments - CLEANUP: ssl: remove dead code in ssl_sock_load_pem_into_ckch() - BUG/MINOR: httpclient: fixed memory allocation for the SSL ca_file - BUG/MINOR: ssl: Memory leak of DH BIGNUM fields - BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer - BUG/MINOR: ssl: ocsp structure not freed properly in case of error - CI: switch to the "latest" LibreSSL - CI: enable QUIC for LibreSSL builds - BUG/MEDIUM: ssl: Verify error codes can exceed 63 - MEDIUM: ssl: {ca,crt}-ignore-err can now use error constant name - MINOR: ssl: x509_v_err_str converter transforms an integer to a X509_V_ERR name - CLEANUP: cli: rename dynamic error printing state - MINOR: cli: define usermsgs print context - MINOR: server: clear prefix on stderr logs after add server - BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC - BUILD: ssl_utils: fix build on gcc versions before 8 - BUILD: debug: remove unnecessary quotes in HA_WEAK() calls - CI: emit the compiler's version in the build reports - IMPORT: xxhash: update xxHash to version 0.8.1 - IMPORT: slz: declare len to fix debug build when optimal match is enabled - IMPORT: slz: mention the potential header in slz_finish() - IMPORT: slz: define and use a __fallthrough statement for switch/case - BUILD: compiler: add a macro to detect if another one is set and equals 1 - BUILD: compiler: add a default definition for __has_attribute() - BUILD: compiler: define a __fallthrough statement for switch/case - BUILD: sample: use __fallthrough in smp_is_rw() and smp_dup() - BUILD: quic: use __fallthrough in quic_connect_server() - BUILD: ssl/crt-list: use __fallthrough in cli_io_handler_add_crtlist() - BUILD: ssl: use __fallthrough in cli_io_handler_commit_{cert,cafile_crlfile}() - BUILD: ssl: use __fallthrough in cli_io_handler_tlskeys_files() - BUILD: hlua: use __fallthrough in hlua_post_init_state() - BUILD: stream: use __fallthrough in stats_dump_full_strm_to_buffer() - BUILD: tcpcheck: use __fallthrough in check_proxy_tcpcheck() - BUILD: stats: use __fallthrough in stats_dump_proxy_to_buffer() - BUILD: peers: use __fallthrough in peer_io_handler() - BUILD: hash: use __fallthrough in hash_djb2() - BUILD: tools: use __fallthrough in url_decode() - BUILD: args: use __fallthrough in make_arg_list() - BUILD: acl: use __fallthrough in parse_acl_expr() - BUILD: spoe: use __fallthrough in spoe_handle_appctx() - BUILD: logs: use __fallthrough in build_log_header() - BUILD: check: use __fallthrough in __health_adjust() - BUILD: http_act: use __fallthrough in parse_http_del_header() - BUILD: h1_htx: use __fallthrough in h1_parse_chunk() - BUILD: vars: use __fallthrough in var_accounting_{diff,add}() - BUILD: map: use __fallthrough in cli_io_handler_*() - BUILD: compression: use __fallthrough in comp_http_payload() - BUILD: stconn: use __fallthrough in various shutw() functions - BUILD: prometheus: use __fallthrough in promex_dump_metrics() and IO handler() - CLEANUP: ssl: remove printf in bind_parse_ignore_err - BUG/MINOR: ssl: crt-ignore-err memory leak with 'all' parameter - BUG/MINOR: ssl: Fix potential overflow - CLEANUP: stick-table: remove the unused table->exp_next - OPTIM: stick-table: avoid atomic ops in stktable_requeue_exp() when possible - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task - MEDIUM: http-ana: remove set-cookie2 support - BUG/MEDIUM: wdt/clock: properly handle early task hangs - MINOR: deinit: add a "quick-exit" option to bypass the deinit step - OPTIM: ebtree: make ebmb_insert_prefix() keep a copy the new node's pfx - OPTIM: ebtree: make ebmb_insert_prefix() keep a copy the new node's key - MINOR: ssl: ssl_sock_load_cert_chain() display error strings - MINOR: ssl: reintroduce ERR_GET_LIB(ret) == ERR_LIB_PEM in ssl_sock_load_pem_into_ckch() - BUG/MINOR: http-htx: Fix error handling during parsing http replies - BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure - BUG/MINOR: resolvers: Set port before IP address when processing SRV records - BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy - BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once - BUG/MINOR: ssl: SSL_load_error_strings might not be defined - MINOR: pool/debug: create a new pool_alloc_flag() macro - MINOR: dynbuf: switch allocation and release to macros to better track users - BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers - REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses - DOC: config: fix alphabetical ordering of global section - MINOR: trace: split the CLI "trace" parser in CLI vs statement - MEDIUM: trace: create a new "trace" statement in the "global" section - BUG/MEDIUM: ring: fix creation of server in uninitialized ring - BUILD: quic: fix dubious 0-byte overflow on qc_release_lost_pkts - BUILD: makefile: mark poll and tcploop targets as phony - BUILD: makefile: properly pass CC to sub-projects - BUILD: makefile: move default verbosity settings to include/make/verbose.mk - BUILD: makefile: use $(cmd_MAKE) in quiet mode - BUILD: makefile: move the compiler option detection stuff to compiler.mk - DEV: poll: make the connect() step an action as well - DEV: poll: strip the "do_" prefix from reported function names - DEV: poll: indicate the FD's side in front of its value - BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes - MINOR: mux-h1: Remove usless code inside shutr callback - CLEANUP: mux-h1; Rename H1S_F_ERROR flag into H1S_F_ERROR_MASK - REORG: mux-h1: Reorg the H1C structure - CLEANUP: mux-h1: Rename H1C_F_ST_ERROR and H1C_F_ST_SILENT_SHUT flags - MINOR: mux-h1: Add a dedicated enum to deal with H1 connection state - MEDIUM: mux-h1: Handle H1C states via its state field instead of H1C_F_ST_* - MINOR: mux-h1: Don't handle subscribe for reads in h1_process_demux() - CLEANUP: mux-h1: Rename H1C_F_ERR_PENDING into H1C_F_ABRT_PENDING - MINOR: mux-h1: Add flag on H1 stream to deal with internal errors - MEDIUM: mux-h1: Rely on the H1C to deal with shutdown for reads - CLEANUP: mux-h1: Reorder H1 connection flags to avoid holes - MEDIUM: mux-h1: Don't report a final error whe a message is aborted - MEDIUM: mux-pt: Don't always set a final error on SE on the sending path - MEDIUM: mux-h2: Introduce flags to deal with connection read/write errors - CLEANUP: mux-h2: Remove unused fields in h2c structures - MEDIUM: mux-fcgi: Introduce flags to deal with connection read/write errors - MINOR: sconn: Set SE_FL_ERROR only when there is no more data to read - MINOR: mux-h1: Rely on a H1S flag to know a WS key was found or not - DOC: lua-api: Remove warning about the lua filters - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task - CLEANUP: listener: Remove useless task_queue from manage_global_listener_queue - BUG/MINOR: mux-h1: Fix error handling when H1S allocation failed on client side - DOC: internal: commit notes about polling states and flags - DOC: internal: commit notes about polling states and flags on connect() - CLEANUP: mux-h1: Don't test h1c in h1_shutw_conn() - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists - BUG/MEDIUM: raw-sock: Don't report connection error if something was received - BUG/MINOR: ssl: don't initialize the keylog callback when not required - BUILD: Makefile: enable USE_SHM_OPEN by default on freebsd - BUG/MEDIUM: peers: messages about unkown tables not correctly ignored - MINOR: cfgparse: Always check the section position - MEDIUM: thread: Restric nbthread/thread-group(s) to very first global sections - BUILD: peers: Remove unused variables - MINOR: ncbuf: complete doc for ncb_advance() - BUG/MEDIUM: quic: fix unsuccessful handshakes on ncb_advance error - BUG/MEDIUM: quic: fix memleak for out-of-order crypto data - MINOR: quic: complete traces/debug for handshake 2022/10/14 : 2.7-dev8 - BUG/MINOR: checks: update pgsql regex on auth packet - DOC: config: Fix pgsql-check documentation to make user param mandatory - CLEANUP: mux-quic: remove usage of non-standard ull type - CLEANUP: quic: remove global var definition in quic_tls header - BUG/MINOR: quic: adjust quic_tls prototypes - CLEANUP: quic: fix headers - CLEANUP: quic: remove unused function prototype - CLEANUP: quic: remove duplicated varint code from xprt_quic.h - CLEANUP: quic: create a dedicated quic_conn module - BUG/MINOR: mux-quic: ignore STOP_SENDING for locally closed stream - BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure - BUG/MEDIUM: lua: handle stick table implicit arguments right. - BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os - MINOR: fd: add a new function to only raise RLIMIT_NOFILE - MINOR: init: do not try to shrink existing RLIMIT_NOFIlE - BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() - BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os - BUG/MINOR: hlua: hlua_channel_insert_data() behavior conflicts with documentation - MINOR: quic: limit usage of ssl_sock_ctx in favor of quic_conn - MINOR: mux-quic: check quic-conn return code on Tx - CLEANUP: quic: fix indentation - MEDIUM: quic: retrieve frontend destination address - CLEANUP: Reapply ist.cocci (2) - CLEANUP: Reapply strcmp.cocci - CLEANUP: quic/receiver: remove the now unused tx_qring list - BUG/MINOR: quic: set IP_PKTINFO socket option for QUIC receivers only - MINOR: hlua: some luaL_checktype() calls were not guarded with MAY_LJMP - DOC: configuration: missing 'if' in tcp-request content example - MINOR: hlua: removing ambiguous lua_pushvalue with 0 index - BUG/MAJOR: stick-tables: do not try to index a server name for applets - MINOR: plock: support disabling exponential back-off - MINOR: freq_ctr: use the thread's local time whenever possible - MEDIUM: stick-table: switch the table lock to rwlock - MINOR: stick-table: do not take an exclusive lock when downing ref_cnt - MINOR: stick-table: move the write lock inside stktable_touch_with_exp() - MEDIUM: stick-table: only take the lock when needed in stktable_touch_with_exp() - MEDIUM: stick-table: make stksess_kill_if_expired() avoid the exclusive lock - MEDIUM: stick-table: return inserted entry in __stktable_store() - MEDIUM: stick-table: free newly allocated stkess if it couldn't be inserted - MEDIUM: stick-table: switch to rdlock in stktable_lookup() and lookup_key() - MEDIUM: stick-table: make stktable_get_entry() look up under a read lock - MEDIUM: stick-table: do not take a lock to update t->current anymore. - MEDIUM: stick-table: make stktable_set_entry() look up under a read lock - MEDIUM: stick-table: requeue the expiration task out of the exclusive lock - MINOR: stick-table: split stktable_store() between key and requeue - MEDIUM: stick-table: always use atomic ops to requeue the table's task - MEDIUM: stick-table: requeue the wakeup task out of the write lock - BUG/MINOR: stick-table: fix build with DEBUG_THREAD - REORG: mux-fcgi: Extract flags and enums into mux_fcgi-t.h - MINOR: flags/mux-fcgi: Decode FCGI connection and stream flags - BUG/MEDIUM: mux-h1: Add connection error handling when reading/sending on a pipe - BUG/MEDIUM: mux-h1: Handle abort with an incomplete message during parsing - BUG/MINOR: server: make sure "show servers state" hides private bits - MINOR: checks: use the lighter PRNG for spread checks - MEDIUM: checks: spread the checks load over random threads - CI: SSL: use proper version generating when "latest" semantic is used - CI: SSL: temporarily stick to LibreSSL=3.5.3 - MINOR: quic: New quic_cstream object implementation - MINOR: quic: Extract CRYPTO frame parsing from qc_parse_pkt_frms() - MINOR: quic: Use a non-contiguous buffer for RX CRYPTO data - BUG/MINOR: quic: Stalled 0RTT connections with big ClientHello TLS message - MINOR: quic: Split the secrets key allocation in two parts - CLEANUP: quic: remove unused rxbufs member in receiver - CLEANUP: quic: improve naming for rxbuf/datagrams handling - MINOR: quic: implement datagram cleanup for quic_receiver_buf - MINOR: ring: ring_cast_from_area() cast from an allocated area - MINOR: buffers: split b_force_xfer() into b_cpy() and b_force_xfer() - MINOR: logs: startup-logs can use a shm for logging the reload - MINOR: mworker/cli: reload command displays the startup-logs - MEDIUM: quic: respect the threads assigned to a bind line - DOC: management: update the "reload" command of the master CLI - BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk() - BUG/MEDIUM: httpclient: Don't set EOM flag on an empty HTX message - MINOR: httpclient/lua: Don't set req_payload callback if body is empty - DOC/CLEANUP: lua-api: some minor corrections - DOC: lua-api: updating toolbox link - DOC/CLEANUP: lua-api: removing duplicate core.proxies attribute - DOC: management: add forgotten "show startup-logs" - DOC: management: "show startup-logs" for master CLI - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition 2022/10/03 : 2.7-dev7 - BUG/MEDIUM: mux-quic: fix nb_hreq decrement - CLEANUP: httpclient: deleted unused variables - MINOR: httpclient: enabled the use of SNI presets - OPTIM: hpack-huff: reduce the cache footprint of the huffman decoder - BUG/MINOR: mux-quic: do not keep detached qcs with empty Tx buffers - REORG: mux-quic: extract traces in a dedicated source file - REORG: mux-quic: export HTTP related function in a dedicated file - MINOR: mux-quic: refactor snd_buf - BUG/MEDIUM: mux-quic: properly trim HTX buffer on snd_buf reset - BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error - BUG/MINOR: log: improper behavior when escaping log data - CLEANUP: tools: removing escape_chunk() function - MINOR: clock: split local and global date updates - MINOR: pollers: only update the local date during busy polling - MINOR: clock: do not update the global date too often - REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies - MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands - BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction - MINOR: list: documenting mt_list_for_each_entry_safe() macro - CLEANUP: list: Fix mt_list_for_each_entry_safe indentation - BUG/MINOR: hlua: Remove \n in Lua error message built with memprintf - MINOR: hlua: Allow argument on lua-lod(-per-thread) directives - BUG/MINOR: anon: memory illegal accesses in tools.c with hash_anon and hash_ipanon - MEDIUM: mworker/cli: keep the connection of the FD that ask for a reload - BUG/MINOR: hlua: fixing ambiguous sizeof in hlua_load_per_thread - MINOR: mworker/cli: replace close() by fd_delete() - MINOR: mworker: store and shows loading status - MINOR: mworker: mworker_cli_proxy_new_listener() returns a bind_conf - MINOR: mworker: stores the mcli_reload bind_conf - MINOR: mworker/cli: the mcli_reload bind_conf only send the reload status - DOC: management: describe the new reload command behavior - CLEANUP: list: fix again some style issues in the recent comments - BUG/MINOR: stream: Perform errors handling in right order in stream_new() - BUG/MEDIUM: stconn: Reset SE descriptor when we fail to create a stream - BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree - DOC: management: add timeout on the "reload" command - BUG/MINOR: ring: fix the size check in ring_make_from_area() - BUG/MINOR: config: don't count trailing spaces as empty arg - Revert "BUG/MINOR: config: don't count trailing spaces as empty arg" - BUG/MINOR: hlua: fixing hlua_http_msg_del_data behavior - BUG/MINOR: hlua: fixing hlua_http_msg_insert_data behavior - MINOR: cli: Add anonymization on a missed element for 'show sess all' - MINOR: cli: remove error message with 'set anon on|off' - MINOR: tools: modify hash_ipanon in order to use it in cli - MINOR: cli: use hash_ipanon to anonymized address - MINOR: cli: Add an anonymization on a missed element in 'show server state' - MINOR: config: correct errors about argument number in condition in cfgparse.c - MINOR: config: Add other keywords when dump the anonymized configuration file - MINOR: config: Add option line when the configuration file is dumped - MINOR: cli: correct commentary and replace 'set global-key' name - MINOR: tools: Impprove hash_ipanon to support dgram sockets and port offsets - MINOR: tools: Impprove hash_ipanon to not hash FD-based addresses - BUG/MINOR: hlua: _hlua_http_msg_delete incorrect behavior when offset is used - DOC: management: httpclient can resolve server names in URLs - BUG/MINOR: hlua: prevent crash when loading numerous arguments using lua-load(per-thread) - DOC/CLEANUP: lua-api: removing duplicate date functions doc - MINOR: hlua: ambiguous lua_pushvalue with 0 index - BUG/MINOR: config: don't count trailing spaces as empty arg (v2) - BUG/MEDIUM: config: count line arguments without dereferencing the output - BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns - BUG/MINOR: config: insufficient syntax check of the global "maxconn" value - BUG/MINOR: backend: only enforce turn-around state when not redispatching 2022/09/17 : 2.7-dev6 - MINOR: Revert part of clarifying samples support per os commit - BUILD: makefile: enable crypt(3) for NetBSD - BUG/MINOR: quic: Retransmitted frames marked as acknowledged - BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines - MINOR: http-check: Remove support for headers/body in "option httpchk" version - BUG/MINOR: h1: Support headers case adjustment for TCP proxies - BUG/MINOR: quic: Possible crash when verifying certificates - BUILD: quic: add some ifdef around the SSL_ERROR_* for libressl - BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb - BUILD: quic: temporarly ignore chacha20_poly1305 for libressl - BUILD: quic: enable early data only with >= openssl 1.1.1 - BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx - BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx() - MINOR: quic: add QUIC support when no client_hello_cb - MINOR: quic: Add traces about sent or resent TX frames - MINOR: quic: No TRACE_LEAVE() in retrieve_qc_conn_from_cid() - BUG/MINOR: quic: Wrong connection ID to thread ID association - BUG/MINOR: task: always reset a new tasklet's call date - BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet - MINOR: task: permanently enable latency measurement on tasklets - CLEANUP: task: rename ->call_date to ->wake_date - BUG/MINOR: sched: properly account for the CPU time of dying tasks - MINOR: sched: store the current profile entry in the thread context - BUG/MINOR: stream/sched: take into account CPU profiling for the last call - MINOR: tasks: do not keep cpu and latency times in struct task - MINOR: tools: add generic pointer hashing functions - CLEANUP: activity: make memprof use the generic ptr_hash() function - CLEANUP: activity: make taskprof use ptr_hash() - MINOR: debug: add struct ha_caller to describe a calling location - CLEANUP: debug: use struct ha_caller for memstat - DEBUG: task: define a series of wakeup types for tasks and tasklets - DEBUG: task: use struct ha_caller instead of arrays of file:line - DEBUG: applet: instrument appctx_wakeup() to log the caller's location - DEBUG: task: simplify the caller recording in DEBUG_TASK - CLEANUP: task: move tid and wake_date into the common part - CLEANUP: sched: remove duplicate code in run_tasks_from_list() - CLEANUP: activity: make the number of sched activity entries more configurable - DEBUG: resolvers: unstatify process_resolvers() to make it appear in profiling - DEBUG: quic: export the few task handlers that often appear in task dumps - MEDIUM: tasks/activity: combine the called function with the caller - MINOR: tasks/activity: improve the caller-callee activity hash - MINOR: activity/cli: support aggregating task profiling outputs - MINOR: activity/cli: support sorting task profiling by total CPU time - BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals - BUG/MINOR: quic: Speed up the handshake completion only one time - BUG/MINOR: quic: Trace fix about packet number space information. - BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal" - MINOR: h3: Add the quic_conn object to h3 traces - MINOR: h3: Missing connection argument for a TRACE_LEAVE() argument - MINOR: h3: Send the h3 settings with others streams (requests) - MINOR: dev/udp: Apply the corruption to both directions - BUILD: udp-perturb: Add a make target for udp-perturb tool - BUG/MINOR: signals/poller: ensure wakeup from signals - CI: cirrus-ci: bump FreeBSD image to 13-1 - DEV: flags: fix usage message to reflect available options - DEV: flags: add missing CO_FL_FDLESS connection flag - MINOR: flags: add a new file to host flag dumping macros - MINOR: flags: implement a macro used to dump enums inside masks - MINOR: flags/channel: use flag dumping for channel flags and analysers - MINOR: flags/connection: use flag dumping for connection flags - MINOR: flags/stconn: use flag dumping for stconn and sedesc flags - MINOR: flags/stream: use flag dumping for stream error type - MINOR: flags/stream: use flag dumping for stream flags - MINOR: flags/task: use flag dumping for task state - MINOR: flags/http_ana: use flag dumping for txn flags - DEV: flags: remove the now unused SHOW_FLAG() definition - DEV: flags: remove the now useless intermediary functions - MINOR: flags/htx: use flag dumping to show htx and start-line flags - MINOR: flags/http_ana: use flag dumping to show http msg states - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK - MINOR: listener: small API change - MINOR: proxy/listener: support for additional PAUSED state - BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' - BUILD: flags: fix build warning in some macros used by show_flags - BUILD: flags: fix the fallback macros for missing stdio - CLEANUP: pollers: remove dead code in the polling loop - BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created - REGTESTS: healthcheckmail: Relax matching on the healthcheck log message - CLEANUP: listener: function comment typo in stop_listener() - BUG/MINOR: listener: null pointer dereference suspected by coverity - MINOR: flags/fd: decode FD flags states - REORG: mux-h2: extract flags and enums into mux_h2-t.h - MINOR: flags/mux-h2: decode H2C and H2S flags - REGTESTS: log: test the log-forward feature - BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. - REGTESTS: ssl/log: test the log-forward with SSL - MEDIUM: httpclient: httpclient_create_proxy() creates a proxy for httpclient - MEDIUM: httpclient: allow to use another proxy - DOC: fix TOC in starter guide for subsection 3.3.8. Statistics - MINOR: httpclient: export httpclient_create_proxy() - MEDIUM: quic: separate path for rx and tx with set_encryption_secrets - BUG/MEDIUM: mux-quic: fix crash on early app-ops release - REORG: mux-h1: extract flags and enums into mux_h1-t.h - MINOR: flags/mux-h1: decode H1C and H1S flags - CLEANUP: mux-quic: remove stconn usage in h3/hq - BUG/MINOR: mux-quic: do not remotely close stream too early - CLEANUP: exclude udp-perturb with .gitignore - BUG/MEDIUM: server: segv when adding server with hostname from CLI - CLEANUP: quic,ssl: fix tiny typos in C comments - BUG/MEDIUM: captures: free() an error capture out of the proxy lock - BUILD: fd: fix a build warning on the DWCAS - MINOR: anon: add new macros and functions to anonymize contents - MINOR: anon: store the anonymizing key in the global structure - MINOR: anon: store the anonymizing key in the CLI's appctx - MINOR: cli: anonymize commands 'show sess' and 'show sess all' - MINOR: cli: anonymize 'show servers state' and 'show servers conn' - MINOR: config: add command-line -dC to dump the configuration file - SCRIPTS: announce-release: update some URLs to https 2022/09/02 : 2.7-dev5 - BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged data - BUG/MEDIUM: cpu-map: fix thread 1's affinity affecting all threads - MINOR: cpu-map: remove obsolete diag warning about combined ranges - BUG/MAJOR: mworker: fix infinite loop on master with no proxies. - REGTESTS: launch http_reuse_always in mworker mode - BUG/MINOR: quix: Memleak for non in flight TX packets - BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt() - BUG/MINOR: quic: Safer QUIC frame builders - MINOR: quic: Replace MT_LISTs by LISTs for RX packets. - BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler - BUG/MINOR: applet: make the call_rate only count the no-progress calls - MEDIUM: peers: limit the number of updates sent at once - BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD - BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() - BUG/MINOR: mworker: does not create the "default" resolvers in wait mode - BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect - REGTESTS: Fix prometheus script to perform HTTP health-checks - MINOR: resolvers: shut the warning when "default" resolvers is implicit - Revert "BUG/MINOR: quix: Memleak for non in flight TX packets" - BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets - BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup) - CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet) - CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv() - MINOR: quic: Remove useless traces about references to TX packets - Revert "MINOR: quic: Remove useless traces about references to TX packets" - DOC: configuration: do-resolve doesn't work with a port in the string - MINOR: sample: add the host_only and port_only converters - BUG/MINOR: httpclient: fix resolution with port - DOC: configuration.txt: do-resolve must use host_only to remove its port. - BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace - BUG/MINOR: quic: Frames added to packets even if not built. - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy - BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress - BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date - BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets - BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input - BUG/MINOR: epoll: do not actively poll for Rx after an error - MINOR: raw-sock: don't try to send if an error was already reported - BUG/MINOR: quic: Missing header protection AES cipher context initialisations (draft-v2) - MINOR: quic: Add a trace to distinguish the datagram from the packets inside - BUG/MINOR: ssl: fix deinit of the ca-file tree - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() - BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) - BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released - BUG/MINOR: ssl: revert two wrong fixes with ckhi_link - BUG/MINOR: dev/udp: properly preset the rx address size - BUILD: debug: make sure debug macros are never empty - MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event - BUG/MINOR: quic: TX frames memleak - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2 - MINOR: sink/ring: rotate non-empty file-backed contents only - BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support - REGTESTS: http_request_buffer: Add a barrier to not mix up log messages - BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools - MINOR: backend: always satisfy the first req reuse rule with l7 retries - BUG/MINOR: quic: Do not ack when probing - MINOR: quic: Add TX frames addresses to traces to several trace events - MINOR: quic: Trace typo fix in qc_release_frm() - BUG/MINOR: quic: Frames leak during retransmissions - BUG/MINOR: h2: properly set the direction flag on HTX response - BUG/MEDIUM: httpclient: always detach the caller before self-killing - BUG/MINOR: httpclient: only ask for more room on failed writes - BUG/MINOR: httpclient: keep-alive was accidentely disabled - MEDIUM: httpclient: enable ALPN support on outgoing https connections - BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber - BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber - DEBUG: stream: minor rearrangement of a few fields in struct stream. - MINOR: debug: report applet pointer and handler in crashes when known - MINOR: mux-h2: extract the stream dump function out of h2_show_fd() - MINOR: mux-h2: extract the connection dump function out of h2_show_fd() - MINOR: muxes: add a "show_sd" helper to complete "show sess" dumps - MINOR: mux-h2: provide a "show_sd" helper to output stream debugging info - MINOR: mux-h2: insert line breaks in "show sess all" output for legibility - MINOR: mux-quic: provide a "show_sd" helper to output stream debugging info - MINOR: mux-h1: split "show_fd" into connection and stream - MINOR: mux-h1: provide a "show_sd" helper to output stream debugging info - BUG/MINOR: http-act: initialize http fmt head earlier 2022/08/20 : 2.7-dev4 - BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp() - MINOR: quic: Too much useless traces in qc_build_frms() - BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection - MINOR: quic: Replace pool_zalloc() by pool_malloc() for fake datagrams - MINOR: debug: make the mem_stats section aligned to void* - MINOR: debug: store and report the pool's name in struct mem_stats - MINOR: debug: also store the function name in struct mem_stats - MINOR: debug/memstats: automatically determine first column size - MINOR: debug/memstats: permit to pass the size to free() - CLEANUP: mux-quic: remove loop on sending frames - MINOR: quic: replace custom buf on Tx by default struct buffer - MINOR: quic: release Tx buffer on each send - MINOR: quic: refactor datagram commit in Tx buffer - MINOR: quic: skip sending if no frame to send in io-cb - BUG/MINOR: mux-quic: open stream on STOP_SENDING - BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level - BUG/MEDIUM: quic: always remove the connection from the accept list on close - BUG/MEDIUM: poller: use fd_delete() to release the poller pipes - BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() - MEDIUM: quic: xprt traces rework - BUILD: stconn: fix build warning at -O3 about possible null sc - MINOR: quic: Remove useless lock for RX packets - BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames() - CLEANUP: quic: Remove trailing spaces - MINOR: mux-quic: adjust enter/leave traces - MINOR: mux-quic: define protocol error traces - CLEANUP: mux-quic: adjust traces level - MINOR: mux-quic: define new traces - BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg - BUG/MEDIUM: quic: Possible use of uninitialized variable in qc_lstnr_params_init() - BUG/MEDIUM: ring: fix too lax 'size' parser - BUG/MEDIUM: quic: Wrong use of in qc_lsntr_pkt_rcv() - BUILD: ring: forward-declare struct appctx to avoid a build warning - MINOR: ring: support creating a ring from a linear area - MINOR: ring: add support for a backing-file - DEV: haring: add a simple utility to read file-backed rings - DEV: haring: support remapping LF in contents with CR VT - BUG/MINOR: quic: memleak on wrong datagram receipt - BUILD: sink: replace S_IRUSR, S_IWUSR with their octal value - MINOR: ring: archive a previous file-backed ring on startup - BUG/MINOR: mux-quic: fix crash with traces in qc_detach() - BUG/MINOR: quic: MIssing check when building TX packets - BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt() - MINOR: memprof: export the minimum definitions for memory profiling - MINOR: pool/memprof: report pool alloc/free in memory profiling - MINOR: pools/memprof: store and report the pool's name in each bin - MINOR: chunk: inline alloc_trash_chunk() - MINOR: stick-table: Add table_expire() and table_idle() new converters - CLEANUP: exclude haring with .gitignore - MINOR: quic: adjust quic_frame flag manipulation - MINOR: h3: report error on control stream close - MINOR: qpack: report error on enc/dec stream close - BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control - MINOR: mux-quic: adjust traces on stream init - MINOR: mux-quic: add missing args on some traces - MINOR: quic: refactor application send - BUG/MINOR: quic: do not notify MUX on frame retransmit - BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names - BUG/MINOR: quic: Missing initializations for ducplicated frames. - BUG/MEDIUM: quic: fix crash on MUX send notification - REORG: h2: extract cookies concat function in http_htx - REGTESTS: add test for HTTP/2 cookies concatenation - MEDIUM: h3: concatenate multiple cookie headers - MINOR: applet: add a function to reset the svcctx of an applet - BUG/MEDIUM: cli: always reset the service context between commands - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle - MINOR: mux-h2/traces: report transition to SETTINGS1 before not after - MINOR: mux-h2: make streams know if they need to send more data - BUG/MINOR: mux-h2: send a CANCEL instead of ES on truncated writes - BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame struct member - MINOR: quic: Add frame addresses to QUIC_EV_CONN_PRSAFRM event traces - BUG/MINOR: quic: Wrong splitted duplicated frames handling - MINOR: quic: Add the QUIC connection to mux traces - MINOR: quic: Trace fix in qc_release_frm() - BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized - BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured - MINOR: quic: Add reusable cipher contexts for header protection - BUG/MINOR: ssl/cli: error when the ca-file is empty - MINOR: ssl: handle ca-file appending in cafile_entry - MINOR: ssl/cli: implement "add ssl ca-file" 2022/08/07 : 2.7-dev3 - BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX - BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) - MINOR: resolvers: resolvers_destroy() deinit and free a resolver - BUG/MINOR: resolvers: shut off the warning for the default resolvers - BUG/MINOR: ssl: allow duplicate certificates in ca-file directories - BUG/MINOR: tools: fix statistical_prng_range()'s output range - BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake - BUILD: debug: Add braces to if statement calling only CHECK_IF() - BUG/MINOR: fd: Properly init the fd state in fd_insert() - BUG/MEDIUM: fd/threads: fix incorrect thread selection in wakeup broadcast - MINOR: init: load OpenSSL error strings - MINOR: ssl: enhance ca-file error emitting - BUG/MINOR: mworker/cli: relative pid prefix not validated anymore - BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap - BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload - BUILD: add detection for unsupported compiler models - BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible - BUG/MEDIUM: master: force the thread count earlier - BUG/MAJOR: poller: drop FD's tgid when masks don't match - DEBUG: fd: detect possibly invalid tgid in fd_insert() - BUG/MINOR: sockpair: wrong return value for fd_send_uxst() - MINOR: sockpair: move send_fd_uxst() error message in caller - Revert "BUG/MINOR: peers: set the proxy's name to the peers section name" - DEBUG: fd: split the fd check - MEDIUM: resolvers: continue startup if network is unavailable - BUG/MINOR: fd: always remove late updates when freeing fd_updt[] - MINOR: cli: emit a warning when _getsocks was used more than once - BUG/MINOR: mworker: PROC_O_LEAVING used but not updated - Revert "MINOR: cli: emit a warning when _getsocks was used more than once" - MINOR: cli: warning on _getsocks when socket were closed - BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks - MINOR: quic: Congestion control architecture refactoring - MEDIUM: quic: Cubic congestion control algorithm implementation - MINOR: quic: New "quic-cc-algo" bind keyword - BUG/MINOR: quic: loss time limit variable computed but not used - MINOR: quic: Stop looking for packet loss asap - BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts() - MINOR: quic: Send packets as much as possible from qc_send_app_pkts() - BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once - MAJOR: threads/plock: update the embedded library - MINOR: thread: provide an alternative to pthread's rwlock - DEBUG: tools: provide a tree dump function for ebmbtrees as well - MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups - BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions - BUG/MINOR: mux-quic: prevent crash if conn released during IO callback - CLEANUP: mux-quic: remove useless app_ops is_active callback - BUG/MINOR: mux-quic: do not free conn if attached streams - MINOR: mux-quic: save proxy instance into qcc - MINOR: mux-quic: use timeout server for backend conns - MEDIUM: mux-quic: adjust timeout refresh - MINOR: mux-quic: count in-progress requests - MEDIUM: mux-quic: implement http-keep-alive timeout - MINOR: peers: Add a warning about incompatible SSL config for the local peer - MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer - BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload - BUG/MINOR: peers: Use right channel flag to consider the peer as connected - BUG/MEDIUM: dns: Properly initialize new DNS session - BUG/MINOR: backend: Don't increment conn_retries counter too early - MINOR: server: Constify source server to copy its settings - REORG: server: Export srv_settings_cpy() function - BUG/MEDIUM: proxy: Perform a custom copy for default server settings - BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement - BUG/MEDIUM: quic: Floating point exception in cubic_root() - MINOR: h3: support HTTP request framing state - MINOR: mux-quic: refresh timeout on frame decoding - MINOR: mux-quic: refactor refresh timeout function - MEDIUM: mux-quic: implement http-request timeout - BUG/MINOR: quic: Avoid sending truncated datagrams - BUG/MINOR: ring/cli: fix a race condition between the writer and the reader - BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing - BUG/MINOR: sink: fix a race condition between the writer and the reader - BUG/MINOR: quic: do not reject datagrams matching minimum permitted size - MINOR: quic: Add two new stats counters for sendto() errors - BUG/MINOR: quic: Missing Initial packet dropping case - MINOR: quic: explicitely ignore sendto error - BUG/MINOR: quic: adjust errno handling on sendto - BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr - MINOR: threads: report the number of thread groups in build options - MINOR: config: automatically preset MAX_THREADS based on MAX_TGROUPS - BUILD: SSL: allow to pass additional configure args to QUICTLS - CI: enable weekly "m32" builds on x86_64 - CLEANUP: assorted typo fixes in the code and comments - BUG/MEDIUM: fix DH length when EC key is used - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N - REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc - BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h 2022/07/16 : 2.7-dev2 - BUG/MINOR: qpack: fix build with QPACK_DEBUG - MINOR: h3: handle errors on HEADERS parsing/QPACK decoding - BUG/MINOR: qpack: abort on dynamic index field line decoding - MINOR: qpack: properly handle invalid dynamic table references - MINOR: task: Add tasklet_wakeup_after() - BUG/MINOR: quic: Dropped packets not counted (with RX buffers full) - MINOR: quic: Add new stats counter to diagnose RX buffer overrun - MINOR: quic: Duplicated QUIC_RX_BUFSZ definition - MINOR: quic: Improvements for the datagrams receipt - CLEANUP: h2: Typo fix in h2_unsubcribe() traces - MINOR: quic: Increase the QUIC connections RX buffer size (upto 64Kb) - CLEANUP: mux-quic: adjust comment on qcs_consume() - MINOR: ncbuf: implement ncb_is_fragmented() - BUG/MINOR: mux-quic: do not signal FIN if gap in buffer - MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD - BUG/MEDIUM: ssl/fd: unexpected fd close using async engine - MINOR: tinfo: make tid temporarily still reflect global ID - CLEANUP: config: remove unused proc_mask() - MINOR: debug: remove mask support from "debug dev sched" - MEDIUM: task: add and preset a thread ID in the task struct - MEDIUM: task/debug: move the ->thread_mask integrity checks to ->tid - MAJOR: task: use t->tid instead of ffsl(t->thread_mask) to take the thread ID - MAJOR: task: replace t->thread_mask with 1<tid when thread mask is needed - CLEANUP: task: remove thread_mask from the struct task - MEDIUM: applet: only keep appctx_new_*() and drop appctx_new() - MEDIUM: task: only keep task_new_*() and drop task_new() - MINOR: applet: always use task_new_on() on applet creation - MEDIUM: task: remove TASK_SHARED_WQ and only use t->tid - MINOR: task: replace task_set_affinity() with task_set_thread() - CLEANUP: task: remove the unused task_unlink_rq() - CLEANUP: task: remove the now unused TASK_GLOBAL flag - MINOR: task: make rqueue_ticks atomic - MEDIUM: task: move the shared runqueue to one per thread - MEDIUM: task: replace the global rq_lock with a per-rq one - MINOR: task: remove grq_total and use rq_total instead - MINOR: task: replace global_tasks_mask with a check for tree's emptiness - MEDIUM: task: use regular eb32 trees for the run queues - MEDIUM: queue: revert to regular inter-task wakeups - MINOR: thread: make wake_thread() take care of the sleeping threads mask - MINOR: thread: move the flags to the shared cache line - MINOR: thread: only use atomic ops to touch the flags - MINOR: poller: centralize poll return handling - MEDIUM: polling: make update_fd_polling() not care about sleeping threads - MINOR: poller: update_fd_polling: wake a random other thread - MEDIUM: thread: add a new per-thread flag TH_FL_NOTIFIED to remember wakeups - MEDIUM: tasks/fd: replace sleeping_thread_mask with a TH_FL_SLEEPING flag - MINOR: tinfo: add the tgid to the thread_info struct - MINOR: tinfo: replace the tgid with tgid_bit in tgroup_info - MINOR: tinfo: add the mask of enabled threads in each group - MINOR: debug: use ltid_bit in ha_thread_dump() - MINOR: wdt: use ltid_bit in wdt_handler() - MINOR: clock: use ltid_bit in clock_report_idle() - MINOR: thread: use ltid_bit in ha_tkillall() - MINOR: thread: add a new all_tgroups_mask variable to know about active tgroups - CLEANUP: thread: remove thread_sync_release() and thread_sync_mask - MEDIUM: tinfo: add a dynamic thread-group context - MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups - MAJOR: threads: change thread_isolate to support inter-group synchronization - MINOR: thread: add is_thread_harmless() to know if a thread already is harmless - MINOR: debug: mark oneself harmless while waiting for threads to finish - MINOR: wdt: do not rely on threads_to_dump anymore - MEDIUM: debug: make the thread dumper not rely on a thread mask anymore - BUILD: debug: fix build issue on clang with previous commit - BUILD: debug: re-export thread_dump_state - BUG/MEDIUM: threads: fix incorrect thread group being used on soft-stop - BUG/MEDIUM: thread: check stopping thread against local bit and not global one - MINOR: proxy: use tg->threads_enabled in hard_stop() to detect stopped threads - BUILD: Makefile: Add Lua 5.4 autodetect - CI: re-enable gcc asan builds - MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() - MINOR: fd: Add BUG_ON checks on fd_insert() - CLEANUP: mworker: rename mworker_pipe to mworker_sockpair - CLEANUP: mux-quic: do not export qc_get_ncbuf - REORG: mux-quic: reorganize flow-control fields - MINOR: mux-quic: implement accessor for sedesc - MEDIUM: mux-quic: refactor streams opening - MINOR: mux-quic: rename qcs flag FIN_RECV to SIZE_KNOWN - MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size - BUG/MINOR: peers/config: always fill the bind_conf's argument - BUG/MEDIUM: peers/config: properly set the thread mask - CLEANUP: bwlim: Set pointers to NULL when memory is released - BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule - BUG/MINOR: http-act: Properly generate 103 responses when several rules are used - BUG/MEDIUM: thread: mask stopping_threads with threads_enabled when checking it - CLEANUP: thread: also remove a thread's bit from stopping_threads on stop - BUG/MINOR: peers: fix possible NULL dereferences at config parsing - BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo - MINOR: http: Add function to get port part of a host - MINOR: http: Add function to detect default port - BUG/MEDIUM: h1: Improve authority validation for CONNCET request - MINOR: http-htx: Use new HTTP functions for the scheme based normalization - BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream - REGTEESTS: filters: Fix CONNECT request in random-forwarding script - MEDIUM: mworker/systemd: send STATUS over sd_notify - BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer - BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state - BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send - MEDIUM: epoll: don't synchronously delete migrated FDs - BUILD: debug: silence warning on gcc-5 - BUILD: http: silence an uninitialized warning affecting gcc-5 - BUG/MEDIUM: mux-quic: fix server chunked encoding response - REORG: mux-quic: rename stream initialization function - MINOR: mux-quic: rename stream purge function - MINOR: mux-quic: add traces on frame parsing functions - MINOR: mux-quic: implement qcs_alert() - MINOR: mux-quic: filter send/receive-only streams on frame parsing - MINOR: mux-quic: do not ack STREAM frames on unrecoverable error - MINOR: mux-quic: support stream opening via MAX_STREAM_DATA - MINOR: mux-quic: define basic stream states - MINOR: mux-quic: use stream states to mark as detached - MEDIUM: mux-quic: implement RESET_STREAM emission - MEDIUM: mux-quic: implement STOP_SENDING handling - BUG/MEDIUM: debug: fix possible hang when multiple threads dump at once - BUG/MINOR: quic: fix closing state on NO_ERROR code sent - CLEANUP: quic: clean up include on quic_frame-t.h - MINOR: quic: define a generic QUIC error type - MINOR: mux-quic: support app graceful shutdown - MINOR: mux-quic/h3: prepare CONNECTION_CLOSE on release - MEDIUM: quic: send CONNECTION_CLOSE on released MUX - CLEANUP: mux-quic: move qc_release() - MINOR: mux-quic: send one last time before release - MINOR: h3: store control stream in h3c - MINOR: h3: implement graceful shutdown with GOAWAY - BUG/MINOR: threads: produce correct global mask for tgroup > 1 - BUG/MEDIUM: cli/threads: make "show threads" more robust on applets - BUG/MINOR: thread: use the correct thread's group in ha_tkillall() - BUG/MINOR: debug: enter ha_panic() only once - BUG/MEDIUM: debug: fix parallel thread dumps again - MINOR: cli/streams: show a stream's tgid next to its thread ID - DEBUG: cli: add a new "debug dev deadlock" expert command - MINOR: cli/activity: add a thread number argument to "show activity" - CLEANUP: applet: remove the obsolete command context from the appctx - MEDIUM: config: remove deprecated "bind-process" directives from frontends - MEDIUM: config: remove the "process" keyword on "bind" lines - MINOR: listener/config: make "thread" always support up to LONGBITS - CLEANUP: fd: get rid of the __GET_{NEXT,PREV} macros - MEDIUM: debug/threads: make the lock debugging take tgroups into account - MEDIUM: proto: stop protocols under thread isolation during soft stop - MEDIUM: poller: program the update in fd_update_events() for a migrated FD - MEDIUM: poller: disable thread-groups for poll() and select() - MINOR: thread: remove MAX_THREADS limitation - MEDIUM: cpu-map: replace the process number with the thread group number - MINOR: mworker/threads: limit the mworker sockets to group 1 - MINOR: cli/threads: always bind CLI to thread group 1 - MINOR: fd/thread: get rid of thread_mask() - MEDIUM: task/thread: move the task shared wait queues per thread group - MINOR: task: move the niced_tasks counter to the thread group context - DOC: design: add some thoughts about how to handle the update_list - MEDIUM: conn: make conn_backend_get always scan the same group - MAJOR: fd: remove pending updates upon real close - MEDIUM: fd/poller: make the update-list per-group - MINOR: fd: delete unused updates on close() - MINOR: fd: make fd_insert() apply the thread mask itself - MEDIUM: fd: add the tgid to the fd and pass it to fd_insert() - MINOR: cli/fd: show fd's tgid and refcount in "show fd" - MINOR: fd: add functions to manipulate the FD's tgid - MINOR: fd: add fd_get_running() to atomically return the running mask - MAJOR: fd: grab the tgid before manipulating running - MEDIUM: fd/poller: turn polled_mask to group-local IDs - MEDIUM: fd/poller: turn update_mask to group-local IDs - MEDIUM: fd/poller: turn running_mask to group-local IDs - MINOR: fd: make fd_clr_running() return the previous value instead - MEDIUM: fd: make thread_mask now represent group-local IDs - MEDIUM: fd: make fd_insert() take local thread masks - MEDIUM: fd: make fd_insert/fd_delete atomically update fd.tgid - MEDIUM: fd: quit fd_update_events() when FD is closed - MEDIUM: thread: change thread_resolve_group_mask() to return group-local values - MEDIUM: listener: switch bind_thread from global to group-local - MINOR: fd: add fd_reregister_all() to deal with boot-time FDs - MEDIUM: fd: support stopping FDs during starting - MAJOR: pollers: rely on fd_reregister_all() at boot time - MAJOR: poller: only touch/inspect the update_mask under tgid protection - MEDIUM: fd: support broadcasting updates for foreign groups in updt_fd_polling - CLEANUP: threads: remove the now unused all_threads_mask and tid_bit - MINOR: config: change default MAX_TGROUPS to 16 - BUG/MEDIUM: tools: avoid calling dlsym() in static builds 2022/06/24 : 2.7-dev1 - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails - BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified - BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases - BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases - BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them - BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases - MEDIUM: httpclient: Don't close CLI applet at the end of a response - MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs - CLEANUP: Re-apply xalloc_size.cocci (2) - REGTESTS: abortonclose: Add a barrier to not mix up log messages - REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients - CLEANUP: ssl_ckch: Use corresponding enum for commit_cacrlfile_ctx.cafile_type - MINOR: ssl_ckch: Simplify I/O handler to commit changes on CA/CRL entry - BUG/MINOR: ssl_ckch: Use right type for old entry in show_crlfile_ctx - BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield - BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield - BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield - BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd - CLEANUP: ssl_ckch: Remove unused field in commit_cacrlfile_ctx structure - MINOR: ssl_ckch: Simplify structure used to commit changes on CA/CRL entries - MINOR: ssl_ckch: Remove service context for "set ssl cert" command - MINOR: ssl_ckch: Remove service context for "set ssl ca-file" command - MINOR: ssl_ckch: Remove service context for "set ssl crl-file" command - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler - BUILD: ssl_ckch: Fix build error about a possible uninitialized value - BUG/MINOR: ssl_ckch: Fix another possible uninitialized value - REGTESTS: http_abortonclose: Extend supported versions - REGTESTS: restrict_req_hdr_names: Extend supported versions - MINOR: connection: support HTTP/3.0 for smp_*_http_major fetch - MINOR: h3: add h3c pointer into h3s instance - MINOR: mux-quic: simplify decode_qcs API - MINOR: mux-quic/h3: adjust demuxing function return values - BUG/MINOR: h3: fix return value on decode_qcs on error - BUILD: quic: fix anonymous union for gcc-4.4 - BUILD: compiler: implement unreachable for older compilers too - DEV: tcploop: reorder options in the usage message - DEV: tcploop: make the current address the default address - DEV: tcploop: make it possible to change the target address of a connect() - DEV: tcploop: factor out the socket creation - DEV: tcploop: permit port 0 to ease handling of default options - DEV: tcploop: add a new "bind" command to bind to ip/port. - DEV: tcploop: add minimal UDP support - BUG/MINOR: trace: Test server existence for health-checks to get proxy - BUG/MINOR: checks: Properly handle email alerts in trace messages - BUG/MEDIUM: mailers: Set the object type for check attached to an email alert - REGTESTS: healthcheckmail: Update the test to be functionnal again - REGTESTS: healthcheckmail: Relax health-check failure condition - BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing - MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames - OPTIM: mux-h2: increase h2_settings_initial_window_size default to 64k - BUG/MINOR: h3: fix frame type definition - BUG/MEDIUM: h3: fix SETTINGS parsing - BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs - BUG/MINOR: server: do not enable DNS resolution on disabled proxies - BUG/MINOR: cli/stats: add missing trailing LF after "show info json" - DOC: design: update the notes on thread groups - BUG/MEDIUM: mux-quic: fix flow control connection Tx level - MINOR: mux-quic: complete BUG_ON on TX flow-control enforcing - BUG/MINOR: mux-quic: fix memleak on frames rejected by transport - BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration - CLEANUP: check: Remove useless tests on check's stream-connector - BUG/MEDIUM: stconn: Don't wakeup applet for send if it won't consume data - BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing - BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup - MINOR: task: move profiling bit to per-thread - CLEANUP: quic: use task_new_on() for single-threaded tasks - MINOR: tinfo: remove the global thread ID bit (tid_bit) - CLEANUP: hlua: check for at least 2 threads on a task - MINOR: thread: get rid of MAX_THREADS_MASK - OPTIM: task: do not consult shared WQ when we're already full - DOC: design: update the task vs thread affinity requirements - MINOR: qpack: add comments and remove a useless trace - MINOR: qpack: reduce dependencies on other modules - BUG/MINOR: qpack: support header litteral name decoding - MINOR: qpack: add ABORT_NOW on unimplemented decoding - BUG/MINOR: h3/qpack: deal with too many headers - MINOR: qpack: improve decoding function - MINOR: qpack: implement standalone decoder tool - BUG/BUILD: h3: fix wrong label name - BUG/MINOR: quic: Stop hardcoding Retry packet Version field - MINOR: quic: Add several nonce and key definitions for Retry tag - BUG/MINOR: quic: Wrong PTO calculation - MINOR: quic: Parse long packet version from qc_parse_hd_form() - CLEANUP: quid: QUIC draft-28 no more supported - MEDIUM: quic: Add QUIC v2 draft support - MINOR: quic: Released QUIC TLS extension for QUIC v2 draft - MEDIUM: quic: Compatible version negotiation implementation (draft-08) - CLEANUP: quic: Remove any reference to boringssl - BUG/MINOR: task: fix thread assignment in tasklet_kill() - BUG/MEDIUM: stream: Properly handle destructive client connection upgrades - MINOR: stream: Rely on stconn flags to abort stream destructive upgrade - CLEANUP: stconn: Don't expect to have no sedesc on detach - BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option - MINOR: hlua: don't dump empty entries in hlua_traceback() - MINOR: hlua: add a new hlua_show_current_location() function - MEDIUM: debug: add a tainted flag when a shared library is loaded - MEDIUM: debug: detect redefinition of symbols upon dlopen() - BUILD: quic: Wrong HKDF label constant variable initializations - BUG/MINOR: quic: Unexpected half open connection counter wrapping - BUG/MINOR: quic_stats: Duplicate "quic_streams_data_blocked_bidi" field name - BUG/MINOR: quic: purge conn Rx packet list on release - BUG/MINOR: quic: free rejected Rx packets - BUG/MINOR: qpack: abort on dynamic index field line decoding - BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list - REGTESTS: ssl: add the same cert for client/server - BUG/MINOR: quic: Acknowledgement must be forced during handshake - MINOR: quic: Dump version_information transport parameter - BUG/MEDIUM: mworker: use default maxconn in wait mode - MINOR: intops: add a function to return a valid bit position from a mask - TESTS: add a unit test for one_among_mask() - BUILD: ssl_ckch: fix "maybe-uninitialized" build error on gcc-9.4 + ARM - BUG/MINOR: ssl: Do not look for key in extra files if already in pem - BUG/MINOR: quic: Missing acknowledgments for trailing packets - BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created - BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch - MINOR: freq_ctr: Add a function to get events excess over the current period - BUG/MINOR: stream: only free the req/res captures when set - CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names - MEDIUM: debug: improve DEBUG_MEM_STATS to also report pool alloc/free - BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer - BUG/MAJOR: quic: Big RX dgrams leak when fulfilling a buffer - BUG/MAJOR: quic: Big RX dgrams leak with POST requests - BUILD: quic+h3: 32-bit compilation errors fixes - MEDIUM: bwlim: Add support of bandwith limitation at the stream level 2022/05/31 : 2.7-dev0 - MINOR: version: it's development again 2022/05/31 : 2.6.0 - DOC: Fix formatting in configuration.txt to fix dconv - CLEANUP: tcpcheck: Remove useless test on the stream-connector in tcpcheck_main - CLEANUP: muxes: Consider stream's sd as defined in .show_fd callback functions - MINOR: quic: Ignore out of packet padding. - CLEANUP: quic: Useless QUIC_CONN_TX_BUF_SZ definition - CLEANUP: quic: No more used handshake output buffer - MINOR: quic: QUIC transport parameters split. - MINOR: quic: Transport parameters dump - DOC: quic: Update documentation for QUIC Retry - MINOR: quic: Tunable "max_idle_timeout" transport parameter - MINOR: quic: Tunable "initial_max_streams_bidi" transport parameter - MINOR: quic: Clarifications about transport parameters value - MINOIR: quic_stats: add QUIC connection errors counters - BUG/MINOR: quic: Largest RX packet numbers mixing - MINOR: quic_stats: Add transport new counters (lost, stateless reset, drop) - DOC: quic: Documentation update for QUIC - MINOR: quic: Connection TX buffer setting renaming. - MINOR: h3: Add a statistics module for h3 - MINOR: quic: Send STOP_SENDING frames if mux is released - MINOR: quic: Do not drop packets with RESET_STREAM frames - BUG/MINOR: qpack: fix buffer API usage on prefix integer encoding - BUG/MINOR: qpack: support bigger prefix-integer encoding - BUG/MINOR: h3: do not report bug on unknown method - SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs - SCRIPTS: make publish-release try to launch make-releases-json - MINOR: htx: add an unchecked version of htx_get_head_blk() - BUILD: htx: use the unchecked version of htx_get_head_blk() where needed - BUILD: quic: use inttypes.h instead of stdint.h - DOC: internal: remove totally outdated diagrams - DOC: remove the outdated ROADMAP file - DOC: add maintainers for QUIC and HTTP/3 - MINOR: h3: define h3 trace module - MINOR: h3: add traces on frame recv - MINOR: h3: add traces on frame send - MINOR: h3: add traces on h3s init/end - EXAMPLES: remove completely outdated acl-content-sw.cfg - BUILD: makefile: reorder objects by build time - DOC: fix a few spelling mistakes in the docs - BUG/MEDIUM: peers/cli: fix "show peers" crash - CLEANUP: peers/cli: stop misusing the appctx local variable - CLEANUP: peers/cli: make peers_dump_peer() take an appctx instead of an stconn - BUG/MINOR: peers: set the proxy's name to the peers section name - MINOR: server: indicate when no address was expected for a server - BUG/MINOR: peers: detect and warn on init_addr/resolvers/check/agent-check - DOC: peers: indicate that some server settings are not usable - DOC: peers: clarify when entry expiration date is renewed. - DOC: peers: fix port number and addresses on new peers section format - DOC: gpc/gpt: add commments of gpc/gpt array definitions on stick tables. - DOC: install: update supported OpenSSL versions in the INSTALL doc - MINOR: ncbuf: adjust ncb_data with NCBUF_NULL - BUG/MINOR: h3: fix frame demuxing - BUG/MEDIUM: h3: fix H3_EXCESSIVE_LOAD when receiving H3 frame header only - BUG/MINOR: quic: Fix QUIC_EV_CONN_PRSAFRM event traces - CLEANUP: quic: remove useless check on local UNI stream reception - BUG/MINOR: qpack: do not consider empty enc/dec stream as error - DOC: intro: adjust the numbering of paragrams to keep the output ordered - MINOR: version: mention that it's LTS now. 2022/05/27 : 2.6-dev12 - CLEANUP: tools: Clean up non-QUIC error message handling in str2sa_range() - BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str - CLEANUP: tools: Crash if inet_ntop fails due to ENOSPC in sa2str - BUG/MEDIUM: mux-quic: adjust buggy proxy closing support - Revert "MINOR: quic: activate QUIC traces at compilation" - Revert "MINOR: mux-quic: activate qmux traces on stdout via macro" - CLEANUP: init: address a coverity warning about possible multiply overflow - BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols - MEDIUM: h1: enlarge the scope of accepted version chars with accept-invalid-http-request - BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function - BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections - BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section - BUG/MINOR: task: Don't defer tasks release when HAProxy is stopping - MINOR: h3: mark ncbuf as const on h3_b_dup - MINOR: mux-quic: do not alloc quic_stream_desc for uni remote stream - MINOR: mux-quic: delay cs_endpoint allocation - MINOR: mux-quic: add traces in qc_recv() - MINOR: mux-quic: adjust return value of decode_qcs - CLEANUP: h3: rename struct h3 -> h3c - CLEANUP: h3: rename uni stream type constants - BUG/MINOR: h3: prevent overflow when parsing SETTINGS - MINOR: h3: refactor h3_control_send() - MINOR: quic: support CONNECTION_CLOSE_APP emission - MINOR: mux-quic: disable read on CONNECTION_CLOSE emission - MINOR: h3: reject too big frames - MINOR: mux-quic: emit STREAM_STATE_ERROR in qcc_recv - BUG/MINOR: mux-quic: refactor uni streams TX/send H3 SETTINGS - MINOR: h3/qpack: use qcs as type in decode callbacks - MINOR: h3: define stream type - MINOR: h3: refactor uni streams initialization - MINOR: h3: check if frame is valid for stream type - MINOR: h3: define non-h3 generic parsing function - MEDIUM: quic: refactor uni streams RX - CLEANUP: h3: remove h3 uni tasklet - MINOR: h3: abort read on unknown uni stream - MINOR: h3: refactor SETTINGS parsing/error reporting - Revert "BUG/MINOR: task: Don't defer tasks release when HAProxy is stopping" - DOC: configuration: add a warning for @system-ca on bind - CLEANUP: init: address another coverity warning about a possible multiply overflow - BUG/MINOR: ssl/lua: use correctly cert_ext in CertCache.set() - BUG/MEDIUM: sample: Fix adjusting size in word converter - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) - CLEANUP: conn_stream: remove unneeded exclusion of RX_WAIT_EP from RXBLK_ANY - CLEANUP: conn_stream: rename the cs_endpoint's context to "conn" - MINOR: conn_stream: add new sets of functions to set/get endpoint flags - DEV: coccinelle: add cs_endp_flags.cocci - CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide - DEV: coccinelle: add endp_flags.cocci - CLEANUP: conn_stream: apply endp_flags.cocci tree-wide - CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to SE_FL_* - CLEANUP: conn_stream: rename the cs_endpoint's target to "se" - CLEANUP: conn_stream: rename cs_endpoint to sedesc (stream endpoint descriptor) - CLEANUP: applet: rename the sedesc pointer from "endp" to "sedesc" - CLEANUP: conn_stream: rename the conn_stream's endp to sedesc - CLEANUP: conn_stream: rename cs_app_* to sc_app_* - CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) - CLEANUP: mux-h1: add and use h1s_sc() to retrieve the stream connector - CLEANUP: mux-h2: add and use h2s_sc() to retrieve the stream connector - CLEANUP: mux-fcgi: add and use fcgi_strm_sc() to retrieve the stream connector - CLEANUP: mux-pt: add and use pt_sc() to retrieve the stream connector - CLEANUP: stdesc: rename the stream connector ->cs field to ->sc - CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb" - CLEANUP: stconn: tree-wide rename stream connector flags CS_FL_* to SC_FL_* - CLEANUP: stconn: tree-wide rename stconn states CS_ST/SB_* to SC_ST/SB_* - MINOR: check: export wake_srv_chk() - MINOR: conn_stream: test the various ops functions before calling them - MEDIUM: stconn: merge the app_ops and the data_cb fields - MINOR: applet: add new wrappers to put chk/blk/str/chr to channel from appctx - CLEANUP: applet: use applet_put*() everywhere possible - CLEANUP: stconn: rename cs_{i,o}{b,c} to sc_{i,o}{b,c} - CLEANUP: stconn: rename cs_{check,strm,strm_task} to sc_strm_* - CLEANUP: stconn: rename cs_conn() to sc_conn() - CLEANUP: stconn: rename cs_mux() to sc_mux_strm() - CLEANUP: stconn: rename cs_conn_mux() to sc_mux_ops() - CLEANUP: stconn: rename cs_appctx() to sc_appctx() - CLEANUP: stconn: rename __cs_endp_target() to __sc_endp() - CLEANUP: stconn: rename cs_get_data_name() to sc_get_data_name() - CLEANUP: stconn: rename cs_conn_*() to sc_conn_*() - CLEANUP: stconn: rename cs_conn_get_first() to conn_get_first_sc() - CLEANUP: stconn: rename cs_ep_set_error() to se_fl_set_error() - CLEANUP: stconn: make a few functions take a const argument - CLEANUP: stconn: use a single function to know if SC may send to SE - MINOR: stconn: consider CF_SHUTW for sc_is_send_allowed() - MINOR: stconn: remove calls to cs_done_get() - MEDIUM: stconn: always rely on CF_SHUTR in addition to cs_rx_blocked() - MEDIUM: stconn: remove SE_FL_RXBLK_SHUT - MINOR: stconn: rename SE_FL_RXBLK_CONN to SE_FL_APPLET_NEED_CONN - MEDIUM: stconn: take SE_FL_APPLET_NEED_CONN out of the RXBLK_ANY flags - CLEANUP: stconn: rename cs_rx_room_{blk,rdy} to sc_{need,have}_room() - CLEANUP: stconn: rename cs_rx_chan_{blk,rdy} to sc_{wont,will}_read() - CLEANUP: stconn: rename cs_rx_buff_{blk,rdy} to sc_{need,have}_buff() - MINOR: stconn: start to rename cs_rx_endp_{more,done}() to se_have_{no_,}more_data() - MINOR: stconn: add sc_is_recv_allowed() to check for ability to receive - CLEANUP: stconn: rename SE_FL_RX_WAIT_EP to SE_FL_HAVE_NO_DATA - MEDIUM: stconn: move the RXBLK flags to the stream connector - CLEANUP: stconn: rename SE_FL_WANT_GET to SE_FL_WILL_CONSUME - CLEANUP: stconn: remove cs_tx_blocked() and cs_tx_endp_ready() - CLEANUP: stconn: rename cs_{want,stop}_get() to se_{will,wont}_consume() - CLEANUP: stconn: rename cs_cant_get() to se_need_more_data() - CLEANUP: stconn: rename cs_{new,create,free,destroy}_* to sc_* - CLEANUP: stconn: rename remaining management functions from cs_* to sc_* - CLEANUP: stconn: rename cs{,_get}_{src,dst} to sc_* - CLEANUP: stconn: rename cs_{shut,chk}* to sc_* - CLEANUP: stconn: rename final state manipulation functions from cs_* to sc_* - CLEANUP: quic: drop the name "conn_stream" from the pool variable names - REORG: rename cs_utils.h to sc_strm.h - REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} - CLEANUP: muxes: rename "get_first_cs" to "get_first_sc" - DEV: flags: use "sc" for stream conns instead of "cs" - CLEANUP: check: rename all occurrences of stconn "cs" to "sc" - CLEANUP: connection: rename all occurrences of stconn "cs" to "sc" - CLEANUP: stconn: rename all occurrences of stconn "cs" to "sc" - CLEANUP: quic/h3: rename all occurrences of stconn "cs" to "sc" - CLEANUP: stream: rename all occurrences of stconn "cs" to "sc" - CLEANUP: promex: rename all occurrences of stconn "cs" to "sc" - CLEANUP: stats: rename all occurrences of stconn "cs" to "sc" - CLEANUP: cli: rename all occurrences of stconn "cs" to "sc" - CLEANUP: applet: rename all occurrences of stconn "cs" to "sc" - CLEANUP: cache: rename all occurrences of stconn "cs" to "sc" - CLEANUP: dns: rename all occurrences of stconn "cs" to "sc" - CLEANUP: spoe: rename all occurrences of stconn "cs" to "sc" - CLEANUP: hlua: rename all occurrences of stconn "cs" to "sc" - CLEANUP: log-forward: rename all occurrences of stconn "cs" to "sc" - CLEANUP: http-client: rename all occurrences of stconn "cs" to "sc" - CLEANUP: mux-fcgi: rename all occurrences of stconn "cs" to "sc" - CLEANUP: mux-h1: rename all occurrences of stconn "cs" to "sc" - CLEANUP: mux-h2: rename all occurrences of stconn "cs" to "sc" - CLEANUP: mux-pt: rename all occurrences of stconn "cs" to "sc" - CLEANUP: peers: rename all occurrences of stconn "cs" to "sc" - CLEANUP: sink: rename all occurrences of stconn "cs" to "sc" - CLEANUP: sslsock: remove only occurrence of local variable "cs" - CLEANUP: applet: rename appctx_cs() to appctx_sc() - CLEANUP: stream: rename stream_upgrade_from_cs() to stream_upgrade_from_sc() - CLEANUP: obj_type: rename OBJ_TYPE_CS to OBJ_TYPE_SC - CLEANUP: stconn: replace a few remaining occurrences of CS in comments or traces - DOC: internal: update the muxes doc to mention the stconn - CLEANUP: mux-quic: rename the "endp" field to "sd" - CLEANUP: mux-h1: rename the "endp" field to "sd" - CLEANUP: mux-h2: rename the "endp" field to "sd" - CLEANUP: mux-fcgi: rename the "endp" field to "sd" - CLEANUP: mux-pt: rename the "endp" field to "sd" - CLEANUP: stconn: rename a few "endp" arguments and variables to "sd" - MINOR: stconn: turn SE_FL_WILL_CONSUME to SE_FL_WONT_CONSUME - CLEANUP: stream: remove unneeded test on appctx during initialization - CLEANUP: stconn: remove the new unneeded SE_FL_APP_MASK - DEV: flags: fix "siet" shortcut name - DEV: flags: rename the "endp" shortcut to "sd" for "stream descriptor" - DEV: flags: reorder a few SC/SE flags - DOC: internal: add a description of the stream connectors and descriptors 2022/05/20 : 2.6-dev11 - CI: determine actual LibreSSL version dynamically - BUG/MEDIUM: ncbuf: fix null buffer usage - MINOR: ncbuf: fix warnings for testing build - MEDIUM: http-ana: Add a proxy option to restrict chars in request header names - MEDIUM: ssl: Delay random generator initialization after config parsing - MINOR: ssl: Add 'ssl-propquery' global option - MINOR: ssl: Add 'ssl-provider' global option - CLEANUP: Add missing header to ssl_utils.c - CLEANUP: Add missing header to hlua_fcn.c - CLEANUP: Remove unused function hlua_get_top_error_string - BUILD: fix build warning on solaris based systems with __maybe_unused. - MINOR: tools: add get_exec_path implementation for solaris based systems. - BUG/MINOR: ssl: Fix crash when no private key is found in pem - CLEANUP: conn-stream: Remove cs_applet_shut declaration from header file - MINOR: applet: Prepare appctx to own the session on frontend side - MINOR: applet: Let the frontend appctx release the session - MINOR: applet: Change return value for .init callback function - MINOR: stream: Export stream_free() - MINOR: applet: Add appctx_init() helper fnuction - MINOR: applet: Add a function to finalize frontend appctx startup - MINOR: applet: Add function to release appctx on error during init stage - MEDIUM: dns: Refactor dns appctx creation - MEDIUM: spoe: Refactor SPOE appctx creation - MEDIUM: lua: Refactor cosocket appctx creation - MEDIUM: httpclient: Refactor http-client appctx creation - MINOR: sink: Add a ref to sink in the sink_forward_target structure - MEDIUM: sink: Refactor sink forwarder appctx creation - MINOR: peers: Add a ref to peers section in the peer structure - MEDIUM: peers: Refactor peer appctx creation - MINOR: applet: Add API to start applet on a thread subset - MEDIUM: applet: Add support for async appctx startup on a thread subset - MINOR: peers: Track number of applets run by thread - MEDIUM: peers: Balance applets across threads - MINOR: conn-stream/applet: Stop setting appctx as the endpoint context - CLEANUP: proxy: Remove dead code when parsing "http-restrict-req-hdr-names" option - REGTESTS: abortonclose: Fix some race conditions - MINOR: ssl: Add 'ssl-provider-path' global option - CLEANUP: http_ana: Make use of the return value of stream_generate_unique_id() - BUG/MINOR: spoe: Fix error handling in spoe_init_appctx() - CLEANUP: peers: Remove unreachable code in peer_session_create() - CLEANUP: httpclient: Remove useless test on ss_dst in httpclient_applet_init() - BUG/MEDIUM: quic: fix Rx buffering - OPTIM: quic: realign empty Rx buffer - BUG/MINOR: ncbuf: fix ncb_is_empty() - MINOR: ncbuf: refactor ncb_advance() - BUG/MINOR: mux-quic: update session's idle delay before stream creation - MINOR: h3: do not wait a complete frame for demuxing - MINOR: h3: flag demux as full on HTX full - MEDIUM: mux-quic: implement recv on io-cb - MINOR: mux-quic: remove qcc_decode_qcs() call in XPRT - MINOR: mux-quic: reorganize flow-control frames emission - MINOR: mux-quic: implement MAX_STREAM_DATA emission - MINOR: mux-quic: implement MAX_DATA emission - BUG/MINOR: mux-quic: support nul buffer with qc_free_ncbuf() - MINOR: mux-quic: free RX buf if empty - BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() - BUG/MINOR: check: Reinit the buffer wait list at the end of a check - MEDIUM: check: No longer shutdown the connection in .wake callback function - REORG: check: Rename and export I/O callback function - MEDIUM: check: Use the CS to handle subscriptions for read/write events - BUG/MINOR: quic: break for error on sendto - MINOR: quic: abort on unlisted errno on sendto() - MINOR: quic: detect EBADF on sendto() - BUG/MEDIUM: quic: fix initialization for local/remote TPs - CLEANUP: quic: adjust comment/coding style for TPs init - BUG/MINOR: cfgparse: abort earlier in case of allocation error - MINOR: quic: Dump initial derived secrets - MINOR: quic_tls: Add quic_tls_derive_retry_token_secret() - MINOR: quic_tls: Add quic_tls_decrypt2() implementation - MINOR: quic: Retry implementation - MINOR: cfgparse: Update for "cluster-secret" keyword for QUIC Retry - MINOR: quic: Move quic_lstnr_dgram_dispatch() out of xprt_quic.c - BUILD: stats: Missing headers inclusions from stats.h - MINOR: quic_stats: Add a new stats module for QUIC - MINOR: quic: Attach proxy QUIC stats counters to the QUIC connection - BUG/MINOR: quic: Fix potential memory leak during QUIC connection allocations - MINOR: quic: QUIC stats counters handling - MINOR: quic: Add tune.quic.retry-threshold keyword - MINOR: quic: Dynamic Retry implementation - MINOR: quic/mux-quic: define CONNECTION_CLOSE send API - MINOR: mux-quic: emit FLOW_CONTROL_ERROR - MINOR: mux-quic: emit STREAM_LIMIT_ERROR - MINOR: mux-quic: close connection on error if different data at offset - BUG/MINOR: peers: fix error reporting of "bind" lines - CLEANUP: config: improve address parser error report for unmatched protocols - CLEANUP: config: provide cleare hints about unsupported QUIC addresses - MINOR: protocol: replace ctrl_type with xprt_type and clarify it - MINOR: listener: provide a function to process all of a bind_conf's arguments - MINOR: config: use the new bind_parse_args_list() to parse a "bind" line - CLEANUP: listener: add a comment about what the BC_SSL_O_* flags are for - MINOR: listener: add a new "options" entry in bind_conf - CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL - CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS - CLEANUP: listener: replace bind_conf->quic_force_retry with BC_O_QUIC_FORCE_RETRY - CLEANUP: listener: store stream vs dgram at the bind_conf level - MINOR: listener: detect stream vs dgram conflict during parsing - MINOR: listener: set the QUIC xprt layer immediately after parsing the args - MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known - MINOR: connection: add flag MX_FL_FRAMED to mark muxes relying on framed xprt - MINOR: config: detect and report mux and transport incompatibilities - MINOR: listener: automatically select a QUIC mux with a QUIC transport - MINOR: listener: automatically enable SSL if a QUIC transport is found - BUG/MINOR: quic: Fixe a typo in qc_idle_timer_task() - BUG/MINOR: quic: Missing stats counter decrementation - BUILD/MINOR: cpuset fix build for FreeBSD 13.1 - CI: determine actual OpenSSL version dynamically 2022/05/14 : 2.6-dev10 - MINOR: ssl: ignore dotfiles when loading a dir w/ ca-file - MEDIUM: ssl: ignore dotfiles when loading a dir w/ crt - BUG/MINOR: ssl: Fix typos in crl-file related CLI commands - MINOR: compiler: add a new macro to set an attribute on an enum when possible - BUILD: stats: conditionally mark obsolete stats states as deprecated - BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation - BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings - BUILD: listener: shut report of possible null-deref in listener_accept() - BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( - DOC: install: update gcc version requirements - BUILD: makefile: add -Wfatal-errors to the default flags - BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). - BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket - BUG/MINOR: mux-h2: mark the stream as open before processing it not after - MINOR: mux-h2: report a trace event when failing to create a new stream - DOC: configuration: add the httpclient keywords to the global keywords index - MINOR: quic: Add a debug counter for sendto() errors - BUG/MINOR: quic: Dropped peer transport parameters - BUG/MINOR: quic: Wrong unit for ack delay for incoming ACK frames - MINOR: quic: Congestion controller event trace fix (loss) - MINOR: quic: Add correct ack delay values to ACK frames - MINOR: config: Add "cluster-secret" new global keyword - MINOR: quic-tls: Add quic_hkdf_extract_and_expand() for HKDF - MINOR: quic: new_quic_cid() code moving - MINOR: quic: Initialize stateless reset tokens with HKDF secrets - MINOR: qc_new_conn() rework for stateless reset - MINOR: quic: Stateless reset token copy to transport parameters - MINOR: quic: Send stateless reset tokens - MINOR: quic: Short packets always embed a trailing AEAD TAG - CLEANUP: quic: wrong use of eb*entry() macro - CLEANUP: quic: Useless use of pointer for quic_hkdf_extract() - CLEANUP: quic_tls: QUIC_TLS_IV_LEN defined two times - MINOR: ncbuf: define non-contiguous buffer - MINOR: ncbuf: complete API and define block interal abstraction - MINOR: ncbuf: optimize storage for the last gap - MINOR: ncbuf: implement insertion - MINOR: ncbuf: define various insertion modes - MINOR: ncbuf: implement advance - MINOR: ncbuf: write unit tests - BUG/MEDIUM: lua: fix argument handling in data removal functions - DOC/MINOR: fix typos in the lua-api document - BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized - MINOR: mux-h1: Add global option accpet payload for any HTTP/1.0 requests - CLEANUP: mux-h1: Fix comments and error messages for global options - MINOR: conn_stream: make cs_set_error() work on the endpoint instead - CLEANUP: mux-h1: always take the endp from the h1s not the cs - CLEANUP: mux-h2: always take the endp from the h2s not the cs - CLEANUP: mux-pt: always take the endp from the context not the cs - CLEANUP: mux-fcgi: always take the endp from the fstrm not the cs - CLEANUP: mux-quic: always take the endp from the qcs not the cs - CLEANUP: applet: use the appctx's endp instead of cs->endp - MINOR: conn_stream: add a pointer back to the cs from the endpoint - MINOR: mux-h1: remove the now unneeded h1s->cs - MINOR: mux-h2: make sure any h2s always has an endpoint - MINOR: mux-h2: remove the now unneeded conn_stream from the h2s - MINOR: mux-fcgi: make sure any stream always has an endpoint - MINOR: mux-fcgi: remove the now unneeded conn_stream from the fcgi_strm - MINOR: mux-quic: remove the now unneeded conn_stream from the qcs - MINOR: mux-pt: remove the now unneeded conn_stream from the context - CLEANUP: muxes: make mux->attach/detach take a conn_stream endpoint - MINOR: applet: replace cs_applet_shut() with appctx_shut() - MINOR: applet: add appctx_strm() and appctx_cs() to access common fields - CLEANUP: applet: remove the unneeded appctx->owner - CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp() - MINOR: ext-check: indicate the transport and protocol of a server - BUG/MEDIUM: mux-quic: fix a thinko in the latest cs/endpoint cleanup - MINOR: tools: improve error message accuracy in str2sa_range - MINOR: config: make sure never to mix dgram and stream protocols on a bind line - BUG/MINOR: ncbuf: fix coverity warning on uninit sz_data - MINOR: xprt_quic: adjust flow-control according to bufsize - MEDIUM: mux-quic/h3/hq-interop: use ncbuf for bidir streams - MEDIUM: mux-quic/h3/qpack: use ncbuf for uni streams - CLEANUP: mux-quic: remove unused fields for Rx - CLEANUP: quic: remove unused quic_rx_strm_frm 2022/05/08 : 2.6-dev9 - MINOR: mux-quic: support full request channel buffer - BUG/MINOR: h3: fix parsing of unknown frame type with null length - CLEANUP: backend: make alloc_{bind,dst}_address() idempotent - MEDIUM: stream: remove the confusing SF_ADDR_SET flag - MINOR: conn_stream: remove the now unused CS_FL_ADDR_*_SET flags - CLEANUP: protocol: make sure the connect_* functions always receive a dst - MINOR: connection: get rid of the CO_FL_ADDR_*_SET flags - MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags - CLEANUP: mux: Useless xprt_quic-t.h inclusion - MINOR: quic: Make the quic_conn be aware of the number of streams - BUG/MINOR: quic: Dropped retransmitted STREAM frames - BUG/MINOR: mux_quic: Dropped packet upon retransmission for closed streams - MEDIUM: httpclient: remove url2sa to use a more flexible parser - MEDIUM: httpclient: http-request rules for resolving - MEDIUM: httpclient: allow address and port change for resolving - CLEANUP: httpclient: remove the comment about resolving - MINOR: httpclient: handle unix and other socket types in dst - MINOR: httpclient: rename dash by dot in global option - MINOR: init: exit() after pre-check upon error - MINOR: httpclient: cleanup the error handling in init - MEDIUM: httpclient: hard-error when SSL is configured - MINOR: httpclient: allow to configure the ca-file - MINOR: httpclient: configure the resolvers section to use - MINOR: httpclient: allow ipv4 or ipv6 preference for resolving - DOC: configuration: httpclient global option - MINOR: conn-stream: Add mask from flags set by endpoint or app layer - BUG/MEDIUM: conn-stream: Only keep app layer flags of the endpoint on reset - BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message - BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified - DOC: config: Update doc for PR/PH session states to warn about rewrite failures - MINOR: resolvers: cleanup alert/warning in parse-resolve-conf - MINOR: resolvers: move the resolv.conf parser in parse_resolv_conf() - MINOR: resolvers: resolvers_new() create a resolvers with default values - BUILD: debug: unify the definition of ha_backtrace_to_stderr() - BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] - MEDIUM: resolvers: create a "default" resolvers section at startup - DOC: resolvers: default resolvers section - BUG/MINOR: startup: usage() when no -cc arguments - BUG/MEDIUM: resolvers: make "show resolvers" properly yield - BUG/MEDIUM: cli: make "show cli sockets" really yield - BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend" - BUG/MINOR: map/cli: protect the backref list during "show map" errors - BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init - BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts - BUG/MINOR: ssl/cli: fix "show ssl ca-file " not to mix cli+ssl contexts - BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts - BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts - CLEANUP: ssl/cli: do not loop on unknown states in "add ssl crt-list" handler - MINOR: applet: reserve some generic storage in the applet's context - CLEANUP: applet: make appctx_new() initialize the whole appctx - CLEANUP: stream/cli: take the "show sess" context definition out of the appctx - CLEANUP: stream/cli: stop using appctx->st2 for the dump state - CLEANUP: stream/cli: remove the unneeded init state from "show sess" - CLEANUP: stream/cli: remove the unneeded STATE_FIN state from "show sess" - CLEANUP: stream/cli: remove the now unneeded dump state from "show sess" - CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx - CLEANUP: stick-table/cli: take the "show table" context definition out of the appctx - CLEANUP: stick-table/cli: stop using appctx->st2 for the dump state - CLEANUP: stick-table/cli: remove the unneeded STATE_INIT for "show table" - CLEANUP: map/cli: take the "show map" context definition out of the appctx - CLEANUP: map/cli: stop using cli.i0/i1 to store the generation numbers - CLEANUP: map/cli: stop using appctx->st2 for the dump state - CLEANUP: map/cli: always detach the backref from the list after "show map" - CLEANUP: peers/cli: take the "show peers" context definition out of the appctx - CLEANUP: peers/cli: stop using appctx->st2 for the dump state - CLEANUP: peers/cli: remove unneeded state STATE_INIT - CLEANUP: cli: initialize the whole appctx->ctx, not just the stats part - CLEANUP: promex: make the applet use its own context - CLEANUP: promex: stop using appctx->st2 - CLEANUP: stats/cli: take the "show stat" context definition out of the appctx - CLEANUP: stats/cli: stop using appctx->st2 - CLEANUP: hlua/cli: take the hlua_cli context definition out of the appctx - CLEANUP: ssl/cli: use a local context for "show cafile" - CLEANUP: ssl/cli: use a local context for "show crlfile" - CLEANUP: ssl/cli: use a local context for "show ssl cert" - CLEANUP: ssl/cli: use a local context for "commit ssl cert" - CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl cert" - CLEANUP: ssl/cli: use a local context for "set ssl cert" - CLEANUP: ssl/cli: use a local context for "set ssl cafile" - CLEANUP: ssl/cli: use a local context for "set ssl crlfile" - CLEANUP: ssl/cli: use a local context for "commit ssl {ca|crl}file" - CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl ca/crl" - CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys" - CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref" - CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore - CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore - CLEANUP: ssl/cli: make "{show|dump} ssl crtlist" use its own context - CLEANUP: ssl/cli: make "add ssl crtlist" use its own context - CLEANUP: ssl/cli: make "add ssl crtlist" not use st2 anymore - CLEANUP: dns: stop abusing the sink forwarder's context - CLEANUP: sink: use the generic context to store the forwarder's context - CLEANUP: activity/cli: make "show profiling" not use ctx.cli anymore - CLEANUP: debug/cli: make "debug dev fd" not use ctx.cli anymore - CLEANUP: debug/cli: make "debug dev memstats" not use ctx.cli anymore - CLEANUP: ring: pass the ring watch flags to ring_attach_cli(), not in ctx.cli - CLEANUP: ring/cli: use a locally-defined context instead of using ctx.cli - CLEANUP: resolvers/cli: make "show resolvers" use a locally-defined context - CLEANUP: resolvers/cli: remove the unneeded appctx->st2 from "show resolvers" - CLEANUP: cache/cli: make use of a locally defined context for "show cache" - CLEANUP: proxy/cli: make use of a locally defined context for "show servers" - CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" - CLEANUP: proxy/cli: make "show backend" only use the generic context - CLEANUP: cli: make "show fd" use its own context - CLEANUP: cli: make "show env" use its own context - CLEANUP: cli: simplify the "show cli sockets" I/O handler - CLEANUP: cli: make "show cli sockets" use its own context - CLEANUP: httpclient/cli: use a locally-defined context instead of ctx.cli - CLEANUP: httpclient: do not use the appctx.ctx anymore - CLEANUP: peers: do not use appctx.ctx anymore - CLEANUP: spoe: do not use appctx.ctx anymore - BUILD: applet: mark the CLI's generic variables as deprecated - BUILD: applet: mark the appctx's st2 variable as deprecated - CLEANUP: cache: take the context out of appctx.ctx - MEDIUM: lua: move the cosocket storage outside of appctx.ctx - MINOR: lua: move the tcp service storage outside of appctx.ctx - MINOR: lua: move the http service context out of appctx.ctx - CLEANUP: cli: move the status print context into its own context - CLEANUP: stats: rename the stats state values an mark the old ones deprecated - DOC: internal: document the new cleaner approach to the appctx - MINOR: tcp: socket translate TCP_KEEPIDLE for macOs equivalent - DOC: fix typo "ant" for "and" in INSTALL - CI: dynamically determine actual version of h2spec 2022/04/30 : 2.6-dev8 - BUG/MINOR: quic: fix use-after-free with trace on ACK consume - BUG/MINOR: rules: Forbid captures in defaults section if used by a backend - BUG/MEDIUM: rules: Be able to use captures defined in defaults section - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments - BUG/MINOR: http-act: make release_http_redir() more robust - BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args - MINOR: sample: don't needlessly call c_none() in sample_fetch_as_type() - MINOR: sample: make the bool type cast to bin - MEDIUM: backend: add new "balance hash " algorithm - MINOR: init: add global setting "fd-hard-limit" to bound system limits - BUILD: pollers: use an initcall to register the pollers - BUILD: xprt: use an initcall to register the transport layers - BUILD: thread: use initcall instead of a constructor - BUILD: http: remove the two unused constructors in rules and ana - CLEANUP: compression: move the default setting of maxzlibmem to defaults - MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN - BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time' - MINOR: fd: add functions to set O_NONBLOCK and FD_CLOEXEC - CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec() - CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc - REGTESTS: webstats: remove unused stats socket in /tmp - MEDIUM: httpclient: disable SSL when the ca-file couldn't be loaded - BUG/MINOR: httpclient/lua: error when the httpclient_start() fails - BUG/MINOR: ssl: free the cafile entries on deinit - BUG/MINOR: ssl: memory leak when trying to load a directory with ca-file - MEDIUM: httpclient: re-enable the verify by default - BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail - BUILD: compiler: properly distinguish weak and global symbols - MINOR: connection: Add way to disable active connection closing during soft-stop - BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option - CLEANUP: Destroy `http_err_chunks` members during deinit - BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() - MINOR: Call deinit_and_exit(0) for `haproxy -vv` - BUILD: fd: disguise the fd_set_nonblock/cloexec result - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() - MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord" - CLEANUP: errors: also call deinit_errors_buffers() on deinit() - CLEANUP: chunks: release trash also in deinit - CLEANUP: deinit: release the pre-check callbacks - CLEANUP: deinit: release the config postparsers - CLEANUP: listeners/deinit: release accept queue tasklets on deinit - CLEANUP: connections/deinit: destroy the idle_conns tasks - BUG/MINOR: mux-quic: fix build in release mode - MINOR: mux-quic: adjust comment on emission function - MINOR: mux-quic: remove unused bogus qcc_get_stream() - BUG/MINOR: mux-quic: fix leak if cs alloc failure - MINOR: mux-quic: count local flow-control stream limit on reception - BUG/MINOR: h3: fix incomplete POST requests - BUG/MEDIUM: h3: fix use-after-free on mux Rx buffer wrapping - MINOR: mux-quic: partially copy Rx frame if almost full buf - MINOR: h3: change frame demuxing API - MINOR: mux-quic: add a app-layer context in qcs - MINOR: h3: implement h3 stream context - MINOR: h3: support DATA demux if buffer full - MINOR: quic: decode as much STREAM as possible - MINOR: quic: Improve qc_prep_pkts() flexibility - MINOR: quic: Prepare quic_frame struct duplication - MINOR: quic: Do not retransmit frames from coalesced packets - MINOR: quic: Add traces about TX frame memory releasing - MINOR: quic: process_timer() rework - MEDIUM: quic: New functions for probing rework - MEDIUM: quic: Retransmission functions rework - MEDIUM: quic: qc_requeue_nacked_pkt_tx_frms() rework - MINOR: quic: old data distinction for qc_send_app_pkt() - MINOR: quic: Mark packets as probing with old data - MEDIUM: quic: Mark copies of acknowledged frames as acknowledged - MEDIUM: quic: Enable the new datagram probing process - MINOR: quic: Do not send ACK frames when probing - BUG/MINOR: quic: Wrong returned status by qc_build_frms() - BUG/MINOR: quic: Avoid sending useless PADDING frame - BUG/MINOR: quic: Traces fix about remaining frames upon packet build failure - MINOR: quic: Wake up the mux to probe with new data - BUG/MEDIUM: quic: Possible crash on STREAM frame loss - BUG/MINOR: quic: Missing Initial packet length check - CLEANUP: quic: Rely on the packet length set by qc_lstnr_pkt_rcv() - MINOR: quic: Drop 0-RTT packets if not allowed - BUG/MINOR: httpclient/ssl: use the correct verify constant - BUG/MEDIUM: conn-stream: Don't erase endpoint flags on reset - BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel - BUG/MINOR: httpclient: Count metadata in size to transfer via htx_xfer_blks() - MINOR: httpclient: Don't use co_set_data() to decrement output - BUG/MINOR: conn_stream: do not confirm a connection from the frontend path - MEDIUM: quic: do not ACK packet with STREAM if MUX not present - MEDIUM: quic: do not ack packet with invalid STREAM - MINOR: quic: Drop 0-RTT packets without secrets - CLEANUP: quic: Remaining fprintf() debug trace - MINOR: quic: moving code for QUIC loss detection - BUG/MINOR: quic: Missing time threshold multiplifier for loss delay computation - CI: github actions: update LibreSSL to 3.5.2 - SCRIPTS: announce-release: add URL of dev packages 2022/04/23 : 2.6-dev7 - BUILD: calltrace: fix wrong include when building with TRACE=1 - MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones - MEDIUM: ssl: Disable DHE ciphers by default - BUILD: ssl: Fix compilation with OpenSSL 1.0.2 - MINOR: mux-quic: split xfer and STREAM frames build - REORG: quic: use a dedicated module for qc_stream_desc - MINOR: quic-stream: use distinct tree nodes for quic stream and qcs - MINOR: quic-stream: add qc field - MEDIUM: quic: implement multi-buffered Tx streams - MINOR: quic-stream: refactor ack management - MINOR: quic: limit total stream buffers per connection - MINOR: mux-quic: implement immediate send retry - MINOR: cfg-quic: define tune.quic.conn-buf-limit - MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option - REGTESTS: ssl: Update error messages that changed with OpenSSLv3.1.0-dev - BUG/MEDIUM: quic: Possible crash with released mux - BUG/MINOR: mux-quic: unsubscribe on release - BUG/MINOR: mux-quic: handle null timeout - BUG/MEDIUM: logs: fix http-client's log srv initialization - BUG/MINOR: mux-quic: remove dead code in qcs_xfer_data() - DEV: stream: Fix conn-streams dump in full stream message - CLEANUP: conn-stream: Rename cs_conn_close() and cs_conn_drain_and_close() - CLEANUP: conn-stream: Rename cs_applet_release() - MINOR: conn-stream: Rely on endpoint shutdown flags to shutdown an applet - BUG/MINOR: cache: Disable cache if applet creation fails - BUG/MINOR: backend: Don't allow to change backend applet - BUG/MEDIUM: conn-stream: Set back CS to RDY state when the appctx is created - MINOR: stream: Don't needlessly detach server endpoint on early client abort - MINOR: conn-stream: Make cs_detach_* private and use cs_destroy() from outside - MINOR: init: add the pre-check callback - MEDIUM: httpclient: change the init sequence - MEDIUM: httpclient/ssl: verify required - MINOR: httpclient/mworker: disable in the master process - MEDIUM: httpclient/ssl: verify is configurable and disabled by default - BUG/MAJOR: connection: Never remove connection from idle lists outside the lock - BUG/MEDIUM: mux-quic: fix stalled POST requets - BUG/MINOR: mux-quic: fix POST with abortonclose - MINOR: task: add a new task_instant_wakeup() function - MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks - DOC: remove my name from the config doc 2022/04/16 : 2.6-dev6 - CLEANUP: connection: reduce the with of the mux dump output - CI: Update to actions/checkout@v3 - CI: Update to actions/cache@v3 - DOC: adjust QUIC instruction in INSTALL - BUG/MINOR: stats: define the description' background color in dark color scheme - BUILD: ssl: add USE_ENGINE and disable the openssl engine by default - BUILD: makefile: pass USE_ENGINE to cflags - BUILD: xprt-quic: replace ERR_func_error_string() with ERR_peek_error_func() - DOC: install: document the fact that SSL engines are not enabled by default - CI: github actions: disable -Wno-deprecated - BUILD: makefile: silence unbearable OpenSSL deprecation warnings - MINOR: sock: check configured limits at the sock layer, not the listener's - MINOR: connection: add a new flag CO_FL_FDLESS on fd-less connections - MINOR: connection: add conn_fd() to retrieve the FD only when it exists - MINOR: stream: only dump connections' FDs when they are valid - MINOR: connection: use conn_fd() when displaying connection errors - MINOR: connection: skip FD-based syscalls for FD-less connections - MEDIUM: connection: panic when calling FD-specific functions on FD-less conns - MINOR: mux-quic: properly set the flags and name fields - MINOR: connection: rearrange conn_get_src/dst to be a bit more extensible - MINOR: protocol: add get_src() and get_dst() at the protocol level - MINOR: quic-sock: provide a pair of get_src/get_dst functions - MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection - MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx - MEDIUM: xprt-quic: implement get_ssl_sock_ctx() - MEDIUM: quic: move conn->qc into conn->handle - BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx - BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx() - MINOR: ssl: refine the error testing for fc_err and fc_err_str - BUG/MINOR: sock: do not double-close the accepted socket on the error path - CI: cirrus: switch to FreeBSD-13.0 - MINOR: log: add '~' to frontend when the transport layer provides SSL - BUILD/DEBUG: lru: fix printf format in debug code - BUILD: peers: adjust some printf format to silence cppcheck - BUILD/DEBUG: hpack-tbl: fix format string in standalone debug code - BUILD/DEBUG: hpack: use unsigned int in printf format in debug code - BUILD: halog: fix some incorrect signs in printf formats for integers - BUG/MINOR: h3: fix build with DEBUG_H3 - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent - BUG/MINOR: cache: do not display expired entries in "show cache" - BUG/MINOR: mux-h1: Don't release unallocated CS on error path - MINOR: applet: Make .init callback more generic - MINOR: conn-stream: Add flags to set the type of the endpoint - MEDIUM: applet: Set the appctx owner during allocation - MAJOR: conn-stream: Invert conn-stream endpoint and its context - REORG: Initialize the conn-stream by hand in cs_init() - MEDIUM: conn-stream: Add an endpoint structure in the conn-stream - MINOR: conn-stream: Move some CS flags to the endpoint - MEDIUM: conn-stream: Be able to pass endpoint to create a conn-stream - MEDIUM: conn-stream: Pre-allocate endpoint to create CS from muxes and applets - REORG: applet: Uninline appctx_new function - MAJOR: conn-stream: Share endpoint struct between the CS and the mux/applet - MEDIUM: conn-stream: Move remaning flags from CS to endpoint - MINOR: mux-pt: Rely on the endpoint instead of the conn-stream when possible - MINOR: conn-stream: Add ISBACK conn-stream flag - MINOR: conn-stream: Add header file with util functions related to conn-streams - MEDIUM: tree-wide: Use CS util functions instead of SI ones - MINOR: stream-int/txn: Move buffer for L7 retries in the HTTP transaction - CLEANUP: http-ana: Remove http_alloc_txn() function - MINOR: stream-int/stream: Move conn_retries counter in the stream - MINOR: stream: Simplify retries counter calculation - MEDIUM: stream-int/conn-stream: Move src/dst addresses in the conn-stream - MINOR: stream-int/conn-stream: Move half-close timeout in the conn-stream - MEDIUM: stream-int/stream: Use connect expiration instead of SI expiration - MINOR: stream-int/conn-stream: Report error to the CS instead of the SI - MEDIUM: conn-stream: Use endpoint error instead of conn-stream error - MINOR: channel: Use conn-streams as channel producer and consumer - MINOR: stream-int: Remove SI_FL_KILL_CON to rely on conn-stream endpoint only - MINOR: mux-h2/mux-fcgi: Fully rely on CS_EP_KILL_CONN - MINOR: stream-int: Remove SI_FL_NOLINGER/NOHALF to rely on CS flags instead - MINOR: stream-int: Remove SI_FL_DONT_WAKE to rely on CS flags instead - MINOR: stream-int: Remove SI_FL_INDEP_STR to rely on CS flags instead - MINOR: stream-int: Remove SI_FL_SRC_ADDR to rely on stream flags instead - CLEANUP: stream-int: Remove unused SI_FL_CLEAN_ABRT flag - MINOR: stream: Only save previous connection state for the server side - MEDIUM: stream-int: Move SI err_type in the stream - MEDIUM: stream-int/conn-stream: Move stream-interface state in the conn-stream - MINOR: stream-int/stream: Move si_retnclose() in the stream scope - MINOR: stream-int/backend: Move si_connect() in the backend scope - MINOR: stream-int/conn-stream: Move si_conn_ready() in the conn-stream scope - MINOR: conn-stream/connection: Move SHR/SHW modes in the connection scope - MEDIUM: conn-stream: Be prepared to fail to attach a cs to a mux - MEDIUM: stream-int/conn-stream: Handle I/O subscriptions in the conn-stream - MINOR: conn-stream: Rename CS functions dedicated to connections - MINOR: stream-int/conn-stream: Move si_shut* and si_chk* in conn-stream scope - MEDIUM: stream-int/conn-stream: Move si_ops in the conn-stream scope - MINOR: applet: Use the CS to register and release applets instead of SI - MINOR: connection: unconst mux's get_fist_cs() callback function - MINOR: stream-int/connection: Move conn_si_send_proxy() in the connection scope - REORG: stream-int: Export si_cs_recv(), si_cs_send() and si_cs_process() - REORG: stream-int: Move si_is_conn_error() in the header file - REORG: conn-stream: Move cs_shut* and cs_chk* in cs_utils - REORG: conn-stream: Move cs_app_ops in conn_stream.c - MINOR: stream-int-conn-stream: Move si_update_* in conn-stream scope - MINOR: stream-int/stream: Move si_update_both in stream scope - MEDIUM: conn-stream/applet: Add a data callback for applets - MINOR: stream-int/conn-stream: Move stream_int_read0() in the conn-stream scope - MINOR: stream-int/conn-stream: Move stream_int_notify() in the conn-stream scope - MINOR: stream-int/conn-stream: Move si_cs_io_cb() in the conn-stream scope - MINOR: stream-int/conn-stream: Move si_sync_recv/send() in conn-stream scope - MINOR: conn-stream: Move si_conn_cb in the conn-stream scope - MINOR: stream-int/conn-stream Move si_is_conn_error() in the conn-stream scope - MINOR: stream-int/conn-stream: Move si_alloc_ibuf() in the conn-stream scope - CLEANUP: stream-int: Remove unused SI functions - MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS - MEDIUM: stream-int/conn-stream: Move I/O functions to conn-stream - REORG: stream-int/conn-stream: Move remaining functions to conn-stream - MINOR: stream: Use conn-stream to report server error - MINOR: http-ana: Use CS to perform L7 retries - MEDIUM: stream: Don't use the stream-int anymore in process_stream() - MINOR: conn-stream: Remove the stream-interface from the conn-stream - DEV: flags: No longer dump SI flags - CLEANUP: tree-wide: Remove any ref to stream-interfaces - CLEANUP: conn-stream: Don't export internal functions - DOC: conn-stream: Add comments on functions of the new CS api - MEDIUM: check: Use a new conn-stream for each health-check run - CLEANUP: muxes: Remove MX_FL_CLEAN_ABRT flag - MINOR: conn-stream: Use a dedicated function to conditionally remove a CS - CLEANUP: conn-stream: rename cs_register_applet() to cs_applet_create() - MINOR: muxes: Improve show_fd callbacks to dump endpoint flags - MINOR: mux-h1: Rely on the endpoint instead of the conn-stream when possible - BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client - BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak - BUILD: initcall: mark the __start_i_* symbols as weak, not global - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive - MINOR: muxes: Don't expect to have a mux without connection in destroy callback - MINOR: muxes: Don't handle proto upgrade for muxes not supporting it - MINOR: muxes: Don't expect to call release function with no mux defined - MINOR: conn-stream: Use unsafe functions to get conn/appctx in cs_detach_endp - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers - BUILD: http-client: Avoid dead code when compiled without SSL support - BUG/MINOR: mux-quic: prevent a crash in session_free on mux.destroy - BUG/MINOR: quic-sock: do not double free session on conn init failure - BUG/MINOR: quic: fix return value for error in start - MINOR: quic: emit CONNECTION_CLOSE on app init error - BUILD: sched: workaround crazy and dangerous warning in Clang 14 - BUILD: compiler: use a more portable set of asm(".weak") statements - BUG/MEDIUM: stream: do not abort connection setup too early - CLEANUP: extcheck: do not needlessly preset the server's address/port - MINOR: extcheck: fill in the server's UNIX socket address when known - BUG/MEDIUM: connection: Don't crush context pointer location if it is a CS - BUG/MEDIUM: quic: properly clean frames on stream free - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags - MINOR: tcp_sample: clarifying samples support per os, for further expansion. - MINOR: tcp_sample: extend support for get_tcp_info to macOs. - SCRIPTS: announce-release: update the doc's URL - DOC: lua: update a few doc URLs - SCRIPTS: announce-release: add shortened links to pending issues 2022/04/09 : 2.6-dev5 - DOC: reflect H2 timeout changes - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing - BUG/MINOR: log: Initialize the list element when allocating a new log server - BUG/MINOR: samples: add missing context names for sample fetch functions - MINOR: management: add some basic keyword dump infrastructure - MINOR: config: add a function to dump all known config keywords - MINOR: filters: extend flt_dump_kws() to dump to stdout - MINOR: services: extend list_services() to dump to stdout - MINOR: cli: add a new keyword dump function - MINOR: acl: add a function to dump the list of known ACL keywords - MINOR: samples: add a function to list register sample fetch keywords - MINOR: sample: list registered sample converter functions - MINOR: tools: add strordered() to check whether strings are ordered - MINOR: action: add a function to dump the list of actions for a ruleset - MINOR: config: alphanumerically sort config keywords output - MINOR: sample: alphanumerically sort sample & conv keyword dumps - MINOR: acl: alphanumerically sort the ACL dump - MINOR: cli: alphanumerically sort the dump of supported commands - MINOR: filters: alphabetically sort the list of filter names - MINOR: services: alphabetically sort service names - MEDIUM: httpclient/lua: be stricter with httpclient parameters - MINOR: ssl: split the cert commit io handler - MINOR: ssl: move the cert_exts and the CERT_TYPE enum - MINOR: ssl: simplify the certificate extensions array - MINOR: ssl: export ckch_inst_rebuild() - MINOR: ssl: add "crt" in the cert_exts array - MINOR: ssl/lua: CertCache.set() allows to update an SSL certificate file - BUILD: ssl/lua: CacheCert needs OpenSSL - DOC: lua: CertCache class documentation - BUG/MEDIUM: quic: do not use qcs from quic_stream on ACK parsing - MINOR: mux-quic: return qcs instance from qcc_get_qcs - MINOR: mux-quic: reorganize qcs free - MINOR: mux-quic: define release app-ops - BUG/MINOR: h3: release resources on close - BUG/MINOR: mux-quic: ensure to free all qcs on MUX release - CLEANUP: quic: complete comment on qcs_try_to_consume - MINOR: quic: implement stream descriptor for transport layer - MEDIUM: quic: move transport fields from qcs to qc_conn_stream - MEDIUM: mux-quic: remove qcs tree node - BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads - DOC: management: add missing dot in 9.4.1 - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream - DOC: remove double blanks in configuration.txt - CI: github actions: update OpenSSL to 3.0.2 - BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets() - CLEANUP: quic: Remove all atomic operations on quic_conn struct - CLEANUP: quic: Remove all atomic operations on packet number spaces - MEDIUM: quic: Send ACK frames asap - BUG/MINOR: quic: Missing probing packets when coalescing - BUG/MINOR: quic: Discard Initial packet number space only one time - MINOR: quic: Do not display any timer value from process_timer() - BUG/MINOR: quic: Do not probe from an already probing packet number space - BUG/MINOR: quic: Non duplicated frames upon fast retransmission - BUG/MINOR: quic: Too much prepared retransmissions due to anti-amplification - MINOR: quic: Useless call to SSL_CTX_set_default_verify_paths() - MINOR: quic: Add traces about list of frames - BUG/MINOR: h3: Missing wait event struct field initialization - BUG/MINOR: quic: QUIC TLS secrets memory leak - BUG/MINOR: quic: Missing ACK range deallocations - BUG/MINOR: quic: Missing TX packet deallocations - CLEANUP: hpack: be careful about integer promotion from uint8_t - OPTIM: hpack: read 32 bits at once when possible. - MEDIUM: ssl: allow loading of a directory with the ca-file directive - BUG/MINOR: ssl: continue upon error when opening a directory w/ ca-file - MINOR: ssl: ca-file @system-ca loads the system trusted CA - DOC: configuration: add the ca-file changes - MINOR: sample: converter: Add add_item convertor - BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL - BUG/MINOR: ssl/cli: Remove empty lines from CLI output - MINOR: httpclient: enable request buffering - MEDIUM: httpclient: enable l7-retry - BUG/MINOR: httpclient: end callback in applet release - MINOR: quic: Add draining connection state. - MINOR: quic: Add closing connection state - BUG/MEDIUM: quic: ensure quic-conn survives to the MUX - CLEANUP: quic: use static qualifer on quic_close - CLEANUP: mux-quic: remove unused QC_CF_CC_RECV - BUG/MINOR: fix memleak on quic-conn streams cleaning - MINOR: mux-quic: factorize conn-stream attach - MINOR: mux-quic: adjust timeout to accelerate closing - MINOR: mux-quic: define is_active app-ops - MINOR: mux-quic: centralize send operations in qc_send - MEDIUM: mux-quic: report CO_FL_ERROR on send - MEDIUM: mux-quic: report errors on conn-streams - MEDIUM: quic: report closing state for the MUX - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests - BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message - BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet - BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message - BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached - BUG/MINOR: http_client: Don't add input data on an empty request buffer - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid - CLEANUP: mux-quic: remove uneeded TODO in qc_detach - BUG/MEDIUM: mux-quic: properly release conn-stream on detach - BUG/MINOR: quic: set the source not the destination address on accept() - BUG/MEDIUM: quic: Possible crash from quic_free_arngs() - MINOR: quic_tls: Add reusable cipher contexts to QUIC TLS contexts - MINOR: quic_tls: Stop hardcoding cipher IV lengths - CLEANUP: quic: Do not set any cipher/group from ssl_quic_initial_ctx() - MINOR: quic: Add short packet key phase bit values to traces - MINOR: quic_tls: Make key update use of reusable cipher contexts - BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() - BUG/BUILD: opentracing: fixed OT_DEFINE variable setting - EXAMPLES: opentracing: refined shell scripts for testing filter performance - DOC: opentracing: corrected comments in function descriptions - CLEANUP: opentracing: removed unused function flt_ot_var_unset() - CLEANUP: opentracing: removed unused function flt_ot_var_get() - Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'" - MINOR: opentracing: only takes the variables lock on shared entries - CLEANUP: opentracing: added flt_ot_smp_init() function - CLEANUP: opentracing: added variable to store variable length - MINOR: opentracing: improved normalization of context variable names - DEBUG: opentracing: show return values of all functions in the debug output - CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum - DEBUG: opentracing: display the contents of the err variable after setting - MAJOR: opentracing: reenable usage of vars to transmit opentracing context - Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time" - MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window 2022/03/26 : 2.6-dev4 - BUG/MEDIUM: httpclient: don't consume data before it was analyzed - CLEANUP: htx: remove unused co_htx_remove_blk() - BUG/MINOR: httpclient: consume partly the blocks when necessary - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers - BUG/MEDIUM: httpclient: must manipulate head, not first - REGTESTS: fix the race conditions in be2hex.vtc - BUG/MEDIUM: quic: Blocked STREAM when retransmitted - BUG/MAJOR: quic: Possible crash with full congestion control window - BUG/MINOR: httpclient/lua: stuck when closing without data - BUG/MEDIUM: applet: Don't call .release callback function twice - BUG/MEDIUM: cli/debug: Properly get the stream-int in all debug I/O handlers - BUG/MEDIUM: sink: Properly get the stream-int in appctx callback functions - DEV: udp: switch parser to getopt() instead of positional arguments - DEV: udp: add support for random packet corruption - MINOR: server: export server_parse_sni_expr() function - BUG/MINOR: httpclient: send the SNI using the host header - BUILD: httpclient: fix build without SSL - BUG/MINOR: server/ssl: free the SNI sample expression - BUG/MINOR: logs: fix logsrv leaks on clean exit - MINOR: actions: add new function free_act_rule() to free a single rule - BUG/MINOR: tcp-rules: completely free incorrect TCP rules on error - BUG/MINOR: http-rules: completely free incorrect TCP rules on error - BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA - BUG/MINOR: httpclient: process the response when received before the end of the request - BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty() - CI: github actions: switch to LibreSSL-3.5.1 - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf - BUG/MEDIUM: stream-int: do not rely on the connection error once established - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner - MEDIUM: mux-h2: slightly relax timeout management rules - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts - BUG/MINOR: rules: Initialize the list element when allocating a new rule - BUG/MINOR: http-rules: Don't free new rule on allocation failure - DEV: coccinelle: Fix incorrect replacement in ist.cocci - CLEANUP: Reapply ist.cocci with `--include-headers-for-types --recursive-includes` - DEV: coccinelle: Add a new pattern to ist.cocci - CLEANUP: Reapply ist.cocci - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ - MINOR: quic: Code factorization (TX buffer reuse) - CLEANUP: quic: "largest_acked_pn" pktns struc member moving - MEDIUM: quic: Limit the number of ACK ranges - MEDIUM: quic: Rework of the TX packets memory handling - BUG/MINOR: quic: Possible crash in parse_retry_token() - BUG/MINOR: quic: Possible leak in quic_build_post_handshake_frames() - BUG/MINOR: quic: Unsent frame because of qc_build_frms() - BUG/MINOR: mux-quic: Access to empty frame list from qc_send_frames() - BUG/MINOR: mux-quic: Missing I/O handler events initialization - BUG/MINOR: quic: Missing TX packet initializations - BUG/MINOR: quic: 1RTT packets ignored after mux was released - BUG/MINOR: quic: Incorrect peer address validation - BUG/MINOR: quic: Non initialized variable in quic_build_post_handshake_frames() - BUG/MINOR: quic: Wrong TX packet related counters handling - MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 - DOC: config: Explictly add supported MQTT versions - MINOR: quic: Add traces about stream TX buffer consumption - MINOR: quic: Add traces in qc_set_timer() (scheduling) - CLEANUP: mux-quic: change comment style to not mess with git conflict - CLEANUP: mux-quic: adjust comment for coding-style - MINOR: mux-quic: complete trace when stream is not found - MINOR: mux-quic: add comments for send functions - MINOR: mux-quic: use shorter name for flow-control fields - MEDIUM: mux-quic: respect peer bidirectional stream data limit - MEDIUM: mux-quic: respect peer connection data limit - MINOR: mux-quic: support MAX_STREAM_DATA frame parsing - MINOR: mux-quic: support MAX_DATA frame parsing - BUILD: stream-int: avoid a build warning when DEBUG is empty - BUG/MINOR: quic: Wrong buffer length passed to generate_retry_token() - BUG/MINOR: tools: fix url2sa return value with IPv4 - MINOR: mux-quic: convert fin on push-frame as boolean - BUILD: quic: add missing includes - REORG: quic: use a dedicated quic_loss.c - MINOR: mux-quic: declare the qmux trace module - MINOR: mux-quic: replace printfs by traces - MINOR: mux-quic: add trace event for frame sending - MINOR: mux-quic: add trace event for qcs_push_frame - MINOR: mux-quic: activate qmux traces on stdout via macro - BUILD: qpack: fix unused value when not using DEBUG_HPACK - CLEANUP: qpack: suppress by default stdout traces - CLEANUP: h3: suppress by default stdout traces - BUG/MINOR: tools: url2sa reads too far when no port nor path 2022/03/11 : 2.6-dev3 - DEBUG: rename WARN_ON_ONCE() to CHECK_IF() - DEBUG: improve BUG_ON output message accuracy - DEBUG: implement 4 levels of choices between warn and crash. - DEBUG: add two new macros to enable debugging in hot paths - DEBUG: buf: replace some sensitive BUG_ON() with BUG_ON_HOT() - DEBUG: buf: add BUG_ON_HOT() to most buffer management functions - MINOR: channel: don't use co_set_data() to decrement output - DEBUG: channel: add consistency checks using BUG_ON_HOT() in some key functions - MINOR: conn-stream: Improve API to have safe/unsafe accessors - MEDIUM: tree-wide: Use unsafe conn-stream API when it is relevant - CLEANUP: stream-int: Make si_cs_send() function static - REORG: stream-int: Uninline si_sync_recv() and make si_cs_recv() private - BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() - REGTESTS: fix the race conditions in normalize_uri.vtc - DEBUG: stream-int: Fix BUG_ON used to test appctx in si_applet_ops callbacks - BUILD: debug: fix build warning on older compilers around DEBUG_STRICT_ACTION - CLEANUP: connection: Indicate unreachability to the compiler in conn_recv_proxy - MINOR: connection: Transform safety check in PROXYv2 parsing into BUG_ON() - DOC: install: it's DEBUG_CFLAGS, not DEBUG, which is set to -g - DOC: install: describe the DEP variable - DOC: install: describe how to choose options used in the DEBUG variable - MINOR: queue: Replace if() + abort() with BUG_ON() - CLEANUP: adjust indentation in bidir STREAM handling function - MINOR: quic: simplify copy of STREAM frames to RX buffer - MINOR: quic: handle partially received buffered stream frame - MINOR: mux-quic: define flag for last received frame - BUG/MINOR: quic: support FIN on Rx-buffered STREAM frames - MEDIUM: quic: rearchitecture Rx path for bidirectional STREAM frames - REGTESTS: fix the race conditions in secure_memcmp.vtc - CLEANUP: stream: Remove useless tests on conn-stream in stream_dump() - BUILD: ssl: another build warning on LIBRESSL_VERSION_NUMBER - MINOR: quic: Ensure PTO timer is not set in the past - MINOR: quic: Post handshake I/O callback switching - MINOR: quic: Drop the packets of discarded packet number spaces - CLEANUP: quic: Useless tests in qc_try_rm_hp() - CLEANUP: quic: Indentation fix in qc_prep_pkts() - MINOR: quic: Assemble QUIC TLS flags at the same level - BUILD: conn_stream: avoid null-deref warnings on gcc 6 - BUILD: connection: do not declare register_mux_proto() inline - BUILD: http_rules: do not declare http_*_keywords_registre() inline - BUILD: trace: do not declare trace_registre_source() inline - BUILD: tcpcheck: do not declare tcp_check_keywords_register() inline - DEBUG: reduce the footprint of BUG_ON() calls - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST - BUG/MINOR: pool: always align pool_heads to 64 bytes - DEV: udp: add a tiny UDP proxy for testing - DEV: udp: implement pseudo-random reordering/loss - DEV: udp: add an optional argument to set the prng seed - BUG/MINOR: quic: fix segfault on CC if mux uninitialized - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed - CLEANUP: tree-wide: remove a few rare non-ASCII chars - CI: coverity: simplify debugging options - CLEANUP: quic: complete ABORT_NOW with a TODO comment - MINOR: quic: qc_prep_app_pkts() implementation - MINOR: quic: Send short packet from a frame list - MINOR: quic: Make qc_build_frms() build ack-eliciting frames from a list - MINOR: quic: Export qc_send_app_pkts() - MINOR: mux-quic: refactor transport parameters init - MINOR: mux-quic: complete functions to detect stream type - MINOR: mux-quic: define new unions for flow-control fields - MEDIUM: mux-quic: use direct send transport API for STREAMs - MINOR: mux-quic: retry send opportunistically for remaining frames - MEDIUM: mux-quic: implement MAX_STREAMS emission for bidir streams - BUILD: fix kFreeBSD build. - MINOR: quic: Retry on qc_build_pkt() failures - BUG/MINOR: quic: Missing recovery start timer reset - CLEANUP: quic: Remove QUIC path manipulations out of the congestion controller - MINOR: quic: Add a "slow start" callback to congestion controller - MINOR: quic: Persistent congestion detection outside of controllers - CLEANUP: quic: Remove useless definitions from quic_cc_event struct - BUG/MINOR: quic: Confusion betwen "in_flight" and "prep_in_flight" in quic_path_prep_data() - MINOR: quic: More precise window update calculation - CLEANUP: quic: Remove window redundant variable from NewReno algorithm state struct - MINOR: quic: Add quic_max_int_by_size() function - BUG/MAJOR: quic: Wrong quic_max_available_room() returned value - MINOR: pools: add a new global option "no-memory-trimming" - BUG/MINOR: add missing modes in proxy_mode_str() - BUG/MINOR: cli: shows correct mode in "show sess" - BUG/MEDIUM: quic: do not drop packet on duplicate stream/decoding error - MINOR: stats: Add dark mode support for socket rows - BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing - DEBUG: stream: Add the missing descriptions for stream trace events - DEBUG: stream: Fix stream trace message to print response buffer state - MINOR: proxy: Store monitor_uri as a `struct ist` - MINOR: proxy: Store fwdfor_hdr_name as a `struct ist` - MINOR: proxy: Store orgto_hdr_name as a `struct ist` - MEDIUM: proxy: Store server_id_hdr_name as a `struct ist` - CLEANUP: fcgi: Replace memcpy() on ist by istcat() - CLEANUP: fcgi: Use `istadv()` in `fcgi_strm_send_params` - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - DOC: sample fetch methods: move distcc_* to the right locations - MINOR: rules: record the last http/tcp rule that gave a final verdict - MINOR: stream: add "last_rule_file" and "last_rule_line" samples - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() - MINOR: quic: Add max_idle_timeout advertisement handling - MEDIUM: quic: Remove the QUIC connection reference counter - BUG/MINOR: quic: ACK_REQUIRED and ACK_RECEIVED flag collision - BUG/MINOR: quic: Missing check when setting the anti-amplification limit as reached - MINOR: quic: Add a function to compute the current PTO - MEDIUM: quic: Implement the idle timeout feature - BUG/MEDIUM: quic: qc_prep_app_pkts() retries on qc_build_pkt() failures - CLEANUP: quic: Comments fix for qc_prep_(app)pkts() functions - MINOR: mux-quic: prevent push frame for unidir streams - MINOR: mux-quic: improve opportunistic retry sending for STREAM frames - MINOR: quic: implement sending confirmation - MEDIUM: mux-quic: improve bidir STREAM frames sending - MEDIUM: check: do not auto configure SSL/PROXY for dynamic servers - REGTESTS: server: test SSL/PROXY with checks for dynamic servers - MEDIUM: server: remove experimental-mode for dynamic servers - BUG/MINOR: buffer: fix debugging condition in b_peek_varint() 2022/02/25 : 2.6-dev2 - DOC: management: rework the Master CLI section - DOC: management: add expert and experimental mode in 9.4.1 - CLEANUP: cleanup a commentary in pcli_parse_request() - BUG/MINOR: mworker/cli: don't display help on master applet - MINOR: mworker/cli: mcli-debug-mode enables every command - MINOR: mworker/cli: add flags in the prompt - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation - BUG/MEDIUM: httpclient: Xfer the request when the stream is created - MINOR: httpclient: Don't limit data transfer to 1024 bytes - BUILD: ssl: adjust guard for X509_get_X509_PUBKEY(x) - REGTESTS: ssl: skip show_ssl_ocspresponse.vtc when BoringSSL is used - MINOR: quic: Do not modify a marked as consumed datagram - MINOR: quic: Wrong datagram buffer passed to quic_lstnr_dgram_dispatch() - MINOR: quic: Remove a useless test in quic_get_dgram_dcid() - BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response " output - CLEANUP: ssl: Remove unused ssl_sock_create_cert function - MINOR: ssl: Use high level OpenSSL APIs in sha2 converter - MINOR: ssl: Remove EC_KEY related calls when preparing SSL context - REGTESTS: ssl: Add test for "curves" and "ecdhe" SSL options - MINOR: ssl: Remove EC_KEY related calls when creating a certificate - REGTESTS: ssl: Add test for "generate-certificates" SSL option - MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3 - MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3 - MINOR: h3: hardcode the stream id of control stream - MINOR: mux-quic: remove quic_transport_params_update - MINOR: quic: rename local tid variable - MINOR: quic: remove unused xprt rcv_buf operation - MINOR: quic: take out xprt snd_buf operation - CI: enable QUIC for Coverity scan - BUG/MINOR: mworker: does not erase the pidfile upon reload - MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 - MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3 - REGTESTS: ssl: Add tests for DH related options - MINOR: ssl: Create HASSL_DH wrapper structure - MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function - MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name - MINOR: ssl: Add ssl_sock_set_tmp_dh helper function - MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function - MINOR: ssl: Add ssl_new_dh_fromdata helper function - MINOR: ssl: Build local DH of right size when needed - MINOR: ssl: Set default dh size to 2048 - MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type) - MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3 - MINOR: quic: Remove an RX buffer useless lock - MINOR: quic: Variable used before being checked in ha_quic_add_handshake_data() - MINOR: quic: EINTR error ignored - MINOR: quic: Potential overflow expression in qc_parse_frm() - MINOR: quic: Possible overflow in qpack_get_varint() - CLEANUP: h3: Unreachable target in h3_uqs_init() - MINOR: quic: Possible memleak in qc_new_conn() - MINOR: quic: Useless statement in quic_crypto_data_cpy() - BUG/MEDIUM: pools: ensure items are always large enough for the pool_cache_item - BUG/MINOR: pools: always flush pools about to be destroyed - CLEANUP: pools: don't needlessly set a call mark during refilling of caches - DEBUG: pools: add extra sanity checks when picking objects from a local cache - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool - DEBUG: pools: replace the link pointer with the caller's address on pool_free() - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks - MINOR: quic: use a global dghlrs for each thread - BUG/MEDIUM: quic: fix crash on CC if mux not present - MINOR: qpack: fix typo in trace - BUG/MINOR: quic: fix FIN stream signaling - BUG/MINOR: h3: fix the header length for QPACK decoding - MINOR: h3: remove transfer-encoding header - MINOR: h3: add documentation on h3_decode_qcs - MINOR: h3: set properly HTX EOM/BODYLESS on HEADERS parsing - MINOR: mux-quic: implement rcv_buf - MINOR: mux-quic: set EOS on rcv_buf - MINOR: h3: set CS_FL_NOT_FIRST - MINOR: h3: report frames bigger than rx buffer - MINOR: h3: extract HEADERS parsing in a dedicated function - MINOR: h3: implement DATA parsing - MINOR: quic: Wrong smoothed rtt initialization - MINOR: quic: Wrong loss delay computation - MINOR: quic: Code never reached in qc_ssl_sess_init() - MINOR: quic: ha_quic_set_encryption_secrets without server specific code - MINOR: quic: Avoid warning about NULL pointer dereferences - MINOR: quic: Useless test in quic_lstnr_dghdlr() - MINOR: quic: Non checked returned value for cs_new() in hq_interop_decode_qcs() - MINOR: h3: Dead code in h3_uqs_init() - MINOR: quic: Non checked returned value for cs_new() in h3_decode_qcs() - MINOR: quic: Possible frame parsers array overrun - MINOR: quic: Do not retransmit too much packets. - MINOR: quic: Move quic_rxbuf_pool pool out of xprt part - MINOR: h3: report error on HEADERS/DATA parsing - BUG/MINOR: jwt: Double free in deinit function - BUG/MINOR: jwt: Missing pkey free during cleanup - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls - BUG/MINOR: httpclient/cli: display junk characters in vsn - MINOR: h3: remove unused return value on decode_qcs - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies - BUG/MAJOR: spoe: properly detach all agents when releasing the applet - REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc - REGTESTS: peers: leave a bit more time to peers to synchronize - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream - BUG/MINOR: httpclient: reinit flags in httpclient_start() - BUG/MINOR: mailers: negotiate SMTP, not ESMTP - MINOR: httpclient: sets an alternative destination - MINOR: httpclient/lua: add 'dst' optionnal field - BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print - BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command - BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print - CLEANUP: httpclient/cli: fix indentation alignment of the help message - BUG/MINOR: tools: url2sa reads ipv4 too far - BUG/MEDIUM: httpclient: limit transfers to the maximum available room - DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected - MINOR: mux-quic: fix a possible null dereference in qc_timeout_task - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer - DEBUG: stream-int: Check CS_FL_WANT_ROOM is not set with an empty input buffer - MINOR: quic: do not modify offset node if quic_rx_strm_frm in tree - MINOR: h3: fix compiler warning variable set but not used - MINOR: mux-quic: fix uninitialized return on qc_send - MINOR: quic: fix handling of out-of-order received STREAM frames - MINOR: pools: mark most static pool configuration variables as read-mostly - CLEANUP: pools: remove the now unused pool_is_crowded() - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails - MINOR: httpclient/lua: ability to set a server timeout - BUG/MINOR: httpclient/lua: missing pop for new timeout parameter - DOC: httpclient/lua: fix the type of the dst parameter - CLEANUP: httpclient: initialize the client in stage INIT not REGISTER - CLEANUP: muxes: do not use a dynamic trash in list_mux_protos() - CLEANUP: vars: move the per-process variables initialization to vars.c - CLEANUP: init: remove the ifdef on HAPROXY_MEMMAX - MINOR: pools: disable redundant poisonning on pool_free() - MINOR: pools: introduce a new pool_debugging global variable - MINOR: pools: switch the fail-alloc test to runtime only - MINOR: pools: switch DEBUG_DONT_SHARE_POOLS to runtime - MINOR: pools: add a new debugging flag POOL_DBG_COLD_FIRST - MINOR: pools: add a new debugging flag POOL_DBG_INTEGRITY - MINOR: pools: make the global pools a runtime option. - MEDIUM: pools: replace CONFIG_HAP_POOLS with a runtime "NO_CACHE" flag. - MINOR: pools: store the allocated size for each pool - MINOR: pools: get rid of POOL_EXTRA - MINOR: pools: replace DEBUG_POOL_TRACING with runtime POOL_DBG_CALLER - MINOR: pools: replace DEBUG_MEMORY_POOLS with runtime POOL_DBG_TAG - MINOR: pools: add a debugging flag for memory poisonning option - MEDIUM: initcall: move STG_REGISTER earlier - MEDIUM: init: split the early initialization in its own function - MINOR: init: extract args parsing to their own function - MEDIUM: init: handle arguments earlier - MINOR: pools: delegate parsing of command line option -dM to a new function - MINOR: pools: support setting debugging options using -dM - BUILD: makefile: enable both DEBUG_STRICT and DEBUG_MEMORY_POOLS by default - CI: github: enable pool debugging by default - DOC: Fix usage/examples of deprecated ACLs - DOC: internal: update the pools API to mention boot-time settings - DOC: design: add design thoughts for later simplification of the pools - DOC: design: commit the temporary design notes on thread groups - MINOR: stream-int: Handle appctx case first when releasing the endpoint - MINOR: connection: Be prepared to handle conn-stream with no connection - MINOR: stream: Handle appctx case first when creating a new stream - MINOR: connection: Add a function to detach a conn-stream from the connection - MINOR: stream-int: Add function to reset a SI endpoint - MINOR: stream-int: Add function to attach a connection to a SI - MINOR: stream-int: Be able to allocate a CS without connection - MEDIUM: stream: No longer release backend conn-stream on connection retry - MEDIUM: stream: Allocate backend CS when the stream is created - REORG: conn_stream: move conn-stream stuff in dedicated files - MEDIUM: conn-stream: No longer access connection field directly - MEDIUM: conn-stream: Be prepared to use an appctx as conn-stream endpoint - MAJOR: conn_stream/stream-int: move the appctx to the conn-stream - MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int - MEDIUM: conn_stream: Add a pointer to the app object into the conn-stream - MINOR: stream: Add pointer to front/back conn-streams into stream struct - MINOR: stream: Slightly rework stream_new to separate CS/SI initialization - MINOR: stream-int: Always access the stream-int via the conn-stream - MINOR: backend: Always access the stream-int via the conn-stream - MINOR: stream: Always access the stream-int via the conn-stream - MINOR: http-ana: Always access the stream-int via the conn-stream - MINOR: cli: Always access the stream-int via the conn-stream - MINOR: log: Always access the stream-int via the conn-stream - MINOR: frontend: Always access the stream-int via the conn-stream - MINOR: proxy: Always access the stream-int via the conn-stream - MINOR: peers: Always access the stream-int via the conn-stream - MINOR: debug: Always access the stream-int via the conn-stream - MINOR: hlua: Always access the stream-int via the conn-stream - MINOR: cache: Always access the stream-int via the conn-stream - MINOR: dns: Always access the stream-int via the conn-stream - MINOR: http-act: Always access the stream-int via the conn-stream - MINOR: httpclient: Always access the stream-int via the conn-stream - MINOR: tcp-act: Always access the stream-int via the conn-stream - MINOR: sink: Always access the stream-int via the conn-stream - MINOR: conn-stream: Rename cs_detach() to cs_detach_endp() - CLEANUP: conn-stream: Don't export conn-stream pool - MAJOR: stream/conn_stream: Move the stream-interface into the conn-stream - CLEANUP: stream-int: rename si_reset() to si_init() - MINOR: conn-stream: Release a CS when both app and endp are detached - MINOR: stream: Don't destroy conn-streams but detach app and endp - MAJOR: check: Use a persistent conn-stream for health-checks - CLEANUP: conn-stream: Remove cs_destroy() - CLEANUP: backend: Don't export connect_server anymore - BUG/MINOR: h3/hq_interop: Fix CS and stream creation - BUILD: tree-wide: Avoid warnings about undefined entities retrieved from a CS - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() - BUG/MEDIUM: quic: fix received ACK stream calculation - BUILD: stream: fix build warning with older compilers - BUG/MINOR: debug: fix get_tainted() to properly read an atomic value - DEBUG: move the tainted stuff to bug.h for easier inclusion - DEBUG: cleanup back trace generation - DEBUG: cleanup BUG_ON() configuration - DEBUG: mark ABORT_NOW() as unreachable - DBEUG: add a new WARN_ON() macro - DEBUG: make the _BUG_ON() macro return the condition - DEBUG: add a new WARN_ON_ONCE() macro - DEBUG: report BUG_ON() and WARN_ON() in the tainted flags - MINOR: quic: adjust buffer handling for STREAM transmission - MINOR: quic: liberate the TX stream buffer after ACK processing - MINOR: quic: add a TODO for a memleak frame on ACK consume 2022/02/01 : 2.6-dev1 - BUG/MINOR: cache: Fix loop on cache entries in "show cache" - BUG/MINOR: httpclient: allow to replace the host header - BUG/MINOR: lua: don't expose internal proxies - MEDIUM: mworker: seamless reload use the internal sockpairs - BUG/MINOR: lua: remove loop initial declarations - BUG/MINOR: mworker: does not add the -sf in wait mode - BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode - MINOR: quic: do not reject PADDING followed by other frames - REORG: quic: add comment on rare thread concurrence during CID alloc - CLEANUP: quic: add comments on CID code - MEDIUM: quic: handle CIDs to rattach received packets to connection - MINOR: qpack: support litteral field line with non-huff name - MINOR: quic: activate QUIC traces at compilation - MINOR: quic: use more verbose QUIC traces set at compile-time - MEDIUM: pool: refactor malloc_trim/glibc and jemalloc api addition detections. - MEDIUM: pool: support purging jemalloc arenas in trim_all_pools() - BUG/MINOR: mworker: deinit of thread poller was called when not initialized - BUILD: pools: only detect link-time jemalloc on ELF platforms - CI: github actions: add the output of $CC -dM -E- - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time - BUILD: evports: remove a leftover from the dead_fd cleanup - MINOR: quic: Set "no_application_protocol" alert - MINOR: quic: More accurate immediately close. - MINOR: quic: Immediately close if no transport parameters extension found - MINOR: quic: Rename qc_prep_hdshk_pkts() to qc_prep_pkts() - MINOR: quic: Possible crash when inspecting the xprt context - MINOR: quic: Dynamically allocate the secrete keys - MINOR: quic: Add a function to derive the key update secrets - MINOR: quic: Add structures to maintain key phase information - MINOR: quic: Optional header protection key for quic_tls_derive_keys() - MINOR: quic: Add quic_tls_key_update() function for Key Update - MINOR: quic: Enable the Key Update process - MINOR: quic: Delete the ODCIDs asap - BUG/MINOR: vars: Fix the set-var and unset-var converters - MEDIUM: pool: Following up on previous pool trimming update. - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length - MINOR: mux-h1: Improve H1 traces by adding info about http parsers - MINOR: mux-h1: register a stats module - MINOR: mux-h1: add counters instance to h1c - MINOR: mux-h1: count open connections/streams on stats - MINOR: mux-h1: add stat for total count of connections/streams - MINOR: mux-h1: add stat for total amount of bytes received and sent - REGTESTS: h1: Add a script to validate H1 splicing support - BUG/MINOR: server: Don't rely on last default-server to init server SSL context - BUG/MEDIUM: resolvers: Detach query item on response error - MEDIUM: resolvers: No longer store query items in a list into the response - BUG/MAJOR: segfault using multiple log forward sections. - BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted - BUG/MINOR: resolvers: Don't overwrite the error for invalid query domain name - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query - DOC: spoe: Clarify use of the event directive in spoe-message section - DOC: config: Specify %Ta is only available in HTTP mode - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode - MINOR: quic: fix segfault on CONNECTION_CLOSE parsing - MINOR: h3: add BUG_ON on control receive function - MEDIUM: xprt-quic: finalize app layer initialization after ALPN nego - MINOR: h3: remove duplicated FIN flag position - MAJOR: mux-quic: implement a simplified mux version - MEDIUM: mux-quic: implement release mux operation - MEDIUM: quic: detect the stream FIN - MINOR: mux-quic: implement subscribe on stream - MEDIUM: mux-quic: subscribe on xprt if remaining data after send - MEDIUM: mux-quic: wake up xprt on data transferred - MEDIUM: mux-quic: handle when sending buffer is full - MINOR: quic: RX buffer full due to wrong CRYPTO data handling - MINOR: quic: Race issue when consuming RX packets buffer - MINOR: quic: QUIC encryption level RX packets race issue - MINOR: quic: Delete remaining RX handshake packets - MINOR: quic: Remove QUIC TX packet length evaluation function - MINOR: hq-interop: fix tx buffering - MINOR: mux-quic: remove uneeded code to check fin on TX - MINOR: quic: add HTX EOM on request end - BUILD: mux-quic: fix compilation with DEBUG_MEM_STATS - MINOR: http-rules: Add capture action to http-after-response ruleset - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id - MINOR: mux-quic: do not release qcs if there is remaining data to send - MINOR: quic: notify the mux on CONNECTION_CLOSE - BUG/MINOR: mux-quic: properly initialize flow control - MINOR: quic: Compilation fix for quic_rx_packet_refinc() - MINOR: h3: fix possible invalid dereference on htx parsing - DOC: config: retry-on list is space-delimited - DOC: config: fix error-log-format example - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode - MINOR: hq-interop: refix tx buffering - REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check - MINOR: cli: "show version" displays the current process version - CLEANUP: cfgparse: modify preprocessor guards around numa detection code - MEDIUM: cfgparse: numa detect topology on FreeBSD. - BUILD: ssl: unbreak the build with newer libressl - MINOR: vars: Move UPDATEONLY flag test to vars_set_ifexist - MINOR: vars: Set variable type to ANY upon creation - MINOR: vars: Delay variable content freeing in var_set function - MINOR: vars: Parse optional conditions passed to the set-var converter - MINOR: vars: Parse optional conditions passed to the set-var actions - MEDIUM: vars: Enable optional conditions to set-var converter and actions - DOC: vars: Add documentation about the set-var conditions - REGTESTS: vars: Add new test for conditional set-var - MINOR: quic: Attach timer task to thread for the connection. - CLEANUP: quic_frame: Remove a useless suffix to STOP_SENDING - MINOR: quic: Add traces for STOP_SENDING frame and modify others - CLEANUP: quic: Remove cdata_len from quic_tx_packet struct - MINOR: quic: Enable TLS 0-RTT if needed - MINOR: quic: No TX secret at EARLY_DATA encryption level - MINOR: quic: Add quic_set_app_ops() function - MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos. - MINOR: quic: Make xprt support 0-RTT. - MINOR: qpack: Missing check for truncated QPACK fields - CLEANUP: quic: Comment fix for qc_strm_cpy() - MINOR: hq_interop: Stop BUG_ON() truncated streams - MINOR: quic: Do not mix packet number space and connection flags - CLEANUP: quic: Shorten a litte bit the traces in lstnr_rcv_pkt() - MINOR: mux-quic: fix trace on stream creation - CLEANUP: quic: fix spelling mistake in a trace - CLEANUP: quic: rename quic_conn conn to qc in quic_conn_free - MINOR: quic: add missing lock on cid tree - MINOR: quic: rename constant for haproxy CIDs length - MINOR: quic: refactor concat DCID with address for Initial packets - MINOR: quic: compare coalesced packets by DCID - MINOR: quic: refactor DCID lookup - MINOR: quic: simplify the removal from ODCID tree - REGTESTS: vars: Remove useless ssl tunes from conditional set-var test - MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output - MINOR: quic: Increase the RX buffer for each connection - MINOR: quic: Add a function to list remaining RX packets by encryption level - MINOR: quic: Stop emptying the RX buffer asap. - MINOR: quic: Do not expect to receive only one O-RTT packet - MINOR: quic: Do not forget STREAM frames received in disorder - MINOR: quic: Wrong packet refcount handling in qc_pkt_insert() - DOC: fix misspelled keyword "resolve_retries" in resolvers - CLEANUP: quic: rename quic_conn instances to qc - REORG: quic: move mux function outside of xprt - MINOR: quic: add reference to quic_conn in ssl context - MINOR: quic: add const qualifier for traces function - MINOR: trace: add quic_conn argument definition - MINOR: quic: use quic_conn as argument to traces - MINOR: quic: add quic_conn instance in traces for qc_new_conn - MINOR: quic: Add stream IDs to qcs_push_frame() traces - MINOR: quic: unchecked qc_retrieve_conn_from_cid() returned value - MINOR: quic: Wrong dropped packet skipping - MINOR: quic: Handle the cases of overlapping STREAM frames - MINOR: quic: xprt traces fixes - MINOR: quic: Drop asap Retry or Version Negotiation packets - MINOR: pools: work around possibly slow malloc_trim() during gc - DEBUG: ssl: make sure we never change a servername on established connections - MINOR: quic: Add traces for RX frames (flow control related) - MINOR: quic: Add CONNECTION_CLOSE phrase to trace - REORG: quic: remove qc_ prefix on functions which not used it directly - BUG/MINOR: quic: upgrade rdlock to wrlock for ODCID removal - MINOR: quic: remove unnecessary call to free_quic_conn_cids() - MINOR: quic: store ssl_sock_ctx reference into quic_conn - MINOR: quic: remove unnecessary if in qc_pkt_may_rm_hp() - MINOR: quic: replace usage of ssl_sock_ctx by quic_conn - MINOR: quic: delete timer task on quic_close() - MEDIUM: quic: implement refcount for quic_conn - BUG/MINOR: quic: fix potential null dereference - BUG/MINOR: quic: fix potential use of uninit pointer - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch - BUG/MEDIUM: peers: properly skip conn_cur from incoming messages - CI: Github Actions: do not show VTest failures if build failed - BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time - MINOR: compat: detect support for dl_iterate_phdr() - MINOR: debug: add ability to dump loaded shared libraries - MINOR: debug: add support for -dL to dump library names at boot - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server - REGTESTS: ssl: fix ssl_default_server.vtc - BUG/MINOR: ssl: free the fields in srv->ssl_ctx - BUG/MEDIUM: ssl: free the ckch instance linked to a server - REGTESTS: ssl: update of a crt with server deletion - BUILD/MINOR: cpuset FreeBSD 14 build fix. - MINOR: pools: always evict oldest objects first in pool_evict_from_local_cache() - DOC: pool: document the purpose of various structures in the code - CLEANUP: pools: do not use the extra pointer to link shared elements - CLEANUP: pools: get rid of the POOL_LINK macro - MINOR: pool: allocate from the shared cache through the local caches - CLEANUP: pools: group list updates in pool_get_from_cache() - MINOR: pool: rely on pool_free_nocache() in pool_put_to_shared_cache() - MINOR: pool: make pool_is_crowded() always true when no shared pools are used - MINOR: pool: check for pool's fullness outside of pool_put_to_shared_cache() - MINOR: pool: introduce pool_item to represent shared pool items - MINOR: pool: add a function to estimate how many may be released at once - MEDIUM: pool: compute the number of evictable entries once per pool - MINOR: pools: prepare pool_item to support chained clusters - MINOR: pools: pass the objects count to pool_put_to_shared_cache() - MEDIUM: pools: centralize cache eviction in a common function - MEDIUM: pools: start to batch eviction from local caches - MEDIUM: pools: release cached objects in batches - OPTIM: pools: reduce local pool cache size to 512kB - CLEANUP: assorted typo fixes in the code and comments This is 29th iteration of typo fixes - CI: github actions: update OpenSSL to 3.0.1 - BUILD/MINOR: tools: solaris build fix on dladdr. - BUG/MINOR: cli: fix _getsocks with musl libc - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry - MINOR: quic: Wrong traces after rework - MINOR: quic: Add trace about in flight bytes by packet number space - MINOR: quic: Wrong first packet number space computation - MINOR: quic: Wrong packet number space computation for PTO - MINOR: quic: Wrong loss time computation in qc_packet_loss_lookup() - MINOR: quic: Wrong ack_delay compution before calling quic_loss_srtt_update() - MINOR: quic: Remove nb_pto_dgrams quic_conn struct member - MINOR: quic: Wrong packet number space trace in qc_prep_pkts() - MINOR: quic: Useless test in qc_prep_pkts() - MINOR: quic: qc_prep_pkts() code moving - MINOR: quic: Speeding up Handshake Completion - MINOR: quic: Probe Initial packet number space more often - MINOR: quic: Probe several packet number space upon timer expiration - MINOR: quic: Comment fix. - MINOR: quic: Improve qc_prep_pkts() flexibility - MINOR: quic: Do not drop secret key but drop the CRYPTO data - MINOR: quic: Prepare Handshake packets asap after completed handshake - MINOR: quic: Flag asap the connection having reached the anti-amplification limit - MINOR: quic: PTO timer too often reset - MINOR: quic: Re-arm the PTO timer upon datagram receipt - MINOR: proxy: add option idle-close-on-response - MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above. - CI: refactor spelling check - CLEANUP: assorted typo fixes in the code and comments - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning - MINOR: quic: Only one CRYPTO frame by encryption level - MINOR: quic: Missing retransmission from qc_prep_fast_retrans() - MINOR: quic: Non-optimal use of a TX buffer - BUG/MEDIUM: mworker: don't use _getsocks in wait mode - BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data - DOC: internals: document the pools architecture and API - CI: github actions: clean default step conditions - BUILD: cpuset: fix build issue on macos introduced by previous change - MINOR: quic: Remaining TRACEs with connection as firt arg - MINOR: quic: Reset ->conn quic_conn struct member when calling qc_release() - MINOR: quic: Flag the connection as being attached to a listener - MINOR: quic: Wrong CRYPTO frame concatenation - MINOR: quid: Add traces quic_close() and quic_conn_io_cb() - REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 - MINOR: quic: Do not dereference ->conn quic_conn struct member - MINOR: quic: fix return of quic_dgram_read - MINOR: quic: add config parse source file - MINOR: quic: implement Retry TLS AEAD tag generation - MEDIUM: quic: implement Initial token parsing - MINOR: quic: define retry_source_connection_id TP - MEDIUM: quic: implement Retry emission - MINOR: quic: free xprt tasklet on its thread - BUG/MEDIUM: connection: properly leave stopping list on error - MINOR: pools: enable pools with DEBUG_FAIL_ALLOC as well - MINOR: quic: As server, skip 0-RTT packet number space - MINOR: quic: Do not wakeup the I/O handler before the mux is started - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer - CI: github actions: use cache for OpenTracing - BUG/MINOR: httpclient: don't send an empty body - BUG/MINOR: httpclient: set default Accept and User-Agent headers - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers - BUILD/MINOR: fix solaris build with clang. - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl - CI: refactor OpenTracing build script - DOC: management: mark "set server ssl" as deprecated - MEDIUM: cli: yield between each pipelined command - MINOR: channel: add new function co_getdelim() to support multiple delimiters - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change - MINOR: quic: Retransmit the TX frames in the same order - MINOR: quic: Remove the packet number space TX MT_LIST - MINOR: quic: Splice the frames which could not be added to packets - MINOR: quic: Add the number of TX bytes to traces - CLEANUP: quic: Replace by - MINOR: quic: Send two ack-eliciting packets when probing packet number spaces - MINOR: quic: Probe regardless of the congestion control - MINOR: quic: Speeding up handshake completion - MINOR: quic: Release RX Initial packets asap - MINOR: quic: Release asap TX frames to be transmitted - MINOR: quic: Probe even if coalescing - BUG/MEDIUM: cli: Never wait for more data on client shutdown - BUG/MEDIUM: mcli: do not try to parse empty buffers - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them - BUG/MINOR: stream: make the call_rate only count the no-progress calls - MINOR: quic: do not use quic_conn after dropping it - MINOR: quic: adjust quic_conn refcount decrement - MINOR: quic: fix race-condition on xprt tasklet free - MINOR: quic: free SSL context on quic_conn free - MINOR: quic: Add QUIC_FT_RETIRE_CONNECTION_ID parsing case - MINOR: quic: Wrong packet number space selection - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY - MINOR: quic: add missing include in quic_sock - MINOR: quic: fix indentation in qc_send_ppkts - MINOR: quic: remove dereferencement of connection when possible - MINOR: quic: set listener accept cb on parsing - MEDIUM: quic/ssl: add new ex data for quic_conn - MINOR: quic: initialize ssl_sock_ctx alongside the quic_conn - MINOR: ssl: fix build in release mode - MINOR: pools: partially uninline pool_free() - MINOR: pools: partially uninline pool_alloc() - MINOR: pools: prepare POOL_EXTRA to be split into multiple extra fields - MINOR: pools: extend pool_cache API to pass a pointer to a caller - DEBUG: pools: add new build option DEBUG_POOL_TRACING - DEBUG: cli: add a new "debug dev fd" expert command - MINOR: fd: register the write side of the poller pipe as well - CI: github actions: use cache for SSL libs - BUILD: debug/cli: condition test of O_ASYNC to its existence - BUILD: pools: fix build error on DEBUG_POOL_TRACING - MINOR: quic: refactor header protection removal - MINOR: quic: handle app data according to mux/connection layer status - MINOR: quic: refactor app-ops initialization - MINOR: receiver: define a flag for local accept - MEDIUM: quic: flag listener for local accept - MINOR: quic: do not manage connection in xprt snd_buf - MINOR: quic: remove wait handshake/L6 flags on init connection - MINOR: listener: add flags field - MINOR: quic: define QUIC flag on listener - MINOR: quic: create accept queue for QUIC connections - MINOR: listener: define per-thr struct - MAJOR: quic: implement accept queue - CLEANUP: mworker: simplify mworker_free_child() - BUILD/DEBUG: lru: update the standalone code to support the revision - DEBUG: lru: use a xorshift generator in the testing code - BUG/MAJOR: compiler: relax alignment constraints on certain structures - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes - MINOR: quic: No DCID length for datagram context - MINOR: quic: Comment fix about the token found in Initial packets - MINOR: quic: Get rid of a struct buffer in quic_lstnr_dgram_read() - MINOR: quic: Remove the QUIC haproxy server packet parser - MINOR: quic: Add new defintion about DCIDs offsets - MINOR: quic: Add a list to QUIC sock I/O handler RX buffer - MINOR: quic: Allocate QUIC datagrams from sock I/O handler - MINOR: proto_quic: Allocate datagram handlers - MINOR: quic: Pass CID as a buffer to quic_get_cid_tid() - MINOR: quic: Convert quic_dgram_read() into a task - CLEANUP: quic: Remove useless definition - MINOR: proto_quic: Wrong allocations for TX rings and RX bufs - MINOR: quic: Do not consume the RX buffer on QUIC sock i/o handler side - MINOR: quic: Do not reset a full RX buffer - MINOR: quic: Attach all the CIDs to the same connection - MINOR: quic: Make usage of by datagram handler trees - MEDIUM: da: new optional data file download scheduler service. - MEDIUM: da: update doc and build for new scheduler mode service. - MEDIUM: da: update module to handle schedule mode. - MINOR: quic: Drop Initial packets with wrong ODCID - MINOR: quic: Wrong RX buffer tail handling when no more contiguous data - MINOR: quic: Iterate over all received datagrams - MINOR: quic: refactor quic CID association with threads - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names - DEV: flags: Add missing flags - BUG/MINOR: sink: Use the right field in appctx context in release callback - MINOR: sock: move the unused socket cleaning code into its own function - BUG/MEDIUM: mworker: close unused transferred FDs on load failure - BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers - BUILD: cpuset: do not use const on the source of CPU_AND/CPU_ASSIGN - BUILD: checks: fix inlining issue on set_srv_agent_[addr,port} - BUILD: vars: avoid overlapping field initialization - BUILD: server-state: avoid using not-so-portable isblank() - BUILD: mux_fcgi: avoid aliasing of a const struct in traces - BUILD: tree-wide: mark a few numeric constants as explicitly long long - BUILD: tools: fix warning about incorrect cast with dladdr1() - BUILD: task: use list_to_mt_list() instead of casting list to mt_list - BUILD: mworker: include tools.h for platforms without unsetenv() - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload - MINOR: mworker: set the master side of ipc_fd in the worker to -1 - MINOR: mworker: allocate and initialize a mworker_proc - CI: Consistently use actions/checkout@v2 - REGTESTS: Remove REQUIRE_VERSION=1.8 from all tests - MINOR: mworker: sets used or closed worker FDs to -1 - MINOR: quic: Try to accept 0-RTT connections - MINOR: quic: Do not try to treat 0-RTT packets without started mux - MINOR: quic: Do not try to accept a connection more than one time - MINOR: quic: Initialize the connection timer asap - MINOR: quic: Do not use connection struct xprt_ctx too soon - Revert "MINOR: mworker: sets used or closed worker FDs to -1" - BUILD: makefile: avoid testing all -Wno-* options when not needed - BUILD: makefile: validate support for extra warnings by batches - BUILD: makefile: only compute alternative options if required - DEBUG: fd: make sure we never try to insert/delete an impossible FD number - MINOR: mux-quic: add comment - MINOR: mux-quic: properly initialize qcc flags - MINOR: mux-quic: do not consider CONNECTION_CLOSE for the moment - MINOR: mux-quic: create a timeout task - MEDIUM: mux-quic: delay the closing with the timeout - MINOR: mux-quic: release idle conns on process stopping - MINOR: listener: replace the listener's spinlock with an rwlock - BUG/MEDIUM: listener: read-lock the listener during accept() - MINOR: mworker/cli: set expert/experimental mode from the CLI 2021/11/23 : 2.6-dev0 - MINOR: version: it's development again 2021/11/23 : 2.5.0 - BUILD: SSL: add quictls build to scripts/build-ssl.sh - BUILD: SSL: add QUICTLS to build matrix - CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis - BUILD: cli: clear a maybe-unused warning on some older compilers - BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword - BUG/MINOR: ssl: make SSL counters atomic - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: ssl: free correctly the sni in the backend SSL cache - MINOR: version: mention that it's stable now 2021/11/19 : 2.5-dev15 - BUG/MINOR: stick-table/cli: Check for invalid ipv6 key - CLEANUP: peers: Remove useless test on peer variable in peer_trace() - DOC: log: Add comments to specify when session's listener is defined or not - BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C - REGTESTS: ssl_crt-list_filters: feature cmd incorrectly set - DOC: internals: document the list API - BUG/MINOR: h3: ignore unknown frame types - MINOR: quic: redirect app_ops snd_buf through mux - MEDIUM: quic: inspect ALPN to install app_ops - MINOR: quic: support hq-interop - MEDIUM: quic: send version negotiation packet on unknown version - BUG/MEDIUM: mworker: cleanup the listeners when reexecuting - DOC: internals: document the scheduler API - BUG/MINOR: quic: fix version negotiation packet generation - CLEANUP: ssl: fix wrong #else commentary - MINOR: config: support default values for environment variables - SCRIPTS: run-regtests: reduce the number of processes needed to check options - SCRIPT: run-regtests: avoid several calls to grep to test for features - SCRIPT: run-regtests: avoid calling awk to compute the version - REGTEST: set retries count to zero for all tests that expect at 503 - REGTESTS: make tcp-check_min-recv fail fast - REGTESTS: extend the default I/O timeouts and make them overridable - BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 - BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found - REGTESTS: ssl: test the TLS resumption - BUILD: makefile: stop opening sub-shells for each and every command - BUILD: makefile: reorder objects by build time - BUG/MEDIUM: mux-h2: always process a pending shut read - MINOR: quic_sock: missing CO_FL_ADDR_TO_SET flag - MINOR: quic: Possible wrong connection identification - MINOR: quic: Correctly pad UDP datagrams - MINOR: quic: Support transport parameters draft TLS extension - MINOR: quic: Anti-amplification implementation - MINOR: quic: Wrong Initial packet connection initialization - MINOR: quic: Wrong ACK range building - MINOR: quic: Update some QUIC protocol errors - MINOR: quic: Send CONNECTION_CLOSE frame upon TLS alert - MINOR: quic: Wrong largest acked packet number parsing - MINOR: quic: Add minimalistic support for stream flow control frames - MINOR: quic: Wrong value for version negotiation packet 'Unused' field - MINOR: quic: Support draft-29 QUIC version - BUG/MINOR: quic: fix segfault on trace for version negotiation - BUG/MINOR: hq-interop: fix potential NULL dereference - BUILD: quic: fix potential NULL dereference on xprt_quic - DOC: lua: documentation about the httpclient API - BUG/MEDIUM: cache/cli: make "show cache" thread-safe - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found - BUG/MINOR: shctx: do not look for available blocks when the first one is enough - MINOR: shctx: add a few BUG_ON() for consistency checks 2021/11/14 : 2.5-dev14 - DEV: coccinelle: Remove unused `expression e` - DEV: coccinelle: Add rule to use `istend()` where possible - CLEANUP: Apply ist.cocci - CLEANUP: Re-apply xalloc_size.cocci - CLEANUP: halog: make the default usage message fit in small screens - MINOR: h3/qpack: fix gcc11 warnings - MINOR: mux-quic: fix gcc11 warning - MINOR: h3: fix potential NULL dereference - MINOR: quic: Fix potential null pointer dereference - CLEANUP: halog: remove unused strl2ui() - OPTIM: halog: improve field parser speed for modern compilers - OPTIM: halog: skip fields 64 bits at a time when supported - DEV: coccinelle: Add rule to use `isttrim()` where possible - CLEANUP: Apply ist.cocci - DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_memcat()` - DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_strncat()` - CLEANUP: Apply ist.cocci - CLEANUP: chunk: Remove duplicated chunk_Xcat implementation - CLEANUP: chunk: remove misleading chunk_strncat() function - BUG/MINOR: cache: properly ignore unparsable max-age in quotes - Revert "DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_strncat()`" - DOC: stats: fix location of the text representation - DOC: internals: document the IST API - BUG/MINOR: httpclient/lua: rcv freeze when no request payload - BUG/MEDIUM: httpclient: channel_add_input() must use htx->data - MINOR: promex: backend aggregated server check status - DOC: config: Fix typo in ssl_fc_unique_id description - BUG/MINOR: http-ana: Apply stop to the current section for http-response rules - Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" - DOC: config: Be more explicit in "allow" actions description - DOC: lua: Be explicit with the Reply object limits - MINOR: mux-h1: Slightly Improve H1 traces - BUG/MEDIUM: conn-stream: Don't reset CS flags on close - CLEANUP: mworker: remove any relative PID reference - MEDIUM: mworker: reexec in waitpid mode after successful loading - MINOR: mworker: clarify starting/failure messages - MINOR: mworker: only increment the number of reload in wait mode - MINOR: mworker: implement a reload failure counter - MINOR: mworker: ReloadFailed shown depending on failedreload - MINOR: mworker: change the way we set PROC_O_LEAVING - BUG/MINOR: mworker: doesn't launch the program postparser - DOC: management: edit the "show proc" example to show the current output - BUG/MEDIUM: httpclient/cli: free of unallocated hc->req.uri - REGTESTS: httpclient/lua: add greater body values - BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value - BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode - BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent - BUILD: makefile: simplify detection of libatomic 2021/11/06 : 2.5-dev13 - SCRIPTS: git-show-backports: re-enable file-based filtering - MINOR: jwt: Make invalid static JWT algorithms an error in `jwt_verify` converter - MINOR: mux-h2: add trace on extended connect usage - BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support - MINOR: stream/mux: implement websocket stream flag - MINOR: connection: implement function to update ALPN - MINOR: connection: add alternative mux_ops param for conn_install_mux_be - MEDIUM: server/backend: implement websocket protocol selection - MINOR: server: add ws keyword - BUG/MINOR: resolvers: fix sent messages were counted twice - BUG/MINOR: resolvers: throw log message if trash not large enough for query - MINOR: resolvers/dns: split dns and resolver counters in dns_counter struct - MEDIUM: resolvers: rename dns extra counters to resolvers extra counters - BUG/MINOR: jwt: Fix jwt_parse_alg incorrectly returning JWS_ALG_NONE - DOC: add QUIC instruction in INSTALL - CLEANUP: halog: Remove dead stores - DEV: coccinelle: Add ha_free.cocci - CLEANUP: Apply ha_free.cocci - DEV: coccinelle: Add rule to use `istnext()` where possible - CLEANUP: Apply ist.cocci - REGTESTS: Use `feature cmd` for 2.5+ tests (2) - DOC: internals: move some API definitions to an "api" subdirectory - MINOR: quic: Allocate listener RX buffers - CLEANUP: quic: Remove useless code - MINOR: quic: Enhance the listener RX buffering part - MINOR: quic: Remove a useless lock for CRYPTO frames - MINOR: quic: Use QUIC_LOCK QUIC specific lock label. - MINOR: backend: Get client dst address to set the server's one only if needful - MINOR: compression: Warn for 'compression offload' in defaults sections - MEDIUM: connection: rename fc_conn_err and bc_conn_err to fc_err and bc_err - DOC: configuration: move the default log formats to their own section - MINOR: ssl: make the ssl_fc_sni() sample-fetch function always available - MEDIUM: log: add the client's SNI to the default HTTPS log format - DOC: config: add an example of reasonably complete error-log-format - DOC: config: move error-log-format before custom log format 2021/11/02 : 2.5-dev12 - MINOR: httpclient: support payload within a buffer - MINOR: httpclient/lua: support more HTTP methods - MINOR: httpclient/lua: return an error when it can't generate the request - CLEANUP: lua: Remove any ambiguities about lua txn execution context flags - BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body - CLEANUP: connection: No longer export make_proxy_line_v1/v2 functions - CLEANUP: tools: Use const address for get_net_port() and get_host_port() - CLEANUP: lua: Use a const address to retrieve info about a connection - MINOR: connection: Add function to get src/dst without updating the connection - MINOR: session: Add src and dst addresses to the session - MINOR: stream-int: Add src and dst addresses to the stream-interface - MINOR: frontend: Rely on client src and dst addresses at stream level - MINOR: log: Rely on client addresses at the appropriate level to log messages - MINOR: session: Rely on client source address at session level to log error - MINOR: http-ana: Rely on addresses at stream level to set xff and xot headers - MINOR: http-fetch: Rely on addresses at stream level in HTTP sample fetches - MINOR: mux-fcgi: Rely on client addresses at stream level to set default params - MEDIUM: tcp-sample: Rely on addresses at the appropriate level in tcp samples - MEDIUM: connection: Rely on addresses at stream level to make proxy line - MEDIUM: backend: Rely on addresses at stream level to init server connection - MEDIUM: connection: Assign session addresses when PROXY line is received - MEDIUM: connection: Assign session addresses when NetScaler CIP proto is parsed - MEDIUM: tcp-act: Set addresses at the apprioriate level in set-(src/dst) actions - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - DOC: config: Fix alphabetical order of fc_* samples - MINOR: tcp-sample: Add samples to get original info about client connection - REGTESTS: Add script to test client src/dst manipulation at different levels - MINOR: stream: Use backend stream-interface dst address instead of target_addr - BUILD: log: Fix compilation without SSL support - DEBUG: protocol: yell loudly during registration of invalid sock_domain - MINOR: protocols: add a new protocol type selector - MINOR: protocols: make use of the protocol type to select the protocol - MINOR: protocols: replace protocol_by_family() with protocol_lookup() - MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_hmac() - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_rsa_ecdsa() - DEV: coccinelle: Add realloc_leak.cocci - CLEANUP: hlua: Remove obsolete branch in `hlua_alloc()` - BUILD: atomic: prefer __atomic_compare_exchange_n() for __ha_cas_dw() - BUILD: atomic: fix build on mac/arm64 - MINOR: atomic: remove the memcpy() call and dependency on string.h - MINOR: httpclient: request streaming with a callback - MINOR: httpclient/lua: handle the streaming into the lua applet - REGTESTS: lua: test httpclient with body streaming - DOC: halog: Move the `-qry` parameter into the correct section in help text - MINOR: halog: Rename -qry to -query - CLEANUP: halog: Use consistent indentation in help() - BUG/MINOR: halog: Add missing newlines in die() messages - MINOR: halog: Add support for extracting captures using -hdr - DOC: Typo fixed "it" should be "is" - BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed - BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released - BUG/MEDIUM: resolvers: Don't recursively perform requester unlink - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration - BUG/MINOR: http: Authorization value can have multiple spaces after the scheme - BUG/MINOR: http: http_auth_bearer fetch does not work on custom header name - BUG/MINOR: httpclient/lua: misplaced luaL_buffinit() - BUILD/MINOR: cpuset freebsd build fix - BUG/MINOR: httpclient: use a placeholder value for Host header - BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data - BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions - MINOR: stream: Improve dump of bogus streams - DOC/peers: some grammar fixes for peers 2.1 spec - MEDIUM: vars: make the var() sample fetch function really return type ANY - MINOR: vars: add "set-var" for "tcp-request connection" rules. 2021/10/22 : 2.5-dev11 - DEV: coccinelle: Add strcmp.cocci - CLEANUP: Apply strcmp.cocci - CI: Add `permissions` to GitHub Actions - CI: Clean up formatting in GitHub Action definitions - MINOR: add ::1 to predefined LOCALHOST acl - CLEANUP: assorted typo fixes in the code and comments - CLEANUP: Consistently `unsigned int` for bitfields - MEDIUM: resolvers: lower-case labels when converting from/to DNS names - MEDIUM: resolvers: replace bogus resolv_hostname_cmp() with memcmp() - MINOR: jwt: Empty the certificate tree during deinit - MINOR: jwt: jwt_verify returns negative values in case of error - MINOR: jwt: Do not rely on enum order anymore - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error - MINOR: httpclient/cli: access should be only done from expert mode - DOC: management: doc about the CLI httpclient - BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors - BUG/MAJOR: dns: tcp session can remain attached to a list after a free - BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier - CLEANUP: dns: always detach the appctx from the dns session on release - DEBUG: dns: add a few more BUG_ON at sensitive places - BUG/MAJOR: resolvers: add other missing references during resolution removal - CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() - BUILD: resolvers: avoid a possible warning on null-deref - BUG/MEDIUM: resolvers: always check a valid item in query_list - CLEANUP: always initialize the answer_list - CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters - CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT - MEDIUM: resolvers: use a kill list to preserve the list consistency - MEDIUM: resolvers: remove the last occurrences of the "safe" argument - BUG/MEDIUM: checks: fix the starting thread for external checks - MEDIUM: resolvers: replace the answer_list with a (flat) tree - MEDIUM: resolvers: hash the records before inserting them into the tree - BUG/MAJOR: buf: fix varint API post- vs pre- increment - OPTIM: resolvers: move the eb32 node before the data in the answer_item - MINOR: list: add new macro LIST_INLIST_ATOMIC() - OPTIM: dns: use an atomic check for the list membership - BUG/MINOR: task: do not set TASK_F_USR1 for no reason - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame - MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close - MINOR: mux-h2: perform a full cycle shutdown+drain on close - CLEANUP: resolvers: get rid of single-iteration loop in resolv_get_ip_from_response() - MINOR: quic: Increase the size of handshake RX UDP datagrams - BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems - MINOR: memprof: report the delta between alloc and free on realloc() - MINOR: memprof: add one pointer size to the size of allocations - BUILD: fix compilation on NetBSD - MINOR: backend: add traces for idle connections reuse - BUG/MINOR: backend: fix improper insert in avail tree for always reuse - MINOR: backend: improve perf with tcp proxies skipping idle conns - MINOR: connection: remove unneeded memset 0 for idle conns 2021/10/16 : 2.5-dev10 - MINOR: initcall: Rename __GLOBL and __GLOBL1. - MINOR: rules: add a new function new_act_rule() to allocate act_rules - MINOR: rules: add a file name and line number to act_rules - MINOR: stream: report the current rule in "show sess all" when known - MINOR: stream: report the current filter in "show sess all" when known - CLEANUP: stream: Properly indent current_rule line in "show sess all" - BUG/MINOR: lua: Fix lua error handling in `hlua_config_prepend_path()` - CI: github: switch to OpenSSL 3.0.0 - REGTESTS: ssl: Fix references to removed option in test description - MINOR: ssl: Add ssllib_name_startswith precondition - REGTESTS: ssl: Fix ssl_errors test for OpenSSL v3 - REGTESTS: ssl: Reenable ssl_errors test for OpenSSL only - REGTESTS: ssl: Use mostly TLSv1.2 in ssl_errors test - MEDIUM: mux-quic: rationalize tx buffers between qcc/qcs - MEDIUM: h3: properly manage tx buffers for large data - MINOR: mux-quic: standardize h3 settings sending - CLEANUP: h3: remove dead code - MINOR: mux-quic: implement standard method to detect if qcc is dead - MEDIUM: mux-quic: defer stream shut if remaining tx data - MINOR: mux: remove last occurences of qcc ring buffer - MINOR: quic: handle CONNECTION_CLOSE frame - REGTESTS: ssl: re-enable set_ssl_cert_bundle.vtc - MINOR: ssl: add ssl_fc_is_resumed to "option httpslog" - MINOR: http: Add http_auth_bearer sample fetch - MINOR: jwt: Parse JWT alg field - MINOR: jwt: JWT tokenizing helper function - MINOR: jwt: Insert public certificates into dedicated JWT tree - MINOR: jwt: jwt_header_query and jwt_payload_query converters - MEDIUM: jwt: Add jwt_verify converter to verify JWT integrity - REGTESTS: jwt: Add tests for the jwt_verify converter - BUILD: jwt: fix declaration of EVP_KEY in jwt-h.h - MINOR: proto_tcp: use chunk_appendf() to ouput socket setup errors - MINOR: proto_tcp: also report the attempted MSS values in error message - MINOR: inet: report the faulty interface name in "bind" errors - MINOR: protocol: report the file and line number for binding/listening errors - MINOR: protocol: uniformize protocol errors - MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero - BUG/MEDIUM: resolver: make sure to always use the correct hostname length - BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records - MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero - MEDIUM: listeners: split the thread mask between receiver and bind_conf - MINOR: listeners: add clone_listener() to duplicate listeners at boot time - MEDIUM: listener: add the "shards" bind keyword - BUG/MEDIUM: resolvers: use correct storage for the target address - MINOR: resolvers: merge address and target into a union "data" - BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix - BUG/MEDIUM: jwt: fix base64 decoding error detection - BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs - DOC: jwt: fix a typo in the jwt_verify() keyword description - BUG/MEDIUM: sample/jwt: fix another instance of base64 error detection - BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back - BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data - DOC: config: Move 'tcp-response content' at the right place - BUG/MINOR: proxy: Use .disabled field as a bitfield as documented - MINOR: proxy: Introduce proxy flags to replace disabled bitfield - MINOR: sample/arg: Be able to resolve args found in defaults sections - MEDIUM: proxy: Warn about ambiguous use of named defaults sections - MINOR: proxy: Be able to reference the defaults section used by a proxy - MINOR: proxy: Add PR_FL_READY flag on fully configured and usable proxies - MINOR: config: Finish configuration for referenced default proxies - MINOR: config: No longer remove previous anonymous defaults section - MINOR: tcpcheck: Support 2-steps args resolution in defaults sections - MEDIUM: rules/acl: Parse TCP/HTTP rules and acls defined in defaults sections - MEDIUM: tcp-rules: Eval TCP rules defined in defaults sections - MEDIUM: http-ana: Eval HTTP rules defined in defaults sections - BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags - REGTESTS: Add scripts to test support of TCP/HTTP rules in defaults sections - DOC: config: Add documentation about TCP/HTTP rules in defaults section - DOC: config: Rework and uniformize how TCP/HTTP rules are documented - BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies - BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD - BUG/MINOR: sample: fix backend direction flags consecutive to last fix - BUG/MINOR: listener: fix incorrect return on out-of-memory - BUG/MINOR: listener: add an error check for unallocatable trash - CLEANUP: listeners: remove unreachable code in clone_listener() 2021/10/08 : 2.5-dev9 - head-truc - REGTESTS: lua: test the httpclient:get() feature - Revert "head-truc" - BUG/MEDIUM: httpclient: replace ist0 by istptr - MINOR: config: use a standard parser for the "nbthread" keyword - CLEANUP: init: remove useless test against MAX_THREADS in affinity loop - MEDIUM: init: de-uglify the per-thread affinity setting - MINOR: init: extract the setup and end of threads to their own functions - MINOR: log: Try to get the status code when MUX_EXIT_STATUS is retrieved - MINOR: mux-h1: Set error code if possible when MUX_EXIT_STATUS is returned - MINOR: mux-h1: Be able to set custom status code on parsing error - MEDIUM: mux-h1: Reject HTTP/1.0 GET/HEAD/DELETE requests with a payload - MEDIUM: h1: Force close mode for invalid uses of T-E header - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" - MINOR: http: Add 422-Unprocessable-Content error message - MINOR: h1: Change T-E header parsing to fail if chunked encoding is found twice - BUG/MEDIUM: mux-h1/mux-fcgi: Reject messages with unknown transfer encoding - REGTESTS: Add script to validate T-E header parsing - REORG: pools: move default settings to defaults.h - DOC: peers: fix doc "enable" statement on "peers" sections - MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options - MINOR: ssl: Set connection error code in case of SSL read or write fatal failure - MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err - MINOR: ssl: Store the last SSL error code in case of read or write failure - REGTESTS: ssl: enable show_ssl_ocspresponse.vtc again - REGTESTS: ssl: enable ssl_crt-list_filters.vtc again - BUG/MEDIUM: lua: fix wakeup condition from sleep() - BUG/MAJOR: lua: use task_wakeup() to properly run a task once - MINOR: arg: Be able to forbid unresolved args when building an argument list - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input - MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue() - REGTESTS: ssl: show_ssl_ocspresponse w/ freebsd won't use base64 - REGTESTS: ssl: wrong feature cmd in show_ssl_ocspresponse.vtc - CLEANUP: tasks: remove the long-unused work_lists - MINOR: task: provide 3 task_new_* wrappers to simplify the API - MINOR: time: uninline report_idle() and move it to task.c - REORG: sched: move idle time calculation from time.h to task.h - REORG: sched: move the stolen CPU time detection to sched_entering_poll() - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - MINOR: httpclient: destroy() must free the headers and the ists - MINOR: httpclient: set HTTPCLIENT_F_ENDED only in release - MINOR: httpclient: stop_and_destroy() ask the applet to autokill - MINOR: httpclient: test if started during stop_and_destroy() - MINOR: httpclient/lua: implement garbage collection - BUG/MEDIUM: httpclient/lua: crash because of b_xfer and get_trash_chunk() - MINOR: httpclient: destroy checks if a client was started but not stopped - BUG/MINOR: httpclient/lua: does not process headers when failed - MINOR: httpclient/lua: supports headers via named arguments - CLEANUP: server: always include the storage for SSL settings - CLEANUP: sample: rename sample_conv_var2smp() to *_sint - CLEANUP: sample: uninline sample_conv_var2smp_str() - MINOR: sample: provide a generic var-to-sample conversion function - BUG/MEDIUM: sample: properly verify that variables cast to sample - BUILD: action: add the relevant structures for function arguments - BUILD: extcheck: needs to include stream-t.h - BUILD: hlua: needs to include stream-t.h - BUILD: stats: define several missing structures in stats.h - BUILD: resolvers: define missing types in resolvers.h - BUILD: httpclient: include missing ssl_sock-t - BUILD: sample: include openssl-compat - BUILD: http_ana: need to include proxy-t to get redirect_rule - BUILD: http_rules: requires http_ana-t.h for REDIRECT_* - BUILD: vars: need to include xxhash - BUILD: peers: need to include eb{32/mb/pt}tree.h - BUILD: ssl_ckch: include ebpttree.h in ssl_ckch.c - BUILD: compiler: add the container_of() and container_of_safe() macros - BUILD: idleconns: include missing ebmbtree.h at several places - BUILD: connection: connection.h needs list.h and server.h - BUILD: tree-wide: add missing http_ana.h from many places - BUILD: cfgparse-ssl: add missing errors.h - BUILD: tcp_sample: include missing errors.h and session-t.h - BUILD: mworker: mworker-prog needs time.h for the 'now' variable - BUILD: tree-wide: add several missing activity.h - BUILD: compat: fix -Wundef on SO_REUSEADDR - CLEANUP: pools: pools-t.h doesn't need to include thread-t.h - REORG: pools: uninline the UAF allocator and force-inline the rest - REORG: thread: uninline the lock-debugging code - MINOR: thread/debug: replace nsec_now() with now_mono_time() - CLEANUP: remove some unneeded includes from applet-t.h - REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c - CLEANUP: listeners: do not include openssl-compat - CLEANUP: servers: do not include openssl-compat - REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it - CLEANUP: mux_fcgi: remove dependency on ssl_sock - CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c - REORG: ssl-sock: move the sslconns/totalsslconns counters to global - REORG: sample: move the crypto samples to ssl_sample.c - REORG: sched: moved samp_time and idle_time to task.c as well - REORG: time/ticks: move now_ms and global_now_ms definitions to ticks.h - CLEANUP: tree-wide: remove unneeded include time.h in ~20 files - REORG: activity: uninline activity_count_runtime() - REORG: acitvity: uninline sched_activity_entry() - CLEANUP: stream: remove many unneeded includes from stream-t.h - CLEANUP: stick-table: no need to include socket nor in.h - MINOR: connection: use uint64_t for the hashes - REORG: connection: move the hash-related stuff to connection.c - REORG: connection: uninline conn_notify_mux() and conn_delete_from_tree() - REORG: server: uninline the idle conns management functions - REORG: ebtree: split structures into their own file ebtree-t.h - CLEANUP: tree-wide: only include ebtree-t from type files - REORG: connection: move the largest inlines from connection.h to connection.c - CLEANUP: connection: do not include http_ana! - CLEANUP: connection: remove unneeded tcpcheck-t.h and use only session-t.h - REORG: connection: uninline the rest of the alloc/free stuff - REORG: task: uninline the loop time measurement code - CLEANUP: time: move a few configurable defines to defaults.h - CLEANUP: fd: do not include time.h - REORG: fd: uninline compute_poll_timeout() - CLENAUP: wdt: use ha_tkill() instead of accessing pthread directly - REORG: thread: move the thread init/affinity/stop to thread.c - REORG: thread: move ha_get_pthread_id() to thread.c - MINOR: thread: use a dedicated static pthread_t array in thread.c - CLEANUP: thread: uninline ha_tkill/ha_tkillall/ha_cpu_relax() - DOC: configuration: add clarification on escaping in keyword arguments - BUG/MINOR: task: fix missing include with DEBUG_TASK - MINOR: pools: report the amount used by thread caches in "show pools" - MINOR: quic: Distinguish packet and SSL read enc. level in traces - MINOR: quic: Add a function to dump SSL stack errors - MINOR: quic: BUG_ON() SSL errors. - MINOR: quic: Fix SSL error issues (do not use ssl_bio_and_sess_init()) - BUG/MEDIUM: mux-quic: reinsert all streams in by_id tree - BUG/MAJOR: xprt-quic: do not queue qc timer if not set - MINOR: mux-quic: release connection if no more bidir streams - BUG/MAJOR: quic: remove qc from receiver cids tree on free - BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames - MINOR: qpack: do not encode invalid http status code - MINOR: qpack: support non-indexed http status code encoding - MINOR: qpack: fix memory leak on huffman decoding - CLEANUP: mux-quic: remove unused code - BUG/MINOR: quic: fix includes for compilation - BUILD: connection: avoid a build warning on FreeBSD with SO_USER_COOKIE - BUILD: init: avoid a build warning on FreeBSD with USE_PROCCTL - REORG: time: move time-keeping code and variables to clock.c - REORG: clock: move the updates of cpu/mono time to clock.c - MINOR: activity: get the run_time from the clock updates - CLEANUP: clock: stop exporting before_poll and after_poll - REORG: clock: move the clock_id initialization to clock.c - REORG: clock/wdt: move wdt timer initialization to clock.c - MINOR: clock: move the clock_ids to clock.c - MINOR: wdt: move wd_timer to wdt.c - CLEANUP: wdt: do not remap SI_TKILL to SI_LWP, test the values directly - REORG: thread/sched: move the task_per_thread stuff to thread_ctx - REORG: thread/clock: move the clock parts of thread_info to thread_ctx - REORG: thread/sched: move the thread_info flags to the thread_ctx - REORG: thread/sched: move the last dynamic thread_info to thread_ctx - MINOR: thread: make "ti" a const pointer and clean up thread_info a bit - MINOR: threads: introduce a minimalistic notion of thread-group - MINOR: global: add a new "thread-groups" directive - MINOR: global: add a new "thread-group" directive - MINOR: threads: make tg point to the current thread's group - MEDIUM: threads: automatically assign threads to groups - MINOR: threads: set the group ID and its bit in the thread group - MINOR: threads: set the tid, ltid and their bit in thread_cfg - MEDIUM: threads: replace ha_set_tid() with ha_set_thread() - MINOR: threads: add the current group ID in thread-local "tgid" variable - MINOR: debug: report the group and thread ID in the thread dumps - MEDIUM: listeners: support the definition of thread groups on bind lines - MINOR: threads: add a new function to resolve config groups and masks - MEDIUM: config: resolve relative threads on bind lines to absolute ones - MEDIUM: stick-table: never learn the "conn_cur" value from peers 2021/09/24 : 2.5-dev8 - BUILD: compiler: fixed a missing test on defined(__GNUC__) - BUILD: halog: fix a -Wundef warning on non-glibc systems - BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl - BUG/MINOR: compat: make sure __WORDSIZE is always defined - BUILD: sample: fix format warning on 32-bit archs in sample_conv_be2dec_check() - CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools() - MINOR: pools: automatically disable malloc_trim() with external allocators - MINOR: pools: report it when malloc_trim() is enabled - DOC: Add .mailmap - CLEANUP: tree-wide: fix prototypes for functions taking no arguments. - CLEANUP: Remove prototype for non-existent thread_get_default_count() - CLEANUP: acl: Remove unused variable when releasing an acl expression - BUG/MAJOR: mux-h1: Don't eval input data if an error was reported - DOC: update Tim's address in .mailmap - MINOR: pools: use mallinfo2() when available instead of mallinfo() - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check - DOC: management: certificate files must be sanitized before injection - BUG/MINOR: connection: prevent null deref on mux cleanup task allocation - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc - BUG/MINOR: cli/payload: do not search for args inside payload - BUILD: sockpair: do not set unused flag - BUILD: proto_uxst: do not set unused flag - BUILD: fd: remove unused variable totlen in fd_write_frag_line() - MINOR: applet: remove the thread mask from appctx_new() - REORG: threads: move ha_get_pthread_id() to tinfo.h - CLEANUP: Apply ist.cocci - DEV: coccinelle: Add ist.cocci - CLEANUP: Apply bug_on.cocci - DEV: coccinelle: Add xalloc_size.cocci - DEV: coccinelle: Add bug_on.cocci - CLEANUP: Apply xalloc_size.cocci - DEV: coccinelle: Add xalloc_cast.cocci - BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set - MINOR: httpclient: add the EOH when no headers where provided - CLEANUP: Include check.h in flt_spoe.c - CLEANUP: Remove unreachable `break` from parse_time_err() - BUG/MINOR: server: allow 'enable health' only if check configured - BUG/MINOR: server: alloc dynamic srv ssl ctx if proxy uses ssl chk rule - MINOR: server: enable more keywords for ssl checks for dynamic servers - MINOR: server: enable more check related keywords for dynamic servers - REORG: server: move slowstart init outside of checks - MINOR: server: enable slowstart for dynamic server - MEDIUM: listener: deprecate "process" in favor of "thread" on bind lines - BUG/MEDIUM: leastconn: fix rare possibility of divide by zero - BUG/MINOR: quic: Possible NULL pointer dereferencing when dumping streams. - MINOR: quic: Move transport parmaters to anynomous struct. - MINOR: mux_quic: Add QUIC mux layer. - MINOR: connection: Add callbacks definitions for QUIC. - MINOR: quic: Attach QUIC mux connection objet to QUIC connection. - MINOR: quic: Add a new definition to store STREAM frames. - MINOR: h3: Add HTTP/3 definitions. - MINOR: qpack: Add QPACK compression. - MINOR: quic_sock: Finalize the QUIC connections. - MINOR: quic: Disable the action of ->rcv_buf() xprt callback - MINOR: quic: Add callbacks for (un)scribing to QUIC xprt. - MINOR: quic: Variable-length integer encoding/decoding into/from buffer struct. - BUG/MINOR: quic: Wrong ->accept() error handling - MINOR: quic: Add a wrapper function to update transport parameters. - MINOR: quic: Update the streams transport parameters. - MINOR: quic: Avoid header collisions - MINOR: quic: Replace max_packet_size by max_udp_payload size. - MINOR: quic: Enable some quic, h3 and qpack modules compilation. - MINOR: quic: Move an SSL func call from QUIC I/O handler to the xprt init. - MINOR: quic: Initialize the session before starting the xprt. - BUG/MINOR: quic: Do not check the acception of a new conn from I/O handler. - MINOR: quic: QUIC conn initialization from I/O handler - MINOR: quic: Remove header protection for conn with context - MINOR: quic: Derive the initial secrets asap - MINOR: quic: Remove header protection also for Initial packets - BUG/MINOR: quic: Wrong memory free in quic_update_ack_ranges_list() - MINOR: quic: quic_update_ack_ranges_list() code factorization - MINOR: quic: Useless test in quic_update_ack_ranges_list() - MINOR: quic: Remove a useless variable in quic_update_ack_ranges_list() - BUG/MINOR: quic: Missing cases treatement when updating ACK ranges - CLEAUNUP: quic: Usage of a useless variable in qc_treat_rx_pkts() - BUG/MINOR: quic: Wrong RX packet reference counter usage - MINOR: quic: Do not stop the packet parsing too early in qc_treat_rx_packets() - MINOR: quic: Add a lock for RX packets - MINOR: quic: Move the connection state - MINOR: quic: Replace quic_conn_ctx struct by ssl_sock_ctx struct - MINOR: quic: Replace the RX list of packet by a thread safety one. - MINOR: quic: Replace the RX unprotected packet list by a thread safety one. - MINOR: quic: Add useful traces for I/O dgram handler - MINOR: quic: Do not wakeup the xprt task on ACK receipt - MINOR: quic: Connection allocations rework - MINOR: quic: Move conn_prepare() to ->accept_conn() callback - MINOR: quic: Make qc_lstnr_pkt_rcv() be thread safe. - MINOR: quic: Add a ring buffer implementation for QUIC - MINOR: quic: Prefer x25519 as ECDH preferred parametes. - MINOR: quic: Add the QUIC v1 initial salt. - BUG/MINOR: quic: Too much reduced computed space to build handshake packets - MINOR: net_helper: add functions for pointers - MINOR: quic: Add ring buffer definition (struct qring) for QUIC - MINOR: proto_quic: Allocate TX ring buffers for listeners - MINOR: quic: Initialize pointers to TX ring buffer list - MINOR: quic: Make use of TX ring buffers to send QUIC packets - MINOR: quic_tls: Make use of the QUIC V1 salt. - MINOR: quic: Remove old TX buffer implementation - MINOR: Add function for TX packets reference counting - MINOR: quic: Add TX packets at the very last time to their tree. - MINOR: quic: Unitialized mux context upon Client Hello message receipt. - MINOR: quic: Missing encryption level rx.crypto member initialization and lock. - MINOR: quic: Rename ->rx.rwlock of quic_enc_level struct to ->rx.pkts_rwlock - MINOR: quic: Make qc_treat_rx_pkts() be thread safe. - MINOR: quic: Make ->tx.frms quic_pktns struct member be thread safe - MINOR: quic: Replace quic_tx_frm struct by quic_frame struct - MINOR: quic: Add a mask for TX frame builders and their authorized packet types - MINOR: quic: Add a useful function to compute any frame length. - MINOR: quic: Add the QUIC connection state to traces - MINOR: quic: Store post handshake frame in ->pktns.tx.frms MT_LIST - MINOR: quic: Add the packet type to quic_tx_packet struct - MINOR: quic: Modify qc_do_build_hdshk_pkt() to accept any packet type - MINOR: quic: Atomically handle packet number space ->largest_acked_pn variable - MINOR: quic: Modify qc_build_cfrms() to support any frame - MINOR: quic: quic_conn_io_cb() task rework - MINOR: quic: Make qc_build_hdshk_pkt() atomically consume a packet number - MINOR: quic: qc_do_build_hdshk_pkt() does not need to pass a copy of CRYPTO frame - MINOR: quic: Remove Application level related functions - MINOR: quic: Rename functions which do not build only Handshake packets - MINOR: quic: Make circular buffer internal buffers be variable-sized. - MINOR: quic: Add a pool for TX ring buffer internal buffer - MINOR: quic: Make use of the last cbuf API when initializing TX ring buffers - MINOR: quic: Missing acks encoded size updates. - MINOR: quic: Evaluate the packet lengths in advance - MINOR: quic: Update the TLS extension for QUIC transport parameters - MINOR: quic: Fix handshake state debug strings - MINOR: quic: Atomically get/set the connection state - MINOR: quic: Missing QUIC encryption level for qc_build_pkt() - MINOR: quic: Coalesce Application level packets with Handshake packets. - MINOR: quic: Wrong flags handling for acks - MINOR: quic: Missing case when discarding HANDSHAKE secrets - MINOR: quic: Post handshake packet building improvements - MINOR: quic: Prepare Application level packet asap. - MINOR: h3: Send h3 settings asap - MINOR: quic: Wrong STREAM frame length computing - MINOR: quic: Wrong short packet minimum length - MINOR: quic: Prepare STREAM frames to fill QUIC packets - MINOR: h3: change default settings - MINOR: quic-enc: fix varint encoding - MINOR: qpack: fix wrong comment - MINOR: qpack: generate headers list on decoder - MINOR: h3: parse headers to htx - MINOR: h3: allocate stream on headers - MEDIUM: mux-quic: implement ring buffer on stream tx - MINOR: mux-quic: send SETTINGS on uni stream - MINOR: h3: define snd_buf callback and divert mux ops - MINOR: mux-quic: define FIN stream flag - MINOR: qpack: create qpack-enc module - MINOR: qpack: encode headers functions - MINOR: h3: encode htx headers to QPACK - MINOR: h3: send htx data - MINOR: h3/mux: detect fin on last h3 frame of the stream - MINOR: quic: Shorten some handshakes - MINOR: quic: Make QUIC-TLS support at least two initial salts - MINOR: quic: Attach the QUIC connection to a thread. - MINOR: quic: Missing active_connection_id_limit default value - MINOR: quic_sock: Do not flag QUIC connections as being set - MINOR: buf: Add b_force_xfer() function - MINOR: quic: Make use of buffer structs to handle STREAM frames - MINOR: mux_quic: move qc_process() code to qc_send() - MINOR: quic: Add a typedef for unsigned long long - MINOR: quic: Confusion between TX/RX for the frame builders - MINOR: quic: Wrong packet flags settings during frame building - MINOR: quic: Constantness fixes for frame builders/parsers. - MINOR: quic_tls: Client/serveur state reordering - MINOR: quic: Wrong packet loss detection due to wrong pktns order - MINOR: quic: Wrong packet number space selection in quic_loss_pktns() - MINOR: quic: Initial packet number spaced not discarded - MINOR: quic: Add useful trace about pktns discarding - MINOR: mux_quic: Export the mux related flags - MINOR: quic: Implement quic_conn_subscribe() - MINOR: quic: Wake up the mux upon ACK receipt - MINOR: quic: Stream FIN bit fix in qcs_push_frame() - MINOR: quic: Implement qc_process_mux() - MINOR: quic: Wake up the xprt from mux - CLEANUP: quic: Remove useless inline functions - MINOR: quic: RX packets memory leak - MINOR: quic: Possible endless loop in qc_treat_rx_pkts() - MINOR: quic: Crash upon too big packets receipt - MINOR: quic: define close handler - MEDIUM: quic: implement mux release/conn free - MINOR: quic: fix qcc subs initialization - BUG/MINOR: h1-htx: Fix a typo when request parser is reset - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM - MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv() - MINOR: htx: Add an HTX flag to know when a message is fragmented - MINOR: htx: Add a function to know if the free space wraps - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary - MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf - BUG/MINOR: http-ana: increment internal_errors counter on response error - MINOR: stats: Enable dark mode on stat web page - CLEANUP: stats: Fix some alignment mistakes - MINOR: httpclient: httpclient_data() returns the available data - MINOR: httpclient: httpclient_ended() returns 1 if the client ended - MINOR: httpclient/lua: httpclient:get() API in lua - MINOR: httpclient/lua: implement the headers in the response object - BUG/MINOR: httpclient/lua: return an error on argument check - CLEANUP: slz: Mark `reset_refs` as static 2021/09/12 : 2.5-dev7 - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB - CLEANUP: htx: remove comments about "must be < 256 MB" - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" - MINOR: proxy: add a global "grace" directive to postpone soft-stop - MINOR: vars: rename vars_init() to vars_init_head() - CLEANUP: vars: rename sample_clear_stream() to var_unset() - REORG: vars: remerge sample_store{,_stream}() into var_set() - MEDIUM: vars: make the ifexist variant of set-var only apply to the proc scope - MINOR: vars: add a VF_CREATEONLY flag for creation - MINOR: vars: support storing empty sample data with a variable - MINOR: vars: store flags into variables and add VF_PERMANENT - MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables - MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones - MINOR: vars: preset a random seed to hash variables names - MEDIUM: vars: replace the global name index with a hash - CLEANUP: vars: remove the now unused var_names array - MINOR: vars: centralize the lock/unlock into static inlines - OPTIM: vars: only takes the variables lock on shared entries - OPTIM: vars: remove internal bookkeeping for vars_global_size - OPTIM: vars: do not keep variables usage stats if no limit is set - BUILD: fix dragonfly build again on __read_mostly - CI: Github Actions: temporarily disable Opentracing - BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload - MINOR: htx: Skip headers with no value when adding a header list to a message - CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error - BUG/MINOR: filters: Set right FLT_END analyser depending on channel - CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h - CLEANUP: ebmbtree: Replace always-taken elseif by else - CLEANUP: Move XXH3 macro from haproxy/compat.h to haproxy/xxhash.h - BUILD: opentracing: exclude the use of haproxy variables for the OpenTracing context - BUG/MINOR: opentracing: enable the use of http headers without a set value - CLEANUP: opentracing: use the haproxy function to generate uuid - MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn' - CI: Github Actions: re-enable Opentracing - CLEANUP: opentracing: simplify the condition on the empty header - BUG/MEDIUM lua: Add missing call to RESET_SAFE_LJMP in hlua_filter_new() 2021/09/03 : 2.5-dev6 - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - BUG/MINOR: tools: Fix loop condition in dump_text() - BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER - BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL - BUILD: tools: properly guard __GLIBC__ with defined() - BUILD: globally enable -Wundef - MINOR: log: Remove log-error-via-logformat option - MINOR: log: Add new "error-log-format" option - BUG/MAJOR: queue: better protect a pendconn being picked from the proxy - CLEANUP: Add missing include guard to signal.h - MINOR: ssl: Add new ssl_bc_hsk_err sample fetch - MINOR: connection: Add a connection error code sample fetch for backend side - REGTESTS: ssl: Add tests for bc_conn_err and ssl_bc_hsk_err sample fetches - MINOR: http-rules: add a new "ignore-empty" option to redirects. - CI: Github Actions: temporarily disable BoringSSL builds - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser - BUG/MINOR: vars: improve accuracy of the rules used to check expression validity - MINOR: sample: add missing ARGC_ entries - BUG/MINOR: vars: properly set the argument parsing context in the expression - DOC: configuration: remove wrong tcp-request examples in tcp-response - MEDIUM: vars: add a new "set-var-fmt" action - BUG/MEDIUM: vars: run over the correct list in release_store_rules() - BUG/MINOR: vars: truncate the variable name in error reports about scope. - BUG/MINOR: vars: do not talk about global section in CLI errors for set-var - CLEANUP: vars: name the temporary proxy "CFG" instead of "CLI" for global vars - MINOR: log: make log-format expressions completely usable outside of req/resp - MINOR: vars: add a "set-var-fmt" directive to the global section - MEDIUM: vars: also support format strings in CLI's "set var" command - CLEANUP: vars: factor out common code from vars_get_by_{desc,name} - MINOR: vars: make vars_get_by_* support an optional default value - MINOR: vars: make the vars() sample fetch function support a default value - BUILD: ot: add argument for default value to vars_get_by_name() 2021/08/28 : 2.5-dev5 - MINOR: httpclient: initialize the proxy - MINOR: httpclient: implement a simple HTTP Client API - MINOR: httpclient/cli: implement a simple client over the CLI - MINOR: httpclient/cli: change the User-Agent to "HAProxy" - MEDIUM: ssl: Keep a reference to the client's certificate for use in logs - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path - BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 - MINOR: server: check if srv is NULL in free_server() - MINOR: proxy: check if p is NULL in free_proxy() - BUG/MEDIUM: cfgparse: do not allocate IDs to automatic internal proxies - BUG/MINOR: http_client: make sure to preset the proxy's default settings - REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 - REGTESTS: abortonclose: after retries, 503 is expected, not close - REGTESTS: server: fix agent-check syntax and expectation - BUG/MINOR: httpclient: fix uninitialized sl variable - BUG/MINOR: httpclient/cli: change the appctx test in the callbacks - BUG/MINOR: httpclient: check if hdr_num is not 0 - MINOR: httpclient: cleanup the include files - MINOR: hlua: take the global Lua lock inside a global function - MINOR: tools: add FreeBSD support to get_exec_path() - BUG/MINOR: systemd: ExecStartPre must use -Ws - MINOR: systemd: remove the ExecStartPre line in the unit file - MINOR: ssl: add an openssl version string parser - MINOR: cfgcond: implements openssl_version_atleast and openssl_version_before - CLEANUP: ssl: remove useless check on p in openssl_version_parser() - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions - BUG/MINOR: httpclient: remove deinit of the httpclient - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} - MINOR: httpclient: set verify none on the https server - MINOR: httpclient: add the server to the proxy - BUG/MINOR: httpclient: fix Host header - BUILD: httpclient: fix build without OpenSSL - CI: github-actions: remove obsolete options - CLEANUP: assorted typo fixes in the code and comments - MINOR: proc: setting the process to produce a core dump on FreeBSD. - BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 - MINOR: server: return the next srv instance on free_server - BUG/MINOR: stats: use refcount to protect dynamic server on dump - MEDIUM: server: extend refcount for all servers - MINOR: server: define non purgeable server flag - MINOR: server: mark referenced servers as non purgeable - MINOR: server: mark servers referenced by LUA script as non purgeable - MEDIUM: server: allow to remove servers at runtime except non purgeable - BUG/MINOR: base64: base64urldec() ignores padding in output size check - REGTEST: add missing lua requirements on server removal test - REGTEST: fix haproxy required version for server removal test - BUG/MINOR: proxy: don't dump servers of internal proxies - REGTESTS: Use `feature cmd` for 2.5+ tests - REGTESTS: Remove REQUIRE_VERSION=1.5 from all tests - BUG/MINOR: resolvers: mark servers with name-resolution as non purgeable - MINOR: compiler: implement an ONLY_ONCE() macro - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords - MEDIUM: ssl: Capture more info from Client Hello - MINOR: sample: Expose SSL captures using new fetchers - MINOR: sample: Add be2dec converter - MINOR: sample: Add be2hex converter - MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size - BUG/MINOR: time: fix idle time computation for long sleeps - MINOR: time: add report_idle() to report process-wide idle time - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING - BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef - BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef - IMPORT: slz: silence a build warning with -Wundef - BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef 2021/08/17 : 2.5-dev4 - MINOR: log: rename 'dontloglegacyconnerr' to 'log-error-via-logformat' - MINOR: doc: rename conn_status in `option httsplog` - MINOR: proxy: disabled takes a stopping and a disabled state - MINOR: stats: shows proxy in a stopped state - BUG/MINOR: server: fix race on error path of 'add server' CLI if track - CLEANUP: thread: fix fantaisist indentation of thread_harmless_till_end() - MINOR: threads: make thread_release() not wait for other ones to complete - MEDIUM: threads: add a stronger thread_isolate_full() call - MEDIUM: servers: make the server deletion code run under full thread isolation - BUG/MINOR: server: remove srv from px list on CLI 'add server' error - MINOR: activity/fd: remove the dead_fd counter - MAJOR: fd: get rid of the DWCAS when setting the running_mask - CLEANUP: fd: remove the now unused fd_set_running() - CLEANUP: fd: remove the now unneeded fd_mig_lock - BUG/MINOR: server: update last_change on maint->ready transitions too - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued - MINOR: server: unmark deprecated on enable health/agent cli - MEDIUM: task: implement tasklet kill - MINOR: server: initialize fields for dynamic server check - MINOR: check: allocate default check ruleset for every backends - MINOR: check: export check init functions - MINOR: check: do not increment global maxsock at runtime - MINOR: server: implement a refcount for dynamic servers - MEDIUM: check: implement check deletion for dynamic servers - MINOR: check: enable safe keywords for dynamic servers - MEDIUM: server: implement check for dynamic servers - MEDIUM: server: implement agent check for dynamic servers - REGTESTS: server: add dynamic check server test - MINOR: doc: specify ulimit-n usage for dynamic servers - REGTESTS: server: fix dynamic server with checks test - CI: travis-ci: temporarily disable arm64 builds - BUG/MINOR: check: test if server is not null in purge - MINOR: global: define MODE_STOPPING - BUG/MINOR: server: do not use refcount in free_server in stopping mode - ADMIN: dyncookie: implement a simple dynamic cookie calculator - BUG/MINOR: check: do not reset check flags on purge - BUG/MINOR: check: fix leak on add dynamic server with agent-check error - BUG/MEDIUM: check: fix leak on agent-check purge - BUG/MEDIUM: server: support both check/agent-check on a dynamic instance - BUG/MINOR: buffer: fix buffer_dump() formatting - MINOR: channel: remove an htx block from a channel - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered - MINOR: lua: Add a flag on lua context to know the yield capability at run time - BUG/MINOR: lua: Yield in channel functions only if lua context can yield - BUG/MINOR: lua: Don't yield in channel.append() and channel.set() - MINOR: filters/lua: Release filters before the lua context - MINOR: lua: Add a function to get a reference on a table in the stack - MEDIUM: lua: Process buffer data using an offset and a length - MEDIUM: lua: Improve/revisit the lua api to manipulate channels - DOC: Improve the lua documentation - MEDIUM: filters/lua: Add support for dummy filters written in lua - MINOR: lua: Add a function to get a filter attached to a channel class - MINOR: lua: Add flags on the lua TXN to know the execution context - MEDIUM: filters/lua: Be prepared to filter TCP payloads - MEDIUM: filters/lua: Support declaration of some filter callback functions in lua - MEDIUM: filters/lua: Add HTTPMessage class to help HTTP filtering - MINOR: filters/lua: Add request and response HTTP messages in the lua TXN - MINOR: filters/lua: Support the HTTP filtering from filters written in lua - DOC: config: Fix 'http-response send-spoe-group' documentation - BUG/MINOR: lua: Properly check negative offset in Channel/HttpMessage functions - BUG/MINOR: lua: Properly catch alloc errors when parsing lua filter directives - BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check - MINOR: cli: delare the CLI frontend as an internal proxy - MINOR: proxy: disable warnings for internal proxies - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set - BUG/MINOR: lua/filters: Return right code when txn:done() is called - DOC: lua-api: Add documentation about lua filters - CI: Remove obsolete USE_SLZ=1 CI job - CLEANUP: assorted typo fixes in the code and comments - CI: github actions: relax OpenSSL-3.0.0 version comparision - BUILD: tools: get the absolute path of the current binary on NetBSD. - DOC: Minor typo fix - 'question mark' -> 'exclamation mark' - DOC/MINOR: fix typo in management document - MINOR: http: add a new function http_validate_scheme() to validate a scheme - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it - BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header - BUG/MEDIUM: h2: give :authority precedence over Host - REGTESTS: add a test to prevent h2 desync attacks 2021/08/01 : 2.5-dev3 - BUG/MINOR: arg: free all args on make_arg_list()'s error path - BUG/MINOR: cfgcond: revisit the condition freeing mechanism to avoid a leak - MEDIUM: proxy: remove long-broken 'option http_proxy' - CLEANUP: http_ana: Remove now unused label from http_process_request() - MINOR: deinit: always deinit the init_mutex on failed initialization - BUG/MEDIUM: cfgcond: limit recursion level in the condition expression parser - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUILD/MINOR: memprof fix macOs build. - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request - BUG/MINOR: stats: Add missing agent stats on servers - BUG/MINOR: check: fix the condition to validate a port-less server - BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree - MINOR: ssl: use __objt_* variant when retrieving counters - BUG/MINOR: systemd: must check the configuration using -Ws - BUG/MINOR: mux-h1: Obey dontlognull option for empty requests - BUG/MINOR: mux-h2: Obey dontlognull option during the preface - BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames - MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT - MINOR: mworker: the mworker CLI proxy is internal - MINOR: stats: don't output internal proxies (PR_CAP_INT) - CLEANUP: mworker: use the proxy helper functions in mworker_cli_proxy_create() - CLEANUP: mworker: PR_CAP already initialized with alloc_new_proxy() - BUG/MINOR: connection: Add missing error labels to conn_err_code_str - MINOR: connection: Add a connection error code sample fetch - MINOR: ssl: Enable error fetches in case of handshake error - MINOR: ssl: Add new ssl_fc_hsk_err sample fetch - MINOR: ssl: Define a default https log format - MEDIUM: connection: Add option to disable legacy error log - REGTESTS: ssl: Add tests for the connection and SSL error fetches - REGTESTS: ssl: ssl_errors.vtc does not work with old openssl version - BUG/MEDIUM: connection: close a rare race between idle conn close and takeover - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before - BUG/MINOR: select: fix excess number of dead/skip reported - BUG/MINOR: poll: fix abnormally high skip_fd counter - BUG/MINOR: pollers: always program an update for migrated FDs - BUG/MINOR: fd: protect fd state harder against a concurrent takeover - DOC: internals: document the FD takeover process - MINOR: fd: update flags only once in fd_update_events() - MINOR: poll/epoll: move detection of RDHUP support earlier - REORG: fd: uninline fd_update_events() - MEDIUM: fd: rely more on fd_update_events() to detect changes - BUG/MINOR: freq_ctr: use stricter barriers between updates and readings - MEDIUM: atomic: simplify the atomic load/store/exchange operations - MEDIUM: atomic: relax the load/store barriers on x86_64 - BUILD: opentracing: fixed build when using pkg-config utility 2021/07/17 : 2.5-dev2 - BUILD/MEDIUM: tcp: set-mark support for OpenBSD - DOC: config: use CREATE USER for mysql-check - BUG/MINOR: stick-table: fix several printf sign errors dumping tables - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - MINOR: stick-table: make skttable_data_cast to use only std types - MEDIUM: stick-table: handle arrays of standard types into stick-tables - MEDIUM: peers: handle arrays of std types in peers protocol - DOC: stick-table: add missing documentation about gpt0 stored type - MEDIUM: stick-table: add the new array of gpt data_type - MEDIUM: stick-table: make the use of 'gpt' excluding the use of 'gpt0' - MEDIUM: stick-table: add the new arrays of gpc and gpc_rate - MEDIUM: stick-table: make the use of 'gpc' excluding the use of 'gpc0/1'' - BUG/MEDIUM: sock: make sure to never miss early connection failures - BUG/MINOR: cli: fix server name output in "show fd" - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" - MEDIUM: stats: include disabled proxies that hold active sessions to stats - BUILD: stick-table: shut up invalid "uninitialized" warning in gcc 8.3 - MINOR: http: implement http_get_scheme - MEDIUM: http: implement scheme-based normalization - MEDIUM: h1-htx: apply scheme-based normalization on h1 requests - MEDIUM: h2: apply scheme-based normalization on h2 requests - REGTESTS: add http scheme-based normalization test - BUILD: http_htx: fix ci compilation error with isdigit for Windows - MINOR: http: implement http uri parser - MINOR: http: use http uri parser for scheme - MINOR: http: use http uri parser for authority - REORG: http_ana: split conditions for monitor-uri in wait for request - MINOR: http: use http uri parser for path - BUG/MEDIUM: http_ana: fix crash for http_proxy mode during uri rewrite - MINOR: mux_h2: define config to disable h2 websocket support - CLEANUP: applet: remove unused thread_mask - BUG/MINOR: ssl: Default-server configuration ignored by server - BUILD: add detection of missing important CFLAGS - BUILD: lua: silence a build warning with TCC - MINOR: srv: extract tracking server config function - MINOR: srv: do not allow to track a dynamic server - MEDIUM: server: support track keyword for dynamic servers - REGTESTS: test track support for dynamic servers - MINOR: init: verify that there is a single word on "-cc" - MINOR: init: make -cc support environment variables expansion - MINOR: arg: add a free_args() function to free an args array - CLEANUP: config: use free_args() to release args array in cfg_eval_condition() - CLEANUP: hlua: use free_args() to release args arrays - REORG: config: move the condition preprocessing code to its own file - MINOR: cfgcond: start to split the condition parser to introduce terms - MEDIUM: cfgcond: report invalid trailing chars after expressions - MINOR: cfgcond: remerge all arguments into a single line - MINOR: cfgcond: support negating conditional expressions - MINOR: cfgcond: make the conditional term parser automatically allocate nodes - MINOR: cfgcond: insert an expression between the condition and the term - MINOR: cfgcond: support terms made of parenthesis around expressions - REGTEST: make check_condition.vtc fail as soon as possible - REGTESTS: add more complex check conditions to check_conditions.vtc - BUG/MEDIUM: init: restore behavior of command-line "-m" for memory limitation 2021/06/30 : 2.5-dev1 - CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c - MINOR: ssl: Allow duplicated entries in the cafile_tree - MEDIUM: ssl: Chain ckch instances in ca-file entries - MINOR: ssl: Add reference to default ckch instance in bind_conf - MINOR: ssl: Add helper functions to create/delete cafile entries - MEDIUM: ssl: Add a way to load a ca-file content from memory - MINOR: ssl: Add helper function to add cafile entries - MINOR: ssl: Ckch instance rebuild and cleanup factorization in CLI handler - MEDIUM: ssl: Add "set+commit ssl ca-file" CLI commands - REGTESTS: ssl: Add new ca-file update tests - MINOR: ssl: Add "abort ssl ca-file" CLI command - MINOR: ssl: Add a cafile_entry type field - MINOR: ssl: Refactorize the "show certificate details" code - MEDIUM: ssl: Add "show ssl ca-file" CLI command - MEDIUM: ssl: Add "new ssl ca-file" CLI command - MINOR: ssl: Add "del ssl ca-file" CLI command - REGTESTS: ssl: Add "new/del ssl ca-file" tests - DOC: ssl: Add documentation about CA file hot update commands - DOC: internals: update the SSL architecture schema - MINOR: ssl: Chain instances in ca-file entries - MEDIUM: ssl: Add "set+commit ssl crl-file" CLI commands - MEDIUM: ssl: Add "new+del crl-file" CLI commands - MINOR: ssl: Add "abort ssl crl-file" CLI command - MEDIUM: ssl: Add "show ssl crl-file" CLI command - REGTESTS: ssl: Add "new/del ssl crl-file" tests - REGTESTS: ssl: Add "set/commit ssl crl-file" test - DOC: ssl: Add documentation about CRL file hot update commands - BUILD/MINOR: ssl: Fix compilation with SSL enabled - BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 - CI: introduce scripts/build-vtest.sh for installing VTest - CLEANUP: ssl: Fix coverity issues found in CA file hot update code - CI: github actions: add OpenTracing builds - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUILD/MINOR: opentracing: fixed build when using clang - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response - MINOR: map/acl: print the count of all the map/acl entries in "show map/acl" - CLEANUP: pattern: remove export of non-existent function pattern_delete() - MINOR: h1-htx: Update h1 parsing functions to return result as a size_t - MEDIUM: h1-htx: Adapt H1 data parsing to copy wrapping data in one call - MINOR: mux-h1/mux-fcgi: Don't needlessly loop on data parsing - MINOR: h1-htx: Move HTTP chunks parsing into a dedicated function - MEDIUM: h1-htx: Split function to parse a chunk and the loop on the buffer - MEDIUM: h1-htx: Add a function to parse contiguous small chunks - MINOR: h1-htx: Use a correlation table to speed-up small chunks parsing - MINOR: buf: Add function to realign a buffer with a specific head position - MINOR: muxes/h1-htx: Realign input buffer using b_slow_realign_ofs() - CLEANUP: mux-h1: Rename functions parsing input buf and filling output buf - Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers" - BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts - MINOR: http-ana: Perform L7 retries because of status codes in response analyser - MINOR: cfgparse: Fail when encountering extra arguments in macro - DOC: intro: Fix typo in starter guide - BUG/MINOR: server: Missing calloc return value check in srv_parse_source - BUG/MINOR: peers: Missing calloc return value check in peers_register_table - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule - BUG/MINOR: http: Missing calloc return value check in make_arg_list - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree - CLEANUP: http-ana: Remove useless if statement about L7 retries - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry - MINOR: backend: Don't release SI endpoint anymore in connect_server() - BUG/MINOR: vars: Be sure to have a session to get checks variables - DOC/MINOR: move uuid in the configuration to the right alphabetical order - CLEANUP: mux-fcgi: Don't needlessly store result of data/trailers parsing - BUILD: fix compilation for OpenSSL-3.0.0-alpha17 - MINOR: http-ana: Use -1 status for client aborts during queuing and connect - REGTESTS: Fix http_abortonclose.vtc to support -1 status for some client aborts - CLEANUP: backend: fix incorrect comments on locking conditions for lb functions - CLEANUP: reg-tests: Remove obsolete no-htx parameter for reg-tests - CI: github actions: add OpenSSL-3.0.0 builds - CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 - MINOR: errors: allow empty va_args for diag variadic macro - REORG: errors: split errors reporting function from log.c - CLEANUP: server: fix cosmetic of error message on sni parsing - MEDIUM: errors: implement user messages buffer - MINOR: log: do not discard stderr when starting is over - MEDIUM: errors: implement parsing context type - MINOR: errors: use user messages context in print_message - MINOR: log: display exec path on first warning - MINOR: errors: specify prefix "config" for parsing output - MINOR: log: define server user message format - REORG: server: use parsing ctx for server parsing - REORG: config: use parsing ctx for server config check - MINOR: server: use parsing ctx for server init addr - MINOR: server: use ha_alert in server parsing functions - DOC: use the req.ssl_sni in examples - CLEANUP: cfgparse: Remove duplication of `MAX_LINE_ARGS + 1` - CLEANUP: tools: Make errptr const in `parse_line()` - MINOR: haproxy: Add `-cc` argument - BUG: errors: remove printf positional args for user messages context - CI: Make matrix.py executable and add shebang - BUILD: make tune.ssl.keylog available again - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode" - BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode - SCRIPTS: opentracing: enable parallel builds in build-ot.sh - BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block - BUG/MEDIUM: compression: Properly get the next block to iterate on payload - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data - MINOR: ssl: Keep the actual key length in the certificate_ocsp structure - MINOR: ssl: Add new "show ssl ocsp-response" CLI command - MINOR: ssl: Add the OCSP entry key when displaying the details of a certificate - MINOR: ssl: Add the "show ssl cert foo.pem.ocsp" CLI command - REGTESTS: ssl: Add "show ssl ocsp-response" test - BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() - BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location - MINOR: pools: do not maintain the lock during pool_flush() - MINOR: pools: call malloc_trim() under thread isolation - MEDIUM: pools: use a single pool_gc() function for locked and lockless - BUG/MAJOR: pools: fix possible race with free() in the lockless variant - CLEANUP: pools: remove now unused seq and pool_free_list - MEDIUM: pools: remove the locked pools implementation - BUILD: ssl: Fix compilation with BoringSSL - BUG/MEDIUM: errors: include missing obj_type file - REGTESTS: ssl: show_ssl_ocspresponce.vtc is broken with BoringSSL - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default - BUG/MINOR: h1-htx: Fix a signess bug with char data type when parsing chunk size - CLEANUP: l7-retries: do not test the buffer before calling b_alloc() - BUG/MINOR: resolvers: answser item list was randomly purged or errors - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record - BUG/MINOR: server-state: load SRV resolution only if params match the config - MINOR: config: remove support for deprecated option "tune.chksize" - MINOR: config: completely remove support for "no option http-use-htx" - MINOR: log: remove the long-deprecated early log-format tags - MINOR: http: remove the long deprecated "set-cookie()" sample fetch function - MINOR: config: reject long-deprecated "option forceclose" - MINOR: config: remove deprecated option "http-tunnel" - MEDIUM: proxy: remove the deprecated "grace" keyword - MAJOR: config: remove parsing of the global "nbproc" directive - BUILD: init: remove initialization of multi-process thread mappings - BUILD: log: remove unused fmt_directive() - REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests - REGTESTS: Remove REQUIRE_VERSION=1.7 from all tests - CI: github actions: enable alpine/musl builds - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs - DOC: lua: Add a warning about buffers modification in HTTP - MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id - BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server' - BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees - BUG/MEDIUM: server: do not forget to generate the dynamic servers ids - BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree - BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MINOR: mworker: fix typo in chroot error message - CLEANUP: global: remove unused definition of stopping_task[] - MEDIUM: init: remove the loop over processes during init - MINOR: mworker: remove the initialization loop over processes - CLEANUP: global: remove the nbproc field from the global structure - CLEANUP: global: remove pid_bit and all_proc_mask - MEDIUM: global: remove dead code from nbproc/bind_proc removal - MEDIUM: config: simplify cpu-map handling - MEDIUM: cpu-set: make the proc a single bit field and not an array - CLEANUP: global: remove unused definition of MAX_PROCS - MEDIUM: global: remove the relative_pid from global and mworker - DOC: update references to process numbers in cpu-map and bind-process - MEDIUM: config: warn about "bind-process" deprecation - CLEANUP: shctx: remove the different inter-process locking techniques - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue - MINOR: backend: only skip LB when there are actual connections - BUG/MINOR: mux-h1: do not skip the error response on bad requests - MINOR: connection: add helper conn_append_debug_info() - MINOR: mux-h2/trace: report a few connection-level info during h2_init() - CLEANUP: mux-h2/traces: better align user messages - BUG/MINOR: stats: make "show stat typed desc" work again - MINOR: mux-h2: obey http-ignore-probes during the preface - BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace - BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces - CLEANUP: assorted typo fixes in the code and comments - CI: Replace the requirement for 'sudo' with a call to 'ulimit -n' - REGTESTS: Replace REQUIRE_VERSION=2.5 with 'haproxy -cc' - REGTESTS: Replace REQUIRE_OPTIONS with 'haproxy -cc' for 2.5+ tests - REGTESTS: Replace REQUIRE_BINARIES with 'command -v' - REGTESTS: Remove support for REQUIRE_BINARIES - CI: ssl: enable parallel builds for OpenSSL on Linux - CI: ssl: do not needlessly build the OpenSSL docs - CI: ssl: keep the old method for ancient OpenSSL versions - CLEANUP: server: a separate function for initializing the per_thr field - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status - BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose - BUG/MINOR: backend: do not set sni on connection reuse - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header - MINOR: ssl: fix typo in usage for 'new ssl ca-file' - MINOR: ssl: always initialize random generator - MINOR: ssl: check allocation in ssl_sock_init_srv - MINOR: ssl: check allocation in parse ciphers/ciphersuites/verifyhost - MINOR: ssl: check allocation in parse npn/sni - MINOR: server: disable CLI 'set server ssl' for dynamic servers - MINOR: ssl: render file-access optional on server crt loading - MINOR: ssl: split parse functions for alpn/check-alpn - MINOR: ssl: support ca-file arg for dynamic servers - MINOR: ssl: support crt arg for dynamic servers - MINOR: ssl: support crl arg for dynamic servers - MINOR: ssl: enable a series of ssl keywords for dynamic servers - MINOR: ssl: support ssl keyword for dynamic servers - REGTESTS: server: test ssl support for dynamic servers - MINOR: queue: update the stream's pend_pos before queuing it - CLEANUP: Prevent channel-t.h from being detected as C++ by GitHub - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check - REGTESTS: fix maxconn update with agent-check - MEDIUM: queue: make pendconn_process_next_strm() only return the pendconn - MINOR: queue: update proxy->served once out of the loop - MEDIUM: queue: refine the locking in process_srv_queue() - MINOR: lb/api: remove the locked argument from take_conn/drop_conn - MINOR: queue: create a new structure type "queue" - MINOR: proxy: replace the pendconns-related stuff with a struct queue - MINOR: server: replace the pendconns-related stuff with a struct queue - MEDIUM: queue: use a dedicated lock for the queues - MEDIUM: queue: simplify again the process_srv_queue() API - MINOR: queue: factor out the proxy/server queuing code - MINOR: queue: use atomic-ops to update the queue's index - MEDIUM: queue: determine in process_srv_queue() if the proxy is usable - MEDIUM: queue: move the queue lock manipulation to pendconn_process_next_strm() - MEDIUM: queue: unlock as soon as possible - MINOR: queue: make pendconn_first() take the lock by itself - CLEANUP: backend: remove impossible case of round-robin + consistent hash - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - DOC: config: Add missing actions in "tcp-request session" documentation - CLEANUP: dns: Remove a forgotten debug message - DOC: Replace issue templates by issue forms - Revert "MINOR: queue: make pendconn_first() take the lock by itself" - Revert "MEDIUM: queue: unlock as soon as possible" - Revert "MEDIUM: queue: move the queue lock manipulation to pendconn_process_next_strm()" - Revert "MEDIUM: queue: determine in process_srv_queue() if the proxy is usable" - Revert "MINOR: queue: use atomic-ops to update the queue's index" - Revert "MINOR: queue: factor out the proxy/server queuing code" - Revert "MEDIUM: queue: simplify again the process_srv_queue() API" - Revert "MEDIUM: queue: use a dedicated lock for the queues" - Revert "MEDIUM: queue: refine the locking in process_srv_queue()" - Revert "MINOR: queue: update proxy->served once out of the loop" - Revert "MEDIUM: queue: make pendconn_process_next_strm() only return the pendconn" - MEDIUM: queue: update px->served and lb's take_conn once per loop - MEDIUM: queue: use a dedicated lock for the queues (v2) - MEDIUM: queue: simplify again the process_srv_queue() API (v2) - MEDIUM: queue: determine in process_srv_queue() if the proxy is usable (v2) - MINOR: queue: factor out the proxy/server queuing code (v2) - MINOR: queue: use atomic-ops to update the queue's index (v2) - MEDIUM: queue: take the proxy lock only during the px queue accesses - MEDIUM: queue: use a trylock on the server's queue - MINOR: queue: add queue_init() to initialize a queue - MINOR: queue: add a pointer to the server and the proxy in the queue - MINOR: queue: store a pointer to the queue into the pendconn - MINOR: queue: remove the px/srv fields from pendconn - MINOR: queue: simplify pendconn_unlink() regarding srv vs px - BUG: backend: stop looking for queued connections once there's no more - BUG/MINOR: queue/debug: use the correct lock labels on the queue lock - BUG/MINOR: resolvers: Always attach server on matching record on resolution - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() - BUG/MINOR: checks: return correct error code for srv_parse_agent_check - BUILD: Makefile: fix linkage for Haiku. - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules - MINOR: http-act/tcp-act: Add "set-log-level" for tcp content rules - MINOR: http-act/tcp-act: Add "set-nice" for tcp content rules - MINOR: http-act/tcp-act: Add "set-mark" and "set-tos" for tcp content rules - CLEANUP: tcp-act: Sort action lists - BUILD/MEDIUM: tcp: set-mark setting support for FreeBSD. - BUILD: tcp-act: avoid warning when set-mark / set-tos are not supported - BUG/MINOR: mqtt: Fix parser for string with more than 127 characters - BUG/MINOR: mqtt: Support empty client ID in CONNECT message - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution - CLEANUP: peers: re-write intdecode function comment. 2021/05/14 : 2.5-dev0 - MINOR: version: it's development again 2021/05/14 : 2.4.0 - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port - CLEANUP: cli/activity: Remove double spacing in set profiling command - CI: Build VTest with clang - CI: extend spellchecker whitelist, add "ists" as well - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: memprof: properly account for differences for realloc() - MINOR: memprof: also report the method used by each call - MINOR: memprof: also report the totals and delta alloc-free - CLEANUP: pattern: remove the unused and dangerous pat_ref_reload() - BUG/MINOR: http_act: Fix normalizer names in error messages - MINOR: uri_normalizer: Add `fragment-strip` normalizer - MINOR: uri_normalizer: Add `fragment-encode` normalizer - IMPORT: slz: use the generic function for the last bytes of the crc32 - IMPORT: slz: do not produce the crc32_fast table when CRC is natively supported - BUILD/MINOR: opentracing: fixed compilation with filter enabled - BUILD: makefile: add a few popular ARMv8 CPU targets - BUG/MEDIUM: stick_table: fix crash when using tcp smp_fetch_src - REGTESTS: stick-table: add src_conn_rate test - CLEANUP: stick-table: remove a leftover of an old keyword declaration - BUG/MINOR: stats: fix lastchk metric that got accidently lost - EXAMPLES: add a "basic-config-edge" example config - EXAMPLES: add a trivial config for quick testing - DOC: management: Correct example reload command in the document - Revert "CI: Build VTest with clang" - MINOR: activity/cli: optionally support sorting by address on "show profiling" - DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling - BUG/MINOR: lua/vars: prevent get_var() from allocating a new name - DOC: config: Fix configuration example for mqtt - BUG/MAJOR: config: properly initialize cpu_map.thread[] up to MAX_THREADS - BUILD: config: avoid a build warning on numa_detect_topology() without threads - DOC: update min requirements in INSTALL - IMPORT: slz: use inttypes.h instead of stdint.h - BUILD: sample: use strtoll() instead of atoll() - MINOR: version: mention that it's LTS now. 2021/05/10 : 2.4-dev19 - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - BUG/MEDIUM: cli: prevent memory leak on write errors - BUG/MINOR: ssl/cli: fix a lock leak when no memory available - MINOR: debug: add a new "debug dev sym" command in expert mode - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS - CI: Github Actions: switch to LibreSSL-3.3.3 - MINOR: srv: close all idle connections on shutdown - MINOR: connection: move session_list member in a union - MEDIUM: mux_h1: release idling frontend conns on soft-stop - MEDIUM: connection: close front idling connection on soft-stop - MINOR: tools: add functions to retrieve the address of a symbol - CLEANUP: activity: mark the profiling and task_profiling_mask __read_mostly - MINOR: activity: add a "memory" entry to "profiling" - MINOR: activity: declare the storage for memory usage statistics - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING - MINOR: activity: clean up the show profiling io_handler a little bit - MINOR: activity: make "show profiling" support a few arguments - MINOR: activity: make "show profiling" also dump the memoery usage - MINOR: activity: add the profiling.memory global setting - BUILD: makefile: add new option USE_MEMORY_PROFILING - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set - MEDIUM: mux-h1: Don't block reads when waiting for the other side - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set - REGTESTS: Add script to test abortonclose option - MINOR: mux-h1: clean up conditions to enabled and disabled splicing - MINOR: mux-h1: Subscribe for sends if output buffer is not empty in h1_snd_pipe - MINOR: mux-h1: Always subscribe for reads when splicing is disabled - MEDIUM: mux-h1: Wake H1 stream when both sides a synchronized - CLEANUP: mux-h1: rename WAIT_INPUT/WAIT_OUTPUT flags - MINOR: mux-h1: Manage processing blocking flags on the H1 stream - BUG/MINOR: stream: Decrement server current session counter on L7 retry - BUG/MINOR: config: fix uninitialized initial state in ".if" block evaluator - BUG/MINOR: config: add a missing "ELIF_TAKE" test for ".elif" condition evaluator - BUG/MINOR: config: .if/.elif should also accept negative integers - MINOR: config: centralize the ".if"/".elif" condition parser and evaluator - MINOR: config: keep up-to-date current file/line/section in the global struct - MINOR: config: support some pseudo-variables for file/line/section - BUILD: activity: do not include malloc.h - MINOR: arg: improve the error message on missing closing parenthesis - MINOR: global: export the build features string list - MINOR: global: add version comparison functions - MINOR: config: improve .if condition error reporting - MINOR: config: make cfg_eval_condition() support predicates with arguments - MINOR: config: add predicate "defined()" to conditional expression blocks - MINOR: config: add predicates "streq()" and "strneq()" to conditional expressions - MINOR: config: add predicate "feature" to detect certain built-in features - MINOR: config: add predicates "version_atleast" and "version_before" to cond blocks - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc() - BUG/MINOR: stream: properly clear the previous error mask on L7 retries - MEDIUM: log: slightly refine the output format of alerts/warnings/etc - MINOR: config: add a new message directive: .diag - CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set - MINOR: global: define tainted flag - MINOR: cfgparse: add a new field flags in cfg_keyword - MINOR: cfgparse: implement experimental config keywords - MINOR: action: replace match_pfx by a keyword flags field - MINOR: action: implement experimental actions - MINOR: cli: set tainted when using CLI expert/experimental mode - MINOR: stats: report tainted on show info - MINOR: http_act: mark normalize-uri as experimental - BUILD: fix usage of ha_alert without format string - MINOR: proxy: define PR_CAP_LB - BUG/MINOR: server: do not report diag for peer servers with null weight - DOC: ssl: Extra files loading now works for backends too - ADDONS: make addons/ discoverable by git via .gitignore - DOC: ssl: Add information about crl-file option - MINOR: sample: improve error reporting on missing arg to strcmp() converter - DOC: management: mention that some fields may be emitted as floats - MINOR: tools: implement trimming of floating point numbers - MINOR: tools: add a float-to-ascii conversion function - MINOR: freq_ctr: add new functions to report float measurements - MINOR: stats: avoid excessive padding of float values with trailing zeroes - MINOR: stats: add the HTML conversion for float types - MINOR: stats: pass the appctx flags to stats_fill_info() - MINOR: stats: support an optional "float" option to "show info" - MINOR: stats: use tv_remain() to precisely compute the uptime - MINOR: stats: report uptime and start time as floats with subsecond resolution - MINOR: stats: make "show info" able to report rates as floats when asked - MINOR: config: mark tune.fd.edge-triggered as experimental - REORG: vars: move the "proc" scope variables out of the global struct - REORG: threads: move all_thread_mask() to thread.h - BUILD: wdt: include signal-t.h - BUILD: auth: include missing list.h - REORG: mworker: move proc_self from global to mworker - BUILD: ssl: ssl_utils requires chunk.h - BUILD: config: cfgparse-ssl.c needs tools.h - BUILD: wurfl: wurfl.c needs tools.h - BUILD: spoe: flt_spoe.c needs tools.h - BUILD: promex: service-prometheus.c needs tools.h - BUILD: resolvers: include tools.h - BUILD: config: include tools.h in cfgparse-listen.c - BUILD: htx: include tools.h in http_htx.c - BUILD: proxy: include tools.h in proxy.c - BUILD: session: include tools.h in session.c - BUILD: cache: include tools.h in cache.c - BUILD: sink: include tools.h in sink.c - BUILD: connection: include tools.h in connection.c - BUILD: server-state: include tools.h from server_state.c - BUILD: dns: include tools.h in dns.c - BUILD: payload: include tools.h in payload.c - BUILD: vars: include tools.h in vars.c - BUILD: compression: include tools.h in compression.c - BUILD: mworker: include tools.h from mworker.c - BUILD: queue: include tools.h from queue.c - BUILD: udp: include tools.h from proto_udp.c - BUILD: stick-table: include freq_ctr.h from stick_table.h - BUILD: server: include tools.h from server.c - BUILD: server: include missing proxy.h in server.c - BUILD: sink: include proxy.h in sink.c - BUILD: mworker: include proxy.h in mworker.c - BUILD: filters: include proxy.h in filters.c - BUILD: fcgi-app: include proxy.h in fcgi-app.c - BUILD: connection: move list_mux_proto() to connection.c - REORG: stick-table: uninline stktable_alloc_data_type() - REORG: stick-table: move composite address functions to stick_table.h - REORG: config: uninline warnifnotcap() and failifnotcap() - BUILD: task: remove unused includes from task.c - MINOR: task: stop including stream.h from task.c - BUILD: connection: stop including listener-t.h - BUILD: hlua: include proxy.h from hlua.c - BUILD: mux-h1: include proxy.h from mux-h1.c - BUILD: mux-fcgi: include proxy.h from mux-fcgi.c - BUILD: listener: include proxy.h from listener.c - BUILD: http-rules: include proxy.h from http_rules.c - BUILD: thread: include log.h from thread.c - BUILD: comp: include proxy.h from flt_http_comp.c - BUILD: fd: include log.h from fd.c - BUILD: config: do not include proxy.h nor errors.h anymore in cfgparse.h - BUILD: makefile: reorder object files by build time - DOC: Fix a few grammar/spelling issues and casing of HAProxy - REGTESTS: run-regtests: match both "HAProxy" and "HA-Proxy" in the version - MINOR: version: report "HAProxy" not "HA-Proxy" in the version output - DOC: remove last occurrences of "HA-Proxy" syntax - DOC: peers: fix the protocol tag name in the doc - ADMIN: netsnmp: report "HAProxy" and not "Haproxy" in output descriptions - MEDIUM: mailers: use "HAProxy" nor "HAproxy" in the subject of messages - DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments - MINOR: tools/rnd: compute the result outside of the CAS loop - BUILD: http_fetch: address a few aliasing warnings with older compilers - BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version - BUILD: errors: include stdarg in errors.h - REGTESTS: disable inter-thread idle connection sharing on sensitive tests - MINOR: cli: make "help" support a command in argument - MINOR: cli: sort the output of the "help" keywords - CLEANUP: cli/mworker: properly align the help messages - BUILD: memprof: make the old caller pointer a const in get_prof_bin() - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD - CI: Github Actions: enable USE_QUIC=1 for BoringSSL builds - BUG/MEDIUM: quic: fix null deref on error path in qc_conn_init() - BUILD: cli: appease a null-deref warning in cli_gen_usage_msg() 2021/05/01 : 2.4-dev18 - DOC: Fix indentation for `path-strip-dot` normalizer - DOC: Fix RFC reference for the percent-to-uppercase normalizer - DOC: Add RFC references for the path-strip-dot(dot)? normalizers - MINOR: uri_normalizer: Add a `percent-decode-unreserved` normalizer - BUG/MINOR: mux-fcgi: Don't send normalized uri to FCGI application - REORG: htx: Inline htx functions to add HTX blocks in a message - CLEANUP: assorted typo fixes in the code and comments - DOC: general: fix white spaces for HTML converter - BUG/MINOR: ssl: ssl_sock_prepare_ssl_ctx does not return an error code - BUG/MINOR: cpuset: move include guard at the very beginning - BUG/MAJOR: fix build on musl with cpu_set_t support - BUG/MEDIUM: cpuset: fix build on MacOS - BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message - MEDIUM: htx: Refactor htx_xfer_blks() to not rely on hdrs_bytes field - CLEANUP: htx: Remove unsued hdrs_bytes field from the HTX start-line - BUG/MINOR: mux-h2: Don't encroach on the reserve when decoding headers - MEDIUM: http-ana: handle read error on server side if waiting for response - MINOR: htx: Limit length of headers name/value when a HTX message is dumped - BUG/MINOR: applet: Notify the other side if data were consumed by an applet - BUG/MINOR: hlua: Don't consume headers when starting an HTTP lua service - BUG/MEDIUM: mux-h2: Handle EOM flag when sending a DATA frame with zero-copy - CLEANUP: channel: No longer notify the producer in co_skip()/co_htx_skip() - DOC: general: fix example in set-timeout - CLEANUP: cfgparse: de-uglify early file error handling in readcfgfile() - MINOR: config: add a new "default-path" global directive - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected - BUG/MEDIUM: peers: reset commitupdate value in new conns - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly - BUG/MEDIUM: peers: reset tables stage flags stages on new conns - MINOR: peers: add informative flags about resync process for debugging - BUG/MEDIUM: time: fix updating of global_now upon clock drift - CLEANUP: freq_ctr: make arguments of freq_ctr_total() const - CLEANUP: hlua: rename hlua_appctx* appctx to luactx - MINOR: server: fix doc/trace on lb algo for dynamic server creation - REGTESTS: server: fix cli_add_server due to previous trace update - REGTESTS: add minimal CLI "add map" tests - DOC: management: move "set var" to the proper place - CLEANUP: map: slightly reorder the add map function - MINOR: map: get rid of map_add_key_value() - MINOR: map: show the current and next pattern version in "show map" - MINOR: map/acl: add the possibility to specify the version in "show map/acl" - MINOR: pattern: support purging arbitrary ranges of generations - MINOR: map/acl: add the possibility to specify the version in "clear map/acl" - MINOR: map/acl: add the "prepare map/acl" CLI command - MINOR: map/acl: add the "commit map/acl" CLI command - MINOR: map/acl: make "add map/acl" support an optional version number - CLEANUP: map/cli: properly align the map/acl help - BUILD: compiler: do not use already defined __read_mostly on dragonfly 2021/04/23 : 2.4-dev17 - MINOIR: mux-pt/trace: Register a new trace source with its events - BUG/MINOR: mux-pt: Fix a possible UAF because of traces in mux_pt_io_cb - CI: travis: Drastically clean up .travis.yml - CLEANUP: pattern: make all pattern tables read-only - MINOR: trace: replace the trace() inline function with an equivalent macro - MINOR: initcall: uniformize the section names between MacOS and other unixes - CLEANUP: initcall: rename HA_SECTION to HA_INIT_SECTION - MINOR: compiler: add macros to declare section names - CLEANUP: initcall: rely on HA_SECTION_* instead of defining its own - MINOR: global: declare a read_mostly section - MINOR: fd: move a few read-mostly variables to their own section - MINOR: epoll: move epoll_fd to read_mostly - MINOR: kqueue: move kqueue_fd to read_mostly - MINOR: pool: move pool declarations to read_mostly - MINOR: threads: mark all_threads_mask as read_mostly - MINOR: server: move idle_conn_task to read_mostly - MINOR: protocol: move __protocol_by_family to read_mostly - MINOR: pattern: make the pat_lru_seed read_mostly - MINOR: trace: make trace sources read_mostly - MINOR: freq_ctr: add a generic function to report the total value - MEDIUM: freq_ctr: make read_freq_ctr_period() use freq_ctr_total() - MEDIUM: freq_ctr: reimplement freq_ctr_remain_period() from freq_ctr_total() - MINOR: freq_ctr: add the missing next_event_delay_period() - MINOR: freq_ctr: unify freq_ctr and freq_ctr_period into freq_ctr - MEDIUM: freq_ctr: replace the per-second counters with the generic ones - MINOR: freq_ctr: add cpu_relax in the rotation loop of update_freq_ctr_period() - MINOR: freq_ctr: simplify and improve the update function - CLEANUP: time: remove the now unused ms_left_scaled - MINOR: time: move the time initialization out of tv_update_date() - MINOR: time: remove useless variable copies in tv_update_date() - MINOR: time: change the global timeval and the the global tick at once - MEDIUM: time: make the clock offset global and no per-thread - MINOR: atomic: reimplement the relaxed version of x86 BTS/BTR - MINOR: trace: Add the checks as a possible trace source - MINOIR: checks/trace: Register a new trace source with its events - MINOR: hlua: Add function to release a lua function - BUG/MINOR: hlua: Fix memory leaks on error path when registering a task - BUG/MINOR: hlua: Fix memory leaks on error path when registering a converter - BUG/MINOR: hlua: Fix memory leaks on error path when registering a fetch - BUG/MINOR: hlua: Fix memory leaks on error path when parsing a lua action - BUG/MINOR: hlua: Fix memory leaks on error path when registering an action - BUG/MINOR: hlua: Fix memory leaks on error path when registering a service - BUG/MINOR: hlua: Fix memory leaks on error path when registering a cli keyword - BUG/MINOR: cfgparse/proxy: Fix some leaks during proxy section parsing - BUG/MINOR: listener: Handle allocation error when allocating a new bind_conf - BUG/MINOR: cfgparse/proxy: Hande allocation errors during proxy section parsing - MINOR: cfgparse/proxy: Group alloc error handling during proxy section parsing - DOC: internals: update the SSL architecture schema - BUG/MEDIUM: sample: Fix adjusting size in field converter - MINOR: sample: add ub64dec and ub64enc converters - CLEANUP: sample: align samples list in sample.c - MINOR: ist: Add `istclear(struct ist*)` - CI: cirrus: install "pcre" package - MINOR: opentracing: correct calculation of the number of arguments in the args[] - MINOR: opentracing: transfer of context names without prefix - MINOR: sample: converter: Add mjson library. - MINOR: sample: converter: Add json_query converter - CI: travis-ci: enable weekly graviton2 builds - DOC: ssl: Certificate hot update only works on fronted certificates - DOC: ssl: Certificate hot update works on server certificates - BUG/MEDIUM: threads: Ignore current thread to end its harmless period - MINOR: threads: Only consider running threads to end a thread harmeless period - BUG/MINOR: checks: Set missing id to the dummy checks frontend - MINOR: logs: Add support of checks as session origin to format lf strings - BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections - MINOR: connection: Make bc_http_major compatible with tcp-checks - BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check - BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded - MINOR: tcp_samples: Add samples to get src/dst info of the backend connection - MINOR: tcp_samples: Be able to call bc_src/bc_dst from the health-checks - BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function - BUG/MINOR: logs: Report the true number of retries if there was no connection - BUILD: makefile: Redirect stderr to /dev/null when probing options - MINOR: uri_normalizer: Add uri_normalizer module - MINOR: uri_normalizer: Add `enum uri_normalizer_err` - MINOR: uri_normalizer: Add `http-request normalize-uri` - MINOR: uri_normalizer: Add a `merge-slashes` normalizer to http-request normalize-uri - MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri - MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer - MINOR: uri_normalizer: Add a `sort-query` normalizer - MINOR: uri_normalizer: Add a `percent-upper` normalizer - MEDIUM: http_act: Rename uri-normalizers - DOC: Add introduction to http-request normalize-uri - DOC: Note that URI normalization is experimental - BUG/MINOR: pools: maintain consistent ->allocated count on alloc failures - BUG/MINOR: pools/buffers: make sure to always reserve the required buffers - MINOR: pools: drop the unused static history of artificially failed allocs - CLEANUP: pools: remove unused arguments to pool_evict_from_cache() - MEDIUM: pools: move the cache into the pool header - MINOR: pool: remove the size field from pool_cache_head - MINOR: pools: rename CONFIG_HAP_LOCAL_POOLS to CONFIG_HAP_POOLS - MINOR: pools: enable the fault injector in all allocation modes - MINOR: pools: make the basic pool_refill_alloc()/pool_free() update needed_avg - MEDIUM: pools: unify pool_refill_alloc() across all models - CLEANUP: pools: re-merge pool_refill_alloc() and __pool_refill_alloc() - MINOR: pools: call pool_alloc_nocache() out of the pool's lock - CLEANUP: pools: move the lock to the only __pool_get_first() that needs it - CLEANUP: pools: rename __pool_get_first() to pool_get_from_shared_cache() - CLEANUP: pools: rename pool_*_{from,to}_cache() to *_local_cache() - CLEANUP: pools: rename __pool_free() to pool_put_to_shared_cache() - MINOR: tools: add statistical_prng_range() to get a random number over a range - MINOR: pools: use cheaper randoms for fault injections - MINOR: pools: move the fault injector to __pool_alloc() - MINOR: pools: split the OS-based allocator in two - MINOR: pools: always use atomic ops to maintain counters - MINOR: pools: move pool_free_area() out of the lock in the locked version - MINOR: pools: factor the release code into pool_put_to_os() - MEDIUM: pools: make CONFIG_HAP_POOLS control both local and shared pools - MINOR: pools: create unified pool_{get_from,put_to}_cache() - MINOR: pools: evict excess objects using pool_evict_from_local_cache() - MEDIUM: pools: make pool_put_to_cache() always call pool_put_to_local_cache() - CLEANUP: pools: make the local cache allocator fall back to the shared cache - CLEANUP: pools: merge pool_{get_from,put_to}_local_caches with generic ones - CLEANUP: pools: uninline pool_put_to_cache() - CLEANUP: pools: declare dummy pool functions to remove some ifdefs - BUILD: pools: fix build with DEBUG_FAIL_ALLOC - BUG/MINOR: server: make srv_alloc_lb() allocate lb_nodes for consistent hash - CONTRIB: mod_defender: import the minimal number of includes - CONTRIB: mod_defender: make the code build with the embedded includes - CONTRIB: modsecurity: import the minimal number of includes - CONTRIB: modsecurity: make the code build with the embedded includes - CLEANUP: sample: Improve local variables in sample_conv_json_query - CLEANUP: sample: Explicitly handle all possible enum values from mjson - CLEANUP: sample: Use explicit return for successful `json_query`s - CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion - CONTRIB: move spoa_example out of the tree - BUG/MINOR: server: free srv.lb_nodes in free_server - BUG/MINOR: logs: free logsrv.conf.file on exit - BUG/MEDIUM: server: ensure thread-safety of server runtime creation - MINOR: server: add log on dynamic server creation - MINOR: server: implement delete server cli command - CONTRIB: move spoa_server out of the tree - CONTRIB: move modsecurity out of the tree - BUG/MINOR: server: fix potential null gcc error in delete server - BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers - BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames - BUG/MINOR: uri_normalizer: Use delim parameter when building the sorted query in uri_normalizer_query_sort - CLEANUP: uri_normalizer: Remove trailing whitespace - MINOR: uri_normalizer: Add a `strip-dot` normalizer - CONTRIB: move mod_defender out of the tree - CLEANUP: contrib: remove the last references to the now dead contrib/ directory - BUG/MEDIUM: config: fix cpu-map notation with both process and threads - MINOR: config: add a diag for invalid cpu-map statement - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases - BUG/MINOR: mworker: don't use oldpids[] anymore for reload - BUILD: makefile: fix the "make clean" target on strict bourne shells - IMPORT: slz: import slz into the tree - BUILD: compression: switch SLZ from out-of-tree to in-tree - CI: github: do not build libslz any more - CLEANUP: compression: remove calls to SLZ init functions - BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data - MINOR: cpuset: define a platform-independent cpuset type - MINOR: cfgparse: use hap_cpuset for parse_cpu_set - MEDIUM: config: use platform independent type hap_cpuset for cpu-map - MINOR: thread: implement the detection of forced cpu affinity - MINOR: cfgparse: support the comma separator on parse_cpu_set - MEDIUM: cfgparse: detect numa and set affinity if needed - MINOR: global: add option to disable numa detection - BUG/MINOR: haproxy: fix compilation on macOS - BUG/MINOR: cpuset: fix compilation on platform without cpu affinity - MINOR: time: avoid unneeded updates to now_offset - MINOR: time: avoid overwriting the same values of global_now - CLEANUP: time: use __tv_to_ms() in tv_update_date() instead of open-coding - MINOR: time: avoid u64 needlessly expensive computations for the 32-bit now_ms - BUG/MINOR: peers: remove useless table check if initial resync is finished - BUG/MEDIUM: peers: re-work connection to new process during reload. - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush - BUG/MEDIUM: config: fix missing initialization in numa_detect_topology() 2021/04/09 : 2.4-dev16 - CLEANUP: dev/flags: remove useless test in the stdin number parser - MINOR: No longer rely on deprecated sample fetches for predefined ACLs - MINOR: acl: Add HTTP_2.0 predefined macro - BUG/MINOR: hlua: Detect end of request when reading data for an HTTP applet - BUG/MINOR: tools: fix parsing "us" unit for timers - MINOR: server/bind: add support of new prefixes for addresses. - MINOR: log: register config file and line number on log servers. - MEDIUM: log: support tcp or stream addresses on log lines. - BUG/MEDIUM: log: fix config parse error logging on stdout/stderr or any raw fd - CLEANUP: fd: remove FD_POLL_DATA and FD_POLL_STICKY - MEDIUM: fd: prepare FD_POLL_* to move to bits 8-15 - MEDIUM: fd: merge fdtab[].ev and state for FD_EV_* and FD_POLL_* into state - MINOR: fd: move .linger_risk into fdtab[].state - MINOR: fd: move .cloned into fdtab[].state - MINOR: fd: move .initialized into fdtab[].state - MINOR: fd: move .et_possible into fdtab[].state - MINOR: fd: move .exported into fdtab[].state - MINOR: fd: implement an exclusive syscall bit to remove the ugly "log" lock - MINOR: cli/show-fd: slightly reorganize the FD status flags - MINOR: atomic/arm64: detect and use builtins for the double-word CAS - CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or - CLEANUP: atomic: make all standard add/or/and/sub operations return void - CLEANUP: atomic: add a fetch-and-xxx variant for common operations - CLEANUP: atomic: add HA_ATOMIC_INC/DEC for unit increments - CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec - CLEANUP: atomic: use the __atomic variant of BTS/BTR on modern compilers - MINOR: atomic: implement native BTS/BTR for x86 - MINOR: ist: Add `istappend(struct ist, char)` - MINOR: ist: Add `istshift(struct ist*)` - MINOR: ist: Add `istsplit(struct ist*, char)` - BUG/MAJOR: fd: switch temp values to uint in fd_stop_both() - MINOR: opentracing: register config file and line number on log servers - MEDIUM: resolvers: add support of tcp address on nameserver line. - MINOR: ist: Rename istappend() to __istappend() - CLEANUP: htx: Make http_get_stline take a `const struct` - CLEANUP: ist: Remove unused `count` argument from `ist2str*` - CLEANUP: Remove useless malloc() casts 2021/04/02 : 2.4-dev15 - BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv - BUG/MINOR: stats: Apply proper styles in HTML status page. - BUG/MEDIUM: time: make sure to always initialize the global tick - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS - CLEANUP: socket: replace SOL_IP/IPV6/TCP with IPPROTO_IP/IPV6/TCP - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields - BUG/MINOR: mux-h2: Don't emit log twice if an error occurred on the preface - MINOR: stream: Don't trigger errors on destructive HTTP upgrades - MINOR: frontend: Create HTTP txn for HTX streams - MINOR: stream: Be sure to set HTTP analysers when creating an HTX stream - BUG/MINOR: stream: Properly handle TCP>H1>H2 upgrades in http_wait_for_request - BUG/MINOR: config: Add warning for http-after-response rules in TCP mode - MINOR: muxes: Add a flag to notify a mux does not support any upgrade - MINOR: mux-h1: Don't perform implicit HTTP/2 upgrade if not supported by mux - MINOR: mux-pt: Don't perform implicit HTTP upgrade if not supported by mux - MEDIUM: mux-h1: Expose h1 in the list of supported mux protocols - MEDIUM: mux-pt: Expose passthrough in the list of supported mux protocols - MINOR: muxes: Show muxes flags when the mux list is displayed - DOC: config: Improve documentation about proto/check-proto keywords - MINOR: stream: Use stream type instead of proxy mode when appropriate - MINOR: filters/http-ana: Decide to filter HTTP headers in HTTP analysers - MINOR: http-ana: Simplify creation/destruction of HTTP transactions - MINOR: stream: Handle stream HTTP upgrade in a dedicated function - MEDIUM: Add tcp-request switch-mode action to perform HTTP upgrade - MINOR: config/proxy: Don't warn for HTTP rules in TCP if 'switch-mode http' set - MINOR: config/proxy: Warn if a TCP proxy without backend is upgradable to HTTP - DOC: config: Add documentation about TCP to HTTP upgrades - REGTESTS: Add script to tests TCP to HTTP upgrades - BUG/MINOR: payload/htx: Ingore L6 sample fetches for HTX streams/checks - MINOR: htx: Make internal.strm.is_htx an internal sample fetch - MINOR: action: Use a generic function to check validity of an action rule list - MINOR: payload/config: Warn if a L6 sample fetch is used from an HTTP proxy - MEDIUM: http-rules: Add wait-for-body action on request and response side - REGTESTS: Add script to tests the wait-for-body HTTP action - BUG/MINOR: http-fetch: Fix test on message state to capture the version - CLEANUP: vars: always pre-initialize smp in vars_parse_cli_get_var() - MINOR: global: define diagnostic mode of execution - MINOR: cfgparse: diag for multiple nbthread statements - MINOR: server: diag for 0 weight server - MINOR: diag: create cfgdiag module - MINOR: diag: diag if servers use the same cookie value - MINOR: config: diag if global section after non-global - TESTS: slightly reorganize the code in the tests/ directory - TESTS: move tests/*.cfg to tests/config - REGTESTS: ssl: "set ssl cert" and multi-certificates bundle - REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken - CONTRIB: halog: fix issue with array of type char - CONTRIB: tcploop: add a shutr command - CONTRIB: debug: add the show-fd-to-flags script - CONTRIB: debug: split poll from flags - CONTRIB: move some dev-specific tools to dev/ - BUILD: makefile: always build the flags utility - DEV: flags: replace the unneeded makefile with a README - BUILD: makefile: integrate the hpack tools - CONTRIB: merge ip6range with iprange - CONTRIB: move some admin-related sub-projects to admin/ - CONTRIB: move halog to admin/ - ADMIN: halog: automatically enable USE_MEMCHR on the right glibc version - BUILD: makefile: build halog with the correct flags - BUILD: makefile: add a "USE_PROMEX" variable to ease building prometheus-exporter - CONTRIB: move prometheus-exporter to addons/promex - DOC: add a few words about USE_* and the addons directory - CONTRIB: move 51Degrees to addons/51degrees - CONTRIB: move src/da.c and contrib/deviceatlas to addons/deviceatlas - CONTRIB: move src/wurfl.c and contrib/wurfl to addons/wurfl - CONTRIB: move contrib/opentracing to addons/ot - BUG/MINOR: opentracing: initialization after establishing daemon mode - DOC: clarify that compression works for HTTP/2 2021/03/27 : 2.4-dev14 - MEDIUM: quic: Fix build. - MEDIUM: quic: Fix build. - CI: codespell: whitelist "Dragan Dosen" - CLEANUP: assorted typo fixes in the code and comments - CI: github actions: update LibreSSL to 3.2.5 - REGTESTS: revert workaround for a crash with recent libressl on http-reuse sni - CLEANUP: mark defproxy as const on parse tune.fail-alloc - REGTESTS: remove unneeded experimental-mode in cli add server test - REGTESTS: wait for proper return of enable server in cli add server test - MINOR: compression: use pool_alloc(), not pool_alloc_dirty() - MINOR: spoe: use pool_alloc(), not pool_alloc_dirty() - MINOR: fcgi-app: use pool_alloc(), not pool_alloc_dirty() - MINOR: cache: use pool_alloc(), not pool_alloc_dirty() - MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() - MINOR: opentracing: use pool_alloc(), not pool_alloc_dirty() - MINOR: dynbuf: make b_alloc() always check if the buffer is allocated - CLEANUP: compression: do not test for buffer before calling b_alloc() - CLEANUP: l7-retries: do not test the buffer before calling b_alloc() - MINOR: channel: simplify the channel's buffer allocation - MEDIUM: dynbuf: remove last usages of b_alloc_margin() - CLEANUP: dynbuf: remove b_alloc_margin() - CLEANUP: dynbuf: remove the unused b_alloc_fast() function - CLEANUP: pools: remove the unused pool_get_first() function - MINOR: pools: make the pool allocator support a few flags - MINOR: pools: add pool_zalloc() to return a zeroed area - CLEANUP: connection: use pool_zalloc() in conn_alloc_hash_node() - CLEANUP: filters: use pool_zalloc() in flt_stream_add_filter() - CLEANUP: spoe: use pool_zalloc() instead of pool_alloc+memset - CLEANUP: frontend: use pool_zalloc() in frontend_accept() - CLEANUP: mailers: use pool_zalloc() in enqueue_one_email_alert() - CLEANUP: resolvers: use pool_zalloc() in resolv_link_resolution() - CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() - CLEANUP: tcpcheck: use pool_zalloc() instead of pool_alloc+memset - CLEANUP: quic: use pool_zalloc() instead of pool_alloc+memset - MINOR: time: also provide a global, monotonic global_now_ms timer - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable - MINOR: tools: introduce new option PA_O_DEFAULT_DGRAM on str2sa_range. - BUILD: tools: fix build error with new PA_O_DEFAULT_DGRAM - BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" - CLEANUP: ssl: remove unused definitions - BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro - MINOR: lua: Slightly improve function dumping the lua traceback - BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback - BUG/MEDIUM: lua: Always init the lua stack before referencing the context - MINOR: fd: make fd_clr_running() return the remaining running mask - MINOR: fd: remove the unneeded running bit from fd_insert() - BUG/MEDIUM: fd: do not wait on FD removal in fd_delete() - CLEANUP: fd: remove unused fd_set_running_excl() - CLEANUP: fd: slightly simplify up _fd_delete_orphan() - BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available. - BUG/MEDIUM: release lock on idle conn killing on reached pool high count - BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless - MINOR: tools: make url2ipv4 return the exact number of bytes parsed - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters - BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent - BUG/MINOR: ssl: Fix update of default certificate - BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one - BUILD: ssl: introduce fine guard for ssl random extraction functions - REORG: global: move initcall register code in a dedicated file - REORG: global: move free acl/action in their related source files - REORG: split proxy allocation functions - MINOR: proxy: implement a free_proxy function - MINOR: proxy: define cap PR_CAP_LUA - MINOR: lua: properly allocate the lua Socket proxy - MINOR: lua: properly allocate the lua Socket servers - MINOR: vars: make get_vars() allow the session to be null - MINOR: vars: make the var() sample fetch keyword depend on nothing - CLEANUP: sample: remove duplicate "stopping" sample fetch keyword - MINOR: sample: make smp_resolve_args() return an allocate error message - MINOR: sample: add a new SMP_SRC_CONST sample capability - MINOR: sample: mark the truly constant sample fetch keywords as such - MINOR: sample: add a new CFG_PARSER context for samples - MINOR: action: add a new ACT_F_CFG_PARSER origin designation - MEDIUM: vars: add support for a "set-var" global directive - REGTESTS: add a basic reg-test for some "set-var" commands - MINOR: sample: add a new CLI_PARSER context for samples - MINOR: action: add a new ACT_F_CLI_PARSER origin designation - MINOR: vars/cli: add a "get var" CLI command to retrieve global variables - MEDIUM: cli: add a new experimental "set var" command - MINOR: compat: add short aliases for a few very commonly used types - BUILD: ssl: use EVP_CIPH_GCM_MODE macro instead of HA_OPENSSL_VERSION - MEDIUM: backend: use a trylock to grab a connection on high FD counts as well 2021/03/19 : 2.4-dev13 - BUG/MEDIUM: cli: fix "help" crashing since recent spelling fixes - BUG/MINOR: cfgparse: use the GLOBAL not LISTEN keywords list for spell checking - MINOR: tools: improve word fingerprinting by counting presence - MINOR: tools: do not sum squares of differences for word fingerprints - MINOR: cli: improve fuzzy matching to work on all remaining words at once - MINOR: cli: sort the suggestions by order of relevance - MINOR: cli: limit spelling suggestions to 5 - MINOR: cfgparse/proxy: also support spelling fixes on options - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames - MINOR: time: export the global_now variable - BUG/MINOR: freq_ctr/threads: make use of the last updated global time - MINOR: freq_ctr/threads: relax when failing to update a sliding window value - MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket - MINOR: mworker/cli: alert the user if we enabled a master CLI but not the master-worker mode - MINOR: cli: implement experimental-mode - REORG: server: add a free server function - MINOR: cfgparse: always alloc idle conns task - REORG: server: move keywords in srv_kws - MINOR: server: remove fastinter from mistyped kw list - REORG: server: split parse_server - REORG: server: move alert traces in parse_server - REORG: server: rename internal functions from parse_server - REORG: server: attach servers in parse_server - REORG: server: use flags for parse_server - MINOR: server: prepare parsing for dynamic servers - MINOR: stats: export function to allocate extra proxy counters - MEDIUM: server: implement 'add server' cli command - REGTESTS: implement test for 'add server' cli - MINOR: server: enable standard options for dynamic servers - MINOR: server: support keyword proto in 'add server' cli - BUG/MINOR: protocol: add missing support of dgram unix socket. - CLEANUP: Fix a typo in fix_is_valid description - MINOR: raw_sock: Add a close method. - MEDIUM: connections: Introduce a new XPRT method, start(). - MEDIUM: connections: Implement a start() method for xprt_handshake. - MEDIUM: connections: Implement a start() method in ssl_sock. - MINOR: muxes: garbage collect the reset() method. - CLEANUP: tcp-rules: Fix a typo in error messages about expect-netscaler-cip - MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua - BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable 2021/03/13 : 2.4-dev12 - CLEANUP: connection: Use `VAR_ARRAY` in `struct tlv` definition - CLEANUP: connection: Remove useless test for NULL before calling `pool_free()` - CLEANUP: connection: Use istptr / istlen for proxy_unique_id - MINOR: connection: Use a `struct ist` to store proxy_authority - CLEANUP: connection: Consistently use `struct ist` to process all TLV types - BUILD: task: fix build at -O0 with threads disabled - BUILD: bug: refine HA_LINK_ERROR() to only be used on gcc and derivatives - CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy - BUILD: connection: do not use VAR_ARRAY in struct tlv - BUG/MEDIUM: session: NULL dereference possible when accessing the listener - MINOR: build: force CC to set a return code when probing options - CLEANUP: stream: rename a few remaining occurrences of "stream *sess" - BUG/MEDIUM: resolvers: handle huge responses over tcp servers. - CLEANUP: config: also address the cfg_keyword API change in the compression code - BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake - BUG/MINOR: sample: Rename SenderComID/TargetComID to SenderCompID/TargetCompID - MINOR: task: give the scheduler a bit more flexibility in the runqueue size - OPTIM: task: automatically adjust the default runqueue-depth to the threads - BUG/MINOR: connection: Missing QUIC initialization - BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc. - BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw() - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached - BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters - BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check - BUG/MINOR: server-state: properly handle the case where the base is not set - BUG/MINOR: server-state: use the argument, not the global state - CLEANUP: tcp-rules: add missing actions in the tcp-request error message - CLEANUP: vars: make the error message clearer on missing arguments for set-var - CLEANUP: http-rules: remove the unexpected comma before the list of action keywords - CLEANUP: actions: the keyword must always be const from the rule - MINOR: tools: add simple word fingerprinting to find similar-looking words - MINOR: cfgparse: add cfg_find_best_match() to suggest an existing word - MINOR: cfgparse: suggest correct spelling for unknown words in proxy sections - MINOR: cfgparse: suggest correct spelling for unknown words in global section - MINOR: cfgparse/server: try to fix spelling mistakes on server lines - MINOR: cfgparse/bind: suggest correct spelling for unknown bind keywords - MINOR: actions: add a function to suggest an action ressembling a given word - MINOR: http-rules: suggest approaching action names on mismatch - MINOR: tcp-rules: suggest approaching action names on mismatch - BUG/MINOR: cfgparse/server: increment the extra keyword counter one at a time - Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record" - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error - BUG/MINOR: resolvers: Reset server address on DNS error only on status change - BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution - BUG/MEDIUM: resolvers: Don't set an address-less server as UP - BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item - MINOR: resolvers: new function find_srvrq_answer_record() - BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item - BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete - MINOR: resolvers: Use a function to remove answers attached to a resolution - MINOR: resolvers: Purge answer items when a SRV resolution triggers an error - MINOR: resolvers: Add function to change the srv status based on SRV resolution - MINOR: resolvers: Directly call srvrq_update_srv_state() when possible - BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks - BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set - MINOR: resolvers: Use milliseconds for cached items in resolver responses - MINOR: resolvers: Don't try to match immediatly renewed ADD items - CLEANUP: resolvers: Use ha_free() in srvrq_resolution_error_cb() - CLEANUP: resolvers: Perform unsafe loop on requester list when possible - BUG/MINOR: cli: make sure "help", "prompt", "quit" are enabled at master level - CLEANUP: cli: fix misleading comment and better indent the access level flags - MINOR: cli: set the ACCESS_MASTER* bits on the master bind_conf - MINOR: cli: test the appctx level for master access instead of comparing pointers - MINOR: cli: print the error message in the parser function itself - MINOR: cli: filter the list of commands to the matching part - MEDIUM: cli: apply spelling fixes for known commands before listing them - MINOR: tools: add the ability to update a word fingerprint - MINOR: cli: apply the fuzzy matching on the whole command instead of words - CLEANUP: cli: rename MAX_STATS_ARGS to MAX_CLI_ARGS - CLEANUP: cli: rename the last few "stats_" to "cli_" - CLEANUP: task: make sure tasklet handlers always indicate their statuses - CLEANUP: assorted typo fixes in the code and comments 2021/03/05 : 2.4-dev11 - CI: codespell: skip Makefile for spell check - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule - BUG/MINOR: connection: Use the client's dst family for adressless servers - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 - CLEANUP: Use ist2(const void*, size_t) whenever possible - CLEANUP: Use IST_NULL whenever possible - BUILD: proxy: Missing header inclusion for quic_transport_params_init() - BUILD: quic: Implicit conversion between SSL related enums. - DOC: spoe: Add a note about fragmentation support in HAProxy - MINOR: contrib: add support for heartbeat control messages. - MINOR: contrib: Enhance peers dissector heuristic. - BUG/MINOR: mux-h2: Fix typo in scheme adjustment - CLEANUP: Reapply the ist2() replacement patch - CLEANUP: Use istadv(const struct ist, const size_t) whenever possible - CLEANUP: Use isttest(const struct ist) whenever possible - Revert "CI: Pin VTest to a known good commit" - CLEANUP: backend: fix a wrong comment - BUG/MINOR: backend: free allocated bind_addr if reuse conn - MINOR: backend: handle reuse for conns with no server as target - REGTESTS: test http-reuse if no server target - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() - BUG/MINOR: server-state: Don't load server-state file for disabled backends - CLEANUP: dns: Use DISGUISE() on a never-failing ring_attach() call - CLEANUP: dns: Remove useless test on ns->dgram in dns_connect_nameserver() - DOC: fix originalto except clause on destination address - CLEANUP: Use the ist() macro whenever possible - CLEANUP: Replace for loop with only a condition by while - REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h - BUG/MINOR: mt-list: always perform a cpu_relax call on failure - MINOR: atomic: add armv8.1-a atomics variant for cas-dw - MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode - MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS - MINOR: pools: double the local pool cache size to 1 MB - MINOR: stream: use ABORT_NOW() and not abort() in stream_dump_and_crash() - CLEANUP: stream: explain why we queue the stream at the head of the server list - MEDIUM: backend: use a trylock when trying to grab an idle connection - REORG: tools: promote the debug PRNG to more general use as a statistical one - OPTIM: lb-random: use a cheaper PRNG to pick a server - MINOR: task: stop abusing the nice field to detect a tasklet - MINOR: task: move the nice field to the struct task only - MEDIUM: task: extend the state field to 32 bits - MINOR: task: add an application specific flag to the state: TASK_F_USR1 - MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1 - MINOR: xprt: add new xprt_set_idle and xprt_set_used methods - MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks - MINOR: server: don't read curr_used_conns multiple times - CLEANUP: global: reorder some fields to respect cache lines - CLEANUP: sockpair: silence a coverity check about fcntl() - CLEANUP: lua: set a dummy file name and line number on the dummy servers - MINOR: server: add a global list of all known servers - MINOR: cfgparse: finish to set up servers outside of the proxy setup loop - MINOR: server: allocate a per-thread struct for the per-thread connections stuff - MINOR: server: move actconns to the per-thread structure - CLEANUP: server: reorder some fields in the server struct to respect cache lines - MINOR: backend: add a BUG_ON if conn mux NULL in connect_server - BUG/MINOR: backend: fix condition for reuse on mode HTTP - BUILD: Fix build when using clang without optimizing. - CLEANUP: assorted typo fixes in the code and comments 2021/02/26 : 2.4-dev10 - BUILD: SSL: introduce fine guard for RAND_keep_random_devices_open - MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes - BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert" - BUG/MINOR: sample: secure convs that accept base64 string and var name as args - BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe - CLEANUP: vars: make smp_fetch_var() to reuse vars_get_by_desc() - DOC: muxes: add a diagram of the exchanges between muxes and outer world - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe - BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal - MINOR: stream: add an "epoch" to figure which streams appeared when - MINOR: cli/streams: make "show sess" dump all streams till the new epoch - MINOR: streams: use one list per stream instead of a global one - MEDIUM: streams: do not use the streams lock anymore - BUILD: dns: avoid a build warning when threads are disabled (dss unused) - MEDIUM: task: remove the tasks_run_queue counter and have one per thread - MINOR: tasks: do not maintain the rqueue_size counter anymore - CLEANUP: tasks: use a less confusing name for task_list_size - CLEANUP: task: move the tree root detection from __task_wakeup() to task_wakeup() - MINOR: task: limit the remote thread wakeup to the global runqueue only - MINOR: task: move the allocated tasks counter to the per-thread struct - CLEANUP: task: split the large tasklet_wakeup_on() function in two - BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() - BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned - BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record - BUG/MINOR: resolvers: new callback to properly handle SRV record errors - BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records - BUG/MEDIUM: resolvers: Reset address for unresolved servers - DOC: Update the module list in MAINTAINERS file - MINOR: htx: Add function to reserve the max possible size for an HTX DATA block - DOC: Update the HTX API documentation - DOC: Update the filters guide - BUG/MEDIUM: contrib/prometheus-exporter: fix segfault in listener name dump - MINOR: task: split the counts of local and global tasks picked - MINOR: task: do not use __task_unlink_rq() from process_runnable_tasks() - MINOR: task: don't decrement then increment the local run queue - CLEANUP: task: re-merge __task_unlink_rq() with task_unlink_rq() - MINOR: task: make grq_total atomic to move it outside of the grq_lock - MINOR: tasks: also compute the tasklet latency when DEBUG_TASK is set - MINOR: task: make tasklet wakeup latency measurements more accurate - MINOR: server: Be more strict on the server-state line parsing - MINOR: server: Only fill one array when parsing a server-state line - MEDIUM: server: Refactor apply_server_state() to make it more readable - CLEANUP: server: Rename state_line node to node instead of name_name - CLEANUP: server: Rename state_line structure into server_state_line - CLEANUP: server: Use a local eb-tree to store lines of the global server-state file - MINOR: server: Be more strict when reading the version of a server-state file - MEDIUM: server: Store parsed params of a server-state line in the tree - MINOR: server: Remove cached line from global server-state tree when found - MINOR: server: Move loading state of servers in a dedicated function - MEDIUM: server: Use a tree to store local server-state lines - MINOR: server: Parse and store server-state lines in a dedicated function - MEDIUM: server: Don't load server-state file if a line is corrupted - REORG: server: Export and rename some functions updating server info - REORG: server-state: Move functions to deal with server-state in its own file - MINOR: server-state: Don't load server-state file for serverless proxies - CLEANUP: muxes: Remove useless if condition in show_fd function - BUG/MINOR: stats: fix compare of no-maint url suffix - MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY - MINOR: ssl: mark the SSL handshake tasklet as heavy - CLEANUP: server: rename srv_cleanup_{idle,toremove}_connections() - BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup() - MINOR: task: add one extra tasklet class: TL_HEAVY - MINOR: task: place the heavy elements in TL_HEAVY - MINOR: task: only limit TL_HEAVY tasks but not others - BUG/MINOR: http-ana: Only consider dst address to process originalto option - MINOR: tools: Add net_addr structure describing a network addess - MINOR: tools: Add function to compare an address to a network address - MEDIUM: http-ana: Add IPv6 support for forwardfor and orignialto options - CLEANUP: hlua: Use net_addr structure internally to parse and compare addresses - REGTESTS: Add script to test except param for fowardedfor/originalto options - DOC: scheduler: add a diagram showing the different queues and their usages - CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) - CLEANUP: config: replace a few free() with ha_free() - CLEANUP: vars: always zero the pointers after a free() - CLEANUP: ssl: remove a useless "if" before freeing an error message - CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free - CLEANUP: ssl: use realloc() instead of free()+malloc() 2021/02/20 : 2.4-dev9 - BUG/MINOR: server: Remove RMAINT from admin state when loading server state - CLEANUP: check: fix get_check_status_info declaration - CLEANUP: contrib/prometheus-exporter: align for with srv status case - MEDIUM: stats: allow to select one field in `stats_fill_li_stats` - MINOR: stats: add helper to get status string - MEDIUM: contrib/prometheus-exporter: add listen stats - BUG/MINOR: dns: add test on result getting value from buffer into ring. - BUG/MINOR: dns: dns_connect_server must return -1 unsupported nameserver's type - BUG/MINOR: dns: missing test writing in output channel in session handler - BUG/MINOR: dns: fix ring attach control on dns_session_new - BUG/MEDIUM: dns: fix multiple double close on fd in dns.c - BUG/MAJOR: connection: prevent double free if conn selected for removal - BUG/MINOR: session: atomically increment the tracked sessions counter - REGTESTS: fix http_reuse_conn_hash proxy test - BUG/MINOR: backend: do not call smp_make_safe for sni conn hash - MINOR: connection: remove pointers for prehash in conn_hash_params - BUG/MINOR: checks: properly handle wrapping time in __health_adjust() - BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust() - DEBUG: thread: add 5 extra lock labels for statistics and debugging - OPTIM: server: switch the actconn list to an mt-list - Revert "MINOR: threads: change lock_t to an unsigned int" - MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock - OPTIM: lb-first: do not take the server lock on take_conn/drop_conn - OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn - OPTIM: lb-leastconn: do not unlink the server if it did not change - MINOR: tasks: add DEBUG_TASK to report caller info in a task - MINOR: tasks/debug: add some extra controls of use-after-free in DEBUG_TASK - BUG/MINOR: sample: Always consider zero size string samples as unsafe - MINOR: cli: add missing agent commands for set server - BUILD/MEDIUM: da Adding pcre2 support. - BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions - REGTESTS: reorder reuse conn proxy protocol test - DOC: explain the relation between pool-low-conn and tune.idle-pool.shared - MINOR: tasks: refine the default run queue depth - MINOR: listener: refine the default MAX_ACCEPT from 64 to 4 - MINOR: mux_h2: do not try to remove front conn from idle trees - REGTESTS: workaround for a crash with recent libressl on http-reuse sni - BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ(). - MINOR: connection: allocate dynamically hash node for backend conns - DOC: DeviceAtlas documentation typo fix. - BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer - BUG/MINOR: http-rules: Always replace the response status on a return action - BUG/MINOR: server: Init params before parsing a new server-state line - BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line - MEDIUM: server: Don't introduce a new server-state file version - DOC: contrib/prometheus-exporter: remove htx reference - REGTESTS: contrib/prometheus-exporter: test NaN values - REGTESTS: contrib/prometheus-exporter: test well known labels - CI: github actions: switch to stable LibreSSL release - BUG/MINOR: server: Fix test on number of fields allowed in a server-state line - MINOR: dynbuf: make the buffer wait queue per thread - MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait - MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold - MINOR: sched: have one runqueue ticks counter per thread 2021/02/13 : 2.4-dev8 - BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro - BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro - BUG/MINOR: mux-h1: Don't emit extra CRLF for empty chunked messages - MINOR: contrib/prometheus-exporter: use stats desc when possible followup - MEDIUM: contrib/prometheus-exporter: export base stick table stats - CLEANUP: assorted typo fixes in the code and comments - CLEANUP: check: fix some typo in comments - CLEANUP: tools: typo in `strl2irc` mention - BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro - MEDIUM: ssl: add a rwlock for SSL server session cache - BUG/MINOR: intops: fix mul32hi()'s off-by-one - BUG/MINOR: freq_ctr: fix a wrong delay calculation in next_event_delay() - MINOR: stick-tables/counters: add http_fail_cnt and http_fail_rate data types - MINOR: ssl: add SSL_SERVER_LOCK label in threads.h - BUG/MINOR: mux-h1: Don't increment HTTP error counter for 408/500/501 errors - BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors - BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state - BUG/MINOR: mux-h1: Fix data skipping for bodyless responses - BUG/MINOR: mux-h1: Don't blindly skip EOT block for non-chunked messages - BUG/MEDIUM: mux-h2: Add EOT block when EOM flag is set on an empty HTX message - MINOR: mux-h1: Be sure EOM flag is set when processing end of outgoing message - REGTESTS: Add a script to test payload skipping for bodyless HTTP responses - BUG/MINOR: server: re-align state file fields number - CLEANUP: muxes: Remove useless calls to b_realign_if_empty() - BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() - CLEANUP: remove unused variable assigned found by Coverity - CLEANUP: queue: Remove useless tests on p or pp in pendconn_process_next_strm() - BUG/MINOR: backend: hold correctly lock when killing idle conn - MEDIUM: connection: protect idle conn lists with locks - MEDIUM: connection: replace idle conn lists by eb trees - MINOR: backend: search conn in idle/safe trees after available - MINOR: backend: search conn in idle tree after safe on always reuse - MINOR: connection: prepare hash calcul for server conns - MINOR: connection: use the srv pointer for the srv conn hash - MINOR: backend: compare conn hash for session conn reuse - MINOR: connection: use sni as parameter for srv conn hash - MINOR: reg-tests: test http-reuse with sni - MINOR: backend: rewrite alloc of stream target address - MINOR: connection: use dst addr as parameter for srv conn hash - MINOR: reg-test: test http-reuse with specific dst addr - MINOR: backend: rewrite alloc of connection src address - MINOR: connection: use src addr as parameter for srv conn hash - MINOR: connection: use proxy protocol as parameter for srv conn hash - MINOR: reg-tests: test http-reuse with proxy protocol - MINOR: doc: update http reuse for new eligilible connections - BUG/MINOR: backend: fix compilation without ssl - REGTESTS: adjust http_reuse_conn_hash requirements - REGTESTS: deactivate a failed test on CI in http_reuse_conn_hash - REGTESTS: fix sni used in http_reuse_conn_hash for libressl 3.3.0 - CI: cirrus: update FreeBSD image to 12.2 - MEDIUM: cli: add check-addr command - MEDIUM: cli: add agent-port command - MEDIUM: server: add server-states version 2 - MEDIUM: server: support {check,agent}_addr, agent_port in server state - MINOR: server: enhance error precision when applying server state - BUG/MINOR: server: Fix server-state-file-name directive - CLEANUP: deinit: release global and per-proxy server-state variables on deinit - BUG/MEDIUM: config: don't pick unset values from last defaults section - BUG/MINOR: stats: revert the change on ST_CONVDONE - BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines - BUG/MINOR: http-htx: defpx must be a const in proxy_dup_default_conf_errors() - BUG/MINOR: tcpheck: the source list must be a const in dup_tcpcheck_var() - BUILD: proxy: add missing compression-t.h to proxy-t.h - REORG: move init_default_instance() to proxy.c and pass it the defproxy pointer - REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() - MEDIUM: proxy: only take defaults when a default proxy is passed. - MINOR: proxy: move the defproxy freeing code to proxy.c - MINOR: proxy: always properly reset the just freed default instance pointers - BUG/MINOR: extcheck: proxy_parse_extcheck() must take a const for the defproxy - BUG/MINOR: tcpcheck: proxy_parse_*check*() must take a const for the defproxy - BUG/MINOR: server: parse_server() must take a const for the defproxy - MINOR: cfgparse: move defproxy to cfgparse-listen as a static - MINOR: proxy: add a new capability PR_CAP_DEF - MINOR: cfgparse: check PR_CAP_DEF instead of comparing poiner against defproxy - MINOR: cfgparse: use a pointer to the current default proxy - MINOR: proxy: also store the name for a defaults section - MINOR: proxy: support storing defaults sections into their own tree - MEDIUM: proxy: store the default proxies in a tree by name - MEDIUM: cfgparse: allow a proxy to designate the defaults section to use - MINOR: http: add baseq sample fetch - CLEANUP: tcpcheck: Remove a useless test on port variable - BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL - CLEANUP: server: Remove useless "filepath" variable in apply_server_state() - MINOR: peers/cli: do not dump the peers dictionaries by default on "show peers" - MINOR: cfgparse: implement a simple if/elif/else/endif macro block handler - DOC: tune: explain the origin of block size for ssl.cachesize - MINOR: tcp: add support for defer-accept on FreeBSD. - MINOR: ring: adds new ring_init function. - CLEANUP: channel: fix comment in ci_putblk. - BUG/MINOR: dns: add missing sent counter and parent id to dns counters. - BUG/MINOR: resolvers: fix attribute packed struct for dns - MINOR: resolvers: renames some resolvers internal types and removes dns prefix - MINOR: resolvers: renames type dns_resolvers to resolvers. - MINOR: resolvers: renames some resolvers specific types to not use dns prefix - MINOR: resolvers: renames some dns prefixed types using resolv prefix. - MINOR: resolvers: renames resolvers DNS_RESP_* errcodes RSLV_RESP_* - MINOR: resolvers: renames resolvers DNS_UPD_* returncodes to RSLV_UPD_* - MINOR: resolvers: rework prototype suffixes to split resolving and dns. - MEDIUM: resolvers: move resolvers section parsing from cfgparse.c to dns.c - MINOR: resolvers: replace nameserver's resolver ref by generic parent pointer - MINOR: resolvers: rework dns stats prototype because specific to resolvers - MEDIUM: resolvers: split resolving and dns message exchange layers. - MEDIUM: resolvers/dns: split dns.c into dns.c and resolvers.c - MEDIUM: dns: adds code to support pipelined DNS requests over TCP. - MEDIUM: resolvers: add supports of TCP nameservers in resolvers. 2021/02/05 : 2.4-dev7 - BUG/MINOR: stats: Continue to fill frontend stats on unimplemented metric - BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version - BUG/MINOR: stats: Init the metric variable when frontend stats are filled - MINOR: contrib/prometheus-exporter: better output of Not-a-Number - CLEANUP: stats: improve field selection for frontend http fields - CLEANUP: assorted typo fixes in the code and comments - DOC: Improve documentation of the various hdr() fetches - MEDIUM: stats: allow to select one field in `stats_fill_be_stats` - MINOR: contrib/prometheus-exporter: use fill_be_stats for backend dump - MEDIUM: stats: allow to select one field in `stats_fill_sv_stats` - MINOR: contrib/prometheus-exporter: use fill_sv_stats for server dump - MINOR: abort() on my_unreachable() when DEBUG_USE_ABORT is set. - BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown - BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name - MINOR: reg-tests: add http-reuse test - CLEANUP: srv: fix comment for pool-max-conn - CLEANUP: backend: remove an obsolete comment on conn_backend_get - REORG: backend: simplify conn_backend_get - MINOR: ssl: Server ssl context prepare function refactoring - MINOR: ssl: Certificate chain loading refactorization - MEDIUM: ssl: Load client certificates in a ckch for backend servers - MEDIUM: ssl: Enable backend certificate hot update - MINOR: ssl: Remove client_crt member of the server's ssl context - CLEANUP: ssl/cli: rework free in cli_io_handler_commit_cert() - CLEANUP: ssl: remove SSL_CTX function parameter - CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart - BUILD: Include stdlib.h in compiler.h if DEBUG_USE_ABORT is set - CI: Fix DEBUG_STRICT definition for Coverity - BUG/MINOR: stats: Remove a break preventing ST_F_QCUR to be set for servers - BUG/MINOR: stats: Add a break after filling ST_F_MODE field for servers - CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() - BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file() - BUG/MEDIUM: session: only retrieve ready idle conn from session - BUG/MEDIUM: backend: never reuse a connection for tcp mode - REGTESTS: set_ssl_server_cert.vtc: remove the abort command - REGTESTS: set_ssl_server_cert.vtc: check the Sha1 Fingerprint - REGTESTS: set_ssl_server_cert.vtc: check the sha1 from the server - MEDIUM: stream-int: Take care of EOS if the SI wake callback function - MINOR: mux-h1: Try to wake up data layer first before calling its wake callback - MINOR: mux-h1: Wake up H1C after its creation if input buffer is not empty - MEDIUM: mux-h1: Add ST_READY state for the H1 connections - MINOR: stream: Add a function to validate TCP to H1 upgrades - MEDIUM: http-ana: Do nothing in wait-for-request analyzer if not htx - BUG/MEDIUM: stream: Don't immediatly ack the TCP to H1 upgrades - BUG/MAJOR: mux-h1: Properly handle TCP to H1 upgrades - MINOR: htx/http-ana: Save info about Upgrade option in the Connection header - MEDIUM: http-ana: Refuse invalid 101-switching-protocols responses - BUG/MINOR: h2/mux-h2: Reject 101 responses with a PROTOCOL_ERROR h2s error - MINOR: mux-h1/mux-fcgi: Don't set TUNNEL mode if payload length is unknown - MINOR: mux-h1: Split H1C_F_WAIT_OPPOSITE flag to separate input/output sides - MINOR: mux-h2: Add 2 flags to help to properly handle tunnel mode - MEDIUM: mux-h2: Block client data on server side waiting tunnel establishment - MEDIUM: mux-h2: Close streams when processing data for an aborted tunnel - MEDIUM: mux-h1: Properly handle tunnel establishments and aborts - BUG/MAJOR: mux-h1/mux-h2/htx: Fix HTTP tunnel management at the mux level - MINOR: htx: Rename HTX_FL_EOI flag into HTX_FL_EOM - REGTESTS: Don't run http_msg_full_on_eom script on the 2.4 anymore - MINOR: htx: Add a function to know if a block is the only one in a message - MAJOR: htx: Remove the EOM block type and use HTX_FL_EOM instead - MINOR: mux-h1: Add a flag on H1 streams with a response known to be bodyless - MEDIUM: mux-h1: Don't emit any payload for bodyless responses - MINOR: mux-h1: Don't emit C-L and T-E headers for 204 and 1xx responses - MINOR: mux-h1: Don't add Connection close/keep-alive header for 1xx messages - MINOR: h2/mux-h2: Add flags to notify the response is known to have no body - MEDIUM: mux-h2: Don't emit DATA frame for bodyless responses - MEDIUM: http-ana: Deal with L7 retries in HTTP analysers - MINOR: h1: reject websocket handshake if missing key - MEDIUM: h1: generate WebSocket key on response if needed - MINOR: mux_h2: define H2_SF_EXT_CONNECT_SENT stream flag - MEDIUM: h2: parse Extended CONNECT reponse to htx - MEDIUM: mux_h2: generate Extended CONNECT from htx upgrade - MEDIUM: h1: add a WebSocket key on handshake if needed - MEDIUM: mux_h2: generate Extended CONNECT response - MEDIUM: h2: parse Extended CONNECT request to htx - MEDIUM: h2: send connect protocol h2 settings - MINOR: vtc: add test for h1/h2 protocol upgrade translation - MINOR: vtc: add websocket test - REGTESTS: Fix required versions for several scripts - REGTEST: Don't use the websocket to validate http-check - MINOR: mux-h1/trace: add traces at level ERROR for all kind of errors - MINOR: mux-fcgi/trace: add traces at level ERROR for all kind of errors - MINOR: h1: Raise the chunk size limit up to (2^52 - 1) - BUG/MEDIUM: listener: do not accept connections faster than we can process them - REGTESTS: set_ssl_server_cert.vtc: set as broken - Revert "BUG/MEDIUM: listener: do not accept connections faster than we can process them" - BUG/MINOR: backend: check available list allocation for reuse - CI: Fix the coverity builds - DOC: management: fix "show resolvers" alphabetical ordering - MINOR: tools: add print_time_short() to print a condensed duration value - MINOR: activity: make profiling more manageable - MINOR: activity: declare a new structure to collect per-function activity - MEDIUM: tasks/activity: collect per-task statistics when profiling is enabled - MINOR: activity: also report collected tasks stats in "show profiling" - MINOR: activity: flush scheduler stats on "set profiling tasks on" - MINOR: activity: add a new "show tasks" command to list currently active tasks - MINOR: listener: export accept_queue_process - MINOR: session: export session_expire_embryonic() - MINOR: muxes: export the timeout and shutr task handlers - MINOR: checks: export a few functions that appear often in trace dumps - MINOR: peers: export process_peer_sync() to improve traces - MINOR: stick-tables: export process_table_expire() - MINOR: mux-h1: Remove first useless test on count in h1_process_output() - BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list - MINOR: http-fetch: Don't check if argument list is set in sample fetches - MINOR: http-conv: Don't check if argument list is set in sample converters - MINOR: sample: Don't check if argument list is set in sample fetches - MINOR: ssl-sample: Don't check if argument list is set in sample fetches - MINOR: mux-h2: Don't tests the start-line when sending HEADERS frame - MINOR: mux-h2: Slightly improve request HEADERS frames sending - MINOR: contrib/prometheus-exporter: declare states for objects - MAJOR: contrib/prometheus-exporter: move ftd/bkd/srv states to labels - MEDIUM: contrib/prometheus-exporter: Use dynamic labels instead of static ones - MINOR: listener: export manage_global_listener_queue() - BUG/MINOR: activity: take care of late wakeups in "show tasks" - REGTESTS: set_ssl_server_cert.vtc: remove SSL caching and set as working - REGTESTS: set_ssl_server_cert: cleanup the SSL caching option - MINOR: checks: Add function to get the result code corresponding to a status - MAJOR: contrib/prometheus-exporter: move health check status to labels - MINOR: contrib/prometheus-exporter: improve service status description field - MINOR: stats: improve pending connections description - MINOR: stats: improve max stats descriptions - MINOR: contrib/prometheus-exporter: use stats desc when possible - MINOR: contrib/prometheus-exporter: add uweight field - MINOR: contrib/prometheus-exporter: add recv logs_logs_total field - CLEANUP: contrib/prometheus-exporter: remove unused includes - CLEANUP: contrib/prometheus-exporter: align and reorder fields - CLEANUP: contrib/prometheus-exporter: remove description in README - DOC: contrib/prometheus-exporter: Add missing metrics in README - BUG/MINOR: contrib/prometheus-exporter: Add missing label for ST_F_HRSP_1XX - BUG/MINOR: contrib/prometheus-exporter: Restart labels dump at the right pos - BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store - BUG/MEDIUM: ssl: check a connection's status before computing a handshake - BUG/MINOR: mux_h2: fix incorrect stat titles - MINOR: ssl/cli: flush the server session cache upon 'commit ssl cert' - BUG/MINOR: cli: fix set server addr/port coherency with health checks - MINOR: server: Don't set the check port during the update from a state file - MINOR: dns: Don't set the check port during a server dns resolution - MEDIUM: check: remove checkport checkaddr flag - MEDIUM: server: adding support for check_port in server state - BUG/MINOR: check: consitent way to set agentaddr - MEDIUM: check: align agentaddr and agentport behaviour - DOC: server: Add missing params in comment of the server state line parsing - BUG/MINOR: xxhash: make sure armv6 uses memcpy() - REGTESTS: mark http-check-send.vtc as 2.4-only - REGTESTS: mark sample_fetches/hashes.vtc as 2.4-only - BUG/MINOR: ssl: do not try to use early data if not configured - REGTESTS: unbreak http-check-send.vtc - MINOR: cli/show_fd: report local and report ports when known - BUILD: Makefile: move REGTESTST_TYPE default setting - BUG/MEDIUM: mux-h2: handle remaining read0 cases - CLEANUP: http-htx: Set buffer area to NULL instead of malloc(0) - BUG/MINOR: sock: Unclosed fd in case of connection allocation failure - BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED 2021/01/22 : 2.4-dev6 - MINOR: converter: adding support for url_enc - BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES - BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID - BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS - BUILD: Makefile: exclude broken tests by default - CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error - BUG/MINOR: hlua: Fix memory leak in hlua_alloc - MINOR: contrib/prometheus-exporter: export build_info - DOC: fix some spelling issues over multiple files - CLEANUP: Fix spelling errors in comments - SCRIPTS: announce-release: fix typo in help message - CI: github: add a few more words to the codespell ignore list - DOC: Add maintainers for the Prometheus exporter - BUG/MINOR: sample: fix concat() converter's corruption with non-string variables - BUG/MINOR: server: Memory leak of proxy.used_server_addr during deinit - CLEANUP: sample: remove uneeded check in json validation - MINOR: reg-tests: add a way to add service dependency - BUG/MINOR: sample: check alloc_trash_chunk return value in concat() - BUG/MINOR: reg-tests: fix service dependency script - MINOR: reg-tests: add base prometheus test - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records" - BUG/MINOR: sample: Memory leak of sample_expr structure in case of error - BUG/MINOR: check: Don't perform any check on servers defined in a frontend - BUG/MINOR: init: enforce strict-limits when using master-worker - MINOR: contrib/prometheus-exporter: avoid connection close header - MINOR: contrib/prometheus-exporter: use fill_info for process dump - BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable - MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities - MINOR: server: Forbid server definitions in frontend sections - BUG/MINOR: threads: Fixes the number of possible cpus report for Mac. - CLEANUP: pattern: rename pat_ref_commit() to pat_ref_commit_elt() - MINOR: pattern: add the missing generation ID manipulation functions - MINOR: peers: Add traces for peer control messages. - BUG/MINOR: dns: SRV records ignores duplicated AR records (v2) - BUILD: peers: fix build warning about unused variable - BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition - MINOR: cache: Do not store responses with an unknown encoding - BUG/MINOR: peers: Possible appctx pointer dereference. - MINOR: build: discard echoing in help target - MINOR: cache: Remove the `hash` part of the accept-encoding secondary key - CLEANUP: cache: Use proper data types in secondary_key_cmp() - CLEANUP: Rename accept_encoding_hash_cmp to accept_encoding_bitmap_cmp - BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command. - MINOR: contrib: Make the wireshark peers dissector compile for more distribs. - BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper - CLEANUP: tools: make resolve_sym_name() take a const pointer - CLEANUP: cli: make "show fd" use a const connection to access other fields - MINOR: cli: make "show fd" also report the xprt and xprt_ctx - MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps. - MINOR: ssl: provide a "show fd" helper to report important SSL information - MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them - MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known - MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known - MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known - CI: Pin VTest to a known good commit - MINOR: cli: give the show_fd helpers the ability to report a suspicious entry - MINOR: cli/show_fd: report some easily detectable suspicious states - MINOR: ssl/show_fd: report some FDs as suspicious when possible - MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls - MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls - BUG/MINOR: mworker: define _GNU_SOURCE for strsignal() - BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context - BUG/MEDIUM: mux-h2: Xfer rxbuf to the upper layer when creating a front stream - MINOR: http: Add HTTP 501-not-implemented error message - MINOR: muxes: Add exit status for errors about not implemented features - MINOR: mux-h1: Be prepared to return 501-not-implemented error during parsing - MEDIUM: mux-h1: Return a 501-not-implemented for upgrade requests with a body - DOC: Remove space after comma in converter signature - DOC: Rename '' to '' in converter signature - MINOR: stats: duplicate 3 fields in bytes in info - MINOR: stats: add new start time field - MINOR: contrib/prometheus-exporter: merge info description from stats - MEDIUM: stats: allow to select one field in `stats_fill_fe_stats` - MINOR: contrib/prometheus-exporter: use fill_fe_stats for frontend dump - MINOR: contrib/prometheus-exporter: Don't needlessly set empty label for metrics - MINOR: contrib/prometheus-exporter: Split the PROMEX_FL_STATS_METRIC flag - MINOR: contrib/prometheus-exporter: Add promex_metric struct defining a metric - MEDIUM: contrib/prometheus-exporter: Rework matrices defining Promex metrics - BUG/MINOR: stream: Don't update counters when TCP to H2 upgrades are performed - BUG/MEDIUM: mux-h2: fix read0 handling on partial frames - MINOR: debug: always export the my_backtrace function - MINOR: debug: extract the backtrace dumping code to its own function - MINOR: debug: create ha_backtrace_to_stderr() to dump an instant backtrace - MEDIUM: debug: now always print a backtrace on CRASH_NOW() and friends - MINOR: debug: let ha_dump_backtrace() dump a bit further for some callers - BUILD: debug: fix build warning by consuming the write() result - MINOR: lua: remove unused variable - BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX 2021/01/06 : 2.4-dev5 - BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup - BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h - MINOR: time: increase the minimum wakeup interval to 60s - MINOR: check: do not ignore a connection header for http-check send - REGTESTS: complete http-check test - CI: travis-ci: drop coverity scan builds - MINOR: atomic: don't use ; to separate instruction on aarch64. - IMPORT: xxhash: update to v0.8.0 that introduces stable XXH3 variant - MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes - MEDIUM: xxhash: use the XXH_INLINE_ALL macro to inline all functions - CLEANUP: xxhash: remove the unused src/xxhash.c - MINOR: sample: add the xxh3 converter - REGTESTS: add tests for the xxh3 converter - MINOR: protocol: Create proto_quic QUIC protocol layer. - MINOR: connection: Attach a "quic_conn" struct to "connection" struct. - MINOR: quic: Redefine control layer callbacks which are QUIC specific. - MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init() - MINOR: connection: Add a new xprt to connection. - MINOR: ssl: Export definitions required by QUIC. - MINOR: cfgparse: Do not modify the QUIC xprt when parsing "ssl". - MINOR: tools: Add support for QUIC addresses parsing. - MINOR: quic: Add definitions for QUIC protocol. - MINOR: quic: Import C source code files for QUIC protocol. - MINOR: listener: Add QUIC info to listeners and receivers. - MINOR: server: Add QUIC definitions to servers. - MINOR: ssl: SSL CTX initialization modifications for QUIC. - MINOR: ssl: QUIC transport parameters parsing. - MINOR: quic: QUIC socket management finalization. - MINOR: cfgparse: QUIC default server transport parameters init. - MINOR: quic: Enable the compilation of QUIC modules. - MAJOR: quic: Make usage of ebtrees to store QUIC ACK ranges. - MINOR: quic: Attempt to make trace more readable - MINOR: quic: Make usage of the congestion control window. - MINOR: quic: Flag RX packet as ack-eliciting from the generic parser. - MINOR: quic: Code reordering to help in reviewing/modifying. - MINOR: quic: Add traces to congestion avoidance NewReno callback. - MINOR: quic: Display the SSL alert in ->ssl_send_alert() callback. - MINOR: quic: Update the initial salt to that of draft-29. - MINOR: quic: Add traces for in flght ack-eliciting packet counter. - MINOR: quic: make a packet build fails when qc_build_frm() fails. - MINOR: quic: Add traces for quic_packet_encrypt(). - MINOR: cache: Refactoring of secondary_key building functions - MINOR: cache: Avoid storing responses whose secondary key was not correctly calculated - BUG/MINOR: cache: Manage multiple headers in accept-encoding normalization - MINOR: cache: Add specific secondary key comparison mechanism - MINOR: http: Add helper functions to trim spaces and tabs - MEDIUM: cache: Manage a subset of encodings in accept-encoding normalizer - REGTESTS: cache: Simplify vary.vtc file - REGTESTS: cache: Add a specific test for the accept-encoding normalizer - MINOR: cache: Remove redundant test in http_action_req_cache_use - MINOR: cache: Replace the "process-vary" option's expected values - CI: GitHub Actions: enable daily Coverity scan - BUG/MEDIUM: cache: Fix hash collision in `accept-encoding` handling for `Vary` - MEDIUM: stick-tables: Add srvkey option to stick-table - REGTESTS: add test for stickiness using "srvkey addr" - BUILD: Makefile: disable -Warray-bounds until it's fixed in gcc 11 - BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails - BUG/MINOR: lua: Fix memory leak error cases in hlua_config_prepend_path - MINOR: lua: Use consistent error message 'memory allocation failed' - CLEANUP: Compare the return value of `XXXcmp()` functions with zero - CLEANUP: Apply the coccinelle patch for `XXXcmp()` on include/ - CLEANUP: Apply the coccinelle patch for `XXXcmp()` on contrib/ - MINOR: qpack: Add static header table definitions for QPACK. - CLEANUP: qpack: Wrong comment about the draft for QPACK static header table. - CLEANUP: quic: Remove useless QUIC event trace definitions. - BUG/MINOR: quic: Possible CRYPTO frame building errors. - MINOR: quic: Pass quic_conn struct to frame parsers. - BUG/MINOR: quic: Wrong STREAM frames parsing. - MINOR: quic: Drop packets with STREAM frames with wrong direction. - CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() - CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() - MINOR: ssl: make tlskeys_list_get_next() take a list element - Revert "BUILD: Makefile: disable -Warray-bounds until it's fixed in gcc 11" - BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails - CLEANUP: mworker: remove duplicate pointer tests in cfg_parse_program() - CLEANUP: Reduce scope of `header_name` in http_action_store_cache() - CLEANUP: Reduce scope of `hdr_age` in http_action_store_cache() - CLEANUP: spoe: fix typo on `var_check_arg` comment - BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule - CI: github actions: build several popular "contrib" tools - DOC: Improve the message printed when running `make` w/o `TARGET` - BUG/MEDIUM: server: srv_set_addr_desc() crashes when a server has no address - REGTESTS: add unresolvable servers to srvkey-addr - BUG/MINOR: stats: Make stat_l variable used to dump a stat line thread local - BUG/MINOR: quic: NULL pointer dereferences when building post handshake frames. - SCRIPTS: improve announce-release to support different tag and versions - SCRIPTS: make announce release support preparing announces before tag exists - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: srv: do not init address if backend is disabled - BUG/MINOR: srv: do not cleanup idle conns if pool max is null - CLEANUP: assorted typo fixes in the code and comments - CLEANUP: few extra typo and fixes over last one ("ot" -> "to") 2020/12/21 : 2.4-dev4 - BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight - BUG/MEDIUM: mux-h1: Fix a deadlock when a 408 error is pending for a client - BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert" - BUG/MAJOR: cache: Crash because of disabled entry not removed from the tree - BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call - MEDIUM: cache: Add a secondary entry counter and insertion limitation - MEDIUM: cache: Avoid going over duplicates lists too often - MINOR: cache: Add a max-secondary-entries cache option - CI: cirrus: drop CentOS 6 builds - BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well - MINOR: vars: replace static functions with global ones - MINOR: opentracing: add ARGC_OT enum - CONTRIB: opentracing: add the OpenTracing filter - DOC: opentracing: add the OpenTracing filter section - REGTESTS: make use of HAPROXY_ARGS and pass -dM by default - BUG/MINOR: http: Establish a tunnel for all 2xx responses to a CONNECT - BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests - BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode - CLEANUP: mux-h2: Rename h2s_frt_make_resp_data() to be generic - CLEANUP: mux-h2: Rename h2c_frt_handle_data() to be generic - BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request - CLEANUP: debug: mark the RNG's seed as unsigned - CONTRIB: halog: fix build issue caused by %L printf format - CONTRIB: halog: mark the has_zero* functions unused - CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps - CONTRIB: debug: address "poll" utility build on non-linux platforms - BUILD: plock: remove dead code that causes a warning in gcc 11 - BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call - BUG/MINOR: dns: SRV records ignores duplicated AR records - DOC: fix "smp_size" vs "sample_size" in "log" directive arguments - CLEANUP: assorted typo fixes in the code and comments - DOC: assorted typo fixes in the documentation - CI: codespell: whitelist "te" and "nd" words 2020/12/11 : 2.4-dev3 - MINOR: log: Logging HTTP path only with %HPO - BUG/MINOR: mux-h2/stats: make stream/connection proto errors more accurate - MINOR: traces: add a new level "error" below the "user" level - MINOR: mux-h2/trace: add traces at level ERROR for protocol errors - BUG/MINOR: mux-h2/stats: not all GOAWAY frames are errors - BUG/MINOR: lua: missing "\n" in error message - BUG/MINOR: lua: lua-load doesn't check its parameters - BUG/MINOR: lua: Post init register function are not executed beyond the first one - BUG/MINOR: lua: Some lua init operation are processed unsafe - MINOR: actions: Export actions lookup functions - MINOR: actions: add a function returning a service pointer from its name - MINOR: cli: add a function to look up a CLI service description - BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times - MINOR: cache: Improve accept_encoding_normalizer - MINOR: cache: Add entry to the tree as soon as possible - BUG/MINOR: trace: Wrong displayed trace level - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. - MINOR: lua: simplify hlua_alloc() to only rely on realloc() - MEDIUM: lua-thread: use atomics for memory accounting - MINOR: lua-thread: remove struct hlua from function hlua_prepend_path() - MEDIUM: lua-thread: make hlua_post_init() no longer use the runtime execution function - MINOR: lua-thread: hlua_ctx_renew() is never called with main gL lua state - MINOR: lua-thread: Use NULL context for main lua state - MINOR: lua-thread: Stop usage of struct hlua for the global lua state - MINOR: lua-thread: Replace embedded struct hlua_function by a pointer - MINOR: lua-thread: Split hlua_init() function in two parts - MINOR: lua-thread: make hlua_ctx_init() get L from its caller - MINOR: lua-thread: Split hlua_load function in two parts - MINOR: lua-thread: Split hlua_post_init() function in two parts - MINOR: lua-thread: Add the "thread" core variable - MEDIUM: lua-thread: No longer use locked context in initialization parts - MEDIUM: lua-thread: Apply lock only if the parent state is the main thread - MINOR: lua-thread: Replace global gL var with an array of states - MINOR: lua-thread: Replace "struct hlua_function" allocation by dedicated function - MINOR: lua-thread: Replace state_from by state_id - MINOR: lua-thread: Store each function reference and init reference in array - MEDIUM: lua-thread: Add the lua-load-per-thread directive - MINOR: lua-thread: Add verbosity in errors - REGTESTS: add a test for the threaded Lua code - BUILD/MINOR: haproxy DragonFlyBSD affinity build update. - DOC/MINOR: Fix formatting in Management Guide - MINOR: cache: Do not store stale entry - MINOR: cache: Add extra "cache-control" value checks - MEDIUM: cache: Remove cache entry in case of POST on the same resource - MINOR: cache: Consider invalid Age values as stale - BUG/MEDIUM: lua-thread: some parts must be initialized once - BUG/MINOR: lua-thread: close all states on deinit - BUG/MINOR: listener: use sockaddr_in6 for IPv6 - BUG/MINOR: mux-h1: Handle keep-alive timeout for idle frontend connections - MINOR: session: Add the idle duration field into the session - MINOR: mux-h1: Update session idle duration when data are received - MINOR: mux-h1: Reset session dates and durations info when the CS is detached - MINOR: logs: Use session idle duration when no stream is provided - MINOR: stream: Always get idle duration from the session - MINOR: stream: Don't retrieve anymore timing info from the mux csinfo - MINOR: mux-h1: Don't provide anymore timing info using cs_info structure - MINOR: muxes: Remove get_cs_info callback function now useless - MINOR: stream: Pass an optional input buffer when a stream is created - MINOR: mux-h1: Add a flag to disable reads to wait opposite side - MEDIUM: mux-h1: Use a h1c flag to block reads when splicing is in-progress - MINOR: mux-h1: Introduce H1C_F_IS_BACK flag on the H1 connection - MINOR: mux-h1: Separate parsing and formatting errors at H1 stream level - MINOR: mux-h1: Split front/back h1 stream creation in 2 functions - MINOR: mux-h1: Add a rxbuf into the H1 stream - MINOR: mux-h1: Don't set CS flags in internal parsing functions - MINOR: mux-h1: Add embryonic and attached states on the H1 connection - MINOR: mux-h1: rework the h1_timeout_task() function - MINOR: mux-h1: Reset more H1C flags when a H1 stream is destroyed - MINOR: mux-h1: Disable reads if an error was reported on the H1 stream - MINOR: mux-h1: Rework how shutdowns are handled - MINOR: mux-h1: Rework h1_refresh_timeout to be easier to read - MINOR: mux-h1: Process next request for IDLE connection only - MINOR: mux-h1: Add a idle expiration date on the H1 connection - MINOR: stick-tables: Add functions to update some values of a tracked counter - MINOR: session: Add functions to increase http values of tracked counters - MINOR: mux: Add a ctl parameter to get the exit status of the multiplexers - MINOR: logs: Get the multiplexer exist status when no stream is provided - MINOR: mux-h1: Add functions to send HTTP errors from the mux - MAJOR: mux-h1: Create the client stream as later as possible - DOC: config: Add notes about errors emitted by H1 mux - CLEANUP: mux-h1: Rename H1C_F_CS_* flags and reorder H1C flags - MINOR: http-ana: Remove useless update of t_idle duration of the stream - CLEANUP: htx: Remove HTX_FL_UPGRADE unsued flag - MEDIUM: http-ana: Don't process partial or empty request anymore - CLEANUP: http-ana: Remove TX_WAIT_NEXT_RQ unsued flag - CLEANUP: connection: Remove CS_FL_READ_PARTIAL flag - REGTESTS: Fix proxy_protocol_tlv_validation - MINOR: http-ana: Properly set message flags from the start-line flags - MINOR: h1-htx/http-ana: Set BODYLESS flag on message in TUNNEL state - MINOR: protocol: add a ->set_port() helper to address families - MINOR: listener: automatically set the port when creating listeners - MINOR: listener: now use a generic add_listener() function - MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1 - BUG/MEDIUM: stream: Xfer the input buffer to a fully created stream - BUG/MINOR: stream: Don't use input buffer after the ownership xfer - MINOR: protocol: remove the redundant ->sock_domain field - MINOR: protocol: export protocol definitions - CLEANUP: protocol: group protocol struct members by usage - MINOR: protocol: add a set of ctrl_init/ctrl_close methods for setup/teardown - MINOR: connection: use the control layer's init/close - MINOR: udp: export udp_suspend_receiver() and udp_resume_receiver() - BUG/MAJOR: spoa/python: Fixing return None - DOC: spoa/python: Fixing typo in IP related error messages - DOC: spoa/python: Rephrasing memory related error messages - DOC: spoa/python: Fixing typos in comments - BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations - BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails - BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments - BUG/MEDIUM: spoa/python: Fixing references to None - DOC: email change of the DeviceAtlas maintainer - MINOR: cache: Dump secondary entries in "show cache" - CLEANUP: connection: use fd_stop_both() instead of conn_stop_polling() - MINOR: stream-int: don't touch polling anymore on shutdown - MINOR: connection: implement cs_drain_and_close() - MINOR: mux-pt: take care of CS_SHR_DRAIN in shutr() - MINOR: checks: use cs_drain_and_close() instead of draining the connection - MINOR: checks: don't call conn_cond_update_polling() anymore - CLEANUP: connection: open-code conn_cond_update_polling() and update the comment - CLEANUP: connection: remove the unused conn_{stop,cond_update}_polling() - BUG/MINOR: http-check: Use right condition to consider HTX message as full - BUG/MINOR: tcpcheck: Don't rearm the check timeout on each read - MINOR: tcpcheck: Only wait for more payload data on HTTP expect rules - BUG/MINOR: tools: make parse_time_err() more strict on the timer validity - BUG/MINOR: tools: Reject size format not starting by a digit - MINOR: action: define enum for timeout type of the set-timeout rule - MINOR: stream: prepare the hot refresh of timeouts - MEDIUM: stream: support a dynamic server timeout - MEDIUM: stream: support a dynamic tunnel timeout - MEDIUM: http_act: define set-timeout server/tunnel action - MINOR: frontend: add client timeout sample fetch - MINOR: backend: add timeout sample fetches - MINOR: stream: add sample fetches - MINOR: stream: add timeout sample fetches - REGTESTS: add regtest for http-request set-timeout - CLEANUP: remove the unused fd_stop_send() in conn_xprt_shutw{,_hard}() - CLEANUP: connection: remove the unneeded fd_stop_{recv,send} on read0/shutw - MINOR: connection: remove sock-specific code from conn_sock_send() - REORG: connection: move the socket iocb (conn_fd_handler) to sock.c - MINOR: protocol: add a ->drain() function at the connection control layer - MINOR: connection: make conn_sock_drain() use the control layer's ->drain() - MINOR: protocol: add a pair of check_events/ignore_events functions at the ctrl layer - MEDIUM: connection: make use of the control layer check_events/ignore_events 2020/12/01 : 2.4-dev2 - BUILD: Make DEBUG part of .build_opts - BUILD: Show the value of DEBUG= in haproxy -vv - CI: Set DEBUG=-DDEBUG_STRICT=1 in GitHub Actions - MINOR: stream: Add level 7 retries on http error 401, 403 - CLEANUP: remove unused function "ssl_sock_is_ckch_valid" - BUILD: SSL: add BoringSSL guarding to "RAND_keep_random_devices_open" - BUILD: SSL: do not "update" BoringSSL version equivalent anymore - BUG/MEDIUM: http_act: Restore init of log-format list - DOC: better describes how to configure a fallback crt - BUG/MAJOR: filters: Always keep all offsets up to date during data filtering - MINOR: cache: Prepare helper functions for Vary support - MEDIUM: cache: Add the Vary header support - MINOR: cache: Add a process-vary option that can enable/disable Vary processing - BUG/CRITICAL: cache: Fix trivial crash by sending accept-encoding header - BUG/MAJOR: peers: fix partial message decoding - DOC: cache: Add new caching limitation information - DOC: cache: Add information about Vary support - DOC: better document the config file format and escaping/quoting rules - DOC: Clarify %HP description in log-format - CI: github actions: update LibreSSL to 3.3.0 - CI: github actions: enable 51degrees feature - MINOR: fd/threads: silence a build warning with threads disabled - BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check - MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool - MINOR: tcpcheck: Don't handle anymore in-progress connect rules in tcpcheck_main - MINOR: config: Deprecate and ignore tune.chksize global option - MINOR: config: Add a warning if tune.chksize is used - REORG: tcpcheck: Move check option parsing functions based on tcp-check - MINOR: check: Always increment check health counter on CONPASS - MINOR: tcpcheck: Add support of L7OKC on expect rules error-status argument - DOC: config: Make disable-on-404 option clearer on transition conditions - DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section - BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check - MINOR: plock: use an ARMv8 instruction barrier for the pause instruction - MINOR: debug: add "debug dev sched" to stress the scheduler. - MINOR: debug: add a trivial PRNG for scheduler stress-tests - BUG/MEDIUM: lists: Lock the element while we check if it is in a list. - MINOR: task: remove tasklet_insert_into_tasklet_list() - MINOR: task: perform atomic counter increments only once per wakeup - MINOR: task: remove __tasklet_remove_from_tasklet_list() - BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link - BUG/MEDIUM: local log format regression. 2020/11/21 : 2.4-dev1 - MINOR: ist: Add istend() function to return a pointer to the end of the string - MINOR: sample: Add converters to parse FIX messages - REGTEST: converter: Add a regtest for fix converters - MINOR: sample: Add converts to parses MQTT messages - REGTEST: converter: Add a regtest for MQTT converters - MINOR: compat: automatically include malloc.h on glibc - MEDIUM: pools: call malloc_trim() from pool_gc() - MEDIUM: pattern: call malloc_trim() on pat_ref_reload() - MINOR: pattern: move the update revision to the pat_ref, not the expression - CLEANUP: pattern: delete the back refs at once during pat_ref_reload() - MINOR: pattern: new sflag PAT_SF_REGFREE indicates regex_free() is needed - MINOR: pattern: make the delete and prune functions more generic - MEDIUM: pattern: link all final elements from the reference - MEDIUM: pattern: change the pat_del_* functions to delete from the references - MINOR: pattern: remerge the list and tree deletion functions - MINOR: pattern: perform a single call to pat_delete_gen() under the expression - CLEANUP: acl: don't reference the generic pattern deletion function anymore - CLEANUP: pattern: remove pat_delete_fcts[] and pattern_head->delete() - MINOR: pattern: introduce pat_ref_delete_by_ptr() to delete a valid reference - MINOR: pattern: store a generation number in the reference patterns - MEDIUM: pattern: only match patterns that match the current generation - MINOR: pattern: add pat_ref_commit() to commit a previously inserted element - MINOR: pattern: implement pat_ref_load() to load a pattern at a given generation - MINOR: pattern: add pat_ref_purge_older() to purge old entries - MEDIUM: pattern: make pat_ref_prune() rely on pat_ref_purge_older() - MINOR: pattern: during reload, delete elements frem the ref, not the expression - MINOR: pattern: prepare removal of a pattern from the list head - MEDIUM: pattern: turn the pattern chaining to single-linked list - CLEANUP: cfgparse: remove duplicate registration for transparent build options - BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher - MINOR: http-htx: Add understandable errors for the errorfiles parsing - MINOR: ssl: instantiate stats module - MINOR: ssl: count client hello for stats - MINOR: ssl: add counters for ssl sessions - DOC: config: Fix a typo on ssl_c_chain_der - MINOR: server: remove idle lock in srv_cleanup_connections - BUILD: ssl: silence build warning on uninitialised counters - BUILD: http-htx: fix build warning regarding long type in printf - REGTEST: ssl: test wildcard and multi-type + exclusions - BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded - CI: Expand use of GitHub Actions for CI - REGTEST: ssl: mark reg-tests/ssl/ssl_crt-list_filters.vtc as broken - BUG/MINOR: pattern: a sample marked as const could be written - BUG/MINOR: lua: set buffer size during map lookups - MEDIUM: cache: Change caching conditions - BUG/MINOR: stats: free dynamically stats fields/lines on shutdown - BUG/MEDIUM: stats: prevent crash if counters not alloc with dummy one - MINOR: peers: Add traces to peer_treat_updatemsg(). - BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries. - BUG/MINOR: peers: Missing TX cache entries reset. - BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages - BUG/MINOR: http-fetch: Extract cookie value even when no cookie name - BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches - BUG/MEDIUM: check: reuse srv proto only if using same mode - MINOR: check: report error on incompatible proto - MINOR: check: report error on incompatible connect proto - BUG/MINOR: http-htx: Handle warnings when parsing http-error and http-errors - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet - MINOR: spoe: Don't close connection in sync mode on processing timeout - BUG/MINOR: tcpcheck: Don't warn on unused rules if check option is after - MINOR: init: Fix the prototype for per-thread free callbacks - MINOR: config/mux-h2: Return ERR_ flags from init_h2() instead of a status - CLEANUP: config: Return ERR_NONE from config callbacks instead of 0 - MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error. - REGTEST: make ssl_client_samples and ssl_server_samples require to 2.2 - REGTESTS: Add sample_fetches/cook.vtc - BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering - BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests - CLEANUP: flt-trace: Remove unused random-parsing option - MINOR: flt-trace: Add an option to inhibits trace messages - MINOR: flt-trace: Use a bitfield for the trace options - REGTESTS: Add a script to test the random forwarding with several filters - REGTESTS: mark the abns test as broken again - REGTESTS: converter: add url_dec test - CI: Stop hijacking the hosts file - CI: Make the h2spec workflow more consistent with the VTest workflow - CI: travis-ci: remove amd64, osx builds - CI: travis-ci: arm64 are not allowed to fail anymore - DOC: add missing 3.10 in the summary - MINOR: ssl: remove client hello counters - MEDIUM: stats: add counters for failed handshake - MINOR: ssl: create common ssl_ctx init - MEDIUM: cli/ssl: configure ssl on server at runtime - REGTEST: server/cli_set_ssl.vtc requires OpenSSL - DOC: coding-style: update a few rules about pointers - BUG/MINOR: ssl: segv on startup when AKID but no keyid - BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION - BUG/MEDIUM: http-ana: Don't eval http-after-response ruleset on empty messages - BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list - BUG/MEDIUM: ssl: error when no certificate are found - BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated - BUG/MEDIUM: ssl/crt-list: fix error when no file found - CI: Github Actions: enable prometheus exporter - CI: Github Actions: remove LibreSSL-3.0.2 builds - CI: Github Actions: enable BoringSSL builds - CI: travis-ci: remove builds migrated to GH actions - BUILD: makefile: enable crypt(3) for OpenBSD - CI: Github Action: run "apt-get update" before packages restore - BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES - CI: Pass the github.event_name to matrix.py - CI: Clean up Windows CI - DOC: clarify how to create a fallback crt - CLEANUP: connection: do not use conn->owner when the session is known - BUG/MAJOR: connection: reset conn->owner when detaching from session list - REGTESTS: mark proxy_protocol_random_fail as broken - BUG/MINOR: http_htx: Fix searching headers by substring - MINOR: http_act: Add -m flag for del-header name matching method 2020/11/05 : 2.4-dev0 - MINOR: version: it's development again. - DOC: mention in INSTALL that it's development again 2020/11/05 : 2.3.0 - CLEANUP: pattern: remove unused entry "tree" in pattern.val - BUILD: ssl: use SSL_CTRL_GET_RAW_CIPHERLIST instead of OpenSSL versions - BUG/MEDIUM: filters: Don't try to init filters for disabled proxies - BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies - BUG/MINOR: checks: Report a socket error before any connection attempt - BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup - MINOR: server: Copy configuration file and line for server templates - BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade - BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions - MINOR: debug: don't count free(NULL) in memstats - BUG/MINOR: filters: Skip disabled proxies during startup only - MINOR: mux_h2: capitalize frame type in stats - MINOR: mux_h2: add stat for total count of connections/streams - MINOR: stats: do not display empty stat module title on html - BUG/MEDIUM: stick-table: limit the time spent purging old entries - BUG/MEDIUM: listener: only enable a listening listener if needed - BUG/MEDIUM: listener: never suspend inherited sockets - BUG/MEDIUM: listener: make the master also keep workers' inherited FDs - MINOR: fd: add fd_want_recv_safe() - MEDIUM: listeners: make use of fd_want_recv_safe() to enable early receivers - REGTESTS: mark abns_socket as working now - CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream - MINOR: sock: add a check against cross worker<->master socket activities - CI: github actions: limit OpenSSL no-deprecated builds to "default,bug,devel" reg-tests - BUG/MEDIUM: server: make it possible to kill last idle connections - MINOR: mworker/cli: the master CLI use its own applet - MINOR: ssl: define SSL_CTX_set1_curves_list to itself on BoringSSL - BUILD: ssl: use feature macros for detecting ec curves manipulation support - DOC: Add dns as an available domain to show stat - BUILD: makefile: usual reorder of objects for faster builds - DOC: update INSTALL to mention that TCC is supported - DOC: mention in INSTALL that haproxy 2.3 is a stable version - MINOR: version: mention that it's stable now 2020/10/31 : 2.3-dev9 - CLEANUP: http_ana: remove unused assignation of `att_beg` - BUG/MEDIUM: ssl: OCSP must work with BoringSSL - BUG/MINOR: log: fix memory leak on logsrv parse error - BUG/MINOR: log: fix risk of null deref on error path - BUILD: ssl: more elegant OpenSSL early data support check - CI: github actions: update h2spec to 2.6.0 - BUG/MINOR: cache: Check the return value of http_replace_res_status - MINOR: cache: Store the "Last-Modified" date in the cache_entry - MINOR: cache: Process the If-Modified-Since header in conditional requests - MINOR: cache: Create res.cache_hit and res.cache_name sample fetches - MINOR: mux-h2: register a stats module - MINOR: mux-h2: add counters instance to h2c - MINOR: mux-h2: add stats for received frame types - MINOR: mux-h2: report detected error on stats - MINOR: mux-h2: count open connections/streams on stats - BUG/MINOR: server: fix srv downtime calcul on starting - BUG/MINOR: server: fix down_time report for stats - BUG/MINOR: lua: initialize sample before using it - MINOR: cache: Add Expires header value parsing - MINOR: ist: Add a case insensitive istmatch function - BUG/MINOR: cache: Manage multiple values in cache-control header value - BUG/MINOR: cache: Inverted variables in http_calc_maxage function - MINOR: pattern: make pat_ref_append() return the newly added element - MINOR: pattern: make pat_ref_add() rely on pat_ref_append() - MINOR: pattern: export pat_ref_push() - CLEANUP: pattern: use calloc() rather than malloc for structures - CLEANUP: pattern: fix spelling/grammatical/copy-paste in comments 2020/10/24 : 2.3-dev8 - MINOR: backend: replace the lbprm lock with an rwlock - MINOR: lb/map: use seek lock and read locks where appropriate - MINOR: lb/leastconn: only take a read lock in fwlc_get_next_server() - MINOR: lb/first: use a read lock in fas_get_next_server() - MINOR: lb/chash: use a read lock in chash_get_server_hash() - BUG/MINOR: disable dynamic OCSP load with BoringSSL - BUILD: ssl: make BoringSSL use its own version numbers - CLEANUP: threads: don't register an initcall when not debugging - MINOR: threads: change lock_t to an unsigned int - CLEANUP: tree-wide: reorder a few structures to plug some holes around locks - CLEANUP: task: remove the unused and mishandled global_rqueue_size - BUG/MEDIUM: connection: Never cleanup server lists when freeing private conns - MEDIUM: config: report that "nbproc" is deprecated - BUG/MINOR: listener: close before free in `listener_accept` - MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension - BUG/MINOR: queue: properly report redistributed connections - CONTRIB: tcploop: remove unused local variables in tcp_pause() - BUILD: makefile: add entries to build common debugging tools - BUG/MEDIUM: server: support changing the slowstart value from state-file - MINOR: http: Add `enum etag_type http_get_etag_type(const struct ist)` - MINOR: http: Add etag comparison function - MEDIUM: cache: Store the ETag information in the cache_entry - MEDIUM: cache: Add support for 'If-None-Match' request header - REGTEST: cache: Add if-none-match test case - CLEANUP: compression: Make use of http_get_etag_type() - BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible - MINOR: threads/debug: only report used lock stats - MINOR: threads/debug: only report lock stats for used operations - MINOR: proxy; replace the spinlock with an rwlock - MINOR: server: read-lock the cookie during srv_set_dyncookie() - MINOR: proxy/cli: only take a read lock in "show errors" - OPTIM: queue: don't call pendconn_unlink() when the pendconn is not queued - MINOR: queue: split __pendconn_unlink() in per-srv and per-prx - MINOR: queue: reduce the locked area in pendconn_add() - OPTIM: queue: make the nbpend counters atomic - OPTIM: queue: decrement the nbpend and totpend counters outside of the lock - MINOR: leastconn: take the queue length into account when queuing servers - MEDIUM: fwlc: re-enable per-server queuing up to maxqueue - Revert "OPTIM: queue: don't call pendconn_unlink() when the pendconn is not queued" - MINOR: stats: support the "up" output modifier for "show stat" - MINOR: stats: also support a "no-maint" show stat modifier - MINOR: stats: indicate the number of servers in a backend's status - MEDIUM: ssl: ssl-load-extra-del-ext work only with .crt - REGTEST: ssl: test "set ssl cert" with separate key / crt - DOC: management: apply the "show stat" modifiers to "show stat", not "show info" - MINOR: stats: report server's user-configured weight next to effective weight - CI: travis-ci: switch to Ubuntu 20.04 - CONTRIB: release-estimator: Add release estimating tool - BUG/MEDIUM: queue: fix unsafe proxy pointer when counting nbpend - BUG/MINOR: extcheck: add missing checks on extchk_setenv() 2020/10/17 : 2.3-dev7 - CI: travis-ci: replace not defined SSL_LIB, SSL_INC for BotringSSL builds - BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited - BUG/MINOR: mux-h2: do not stop outgoing connections on stopping - MINOR: fd: report an error message when failing initial allocations - MINOR: proto-tcp: make use of connect(AF_UNSPEC) for the pause - MINOR: sock: add sock_accept_conn() to test a listening socket - MINOR: protocol: make proto_tcp & proto_uxst report listening sockets - MINOR: sockpair: implement the .rx_listening function - CLEANUP: tcp: make use of sock_accept_conn() where relevant - CLEANUP: unix: make use of sock_accept_conn() where relevant - BUG/MINOR: listener: detect and handle shared sockets stopped in other processes - CONTRIB: tcploop: implement a disconnect operation 'D' - CLEANUP: protocol: intitialize all of the sockaddr when disconnecting - BUG/MEDIUM: deinit: check fdtab before fdtab[fd].owner - BUG/MINOR: connection: fix loop iter on connection takeover - BUG/MEDIUM: connection: fix srv idle count on conn takeover - MINOR: connection: improve list api usage - MINOR: mux/connection: add a new mux flag for HOL risk - MINOR: connection: don't check priv flag on free - MEDIUM: backend: add new conn to session if mux marked as HOL blocking - MEDIUM: backend: add reused conn to sess if mux marked as HOL blocking - MEDIUM: h2: remove conn from session on detach - MEDIUM: fcgi: remove conn from session on detach - DOC: Describe reuse safe for HOL handling - MEDIUM: proxy: remove obsolete "mode health" - MEDIUM: proxy: remove obsolete "monitor-net" - CLEANUP: protocol: remove the ->drain() function - CLEANUP: fd: finally get rid of fd_done_recv() - MINOR: connection: make sockaddr_alloc() take the address to be copied - MEDIUM: listener: allocate the connection before queuing a new connection - MINOR: session: simplify error path in session_accept_fd() - MINOR: connection: add new error codes for accept_conn() - MINOR: sock: rename sock_accept_conn() to sock_accepting_conn() - MINOR: protocol: add a new function accept_conn() - MINOR: sock: implement sock_accept_conn() to accept a connection - MINOR: sockpair: implement sockpair_accept_conn() to accept a connection - MEDIUM: listener: use protocol->accept_conn() to accept a connection - MEDIUM: listener: remove the second pass of fd manipulation at the end - MINOR: protocol: add a default I/O callback and put it into the receiver - MINOR: log: set the UDP receiver's I/O handler in the receiver - MINOR: protocol: register the receiver's I/O handler and not the protocol's - CLEANUP: protocol: remove the now unused field of proto_fam->bind() - DOC: improve the documentation for "option nolinger" - BUG/MEDIUM: proxy: properly stop backends - BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once - MINOR: threads: augment rwlock debugging stats to report seek lock stats - MINOR: threads: add the transitions to/from the seek state - MEDIUM: task: use an upgradable seek lock when scanning the wait queue - BUILD: listener: avoir a build warning when threads are disabled - BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions. - MINOR: ssl: add volatile flags to ssl samples - MEDIUM: backend: reuse connection if using a static sni - BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided - BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages - BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn - DOC: fix typo in MAX_SESS_STKCTR 2020/10/10 : 2.3-dev6 - REGTESTS: use "command" instead of "which" for better POSIX compatibility - BUILD: makefile: Update feature flags for OpenBSD - DOC: agent-check: fix typo in "fail" word expected reply - DOC: crt: advise to move away from cert bundle - BUG/MINOR: ssl/crt-list: exit on warning out of crtlist_parse_line() - REGTEST: fix host part in balance-uri-path-only.vtc - REGTEST: make ssl_client_samples and ssl_server_samples requiret to 2.3 - REGTEST: the iif converter test requires 2.3 - REGTEST: make agent-check.vtc require 1.8 - REGTEST: make abns_socket.vtc require 1.8 - REGTEST: make map_regm_with_backref require 1.7 - BUILD: makefile: Update feature flags for FreeBSD - OPTIM: backend/random: never queue on the server, always on the backend - OPTIM: backend: skip LB when we know the backend is full - BUILD: makefile: Fix building with closefrom() support enabled - BUILD: makefile: add an EXTRAVERSION variable to ease local naming - MINOR: tools: support for word expansion of environment in parse_line - BUILD: tools: fix minor build issue on isspace() - BUILD: makefile: Enable closefrom() support on Solaris - CLEANUP: ssl: Use structured format for error line report during crt-list parsing - MINOR: ssl: Add error if a crt-list might be truncated - MINOR: ssl: remove uneeded check in crtlist_parse_file - BUG/MINOR: Fix several leaks of 'log_tag' in init(). - DOC: tcp-rules: Refresh details about L7 matching for tcp-request content rules - MEDIUM: tcp-rules: Warn if a track-sc* content rule doesn't depend on content - BUG/MINOR: tcpcheck: Set socks4 and send-proxy flags before the connect call - DOC: ssl: new "cert bundle" behavior - BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe - CLEANUP: ssl: "bundle" is not an OpenSSL wording - MINOR: counters: fix a typo in comment - BUG/MINOR: stats: fix validity of the json schema - REORG: stats: export some functions - MINOR: stats: add stats size as a parameter for csv/json dump - MINOR: stats: hide px/sv/li fields in applet struct - REORG: stats: extract proxy json dump - REORG: stats: extract proxies dump loop in a function - MINOR: hlua: Display debug messages on stderr only in debug mode - MINOR: stats: define the concept of domain for statistics - MINOR: stats: define additional flag px cap on domain - MEDIUM: stats: add delimiter for static proxy stats on csv - MEDIUM: stats: define an API to register stat modules - MEDIUM: stats: add abstract type to store counters - MEDIUM: stats: integrate static proxies stats in new stats - MINOR: stats: support clear counters for dynamic stats - MINOR: stats: display extra proxy stats on the html page - MINOR: stats: add config "stats show modules" - MINOR: dns/stats: integrate dns counters in stats - MINOR: stats: remove for loop declaration - DOC: ssl: fix typo about ocsp files - BUG/MINOR: peers: Inconsistency when dumping peer status codes. - DOC: update INSTALL with supported OpenBSD / FreeBSD versions - BUG/MINOR: proto_tcp: Report warning messages when listeners are bound - CLEANUP: cache: Fix leak of cconf->c.name during config check - CLEANUP: ssl: Release cached SSL sessions on deinit - BUG/MINOR: mux-h1: Be sure to only set CO_RFL_READ_ONCE for the first read - BUG/MINOR: mux-h1: Always set the session on frontend h1 stream - MINOR: mux-h1: Don't wakeup the H1C when output buffer become available - CLEANUP: sock-unix: Remove an unreachable goto clause - BUG/MINOR: proxy: inc req counter on new syslog messages. - BUG/MEDIUM: log: old processes with log foward section don't die on soft stop. - MINOR: stats: inc req counter on listeners. - MINOR: channel: new getword and getchar functions on channel. - MEDIUM: log: syslog TCP support on log forward section. - BUG/MINOR: proxy/log: frontend/backend and log forward names must differ - DOC: re-work log forward bind statement documentation. - DOC: fix a confusing typo on a regsub example - BUILD: Add a DragonFlyBSD target - BUG/MINOR: makefile: fix a tiny typo in the target list - BUILD: makefile: Update feature flags for NetBSD - CI: travis-ci: help Coverity to detect BUG_ON() as a real stop - DOC: Add missing stats fields in the management doc - BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams - BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams - DOC: Fix typos in configuration.txt - BUG/MINOR: http: Fix content-length of the default 500 error - BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses - REGTESTS: mark abns_socket as broken - MEDIUM: fd: always wake up one thread when enabling a foreing FD - MEDIUM: listeners: don't bounce listeners management between queues - MEDIUM: init: stop disabled proxies after initializing fdtab - MEDIUM: listeners: make unbind_listener() converge if needed - MEDIUM: deinit: close all receivers/listeners before scanning proxies - MEDIUM: listeners: remove the now unused ZOMBIE state - MINOR: listeners: do not uselessly try to close zombie listeners in soft_stop() - CLEANUP: proxy: remove the first_to_listen hack in zombify_proxy() - MINOR: listeners: introduce listener_set_state() - MINOR: proxy: maintain per-state counters of listeners - MEDIUM: proxy: remove the unused PR_STFULL state - MEDIUM: proxy: remove the PR_STERROR state - MEDIUM: proxy: remove state PR_STPAUSED - MINOR: startup: don't rely on PR_STNEW to check for listeners - CLEANUP: peers: don't use the PR_ST* states to mark enabled/disabled - MEDIUM: proxy: replace proxy->state with proxy->disabled - MEDIUM: proxy: remove start_proxies() - MEDIUM: proxy: merge zombify_proxy() with stop_proxy() - MINOR: listeners: check the current listener state in pause_listener() - MINOR: listeners: check the current listener earlier state in resume_listener() - MEDIUM: listener/proxy: make the listeners notify about proxy pause/resume - MINOR: protocol: introduce protocol_{pause,resume}_all() - MAJOR: signals: use protocol_pause_all() and protocol_resume_all() - CLEANUP: proxy: remove the now unused pause_proxies() and resume_proxies() - MEDIUM: proto_tcp: make the pause() more robust in multi-process - BUG/MEDIUM: listeners: correctly report pause() errors - MINOR: listeners: move fd_stop_recv() to the receiver's socket code - CLEANUP: protocol: remove the ->disable_all method - CLEANUP: listeners: remove unused disable_listener and disable_all_listeners - MINOR: listeners: export enable_listener() - MINOR: protocol: directly call enable_listener() from protocol_enable_all() - CLEANUP: protocol: remove the ->enable_all method - CLEANUP: listeners: remove the now unused enable_all_listeners() - MINOR: protocol: rename the ->listeners field to ->receivers - MINOR: protocol: replace ->pause(listener) with ->rx_suspend(receiver) - MINOR: protocol: implement an ->rx_resume() method - MINOR: listener: use the protocol's ->rx_resume() method when available - MINOR: sock: provide a set of generic enable/disable functions - MINOR: protocol: add a new pair of rx_enable/rx_disable methods - MINOR: protocol: add a new pair of enable/disable methods for listeners - MEDIUM: listeners: now use the listener's ->enable/disable - MINOR: listeners: split delete_listener() in two versions - MINOR: listeners: count unstoppable jobs on creation, not deletion - MINOR: listeners: add a new stop_listener() function - MEDIUM: proxy: make stop_proxy() now use stop_listener() - MEDIUM: proxy: add mode PR_MODE_PEERS to flag peers frontends - MEDIUM: proxy: centralize proxy status update and reporting - MINOR: protocol: add protocol_stop_now() to instant-stop listeners - MEDIUM: proxy: make soft_stop() stop most listeners using protocol_stop_now() - MEDIUM: udp: implement udp_suspend() and udp_resume() - MINOR: listener: add a few BUG_ON() statements to detect inconsistencies - MEDIUM: listeners: always close master vs worker listeners - BROKEN/MEDIUM: listeners: rework the unbind logic to make it idempotent - MEDIUM: listener: let do_unbind_listener() decide whether to close or not - CLEANUP: listeners: remove the do_close argument to unbind_listener() - MINOR: listeners: move the LI_O_MWORKER flag to the receiver - MEDIUM: receivers: add an rx_unbind() method in the protocols - MINOR: listeners: split do_unbind_listener() in two - MEDIUM: listeners: implement protocol level ->suspend/resume() calls - MEDIUM: config: mark "grace" as deprecated - MEDIUM: config: remove the deprecated and dangerous global "debug" directive - BUG/MINOR: proxy: respect the proper format string in sig_pause/sig_listen - MINOR: peers: heartbeat, collisions and handshake information for "show peers" command. - BUILD: makefile: Enable getaddrinfo() on OS/X 2020/09/25 : 2.3-dev5 - DOC: Fix typo in iif() example - CLEANUP: Update .gitignore - BUILD: introduce possibility to define ABORT_NOW() conditionally - CI: travis-ci: help Coverity to recognize abort() - BUG/MINOR: Fix type passed of sizeof() for calloc() - CLEANUP: Do not use a fixed type for 'sizeof' in 'calloc' - CLEANUP: tree-wide: use VAR_ARRAY instead of [0] in various definitions - BUILD: connection: fix build on clang after the VAR_ARRAY cleanup - BUG/MINOR: ssl: verifyhost is case sensitive - BUILD: makefile: change default value of CC from gcc to cc - CI: travis-ci: split asan step out of running tests - BUG/MINOR: server: report correct error message for invalid port on "socks4" - BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly. - BUG/MINOR: ssl/crt-list: crt-list could end without a \n - BUG/MINOR: log-forward: fail on unknown keywords - MEDIUM: log-forward: use "dgram-bind" instead of "bind" for the listener - BUG/MEDIUM: log-forward: always quit on parsing errors - MEDIUM: ssl: remove bundle support in crt-list and directories - MEDIUM: ssl/cli: remove support for multi certificates bundle - MINOR: ssl: crtlist_dup_ssl_conf() duplicates a ssl_bind_conf - MINOR: ssl: crtlist_entry_dup() duplicates a crtlist_entry - MEDIUM: ssl: emulates the multi-cert bundles in the crtlist - MEDIUM: ssl: emulate multi-cert bundles loading in standard loading - CLEANUP: ssl: remove test on "multi" variable in ckch functions - CLEANUP: ssl/cli: remove test on 'multi' variable in CLI functions - CLEANUP: ssl: remove utility functions for bundle - DOC: explain bundle emulation in configuration.txt - BUILD: fix build with openssl < 1.0.2 since bundle removal - BUG/MINOR: log: gracefully handle the "udp@" address format for log servers - BUG/MINOR: dns: gracefully handle the "udp@" address format for nameservers - MINOR: listener: create a new struct "settings" in bind_conf - MINOR: listener: move bind_proc and bind_thread to struct settings - MINOR: listener: move the interface to the struct settings - MINOR: listener: move the network namespace to the struct settings - REORG: listener: create a new struct receiver - REORG: listener: move the listening address to a struct receiver - REORG: listener: move the receiving FD to struct receiver - REORG: listener: move the listener's proto to the receiver - MINOR: listener: make sock_find_compatible_fd() check the socket type - REORG: listener: move the receiver part to a new file - MINOR: receiver: link the receiver to its settings - MINOR: receiver: link the receiver to its owner - MINOR: listener: prefer to retrieve the socket's settings via the receiver - MINOR: receiver: add a receiver-specific flag to indicate the socket is bound - MINOR: listener: move the INHERITED flag down to the receiver - MINOR: receiver: move the FOREIGN and V6ONLY options from listener to settings - MINOR: sock: make sock_find_compatible_fd() only take a receiver - MINOR: protocol: rename the ->bind field to ->listen - MINOR: protocol: add a new ->bind() entry to bind the receiver - MEDIUM: sock_inet: implement sock_inet_bind_receiver() - MEDIUM: tcp: make use of sock_inet_bind_receiver() - MEDIUM: udp: make use of sock_inet_bind_receiver() - MEDIUM: sock_unix: implement sock_unix_bind_receiver() - MEDIUM: uxst: make use of sock_unix_bind_receiver() - MEDIUM: sockpair: implement sockpair_bind_receiver() - MEDIUM: proto_sockpair: make use of sockpair_bind_receiver() - MEDIUM: protocol: explicitly start the receiver before the listener - MEDIUM: protocol: do not call proto->bind() anymore from bind_listener() - MINOR: protocol: add a new proto_fam structure for protocol families - MINOR: protocol: retrieve the family-specific fields from the family - CLEANUP: protocol: remove family-specific fields from struct protocol - MINOR: protocol: add a real family for existing FDs - CLEANUP: tools: make str2sa_range() less awful for fd@ and sockpair@ - MINOR: tools: make str2sa_range() take more options than just resolve - MINOR: tools: add several PA_O_PORT_* flags in str2sa_range() callers - MEDIUM: tools: make str2sa_range() validate callers' port specifications - MEDIUM: config: remove all checks for missing/invalid ports/ranges - MINOR: tools: add several PA_O_* flags in str2sa_range() callers - MINOR: listener: remove the inherited arg to create_listener() - MINOR: tools: make str2sa_range() optionally return the fd - MINOR: log: detect LOG_TARGET_FD from the fd and not from the syntax - MEDIUM: tools: make str2sa_range() resolve pre-bound listeners - MINOR: config: do not test an inherited socket again - MEDIUM: tools: make str2sa_range() check for the sockpair's FD usability - MINOR: tools: start to distinguish stream and dgram in str2sa_range() - MEDIUM: tools: make str2sa_range() only report AF_CUST_UDP on listeners - MINOR: tools: remove the central test for "udp" in str2sa_range() - MINOR: cfgparse: add str2receiver() to parse dgram receivers - MINOR: log-forward: use str2receiver() to parse the dgram-bind address - MEDIUM: config: make str2listener() not accept datagram sockets anymore - MINOR: listener: pass the chosen protocol to create_listeners() - MINOR: tools: make str2sa_range() directly return the protocol - MEDIUM: tools: make str2sa_range() check that the protocol has ->connect() - MINOR: protocol: add the control layer type in the protocol struct - MEDIUM: protocol: store the socket and control type in the protocol array - MEDIUM: tools: make str2sa_range() use protocol_lookup() - MEDIUM: proto_udp: replace last AF_CUST_UDP* with AF_INET* - MINOR: tools: drop listener detection hack from str2sa_range() - BUILD: sock_unix: add missing errno.h - MINOR: sock_inet: report the errno string in binding errors - MINOR: sock_unix: report the errno string in binding errors - BUILD: sock_inet: include errno.h - MINOR: h2/trace: also display the remaining frame length in traces - BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK - BUG/MEDIUM: h2: report frame bits only for handled types - BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch - BUG/MINOR: Fix memory leaks cfg_parse_peers - BUG/MINOR: config: Fix memory leak on config parse listen - MINOR: backend: make the "whole" option of balance uri take only one bit - MINOR: backend: add a new "path-only" option to "balance uri" - REGTESTS: add a few load balancing tests - BUG/MEDIUM: listeners: do not pause foreign listeners - BUG/MINOR: listeners: properly close listener FDs - BUILD: trace: include tools.h 2020/09/11 : 2.3-dev4 - MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode - BUG/MEDIUM: ssl: crt-list negative filters don't work - DOC: overhauling github issue templates - MEDIUM: cfgparse: Emit hard error on truncated lines - DOC: cache: Use '' instead of '' in error message - MINOR: cache: Reject duplicate cache names - REGTEST: remove stray leading spaces in converteers_ref_cnt_never_dec.vtc - MINOR: stats: prevent favicon.ico requests for stats page - BUILD: tools: include auxv a bit later - BUILD: task: work around a bogus warning in gcc 4.7/4.8 at -O1 - MEDIUM: ssl: Support certificate chaining for certificate generation - MINOR: ssl: Support SAN extension for certificate generation - MINOR: tcp: don't try to set/clear v6only on inherited sockets - BUG/MINOR: reload: detect the OS's v6only status before choosing an old socket - MINOR: reload: determine the foreing binding status from the socket - MEDIUM: reload: stop passing listener options along with FDs - BUG/MEDIUM: ssl: fix ssl_bind_conf double free w/ wildcards - MEDIUM: fd: replace usages of fd_remove() with fd_stop_both() - CLEANUP: fd: remove fd_remove() and rename fd_dodelete() to fd_delete() - MINOR: fd: add a new "exported" flag and use it for all regular listeners - MEDIUM: reload: pass all exportable FDs, not just listeners - DOC: add description of pidfile in master-worker mode - BUG/MINOR: reload: do not fail when no socket is sent - REORG: tcp: move TCP actions from proto_tcp.c to tcp_act.c - CLEANUP: tcp: stop exporting smp_fetch_src() - REORG: tcp: move TCP sample fetches from proto_tcp.c to tcp_sample.c - REORG: tcp: move TCP bind/server keywords from proto_tcp.c to cfgparse-tcp.c - REORG: unix: move UNIX bind/server keywords from proto_uxst.c to cfgparse-unix.c - REORG: sock: start to move some generic socket code to sock.c - MINOR: sock: introduce sock_inet and sock_unix - MINOR: tcp/udp/unix: make use of proto->addrcmp() to compare addresses - MINOR: sock_inet: implement sock_inet_get_dst() - REORG: inet: replace tcp_is_foreign() with sock_inet_is_foreign() - REORG: sock_inet: move v6only_default from proto_tcp.c to sock_inet.c - REORG: sock_inet: move default_tcp_maxseg from proto_tcp.c - REORG: listener: move xfer_sock_list to sock.{c,h}. - MINOR: sock: add interface and namespace length to xfer_sock_list - MINOR: sock: implement sock_find_compatible_fd() - MINOR: sock_inet: move the IPv4/v6 transparent mode code to sock_inet - REORG: sock: move get_old_sockets() from haproxy.c - MINOR: sock: do not use LI_O_* in xfer_sock_list anymore - MINOR: sock: distinguish dgram from stream types when retrieving old sockets - BUILD: sock_unix: fix build issue with isdigit() - BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers - MINOR: http-htx: Add an option to eval query-string when the path is replaced - BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action - MINOR: http-htx: Handle an optional reason when replacing the response status - MINOR: contrib/spoa-server: allow MAX_FRAME_SIZE override - BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak - BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed - BUG/MINOR: contrib/spoa-server: Do not free reference to NULL - BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure - BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address - CLEANUP: http: silence a cppcheck warning in get_http_auth() - REGTEST: increase some short timeouts to make tests more reliable - BUG/MINOR: threads: work around a libgcc_s issue with chrooting - BUILD: thread: limit the libgcc_s workaround to glibc only - MINOR: protocol: do not call proto->bind_all() anymore - MINOR: protocol: do not call proto->unbind_all() anymore - CLEANUP: protocol: remove all ->bind_all() and ->unbind_all() functions - MAJOR: init: start all listeners via protocols and not via proxies anymore - BUG/MINOR: startup: haproxy -s cause 100% cpu - Revert "BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action" - BUG/MEDIUM: doc: Fix replace-path action description - MINOR: http-rules: Add set-pathq and replace-pathq actions - MINOR: http-fetch: Add pathq sample fetch - REGTEST: Add a test for request path manipulations, with and without the QS - MINOR: Commit .gitattributes - CLEANUP: Update .gitignore - BUG/MEDIUM: dns: Don't store additional records in a linked-list - BUG/MEDIUM: dns: Be sure to renew IP address for already known servers - MINOR: server: Improve log message sent when server address is updated - DOC: ssl-load-extra-files only applies to certificates on bind lines - BUG/MINOR: auth: report valid crypto(3) support depending on build options - BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections - BUILD: threads: better workaround for late loading of libgcc_s - BUILD: compiler: reserve the gcc version checks to the gcc compiler - BUILD: compiler: workaround a glibc madness around __attribute__() - BUILD: intops: on x86_64, the bswap instruction is called bswapq - BUILD: trace: always have an argument before variadic args in macros - BUILD: traces: don't pass an empty argument for missing ones - BUG/MINOR: haproxy: Free uri_auth->scope during deinit - CLEANUP: Free old_argv on deinit - CLEANUP: haproxy: Free post_proxy_check_list in deinit() - CLEANUP: haproxy: Free per_thread_*_list in deinit() - CLEANUP: haproxy: Free post_check_list in deinit() - BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned - REORG: tools: move PARSE_OPT_* from tools.h to tools-t.h - MINOR: sample: Add iif(,) converter 2020/08/14 : 2.3-dev3 - SCRIPTS: git-show-backports: make -m most only show the left branch - SCRIPTS: git-show-backports: emit the shell command to backport a commit - BUILD: Makefile: require SSL_LIB, SSL_INC to be explicitly set - CI: travis-ci: specify SLZ_LIB, SLZ_INC for travis builds - BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send - CLEANUP: dns: typo in reported error message - BUG/MAJOR: dns: disabled servers through SRV records never recover - BUG/MINOR: spoa-server: fix size_t format printing - DOC: spoa-server: fix false friends `actually` - BUG/MINOR: ssl: fix memory leak at OCSP loading - BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free() - BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime - MINOR: arg: Add an argument type to keep a reference on opaque data - BUG/MINOR: converters: Store the sink in an arg pointer for debug() converter - BUG/MINOR: lua: Duplicate map name to load it when a new Map object is created - BUG/MINOR: arg: Fix leaks during arguments validation for fetches/converters - BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation - BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation - MINOR: hlua: Don't needlessly copy lua strings in trash during args validation - BUG/MINOR: lua: Duplicate lua strings in sample fetches/converters arg array - MEDIUM: lua: Don't filter exported fetches and converters - MINOR: lua: Add support for userlist as fetches and converters arguments - MINOR: lua: Add support for regex as fetches and converters arguments - MINOR: arg: Use chunk_destroy() to release string arguments - BUG/MINOR: snapshots: leak of snapshots on deinit() - CLEANUP: ssl: ssl_sock_crt2der semicolon and spaces - MINOR: ssl: add ssl_{c,s}_chain_der fetch methods - CLEANUP: fix all duplicated semicolons - BUG/MEDIUM: ssl: fix the ssl-skip-self-issued-ca option - BUG/MINOR: ssl: ssl-skip-self-issued-ca requires >= 1.0.2 - BUG/MINOR: stats: use strncmp() instead of memcmp() on health states - BUILD: makefile: don't disable -Wstringop-overflow anymore - BUG/MINOR: ssl: double free w/ smp_fetch_ssl_x_chain_der() - BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction - BUG/MEDIUM: ssl: never generates the chain from the verify store - OPTIM: regex: PCRE2 use JIT match when JIT optimisation occured. - BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate - CLEANUP: ssl: remove poorly readable nested ternary 2020/07/31 : 2.3-dev2 - DOC: ssl: req_ssl_sni needs implicit TLS - BUG/MEDIUM: arg: empty args list must be dropped - BUG/MEDIUM: resolve: fix init resolving for ring and peers section. - BUG/MAJOR: tasks: don't requeue global tasks into the local queue - MINOR: tasks/debug: make the thread affinity BUG_ON check a bit stricter - MINOR: tasks/debug: add a few BUG_ON() to detect use of wrong timer queue - MINOR: tasks/debug: add a BUG_ON() check to detect requeued task on free - BUG/MAJOR: dns: Make the do-resolve action thread-safe - BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed - MEDIUM: htx: Add a flag on a HTX message when no more data are expected - BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected - BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering - CLEANUP: dns: remove 45 "return" statements from dns_validate_dns_response() - BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one - BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore - BUILD: tools: fix build with static only toolchains - DOC: Use gender neutral language - BUG/MINOR: debug: Don't dump the lua stack if it is not initialized - BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status - BUG/MAJOR: dns: don't treat Authority records as an error - CI : travis-ci : prepare for using stock OpenSSL - CI: travis-ci : switch to stock openssl when openssl-1.1.1 is used - MEDIUM: lua: Add support for the Lua 5.4 - BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation - BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation - MINOR: tcp-rules: Return an internal error if an action yields on a final eval - BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort - BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields - MEDIUM: tcp-rules: Use a dedicated expiration date for tcp ruleset - MEDIUM: lua: Set the analyse expiration date with smaller wake_time only - BUG/MEDIUM: connection: Be sure to always install a mux for sync connect - MINOR: connection: Preinstall the mux for non-ssl connect - MINOR: stream-int: Be sure to have a mux to do sends and receives - BUG/MINOR: lua: Fix a possible null pointer deref on lua ctx - SCRIPTS: announce-release: add the link to the wiki in the announce messages - CI: travis-ci: use better name for Coverity scan job - CI: travis-ci: use proper linking flags for SLZ build - BUG/MEDIUM: backend: always attach the transport before installing the mux - BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux - MINOR: connection: avoid a useless recvfrom() on outgoing connections - MINOR: mux-h1: do not even try to receive if the connection is not fully set up - MINOR: mux-h1: do not try to receive on backend before sending a request - CLEANUP: assorted typo fixes in the code and comments - BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() 2020/07/17 : 2.3-dev1 - MINOR: config: make strict limits enabled by default - BUG/MINOR: acl: Fix freeing of expr->smp in prune_acl_expr - BUG/MINOR: sample: Fix freeing of conv_exprs in release_sample_expr - BUG/MINOR: haproxy: Free proxy->format_unique_id during deinit - BUG/MINOR: haproxy: Add missing free of server->(hostname|resolvers_id) - BUG/MINOR: haproxy: Free proxy->unique_id_header during deinit - BUG/MINOR: haproxy: Free srule->file during deinit - BUG/MINOR: haproxy: Free srule->expr during deinit - BUG/MINOR: sample: Free str.area in smp_check_const_bool - BUG/MINOR: sample: Free str.area in smp_check_const_meth - CLEANUP: haproxy: Free proxy_deinit_list in deinit() - CLEANUP: haproxy: Free post_deinit_list in deinit() - CLEANUP: haproxy: Free server_deinit_list in deinit() - CLEANUP: haproxy: Free post_server_check_list in deinit() - CLEANUP: Add static void vars_deinit() - CLEANUP: Add static void hlua_deinit() - CLEANUP: contrib/prometheus-exporter: typo fixes for ssl reuse metric - BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD() - BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ - MINOR: tcp: Support TCP keepalive parameters customization - BUILD: tcp: condition TCP keepalive settings to platforms providing them - MINOR: lists: rename some MT_LIST operations to clarify them - MINOR: buffer: use MT_LIST_ADDQ() for buffer_wait lists additions - MINOR: connection: use MT_LIST_ADDQ() to add connections to idle lists - MINOR: tasks: use MT_LIST_ADDQ() when killing tasks. - CONTRIB: da: fix memory leak in dummy function da_atlas_open() - CI: travis-ci: speed up osx build by running brew scripted, switch to latest osx image - BUG/MEDIUM: mux-h2: Don't add private connections in available connection list - BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list - MINOR: connection: Set the SNI on server connections before installing the mux - MINOR: connection: Set new connection as private on reuse never - MINOR: connection: Add a wrapper to mark a connection as private - MEDIUM: connection: Add private connections synchronously in session server list - MINOR: connection: Use a dedicated function to look for a session's connection - MINOR: connection: Set the conncetion target during its initialisation - MINOR: session: Take care to decrement idle_conns counter in session_unown_conn - MINOR: server: Factorize code to deal with reuse of server idle connections - MINOR: server: Factorize code to deal with connections removed from an idle list - CLEANUP: connection: remove unused field idle_time from the connection struct - BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode - MINOR: raw_sock: Report the number of bytes emitted using the splicing - MINOR: contrib/prometheus-exporter: Add missing global and per-server metrics - MINOR: backend: Add sample fetches to get the server's weight - BUG/MINOR: mux-fcgi: Handle empty STDERR record - BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding - BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT - BUG/MINOR: backend: fix potential null deref on srv_conn - BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. - MEDIUM: udp: adds minimal proto udp support for message listeners. - MEDIUM: log/sink: re-work and merge of build message API. - MINOR: log: adds syslog udp message handler and parsing. - MEDIUM: log: adds log forwarding section. - MINOR: log: adds counters on received syslog messages. - BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers - BUG/MEDIUM: server: resolve state file handle leak on reload - BUG/MEDIUM: server: fix possibly uninitialized state file on close - BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked - BUILD: config: address build warning on raspbian+rpi4 - BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed - BUILD: config: fix again bugs gcc warnings on calloc 2020/07/07 : 2.3-dev0 - [RELEASE] Released version 2.3-dev0 - MINOR: version: back to development, update status message 2020/07/07 : 2.3-dev0 - exact copy of 2.2.0 2020/07/07 : 2.2.0 - BUILD: mux-h2: fix typo breaking build when using DEBUG_LOCK - CLEANUP: makefile: update the outdated list of DEBUG_xxx options - BUILD: tools: make resolve_sym_name() return a const - CLEANUP: auth: fix useless self-include of auth-t.h - BUILD: tree-wide: cast arguments to tolower/toupper to unsigned char - CLEANUP: assorted typo fixes in the code and comments - WIP/MINOR: ssl: add sample fetches for keylog in frontend - DOC: fix tune.ssl.keylog sample fetches array - BUG/MINOR: ssl: check conn in keylog sample fetch - DOC: configuration: various typo fixes - MINOR: log: Remove unused case statement during the log-format string parsing - BUG/MINOR: mux-h1: Fix the splicing in TUNNEL mode - BUG/MINOR: mux-h1: Don't read data from a pipe if the mux is unable to receive - BUG/MINOR: mux-h1: Disable splicing only if input data was processed - BUG/MEDIUM: mux-h1: Disable splicing for the conn-stream if read0 is received - MINOR: mux-h1: Improve traces about the splicing - BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server - BUG/MEDIUM: connection: Don't consider new private connections as available - BUG/MINOR: connection: See new connection as available only on reuse always - DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x - CLEANUP: ssl: remove unrelevant comment in smp_fetch_ssl_x_keylog() - DOC: update INSTALL with new compiler versions - DOC: minor update to coding style file - MINOR: version: mention that it's an LTS release now 2020/07/04 : 2.2-dev12 - BUG/MINOR: mux_h2: don't lose the leaving trace in h2_io_cb() - MINOR: cli: make "show sess" stop at the last known session - CLEANUP: buffers: remove unused buffer_wq_lock lock - BUG/MEDIUM: buffers: always allocate from the local cache first - MINOR: connection: align toremove_{lock,connections} and cleanup into idle_conns - CONTRIB: debug: add missing flags SI_FL_L7_RETRY & SI_FL_D_L7_RETRY - BUG/MEDIUM: connections: Don't increase curr_used_conns for shared connections. - BUG/MEDIUM: checks: Increment the server's curr_used_conns - REORG: buffer: rename buffer.c to dynbuf.c - REORG: includes: create tinfo.h for the thread_info struct - CLEANUP: pool: only include the type files from types - MINOR: pools: move the LRU cache heads to thread_info - BUG/MINOR: debug: fix "show fd" null-deref when built with DEBUG_FD - MINOR: stats: add 3 new output values for the per-server idle conn state - MINOR: activity: add per-thread statistics on FD takeover - BUG/MINOR: server: start cleaning idle connections from various points - MEDIUM: server: improve estimate of the need for idle connections - MINOR: stats: add the estimated need of concurrent connections per server - BUG/MINOR: threads: Don't forget to init each thread toremove_lock. - BUG/MEDIUM: lists: Lock the element while we check if it is in a list. - Revert "BUG/MEDIUM: lists: Lock the element while we check if it is in a list." - BUG/MINOR: haproxy: don't wake already stopping threads on exit - BUG/MINOR: server: always count one idle slot for current thread - MEDIUM: server: use the two thresholds for the connection release algorithm - BUG/MINOR: http-rules: Fix ACLs parsing for http deny rules - BUG/MINOR: sched: properly cover for a rare MT_LIST_ADDQ() race - MINOR: mux-h1: avoid taking the toremove_lock in on dying tasks - MINOR: mux-h2: avoid taking the toremove_lock in on dying tasks - MINOR: mux-fcgi: avoid taking the toremove_lock in on dying tasks - MINOR: pools: increase MAX_BASE_POOLS to 64 - DOC: ssl: add "allow-0rtt" and "ciphersuites" in crt-list - BUG/MEDIUM: pattern: Add a trailing \0 to match strings only if possible - BUG/MEDIUM: log-format: fix possible endless loop in parse_logformat_string() - BUG/MINOR: proxy: fix dump_server_state()'s misuse of the trash - BUG/MINOR: proxy: always initialize the trash in show servers state - MINOR: cli/proxy: add a new "show servers conn" command - MINOR: server: skip servers with no idle conns earlier - BUG/MINOR: server: fix the connection release logic regarding nearly full conditions - MEDIUM: server: add a new pool-low-conn server setting - BUG/MEDIUM: backend: always search in the safe list after failing on the idle one - MINOR: backend: don't always takeover from the same threads - MINOR: sched: make sched->task_list_size atomic - MEDIUM: sched: create a new TASK_KILLED task flag - MEDIUM: sched: implement task_kill() to kill a task - MEDIUM: mux-h1: use task_kill() during h1_takeover() instead of task_wakeup() - MEDIUM: mux-h2: use task_kill() during h2_takeover() instead of task_wakeup() - MEDIUM: mux-fcgi: use task_kill() during fcgi_takeover() instead of task_wakeup() - MINOR: list: Add MT_LIST_DEL_SAFE_NOINIT() and MT_LIST_ADDQ_NOCHECK() - CLEANUP: connections: rename the toremove_lock to takeover_lock - MEDIUM: connections: Don't use a lock when moving connections to remove. - DOC: configuration: add missing index entries for tune.pool-{low,high}-fd-ratio - DOC: configuration: fix alphabetical ordering for tune.pool-{high,low}-fd-ratio - MINOR: config: add a new tune.idle-pool.shared global setting. - MINOR: 51d: silence a warning about null pointer dereference - MINOR: debug: add a new "debug dev memstats" command - MINOR: log-format: allow to preserve spacing in log format strings - BUILD: debug: avoid build warnings with DEBUG_MEM_STATS - BUG/MAJOR: sched: make sure task_kill() always queues the task - BUG/MEDIUM: muxes: Make sure nobody stole the connection before using it. - BUG/MEDIUM: cli/proxy: don't try to dump idle connection state if there's none - BUILD: haproxy: fix build error when RLIMIT_AS is not set - BUG/MAJOR: sched: make it work also when not building with DEBUG_STRICT - MINOR: log: add time second fraction field to rfc5424 log timestamp. - BUG/MINOR: log: missing timezone on iso dates. - BUG/MEDIUM: server: don't kill all idle conns when there are not enough - MINOR: sched: split tasklet_wakeup() into tasklet_wakeup_on() - BUG/MEDIUM: connections: Set the tid for the old tasklet on takeover. - BUG/MEDIUM: connections: Let the xprt layer know a takeover happened. - BUG/MINOR: http_act: don't check capture id in backend (2) - BUILD: makefile: disable threads by default on OpenBSD - BUILD: peers: fix build warning with gcc 4.2.1 - CI: cirrus-ci: exclude slow reg-tests 2020/06/26 : 2.2-dev11 - REGTEST: Add a simple script to tests errorfile directives in proxy sections - BUG/MEDIUM: fcgi-app: Resolve the sink if a fcgi-app logs in a ring buffer - BUG/MINOR: spoe: correction of setting bits for analyzer - BUG/MINOR: cfgparse: Support configurations without newline at EOF - MINOR: cfgparse: Warn on truncated lines / files - BUG/MINOR: http_ana: clarify connection pointer check on L7 retry - MINOR: debug: add a new DEBUG_FD build option - BUG/MINOR: tasks: make sure never to exceed max_processed - MINOR: task: add a new pointer to current tasklet queue - BUG/MEDIUM: task: be careful not to run too many tasks at TL_URGENT - BUG/MINOR: cfgparse: Fix argument reference in PARSE_ERR_TOOMANY message - BUG/MINOR: cfgparse: Fix calculation of position for PARSE_ERR_TOOMANY message - BUG/MEDIUM: ssl: fix ssl_bind_conf double free - MINOR: ssl: free bind_conf_node in crtlist_free() - MINOR: ssl: free the crtlist and the ckch during the deinit() - BUG/MINOR: ssl: fix build with ckch_deinit() and crtlist_deinit() - BUG/MINOR: ssl/cli: certs added from the CLI can't be deleted - MINOR: ssl: move the ckch/crtlist deinit to ssl_sock.c - MEDIUM: tasks: apply a fair CPU distribution between tasklet classes - MINOR: tasks: make current_queue an index instead of a pointer - MINOR: tasks: add a mask of the queues with active tasklets - MINOR: tasks: pass the queue index to run_task_from_list() - MINOR: tasks: make run_tasks_from_lists() scan the queues itself - MEDIUM: tasks: add a tune.sched.low-latency option - BUG/MEDIUM: ssl/cli: 'commit ssl cert' crashes when no private key - BUG/MINOR: cfgparse: don't increment linenum on incomplete lines - MINOR: tools: make parse_line() always terminate the args list - BUG/MINOR: cfgparse: report extraneous args *after* the string is allocated - MINOR: cfgparse: sanitize the output a little bit - MINOR: cli/ssl: handle trailing slashes in crt-list commands - MINOR: ssl: add the ssl_s_* sample fetches for server side certificate - BUG/MEDIUM: http-ana: Don't loop trying to generate a malformed 500 response - BUG/MINOR: stream-int: Don't wait to send truncated HTTP messages - BUG/MINOR: http-ana: Set CF_EOI on response channel for generated responses - BUG/MINOR: http-ana: Don't wait to send 1xx responses generated by HAProxy - MINOR: spoe: Don't systematically create new applets if processing rate is low - DOC: fix some typos in the ssl_s_{s|i}_dn documentation - BUILD: fix ssl_sample.c when building against BoringSSL - CI: travis-ci: switch BoringSSL builds to ninja - CI: extend spellchecker whitelist - DOC: assorted typo fixes in the documentation - CLEANUP: assorted typo fixes in the code and comments - MINOR: http: Add support for http 413 status - REGTEST: ssl: tests the ssl_f_* sample fetches - REGTEST: ssl: add some ssl_c_* sample fetches test - DOC: ssl: update the documentation of "commit ssl cert" - BUG/MINOR: cfgparse: correctly deal with empty lines - BUG/MEDIUM: fetch: Fix hdr_ip misparsing IPv4 addresses due to missing NUL 2020/06/19 : 2.2-dev10 - BUILD: include: add sys/types before netinet/tcp.h - BUG/MEDIUM: log: don't hold the log lock during writev() on a file descriptor - BUILD: Remove nowarn for warnings that do not trigger - BUG/MEDIUM: pattern: fix thread safety of pattern matching - BUILD: Re-enable -Wimplicit-fallthrough - BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0 - BUILD: thread: add parenthesis around values of locking macros - BUILD: proto_uxst: shut up yet another gcc's absurd warning - BUG/MEDIUM: checks: Fix off-by-one in allocation of SMTP greeting cmd - CI: travis-ci: use "-O1" for clang builds - MINOR: haproxy: Add void deinit_and_exit(int) - MINOR: haproxy: Make use of deinit_and_exit() for clean exits - BUG/MINOR: haproxy: Free rule->arg.vars.expr during deinit_act_rules - BUILD: compression: make gcc 10 happy with free_zlib() - BUILD: atomic: add string.h for memcpy() on ARM64 - BUG/MINOR: http: make smp_fetch_body() report that the contents may change - BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness - BUILD: haproxy: mark deinit_and_exit() as noreturn - BUG/MAJOR: vars: Fix bogus free() during deinit() for http-request rules - BUG/MEDIUM: ebtree: use a byte-per-byte memcmp() to compare memory blocks - MINOR: tools: add a new configurable line parse, parse_line() - BUG/MEDIUM: cfgparse: use parse_line() to expand/unquote/unescape config lines - BUG/MEDIUM: cfgparse: stop after a reasonable amount of fatal error - MINOR: http: do not close connections anymore after internal responses - BUG/MINOR: cfgparse: Add missing fatal++ in PARSE_ERR_HEX case - BUG/MINOR: spoe: add missing key length check before checking key names - MINOR: version: put the compiler version output into version.c not haproxy.c - MINOR: compiler: always define __has_feature() - MINOR: version: report the presence of the compiler's address sanitizer - BUILD: Fix build by including haproxy/global.h - BUG/MAJOR: connection: always disable ready events once reported - CLEANUP: activity: remove unused counter fd_lock - DOC: fd: make it clear that some fields ordering must absolutely be respected - MINOR: activity: report the number of times poll() reports I/O - MINOR: activity: rename confusing poll_* fields in the output - MINOR: fd: Fix a typo in a coment. - BUG/MEDIUM: fd: Don't fd_stop_recv() a fd we don't own. - BUG/MEDIUM: fd: Call fd_stop_recv() when we just got a fd. - MINOR: activity: group the per-loop counters at the top - MINOR: activity: rename the "stream" field to "stream_calls" - MEDIUM: fd: refine the fd_takeover() migration lock - MINOR: fd: slightly optimize the fd_takeover double-CAS loop - MINOR: fd: factorize the fd_takeover() exit path to make it safer - MINOR: peers: do not use localpeer as an array anymore - MEDIUM: peers: add the "localpeer" global option - MEDIUM: fd: add experimental support for edge-triggered polling - CONTRIB: debug: add the missing flags CO_FL_SAFE_LIST and CO_FL_IDLE_LIST - MINOR: haproxy: process signals before runnable tasks - MEDIUM: tasks: clean up the front side of the wait queue in wake_expired_tasks() - MEDIUM: tasks: also process late wakeups in process_runnable_tasks() - BUG/MINOR: cli: allow space escaping on the CLI - BUG/MINOR: mworker/cli: fix the escaping in the master CLI - BUG/MINOR: mworker/cli: fix semicolon escaping in master CLI - REGTEST: http-rules: test spaces in ACLs - REGTEST: http-rules: test spaces in ACLs with master CLI - BUG/MAJOR: init: properly compute the default global.maxpipes value - MEDIUM: map: make the "clear map" operation yield - BUG/MEDIUM: stream-int: fix loss of CO_SFL_MSG_MORE flag in forwarding - MINOR: mux_h1: Set H1_F_CO_MSG_MORE if we know we have more to send. - BUG/MINOR: systemd: Wait for network to be online - DOC: configuration: Unindent non-code sentences in the protobuf example - DOC: configuration: http-check send was missing from matrix 2020/06/11 : 2.2-dev9 - BUG/MINOR: http-htx: Don't forget to release the http reply in release function - BUG/MINOR: http-htx: Fix a leak on error path during http reply parsing - MINOR: checks: Remove dead code from process_chk_conn() - REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used - REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv - MINOR: lua: Use vars_unset_by_name_ifexist() - CLEANUP: vars: Remove void vars_unset_by_name(const char*, size_t, struct sample*) - MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value - MINOR: lua: Make `set_var()` and `unset_var()` return success - MEDIUM: lua: Add `ifexist` parameter to `set_var` - MEDIUM: ring: new section ring to declare custom ring buffers. - REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for compression/lua_validation - REGTESTS: Require the version 2.2 to execute lua/set_var - BUG/MEDIUM: checks: Refresh the conn-stream and the connection after a connect - MINOR: checks: Remove useless tests on the connection and conn-stream - BUG/MEDIUM: contrib/spoa: do not register python3.8 if --embed fail - BUG/MEDIUM: connection: Ignore PP2 unique ID for stream-less connections - BUG/MINOR: connection: Always get the stream when available to send PP2 line - BUG/MEDIUM: backend: set the connection owner to the session when using alpn. - MINOR: pools: compute an estimate of each pool's average needed objects - MEDIUM: pools: directly free objects when pools are too much crowded - REGTEST: Add connection/proxy_protocol_send_unique_id_alpn - MINOR: http-ana: Make the function http_reply_to_htx() public - MINOR: http-ana: Use proxy's error replies to emit 401/407 responses - MINOR: http-rules: Use an action function to eval http-request auth rules - CLEANUP: http: Remove unused HTTP message templates - BUG/MEDIUM: checks: Don't blindly subscribe for receive if waiting for connect - MINOR: checks: I/O callback function only rely on the data layer wake callback - BUG/MINOR: lua: Add missing string length for lua sticktable lookup - BUG/MEDIUM: logs: fix trailing zeros on log message. - CI: cirrus-ci: skip reg-tests/connection/proxy_protocol_send_unique_id_alpn.vtc on CentOS 6 - BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf - BUG/MEDIUM: checks: Don't add a tcpcheck ruleset twice in the shared tree - MEDIUM: ssl: use TLSv1.2 as the minimum default on bind lines - CLEANUP: pools: use the regular lock for the flush operation on lockless pools - SCRIPTS: publish-release: pass -n to gzip to remove timestamp - MINOR: ring: re-work ring attach generic API. - BUG/MINOR: error on unknown statement in ring section. - MEDIUM: ring: add server statement to forward messages from a ring - MEDIUM: ring: add new srv statement to support octet counting forward - MINOR: ssl: set ssl-min-ver in ambiguous configurations - CLEANUP: ssl: remove comment from dump_crtlist_sslconf() - BUILD: sink: address build warning on 32-bit architectures - BUG/MINOR: peers: fix internal/network key type mapping. - CLEANUP: regex: remove outdated support for regex actions - Revert "MINOR: ssl: rework add cert chain to CTX to be libssl independent" - MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade - BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action - DOC: add a line about comments in crt-list - BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations - BUG/MINOR: checks: Fix test on http-check rulesets during config validity check - BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics - BUG/MEDIUM: mworker: fix the copy of options in copy_argv() - BUG/MINOR: init: -x can have a parameter starting with a dash - BUG/MINOR: init: -S can have a parameter starting with a dash - BUG/MEDIUM: mworker: fix the reload with an -- option - BUG/MINOR: ssl: fix a trash buffer leak in some error cases - BUG/MINOR: mworker: fix a memleak when execvp() failed - MINOR: sample: Add secure_memcmp converter - REORG: ebtree: move the C files from ebtree/ to src/ - REORG: ebtree: move the include files from ebtree to include/import/ - REORG: ebtree: clean up remains of the ebtree/ directory - REORG: include: create new file haproxy/api-t.h - REORG: include: create new file haproxy/api.h - REORG: include: update all files to use haproxy/api.h or api-t.h if needed - CLEANUP: include: remove common/config.h - CLEANUP: include: remove unused template.h - REORG: include: move MIN/MAX from tools.h to compat.h - REORG: include: move SWAP/MID_RANGE/MAX_RANGE from tools.h to standard.h - CLEANUP: include: remove unused common/tools.h - REORG: include: move the base files from common/ to haproxy/ - REORG: include: move version.h to haproxy/ - REORG: include: move base64.h, errors.h and hash.h from common to to haproxy/ - REORG: include: move openssl-compat.h from common/ to haproxy/ - REORG: include: move ist.h from common/ to import/ - REORG: include: move the BUG_ON() code to haproxy/bug.h - REORG: include: move debug.h from common/ to haproxy/ - CLEANUP: debug: drop unused function p_malloc() - REORG: include: split buf.h into haproxy/buf-t.h and haproxy/buf.h - REORG: include: move istbuf.h to haproxy/ - REORG: include: split mini-clist into haproxy/list and list-t.h - REORG: threads: extract atomic ops from hathreads.h - CLEANUP: threads: remove a few needless includes of hathreads.h - REORG: include: split hathreads into haproxy/thread.h and haproxy/thread-t.h - CLEANUP: thread: rename __decl_hathreads() to __decl_thread() - REORG: include: move time.h from common/ to haproxy/ - REORG: include: move integer manipulation functions from standard.h to intops.h - CLEANUP: include: remove excessive includes of common/standard.h - REORG: include: move freq_ctr to haproxy/ - CLEANUP: pool: include freq_ctr.h and remove locally duplicated functions - REORG: memory: move the pool type definitions to haproxy/pool-t.h - REORG: memory: move the OS-level allocator to haproxy/pool-os.h - MINOR: memory: don't let __pool_get_first() pick from the cache - MEDIUM: memory: don't let pool_put_to_cache() free the objects itself - MINOR: memory: move pool-specific path of the locked pool_free() to __pool_free() - MEDIUM: memory: make local pools independent on lockless pools - REORG: include: move common/memory.h to haproxy/pool.h - REORG: include: move common/chunk.h to haproxy/chunk.h - REORG: include: move activity to haproxy/ - REORG: include: move common/buffer.h to haproxy/dynbuf{,-t}.h - REORG: include: move common/net_helper.h to haproxy/net_helper.h - REORG: include: move common/namespace.h to haproxy/namespace{,-t}.h - REORG: include: split common/regex.h into haproxy/regex{,-t}.h - REORG: include: split common/xref.h into haproxy/xref{,-t}.h - REORG: include: move common/ticks.h to haproxy/ticks.h - REORG: include: split common/http.h into haproxy/http{,-t}.h - REORG: include: split common/http-hdr.h into haproxy/http-hdr{,-t}.h - REORG: include: move common/h1.h to haproxy/h1.h - REORG: include: split common/htx.h into haproxy/htx{,-t}.h - REORG: include: move hpack*.h to haproxy/ and split hpack-tbl - REORG: include: move common/h2.h to haproxy/h2.h - REORG: include: move common/fcgi.h to haproxy/ - REORG: include: move protocol.h to haproxy/protocol{,-t}.h - REORG: tools: split common/standard.h into haproxy/tools{,-t}.h - REORG: include: move dict.h to hparoxy/dict{,-t}.h - REORG: include: move shctx to haproxy/shctx{,-t}.h - REORG: include: move port_range.h to haproxy/port_range{,-t}.h - REORG: include: move fd.h to haproxy/fd{,-t}.h - REORG: include: move ring to haproxy/ring{,-t}.h - REORG: include: move sink.h to haproxy/sink{,-t}.h - REORG: include: move pipe.h to haproxy/pipe{,-t}.h - CLEANUP: include: remove empty raw_sock.h - REORG: include: move proto_udp.h to haproxy/proto_udp{,-t}.h - REORG: include: move proto/proto_sockpair.h to haproxy/proto_sockpair.h - REORG: include: move compression.h to haproxy/compression{,-t}.h - REORG: include: move h1_htx.h to haproxy/h1_htx.h - REORG: include: move http_htx.h to haproxy/http_htx{,-t}.h - REORG: include: move hlua.h to haproxy/hlua{,-t}.h - REORG: include: move hlua_fcn.h to haproxy/hlua_fcn.h - REORG: include: move action.h to haproxy/action{,-t}.h - REORG: include: move arg.h to haproxy/arg{,-t}.h - REORG: include: move auth.h to haproxy/auth{,-t}.h - REORG: include: move dns.h to haproxy/dns{,-t}.h - REORG: include: move flt_http_comp.h to haproxy/ - REORG: include: move counters.h to haproxy/counters-t.h - REORG: include: split mailers.h into haproxy/mailers{,-t}.h - REORG: include: move capture.h to haproxy/capture{,-t}.h - REORG: include: move frontend.h to haproxy/frontend.h - REORG: include: move obj_type.h to haproxy/obj_type{,-t}.h - REORG: include: move http_rules.h to haproxy/http_rules.h - CLEANUP: include: remove unused mux_pt.h - REORG: include: move mworker.h to haproxy/mworker{,-t}.h - REORG: include: move ssl_utils.h to haproxy/ssl_utils.h - REORG: include: move ssl_ckch.h to haproxy/ssl_ckch{,-t}.h - REORG: move ssl_crtlist.h to haproxy/ssl_crtlist{,-t}.h - REORG: include: move lb_chash.h to haproxy/lb_chash{,-t}.h - REORG: include: move lb_fas.h to haproxy/lb_fas{,-t}.h - REORG: include: move lb_fwlc.h to haproxy/lb_fwlc{,-t}.h - REORG: include: move lb_fwrr.h to haproxy/lb_fwrr{,-t}.h - REORG: include: move listener.h to haproxy/listener{,-t}.h - REORG: include: move pattern.h to haproxy/pattern{,-t}.h - REORG: include: move map to haproxy/map{,-t}.h - REORG: include: move payload.h to haproxy/payload.h - REORG: include: move sample.h to haproxy/sample{,-t}.h - REORG: include: move protocol_buffers.h to haproxy/protobuf{,-t}.h - REORG: include: move vars.h to haproxy/vars{,-t}.h - REORG: include: split global.h into haproxy/global{,-t}.h - REORG: include: move task.h to haproxy/task{,-t}.h - REORG: include: move proto_tcp.h to haproxy/proto_tcp.h - REORG: include: move signal.h to haproxy/signal{,-t}.h - REORG: include: move tcp_rules.h to haproxy/tcp_rules.h - REORG: include: move connection.h to haproxy/connection{,-t}.h - REORG: include: move checks.h to haproxy/check{,-t}.h - REORG: include: move http_fetch.h to haproxy/http_fetch.h - REORG: include: move peers.h to haproxy/peers{,-t}.h - REORG: include: move stick_table.h to haproxy/stick_table{,-t}.h - REORG: include: move session.h to haproxy/session{,-t}.h - REORG: include: move trace.h to haproxy/trace{,-t}.h - REORG: include: move acl.h to haproxy/acl.h{,-t}.h - REORG: include: split common/uri_auth.h into haproxy/uri_auth{,-t}.h - REORG: move applet.h to haproxy/applet{,-t}.h - REORG: include: move stats.h to haproxy/stats{,-t}.h - REORG: include: move cli.h to haproxy/cli{,-t}.h - REORG: include: move lb_map.h to haproxy/lb_map{,-t}.h - REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h - REORG: include: move stream_interface.h to haproxy/stream_interface{,-t}.h - REORG: include: move channel.h to haproxy/channel{,-t}.h - REORG: include: move http_ana.h to haproxy/http_ana{,-t}.h - REORG: include: move filters.h to haproxy/filters{,-t}.h - REORG: include: move fcgi-app.h to haproxy/fcgi-app{,-t}.h - REORG: include: move log.h to haproxy/log{,-t}.h - REORG: include: move proxy.h to haproxy/proxy{,-t}.h - REORG: include: move spoe.h to haproxy/spoe{,-t}.h - REORG: include: move backend.h to haproxy/backend{,-t}.h - REORG: include: move queue.h to haproxy/queue{,-t}.h - REORG: include: move server.h to haproxy/server{,-t}.h - REORG: include: move stream.h to haproxy/stream{,-t}.h - REORG: include: move cfgparse.h to haproxy/cfgparse.h - CLEANUP: hpack: export debug functions and move inlines to .h - REORG: check: move the e-mail alerting code to mailers.c - REORG: check: move tcpchecks away from check.c - REORG: check: move email_alert* from proxy-t.h to mailers-t.h - REORG: check: extract the external checks from check.{c,h} - CLEANUP: include: don't include stddef.h directly - CLEANUP: include: don't include proxy-t.h in global-t.h - CLEANUP: include: move sample_data out of sample-t.h - REORG: include: move the error reporting functions to from log.h to errors.h - BUILD: reorder objects in the Makefile for faster builds - CLEANUP: compiler: add a THREAD_ALIGNED macro and use it where appropriate - CLEANUP: include: make atomic.h part of the base API - REORG: include: move MAX_THREADS to defaults.h - REORG: include: move THREAD_LOCAL and __decl_thread() to compiler.h - CLEANUP: include: tree-wide alphabetical sort of include files - REORG: include: make list-t.h part of the base API - REORG: dgram: rename proto_udp to dgram 2020/05/22 : 2.2-dev8 - MINOR: checks: Improve report of unexpected errors for expect rules - MEDIUM: checks: Add matching on log-format string for expect rules - DOC: Fix req.body and co documentation to be accurate - MEDIUM: checks: Remove dedicated sample fetches and use response ones instead - CLEANUP: checks: sort and rename tcpcheck_expect_type types - MINOR: checks: Use dedicated actions to send log-format strings in send rules - MINOR: checks: Simplify matching on HTTP headers in HTTP expect rules - MINOR: checks/sample: Remove unnecessary tests on the sample session - REGTEST: checks: Adapt SSL error message reported when connection is rejected - MINOR: mworker: replace ha_alert by ha_warning when exiting successfuly - MINOR: checks: Support log-format string to set the URI for HTTP send rules - MINOR: checks: Support log-format string to set the body for HTTP send rules - DOC: Be more explicit about configurable check ok/error/timeout status - MINOR: checks: Make matching on HTTP headers for expect rules less obscure - BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT - BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur - REGTESTS: make the http-check-send test require version 2.2 - BUG/MINOR: http-ana: fix NTLM response parsing again - BUG/MEDIUM: http_ana: make the detection of NTLM variants safer - BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered - MINOR: cfgparse: Improve error message for invalid \x sequences - CI: travis-ci: enable arm64 builds again - MEDIUM: ssl: increase default-dh-param to 2048 - CI: travis-ci: skip pcre2 on arm64 build - CI: travis-ci: extend the build time for SSL to 60 minutes - CLEANUP: config: drop unused setting CONFIG_HAP_MEM_OPTIM - CLEANUP: config: drop unused setting CONFIG_HAP_INLINE_FD_SET - CLENAUP: config: move CONFIG_HAP_LOCKLESS_POOLS out of config.h - CLEANUP: remove THREAD_LOCAL from config.h - CI: travis-ci: upgrade LibreSSL versions - DOC: assorted typo fixes in the documentation - CI: extend spellchecker whitelist - CLEANUP: assorted typo fixes in the code and comments - MAJOR: contrib: porting spoa_server to support python3 - BUG/MEDIUM: checks: Subscribe to I/O events on an unfinished connect - BUG/MINOR: checks: Don't subscribe to I/O events if it is already done - BUG/MINOR: checks: Rely on next I/O oriented rule when waiting for a connection - MINOR: checks: Don't try to send outgoing data if waiting to be able to send - MINOR: sample: Move aes_gcm_dec implementation into sample.c - MINOR: sample: Add digest and hmac converters - BUG/MEDIUM: checks: Subscribe to I/O events only if a mux was installed - BUG/MINOR: sample/ssl: Fix digest converter for openssl < 1.1.0 - BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" - BUG/MINOR: pollers: remove uneeded free in global init - CLEANUP: select: enhance readability in init - BUG/MINOR: soft-stop: always wake up waiting threads on stopping - MINOR: soft-stop: let the first stopper only signal other threads - BUILD: select: only declare existing local labels to appease clang - BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. - BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. - DOC: retry-on can only be used with mode http - MEDIUM: ssl: allow to register callbacks for SSL/TLS protocol messages - MEDIUM: ssl: split ssl_sock_msgcbk() and use a new callback mechanism - MINOR: ssl: add a new function ssl_sock_get_ssl_object() - MEDIUM: ssl: use ssl_sock_get_ssl_object() in fetchers where appropriate - REORG: ssl: move macros and structure definitions to ssl_sock.h - CLEANUP: ssl: remove the shsess_* macros - REORG: move the crt-list structures in their own .h - REORG: ssl: move the ckch structures to types/ssl_ckch.h - CLEANUP: ssl: add ckch prototypes in proto/ssl_ckch.h - REORG: ssl: move crtlist functions to src/ssl_crtlist.c - CLEANUP: ssl: avoid circular dependencies in ssl_crtlist.h - REORG: ssl: move the ckch_store related functions to src/ssl_ckch.c - REORG: ssl: move ckch_inst functions to src/ssl_ckch.c - REORG: ssl: move the crt-list CLI functions in src/ssl_crtlist.c - REORG: ssl: move the CLI 'cert' functions to src/ssl_ckch.c - REORG: ssl: move ssl configuration to cfgparse-ssl.c - MINOR: ssl: remove static keyword in some SSL utility functions - REORG: ssl: move ssl_sock_ctx and fix cross-dependencies issues - REORG: ssl: move sample fetches to src/ssl_sample.c - REORG: ssl: move utility functions to src/ssl_utils.c - DOC: ssl: update MAINTAINERS file - CI: travis-ci: switch arm64 builds to use openssl from distro - MINOR: stats: Prepare for more accurate moving averages - MINOR: stats: Expose native cum_req metric for a server - MEDIUM: stats: Enable more accurate moving average calculation for stats - BUILD: ssl: include buffer common headers for ssl_sock_ctx - BUILD: ssl: include errno.h in ssl_crtlist.c - CLEANUP: acl: remove unused assignment - DOC/MINOR: halog: Add long help info for ic flag - BUILD: ssl: fix build without OPENSSL_NO_ENGINE - DOC: SPOE is no longer experimental - BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() - MINOR: config: Don't dump keywords if argument is NULL - MEDIUM: checks: Make post-41 the default mode for mysql checks - BUG/MINOR: logs: prevent double line returns in some events. - MEDIUM: sink: build header in sink_write for log formats - MEDIUM: logs: buffer targets now rely on new sink_write - MEDIUM: sink: add global statement to create a new ring (sink buffer) - MEDIUM: hpack: use a pool for the hpack table - BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason - BUG/MEDIUM: ring: write-lock the ring while attaching/detaching - MINOR: applet: adopt the wait list entry from the CLI - MINOR: ring: make the applet code not depend on the CLI - Revert "MEDIUM: sink: add global statement to create a new ring (sink buffer)" - CI: travis-ci: fix libslz download URL - MINOR: ssl: split config and runtime variable for ssl-{min,max}-ver - CLEANUP: http_ana: Remove unused TXN flags - BUG/MINOR: http-rules: Mark http return rules as final - MINOR: http-htx: Add http_reply type based on what is used for http return rules - CLEANUP: http-htx: Rename http_error structure into http_error_msg - MINOR: http-rules: Use http_reply structure for http return rules - MINOR: http-htx: Use a dedicated function to release http_reply objects - MINOR: http-htx: Use a dedicated function to parse http reply arguments - MINOR: http-htx: Use a dedicated function to check http reply validity - MINOR: http-ana: Use a dedicated function to send a response from an http reply - MEDIUM: http-rules: Rely on http reply for http deny/tarpit rules - MINOR: http-htx: Store default error messages in a global http reply array - MINOR: http-htx: Store messages of an http-errors section in a http reply array - MINOR: http-htx: Store errorloc/errorfile messages in http replies - MINOR: proxy: Add references on http replies for proxy error messages - MINOR: http-htx: Use http reply from the http-errors section - MINOR: http-ana: Use a TXN flag to prevent after-response ruleset evaluation - MEDIUM: http-ana: Use http replies for HTTP error messages - CLEANUP: http-htx: Remove unused storage of error messages in buffers - MINOR: htx: Add a function to copy a buffer in an HTX message - CLEANUP: channel: Remove channel_htx_copy_msg() function - MINOR: http-ana: Add a function to write an http reply in an HTX message - MINOR: http-htx/proxy: Add http-error directive using http return syntax - DOC: Fix "errorfile" description in the configuration manual - BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified - BUILD: hpack: make sure the hpack table can still be built standalone - CONTRIB: hpack: make use of the simplified standalone HPACK API - MINOR: connection: add pp2-never-send-local to support old PP2 behavior 2020/05/05 : 2.2-dev7 - MINOR: version: Show uname output in display_version() - CI: run weekly OpenSSL "no-deprecated" builds - CLEANUP: log: fix comment of parse_logformat_string() - DOC: Improve documentation on http-request set-src - MINOR: ssl/cli: disallow SSL options for directory in 'add ssl crt-list' - MINOR: ssl/cli: restrain certificate path when inserting into a directory - MINOR: ssl: add ssl-skip-self-issued-ca global option - BUG/MINOR: ssl: default settings for ssl server options are not used - MINOR: config: add a global directive to set default SSL curves - BUG/MEDIUM: http-ana: Handle NTLM messages correctly. - DOC: internals: update the SSL architecture schema - BUG/MINOR: tools: fix the i386 version of the div64_32 function - BUG/MINOR: mux-fcgi/trace: fix wrong set of trace flags in fcgi_strm_add_eom() - BUG/MINOR: http: make url_decode() optionally convert '+' to SP - DOC: option logasap does not depend on mode - MEDIUM: memory: make pool_gc() run under thread isolation - MINOR: contrib: make the peers wireshark dissector a plugin - BUG/MINOR: http-ana: Throw a 500 error if after-response ruleset fails on errors - BUG/MINOR: check: Update server address and port to execute an external check - MINOR: mini-clist: Add functions to iterate backward on a list - MINOR: checks: Add a way to send custom headers and payload during http chekcs - MINOR: server: respect warning and alert semantic - BUG/MINOR: checks: Respect the no-check-ssl option - BUG/MEDIUM: server/checks: Init server check during config validity check - CLEANUP: checks: Don't export anymore init_check and srv_check_healthcheck_port - BUG/MINOR: checks: chained expect will not properly wait for enough data - BUG/MINOR: checks: Forbid tcp-check lines in default section as documented - MINOR: checks: Use an enum to describe the tcp-check rule type - MINOR: checks: Simplify connection flag parsing in tcp-check connect - MEDIUM: checks: rewind to the first inverse expect rule of a chain on new data - MINOR: checks: simplify tcp expect config parser - MINOR: checks: add min-recv tcp-check expect option - MINOR: checks: add linger option to tcp connect - MINOR: checks: define a tcp expect type - MEDIUM: checks: rewrite tcp-check expect block - MINOR: checks: Stop xform buffers to null-terminated string for tcp-check rules - MINOR: checks: add rbinary expect match type - MINOR: checks: Simplify functions to get step id and comment - MEDIUM: checks: capture groups in expect regexes - MINOR: checks: Don't use a static tcp rule list head - MEDIUM: checks: Use a non-comment rule iterator to get next rule - MEDIUM: proxy/checks: Register a keyword to parse tcp-check rules - MINOR: checks: Set the tcp-check rule index during parsing - MINOR: checks: define tcp-check send type - MINOR: checks: define a tcp-check connect type - MEDIUM: checks: Add implicit tcp-check connect rule - MAJOR: checks: Refactor and simplify the tcp-check loop - MEDIUM: checks: Associate a session to each tcp-check healthcheck - MINOR: checks/vars: Add a check scope for variables - MEDIUM: checks: Parse custom action rules in tcp-checks - MINOR: checks: Add support to set-var and unset-var rules in tcp-checks - MINOR: checks: Add the sni option for tcp-check connect rules - MINOR: checks: Add the via-socks4 option for tcp-check connect rules - MINOR: checks: Add the alpn option for tcp-check connect rules - MINOR: ssl: Export a generic function to parse an alpn string - MINOR: checks: Add the default option for tcp-check connect rules - MINOR: checks: Add the addr option for tcp-check connect rule - MEDIUM: checks: Support expression to set the port - MEDIUM: checks: Support log-format strings for tcp-check send rules - MINOR: log: Don't depends on a stream to process samples in log-format string - MINOR: log: Don't systematically set LW_REQ when a sample expr is added - MEDIUM: checks: Add a shared list of tcp-check rules - MINOR: sample: add htonl converter - MINOR: sample: add cut_crlf converter - MINOR: sample: add ltrim converter - MINOR: sample: add rtrim converter - MINOR: checks: Use a name for the healthcheck status enum - MINOR: checks: Add option to tcp-check expect rules to customize error status - MINOR: checks: Merge tcp-check comment rules with the others at config parsing - MINOR: checks: Add a sample fetch to extract a block from the input check buffer - MEDIUM: checks: Add on-error/on-success option on tcp-check expect rules - MEDIUM: checks: Add status-code sample expression on tcp-check expect rules - MINOR: checks: Relax the default option for tcp-check connect rules - MEDIUM: checks: Add a list of vars to set before executing a tpc-check ruleset - MINOR: checks: Export the tcpcheck_eval_ret enum - MINOR: checks: Use dedicated function to handle onsuccess/onerror messages - MINOR: checks: Support custom functions to eval a tcp-check expect rules - MEDIUM: checks: Implement redis check using tcp-check rules - MEDIUM: checks: Implement ssl-hello check using tcp-check rules - MEDIUM: checks: Implement smtp check using tcp-check rules - MEDIUM: checks: Implement postgres check using tcp-check rules - MEDIUM: checks: Implement MySQL check using tcp-check rules - MEDIUM: checks: Implement LDAP check using tcp-check rules - MEDIUM: checks: Implement SPOP check using tcp-check rules - MINOR: server/checks: Move parsing of agent keywords in checks.c - MINOR: server/checks: Move parsing of server check keywords in checks.c - MEDIUM: checks: Implement agent check using tcp-check rules - REGTEST: Adapt regtests about checks to recent changes - MINOR: Produce tcp-check info message for pure tcp-check rules only - MINOR: checks: Add an option to set success status of tcp-check expect rules - MINOR: checks: Improve log message of tcp-checks on success - MINOR: proxy/checks: Move parsing of httpchk option in checks.c - MINOR: proxy/checks: Move parsing of tcp-check option in checks.c - MINOR: proxy/checks: Register a keyword to parse http-check rules - MINOR: proxy/checks: Move parsing of external-check option in checks.c - MINOR: proxy/checks: Register a keyword to parse external-check rules - MEDIUM: checks: Use a shared ruleset to store tcp-check rules - MINOR: checks: Use an indirect string to represent the expect matching string - MINOR: checks: Introduce flags to configure in tcp-check expect rules - MINOR: standard: Add my_memspn and my_memcspn - MINOR: checks: Add a reverse non-comment rule iterator to get last rule - MAJOR: checks: Implement HTTP check using tcp-check rules - MINOR: checks: Make resume conditions more explicit in tcpcheck_main() - MINOR: connection: Add macros to know if a conn or a cs uses an HTX mux - MEDIUM: checks: Refactor how data are received in tcpcheck_main() - MINOR: checks/obj_type: Add a new object type for checks - BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function - MINOR: checks: Use the check as origin when a session is created - MINOR: checks: Add a mux proto to health-check and tcp-check connect rule - MINOR: connection: Add a function to install a mux for a health-check - MAJOR: checks: Use the best mux depending on the protocol for health checks - MEDIUM: checks: Implement default TCP check using tcp-check rules - MINOR: checks: Remove unused code about pure TCP checks - CLEANUP: checks: Reorg checks.c file to be more readable - REGTEST: Fix reg-tests about health-checks to adapt them to recent changes - MINOR: ist: Add a function to retrieve the ist pointer - MINOR: checks: Use ist API as far as possible - BUG/MEDIUM: checks: Be sure to subscribe for sends if outgoing data remains - MINOR: checks: Use a tree instead of a list to store tcp-check rulesets - BUG/MINOR: checks: Send the right amount of outgoing data for HTTP checks - REGTEST: Add scripts to test based tcp-check health-checks - Revert "MEDIUM: checks: capture groups in expect regexes" - DOC: Add documentation about comments for tcp-check and http-check directives - DOC: Fix the tcp-check and http-check directives layout - BUG/MEDIUM: checks: Use the mux protocol specified on the server line - MINOR: checks: Support mux protocol definition for tcp and http health checks - BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it - MINOR: checks: Support list of status codes on http-check expect rules - BUG/MEDIUM: checks: Unsubscribe to mux events when a conn-stream is destroyed - REGTEST: Add a script to validate agent checks - BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable - BUG/MEDIUM: checks: unsubscribe for events on the old conn-stream on connect - BUG/MINOR: checks: Only use ssl_sock_is_ssl() if compiled with SSL support - BUG/MINOR: checks/server: use_ssl member must be signed - BUG/MEDIUM: sessions: Always pass the mux context as argument to destroy a mux - BUG/MEDIUM: checks: Destroy the conn-stream before the session - BUG/MINOR: checks: Fix PostgreSQL regex on the authentication packet - CI: cirrus-ci: remove reg-tests/checks/tcp-check-ssl.vtc on CentOS 6 - MINOR: checks: Support HTTP/2 version (without '.0') for http-check send rules - MINOR: checks: Use ver keyword to specify the HTTP version for http checks - BUG/MINOR: checks: Remove wrong variable redeclaration - BUG/MINOR: checks: Properly handle truncated mysql server messages - CLEANUP: checks: Remove unused code when ldap server message is parsed - MINOR: checks: Make the use of the check's server more explicit on connect - BUG/MINOR: checks: Avoid incompatible cast when a binary string is parsed - BUG/MINOR: checks: Remove bad call to free() when an expect rule is parsed - BUG/MINOR: checks: Don't lose warning on proxy capability - MINOR: log: Add "Tu" timer - BUG/MINOR: checks: Set the output buffer length before calling parse_binary() - BUG/MEDIUM: mux-h1: make sure we always have a timeout on front connections - REGTEST: ssl: test the client certificate authentication - DOC: give a more accurate description of what check does - BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream - BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream - BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam - BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam - CLEANUP: http: add a few comments on certain functions' assumptions about streams - BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream - MINOR: http-htx: Export functions to update message authority and host - MINOR: checks: Don't support multiple host header for http-check send rule - MINOR: checks: Skip some headers for http-check send rules - MINOR: checks: Keep the Host header and the request uri synchronized - CLEANUP: checks: Fix checks includes - DOC: Fix send rules in the http-check connect example - DOC: Add more info about request formatting in http-check send description - REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script - REGTEST: ssl: remove curl from the "add ssl crt-list" test - REGTEST: ssl: improve the "set ssl cert" test - CLEANUP: ssl: silence a build warning when threads are disabled - BUG/MEDIUM: listener: mark the thread as not stuck inside the loop - MINOR: threads: export the POSIX thread ID in panic dumps - BUG/MINOR: debug: properly use long long instead of long for the thread ID - BUG/MEDIUM: shctx: really check the lock's value while waiting - BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock - MINOR: stream: report the list of active filters on stream crashes - BUG/MEDIUM: mux-fcgi: Return from detach if server don't keep the connection - BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release() - BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach() - BUG/MEDIUM: connections: force connections cleanup on server changes - BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed - BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() - CLEANUP: connections: align function declaration - BUG/MINOR: sample: Set the correct type when a binary is converted to a string - MEDIUM: checks/http-fetch: Support htx prefetch from a check for HTTP samples - DOC: Document the log-format parameter for tcp-check send/send-binary rules - MINOR: checks: Add support of payload-based sample fetches - MINOR: checks: Add support of be_id, be_name, srv_id and srv_name sample fetches - MINOR: checks: Add support of server side ssl sample fetches - MINOR: checks: Add support of HTTP response sample fetches - MINOR: http-htx: Support different methods to look for header names - MINOR: checks: Set by default expect rule status to UNKNOWN during parsing - BUG/MINOR: checks: Support multiple HTTP expect rules - REGTEST: checks: Fix sync condition for agent-check - MEDIUM: checks: Support matching on headers for http-check expect rules - MINOR: lua: allow changing port with set_addr - BUG/MINOR: da: Fix HTX message prefetch - BUG/MINOR: wurfl: Fix HTX message prefetch - BUG/MINOR: 51d: Fix HTX message prefetch - MINOR: ist: add istadv() function - MINOR: ist: add istissame() function - MINOR: istbuf: add ist2buf() function - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() - BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() - DOC: update intro.txt for 2.2 - DOC: intro: add a contacts section 2020/04/17 : 2.2-dev6 - BUG/MINOR: ssl: memory leak when find_chain is NULL - CLEANUP: ssl: rename ssl_get_issuer_chain to ssl_get0_issuer_chain - MINOR: ssl: rework add cert chain to CTX to be libssl independent - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL - BUG/MINOR: peers: Use after free of "peers" section. - CI: github actions: add weekly h2spec test - BUG/MEDIUM: mux_h1: Process a new request if we already received it. - MINOR: build: Fix build in mux_h1 - CLEANUP: remove obsolete comments - BUG/MEDIUM: dns: improper parsing of aditional records - MINOR: ssl: skip self issued CA in cert chain for ssl_ctx - MINOR: listener: add so_name sample fetch - MEDIUM: stream: support use-server rules with dynamic names - MINOR: servers: Add a counter for the number of currently used connections. - MEDIUM: connections: Revamp the way idle connections are killed - MINOR: cli: add a general purpose pointer in the CLI struct - MINOR: ssl: add a list of bind_conf in struct crtlist - REORG: ssl: move SETCERT enum to ssl_sock.h - BUG/MINOR: ssl: ckch_inst wrongly inserted in crtlist_entry - REORG: ssl: move some functions above crtlist_load_cert_dir() - MINOR: ssl: use crtlist_free() upon error in directory loading - MINOR: ssl: add a list of crtlist_entry in ckch_store - MINOR: ssl: store a ptr to crtlist in crtlist_entry - MINOR: ssl/cli: update pointer to store in 'commit ssl cert' - MEDIUM: ssl/cli: 'add ssl crt-list' command - REGTEST: ssl/cli: test the 'add ssl crt-list' command - BUG/MINOR: ssl: entry->ckch_inst not initialized - REGTEST: ssl/cli: change test type to devel - REGTEST: make the PROXY TLV validation depend on version 2.2 - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: stats: Fix color of draining servers on stats page - DOC: internals: Fix spelling errors in filters.txt - MINOR: connections: Don't mark conn flags 0x00000001 and 0x00000002 as unused. - REGTEST: make the unique-id test depend on version 2.0 - BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive - MINOR: ssl: split the line parsing of the crt-list - MINOR: ssl/cli: support filters and options in add ssl crt-list - MINOR: ssl: add a comment above the ssl_bind_conf keywords - REGTEST: ssl/cli: tests options and filters w/ add ssl crt-list - REGTEST: ssl: pollute the crt-list file - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping - BUG/MINOR: protocol_buffer: Wrong maximum shifting. - CLEANUP: src/fd.c: mask setsockopt with DISGUISE - BUG/MINOR: ssl/cli: initialize fcount int crtlist_entry - REGTEST: ssl/cli: add other cases of 'add ssl crt-list' - CLEANUP: assorted typo fixes in the code and comments - DOC: management: add the new crt-list CLI commands - BUG/MINOR: ssl/cli: fix spaces in 'show ssl crt-list' - MINOR: ssl/cli: 'del ssl crt-list' delete an entry - MINOR: ssl/cli: replace dump/show ssl crt-list by '-n' option - CI: use better SSL library definition - CI: travis-ci: enable DEBUG_STRICT=1 for CI builds - CI: travis-ci: upgrade openssl to 1.1.1f - MINOR: ssl: improve the errors when a crt can't be open - CI: cirrus-ci: rename openssl package after it is renamed in FreeBSD - CI: adopt openssl download script to download all versions - BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete - MINOR: ssl/cli: improve error for bundle in add/del ssl crt-list - MINOR: ssl/cli: 'del ssl cert' deletes a certificate - BUG/MINOR: ssl: trailing slashes in directory names wrongly cached - BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' - CLEANUP: ssl: use the refcount for the SSL_CTX' - CLEANUP: ssl/cli: use the list of filters in the crtlist_entry - BUG/MINOR: ssl: memleak of the struct cert_key_and_chain - CLEANUP: ssl: remove a commentary in struct ckch_inst - MINOR: ssl: initialize all list in ckch_inst_new() - MINOR: ssl: free instances and SNIs with ckch_inst_free() - MINOR: ssl: replace ckchs_free() by ckch_store_free() - BUG/MEDIUM: ssl/cli: trying to access to free'd memory - MINOR: ssl: ckch_store_new() alloc and init a ckch_store - MINOR: ssl: crtlist_new() alloc and initialize a struct crtlist - REORG: ssl: move some free/new functions - MINOR: ssl: crtlist_entry_{new, free} - BUG/MINOR: ssl: ssl_conf always set to NULL on crt-list parsing - MINOR: ssl: don't alloc ssl_conf if no option found - BUG/MINOR: connection: always send address-less LOCAL PROXY connections - BUG/MINOR: peers: Incomplete peers sections should be validated. - MINOR: init: report in "haproxy -c" whether there were warnings or not - MINOR: init: add -dW and "zero-warning" to reject configs with warnings - MINOR: init: report the compiler version in haproxy -vv - CLEANUP: assorted typo fixes in the code and comments - MINOR: init: report the haproxy version and executable path once on errors - DOC: Make how "option redispatch" works more explicit - BUILD: Makefile: add linux-musl to TARGET - CLEANUP: assorted typo fixes in the code and comments - CLEANUP: http: Fixed small typo in parse_http_return - DOC: hashing: update link to hashing functions 2020/03/23 : 2.2-dev5 - CLEANUP: ssl: is_default is a bit in ckch_inst - BUG/MINOR: ssl/cli: sni_ctx' mustn't always be used as filters - DOC: ssl: clarify security implications of TLS tickets - CLEANUP: remove support for Linux i686 vsyscalls - CLEANUP: drop support for USE_MY_ACCEPT4 - CLEANUP: remove support for USE_MY_EPOLL - CLEANUP: remove support for USE_MY_SPLICE - CLEANUP: remove the now unused common/syscall.h - BUILD: make dladdr1 depend on glibc version and not __USE_GNU - BUILD: wdt: only test for SI_TKILL when compiled with thread support - BUILD: Makefile: the compiler-specific flags should all be in SPEC_CFLAGS - CLEANUP: ssl: separate the directory loading in a new function - BUG/MINOR: buffers: MT_LIST_DEL_SAFE() expects the temporary pointer. - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to NULL; - MINOR: init: move the maxsock calculation code to compute_ideal_maxsock() - MEDIUM: init: always try to push the FD limit when maxconn is set from -m - BUG/MAJOR: list: fix invalid element address calculation - BUILD: stream-int: fix a few includes dependencies - MINOR: mt_lists: Appease gcc. - MINOR: lists: Implement function to convert list => mt_list and mt_list => list - MINOR: servers: Kill priv_conns. - MINOR: lists: fix indentation. - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64 - BUG/MEDIUM: connections: Don't assume the connection has a valid session. - BUG/MEDIUM: pools: Always update free_list in pool_gc(). - BUG/MINOR: haproxy: always initialize sleeping_thread_mask - BUG/MINOR: listener/mq: do not dispatch connections to remote threads when stopping - BUG/MINOR: haproxy/threads: try to make all threads leave together - Revert "BUILD: travis-ci: enable s390x builds" - BUILD: travis-ci: enable regular s390x builds - DOC: proxy_protocol: Reserve TLV type 0x05 as PP2_TYPE_UNIQUE_ID - MINOR: proxy_protocol: Ingest PP2_TYPE_UNIQUE_ID on incoming connections - MEDIUM: proxy_protocol: Support sending unique IDs using PPv2 - CLEANUP: connection: Add blank line after declarations in PP handling - CLEANUP: assorted typo fixes in the code and comments - CI: add spellcheck github action - DOC: correct typo in alert message about rspirep - CI: travis: switch linux builds to clang-9 - MINOR: debug: add a new DISGUISE() macro to pass a value as identity - MINOR: debug: consume the write() result in BUG_ON() to silence a warning - MINOR: use DISGUISE() everywhere we deliberately want to ignore a result - BUILD: pools: silence build warnings with DEBUG_MEMORY_POOLS and DEBUG_UAF - CLEANUP: connection: Stop directly setting an ist's .ptr - CI: travis: revert to clang-7 for BoringSSL tests - BUILD: on ARM, must be linked to libatomic. - BUILD: makefile: fix regex syntax in ARM platform detection - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong cases. - REORG: ssl: move ssl_sock_load_cert() - MINOR: ssl: pass ckch_inst to ssl_sock_load_ckchs() - MEDIUM: ssl: allow crt-list caching - MINOR: ssl: directories are loaded like crt-list - BUG/MINOR: ssl: can't open directories anymore - BUG/MEDIUM: spoe: dup agent's engine_id string from trash.area - MINOR: fd: Use a separate lock for logs instead of abusing the fd lock. - MINOR: mux_pt: Don't try to remove the connection from the idle list. - MINOR: ssl/cli: show/dump ssl crt-list - BUG/MINOR: ssl/cli: free the trash chunk in dump_crtlist - MEDIUM: fd: Introduce a running mask, and use it instead of the spinlock. - BUG/MINOR: ssl: memory leak in crtlist_parse_file() - MINOR: tasks: Provide the tasklet to the callback. - BUG/MINOR: ssl: memleak of struct crtlist_entry - BUG/MINOR: pattern: Do not pass len = 0 to calloc() - BUILD: makefile: fix expression again to detect ARM platform - CI: travis: re-enable ASAN on clang - CI: travis: proper group output redirection together with travis_wait - DOC: assorted typo fixes in the documentation - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into types/signal.h. - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in __signal_process_queue(). - MINOR: memory: Change the flush_lock to a spinlock, and don't get it in alloc. - MINOR: ssl/cli: 'new ssl cert' command - MINOR: ssl/cli: show certificate status in 'show ssl cert' - MEDIUM: sessions: Don't be responsible for connections anymore. - MEDIUM: servers: Split the connections into idle, safe, and available. - MINOR: fd: Implement fd_takeover(). - MINOR: connections: Add a new mux method, "takeover". - MINOR: connections: Make the "list" element a struct mt_list instead of list. - MINOR: connections: Add a flag to know if we're in the safe or idle list. - MEDIUM: connections: Attempt to get idle connections from other threads. - MEDIUM: mux_h1: Implement the takeover() method. - MEDIUM: mux_h2: Implement the takeover() method. - MEDIUM: mux_fcgi: Implement the takeover() method. - MEDIUM: connections: Kill connections even if we are reusing one. - BUG/MEDIUM: connections: Don't forget to decrement idle connection counters. - BUG/MINOR: ssl: Do not free garbage pointers on memory allocation failure - BUG/MINOR: ssl: Correctly add the 1 for the sentinel to the number of elements - BUG/MINOR: ssl: crtlist_dup_filters() must return NULL with fcount == 0 - BUG/MEDIUM: build: Fix compilation by spelling decl correctly. - BUILD/MEDIUM: fd: Declare fd_mig_lock as extern. - CI: run travis-ci builds on push only, skip pull requests - CI: temporarily disable unstable travis arm64 builds - BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert' - BUG/MINOR: connections: Make sure we free the connection on failure. - BUG/MINOR: ssl/cli: fix a potential NULL dereference - BUG/MEDIUM: h1: Make sure we subscribe before going into idle list. - BUG/MINOR: connections: Set idle_time before adding to idle list. - MINOR: muxes: Note that we can't usee a connection when added to the srv idle. - REGTEST: increase timeouts on the seamless-reload test - BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection - CLEANUP: haproxy/threads: don't check global_tasks_mask twice 2020/03/09 : 2.2-dev4 - MEDIUM: buffer: remove the buffer_wq lock - MINOR: ssl: move find certificate chain code to its own function - MINOR: ssl: resolve issuers chain later - MINOR: ssl: resolve ocsp_issuer later - MINOR: ssl/cli: "show ssl cert" command should print the "Chain Filename:" - BUG/MINOR: h2: reject again empty :path pseudo-headers - MINOR: wdt: always clear sigev_value to make valgrind happy - MINOR: epoll: always initialize all of epoll_event to please valgrind - BUG/MINOR: sample: Make sure to return stable IDs in the unique-id fetch - BUG/MEDIUM: ssl: chain must be initialized with sk_X509_new_null() - BUILD: cirrus-ci: suppress OS version check when installing packages - BUG/MINOR: http_ana: make sure redirect flags don't have overlapping bits - CLEANUP: fd: remove the FD_EV_STATUS aggregate - CLEANUP: fd: remove some unneeded definitions of FD_EV_* flags - MINOR: fd: merge the read and write error bits into RW error - BUG/MINOR: dns: ignore trailing dot - MINOR: contrib/prometheus-exporter: Add the last heathcheck duration metric - BUG/MINOR: http-htx: Do case-insensive comparisons on Host header name - MINOR: mux-h1: Remove useless case-insensitive comparisons - MINOR: rawsock: always mark the FD not ready when we're certain it happens - MEDIUM: connection: make the subscribe() call able to wakeup if ready - MEDIUM: connection: don't stop receiving events in the FD handler - MEDIUM: mux-h1: do not blindly wake up the tasklet at end of request anymore - BUG/MINOR: arg: don't reject missing optional args - MINOR: tools: make sure to correctly check the returned 'ms' in date2std_log - MINOR: debug: report the task handler's pointer relative to main - BUG/MEDIUM: debug: make the debug_handler check for the thread in threads_to_dump - MINOR: haproxy: export main to ease access from debugger - MINOR: haproxy: export run_poll_loop - MINOR: task: export run_tasks_from_list - BUILD: tools: remove obsolete and conflicting trace() from standard.c - MINOR: tools: add new function dump_addr_and_bytes() - MINOR: tools: add resolve_sym_name() to resolve function pointers - MINOR: debug: use resolve_sym_name() to dump task handlers - MINOR: cli: make "show fd" rely on resolve_sym_name() - MEDIUM: debug: add support for dumping backtraces of stuck threads - MINOR: debug: call backtrace() once upon startup - MINOR: ssl: add "ca-verify-file" directive - BUG/MINOR: wdt: do not return an error when the watchdog couldn't be enabled - BUILD: Makefile: include librt before libpthread - MEDIUM: wdt: fall back to CLOCK_REALTIME if CLOCK_THREAD_CPUTIME is not available - MINOR: wdt: do not depend on USE_THREAD - MINOR: debug: report the number of entries in the backtrace - MINOR: debug: improve backtrace() on aarch64 and possibly other systems - MINOR: debug: use our own backtrace function on clang+x86_64 - MINOR: debug: dump the whole trace if we can't spot the starting point - BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms - BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr() - CLEANUP: contrib/spoa_example: Fix several typos - BUILD: makefile: do not modify the build options during make reg-tests - BUG/MEDIUM: connection: stop polling for sending when the event is ready - MEDIUM: stream-int: make sure to try to immediately validate the connection - MINOR: tcp/uxst/sockpair: only ask for I/O when really waiting for a connect() - MEDIUM: connection: only call ->wake() for connect() without I/O - OPTIM: connection: disable receiving on disabled events when the run queue is too high - OPTIM: mux-h1: subscribe rather than waking up at a few other places - REGTEST: Add unique-id reg-test - MINOR: stream: Add stream_generate_unique_id function - MINOR: stream: Use stream_generate_unique_id - BUG/MINOR: connection/debug: do not enforce !event_type on subscribe() anymore - MINOR: ssl/cli: support crt-list filters - MINOR: ssl: reach a ckch_store from a sni_ctx - DOC: fix incorrect indentation of http_auth_* - BUG/MINOR: ssl-sock: do not return an uninitialized pointer in ckch_inst_sni_ctx_to_sni_filters - MINOR: debug: add CLI command "debug dev write" to write an arbitrary size - MINOR: ist: Add `IST_NULL` macro - MINOR: ist: Add `int isttest(const struct ist)` - MINOR: ist: Add `struct ist istalloc(size_t)` and `void istfree(struct ist*)` - CLEANUP: Use `isttest()` and `istfree()` - MINOR: ist: Add `struct ist istdup(const struct ist)` - MINOR: proxy: Make `header_unique_id` a `struct ist` - MEDIUM: stream: Make the `unique_id` member of `struct stream` a `struct ist` - OPTIM: startup: fast unique_id allocation for acl. - DOC: configuration.txt: fix various typos - DOC: assorted typo fixes in the documentation and Makefile - BUG/MINOR: init: make the automatic maxconn consider the max of soft/hard limits - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths - CLEANUP: proxy_protocol: Use `size_t` when parsing TLVs - MINOR: buf: Add function to insert a string at an absolute offset in a buffer - MINOR: htx: Add a function to return a block at a specific offset - MINOR: htx: Use htx_find_offset() to truncate an HTX message - MINOR: flt_trace: Use htx_find_offset() to get the available payload length - BUG/MINOR: filters: Use filter offset to decude the amount of forwarded data - BUG/MINOR: filters: Forward everything if no data filters are called - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the response payload - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks compressing the payload - BUG/MINOR: http-ana: Reset request analysers on a response side error - BUG/MINOR: lua: Abort when txn:done() is called from a Lua action - BUG/MINOR: lua: Ignore the reserve to know if a channel is full or not - MINOR: lua: Add function to know if a channel is a response one - MINOR: lua: Stop using the lua txn in hlua_http_get_headers() - MINOR: lua: Stop using the lua txn in hlua_http_rep_hdr() - MINOR: lua: Stop using lua txn in hlua_http_del_hdr() and hlua_http_add_hdr() - MINOR: lua: Remove the flag HLUA_TXN_HTTP_RDY - MINOR: lua: Rename hlua_action_wake_time() to hlua_set_wake_time() - BUG/MINOR: lua: Init the lua wake_time value before calling a lua function - BUG/MINOR: http-rules: Return ACT_RET_ABRT to abort a transaction - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject action - BUG/MINOR: http-rules: Fix a typo in the reject action function - MINOR: cache/filters: Initialize the cache filter when stream is created - MINOR: compression/filters: Initialize the comp filter when stream is created - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop action - BUG/MINOR: rules: Return ACT_RET_ABRT when a silent-drop action is executed - BUG/MINOR: rules: Increment be_counters if backend is assigned for a silent-drop - BUG/MINOR: http-rules: Abort transaction when a redirect is applied on response - BUILD: buffer: types/{ring.h,checks.h} should include buf.h, not buffer.h - BUILD: ssl: include mini-clist.h - BUILD: global: must not include common/standard.h but only types/freq_ctr.h - BUILD: freq_ctr: proto/freq_ctr needs to include common/standard.h - BUILD: listener: types/listener.h must not include standard.h - BUG/MEDIUM: random: initialize the random pool a bit better - BUG/MEDIUM: random: implement per-thread and per-process random sequences - Revert "BUG/MEDIUM: random: implement per-thread and per-process random sequences" - BUILD: cirrus-ci: get rid of unstable freebsd images - MINOR: tools: add 64-bit rotate operators - BUG/MEDIUM: random: implement a thread-safe and process-safe PRNG - MINOR: backend: use a single call to ha_random32() for the random LB algo - BUG/MINOR: checks/threads: use ha_random() and not rand() - MINOR: sample: make all bits random on the rand() sample fetch - MINOR: tools: add a generic function to generate UUIDs - DOC: fix typo about no-tls-tickets - DOC: improve description of no-tls-tickets - DOC: assorted typo fixes in the documentation - CLEANUP: remove unused code in 'my_ffsl/my_flsl' functions 2020/02/25 : 2.2-dev3 - SCRIPTS: announce-release: place the send command in the mail's header - SCRIPTS: announce-release: allow the user to force to overwrite old files - SCRIPTS: backport: fix the master branch detection - BUG/MINOR: http-act: Set stream error flag before returning an error - BUG/MINOR: http-act: Fix bugs on error path during parsing of return actions - BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init - BUG/MEDIUM: tcp-rules: Fix track-sc* actions for L4/L5 TCP rules - DOC: schematic of the SSL certificates architecture - BUG/MAJOR: mux-h2: don't wake streams after connection was destroyed - BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit - BUILD: cirrus-ci: switch to "snap" images to unify openssl naming - BUILD: cirrus-ci: workaround "pkg install" bug - BUILD: cirrus-ci: add ERR=1 to freebsd builds - BUG/MINOR: connection: correctly retry I/O on signals - CLEANUP: mini-clist: simplify nested do { while(1) {} } while (0) - BUILD: http_act: cast file sizes when reporting file size error - BUG/MEDIUM: listener: only consider running threads when resuming listeners - BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init - BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener - MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs - BUILD: travis-ci: no more allowed failures for openssl-1.0.2 - BUILD: travis-ci: harden builds, add ERR=1 (warning ought to be errors) - BUILD: scripts/build-ssl.sh: use "uname" instead of ${TRAVIS_OS_NAME} - BUG/MINOR: tcp: don't try to set defaultmss when value is negative - SCRIPTS: make announce-release executable again - BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat - BUG/MEDIUM: muxes: Use the right argument when calling the destroy method. - BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO param - CLEANUP: ssl: remove unused functions in openssl-compat.h - MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo regex - MINOR: tools: add is_idchar() to tell if a char may belong to an identifier - MINOR: chunk: implement chunk_strncpy() to copy partial strings - MINOR: sample/acl: use is_idchar() to locate the fetch/conv name - MEDIUM: arg: make make_arg_list() stop after its own arguments - MEDIUM: arg: copy parsed arguments into the trash instead of allocating them - MEDIUM: arg: make make_arg_list() support quotes in arguments - MINOR: sample: make sample_parse_expr() able to return an end pointer - MEDIUM: log-format: make the LF parser aware of sample expressions' end - BUG/MINOR: arg: report an error if an argument is larger than bufsize - SCRIPTS: announce-release: use mutt -H instead of -i to include the draft - BUILD: enable ERR=1 in github cygwin builds - BUG/MINOR: arg: fix again incorrect argument length check - MINOR: sample: regsub now supports backreferences - BUG/MINOR: tools: also accept '+' as a valid character in an identifier - MINOR: http-htx: Add a function to retrieve the headers size of an HTX message - MINOR: filters: Forward data only if the last filter forwards something - BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward them - BUG/MINOR: http-htx: Don't return error if authority is updated without changes - BUG/MINOR: stream: Don't incr frontend cum_req counter when stream is closed - BUG/MINOR: sample: exit regsub() in case of trash allocation error - MINOR: ssl: add "issuers-chain-path" directive. - REGTESTS: use "command -v" instead of "which" - BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive - MINOR: http-ana: Match on the path if the monitor-uri starts by a / - BUG/MINOR: ssl: Stop passing dynamic strings as format arguments - BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered - BUG/MINOR: mux: do not call conn_xprt_stop_recv() on buffer shortage - MINOR: checks: do not call conn_xprt_stop_send() anymore - CLEANUP: epoll: place the struct epoll_event in the stack - MEDIUM: connection: remove the intermediary polling state from the connection - MINOR: raw_sock: directly call fd_stop_send() and not conn_xprt_stop_send() - MINOR: tcp/uxst/sockpair: use fd_want_send() instead of conn_xprt_want_send() - MINOR: connection: remove the last calls to conn_xprt_{want,stop}_* - CLEANUP: connection: remove the definitions of conn_xprt_{stop,want}_{send,recv} - MINOR: connection: introduce a new receive flag: CO_RFL_READ_ONCE - MINOR: mux-h1: pass CO_RFL_READ_ONCE to the lower layers when relevant - MINOR: ist: add an iststop() function - BUG/MINOR: http: http-request replace-path duplicates the query string - CLEANUP: sample: use iststop instead of a for loop - BUG/MEDIUM: shctx: make sure to keep all blocks aligned - MINOR: compiler: move CPU capabilities definition from config.h and complete them - BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access support - CLEANUP: http/h1: rely on HA_UNALIGNED_LE instead of checking for CPU families - BUILD: fix recent build failure on unaligned archs - MINOR: ssl: load the key from a dedicated file - BUG/MINOR: ssl: load .key in a directory only after PEM - MINOR: compiler: drop special cases of likely/unlikely for older compilers - CLEANUP: conn: Do not pass a pointer to likely - CLEANUP: net_helper: Do not negate the result of unlikely - BUILD: remove obsolete support for -mregparm / USE_REGPARM - CLEANUP: cfgparse: Fix type of second calloc() parameter - BUILD: ssl: only pass unsigned chars to isspace() - BUILD: general: always pass unsigned chars to is* functions - BUG/MINOR: sample: fix the json converter's endian-sensitivity - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch functions - CLEANUP: fd: use a union in fd_rm_from_fd_list() to shut aliasing warnings - CLEANUP: cache: use read_u32/write_u32 to access the cache entry's hash - CLEANUP: stick-tables: use read_u32() to display a node's key - CLEANUP: sample: use read_u64() in ipmask() to apply an IPv6 mask - MINOR: pattern: fix all remaining strict aliasing issues - CLEANUP: lua: fix aliasing issues in the address matching code - CLEANUP: connection: use read_u32() instead of a cast in the netscaler parser - BUILD: makefile: re-enable strict aliasing - BUG/MINOR: connection: make sure to correctly tag local PROXY connections - MINOR: compiler: add new alignment macros - BUILD: ebtree: improve architecture-specific alignment - MINOR: config: mark global.debug as deprecated - BUILD: travis-ci: enable s390x builds - MINOR: ssl/cli: 'show ssl cert' displays the chain - MINOR: ssl/cli: 'show ssl cert'displays the issuer in the chain - MINOR: ssl/cli: reorder 'show ssl cert' output - CLEANUP: ssl: move issuer_chain tree and definition - DOC: proxy-protocol: clarify IPv6 address representation in the spec 2020/02/07 : 2.2-dev2 - BUILD: CI: temporarily mark openssl-1.0.2 as allowed failure - MEDIUM: cli: Allow multiple filter entries for "show table" - BUG/MEDIUM: netscaler: Don't forget to allocate storage for conn->src/dst. - BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent - BUILD: stick-table: fix build errors introduced by last stick-table change - BUG/MINOR: cli: Missing arg offset for filter data values. - MEDIUM: streams: Always create a conn_stream in connect_server(). - MEDIUM: connections: Get ride of the xprt_done callback. - CLEANUP: changelog: remove the duplicate entry for 2.2-dev1 - BUILD: CI: move cygwin builds to Github Actions - MINOR: cli: Report location of errors or any extra data for "show table" - BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded - CLEANUP: backend: remove useless test for inexistent connection - CLEANUP: backend: shut another false null-deref in back_handle_st_con() - CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2 - BUG/MINOR: ssl: increment issuer refcount if in chain - BUG/MINOR: ssl: memory leak w/ the ocsp_issuer - BUG/MINOR: ssl: typo in previous patch - BUG/MEDIUM: connections: Set CO_FL_CONNECTED in conn_complete_session(). - BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert" - MEDIUM: connection: remove CO_FL_CONNECTED and only rely on CO_FL_WAIT_* - BUG/MEDIUM: 0rtt: Only consider the SSL handshake. - MINOR: stream-int: always report received shutdowns - MINOR: connection: remove CO_FL_SSL_WAIT_HS from CO_FL_HANDSHAKE - MEDIUM: connection: use CO_FL_WAIT_XPRT more consistently than L4/L6/HANDSHAKE - MINOR: connection: remove checks for CO_FL_HANDSHAKE before I/O - MINOR: connection: do not check for CO_FL_SOCK_RD_SH too early - MINOR: connection: don't check for CO_FL_SOCK_WR_SH too early in handshakes - MINOR: raw-sock: always check for CO_FL_SOCK_WR_SH before sending - MINOR: connection: remove some unneeded checks for CO_FL_SOCK_WR_SH - BUG/MINOR: stktable: report the current proxy name in error messages - BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers" - MINOR: lua: Add hlua_prepend_path function - MINOR: lua: Add lua-prepend-path configuration option - MINOR: lua: Add HLUA_PREPEND_C?PATH build option - BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines - BUG/MINOR: http-ana: Increment the backend counters on the backend - BUG/MINOR: stream: Be sure to have a listener to increment its counters - BUG/MEDIUM: streams: Move the conn_stream allocation outside #IF USE_OPENSSL. - REGTESTS: make the set_ssl_cert test require version 2.2 - BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer. - MINOR: ssl: Remove dead code. - BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure. - BUG/MEDIUM: stream: Don't install the mux in back_handle_st_con(). - MEDIUM: streams: Don't close the connection in back_handle_st_con(). - MEDIUM: streams: Don't close the connection in back_handle_st_rdy(). - BUILD: CI: disable slow regtests on Travis - BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack - BUG/MINOR: http-rules: Always init log-format expr for common HTTP actions - BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2 - BUG/MINOR: dns: allow 63 char in hostname - MINOR: proxy: clarify number of connections log when stopping - DOC: word converter ignores delimiters at the start or end of input string - MEDIUM: raw-sock: remove obsolete calls to fd_{cant,cond,done}_{send,recv} - BUG/MINOR: ssl/cli: fix unused variable with openssl < 1.0.2 - MEDIUM: pipe/thread: reduce the locking overhead - MEDIUM: pipe/thread: maintain a per-thread local cache of recently used pipes - BUG/MEDIUM: pipe/thread: fix atomicity of pipe counters - MINOR: tasks: move the list walking code to its own function - MEDIUM: tasks: implement 3 different tasklet classes with their own queues - MEDIUM: tasks: automatically requeue into the bulk queue an already running tasklet - OPTIM: task: refine task classes default CPU bandwidth ratios - BUG/MEDIUM: connections: Don't forget to unlock when killing a connection. - MINOR: task: permanently flag tasklets waking themselves up - MINOR: task: make sched->current also reflect tasklets - MINOR: task: detect self-wakeups on tl==sched->current instead of TASK_RUNNING - OPTIM: task: readjust CPU bandwidth distribution since last update - MINOR: task: don't set TASK_RUNNING on tasklets - BUG/MEDIUM: memory_pool: Update the seq number in pool_flush(). - MINOR: memory: Only init the pool spinlock once. - BUG/MEDIUM: memory: Add a rwlock before freeing memory. - BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty. - MINOR: ssl: ssl-load-extra-files configure loading of files - SCRIPTS: add a new "backport" script to simplify long series of backports - BUG/MINOR: ssl: we may only ignore the first 64 errors - SCRIPTS: use /usr/bin/env bash instead of /bin/bash for scripts - BUG/MINOR: ssl: clear the SSL errors on DH loading failure - CLEANUP: hpack: remove a redundant test in the decoder - CLEANUP: peers: Remove unused static function `free_dcache` - CLEANUP: peers: Remove unused static function `free_dcache_tx` - CONTRIB: debug: add missing flags SF_HTX and SF_MUX - CONTRIB: debug: add the possibility to decode the value as certain types only - CONTRIB: debug: support reporting multiple values at once - BUG/MINOR: http-act: Use the good message to test strict rewritting mode - MINOR: global: Set default tune.maxrewrite value during global structure init - MINOR: http-rules: Set SF_ERR_PRXCOND termination flag when a header rewrite fails - MINOR: http-htx: Emit a warning if an error file runs over the buffer's reserve - MINOR: htx: Add a function to append an HTX message to another one - MINOR: htx/channel: Add a function to copy an HTX message in a channel's buffer - BUG/MINOR: http-ana: Don't overwrite outgoing data when an error is reported - MINOR: dns: Dynamically allocate dns options to reduce the act_rule size - MINOR: dns: Add function to release memory allocated for a do-resolve rule - BUG/MINOR: http-ana: Reset HTX first index when HAPRoxy sends a response - BUG/MINOR: http-ana: Set HTX_FL_PROXY_RESP flag if a server perform a redirect - MINOR: http-rules: Add a flag on redirect rules to know the rule direction - MINOR: http-rules: Handle the rule direction when a redirect is evaluated - MINOR: http-ana: Rely on http_reply_and_close() to handle server error - MINOR: http-ana: Add a function for forward internal responses - MINOR: http-ana/http-rules: Use dedicated function to forward internal responses - MEDIUM: http: Add a ruleset evaluated on all responses just before forwarding - MEDIUM: http-rules: Add the return action to HTTP rules - MEDIUM: http-rules: Support extra headers for HTTP return actions - CLEANUP: lua: Remove consistency check for sample fetches and actions - BUG/MINOR: http-ana: Increment failed_resp counters on invalid response - MINOR: lua: Get the action return code on the stack when an action finishes - MINOR: lua: Create the global 'act' object to register all action return codes - MINOR: lua: Add act:wake_time() function to set a timeout when an action yields - MEDIUM: lua: Add ability for actions to intercept HTTP messages - REGTESTS: Add reg tests for the HTTP return action - REGTESTS: Add a reg test for http-after-response rulesets - BUILD: lua: silence a warning on systems where longjmp is not marked as noreturn - MINOR: acl: Warn when an ACL is named 'or' - CONTRIB: debug: also support reading values from stdin - SCRIPTS: backport: use short revs and resolve the initial commit - BUG/MINOR: acl: Fix type of log message when an acl is named 'or' 2020/01/22 : 2.2-dev1 - DOC: this is development again - MINOR: version: this is development again, update the status - SCRIPTS: update create-release to fix the changelog on new branches - CLEANUP: ssl: Clean up error handling - BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only - BUG/MINOR: h1: Don't test the host header during response parsing - BUILD/MINOR: trace: fix use of long type in a few printf format strings - DOC: Clarify behavior of server maxconn in HTTP mode - MINOR: ssl: deduplicate ca-file - MINOR: ssl: compute ca-list from deduplicate ca-file - MINOR: ssl: deduplicate crl-file - CLEANUP: dns: resolution can never be null - BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty - DOC: ssl/cli: set/commit/abort ssl cert - BUG/MINOR: ssl: fix SSL_CTX_set1_chain compatibility for openssl < 1.0.2 - BUG/MINOR: fcgi-app: Make the directive pass-header case insensitive - BUG/MINOR: stats: Fix HTML output for the frontends heading - BUG/MINOR: ssl: fix X509 compatibility for openssl < 1.1.0 - DOC: clarify matching strings on binary fetches - DOC: Fix ordered list in summary - DOC: move the "group" keyword at the right place - MEDIUM: init: prevent process and thread creation at runtime - BUG/MINOR: ssl/cli: 'ssl cert' cmd only usable w/ admin rights - BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data - BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible - BUG/MINOR: ssl/cli: don't overwrite the filters variable - BUG/MEDIUM: listener/thread: fix a race when pausing a listener - BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1 - BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending - BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN - BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data - BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity(). - BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting. - MINOR: debug: replace popen() with pipe+fork() in "debug dev exec" - MEDIUM: init: set NO_NEW_PRIVS by default when supported - BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added - BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted - BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state - BUG/MINOR: listener/threads: always use atomic ops to clear the FD events - BUG/MINOR: listener: also clear the error flag on a paused listener - BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept() - MINOR: listener: make the wait paths cleaner and more reliable - MINOR: listener: split dequeue_all_listener() in two - REORG: listener: move the global listener queue code to listener.c - DOC: document the listener state transitions - BUG/MEDIUM: kqueue: Make sure we report read events even when no data. - BUG/MAJOR: dns: add minimalist error processing on the Rx path - BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive. - DOC: listeners: add a few missing transitions - BUG/MINOR: tasks: only requeue a task if it was already in the queue - MINOR: tasks: split wake_expired_tasks() in two parts to avoid useless wakeups - DOC: proxies: HAProxy only supports 3 connection modes - DOC: remove references to the outdated architecture.txt - BUG/MINOR: log: fix minor resource leaks on logformat error path - BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers - BUG/MINOR: listener: do not immediately resume on transient error - BUG/MINOR: server: make "agent-addr" work on default-server line - BUG/MINOR: listener: fix off-by-one in state name check - BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy() - MEDIUM: h1-htx: Add HTX EOM block when the message is in H1_MSG_DONE state - MINOR: http-htx: Add some htx sample fetches for debugging purpose - REGTEST: Add an HTX reg-test to check an edge case - DOC: clarify the fact that replace-uri works on a full URI - BUG/MINOR: sample: fix the closing bracket and LF in the debug converter - BUG/MINOR: sample: always check converters' arguments - MINOR: sample: Validate the number of bits for the sha2 converter - BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. - MINOR: ssl/cli: 'show ssl cert' give information on the certificates - BUG/MINOR: ssl/cli: fix build for openssl < 1.0.2 - MINOR: debug: support logging to various sinks - MINOR: http: add a new "replace-path" action - REGTEST: ssl: test the "set ssl cert" CLI command - REGTEST: run-regtests: implement #REQUIRE_BINARIES - MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing - BUG/MEDIUM: ssl: Revamp the way early data are handled. - MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute - BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd - REGTEST: make the "set ssl cert" require version 2.1 - BUG/MINOR: ssl: openssl-compat: Fix getm_ defines - BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry - BUG/MINOR: state-file: do not store duplicates in the global tree - BUG/MINOR: state-file: do not leak memory on parse errors - BUG/MAJOR: mux-h1: Don't pretend the input channel's buffer is full if empty - BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream - BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility - BUILD: travis-ci: link with ssl libraries using rpath instead of LD_LIBRARY_PATH/DYLD_LIBRARY_PATH - BUILD: travis-ci: reenable address sanitizer for clang builds - BUG/MINOR: checks: refine which errno values are really errors. - BUG/MINOR: connection: only wake send/recv callbacks if the FD is active - CLEANUP: connection: conn->xprt is never NULL - MINOR: pollers: add a new flag to indicate pollers reporting ERR & HUP - MEDIUM: tcp: make tcp_connect_probe() consider ERR/HUP - REORG: connection: move tcp_connect_probe() to conn_fd_check() - MINOR: connection: check for connection validation earlier - MINOR: connection: remove the double test on xprt_done_cb() - CLEANUP: connection: merge CO_FL_NOTIFY_DATA and CO_FL_NOTIFY_DONE - MINOR: poller: do not call the IO handler if the FD is not active - OPTIM: epoll: always poll for recv if neither active nor ready - OPTIM: polling: do not create update entries for FD removal - BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready. - BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection. - BUILD: CI: modernize cirrus-ci - MINOR: config: disable busy polling on old processes - MINOR: ssl: Remove unused variable "need_out". - BUG/MINOR: h1: Report the right error position when a header value is invalid - BUG/MINOR: proxy: Fix input data copy when an error is captured - BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied - BUG/MINOR: channel: inject output data at the end of output - BUG/MEDIUM: session: do not report a failure when rejecting a session - MEDIUM: dns: implement synchronous send - MINOR: raw_sock: make sure to disable polling once everything is sent - MINOR: http: Add 410 to http-request deny - MINOR: http: Add 404 to http-request deny - CLEANUP: mux-h2: remove unused goto "out_free_h2s" - BUILD: cirrus-ci: choose proper openssl package name - BUG/MAJOR: listener: do not schedule a task-less proxy - CLEANUP: server: remove unused err section in server_finalize_init - REGTEST: set_ssl_cert.vtc: replace "echo" with "printf" - BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached - BUG/MEDIUM: tasks: Use the MT macros in tasklet_free(). - BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send() - BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch - CLEANUP: ssl: remove opendir call in ssl_sock_load_cert - MEDIUM: lua: don't call the GC as often when dealing with outgoing connections - BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary - BUG/MINOR: cli/mworker: can't start haproxy with 2 programs - REGTEST: mcli/mcli_start_progs: start 2 programs - BUG/MEDIUM: mworker: remain in mworker mode during reload - DOC: clarify crt-base usage - CLEANUP: compression: remove unused deinit_comp_ctx section - BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed(). - BUG/MEDIUM: raw_sock: Make sur the fd and conn are sync. - CLEANUP: proxy: simplify proxy_parse_rate_limit proxy checks - BUG/MAJOR: hashes: fix the signedness of the hash inputs - REGTEST: add sample_fetches/hashes.vtc to validate hashes - BUG/MEDIUM: cli: _getsocks must send the peers sockets - CLEANUP: cli: deduplicate the code in _getsocks - BUG/MINOR: stream: don't mistake match rules for store-request rules - BUG/MEDIUM: connection: add a mux flag to indicate splice usability - BUG/MINOR: pattern: handle errors from fgets when trying to load patterns - MINOR: connection: move the CO_FL_WAIT_ROOM cleanup to the reader only - MINOR: stream-int: remove dependency on CO_FL_WAIT_ROOM for rcv_buf() - MEDIUM: connection: get rid of CO_FL_CURR_* flags - BUILD: pattern: include errno.h - MEDIUM: mux-h2: do not try to stop sending streams on blocked mux - MEDIUM: mux-fcgi: do not try to stop sending streams on blocked mux - MEDIUM: mux-h2: do not make an h2s subscribe to itself on deferred shut - MEDIUM: mux-fcgi: do not make an fstrm subscribe to itself on deferred shut - REORG: stream/backend: move backend-specific stuff to backend.c - MEDIUM: backend: move the connection finalization step to back_handle_st_con() - MEDIUM: connection: merge the send_wait and recv_wait entries - MEDIUM: xprt: merge recv_wait and send_wait in xprt_handshake - MEDIUM: ssl: merge recv_wait and send_wait in ssl_sock - MEDIUM: mux-h1: merge recv_wait and send_wait - MEDIUM: mux-h2: merge recv_wait and send_wait event notifications - MEDIUM: mux-fcgi: merge recv_wait and send_wait event notifications - MINOR: connection: make the last arg of subscribe() a struct wait_event* - MINOR: ssl: Add support for returning the dn samples from ssl_(c|f)_(i|s)_dn in LDAP v3 (RFC2253) format. - DOC: Fix copy and paste mistake in http-response replace-value doc - BUG/MINOR: cache: Fix leak of cache name in error path - BUG/MINOR: dns: Make dns_query_id_seed unsigned - BUG/MINOR: 51d: Fix bug when HTX is enabled - MINOR: http-htx: Move htx sample fetches in the scope "internal" - MINOR: http-htx: Rename 'internal.htx_blk.val' to 'internal.htx_blk.data' - MINOR: http-htx: Make 'internal.htx_blk_data' return a binary string - DOC: Add a section to document the internal sample fetches - MINOR: mux-h1: Inherit send flags from the upper layer - MINOR: contrib/prometheus-exporter: Add heathcheck status/code in server metrics - BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters - BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules - BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing - MEDIUM: http-rules: Register an action keyword for all http rules - MINOR: tcp-rules: Always set from which ruleset a rule comes from - MINOR: actions: Use ACT_RET_CONT code to ignore an error from a custom action - MINOR: tcp-rules: Kill connections when custom actions return ACT_RET_ERR - MINOR: http-rules: Return an error when custom actions return ACT_RET_ERR - MINOR: counters: Add a counter to report internal processing errors - MEDIUM: http-ana: Properly handle internal processing errors - MINOR: http-rules: Add a rule result to report internal error - MINOR: http-rules: Handle internal errors during HTTP rules evaluation - MINOR: http-rules: Add more return codes to let custom actions act as normal ones - MINOR: tcp-rules: Handle denied/aborted/invalid connections from TCP rules - MINOR: http-rules: Handle denied/aborted/invalid connections from HTTP rules - MINOR: stats: Report internal errors in the proxies/listeners/servers stats - MINOR: contrib/prometheus-exporter: Export internal errors per proxy/server - MINOR: counters: Remove failed_secu counter and use denied_resp instead - MINOR: counters: Review conditions to increment counters from analysers - MINOR: http-ana: Add a txn flag to support soft/strict message rewrites - MINOR: http-rules: Handle all message rewrites the same way - MINOR: http-rules: Add a rule to enable or disable the strict rewriting mode - MEDIUM: http-rules: Enable the strict rewriting mode by default - REGTEST: Fix format of set-uri HTTP request rule in h1or2_to_h1c.vtc - MINOR: actions: Add a function pointer to release args used by actions - MINOR: actions: Regroup some info about HTTP rules in the same struct - MINOR: http-rules/tcp-rules: Call the defined action function first if defined - MINOR: actions: Rename the act_flag enum into act_opt - MINOR: actions: Add flags to configure the action behaviour - MINOR: actions: Use an integer to set the action type - MINOR: http-rules: Use a specific action type for some custom HTTP actions - MINOR: http-rules: Make replace-header and replace-value custom actions - MINOR: http-rules: Make set-header and add-header custom actions - MINOR: http-rules: Make set/del-map and add/del-acl custom actions - MINOR: http-rules: Group all processing of early-hint rule in its case clause - MEDIUM: http-rules: Make early-hint custom actions - MINOR: http-rule/tcp-rules: Make track-sc* custom actions - MINOR: tcp-rules: Make tcp-request capture a custom action - MINOR: http-rules: Add release functions for existing HTTP actions - BUG/MINOR: http-rules: Fix memory releases on error path during action parsing - MINOR: tcp-rules: Add release functions for existing TCP actions - BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing - MINOR: http-htx: Add functions to read a raw error file and convert it in HTX - MINOR: http-htx: Add functions to create HTX redirect message - MINOR: config: Use dedicated function to parse proxy's errorfiles - MINOR: config: Use dedicated function to parse proxy's errorloc - MEDIUM: http-htx/proxy: Use a global and centralized storage for HTTP error messages - MINOR: proxy: Register keywords to parse errorfile and errorloc directives - MINOR: http-htx: Add a new section to create groups of custom HTTP errors - MEDIUM: proxy: Add a directive to reference an http-errors section in a proxy - MINOR: http-rules: Update txn flags and status when a deny rule is executed - MINOR: http-rules: Support an optional status on deny rules for http reponses - MINOR: http-rules: Use same function to parse request and response deny actions - MINOR: http-ana: Add an error message in the txn and send it when defined - MEDIUM: http-rules: Support an optional error message in http deny rules - REGTEST: Add a strict rewriting mode reg test - REGEST: Add reg tests about error files - MINOR: ssl: accept 'verify' bind option with 'set ssl cert' - BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak - BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak - BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak - BUG/MINOR: http_htx: Fix some leaks on error path when error files are loaded - CLEANUP: http-ana: Remove useless test on txn when the error message is retrieved - BUILD: CI: introduce ARM64 builds - BUILD: ssl: more elegant anti-replay feature presence check - MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive - MEDIUM: dns: use Additional records from SRV responses - CLEANUP: Consistently `unsigned int` for bitfields - CLEANUP: pattern: remove the pat_time definition - BUG/MINOR: http_act: don't check capture id in backend - BUG/MINOR: ssl: fix build on development versions of openssl-1.1.x 2019/11/25 : 2.2-dev0 - exact copy of 2.1.0 2019/11/25 : 2.1.0 - BUG/MINOR: init: fix set-dumpable when using uid/gid - MINOR: init: avoid code duplication while setting identify - BUG/MINOR: ssl: ssl_pkey_info_index ex_data can store a dereferenced pointer - BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1 - MINOR: peers: Alway show the table info for disconnected peers. - MINOR: peers: Add TX/RX heartbeat counters. - MINOR: peers: Add debugging information to "show peers". - BUG/MINOR: peers: Wrong null "server_name" data field handling. - MINOR: ssl/cli: 'abort ssl cert' deletes an on-going transaction - BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec - BUG/MINOR: peers: "peer alive" flag not reset when deconnecting. - BUILD/MINOR: ssl: fix compiler warning about useless statement - BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported - MINOR: contrib/prometheus-exporter: filter exported metrics by scope - MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance - BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests - BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path - BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding - DOC: Update http-buffer-request description to remove the part about chunks - BUG/MINOR: stream-int: Fix si_cs_recv() return value - DOC: internal: document the init calls - MEDIUM: dns: Add resolve-opts "ignore-weight" - MINOR: ssl: ssl_sock_prepare_ctx() return an error code - MEDIUM: ssl/cli: apply SSL configuration on SSL_CTX during commit - MINOR: ssl/cli: display warning during 'commit ssl cert' - MINOR: version: report the version status in "haproxy -v" - MINOR: version: emit the link to the known bugs in output of "haproxy -v" - DOC: Add documentation about the use-service action - MINOR: ssl: fix possible null dereference in error handling - BUG/MINOR: ssl: fix curve setup with LibreSSL - BUG/MINOR: ssl: Stop passing dynamic strings as format arguments - CLEANUP: ssl: check if a transaction exists once before setting it - BUG/MINOR: cli: fix out of bounds in -S parser - MINOR: ist: add ist_find_ctl() - BUG/MAJOR: h2: reject header values containing invalid chars - BUG/MAJOR: h2: make header field name filtering stronger - BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state - MINOR: h2: add a function to report H2 error codes as strings - MINOR: mux-h2/trace: report the connection and/or stream error code - SCRIPTS: create-release: show the correct origin name in suggested commands - SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands - BUG/MEDIUM: trace: fix a typo causing an incorrect startup error - BUILD: reorder the objects in the makefile - DOC: mention in INSTALL haproxy 2.1 is a stable stable version - MINOR: version: indicate that this version is stable 2019/11/15 : 2.1-dev5 - BUG/MEDIUM: ssl/cli: don't alloc path when cert not found - BUG/MINOR: ssl/cli: unable to update a certificate without bundle extension - BUG/MINOR: ssl/cli: fix an error when a file is not found - MINOR: ssl/cli: replace the default_ctx during 'commit ssl cert' - DOC: fix date and http_date keywords syntax - MINOR: peers: Add "log" directive to "peers" section. - BUG/MEDIUM: mux-h1: Disable splicing for chunked messages - BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it - MINOR: flt_trace: Rename macros to print trace messages - MINOR: trace: Add a set of macros to trace events if HA is compiled with debug - MEDIUM: stream/trace: Register a new trace source with its events - MINOR: doc: http-reuse connection pool fix - BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams - MINOR: http-ana: Remove the unused function http_reset_txn() - BUG/MINOR: action: do-resolve now use cached response - BUG: dns: timeout resolve not applied for valid resolutions - DOC: management: fix typo on "cache_lookups" stats output - BUG/MINOR: stream: init variables when the list is empty - BUG/MEDIUM: tasks: Make tasklet_remove_from_tasklet_list() no matter the tasklet. - BUG/MINOR: queue/threads: make the queue unlinking atomic - BUG/MEDIUM: Make sure we leave the session list in session_free(). - CLEANUP: session: slightly simplify idle connection cleanup logic - MINOR: memory: also poison the area on freeing - CLEANUP: cli: use srv_shutdown_streams() instead of open-coding it - CLEANUP: stats: use srv_shutdown_streams() instead of open-coding it - BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition - BUILD: contrib/da: remove an "unused" warning - BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams - MEDIUM: filters: Adapt filters API to allow again TCP filtering on HTX streams - MINOR: freq_ctr: Make the sliding window sums thread-safe - MINOR: stream: Remove the lock on the proxy to update time stats - MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time - MINOR: stats: Report max times in addition of the averages for sessions - MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions - BUG/MINOR: contrib/prometheus-exporter: Rename some metrics - MINOR: contrib/prometheus-exporter: report the number of idle conns per server - DOC: Add missing stats fields in the management manual - BUG/MINOR: mux-h1: Properly catch parsing errors on payload and trailers - BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe - MINOR: mux-h1: Set EOI on the conn-stream when EOS is reported in TUNNEL state - MINOR: sink: Set the default max length for a message to BUFSIZE - MINOR: ring: make the parse function automatically set the handler/release - BUG/MINOR: log: make "show startup-log" use a ring buffer instead - MINOR: stick-table: allow sc-set-gpt0 to set value from an expression 2019/11/03 : 2.1-dev4 - BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed - BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent - BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached - DOC: remove obsolete section about header manipulation - BUG/MINOR: ssl/cli: cleanup on cli_parse_set_cert error - MINOR: ssl/cli: rework the 'set ssl cert' IO handler - BUILD: CI: comment out cygwin build, upgrade various ssl libraries - DOC: Improve documentation of http-re(quest|sponse) replace-(header|value|uri) - BUILD/MINOR: tools: shut up the format truncation warning in get_gmt_offset() - BUG/MINOR: spoe: fix off-by-one length in UUID format string - BUILD/MINOR: ssl: shut up a build warning about format truncation - BUILD: do not disable -Wformat-truncation anymore - MINOR: chunk: add chunk_istcat() to concatenate an ist after a chunk - Revert "MINOR: istbuf: add b_fromist() to make a buffer from an ist" - MINOR: mux: Add a new method to get informations about a mux. - BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready. - BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready. - MINOR: doc: fix busy-polling performance reference - MINOR: config: allow no set-dumpable config option - MINOR: init: always fail when setrlimit fails - MINOR: ssl/cli: rework 'set ssl cert' as 'set/commit' - CLEANUP: ssl/cli: remove leftovers of bundle/certs (it < 2) - REGTEST: vtest can now enable mcli with its own flag - BUG/MINOR: config: Update cookie domain warn to RFC6265 - MINOR: sample: add us/ms support to date/http_date - BUG/MINOR: ssl/cli: check trash allocation in cli_io_handler_commit_cert() - BUG/MEDIUM: mux-h2: report no available stream on a connection having errors - BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list - BUG/MEDIUM: mux-h2: immediately report connection errors on streams - BUG/MINOR: stats: properly check the path and not the whole URI - BUG/MINOR: ssl: segfault in cli_parse_set_cert with old openssl/boringssl - BUG/MINOR: ssl: ckch->chain must be initialized - BUG/MINOR: ssl: double free on error for ckch->{key,cert} - MINOR: ssl: BoringSSL ocsp_response does not need issuer - BUG/MEDIUM: ssl/cli: fix dot research in cli_parse_set_cert - MINOR: backend: Add srv_name sample fetche - DOC: Add GitHub issue config.yml 2019/10/25 : 2.1-dev3 - MINOR: mux-h2/trace: missing conn pointer in demux full message - MINOR: mux-h2: add a per-connection list of blocked streams - BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const - BUG/MEDIUM: mux-h2: do not enforce timeout on long connections - BUG/MEDIUM: tasks: Don't forget to decrement tasks_run_queue. - BUG/MINOR: peers: crash on reload without local peer. - BUG/MINOR: mux-h2/trace: Fix traces on h2c initialization - MINOR: h1-htx: Update h1_copy_msg_data() to ease the traces in the mux-h1 - MINOR: htx: Adapt htx_dump() to be used from traces - MINOR: mux-h1/trace: register a new trace source with its events - MINOR: proxy: Store http-send-name-header in lower case - MINOR: http: Remove headers matching the name of http-send-name-header option - BUG/MINOR: mux-h1: Adjust header case when the server name is add to a request - BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message - MINOR: mux-h1: Try to wakeup the stream on output buffer allocation - MINOR: fcgi: Add function to get the string representation of a record type - MINOR: mux-fcgi/trace: Register a new trace source with its events - BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri - DOC: clarify some points around http-send-name-header's behavior - MEDIUM: mux-h2: support emitting CONTINUATION frames after HEADERS - BUG/MINOR: mux-h1/mux-fcgi/trace: Fix position of the 4th arg in some traces - DOC: fix typo in Prometheus exporter doc - MINOR: h2: clarify the rules for how to convert an H2 request to HTX - MINOR: htx: Add 2 flags on the start-line to have more info about the uri - MINOR: http: Add a function to get the authority into a URI - MINOR: h1-htx: Set the flag HTX_SL_F_HAS_AUTHORITY during the request parsing - MEDIUM: http-htx: Keep the Host header and the request start-line synchronized - MINOR: h1-htx: Only use the path of a normalized URI to format a request line - MEDIUM: h2: make the request parser rebuild a complete URI - MINOR: h2: report in the HTX flags when the request has an authority - MEDIUM: mux-h2: do not map Host to :authority on output - MEDIUM: h2: use the normalized URI encoding for absolute form requests - MINOR: stats: mention in the help message support for "json" and "typed" - MINOR: stats: get rid of the ST_CONVDONE flag - MINOR: stats: replace the ST_* uri_auth flags with STAT_* - MINOR: stats: always merge the uri_auth flags into the appctx flags - MINOR: stats: set the appctx flags when initializing the applet only - MINOR: stats: get rid of the STAT_SHOWADMIN flag - MINOR: stats: make stats_dump_fields_json() directly take flags - MINOR: stats: uniformize the calling convention of the dump functions - MINOR: stats: support the "desc" output format modifier for info and stat - MINOR: stats: prepare to add a description with each stat/info field - MINOR: stats: make "show stat" and "show info" - MINOR: stats: fill all the descriptions for "show info" and "show stat" - BUG/MEDIUM: applet: always check a fast running applet's activity before killing - BUILD: stats: fix missing '=' sign in array declaration - MINOR: lists: add new macro LIST_SPLICE_END_DETACHED - MINOR: list: add new macro MT_LIST_BEHEAD - MEDIUM: task: Split the tasklet list into two lists. - MINOR: h2: Document traps to be avoided on multithread. - MINOR: lists: Try to use local variables instead of macro arguments. - MINOR: lists: Fix alignement of \ when relevant. - MINOR: mux-h2: also support emitting CONTINUATION on trailers - MINOR: ssl: crt-list do ckchn_lookup - REORG: ssl: rename ckch_node to ckch_store - REORG: ssl: move structures to ssl_sock.h - MINOR: ssl: initialize the sni_keytypes_map as EB_ROOT - MINOR: ssl: initialize explicitly the sni_ctx trees - BUG/MINOR: ssl: abort on sni allocation failure - BUG/MINOR: ssl: free the sni_keytype nodes - BUG/MINOR: ssl: abort on sni_keytypes allocation failure - MEDIUM: ssl: introduce the ckch instance structure - MEDIUM: ssl: split ssl_sock_add_cert_sni() - MINOR: ssl: ssl_sock_load_ckchn() can properly fail - MINOR: ssl: ssl_sock_load_multi_ckchs() can properly fail - MEDIUM: ssl: ssl_sock_load_ckchs() alloc a ckch_inst - MINOR: ssl: ssl_sock_load_crt_file_into_ckch() is filling from a BIO - MEDIUM: ssl/cli: 'set ssl cert' updates a certificate from the CLI - MINOR: ssl: load the sctl in/from the ckch - MINOR: ssl: load the ocsp in/from the ckch - BUG/MEDIUM: ssl: NULL dereference in ssl_sock_load_cert_sni() - BUG/MINOR: ssl: fix build without SSL - BUG/MINOR: ssl: fix build without multi-cert bundles - BUILD: ssl: wrong #ifdef for SSL engines code - BUG/MINOR: ssl: fix OCSP build with BoringSSL - BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are formatted to h1 - BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data - BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is interrupted - MINOR: mux-h1: Xfer as much payload data as possible during output processing - CLEANUP: h1-htx: Move htx-to-h1 formatting functions from htx.c to h1_htx.c - BUG/MINOR: mux-h1: Capture ignored parsing errors - MINOR: h1: Reject requests with different occurrences of the header host - MINOR: h1: Reject requests if the authority does not match the header host - REGTESTS: Send valid URIs in peers reg-tests and fix HA config to avoid warnings - REGTESTS: Adapt proxy_protocol_random_fail.vtc to match normalized URI too - BUG/MINOR: WURFL: fix send_log() function arguments - BUG/MINOR: ssl: fix error messages for OCSP loading - BUG/MINOR: ssl: can't load ocsp files - MINOR: version: make the version strings variables, not constants - BUG/MINOR: http-htx: Properly set htx flags on error files to support keep-alive - MINOR: htx: Add a flag on HTX to known when a response was generated by HAProxy - MINOR: mux-h1: Force close mode for proxy responses with an unfinished request - BUILD: travis-ci: limit build to branches "master" and "next" - BUILD/MEDIUM: threads: rename thread_info struct to ha_thread_info - BUILD/SMALL: threads: enable threads on osx - BUILD/MEDIUM: threads: enable cpu_affinity on osx - MINOR: istbuf: add b_fromist() to make a buffer from an ist - BUG/MINOR: cache: also cache absolute URIs - BUG/MINOR: mworker/ssl: close openssl FDs unconditionally - BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers - BUG/MEDIUM: lists: Handle 1-element-lists in MT_LIST_BEHEAD(). - BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing. - BUG/MEDIUM: tasklet: properly compute the sleeping threads mask in tasklet_wakeup() - BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads - BUG/MEDIUM: task: make tasklets either local or shared but not both at once - Revert e8826ded5fea3593d89da2be5c2d81c522070995. - BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream attached. - BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to receive. - REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI - CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes - CLEANUP: ssl: make ssl_sock_load_ckchs() return a set of ERR_* - CLEANUP: ssl: make cli_parse_set_cert handle errcode and warnings. - CLEANUP: ssl: make ckch_inst_new_load_(multi_)store handle errcode/warn - CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn - CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn - CLEANUP: bind: handle warning label on bind keywords parsing. - BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1 - BUG/MINOR: mworker/cli: reload fail with inherited FD - BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed - BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr - BUG/MINOR: cache: alloc shctx after check config - BUG/MINOR: sample: Make the `field` converter compatible with `-m found` - BUG/MINOR: server: check return value of fopen() in apply_server_state() - REGTESTS: make seamless-reload depend on 1.9 and above - REGTESTS: server/cli_set_fqdn requires version 1.8 minimum - BUG/MINOR: dns: allow srv record weight set to 0 - BUG/MINOR: ssl: fix memcpy overlap without consequences. - BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion - BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless - BUG/MINOR: mux-h2: do not emit logs on backend connections - CLEANUP: ssl: remove old TODO commentary - CLEANUP: ssl: fix SNI/CKCH lock labels - MINOR: ssl: OCSP functions can load from file or buffer - MINOR: ssl: load sctl from buf OR from a file - MINOR: ssl: load issuer from file or from buffer - MINOR: ssl: split ssl_sock_load_crt_file_into_ckch() - BUG/MINOR: ssl/cli: fix looking up for a bundle - MINOR: ssl/cli: update ocsp/issuer/sctl file from the CLI - MINOR: ssl: update ssl_sock_free_cert_key_and_chain_contents - MINOR: ssl: copy a ckch from src to dst - MINOR: ssl: new functions duplicate and free a ckch_store - MINOR: ssl/cli: assignate a new ckch_store - MEDIUM: cli/ssl: handle the creation of SSL_CTX in an IO handler - BUG/MINOR: ssl/cli: fix build of SCTL and OCSP - BUG/MINOR: ssl/cli: out of bounds when built without ocsp/sctl - BUG/MINOR: ssl: fix build with openssl < 1.1.0 - BUG/MINOR: ssl: fix build of X509_chain_up_ref() w/ libreSSL - MINOR: tcp: avoid confusion in time parsing init - MINOR: debug: add a new "debug dev stream" command - MINOR: cli/debug: validate addresses using may_access() in "debug dev stream" - REORG: move CLI access level definitions to cli.h - MINOR: cli: add an expert mode to hide dangerous commands - MINOR: debug: make most debug CLI commands accessible in expert mode - MINOR: stats/debug: maintain a counter of debug commands issued - BUG/MEDIUM: debug: address a possible null pointer dereference in "debug dev stream" 2019/10/01 : 2.1-dev2 - DOC: management: document reuse and connect counters in the CSV format - DOC: management: document cache_hits and cache_lookups in the CSV format - BUG/MINOR: dns: remove irrelevant dependency on a client connection - MINOR: applet: make appctx use their own pool - BUG/MEDIUM: checks: Don't attempt to receive data if we already subscribed. - BUG/MEDIUM: http/htx: unbreak option http_proxy - BUG/MINOR: backend: do not try to install a mux when the connection failed - MINOR: mux-h2: Don't adjust anymore the amount of data sent in h2_snd_buf() - BUG/MINOR: http_fetch: Fix http_auth/http_auth_group when called from TCP rules - BUG/MINOR: http_htx: Initialize HTX error messages for TCP proxies - BUG/MINOR: cache/htx: Make maxage calculation HTX aware - BUG/MINOR: hlua: Make the function txn:done() HTX aware - MINOR: proto_htx: Directly call htx_check_response_for_cacheability() - MINOR: proto_htx: Rely on the HTX function to apply a redirect rules - MINOR: proto_htx: Add the function htx_return_srv_error() - MINOR: backend/htx: Don't rewind output data to set the sni on a srv connection - MINOR: proto_htx: Don't stop forwarding when there is a post-connect processing - DOC: htx: Update comments in HTX files - CLEANUP: htx: Remove the unsued function htx_add_blk_type_size() - MINOR: htx: Deduce the number of used blocks from tail and head values - MINOR: htx: Use an array of char to store HTX blocks - MINOR: htx: Slightly update htx_dump() to report better messages - DOC: htx: Add internal documentation about the HTX - MAJOR: http: Deprecate and ignore the option "http-use-htx" - MEDIUM: mux-h2: Remove support of the legacy HTTP mode - CLEANUP: h2: Remove functions converting h2 requests to raw HTTP/1.1 ones - MINOR: connection: Remove the multiplexer protocol PROTO_MODE_HTX - MINOR: stream: Rely on HTX analyzers instead of legacy HTTP ones - MEDIUM: http_fetch: Remove code relying on HTTP legacy mode - MINOR: config: Remove tests on the option 'http-use-htx' - MINOR: stream: Remove tests on the option 'http-use-htx' in stream_new() - MINOR: proxy: Remove tests on the option 'http-use-htx' during H1 upgrade - MINOR: hlua: Remove tests on the option 'http-use-htx' to reject TCP applets - MINOR: cache: Remove tests on the option 'http-use-htx' - MINOR: contrib/prometheus-exporter: Remove tests on the option 'http-use-htx' - CLEANUP: proxy: Remove the flag PR_O2_USE_HTX - MINOR: proxy: Don't adjust connection mode of HTTP proxies anymore - MEDIUM: backend: Remove code relying on the HTTP legacy mode - MEDIUM: hlua: Remove code relying on the legacy HTTP mode - MINOR: http_act: Remove code relying on the legacy HTTP mode - MEDIUM: cache: Remove code relying on the legacy HTTP mode - MEDIUM: compression: Remove code relying on the legacy HTTP mode - MINOR: flt_trace: Remove code relying on the legacy HTTP mode - MINOR: stats: Remove code relying on the legacy HTTP mode - MAJOR: filters: Remove code relying on the legacy HTTP mode - MINOR: stream: Remove code relying on the legacy HTTP mode - MAJOR: http: Remove the HTTP legacy code - MINOR: hlua: Remove useless test on TX_CON_WANT_* flags - MINOR: proto_http: Remove unused http txn flags - MINOR: proto_http: Remove the unused flag HTTP_MSGF_WAIT_CONN - CLEANUP: proto_http: Group remaining flags of the HTTP transaction - CLEANUP: channel: Remove the unused flag CF_WAKE_CONNECT - CLEANUP: proto_http: Remove unecessary includes and comments - CLEANUP: proto_http: Move remaining code from proto_http.c to proto_htx.c - REORG: proto_htx: Move HTX analyzers & co to http_ana.{c,h} files - BUG/MINOR: debug: Remove flags CO_FL_SOCK_WR_ENA/CO_FL_SOCK_RD_ENA - MINOR: proxy: Remove support of the option 'http-tunnel' - DOC: config: Update as a result of the legacy HTTP removal - MEDIUM: config: Remove parsing of req* and rsp* directives - MINOR: proxy: Remove the unused list of block rules - MINOR: proxy/http_ana: Remove unused req_exp/rsp_exp and req_add/rsp_add lists - DOC: config: Remove unsupported req* and rsp* keywords - MINOR: global: Preset tune.max_http_hdr to its default value - MINOR: http: Don't store raw HTTP errors in chunks anymore - BUG/MINOR: session: Emit an HTTP error if accept fails only for H1 connection - BUG/MINOR: session: Send a default HTTP error if accept fails for a H1 socket - CLEANUP: mux-h2: Remove unused flags H2_SF_CHNK_* - BUG/MINOR: checks: do not exit tcp-checks from the middle of the loop - MINOR: config: Warn only if the option http-use-htx is used with "no" prefix - BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction - MINOR: connection: add conn_get_src() and conn_get_dst() - MINOR: frontend: switch to conn_get_{src,dst}() for logging and debugging - MINOR: backend: switch to conn_get_{src,dst}() for port and address mapping - MINOR: ssl: switch to conn_get_dst() to retrieve the destination address - MINOR: tcp: replace various calls to conn_get_{from,to}_addr with conn_get_{src,dst} - MINOR: stream-int: use conn_get_{src,dst} in conn_si_send_proxy() - MINOR: stream/cli: use conn_get_{src,dst} in "show sess" and "show peers" output - MINOR: log: use conn_get_{dst,src}() to retrieve the cli/frt/bck/srv/ addresses - MINOR: http/htx: use conn_get_dst() to retrieve the destination address - MINOR: lua: use conn_get_{src,dst} to retrieve connection addresses - MINOR: http: check the source address via conn_get_src() in sample fetch functions - CLEANUP: connection: remove the now unused conn_get_{from,to}_addr() - MINOR: connection: add new src and dst fields - MINOR: connection: use conn->{src,dst} instead of &conn->addr.{from,to} - MINOR: ssl-sock: use conn->dst instead of &conn->addr.to - MINOR: lua: switch to conn->dst for a connection's target address - MINOR: peers: use conn->dst for the peer's target address - MINOR: htx: switch from conn->addr.{from,to} to conn->{src,dst} - MINOR: stream: switch from conn->addr.{from,to} to conn->{src,dst} - MINOR: proxy: switch to conn->src in error snapshots - MINOR: session: use conn->src instead of conn->addr.from - MINOR: tcp: replace conn->addr.{from,to} with conn->{src,dst} - MINOR: unix: use conn->dst for the target address in ->connect() - MINOR: sockpair: use conn->dst for the target address in ->connect() - MINOR: log: use conn->{src,dst} instead of conn->addr.{from,to} - MINOR: checks: replace conn->addr.to with conn->dst - MINOR: frontend: switch from conn->addr.{from,to} to conn->{src,dst} - MINOR: http: convert conn->addr.from to conn->src in sample fetches - MEDIUM: backend: turn all conn->addr.{from,to} to conn->{src,dst} - MINOR: connection: create a new pool for struct sockaddr_storage - MEDIUM: connection: make sure all address producers allocate their address - MAJOR: connection: remove the addr field - MINOR: connection: don't use clear_addr() anymore, just release the address - MINOR: stream: add a new target_addr entry in the stream structure - MAJOR: stream: store the target address into s->target_addr - MINOR: peers: now remove the remote connection setup code - MEDIUM: lua: do not allocate the remote connection anymore - MEDIUM: backend: always release any existing prior connection in connect_server() - MEDIUM: backend: remove impossible cases from connect_server() - BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach() - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream - BUG/MINOR: http_ana: Be sure to have an allocated buffer to generate an error - BUG/MINOR: http_htx: Support empty errorfiles - BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter - BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff - BUG/MINOR: proxy: always lock stop_proxy() - MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps - BUILD: threads: add the definition of PROTO_LOCK - BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased - BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send. - BUG/MINOR: log: make sure writev() is not interrupted on a file output - DOC: improve the wording in CONTRIBUTING about how to document a bug fix - MEDIUM: h1: Don't try to subscribe if we managed to read data. - MEDIUM: h1: Don't wake the H1 tasklet if we got the whole request. - REGTESTS: checks: exclude freebsd target for tcp-check_multiple_ports.vtc - BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called - BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class - MINOR: hlua: Don't set request analyzers on response channel for lua actions - MINOR: hlua: Add a flag on the lua txn to know in which context it can be used - BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready - BUG/MINOR: htx: Fix free space addresses calculation during a block expansion - MINOR: ssl: merge ssl_sock_load_cert_file() and ssl_sock_load_cert_chain_file() - MEDIUM: ssl: use cert_key_and_chain struct in ssl_sock_load_cert_file() - MEDIUM: ssl: split the loading of the certificates - MEDIUM: ssl: lookup and store in a ckch_node tree - MEDIUM: ssl: load DH param in struct cert_key_and_chain - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue() - MINOR: ssl: use STACK_OF for chain certs - MINOR: ssl: add extra chain compatibility - MINOR: ssl: check private key consistency in loading - MINOR: ssl: do not look at DHparam with OPENSSL_NO_DH - CLEANUP: ssl: ssl_sock_load_crt_file_into_ckch - MINOR: ssl: clean ret variable in ssl_sock_load_ckchn - MAJOR: fd: Get rid of the fd cache. - MEDIUM: pollers: Remember the state for read and write for each threads. - MEDIUM: mux-h2: don't try to read more than needed - BUG/BUILD: ssl: fix build with openssl < 1.0.2 - BUG/MEDIUM: ssl: does not try to free a DH in a ckch - BUG/MINOR: debug: fix a small race in the thread dumping code - MINOR: wdt: also consider that waiting in the thread dumper is normal - REGTESTS: checks: make 4be_1srv_health_checks more reliable - BUILD: ssl: BoringSSL add EVP_PKEY_base_id - BUG/MEDIUM: ssl: don't free the ckch in multi-cert bundle - BUG/MINOR: ssl: fix ressource leaks on error - BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased - BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion - BUG/MINOR: stream-int: make sure to always release empty buffers after sending - BUG/MEDIUM: ssl: open the right path for multi-cert bundle - BUG/MINOR: stream-int: also update analysers timeouts on activity - BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames - BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes - BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2 - DOC: Add 'Question.md' issue template, discouraging asking questions - BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete(). - BUG/MEDIUM: pollers: Clear the poll_send bits as well. - BUILD: travis-ci: enable daily Coverity scan - BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one - BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data() - BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads - BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition - BUG/MINOR: mux-h2: always send stream window update before connection's - BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame - BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak - BUG/MEDIUM: stick-table: Wrong stick-table backends parsing. - CLEANUP: mux-h2: move the demuxed frame check code in its own function - MINOR: cache: add method to cache hash - MINOR: cache: allow caching of OPTIONS request - BUG/MINOR: ssl: fix 0-RTT for BoringSSL - MINOR: ssl: ssl_fc_has_early should work for BoringSSL - BUG/MINOR: pools: don't mark the thread harmless if already isolated - BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it - CLEANUP: buffer: replace b_drop() with b_free() - CLEANUP: task: move the cpu_time field to the task-only part - MINOR: cli: add two new states to print messages on the CLI - MINOR: cli: add cli_msg(), cli_err(), cli_dynmsg(), cli_dynerr() - CLEANUP: cli: replace all occurrences of manual handling of return messages - BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX. - BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream. - BUG/MINOR: lua: fix setting netfilter mark - BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers - BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout - BUG/MINOR: stats: Wait the body before processing POST requests - MINOR: fd: make sure to mark the thread as not stuck in fd_update_events() - BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe. - BUILD: travis-ci: trigger non-mainstream configurations only on daily builds. - MINOR: debug: indicate the applet name when the task is task_run_applet() - MINOR: tools: add append_prefixed_str() - MINOR: lua: export applet and task handlers - MEDIUM: debug: make the thread dump code show Lua backtraces - BUG/MEDIUM: h1: Always try to receive more in h1_rcv_buf(). - MINOR: list: add LIST_SPLICE() to merge one list into another - MINOR: tools: add a DEFNULL() macro to use NULL for empty args - REORG: trace: rename trace.c to calltrace.c and mention it's not thread-safe - MINOR: sink: create definitions a minimal code for event sinks - MINOR: sink: add a support for file descriptors - MINOR: trace: start to create a new trace subsystem - MINOR: trace: add allocation of buffer-sized trace buffers - MINOR: trace/cli: register the "trace" CLI keyword to list the sources - MINOR: trace/cli: parse the "level" argument to configure the trace verbosity - MINOR: trace/cli: add "show trace" to report trace state and statistics - MINOR: trace: implement a very basic trace() function - MINOR: trace: add the file name and line number in the prefix - MINOR: trace: make trace() now also take a level in argument - MINOR: trace: implement a call to a decode function - MINOR: trace: add per-level macros to produce traces - MINOR: trace: add a definition of typed arguments to trace() - MINOR: trace: make sure to always stop the locking when stopping or pausing - MINOR: trace: add the possibility to lock on some arguments - MINOR: trace: parse the "lock" argument to trace - MINOR: trace: retrieve useful pointers and enforce lock-on - DOC: management: document the "trace" and "show trace" commands - BUILD: trace: make the lockon_ptr const to silence a warning without threads - BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary - BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full - DOC: fixed typo in management.txt - BUG/MINOR: mworker: disable SIGPROF on re-exec - BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener() - BUG/MEDIUM: url32 does not take the path part into account in the returned hash. - MINOR: backend: Add srv_queue converter - MINOR: sink: set the fd-type sinks to non-blocking - MINOR: tools: add a function varint_bytes() to report the size of a varint - MINOR: buffer: add functions to read/write varints from/to buffers - MINOR: fd: add fd_write_frag_line() to send a fragmented line to an fd - MINOR: sink: now call the generic fd write function - MINOR: ring: add a new mechanism for retrieving/storing ring data in buffers - MINOR: ring: add a ring_write() function - MINOR: ring: add a generic CLI io_handler to dump a ring buffer - MINOR: sink: add support for ring buffers - MINOR: sink: implement "show events" to show supported sinks and dump the rings - MINOR: sink: now report the number of dropped events on output - MINOR: trace: support a default callback for the source - MINOR: trace: extend the source location to 13 chars - MINOR: trace: show thread number and source name in the trace - MINOR: trace: change the TRACE() calling convention to put the args and cb last - MINOR: connection: add the fc_pp_authority fetch -- authority TLV, from PROXYv2 - MINOR: tools: add a generic struct "name_desc" for name-description pairs - MINOR: trace: replace struct trace_lockon_args with struct name_desc - MINOR: trace: change the "payload" level to "data" and move it - MINOR: trace: prepend the function name for developer level traces - MINOR: trace: also report the trace level in the output - MINOR: trace: change the detail_level to per-source verbosity - MINOR: mux-h2/trace: register a new trace source with its events - MINOR: mux-h2/trace: add the default decoding callback - MEDIUM: mux-h2/trace: add lots of traces all over the code - MINOR: mux-h2: add functions to convert an h2c/h2s state to a string - MINOR: mux-h2/trace: add a new verbosity level "clean" - MINOR: mux-h2/trace: only decode the start-line at verbosity other than "minimal" - MINOR: mux-h2/trace: always report the h2c/h2s state and flags - MINOR: mux-h2/trace: report h2s->id before h2c->dsi for the stream ID - CLEANUP: mux-h2/trace: reformat the "received" messages for better alignment - CLEANUP: mux-h2/trace: lower-case event names - MINOR: trace: extend default event names to 12 chars - BUG/MINOR: ring: fix the way watchers are counted - MINOR: cli: extend the CLI context with a list and two offsets - MINOR: mux-h2/trace: report the connection pointer and state before FRAME_H - MEDIUM: ring: implement a wait mode for watchers - BUG/MEDIUM: mux-h2/trace: do not dereference h2c->conn after failed idle - BUG/MEDIUM: mux-h2/trace: fix missing braces added with traces - BUG/MINOR: ring: b_peek_varint() returns a uint64_t, not a size_t - CLEANUP: fd: remove leftovers of the fdcache - MINOR: fd: add a new "initialized" bit in the fdtab struct - MINOR: fd/log/sink: make the non-blocking initialization depend on the initialized bit - MEDIUM: log: use the new generic fd_write_frag_line() function - MINOR: log: add a target type instead of hacking the address family - MEDIUM: log: add support for logging to a ring buffer - MINOR: send-proxy-v2: sends authority TLV according to TLV received - MINOR: build: add linux-glibc-legacy build TARGET - BUG/MEDIUM: peers: local peer socket not bound. - BUILD: connection: silence gcc warning with extra parentheses - BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled - BUG/MINOR: h1: Properly reset h1m when parsing is restarted - BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing - BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached - BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers - BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks - BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big - BUG/MINOR: mux-h1: Fix a possible null pointer dereference in h1_subscribe() - MEDIUM: fd: remove the FD_EV_POLLED status bit - MEDIUM: fd: simplify the fd_*_{recv,send} functions using BTS/BTR - MINOR: fd: make updt_fd_polling() a normal function - CONTRIB: debug: add new program "poll" to test poll() events - BUG/MINOR: checks: stop polling for write when we have nothing left to send - BUG/MINOR: checks: start sending the request right after connect() - BUG/MINOR: checks: make __event_chk_srv_r() report success before closing - BUG/MINOR: checks: do not uselessly poll for reads before the connection is up - BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser() - BUILD: CI: add basic CentOS 6 cirrus build - MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers - BUG/MINOR: lb/leastconn: ignore the server weights for empty servers - BUG/MAJOR: ssl: ssl_sock was not fully initialized. - MEDIUM: fd: mark the FD as ready when it's inserted - MINOR: fd: add two new calls fd_cond_{recv,send}() - MEDIUM: connection: enable reading only once the connection is confirmed - MINOR: fd: add two flags ERR and SHUT to describe FD states - MEDIUM: fd: do not use the FD_POLL_* flags in the pollers anymore - BUG/MEDIUM: connection: don't keep more idle connections than ever needed - MINOR: stats: report the number of idle connections for each server - BUILD: CI: skip reg-tests/connection/proxy_protocol_random_fail.vtc on CentOS 6 - BUILD/MINOR: auth: enabling for osx - BUG/MINOR: listener: Fix a possible null pointer dereference - BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context - MINOR: stats: Add JSON export from the stats page - BUG/MINOR: filters: Properly set the HTTP status code on analysis error - MINOR: sample: Add UUID-fetch - CLEANUP: mux-h2: Remove unused flag H2_SF_DATA_CHNK - BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed - BUG/MINOR: backend: Fix a possible null pointer dereference - BUG/MINOR: Missing stat_field_names (since f21d17bb) - BUG/MEDIUM: stick-table: Properly handle "show table" with a data type argument - BUILD: CI: temporarily disable ASAN - MINOR: htx: Add a flag on HTX message to report processing errors - MINOR: mux-h1: Report a processing error during output processing - MINOR: http-ana: Handle HTX errors first during message analysis - MINOR: http-ana: Remove err_state field from http_msg - MINOR: config: Support per-proxy and per-server deinit functions callbacks - MINOR: config: Support per-proxy and per-server post-check functions callbacks - MINOR: http_fetch: Add sample fetches to get auth method/user/pass - MINOR: istbuf: Add the function b_isteqi() - MINOR: log: Provide a function to emit a log for an application - MINOR: http: Add function to parse value of the header Status - MEDIUM: mux-h1/h1-htx: move HTX convertion of H1 messages in dedicated file - MINOR: h1-htx: Use the same function to copy message payload in all cases - MINOR: muxes/htx: Ignore pseudo header during message formatting - MINOR: fcgi: Add code related to FCGI protocol - MEDIUM: fcgi-app: Add FCGI application and filter - MEDIUM: mux-fcgi: Add the FCGI multiplexer - MINOR: doc: Add documentation about the FastCGI support - BUG/MINOR: build: Fix compilation of mux_fcgi.c when compiled without SSL - BUILD: CI: install golang-1.13 when building BoringSSL - BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe - BUG/MINOR: mux-fcgi: Be sure to have a connection to unsubcribe - CLEANUP: fcgi-app: Remove useless test on fcgi_conf pointer - BUG/MINOR: mux-fcgi: Don't compare the filter name in its parsing callback - BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame - BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1 - MEDIUM: list: Separate "locked" list from regular list. - MINOR: mt_lists: Add new macroes. - MEDIUM: servers: Use LIST_DEL_INIT() instead of LIST_DEL(). - MINOR: mt_lists: Do nothing in MT_LIST_ADD/MT_LIST_ADDQ if already in list. - MINOR: mt_lists: Give MT_LIST_ADD, MT_LIST_ADDQ and MT_LIST_DEL a return value. - MEDIUM: tasklets: Make the tasklet list a struct mt_list. - TESTS: Add a stress-test for mt_lists. - BUILD: travis-ci: add PCRE2, SLZ build - BUG/MINOR: build: fix event ports (Solaris) - BUG/MEDIUM: namespace: fix fd leak in master-worker mode - OPTIM: listeners: use tasklets for the multi-queue rings - BUILD: makefile: work around yet another GCC fantasy (-Wstring-plus-int) - BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send() - BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous sends - BUG/MEDIUM: checks: make sure the connection is ready before trying to recv - CLEANUP: task: remove impossible test - CLEANUP: task: cache the task_per_thread pointer - MINOR: task: split the tasklet vs task code in process_runnable_tasks() - MINOR: task: introduce a thread-local "sched" variable for local scheduler stuff - CLEANUP: mux-fcgi: Remove the unused function fcgi_strm_id() - BUG/MINOR: mux-fcgi: Use a literal string as format in app_log() - BUG/MEDIUM: tasklets: Make sure we're waking the target thread if it sleeps. - MINOR: h2/trace: indicate 'F' or 'B' to locate the side of an h2c in traces - MINOR: h2/trace: report the frame type when known - BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready - BUG/MEDIUM: namespace: close open namespaces during soft shutdown - MINOR: time: add timeofday_as_iso_us() to return instant time as ISO - MINOR: sink: finally implement support for SINK_FMT_{TIMED,ISO} - MINOR: sink: change ring buffer "buf0"'s format to "timed" - BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams - BUG/MINOR: mux-fcgi: silence a gcc warning about null dereference - BUG/MINOR: mux-h2: Fix missing braces because of traces in h2_detach() - BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed stream - BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames - BUG/MINOR: mux-h1: Do h2 upgrade only on the first request - BUG/MEDIUM: spoe: Use a different engine-id per process - MINOR: spoe: Improve generation of the engine-id - MINOR: spoe: Support the async mode with several threads - MINOR: http: Add server name header from HTTP multiplexers - CLEANUP: http-ana: Remove the unused function http_send_name_header() - MINOR: stats: Add the support of float fields in stats - BUG/MINOR: contrib/prometheus-exporter: Return the time averages in seconds - DOC: Fix documentation about the cli command to get resolver stats - BUG/MEDIUM: fcgi: fix missing list tail in sample fetch registration - BUG/MINOR: stats: Add a missing break in a switch statement - BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg) - CLEANUP: lua: Get rid of obsolete (size_t *) cast in hlua_lua2(smp|arg) - BUG/MEDIUM: lua: Store stick tables into the sample's `t` field - CLEANUP: proxy: Remove `proxy_tbl_by_name` - BUILD: ssl: fix a warning when built with openssl < 1.0.2 - DOC: replace utf-8 quotes by ascii ones - BUG/MEDIUM: fd: HUP is an error only when write is active - BUG/MINOR: action: do-resolve does not yield on requests with body - Revert "MINOR: cache: allow caching of OPTIONS request" 2019/07/16 : 2.1-dev1 - BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built - DOC: this is a development branch again. - MEDIUM: Make 'block' directive fatal - MEDIUM: Make 'redispatch' directive fatal - MEDIUM: Make '(cli|con|srv)timeout' directive fatal - MEDIUM: Remove 'option independant-streams' - MINOR: sample: Add sha2([]) converter - MEDIUM: server: server-state global file stored in a tree - BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware - BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages - BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses - MINOR: htx: Add the function htx_change_blk_value_len() - BUG/MEDIUM: htx: Fully update HTX message when the block value is changed - BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux - BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked - BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock - BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL condition. - BUILD: mworker: silence two printf format warnings around getpid() - BUILD: makefile: use :space: instead of digits to count commits - BUILD: makefile: adjust the sed expression of "make help" for solaris - BUILD: makefile: do not rely on shell substitutions to determine git version - BUG/MINOR: mworker-prog: Fix segmentation fault during cfgparse - BUG/MINOR: spoe: Fix memory leak if failing to allocate memory - BUG/MEDIUM: mworker: don't call the thread and fdtab deinit - BUG/MEDIUM: stream_interface: Don't add SI_FL_ERR the state is < SI_ST_CON. - BUG/MEDIUM: connections: Always add the xprt handshake if needed. - BUG/MEDIUM: ssl: Don't do anything in ssl_subscribe if we have no ctx. - BUG/MEDIUM: mworker/cli: command pipelining doesn't work anymore - BUG/MINOR: htx: Save hdrs_bytes when the HTX start-line is replaced - BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is formatted - BUG/MINOR: memory: Set objects size for pools in the per-thread cache - BUG/MINOR: log: Detect missing sampling ranges in config - BUG/MEDIUM: proto_htx: Don't add EOM on 1xx informational messages - BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages - BUG/MINOR: mux-h1: Make format errors during output formatting fatal - BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL. - BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported - BUG/MINOR: mworker/cli: don't output a \n before the response - BUG/MEDIUM: checks: unblock signals in external checks - BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages - BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses - BUG/MEDIUM: connections: Always call shutdown, with no linger. - BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed. - BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max() - BUG/MINOR: hlua: Don't use channel_htx_recv_max() - BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit() - BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent - BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent - BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux. - BUG/MEDIUM: servers: Authorize tfo in default-server. - BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions. - MINOR: server: Add "no-tfo" option. - BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks - MINOR: action: Add the return code ACT_RET_DONE for actions - BUG/MEDIUM: http/applet: Finish request processing when a service is registered - BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock - BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted - BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred - MINOR: stream-int: Factorize processing done after sending data in si_cs_send() - BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si - DOC: contrib: spoa_server Add some hints for building spoa_server - DOC: Fix typo in intro.txt - BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it. - BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2 - MINOR: pools: release the pool's lock during the malloc/free calls - MINOR: pools: always pre-initialize allocated memory outside of the lock - MINOR: pools: make the thread harmless during the mmap/munmap syscalls - BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept - BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections - BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection. - BUG/MEDIUM: da: cast the chunk to string. - DOC: Fix typos and grammer in configuration.txt - CLEANUP: proto_tcp: Remove useless header inclusions. - BUG/MEDIUM: servers: Fix a race condition with idle connections. - MINOR: task: introduce work lists - BUG/MAJOR: listener: fix thread safety in resume_listener() - BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to send - BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are used - BUG/MEDIUM: streams: Don't give up if we couldn't send the request. - BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't set. - BUG/MINOR: mux-pt: do not pretend there's more data after a read0 - BUG/MEDIUM: tcp-check: unbreak multiple connect rules again - MEDIUM: mworker-prog: Add user/group options to program section - REGTESTS: checks: tcp-check connect to multiple ports - BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored 2019/06/16 : 2.1-dev0 - exact copy of 2.0.0 2019/06/16 : 2.0.0 - MINOR: fd: Don't use atomic operations when it's not needed. - DOC: mworker-prog: documentation for the program section - MINOR: http: add a new "http-request replace-uri" action - BUG/MINOR: 51d/htx: The _51d_fetch method, and the methods it calls are now HTX aware. - MINOR: 51d: Added dummy libraries for the 51Degrees module for testing. - MINOR: mworker: change formatting in uptime field of "show proc" - MINOR: mworker: add the HAProxy version in "show proc" - MINOR: doc: Remove -Ds option in man page - MINOR: doc: add master-worker in the man page - MINOR: doc: mention HAPROXY_LOCALPEER in the man - BUILD: Silence gcc warning about unused return value - CLEANUP: 51d: move the 51d dummy lib to contrib/51d/src to match the real lib - BUILD: travis-ci: add 51Degree device detection, update openssl to 1.1.1c - MINOR: doc: update the manpage and usage message about -S - BUILD/MINOR: 51d: Updated build registration output to indicate thatif the library is a dummy one or not. - BUG/MEDIUM: h1: Don't wait for handshake if we had an error. - BUG/MEDIUM: h1: Wait for the connection if the handshake didn't complete. - BUG/MINOR: task: prevent schedulable tasks from starving under high I/O activity - BUG/MINOR: fl_trace/htx: Be sure to always forward trailers and EOM - BUG/MINOR: channel/htx: Call channel_htx_full() from channel_full() - BUG/MINOR: http: Use the global value to limit the number of parsed headers - BUG/MINOR: htx: Detect when tail_addr meet end_addr to maximize free rooms - BUG/MEDIUM: htx: Don't change position of the first block during HTX analysis - CLEANUP: channel: Remove channel_htx_fwd_payload() and channel_htx_fwd_all() - BUG/MEDIUM: proto_htx: Introduce the state ENDING during forwarding - MINOR: htx: Add 3 flags on the start-line to deal with the request schemes - MINOR: h2: Set flags about the request's scheme on the start-line - MINOR: mux-h1: Set flags about the request's scheme on the start-line - MINOR: mux-h2: Forward clients scheme to servers checking start-line flags - MEDIUM: server: server-state only rely on server name - CLEANUP: connection: rename the wait_event.task field to .tasklet - CLEANUP: tasks: rename task_remove_from_tasklet_list() to tasklet_remove_* - BUG/MEDIUM: connections: Don't call shutdown() if we want to disable linger. - DOC: add some environment variables in section 2.3 - BUILD: makefile: clarify the "help" output and list options - BUG/MINOR: mux-h1: Wake busy mux for I/O when message is fully sent - BUG: tasks: fix bug introduced by latest scheduler cleanup - BUG/MEDIUM: mux-h2: fix early close with option abortonclose - BUG/MEDIUM: connections: Don't use ALPN to pick mux when in mode TCP. - BUG/MEDIUM: connections: Don't try to send early data if we have no mux. - BUG/MEDIUM: mux-h2: properly account for the appended data in HTX - BUILD: makefile: further clarify the "help" output and list targets - BUILD: makefile: rename "linux2628" to "linux-glibc" and remove older targets - BUILD: travis-ci: switch to linux-glibc instead of linux2628 - DOC: update few references to the linux* targets and change them to linux-glibc - BUILD: makefile: detect and reject recently removed linux targets - BUILD: makefile: enable linux namespaces by default on linux - BUILD: makefile: enable TFO on linux platforms - BUILD: makefile: enable getaddrinfo on the linux-glibc target - DOC: small updates to the CONTRIBUTING file - BUG/MEDIUM: ssl: Make sure we initiate the handshake after using early data. - CLEANUP: removed obsolete examples an move a few to better places - DOC: Fix typos in CONTRIBUTING - DOC: update the outdated ROADMAP file - DOC: create a BRANCHES file to explain the life cycle - DOC: mention in INSTALL haproxy 2.0 is a long-term supported stable version - BUILD: travis-ci: TFO and GETADDRINFO are now enabled by default - BUILD: makefile: make the obsolete target detection compatible with make-3.80 - BUILD: tools: work around an internal compiler bug in gcc-3.4 - BUILD: pattern: work around an internal compiler bug in gcc-3.4 - BUILD: makefile: enable USE_RT on Solaris - BUILD: makefile: do not use echo -n - DOC: mention a few common build errors in the INSTALL file 2019/06/11 : 2.0-dev7 - BUG/MEDIUM: mux-h2: make sure the connection timeout is always set - MINOR: tools: add new bitmap manipulation functions - MINOR: logs: use the new bitmap functions instead of fd_sets for encoding maps - MINOR: chunks: Make sure trash_size is only set once. - Revert "MINOR: chunks: Make sure trash_size is only set once." - MINOR: threads: serialize threads initialization - MINOR peers: data structure simplifications for server names dictionary cache. - DOC: peers: Update for dictionary cache entries for peers protocol. - MINOR: dict: Store the length of the dictionary entries. - MINOR: peers: A bit of optimization when encoding cached server names. - MINOR: peers: Optimization for dictionary cache lookup. - MEDIUM: tools: improve time format error detection - BUG/MEDIUM: H1: When upgrading, make sure we don't free the buffer too early. - BUG/MEDIUM: stream_interface: Make sure we call si_cs_process() if CS_FL_EOI. - MINOR: threads: avoid clearing harmless twice in thread_release() - MEDIUM: threads: add thread_sync_release() to synchronize steps - BUG/MEDIUM: init/threads: prevent initialized threads from starting before others - OPTIM/MINOR: init/threads: only call protocol_enable_all() on first thread - BUG/MINOR: dict: race condition fix when inserting dictionary entries. - MEDIUM: init/threads: don't use spinlocks during the init phase - BUG/MINOR: cache/htx: Fix the counting of data already sent by the cache applet - BUG/MEDIUM: compression/htx: Fix the adding of the last data block - MINOR: flt_trace: Don't scrash the original offset during the random forwarding - MAJOR: htx: Rework how free rooms are tracked in an HTX message - MINOR: htx: Add the function htx_move_blk_before() - Revert "BUG/MEDIUM: H1: When upgrading, make sure we don't free the buffer too early." - BUG/MINOR: http-rules: mention "deny_status" for "deny" in the error message - MINOR: http: turn default error files to HTTP/1.1 - BUG/MEDIUM: h1: Don't try to subscribe if we had a connection error. - BUG/MEDIUM: h1: Don't consider we're connected if the handshake isn't done. - MINOR: contrib/spoa_server: Upgrade SPOP to 2.0 - BUG/MEDIUM: contrib/spoa_server: Set FIN flag on agent frames - MINOR: contrib/spoa_server: Add random IP score - DOC/MINOR: contrib/spoa_server: Fix typo in README 2019/06/07 : 2.0-dev6 - BUG/MEDIUM: connection: fix multiple handshake polling issues - MINOR: connection: also stop receiving after a SOCKS4 response - MINOR: mux-h1: don't try to recv() before the connection is ready - BUG/MEDIUM: mux-h1: only check input data for the current stream, not next one - MEDIUM: mux-h1: don't use CS_FL_REOS anymore - CLEANUP: connection: remove the now unused CS_FL_REOS flag - CONTRIB: debug: add 4 missing connection/conn_stream flags - MEDIUM: stream: make a full process_stream() loop when completing I/O on exit - MINOR: server: increase the default pool-purge-delay to 5 seconds - BUILD: tools: do not use the weak attribute for trace() on obsolete linkers - BUG/MEDIUM: vars: make sure the scope is always valid when accessing vars - BUG/MEDIUM: vars: make the tcp/http unset-var() action support conditions - BUILD: task: fix a build warning when threads are disabled - CLEANUP: peers: Remove tabs characters. - CLEANUP: peers: Replace hard-coded values by macros. - BUG/MINOR: peers: Wrong stick-table update message building. - MINOR: dict: Add dictionary new data structure. - MINOR: peers: Add a LRU cache implementation for dictionaries. - MINOR: stick-table: Add "server_name" new data type. - MINOR: cfgparse: Space allocation for "server_name" stick-table data type. - MINOR: proxy: Add a "server by name" tree to proxy. - MINOR: server: Add a dictionary for server names. - MINOR: stream: Stickiness server lookup by name. - MINOR: peers: Make peers protocol support new "server_name" data type. - MINOR: stick-table: Make the CLI stick-table handler support dictionary entry data type. - REGTEST: Add a basic server by name stickiness reg test. - MINOR: peers: Add dictionary cache information to "show peers" CLI command. - MINOR: peers: Replace hard-coded for peer protocol 64-bits value encoding by macros. - MINOR: peers: Replace hard-coded values for peer protocol messaging by macros. - CLEANUP: ssl: remove unneeded defined(OPENSSL_IS_BORINGSSL) - BUILD: travis-ci improvements - MINOR: SSL: add client/server random sample fetches - BUG/MINOR: channel/htx: Don't alter channel during forward for empty HTX message - BUG/MINOR: contrib/prometheus-exporter: Add HTX data block in one time - BUG/MINOR: mux-h1: errflag must be set on H1S and not H1M during output processing - MEDIUM: mux-h1: refactor output processing - MINOR: mux-h1: Add the flag HAVE_O_CONN on h1s - MINOR: mux-h1: Add h1_eval_htx_hdrs_size() to estimate size of the HTX headers - MINOR: mux-h1: Don't count the EOM in the estimated size of headers - MEDIUM: cache/htx: Always store info about HTX blocks in the cache - MEDIUM: htx: Add the parsing of trailers of chunked messages - MINOR: htx: Don't use end-of-data blocks anymore - BUG/MINOR: mux-h1: Don't send more data than expected - BUG/MINOR: flt_trace/htx: Only apply the random forwarding on the message body. - BUG/MINOR: peers: Wrong "server_name" decoding. - BUG/MEDIUM: servers: Don't attempt to destroy idle connections if disabled. - MEDIUM: checks: Make sure we unsubscribe before calling cs_destroy(). - MEDIUM: connections: Wake the upper layer even if sending/receiving is disabled. - MEDIUM: ssl: Handle subscribe by itself. - MINOR: ssl: Make ssl_sock_handshake() static. - MINOR: connections: Add a new xprt method, remove_xprt. - MINOR: connections: Add a new xprt method, add_xprt(). - MEDIUM: connections: Introduce a handshake pseudo-XPRT. - MEDIUM: connections: Remove CONN_FL_SOCK* - BUG/MEDIUM: ssl: Don't forget to initialize ctx->send_recv and ctx->recv_wait. - BUG/MINOR: peers: Wrong server name parsing. - MINOR: server: really increase the pool-purge-delay default to 5 seconds - BUG/MINOR: stream: don't emit a send-name-header in conn error or disconnect states - MINOR: stream-int: use bit fields to match multiple stream-int states at once - MEDIUM: stream-int: remove dangerous interval checks for stream-int states - MEDIUM: stream-int: introduce a new state SI_ST_RDY - MAJOR: stream-int: switch from SI_ST_CON to SI_ST_RDY on I/O - MEDIUM: stream-int: make idle-conns switch to ST_RDY - MEDIUM: stream: re-arrange the connection setup status reporting - MINOR: stream-int: split si_update() into si_update_rx() and si_update_tx() - MINOR: stream-int: make si_sync_send() from the send code of si_update_both() - MEDIUM: stream: rearrange the events to remove the loop - MEDIUM: stream: only loop on flags relevant to the analysers - MEDIUM: stream: don't abusively loop back on changes on CF_SHUT*_NOW - BUILD: stream-int: avoid a build warning in dev mode in si_state_bit() - BUILD: peers: fix a build warning about an incorrect intiialization - BUG/MINOR: time: make sure only one thread sets global_now at boot - BUG/MEDIUM: tcp: Make sure we keep the polling consistent in tcp_probe_connect. 2019/06/02 : 2.0-dev5 - BUILD: watchdog: use si_value.sival_int, not si_int for the timer's value - BUILD: signals: FreeBSD has SI_LWP instead of SI_TKILL - BUILD: watchdog: condition it to USE_RT - MINOR: raw_sock: report global traffic statistics - MINOR: stats: report the global output bit rate in human readable form - BUG/MINOR: proto-htx: Try to keep connections alive on redirect - BUG/MEDIUM: spoe: Don't use the SPOE applet after releasing it - BUG/MINOR: lua: Set right direction and flags on new HTTP objects - BUG/MINOR: mux-h2: Count EOM in bytes sent when a HEADERS frame is formatted - BUG/MINOR: mux-h1: Report EOI instead EOS on parsing error or H2 upgrade - BUG/MEDIUM: proto-htx: Not forward too much data when 1xx reponses are handled - BUG/MINOR: htx: Remove a forgotten while loop in htx_defrag() - DOC: fix typos - BUG/MINOR: ssl_sock: Fix memory leak when disabling compression - OPTIM: freq-ctr: don't take the date lock for most updates - MEDIUM: mux-h2: avoid doing expensive buffer realigns when not absolutely needed - CLEANUP: debug: remove the TRACE() macro - MINOR: buffer: introduce b_make() to make a buffer from its parameters - MINOR: buffer: add a new buffer ring API to manipulate rings of buffers - MEDIUM: mux-h2: replace all occurrences of mbuf with a buffer ring - MEDIUM: mux-h2: make the conditions to send based on mbuf, not just its tail - MINOR: mux-h2: introduce h2_release_mbuf() to release all buffers in the mbuf ring - MEDIUM: mux-h2: make the send() function iterate over all mux buffers - CLEANUP: mux-h2: consistently use a local variable for the mbuf - MINOR: mux-h2: report the mbuf's head and tail in "show fd" - MAJOR: mux-h2: switch to next mux buffer on buffer full condition. - BUILD: connections: shut up gcc about impossible out-of-bounds warning - BUILD: ssl: fix latest LibreSSL reg-test error - MINOR: cli/activity: remove "fd_del" and "fd_skip" from show activity - MINOR: cli/activity: add 3 general purpose counters in development mode - BUG/MAJOR: lb/threads: make sure the avoided server is not full on second pass - BUG/MEDIUM: queue: fix the tree walk in pendconn_redistribute. - BUG/MEDIUM: threads: fix double-word CAS on non-optimized 32-bit platforms - MEDIUM: config: now alert when two servers have the same name - MINOR: htx: Remove the macro IS_HTX_SMP() and always use IS_HTX_STRM() instead - MINOR: htx: Move the macro IS_HTX_STRM() in proto/stream.h - MINOR: htx: Store the head position instead of the wrap one - MINOR: htx: Store start-line block's position instead of address of its payload - MINOR: htx: Add functions to get the first block of an HTX message - MINOR: mux-h2/htx: Get the start-line from the head when HEADERS frame is built - MINOR: htx: Replace the function http_find_stline() by http_get_stline() - CLEANUP: htx: Remove unused function htx_get_stline() - MINOR: http/htx: Use sl_pos directly to replace the start-line - MEDIUM: http/htx: Perform analysis relatively to the first block - MINOR: channel/htx: Call channel_htx_recv_max() from channel_recv_max() - MINOR: htx: Add function htx_get_max_blksz() - BUG/MINOR: htx: Change htx_xfer_blk() to also count metadata - MEDIUM: mux-h1: Use the count value received from the SI in h1_rcv_buf() - MINOR: mux-h2: Use the count value received from the SI in h2_rcv_buf() - MINOR: stream-int: Don't use the flag CO_RFL_KEEP_RSV anymore in si_cs_recv() - MINOR: connection: Remove the unused flag CO_RFL_KEEP_RSV - MINOR: mux-h2/htx: Support zero-copy when possible in h2_rcv_buf() - MINOR: htx: Add a field to set the memory used by headers in the HTX start-line - MINOR: h2/htx: Set hdrs_bytes on the SL when an HTX message is produced - MINOR: mux-h1: Set hdrs_bytes on the SL when an HTX message is produced - MINOR: htx: Be sure to xfer all headers in one time in htx_xfer_blks() - MEDIUM: htx: 1xx messages are now part of the final reponses - MINOR: channel/htx: Add function to forward headers of an HTX message - MINOR: filters/htx: Use channel_htx_fwd_headers() after headers filtering - MINOR: proto-htx: Use channel_htx_fwd_headers() to forward 1xx responses - MEDIUM: htx: Store the first block position instead of the start-line one - MINOR: stats/htx: don't use the first block position but the head one - MINOR: channel/htx: Add functions to forward a part or all HTX payload - MINOR: proto-htx: Use channel_htx_fwd_all() when unfiltered body are forwarded - MEDIUM: filters/htx: Filter body relatively to the first block - MINOR: htx: Optimize htx_drain() when all data are drained - MINOR: htx: don't rely on htx_find_blk() anymore in the function htx_truncate() - MINOR: htx: remove the unused function htx_find_blk() - MINOR: htx: Remove support of pseudo headers because it is unused - BUG/MEDIUM: http: fix "http-request reject" when not final - MINOR: ssl: Make sure the underlying xprt's init method doesn't fail. - MINOR: ssl: Don't forget to call the close method of the underlying xprt. - MINOR: htx: rename htx_append_blk_value() to htx_add_data_atonce() - MINOR: htx: make htx_add_data() return the transmitted byte count - MEDIUM: htx: make htx_add_data() never defragment the buffer - MINOR: activity: write totals on the "show activity" output - MINOR: activity: report totals and average separately - MEDIUM: poller: separate the wait time from the wake events - MINOR: activity: report the number of failed pool/buffer allocations - MEDIUM: buffers: relax the buffer lock a little bit - MINOR: task: turn the WQ lock to an RW_LOCK - MEDIUM: task: don't grab the WR lock just to check the WQ - BUG/MEDIUM: mux-h1: Don't skip the TCP splicing when there is no more data to read - MEDIUM: sessions: Introduce session flags. - BUG/MEDIUM: h2: Don't forget to set h2s->cs to NULL after having free'd cs. - BUG/MEDIUM: mux-h2: fix the conditions to end the h2_send() loop - BUG/MEDIUM: mux-h2: don't refrain from offering oneself a used buffer - BUG/MEDIUM: connection: Use the session to get the origin address if needed. - MEDIUM: tasks: Get rid of active_tasks_mask. - MEDIUM: connection: Upstream SOCKS4 proxy support - BUILD: contrib/prometheus: fix build breakage caused by move of idle_pct - BUG/MINOR: deinit/threads: make hard-stop-after perform a clean exit 2019/05/22 : 2.0-dev4 - BUILD: enable freebsd builds on cirrus-ci - BUG/MINOR: http_fetch: Rely on the smp direction for "cookie()" and "hdr()" - MEDIUM: Make 'option forceclose' actually warn - MEDIUM: Make 'resolution_pool_size' directive fatal - DOC: management: place "show activity" at the right place - MINOR: cli/activity: show the dumping thread ID starting at 1 - MINOR: task: export global_task_mask - MINOR: cli/debug: add a thread dump function - BUG/MEDIUM: streams: Don't use CF_EOI to decide if the request is complete. - BUG/MEDIUM: streams: Try to L7 retry before aborting the connection. - BUG/MINOR: debug: make ha_task_dump() always check the task before dumping it - BUG/MINOR: debug: make ha_task_dump() actually dump the requested task - MINOR: debug: make ha_thread_dump() and ha_task_dump() take a buffer - BUG/MINOR: debug: don't check the call date on tasklets - MINOR: thread: implement ha_thread_relax() - MINOR: task: put barriers after each write to curr_task - MINOR: task: always reset curr_task when freeing a task or tasklet - MINOR: stream: detach the stream from its own task on stream_free() - MEDIUM: debug/threads: implement an advanced thread dump system - REGTEST: extend the check duration on tls_health_checks and mark it slow - DOC: fix "successful" typo - MINOR: init: setenv HAPROXY_CFGFILES - MINOR: threads/init: synchronize the threads startup - MEDIUM: init/mworker: make the pipe register function a regular initcall - CLEANUP: memory: make the fault injection code use the OTHER_LOCK label - CLEANUP: threads: remove the now unused START_LOCK label - MINOR: init/threads: make the global threads an array of structs - MINOR: threads: add each thread's clockid into the global thread_info - CLEANUP: stream: remove an obsolete debugging test - MINOR: tools: add dump_hex() - MINOR: debug: implement ha_panic() - MINOR: debug/cli: add some debugging commands for developers - MINOR: tools: provide a may_access() function and make dump_hex() use it - MINOR: debug: make ha_panic() report threads starting at 1 - REORG: compat: move some integer limit definitions from standard.h to compat.h - REORG: threads: move the struct thread_info from global.h to hathreads.h - MINOR: compat: make sure to always define clockid_t - MINOR: threads: always place the clockid in the struct thread_info - MINOR: threads: add a thread-local thread_info pointer "ti" - MINOR: time: move the cpu, mono, and idle time to thread_info - MINOR: time: add a function to retrieve another thread's cputime - MINOR: debug: report each thread's cpu usage in "show thread" - BUILD: threads: only assign the clock_id when supported - BUILD: makefile: use USE_OBSOLETE_LINKER for solaris - BUILD: makefile: remove -fomit-frame-pointer optimisation (solaris) - MAJOR: polling: add event ports support (Solaris) - BUG/MEDIUM: streams: Don't switch from SI_ST_CON to SI_ST_DIS on read0. - CLEANUP: time: refine the test on _POSIX_TIMERS - MINOR: compat: define a new empty type empty_t for non-implemented fields - CLEANUP: time: switch clockid_t to empty_t when not available - BUG/MINOR: mworker: Fix memory leak of mworker_proc members - CLEANUP: objtype: make obj_type() and obj_type_name() take consts - MINOR: debug: switch to SIGURG for thread dumps - CLEANUP: threads: really move thread_info to hathreads.c - MINOR: threads: make threads_{harmless|want_rdv}_mask constant 0 without threads - CLEANUP: debug: always report harmless/want_rdv even without threads - MINOR: threads: implement ha_tkill() and ha_tkillall() - CLEANUP: debug: make use of ha_tkill() and remove ifdefs - MINOR: stream: introduce a stream_dump() function and use it in stream_dump_and_crash() - MINOR: debug: dump streams when an applet, iocb or stream is known - MINOR: threads: add a "stuck" flag to the thread_info struct - MINOR: threads: add a timer_t per thread in thread_info - MAJOR: watchdog: implement a thread lockup detection mechanism - MINOR: stream: remove the cpu time detection from process_stream() - MINOR: connection: report the mux names in "haproxy -vv" - CLEANUP: mux-h1: use "H1" and not "h1" as the mux's name - BUG/MEDIUM: WURFL: segfault in wurfl-get() with missing info. - MINOR: WURFL: call header_retireve_callback() in dummy library - MINOR: WURFL: fixed Engine load failed error when wurfl-information-list contains wurfl_root_id - MINOR: WURFL: shows log messages during module initialization - MINOR: WURFL: removes heading wurfl-information-separator from wurfl-get-all() and wurfl-get() results - MINOR: WURFL: wurfl_get() and wurfl_get_all() now return an empty string if device detection fails - MEDIUM: WURFL: HTX awareness. - MINOR: WURFL: module version bump to 2.0 - MINOR: WURFL: do not emit warnings when not configured - CONTRIB: wurfl: address 3 build issues in the wurfl dummy library - BUG/MEDIUM: init/threads: provide per-thread alloc/free function callbacks - BUILD: travis: add sanitizers to travis-ci builds - BUILD: time: remove the test on _POSIX_C_SOURCE - CLEANUP: build: rename some build macros to use the USE_* ones - CLEANUP: raw_sock: remove support for very old linux splice bug workaround - BUG/MEDIUM: dns: make the port numbers unsigned - MEDIUM: config: deprecate the antique req* and rsp* commands 2019/05/15 : 2.0-dev3 - BUG/MINOR: peers: Really close the sessions with no heartbeat. - CLEANUP: peers: remove useless annoying tabulations. - CLEANUP: peers: replace timeout constants by macros. - REGTEST: Enable again reg tests with HEAD HTTP method usage. - DOC: The option httplog is no longer valid in a backend. - DOC: peers: Peers protocol documentation update. - REGTEST: remove unexpected "nbthread" statement from Lua test cases - BUILD: Makefile: remove 11-years old workarounds for deprecated options - BUILD: remove 10-years old error message for obsolete option USE_TCPSPLICE - BUILD: Makefile: remove outdated support for dlmalloc - BUILD: Makefile: consider a variable's origin and not its value for the options list - BUILD: Makefile: also report disabled options in the BUILD_OPTIONS variable - BUILD: Makefile: shorten default settings declaration - BUILD: Makefile: clean up the target declarations - BUILD: report the whole feature set with their status in haproxy -vv - BUILD: pass all "USE_*" variables as -DUSE_* to the compiler - REGTEST: script: make the script use the new features list - REGTEST: script: remove platform-specific assigments of OPTIONS - BUG/MINOR: peers: Missing initializations after peer session shutdown. - BUG/MINOR: contrib/prometheus-exporter: Fix applet accordingly to recent changes - BUILD/MINOR: listener: Silent a few signedness warnings. - BUG/MINOR: mux-h1: Only skip invalid C-L headers on output - BUG/MEDIUM: mworker: don't free the wrong child when not found - BUG/MEDIUM: checks: Don't bother subscribing if we have a connection error. - BUG/MAJOR: checks: segfault during tcpcheck_main - BUILD: makefile: work around an old bug in GNU make-3.80 - BUILD: makefile: work around another bug in make 3.80 - BUILD: http: properly mark some struct as extern - BUILD: chunk: properly declare pool_head_trash as extern - BUILD: cache: avoid a build warning with some compilers/linkers - MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf() - MINOR: tools: add an unsetenv() implementation - BUILD: re-implement an initcall variant without using executable sections - BUILD: use inttypes.h instead of stdint.h - BUILD: connection: fix naming of ip_v field - BUILD: makefile: fix build of IPv6 header on aix51 - BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51 - BUILD: define unsetenv on AIX 5.1 - BUILD: Makefile: disable shared cache on AIX 5.1 - MINOR: ssl: Add aes_gcm_dec converter - REORG: mworker: move serializing functions to mworker.c - REORG: mworker: move signals functions to mworker.c - REORG: mworker: move IPC functions to mworker.c - REORG: mworker: move signal handlers and related functions - REORG: mworker: move mworker_cleanlisteners to mworker.c - MINOR: mworker: calloc mworker_proc structures - MINOR: mworker: don't use children variable anymore - MINOR: cli: export cli_parse_default() definition in cli.h - REORG: mworker/cli: move CLI functions to mworker.c - MEDIUM: mworker-prog: implement program for master-worker - MINOR: mworker/cli: show programs in 'show proc' - BUG/MINOR: cli: correctly handle abns in 'show cli sockets' - MINOR: cli: start addresses by a prefix in 'show cli sockets' - MINOR: cli: export HAPROXY_CLI environment variable - BUG/MINOR: htx: Preserve empty HTX messages with an unprocessed parsing error - BUG/MINOR: proto_htx: Reset to_forward value when a message is set to DONE - REGTEST: http-capture/h00000: Relax a regex matching the log message - REGTEST: http-messaging/h00000: Fix the test when the HTX is enabled - REGTEST: http-rules/h00003: Use a different client for requests expecting a 301 - REGTEST: log/b00000: Be sure the client always hits its timeout - REGTEST: lua/b00003: Relax the regex matching the log message - REGTEST: lua/b00003: Specify the HAProxy pid when the command ss is executed - BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release. - BUG/MEDIUM: h2: Don't attempt to recv from h2_process_demux if we subscribed. - BUG/MEDIUM: htx: fix random premature abort of data transfers - BUG/MEDIUM: streams: Don't remove the SI_FL_ERR flag in si_update_both(). - BUG/MEDIUM: streams: Store prev_state before calling si_update_both(). - BUG/MEDIUM: stream: Don't clear the stream_interface flags in si_update_both. - MINOR: initcall: Don't forget to define the __start/stop_init_##stg symbols. - MINOR: threads: Implement thread_cpus_enabled() for FreeBSD. - BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity - MINOR: skip get_gmtime where tm is unused - MINOR: ssl: Activate aes_gcm_dec converter for BoringSSL - BUG/MEDIUM: streams: Only re-run process_stream if we're in a connected state. - BUG/MEDIUM: stream_interface: Don't bother doing chk_rcv/snd if not connected. - BUG/MEDIUM: task/threads: address a fairness issue between local and global tasks - BUG/MINOR: tasks: make sure the first task to be queued keeps its nice value - BUG/MINOR: listener: renice the accept ring processing task - MINOR: cli/listener: report the number of accepts on "show activity" - MINOR: cli/activity: report the accept queue sizes in "show activity" - BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream - BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages - BUG/MINOR: spoe: Be sure to set tv_request when each message fragment is encoded - BUG/MEDIUM: htx: Defrag if blocks position is changed and the payloads wrap - BUG/MEDIUM: htx: Don't crush blocks payload when append is done on a data block - MEDIUM: htx: Deprecate the option 'http-tunnel' and ignore it in HTX - MINOR: proto_htx: Don't adjust transaction mode anymore in HTX analyzers - BUG/MEDIUM: htx: Fix the process of HTTP CONNECT with h2 connections - MINOR: mux-h1: Simplify handling of 1xx responses - MINOR: stats/htx: Don't add "Connection: close" header anymore in stats responses - MEDIUM: h1: Add an option to sanitize connection headers during parsing - MEDIUM: mux-h1: Simplify the connection mode management by sanitizing headers - MINOR: mux-h1: Don't release the conn_stream anymore when h1s is destroyed - BUG/MINOR: mux-h1: Handle the flag CS_FL_KILL_CONN during a shutdown read/write - MINOR: mux-h2: Add a mux_ops dedicated to the HTX mode - MINOR: muxes: Add a flag to specify a multiplexer uses the HTX - MINOR: stream: Set a flag when the stream uses the HTX - MINOR: http: update the macro IS_HTX_STRM() to check the stream flag SF_HTX - MINOR: http_fetch/htx: Use stream flags instead of px mode in smp_prefetch_htx - MINOR: filters/htx: Use stream flags instead of px mode to instanciate a filter - MINOR: muxes: Rely on conn_is_back() during init to handle front/back conn - MEDIUM: muxes: Add an optional input buffer during mux initialization - MINOR: muxes: Pass the context of the mux to destroy() instead of the connection - MEDIUM: muxes: Be prepared to don't own connection during the release - MEDIUM: connection: Add conn_upgrade_mux_fe() to handle mux upgrades - MEDIUM: htx: Allow the option http-use-htx to be used on TCP proxies too - MAJOR: proxy/htx: Handle mux upgrades from TCP to HTTP in HTX mode - MAJOR: muxes/htx: Handle inplicit upgrades from h1 to h2 - MAJOR: htx: Enable the HTX mode by default for all proxies - REGTEST: Use HTX by default and add '--no-htx' option to disable it - BUG/MEDIUM: muxes: Don't dereference mux context if null in release functions - CLEANUP: task: do not export rq_next anymore - MEDIUM: tasks: improve fairness between the local and global queues - MEDIUM: tasks: only base the nice offset on the run queue depth - MINOR: tasks: restore the lower latency scheduling when niced tasks are present - BUG/MEDIUM: map: Fix memory leak in the map converter - BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation - BUILD: task/thread: fix single-threaded build of task.c - BUILD: cli/threads: fix build in single-threaded mode - BUG/MEDIUM: muxes: Make sure we unsubcribed when destroying mux ctx. - BUG/MEDIUM: h2: Make sure we're not already in the send_list in h2_subscribe(). - BUG/MEDIUM: h2: Revamp the way send subscriptions works. - MINOR: connections: Remove the SUB_CALL_UNSUBSCRIBE flag. - BUG/MEDIUM: Threads: Only use the gcc >= 4.7 builtins when using gcc >= 4.7. - BUILD: address a few cases of "static inline foo()" - BUILD: do not specify "const" on functions returning structs or scalars - BUILD: htx: fix a used uninitialized warning on is_cookie2 - MINOR: peers: Add a new command to the CLI for peers. - DOC: update for "show peers" CLI command. - BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB - MEDIUM: mworker: store the leaving state of a process - MEDIUM: mworker-prog: implements 'option start-on-reload' - CLEANUP: mworker: remove the type field in mworker_proc - MEDIUM: mworker/cli: export the HAPROXY_MASTER_CLI variable - MINOR: cli: don't add a semicolon at the end of HAPROXY_CLI - MINOR: mworker: export HAPROXY_MWORKER=1 when running in mworker mode - MINOR: init: add a "set-dumpable" global directive to enable core dumps - BUG/MINOR: listener/mq: correctly scan all bound threads under low load - BUG/MINOR: mworker: mworker_kill should apply on every children - BUG/MINOR: mworker: don't exit with an ambiguous value - BUG/MINOR: mworker: ensure that we still quits with SIGINT - REGTESTS: exclude tests that require ssl, pcre if no such feature is enabled - BUG/MINOR: mux-h1: Process input even if the input buffer is empty - BUG/MINOR: mux-h1: Don't switch the parser in busy mode if other side has done - BUG/MEDIUM: mux-h1: Notify the stream waiting for TCP splicing if ibuf is empty - BUG/MEDIUM: mux-h1: Enable TCP splicing to exchange data only - MINOR: mux-h1: Handle read0 during TCP splicing - BUG/MEDIUM: htx: Don't return the start-line if the HTX message is empty - BUG/MAJOR: http_fetch: Get the channel depending on the keyword used - BUG/MINOR: http_fetch/htx: Allow permissive sample prefetch for the HTX - BUG/MINOR: http_fetch/htx: Use HTX versions if the proxy enables the HTX mode - BUG/MEDIUM: tasks: Make sure we set TASK_QUEUED before adding a task to the rq. - BUG/MEDIUM: tasks: Make sure we modify global_tasks_mask with the rq_lock. - MINOR: tasks: Don't consider we can wake task with tasklet_wakeup(). - MEDIUM: tasks: No longer use rq.node.leaf_p as a lock. - MINOR: tasks: Don't set the TASK_RUNNING flag when adding in the tasklet list. - BUG/MEDIUM: applets: Don't use task_in_rq(). - BUG/MAJOR: task: make sure never to delete a queued task - MINOR: task/thread: factor out a wake-up condition - CLEANUP: task: remain consistent when using the task's handler - MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy(). - MEDIUM: tasks: Don't account a destroyed task as a runned task. - BUG/MINOR: contrib/prometheus-exporter: Fix a typo in the run-queue metric type - MINOR: contrib/prometheus-exporter: Remove usless rate metrics - MINOR: contrib/prometheus-exporter: Rename some metrics to be more usable - MINOR: contrib/prometheus-exporter: Follow best practices about metrics type - BUG/MINOR: mworker: disable busy polling in the master process - MEDIUM: tasks: Use __ha_barrier_store after modifying global_tasks_mask. - MEDIUM: ssl: Give ssl_sock its own context. - MEDIUM: connections: Move some fields from struct connection to ssl_sock_ctx. - MEDIUM: ssl: provide its own subscribe/unsubscribe function. - MEDIUM: connections: Provide a xprt_ctx for each xprt method. - MEDIUM: ssl: provide our own BIO. - BUILD/medium: ssl: Fix build with OpenSSL < 1.1.0 - MINOR: peers: adds counters on show peers about tasks calls. - MEDIUM: enable travis-ci builds - MINOR: fd: Add a counter of used fds. - MEDIUM: connections: Add a way to control the number of idling connections. - BUG/MEDIUM: maps: only try to parse the default value when it's present - BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR - REGTEST: Missing REQUIRE_VERSION declarations. - MINOR: proto_tcp: tcp-request content: enable set-dst and set-dst-var - BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available - BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules - BUG/MEDIUM: stream: Don't request a server connection if a shutw was scheduled - BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST() - MINOR: gcc: Fix a silly gcc warning in connect_server() - MINOR: ssl/cli: async fd io-handlers printable on show fd - Revert "CLEANUP: wurfl: remove dead, broken and unmaintained code" - BUILD: add USE_WURFL to the list of known build options - MINOR: wurfl: indicate in haproxy -vv the wurfl version in use - BUILD: wurfl: build fix for 1.9/2.0 code base - CLEANUP: wurfl: removed deprecated methods - DOC: wurfl: added point of contact in MAINTAINERS file - MINOR: wurfl: enabled multithreading mode - MINOR: contrib: dummy wurfl library - MINOR: dns: dns_requester structures are now in a memory pool - MINOR: dns: move callback affection in dns_link_resolution() - MINOR: obj_type: new object type for struct stream - MINOR: action: new '(http-request|tcp-request content) do-resolve' action - MINOR: log: Extract some code to send syslog messages. - REGTEST: replace LEVEL option by a more human readable one. - REGTEST: rename the reg test files. - REGTEST: adapt some reg tests after renaming. - REGTEST: make the "run-regtests" script search for tests in reg-tests by default - BUG/MAJOR: stream: Missing DNS context initializations. - BUG/MEDIUM: stream: Fix the way early aborts on the client side are handled - BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler - BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN. - BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB - BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP proxies only - BUG/MINOR: htx: Exclude TCP proxies when the HTX mode is handled during startup - CLEANUP: task: report calls as unsigned in show sess - MINOR: tasks/activity: report the context switch and task wakeup rates - MINOR: stream: measure and report a stream's call rate in "show sess" - MINOR: applet: measure and report an appctx's call rate in "show sess" - BUILD: extend Travis CI config to support more platforms - REGTEST: exclude osx and generic targets for 40be_2srv_odd_health_checks - REGTEST: relax the IPv6 address format checks in converters_ipmask_concat_strcmp_field_word - REGTEST: exclude OSX and generic targets from abns_socket.vtc - BUILD: travis: remove the "allow_failures" entry - BUG/MINOR: activity: always initialize the profiling variable - MINOR: activity: make the profiling status per thread and not global - MINOR: activity: enable automatic profiling turn on/off - CLEANUP: standard: use proper const to addr_to_str() and port_to_str() - BUG/MINOR: proto_http: properly reset the stream's call rate on keep-alive - MINOR: connection: make the debugging helper functions safer - MINOR: stream/debug: make a stream dump and crash function - MEDIUM: appctx/debug: force a crash if an appctx spins over itself forever - MEDIUM: stream/debug: force a crash if a stream spins over itself forever - MEDIUM: streams: measure processing time and abort when detecting bugs - BUILD/MEDIUM: contrib: Dummy DeviceAtlas API. - MEDIUM: da: HTX mode support. - BUG/MEDIUM: mux-h2: properly deal with too large headers frames - BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per request - BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed - MINOR: spoe: Use the sample context to pass frag_ctx info during encoding - DOC: contrib/modsecurity: Typos and fix the reject example - BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it - MINOR: log: Add "sample" new keyword to "log" lines. - MINOR: log: Enable the log sampling and load-balancing feature. - DOC: log: Document the sampling and load-balancing logging feature. - REGTEST: Add a new reg test for log load-balancing feature. - BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI - REGTEST: Make this reg test be Linux specific. - CLEANUP: task: move the task_per_thread definition to task.h - MINOR: activity: report context switch counts instead of rates - MINOR: threads: Implement HA_ATOMIC_LOAD(). - BUG/MEDIUM: port_range: Make the ring buffer lock-free. - BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is handled - MINOR: config: Test validity of tune.maxaccept during the config parsing - CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1 - BUG/MEDIUM: servers: fix typo "src" instead of "srv" - BUG/MEDIUM: ssl: Don't pretend we can retry a recv/send if we got a shutr/w. - BUG/MINOR: haproxy: fix rule->file memory leak - BUG/MINOR: log: properly free memory on logformat parse error and deinit() - BUG/MINOR: checks: free memory allocated for tasklets - BUG/MEDIUM: pattern: fix memory leak in regex pattern functions - BUG/MEDIUM: channels: Don't forget to reset output in channel_erase(). - BUG/MEDIUM: connections: Make sure we remove CO_FL_SESS_IDLE on disown. - MINOR: threads: flatten the per-thread cpu-map - MINOR: init/threads: remove the useless tids[] array - MINOR: init/threads: make the threads array global - BUG/MEDIUM: ssl: Use the early_data API the right way. - BUG/MEDIUM: streams: Don't add CF_WRITE_ERROR if early data were rejected. - MEDIUM: streams: Add the ability to retry a request on L7 failure. - MEDIUM: streams: Add a way to replay failed 0rtt requests. - MEDIUM: streams: Add a new keyword for retry-on, "junk-response" - BUG/MINOR: stream: also increment the retry stats counter on L7 retries - BUG/MEDIUM: checks: make sure the warmup task takes the server lock - BUG/MINOR: logs/threads: properly split the log area upon startup - BUILD: extend travis-ci matrix - CLEANUP: Remove appsession documentation - DOC: Fix typo in keyword matrix - BUILD: remove "build_libressl" duplicate declaration - BUILD: travis-ci: get back to osx without openssl support - BUILD: enable several LibreSSL hacks, including - BUILD: temporarily mark LibreSSL builds as allowed to fail - BUILD: travis: TMPDIR replacement. - BUG/MEDIUM: ssl: Don't attempt to use early data with libressl. - MINOR: doc: Document allow-0rtt on the server line. - MINOR: doc: Document the interaction of allow-0rtt and retry-on 0rtt-rejected. - MEDIUM: proto: Change the prototype of the connect() method. - MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server - MINOR: config: Extract the code of "stick-table" line parsing. - BUILD/MINOR: stick-table: Compilation fix. - MEDIUM: stick-table: Stop handling stick-tables as proxies. - MINOR: stick-tables: Add peers process binding computing. - MINOR: stick-table: Add prefixes to stick-table names. - MINOR: peers: Do not emit global stick-table names. - DOC: Update for "table" lines in "peers" section. - REGTEST: Add reg tests for "table" lines in "peers" sections. - MEDIUM: regex: modify regex_comp() to atomically allocate/free the my_regex struct - REGTEST: make the tls_health_checks test much faster - REGTEST: make the "table in peers" test require v2.0 - BUG/MINOR: mux-h2: rely on trailers output not input to turn them to empty data - BUG/MEDIUM: h2/htx: always fail on too large trailers - MEDIUM: mux-h2: discard contents that are to be sent after a shutdown - BUG/MEDIUM: mux-h2/htx: never wait for EOM when processing trailers - BUG/MEDIUM: h2/htx: never leave a trailers block alone with no EOM block - REGTEST: Flag some slow reg tests. - REGTEST: Reg tests file renaming. - REGTEST: Wrong renaming for one reg test. - REGTEST: Wrong assumption in IP:port logging test. - BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload - MINOR: systemd: Use the variables from /etc/default/haproxy - MINOR: systemd: Make use of master socket in systemd unit - MINOR: systemd: support /etc/sysconfig/ for redhat based distrib - BUG/MEDIUM: stick-table: fix regression caused by a change in proxy struct - BUG/MEDIUM: tasks: fix possible segfault on task_destroy() - CLEANUP: task: remove unneeded tests before task_destroy() - MINOR: mworker: support a configurable maximum number of reloads - BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend - BUG/MEDIUM: spoe: Be sure the sample is found before setting its context - BUG/MINOR: mux-h1: Fix the parsing of trailers - BUG/MINOR: htx: Never transfer more than expected in htx_xfer_blks() - MINOR: htx: Split on DATA blocks only when blocks are moved to an HTX message - MINOR: htx: Don't try to append a trailer block with the previous one - MINOR: htx: Remove support for unused OOB HTX blocks - BUILD: travis-ci bugfixes and improvements - BUG/MEDIUM: servers: Don't use the same srv flag for cookie-set and TFO. - BUG/MEDIUM: h2: Make sure we set send_list to NULL in h2_detach(). - BUILD: ssl: fix again a libressl build failure after the openssl FD leak fix - CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead of OPENSSL_VERSION_NUMBER - BUILD: ssl: make libressl use its own version numbers - CLEANUP: ssl: remove 57 occurrences of useless tests on LIBRESSL_VERSION_NUMBER - MINOR: ssl: enable aes_gcm_dec on LibreSSL - BUILD: ssl: fix libressl build again after aes-gcm-enc - REORG: ssl: move openssl-compat from proto to common - REORG: ssl: move some OpenSSL defines from ssl_sock to openssl-compat - CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h anymore - CLEANUP: ssl: make inclusion of openssl headers safe - BUILD: add BoringSSL to travis-ci build matrix - BUILD: threads: Add __ha_cas_dw fallback for single threaded builds - BUG/MINOR: stream: Attach the read side on the response as soon as possible - BUG/MEDIUM: http: Use pointer to the begining of input to parse message headers - BUG/MEDIUM: h2: Don't check send_wait to know if we're in the send_list. - BUG/MEDIUM: streams: Make sur SI_FL_L7_RETRY is set before attempting a retry. - MEDIUM: streams: Add a new http action, disable-l7-retry. - MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors. - BUG/MINOR: vars: Fix memory leak in vars_check_arg - BUILD: travis-ci: make TMPDIR global variable in travis-ci - CLEANUP: ssl: move the SSL_OP_* and SSL_MODE_* definitions to openssl-compat - CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs() - CLEANUP: ssl: move all BIO_* definitions to openssl-compat - BUILD: threads: fix again the __ha_cas_dw() definition - BUG/MAJOR: mux-h2: do not add a stream twice to the send list - Revert "BUG/MINOR: vars: Fix memory leak in vars_check_arg" - BUG/MINOR: peers: Fix memory leak in cfg_parse_peers - BUG/MINOR: htx: make sure to always initialize the HTTP method when parsing a buffer - REGTEST: fix tls_health_checks random failures on MacOS in Travis-CI - MINOR: spoe: Set the argument chunk size to 0 when SPOE variables are checked - BUG/MINOR: vars: Fix memory leak in vars_check_arg - BUG/MAJOR: ssl: segfault upon an heartbeat request - MINOR: spoa-server: Clone the v1.7 spoa-example project - MINOR: spoa-server: move some definition from spoa_server.c to spoa_server.h - MINOR: spoa-server: Externalise debug functions - MINOR: spoe-server: rename "worker" functions - MINOR: spoa-server: Replace the thread init system by processes - MINOR: spoa-server: With debug mode, start only one process - MINOR: spoa-server: Allow registering external processes - MINOR: spoa-server: Allow registering message processors - MINOR: spoa-server: Load files - MINOR: spoa-server: Prepare responses - MINOR: spoa-server: Execute registered callbacks - MINOR: spoa-server: Add Lua processing - MINOR: spoa-server: Add python - MINOR/DOC: spoe-server: Add documentation - BUG/MEDIUM: connections: Don't forget to set xprt_ctx to NULL on close. - MINOR: lists: add LIST_ADDED() to check if an element belongs to a list - CLEANUP: mux-h2: use LIST_ADDED() instead of LIST_ISEMPTY() where relevant - MINOR: mux-h2: add two H2S flags to report the need for shutr/shutw - CLEANUP: mux-h2: simply use h2s->flags instead of ret in h2_deferred_shut() - CLEANUP: connection: remove the handle field from the wait_event struct - BUG/MINOR: log: Wrong log format initialization. - BUG/MINOR: mux-h2: make the do_shut{r,w} functions more robust against retries - BUG/MINOR: mworker: use after free when the PID not assigned - MINOR: mux-h2: remove useless test on stream ID vs last in wake function - MINOR: mux-h2: make h2_wake_some_streams() not depend on the CS flags - MINOR: mux-h2: make h2s_wake_one_stream() the only function to deal with CS - MINOR: mux-h2: make h2s_wake_one_stream() not depend on temporary CS flags - BUG/MINOR: mux-h2: make sure to honor KILL_CONN in do_shut{r,w} - CLEANUP: mux-h2: don't test for impossible CS_FL_REOS conditions - MINOR: mux-h2: add macros to check multiple stream states at once - MINOR: mux-h2: stop relying on CS_FL_REOS - BUG/MEDIUM: mux-h2: Set EOI on the conn_stream during h2_rcv_buf() - BUILD: debug: make gcc not complain on the ABORT_NOW() macro - MINOR: debug: add a new BUG_ON macro - MINOR: h2: Use BUG_ON() to enforce rules in subscribe/unsubscribe. - MINOR: h1: Use BUG_ON() to enforce rules in subscribe/unsubscribe. - MINOR: connections: Use BUG_ON() to enforce rules in subscribe/unsubscribe. - BUILD: ist: turn the lower/upper case tables to literal on obsolete linkers 2019/03/26 : 2.0-dev2 - CLEANUP: http: Remove unreachable code in parse_http_req_capture - CLEANUP: stream: Remove bogus loop in conn_si_send_proxy - MINOR: lists: Implement locked variations. - MEDIUM: servers: Used a locked list for idle_orphan_conns. - MEDIUM: servers: Reorganize the way idle connections are cleaned. - BUG/MEDIUM: lists: Properly handle the case we're removing the first elt. - MINOR: cfgparse: Add a cast to make gcc happier. - BUG/MEDIUM: standard: Wrong reallocation size. - BUG/MINOR: listener: keep accept rate counters accurate under saturation - DOC: fix alphabetic ordering for "tune.fail-alloc" setting - MAJOR: config: disable support for nbproc and nbthread in parallel - MEDIUM: listener: keep a single thread-mask and warn on "process" misuse - MAJOR: listener: do not hold the listener lock in listener_accept() - MINOR: listener: maintain a per-thread count of the number of connections on a listener - MINOR: tools: implement functions to look up the nth bit set in a mask - MINOR: listener: pre-compute some thread counts per bind_conf - MINOR: listener: implement multi-queue accept for threads - MAJOR: listener: use the multi-queue for multi-thread listeners - MINOR: activity: add accept queue counters for pushed and overflows - MINOR: config: add global tune.listener.multi-queue setting - MAJOR: threads: enable one thread per CPU by default - DOC: update management.txt to reflect that threads are used by default - BUG/MINOR: config: don't over-count the global maxsock value - BUG/MEDIUM: list: fix the rollback on addq in the locked liss - BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer - BUG/MEDIUM: list: add missing store barriers when updating elements and head - MINOR: list: make the delete and pop operations idempotent - MINOR: server: remove a few unneeded LIST_INIT calls after LIST_DEL_LOCKED - BUG/MEDIUM: listener: use a self-locked list for the dequeue lists - BUG/MEDIUM: listener: make sure the listener never accepts too many conns - BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element - MINOR: listener: introduce listener_backlog() to report the backlog value - MINOR: listener: do not needlessly set l->maxconn - MINOR: proxy: do not change the listeners' maxconn when updating the frontend's - MEDIUM: config: don't enforce a low frontend maxconn value anymore - MINOR: peers: Add a message for heartbeat. - MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max values - BUG/MINOR: init: never lower rlim_fd_max - BUG/MINOR: checks: make external-checks restore the original rlim_fd_cur/max - BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on reload - MINOR: init: make the maxpipe computation more accurate - MINOR: init: move some maxsock updates earlier - MEDIUM: init: make the global maxconn default to what rlim_fd_cur permits - REGTEST: fix a spurious "nbthread 4" in the connection test - DOC: update the text related to the global maxconn value - BUG/MAJOR: mux-h2: fix race condition between close on both ends - MINOR: sample: Replace "req.ungrpc" smp fetch by a "ungrpc" converter. - BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED - MINOR: htx: unconditionally handle parsing errors in requests or responses - MINOR: mux-h2: always pass HTX_FL_PARSING_ERROR between h2s and buf on RX - BUG/MEDIUM: h2/htx: verify that :path doesn't contain invalid chars - MINOR: sample: Code factorization "ungrpc" converter. - MINOR: sample: Rework gRPC converter code. - CLEANUP: wurfl: remove dead, broken and unmaintained code - MINOR: config: relax the range checks on cpu-map - BUG/MINOR: ssl: fix warning about ssl-min/max-ver support - MINOR: sample: Extract some protocol buffers specific code. - DOC: Remove tabs and fixed punctuation. - MINOR: sample: Add a protocol buffers specific converter. - REGTEST: Peers reg tests. - REGTEST: Enable reg tests with HEAD HTTP method usage. - MINOR: lists: add a LIST_DEL_INIT() macro - MINOR: task: use LIST_DEL_INIT() to remove a task from the queue - MINOR: listener: improve incoming traffic distribution - MINOR: tools: implement my_flsl() - MEDIUM: listener: change the LB algorithm again to use two round robins instead - CLEANUP: listener: remove old thread bit mapping - MINOR: listener: move thr_idx from the bind_conf to the listener - BUG/MEDIUM: logs: Only attempt to free startup_logs once. - BUG/MAJOR: config: Wrong maxconn adjustment. - BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees() - OPTIM: task: limit the impact of memory barriers in taks_remove_from_task_list() - MINOR: fd: Remove debugging code. - BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL. - MINOR: threads: Implement __ha_barrier_atomic*. - MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API. - MINOR: threads: Add macros to do atomic operation with no memory barrier. - MEDIUM: various: Use __ha_barrier_atomic* when relevant. - MEDIUM: applets: Use the new _HA_ATOMIC_* macros. - MEDIUM: xref: Use the new _HA_ATOMIC_* macros. - MEDIUM: fd: Use the new _HA_ATOMIC_* macros. - MEDIUM: freq_ctr: Use the new _HA_ATOMIC_* macros. - MEDIUM: proxy: Use the new _HA_ATOMIC_* macros. - MEDIUM: server: Use the new _HA_ATOMIC_* macros. - MEDIUM: task: Use the new _HA_ATOMIC_* macros. - MEDIUM: activity: Use the new _HA_ATOMIC_* macros. - MEDIUM: backend: Use the new _HA_ATOMIC_* macros. - MEDIUM: cache: Use the new _HA_ATOMIC_* macros. - MEDIUM: checks: Use the new _HA_ATOMIC_* macros. - MEDIUM: pollers: Use the new _HA_ATOMIC_* macros. - MEDIUM: compression: Use the new _HA_ATOMIC_* macros. - MEDIUM: spoe: Use the new _HA_ATOMIC_* macros. - MEDIUM: threads: Use the new _HA_ATOMIC_* macros. - MEDIUM: http: Use the new _HA_ATOMIC_* macros. - MEDIUM: lb/threads: Use the new _HA_ATOMIC_* macros. - MEDIUM: listeners: Use the new _HA_ATOMIC_* macros. - MEDIUM: logs: Use the new _HA_ATOMIC_* macros. - MEDIUM: memory: Use the new _HA_ATOMIC_* macros. - MEDIUM: peers: Use the new _HA_ATOMIC_* macros. - MEDIUM: proto_tcp: Use the new _HA_ATOMIC_* macros. - MEDIUM: queues: Use the new _HA_ATOMIC_* macros. - MEDIUM: sessions: Use the new _HA_ATOMIC_* macros. - MEDIUM: ssl: Use the new _HA_ATOMIC_* macros. - MEDIUM: stream: Use the new _HA_ATOMIC_* macros. - MEDIUM: tcp_rules: Use the new _HA_ATOMIC_* macros. - MEDIUM: time: Use the new _HA_ATOMIC_* macros. - MEDIUM: vars: Use the new _HA_ATOMIC_* macros. - MINOR: config: remove obsolete use of DEFAULT_MAXCONN at various places - MINOR: config: continue to rely on DEFAULT_MAXCONN to set the minimum maxconn - BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED() - BUG/MEDIUM: listener: make sure we don't pick stopped threads - MEDIUM: list: Remove useless barriers. - MEDIUM: list: Use _HA_ATOMIC_* - MEDIUM: connections: Use _HA_ATOMIC_* - BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the global rq. - BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes - BUG/MEDIUM: init/threads: consider epoll_fd/pipes for automatic maxconn calculation - BUG/MEDIUM: tasks: Make sure we wake sleeping threads if needed. - BUG/MINOR: mux-h1: Don't report an error on EOS if no message was received - BUG/MINOR: stats/htx: Call channel_add_input() when response headers are sent - BUG/MINOR: lua/htx: Use channel_add_input() when response data are added - BUG/MINOR: lua/htx: Don't forget to call htx_to_buf() when appropriate - MINOR: stats: Add the status code STAT_STATUS_IVAL to handle invalid requests - MINOR: stats: Move stuff about the stats status codes in stats files - BUG/MINOR: stats: Be more strict on what is a valid request to the stats applet - Revert "REGTEST: Enable reg tests with HEAD HTTP method usage." - BUILD: listener: shut up a build warning when threads are disabled - BUILD: Makefile: allow the reg-tests target to be verbose - BUILD: Makefile: resolve LEVEL before calling run-regtests - BUG/MAJOR: spoe: Fix initialization of thread-dependent fields - BUG/MAJOR: stats: Fix how huge POST data are read from the channel - BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts - BUG/MEDIUM: mux-h2: Always wakeup streams with no id to avoid frozen streams - MINOR: mux-h2: Set REFUSED_STREAM error to reset a stream if no data was never sent - MINOR: muxes: Report the Last read with a dedicated flag - MINOR: proto-http/proto-htx: Make error handling clearer during data forwarding - BUILD: tools: fix a build warning on some 32-bit archs - MINOR: init: report the list of optionally available services - MEDIUM: proto_htx: Switch to infinite forwarding if there is no data filter - BUG/MINOR: cache: Fully consume large requests in the cache applet - BUG/MINOR: stats: Fully consume large requests in the stats applet - BUG/MEDIUM: lua: Fully consume large requests when an HTTP applet ends - MINOR: proto_http: Add function to handle the header "Expect: 100-continue" - MINOR: proto_htx: Add function to handle the header "Expect: 100-continue" - MINOR: stats/cache: Handle the header Expect when applets are registered - MINOR: http/applets: Handle all applets intercepting HTTP requests the same way - CLEANUP: cache: don't export http_cache_applet anymore - MINOR: lua: Don't handle the header Expect in lua HTTP applets anymore - BUG/MINOR: doc: Be accurate on the behavior on pool-purge-delay. - Revert "MEDIUM: proto_htx: Switch to infinite forwarding if there is no data filter" - BUG/MEDIUM: mux-h2: Make sure we destroyed the h2s once shutr/shutw is done. - BUG/MEDIUM: mux-h2: Don't bother keeping the h2s if detaching and nothing to send. - BUG/MEDIUM: mux-h2: Use the right list in h2_stop_senders(). - MINOR: mux-h2: copy small data blocks more often and reduce the number of pauses - CLEANUP: mux-h2: add some comments to help understand the code - BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites - BUG/MINOR: log: properly format IPv6 address when LOG_OPT_HEXA modifier is used. - BUG/MEDIUM: h2: Try to be fair when sending data. - BUG/MINOR: proto-http: Don't forward request body anymore on error - MINOR: mux-h2: Remove useless test on ES flag in h2_frt_transfer_data() - MINOR: connection: and new flag to mark end of input (EOI) - MINOR: channel: Report EOI on the input channel if it was reached in the mux - MEDIUM: mux-h2: Don't mix the end of the message with the end of stream - MINOR: mux-h1: Set CS_FL_EOI the end of the message is reached - BUG/MEDIUM: http/htx: Fix handling of the option abortonclose - CLEANUP: muxes/stream-int: Remove flags CS_FL_READ_NULL and SI_FL_READ_NULL - MEDIUM: proto_htx: Reintroduce the infinite forwarding on data - BUG/MEDIUM: h2: only destroy the h2s if h2s->cs is NULL. - BUG/MEDIUM: h2: Use the new sending_list in h2s_notify_send(). - BUG/MEDIUM: h2: Follow the same logic in h2_deferred_shut than in h2_snd_buf. - BUG/MEDIUM: h2: Remove the tasklet from the task list if unsubscribing. - BUG/MEDIUM: task/h2: add an idempotent task removal fucntion - CLEANUP: task: only perform a LIST_DEL() when the list is not empty - BUG/MEDIUM: mux-h2: make sure to always notify streams of EOS condition - CONTRIB: debug: report the CS and CF's EOI flags - MINOR: channel: don't unset CF_SHUTR_NOW after shutting down. 2019/02/26 : 2.0-dev1 - MINOR: mux-h2: only increase the connection window with the first update - REGTESTS: remove the expected window updates from H2 handshakes - BUG/MINOR: mux-h2: make empty HEADERS frame return a connection error - BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max - MEDIUM: mux-h2: remove padlen during headers phase - MINOR: h2: add a bit-based frame type representation - MINOR: mux-h2: remove useless check for empty frame length in h2s_decode_headers() - MEDIUM: mux-h2: decode HEADERS frames before allocating the stream - MINOR: mux-h2: make h2c_send_rst_stream() use the dummy stream's error code - MINOR: mux-h2: add a new dummy stream for the REFUSED_STREAM error code - MINOR: mux-h2: fail stream creation more cleanly using RST_STREAM - MINOR: buffers: add a new b_move() function - MINOR: mux-h2: make h2_peek_frame_hdr() support an offset - MEDIUM: mux-h2: handle decoding of CONTINUATION frames - CLEANUP: mux-h2: remove misleading comments about CONTINUATION - BUG/MEDIUM: servers: Don't try to reuse connection if we switched server. - BUG/MEDIUM: tasks: Decrement tasks_run_queue in tasklet_free(). - BUG/MINOR: htx: send the proper authenticate header when using http-request auth - BUG/MEDIUM: mux_h2: Don't add to the idle list if we're full. - BUG/MEDIUM: servers: Fail if we fail to allocate a conn_stream. - BUG/MAJOR: servers: Use the list api correctly to avoid crashes. - BUG/MAJOR: servers: Correctly use LIST_ELEM(). - BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list. - BUG/MEDIUM: servers: Flag the stream_interface on handshake error. - MEDIUM: servers: Be smarter when switching connections. - MEDIUM: sessions: Keep track of which connections are idle. - MINOR: payload: add sample fetch for TLS ALPN - BUG/MEDIUM: log: don't mark log FDs as non-blocking on terminals - MINOR: channel: Add the function channel_add_input - MINOR: stats/htx: Call channel_add_input instead of updating channel state by hand - BUG/MEDIUM: cache: Be sure to end the forwarding when XFER length is unknown - BUG/MAJOR: htx: Return the good block address after a defrag - MINOR: lb: allow redispatch when using consistent hash - CLEANUP: mux-h2: fix end-of-stream flag name when processing headers - BUG/MEDIUM: mux-h2: always restart reading if data are available - BUG/MINOR: mux-h2: set the stream-full flag when leaving h2c_decode_headers() - BUG/MINOR: mux-h2: don't check the CS count in h2c_bck_handle_headers() - BUG/MINOR: mux-h2: mark end-of-stream after processing response HEADERS, not before - BUG/MINOR: mux-h2: only update rxbuf's length for H1 headers - BUG/MEDIUM: mux-h1: use per-direction flags to indicate transitions - BUG/MEDIUM: mux-h1: make HTX chunking consistent with H2 - BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify() - BUG/MEDIUM: proto-htx: Set SI_FL_NOHALF on server side when request is done - BUG/MEDIUM: mux-h1: Add a task to handle connection timeouts - MINOR: mux-h2: make h2c_decode_headers() return a status, not a count - MINOR: mux-h2: add a new dummy stream : h2_error_stream - MEDIUM: mux-h2: make h2c_decode_headers() support recoverable errors - BUG/MINOR: mux-h2: detect when the HTX EOM block cannot be added after headers - MINOR: mux-h2: remove a misleading and impossible test - CLEANUP: mux-h2: clean the stream error path on HEADERS frame processing - MINOR: mux-h2: check for too many streams only for idle streams - MINOR: mux-h2: set H2_SF_HEADERS_RCVD when a HEADERS frame was decoded - BUG/MEDIUM: mux-h2: decode trailers in HEADERS frames - MINOR: h2: add h2_make_h1_trailers to turn H2 headers to H1 trailers - MEDIUM: mux-h2: pass trailers to H1 (legacy mode) - MINOR: htx: add a new function to add a block without filling it - MINOR: h2: add h2_make_htx_trailers to turn H2 headers to HTX trailers - MEDIUM: mux-h2: pass trailers to HTX - MINOR: mux-h1: parse the content-length header on output and set H1_MF_CLEN - BUG/MEDIUM: mux-h1: don't enforce chunked encoding on requests - MINOR: mux-h2: make HTX_BLK_EOM processing idempotent - MINOR: h1: make the H1 headers block parser able to parse headers only - MEDIUM: mux-h2: emit HEADERS frames when facing HTX trailers blocks - MINOR: stream/htx: Add info about the HTX structs in "show sess all" command - MINOR: stream: Add the subscription events of SIs in "show sess all" command - MINOR: mux-h1: Add the subscription events in "show fd" command - BUG/MEDIUM: h1: Get the h1m state when restarting the headers parsing - BUG/MINOR: cache/htx: Be sure to count partial trailers - BUG/MEDIUM: h1: In h1_init(), wake the tasklet instead of calling h1_recv(). - BUG/MEDIUM: server: Defer the mux init until after xprt has been initialized. - MINOR: connections: Remove a stall comment. - BUG/MEDIUM: cli: make "show sess" really thread-safe - BUILD: add a new file "version.c" to carry version updates - MINOR: stream/htx: add the HTX flags output in "show sess all" - MINOR: stream/cli: fix the location of the waiting flag in "show sess all" - MINOR: stream/cli: report more info about the HTTP messages on "show sess all" - BUG/MINOR: lua: bad args are returned for Lua actions - BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred - MINOR: htx: Add an helper function to get the max space usable for a block - MINOR: channel/htx: Add HTX version for some helper functions - BUG/MEDIUM: cache/htx: Respect the reserve when cached objects are served - BUG/MINOR: stats/htx: Respect the reserve when the stats page is dumped - DOC: regtest: make it clearer what the purpose of the "broken" series is - REGTEST: mailers: add new test for 'mailers' section - REGTEST: Add a reg test for health-checks over SSL/TLS. - BUG/MINOR: mux-h1: Close connection on shutr only when shutw was really done - MEDIUM: mux-h1: Clarify how shutr/shutw are handled - BUG/MINOR: compression: Disable it if another one is already in progress - BUG/MINOR: filters: Detect cache+compression config on legacy HTTP streams - BUG/MINOR: cache: Disable the cache if any compression filter precedes it - REGTEST: Add some informatoin to test results. - MINOR: htx: Add a function to truncate all blocks after a specific offset - MINOR: channel/htx: Add the HTX version of channel_truncate/erase - BUG/MINOR: proto_htx: Use HTX versions to truncate or erase a buffer - BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used - DOC: Fix typo in req.ssl_alpn example (commit 4afdd138424ab...) - DOC: http-request cache-use / http-response cache-store expects cache name - REGTEST: "capture (request|response)" regtest. - BUG/MINOR: lua/htx: Respect the reserve when data are send from an HTX applet - REGTEST: filters: add compression test - BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in server-template - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT. - DOC: Be a bit more explicit about allow-0rtt security implications. - MINOR: mux-h1: make the mux_h1_ops struct static - BUILD: makefile: add an EXTRA_OBJS variable to help build optional code - BUG/MEDIUM: connection: properly unregister the mux on failed initialization - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key - REGTESTS: test case for map_regm commit 271022150d - REGTESTS: Basic tests for concat,strcmp,word,field,ipmask converters - REGTESTS: Basic tests for using maps to redirect requests / select backend - DOC: REGTESTS README varnishtest -Dno-htx= define. - MINOR: spoe: Make the SPOE filter compatible with HTX proxies - MINOR: checks: Store the proxy in checks. - BUG/MEDIUM: checks: Avoid having an associated server for email checks. - REGTEST: Switch to vtest. - REGTEST: Adapt reg test doc files to vtest. - BUG/MEDIUM: h1: Make sure we destroy an inactive connectin that did shutw. - BUG/MINOR: base64: dec func ignores padding for output size checking - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file - MINOR: ssl: add support of aes256 bits ticket keys on file and cli. - BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH - BUG/MINOR: backend: balance uri specific options were lost across defaults - BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit - MINOR: backend: move url_param_name/len to lbprm.arg_str/len - MINOR: backend: make headers and RDP cookie also use arg_str/len - MINOR: backend: add new fields in lbprm to store more LB options - MINOR: backend: make the header hash use arg_opt1 for use_domain_only - MINOR: backend: remap the balance uri settings to lbprm.arg_opt{1,2,3} - MINOR: backend: move hash_balance_factor out of chash - MEDIUM: backend: move all LB algo parameters into an union - MINOR: backend: make the random algorithm support a number of draws - BUILD/MEDIUM: da: Necessary code changes for new buffer API. - BUG/MINOR: stick_table: Prevent conn_cur from underflowing - BUG: 51d: Changes to the buffer API in 1.9 were not applied to the 51Degrees code. - BUG/MEDIUM: stats: Get the right scope pointer depending on HTX is used or not - DOC: add a missing space in the documentation for bc_http_major - REGTEST: checks basic stats webpage functionality - BUG/MEDIUM: servers: Make assign_tproxy_address work when ALPN is set. - BUG/MEDIUM: connections: Add the CO_FL_CONNECTED flag if a send succeeded. - DOC: add github issue templates - MINOR: cfgparse: Extract some code to be re-used. - CLEANUP: cfgparse: Return asap from cfg_parse_peers(). - CLEANUP: cfgparse: Code reindentation. - MINOR: cfgparse: Useless frontend initialization in "peers" sections. - MINOR: cfgparse: Rework peers frontend init. - MINOR: cfgparse: Simplication. - MINOR: cfgparse: Make "peer" lines be parsed as "server" lines. - MINOR: peers: Make outgoing connection to SSL/TLS peers work. - MINOR: cfgparse: SSL/TLS binding in "peers" sections. - DOC: peers: SSL/TLS documentation for "peers" - BUG/MINOR: startup: certain goto paths in init_pollers fail to free - BUG/MEDIUM: checks: fix recent regression on agent-check making it crash - BUG/MINOR: server: don't always trust srv_check_health when loading a server state - BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk() - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages - DOC: mention the effect of nf_conntrack_tcp_loose on src/dst - BUG/MINOR: proto-htx: Return an error if all headers cannot be received at once - BUG/MEDIUM: mux-h2/htx: Respect the channel's reserve - BUG/MINOR: mux-h1: Apply the reserve on the channel's buffer only - BUG/MINOR: mux-h1: avoid copying output over itself in zero-copy - BUG/MAJOR: mux-h2: don't destroy the stream on failed allocation in h2_snd_buf() - BUG/MEDIUM: backend: also remove from idle list muxes that have no more room - BUG/MEDIUM: mux-h2: properly abort on trailers decoding errors - MINOR: h2: declare new sets of frame types - BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY - BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error - BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream - BUG/MINOR: hpack: return a compression error on invalid table size updates - MINOR: server: make sure pool-max-conn is >= -1 - BUG/MINOR: stream: take care of synchronous errors when trying to send - CLEANUP: server: fix indentation mess on idle connections - BUG/MINOR: mux-h2: always check the stream ID limit in h2_avail_streams() - BUG/MINOR: mux-h2: refuse to allocate a stream with too high an ID - BUG/MEDIUM: backend: never try to attach to a mux having no more stream available - MINOR: server: add a max-reuse parameter - MINOR: mux-h2: always consider a server's max-reuse parameter - MEDIUM: stream-int: always mark pending outgoing SI_ST_CON - MINOR: stream: don't wait before retrying after a failed connection reuse - MEDIUM: h2: always parse and deduplicate the content-length header - BUG/MINOR: mux-h2: always compare content-length to the sum of DATA frames - CLEANUP: h2: Remove debug printf in mux_h2.c - MINOR: cfgparse: make the process/thread parser support a maximum value - MINOR: threads: make MAX_THREADS configurable at build time - DOC: nbthread is no longer experimental. - BUG/MINOR: listener: always fill the source address for accepted socketpairs - BUG/MINOR: mux-h2: do not report available outgoing streams after GOAWAY - BUG/MINOR: spoe: corrected fragmentation string size - BUG/MINOR: task: fix possibly missed event in inter-thread wakeups - BUG/MEDIUM: servers: Attempt to reuse an unfinished connection on retry. - BUG/MEDIUM: backend: always call si_detach_endpoint() on async connection failure - SCRIPTS: add the issue tracker URL to the announce script - MINOR: peers: Extract some code to be reused. - CLEANUP: peers: Indentation fixes. - MINOR: peers: send code factorization. - MINOR: peers: Add new functions to send code and reduce the I/O handler. - MEDIUM: peers: synchronizaiton code factorization to reduce the size of the I/O handler. - MINOR: peers: Move update receive code to reduce the size of the I/O handler. - MINOR: peers: Move ack, switch and definition receive code to reduce the size of the I/O handler. - MINOR: peers: Move high level receive code to reduce the size of I/O handler. - CLEANUP: peers: Be more generic. - MINOR: peers: move error handling to reduce the size of the I/O handler. - MINOR: peers: move messages treatment code to reduce the size of the I/O handler. - MINOR: peers: move send code to reduce the size of the I/O handler. - CLEANUP: peers: Remove useless statements. - MINOR: peers: move "hello" message treatment code to reduce the size of the I/O handler. - MINOR: peers: move peer initializations code to reduce the size of the I/O handler. - CLEANUP: peers: factor the error handling code in peer_treet_updatemsg() - CLEANUP: peers: factor error handling in peer_treat_definedmsg() - BUILD/MINOR: peers: shut up a build warning introduced during last cleanup - BUG/MEDIUM: mux-h2: only close connection on request frames on closed streams - CLEANUP: mux-h2: remove two useless but misleading assignments - BUG/MEDIUM: checks: Check that conn_install_mux succeeded. - BUG/MEDIUM: servers: Only destroy a conn_stream we just allocated. - BUG/MEDIUM: servers: Don't add an incomplete conn to the server idle list. - BUG/MEDIUM: checks: Don't try to set ALPN if connection failed. - BUG/MEDIUM: h2: In h2_send(), stop the loop if we failed to alloc a buf. - BUG/MEDIUM: peers: Handle mux creation failure. - BUG/MEDIUM: servers: Close the connection if we failed to install the mux. - BUG/MEDIUM: compression: Rewrite strong ETags - BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit - CLEANUP: mux-h2: remove misleading leftover test on h2s' nullity - BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update - BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions - BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams - BUG/MEDIUM: mux-h2: do not abort HEADERS frame before decoding them - BUG/MINOR: mux-h2: make sure response HEADERS are not received in other states than OPEN and HLOC - MINOR: h2: add a generic frame checker - MEDIUM: mux-h2: check the frame validity before considering the stream state - CLEANUP: mux-h2: remove stream ID and frame length checks from the frame parsers - BUG/MINOR: mux-h2: make sure request trailers on aborted streams don't break the connection - DOC: compression: Update the reasons for disabled compression - BUG/MEDIUM: buffer: Make sure b_is_null handles buffers waiting for allocation. - DOC: htx: make it clear that htxbuf() and htx_from_buf() always return valid pointers - MINOR: htx: never check for null htx pointer in htx_is_{,not_}empty() - MINOR: mux-h2: consistently rely on the htx variable to detect the mode - BUG/MEDIUM: peers: Peer addresses parsing broken. - BUG/MEDIUM: mux-h1: Don't add "transfer-encoding" if message-body is forbidden - BUG/MEDIUM: connections: Don't forget to remove CO_FL_SESS_IDLE. - BUG/MINOR: stream: don't close the front connection when facing a backend error - BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection - MINOR: stream-int: add a new flag to mention that we want the connection to be killed - MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection - BUG/MEDIUM: mux-h2: do not close the connection on aborted streams - BUG/MINOR: server: fix logic flaw in idle connection list management - MINOR: mux-h2: max-concurrent-streams should be unsigned - MINOR: mux-h2: make sure to only check concurrency limit on the frontend - MINOR: mux-h2: learn and store the peer's advertised MAX_CONCURRENT_STREAMS setting - BUG/MEDIUM: mux-h2: properly consider the peer's advertised max-concurrent-streams - MINOR: xref: Add missing barriers. - MINOR: muxes: Don't bother to LIST_DEL(&conn->list) before calling conn_free(). - MINOR: debug: Add an option that causes random allocation failures. - BUG/MEDIUM: backend: always release the previous connection into its own target srv_list - BUG/MEDIUM: htx: check the HTX compatibility in dynamic use-backend rules - BUG/MINOR: tune.fail-alloc: Don't forget to initialize ret. - BUG/MINOR: backend: check srv_conn before dereferencing it - BUG/MEDIUM: mux-h2: always omit :scheme and :path for the CONNECT method - BUG/MEDIUM: mux-h2: always set :authority on request output - BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free(). - BUG/MINOR: threads: fix the process range of thread masks - BUG/MINOR: config: fix bind line thread mask validation - CLEANUP: threads: fix misleading comment about all_threads_mask - CLEANUP: threads: use nbits to calculate the thread mask - OPTIM: listener: optimize cache-line packing for struct listener - MINOR: tools: improve the popcount() operation - MINOR: config: keep an all_proc_mask like we have all_threads_mask - MINOR: global: add proc_mask() and thread_mask() - MINOR: config: simplify bind_proc processing using proc_mask() - MINOR: threads: make use of thread_mask() to simplify some thread calculations - BUG/MINOR: compression: properly report compression stats in HTX mode - BUG/MINOR: task: close a tiny race in the inter-thread wakeup - BUG/MAJOR: config: verify that targets of track-sc and stick rules are present - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes - BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible with HTX - BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules - DOC: ssl: Clarify when pre TLSv1.3 cipher can be used - DOC: ssl: Stop documenting ciphers example to use - BUG/MINOR: spoe: do not assume agent->rt is valid on exit - BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets - BUG/MEDIUM: spoe: initialization depending on nbthread must be done last - BUG/MEDIUM: server: initialize the idle conns list after parsing the config - BUG/MEDIUM: server: initialize the orphaned conns lists and tasks at the end - MINOR: config: make MAX_PROCS configurable at build time - BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck - BUG/MINOR: config: Reinforce validity check when a process number is parsed - BUG/MEDIUM: peers: check that p->srv actually exists before using p->srv->use_ssl - CONTRIB: contrib/prometheus-exporter: Add a Prometheus exporter for HAProxy - BUG/MINOR: mux-h1: verify the request's version before dropping connection: keep-alive - BUG: 51d: In Hash Trie, multi header matching was affected by the header names stored globaly. - MEDIUM: 51d: Enabled multi threaded operation in the 51Degrees module. - BUG/MAJOR: stream: avoid double free on unique_id - BUILD/MINOR: stream: avoid a build warning with threads disabled - BUILD/MINOR: tools: fix build warning in the date conversion functions - BUILD/MINOR: peers: remove an impossible null test in intencode() - BUILD/MINOR: htx: fix some potential null-deref warnings with http_find_stline - BUG/MEDIUM: peers: Missing peer initializations. - BUG/MEDIUM: http_fetch: fix the "base" and "base32" fetch methods in HTX mode - BUG/MEDIUM: proto_htx: Fix data size update if end of the cookie is removed - BUG/MEDIUM: http_fetch: fix "req.body_len" and "req.body_size" fetch methods in HTX mode - BUILD/MEDIUM: initcall: Fix build on MacOS. - BUG/MEDIUM: mux-h2/htx: Always set CS flags before exiting h2_rcv_buf() - MINOR: h2/htx: Set the flag HTX_SL_F_BODYLESS for messages without body - BUG/MINOR: mux-h1: Add "transfer-encoding" header on outgoing requests if needed - BUG/MINOR: mux-h2: Don't add ":status" pseudo-header on trailers - BUG/MINOR: proto-htx: Consider a XFER_LEN message as chunked by default - BUG/MEDIUM: h2/htx: Correctly handle interim responses when HTX is enabled - MINOR: mux-h2: Set HTX extra value when possible - BUG/MEDIUM: htx: count the amount of copied data towards the final count - MINOR: mux-h2: make the H2 MAX_FRAME_SIZE setting configurable - BUG/MEDIUM: mux-h2/htx: send an empty DATA frame on empty HTX trailers - BUG/MEDIUM: servers: Use atomic operations when handling curr_idle_conns. - BUG/MEDIUM: servers: Add a per-thread counter of idle connections. - MINOR: fd: add a new my_closefrom() function to close all FDs - MINOR: checks: use my_closefrom() to close all FDs - MINOR: fd: implement an optimised my_closefrom() function - BUG/MINOR: fd: make sure my_closefrom() doesn't miss some FDs - BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked - BUG/MAJOR: listener: Make sure the listener exist before using it. - MINOR: fd: Use closefrom() as my_closefrom() if supported. - BUG/MEDIUM: mux-h1: Report the right amount of data xferred in h1_rcv_buf() - BUG/MINOR: channel: Set CF_WROTE_DATA when outgoing data are skipped - MINOR: htx: Add function to drain data from an HTX message - MINOR: channel/htx: Add function to skips output bytes from an HTX channel - BUG/MAJOR: cache/htx: Set the start-line offset when a cached object is served - BUG/MEDIUM: cache: Get objects from the cache only for GET and HEAD requests - BUG/MINOR: cache/htx: Return only the headers of cached objects to HEAD requests - BUG/MINOR: mux-h1: Always initilize h1m variable in h1_process_input() - BUG/MEDIUM: proto_htx: Fix functions applying regex filters on HTX messages - BUG/MEDIUM: h2: advertise to servers that we don't support push - MINOR: standard: Add a function to parse uints (dotted notation). - MINOR: arg: Add support for ARGT_PBUF_FNUM arg type. - MINOR: http_fetch: add "req.ungrpc" sample fetch for gRPC. - MINOR: sample: Add two sample converters for protocol buffers. - DOC: sample: Add gRPC related documentation. 2018/12/22 : 2.0-dev0 - BUG/MAJOR: connections: Close the connection before freeing it. - REGTEST: Require the option LUA to run lua tests - REGTEST: script: Process script arguments before everything else - REGTEST: script: Evaluate the varnishtest command to allow quoted parameters - REGTEST: script: Add the option --clean to remove previous log direcotries - REGTEST: script: Add the option --debug to show logs on standard ouput - REGTEST: script: Add the option --keep-logs to keep all log directories - REGTEST: script: Add the option --use-htx to enable the HTX in regtests - REGTEST: script: Print only errors in the results report - REGTEST: Add option to use HTX prefixed by the macro 'no-htx' - REGTEST: Make reg-tests target support argument. - REGTEST: Fix a typo about barrier type. - REGTEST: Be less Linux specific with a syslog regex. - REGTEST: Missing enclosing quotes for ${tmpdir} macro. - REGTEST: Exclude freebsd target for some reg tests. - BUG/MEDIUM: h2: Don't forget to quit the sending_list if SUB_CALL_UNSUBSCRIBE. - BUG/MEDIUM: mux-h2: Don't forget to quit the send list on error reports - BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response() - BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error - BUG/MINOR: compression/htx: Don't compress responses with unknown body length - BUG/MINOR: compression/htx: Don't add the last block of data if it is empty - MEDIUM: mux_h1: Implement h1_show_fd. - REGTEST: script: Add support of alternatives in requited options list - REGTEST: Add a basic test for the compression - BUG/MEDIUM: mux-h2: don't needlessly wake up the demux on short frames - REGTEST: A basic test for "http-buffer-request" - BUG/MEDIUM: server: Also copy "check-sni" for server templates. - MINOR: ssl: Add ssl_sock_set_alpn(). - MEDIUM: checks: Add check-alpn. - wip 2018/12/19 : 1.9.0 - BUG/MEDIUM: compression: Use the right buffer pointers to compress input data - BUG/MINOR: mux_pt: Set CS_FL_WANT_ROOM when count is zero in rcv_buf() callback - BUG/MEDIUM: connection: Add a new CS_FL_ERR_PENDING flag to conn_streams. - CONTRIB: debug: teach the "flags" utility about new conn_stream flags - BUG/MEDIUM: stream-int: always clear CS_FL_WANT_ROOM before receiving - BUG/MEDIUM: mux-h2: also restart demuxing when data are pending in demux - BUG/MEDIUM: mux-h2: restart demuxing as soon as demux data are available - BUG/MEDIUM: h2: fix aggregated cookie length computation in HTX mode - MINOR: mux-h2: report more h2c, last h2s and cs information on "show fd" - CONTRIB: debug: report stream-int's flag SI_FL_CLEAN_ABRT - MINOR: cli/stream: add the conn_stream in "show sess" output - BUG/MINOR: mux-h2: don't report a fantom h2s in "show fd" - BUG/MINOR: cli/fd: don't isolate the thread for each individual fd - MINOR: objtype: report a few missing types in names and base pointers - BUG/MEDIUM: mux-h2: make sure to report synchronous errors after EOS - BUG/MEDIUM: mux-h2: report asynchronous errors in h2_wake_some_streams() - BUG/MEDIUM: mux-h2: make sure the demux also wakes streams up on errors - BUG/MINOR: mux-h1: report the correct frontend in error captures - BUG/MEDIUM: stream-int: also wake the stream up on end of transfer - MEDIUM: h2: properly check and deduplicate the content-length header in HTX - BUG/MEDIUM: stream: Forward the right amount of data before infinite forwarding - BUG/MINOR: proto_htx: Call the HTX version of the function managing client cookies - BUG/MEDIUM: lua/htx: Handle EOM in receive/get_line calls in HTTP applets - BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything - MINOR: compression: Remove the thread_local variable buf_output - CLEANUP: connection: rename subscription events values and event field - CLEANUP: connection: rename conn->mux_ctx to conn->ctx - MINOR: connection: remove an unwelcome dependency on struct stream - CLEANUP: stream-int: consistently call the si/stream_int functions - BUG/MEDIUM: h1: Don't shutw/shutr the connection if we have keepalive. - BUG/MEDIUM: H2: Make sure htx is set even on empty frames. - BUG/MEDIUM: mux-h2: pass CS_FL_ERR_PENDING to h2_wake_some_streams() - MEDIUM: stream-int: always consider all CS errors on the send side - BUG/MEDIUM: h2: Make sure we don't set CS_FL_ERROR if there's still data. - CLEANUP: mux-h2: implement h2s_notify_{send,recv} to report events to subscribers - MINOR: mux-h2: add a new function h2s_alert() to call the data layer - BUG/MEDIUM: mux-h2: make use of h2s_alert() to report aborts - MINOR: connection: add cs_set_error() to set the error bits - CLEANUP: mux-h2: make use of cs_set_error() - BUG/MINOR: mux-h2: make sure we check the conn_stream in early data - BUG/MEDIUM: h2: Don't wait for flow control if the connection had a shutr. - MINOR: cli/show_fd: report that a connection is back or not - SCRIPTS: add the slack channel URL to the announce script - CLEANUP: remove my name and address from the copyright banner - DOC: mention in the readme that 1.9 is a stable version now 2018/12/16 : 1.9-dev11 - BUG/MEDIUM: connection: Don't use the provided conn_stream if it was tried. - REGTEST/MINOR: remove double body specification for server txresp - BUG/MEDIUM: connections: Remove error flags when retrying. - REGTEST/MINOR: skip seamless-reload test with abns socket on freebsd - REGTEST/MINOR: remove health-check that can make the test fail - DOC: clarify that check-sni needs an argument. - DOC: refer to check-sni in the documentation of sni - BUG/MEDIUM: mux-h2: fix encoding of non-GET/POST methods - BUG/MINOR: mux-h1: Fix conn_mode processing for headerless outgoing messages - BUG/MEDIUM: mux-h1: Add a BUSY mode to not loop on pipelinned requests - BUG/MEDIUM: mux-h1: Don't loop on the headers parsing if the read0 was received - BUG/MEDIUM: htx: Always do a defrag if a block value is replace by a bigger one - BUG/MEDIUM: mux-h2: Don't forget to set the CS_FL_EOS flag with htx. - BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation - CLEANUP: hpack: no need to include chunk.h, only include buf.h - MINOR: hpack: simplify the len to bytes conversion - MINOR: hpack: use ist2bin() to copy header names in hpack_encode_header() - MINOR: hpack: optimize header encoding for short names - CONTRIB: hpack: add a compressed stream generator for the encoder - MEDIUM: hpack: make it possible to encode any static header name - MINOR: hpack: move the length computation and encoding functions to .h - MINOR: hpack: provide a function to encode a short indexed header - MINOR: hpack: provide a function to encode a long indexed header - MINOR: hpack: provide new functions to encode the ":status" header - MEDIUM: mux-h2: make use of standard HPACK encoding functions for the status - MINOR: hpack: provide a function to encode an HTTP method - MEDIUM: mux-h2: make use of hpack_encode_method() to encode the method - MINOR: hpack: provide a function to encode an HTTP scheme - MEDIUM: mux-h2: make use of hpack_encode_scheme() to encode the scheme - MINOR: hpack: provide a function to encode an HTTP path - MEDIUM: mux-h2: make use of hpack_encode_path() to encode the path - REGTEST: add the HTTP rules test involving HTX processing - REORG: connection: centralize the conn_set_{tos,mark,quickack} functions - MEDIUM: cli: rework the CLI proxy parser - MINOR: cli: parse prompt command in the CLI proxy - MINOR: cli: implements 'quit' in the CLI proxy - BUG/MINOR: cli: wait for payload data even without prompt - MEDIUM: cli: handle payload in CLI proxy - MINOR: cli: use pcli_flags for prompt activation - MINOR: compression: Rename the function check_legacy_http_comp_flt() - MINOR: cache/htx: Don't use the same cache on HTX and legacy HTTP proxies - MINOR: cache: Register the cache as a data filter only if response is cacheable - MEDIUM: cache/htx: Add the HTX support into the cache - MINOR: cache: Improve and simplify the cache configuration check - MINOR: filters: Export the name of known filters - MEDIUM: cache/compression: Add a way to safely combined compression and cache - MEDIUM: cache: Require an explicit filter declaration if other filters are used - REORG: htx: merge types+proto into common/htx.h - REORG: http: create http_msg.c to place there some legacy HTTP parts - REORG: h1: move legacy http functions to http_msg.c - REORG: h1: move the h1_state definition to proto_http - CLEANUP: h1: remove some occurrences of unneeded h1.h inclusions - REORG: h1: merge types+proto into common/h1.h - CLEANUP: stream: remove SF_TUNNEL, SF_INITIALIZED, SF_CONN_TAR - MEDIUM: mux-h1: implement true zero-copy of DATA blocks - MINOR: config: round up global.tune.bufsize to the next multiple of 2 void* - BUG/MINOR: mux-h2: refrain from muxing during the preface - BUG/MINOR: mux-h2: advertise a larger connection window size - DOC: master CLI documentation in management.txt - MINOR: mux-h2: avoid copying large blocks into full buffers - MEDIUM: mux-h2: implement true zero-copy send of large HTX DATA blocks - MINOR: mux-h2: force reads to be HTX-aligned in HTX mode - MINOR: cli: change 'show proc' output of old processes - BUG/MEDIUM: mux-h1: Fix the zero-copy on output for chunked messages - BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name - BUG: dns: Prevent out-of-bounds read in dns_read_name() - BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() - BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() - BUG: dns: Fix off-by-one write in dns_validate_dns_response() - REGTEST: the cache regtest requires haproxy 1.9 - MEDIUM: cli: store CLI level in the appctx - MEDIUM: cli: show and change CLI permissions - CLEANUP: cli: use dedicated define instead of appctx ones - MEDIUM: cli: handle CLI level from the master CLI - BUG/MEDIUM: cli: handle correctly prefix and payload - BUILD: Makefile: Implements the help target - REGTESTS: adjust the http-rules regtest to support window updates - BUG/MEDIUM: connections: Remove CS_FL_EOS | CS_FL_REOS on retry. - BUG/MEDIUM: stream_interface: Don't report read0 if we were not connected. - BUG/MEDIUM: connection: Just make sure we closed the fd on connection failure. - MEDIUM: mux: Add an optional "reset" method. - BUG/MEDIUM: mux-h1: Fix loop if server closes its connection with unparsed data - MINOR: mux-h1: Add helper functions to wake a stream from recv or send - BUG/MEDIUM: mux-h1: Wake the stream for send once the connection is established - BUG/MEDIUM: connections: Don't attempt to reuse an unusable connection. - MEDIUM: htx: Try to take a connection over if it has no owner. - REGTEST: Reg testing improvements. - REGTEST: Add a first test for health-checks. - REGTEST: Reg test for "check" health-check option. - REGTEST: level 1 health-check test 2. - REGTEST: Add miscellaneous reg tests for health-checks. - REGTEST: add a few HTTP messaging tests - MINOR: lb: make the leastconn algorithm more accurate - REGTEST: fix missing space in checks/s00001 - REGTEST: http-messaging: add "option http-buffer-request" for H2 tests - BUG/MEDIUM: cache: fix random crash on filter parser's error path - MINOR: connection: realign empty buffers in muxes, not transport layers - MINOR: mux_h1/h2: simplify the zero-copy Rx alignment - MINOR: backend: count the number of connect and reuse per server and per backend - BUG/MINOR: stats: fix inversion of failed header rewrites and other statuses - MINOR: tools: increase the number of ITOA strings to 16 - MINOR: cache: report the number of cache lookups and cache hits - MEDIUM: tasks: check the global task mask instead of the thread number - MINOR: mworker: set all_threads_mask and pid_bit to 1 - BUG/MINOR: proto_htx: Fix htx_res_set_status to also set the reason - BUG/MINOR: stats: Parse post data for HTX streams - MINOR: payload/htx: Adapt smp_fetch_len to be HTX aware - MINOR: http_fecth: Implement body_len and body_size sample fetches for the HTX - MAJOR: lua: Forbid calls to Channel functions for LUA scripts in HTTP proxies - MEDIUM: lua/htx: Adapt functions of the HTTP to be compatible with HTX - MINOR: lua/htx: Adapt the functions get_in_length and is_full to be HTX aware - MAJOR: lua/htx: Adapt HTTP applets to support HTX messages - MINOR: lua: Remove useless check on the messages state in HTTP functions - BUG/MEDIUM: htx: When performing zero-copy, start from the right offset. - BUG/MINOR: mworker: don't use unitialized mworker_proc struct - MINOR: mworker/cli: indicate in the master prompt when a reload failed - MINOR: cli: implements 'reload' on master CLI - BUG/MEDIUM: log: Don't call sample_fetch_as_type if we don't have a stream. - BUG/MEDIUM: mux-h1: make sure we always have at least one HTX block to send - BUG/MAJOR: backend: only update server's counters when the server exists - MINOR: tools: preset the port of fd-based "sockets" to zero - BUG/MINOR: log: fix logging to both FD and IP - REGTEST: Add a reg test for HTTP cookies. - BUILD: ssl: Fix compilation without deprecated OpenSSL 1.1 APIs - BUILD: thread: properly report multi-thread support - BUG/MINOR: logs: leave startup-logs global and not per-thread - BUG/MEDIUM: threads: don't close the thread waker pipe if not init - BUG/MAJOR: compression/cache: Make it really works with these both filters - BUG/MEDIUM: h2: Don't forget to destroy the h2s after deferred shut. - MEDIUM: proxy: Set http-reuse safe as default. - MEDIUM: servers: Add a command to limit the number of idling connections. - MEDIUM: servers: Replace idle-timeout with pool-purge-delay. - MEDIUM: mux: Destroy the stream before trying to add the conn to the idle list. - MEDIUM: mux: provide the session to the init() and attach() method. - MEDIUM: sessions: Don't keep an infinite number of idling connections. - MEDIUM: servers: Be more agressive when adding H2 connection to idle lists. - MEDIUM: mux_h2: Always set CS_FL_NOT_FIRST for new conn_streams. - BUG/MEDIUM: htx/cache: use the correct class of error codes on abort - BUG/MINOR: cache: also consider CF_SHUTR to abort delivery - MINOR: pools: Cast to volatile int * instead of int *. - MINOR: debug: make the ABORT_NOW macro use a volatile int - BUG/MEDIUM: h2: Don't destroy the h2s if it still has a cs attached. - BUG/MEDIUM: mux-h1: don't try to process an empty input buffer - DOC: clarify the agent-check status line syntax - BUG/MAJOR: hpack: fix length check for short names encoding - DOC: split the README into README + INSTALL 2018/12/08 : 1.9-dev10 - MINOR: htx: Rename functions htx_*_to_str() to be H1 specific - BUG/MINOR: htx: Force HTTP/1.1 on H1 formatting when version is 1.1 or above - BUG/MINOR: fix ssl_fc_alpn and actually add ssl_bc_alpn - BUG/MEDIUM: mworker: stop proxies which have no listener in the master - BUG/MEDIUM: h1: Destroy a connection after detach if it has no owner. - BUG/MEDIUM: h2: Don't forget to wake the tasklet after shutr/shutw. - BUG/MINOR: flt_trace/compression: Use the right flag to add the HTX support - BUG/MEDIUM: stream_interface: Make REALLY sure we read all the data. - MEDIUM: mux-h1: Revamp the way subscriptions are handled. - BUG/MEDIUM: mux-h1: Always set CS_FL_RCV_MORE when data are received in h1_recv() - MINOR: mux-h1: Make sure to return 1 in h1_recv() when needed - BUG/MEDIUM: mux-h1: Release the mux H1 in h1_process() if there is no h1s - BUG/MINOR: proto_htx: Truncate the request when an error is detected - BUG/MEDIUM: h2: When sending in HTX, make sure the caller knows we sent all. - BUG/MEDIUM: mux-h2: properly update the window size in HTX mode - BUG/MEDIUM: mux-h2: make sure to always report HTX EOM when consumed by headers - BUG/MEDIUM: mux-h2: stop sending HTX once the mux is blocked - BUG/MEDIUM: mux-h2: don't send more HTX data than requested - MINOR: mux-h2: stop on non-DATA and non-EOM HTX blocks - BUG/MEDIUM: h1: Correctly report used data with no len. - MEDIUM: h1: Realign the ibuf before calling rcv_buf if needed. - BUG/MEDIUM: mux_pt: Always set CS_FL_RCV_MORE. - MINOR: htx: make htx_from_buf() adjust the size only on new buffers - MINOR: htx: add buf_room_for_htx_data() to help optimize buffer transfers - MEDIUM: mux-h1: make use of buf_room_for_htx_data() instead of b_room() - MEDIUM: mux-h1: attempt to zero-copy Rx DATA transfers - MEDIUM: mux-h1: avoid a double copy on the Tx path whenever possible - BUG/MEDIUM: stream-int: don't mark as blocked an empty buffer on Rx - BUG/MINOR: mux-h1: Check h1m flags to set the server conn_mode on request path - MEDIUM: htx: Rework conversion from a buffer to an htx structure - MEDIUM: channel/htx: Add functions for forward HTX data - MINOR: mux-h1: Don't adjust anymore the amount of data sent in h1_snd_buf() - CLEANUP: htx: Fix indentation here and there in HTX files - MINOR: mux-h1: Allow partial data consumption during outgoing data processing - BUG/MEDIUM: mux-h2: use the correct offset for the HTX start line - BUG/MEDIUM: mux-h2: stop sending using HTX on errors - MINOR: mux-h1: Drain obuf if the output is closed after sending data - BUG/MEDIUM: mworker: stop every tasks in the master - BUG/MEDIUM: htx: Set the right start-line offset after a defrag - BUG/MEDIUM: stream: Don't dereference s->txn when it is not there yet. - BUG/MEDIUM: connections: Reuse an already attached conn_stream. - MINOR: stream-int: add a new blocking condition on the remote connection - BUG/MEDIUM: stream-int: don't attempt to receive if the connection is not established - BUG/MEDIUM: lua: block on remote connection establishment - BUG/MEDIUM: mworker: fix several typos in mworker_cleantasks() - SCRIPTS/REGTEST: merge grep+sed into sed in run-regtests - BUG/MEDIUM: connections: Split CS_FL_RCV_MORE into 2 flags. - BUG/MEDIUM: h1: Don't free the connection if it's an outgoing connection. - BUG/MEDIUM: h1: Set CS_FL_REOS if we had a read0. - BUG/MEDIUM: mux-h1: Be sure to have a conn_stream to set CS_FL_REOS in h1_recv - REGTEST: Move LUA reg test 4 to level 1. - MINOR: ist: add functions to copy/uppercase/lowercase into a buffer or string - MEDIUM: ist: always turn header names to lower case - MINOR: h2: don't turn HTX header names to lower case anymore - MEDIUM: ist: use local conversion arrays to case conversion - MINOR: htx: switch to case sensitive search of lower case header names - MINOR: mux-h1: Set CS_FL_EOS when read0 is detected and no data are pending - BUG/MINOR: stream-int: Process read0 even if no data was received in si_cs_recv - REGTEST: fix the Lua test file name in test lua/h00002 :-) - REGTEST: add a basic test for HTTP rules manipulating headers - BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. - MINOR: sample: add bc_http_major - BUG/MEDIUM: htx: fix typo in htx_replace_stline() making it fail all the time - REGTEST: make the HTTP rules test compatible with HTTP/2 as well - BUG/MEDIUM: h2: Don't try to chunk data when using HTX. - MINOR: compiler: add a new macro ALREADY_CHECKED() - BUILD: h2: mark the start line already checked to avoid warnings - BUG/MINOR: mux-h1: Remove the connection header when it is useless 2018/12/02 : 1.9-dev9 - BUILD/MINOR: ssl: fix build with non-alpn/non-npn libssl - BUG/MINOR: mworker: Do not attempt to close(2) fd -1 - BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM - MINOR: compression: always create the compression pool - BUG/MEDIUM: mworker: fix FD leak upon reload - BUILD: htx: fix fprintf format inconsistency on 32-bit platforms - BUILD: buffers: buf.h requires unistd to get ssize_t on libmusl - MINOR: initcall: introduce a way to register init functions to call at boot - MINOR: init: process all initcalls in order at boot time - MEDIUM: init: convert all trivial registration calls to initcalls - MINOR: thread: provide a set of lock initialisers - MINOR: threads: add new macros to declare self-initializing locks - MEDIUM: init: use self-initializing spinlocks and rwlocks - MINOR: initcall: apply initcall to all register_build_opts() calls - MINOR: initcall: use initcalls for most post_{check,deinit} and per_thread* - MINOR: initcall: use initcalls for section parsers - MINOR: memory: add a callback function to create a pool - MEDIUM: init: use initcall for all fixed size pool creations - MEDIUM: memory: use pool_destroy_all() to destroy all pools on deinit() - MEDIUM: initcall: use initcalls for a few initialization functions - MEDIUM: memory: make the pool cache an array and not a thread_local - MINOR: ssl: free ctx when libssl doesn't support NPN - BUG/MINOR: proto_htx: only mark connections private if NTLM is detected - MINOR: h2: make struct h2_ops static - BUG/MEDIUM: mworker: avoid leak of client socket - REORG: mworker: declare master variable in global.h - BUG/MEDIUM: listeners: CLOEXEC flag is not correctly set - CLEANUP: http: Fix typo in init_http's comment - BUILD: Makefile: Disable -Wcast-function-type if it exists. - BUG/MEDIUM: h2: Don't bogusly error if the previous stream was closed. - REGTEST/MINOR: script: add run-regtests.sh script - REGTEST: Add a basic test for the cache. - BUG/MEDIUM: mux_pt: Don't forget to unsubscribe() on attach. - BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id - BUG/MEDIUM: connections: Wake the stream once the mux is chosen. - BUG/MEDIUM: connections: Don't forget to detach the connection from the SI. - BUG/MEDIUM: stream_interface: Don't check if the handshake is done. - BUG/MEDIUM: stream_interface: Make sure we read all the data available. - BUG/MEDIUM: h2: Call h2_process() if there's an error on the connection. - REGTEST: Fix several issues. - REGTEST: lua: check socket functionality from a lua-task - BUG/MEDIUM: session: Remove the session from the session_list in session_free. - BUG/MEDIUM: streams: Don't assume we have a CS in sess_update_st_con_tcp. - BUG/MEDIUM: connections: Don't assume we have a mux in connect_server(). - BUG/MEDIUM: connections: Remove the connection from the idle list before destroy. - BUG/MEDIUM: session: properly clean the outgoing connection before freeing. - BUG/MEDIUM: mux_pt: Don't try to send if handshake is not done. - MEDIUM: connections: Put H2 connections in the idle list if http-reuse always. - MEDIUM: h2: Destroy a connection with no stream if it has no owner. - MAJOR: sessions: Store multiple outgoing connections in the session. - MEDIUM: session: Steal owner-less connections on end of transaction. - MEDIUM: server: Be smarter about deciding to reuse the last server. - BUG/MEDIUM: Special-case http_proxy when dealing with outgoing connections. - BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name - BUG/MINOR: http: Use out buffer instead of trash to display error snapshot - BUG/MINOR: htx: Fix block size calculation when a start-line is added/replaced - BUG/MINOR: mux-h1: Fix processing of "Connection: " header on outgoing messages - BUG/MEDIUM: mux-h1: Reset the H1 parser when an outgoing message is processed - BUG/MINOR: proto_htx: Send outgoing data to client to start response processing - BUG/MINOR: htx: Stop a header or a start line lookup on the first EOH or EOM - BUG/MINOR: connection: report mux modes when HTX is supported - MINOR: htx: add a function to cut the beginning of a DATA block - MEDIUM: conn_stream: Add a way to get mux's info on a CS from the upper layer - MINOR: mux-h1: Implement get_cs_info() callback - MINOR: stream: Rely on CS's info if it exists and fallback on session's ones - MINOR: proto_htx: Use conn_stream's info to set t_idle duration when possible - MINOR: mux-h1: Don't rely on the stream anymore in h1_set_srv_conn_mode() - MINOR: mux-h1: Write last chunk and trailers if not found in the HTX message - MINOR: mux-h1: Be prepare to fail when EOM is added during trailers parsing - MINOR: mux-h1: Subscribe to send in h1_snd_buf() when not all data have been sent - MINOR: mux-h1: Consume channel's data in a loop in h1_snd_buf() - MEDIUM: mux-h1: Add keep-alive outgoing connections in connections list - MINOR: htx: Add function to add an HTX block just before another one - MINOR: htx: Add function to iterate on an HTX message using HTX blocks - MINOR: htx: Add a function to find the HTX block corresponding to a data offset - MINOR: stats: Don't add end-of-data marker and trailers in the HTX response - MEDIUM: htx: Change htx_sl to be a struct instead of an union - MINOR: htx: Add the start-line offset for the HTX message in the HTX structure - MEDIUM: htx: Don't rely on h1_sl anymore except during H1 header parsing - MINOR: proto-htx: Use the start-line flags to set the HTTP messsage ones - MINOR: htx: Add BODYLESS flags on the HTX start-line and the HTTP message - MINOR: proto_htx: Use full HTX messages to send 100-Continue responses - MINOR: proto_htx: Use full HTX messages to send 103-Early-Hints responses - MINOR: proto_htx: Use full HTX messages to send 401 and 407 responses - MINOR: proto_htx: Send valid HTX message when redir mode is enabled on a server - MINOR: proto_htx: Send valid HTX message to send 30x responses - MEDIUM: proto_htx: Convert all HTTP error messages into HTX - MINOR: mux-h1: Process conn_mode on the EOH when no connection header is found - MINOR: mux-h1: Change client conn_mode on an explicit close for the response - MINOR: mux-h1: Capture bad H1 messages - MAJOR: filters: Adapt filters API to be compatible with the HTX represenation - MEDIUM: proto_htx/filters: Add data filtering during the forwarding - MINOR: flt_trace: Adapt to be compatible with the HTX representation - MEDIUM: compression: Adapt to be compatible with the HTX representation - MINOR: h2: implement H2->HTX request header frame transcoding - MEDIUM: mux-h2: register mux for both HTTP and HTX modes - MEDIUM: mux-h2: make h2_rcv_buf() support HTX transfers - MEDIUM: mux-h2: make h2_snd_buf() HTX-aware - MEDIUM: mux-h2: add basic H2->HTX transcoding support for headers - MEDIUM: mux-h2: implement emission of H2 headers frames from HTX blocks - MEDIUM: mux-h2: implement the emission of DATA frames from HTX DATA blocks - MEDIUM: mux-h2: support passing H2 DATA frames to HTX blocks - BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed - BUG/MEDIUM: mux-h2: don't lose the first response header in HTX mode - BUG/MEDIUM: mux-h2: remove the HTX EOM block on H2 response headers - MINOR: listener: the mux_proto entry in the bind_conf is const - MINOR: connection: create conn_get_best_mux_entry() - MINOR: server: the mux_proto entry in the server is const - MINOR: config: make sure to associate the proper mux to bind and servers - MINOR: hpack: add ":path" to the list of common header fields - MINOR: h2: add new functions to produce an HTX message from an H2 response - MINOR: mux-h2: mention that the mux is compatible with both sides - MINOR: mux-h2: implement an outgoing stream allocator : h2c_bck_stream_new() - MEDIUM: mux-h2: start to create the outgoing mux - MEDIUM: mux-h2: implement encoding of H2 request on the backend side - MEDIUM: mux-h2: make h2_frt_decode_headers() direction-agnostic - MEDIUM: mux-h2: make h2_process_demux() capable of processing responses as well - MEDIUM: mux-h2: Implement h2_attach(). - MEDIUM: mux-h2: Don't bother flagging outgoing connections as TOOMANY. - REGTEST: Fix LEVEL 4 script 0 of "connection" module. - MINOR: connection: Fix a comment. - MINOR: mux: add a "max_streams" method. - MEDIUM: servers: Add a way to keep idle connections alive. - CLEANUP: fix typos in the htx subsystem - CLEANUP: Fix typo in the chunk headers file - CLEANUP: Fix typos in the h1 subsystem - CLEANUP: Fix typos in the h2 subsystem - CLEANUP: Fix a typo in the mini-clist header - CLEANUP: Fix a typo in the proto_htx subsystem - CLEANUP: Fix typos in the proto_tcp subsystem - CLEANUP: Fix a typo in the signal subsystem - CLEANUP: Fix a typo in the session subsystem - CLEANUP: Fix a typo in the queue subsystem - CLEANUP: Fix typos in the shctx subsystem - CLEANUP: Fix typos in the socket pair protocol subsystem - CLEANUP: Fix typos in the map management functions - CLEANUP: Fix typo in the fwrr subsystem - CLEANUP: Fix typos in the cli subsystem - CLEANUP: Fix typo in the 51d subsystem - CLEANUP: Fix a typo in the base64 subsystem - CLEANUP: Fix a typo in the connection subsystem - CLEANUP: Fix a typo in the protocol header file - CLEANUP: Fix a typo in the checks header file - CLEANUP: Fix typos in the file descriptor subsystem - CLEANUP: Fix a typo in the listener subsystem - BUG/MINOR: lb-map: fix unprotected update to server's score - BUILD: threads: fix minor build warnings when threads are disabled 2018/11/25 : 1.9-dev8 - REORG: config: extract the global section parser into cfgparse-global - REORG: config: extract the proxy parser into cfgparse-listen.c - BUILD: update the list of supported targets and compilers in makefile and readme - BUILD: reorder the objects in the makefile - BUILD: Makefile: make "V=1" show some of the commands that are executed - BUILD: Makefile: add the quiet mode to a few more targets - BUILD: Makefile: add "$(Q)" to clean, tags and cscope targets - BUILD: Makefile: switch to quiet mode by default for CC/LD/AR - MINOR: cli: format `show proc` to be more readable - MINOR: cli: displays uptime in `show proc` - MINOR: cli: show master information in 'show proc' - BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field - MAJOR: mux-h1: Remove the rxbuf and decode HTTP messages in channel's buffer - BUG/MINOR: mux-h1: Enable keep-alive on server side - BUG/MEDIUM: mux-h1: Fix freeze when the kernel splicing is used - BUG/MEDIUM: mux-h1: Don't set the flag CS_FL_RCV_MORE when nothing was parsed - BUG/MINOR: stats/htx: Remove channel's output when the request is eaten - BUG/MINOR: proto_htx: Fix request/response synchronisation on error - MINOR: stream-int: Notify caller when an error is reported after a rcv_pipe() - MINOR: stream-int: Notify caller when an error is reported after a rcv_buf() - BUG/MINOR: stream-int: Don't call snd_buf() if there are still data in the pipe - MINOR: stream-int: remove useless checks on CS and conn flags in si_cs_send() - BUG/MINOR: config: Be aware of the HTX during the check of mux protocols - BUG/MINOR: mux-htx: Fix bad test on h1c flags in h1_recv_allowed() - MEDIUM: mworker: wait mode use standard init code path - MINOR: log: introduce ha_notice() - MINOR: mworker: use ha_notice to announce a new worker - BUG/MEDIUM: http_fetch: Make sure name is initialized before http_find_header. - MINOR: cli: add mworker_accept_wrapper to 'show fd' - MEDIUM: signal: signal_unregister() removes every handlers - BUG/MEDIUM: mworker: unregister the signals of main() - MINOR: cli: add a few missing includes in proto/cli.h - REORG: time/activity: move activity measurements to activity.{c,h} - MINOR: activity: report the average loop time in "show activity" - MINOR: activity: add configuration and CLI support for "profiling.tasks" - MEDIUM: tasks: collect per-task CPU time and latency - MINOR: sample: add cpu_calls, cpu_ns_avg, cpu_ns_tot, lat_ns_avg, lat_ns_tot - MINOR: cli/activity: rename the stolen CPU time fields to mention milliseconds - BUG/MINOR: cli: Fix memory leak - BUG/MINOR: mworker: fix FD leak and memory leak in error path - MINOR: poller: move the call of tv_update_date() back to the pollers - MINOR: polling: add an option to support busy polling - MINOR: server: Add "alpn" and "npn" keywords. - MEDIUM: connection: Don't bother reactivating polling after connection retry. - MAJOR: connections: Defer mux creation for outgoing connection if alpn is set. - MEDIUM: ssl: Add ssl_bc_alpn and ssl_bc_npn sample fetches. - MINOR: servers: Free [idle|safe|priv]_conns on exit. - REGTEST: add the option to test only a specific set of files - REGTEST: add a test for connections to a "dispatch" address - BUG/MEDIUM: connections: Don't reset the conn flags in *connect_server(). - MINOR: server: Only defined conn_complete_server if USE_OPENSSL is set. - BUG/MEDIUM: servers: Don't check if we have a conn_stream too soon. - BUG/MEDIUM: sessions: Set sess->origin to NULL if the origin was destroyed. - MEDIUM: servers: Store the connection in the SI until we have a mux. - BUG/MEDIUM: h2: wake the processing task up after demuxing - BUG/MEDIUM: h2: restart demuxing after releasing buffer space 2018/11/18 : 1.9-dev7 - BUILD: cache: fix a build warning regarding too large an integer for the age - CLEANUP: fix typos in the comments of the Makefile - CLEANUP: fix a typo in a comment for the contrib/halog subsystem - CLEANUP: fix typos in comments for the contrib/modsecurity subsystem - CLEANUP: fix typos in comments for contrib/spoa_example - CLEANUP: fix typos in comments for contrib/wireshark-dissectors - DOC: Fix typos in README and CONTRIBUTING - MINOR: log: slightly improve error message syntax on log failure - DOC: logs: the format directive was missing from the second log part - MINOR: log: report the number of dropped logs in the stats - MEDIUM: log: add support for logging to existing file descriptors - MEDIUM: log: support a new "short" format - MEDIUM: log: add a new "raw" format - BUG/MEDIUM: stream-int: change the way buffer room is requested by a stream-int - BUG/MEDIUM: stream-int: convert some co_data() checks to channel_is_empty() - MINOR: namespaces: don't build namespace.c if disabled - BUILD/MEDIUM: threads/affinity: DragonFly build fix - MINOR: http: Add new "early-hint" http-request action. - MINOR: http: Make new "early-hint" http-request action really be parsed. - MINOR: http: Implement "early-hint" http request rules. - MINOR: doc: Add information about "early-hint" http-request action. - DOC: early-hints: fix truncated line. - MINOR: mworker: only close std{in,out,err} in daemon mode - BUG/MEDIUM: log: don't CLOEXEC the inherited FDs - BUG/MEDIUM: Make sure stksess is properly aligned. - BUG/MEDIUM: stream-int: make failed splice_in always subscribe to recv - BUG/MEDIUM: stream-int: clear CO_FL_WAIT_ROOM after splicing data in - BUG/MINOR: stream-int: make sure not to go through the rcv_buf path after splice() - CONTRIB: debug: fix build related to conn_stream flags change - REGTEST: fix scripts 1 and 3 to accept development version - BUG/MINOR: http_fetch: Remove the version part when capturing the request uri - MINOR: http: Regroup return statements of http_req_get_intercept_rule at the end - MINOR: http: Regroup return statements of http_res_get_intercept_rule at the end - BUG/MINOR: http: Be sure to sent fully formed HTTP 103 responses - MEDIUM: jobs: support unstoppable jobs for soft stop - MEDIUM: listeners: support unstoppable listener - MEDIUM: cli: worker socketpair is unstoppable - BUG/MINOR: stream-int: set SI_FL_WANT_PUT in sess_establish() - MINOR: stream: move the conn_stream specific calls to the stream-int - BUG/MINOR: config: Copy default error messages when parsing of a backend starts - CLEANUP: h2: minimum documentation for recent API changes - MINOR: mux: implement a get_first_cs() method - MINOR: stream-int: make conn_si_send_proxy() use cs_get_first() - MINOR: stream-int: relax the forwarding rules in stream_int_notify() - MINOR: stream-int: expand the flags to 32-bit - MINOR: stream-int: rename SI_FL_WAIT_ROOM to SI_FL_RXBLK_ROOM - MINOR: stream-int: introduce new SI_FL_RXBLK flags - MINOR: stream-int: add new functions si_{rx,tx}_{blocked,endp_ready}() - MINOR: stream-int: replace SI_FL_WANT_PUT with !SI_FL_RX_WAIT_EP - MINOR: stream-int: use si_rx_blocked()/si_tx_blocked() to check readiness - MEDIUM: stream-int: use si_rx_buff_{rdy,blk} to report buffer readiness - MINOR: stream-int: replace si_{want,stop}_put() with si_rx_endp_{more,done}() - MEDIUM: stream-int: update the endp polling status only at the end of si_cs_recv() - MINOR: stream-int: make si_sync_recv() simply check ENDP before si_cs_recv() - MINOR: stream-int: automatically mark applets as ready if they block on the channel - MEDIUM: stream-int: fix the si_cant_put() calls used for end point readiness - MEDIUM: stream-int: fix the si_cant_put() calls used for buffer readiness - MEDIUM: stream-int: use si_rx_shut_blk() to indicate the SI is closed - MEDIUM: stream-int: unconditionally call si_chk_rcv() in update and notify - MEDIUM: stream-int: make use of si_rx_chan_{rdy,blk} to control the stream-int from the channel - MINOR: stream-int: replace si_cant_put() with si_rx_room_{blk,rdy}() - MEDIUM: connections: Wait until the connection is established to try to recv. - MEDIUM: mux: Teach the mux_pt how to deal with idle connections. - MINOR: mux: Add a new "avail_streams" method. - MINOR: mux: Add a destroy() method. - MINOR: sessions: Start to store the outgoing connection in sessions. - MAJOR: connections: Detach connections from streams. - MINOR: conn_stream: Add a flag to notify the mux it should flush its buffers - MINOR: htx: Add proto_htx.c file - MINOR: conn_stream: Add a flag to notify the mux it must respect the reserve - MINOR: http: Add standalone functions to parse a start-line or a header - MINOR: http: Call http_send_name_header with the stream instead of the txn - MINOR: conn_stream: Add a flag to notify the SI some data were received - MINOR: http: Add macros to check if a stream uses the HTX representation - MEDIUM: proto_htx: Add HTX analyzers and use it when the mux H1 is used - MEDIUM: mux-h1: Add dummy mux to handle HTTP/1.1 connections - MEDIUM: mux-h1: Add parsing of incoming and ougoing HTTP messages - MAJOR: mux-h1/proto_htx: Handle keep-alive connections in the mux - MEDIUM: mux-h1: Add support of the kernel TCP splicing to forward data - MEDIUM: htx: Add API to deal with the internal representation of HTTP messages - MINOR: http_htx: Add functions to manipulate HTX messages in http_htx.c - MINOR: proto_htx: Add some functions to handle HTX messages - MAJOR: mux-h1/proto_htx: Switch mux-h1 and HTX analyzers on the HTX representation - MINOR: http_htx: Add functions to replace part of the start-line - MINOR: http_htx: Add functions to retrieve a specific occurrence of a header - MINOR: proto_htx: Rewrite htx_apply_redirect_rule to handle HTX messages - MINOR: proto_htx: Add the internal function htx_del_hdr_value - MINOR: proto_htx: Add the internal function htx_fmt_res_line - MINOR: proto_htx: Add functions htx_transform_header and htx_transform_header_str - MINOR: proto_htx: Add functions htx_req_replace_stline and htx_res_set_status - MINOR: proto_htx: Add function to build and send HTTP 103 responses - MINOR: proto_htx: Add functions htx_req_get_intercept_rule and htx_res_get_intercept_rule - MINOR: proto_htx: Add functions to apply req* and rsp* rules on HTX messages - MINOR: proto_htx: Add functions to manage cookies on HTX messages - MINOR: proto_htx: Add functions to check the cacheability of HTX messages - MINOR: proto_htx: Add functions htx_send_name_header - MINOR: proto_htx: Add functions htx_perform_server_redirect - MINOR: proto_htx: Add functions to handle the stats applet - MEDIUM: proto_htx: Adapt htx_process_req_common to handle HTX messages - MEDIUM: proto_htx: Adapt htx_process_request to handle HTX messages - MINOR: proto_htx: Adapt htx_process_tarpit to handle HTX messages - MEDIUM: proto_htx: Adapt htx_wait_for_request_body to handle HTX messages - MEDIUM: proto_htx: Adapt htx_process_res_common to handle HTX messages - MINOR: http_fetch: Add smp_prefetch_htx - MEDIUM: http_fetch: Adapt all fetches to handle HTX messages - MEDIUM: mux-h1: Wait for connection establishment before consuming channel's data - MINOR: stats/htx: Adapt the stats applet to handle HTX messages - MINOR: stream: Don't reset sov value with HTX messages - MEDIUM: mux-h1: Handle errors and timeouts in the stream - MINOR: filters/htx: Forbid filters when the HTX is enabled on a proxy - MINOR: lua/htx: Forbid lua usage when the HTX is enabled on a proxy - CLEANUP: Fix some typos in the haproxy subsystem - CLEANUP: Fix typos in the dns subsystem - CLEANUP: Fix typos in the pattern subsystem - CLEANUP: fix 2 typos in the xxhash subsystem - CLEANUP: fix a few typos in the comments of the server subsystem - CLEANUP: fix a misspell in tests/filltab25.c - CLEANUP: fix a typo found in the stream subsystem - CLEANUP: fix typos in comments in ebtree - CLEANUP: fix typos in reg-tests - CLEANUP: fix typos in the comments of the vars subsystem - CLEANUP: fix typos in the hlua_fcn subsystem - CLEANUP: fix typos in the proto_http subsystem - CLEANUP: fix typos in the proxy subsystem - CLEANUP: fix typos in the ssl_sock subsystem - DOC: Fix typos in different subsections of the documentation - DOC: fix a few typos in the documentation - MINOR: Fix an error message thrown when we run out of memory - MINOR: Fix typos in error messages in the proxy subsystem - MINOR: fix typos in the examples files - CLEANUP: Fix a typo in the stats subsystem - CLEANUP: Fix typos in the acl subsystem - CLEANUP: Fix typos in the cache subsystem - CLEANUP: Fix typos in the cfgparse subsystem - CLEANUP: Fix typos in the filters subsystem - CLEANUP: Fix typos in the http subsystem - CLEANUP: Fix typos in the log subsystem - CLEANUP: Fix typos in the peers subsystem - CLEANUP: Fix typos in the regex subsystem - CLEANUP: Fix typos in the sample subsystem - CLEANUP: Fix typos in the spoe subsystem - CLEANUP: Fix typos in the standard subsystem - CLEANUP: Fix typos in the stick_table subsystem - CLEANUP: Fix typos in the task subsystem - MINOR: Fix typo in error message in the standard subsystem - CLEANUP: fix typos in the comments of hlua - MINOR: Fix typo in the error 500 output of hlua - MINOR: Fix a typo in a warning message in the spoe subsystem 2018/11/11 : 1.9-dev6 - BUG/MEDIUM: tools: fix direction of my_ffsl() - BUG/MINOR: cli: forward the whole command on master CLI - BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe - MINOR: compat: automatically detect support for crypt_r() - MEDIUM: auth/threads: make use of crypt_r() on systems supporting it - DOC: split the http-request actions in their own section - DOC: split the http-response actions in their own section - BUG/MAJOR: stream-int: don't call si_cs_recv() in stream_int_chk_rcv_conn() - BUG/MINOR: tasks: make sure wakeup events are properly reported to subscribers - MINOR: stats: report the number of active jobs and listeners in "show info" - MINOR: stats: report the number of active peers in "show info" - MINOR: stats: report the number of currently connected peers - MINOR: cli: show the number of reload in 'show proc' - MINOR: cli: can't connect to the target CLI - MEDIUM: mworker: does not create the CLI proxy when no listener - MINOR: mworker: displays more information when leaving - MEDIUM: mworker: exit with the incriminated exit code - MINOR: mworker: displays a message when a worker is forked - MEDIUM: mworker: leave when the master die - CLEANUP: stream-int: retro-document si_cs_io_cb() - BUG/MEDIUM: mworker: does not abort() in mworker_pipe_register() - BUG/MEDIUM: stream-int: don't wake up for nothing during SI_ST_CON - BUG/MEDIUM: cli: crash when trying to access a worker - DOC: restore note about "independant" typo - MEDIUM: stream: implement stream_buf_available() - MEDIUM: appctx: check for allocation attempts in buffer allocation callbacks - MINOR: stream-int: rename si_applet_{want|stop|cant}_{get|put} - MINOR: stream-int: add si_done_{get,put} to indicate that we won't do it anymore - MINOR: stream-int: use si_cant_put() instead of setting SI_FL_WAIT_ROOM - MINOR: stream-int: make use of si_done_{get,put}() in shut{w,r} - MINOR: stream-int: make it clear that si_ops cannot be null - MEDIUM: stream-int: temporarily make si_chk_rcv() take care of SI_FL_WAIT_ROOM - MINOR: stream-int: factor the SI_ST_EST state test into si_chk_rcv() - MEDIUM: stream-int: make SI_FL_WANT_PUT reflect CF_DONT_READ - MEDIUM: stream-int: always call si_chk_rcv() when we make room in the buffer - MEDIUM: stream-int: make si_chk_rcv() check that SI_FL_WAIT_ROOM is cleared - MINOR: stream-int: replace si_update() with si_update_both() - MEDIUM: stream-int: make stream_int_update() aware of the lower layers - CLEANUP: stream-int: remove the now unused si->update() function - MEDIUM: stream-int: Rely only on SI_FL_WAIT_ROOM to stop data receipt - MEDIUM: stream-int: Try to read data even if channel's buffer seems to be full - BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn 2018/10/28 : 1.9-dev5 - BUILD: Makefile: add the new ERR variable to force -Werror - MINOR: freq_ctr: add swrate_add_scaled() to work with large samples - MINOR: stream_interface: Avoid calling si_cs_send/recv if not needed. - CLEANUP: http: Remove the unused function http_find_header - MINOR: h1: Export some functions parsing the value of some HTTP headers - BUG/MEDIUM: stream-int: don't set SI_FL_WAIT_ROOM on CF_READ_DONTWAIT - MINOR: proxy: add a new option "http-use-htx" - BUG/MEDIUM: pools: fix the minimum allocation size - MINOR: shctx: Shared objects block by block allocation. - MINOR: cache: Larger HTTP objects caching. - MINOR: shctx: Add a maximum object size parameter. - MINOR: cache: Add "max-object-size" option. - DOC: Update about the cache support for big objects. - BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB). - BUG/MINOR: cache: Wrong usage of shctx_init(). - BUG/MINOR: ssl: Wrong usage of shctx_init(). - MINOR: cache: Avoid usage of atoi() when parsing "max-object-size". - MINOR: shctx: Change max. object size type to unsigned int. - DOC: cache: Missing information about "total-max-size" and "max-object-size" - CLEANUP: tools: fix misleading comment above function LIM2A - MEDIUM: channel: merge back flags CF_WRITE_PARTIAL and CF_WRITE_EVENT - BUG/MINOR: only mark connections private if NTLM is detected - BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic - MINOR: stream: don't prune variables if the list is empty - MINOR: stream-int: add si_alloc_ibuf() to ease input buffer allocation - MEDIUM: stream-int: replace channel_alloc_buffer() with si_alloc_ibuf() everywhere - MEDIUM: stream: always call si_cs_recv() after a failed buffer allocation - MEDIUM: stream: don't try to send first in process_stream() - MEDIUM: stream-int: make si_update() synchronize flag changes before the I/O - MEDIUM: stream-int: call si_cs_process() in stream_int_update_conn - MINOR: stream-int: don't needlessly call tasklet_wakeup() in stream_int_chk_snd_conn() - MINOR: stream-int: make stream_int_notify() not wake the tasklet up - MINOR: stream-int: don't needlessly call si_cs_send() in si_cs_process() - MINOR: mworker: number of reload in the life of a worker - MEDIUM: mworker: each worker socketpair is a CLI listener - REORG: mworker: move struct mworker_proc to global.h - MINOR: server: export new_server() function - MEDIUM: mworker: move proc_list gen before proxies startup - MEDIUM: mworker: add proc_list in global.h - MEDIUM: mworker: proxy for the master CLI - MEDIUM: mworker: create CLI listeners from argv[] - MEDIUM: cli: disable some keywords in the master - MEDIUM: mworker: find the server ptr using a CLI prefix - MEDIUM: cli: 'show proc' displays processus - MEDIUM: cli: implement 'mode cli' proxy analyzers - MINOR: cli: displays sockpair@ in "show cli sockets" - MEDIUM: cli: enable "show cli sockets" for the master - MINOR: cli: put @master @ @! in the help - MEDIUM: listeners: set O_CLOEXEC on the accepted FDs - MEDIUM: mworker: stop the master proxy in the workers - MEDIUM: channel: reorder the channel analyzers for the cli - MEDIUM: cli: write a prompt for the CLI proxy of the master - MINOR: cli: helper to write an response message and close - MINOR: cache: Add "Age" header. - REGTEST: make the IP+port logging test more reliable - BUG/MINOR: memory: make the thread-local cache allocator set the debugging link - BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer - BUG/MINOR: backend: assign the wait list after the error check 2018/10/21 : 1.9-dev4 - BUILD: Allow configuration of pcre-config path - DOC: clarify force-private-cache is an option - BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 - REORG: http: move the code to different files - REORG: http: move HTTP rules parsing to http_rules.c - CLEANUP: http: remove some leftovers from recent cleanups - BUILD: Makefile: add a "make opts" target to simply show the build options - BUILD: Makefile: speed up compiler options detection - BUG/MINOR: backend: check that the mux installed properly - BUG/MEDIUM: h2: check that the connection is still valid at the end of init() - BUG/MEDIUM: h2: make h2_stream_new() return an error on memory allocation failure - REGTEST/MINOR: compatibility: use unix@ instead of abns@ sockets - MINOR: ssl: cleanup old openssl API call - MINOR: ssl: generate-certificates for BoringSSL - BUG/MEDIUM: buffers: Make sure we don't wrap in ci_insert_line2/b_rep_blk. - MEDIUM: ssl: add support for ciphersuites option for TLSv1.3 - CLEANUP: haproxy: Remove unused variable - CLEANUP: h1: Fix debug warnings for h1 headers - CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause - MEDIUM: task: perform a single tree lookup per run queue batch - BUG/MEDIUM: Cur/CumSslConns counters not threadsafe. - BUG/MINOR: threads: move declaration of capabilities to config.h - OPTIM: tools: optimize my_ffsl() for x86_64 - BUG/MINOR: h2: null-deref - BUG/MINOR: checks: queues null-deref - MINOR: connections: Introduce an unsubscribe method. - MEDIUM: connections: Change struct wait_list to wait_event. - BUG/MEDIUM: h2: Make sure we're not in the send list on flow control. - BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM. - BUG/MEDIUM: stream: Make sure to unsubscribe before si_release_endpoint. - MINOR: http: Move comment about some HTTP macros in the right header file - MINOR: stats: Add missing include - MINOR: http: Export some functions and do cleanup to prepare HTTP refactoring - MEDIUM: http: Ignore http-pretend-keepalive option on frontend - MEDIUM: http: Ignore http-tunnel option on backend - MINOR: http: Use same flag for httpclose and forceclose options - MINOR: h1: Add EOH marker during headers parsing - MINOR: conn-stream: Add CL_FL_NOT_FIRST flag - MINOR: h1: Change the union h1_sl to use indirect strings to store infos - MINOR: h1: Add the flag H1_MF_NO_PHDR to not add pseudo-headers during parsing - MINOR: log: make sess_log() support sess=NULL - MINOR: chunk: add chunk_cpy() and chunk_cat() - MEDIUM: h2: stop relying on H2_SS_IDLE / H2_SS_CLOSED - CLEANUP: h2: rename h2c_snd_settings() to h2c_send_settings() - MINOR: h2: don't try to send data before preface - MINOR: h2: unify the mux init function - MINOR: h2: retrieve the front proxy from the caller instead of the session - MINOR: h2: split h2c_stream_new() into h2s_new() + h2c_frt_stream_new() - MINOR: h2: add a new flag to quickly distinguish front vs back connection - BUG/MEDIUM: mworker: don't poll on LI_O_INHERITED listeners - BUG/MEDIUM: stream: don't crash on out-of-memory - BUILD: compiler: add a new statement "__unreachable()" - BUILD: lua: silence some compiler warnings about potential null derefs - BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch - BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk() - BUILD: stick-table: make sure not to fail on task_new() during initialization - BUILD: peers: check allocation error during peers_init_sync() - MINOR: tools: add a new function atleast2() to test masks for more than 1 bit - MINOR: config: use atleast2() instead of my_popcountl() where relevant - MEDIUM: fd/threads: only grab the fd's lock if the FD has more than one thread - MAJOR: tasks: create per-thread wait queues - OPTIM: tasks: group all tree roots per cache line - DOC: Fix a few typos - MINOR: pools: allocate most memory pools from an array - MINOR: pools: split pool_free() in the lockfree variant - MEDIUM: pools: implement a thread-local cache for pool entries - BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point - Revert "BUILD: lua: silence some compiler warnings about potential null derefs" - BUILD: lua: silence some compiler warnings about potential null derefs (#2) - MINOR: lua: all functions calling lua_yieldk() may return - BUILD: lua: silence some compiler warnings after WILL_LJMP - BUILD: Makefile: silence an option conflict warning with clang - MINOR: server: Use memcpy() instead of strncpy(). - CLEANUP: state-file: make the path concatenation code a bit more consistent - MINOR: build: Disable -Wstringop-overflow. - MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80. - MINOR: peers: use defines instead of enums to appease clang. - DOC: fix reference to map files in MAINTAINERS - MINOR: fd: centralize poll timeout computation in compute_poll_timeout() - MINOR: poller: move time and date computation out of the pollers - BUILD: memory: fix pointer declaration for atomic CAS - BUILD: Makefile: add USE_RT to pass -lrt for clock_gettime() and friends - MINOR: time: add now_mono_time() and now_cpu_time() - MEDIUM: time: measure the time stolen by other threads - BUILD: memory: fix free_list pointer declaration again for atomic CAS - BUILD: compiler: rename __unreachable() to my_unreachable() - BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF. - BUILD: memory: fix free_list pointer declaration again for atomic CAS - BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent. - BUG/MEDIUM: connections: Remove subscription if going in idle mode. - BUG/MEDIUM: stream: Make sure polling is right on retry. - MINOR: h2: Make sure to return 1 in h2_recv() when needed. - MEDIUM: connections: Don't directly mess with the polling from the upper layers. - MINOR: streams: Call tasklet_free() after si_release_endpoint(). - MINOR: connection: Add a SUB_CALL_UNSUBSCRIBE event. - MINOR: h2: Don't run tasks that are waiting to send if mux in full. - MINOR: ebtree: save 8 bytes in struct eb32sc_node 2018/09/29 : 1.9-dev3 - BUG/MINOR: h1: don't consider the status for each header - MINOR: h1: report in the h1m struct if the HTTP version is 1.1 or above - MINOR: h1: parse the Connection header field - DOC: Fix typos in lua documentation - MINOR: h1: Add H1_MF_XFER_LEN flag - MINOR: http: add http_hdr_del() to remove a header from a list - MINOR: h1: add headers to the list after controls, not before - MEDIUM: h1: better handle transfer-encoding vs content-length - MEDIUM: h1: deduplicate the content-length header - BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list - BUG/MEDIUM: h1: Really skip all updates when incomplete messages are parsed - CLEANUP/CONTRIB: hpack: remove some h1 build warnings - BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4 - BUG/MINOR: cli: make sure the "getsock" command is only called on connections - MINOR: stktable: provide an unchecked version of stktable_data_ptr() - MINOR: stream-int: make si_appctx() never fail - BUILD: ssl_sock: remove build warnings on potential null-derefs - BUILD: stats: remove build warnings on potential null-derefs - BUILD: stream: address null-deref build warnings at -Wextra - BUILD: http: address a couple of null-deref warnings at -Wextra - BUILD: log: silent build warnings due to unchecked __objt_{server,applet} - BUILD: dns: fix null-deref build warning at -Wextra - BUILD: checks: silence a null-deref build warning at -Wextra - BUILD: connection: silence a couple of null-deref build warnings at -Wextra - BUILD: backend: fix 3 build warnings related to null-deref at -Wextra - BUILD: sockpair: silence a build warning at -Wextra - BUILD: build with -Wextra and sort out certain warnings - BUG/CRITICAL: hpack: fix improper sign check on the header index value - BUG/MEDIUM: http: Don't parse chunked body if there is no input data - DOC: Update configuration doc about the maximum number of stick counters. - BUG/MEDIUM: process_stream: Don't use si_cs_io_cb() in process_stream(). - MINOR: h2/stream_interface: Reintroduce te wake() method. - BUG/MEDIUM: h2: Wake the task instead of calling h2_recv()/h2_process(). - BUG/MEDIUM: process_stream(): Don't wake the task if no new data was received. - MEDIUM: lua: Add stick table support for Lua. 2018/09/12 : 1.9-dev2 - BUG/MINOR: buffers: Fix b_slow_realign when a buffer is realign without output - BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point - BUG/MEDIUM: servers: check the queues once enabling a server - BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections - MEDIUM: mux: Remove const on the buffer in mux->snd_buf() - CLEANUP: backend: Move mux install to call it at only one place - MINOR: conn_stream: add an tx buffer to the conn_stream - MINOR: conn_stream: add cs_send() as a default snd_buf() function - MINOR: backend: Try to find the best mux for outgoing connections - MEDIUM: backend: don't rely on mux_pt_ops in connect_server() - MINOR: mux: Add info about the supported side in alpn_mux_list structure - MINOR: mux: Unlink ALPN and multiplexers to rather speak of mux protocols - MINOR: mux: Print the list of existing mux protocols during HA startup - MEDIUM: checks: use the new rendez-vous point to spread check result - MEDIUM: haproxy: don't use sync_poll_loop() anymore in the main loop - MINOR: threads: remove the previous synchronization point - MAJOR: server: make server state changes synchronous again - CLEANUP: server: remove the update list and the update lock - BUG/MINOR: threads: Remove the unexisting lock label "UPDATED_SERVERS_LOCK" - BUG/MEDIUM: stream_int: Don't check CO_FL_SOCK_RD_SH flag to trigger cs receive - MINOR: mux: Change get_mux_proto to get an ist as parameter - MINOR: mux: Improve the message with the list of existing mux protocols - MINOR: mux/frontend: Add 'proto' keyword to force the mux protocol - MINOR: mux/server: Add 'proto' keyword to force the multiplexer's protocol - MEDIUM: mux: Use the mux protocol specified on bind/server lines - BUG/MEDIUM: connection/mux: take care of serverless proxies - MINOR: queue: make sure the pendconn is released before logging - MINOR: stream: rename {srv,prx}_queue_size to *_queue_pos - MINOR: queue: store the queue index in the stream when enqueuing - MINOR: queue: replace the linked list with a tree - MEDIUM: add set-priority-class and set-priority-offset - MEDIUM: queue: adjust position based on priority-class and priority-offset - DOC: update the roadmap about priority queues - BUG/MINOR: ssl: empty connections reported as errors. - MINOR: connections: Make rcv_buf mandatory and nuke cs_recv(). - MINOR: connections: Move rxbuf from the conn_stream to the h2s. - MINOR: connections: Get rid of txbuf. - MINOR: tasks: Allow tasklet_wakeup() to wakeup a task. - MINOR: connections/mux: Add the wait reason(s) to wait_list. - MINOR: stream_interface: Don't use si_cs_send() as a task handler. - MINOR: stream_interface: Give stream_interface its own wait_list. - MINOR: mux_h2: Don't use h2_send() as a callback. - MINOR: checks: Add event_srv_chk_io(). - BUG/MEDIUM: tasks: Don't insert in the global rqueue if nbthread == 1 - BUG/MEDIUM: sessions: Don't use t->state. - BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle. - BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error. - BUG/MINOR: map: fix map_regm with backref - DOC: dns: explain set server ... fqdn requires resolver - DOC: add documentation for prio_class and prio_offset sample fetches. - DOC: ssl: Use consistent naming for TLS protocols - DOC: update the layering design notes - MINOR: tasks: Don't special-case when nbthreads == 1 - MINOR: fd cache: And the thread_mask with all_threads_mask. - BUG/MEDIUM: lua: socket timeouts are not applied - BUG/MINOR: lua: fix extra 500ms added to socket timeouts - BUG/MEDIUM: server: update our local state before propagating changes - BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates - DOC: server/threads: document which functions need to be called with/without locks - BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations - BUG/MEDIUM: streams: Don't forget to remove the si from the wait list. - BUG/MEDIUM: tasklets: Add the thread as active when waking a tasklet. - BUG/MEDIUM: stream-int: Check if the conn_stream exist in si_cs_io_cb. - BUG/MEDIUM: H2: Activate polling after successful h2_snd_buf(). - BUG/MEDIUM: stream_interface: Call the wake callback after sending. - BUG/MAJOR: queue/threads: make pendconn_redistribute not lock the server - BUG/MEDIUM: connection: don't forget to always delete the