diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:35:11 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:35:11 +0000 |
commit | da76459dc21b5af2449af2d36eb95226cb186ce2 (patch) | |
tree | 542ebb3c1e796fac2742495b8437331727bbbfa0 | |
parent | Initial commit. (diff) | |
download | haproxy-da76459dc21b5af2449af2d36eb95226cb186ce2.tar.xz haproxy-da76459dc21b5af2449af2d36eb95226cb186ce2.zip |
Adding upstream version 2.6.12.upstream/2.6.12upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
1091 files changed, 440300 insertions, 0 deletions
diff --git a/.cirrus.yml b/.cirrus.yml new file mode 100644 index 0000000..e6b63e1 --- /dev/null +++ b/.cirrus.yml @@ -0,0 +1,13 @@ +FreeBSD_task: + freebsd_instance: + matrix: + image_family: freebsd-13-1 + only_if: $CIRRUS_BRANCH =~ 'master|next' + install_script: + - pkg update -f && pkg upgrade -y && pkg install -y openssl git gmake lua53 socat pcre + script: + - scripts/build-vtest.sh + - gmake CC=clang V=1 ERR=1 TARGET=freebsd USE_ZLIB=1 USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 LUA_INC=/usr/local/include/lua53 LUA_LIB=/usr/local/lib LUA_LIB_NAME=lua-5.3 + - ./haproxy -vv + - ldd haproxy + - env VTEST_PROGRAM=../vtest/vtest gmake reg-tests REGTESTS_TYPES=default,bug,devel || (for folder in /tmp/*regtest*/vtc.*; do cat $folder/INFO $folder/LOG; done && exit 1) diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..4b56645 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +SUBVERS export-subst +VERDATE export-subst +*.[ch] diff=cpp diff --git a/.github/ISSUE_TEMPLATE/Bug.yml b/.github/ISSUE_TEMPLATE/Bug.yml new file mode 100644 index 0000000..b56ecb7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Bug.yml @@ -0,0 +1,108 @@ +name: Bug Report +description: Report a problem with HAProxy to help us resolve it. +labels: +- 'type: bug' +- 'status: needs-triage' +body: +- type: markdown + attributes: + value: | + ## Welcome! + + You are about to *report a bug* you encountered in HAProxy. Please use the 'Feature Request' template if you want to propose a new feature instead. + + This issue tracker is used to track actual bugs. Please use [the forum](https://discourse.haproxy.org/) or mailing list if you have a question, e.g. to get help with building a configuration to achieve your desired behavior. + + The forum is at: https://discourse.haproxy.org/ + + The mailing list (no need to subscribe) is: haproxy@formilux.org + Subscribe to the list: haproxy+subscribe@formilux.org + Unsubscribe from the list: haproxy+unsubscribe@formilux.org + + Forum and mailing list are correct places for questions about HAProxy or general suggestions and topics, e.g. usage or documentation questions! This issue tracker is for tracking bugs and feature requests directly relating to the development of the software itself. + + Thanks for understanding, and for contributing to the project! +- type: textarea + id: description + attributes: + label: Detailed Description of the Problem + description: | + In this section, please try to concentrate on observations. Only describe what you observed directly. + validations: + required: true +- type: textarea + id: expected-behavior + attributes: + label: Expected Behavior + description: | + Explain why you consider the described behavior (above) to be wrong. What did you expect instead? + + Most likely this is a mismatch between HAProxy's documentation and HAProxy's behavior. + validations: + required: true +- type: textarea + id: steps + attributes: + label: Steps to Reproduce the Behavior + description: | + The more time you spend describing an easy way to reproduce the behavior (if this is possible), the easier it is for the project developers to fix it! + placeholder: | + 1. + 2. + 3. + validations: + required: true +- type: textarea + id: possible-cause + attributes: + label: Do you have any idea what may have caused this? + description: | + Simply leave this empty if you do not. +- type: textarea + id: possible-solution + attributes: + label: Do you have an idea how to solve the issue? + description: | + Simply leave this empty if you do not. +- type: textarea + id: configuration + attributes: + label: What is your configuration? + description: | + - Include as much configuration as possible, including global and default sections. + - Replace confidential data like domain names and IP addresses. + render: haproxy + validations: + required: true +- type: textarea + id: haproxy-vv + attributes: + label: 'Output of `haproxy -vv`' + description: | + Please run `haproxy -vv` (with two `v`) and paste the output into this field. + + Please also include the output of `uname -a` if you use HAProxy 2.1 or older. + render: plain + validations: + required: true +- type: textarea + id: last-output + attributes: + label: Last Outputs and Backtraces + description: | + If HAProxy crashed then please provide: + + 1. The last output from your HAProxy logs (e.g. from journalctl or syslog). + 2. A backtrace from a coredump (`t a a bt full`). + render: plain +- type: textarea + id: additional + attributes: + label: Additional Information + description: | + Any additional information about your environment that may be useful to know about. For example: + + - Any local patches applied + - Environment specificities + - Unusual workload + - Interesting observations or coincidences with events on other components diff --git a/.github/ISSUE_TEMPLATE/Code-Report.yml b/.github/ISSUE_TEMPLATE/Code-Report.yml new file mode 100644 index 0000000..41d1dd6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Code-Report.yml @@ -0,0 +1,43 @@ +name: Code Report +description: File a Code Report (for example from coverity or valgrind) +labels: +- 'type: code-report' +body: +- type: markdown + attributes: + value: | + ## Welcome! + + You are about to *report an issue found using an automated tool*. Please use the 'Bug Report' template if you encountered a regular bug. + + Please use the forum or mailing list if you have a question, e.g. to get help with building a configuration to achieve your desired behavior. +- type: input + id: tool + attributes: + label: Tool Name and Version + description: The name and version of the tool you used (e.g. valgrind-3.13.0, or Coverity) + validations: + required: true +- type: textarea + id: code-report + attributes: + label: Code Report + description: Please provide the full output of the tool here. + render: plain + validations: + required: true +- type: textarea + id: additional + attributes: + label: Additional Information + description: | + Any additional information about your environment (e.g. example configurations to trigger a memory leak). +- type: textarea + id: haproxy-vv + attributes: + label: 'Output of `haproxy -vv`' + render: plain + description: | + Please add the output of `haproxy -vv` you are currently using here, this helps us later to see what has changed in HAProxy when we revisit this issue after some time. + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/Feature.yml b/.github/ISSUE_TEMPLATE/Feature.yml new file mode 100644 index 0000000..8515256 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/Feature.yml @@ -0,0 +1,50 @@ +name: Feature Request +description: Suggest a new feature or enhancement for HAProxy. +labels: +- 'type: feature' +body: +- type: markdown + attributes: + value: | + ## Welcome! + + You are about to *request a feature* you are missing in HAProxy. + + This issue tracker is used to track feature requests and bug reports. Please use [the forum](https://discourse.haproxy.org/) or mailing list if you have a question, e.g. to get help with building a configuration to achieve your desired behavior. + + The forum is at: https://discourse.haproxy.org/ + + The mailing list (no need to subscribe) is: haproxy@formilux.org + Subscribe to the list: haproxy+subscribe@formilux.org + Unsubscribe from the list: haproxy+unsubscribe@formilux.org + + Forum and mailing list are correct places for questions about HAProxy or general suggestions and topics, e.g. usage or documentation questions! This issue tracker is for tracking bugs and feature requests directly relating to the development of the software itself. + + Thanks for understanding, and for contributing to the project! +- type: textarea + id: feature-request + attributes: + label: Your Feature Request + description: | + What should HAProxy do differently? Which functionality do you think we should add? Please describe the feature you would like us to add here. + validations: + required: true +- type: textarea + id: feature-explanation + attributes: + label: What are you trying to do? + description: | + This section should contain a brief description what you're trying to do, which would be possible after implementing the new feature. + validations: + required: true +- type: textarea + id: haproxy-vv + attributes: + label: 'Output of `haproxy -vv`' + render: plain + description: > + Please add the output of `haproxy -vv` you are currently using here, this helps us later to see what has changed in HAProxy when we revisit this issue after some time. + + Please *do not* enter "future version" or something similar. We are interested in the version you are *currently using*. + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..4c1ddc6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: true +contact_links: + - name: HAProxy Mailing List + url: https://www.mail-archive.com/haproxy@formilux.org/ + about: Questions are best directed to HAProxy Mailing list or the HAProxy Forum. + - name: HAProxy Forum + url: https://discourse.haproxy.org/ + about: Questions are best directed to HAProxy Mailing list or the HAProxy Forum. diff --git a/.github/errorfile b/.github/errorfile new file mode 100644 index 0000000..f15d8e0 --- /dev/null +++ b/.github/errorfile @@ -0,0 +1,209 @@ +HTTP/1.0 200 OK +Cache-Control: no-cache +Connection: close +Content-Type: text/html + +<html> +<body> +b1z6lx9BLl3rSuonLqkIJAn9k9Hsah5qGfx9aq3qWSw6Nn37AZBJ1lxI0UyI7zvjXIEjSEVdCS4U +k6rTW/LndurrbPieC6OcEBPMjzGtsfpR9IsZ3QH6/mtBGnvAtbhxAfhMZ/QQXkqfv0JPjuLdXBdM +Z9cInHOr4ykoETgRbHaNt9ykBv32nIKt81YxLtTOMyyFAzH/AVSHUs6PanUKhxG11Csqn5RnlvSj +PBCaF0lJAGvndF/1PTSIhzjEtXR3ZUzCfO03/j0q0/4+cduV5jf3XNFeICjY19OHKSMIWVN0XVht +bY2eSMG0LoL8TqWyv6VSnclsVM5S5LJe7prJtWFobEpU3AMZzzjMPsxDiyMGJhjbJa0TnsDGAwln +IVO5n56gtdUdhwWUnVn8ZYGZlFVjOQt++q6XL/Vhm+DFCArXZ6Xz8+mz1o109JpM28jHhxg6e7A1 +CF08n0mwN+adNFTi3Wg8D4RJOOQ90Q1bS/gmW7LtPjYxGuu8k27MjUspEHeeEr5rdAcBJbKiG8C9 +191DBDLxlJv/V4ZYG/FdGIqX/a2F7x03Uj7rsVnBPmOz7U0EbcHGcEEpZlSN9YLuUKvPXeZ8HWa9 +fbaGO39Yt+9DByPWC1Xyr65sPBH8eDURPdSDMh3Sr+16HH46anVI40tjK8NZC6jjFBQPfJBP6MVW +HZF1F48rZXxesnHLHaMESCvwTruBf5R4JjYB1gt1Vv76e4Pew1MTK3/1ooNPV5kvoBV5PSLkMDqx +XO6dxSC9Y3HzxhzkoRK56h7SWDbwxd5OmUHNvjm3k0QtVTAWsAEbJ5q/gp65ikG3+hGvp9xF80pU +C1dAxK9+MHg7Ya3UiV6G/dB9prc3v92lEVqtK5CNKzlFiWQHSF3H+sz4qPGlB2Ub8H0T59TSZcyu +oTFKi802BYc8UnPdUX+mf4Uda4Vad4dPE409UQ1XIEqI+2pCTgOCUm80xM2Hgyjpp8bi1mnv6rI1 +8jafv0e6S23Meb9d93E/MLm82KWfXHIjPkDFaTouGS78IJie3giG68U270AL1+gpUwNunW+Ez0Ch +AwKUOM5BUL9pFfRMeDshy8KfiDGr7enLupqa2xe65Hbo47eioZZfIb0AD3P7yzlciIUXsy5JAwCF +B+L0T+XuRUJuXCaJ+ioDmgW0PenJ6xfL/+BuJ9yVrMGYb0paL/cD7VSVDda1L7+VSbLW7sQ6BOHM +ZgFV6+O81p48hGDquMb9+eURGrFKhQFipUPEi5sTQ7ocmyRZIAI3VeEOdBsX6zuwR9a2L5aV4yZc +HoiQikOgAeF1O8FNoVBIKh6TvFIzG+JFxb64pfWiwku+njgQu/xXkhuDSnYh/tzzqwghzmKHpQQl +7fbxF7jBihOr4qTcD/fUNPNGZYAZnZk/+wuA/6NOqwJl7nV2E7Ht7N13E6RZqGzfcL8KWldZbuFL +cFUVZ7sxogftmAWhSrQ1Io4IcAqt19XL5uGFlAiELphh5v+3mWKVNh5kOaCIDcoOggaerDZMl05F +C/d5veJxVLFBsSKFfdADmGh/8g85JDQC1UJuHYXbmPKuQ3pzUZRg6a3JYoi9ssLz7GijrSmmgkXs +71+8TsvHFP193euCd9N981+Gp4NMxpVvWkrYFsjkdtkzSQBda4dUlJ/QhbbHoRAuzNl2zDkUU7SA +P7LCNw3SKJlCQlwDEtqNYuO6jiQBZcUnajdk/UKwVwiH/p6q8rg8bh+NPV04hTZraUoaKumsPG+5 +tCBRj/WxPDKWfLjpgLx2gJPU4SKJrKwbfSot+VVO0Tc9viV8Jl0PPOkcW3ixx3Hc9WEqj0QZYHsB +kUk4E/q8N5WDnvmCzp3t6tlpeNqqkXhvNOAg0XxVXmKE3pWEytX1iMdggdjnoo9dLLGcNwW5+tnw +XdAlEVuqcvTeKJfYT/RMxpfdB7bXsg6OGEokMEkZHltLPmlYkB9i+J6zpWgo0WCwjawocVc7Y9Lj +FfSezs/Fs2s8OJhFlrHQzh3SwZoyAXHgOPC1wJDanMZWjLASi6W7ds2H2FHuyKYfx/gJb02+d199 +1ac7QG3Vgi0QiNB+6D8vuj4r05jQgHj7REIvFwbvJX/eVCY2kle+nXjzOiTL9M4AoDdaW9Hfzoao +YnwcKslhmHhRl/Q+9jA0YX7TCHh/VcKg6+lao3ScQ5F+MjwZewK0lwOlE9Z7Oz5rDNwTdBe6LhwA +tTkeItrhm45IPdipFKRRcqY7OPV0GgHeqIg704hGnpzws0cJi++lpLi2c+387h28ymvUXArndPtF +at7mboqJ7XCi2mYBOa73e7Q58R5UBhNzZB+M+SbNM3Xi5hcbXMH1UtnHGx8E8uNS5oXQvm4Cm4k0 +v1g0jU5xxU3m8j6ze99Z6sFZ3EJ7IrIdIkKHl0jkr+WZww64BEKmNsJfh0nWO+5Bm50ZK+sNkvDg +PtjkehxsWaaERJ8aQeqzIVQTK81m6FqHYdcSsuxMiY2ZAQSnVRarmSJqyd2oPy5vEkCnS9yd2ha9 +bYqAREVHUEy//dw/XJAtttnZSgwAKdn+SRSQuDiWZ9GPs0k/zKuohKkSXkHPlhIDuer+lJ1Hs17m +r0JTCt2LQVXLdCbKScAHOm4wdGeeIyMsV8MJv/PIWoySW8PIm3IjjzFinphnj6COvvVJUYg6zvPb +1WN7ZU0UyI0nFklUVguc6RF2ByO9ZzZA7nmVXlFawnDc5UkotXSGYZJaiV9c44Mvqg8CgxbfLLk+ +OCOJgQF9xIEk0bUp/QAfKj6o5aP2qHr+YvKxxTxlEthlxdGyM+F8YX4WpR6wf2mbFjc6jWC67xk3 +F7zfTdXtmezimB6vUkRAf4P5yS8J6Q7m7JCE/V0CN0Z6fUG4Z/8cGxpVQwqD44McT257MqSdiwrp +C9NiXxqWiLXcj0NbUI0rxAlzSwzuFAjMdLpPOm3zjm6I3SltMKn9BPSOyz5Q4wclInCx6yvZAqK3 +r95cvb72qVEt7YJKaM3b6Vb0oQRMpSWyoYHZQ75WTwcwd8PRecAXGPqgn0e0GYUSfRqiBi5Z3tUp +eljOJvV9ujIs2rFeySLKVfkCfHvcCRVyFZwsiUO0W9NvvIy40lkHtFshFANYlDkJOznhLVSlUGNW +lNwSTjEuG/bcGiiAm4NogFSmu6ijWrrJZbFAjH2CSKkKJUxCpAeasm5nDBqXY6fmS56WLv+mZmlJ +qQx2aJ/yiGWg5h4auN4tyq7vM0S66X9+rg2c+vrxQBAaUbF+rGP6x44QE2FZS66Sptlh3/dY+CLn +7fuVLv2/2ROBRPN06XmmBF0l5VA51wCmozvcHXGgSNndTws7naVH6pu4tNwYje+sKV3xzzspY5ob +cZxtGGGfOMvGuZB8Utx7QgEXAM+RBTc3n1mCJdka2JL797YtSuysoiDmoKY16tQDzw5yQfkU5sbN +pvUFJZLTDBXdBMMisEzyfICsuIyv6A72TWdo9hGnfk1EfofSCuDWVv8Zt1L+FwtM0lkm73t0ILRa +EpmusX+2QFiJdjmpl744bCu4nsj/a/RQ4EmSdKHZXuCL8/pII+ebHY9LkruU4LgXsNa7ZCKCn8lo +RUq7p5/Iwz6tbJ/n2Zp4q5UKeTGtlAqfPicg18AmOwJZx/UunhFpAoPr3Au7wfM7aYTAm+6XRgRx +xXglcFDtGwipKH8Fkj2crhfaJ2GT2/4e0Abb70HW6yYlUHYKI8aMZ1fFXl0qzFbkOuq9I/4IEhLU +auZS898sqj2H6EZ78LE9r/tV1TjC55LS9mVVbmGptjtjSnXQKzwz0ecgUHTJ/BqugyUflq61ZjLg +6GX7+hisr1AJFs72g7aRJGXJHESmPb6fbsfWDqoLquR7NuYefaOsAJWQX8zkgocyIe9gGrHIE0Tt +ybdP4WtbUwn53drOs5A6UbpiSt1XVHps2gZcSkeGIRu7fnX9ZU53758/LKuLdyAQn44aInztqJMn +JVjFjZ4/3RwrDoPHyOwKbrjyWNWTqWBc6ewcLOFvYz4V35pvuXeT/JanX93foBv4O9aWgmjAjqC/ +j8SbRjEt145uKVP113AfvEgLFviOkKu1UOlRiOtqFsN/rSy/7AREhsH/7UO+qSYm3VsFiiUu5N00 +iENT45OeG2yGB/PcyOtSTiryHPZ0sBs9BaCmtCdHxXIRZg0oHk0As+GbsdyG+njF4DmNzrS0ypgt +tT4BkDWqn2s9zwIvOjE8G/zRHffn9VfwqGGrNVenszmkpyoGsmpfl212tUHnvF5i1Ffivj5y9ZMw +ESuq3BaH56cs4hEkq2qubjnhpcl41rSVCZLX0CNfS5uSBtPqknZTvWqH/i1y7NcA7jyj6muqR/Dk +VqoVcaAI/Oey0250AAIpnzGO4Kiv48qWqXhZjRIJvWwtwflLrqU3N5Ec1oh0/vEe33nt61rNsB8P +t0HZwz9aZfymYMRnzgA7tHDiRcGNIOWupWGnXRsisJdH/6T7HH3mup2lNklKvAwH9yM65cTeMDt1 +5/QZKTjlAKiJ8cXes6SE+HpKcTaDo1IQPXkYzv5i2x3D/Pteakic2djUXsQOB+V+Lsx2Koeb9yrq +sHtDRsl7q2uMUlH/u6vMV86AZXmm63Iji3Ktpihc+Qno9GDbA4PQYrvEPtcLGY5UJTpKUhSi5icn +RgQr1IKG0ALE9mH2nS/b9TJn34lzCaeiIMYfOe1Am9AR6bfXuI2riAT18xdGyZGOGzFjJOMtm7Ok +4VhuPnoiuYsmeH3jI/HclKKm2nbrv1g2FOK5z/7cXTFtqqzoIR+/U+Cfixi/A19M4lJwmYnZSRhJ +DMKtf4E8rrW1brFa+HJULcc775nyLTYrhPjio5ozar1/mLZm2eQiIFspHYL1oMh4IvhVXi2ABsq2 +NAyHSZ5UwxXg5jUUv9Z1I8CsNseXIGIiubTe1JQMeTrvzlnBpYhQv2W6LZ4V4EYk6/Af3ULGIQ7C +b2iS/xaa5X+JWHl1MJ4N6debH9OryCj51sPC2o7rAWu9a07RqdzarIVZuJkgvvBSyhHfF9aoOAdb +jOFW4wU79J1VDfVj3wTIGvY6qNru/s+Dapx4s9a0inqj6yX0i6uf1flNnSm+wesHLGhI1ae3uZuS +GBeo+0GiooJHFT+E9BlR+4lZKmr4+waJvCRJmyJ7y57eUWJQbviH0vazlDbJGVqdjRTKV6UgPFrV +xkVnbFBsNP40VnMfJbXiJN+iSkWPYtrQbEoFGpWhpqEcPmryiIApN2LllVGtGmkBBAM2+kQx9jud +EEV+B7+hhhC4Is1ntkbYHFVbIWFgxjbpwP408v5LGkoEnfV1Wdp3d8UtkrShvkOmG/VGtZq6uv9w +bZXMk8b1npQeN2eu7WK4cBDho4CuALLcUl+yO6BkPOibZCSEs2d3M/FMrGZfw+jm5EM30XLItvP4 +6Kg0NDudqumR3LQNtH0RGvlMmEHb47u2E97GgCiJomBP2/JxcFlSzTwLJL805UKWyISEfAvET+e9 +GkE+CoPOHbtsHUEybw3UGKfMUUMhPlC+oEUMwmyZD6JWfYSwygqL8aw0abtDMzOaEWrz0xfkd9ym +BnK9mTd79oPvFAh9qvbdUdgldxXcvIG19jzQ/1IVVz8LZVMJhOKg/yskLFABiTDJ2JXbpznjH1BH +zswQqmlcPqu/vNBFK59EYKhAZumQkjLxB/lPfJBzByPCCfM+dk7Pq5xTjbWLnrPHQoC5WaVrQiCj +Wcosd66Kg9CrXrL98auVQVIX6Oh/Sl6h6W5fqD/iOPUZp13AacEIRA38rwbsyR4ohfSxyHGkd24+ +GUJ/s+Rj7KlwiJEDQdMbJ5Dr4yqIvPLqMLyuz4soneIMdA7RCztmlieIgNnwTI5nzlESRzXoIkzk +KKvC2LPzypHnOhJ3XmZODFRs3Y/qKUIOdSBwDRayhHTnuVK1v21bB3EkFtWllqXf/qHUj19+YFuy +rD4ZvPmIuTxqXb0wPlnr52aE2M2p5068lG6hAvCpZH/uuZsNuaYATcaeBm5J0uvFpKITTHriUEcs +NtjSPf/Z7rn8VWBm6iGcTrrCC+w9LRagVdTxecg+NK5PVUoUVAGEhQXoL+ESGUanPOjFN7NwhM8J +WUagxHH7ALK8LuxrXktdkk7jalBI7U66aFnMxh44M/3yEcUsGH94/jqsC31cCNp4kE97BedfGyRR +jIkTpZAJg702y4k/LEkkcT+wzh0E3vtcpq1fx/3sXduBaxP8HrXSxAiIVDUqJcNy0PYkXLxxnVVW +8z3EDoe0ZZa7PSvYHA1NQHO/74e1T1Alv/ImPo6l7a5M+f2tXZ+75cw7dQgYmnFuGlinfvq12oNw +EwZhrs2WCAEzrjC/sFuPIn0IVqU8q6ve3BzD9YltbeEcJDLkRTOYNkvo8kF6s4uRchsig8FxFE4Q +Jxwravj5xyJpFUF6ZbhagtX3LIBT2/IrWAZgpNu9f4fq9lQ3wnP1UEgkv8o07LyyEV52ZrH6wn19 +sqB9S/6TgvTqO4FwteoxKTzhNI+0oXwloAQrYsmmkhjROu+BncuzKuj6m67mPKrjkudYup/xfVCL +ktYIcPIPCy0ahKdSD03CV2zBT8IF7B9skYoZxC0NvP3rPzl6w/h0wK0jJya12tVHZfqSu8WMD03C +AieOYB1+KoHL3PZsArTAnPGPbAU2VnwC6zFV1LXiq3yvqrtERZsD+xsZxMG2hTGM4jUCFgVrRN3X +Qh05FpC71nHR19z+vaSNJ5wJp6hWIQBTqjz/NWew908SGF1hAFAkzQAHb1a7RN/Cdq9l6WK4XmCg +0g4Vuix2sa8AceNCcuQ9LBimoUEvglkwvCxaxh0Es7xIumigdavavAPvpR2pGESn3S2dOTanYFyG +yJJfLVtH0VWgqzKRZJYg5jzHqcIE6Sh7VXroGIJezm0ykjMUVd3xOrTFW1lEqJI8YEwC5kVhjzhd +sCJNvEIENH0roJX3YiH05jatoKRRhJNF9bN45LKL319pPbZox35rZD23wxZCrrnEDxKOVhVL/ibY +8ITaT5qdDS+ngEEeZdzO8cMoPHbHKdZQgH6DivP5QTDcd9405pE41X4rSDbJaJ7fHonhQUbQR4Rb +TKp4nYKhb1stz3hvP5JqbGD5Lj+0EdeOCXdGk9mbAymoIko6D82n0tjRvA6cFoHI7aaRmzWN2N05 +hYCnpcK/NBFud7usuyAPFLBvaO5Xnar32EGnw9ykCTFjNdfgJjvOxHiE34kiRq/kn1DL5WKwq9EP +MRgEFZ+O7wElyfa6ZtRstJsdI9geoyogelNCpnv4MmRps91jNIjIqyznonsnjWv8+Nl1kzt6bGQR +QjeTfDofWHG/RuIdq9BlKUsqe/VJI1jeCG2kNZ0muWaa7G6K42W4eKp3XPLLiAahNEthtGb6PWDt +IjKhydJeLFWe2FCCBkffYflVZbDsUtS0OiFiBFXDxzKjv0lK1W+DkQ6Yyjh05bXWsdN4P8QRayx2 +SJRWqzhe05HFY75DZLnldGvP348mQmJPxsQQxiH0Gi94DajrNN5I4if1z71rLkyhbxpAu1y311AL +rKNO0CKv27lH3KdpFQlLG3xWQFD86m0RICfDf+SYdugAIPiUPqvJ/QEhkqGLXFgmYdLDfsyp95O1 +YY8K66uS7hlc+sOKRqCJ2Tu0KZP7O10NssRuUhwH1nRLmPUhFX+AyRvE52NAQ+qHppMwFWN2CqPt +YtrkBuzxWCpWuHREkvwoBFW0v8ahyAv33qZZOenJy3EY1R2XJis43tEGrh/40aMG8ktmF7mAS1d6 +ObU2MO0rqf6y7+l6OvnwhFaqokfwZxH3i/axRC3OAf2znpqDRDhsCQwFWzrgbC8ocCuOyntjx02v +yMX5gy2rSXQ0nqqrDLZ4WywJ6cBAxl6ltSP3lgnAlxMRcvbpU6DmMn9QBlTyzsrTpTq6PWjsukqX +0aARHpY5I0U334P6oTaWxDbn+N0IWNLm4MTFxMYsP04hajKfDTEtjhom4ZVy5O6mtc/UP2THyPwx +zK7ETgLItLThg0eKZApOZXpVj3NGN0VorIfrMLx9K6O1vxrkwY3Ybpk1wuSxWO51sXc211XjCOMa +r8axFnIynW2ngHy+hIVjEwG9NxK3ORYUN2I4spVJJGqLQ+b4wceUDSD/Cky1GkirdlWVkheAlkd2 +eLz9UIoJCWCx9BVhjY8ufW75pNsNjgcy27tpt49TJGpKyoXyoZGynksoCA/QzYVrCUn6VsNh0UjG +LlPQ+zFh4iyIYpvVemcOsu8HQZC1YIoumBwu8ukqpo0FBALnVX7jDmxcYMjxPBL/xWJyMF6GOfF8 +yTsxk6YKhaWZb0qCNyEqUQ5OmvoP7aboWOVXWRofWj4CriT13UzeOL5EfCh5GAmlEK8w7GdLq1QW +9LpedlGTHr/sSoeNPMqSS2KEZNvQAp1uff97M/Wr6ilWAQwQNXXESoJ8xgUTR/i8DUBVemedy6FU +DdFwv0/FOFaUqyxE5yjqibZCj82TIimq9CPPEJjHfiYswb1dwlEIWWcxg7XRb/lt2pBCaljrVDWo +64OUPoRICDbVGTiFXh2UuEpw6PDs4ouz+R+0eHeBV3VkFmO7n18nuP6CLFYTI+mz0L9E1eM5coNA +vpX4j76tnagQ3GSm5FBjcTLOG2I0f7MS+AvA5cjzLYzTCVeF73eyjgBlVwFk+U6Nkk0VPvwL22gu +sRQu0kthRNzkfd4sEFvF88vOEq1zuQEuI5zMVcNQ3eYgFXrKLnXQQJdYcJ95mkIbUfW95cNeruHc +rNv9GtoHx4RyWHB5GnTJCLvIdYsBtCd0jlW1R88kf8JeUaAOeoDRV7ScbIKO3xNRpn2P3PzPD884 +chFMCCx7qODm4/6q7onWO3lEsUEiXVFB+rBsN9ZzYmEmXfLuureTWWRZUaXfPY8LNVb+Zu+LPzcf +4kZ9+Fxowm9Q0s9r97K3fQKnxz7ptr/+D1McEKMXLGFCm1JA65PbyRsIo6drTYenzrn/QF4B+Shg +E2Fq5hlOfzpmeUNcHT6EgM02J+4bfjzOA06G9ZxPY4ZNvevOuMA+ITiXQMLpIHXTpZNvKDMBEvD6 +vfin7laoyn7zB45THToL7D1SCdj9IxtOD4UrAVSPAtjZ517JVNyMcRVGT8tfRzT8/AYVCeYY1G9M +GMv7fmTJ4FqvXQWfOIiQbQk5b6ZIkr7x55TasVxDZgDazhjgTy3gavKXTXB8NjSx6dLaP03I9A28 +44W32wh2KGCtv75P3b2WPaSt3oJVPp3SRrgt8a5QsPc21iDkAVLlOcWOqCnHXjiL5Ljtkots3idw +5qDH7vpviIhcoqxnhBcaTc0NEKHX8WxZBamiuLiceCVHTBNpbZbS031yGwHIVu3ZE3oLeCTG6Gzr +6/96lrWA9NW8NGxqS2LMlTZ6oR1pACLLnARSbhyUSpX4dmx7SjOcnBB/7tyAJ8wNHLreD3KK5Opo +IHrQInd08AefjqTaW6BUKhAKYIdeRKLWka6QnrrIOeWioL+xQaImTU3KJ1Lfao4CL9wp7c8DukoP +OYsCNtLgFNr70Yrb1jFYjYPsrtUw59NuSugmTotsCO+Etb2PsXgoCTO2j545sgSsm0y/qIXbZLAE +oB7hReI8JrT00f6YLW79C7SpZQ3P9O77G1IDfhxr+D7tIrRgqelyTiH2gBOBbC4jbaPt/Z4gsrHq +ncncllSvs6RxVHIEZbxz1eCCJDkTkbZqfzvHGh2X+RhG38Y9GaOdh+Ki26Cv6U1Wzds3t8W9DRSf +RCjz7YqN33mGQVSbG0DPTQ8VAQyfDHcyOMTvJtsiRYn0z1sXl7UcULT37IfHb7NJncWiSU6AHOkT +JaPbYs8Oh3eohYDzE6k3iSpUcSxxF0V3+kVkqAUrgFlUPRvoi65xYxqiMQ2DqAU8JbclkRPh7Gse +DEttqQiZ5vDH894otB+WxdyxlKWF/e4SBKC0d3m/4jtYN9xn/Kwc6xStW9phP59/kU+1p9YoGFOz +y8cHQSQ6aE+c9ySCYSpup2VHoI8vafA93kbZXsp8JqWgMO4hE3oqZo8y6QvapxiqWgLc3s6CeTMV +1akLpWpDFnhzA7hkB5xRLuE/XTbVSjELRcKVPFfVw42UMkzf7UXXUz2Y/MwhlnLo5H7lWUoYwQNS +mQ2bLA9jjbf/J7abcd6OgFnXtots4AnSpyY976Q589H8g0Godi2GEzZ6/lamDk7jmSaoA/r5LYVL +ecuMHI+FWP5sp+FQb1gBhxfF6zC+KMyvaDyV15/jGVbAwn9JNM+B6YJ/sjkiukVzruBz/8i3htmB +pp0RlgDfxGe5lpnVJSfoSkFi8psxkwzGraTnWhKvByrMGVJNZuchoV2Gis5ORnWLCFuok5jB43Lv +e9t9xkyXhaig95z2yy6/7cVEsIlOGfKnU1SKVu6JJ4kqDLvWd2Sf9aYq37fO3U833vA9GFHuNX93 +9gJxnrMpQpA+2T88XR2LmoMqfSQ3fV8KGkT6YZuNYe2G8GQ4bnDzO1CWN7gBNXmEw1tgusQwoX1+ +1n2zWhZkgEbxQw8H8tRtyGNzsadxCwQAmcqbwvc29s2QVBGipPTzkzqHfP9WBKr1QB2y0TQPsXcf +znTRIKSnk9/HYKkUpXHT8rdWcJQpuIpOQXpxDAb2hUOaIyOBPOHLdAVV0bbiS97DOeowytVIdr5l +KvLdo367gsKBln240ZUYxwLxU5o2fvUEdwCCxAbkFCI1NdamkOaRMS/ASNeduMWMMuFXmW4gmna0 +nponYLK1drlECpJK1LIeszRqMRnlQ2bKIZaNnhARDLx8J+qTdpVKPY5rnKPi8RueD8w4bgmETLkj +Pu7LVwGDM+KyLkfxiP5EHbjULcV23bOfucRGvUy0OP/Ciq8+IhibLohBnod6DPaJayPFN2xtYTii +aYk3e4YyaqQ5JZGMtx9TkanAdlu28rd69oO+AVHsAj+pXWTwfr3Jd7rNMlE9OCM0CBewcEhVl8XG +dERGMhSVPVARbfwaI67sFmHUr0X8mAsJ0yJoYqbLPIW5jiV1PbK6zkcaksDLLoMkIhJpASb/98+P +q5SKERK5j0rUcpTtr83wfNTPmxxTJzPK4i8Dd2dfv1zy8BF9seOylVQ5Lxw6xXaCrgStUVl8Gz0p +LJWduNunp8pqFiTK2uYeR1KcSabbEj9xPcbWw9zasQL8ycyUB9RoavKLf7MB+a8NK2OSXH5dfD5H +Pl1jcgMu6C9X9YbUtMyhOBbXirYqv80wWDAhLn0GmOn1Stg+sWjGv3UyssE9JZtfH3ExYsS6pWTz +XhFKN+Pvwrj6U2393x25W6MYqWWIIE8MVBVjB5z97WQ+B+A+jVrdno8XAWonBXwfSA7RX2+z8F+A +2AbBpIgGNbW0v7YbPdRinHWbXvccWQ+stNa8Rg3rhf0Z+c3AqMSzJMo3G1fK6565z1ZjPmQya0Qv +V0TRsXRtBPwJCaKOhweMRm/8cUoKBK0UT2D+xtbmag2hhlk+nX9rUAtAuH8zI15WZN+IzyImPNZg +xtBm9hK9yEWQcze0+vLvlGduZb0jh5nMiJaeDg8fADk8I46ZtKkbA595X12HG4szWKNPoeo6M6eg +lRRkV3UFyNqQv+EJspmiSWp3qwLN1+lAwdVRIf/58UrJCThn3FDe/EDThjMJD0/AmvEZ2QB6ptjD +ku8mAKuIM90NSkDayS1/mhAEQCThrEFsEc3yWrKtkZGl01eOTyRvVQcfzEfiG5nYJSIj7zz9NQ1K +JEoXNtz3NNmEYKxJ3IlaFcCl/RdWDcuHT3s86OoiuUb5FoQbxPsgkX75vUd0N7C4tBPFugzxDlho +e6BXgBTLS5miqes9Sld5L4q02q44VR07NfmY3LX72vFDcWX8mEpLtSOPnyu0LtzT71kVpWlt9aV2 +LvtCY1P7fsE+Ux9CtwSzLczYzxpu6d7QVQtbQQJLNDsxcGKrfiWfoP0EpAleG4DlrFgKE7DnKXw6 +uV6henTS8UGOGEgFmkAM5ogsZLsNght/Ty5PHwTWYgm/nBc3s1UEqSCpbl8CKZyRQys76I3yP4+J +bSgXCId3u2XZqYoUqfnaqcFaPzkn5evrIIelAbZQJRQioHN+++TsCh7RifuOSVMOswrFEtXfeSUI +JCvljAZBFFtl3PjzmKdP64oBaW5nMglSG1lBqTQe40qajHS0EfAsaLEbh8HsciQNE2krCKCkGSN8 +UkzmtQO7ErwvGVrmIuYbgJqzDcE2I2a/Z3Lac//hwBAcBsF+yfWLGXmNQiNcaHnmoZCkekctfJFV +lbPhaapODNLjhKoMXJkOvBk5MRJal0MMaBtUnxBCzeazIkkPxy1S6L1KGm85x+l6UtzHqPKuYF+w +KoOUlb+9jckpStrgll/o5xGUU/hgWsMZtfYTNiq2ShlpjxDT4OuimS26O2jTlCJl8nhbSxc23iC7 +EOSsV8DolO2oUF2JmBpfqQWsOG/88CZhQqN7CQWM734bLXDrSdYE4WI+YgINTnQvM6nZr+U6+kqp +2ORCVQ8huhM20uj0/+adTe1zowyijWi4aod6cLhQ7kZD4PFio5Y6omaHXLUNaPofPMFB3Bl9owKI +bhJJ0GJ8V/abRegfRHNve9w74BDFoPs1BZJBz3H9OEwguFKSk/Jr4ep5U2op9d7Um87FtUwWVtBd +bAyIanLdh3TGW1haNyhfiCk8aR5MlzAvBV9iuNK2aw5yxCgowa/VhuLQaIVFSrZrjvfwvFoYK1re +ke6nSM3n1/rmbu+BY6qG5u+3SQs4Oob9dD+y4nN7N1IhUY0jf4hYDfsUrexVdEsStu54riCyNLIL +czHtc+60dpqZFGFIbMJeDqgkUR6msurjr75bEwvuB80rMPbHTkbo9JNf4bBAxKf/IJiokE4J6Rjr +tFZTDMh48Rjp/zGumLhRPstHZHoz6ETMDmC2c5IsAF77F6ofytqS1i+81W6jIzAUhyyMKCi+EgM7 +Lo3rFzyeRVBMf4sgPajI2NnUpMzm9Zn4p/HlxxWu+wUu6bv4IjQS12jdA7OuRA03LaVr7vIJhOIc +g5lYj307khG0uIyZVa/Wh9/Bi0wCwecoACcebEeD+hIKvevZqR8VZBlB3DRoEzbOe1v9mnf7TzG4 +zReNRAT+TAuX19Ne8bmMT2ZYXsAGF3U+1aKNFuxaXVblO9HIKZ4g63/u0EK2ikt0zDpGIg0s7zD5 +dVA83t4xHTRa5H0S03336hd8FK9FgZ6+1tTCuxtdfOnGDCw53Uha0GHkK9O3GwBI7rdbP0bTvmx3 +iMawl6swyeSPAl1/yXZ6/ud8frt9V3tCiUiMO9FyN+F5E371JXHhfcY1D5/FQ0cAULzVUQtaxO/V +u/KzIZDZ/LjWl/e0iBhtZG1DFVws0djmdkZdlddoDSJyQRU4XPGQr3J9EF8+AelTMo51bGUPVEC7 +PO00NRw4XW228K61C4FTeq4vvUoCQjr73rmG/iDPS/trXsYQjU160a3Jb/aMFHY0x7kw5vT1h5Cf +ZR5sq/Ktlmattr81zgdYbN8/YHtFbISj9hctuHTTolv9zHgOJmuKMyS8UHQYrux8JFGKXjM4QNv0 +OOK09mIafWnAnlzHXwuvgdqZxUhua+Tn/C95Aps1SfwLxDmb8h++xwayZWAwGQ1/pjZGj2oneEQc +e4yF5lR+rPIMN6ggNA66WdsHUVUH8nU12a2tsPV/xN/0ODFy3R5Lt81SgUsjdhwqWrOwDWYKx7Lw +ULCsLvraD0LGdJnccojryAXkgLFRppVmwfHyEq61vAGkf6DDPPJC0nU6KogVthHztYPwjmUyaDkE +Hm5IT6qto6YhU0SwIcqdSq6xIXgVx85zKhLyXQfp8wTsAifaRqNqFePNCicZsXROlXgWMKz2VNaA +ppRsecTb+6fTbiO8GHslXR7uk5EZ/6Xa6CwKgOd5L+SzKSlVQb953TgLW16pW1yTDPrXE0ztQ2c0 +ACCm95j/y3DOhtU7/ZnijQb1VZlARiYrQ4jV5c5KkCStH5LYd2Im2PxUjfkloJQ8NCs9fTkmn7h7 +BeM6eVEXXX0J2KtLKyV4WeQxFuOuB7BSBoNKwSWV1Yt7jH2TqNQmqwp2RkHblR9ARxKPGpYDuds7 +ltfGDW/8EBPthF+ub5WNnYEjXHDxoV+OCoI9UvfNCO8gni8HJf1b+sTJhcc56S1tpcPziFcd6gTM +Mwk1ljLaBYqOhInkDi9G6ok2bsdrB1FJuvIXsmezJpal8Gn1KA/7iKtqv/w4v/O0LgH78/OCtFfl +aZgTbZ+ery6gsD7XqgB+KVBa6Ez4+5W03Q3Ocgbu1tAn1rmu+VmcVRAje/mo1ltvz3TuLDvGa9Te +5Wpg4Do/OBYu0Dsb/tjVC3f4g14/bDhpK/PJkjqtUCArMSdQcpE1aOzxS4ROGPPX/BP8uLuWbGAG +UOqbjhmn3y5AiinpTCC5BgUSvdX7igGf11d/+rktPCUtor50vzPfJFzI837MxhiWEf9Dfm9L7cV0 +HDu+PBHF1CE0gF+TaSeEgLf3cUdQfty2tfrqA+SUi8vebdaOBIVrdQwIf0MFYdxKSpYqhFshwIkx +n84YYfYNM4J8V5qwnkGaVGITbVo1orebXFKCeDYSiN+yeuZld2vV5Zz8FaptZCU0CN+rTyIldIK0 +j81EDgYcUKvjyxOYUxbH6UsuXmi2vZgQfbDMyQ79p6K03JaQAeaDvOjQLl4FdE6HGA8O4uM2aJyL +pZOnVjdj47zcX0Ah8F2TZ6YH76fMW+Qi2/s2RsVKnGLVWhzpSICmi5igcgeRSRsurUwUYUWsDl2E +zUg6G+n2AJFaJQItSJwoiixxKgVaMiducsVJ+Sr12nUKH59AGaVyx+nmk3SIMtpigPZtlnv2MRHp +3Fn9zV24EkGi6NkVLgslKEe8UOcYZOEZybzbkSz/24fiTyRAnaIb1PLH+zkwiXvPuXoaW/qRD+28 +mlCtWlm7vCSu6zcNk9Dp3AuDAB5HC5ruS1uPHHLQb6QSTElmMlYXV5UnyxQDbUBPybQ9R+5WzCp9 +A8gKZ4W3qAEALsmK6DfDayEepkLSz/1jseeq31ZkVxzytbZuGNtbVJn241QH0E/QoxPUQCfV133Z +iNec7okJorscEM9m6EfGPhBi5D5Jm/Q8fOLz2iu399MiDKDZu9yt9qEV7mh7 +</body> +</html> + diff --git a/.github/h2spec.config b/.github/h2spec.config new file mode 100644 index 0000000..745a637 --- /dev/null +++ b/.github/h2spec.config @@ -0,0 +1,27 @@ +global + log stdout local0 + tune.ssl.default-dh-param 2048 + tune.ssl.capture-buffer-size 1 + +defaults + mode http + + timeout connect 5s + timeout client 30s + timeout client-fin 1s + timeout server 30s + timeout server-fin 1s + timeout http-request 10s + timeout http-keep-alive 300s + + option logasap + option http-buffer-request + +frontend h2 + mode http + bind 127.0.0.1:8443 ssl crt reg-tests/ssl/common.pem alpn h2,http/1.1 + default_backend h2 + +backend h2 + errorfile 200 .github/errorfile + http-request deny deny_status 200 diff --git a/.github/matrix.py b/.github/matrix.py new file mode 100755 index 0000000..ffc3414 --- /dev/null +++ b/.github/matrix.py @@ -0,0 +1,201 @@ +#!/usr/bin/python3 + +# Copyright 2019 Ilya Shipitsin <chipitsine@gmail.com> +# Copyright 2020 Tim Duesterhus <tim@bastelstu.be> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. + +import json +import sys +import urllib.request +import re +from os import environ + +if len(sys.argv) == 2: + ref_name = sys.argv[1] +else: + print("Usage: {} <ref_name>".format(sys.argv[0]), file=sys.stderr) + sys.exit(1) + +print("Generating matrix for type '{}'.".format(ref_name)) + +def clean_ssl(ssl): + return ssl.replace("_VERSION", "").lower() + +def determine_latest_openssl(ssl): + openssl_tags = urllib.request.urlopen("https://api.github.com/repos/openssl/openssl/tags") + tags = json.loads(openssl_tags.read().decode('utf-8')) + latest_tag = '' + for tag in tags: + name = tag['name'] + if "openssl-" in name: + if name > latest_tag: + latest_tag = name + return "OPENSSL_VERSION={}".format(latest_tag[8:]) + +def determine_latest_libressl(ssl): + libressl_download_list = urllib.request.urlopen("http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/") + for line in libressl_download_list.readlines(): + decoded_line = line.decode("utf-8") + if "libressl-" in decoded_line and ".tar.gz.asc" in decoded_line: + l = re.split("libressl-|.tar.gz.asc", decoded_line)[1] + return "LIBRESSL_VERSION={}".format(l) + +def clean_compression(compression): + return compression.replace("USE_", "").lower() + + +def get_asan_flags(cc): + return [ + "USE_OBSOLETE_LINKER=1", + 'DEBUG_CFLAGS="-g -fsanitize=address"', + 'LDFLAGS="-fsanitize=address"', + 'CPU_CFLAGS.generic="-O1"', + ] + + +matrix = [] + +# Ubuntu + +os = "ubuntu-latest" if "haproxy-" not in ref_name else "ubuntu-22.04" +TARGET = "linux-glibc" +for CC in ["gcc", "clang"]: + matrix.append( + { + "name": "{}, {}, no features".format(os, CC), + "os": os, + "TARGET": TARGET, + "CC": CC, + "FLAGS": [], + } + ) + + matrix.append( + { + "name": "{}, {}, all features".format(os, CC), + "os": os, + "TARGET": TARGET, + "CC": CC, + "FLAGS": [ + "USE_ZLIB=1", + "USE_OT=1", + "OT_INC=${HOME}/opt-ot/include", + "OT_LIB=${HOME}/opt-ot/lib", + "OT_RUNPATH=1", + "USE_PCRE=1", + "USE_PCRE_JIT=1", + "USE_LUA=1", + "USE_OPENSSL=1", + "USE_SYSTEMD=1", + "USE_WURFL=1", + "WURFL_INC=addons/wurfl/dummy", + "WURFL_LIB=addons/wurfl/dummy", + "USE_DEVICEATLAS=1", + "DEVICEATLAS_SRC=addons/deviceatlas/dummy", + "USE_PROMEX=1", + "USE_51DEGREES=1", + "51DEGREES_SRC=addons/51degrees/dummy/pattern", + ], + } + ) + +# ASAN + + matrix.append( + { + "name": "{}, {}, ASAN, all features".format(os, CC), + "os": os, + "TARGET": TARGET, + "CC": CC, + "FLAGS": get_asan_flags(CC) + + [ + "USE_ZLIB=1", + "USE_OT=1", + "OT_INC=${HOME}/opt-ot/include", + "OT_LIB=${HOME}/opt-ot/lib", + "OT_RUNPATH=1", + "USE_PCRE=1", + "USE_PCRE_JIT=1", + "USE_LUA=1", + "USE_OPENSSL=1", + "USE_SYSTEMD=1", + "USE_WURFL=1", + "WURFL_INC=addons/wurfl/dummy", + "WURFL_LIB=addons/wurfl/dummy", + "USE_DEVICEATLAS=1", + "DEVICEATLAS_SRC=addons/deviceatlas/dummy", + "USE_PROMEX=1", + "USE_51DEGREES=1", + "51DEGREES_SRC=addons/51degrees/dummy/pattern", + ], + } + ) + + for compression in ["USE_ZLIB=1"]: + matrix.append( + { + "name": "{}, {}, gz={}".format( + os, CC, clean_compression(compression) + ), + "os": os, + "TARGET": TARGET, + "CC": CC, + "FLAGS": [compression], + } + ) + + for ssl in [ + "stock", + "OPENSSL_VERSION=1.0.2u", + "OPENSSL_VERSION=1.1.1s", + "QUICTLS=yes", +# "BORINGSSL=yes", + ] + (["OPENSSL_VERSION=latest", "LIBRESSL_VERSION=latest"] if "haproxy-" not in ref_name else []): + flags = ["USE_OPENSSL=1"] + if ssl == "BORINGSSL=yes" or ssl == "QUICTLS=yes" or "LIBRESSL" in ssl: + flags.append("USE_QUIC=1") + if ssl != "stock": + flags.append("SSL_LIB=${HOME}/opt/lib") + flags.append("SSL_INC=${HOME}/opt/include") + if "LIBRESSL" in ssl and "latest" in ssl: + ssl = determine_latest_libressl(ssl) + if "OPENSSL" in ssl and "latest" in ssl: + ssl = determine_latest_openssl(ssl) + + matrix.append( + { + "name": "{}, {}, ssl={}".format(os, CC, clean_ssl(ssl)), + "os": os, + "TARGET": TARGET, + "CC": CC, + "ssl": ssl, + "FLAGS": flags, + } + ) + +# macOS + +os = "macos-latest" if "haproxy-" not in ref_name else "macos-12" +TARGET = "osx" +for CC in ["clang"]: + matrix.append( + { + "name": "{}, {}, no features".format(os, CC), + "os": os, + "TARGET": TARGET, + "CC": CC, + "FLAGS": [], + } + ) + +# Print matrix + +print(json.dumps(matrix, indent=4, sort_keys=True)) + +if environ.get('GITHUB_OUTPUT') is not None: + with open(environ.get('GITHUB_OUTPUT'), 'a') as f: + print("matrix={}".format(json.dumps({"include": matrix})), file=f) diff --git a/.github/vtest.json b/.github/vtest.json new file mode 100644 index 0000000..8e8165c --- /dev/null +++ b/.github/vtest.json @@ -0,0 +1,14 @@ +{ + "problemMatcher": [ + { + "owner": "vtest", + "pattern": [ + { + "regexp": "^#(\\s+top\\s+TEST\\s+(.*)\\s+FAILED.*)", + "file": 2, + "message": 1 + } + ] + } + ] +} diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml new file mode 100644 index 0000000..2243d8b --- /dev/null +++ b/.github/workflows/codespell.yml @@ -0,0 +1,19 @@ +name: Spelling Check + +on: + schedule: + - cron: "0 0 * * 2" + +permissions: + contents: read + +jobs: + codespell: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: codespell-project/codespell-problem-matcher@v1 + - uses: codespell-project/actions-codespell@master + with: + skip: CHANGELOG,Makefile,*.fig,*.pem + ignore_words_list: ist,ists,hist,wan,ca,cas,que,ans,te,nd,referer,ot,uint,iif,fo,keep-alives,dosen,ifset,thrid,strack,ba,chck,hel,unx,mor diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml new file mode 100644 index 0000000..509eaf8 --- /dev/null +++ b/.github/workflows/compliance.yml @@ -0,0 +1,57 @@ + +name: Spec Compliance + +on: + schedule: + - cron: "0 0 * * 3" + +permissions: + contents: read + +jobs: + h2spec: + name: h2spec + runs-on: ${{ matrix.os }} + strategy: + matrix: + include: + - TARGET: linux-glibc + CC: gcc + os: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install h2spec + id: install-h2spec + run: | + H2SPEC_VERSION=`curl --silent "https://api.github.com/repos/summerwind/h2spec/releases/latest" | jq -r -j '.tag_name'` + curl -fsSL https://github.com/summerwind/h2spec/releases/download/${H2SPEC_VERSION}/h2spec_linux_amd64.tar.gz -o h2spec.tar.gz + tar xvf h2spec.tar.gz + sudo install -m755 h2spec /usr/local/bin/h2spec + echo "version=${H2SPEC_VERSION}" >> $GITHUB_OUTPUT + - name: Compile HAProxy with ${{ matrix.CC }} + run: | + make -j$(nproc) all \ + ERR=1 \ + TARGET=${{ matrix.TARGET }} \ + CC=${{ matrix.CC }} \ + DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \ + USE_OPENSSL=1 + sudo make install + - name: Show HAProxy version + id: show-version + run: | + echo "::group::Show dynamic libraries." + if command -v ldd > /dev/null; then + # Linux + ldd $(which haproxy) + else + # macOS + otool -L $(which haproxy) + fi + echo "::endgroup::" + haproxy -vv + echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT + - name: Launch HAProxy ${{ steps.show-version.outputs.version }} + run: haproxy -f .github/h2spec.config -D + - name: Run h2spec ${{ steps.install-h2spec.outputs.version }} + run: h2spec -Svtk -h 127.0.0.1 -p 8443 diff --git a/.github/workflows/contrib.yml b/.github/workflows/contrib.yml new file mode 100644 index 0000000..99a1576 --- /dev/null +++ b/.github/workflows/contrib.yml @@ -0,0 +1,25 @@ +name: Contrib + +on: + push: + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Compile admin/halog/halog + run: | + make admin/halog/halog + - name: Compile dev/flags/flags + run: | + make dev/flags/flags + - name: Compile dev/poll/poll + run: | + make dev/poll/poll + - name: Compile dev/hpack + run: | + make dev/hpack/decode dev/hpack/gen-enc dev/hpack/gen-rht diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000..e208c8c --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,43 @@ + +# +# scan results: https://scan.coverity.com/projects/haproxy +# + +name: Coverity + +on: + schedule: + - cron: "0 0 * * *" + +permissions: + contents: read + +jobs: + scan: + runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'haproxy' }} + env: + COVERITY_SCAN_PROJECT_NAME: 'Haproxy' + COVERITY_SCAN_BRANCH_PATTERN: '*' + COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipitsine@gmail.com' + # We cannot pass the DEBUG at once here because Coverity splits + # parameters at whitespaces, without taking quoting into account. + COVERITY_SCAN_BUILD_COMMAND: "make CC=clang TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_QUIC=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=addons/wurfl/dummy WURFL_LIB=addons/wurfl/dummy USE_DEVICEATLAS=1 DEVICEATLAS_SRC=addons/deviceatlas/dummy USE_51DEGREES=1 51DEGREES_SRC=addons/51degrees/dummy/pattern ADDLIB=\"-Wl,-rpath,$HOME/opt/lib/\" SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include DEBUG+=-DDEBUG_STRICT=1 DEBUG+=-DDEBUG_USE_ABORT=1" + steps: + - uses: actions/checkout@v3 + - name: Install apt dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + liblua5.3-dev \ + libsystemd-dev + - name: Install QUICTLS + run: | + QUICTLS=yes scripts/build-ssl.sh + - name: Build WURFL + run: make -C addons/wurfl/dummy + - name: Run Coverity Scan + env: + COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + run: | + curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true diff --git a/.github/workflows/cross-zoo.yml b/.github/workflows/cross-zoo.yml new file mode 100644 index 0000000..e2a5816 --- /dev/null +++ b/.github/workflows/cross-zoo.yml @@ -0,0 +1,110 @@ +# +# this is naamed "zoo" after OpenSSL "cross zoo pipeline" +# +name: Cross Compile + +on: + schedule: + - cron: "0 0 21 * *" + +permissions: + contents: read + +jobs: + cross-compilation: + strategy: + matrix: + platform: [ + { + arch: aarch64-linux-gnu, + libs: libc6-dev-arm64-cross, + target: linux-aarch64 + }, { + arch: alpha-linux-gnu, + libs: libc6.1-dev-alpha-cross, + target: linux-alpha-gcc + }, { + arch: arm-linux-gnueabi, + libs: libc6-dev-armel-cross, + target: linux-armv4 + }, { + arch: arm-linux-gnueabihf, + libs: libc6-dev-armhf-cross, + target: linux-armv4 + }, { + arch: hppa-linux-gnu, + libs: libc6-dev-hppa-cross, + target: -static linux-generic32 + }, { + arch: m68k-linux-gnu, + libs: libc6-dev-m68k-cross, + target: -static -m68040 linux-latomic + }, { + arch: mips-linux-gnu, + libs: libc6-dev-mips-cross, + target: -static linux-mips32 + }, { + arch: mips64-linux-gnuabi64, + libs: libc6-dev-mips64-cross, + target: -static linux64-mips64 + }, { + arch: mipsel-linux-gnu, + libs: libc6-dev-mipsel-cross, + target: linux-mips32 + }, { + arch: powerpc64le-linux-gnu, + libs: libc6-dev-ppc64el-cross, + target: linux-ppc64le + }, { + arch: riscv64-linux-gnu, + libs: libc6-dev-riscv64-cross, + target: linux64-riscv64 + }, { + arch: s390x-linux-gnu, + libs: libc6-dev-s390x-cross, + target: linux64-s390x + }, { + arch: sh4-linux-gnu, + libs: libc6-dev-sh4-cross, + target: no-async linux-latomic + }, { + arch: hppa-linux-gnu, + libs: libc6-dev-hppa-cross, + target: linux-generic32, + }, { + arch: m68k-linux-gnu, + libs: libc6-dev-m68k-cross, + target: -mcfv4e linux-latomic + }, { + arch: mips-linux-gnu, + libs: libc6-dev-mips-cross, + target: linux-mips32 + }, { + arch: mips64-linux-gnuabi64, + libs: libc6-dev-mips64-cross, + target: linux64-mips64 + }, { + arch: sparc64-linux-gnu, + libs: libc6-dev-sparc64-cross, + target: linux64-sparcv9 + } + ] + runs-on: ubuntu-latest + steps: + - name: install packages + run: | + sudo apt-get update + sudo apt-get -yq --force-yes install \ + gcc-${{ matrix.platform.arch }} \ + ${{ matrix.platform.libs }} + - uses: actions/checkout@v2 + + + - name: install quictls + run: | + QUICTLS_EXTRA_ARGS="--cross-compile-prefix=${{ matrix.platform.arch }}- ${{ matrix.platform.target }}" QUICTLS=yes scripts/build-ssl.sh + + - name: Build + run: | + make ERR=1 CC=${{ matrix.platform.arch }}-gcc TARGET=linux-glibc USE_LIBCRYPT= USE_OPENSSL=1 USE_QUIC=1 USE_PROMEX=1 SSL_LIB=${HOME}/opt/lib SSL_INC=${HOME}/opt/include ADDLIB="-Wl,-rpath,${HOME}/opt/lib" + diff --git a/.github/workflows/musl.yml b/.github/workflows/musl.yml new file mode 100644 index 0000000..8eb8310 --- /dev/null +++ b/.github/workflows/musl.yml @@ -0,0 +1,58 @@ +name: alpine/musl + +on: + push: + +permissions: + contents: read + +jobs: + musl: + name: gcc + runs-on: ubuntu-latest + container: + image: alpine:latest + options: --privileged --ulimit core=-1 --security-opt seccomp=unconfined + volumes: + - /tmp/core:/tmp/core + steps: + - name: Setup coredumps + run: | + ulimit -c unlimited + echo '/tmp/core/core.%h.%e.%t' > /proc/sys/kernel/core_pattern + - uses: actions/checkout@v3 + - name: Install dependencies + run: apk add gcc gdb make tar git python3 libc-dev linux-headers pcre-dev pcre2-dev openssl-dev lua5.3-dev grep socat curl musl-dbg lua5.3-dbg + - name: Install VTest + run: scripts/build-vtest.sh + - name: Build + run: make -j$(nproc) TARGET=linux-musl DEBUG_CFLAGS='-ggdb3' CC=cc V=1 USE_LUA=1 LUA_INC=/usr/include/lua5.3 LUA_LIB=/usr/lib/lua5.3 USE_OPENSSL=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_PROMEX=1 + - name: Show version + run: ./haproxy -vv + - name: Show linked libraries + run: ldd haproxy + - name: Install problem matcher for VTest + # This allows one to more easily see which tests fail. + run: echo "::add-matcher::.github/vtest.json" + - name: Run VTest + id: vtest + run: make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel + - name: Show coredumps + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | + ls /tmp/core/ + for file in /tmp/core/core.*; do + printf "::group::" + gdb -ex 'thread apply all bt full' ./haproxy $file + echo "::endgroup::" + done + - name: Show results + if: ${{ failure() }} + run: | + for folder in /tmp/haregtests-*/vtc.*; do + printf "::group::" + cat $folder/INFO + cat $folder/LOG + echo "::endgroup::" + done + shopt -s nullglob diff --git a/.github/workflows/openssl-nodeprecated.yml b/.github/workflows/openssl-nodeprecated.yml new file mode 100644 index 0000000..e7f7ffa --- /dev/null +++ b/.github/workflows/openssl-nodeprecated.yml @@ -0,0 +1,33 @@ +# +# special purpose CI: test against OpenSSL built in "no-deprecated" mode +# let us run those builds weekly +# +# for example, OpenWRT uses such OpenSSL builds (those builds are smaller) +# +# +# some details might be found at NL: https://www.mail-archive.com/haproxy@formilux.org/msg35759.html +# GH: https://github.com/haproxy/haproxy/issues/367 + +name: openssl no-deprecated + +on: + schedule: + - cron: "0 0 * * 4" + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Install VTest + run: | + scripts/build-vtest.sh + - name: Compile HAProxy + run: | + make DEFINE="-DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" -j3 CC=gcc ERR=1 TARGET=linux-glibc USE_OPENSSL=1 + - name: Run VTest + run: | + make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel diff --git a/.github/workflows/vtest.yml b/.github/workflows/vtest.yml new file mode 100644 index 0000000..8c13d13 --- /dev/null +++ b/.github/workflows/vtest.yml @@ -0,0 +1,155 @@ +# Copyright 2019 Ilya Shipitsin <chipitsine@gmail.com> +# Copyright 2020 Tim Duesterhus <tim@bastelstu.be> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. + +name: VTest + +on: + push: + +permissions: + contents: read + +jobs: + # The generate-matrix job generates the build matrix using JSON output + # generated by .github/matrix.py. + generate-matrix: + name: Generate Build Matrix + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v3 + - name: Generate Build Matrix + id: set-matrix + run: python3 .github/matrix.py "${{ github.ref_name }}" + + # The Test job actually runs the tests. + Test: + name: ${{ matrix.name }} + needs: generate-matrix + runs-on: ${{ matrix.os }} + strategy: + matrix: ${{ fromJson(needs.generate-matrix.outputs.matrix) }} + fail-fast: false + env: + # Configure a short TMPDIR to prevent failures due to long unix socket + # paths. + TMPDIR: /tmp + # Force ASAN output into asan.log to make the output more readable. + ASAN_OPTIONS: log_path=asan.log + OT_CPP_VERSION: 1.6.0 + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 100 +# +# Github Action cache key cannot contain comma, so we calculate it based on job name +# + - name: Generate cache key + id: generate-cache-key + run: | + echo "key=$(echo ${{ matrix.name }} | sha256sum | awk '{print $1}')" >> $GITHUB_OUTPUT + + - name: Cache SSL libs + if: ${{ matrix.ssl && matrix.ssl != 'stock' && matrix.ssl != 'BORINGSSL=yes' && matrix.ssl != 'QUICTLS=yes' }} + id: cache_ssl + uses: actions/cache@v3 + with: + path: '~/opt/' + key: ssl-${{ steps.generate-cache-key.outputs.key }} + + - name: Cache OpenTracing + if: ${{ contains(matrix.FLAGS, 'USE_OT=1') }} + id: cache_ot + uses: actions/cache@v3 + with: + path: '~/opt-ot/' + key: ot-${{ matrix.CC }}-${{ env.OT_CPP_VERSION }}-${{ contains(matrix.name, 'ASAN') }} + - name: Install apt dependencies + if: ${{ startsWith(matrix.os, 'ubuntu-') }} + run: | + sudo apt-get update + sudo apt-get install -y \ + liblua5.3-dev \ + libpcre2-dev \ + libsystemd-dev \ + ninja-build \ + socat + - name: Install brew dependencies + if: ${{ startsWith(matrix.os, 'macos-') }} + run: | + brew install socat + brew install lua + - name: Install VTest + run: | + scripts/build-vtest.sh + - name: Install SSL ${{ matrix.ssl }} + if: ${{ matrix.ssl && matrix.ssl != 'stock' && steps.cache_ssl.outputs.cache-hit != 'true' }} + run: env ${{ matrix.ssl }} scripts/build-ssl.sh + - name: Install OpenTracing libs + if: ${{ contains(matrix.FLAGS, 'USE_OT=1') && steps.cache_ot.outputs.cache-hit != 'true' }} + run: | + OT_PREFIX=${HOME}/opt-ot scripts/build-ot.sh + - name: Build WURFL + if: ${{ contains(matrix.FLAGS, 'USE_WURFL=1') }} + run: make -C addons/wurfl/dummy + - name: Compile HAProxy with ${{ matrix.CC }} + run: | + echo "::group::Show compiler's version" + echo | ${{ matrix.CC }} -v + echo "::endgroup::" + echo "::group::Show platform specific defines" + echo | ${{ matrix.CC }} -dM -xc -E - + echo "::endgroup::" + make -j$(nproc) all \ + ERR=1 \ + TARGET=${{ matrix.TARGET }} \ + CC=${{ matrix.CC }} \ + DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \ + ${{ join(matrix.FLAGS, ' ') }} \ + ADDLIB="-Wl,-rpath,/usr/local/lib/ -Wl,-rpath,$HOME/opt/lib/" + sudo make install + - name: Show HAProxy version + id: show-version + run: | + echo "::group::Show dynamic libraries." + if command -v ldd > /dev/null; then + # Linux + ldd $(which haproxy) + else + # macOS + otool -L $(which haproxy) + fi + echo "::endgroup::" + haproxy -vv + echo "version=$(haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT + - name: Install problem matcher for VTest + # This allows one to more easily see which tests fail. + run: echo "::add-matcher::.github/vtest.json" + - name: Run VTest for HAProxy ${{ steps.show-version.outputs.version }} + id: vtest + run: | + # This is required for macOS which does not actually allow to increase + # the '-n' soft limit to the hard limit, thus failing to run. + ulimit -n 65536 + make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel + - name: Show VTest results + if: ${{ failure() && steps.vtest.outcome == 'failure' }} + run: | + for folder in ${TMPDIR}/haregtests-*/vtc.*; do + printf "::group::" + cat $folder/INFO + cat $folder/LOG + echo "::endgroup::" + done + shopt -s nullglob + for asan in asan.log*; do + echo "::group::$asan" + cat $asan + echo "::endgroup::" + done diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml new file mode 100644 index 0000000..3030908 --- /dev/null +++ b/.github/workflows/windows.yml @@ -0,0 +1,67 @@ +# Copyright 2019 Ilya Shipitsin <chipitsine@gmail.com> +# Copyright 2020 Tim Duesterhus <tim@bastelstu.be> +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version +# 2 of the License, or (at your option) any later version. + +name: Windows + +on: + push: + +permissions: + contents: read + +jobs: + msys2: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + defaults: + run: + shell: msys2 {0} + strategy: + matrix: + include: + - name: "Windows, gcc, all features" + TARGET: cygwin + CC: gcc + os: windows-latest + FLAGS: + - USE_OPENSSL=1 + - USE_PCRE=1 + - USE_PCRE_JIT=1 + - USE_THREAD=1 + - USE_ZLIB=1 + steps: + - uses: actions/checkout@v3 + - uses: msys2/setup-msys2@v2 + with: + install: >- + coreutils + curl + diffutils + gawk + gcc + make + tar + openssl-devel + pcre-devel + zlib-devel + - name: Compile HAProxy with ${{ matrix.CC }} + run: | + echo "::group::Show platform specific defines" + echo | ${{ matrix.CC }} -dM -xc -E - + echo "::endgroup::" + make -j$(nproc) all \ + ERR=1 \ + TARGET=${{ matrix.TARGET }} \ + CC=${{ matrix.CC }} \ + DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_POOL_INTEGRITY" \ + ${{ join(matrix.FLAGS, ' ') }} + - name: Show HAProxy version + id: show-version + run: | + ./haproxy -vv + echo "version=$(./haproxy -v |awk 'NR==1{print $3}')" >> $GITHUB_OUTPUT diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d93100e --- /dev/null +++ b/.gitignore @@ -0,0 +1,55 @@ +# Below we forbid everything and only allow what we know, that's much easier +# than blocking about 500 different test files and bug report outputs. +/.* +/* +!/.cirrus.yml +!/.gitattributes +!/.github +!/.gitignore +!/.travis.yml +!/CHANGELOG +!/LICENSE +!/BRANCHES +!/Makefile +!/README +!/INSTALL +!/CONTRIBUTING +!/MAINTAINERS +!/SUBVERS +!/VERDATE +!/VERSION +!/addons +!/admin +!/dev +!/doc +!/ebtree +!/examples +!/include +!/src +!/tests +!/debian +!/scripts +!/reg-tests +# Reject some generic files +*.o +*.a +*~ +*.rej +*.orig +*.bak +# And reject some specific files +/admin/halog/halog +/admin/dyncookie/dyncookie +/admin/iprange/ip6range +/admin/iprange/iprange +/admin/systemd/haproxy.service +dev/base64/base64rev-gen +dev/flags/flags +dev/poll/poll +dev/tcploop/tcploop +dev/haring/haring +dev/hpack/decode +dev/hpack/gen-rht +/src/dlmalloc.c +/tests/test_hashes +doc/lua-api/_build diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..f72077f --- /dev/null +++ b/.mailmap @@ -0,0 +1 @@ +Tim Duesterhus <tim@bastelstu.be> diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..7f5110e --- /dev/null +++ b/.travis.yml @@ -0,0 +1,54 @@ +dist: focal + +language: c + +branches: + only: + - master + +env: + global: + - FLAGS="USE_LUA=1 USE_OPENSSL=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_SYSTEMD=1 USE_ZLIB=1" + - TMPDIR=/tmp + +addons: + apt: + update: true + packages: [ liblua5.3-dev, libsystemd-dev, libpcre2-dev, socat, libpcre3-dev ] + +matrix: + include: + - os: linux + arch: ppc64le + compiler: gcc + if: type == cron +# - os: linux +# arch: arm64 +# compiler: gcc +# if: type == cron + - os: linux + arch: arm64-graviton2 + group: edge + virt: vm + compiler: gcc + if: type == cron + - os: linux + arch: s390x + compiler: gcc + if: type == cron + +install: + - scripts/build-vtest.sh + +script: + - make -j$(nproc) ERR=1 TARGET=linux-glibc CC=$CC DEBUG=-DDEBUG_STRICT=1 $FLAGS + - ./haproxy -vv + - ldd haproxy + - make reg-tests VTEST_PROGRAM=../vtest/vtest REGTESTS_TYPES=default,bug,devel + +after_failure: + - | + for folder in ${TMPDIR}/*regtest*/vtc.*; do + cat $folder/INFO + cat $folder/LOG + done diff --git a/BRANCHES b/BRANCHES new file mode 100644 index 0000000..53b2ee9 --- /dev/null +++ b/BRANCHES @@ -0,0 +1,239 @@ +HAProxy branches and life cycle +=============================== + +The HAProxy project evolves quickly to stay up to date with modern features +found in web environments but also takes a great care of addressing bugs which +may affect deployed versions without forcing such users to upgrade when not +needed. For this reason the project is developed in branches. + +A branch is designated as two numbers separated by a dot, for example "1.8". +This numbering is historical. Each new development cycle increases the second +digit by one, and after it reaches '9' it goes back to zero and the first digit +increases by one. It effectively grows as a decimal number increased by 0.1 per +version. + +The complete version is made of the branch suffixed with "-dev" followed by a +sequence number during development, then by "." followed by a number when the +development of that branch is finished and the branch enters a maintenance +phase. The first release of a branch starts at ".0". Immediately after ".0" is +issued, the next branch is created as "-dev0" as an exact copy of the previous +branch's ".0" version. Thus we observe the following development sequence: + + ... 1.9-dev10 -> 1.9-dev11 -> 1.9.0 -> 2.0-dev0 -> 2.0-dev1 ... 2.0 -> ... + +Occasionally a series of "-rc" versions may be emitted between the latest -dev +and the release to mark the end of development and start of stabilizing, though +it's mostly a signal send to users that the release is approaching rather than +a change in the cycle as it is always hard to categorize patches. + +Very often the terms "branch" and "version" will be used interchangeably with +only the first two digits to designate "the latest version of that branch". So +when someone asks you "Could you please try the same on 1.8", it means "1.8.X" +with X as high as possible, thus for example 1.8.20 if this one is available at +this moment. + +During the maintenance phase, a maintenance branch is created for the just +released version. The development version remains in the development branch +called "master", or sometimes "-dev". If branches are represented vertically +and time horizontally, this will look like this: + + versions branch + 1.9-dev10 1.9-dev11 1.9.0 2.0-dev0 2.0-dev1 2.0-dev2 + ----+--------+---------+-------+---------+---------+----------> master + \ + \ 1.9.1 1.9.2 + `-----------+-------------+---------> 1.9 + +Each released version (e.g. 1.9.0 above) appears once in the master branch so +that it is easy to list history of changes between versions. + +Before version 1.4, development and maintenance were inter-mixed in the same +branch, which resulted in latest maintenance branches becoming unstable after +some point. This is why versions 1.3.14 and 1.3.15 became maintenance branches +on their own while the development pursued on 1.3 to stabilize again in the +latest versions. + +Starting with version 1.4.0, a rule has been set not to create new features +into a maintenance branch. It was not well respected and still created trouble +with certain 1.4 versions causing regressions and confusing users. + +Since 1.5.0 this "no new feature" rule has become strict and maintenance +versions only contain bug fixes that are necessary in this branch. This means +that any version X.Y.Z is necessarily more stable than X.Y.W with W<Z. + +For this reason there is absolutely no excuse for not updating a version within +your branch, as your version necessarily contains bugs that are fixed in any +later version in that same branch. Obviously when a branch is just released, +there will be some occasional bugs. And once in a while a fix for a recently +discovered bug may have an undesired side effect called a regression. This must +never happen but this will happen from time to time, especially on recently +released versions. This is often presented as an excuse by some users for not +updating but this is wrong, as the risk staying with an older version is much +higher than the risk of updating. If you fear there could be an issue with an +update because you don't completely trust the version in your branch, it simply +means you're using the wrong branch and need an older one. + +When a bug is reported in a branch, developers will systematically ask if the +bug is present in the latest version of this branch (since developers don't +like to work on bugs that were already fixed). It's a good practice to perform +the update yourself and to test again before reporting the bug. Note, as long +as you're using a supported branch, as indicated on the haproxy.org web site, +you don't need to upgrade to another branch to report a bug. However from time +to time it may happen that a developer will ask you if you can try it in order +to help narrow the problem down. But this will never be a requirement, just a +question. + +Once a bug is understood, it is tested on the development branch and fixed +there. Then the fix will be applied in turn to older branches, jumping from +one to the other in descending order. For example: + + FIX + 2.0-dev4 HERE 2.0-dev5 2.0-dev6 + -----+-------V-------------+-----------+--------------> master + 1.9.4 \ 1.9.5 1.9.6 1.9.7 + --+------------o-------+---------+-------------+------> 1.9 + 1.8.18 \ 1.8.19 1.8.20 + -----+-----------o------------+-------------+---------> 1.8 + +This principle ensures that you will always have a safe upgrade path from an +older branch to a newer: under no circumstances a bug that was already fixed +in an older branch will still be present in a newer one. In the diagram above, +a bug reported for 1.8.18 would be fixed between 2.0-dev4 and 2.0-dev5. The +fix will be backported into 1.9 and from there into 1.8. 1.9.5 will be issued +with the fix before 1.8.19 will be issued. This guarantees that for any version +1.8 having the fix, there always exists a version 1.9 with it as well. So if +you would upgrade to 1.8.19 to benefit from the fix and the next day decide +that for whatever new feature you need to upgrade to 1.9, you'll have 1.9.5 +available with the same set of fixes so you will not reintroduce a previously +fixed problem. + +In practice, it takes longer to release older versions than newer ones. There +are two reasons to this. One is technical: the fixes often require some +adaptations to be done for older versions. The other reason is stability: in +spite of the great care and the tests, there is always a faint risk that a fix +introduces a regression. By leaving fixes exposed in more recent versions +before appearing in older ones, there is a much smaller probability that such a +regression remains undetected when the next version of the older branch is +issued. + +So the rule for the best stability is very simple: + + STICK TO THE BRANCH THAT SUITS YOUR NEEDS AND APPLY ALL UPDATES. + +With other projects, some people developed a culture of backporting only a +selection of fixes into their own maintenance branch. Usually they consider +these fixes are critical, or security-related only. THIS IS TERRIBLY WRONG. +It is already very difficult for the developers who made the initial patch to +figure if and how it must be backported to an older branch, what extra patches +it depends on to be safe, as you can imagine it is impossible for anyone else +to make a safe guess about what to pick. + + A VERSION WHICH ONLY CONTAINS A SELECTION OF FIXES IS WAY MORE + DANGEROUS AND LESS STABLE THAN ONE WITHOUT ANY OF THESE FIXES. + +Branches up to 1.8 are all designated as "long-term supported" ("LTS" for +short), which means that they are maintained for several years after the +release. These branches were emitted at a pace of one per year since 1.5 in +2014. As of 2019, 1.5 is still supported and widely used, even though it very +rarely receives updates. After a few years these LTS branches enter a +"critical fixes only" status, which means that they will rarely receive a fix +but if that a critital issue affects them, a release will be made, with or +without any other fix. Once a version is not supported anymore, it will not +receive any fix at all and it will really be time for you to upgrade to a more +recent branch. Please note that even when an upgrade is needed, a great care is +given to backwards compatibility so that most configs written for version 1.1 +still work with little to no modification 16 years later on version 2.0. + +Since 1.9, the release pacing has increased to match faster moving feature sets +and a faster stabilization of the technical foundations. The principle is now +the following: + - one release is emitted between October and December, with an odd version + number (such as "1.9"). This version heavily focuses on risky changes that + are considered necessary to develop new features. It can for example bring + nice performance improvements as well as invisible changes that will serve + later ; these versions will only be emitted for developers and highly + skilled users. They will not be maintained for a long time, they will + receive updates for 12 to 18 months only after which they will be marked + End-Of-Life ("EOL" for short). They may receive delicate fixes during their + maintenance cycle so users have to be prepared to see some breakage once in + a while as fixes are stabilizing. THESE VERSIONS MUST ABSOLUTELY NOT BE + PACKAGED BY OPERATING SYSTEM VENDORS. + + - one release is emitted between May and June, with an even version number + (such as "2.0"). This version mostly relies on the technical foundations + brought by the previous release and tries hard not to apply risky changes. + Instead it will bring new user-visible features. Such versions will be + long-term supported and may be packaged by operating system vendors. + +This development model provides better stability for end users and better +feedback for developers: + - regular users stick to LTS versions which rely on the same foundations + as the previous releases that had 6 months to stabilize. In terms of + stability it really means that the point zero version already accumulated + 6 months of fixes and that it is much safer to use even just after it is + released. + + - for developers, given that the odd versions are solely used by highly + skilled users, it's easier to get advanced traces and captures, and there + is less pressure during bug reports because there is no doubt the user is + autonomous and knows how to work around the issue or roll back to the last + working version. + +Thus the release cycle from 1.8 to 2.2 should look like this: + + 1.8.0 1.9.0 2.0.0 2.1.0 2.2.0 + --+---------------+---------------+--------------+--------------+----> master + \ \ \ \ \ + \ \ \ \ `--> 2.2 LTS + \ \ \ `--+--+--+---+---> 2.1 + \ \ `----+-----+------+-------+----> 2.0 LTS + \ `--+-+-+--+---+------+--------+-----| EOL 1.9 + `---+---+---+-----+-------+-----------+---------------+------> 1.8 LTS + +In short the non-LTS odd releases can be seen as technological previews of the +next feature release, and will be terminated much earlier. The plan is to barely +let them overlap with the next non-LTS release, allowing advanced users to +always have the choice between the last two major releases. + +With all this in mind, what version should you use ? It's quite simple: + - if you're a first-time HAProxy user, just use the version provided by your + operating system. Just take a look at the "known bugs" section on the + haproxy.org web site to verify that it's not affected by bugs that could + have an impact for you. + + - if you don't want or cannot use the version shipped with your operating + system, it is possible that other people (including the package maintainer) + provide alternate versions. This is the case for Debian and Ubuntu for + example, where you can choose your distribution and pick the branch you + need here: https://haproxy.debian.net/ + + - if you want to build with specific options, apply some patches, you'll + have to build from sources. If you have little experience or are not + certain to devote regular time to perform this task, take an "old" branch + (i.e. 1-2 years old max, for example 1.8 when 2.0 is emitted). You'll avoid + most bugs and will not have to work too often to update your local version. + + - if you need a fresh version for application development, or to benefit from + latest improvements, take the most recent version of the most recent branch + and keep it up to date. You may even want to use the Git version or nightly + snapshots. + + - if you want to develop on HAProxy, use the master from the Git tree. + + - if you want to follow HAProxy's development by doing some tests without + the burden of entering too much into the development process, just use the + -dev versions of the master branch. At some point you'll feel the urge to + switch to the Git version anyway as it will ultimately simplify your work. + + - if you're installing it on unmanaged servers with little to no hostile + exposure, or your home router, you should pick the latest version in one + of the oldest supported branches. While it doesn't guarantee that you will + never have to upgrade it, at least as long as you don't use too complex a + setup, it's unlikely that you will need to update it often. + +And as a general rule, do not put a non-LTS version on a server unless you are +absolutely certain you are going to keep it up to date yourself and already +plan to replace it once the following LTS version is issued. If you are not +going to manage updates yourself, use pre-packaged versions exclusively and do +not expect someone else to have to deal with the burden of building from +sources. diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..8fbe7b4 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,19097 @@ +ChangeLog : +=========== + +2023/03/28 : 2.6.12 + - BUG/MAJOR: poller: drop FD's tgid when masks don't match + - OPTIM: mux-h1: limit first read size to avoid wrapping + - BUG/MEDIUM: stream: do not try to free a failed stream-conn + - BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd + - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path + - BUG/MEDIUM: stconn: don't set the type before allocation succeeds + - BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure + - BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s + - BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation + - BUG/MINOR: quic: wake up MUX on probing only for 01RTT + - BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF + - BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset + - BUG/MINOR: h3: properly handle incomplete remote uni stream type + - BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown + - BUG/MEDIUM: stats: Consume the request except when parsing the POST payload + - DOC: config: set-var() dconv rendering issues + - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription + - BUG/MINOR: applet/new: fix sedesc freeing logic + - BUG/MINOR: quic: Missing STREAM frame type updated + +2023/03/17 : 2.6.11 + - BUG/MEDIUM: proxy: properly stop backends on soft-stop + - BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop + - DEBUG: cli/show_fd: Display connection error code + - DEBUG: ssl-sock/show_fd: Display SSL error code + - BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches + - BUG/MINOR: quic: Missing STREAM frame length updates + - BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list + - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it + - MINOR: buffer: add br_single() to check if a buffer ring has more than one buf + - BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested + - BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data + - BUG/MINOR: quic: Missing STREAM frame data pointer updates + - BUG/MEDIUM: listener: duplicate inherited FDs if needed + - MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers + - MEDIUM: mux-h2/trace: add tracing support for headers + - BUG/MINOR: mux-h2: Fix possible null pointer deref on h2c in _h2_trace_header() + - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend + - BUG/MINOR: proto_ux: report correct error when bind_listener fails + - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all() + - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp() + - MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active + - MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback + - MINOR: trace: add the long awaited TRACE_PRINTF() + - BUG/MAJOR: qpack: fix possible read out of bounds in static table + +2023/03/10 : 2.6.10 + - BUG/MINOR: mworker: stop doing strtok directly from the env + - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions + - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong + - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start + - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send() + - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy + - MINOR: fd/cli: report the polling mask in "show fd" + - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached + - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue + - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed + - BUG/MINOR: mworker: prevent incorrect values in uptime + - MINOR: mux-h2/traces: do not log h2s pointer for dummy streams + - MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers() + - REGTESTS: Fix ssl_errors.vtc script to wait for connections close + - BUG/MINOR: cache: Cache response even if request has "no-cache" directive + - BUG/MINOR: cache: Check cache entry is complete in case of Vary + - BUG/MINOR: ring: do not realign ring contents on resize + - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables + - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing + - DOC: config: Fix description of options about HTTP connection modes + - DOC: config: Add the missing tune.fail-alloc option from global listing + - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section + - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list + - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body + - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory + - BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry + - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response + - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback + - MINOR: ssl: rename confusing ssl_bind_kws + - BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords + - BUG/MINOR: init: properly detect NUMA bindings on large systems + - BUG/MEDIUM: master: force the thread count earlier + - BUG/MINOR: init: make sure to always limit the total number of threads + - BUG/MINOR: thread: report thread and group counts in the correct order + - BUG/MINOR: ring: release the backing store name on exit + - MEDIUM: epoll: don't synchronously delete migrated FDs + - MEDIUM: poller: program the update in fd_update_events() for a migrated FD + - MAJOR: fd: remove pending updates upon real close + - MINOR: fd: delete unused updates on close() + - MEDIUM: fd: add the tgid to the fd and pass it to fd_insert() + - MINOR: cli/fd: show fd's tgid and refcount in "show fd" + - MINOR: fd: add functions to manipulate the FD's tgid + - MINOR: fd: add fd_get_running() to atomically return the running mask + - MAJOR: fd: grab the tgid before manipulating running + - MINOR: fd: make fd_clr_running() return the previous value instead + - MEDIUM: fd: make fd_insert/fd_delete atomically update fd.tgid + - BUG/MINOR: fd: Properly init the fd state in fd_insert() + - MEDIUM: fd: quit fd_update_events() when FD is closed + - MAJOR: poller: only touch/inspect the update_mask under tgid protection + - MEDIUM: fd: support broadcasting updates for foreign groups in updt_fd_polling + - BUG/MAJOR: fd/thread: fix race between updates and closing FD + - BUG/MAJOR: fd/threads: close a race on closing connections after takeover + - MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set + - BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame + - BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors + - BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer() + - BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm() + - BUG/MINOR: quic: Do not probe with too little Initial packets + - BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean + - BUG/MINOR: quic: Do not drop too small datagrams with Initial packets + - BUG/MINOR: quic: Missing padding for short packets + - MINOR: quic: adjust request reject when MUX is already freed + - BUG/MINOR: quic: also send RESET_STREAM if MUX released + - BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released + - BUG/MINOR: h3: prevent hypothetical demux failure on int overflow + - BUG/MEDIUM: quic: properly handle duplicated STREAM frames + - BUG/MINOR: quic: Do not send too small datagrams (with Initial packets) + - BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted + - BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets + - BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames + - BUG/MINOR: quic: Do not resend already acked frames + - MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock + - BUG/MINOR: quic: Missing detections of amplification limit reached + - BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX + - BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated + - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value + - BUG/MINOR: quic: Missing listener accept queue tasklet wakeups + - DOC/CLEANUP: fix typos + +2023/02/14 : 2.6.9 + - BUG/MINOR: sink: make sure to always properly unmap a file-backed ring + - DEV: haring: add a new option "-r" to automatically repair broken files + - BUG/MINOR: log: release global log servers on exit + - BUG/MINOR: sink: free the forwarding task on exit + - DEV: hpack: fix `trash` build regression + - BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section + - MINOR: mux-quic/h3: define stream close callback + - BUG/MEDIUM: h3: handle STOP_SENDING on control stream + - BUG/MEDIUM: ssl: wrong eviction from the session cache tree + - BUG/MINOR: h3: fix crash due to h3 traces + - BUG/MINOR: stats: use proper buffer size for http dump + - BUG/MINOR: stats: fix source buffer size for http dump + - BUG/MEDIUM: stats: fix resolvers dump + - BUG/MINOR: stats: fix ctx->field update in stats_dump_proxy_to_buffer() + - BUG/MINOR: stats: fix show stats field ctx for servers + - BUG/MINOR: stats: fix STAT_STARTED behavior with full htx + - BUG/MINOR: quic: Possible stream truncations under heavy loss + - BUG/MINOR: quic: Too big PTO during handshakes + - BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans() + - MINOR: quic: When probing Handshake packet number space, also probe the Initial one + - BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session + - MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks + - BUG/MINOR: quic: Unchecked source connection ID + - BUG/MEDIUM: quic: do not split STREAM frames if no space + - BUG/MINOR: ssl/crt-list: warn when a line is malformated + - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge + - BUG/MEDIUM: cache: use the correct time reference when comparing dates + - DOC: config: fix option spop-check proxy compatibility + - DOC: config: 'http-send-name-header' option may be used in default section + - MINOR: cfgparse/server: move (min/max)conn postparsing logic into dedicated function + - BUG/MINOR: server/add: ensure minconn/maxconn consistency when adding server + - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first + - BUG/MEDIUM: quic: fix crash when "option nolinger" is set in the frontend + - DOC: proxy-protocol: fix wrong byte in provided example + - BUG/CRITICAL: http: properly reject empty http header field names + +2023/01/24 : 2.6.8 + - BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action + - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side + - CI: github: reintroduce openssl 1.1.1 + - CI: github: split ssl lib selection based on git branch + - BUILD: peers: peers-t.h depends on stick-table-t.h + - BUG/MEDIUM: ssl: Verify error codes can exceed 63 + - BUG/MINOR: ssl: Fix potential overflow + - MINOR: mworker: display an alert upon a wait-mode exit + - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers + - BUILD: makefile/da: also clean Os/ in Device Atlas dummy lib dir + - BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task + - BUG/MINOR: promex: create haproxy_backend_agg_server_status + - MINOR: promex: introduce haproxy_backend_agg_check_status + - DOC: promex: Add missing backend metrics + - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes + - REGTESTS: fix the race conditions in iff.vtc + - REGTESTS: startup: check maxconn computation + - BUG/MINOR: startup: don't use internal proxies to compute the maxconn + - CI: github: set ulimit -n to a greater value + - REGTESTS: startup: activate automatic_maxconn.vtc + - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout + - REGTESTS: startup: change the expected maxconn to 11000 + - REGTESTS: startup: add alternatives values in automatic_maxconn.vtc + - BUG/MEDIUM: h3: reject request with invalid header name + - BUG/MEDIUM: h3: reject request with invalid pseudo header + - MINOR: http: extract content-length parsing from H2 + - BUG/MEDIUM: h3: parse content-length and reject invalid messages + - CI: github: remove redundant ASAN loop + - CI: github: split matrix for development and stable branches + - BUG/MINOR: quic: properly handle alloc failure in qc_new_conn() + - BUG/MINOR: mux-quic: remove qcs from opening-list on free + - BUG/MINOR: mux-quic: handle properly alloc error in qcs_new() + - LICENSE: wurfl: clarify the dummy library license. + - BUG/MEDIUM: h3: fix cookie header parsing + - BUG/MINOR: h3: fix memleak on HEADERS parsing failure + - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain + - MINOR: stats: provide ctx for dumping functions + - MINOR: stats: introduce stats field ctx + - BUG/MINOR: stats: fix show stat json buffer limitation + - BUG/MINOR: quic: fix crash on PTO rearm if anti-amplification reset + - REGTESTS: startup: disable automatic_maxconn.vtc + - BUG/MEDIUM: tests: use tmpdir to create UNIX socket + - BUG/MEDIUM: stats: Rely on a local trash buffer to dump the stats + - OPTIM: pool: split the read_mostly from read_write parts in pool_head + - BUG/MEDIUM: mux-quic: fix double delete from qcc.opening_list + - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set + - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats + - BUG/MINOR: mux-quic: ignore remote unidirectional stream close + - BUILD: makefile: build the features list dynamically + - BUILD: makefile: sort the features list + - BUG/MINOR: stick-table: report the correct action name in error message + - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set + - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned + - DOC: config: fix alphabetical ordering of http-after-response rules + - DOC: config: remove duplicated "http-response sc-set-gpt0" directive + - BUG/MINOR: proxy: free orgto_hdr_name in free_proxy() + - REGTEST: fix the race conditions in json_query.vtc + - REGTEST: fix the race conditions in add_item.vtc + - REGTEST: fix the race conditions in digest.vtc + - REGTEST: fix the race conditions in hmac.vtc + - BUG/MINOR: http: Memory leak of http redirect rules' format string + - CLEANUP: htx: fix a typo in an error message of http_str_to_htx + - DOC: management: add details on "Used" status + - DOC: management: add details about @system-ca in "show ssl ca-file" + - BUG/MINOR: mux-quic: fix transfer of empty HTTP response + - MINOR: mux-quic: add traces for flow-control limit reach + - BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses + - BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc + - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action + - BUG/MEDIUM: peers: make "show peers" more careful about partial initialization + - BUG/MINOR: promex: Don't forget to consume the request on error + - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body + - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state + - BUG/MINOR: http-ana: make set-status also update txn->status + - BUG/MINOR: listeners: fix suspend/resume of inherited FDs + - DOC: config: fix wrong section number for "protocol prefixes" + - DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" + - DOC: config: mention the missing "quic4@" and "quic6@" in protocol prefixes + - BUG/MINOR: mux-fcgi: Correctly set pathinfo + - DOC: config: fix "Address formats" chapter syntax + - BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params) + - BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0) + - BUG/MINOR: listener: close tiny race between resume_listener() and stopping + - BUG/MINOR: h3: properly handle connection headers + - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests + - BUG/MINOR: mux-h2: add missing traces on failed headers decoding + - BUILD: hpack: include global.h for the trash that is needed in debug mode + - BUG/MINOR: jwt: Wrong return value checked + - BUG/MINOR: quic: Do not request h3 clients to close its unidirection streams + - MINOR: h1: Consider empty port as invalid in authority for CONNECT + - MINOR: http: Considere empty ports as valid default ports + - BUG/MINOR: h1: Replace authority validation to conform RFC3986 + - REG-TESTS: http: Add more tests about authority/host matching + - BUG/MINOR: http-htx: Normalized absolute URIs with an empty port + +2022/12/02 : 2.6.7 + - REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies + - BUG/MINOR: hlua: Remove \n in Lua error message built with memprintf + - BUG/MINOR: stream: Perform errors handling in right order in stream_new() + - BUG/MEDIUM: stconn: Reset SE descriptor when we fail to create a stream + - BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree + - BUG/MINOR: hlua: fixing hlua_http_msg_del_data behavior + - BUG/MINOR: hlua: fixing hlua_http_msg_insert_data behavior + - BUG/MINOR: hlua: _hlua_http_msg_delete incorrect behavior when offset is used + - DOC: management: httpclient can resolve server names in URLs + - BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns + - BUG/MINOR: backend: only enforce turn-around state when not redispatching + - BUG/MINOR: checks: update pgsql regex on auth packet + - DOC: config: Fix pgsql-check documentation to make user param mandatory + - CLEANUP: mux-quic: remove usage of non-standard ull type + - CLEANUP: quic: remove global var definition in quic_tls header + - BUG/MINOR: quic: adjust quic_tls prototypes + - CLEANUP: quic: fix headers + - CLEANUP: quic: remove unused function prototype + - CLEANUP: quic: remove duplicated varint code from xprt_quic.h + - CLEANUP: quic: create a dedicated quic_conn module + - BUG/MINOR: mux-quic: ignore STOP_SENDING for locally closed stream + - BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure + - BUG/MEDIUM: lua: handle stick table implicit arguments right. + - BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os + - MINOR: fd: add a new function to only raise RLIMIT_NOFILE + - MINOR: init: do not try to shrink existing RLIMIT_NOFIlE + - BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() + - BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os + - BUG/MINOR: hlua: hlua_channel_insert_data() behavior conflicts with documentation + - MINOR: quic: limit usage of ssl_sock_ctx in favor of quic_conn + - MINOR: mux-quic: check quic-conn return code on Tx + - CLEANUP: quic: fix indentation + - BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error + - MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands + - BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction + - BUG/MINOR: config: don't count trailing spaces as empty arg (v2) + - BUG/MEDIUM: config: count line arguments without dereferencing the output + - MEDIUM: quic: retrieve frontend destination address + - CLEANUP: quic/receiver: remove the now unused tx_qring list + - BUG/MINOR: quic: set IP_PKTINFO socket option for QUIC receivers only + - DOC: configuration: missing 'if' in tcp-request content example + - BUG/MAJOR: stick-tables: do not try to index a server name for applets + - BUG/MINOR: server: make sure "show servers state" hides private bits + - MINOR: quic: New quic_cstream object implementation + - MINOR: quic: Extract CRYPTO frame parsing from qc_parse_pkt_frms() + - MINOR: quic: Use a non-contiguous buffer for RX CRYPTO data + - BUG/MINOR: quic: Stalled 0RTT connections with big ClientHello TLS message + - MINOR: quic: Split the secrets key allocation in two parts + - CLEANUP: quic: remove unused rxbufs member in receiver + - CLEANUP: quic: improve naming for rxbuf/datagrams handling + - MINOR: quic: implement datagram cleanup for quic_receiver_buf + - BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk() + - BUG/MEDIUM: httpclient: Don't set EOM flag on an empty HTX message + - MINOR: httpclient/lua: Don't set req_payload callback if body is empty + - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py + - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition + - BUILD: quic: QUIC mux build fix for 32-bit build + - BUG/MEDIUM: httpclient: segfault when the httpclient parser fails + - BUILD: ssl_sock: fix null dereference for QUIC build + - BUILD: quic: Fix build for m68k cross-compilation + - BUG/MINOR: quic: fix buffer overflow on retry token generation + - MINOR: quic: add version field on quic_rx_packet + - MINOR: quic: extend pn_offset field from quic_rx_packet + - MINOR: quic: define first packet flag + - MINOR: quic: extract connection retrieval + - MINOR: quic: split and rename qc_lstnr_pkt_rcv() + - MINOR: quic: refactor packet drop on reception + - MINOR: quic: extend Retry token check function + - BUG/MINOR: log: Preserve message facility when the log target is a ring buffer + - BUG/MINOR: ring: Properly parse connect timeout + - BUG/MEDIUM: httpclient/lua: crash when the lua task timeout before the httpclient + - BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler + - REGTESTS: httpclient/lua: test the lua task timeout with the httpclient + - CI: github: dump the backtrace of coredumps in the alpine container + - BUILD: Makefile: add "USE_SHM_OPEN" on the linux-musl target + - BUG/MINOR: mux-quic: complete flow-control for uni streams + - BUG/MEDIUM: compression: handle rewrite errors when updating response headers + - MINOR: quic: do not crash on unhandled sendto error + - MINOR: quic: display unknown error sendto counter on stat page + - BUG/MINOR: sink: Only use backend capability for the sink proxies + - BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers + - CI: SSL: use proper version generating when "latest" semantic is used + - CI: SSL: temporarily stick to LibreSSL=3.5.3 + - DOC: management: add forgotten "show startup-logs" + - DOC: lua: add a note about compression w/ httpclient + - BUG/MAJOR: stick-table: don't process store-response rules for applets + - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task + - MINOR: quic: remove unnecessary quic_session_accept() + - BUG/MINOR: quic: fix subscribe operation + - BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting + - BUG/MINOR: quic: fix race condition on datagram purging + - CI: add monthly gcc cross compile jobs + - BUG/MINOR: httpclient: fixed memory allocation for the SSL ca_file + - BUG/MINOR: ssl: Memory leak of DH BIGNUM fields + - BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer + - BUG/MINOR: ssl: ocsp structure not freed properly in case of error + - CI: switch to the "latest" LibreSSL + - CI: enable QUIC for LibreSSL builds + - CI: emit the compiler's version in the build reports + - BUG/MEDIUM: wdt/clock: properly handle early task hangs + - BUG/MINOR: http-htx: Fix error handling during parsing http replies + - BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure + - BUG/MINOR: resolvers: Set port before IP address when processing SRV records + - BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy + - BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once + - BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers + - REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses + - DOC: config: fix alphabetical ordering of global section + - BUG/MEDIUM: ring: fix creation of server in uninitialized ring + - BUILD: quic: fix dubious 0-byte overflow on qc_release_lost_pkts + - BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes + - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task + - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists + - BUG/MEDIUM: raw-sock: Don't report connection error if something was received + - BUG/MINOR: ssl: don't initialize the keylog callback when not required + - BUG/MEDIUM: peers: messages about unkown tables not correctly ignored + - BUILD: peers: Remove unused variables + - MINOR: ncbuf: complete doc for ncb_advance() + - BUG/MEDIUM: quic: fix unsuccessful handshakes on ncb_advance error + - BUG/MEDIUM: quic: fix memleak for out-of-order crypto data + - MINOR: quic: complete traces/debug for handshake + - BUG/MAJOR: quic: Crash upon retransmission of dgrams with several packets + - BUG/MAJOR: quic: Crash after discarding packet number spaces + - DOC: configuration: fix quic prefix typo + - MINOR: quic: report error if force-retry without cluster-secret + - MINOR: global: generate random cluster.secret if not defined + - BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns + - BUILD: listener: fix build warning on global_listener_rwlock without threads + - DOC: quic: add note on performance issue with listener contention + - BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance + - BUG/MINOR: log: fix parse_log_message rfc5424 size check + - BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action + - BUILD: http-htx: Silent build error about a possible NULL start-line + - DOC: configuration.txt: add default_value for table_idle signature + - BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk() + - BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out + - DOC: configuration.txt: fix typo in table_idle signature + - BUG/MEDIUM: quic: fix datagram dropping on queueing failed + - MINOR: ssl: enhance ca-file error emitting + - MINOR: ssl: forgotten newline in error messages on ca-file + - BUG/MINOR: ssl: shut the ca-file errors emitted during httpclient init + - Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" + - DOC: config: provide some configuration hints for "http-reuse" + - DOC: config: refer to section about quoting in the "add_item" converter + - DOC: config: clarify the fact that SNI should not be used in HTTP scenarios + - DOC: config: mention that a single monitor-uri rule is supported + - DOC: config: explain how default matching method for ACL works + - DOC: config: clarify the fact that "retries" is not just for connections + - DOC: config: clarify the -m dir and -m dom pattern matching methods + - SCRIPTS: announce-release: add a link to the data plane API + - CLEANUP: ncbuf: remove ncb_blk args by value + - CLEANUP: ncbuf: inline small functions + - CLEANUP: ncbuf: use standard BUG_ON with DEBUG_STRICT + - BUG/MINOR: quic: Endless loop during retransmissions + - MINOR: mux-h2: add the expire task and its expiration date in "show fd" + - MINOR: mux-h1: add the expire task and its expiration date in "show fd" + +2022/09/22 : 2.6.6 + - MEDIUM: peers: limit the number of updates sent at once + - MINOR: Revert part of clarifying samples support per os commit + - BUILD: makefile: enable crypt(3) for NetBSD + - BUG/MINOR: quic: Retransmitted frames marked as acknowledged + - BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines + - BUG/MINOR: h1: Support headers case adjustment for TCP proxies + - BUG/MINOR: quic: Possible crash when verifying certificates + - BUILD: quic: add some ifdef around the SSL_ERROR_* for libressl + - BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb + - BUILD: quic: temporarly ignore chacha20_poly1305 for libressl + - BUILD: quic: enable early data only with >= openssl 1.1.1 + - BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx + - BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx() + - MINOR: quic: add QUIC support when no client_hello_cb + - MINOR: quic: Add traces about sent or resent TX frames + - MINOR: quic: No TRACE_LEAVE() in retrieve_qc_conn_from_cid() + - BUG/MINOR: quic: Wrong connection ID to thread ID association + - BUG/MINOR: task: always reset a new tasklet's call date + - BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet + - MINOR: task: permanently enable latency measurement on tasklets + - CLEANUP: task: rename ->call_date to ->wake_date + - BUG/MINOR: task: Fix detection of tasks profiling in tasklet_wakeup_after() + - BUG/MINOR: sched: properly account for the CPU time of dying tasks + - MINOR: sched: store the current profile entry in the thread context + - BUG/MINOR: stream/sched: take into account CPU profiling for the last call + - BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals + - BUG/MINOR: quic: Speed up the handshake completion only one time + - BUG/MINOR: quic: Trace fix about packet number space information. + - BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal" + - MINOR: h3: Add the quic_conn object to h3 traces + - MINOR: h3: Missing connection argument for a TRACE_LEAVE() argument + - MINOR: h3: Send the h3 settings with others streams (requests) + - BUG/MINOR: signals/poller: ensure wakeup from signals + - CI: cirrus-ci: bump FreeBSD image to 13-1 + - DEV: flags: fix usage message to reflect available options + - DEV: flags: add missing CO_FL_FDLESS connection flag + - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK + - MINOR: listener: small API change + - MINOR: proxy/listener: support for additional PAUSED state + - BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' + - CLEANUP: pollers: remove dead code in the polling loop + - BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created + - REGTESTS: healthcheckmail: Relax matching on the healthcheck log message + - CLEANUP: listener: function comment typo in stop_listener() + - BUG/MINOR: listener: null pointer dereference suspected by coverity + - REGTESTS: log: test the log-forward feature + - BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. + - REGTESTS: ssl/log: test the log-forward with SSL + - DOC: fix TOC in starter guide for subsection 3.3.8. Statistics + - MEDIUM: quic: separate path for rx and tx with set_encryption_secrets + - BUG/MEDIUM: mux-quic: fix crash on early app-ops release + - CLEANUP: mux-quic: remove stconn usage in h3/hq + - BUG/MINOR: mux-quic: do not remotely close stream too early + - BUG/MEDIUM: server: segv when adding server with hostname from CLI + - CLEANUP: quic,ssl: fix tiny typos in C comments + - BUG/MEDIUM: captures: free() an error capture out of the proxy lock + - BUILD: fd: fix a build warning on the DWCAS + - SCRIPTS: announce-release: update some URLs to https + - BUG/MEDIUM: mux-quic: fix nb_hreq decrement + - BUG/MINOR: mux-quic: do not keep detached qcs with empty Tx buffers + - REORG: mux-quic: extract traces in a dedicated source file + - REORG: mux-quic: export HTTP related function in a dedicated file + - MINOR: mux-quic: refactor snd_buf + - BUG/MEDIUM: mux-quic: properly trim HTX buffer on snd_buf reset + - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N + - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N + - REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc + - BUG/MINOR: log: improper behavior when escaping log data + +2022/09/03 : 2.6.5 + - BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt() + - BUG/MINOR: quic: Safer QUIC frame builders + - BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD + - BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() + - BUG/MINOR: mworker: does not create the "default" resolvers in wait mode + - BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect + - REGTESTS: Fix prometheus script to perform HTTP health-checks + - MINOR: resolvers: shut the warning when "default" resolvers is implicit + - BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets + - BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup) + - CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet) + - CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv() + - DOC: configuration: do-resolve doesn't work with a port in the string + - MINOR: sample: add the host_only and port_only converters + - BUG/MINOR: httpclient: fix resolution with port + - DOC: configuration.txt: do-resolve must use host_only to remove its port. + - BUG/MINOR: quic: Frames added to packets even if not built. + - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode + - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy + - BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress + - BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date + - BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets + - MINOR: quic: Replace MT_LISTs by LISTs for RX packets. + - BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler + - BUG/MINOR: applet: make the call_rate only count the no-progress calls + - MINOR: quic: Add a trace to distinguish the datagram from the packets inside + - BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) + - BUG/MINOR: ssl: fix deinit of the ca-file tree + - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() + - BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released + - MINOR: quic: Revert recent QUIC commits + - BUG/MINOR: ssl: revert two wrong fixes with ckhi_link + - BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input + - BUG/MINOR: dev/udp: properly preset the rx address size + - MINOR: connection: support HTTP/3.0 for smp_*_http_major fetch + - CLEANUP: Re-apply xalloc_size.cocci (2) + - MINOR: mux-quic: simplify decode_qcs API + - MINOR: mux-quic/h3: adjust demuxing function return values + - BUG/MINOR: h3: fix return value on decode_qcs on error + - BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing + - BUG/MEDIUM: h3: fix SETTINGS parsing + - MINOR: mux-quic: complete BUG_ON on TX flow-control enforcing + - CLEANUP: quic: use task_new_on() for single-threaded tasks + - MINOR: qpack: reduce dependencies on other modules + - MINOR: qpack: add ABORT_NOW on unimplemented decoding + - MINOR: qpack: improve decoding function + - MINOR: quic: Add several nonce and key definitions for Retry tag + - MINOR: quic: Parse long packet version from qc_parse_hd_form() + - CLEANUP: quid: QUIC draft-28 no more supported + - MEDIUM: quic: Add QUIC v2 draft support + - MINOR: quic: Released QUIC TLS extension for QUIC v2 draft + - MEDIUM: quic: Compatible version negotiation implementation (draft-08) + - CLEANUP: quic: Remove any reference to boringssl + - BUILD: quic: Wrong HKDF label constant variable initializations + - BUG/MINOR: qpack: abort on dynamic index field line decoding + - MINOR: quic: Dump version_information transport parameter + - CLEANUP: pool/quic: remove suffix "_pool" from certain pool names + - BUG/MINOR: qpack: fix build with QPACK_DEBUG + - BUG/MINOR: qpack: abort on dynamic index field line decoding + - CLEANUP: mux-quic: adjust comment on qcs_consume() + - CLEANUP: mux-quic: do not export qc_get_ncbuf + - REORG: mux-quic: reorganize flow-control fields + - MINOR: mux-quic: implement accessor for sedesc + - MEDIUM: mux-quic: refactor streams opening + - MINOR: mux-quic: rename qcs flag FIN_RECV to SIZE_KNOWN + - MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size + - REORG: mux-quic: rename stream initialization function + - MINOR: mux-quic: rename stream purge function + - MINOR: mux-quic: add traces on frame parsing functions + - MINOR: mux-quic: implement qcs_alert() + - MINOR: mux-quic: filter send/receive-only streams on frame parsing + - MINOR: mux-quic: do not ack STREAM frames on unrecoverable error + - MINOR: mux-quic: support stream opening via MAX_STREAM_DATA + - MINOR: mux-quic: define basic stream states + - MINOR: mux-quic: use stream states to mark as detached + - MEDIUM: mux-quic: implement RESET_STREAM emission + - MEDIUM: mux-quic: implement STOP_SENDING handling + - CLEANUP: quic: clean up include on quic_frame-t.h + - MINOR: quic: define a generic QUIC error type + - MINOR: mux-quic: support app graceful shutdown + - MINOR: mux-quic/h3: prepare CONNECTION_CLOSE on release + - MEDIUM: quic: send CONNECTION_CLOSE on released MUX + - CLEANUP: mux-quic: move qc_release() + - MINOR: mux-quic: send one last time before release + - MINOR: h3: store control stream in h3c + - MINOR: h3: implement graceful shutdown with GOAWAY + - MINOR: mux-quic: save proxy instance into qcc + - MINOR: mux-quic: use timeout server for backend conns + - MEDIUM: mux-quic: adjust timeout refresh + - MINOR: mux-quic: count in-progress requests + - MEDIUM: mux-quic: implement http-keep-alive timeout + - MINOR: h3: support HTTP request framing state + - MINOR: mux-quic: refresh timeout on frame decoding + - MINOR: mux-quic: refactor refresh timeout function + - MEDIUM: mux-quic: implement http-request timeout + - MINOR: quic: Add two new stats counters for sendto() errors + - BUG/MINOR: quic: adjust errno handling on sendto + - MINOR: quic: Replace pool_zalloc() by pool_malloc() for fake datagrams + - MINOR: quic: replace custom buf on Tx by default struct buffer + - MINOR: quic: release Tx buffer on each send + - MINOR: quic: refactor datagram commit in Tx buffer + - MINOR: quic: skip sending if no frame to send in io-cb + - BUG/MINOR: mux-quic: open stream on STOP_SENDING + - BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level + - MEDIUM: quic: xprt traces rework + - MINOR: quic: Remove useless lock for RX packets + - CLEANUP: quic: Remove trailing spaces + - MINOR: mux-quic: adjust enter/leave traces + - MINOR: mux-quic: define protocol error traces + - CLEANUP: mux-quic: adjust traces level + - MINOR: mux-quic: define new traces + - BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg + - BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init() + - BUG/MEDIUM: quic: Wrong use of <token_odcid> in qc_lsntr_pkt_rcv() + - BUG/MINOR: mux-quic: fix crash with traces in qc_detach() + - BUG/MINOR: quic: MIssing check when building TX packets + - BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt() + - MINOR: quic: adjust quic_frame flag manipulation + - MINOR: h3: report error on control stream close + - MINOR: qpack: report error on enc/dec stream close + - BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control + - MINOR: mux-quic: adjust traces on stream init + - MINOR: mux-quic: add missing args on some traces + - MINOR: quic: refactor application send + - BUG/MINOR: quic: do not notify MUX on frame retransmit + - BUG/MINOR: quic: Missing initializations for ducplicated frames. + - BUG/MEDIUM: quic: fix crash on MUX send notification + - REORG: h2: extract cookies concat function in http_htx + - REGTESTS: add test for HTTP/2 cookies concatenation + - MEDIUM: h3: concatenate multiple cookie headers + - BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame struct member + - MINOR: quic: Add frame addresses to QUIC_EV_CONN_PRSAFRM event traces + - BUG/MINOR: quic: Wrong splitted duplicated frames handling + - MINOR: quic: Add the QUIC connection to mux traces + - MINOR: quic: Trace fix in qc_release_frm() + - MINOR: quic: Add reusable cipher contexts for header protection + - BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged data + - BUG/MINOR: quix: Memleak for non in flight TX packets + - BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt() + - BUG/MINOR: quic: Safer QUIC frame builders + - MINOR: quic: Replace MT_LISTs by LISTs for RX packets. + - Revert "BUG/MINOR: quix: Memleak for non in flight TX packets" + - BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets + - BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup) + - CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet) + - CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv() + - MINOR: quic: Remove useless traces about references to TX packets + - Revert "MINOR: quic: Remove useless traces about references to TX packets" + - BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace + - BUG/MINOR: quic: Frames added to packets even if not built. + - BUG/MINOR: quic: Missing header protection AES cipher context initialisations (draft-v2) + - MINOR: quic: Add a trace to distinguish the datagram from the packets inside + - MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event + - BUG/MINOR: quic: TX frames memleak + - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2 + - BUILD: ring: forward-declare struct appctx to avoid a build warning + - MINOR: ring: support creating a ring from a linear area + - MINOR: ring: add support for a backing-file + - BUILD: sink: replace S_IRUSR, S_IWUSR with their octal value + - MINOR: ring: archive a previous file-backed ring on startup + - MINOR: sink/ring: rotate non-empty file-backed contents only + - DEV: haring: add a simple utility to read file-backed rings + - DEV: haring: support remapping LF in contents with CR VT + - CLEANUP: exclude haring with .gitignore + - BUILD: debug: make sure debug macros are never empty + - BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support + - REGTESTS: http_request_buffer: Add a barrier to not mix up log messages + - BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools + - MINOR: backend: always satisfy the first req reuse rule with l7 retries + - BUG/MINOR: quic: Do not ack when probing + - MINOR: quic: Add TX frames addresses to traces to several trace events + - MINOR: quic: Trace typo fix in qc_release_frm() + - BUG/MINOR: quic: Frames leak during retransmissions + - BUG/MINOR: h2: properly set the direction flag on HTX response + - BUG/MEDIUM: httpclient: always detach the caller before self-killing + - BUG/MINOR: httpclient: keep-alive was accidentely disabled + - BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber + - BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber + - BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber + - DEBUG: stream: minor rearrangement of a few fields in struct stream. + - MINOR: debug: report applet pointer and handler in crashes when known + - BUG/MINOR: http-act: initialize http fmt head earlier + +2022/08/22 : 2.6.4 + - BUG/MINOR: ssl/cli: error when the ca-file is empty + - BUG/MAJOR: mworker: fix infinite loop on master with no proxies. + +2022/08/19 : 2.6.3 + - BUG/MINOR: sockpair: wrong return value for fd_send_uxst() + - Revert "BUG/MINOR: peers: set the proxy's name to the peers section name" + - DEBUG: fd: split the fd check + - MEDIUM: resolvers: continue startup if network is unavailable + - BUG/MINOR: mworker: PROC_O_LEAVING used but not updated + - BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks + - MINOR: quic: Congestion control architecture refactoring + - MEDIUM: quic: Cubic congestion control algorithm implementation + - MINOR: quic: New "quic-cc-algo" bind keyword + - BUG/MINOR: quic: loss time limit variable computed but not used + - MINOR: quic: Stop looking for packet loss asap + - BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts() + - MINOR: quic: Send packets as much as possible from qc_send_app_pkts() + - BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once + - MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups + - BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions + - BUG/MINOR: mux-quic: prevent crash if conn released during IO callback + - CLEANUP: mux-quic: remove useless app_ops is_active callback + - BUG/MINOR: mux-quic: do not free conn if attached streams + - MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer + - BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload + - BUG/MINOR: peers: Use right channel flag to consider the peer as connected + - BUG/MEDIUM: dns: Properly initialize new DNS session + - BUG/MINOR: backend: Don't increment conn_retries counter too early + - MINOR: server: Constify source server to copy its settings + - REORG: server: Export srv_settings_cpy() function + - BUG/MEDIUM: proxy: Perform a custom copy for default server settings + - MINOR: peers: Add a warning about incompatible SSL config for the local peer + - BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement + - BUG/MEDIUM: quic: Floating point exception in cubic_root() + - BUILD: http: silence an uninitialized warning affecting gcc-5 + - BUG/MINOR: quic: Avoid sending truncated datagrams + - BUG/MINOR: ring/cli: fix a race condition between the writer and the reader + - BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing + - BUG/MINOR: sink: fix a race condition between the writer and the reader + - BUG/MINOR: quic: do not reject datagrams matching minimum permitted size + - BUG/MINOR: quic: Missing Initial packet dropping case + - MINOR: quic: explicitely ignore sendto error + - BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr + - CLEANUP: assorted typo fixes in the code and comments + - BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h + - BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp() + - MINOR: quic: Too much useless traces in qc_build_frms() + - BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection + - CLEANUP: mux-quic: remove loop on sending frames + - BUG/MEDIUM: quic: always remove the connection from the accept list on close + - BUG/MEDIUM: poller: use fd_delete() to release the poller pipes + - BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() + - BUILD: stconn: fix build warning at -O3 about possible null sc + - BUILD: debug: silence warning on gcc-5 + - BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames() + - BUG/MEDIUM: ring: fix too lax 'size' parser + - BUG/MINOR: quic: memleak on wrong datagram receipt + - MINOR: stick-table: Add table_expire() and table_idle() new converters + - BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names + - MINOR: applet: add a function to reset the svcctx of an applet + - BUG/MEDIUM: cli: always reset the service context between commands + - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle + - BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized + - BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured + +2022/07/22 : 2.6.2 + - MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames + - BUG/MINOR: ssl: Do not look for key in extra files if already in pem + - BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created + - BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch + - MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD + - BUG/MEDIUM: ssl/fd: unexpected fd close using async engine + - BUILD: Makefile: Add Lua 5.4 autodetect + - CI: re-enable gcc asan builds + - MINOR: fd: Add BUG_ON checks on fd_insert() + - BUG/MINOR: peers/config: always fill the bind_conf's argument + - BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule + - BUG/MINOR: http-act: Properly generate 103 responses when several rules are used + - BUG/MINOR: peers: fix possible NULL dereferences at config parsing + - BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo + - MINOR: http: Add function to get port part of a host + - MINOR: http: Add function to detect default port + - BUG/MEDIUM: h1: Improve authority validation for CONNCET request + - MINOR: http-htx: Use new HTTP functions for the scheme based normalization + - BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream + - REGTEESTS: filters: Fix CONNECT request in random-forwarding script + - BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer + - BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state + - BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send + - MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() + - BUG/MINOR: quic: Missing acknowledgments for trailing packets + - BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer + - BUG/MAJOR: quic: Big RX dgrams leak when fulfilling a buffer + - BUG/MAJOR: quic: Big RX dgrams leak with POST requests + - BUILD: quic+h3: 32-bit compilation errors fixes + - BUG/MINOR: quic: Dropped packets not counted (with RX buffers full) + - MINOR: quic: Add new stats counter to diagnose RX buffer overrun + - MINOR: quic: Duplicated QUIC_RX_BUFSZ definition + - MINOR: task: Add tasklet_wakeup_after() + - MINOR: quic: Improvements for the datagrams receipt + - MINOR: quic: Increase the QUIC connections RX buffer size (upto 64Kb) + - MINOR: ncbuf: implement ncb_is_fragmented() + - BUG/MINOR: mux-quic: do not signal FIN if gap in buffer + - MINOR: h3: add h3c pointer into h3s instance + - MINOR: h3: handle errors on HEADERS parsing/QPACK decoding + - MINOR: qpack: properly handle invalid dynamic table references + - CLEANUP: h2: Typo fix in h2_unsubcribe() traces + - BUG/MEDIUM: mux-quic: fix server chunked encoding response + - BUG/MINOR: quic: fix closing state on NO_ERROR code sent + - BUG/MEDIUM: cli/threads: make "show threads" more robust on applets + - BUG/MINOR: debug: enter ha_panic() only once + - BUG/MEDIUM: tools: avoid calling dlsym() in static builds + - BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX + - BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) + - MINOR: resolvers: resolvers_destroy() deinit and free a resolver + - BUG/MINOR: resolvers: shut off the warning for the default resolvers + - BUG/MINOR: ssl: allow duplicate certificates in ca-file directories + - BUG/MINOR: tools: fix statistical_prng_range()'s output range + - BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake + - BUG/MINOR: mworker/cli: relative pid prefix not validated anymore + - BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap + - BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload + - BUILD: add detection for unsupported compiler models + - BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side + - BUILD: quic: fix anonymous union for gcc-4.4 + - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible + +2022/06/21 : 2.6.1 + - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails + - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails + - BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified + - BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified + - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry + - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry + - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases + - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases + - BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases + - BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them + - BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases + - MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs + - MEDIUM: httpclient: Don't close CLI applet at the end of a response + - REGTESTS: abortonclose: Add a barrier to not mix up log messages + - REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients + - BUG/MINOR: ssl_ckch: Use right type for old entry in show_crlfile_ctx + - BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield + - BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield + - BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield + - BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd + - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler + - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler + - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler + - REGTESTS: http_abortonclose: Extend supported versions + - REGTESTS: restrict_req_hdr_names: Extend supported versions + - BUILD: compiler: implement unreachable for older compilers too + - BUG/MEDIUM: mailers: Set the object type for check attached to an email alert + - BUG/MINOR: trace: Test server existence for health-checks to get proxy + - BUG/MINOR: checks: Properly handle email alerts in trace messages + - REGTESTS: healthcheckmail: Update the test to be functionnal again + - REGTESTS: healthcheckmail: Relax health-check failure condition + - BUG/MINOR: h3: fix frame type definition + - BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs + - BUG/MINOR: server: do not enable DNS resolution on disabled proxies + - BUG/MINOR: cli/stats: add missing trailing LF after "show info json" + - BUG/MEDIUM: mux-quic: fix flow control connection Tx level + - BUG/MINOR: mux-quic: fix memleak on frames rejected by transport + - BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration + - BUG/MEDIUM: stconn: Don't wakeup applet for send if it won't consume data + - BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing + - BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup + - BUG/MINOR: qpack: support header litteral name decoding + - MINOR: qpack: add comments and remove a useless trace + - BUG/MINOR: h3/qpack: deal with too many headers + - BUG/BUILD: h3: fix wrong label name + - BUG/MINOR: quic: Stop hardcoding Retry packet Version field + - BUG/MINOR: quic: Wrong PTO calculation + - BUG/MINOR: task: fix thread assignment in tasklet_kill() + - BUG/MEDIUM: stream: Properly handle destructive client connection upgrades + - MINOR: stream: Rely on stconn flags to abort stream destructive upgrade + - BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option + - BUG/MINOR: quic: Unexpected half open connection counter wrapping + - BUG/MINOR: quic_stats: Duplicate "quic_streams_data_blocked_bidi" field name + - BUG/MINOR: quic: purge conn Rx packet list on release + - BUG/MINOR: quic: free rejected Rx packets + - BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list + - BUG/MINOR: quic: Acknowledgement must be forced during handshake + - BUG/MEDIUM: mworker: use default maxconn in wait mode + - REGTESTS: ssl: add the same cert for client/server + +2022/05/31 : 2.6.0 + - DOC: Fix formatting in configuration.txt to fix dconv + - CLEANUP: tcpcheck: Remove useless test on the stream-connector in tcpcheck_main + - CLEANUP: muxes: Consider stream's sd as defined in .show_fd callback functions + - MINOR: quic: Ignore out of packet padding. + - CLEANUP: quic: Useless QUIC_CONN_TX_BUF_SZ definition + - CLEANUP: quic: No more used handshake output buffer + - MINOR: quic: QUIC transport parameters split. + - MINOR: quic: Transport parameters dump + - DOC: quic: Update documentation for QUIC Retry + - MINOR: quic: Tunable "max_idle_timeout" transport parameter + - MINOR: quic: Tunable "initial_max_streams_bidi" transport parameter + - MINOR: quic: Clarifications about transport parameters value + - MINOIR: quic_stats: add QUIC connection errors counters + - BUG/MINOR: quic: Largest RX packet numbers mixing + - MINOR: quic_stats: Add transport new counters (lost, stateless reset, drop) + - DOC: quic: Documentation update for QUIC + - MINOR: quic: Connection TX buffer setting renaming. + - MINOR: h3: Add a statistics module for h3 + - MINOR: quic: Send STOP_SENDING frames if mux is released + - MINOR: quic: Do not drop packets with RESET_STREAM frames + - BUG/MINOR: qpack: fix buffer API usage on prefix integer encoding + - BUG/MINOR: qpack: support bigger prefix-integer encoding + - BUG/MINOR: h3: do not report bug on unknown method + - SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs + - SCRIPTS: make publish-release try to launch make-releases-json + - MINOR: htx: add an unchecked version of htx_get_head_blk() + - BUILD: htx: use the unchecked version of htx_get_head_blk() where needed + - BUILD: quic: use inttypes.h instead of stdint.h + - DOC: internal: remove totally outdated diagrams + - DOC: remove the outdated ROADMAP file + - DOC: add maintainers for QUIC and HTTP/3 + - MINOR: h3: define h3 trace module + - MINOR: h3: add traces on frame recv + - MINOR: h3: add traces on frame send + - MINOR: h3: add traces on h3s init/end + - EXAMPLES: remove completely outdated acl-content-sw.cfg + - BUILD: makefile: reorder objects by build time + - DOC: fix a few spelling mistakes in the docs + - BUG/MEDIUM: peers/cli: fix "show peers" crash + - CLEANUP: peers/cli: stop misusing the appctx local variable + - CLEANUP: peers/cli: make peers_dump_peer() take an appctx instead of an stconn + - BUG/MINOR: peers: set the proxy's name to the peers section name + - MINOR: server: indicate when no address was expected for a server + - BUG/MINOR: peers: detect and warn on init_addr/resolvers/check/agent-check + - DOC: peers: indicate that some server settings are not usable + - DOC: peers: clarify when entry expiration date is renewed. + - DOC: peers: fix port number and addresses on new peers section format + - DOC: gpc/gpt: add commments of gpc/gpt array definitions on stick tables. + - DOC: install: update supported OpenSSL versions in the INSTALL doc + - MINOR: ncbuf: adjust ncb_data with NCBUF_NULL + - BUG/MINOR: h3: fix frame demuxing + - BUG/MEDIUM: h3: fix H3_EXCESSIVE_LOAD when receiving H3 frame header only + - BUG/MINOR: quic: Fix QUIC_EV_CONN_PRSAFRM event traces + - CLEANUP: quic: remove useless check on local UNI stream reception + - BUG/MINOR: qpack: do not consider empty enc/dec stream as error + - DOC: intro: adjust the numbering of paragrams to keep the output ordered + - MINOR: version: mention that it's LTS now. + +2022/05/27 : 2.6-dev12 + - CLEANUP: tools: Clean up non-QUIC error message handling in str2sa_range() + - BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str + - CLEANUP: tools: Crash if inet_ntop fails due to ENOSPC in sa2str + - BUG/MEDIUM: mux-quic: adjust buggy proxy closing support + - Revert "MINOR: quic: activate QUIC traces at compilation" + - Revert "MINOR: mux-quic: activate qmux traces on stdout via macro" + - CLEANUP: init: address a coverity warning about possible multiply overflow + - BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols + - MEDIUM: h1: enlarge the scope of accepted version chars with accept-invalid-http-request + - BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function + - BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections + - BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section + - BUG/MINOR: task: Don't defer tasks release when HAProxy is stopping + - MINOR: h3: mark ncbuf as const on h3_b_dup + - MINOR: mux-quic: do not alloc quic_stream_desc for uni remote stream + - MINOR: mux-quic: delay cs_endpoint allocation + - MINOR: mux-quic: add traces in qc_recv() + - MINOR: mux-quic: adjust return value of decode_qcs + - CLEANUP: h3: rename struct h3 -> h3c + - CLEANUP: h3: rename uni stream type constants + - BUG/MINOR: h3: prevent overflow when parsing SETTINGS + - MINOR: h3: refactor h3_control_send() + - MINOR: quic: support CONNECTION_CLOSE_APP emission + - MINOR: mux-quic: disable read on CONNECTION_CLOSE emission + - MINOR: h3: reject too big frames + - MINOR: mux-quic: emit STREAM_STATE_ERROR in qcc_recv + - BUG/MINOR: mux-quic: refactor uni streams TX/send H3 SETTINGS + - MINOR: h3/qpack: use qcs as type in decode callbacks + - MINOR: h3: define stream type + - MINOR: h3: refactor uni streams initialization + - MINOR: h3: check if frame is valid for stream type + - MINOR: h3: define non-h3 generic parsing function + - MEDIUM: quic: refactor uni streams RX + - CLEANUP: h3: remove h3 uni tasklet + - MINOR: h3: abort read on unknown uni stream + - MINOR: h3: refactor SETTINGS parsing/error reporting + - Revert "BUG/MINOR: task: Don't defer tasks release when HAProxy is stopping" + - DOC: configuration: add a warning for @system-ca on bind + - CLEANUP: init: address another coverity warning about a possible multiply overflow + - BUG/MINOR: ssl/lua: use correctly cert_ext in CertCache.set() + - BUG/MEDIUM: sample: Fix adjusting size in word converter + - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) + - CLEANUP: conn_stream: remove unneeded exclusion of RX_WAIT_EP from RXBLK_ANY + - CLEANUP: conn_stream: rename the cs_endpoint's context to "conn" + - MINOR: conn_stream: add new sets of functions to set/get endpoint flags + - DEV: coccinelle: add cs_endp_flags.cocci + - CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide + - DEV: coccinelle: add endp_flags.cocci + - CLEANUP: conn_stream: apply endp_flags.cocci tree-wide + - CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to SE_FL_* + - CLEANUP: conn_stream: rename the cs_endpoint's target to "se" + - CLEANUP: conn_stream: rename cs_endpoint to sedesc (stream endpoint descriptor) + - CLEANUP: applet: rename the sedesc pointer from "endp" to "sedesc" + - CLEANUP: conn_stream: rename the conn_stream's endp to sedesc + - CLEANUP: conn_stream: rename cs_app_* to sc_app_* + - CLEANUP: conn_stream: tree-wide rename to stconn (stream connector) + - CLEANUP: mux-h1: add and use h1s_sc() to retrieve the stream connector + - CLEANUP: mux-h2: add and use h2s_sc() to retrieve the stream connector + - CLEANUP: mux-fcgi: add and use fcgi_strm_sc() to retrieve the stream connector + - CLEANUP: mux-pt: add and use pt_sc() to retrieve the stream connector + - CLEANUP: stdesc: rename the stream connector ->cs field to ->sc + - CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb" + - CLEANUP: stconn: tree-wide rename stream connector flags CS_FL_* to SC_FL_* + - CLEANUP: stconn: tree-wide rename stconn states CS_ST/SB_* to SC_ST/SB_* + - MINOR: check: export wake_srv_chk() + - MINOR: conn_stream: test the various ops functions before calling them + - MEDIUM: stconn: merge the app_ops and the data_cb fields + - MINOR: applet: add new wrappers to put chk/blk/str/chr to channel from appctx + - CLEANUP: applet: use applet_put*() everywhere possible + - CLEANUP: stconn: rename cs_{i,o}{b,c} to sc_{i,o}{b,c} + - CLEANUP: stconn: rename cs_{check,strm,strm_task} to sc_strm_* + - CLEANUP: stconn: rename cs_conn() to sc_conn() + - CLEANUP: stconn: rename cs_mux() to sc_mux_strm() + - CLEANUP: stconn: rename cs_conn_mux() to sc_mux_ops() + - CLEANUP: stconn: rename cs_appctx() to sc_appctx() + - CLEANUP: stconn: rename __cs_endp_target() to __sc_endp() + - CLEANUP: stconn: rename cs_get_data_name() to sc_get_data_name() + - CLEANUP: stconn: rename cs_conn_*() to sc_conn_*() + - CLEANUP: stconn: rename cs_conn_get_first() to conn_get_first_sc() + - CLEANUP: stconn: rename cs_ep_set_error() to se_fl_set_error() + - CLEANUP: stconn: make a few functions take a const argument + - CLEANUP: stconn: use a single function to know if SC may send to SE + - MINOR: stconn: consider CF_SHUTW for sc_is_send_allowed() + - MINOR: stconn: remove calls to cs_done_get() + - MEDIUM: stconn: always rely on CF_SHUTR in addition to cs_rx_blocked() + - MEDIUM: stconn: remove SE_FL_RXBLK_SHUT + - MINOR: stconn: rename SE_FL_RXBLK_CONN to SE_FL_APPLET_NEED_CONN + - MEDIUM: stconn: take SE_FL_APPLET_NEED_CONN out of the RXBLK_ANY flags + - CLEANUP: stconn: rename cs_rx_room_{blk,rdy} to sc_{need,have}_room() + - CLEANUP: stconn: rename cs_rx_chan_{blk,rdy} to sc_{wont,will}_read() + - CLEANUP: stconn: rename cs_rx_buff_{blk,rdy} to sc_{need,have}_buff() + - MINOR: stconn: start to rename cs_rx_endp_{more,done}() to se_have_{no_,}more_data() + - MINOR: stconn: add sc_is_recv_allowed() to check for ability to receive + - CLEANUP: stconn: rename SE_FL_RX_WAIT_EP to SE_FL_HAVE_NO_DATA + - MEDIUM: stconn: move the RXBLK flags to the stream connector + - CLEANUP: stconn: rename SE_FL_WANT_GET to SE_FL_WILL_CONSUME + - CLEANUP: stconn: remove cs_tx_blocked() and cs_tx_endp_ready() + - CLEANUP: stconn: rename cs_{want,stop}_get() to se_{will,wont}_consume() + - CLEANUP: stconn: rename cs_cant_get() to se_need_more_data() + - CLEANUP: stconn: rename cs_{new,create,free,destroy}_* to sc_* + - CLEANUP: stconn: rename remaining management functions from cs_* to sc_* + - CLEANUP: stconn: rename cs{,_get}_{src,dst} to sc_* + - CLEANUP: stconn: rename cs_{shut,chk}* to sc_* + - CLEANUP: stconn: rename final state manipulation functions from cs_* to sc_* + - CLEANUP: quic: drop the name "conn_stream" from the pool variable names + - REORG: rename cs_utils.h to sc_strm.h + - REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h} + - CLEANUP: muxes: rename "get_first_cs" to "get_first_sc" + - DEV: flags: use "sc" for stream conns instead of "cs" + - CLEANUP: check: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: connection: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: stconn: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: quic/h3: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: stream: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: promex: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: stats: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: cli: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: applet: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: cache: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: dns: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: spoe: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: hlua: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: log-forward: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: http-client: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: mux-fcgi: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: mux-h1: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: mux-h2: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: mux-pt: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: peers: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: sink: rename all occurrences of stconn "cs" to "sc" + - CLEANUP: sslsock: remove only occurrence of local variable "cs" + - CLEANUP: applet: rename appctx_cs() to appctx_sc() + - CLEANUP: stream: rename stream_upgrade_from_cs() to stream_upgrade_from_sc() + - CLEANUP: obj_type: rename OBJ_TYPE_CS to OBJ_TYPE_SC + - CLEANUP: stconn: replace a few remaining occurrences of CS in comments or traces + - DOC: internal: update the muxes doc to mention the stconn + - CLEANUP: mux-quic: rename the "endp" field to "sd" + - CLEANUP: mux-h1: rename the "endp" field to "sd" + - CLEANUP: mux-h2: rename the "endp" field to "sd" + - CLEANUP: mux-fcgi: rename the "endp" field to "sd" + - CLEANUP: mux-pt: rename the "endp" field to "sd" + - CLEANUP: stconn: rename a few "endp" arguments and variables to "sd" + - MINOR: stconn: turn SE_FL_WILL_CONSUME to SE_FL_WONT_CONSUME + - CLEANUP: stream: remove unneeded test on appctx during initialization + - CLEANUP: stconn: remove the new unneeded SE_FL_APP_MASK + - DEV: flags: fix "siet" shortcut name + - DEV: flags: rename the "endp" shortcut to "sd" for "stream descriptor" + - DEV: flags: reorder a few SC/SE flags + - DOC: internal: add a description of the stream connectors and descriptors + +2022/05/20 : 2.6-dev11 + - CI: determine actual LibreSSL version dynamically + - BUG/MEDIUM: ncbuf: fix null buffer usage + - MINOR: ncbuf: fix warnings for testing build + - MEDIUM: http-ana: Add a proxy option to restrict chars in request header names + - MEDIUM: ssl: Delay random generator initialization after config parsing + - MINOR: ssl: Add 'ssl-propquery' global option + - MINOR: ssl: Add 'ssl-provider' global option + - CLEANUP: Add missing header to ssl_utils.c + - CLEANUP: Add missing header to hlua_fcn.c + - CLEANUP: Remove unused function hlua_get_top_error_string + - BUILD: fix build warning on solaris based systems with __maybe_unused. + - MINOR: tools: add get_exec_path implementation for solaris based systems. + - BUG/MINOR: ssl: Fix crash when no private key is found in pem + - CLEANUP: conn-stream: Remove cs_applet_shut declaration from header file + - MINOR: applet: Prepare appctx to own the session on frontend side + - MINOR: applet: Let the frontend appctx release the session + - MINOR: applet: Change return value for .init callback function + - MINOR: stream: Export stream_free() + - MINOR: applet: Add appctx_init() helper fnuction + - MINOR: applet: Add a function to finalize frontend appctx startup + - MINOR: applet: Add function to release appctx on error during init stage + - MEDIUM: dns: Refactor dns appctx creation + - MEDIUM: spoe: Refactor SPOE appctx creation + - MEDIUM: lua: Refactor cosocket appctx creation + - MEDIUM: httpclient: Refactor http-client appctx creation + - MINOR: sink: Add a ref to sink in the sink_forward_target structure + - MEDIUM: sink: Refactor sink forwarder appctx creation + - MINOR: peers: Add a ref to peers section in the peer structure + - MEDIUM: peers: Refactor peer appctx creation + - MINOR: applet: Add API to start applet on a thread subset + - MEDIUM: applet: Add support for async appctx startup on a thread subset + - MINOR: peers: Track number of applets run by thread + - MEDIUM: peers: Balance applets across threads + - MINOR: conn-stream/applet: Stop setting appctx as the endpoint context + - CLEANUP: proxy: Remove dead code when parsing "http-restrict-req-hdr-names" option + - REGTESTS: abortonclose: Fix some race conditions + - MINOR: ssl: Add 'ssl-provider-path' global option + - CLEANUP: http_ana: Make use of the return value of stream_generate_unique_id() + - BUG/MINOR: spoe: Fix error handling in spoe_init_appctx() + - CLEANUP: peers: Remove unreachable code in peer_session_create() + - CLEANUP: httpclient: Remove useless test on ss_dst in httpclient_applet_init() + - BUG/MEDIUM: quic: fix Rx buffering + - OPTIM: quic: realign empty Rx buffer + - BUG/MINOR: ncbuf: fix ncb_is_empty() + - MINOR: ncbuf: refactor ncb_advance() + - BUG/MINOR: mux-quic: update session's idle delay before stream creation + - MINOR: h3: do not wait a complete frame for demuxing + - MINOR: h3: flag demux as full on HTX full + - MEDIUM: mux-quic: implement recv on io-cb + - MINOR: mux-quic: remove qcc_decode_qcs() call in XPRT + - MINOR: mux-quic: reorganize flow-control frames emission + - MINOR: mux-quic: implement MAX_STREAM_DATA emission + - MINOR: mux-quic: implement MAX_DATA emission + - BUG/MINOR: mux-quic: support nul buffer with qc_free_ncbuf() + - MINOR: mux-quic: free RX buf if empty + - BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() + - BUG/MINOR: check: Reinit the buffer wait list at the end of a check + - MEDIUM: check: No longer shutdown the connection in .wake callback function + - REORG: check: Rename and export I/O callback function + - MEDIUM: check: Use the CS to handle subscriptions for read/write events + - BUG/MINOR: quic: break for error on sendto + - MINOR: quic: abort on unlisted errno on sendto() + - MINOR: quic: detect EBADF on sendto() + - BUG/MEDIUM: quic: fix initialization for local/remote TPs + - CLEANUP: quic: adjust comment/coding style for TPs init + - BUG/MINOR: cfgparse: abort earlier in case of allocation error + - MINOR: quic: Dump initial derived secrets + - MINOR: quic_tls: Add quic_tls_derive_retry_token_secret() + - MINOR: quic_tls: Add quic_tls_decrypt2() implementation + - MINOR: quic: Retry implementation + - MINOR: cfgparse: Update for "cluster-secret" keyword for QUIC Retry + - MINOR: quic: Move quic_lstnr_dgram_dispatch() out of xprt_quic.c + - BUILD: stats: Missing headers inclusions from stats.h + - MINOR: quic_stats: Add a new stats module for QUIC + - MINOR: quic: Attach proxy QUIC stats counters to the QUIC connection + - BUG/MINOR: quic: Fix potential memory leak during QUIC connection allocations + - MINOR: quic: QUIC stats counters handling + - MINOR: quic: Add tune.quic.retry-threshold keyword + - MINOR: quic: Dynamic Retry implementation + - MINOR: quic/mux-quic: define CONNECTION_CLOSE send API + - MINOR: mux-quic: emit FLOW_CONTROL_ERROR + - MINOR: mux-quic: emit STREAM_LIMIT_ERROR + - MINOR: mux-quic: close connection on error if different data at offset + - BUG/MINOR: peers: fix error reporting of "bind" lines + - CLEANUP: config: improve address parser error report for unmatched protocols + - CLEANUP: config: provide cleare hints about unsupported QUIC addresses + - MINOR: protocol: replace ctrl_type with xprt_type and clarify it + - MINOR: listener: provide a function to process all of a bind_conf's arguments + - MINOR: config: use the new bind_parse_args_list() to parse a "bind" line + - CLEANUP: listener: add a comment about what the BC_SSL_O_* flags are for + - MINOR: listener: add a new "options" entry in bind_conf + - CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL + - CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS + - CLEANUP: listener: replace bind_conf->quic_force_retry with BC_O_QUIC_FORCE_RETRY + - CLEANUP: listener: store stream vs dgram at the bind_conf level + - MINOR: listener: detect stream vs dgram conflict during parsing + - MINOR: listener: set the QUIC xprt layer immediately after parsing the args + - MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known + - MINOR: connection: add flag MX_FL_FRAMED to mark muxes relying on framed xprt + - MINOR: config: detect and report mux and transport incompatibilities + - MINOR: listener: automatically select a QUIC mux with a QUIC transport + - MINOR: listener: automatically enable SSL if a QUIC transport is found + - BUG/MINOR: quic: Fixe a typo in qc_idle_timer_task() + - BUG/MINOR: quic: Missing <conn_opening> stats counter decrementation + - BUILD/MINOR: cpuset fix build for FreeBSD 13.1 + - CI: determine actual OpenSSL version dynamically + +2022/05/14 : 2.6-dev10 + - MINOR: ssl: ignore dotfiles when loading a dir w/ ca-file + - MEDIUM: ssl: ignore dotfiles when loading a dir w/ crt + - BUG/MINOR: ssl: Fix typos in crl-file related CLI commands + - MINOR: compiler: add a new macro to set an attribute on an enum when possible + - BUILD: stats: conditionally mark obsolete stats states as deprecated + - BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation + - BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings + - BUILD: listener: shut report of possible null-deref in listener_accept() + - BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( + - DOC: install: update gcc version requirements + - BUILD: makefile: add -Wfatal-errors to the default flags + - BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). + - BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket + - BUG/MINOR: mux-h2: mark the stream as open before processing it not after + - MINOR: mux-h2: report a trace event when failing to create a new stream + - DOC: configuration: add the httpclient keywords to the global keywords index + - MINOR: quic: Add a debug counter for sendto() errors + - BUG/MINOR: quic: Dropped peer transport parameters + - BUG/MINOR: quic: Wrong unit for ack delay for incoming ACK frames + - MINOR: quic: Congestion controller event trace fix (loss) + - MINOR: quic: Add correct ack delay values to ACK frames + - MINOR: config: Add "cluster-secret" new global keyword + - MINOR: quic-tls: Add quic_hkdf_extract_and_expand() for HKDF + - MINOR: quic: new_quic_cid() code moving + - MINOR: quic: Initialize stateless reset tokens with HKDF secrets + - MINOR: qc_new_conn() rework for stateless reset + - MINOR: quic: Stateless reset token copy to transport parameters + - MINOR: quic: Send stateless reset tokens + - MINOR: quic: Short packets always embed a trailing AEAD TAG + - CLEANUP: quic: wrong use of eb*entry() macro + - CLEANUP: quic: Useless use of pointer for quic_hkdf_extract() + - CLEANUP: quic_tls: QUIC_TLS_IV_LEN defined two times + - MINOR: ncbuf: define non-contiguous buffer + - MINOR: ncbuf: complete API and define block interal abstraction + - MINOR: ncbuf: optimize storage for the last gap + - MINOR: ncbuf: implement insertion + - MINOR: ncbuf: define various insertion modes + - MINOR: ncbuf: implement advance + - MINOR: ncbuf: write unit tests + - BUG/MEDIUM: lua: fix argument handling in data removal functions + - DOC/MINOR: fix typos in the lua-api document + - BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized + - MINOR: mux-h1: Add global option accpet payload for any HTTP/1.0 requests + - CLEANUP: mux-h1: Fix comments and error messages for global options + - MINOR: conn_stream: make cs_set_error() work on the endpoint instead + - CLEANUP: mux-h1: always take the endp from the h1s not the cs + - CLEANUP: mux-h2: always take the endp from the h2s not the cs + - CLEANUP: mux-pt: always take the endp from the context not the cs + - CLEANUP: mux-fcgi: always take the endp from the fstrm not the cs + - CLEANUP: mux-quic: always take the endp from the qcs not the cs + - CLEANUP: applet: use the appctx's endp instead of cs->endp + - MINOR: conn_stream: add a pointer back to the cs from the endpoint + - MINOR: mux-h1: remove the now unneeded h1s->cs + - MINOR: mux-h2: make sure any h2s always has an endpoint + - MINOR: mux-h2: remove the now unneeded conn_stream from the h2s + - MINOR: mux-fcgi: make sure any stream always has an endpoint + - MINOR: mux-fcgi: remove the now unneeded conn_stream from the fcgi_strm + - MINOR: mux-quic: remove the now unneeded conn_stream from the qcs + - MINOR: mux-pt: remove the now unneeded conn_stream from the context + - CLEANUP: muxes: make mux->attach/detach take a conn_stream endpoint + - MINOR: applet: replace cs_applet_shut() with appctx_shut() + - MINOR: applet: add appctx_strm() and appctx_cs() to access common fields + - CLEANUP: applet: remove the unneeded appctx->owner + - CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp() + - MINOR: ext-check: indicate the transport and protocol of a server + - BUG/MEDIUM: mux-quic: fix a thinko in the latest cs/endpoint cleanup + - MINOR: tools: improve error message accuracy in str2sa_range + - MINOR: config: make sure never to mix dgram and stream protocols on a bind line + - BUG/MINOR: ncbuf: fix coverity warning on uninit sz_data + - MINOR: xprt_quic: adjust flow-control according to bufsize + - MEDIUM: mux-quic/h3/hq-interop: use ncbuf for bidir streams + - MEDIUM: mux-quic/h3/qpack: use ncbuf for uni streams + - CLEANUP: mux-quic: remove unused fields for Rx + - CLEANUP: quic: remove unused quic_rx_strm_frm + +2022/05/08 : 2.6-dev9 + - MINOR: mux-quic: support full request channel buffer + - BUG/MINOR: h3: fix parsing of unknown frame type with null length + - CLEANUP: backend: make alloc_{bind,dst}_address() idempotent + - MEDIUM: stream: remove the confusing SF_ADDR_SET flag + - MINOR: conn_stream: remove the now unused CS_FL_ADDR_*_SET flags + - CLEANUP: protocol: make sure the connect_* functions always receive a dst + - MINOR: connection: get rid of the CO_FL_ADDR_*_SET flags + - MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags + - CLEANUP: mux: Useless xprt_quic-t.h inclusion + - MINOR: quic: Make the quic_conn be aware of the number of streams + - BUG/MINOR: quic: Dropped retransmitted STREAM frames + - BUG/MINOR: mux_quic: Dropped packet upon retransmission for closed streams + - MEDIUM: httpclient: remove url2sa to use a more flexible parser + - MEDIUM: httpclient: http-request rules for resolving + - MEDIUM: httpclient: allow address and port change for resolving + - CLEANUP: httpclient: remove the comment about resolving + - MINOR: httpclient: handle unix and other socket types in dst + - MINOR: httpclient: rename dash by dot in global option + - MINOR: init: exit() after pre-check upon error + - MINOR: httpclient: cleanup the error handling in init + - MEDIUM: httpclient: hard-error when SSL is configured + - MINOR: httpclient: allow to configure the ca-file + - MINOR: httpclient: configure the resolvers section to use + - MINOR: httpclient: allow ipv4 or ipv6 preference for resolving + - DOC: configuration: httpclient global option + - MINOR: conn-stream: Add mask from flags set by endpoint or app layer + - BUG/MEDIUM: conn-stream: Only keep app layer flags of the endpoint on reset + - BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message + - BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified + - DOC: config: Update doc for PR/PH session states to warn about rewrite failures + - MINOR: resolvers: cleanup alert/warning in parse-resolve-conf + - MINOR: resolvers: move the resolv.conf parser in parse_resolv_conf() + - MINOR: resolvers: resolvers_new() create a resolvers with default values + - BUILD: debug: unify the definition of ha_backtrace_to_stderr() + - BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] + - MEDIUM: resolvers: create a "default" resolvers section at startup + - DOC: resolvers: default resolvers section + - BUG/MINOR: startup: usage() when no -cc arguments + - BUG/MEDIUM: resolvers: make "show resolvers" properly yield + - BUG/MEDIUM: cli: make "show cli sockets" really yield + - BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend" + - BUG/MINOR: map/cli: protect the backref list during "show map" errors + - BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init + - BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts + - BUG/MINOR: ssl/cli: fix "show ssl ca-file <name>" not to mix cli+ssl contexts + - BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts + - BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts + - CLEANUP: ssl/cli: do not loop on unknown states in "add ssl crt-list" handler + - MINOR: applet: reserve some generic storage in the applet's context + - CLEANUP: applet: make appctx_new() initialize the whole appctx + - CLEANUP: stream/cli: take the "show sess" context definition out of the appctx + - CLEANUP: stream/cli: stop using appctx->st2 for the dump state + - CLEANUP: stream/cli: remove the unneeded init state from "show sess" + - CLEANUP: stream/cli: remove the unneeded STATE_FIN state from "show sess" + - CLEANUP: stream/cli: remove the now unneeded dump state from "show sess" + - CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx + - CLEANUP: stick-table/cli: take the "show table" context definition out of the appctx + - CLEANUP: stick-table/cli: stop using appctx->st2 for the dump state + - CLEANUP: stick-table/cli: remove the unneeded STATE_INIT for "show table" + - CLEANUP: map/cli: take the "show map" context definition out of the appctx + - CLEANUP: map/cli: stop using cli.i0/i1 to store the generation numbers + - CLEANUP: map/cli: stop using appctx->st2 for the dump state + - CLEANUP: map/cli: always detach the backref from the list after "show map" + - CLEANUP: peers/cli: take the "show peers" context definition out of the appctx + - CLEANUP: peers/cli: stop using appctx->st2 for the dump state + - CLEANUP: peers/cli: remove unneeded state STATE_INIT + - CLEANUP: cli: initialize the whole appctx->ctx, not just the stats part + - CLEANUP: promex: make the applet use its own context + - CLEANUP: promex: stop using appctx->st2 + - CLEANUP: stats/cli: take the "show stat" context definition out of the appctx + - CLEANUP: stats/cli: stop using appctx->st2 + - CLEANUP: hlua/cli: take the hlua_cli context definition out of the appctx + - CLEANUP: ssl/cli: use a local context for "show cafile" + - CLEANUP: ssl/cli: use a local context for "show crlfile" + - CLEANUP: ssl/cli: use a local context for "show ssl cert" + - CLEANUP: ssl/cli: use a local context for "commit ssl cert" + - CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl cert" + - CLEANUP: ssl/cli: use a local context for "set ssl cert" + - CLEANUP: ssl/cli: use a local context for "set ssl cafile" + - CLEANUP: ssl/cli: use a local context for "set ssl crlfile" + - CLEANUP: ssl/cli: use a local context for "commit ssl {ca|crl}file" + - CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl ca/crl" + - CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys" + - CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref" + - CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore + - CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore + - CLEANUP: ssl/cli: make "{show|dump} ssl crtlist" use its own context + - CLEANUP: ssl/cli: make "add ssl crtlist" use its own context + - CLEANUP: ssl/cli: make "add ssl crtlist" not use st2 anymore + - CLEANUP: dns: stop abusing the sink forwarder's context + - CLEANUP: sink: use the generic context to store the forwarder's context + - CLEANUP: activity/cli: make "show profiling" not use ctx.cli anymore + - CLEANUP: debug/cli: make "debug dev fd" not use ctx.cli anymore + - CLEANUP: debug/cli: make "debug dev memstats" not use ctx.cli anymore + - CLEANUP: ring: pass the ring watch flags to ring_attach_cli(), not in ctx.cli + - CLEANUP: ring/cli: use a locally-defined context instead of using ctx.cli + - CLEANUP: resolvers/cli: make "show resolvers" use a locally-defined context + - CLEANUP: resolvers/cli: remove the unneeded appctx->st2 from "show resolvers" + - CLEANUP: cache/cli: make use of a locally defined context for "show cache" + - CLEANUP: proxy/cli: make use of a locally defined context for "show servers" + - CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers" + - CLEANUP: proxy/cli: make "show backend" only use the generic context + - CLEANUP: cli: make "show fd" use its own context + - CLEANUP: cli: make "show env" use its own context + - CLEANUP: cli: simplify the "show cli sockets" I/O handler + - CLEANUP: cli: make "show cli sockets" use its own context + - CLEANUP: httpclient/cli: use a locally-defined context instead of ctx.cli + - CLEANUP: httpclient: do not use the appctx.ctx anymore + - CLEANUP: peers: do not use appctx.ctx anymore + - CLEANUP: spoe: do not use appctx.ctx anymore + - BUILD: applet: mark the CLI's generic variables as deprecated + - BUILD: applet: mark the appctx's st2 variable as deprecated + - CLEANUP: cache: take the context out of appctx.ctx + - MEDIUM: lua: move the cosocket storage outside of appctx.ctx + - MINOR: lua: move the tcp service storage outside of appctx.ctx + - MINOR: lua: move the http service context out of appctx.ctx + - CLEANUP: cli: move the status print context into its own context + - CLEANUP: stats: rename the stats state values an mark the old ones deprecated + - DOC: internal: document the new cleaner approach to the appctx + - MINOR: tcp: socket translate TCP_KEEPIDLE for macOs equivalent + - DOC: fix typo "ant" for "and" in INSTALL + - CI: dynamically determine actual version of h2spec + +2022/04/30 : 2.6-dev8 + - BUG/MINOR: quic: fix use-after-free with trace on ACK consume + - BUG/MINOR: rules: Forbid captures in defaults section if used by a backend + - BUG/MEDIUM: rules: Be able to use captures defined in defaults section + - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments + - BUG/MINOR: http-act: make release_http_redir() more robust + - BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args + - MINOR: sample: don't needlessly call c_none() in sample_fetch_as_type() + - MINOR: sample: make the bool type cast to bin + - MEDIUM: backend: add new "balance hash <expr>" algorithm + - MINOR: init: add global setting "fd-hard-limit" to bound system limits + - BUILD: pollers: use an initcall to register the pollers + - BUILD: xprt: use an initcall to register the transport layers + - BUILD: thread: use initcall instead of a constructor + - BUILD: http: remove the two unused constructors in rules and ana + - CLEANUP: compression: move the default setting of maxzlibmem to defaults + - MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN + - BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time' + - MINOR: fd: add functions to set O_NONBLOCK and FD_CLOEXEC + - CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec() + - CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h + - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc + - REGTESTS: webstats: remove unused stats socket in /tmp + - MEDIUM: httpclient: disable SSL when the ca-file couldn't be loaded + - BUG/MINOR: httpclient/lua: error when the httpclient_start() fails + - BUG/MINOR: ssl: free the cafile entries on deinit + - BUG/MINOR: ssl: memory leak when trying to load a directory with ca-file + - MEDIUM: httpclient: re-enable the verify by default + - BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail + - BUILD: compiler: properly distinguish weak and global symbols + - MINOR: connection: Add way to disable active connection closing during soft-stop + - BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option + - CLEANUP: Destroy `http_err_chunks` members during deinit + - BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() + - MINOR: Call deinit_and_exit(0) for `haproxy -vv` + - BUILD: fd: disguise the fd_set_nonblock/cloexec result + - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() + - MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord" + - CLEANUP: errors: also call deinit_errors_buffers() on deinit() + - CLEANUP: chunks: release trash also in deinit + - CLEANUP: deinit: release the pre-check callbacks + - CLEANUP: deinit: release the config postparsers + - CLEANUP: listeners/deinit: release accept queue tasklets on deinit + - CLEANUP: connections/deinit: destroy the idle_conns tasks + - BUG/MINOR: mux-quic: fix build in release mode + - MINOR: mux-quic: adjust comment on emission function + - MINOR: mux-quic: remove unused bogus qcc_get_stream() + - BUG/MINOR: mux-quic: fix leak if cs alloc failure + - MINOR: mux-quic: count local flow-control stream limit on reception + - BUG/MINOR: h3: fix incomplete POST requests + - BUG/MEDIUM: h3: fix use-after-free on mux Rx buffer wrapping + - MINOR: mux-quic: partially copy Rx frame if almost full buf + - MINOR: h3: change frame demuxing API + - MINOR: mux-quic: add a app-layer context in qcs + - MINOR: h3: implement h3 stream context + - MINOR: h3: support DATA demux if buffer full + - MINOR: quic: decode as much STREAM as possible + - MINOR: quic: Improve qc_prep_pkts() flexibility + - MINOR: quic: Prepare quic_frame struct duplication + - MINOR: quic: Do not retransmit frames from coalesced packets + - MINOR: quic: Add traces about TX frame memory releasing + - MINOR: quic: process_timer() rework + - MEDIUM: quic: New functions for probing rework + - MEDIUM: quic: Retransmission functions rework + - MEDIUM: quic: qc_requeue_nacked_pkt_tx_frms() rework + - MINOR: quic: old data distinction for qc_send_app_pkt() + - MINOR: quic: Mark packets as probing with old data + - MEDIUM: quic: Mark copies of acknowledged frames as acknowledged + - MEDIUM: quic: Enable the new datagram probing process + - MINOR: quic: Do not send ACK frames when probing + - BUG/MINOR: quic: Wrong returned status by qc_build_frms() + - BUG/MINOR: quic: Avoid sending useless PADDING frame + - BUG/MINOR: quic: Traces fix about remaining frames upon packet build failure + - MINOR: quic: Wake up the mux to probe with new data + - BUG/MEDIUM: quic: Possible crash on STREAM frame loss + - BUG/MINOR: quic: Missing Initial packet length check + - CLEANUP: quic: Rely on the packet length set by qc_lstnr_pkt_rcv() + - MINOR: quic: Drop 0-RTT packets if not allowed + - BUG/MINOR: httpclient/ssl: use the correct verify constant + - BUG/MEDIUM: conn-stream: Don't erase endpoint flags on reset + - BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel + - BUG/MINOR: httpclient: Count metadata in size to transfer via htx_xfer_blks() + - MINOR: httpclient: Don't use co_set_data() to decrement output + - BUG/MINOR: conn_stream: do not confirm a connection from the frontend path + - MEDIUM: quic: do not ACK packet with STREAM if MUX not present + - MEDIUM: quic: do not ack packet with invalid STREAM + - MINOR: quic: Drop 0-RTT packets without secrets + - CLEANUP: quic: Remaining fprintf() debug trace + - MINOR: quic: moving code for QUIC loss detection + - BUG/MINOR: quic: Missing time threshold multiplifier for loss delay computation + - CI: github actions: update LibreSSL to 3.5.2 + - SCRIPTS: announce-release: add URL of dev packages + +2022/04/23 : 2.6-dev7 + - BUILD: calltrace: fix wrong include when building with TRACE=1 + - MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones + - MEDIUM: ssl: Disable DHE ciphers by default + - BUILD: ssl: Fix compilation with OpenSSL 1.0.2 + - MINOR: mux-quic: split xfer and STREAM frames build + - REORG: quic: use a dedicated module for qc_stream_desc + - MINOR: quic-stream: use distinct tree nodes for quic stream and qcs + - MINOR: quic-stream: add qc field + - MEDIUM: quic: implement multi-buffered Tx streams + - MINOR: quic-stream: refactor ack management + - MINOR: quic: limit total stream buffers per connection + - MINOR: mux-quic: implement immediate send retry + - MINOR: cfg-quic: define tune.quic.conn-buf-limit + - MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option + - REGTESTS: ssl: Update error messages that changed with OpenSSLv3.1.0-dev + - BUG/MEDIUM: quic: Possible crash with released mux + - BUG/MINOR: mux-quic: unsubscribe on release + - BUG/MINOR: mux-quic: handle null timeout + - BUG/MEDIUM: logs: fix http-client's log srv initialization + - BUG/MINOR: mux-quic: remove dead code in qcs_xfer_data() + - DEV: stream: Fix conn-streams dump in full stream message + - CLEANUP: conn-stream: Rename cs_conn_close() and cs_conn_drain_and_close() + - CLEANUP: conn-stream: Rename cs_applet_release() + - MINOR: conn-stream: Rely on endpoint shutdown flags to shutdown an applet + - BUG/MINOR: cache: Disable cache if applet creation fails + - BUG/MINOR: backend: Don't allow to change backend applet + - BUG/MEDIUM: conn-stream: Set back CS to RDY state when the appctx is created + - MINOR: stream: Don't needlessly detach server endpoint on early client abort + - MINOR: conn-stream: Make cs_detach_* private and use cs_destroy() from outside + - MINOR: init: add the pre-check callback + - MEDIUM: httpclient: change the init sequence + - MEDIUM: httpclient/ssl: verify required + - MINOR: httpclient/mworker: disable in the master process + - MEDIUM: httpclient/ssl: verify is configurable and disabled by default + - BUG/MAJOR: connection: Never remove connection from idle lists outside the lock + - BUG/MEDIUM: mux-quic: fix stalled POST requets + - BUG/MINOR: mux-quic: fix POST with abortonclose + - MINOR: task: add a new task_instant_wakeup() function + - MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks + - DOC: remove my name from the config doc + +2022/04/16 : 2.6-dev6 + - CLEANUP: connection: reduce the with of the mux dump output + - CI: Update to actions/checkout@v3 + - CI: Update to actions/cache@v3 + - DOC: adjust QUIC instruction in INSTALL + - BUG/MINOR: stats: define the description' background color in dark color scheme + - BUILD: ssl: add USE_ENGINE and disable the openssl engine by default + - BUILD: makefile: pass USE_ENGINE to cflags + - BUILD: xprt-quic: replace ERR_func_error_string() with ERR_peek_error_func() + - DOC: install: document the fact that SSL engines are not enabled by default + - CI: github actions: disable -Wno-deprecated + - BUILD: makefile: silence unbearable OpenSSL deprecation warnings + - MINOR: sock: check configured limits at the sock layer, not the listener's + - MINOR: connection: add a new flag CO_FL_FDLESS on fd-less connections + - MINOR: connection: add conn_fd() to retrieve the FD only when it exists + - MINOR: stream: only dump connections' FDs when they are valid + - MINOR: connection: use conn_fd() when displaying connection errors + - MINOR: connection: skip FD-based syscalls for FD-less connections + - MEDIUM: connection: panic when calling FD-specific functions on FD-less conns + - MINOR: mux-quic: properly set the flags and name fields + - MINOR: connection: rearrange conn_get_src/dst to be a bit more extensible + - MINOR: protocol: add get_src() and get_dst() at the protocol level + - MINOR: quic-sock: provide a pair of get_src/get_dst functions + - MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection + - MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx + - MEDIUM: xprt-quic: implement get_ssl_sock_ctx() + - MEDIUM: quic: move conn->qc into conn->handle + - BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx + - BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx() + - MINOR: ssl: refine the error testing for fc_err and fc_err_str + - BUG/MINOR: sock: do not double-close the accepted socket on the error path + - CI: cirrus: switch to FreeBSD-13.0 + - MINOR: log: add '~' to frontend when the transport layer provides SSL + - BUILD/DEBUG: lru: fix printf format in debug code + - BUILD: peers: adjust some printf format to silence cppcheck + - BUILD/DEBUG: hpack-tbl: fix format string in standalone debug code + - BUILD/DEBUG: hpack: use unsigned int in printf format in debug code + - BUILD: halog: fix some incorrect signs in printf formats for integers + - BUG/MINOR: h3: fix build with DEBUG_H3 + - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent + - BUG/MINOR: cache: do not display expired entries in "show cache" + - BUG/MINOR: mux-h1: Don't release unallocated CS on error path + - MINOR: applet: Make .init callback more generic + - MINOR: conn-stream: Add flags to set the type of the endpoint + - MEDIUM: applet: Set the appctx owner during allocation + - MAJOR: conn-stream: Invert conn-stream endpoint and its context + - REORG: Initialize the conn-stream by hand in cs_init() + - MEDIUM: conn-stream: Add an endpoint structure in the conn-stream + - MINOR: conn-stream: Move some CS flags to the endpoint + - MEDIUM: conn-stream: Be able to pass endpoint to create a conn-stream + - MEDIUM: conn-stream: Pre-allocate endpoint to create CS from muxes and applets + - REORG: applet: Uninline appctx_new function + - MAJOR: conn-stream: Share endpoint struct between the CS and the mux/applet + - MEDIUM: conn-stream: Move remaning flags from CS to endpoint + - MINOR: mux-pt: Rely on the endpoint instead of the conn-stream when possible + - MINOR: conn-stream: Add ISBACK conn-stream flag + - MINOR: conn-stream: Add header file with util functions related to conn-streams + - MEDIUM: tree-wide: Use CS util functions instead of SI ones + - MINOR: stream-int/txn: Move buffer for L7 retries in the HTTP transaction + - CLEANUP: http-ana: Remove http_alloc_txn() function + - MINOR: stream-int/stream: Move conn_retries counter in the stream + - MINOR: stream: Simplify retries counter calculation + - MEDIUM: stream-int/conn-stream: Move src/dst addresses in the conn-stream + - MINOR: stream-int/conn-stream: Move half-close timeout in the conn-stream + - MEDIUM: stream-int/stream: Use connect expiration instead of SI expiration + - MINOR: stream-int/conn-stream: Report error to the CS instead of the SI + - MEDIUM: conn-stream: Use endpoint error instead of conn-stream error + - MINOR: channel: Use conn-streams as channel producer and consumer + - MINOR: stream-int: Remove SI_FL_KILL_CON to rely on conn-stream endpoint only + - MINOR: mux-h2/mux-fcgi: Fully rely on CS_EP_KILL_CONN + - MINOR: stream-int: Remove SI_FL_NOLINGER/NOHALF to rely on CS flags instead + - MINOR: stream-int: Remove SI_FL_DONT_WAKE to rely on CS flags instead + - MINOR: stream-int: Remove SI_FL_INDEP_STR to rely on CS flags instead + - MINOR: stream-int: Remove SI_FL_SRC_ADDR to rely on stream flags instead + - CLEANUP: stream-int: Remove unused SI_FL_CLEAN_ABRT flag + - MINOR: stream: Only save previous connection state for the server side + - MEDIUM: stream-int: Move SI err_type in the stream + - MEDIUM: stream-int/conn-stream: Move stream-interface state in the conn-stream + - MINOR: stream-int/stream: Move si_retnclose() in the stream scope + - MINOR: stream-int/backend: Move si_connect() in the backend scope + - MINOR: stream-int/conn-stream: Move si_conn_ready() in the conn-stream scope + - MINOR: conn-stream/connection: Move SHR/SHW modes in the connection scope + - MEDIUM: conn-stream: Be prepared to fail to attach a cs to a mux + - MEDIUM: stream-int/conn-stream: Handle I/O subscriptions in the conn-stream + - MINOR: conn-stream: Rename CS functions dedicated to connections + - MINOR: stream-int/conn-stream: Move si_shut* and si_chk* in conn-stream scope + - MEDIUM: stream-int/conn-stream: Move si_ops in the conn-stream scope + - MINOR: applet: Use the CS to register and release applets instead of SI + - MINOR: connection: unconst mux's get_fist_cs() callback function + - MINOR: stream-int/connection: Move conn_si_send_proxy() in the connection scope + - REORG: stream-int: Export si_cs_recv(), si_cs_send() and si_cs_process() + - REORG: stream-int: Move si_is_conn_error() in the header file + - REORG: conn-stream: Move cs_shut* and cs_chk* in cs_utils + - REORG: conn-stream: Move cs_app_ops in conn_stream.c + - MINOR: stream-int-conn-stream: Move si_update_* in conn-stream scope + - MINOR: stream-int/stream: Move si_update_both in stream scope + - MEDIUM: conn-stream/applet: Add a data callback for applets + - MINOR: stream-int/conn-stream: Move stream_int_read0() in the conn-stream scope + - MINOR: stream-int/conn-stream: Move stream_int_notify() in the conn-stream scope + - MINOR: stream-int/conn-stream: Move si_cs_io_cb() in the conn-stream scope + - MINOR: stream-int/conn-stream: Move si_sync_recv/send() in conn-stream scope + - MINOR: conn-stream: Move si_conn_cb in the conn-stream scope + - MINOR: stream-int/conn-stream Move si_is_conn_error() in the conn-stream scope + - MINOR: stream-int/conn-stream: Move si_alloc_ibuf() in the conn-stream scope + - CLEANUP: stream-int: Remove unused SI functions + - MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS + - MEDIUM: stream-int/conn-stream: Move I/O functions to conn-stream + - REORG: stream-int/conn-stream: Move remaining functions to conn-stream + - MINOR: stream: Use conn-stream to report server error + - MINOR: http-ana: Use CS to perform L7 retries + - MEDIUM: stream: Don't use the stream-int anymore in process_stream() + - MINOR: conn-stream: Remove the stream-interface from the conn-stream + - DEV: flags: No longer dump SI flags + - CLEANUP: tree-wide: Remove any ref to stream-interfaces + - CLEANUP: conn-stream: Don't export internal functions + - DOC: conn-stream: Add comments on functions of the new CS api + - MEDIUM: check: Use a new conn-stream for each health-check run + - CLEANUP: muxes: Remove MX_FL_CLEAN_ABRT flag + - MINOR: conn-stream: Use a dedicated function to conditionally remove a CS + - CLEANUP: conn-stream: rename cs_register_applet() to cs_applet_create() + - MINOR: muxes: Improve show_fd callbacks to dump endpoint flags + - MINOR: mux-h1: Rely on the endpoint instead of the conn-stream when possible + - BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client + - BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak + - BUILD: initcall: mark the __start_i_* symbols as weak, not global + - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side + - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive + - MINOR: muxes: Don't expect to have a mux without connection in destroy callback + - MINOR: muxes: Don't handle proto upgrade for muxes not supporting it + - MINOR: muxes: Don't expect to call release function with no mux defined + - MINOR: conn-stream: Use unsafe functions to get conn/appctx in cs_detach_endp + - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers + - BUILD: http-client: Avoid dead code when compiled without SSL support + - BUG/MINOR: mux-quic: prevent a crash in session_free on mux.destroy + - BUG/MINOR: quic-sock: do not double free session on conn init failure + - BUG/MINOR: quic: fix return value for error in start + - MINOR: quic: emit CONNECTION_CLOSE on app init error + - BUILD: sched: workaround crazy and dangerous warning in Clang 14 + - BUILD: compiler: use a more portable set of asm(".weak") statements + - BUG/MEDIUM: stream: do not abort connection setup too early + - CLEANUP: extcheck: do not needlessly preset the server's address/port + - MINOR: extcheck: fill in the server's UNIX socket address when known + - BUG/MEDIUM: connection: Don't crush context pointer location if it is a CS + - BUG/MEDIUM: quic: properly clean frames on stream free + - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added + - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags + - MINOR: tcp_sample: clarifying samples support per os, for further expansion. + - MINOR: tcp_sample: extend support for get_tcp_info to macOs. + - SCRIPTS: announce-release: update the doc's URL + - DOC: lua: update a few doc URLs + - SCRIPTS: announce-release: add shortened links to pending issues + +2022/04/09 : 2.6-dev5 + - DOC: reflect H2 timeout changes + - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing + - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing + - BUG/MINOR: log: Initialize the list element when allocating a new log server + - BUG/MINOR: samples: add missing context names for sample fetch functions + - MINOR: management: add some basic keyword dump infrastructure + - MINOR: config: add a function to dump all known config keywords + - MINOR: filters: extend flt_dump_kws() to dump to stdout + - MINOR: services: extend list_services() to dump to stdout + - MINOR: cli: add a new keyword dump function + - MINOR: acl: add a function to dump the list of known ACL keywords + - MINOR: samples: add a function to list register sample fetch keywords + - MINOR: sample: list registered sample converter functions + - MINOR: tools: add strordered() to check whether strings are ordered + - MINOR: action: add a function to dump the list of actions for a ruleset + - MINOR: config: alphanumerically sort config keywords output + - MINOR: sample: alphanumerically sort sample & conv keyword dumps + - MINOR: acl: alphanumerically sort the ACL dump + - MINOR: cli: alphanumerically sort the dump of supported commands + - MINOR: filters: alphabetically sort the list of filter names + - MINOR: services: alphabetically sort service names + - MEDIUM: httpclient/lua: be stricter with httpclient parameters + - MINOR: ssl: split the cert commit io handler + - MINOR: ssl: move the cert_exts and the CERT_TYPE enum + - MINOR: ssl: simplify the certificate extensions array + - MINOR: ssl: export ckch_inst_rebuild() + - MINOR: ssl: add "crt" in the cert_exts array + - MINOR: ssl/lua: CertCache.set() allows to update an SSL certificate file + - BUILD: ssl/lua: CacheCert needs OpenSSL + - DOC: lua: CertCache class documentation + - BUG/MEDIUM: quic: do not use qcs from quic_stream on ACK parsing + - MINOR: mux-quic: return qcs instance from qcc_get_qcs + - MINOR: mux-quic: reorganize qcs free + - MINOR: mux-quic: define release app-ops + - BUG/MINOR: h3: release resources on close + - BUG/MINOR: mux-quic: ensure to free all qcs on MUX release + - CLEANUP: quic: complete comment on qcs_try_to_consume + - MINOR: quic: implement stream descriptor for transport layer + - MEDIUM: quic: move transport fields from qcs to qc_conn_stream + - MEDIUM: mux-quic: remove qcs tree node + - BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads + - DOC: management: add missing dot in 9.4.1 + - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream + - DOC: remove double blanks in configuration.txt + - CI: github actions: update OpenSSL to 3.0.2 + - BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets() + - CLEANUP: quic: Remove all atomic operations on quic_conn struct + - CLEANUP: quic: Remove all atomic operations on packet number spaces + - MEDIUM: quic: Send ACK frames asap + - BUG/MINOR: quic: Missing probing packets when coalescing + - BUG/MINOR: quic: Discard Initial packet number space only one time + - MINOR: quic: Do not display any timer value from process_timer() + - BUG/MINOR: quic: Do not probe from an already probing packet number space + - BUG/MINOR: quic: Non duplicated frames upon fast retransmission + - BUG/MINOR: quic: Too much prepared retransmissions due to anti-amplification + - MINOR: quic: Useless call to SSL_CTX_set_default_verify_paths() + - MINOR: quic: Add traces about list of frames + - BUG/MINOR: h3: Missing wait event struct field initialization + - BUG/MINOR: quic: QUIC TLS secrets memory leak + - BUG/MINOR: quic: Missing ACK range deallocations + - BUG/MINOR: quic: Missing TX packet deallocations + - CLEANUP: hpack: be careful about integer promotion from uint8_t + - OPTIM: hpack: read 32 bits at once when possible. + - MEDIUM: ssl: allow loading of a directory with the ca-file directive + - BUG/MINOR: ssl: continue upon error when opening a directory w/ ca-file + - MINOR: ssl: ca-file @system-ca loads the system trusted CA + - DOC: configuration: add the ca-file changes + - MINOR: sample: converter: Add add_item convertor + - BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL + - BUG/MINOR: ssl/cli: Remove empty lines from CLI output + - MINOR: httpclient: enable request buffering + - MEDIUM: httpclient: enable l7-retry + - BUG/MINOR: httpclient: end callback in applet release + - MINOR: quic: Add draining connection state. + - MINOR: quic: Add closing connection state + - BUG/MEDIUM: quic: ensure quic-conn survives to the MUX + - CLEANUP: quic: use static qualifer on quic_close + - CLEANUP: mux-quic: remove unused QC_CF_CC_RECV + - BUG/MINOR: fix memleak on quic-conn streams cleaning + - MINOR: mux-quic: factorize conn-stream attach + - MINOR: mux-quic: adjust timeout to accelerate closing + - MINOR: mux-quic: define is_active app-ops + - MINOR: mux-quic: centralize send operations in qc_send + - MEDIUM: mux-quic: report CO_FL_ERROR on send + - MEDIUM: mux-quic: report errors on conn-streams + - MEDIUM: quic: report closing state for the MUX + - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests + - BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message + - BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet + - BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message + - BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached + - BUG/MINOR: http_client: Don't add input data on an empty request buffer + - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples + - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid + - CLEANUP: mux-quic: remove uneeded TODO in qc_detach + - BUG/MEDIUM: mux-quic: properly release conn-stream on detach + - BUG/MINOR: quic: set the source not the destination address on accept() + - BUG/MEDIUM: quic: Possible crash from quic_free_arngs() + - MINOR: quic_tls: Add reusable cipher contexts to QUIC TLS contexts + - MINOR: quic_tls: Stop hardcoding cipher IV lengths + - CLEANUP: quic: Do not set any cipher/group from ssl_quic_initial_ctx() + - MINOR: quic: Add short packet key phase bit values to traces + - MINOR: quic_tls: Make key update use of reusable cipher contexts + - BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() + - BUG/BUILD: opentracing: fixed OT_DEFINE variable setting + - EXAMPLES: opentracing: refined shell scripts for testing filter performance + - DOC: opentracing: corrected comments in function descriptions + - CLEANUP: opentracing: removed unused function flt_ot_var_unset() + - CLEANUP: opentracing: removed unused function flt_ot_var_get() + - Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'" + - MINOR: opentracing: only takes the variables lock on shared entries + - CLEANUP: opentracing: added flt_ot_smp_init() function + - CLEANUP: opentracing: added variable to store variable length + - MINOR: opentracing: improved normalization of context variable names + - DEBUG: opentracing: show return values of all functions in the debug output + - CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum + - DEBUG: opentracing: display the contents of the err variable after setting + - MAJOR: opentracing: reenable usage of vars to transmit opentracing context + - Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time" + - MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window + +2022/03/26 : 2.6-dev4 + - BUG/MEDIUM: httpclient: don't consume data before it was analyzed + - CLEANUP: htx: remove unused co_htx_remove_blk() + - BUG/MINOR: httpclient: consume partly the blocks when necessary + - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers + - BUG/MEDIUM: httpclient: must manipulate head, not first + - REGTESTS: fix the race conditions in be2hex.vtc + - BUG/MEDIUM: quic: Blocked STREAM when retransmitted + - BUG/MAJOR: quic: Possible crash with full congestion control window + - BUG/MINOR: httpclient/lua: stuck when closing without data + - BUG/MEDIUM: applet: Don't call .release callback function twice + - BUG/MEDIUM: cli/debug: Properly get the stream-int in all debug I/O handlers + - BUG/MEDIUM: sink: Properly get the stream-int in appctx callback functions + - DEV: udp: switch parser to getopt() instead of positional arguments + - DEV: udp: add support for random packet corruption + - MINOR: server: export server_parse_sni_expr() function + - BUG/MINOR: httpclient: send the SNI using the host header + - BUILD: httpclient: fix build without SSL + - BUG/MINOR: server/ssl: free the SNI sample expression + - BUG/MINOR: logs: fix logsrv leaks on clean exit + - MINOR: actions: add new function free_act_rule() to free a single rule + - BUG/MINOR: tcp-rules: completely free incorrect TCP rules on error + - BUG/MINOR: http-rules: completely free incorrect TCP rules on error + - BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA + - BUG/MINOR: httpclient: process the response when received before the end of the request + - BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty() + - CI: github actions: switch to LibreSSL-3.5.1 + - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf + - BUG/MEDIUM: stream-int: do not rely on the connection error once established + - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner + - MEDIUM: mux-h2: slightly relax timeout management rules + - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts + - BUG/MINOR: rules: Initialize the list element when allocating a new rule + - BUG/MINOR: http-rules: Don't free new rule on allocation failure + - DEV: coccinelle: Fix incorrect replacement in ist.cocci + - CLEANUP: Reapply ist.cocci with `--include-headers-for-types --recursive-includes` + - DEV: coccinelle: Add a new pattern to ist.cocci + - CLEANUP: Reapply ist.cocci + - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ + - MINOR: quic: Code factorization (TX buffer reuse) + - CLEANUP: quic: "largest_acked_pn" pktns struc member moving + - MEDIUM: quic: Limit the number of ACK ranges + - MEDIUM: quic: Rework of the TX packets memory handling + - BUG/MINOR: quic: Possible crash in parse_retry_token() + - BUG/MINOR: quic: Possible leak in quic_build_post_handshake_frames() + - BUG/MINOR: quic: Unsent frame because of qc_build_frms() + - BUG/MINOR: mux-quic: Access to empty frame list from qc_send_frames() + - BUG/MINOR: mux-quic: Missing I/O handler events initialization + - BUG/MINOR: quic: Missing TX packet initializations + - BUG/MINOR: quic: 1RTT packets ignored after mux was released + - BUG/MINOR: quic: Incorrect peer address validation + - BUG/MINOR: quic: Non initialized variable in quic_build_post_handshake_frames() + - BUG/MINOR: quic: Wrong TX packet related counters handling + - MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 + - DOC: config: Explictly add supported MQTT versions + - MINOR: quic: Add traces about stream TX buffer consumption + - MINOR: quic: Add traces in qc_set_timer() (scheduling) + - CLEANUP: mux-quic: change comment style to not mess with git conflict + - CLEANUP: mux-quic: adjust comment for coding-style + - MINOR: mux-quic: complete trace when stream is not found + - MINOR: mux-quic: add comments for send functions + - MINOR: mux-quic: use shorter name for flow-control fields + - MEDIUM: mux-quic: respect peer bidirectional stream data limit + - MEDIUM: mux-quic: respect peer connection data limit + - MINOR: mux-quic: support MAX_STREAM_DATA frame parsing + - MINOR: mux-quic: support MAX_DATA frame parsing + - BUILD: stream-int: avoid a build warning when DEBUG is empty + - BUG/MINOR: quic: Wrong buffer length passed to generate_retry_token() + - BUG/MINOR: tools: fix url2sa return value with IPv4 + - MINOR: mux-quic: convert fin on push-frame as boolean + - BUILD: quic: add missing includes + - REORG: quic: use a dedicated quic_loss.c + - MINOR: mux-quic: declare the qmux trace module + - MINOR: mux-quic: replace printfs by traces + - MINOR: mux-quic: add trace event for frame sending + - MINOR: mux-quic: add trace event for qcs_push_frame + - MINOR: mux-quic: activate qmux traces on stdout via macro + - BUILD: qpack: fix unused value when not using DEBUG_HPACK + - CLEANUP: qpack: suppress by default stdout traces + - CLEANUP: h3: suppress by default stdout traces + - BUG/MINOR: tools: url2sa reads too far when no port nor path + +2022/03/11 : 2.6-dev3 + - DEBUG: rename WARN_ON_ONCE() to CHECK_IF() + - DEBUG: improve BUG_ON output message accuracy + - DEBUG: implement 4 levels of choices between warn and crash. + - DEBUG: add two new macros to enable debugging in hot paths + - DEBUG: buf: replace some sensitive BUG_ON() with BUG_ON_HOT() + - DEBUG: buf: add BUG_ON_HOT() to most buffer management functions + - MINOR: channel: don't use co_set_data() to decrement output + - DEBUG: channel: add consistency checks using BUG_ON_HOT() in some key functions + - MINOR: conn-stream: Improve API to have safe/unsafe accessors + - MEDIUM: tree-wide: Use unsafe conn-stream API when it is relevant + - CLEANUP: stream-int: Make si_cs_send() function static + - REORG: stream-int: Uninline si_sync_recv() and make si_cs_recv() private + - BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks + - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() + - REGTESTS: fix the race conditions in normalize_uri.vtc + - DEBUG: stream-int: Fix BUG_ON used to test appctx in si_applet_ops callbacks + - BUILD: debug: fix build warning on older compilers around DEBUG_STRICT_ACTION + - CLEANUP: connection: Indicate unreachability to the compiler in conn_recv_proxy + - MINOR: connection: Transform safety check in PROXYv2 parsing into BUG_ON() + - DOC: install: it's DEBUG_CFLAGS, not DEBUG, which is set to -g + - DOC: install: describe the DEP variable + - DOC: install: describe how to choose options used in the DEBUG variable + - MINOR: queue: Replace if() + abort() with BUG_ON() + - CLEANUP: adjust indentation in bidir STREAM handling function + - MINOR: quic: simplify copy of STREAM frames to RX buffer + - MINOR: quic: handle partially received buffered stream frame + - MINOR: mux-quic: define flag for last received frame + - BUG/MINOR: quic: support FIN on Rx-buffered STREAM frames + - MEDIUM: quic: rearchitecture Rx path for bidirectional STREAM frames + - REGTESTS: fix the race conditions in secure_memcmp.vtc + - CLEANUP: stream: Remove useless tests on conn-stream in stream_dump() + - BUILD: ssl: another build warning on LIBRESSL_VERSION_NUMBER + - MINOR: quic: Ensure PTO timer is not set in the past + - MINOR: quic: Post handshake I/O callback switching + - MINOR: quic: Drop the packets of discarded packet number spaces + - CLEANUP: quic: Useless tests in qc_try_rm_hp() + - CLEANUP: quic: Indentation fix in qc_prep_pkts() + - MINOR: quic: Assemble QUIC TLS flags at the same level + - BUILD: conn_stream: avoid null-deref warnings on gcc 6 + - BUILD: connection: do not declare register_mux_proto() inline + - BUILD: http_rules: do not declare http_*_keywords_registre() inline + - BUILD: trace: do not declare trace_registre_source() inline + - BUILD: tcpcheck: do not declare tcp_check_keywords_register() inline + - DEBUG: reduce the footprint of BUG_ON() calls + - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST + - BUG/MINOR: pool: always align pool_heads to 64 bytes + - DEV: udp: add a tiny UDP proxy for testing + - DEV: udp: implement pseudo-random reordering/loss + - DEV: udp: add an optional argument to set the prng seed + - BUG/MINOR: quic: fix segfault on CC if mux uninitialized + - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed + - CLEANUP: tree-wide: remove a few rare non-ASCII chars + - CI: coverity: simplify debugging options + - CLEANUP: quic: complete ABORT_NOW with a TODO comment + - MINOR: quic: qc_prep_app_pkts() implementation + - MINOR: quic: Send short packet from a frame list + - MINOR: quic: Make qc_build_frms() build ack-eliciting frames from a list + - MINOR: quic: Export qc_send_app_pkts() + - MINOR: mux-quic: refactor transport parameters init + - MINOR: mux-quic: complete functions to detect stream type + - MINOR: mux-quic: define new unions for flow-control fields + - MEDIUM: mux-quic: use direct send transport API for STREAMs + - MINOR: mux-quic: retry send opportunistically for remaining frames + - MEDIUM: mux-quic: implement MAX_STREAMS emission for bidir streams + - BUILD: fix kFreeBSD build. + - MINOR: quic: Retry on qc_build_pkt() failures + - BUG/MINOR: quic: Missing recovery start timer reset + - CLEANUP: quic: Remove QUIC path manipulations out of the congestion controller + - MINOR: quic: Add a "slow start" callback to congestion controller + - MINOR: quic: Persistent congestion detection outside of controllers + - CLEANUP: quic: Remove useless definitions from quic_cc_event struct + - BUG/MINOR: quic: Confusion betwen "in_flight" and "prep_in_flight" in quic_path_prep_data() + - MINOR: quic: More precise window update calculation + - CLEANUP: quic: Remove window redundant variable from NewReno algorithm state struct + - MINOR: quic: Add quic_max_int_by_size() function + - BUG/MAJOR: quic: Wrong quic_max_available_room() returned value + - MINOR: pools: add a new global option "no-memory-trimming" + - BUG/MINOR: add missing modes in proxy_mode_str() + - BUG/MINOR: cli: shows correct mode in "show sess" + - BUG/MEDIUM: quic: do not drop packet on duplicate stream/decoding error + - MINOR: stats: Add dark mode support for socket rows + - BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix + - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request + - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request + - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request + - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request + - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request + - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams + - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet + - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing + - DEBUG: stream: Add the missing descriptions for stream trace events + - DEBUG: stream: Fix stream trace message to print response buffer state + - MINOR: proxy: Store monitor_uri as a `struct ist` + - MINOR: proxy: Store fwdfor_hdr_name as a `struct ist` + - MINOR: proxy: Store orgto_hdr_name as a `struct ist` + - MEDIUM: proxy: Store server_id_hdr_name as a `struct ist` + - CLEANUP: fcgi: Replace memcpy() on ist by istcat() + - CLEANUP: fcgi: Use `istadv()` in `fcgi_strm_send_params` + - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach + - DOC: sample fetch methods: move distcc_* to the right locations + - MINOR: rules: record the last http/tcp rule that gave a final verdict + - MINOR: stream: add "last_rule_file" and "last_rule_line" samples + - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() + - MINOR: quic: Add max_idle_timeout advertisement handling + - MEDIUM: quic: Remove the QUIC connection reference counter + - BUG/MINOR: quic: ACK_REQUIRED and ACK_RECEIVED flag collision + - BUG/MINOR: quic: Missing check when setting the anti-amplification limit as reached + - MINOR: quic: Add a function to compute the current PTO + - MEDIUM: quic: Implement the idle timeout feature + - BUG/MEDIUM: quic: qc_prep_app_pkts() retries on qc_build_pkt() failures + - CLEANUP: quic: Comments fix for qc_prep_(app)pkts() functions + - MINOR: mux-quic: prevent push frame for unidir streams + - MINOR: mux-quic: improve opportunistic retry sending for STREAM frames + - MINOR: quic: implement sending confirmation + - MEDIUM: mux-quic: improve bidir STREAM frames sending + - MEDIUM: check: do not auto configure SSL/PROXY for dynamic servers + - REGTESTS: server: test SSL/PROXY with checks for dynamic servers + - MEDIUM: server: remove experimental-mode for dynamic servers + - BUG/MINOR: buffer: fix debugging condition in b_peek_varint() + +2022/02/25 : 2.6-dev2 + - DOC: management: rework the Master CLI section + - DOC: management: add expert and experimental mode in 9.4.1 + - CLEANUP: cleanup a commentary in pcli_parse_request() + - BUG/MINOR: mworker/cli: don't display help on master applet + - MINOR: mworker/cli: mcli-debug-mode enables every command + - MINOR: mworker/cli: add flags in the prompt + - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation + - BUG/MEDIUM: httpclient: Xfer the request when the stream is created + - MINOR: httpclient: Don't limit data transfer to 1024 bytes + - BUILD: ssl: adjust guard for X509_get_X509_PUBKEY(x) + - REGTESTS: ssl: skip show_ssl_ocspresponse.vtc when BoringSSL is used + - MINOR: quic: Do not modify a marked as consumed datagram + - MINOR: quic: Wrong datagram buffer passed to quic_lstnr_dgram_dispatch() + - MINOR: quic: Remove a useless test in quic_get_dgram_dcid() + - BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output + - CLEANUP: ssl: Remove unused ssl_sock_create_cert function + - MINOR: ssl: Use high level OpenSSL APIs in sha2 converter + - MINOR: ssl: Remove EC_KEY related calls when preparing SSL context + - REGTESTS: ssl: Add test for "curves" and "ecdhe" SSL options + - MINOR: ssl: Remove EC_KEY related calls when creating a certificate + - REGTESTS: ssl: Add test for "generate-certificates" SSL option + - MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3 + - MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3 + - MINOR: h3: hardcode the stream id of control stream + - MINOR: mux-quic: remove quic_transport_params_update + - MINOR: quic: rename local tid variable + - MINOR: quic: remove unused xprt rcv_buf operation + - MINOR: quic: take out xprt snd_buf operation + - CI: enable QUIC for Coverity scan + - BUG/MINOR: mworker: does not erase the pidfile upon reload + - MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 + - MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3 + - REGTESTS: ssl: Add tests for DH related options + - MINOR: ssl: Create HASSL_DH wrapper structure + - MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function + - MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name + - MINOR: ssl: Add ssl_sock_set_tmp_dh helper function + - MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function + - MINOR: ssl: Add ssl_new_dh_fromdata helper function + - MINOR: ssl: Build local DH of right size when needed + - MINOR: ssl: Set default dh size to 2048 + - MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type) + - MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3 + - MINOR: quic: Remove an RX buffer useless lock + - MINOR: quic: Variable used before being checked in ha_quic_add_handshake_data() + - MINOR: quic: EINTR error ignored + - MINOR: quic: Potential overflow expression in qc_parse_frm() + - MINOR: quic: Possible overflow in qpack_get_varint() + - CLEANUP: h3: Unreachable target in h3_uqs_init() + - MINOR: quic: Possible memleak in qc_new_conn() + - MINOR: quic: Useless statement in quic_crypto_data_cpy() + - BUG/MEDIUM: pools: ensure items are always large enough for the pool_cache_item + - BUG/MINOR: pools: always flush pools about to be destroyed + - CLEANUP: pools: don't needlessly set a call mark during refilling of caches + - DEBUG: pools: add extra sanity checks when picking objects from a local cache + - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool + - DEBUG: pools: replace the link pointer with the caller's address on pool_free() + - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks + - MINOR: quic: use a global dghlrs for each thread + - BUG/MEDIUM: quic: fix crash on CC if mux not present + - MINOR: qpack: fix typo in trace + - BUG/MINOR: quic: fix FIN stream signaling + - BUG/MINOR: h3: fix the header length for QPACK decoding + - MINOR: h3: remove transfer-encoding header + - MINOR: h3: add documentation on h3_decode_qcs + - MINOR: h3: set properly HTX EOM/BODYLESS on HEADERS parsing + - MINOR: mux-quic: implement rcv_buf + - MINOR: mux-quic: set EOS on rcv_buf + - MINOR: h3: set CS_FL_NOT_FIRST + - MINOR: h3: report frames bigger than rx buffer + - MINOR: h3: extract HEADERS parsing in a dedicated function + - MINOR: h3: implement DATA parsing + - MINOR: quic: Wrong smoothed rtt initialization + - MINOR: quic: Wrong loss delay computation + - MINOR: quic: Code never reached in qc_ssl_sess_init() + - MINOR: quic: ha_quic_set_encryption_secrets without server specific code + - MINOR: quic: Avoid warning about NULL pointer dereferences + - MINOR: quic: Useless test in quic_lstnr_dghdlr() + - MINOR: quic: Non checked returned value for cs_new() in hq_interop_decode_qcs() + - MINOR: h3: Dead code in h3_uqs_init() + - MINOR: quic: Non checked returned value for cs_new() in h3_decode_qcs() + - MINOR: quic: Possible frame parsers array overrun + - MINOR: quic: Do not retransmit too much packets. + - MINOR: quic: Move quic_rxbuf_pool pool out of xprt part + - MINOR: h3: report error on HEADERS/DATA parsing + - BUG/MINOR: jwt: Double free in deinit function + - BUG/MINOR: jwt: Missing pkey free during cleanup + - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls + - BUG/MINOR: httpclient/cli: display junk characters in vsn + - MINOR: h3: remove unused return value on decode_qcs + - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies + - BUG/MAJOR: spoe: properly detach all agents when releasing the applet + - REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc + - REGTESTS: peers: leave a bit more time to peers to synchronize + - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change + - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream + - BUG/MINOR: httpclient: reinit flags in httpclient_start() + - BUG/MINOR: mailers: negotiate SMTP, not ESMTP + - MINOR: httpclient: sets an alternative destination + - MINOR: httpclient/lua: add 'dst' optionnal field + - BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print + - BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command + - BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print + - CLEANUP: httpclient/cli: fix indentation alignment of the help message + - BUG/MINOR: tools: url2sa reads ipv4 too far + - BUG/MEDIUM: httpclient: limit transfers to the maximum available room + - DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected + - MINOR: mux-quic: fix a possible null dereference in qc_timeout_task + - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message + - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer + - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer + - DEBUG: stream-int: Check CS_FL_WANT_ROOM is not set with an empty input buffer + - MINOR: quic: do not modify offset node if quic_rx_strm_frm in tree + - MINOR: h3: fix compiler warning variable set but not used + - MINOR: mux-quic: fix uninitialized return on qc_send + - MINOR: quic: fix handling of out-of-order received STREAM frames + - MINOR: pools: mark most static pool configuration variables as read-mostly + - CLEANUP: pools: remove the now unused pool_is_crowded() + - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks + - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails + - MINOR: httpclient/lua: ability to set a server timeout + - BUG/MINOR: httpclient/lua: missing pop for new timeout parameter + - DOC: httpclient/lua: fix the type of the dst parameter + - CLEANUP: httpclient: initialize the client in stage INIT not REGISTER + - CLEANUP: muxes: do not use a dynamic trash in list_mux_protos() + - CLEANUP: vars: move the per-process variables initialization to vars.c + - CLEANUP: init: remove the ifdef on HAPROXY_MEMMAX + - MINOR: pools: disable redundant poisonning on pool_free() + - MINOR: pools: introduce a new pool_debugging global variable + - MINOR: pools: switch the fail-alloc test to runtime only + - MINOR: pools: switch DEBUG_DONT_SHARE_POOLS to runtime + - MINOR: pools: add a new debugging flag POOL_DBG_COLD_FIRST + - MINOR: pools: add a new debugging flag POOL_DBG_INTEGRITY + - MINOR: pools: make the global pools a runtime option. + - MEDIUM: pools: replace CONFIG_HAP_POOLS with a runtime "NO_CACHE" flag. + - MINOR: pools: store the allocated size for each pool + - MINOR: pools: get rid of POOL_EXTRA + - MINOR: pools: replace DEBUG_POOL_TRACING with runtime POOL_DBG_CALLER + - MINOR: pools: replace DEBUG_MEMORY_POOLS with runtime POOL_DBG_TAG + - MINOR: pools: add a debugging flag for memory poisonning option + - MEDIUM: initcall: move STG_REGISTER earlier + - MEDIUM: init: split the early initialization in its own function + - MINOR: init: extract args parsing to their own function + - MEDIUM: init: handle arguments earlier + - MINOR: pools: delegate parsing of command line option -dM to a new function + - MINOR: pools: support setting debugging options using -dM + - BUILD: makefile: enable both DEBUG_STRICT and DEBUG_MEMORY_POOLS by default + - CI: github: enable pool debugging by default + - DOC: Fix usage/examples of deprecated ACLs + - DOC: internal: update the pools API to mention boot-time settings + - DOC: design: add design thoughts for later simplification of the pools + - DOC: design: commit the temporary design notes on thread groups + - MINOR: stream-int: Handle appctx case first when releasing the endpoint + - MINOR: connection: Be prepared to handle conn-stream with no connection + - MINOR: stream: Handle appctx case first when creating a new stream + - MINOR: connection: Add a function to detach a conn-stream from the connection + - MINOR: stream-int: Add function to reset a SI endpoint + - MINOR: stream-int: Add function to attach a connection to a SI + - MINOR: stream-int: Be able to allocate a CS without connection + - MEDIUM: stream: No longer release backend conn-stream on connection retry + - MEDIUM: stream: Allocate backend CS when the stream is created + - REORG: conn_stream: move conn-stream stuff in dedicated files + - MEDIUM: conn-stream: No longer access connection field directly + - MEDIUM: conn-stream: Be prepared to use an appctx as conn-stream endpoint + - MAJOR: conn_stream/stream-int: move the appctx to the conn-stream + - MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int + - MEDIUM: conn_stream: Add a pointer to the app object into the conn-stream + - MINOR: stream: Add pointer to front/back conn-streams into stream struct + - MINOR: stream: Slightly rework stream_new to separate CS/SI initialization + - MINOR: stream-int: Always access the stream-int via the conn-stream + - MINOR: backend: Always access the stream-int via the conn-stream + - MINOR: stream: Always access the stream-int via the conn-stream + - MINOR: http-ana: Always access the stream-int via the conn-stream + - MINOR: cli: Always access the stream-int via the conn-stream + - MINOR: log: Always access the stream-int via the conn-stream + - MINOR: frontend: Always access the stream-int via the conn-stream + - MINOR: proxy: Always access the stream-int via the conn-stream + - MINOR: peers: Always access the stream-int via the conn-stream + - MINOR: debug: Always access the stream-int via the conn-stream + - MINOR: hlua: Always access the stream-int via the conn-stream + - MINOR: cache: Always access the stream-int via the conn-stream + - MINOR: dns: Always access the stream-int via the conn-stream + - MINOR: http-act: Always access the stream-int via the conn-stream + - MINOR: httpclient: Always access the stream-int via the conn-stream + - MINOR: tcp-act: Always access the stream-int via the conn-stream + - MINOR: sink: Always access the stream-int via the conn-stream + - MINOR: conn-stream: Rename cs_detach() to cs_detach_endp() + - CLEANUP: conn-stream: Don't export conn-stream pool + - MAJOR: stream/conn_stream: Move the stream-interface into the conn-stream + - CLEANUP: stream-int: rename si_reset() to si_init() + - MINOR: conn-stream: Release a CS when both app and endp are detached + - MINOR: stream: Don't destroy conn-streams but detach app and endp + - MAJOR: check: Use a persistent conn-stream for health-checks + - CLEANUP: conn-stream: Remove cs_destroy() + - CLEANUP: backend: Don't export connect_server anymore + - BUG/MINOR: h3/hq_interop: Fix CS and stream creation + - BUILD: tree-wide: Avoid warnings about undefined entities retrieved from a CS + - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() + - BUG/MEDIUM: quic: fix received ACK stream calculation + - BUILD: stream: fix build warning with older compilers + - BUG/MINOR: debug: fix get_tainted() to properly read an atomic value + - DEBUG: move the tainted stuff to bug.h for easier inclusion + - DEBUG: cleanup back trace generation + - DEBUG: cleanup BUG_ON() configuration + - DEBUG: mark ABORT_NOW() as unreachable + - DBEUG: add a new WARN_ON() macro + - DEBUG: make the _BUG_ON() macro return the condition + - DEBUG: add a new WARN_ON_ONCE() macro + - DEBUG: report BUG_ON() and WARN_ON() in the tainted flags + - MINOR: quic: adjust buffer handling for STREAM transmission + - MINOR: quic: liberate the TX stream buffer after ACK processing + - MINOR: quic: add a TODO for a memleak frame on ACK consume + +2022/02/01 : 2.6-dev1 + - BUG/MINOR: cache: Fix loop on cache entries in "show cache" + - BUG/MINOR: httpclient: allow to replace the host header + - BUG/MINOR: lua: don't expose internal proxies + - MEDIUM: mworker: seamless reload use the internal sockpairs + - BUG/MINOR: lua: remove loop initial declarations + - BUG/MINOR: mworker: does not add the -sf in wait mode + - BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode + - MINOR: quic: do not reject PADDING followed by other frames + - REORG: quic: add comment on rare thread concurrence during CID alloc + - CLEANUP: quic: add comments on CID code + - MEDIUM: quic: handle CIDs to rattach received packets to connection + - MINOR: qpack: support litteral field line with non-huff name + - MINOR: quic: activate QUIC traces at compilation + - MINOR: quic: use more verbose QUIC traces set at compile-time + - MEDIUM: pool: refactor malloc_trim/glibc and jemalloc api addition detections. + - MEDIUM: pool: support purging jemalloc arenas in trim_all_pools() + - BUG/MINOR: mworker: deinit of thread poller was called when not initialized + - BUILD: pools: only detect link-time jemalloc on ELF platforms + - CI: github actions: add the output of $CC -dM -E- + - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time + - BUILD: evports: remove a leftover from the dead_fd cleanup + - MINOR: quic: Set "no_application_protocol" alert + - MINOR: quic: More accurate immediately close. + - MINOR: quic: Immediately close if no transport parameters extension found + - MINOR: quic: Rename qc_prep_hdshk_pkts() to qc_prep_pkts() + - MINOR: quic: Possible crash when inspecting the xprt context + - MINOR: quic: Dynamically allocate the secrete keys + - MINOR: quic: Add a function to derive the key update secrets + - MINOR: quic: Add structures to maintain key phase information + - MINOR: quic: Optional header protection key for quic_tls_derive_keys() + - MINOR: quic: Add quic_tls_key_update() function for Key Update + - MINOR: quic: Enable the Key Update process + - MINOR: quic: Delete the ODCIDs asap + - BUG/MINOR: vars: Fix the set-var and unset-var converters + - MEDIUM: pool: Following up on previous pool trimming update. + - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message + - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length + - MINOR: mux-h1: Improve H1 traces by adding info about http parsers + - MINOR: mux-h1: register a stats module + - MINOR: mux-h1: add counters instance to h1c + - MINOR: mux-h1: count open connections/streams on stats + - MINOR: mux-h1: add stat for total count of connections/streams + - MINOR: mux-h1: add stat for total amount of bytes received and sent + - REGTESTS: h1: Add a script to validate H1 splicing support + - BUG/MINOR: server: Don't rely on last default-server to init server SSL context + - BUG/MEDIUM: resolvers: Detach query item on response error + - MEDIUM: resolvers: No longer store query items in a list into the response + - BUG/MAJOR: segfault using multiple log forward sections. + - BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted + - BUG/MINOR: resolvers: Don't overwrite the error for invalid query domain name + - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH + - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query + - DOC: spoe: Clarify use of the event directive in spoe-message section + - DOC: config: Specify %Ta is only available in HTTP mode + - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types + - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode + - MINOR: quic: fix segfault on CONNECTION_CLOSE parsing + - MINOR: h3: add BUG_ON on control receive function + - MEDIUM: xprt-quic: finalize app layer initialization after ALPN nego + - MINOR: h3: remove duplicated FIN flag position + - MAJOR: mux-quic: implement a simplified mux version + - MEDIUM: mux-quic: implement release mux operation + - MEDIUM: quic: detect the stream FIN + - MINOR: mux-quic: implement subscribe on stream + - MEDIUM: mux-quic: subscribe on xprt if remaining data after send + - MEDIUM: mux-quic: wake up xprt on data transferred + - MEDIUM: mux-quic: handle when sending buffer is full + - MINOR: quic: RX buffer full due to wrong CRYPTO data handling + - MINOR: quic: Race issue when consuming RX packets buffer + - MINOR: quic: QUIC encryption level RX packets race issue + - MINOR: quic: Delete remaining RX handshake packets + - MINOR: quic: Remove QUIC TX packet length evaluation function + - MINOR: hq-interop: fix tx buffering + - MINOR: mux-quic: remove uneeded code to check fin on TX + - MINOR: quic: add HTX EOM on request end + - BUILD: mux-quic: fix compilation with DEBUG_MEM_STATS + - MINOR: http-rules: Add capture action to http-after-response ruleset + - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id + - MINOR: mux-quic: do not release qcs if there is remaining data to send + - MINOR: quic: notify the mux on CONNECTION_CLOSE + - BUG/MINOR: mux-quic: properly initialize flow control + - MINOR: quic: Compilation fix for quic_rx_packet_refinc() + - MINOR: h3: fix possible invalid dereference on htx parsing + - DOC: config: retry-on list is space-delimited + - DOC: config: fix error-log-format example + - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode + - MINOR: hq-interop: refix tx buffering + - REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check + - MINOR: cli: "show version" displays the current process version + - CLEANUP: cfgparse: modify preprocessor guards around numa detection code + - MEDIUM: cfgparse: numa detect topology on FreeBSD. + - BUILD: ssl: unbreak the build with newer libressl + - MINOR: vars: Move UPDATEONLY flag test to vars_set_ifexist + - MINOR: vars: Set variable type to ANY upon creation + - MINOR: vars: Delay variable content freeing in var_set function + - MINOR: vars: Parse optional conditions passed to the set-var converter + - MINOR: vars: Parse optional conditions passed to the set-var actions + - MEDIUM: vars: Enable optional conditions to set-var converter and actions + - DOC: vars: Add documentation about the set-var conditions + - REGTESTS: vars: Add new test for conditional set-var + - MINOR: quic: Attach timer task to thread for the connection. + - CLEANUP: quic_frame: Remove a useless suffix to STOP_SENDING + - MINOR: quic: Add traces for STOP_SENDING frame and modify others + - CLEANUP: quic: Remove cdata_len from quic_tx_packet struct + - MINOR: quic: Enable TLS 0-RTT if needed + - MINOR: quic: No TX secret at EARLY_DATA encryption level + - MINOR: quic: Add quic_set_app_ops() function + - MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos. + - MINOR: quic: Make xprt support 0-RTT. + - MINOR: qpack: Missing check for truncated QPACK fields + - CLEANUP: quic: Comment fix for qc_strm_cpy() + - MINOR: hq_interop: Stop BUG_ON() truncated streams + - MINOR: quic: Do not mix packet number space and connection flags + - CLEANUP: quic: Shorten a litte bit the traces in lstnr_rcv_pkt() + - MINOR: mux-quic: fix trace on stream creation + - CLEANUP: quic: fix spelling mistake in a trace + - CLEANUP: quic: rename quic_conn conn to qc in quic_conn_free + - MINOR: quic: add missing lock on cid tree + - MINOR: quic: rename constant for haproxy CIDs length + - MINOR: quic: refactor concat DCID with address for Initial packets + - MINOR: quic: compare coalesced packets by DCID + - MINOR: quic: refactor DCID lookup + - MINOR: quic: simplify the removal from ODCID tree + - REGTESTS: vars: Remove useless ssl tunes from conditional set-var test + - MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output + - MINOR: quic: Increase the RX buffer for each connection + - MINOR: quic: Add a function to list remaining RX packets by encryption level + - MINOR: quic: Stop emptying the RX buffer asap. + - MINOR: quic: Do not expect to receive only one O-RTT packet + - MINOR: quic: Do not forget STREAM frames received in disorder + - MINOR: quic: Wrong packet refcount handling in qc_pkt_insert() + - DOC: fix misspelled keyword "resolve_retries" in resolvers + - CLEANUP: quic: rename quic_conn instances to qc + - REORG: quic: move mux function outside of xprt + - MINOR: quic: add reference to quic_conn in ssl context + - MINOR: quic: add const qualifier for traces function + - MINOR: trace: add quic_conn argument definition + - MINOR: quic: use quic_conn as argument to traces + - MINOR: quic: add quic_conn instance in traces for qc_new_conn + - MINOR: quic: Add stream IDs to qcs_push_frame() traces + - MINOR: quic: unchecked qc_retrieve_conn_from_cid() returned value + - MINOR: quic: Wrong dropped packet skipping + - MINOR: quic: Handle the cases of overlapping STREAM frames + - MINOR: quic: xprt traces fixes + - MINOR: quic: Drop asap Retry or Version Negotiation packets + - MINOR: pools: work around possibly slow malloc_trim() during gc + - DEBUG: ssl: make sure we never change a servername on established connections + - MINOR: quic: Add traces for RX frames (flow control related) + - MINOR: quic: Add CONNECTION_CLOSE phrase to trace + - REORG: quic: remove qc_ prefix on functions which not used it directly + - BUG/MINOR: quic: upgrade rdlock to wrlock for ODCID removal + - MINOR: quic: remove unnecessary call to free_quic_conn_cids() + - MINOR: quic: store ssl_sock_ctx reference into quic_conn + - MINOR: quic: remove unnecessary if in qc_pkt_may_rm_hp() + - MINOR: quic: replace usage of ssl_sock_ctx by quic_conn + - MINOR: quic: delete timer task on quic_close() + - MEDIUM: quic: implement refcount for quic_conn + - BUG/MINOR: quic: fix potential null dereference + - BUG/MINOR: quic: fix potential use of uninit pointer + - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch + - BUG/MEDIUM: peers: properly skip conn_cur from incoming messages + - CI: Github Actions: do not show VTest failures if build failed + - BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time + - MINOR: compat: detect support for dl_iterate_phdr() + - MINOR: debug: add ability to dump loaded shared libraries + - MINOR: debug: add support for -dL to dump library names at boot + - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server + - REGTESTS: ssl: fix ssl_default_server.vtc + - BUG/MINOR: ssl: free the fields in srv->ssl_ctx + - BUG/MEDIUM: ssl: free the ckch instance linked to a server + - REGTESTS: ssl: update of a crt with server deletion + - BUILD/MINOR: cpuset FreeBSD 14 build fix. + - MINOR: pools: always evict oldest objects first in pool_evict_from_local_cache() + - DOC: pool: document the purpose of various structures in the code + - CLEANUP: pools: do not use the extra pointer to link shared elements + - CLEANUP: pools: get rid of the POOL_LINK macro + - MINOR: pool: allocate from the shared cache through the local caches + - CLEANUP: pools: group list updates in pool_get_from_cache() + - MINOR: pool: rely on pool_free_nocache() in pool_put_to_shared_cache() + - MINOR: pool: make pool_is_crowded() always true when no shared pools are used + - MINOR: pool: check for pool's fullness outside of pool_put_to_shared_cache() + - MINOR: pool: introduce pool_item to represent shared pool items + - MINOR: pool: add a function to estimate how many may be released at once + - MEDIUM: pool: compute the number of evictable entries once per pool + - MINOR: pools: prepare pool_item to support chained clusters + - MINOR: pools: pass the objects count to pool_put_to_shared_cache() + - MEDIUM: pools: centralize cache eviction in a common function + - MEDIUM: pools: start to batch eviction from local caches + - MEDIUM: pools: release cached objects in batches + - OPTIM: pools: reduce local pool cache size to 512kB + - CLEANUP: assorted typo fixes in the code and comments This is 29th iteration of typo fixes + - CI: github actions: update OpenSSL to 3.0.1 + - BUILD/MINOR: tools: solaris build fix on dladdr. + - BUG/MINOR: cli: fix _getsocks with musl libc + - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry + - MINOR: quic: Wrong traces after rework + - MINOR: quic: Add trace about in flight bytes by packet number space + - MINOR: quic: Wrong first packet number space computation + - MINOR: quic: Wrong packet number space computation for PTO + - MINOR: quic: Wrong loss time computation in qc_packet_loss_lookup() + - MINOR: quic: Wrong ack_delay compution before calling quic_loss_srtt_update() + - MINOR: quic: Remove nb_pto_dgrams quic_conn struct member + - MINOR: quic: Wrong packet number space trace in qc_prep_pkts() + - MINOR: quic: Useless test in qc_prep_pkts() + - MINOR: quic: qc_prep_pkts() code moving + - MINOR: quic: Speeding up Handshake Completion + - MINOR: quic: Probe Initial packet number space more often + - MINOR: quic: Probe several packet number space upon timer expiration + - MINOR: quic: Comment fix. + - MINOR: quic: Improve qc_prep_pkts() flexibility + - MINOR: quic: Do not drop secret key but drop the CRYPTO data + - MINOR: quic: Prepare Handshake packets asap after completed handshake + - MINOR: quic: Flag asap the connection having reached the anti-amplification limit + - MINOR: quic: PTO timer too often reset + - MINOR: quic: Re-arm the PTO timer upon datagram receipt + - MINOR: proxy: add option idle-close-on-response + - MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above. + - CI: refactor spelling check + - CLEANUP: assorted typo fixes in the code and comments + - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning + - MINOR: quic: Only one CRYPTO frame by encryption level + - MINOR: quic: Missing retransmission from qc_prep_fast_retrans() + - MINOR: quic: Non-optimal use of a TX buffer + - BUG/MEDIUM: mworker: don't use _getsocks in wait mode + - BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error + - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data + - DOC: internals: document the pools architecture and API + - CI: github actions: clean default step conditions + - BUILD: cpuset: fix build issue on macos introduced by previous change + - MINOR: quic: Remaining TRACEs with connection as firt arg + - MINOR: quic: Reset ->conn quic_conn struct member when calling qc_release() + - MINOR: quic: Flag the connection as being attached to a listener + - MINOR: quic: Wrong CRYPTO frame concatenation + - MINOR: quid: Add traces quic_close() and quic_conn_io_cb() + - REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2 + - MINOR: quic: Do not dereference ->conn quic_conn struct member + - MINOR: quic: fix return of quic_dgram_read + - MINOR: quic: add config parse source file + - MINOR: quic: implement Retry TLS AEAD tag generation + - MEDIUM: quic: implement Initial token parsing + - MINOR: quic: define retry_source_connection_id TP + - MEDIUM: quic: implement Retry emission + - MINOR: quic: free xprt tasklet on its thread + - BUG/MEDIUM: connection: properly leave stopping list on error + - MINOR: pools: enable pools with DEBUG_FAIL_ALLOC as well + - MINOR: quic: As server, skip 0-RTT packet number space + - MINOR: quic: Do not wakeup the I/O handler before the mux is started + - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer + - CI: github actions: use cache for OpenTracing + - BUG/MINOR: httpclient: don't send an empty body + - BUG/MINOR: httpclient: set default Accept and User-Agent headers + - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers + - BUILD/MINOR: fix solaris build with clang. + - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl + - CI: refactor OpenTracing build script + - DOC: management: mark "set server ssl" as deprecated + - MEDIUM: cli: yield between each pipelined command + - MINOR: channel: add new function co_getdelim() to support multiple delimiters + - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands + - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change + - MINOR: quic: Retransmit the TX frames in the same order + - MINOR: quic: Remove the packet number space TX MT_LIST + - MINOR: quic: Splice the frames which could not be added to packets + - MINOR: quic: Add the number of TX bytes to traces + - CLEANUP: quic: Replace <nb_pto_dgrams> by <probe> + - MINOR: quic: Send two ack-eliciting packets when probing packet number spaces + - MINOR: quic: Probe regardless of the congestion control + - MINOR: quic: Speeding up handshake completion + - MINOR: quic: Release RX Initial packets asap + - MINOR: quic: Release asap TX frames to be transmitted + - MINOR: quic: Probe even if coalescing + - BUG/MEDIUM: cli: Never wait for more data on client shutdown + - BUG/MEDIUM: mcli: do not try to parse empty buffers + - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them + - BUG/MINOR: stream: make the call_rate only count the no-progress calls + - MINOR: quic: do not use quic_conn after dropping it + - MINOR: quic: adjust quic_conn refcount decrement + - MINOR: quic: fix race-condition on xprt tasklet free + - MINOR: quic: free SSL context on quic_conn free + - MINOR: quic: Add QUIC_FT_RETIRE_CONNECTION_ID parsing case + - MINOR: quic: Wrong packet number space selection + - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY + - MINOR: quic: add missing include in quic_sock + - MINOR: quic: fix indentation in qc_send_ppkts + - MINOR: quic: remove dereferencement of connection when possible + - MINOR: quic: set listener accept cb on parsing + - MEDIUM: quic/ssl: add new ex data for quic_conn + - MINOR: quic: initialize ssl_sock_ctx alongside the quic_conn + - MINOR: ssl: fix build in release mode + - MINOR: pools: partially uninline pool_free() + - MINOR: pools: partially uninline pool_alloc() + - MINOR: pools: prepare POOL_EXTRA to be split into multiple extra fields + - MINOR: pools: extend pool_cache API to pass a pointer to a caller + - DEBUG: pools: add new build option DEBUG_POOL_TRACING + - DEBUG: cli: add a new "debug dev fd" expert command + - MINOR: fd: register the write side of the poller pipe as well + - CI: github actions: use cache for SSL libs + - BUILD: debug/cli: condition test of O_ASYNC to its existence + - BUILD: pools: fix build error on DEBUG_POOL_TRACING + - MINOR: quic: refactor header protection removal + - MINOR: quic: handle app data according to mux/connection layer status + - MINOR: quic: refactor app-ops initialization + - MINOR: receiver: define a flag for local accept + - MEDIUM: quic: flag listener for local accept + - MINOR: quic: do not manage connection in xprt snd_buf + - MINOR: quic: remove wait handshake/L6 flags on init connection + - MINOR: listener: add flags field + - MINOR: quic: define QUIC flag on listener + - MINOR: quic: create accept queue for QUIC connections + - MINOR: listener: define per-thr struct + - MAJOR: quic: implement accept queue + - CLEANUP: mworker: simplify mworker_free_child() + - BUILD/DEBUG: lru: update the standalone code to support the revision + - DEBUG: lru: use a xorshift generator in the testing code + - BUG/MAJOR: compiler: relax alignment constraints on certain structures + - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes + - MINOR: quic: No DCID length for datagram context + - MINOR: quic: Comment fix about the token found in Initial packets + - MINOR: quic: Get rid of a struct buffer in quic_lstnr_dgram_read() + - MINOR: quic: Remove the QUIC haproxy server packet parser + - MINOR: quic: Add new defintion about DCIDs offsets + - MINOR: quic: Add a list to QUIC sock I/O handler RX buffer + - MINOR: quic: Allocate QUIC datagrams from sock I/O handler + - MINOR: proto_quic: Allocate datagram handlers + - MINOR: quic: Pass CID as a buffer to quic_get_cid_tid() + - MINOR: quic: Convert quic_dgram_read() into a task + - CLEANUP: quic: Remove useless definition + - MINOR: proto_quic: Wrong allocations for TX rings and RX bufs + - MINOR: quic: Do not consume the RX buffer on QUIC sock i/o handler side + - MINOR: quic: Do not reset a full RX buffer + - MINOR: quic: Attach all the CIDs to the same connection + - MINOR: quic: Make usage of by datagram handler trees + - MEDIUM: da: new optional data file download scheduler service. + - MEDIUM: da: update doc and build for new scheduler mode service. + - MEDIUM: da: update module to handle schedule mode. + - MINOR: quic: Drop Initial packets with wrong ODCID + - MINOR: quic: Wrong RX buffer tail handling when no more contiguous data + - MINOR: quic: Iterate over all received datagrams + - MINOR: quic: refactor quic CID association with threads + - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names + - DEV: flags: Add missing flags + - BUG/MINOR: sink: Use the right field in appctx context in release callback + - MINOR: sock: move the unused socket cleaning code into its own function + - BUG/MEDIUM: mworker: close unused transferred FDs on load failure + - BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers + - BUILD: cpuset: do not use const on the source of CPU_AND/CPU_ASSIGN + - BUILD: checks: fix inlining issue on set_srv_agent_[addr,port} + - BUILD: vars: avoid overlapping field initialization + - BUILD: server-state: avoid using not-so-portable isblank() + - BUILD: mux_fcgi: avoid aliasing of a const struct in traces + - BUILD: tree-wide: mark a few numeric constants as explicitly long long + - BUILD: tools: fix warning about incorrect cast with dladdr1() + - BUILD: task: use list_to_mt_list() instead of casting list to mt_list + - BUILD: mworker: include tools.h for platforms without unsetenv() + - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload + - MINOR: mworker: set the master side of ipc_fd in the worker to -1 + - MINOR: mworker: allocate and initialize a mworker_proc + - CI: Consistently use actions/checkout@v2 + - REGTESTS: Remove REQUIRE_VERSION=1.8 from all tests + - MINOR: mworker: sets used or closed worker FDs to -1 + - MINOR: quic: Try to accept 0-RTT connections + - MINOR: quic: Do not try to treat 0-RTT packets without started mux + - MINOR: quic: Do not try to accept a connection more than one time + - MINOR: quic: Initialize the connection timer asap + - MINOR: quic: Do not use connection struct xprt_ctx too soon + - Revert "MINOR: mworker: sets used or closed worker FDs to -1" + - BUILD: makefile: avoid testing all -Wno-* options when not needed + - BUILD: makefile: validate support for extra warnings by batches + - BUILD: makefile: only compute alternative options if required + - DEBUG: fd: make sure we never try to insert/delete an impossible FD number + - MINOR: mux-quic: add comment + - MINOR: mux-quic: properly initialize qcc flags + - MINOR: mux-quic: do not consider CONNECTION_CLOSE for the moment + - MINOR: mux-quic: create a timeout task + - MEDIUM: mux-quic: delay the closing with the timeout + - MINOR: mux-quic: release idle conns on process stopping + - MINOR: listener: replace the listener's spinlock with an rwlock + - BUG/MEDIUM: listener: read-lock the listener during accept() + - MINOR: mworker/cli: set expert/experimental mode from the CLI + +2021/11/23 : 2.6-dev0 + - MINOR: version: it's development again + +2021/11/23 : 2.5.0 + - BUILD: SSL: add quictls build to scripts/build-ssl.sh + - BUILD: SSL: add QUICTLS to build matrix + - CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis + - BUILD: cli: clear a maybe-unused warning on some older compilers + - BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword + - BUG/MINOR: ssl: make SSL counters atomic + - CLEANUP: assorted typo fixes in the code and comments + - BUG/MINOR: ssl: free correctly the sni in the backend SSL cache + - MINOR: version: mention that it's stable now + +2021/11/19 : 2.5-dev15 + - BUG/MINOR: stick-table/cli: Check for invalid ipv6 key + - CLEANUP: peers: Remove useless test on peer variable in peer_trace() + - DOC: log: Add comments to specify when session's listener is defined or not + - BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C + - REGTESTS: ssl_crt-list_filters: feature cmd incorrectly set + - DOC: internals: document the list API + - BUG/MINOR: h3: ignore unknown frame types + - MINOR: quic: redirect app_ops snd_buf through mux + - MEDIUM: quic: inspect ALPN to install app_ops + - MINOR: quic: support hq-interop + - MEDIUM: quic: send version negotiation packet on unknown version + - BUG/MEDIUM: mworker: cleanup the listeners when reexecuting + - DOC: internals: document the scheduler API + - BUG/MINOR: quic: fix version negotiation packet generation + - CLEANUP: ssl: fix wrong #else commentary + - MINOR: config: support default values for environment variables + - SCRIPTS: run-regtests: reduce the number of processes needed to check options + - SCRIPT: run-regtests: avoid several calls to grep to test for features + - SCRIPT: run-regtests: avoid calling awk to compute the version + - REGTEST: set retries count to zero for all tests that expect at 503 + - REGTESTS: make tcp-check_min-recv fail fast + - REGTESTS: extend the default I/O timeouts and make them overridable + - BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 + - BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found + - REGTESTS: ssl: test the TLS resumption + - BUILD: makefile: stop opening sub-shells for each and every command + - BUILD: makefile: reorder objects by build time + - BUG/MEDIUM: mux-h2: always process a pending shut read + - MINOR: quic_sock: missing CO_FL_ADDR_TO_SET flag + - MINOR: quic: Possible wrong connection identification + - MINOR: quic: Correctly pad UDP datagrams + - MINOR: quic: Support transport parameters draft TLS extension + - MINOR: quic: Anti-amplification implementation + - MINOR: quic: Wrong Initial packet connection initialization + - MINOR: quic: Wrong ACK range building + - MINOR: quic: Update some QUIC protocol errors + - MINOR: quic: Send CONNECTION_CLOSE frame upon TLS alert + - MINOR: quic: Wrong largest acked packet number parsing + - MINOR: quic: Add minimalistic support for stream flow control frames + - MINOR: quic: Wrong value for version negotiation packet 'Unused' field + - MINOR: quic: Support draft-29 QUIC version + - BUG/MINOR: quic: fix segfault on trace for version negotiation + - BUG/MINOR: hq-interop: fix potential NULL dereference + - BUILD: quic: fix potential NULL dereference on xprt_quic + - DOC: lua: documentation about the httpclient API + - BUG/MEDIUM: cache/cli: make "show cache" thread-safe + - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found + - BUG/MINOR: shctx: do not look for available blocks when the first one is enough + - MINOR: shctx: add a few BUG_ON() for consistency checks + +2021/11/14 : 2.5-dev14 + - DEV: coccinelle: Remove unused `expression e` + - DEV: coccinelle: Add rule to use `istend()` where possible + - CLEANUP: Apply ist.cocci + - CLEANUP: Re-apply xalloc_size.cocci + - CLEANUP: halog: make the default usage message fit in small screens + - MINOR: h3/qpack: fix gcc11 warnings + - MINOR: mux-quic: fix gcc11 warning + - MINOR: h3: fix potential NULL dereference + - MINOR: quic: Fix potential null pointer dereference + - CLEANUP: halog: remove unused strl2ui() + - OPTIM: halog: improve field parser speed for modern compilers + - OPTIM: halog: skip fields 64 bits at a time when supported + - DEV: coccinelle: Add rule to use `isttrim()` where possible + - CLEANUP: Apply ist.cocci + - DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_memcat()` + - DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_strncat()` + - CLEANUP: Apply ist.cocci + - CLEANUP: chunk: Remove duplicated chunk_Xcat implementation + - CLEANUP: chunk: remove misleading chunk_strncat() function + - BUG/MINOR: cache: properly ignore unparsable max-age in quotes + - Revert "DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_strncat()`" + - DOC: stats: fix location of the text representation + - DOC: internals: document the IST API + - BUG/MINOR: httpclient/lua: rcv freeze when no request payload + - BUG/MEDIUM: httpclient: channel_add_input() must use htx->data + - MINOR: promex: backend aggregated server check status + - DOC: config: Fix typo in ssl_fc_unique_id description + - BUG/MINOR: http-ana: Apply stop to the current section for http-response rules + - Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" + - DOC: config: Be more explicit in "allow" actions description + - DOC: lua: Be explicit with the Reply object limits + - MINOR: mux-h1: Slightly Improve H1 traces + - BUG/MEDIUM: conn-stream: Don't reset CS flags on close + - CLEANUP: mworker: remove any relative PID reference + - MEDIUM: mworker: reexec in waitpid mode after successful loading + - MINOR: mworker: clarify starting/failure messages + - MINOR: mworker: only increment the number of reload in wait mode + - MINOR: mworker: implement a reload failure counter + - MINOR: mworker: ReloadFailed shown depending on failedreload + - MINOR: mworker: change the way we set PROC_O_LEAVING + - BUG/MINOR: mworker: doesn't launch the program postparser + - DOC: management: edit the "show proc" example to show the current output + - BUG/MEDIUM: httpclient/cli: free of unallocated hc->req.uri + - REGTESTS: httpclient/lua: add greater body values + - BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value + - BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode + - BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent + - BUILD: makefile: simplify detection of libatomic + +2021/11/06 : 2.5-dev13 + - SCRIPTS: git-show-backports: re-enable file-based filtering + - MINOR: jwt: Make invalid static JWT algorithms an error in `jwt_verify` converter + - MINOR: mux-h2: add trace on extended connect usage + - BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support + - MINOR: stream/mux: implement websocket stream flag + - MINOR: connection: implement function to update ALPN + - MINOR: connection: add alternative mux_ops param for conn_install_mux_be + - MEDIUM: server/backend: implement websocket protocol selection + - MINOR: server: add ws keyword + - BUG/MINOR: resolvers: fix sent messages were counted twice + - BUG/MINOR: resolvers: throw log message if trash not large enough for query + - MINOR: resolvers/dns: split dns and resolver counters in dns_counter struct + - MEDIUM: resolvers: rename dns extra counters to resolvers extra counters + - BUG/MINOR: jwt: Fix jwt_parse_alg incorrectly returning JWS_ALG_NONE + - DOC: add QUIC instruction in INSTALL + - CLEANUP: halog: Remove dead stores + - DEV: coccinelle: Add ha_free.cocci + - CLEANUP: Apply ha_free.cocci + - DEV: coccinelle: Add rule to use `istnext()` where possible + - CLEANUP: Apply ist.cocci + - REGTESTS: Use `feature cmd` for 2.5+ tests (2) + - DOC: internals: move some API definitions to an "api" subdirectory + - MINOR: quic: Allocate listener RX buffers + - CLEANUP: quic: Remove useless code + - MINOR: quic: Enhance the listener RX buffering part + - MINOR: quic: Remove a useless lock for CRYPTO frames + - MINOR: quic: Use QUIC_LOCK QUIC specific lock label. + - MINOR: backend: Get client dst address to set the server's one only if needful + - MINOR: compression: Warn for 'compression offload' in defaults sections + - MEDIUM: connection: rename fc_conn_err and bc_conn_err to fc_err and bc_err + - DOC: configuration: move the default log formats to their own section + - MINOR: ssl: make the ssl_fc_sni() sample-fetch function always available + - MEDIUM: log: add the client's SNI to the default HTTPS log format + - DOC: config: add an example of reasonably complete error-log-format + - DOC: config: move error-log-format before custom log format + +2021/11/02 : 2.5-dev12 + - MINOR: httpclient: support payload within a buffer + - MINOR: httpclient/lua: support more HTTP methods + - MINOR: httpclient/lua: return an error when it can't generate the request + - CLEANUP: lua: Remove any ambiguities about lua txn execution context flags + - BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body + - CLEANUP: connection: No longer export make_proxy_line_v1/v2 functions + - CLEANUP: tools: Use const address for get_net_port() and get_host_port() + - CLEANUP: lua: Use a const address to retrieve info about a connection + - MINOR: connection: Add function to get src/dst without updating the connection + - MINOR: session: Add src and dst addresses to the session + - MINOR: stream-int: Add src and dst addresses to the stream-interface + - MINOR: frontend: Rely on client src and dst addresses at stream level + - MINOR: log: Rely on client addresses at the appropriate level to log messages + - MINOR: session: Rely on client source address at session level to log error + - MINOR: http-ana: Rely on addresses at stream level to set xff and xot headers + - MINOR: http-fetch: Rely on addresses at stream level in HTTP sample fetches + - MINOR: mux-fcgi: Rely on client addresses at stream level to set default params + - MEDIUM: tcp-sample: Rely on addresses at the appropriate level in tcp samples + - MEDIUM: connection: Rely on addresses at stream level to make proxy line + - MEDIUM: backend: Rely on addresses at stream level to init server connection + - MEDIUM: connection: Assign session addresses when PROXY line is received + - MEDIUM: connection: Assign session addresses when NetScaler CIP proto is parsed + - MEDIUM: tcp-act: Set addresses at the apprioriate level in set-(src/dst) actions + - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules + - DOC: config: Fix alphabetical order of fc_* samples + - MINOR: tcp-sample: Add samples to get original info about client connection + - REGTESTS: Add script to test client src/dst manipulation at different levels + - MINOR: stream: Use backend stream-interface dst address instead of target_addr + - BUILD: log: Fix compilation without SSL support + - DEBUG: protocol: yell loudly during registration of invalid sock_domain + - MINOR: protocols: add a new protocol type selector + - MINOR: protocols: make use of the protocol type to select the protocol + - MINOR: protocols: replace protocol_by_family() with protocol_lookup() + - MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX + - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_hmac() + - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_rsa_ecdsa() + - DEV: coccinelle: Add realloc_leak.cocci + - CLEANUP: hlua: Remove obsolete branch in `hlua_alloc()` + - BUILD: atomic: prefer __atomic_compare_exchange_n() for __ha_cas_dw() + - BUILD: atomic: fix build on mac/arm64 + - MINOR: atomic: remove the memcpy() call and dependency on string.h + - MINOR: httpclient: request streaming with a callback + - MINOR: httpclient/lua: handle the streaming into the lua applet + - REGTESTS: lua: test httpclient with body streaming + - DOC: halog: Move the `-qry` parameter into the correct section in help text + - MINOR: halog: Rename -qry to -query + - CLEANUP: halog: Use consistent indentation in help() + - BUG/MINOR: halog: Add missing newlines in die() messages + - MINOR: halog: Add support for extracting captures using -hdr + - DOC: Typo fixed "it" should be "is" + - BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed + - BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released + - BUG/MEDIUM: resolvers: Don't recursively perform requester unlink + - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration + - BUG/MINOR: http: Authorization value can have multiple spaces after the scheme + - BUG/MINOR: http: http_auth_bearer fetch does not work on custom header name + - BUG/MINOR: httpclient/lua: misplaced luaL_buffinit() + - BUILD/MINOR: cpuset freebsd build fix + - BUG/MINOR: httpclient: use a placeholder value for Host header + - BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data + - BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions + - MINOR: stream: Improve dump of bogus streams + - DOC/peers: some grammar fixes for peers 2.1 spec + - MEDIUM: vars: make the var() sample fetch function really return type ANY + - MINOR: vars: add "set-var" for "tcp-request connection" rules. + +2021/10/22 : 2.5-dev11 + - DEV: coccinelle: Add strcmp.cocci + - CLEANUP: Apply strcmp.cocci + - CI: Add `permissions` to GitHub Actions + - CI: Clean up formatting in GitHub Action definitions + - MINOR: add ::1 to predefined LOCALHOST acl + - CLEANUP: assorted typo fixes in the code and comments + - CLEANUP: Consistently `unsigned int` for bitfields + - MEDIUM: resolvers: lower-case labels when converting from/to DNS names + - MEDIUM: resolvers: replace bogus resolv_hostname_cmp() with memcmp() + - MINOR: jwt: Empty the certificate tree during deinit + - MINOR: jwt: jwt_verify returns negative values in case of error + - MINOR: jwt: Do not rely on enum order anymore + - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error + - MINOR: httpclient/cli: access should be only done from expert mode + - DOC: management: doc about the CLI httpclient + - BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors + - BUG/MAJOR: dns: tcp session can remain attached to a list after a free + - BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier + - CLEANUP: dns: always detach the appctx from the dns session on release + - DEBUG: dns: add a few more BUG_ON at sensitive places + - BUG/MAJOR: resolvers: add other missing references during resolution removal + - CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() + - BUILD: resolvers: avoid a possible warning on null-deref + - BUG/MEDIUM: resolvers: always check a valid item in query_list + - CLEANUP: always initialize the answer_list + - CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters + - CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT + - MEDIUM: resolvers: use a kill list to preserve the list consistency + - MEDIUM: resolvers: remove the last occurrences of the "safe" argument + - BUG/MEDIUM: checks: fix the starting thread for external checks + - MEDIUM: resolvers: replace the answer_list with a (flat) tree + - MEDIUM: resolvers: hash the records before inserting them into the tree + - BUG/MAJOR: buf: fix varint API post- vs pre- increment + - OPTIM: resolvers: move the eb32 node before the data in the answer_item + - MINOR: list: add new macro LIST_INLIST_ATOMIC() + - OPTIM: dns: use an atomic check for the list membership + - BUG/MINOR: task: do not set TASK_F_USR1 for no reason + - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame + - MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close + - MINOR: mux-h2: perform a full cycle shutdown+drain on close + - CLEANUP: resolvers: get rid of single-iteration loop in resolv_get_ip_from_response() + - MINOR: quic: Increase the size of handshake RX UDP datagrams + - BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems + - MINOR: memprof: report the delta between alloc and free on realloc() + - MINOR: memprof: add one pointer size to the size of allocations + - BUILD: fix compilation on NetBSD + - MINOR: backend: add traces for idle connections reuse + - BUG/MINOR: backend: fix improper insert in avail tree for always reuse + - MINOR: backend: improve perf with tcp proxies skipping idle conns + - MINOR: connection: remove unneeded memset 0 for idle conns + +2021/10/16 : 2.5-dev10 + - MINOR: initcall: Rename __GLOBL and __GLOBL1. + - MINOR: rules: add a new function new_act_rule() to allocate act_rules + - MINOR: rules: add a file name and line number to act_rules + - MINOR: stream: report the current rule in "show sess all" when known + - MINOR: stream: report the current filter in "show sess all" when known + - CLEANUP: stream: Properly indent current_rule line in "show sess all" + - BUG/MINOR: lua: Fix lua error handling in `hlua_config_prepend_path()` + - CI: github: switch to OpenSSL 3.0.0 + - REGTESTS: ssl: Fix references to removed option in test description + - MINOR: ssl: Add ssllib_name_startswith precondition + - REGTESTS: ssl: Fix ssl_errors test for OpenSSL v3 + - REGTESTS: ssl: Reenable ssl_errors test for OpenSSL only + - REGTESTS: ssl: Use mostly TLSv1.2 in ssl_errors test + - MEDIUM: mux-quic: rationalize tx buffers between qcc/qcs + - MEDIUM: h3: properly manage tx buffers for large data + - MINOR: mux-quic: standardize h3 settings sending + - CLEANUP: h3: remove dead code + - MINOR: mux-quic: implement standard method to detect if qcc is dead + - MEDIUM: mux-quic: defer stream shut if remaining tx data + - MINOR: mux: remove last occurences of qcc ring buffer + - MINOR: quic: handle CONNECTION_CLOSE frame + - REGTESTS: ssl: re-enable set_ssl_cert_bundle.vtc + - MINOR: ssl: add ssl_fc_is_resumed to "option httpslog" + - MINOR: http: Add http_auth_bearer sample fetch + - MINOR: jwt: Parse JWT alg field + - MINOR: jwt: JWT tokenizing helper function + - MINOR: jwt: Insert public certificates into dedicated JWT tree + - MINOR: jwt: jwt_header_query and jwt_payload_query converters + - MEDIUM: jwt: Add jwt_verify converter to verify JWT integrity + - REGTESTS: jwt: Add tests for the jwt_verify converter + - BUILD: jwt: fix declaration of EVP_KEY in jwt-h.h + - MINOR: proto_tcp: use chunk_appendf() to ouput socket setup errors + - MINOR: proto_tcp: also report the attempted MSS values in error message + - MINOR: inet: report the faulty interface name in "bind" errors + - MINOR: protocol: report the file and line number for binding/listening errors + - MINOR: protocol: uniformize protocol errors + - MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero + - BUG/MEDIUM: resolver: make sure to always use the correct hostname length + - BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records + - MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero + - MEDIUM: listeners: split the thread mask between receiver and bind_conf + - MINOR: listeners: add clone_listener() to duplicate listeners at boot time + - MEDIUM: listener: add the "shards" bind keyword + - BUG/MEDIUM: resolvers: use correct storage for the target address + - MINOR: resolvers: merge address and target into a union "data" + - BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix + - BUG/MEDIUM: jwt: fix base64 decoding error detection + - BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs + - DOC: jwt: fix a typo in the jwt_verify() keyword description + - BUG/MEDIUM: sample/jwt: fix another instance of base64 error detection + - BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back + - BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data + - DOC: config: Move 'tcp-response content' at the right place + - BUG/MINOR: proxy: Use .disabled field as a bitfield as documented + - MINOR: proxy: Introduce proxy flags to replace disabled bitfield + - MINOR: sample/arg: Be able to resolve args found in defaults sections + - MEDIUM: proxy: Warn about ambiguous use of named defaults sections + - MINOR: proxy: Be able to reference the defaults section used by a proxy + - MINOR: proxy: Add PR_FL_READY flag on fully configured and usable proxies + - MINOR: config: Finish configuration for referenced default proxies + - MINOR: config: No longer remove previous anonymous defaults section + - MINOR: tcpcheck: Support 2-steps args resolution in defaults sections + - MEDIUM: rules/acl: Parse TCP/HTTP rules and acls defined in defaults sections + - MEDIUM: tcp-rules: Eval TCP rules defined in defaults sections + - MEDIUM: http-ana: Eval HTTP rules defined in defaults sections + - BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags + - REGTESTS: Add scripts to test support of TCP/HTTP rules in defaults sections + - DOC: config: Add documentation about TCP/HTTP rules in defaults section + - DOC: config: Rework and uniformize how TCP/HTTP rules are documented + - BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies + - BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD + - BUG/MINOR: sample: fix backend direction flags consecutive to last fix + - BUG/MINOR: listener: fix incorrect return on out-of-memory + - BUG/MINOR: listener: add an error check for unallocatable trash + - CLEANUP: listeners: remove unreachable code in clone_listener() + +2021/10/08 : 2.5-dev9 + - head-truc + - REGTESTS: lua: test the httpclient:get() feature + - Revert "head-truc" + - BUG/MEDIUM: httpclient: replace ist0 by istptr + - MINOR: config: use a standard parser for the "nbthread" keyword + - CLEANUP: init: remove useless test against MAX_THREADS in affinity loop + - MEDIUM: init: de-uglify the per-thread affinity setting + - MINOR: init: extract the setup and end of threads to their own functions + - MINOR: log: Try to get the status code when MUX_EXIT_STATUS is retrieved + - MINOR: mux-h1: Set error code if possible when MUX_EXIT_STATUS is returned + - MINOR: mux-h1: Be able to set custom status code on parsing error + - MEDIUM: mux-h1: Reject HTTP/1.0 GET/HEAD/DELETE requests with a payload + - MEDIUM: h1: Force close mode for invalid uses of T-E header + - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" + - MINOR: http: Add 422-Unprocessable-Content error message + - MINOR: h1: Change T-E header parsing to fail if chunked encoding is found twice + - BUG/MEDIUM: mux-h1/mux-fcgi: Reject messages with unknown transfer encoding + - REGTESTS: Add script to validate T-E header parsing + - REORG: pools: move default settings to defaults.h + - DOC: peers: fix doc "enable" statement on "peers" sections + - MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options + - MINOR: ssl: Set connection error code in case of SSL read or write fatal failure + - MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err + - MINOR: ssl: Store the last SSL error code in case of read or write failure + - REGTESTS: ssl: enable show_ssl_ocspresponse.vtc again + - REGTESTS: ssl: enable ssl_crt-list_filters.vtc again + - BUG/MEDIUM: lua: fix wakeup condition from sleep() + - BUG/MAJOR: lua: use task_wakeup() to properly run a task once + - MINOR: arg: Be able to forbid unresolved args when building an argument list + - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing + - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input + - MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue() + - REGTESTS: ssl: show_ssl_ocspresponse w/ freebsd won't use base64 + - REGTESTS: ssl: wrong feature cmd in show_ssl_ocspresponse.vtc + - CLEANUP: tasks: remove the long-unused work_lists + - MINOR: task: provide 3 task_new_* wrappers to simplify the API + - MINOR: time: uninline report_idle() and move it to task.c + - REORG: sched: move idle time calculation from time.h to task.h + - REORG: sched: move the stolen CPU time detection to sched_entering_poll() + - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release + - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule + - MINOR: httpclient: destroy() must free the headers and the ists + - MINOR: httpclient: set HTTPCLIENT_F_ENDED only in release + - MINOR: httpclient: stop_and_destroy() ask the applet to autokill + - MINOR: httpclient: test if started during stop_and_destroy() + - MINOR: httpclient/lua: implement garbage collection + - BUG/MEDIUM: httpclient/lua: crash because of b_xfer and get_trash_chunk() + - MINOR: httpclient: destroy checks if a client was started but not stopped + - BUG/MINOR: httpclient/lua: does not process headers when failed + - MINOR: httpclient/lua: supports headers via named arguments + - CLEANUP: server: always include the storage for SSL settings + - CLEANUP: sample: rename sample_conv_var2smp() to *_sint + - CLEANUP: sample: uninline sample_conv_var2smp_str() + - MINOR: sample: provide a generic var-to-sample conversion function + - BUG/MEDIUM: sample: properly verify that variables cast to sample + - BUILD: action: add the relevant structures for function arguments + - BUILD: extcheck: needs to include stream-t.h + - BUILD: hlua: needs to include stream-t.h + - BUILD: stats: define several missing structures in stats.h + - BUILD: resolvers: define missing types in resolvers.h + - BUILD: httpclient: include missing ssl_sock-t + - BUILD: sample: include openssl-compat + - BUILD: http_ana: need to include proxy-t to get redirect_rule + - BUILD: http_rules: requires http_ana-t.h for REDIRECT_* + - BUILD: vars: need to include xxhash + - BUILD: peers: need to include eb{32/mb/pt}tree.h + - BUILD: ssl_ckch: include ebpttree.h in ssl_ckch.c + - BUILD: compiler: add the container_of() and container_of_safe() macros + - BUILD: idleconns: include missing ebmbtree.h at several places + - BUILD: connection: connection.h needs list.h and server.h + - BUILD: tree-wide: add missing http_ana.h from many places + - BUILD: cfgparse-ssl: add missing errors.h + - BUILD: tcp_sample: include missing errors.h and session-t.h + - BUILD: mworker: mworker-prog needs time.h for the 'now' variable + - BUILD: tree-wide: add several missing activity.h + - BUILD: compat: fix -Wundef on SO_REUSEADDR + - CLEANUP: pools: pools-t.h doesn't need to include thread-t.h + - REORG: pools: uninline the UAF allocator and force-inline the rest + - REORG: thread: uninline the lock-debugging code + - MINOR: thread/debug: replace nsec_now() with now_mono_time() + - CLEANUP: remove some unneeded includes from applet-t.h + - REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c + - CLEANUP: listeners: do not include openssl-compat + - CLEANUP: servers: do not include openssl-compat + - REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it + - CLEANUP: mux_fcgi: remove dependency on ssl_sock + - CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c + - REORG: ssl-sock: move the sslconns/totalsslconns counters to global + - REORG: sample: move the crypto samples to ssl_sample.c + - REORG: sched: moved samp_time and idle_time to task.c as well + - REORG: time/ticks: move now_ms and global_now_ms definitions to ticks.h + - CLEANUP: tree-wide: remove unneeded include time.h in ~20 files + - REORG: activity: uninline activity_count_runtime() + - REORG: acitvity: uninline sched_activity_entry() + - CLEANUP: stream: remove many unneeded includes from stream-t.h + - CLEANUP: stick-table: no need to include socket nor in.h + - MINOR: connection: use uint64_t for the hashes + - REORG: connection: move the hash-related stuff to connection.c + - REORG: connection: uninline conn_notify_mux() and conn_delete_from_tree() + - REORG: server: uninline the idle conns management functions + - REORG: ebtree: split structures into their own file ebtree-t.h + - CLEANUP: tree-wide: only include ebtree-t from type files + - REORG: connection: move the largest inlines from connection.h to connection.c + - CLEANUP: connection: do not include http_ana! + - CLEANUP: connection: remove unneeded tcpcheck-t.h and use only session-t.h + - REORG: connection: uninline the rest of the alloc/free stuff + - REORG: task: uninline the loop time measurement code + - CLEANUP: time: move a few configurable defines to defaults.h + - CLEANUP: fd: do not include time.h + - REORG: fd: uninline compute_poll_timeout() + - CLENAUP: wdt: use ha_tkill() instead of accessing pthread directly + - REORG: thread: move the thread init/affinity/stop to thread.c + - REORG: thread: move ha_get_pthread_id() to thread.c + - MINOR: thread: use a dedicated static pthread_t array in thread.c + - CLEANUP: thread: uninline ha_tkill/ha_tkillall/ha_cpu_relax() + - DOC: configuration: add clarification on escaping in keyword arguments + - BUG/MINOR: task: fix missing include with DEBUG_TASK + - MINOR: pools: report the amount used by thread caches in "show pools" + - MINOR: quic: Distinguish packet and SSL read enc. level in traces + - MINOR: quic: Add a function to dump SSL stack errors + - MINOR: quic: BUG_ON() SSL errors. + - MINOR: quic: Fix SSL error issues (do not use ssl_bio_and_sess_init()) + - BUG/MEDIUM: mux-quic: reinsert all streams in by_id tree + - BUG/MAJOR: xprt-quic: do not queue qc timer if not set + - MINOR: mux-quic: release connection if no more bidir streams + - BUG/MAJOR: quic: remove qc from receiver cids tree on free + - BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames + - MINOR: qpack: do not encode invalid http status code + - MINOR: qpack: support non-indexed http status code encoding + - MINOR: qpack: fix memory leak on huffman decoding + - CLEANUP: mux-quic: remove unused code + - BUG/MINOR: quic: fix includes for compilation + - BUILD: connection: avoid a build warning on FreeBSD with SO_USER_COOKIE + - BUILD: init: avoid a build warning on FreeBSD with USE_PROCCTL + - REORG: time: move time-keeping code and variables to clock.c + - REORG: clock: move the updates of cpu/mono time to clock.c + - MINOR: activity: get the run_time from the clock updates + - CLEANUP: clock: stop exporting before_poll and after_poll + - REORG: clock: move the clock_id initialization to clock.c + - REORG: clock/wdt: move wdt timer initialization to clock.c + - MINOR: clock: move the clock_ids to clock.c + - MINOR: wdt: move wd_timer to wdt.c + - CLEANUP: wdt: do not remap SI_TKILL to SI_LWP, test the values directly + - REORG: thread/sched: move the task_per_thread stuff to thread_ctx + - REORG: thread/clock: move the clock parts of thread_info to thread_ctx + - REORG: thread/sched: move the thread_info flags to the thread_ctx + - REORG: thread/sched: move the last dynamic thread_info to thread_ctx + - MINOR: thread: make "ti" a const pointer and clean up thread_info a bit + - MINOR: threads: introduce a minimalistic notion of thread-group + - MINOR: global: add a new "thread-groups" directive + - MINOR: global: add a new "thread-group" directive + - MINOR: threads: make tg point to the current thread's group + - MEDIUM: threads: automatically assign threads to groups + - MINOR: threads: set the group ID and its bit in the thread group + - MINOR: threads: set the tid, ltid and their bit in thread_cfg + - MEDIUM: threads: replace ha_set_tid() with ha_set_thread() + - MINOR: threads: add the current group ID in thread-local "tgid" variable + - MINOR: debug: report the group and thread ID in the thread dumps + - MEDIUM: listeners: support the definition of thread groups on bind lines + - MINOR: threads: add a new function to resolve config groups and masks + - MEDIUM: config: resolve relative threads on bind lines to absolute ones + - MEDIUM: stick-table: never learn the "conn_cur" value from peers + +2021/09/24 : 2.5-dev8 + - BUILD: compiler: fixed a missing test on defined(__GNUC__) + - BUILD: halog: fix a -Wundef warning on non-glibc systems + - BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl + - BUG/MINOR: compat: make sure __WORDSIZE is always defined + - BUILD: sample: fix format warning on 32-bit archs in sample_conv_be2dec_check() + - CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools() + - MINOR: pools: automatically disable malloc_trim() with external allocators + - MINOR: pools: report it when malloc_trim() is enabled + - DOC: Add .mailmap + - CLEANUP: tree-wide: fix prototypes for functions taking no arguments. + - CLEANUP: Remove prototype for non-existent thread_get_default_count() + - CLEANUP: acl: Remove unused variable when releasing an acl expression + - BUG/MAJOR: mux-h1: Don't eval input data if an error was reported + - DOC: update Tim's address in .mailmap + - MINOR: pools: use mallinfo2() when available instead of mallinfo() + - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check + - DOC: management: certificate files must be sanitized before injection + - BUG/MINOR: connection: prevent null deref on mux cleanup task allocation + - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc + - BUG/MINOR: cli/payload: do not search for args inside payload + - BUILD: sockpair: do not set unused flag + - BUILD: proto_uxst: do not set unused flag + - BUILD: fd: remove unused variable totlen in fd_write_frag_line() + - MINOR: applet: remove the thread mask from appctx_new() + - REORG: threads: move ha_get_pthread_id() to tinfo.h + - CLEANUP: Apply ist.cocci + - DEV: coccinelle: Add ist.cocci + - CLEANUP: Apply bug_on.cocci + - DEV: coccinelle: Add xalloc_size.cocci + - DEV: coccinelle: Add bug_on.cocci + - CLEANUP: Apply xalloc_size.cocci + - DEV: coccinelle: Add xalloc_cast.cocci + - BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set + - MINOR: httpclient: add the EOH when no headers where provided + - CLEANUP: Include check.h in flt_spoe.c + - CLEANUP: Remove unreachable `break` from parse_time_err() + - BUG/MINOR: server: allow 'enable health' only if check configured + - BUG/MINOR: server: alloc dynamic srv ssl ctx if proxy uses ssl chk rule + - MINOR: server: enable more keywords for ssl checks for dynamic servers + - MINOR: server: enable more check related keywords for dynamic servers + - REORG: server: move slowstart init outside of checks + - MINOR: server: enable slowstart for dynamic server + - MEDIUM: listener: deprecate "process" in favor of "thread" on bind lines + - BUG/MEDIUM: leastconn: fix rare possibility of divide by zero + - BUG/MINOR: quic: Possible NULL pointer dereferencing when dumping streams. + - MINOR: quic: Move transport parmaters to anynomous struct. + - MINOR: mux_quic: Add QUIC mux layer. + - MINOR: connection: Add callbacks definitions for QUIC. + - MINOR: quic: Attach QUIC mux connection objet to QUIC connection. + - MINOR: quic: Add a new definition to store STREAM frames. + - MINOR: h3: Add HTTP/3 definitions. + - MINOR: qpack: Add QPACK compression. + - MINOR: quic_sock: Finalize the QUIC connections. + - MINOR: quic: Disable the action of ->rcv_buf() xprt callback + - MINOR: quic: Add callbacks for (un)scribing to QUIC xprt. + - MINOR: quic: Variable-length integer encoding/decoding into/from buffer struct. + - BUG/MINOR: quic: Wrong ->accept() error handling + - MINOR: quic: Add a wrapper function to update transport parameters. + - MINOR: quic: Update the streams transport parameters. + - MINOR: quic: Avoid header collisions + - MINOR: quic: Replace max_packet_size by max_udp_payload size. + - MINOR: quic: Enable some quic, h3 and qpack modules compilation. + - MINOR: quic: Move an SSL func call from QUIC I/O handler to the xprt init. + - MINOR: quic: Initialize the session before starting the xprt. + - BUG/MINOR: quic: Do not check the acception of a new conn from I/O handler. + - MINOR: quic: QUIC conn initialization from I/O handler + - MINOR: quic: Remove header protection for conn with context + - MINOR: quic: Derive the initial secrets asap + - MINOR: quic: Remove header protection also for Initial packets + - BUG/MINOR: quic: Wrong memory free in quic_update_ack_ranges_list() + - MINOR: quic: quic_update_ack_ranges_list() code factorization + - MINOR: quic: Useless test in quic_update_ack_ranges_list() + - MINOR: quic: Remove a useless variable in quic_update_ack_ranges_list() + - BUG/MINOR: quic: Missing cases treatement when updating ACK ranges + - CLEAUNUP: quic: Usage of a useless variable in qc_treat_rx_pkts() + - BUG/MINOR: quic: Wrong RX packet reference counter usage + - MINOR: quic: Do not stop the packet parsing too early in qc_treat_rx_packets() + - MINOR: quic: Add a lock for RX packets + - MINOR: quic: Move the connection state + - MINOR: quic: Replace quic_conn_ctx struct by ssl_sock_ctx struct + - MINOR: quic: Replace the RX list of packet by a thread safety one. + - MINOR: quic: Replace the RX unprotected packet list by a thread safety one. + - MINOR: quic: Add useful traces for I/O dgram handler + - MINOR: quic: Do not wakeup the xprt task on ACK receipt + - MINOR: quic: Connection allocations rework + - MINOR: quic: Move conn_prepare() to ->accept_conn() callback + - MINOR: quic: Make qc_lstnr_pkt_rcv() be thread safe. + - MINOR: quic: Add a ring buffer implementation for QUIC + - MINOR: quic: Prefer x25519 as ECDH preferred parametes. + - MINOR: quic: Add the QUIC v1 initial salt. + - BUG/MINOR: quic: Too much reduced computed space to build handshake packets + - MINOR: net_helper: add functions for pointers + - MINOR: quic: Add ring buffer definition (struct qring) for QUIC + - MINOR: proto_quic: Allocate TX ring buffers for listeners + - MINOR: quic: Initialize pointers to TX ring buffer list + - MINOR: quic: Make use of TX ring buffers to send QUIC packets + - MINOR: quic_tls: Make use of the QUIC V1 salt. + - MINOR: quic: Remove old TX buffer implementation + - MINOR: Add function for TX packets reference counting + - MINOR: quic: Add TX packets at the very last time to their tree. + - MINOR: quic: Unitialized mux context upon Client Hello message receipt. + - MINOR: quic: Missing encryption level rx.crypto member initialization and lock. + - MINOR: quic: Rename ->rx.rwlock of quic_enc_level struct to ->rx.pkts_rwlock + - MINOR: quic: Make qc_treat_rx_pkts() be thread safe. + - MINOR: quic: Make ->tx.frms quic_pktns struct member be thread safe + - MINOR: quic: Replace quic_tx_frm struct by quic_frame struct + - MINOR: quic: Add a mask for TX frame builders and their authorized packet types + - MINOR: quic: Add a useful function to compute any frame length. + - MINOR: quic: Add the QUIC connection state to traces + - MINOR: quic: Store post handshake frame in ->pktns.tx.frms MT_LIST + - MINOR: quic: Add the packet type to quic_tx_packet struct + - MINOR: quic: Modify qc_do_build_hdshk_pkt() to accept any packet type + - MINOR: quic: Atomically handle packet number space ->largest_acked_pn variable + - MINOR: quic: Modify qc_build_cfrms() to support any frame + - MINOR: quic: quic_conn_io_cb() task rework + - MINOR: quic: Make qc_build_hdshk_pkt() atomically consume a packet number + - MINOR: quic: qc_do_build_hdshk_pkt() does not need to pass a copy of CRYPTO frame + - MINOR: quic: Remove Application level related functions + - MINOR: quic: Rename functions which do not build only Handshake packets + - MINOR: quic: Make circular buffer internal buffers be variable-sized. + - MINOR: quic: Add a pool for TX ring buffer internal buffer + - MINOR: quic: Make use of the last cbuf API when initializing TX ring buffers + - MINOR: quic: Missing acks encoded size updates. + - MINOR: quic: Evaluate the packet lengths in advance + - MINOR: quic: Update the TLS extension for QUIC transport parameters + - MINOR: quic: Fix handshake state debug strings + - MINOR: quic: Atomically get/set the connection state + - MINOR: quic: Missing QUIC encryption level for qc_build_pkt() + - MINOR: quic: Coalesce Application level packets with Handshake packets. + - MINOR: quic: Wrong flags handling for acks + - MINOR: quic: Missing case when discarding HANDSHAKE secrets + - MINOR: quic: Post handshake packet building improvements + - MINOR: quic: Prepare Application level packet asap. + - MINOR: h3: Send h3 settings asap + - MINOR: quic: Wrong STREAM frame length computing + - MINOR: quic: Wrong short packet minimum length + - MINOR: quic: Prepare STREAM frames to fill QUIC packets + - MINOR: h3: change default settings + - MINOR: quic-enc: fix varint encoding + - MINOR: qpack: fix wrong comment + - MINOR: qpack: generate headers list on decoder + - MINOR: h3: parse headers to htx + - MINOR: h3: allocate stream on headers + - MEDIUM: mux-quic: implement ring buffer on stream tx + - MINOR: mux-quic: send SETTINGS on uni stream + - MINOR: h3: define snd_buf callback and divert mux ops + - MINOR: mux-quic: define FIN stream flag + - MINOR: qpack: create qpack-enc module + - MINOR: qpack: encode headers functions + - MINOR: h3: encode htx headers to QPACK + - MINOR: h3: send htx data + - MINOR: h3/mux: detect fin on last h3 frame of the stream + - MINOR: quic: Shorten some handshakes + - MINOR: quic: Make QUIC-TLS support at least two initial salts + - MINOR: quic: Attach the QUIC connection to a thread. + - MINOR: quic: Missing active_connection_id_limit default value + - MINOR: quic_sock: Do not flag QUIC connections as being set + - MINOR: buf: Add b_force_xfer() function + - MINOR: quic: Make use of buffer structs to handle STREAM frames + - MINOR: mux_quic: move qc_process() code to qc_send() + - MINOR: quic: Add a typedef for unsigned long long + - MINOR: quic: Confusion between TX/RX for the frame builders + - MINOR: quic: Wrong packet flags settings during frame building + - MINOR: quic: Constantness fixes for frame builders/parsers. + - MINOR: quic_tls: Client/serveur state reordering + - MINOR: quic: Wrong packet loss detection due to wrong pktns order + - MINOR: quic: Wrong packet number space selection in quic_loss_pktns() + - MINOR: quic: Initial packet number spaced not discarded + - MINOR: quic: Add useful trace about pktns discarding + - MINOR: mux_quic: Export the mux related flags + - MINOR: quic: Implement quic_conn_subscribe() + - MINOR: quic: Wake up the mux upon ACK receipt + - MINOR: quic: Stream FIN bit fix in qcs_push_frame() + - MINOR: quic: Implement qc_process_mux() + - MINOR: quic: Wake up the xprt from mux + - CLEANUP: quic: Remove useless inline functions + - MINOR: quic: RX packets memory leak + - MINOR: quic: Possible endless loop in qc_treat_rx_pkts() + - MINOR: quic: Crash upon too big packets receipt + - MINOR: quic: define close handler + - MEDIUM: quic: implement mux release/conn free + - MINOR: quic: fix qcc subs initialization + - BUG/MINOR: h1-htx: Fix a typo when request parser is reset + - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer + - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data + - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM + - MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv() + - MINOR: htx: Add an HTX flag to know when a message is fragmented + - MINOR: htx: Add a function to know if the free space wraps + - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary + - MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf + - BUG/MINOR: http-ana: increment internal_errors counter on response error + - MINOR: stats: Enable dark mode on stat web page + - CLEANUP: stats: Fix some alignment mistakes + - MINOR: httpclient: httpclient_data() returns the available data + - MINOR: httpclient: httpclient_ended() returns 1 if the client ended + - MINOR: httpclient/lua: httpclient:get() API in lua + - MINOR: httpclient/lua: implement the headers in the response object + - BUG/MINOR: httpclient/lua: return an error on argument check + - CLEANUP: slz: Mark `reset_refs` as static + +2021/09/12 : 2.5-dev7 + - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB + - CLEANUP: htx: remove comments about "must be < 256 MB" + - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer + - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" + - MINOR: proxy: add a global "grace" directive to postpone soft-stop + - MINOR: vars: rename vars_init() to vars_init_head() + - CLEANUP: vars: rename sample_clear_stream() to var_unset() + - REORG: vars: remerge sample_store{,_stream}() into var_set() + - MEDIUM: vars: make the ifexist variant of set-var only apply to the proc scope + - MINOR: vars: add a VF_CREATEONLY flag for creation + - MINOR: vars: support storing empty sample data with a variable + - MINOR: vars: store flags into variables and add VF_PERMANENT + - MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables + - MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones + - MINOR: vars: preset a random seed to hash variables names + - MEDIUM: vars: replace the global name index with a hash + - CLEANUP: vars: remove the now unused var_names array + - MINOR: vars: centralize the lock/unlock into static inlines + - OPTIM: vars: only takes the variables lock on shared entries + - OPTIM: vars: remove internal bookkeeping for vars_global_size + - OPTIM: vars: do not keep variables usage stats if no limit is set + - BUILD: fix dragonfly build again on __read_mostly + - CI: Github Actions: temporarily disable Opentracing + - BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload + - MINOR: htx: Skip headers with no value when adding a header list to a message + - CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload + - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached + - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error + - BUG/MINOR: filters: Set right FLT_END analyser depending on channel + - CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h + - CLEANUP: ebmbtree: Replace always-taken elseif by else + - CLEANUP: Move XXH3 macro from haproxy/compat.h to haproxy/xxhash.h + - BUILD: opentracing: exclude the use of haproxy variables for the OpenTracing context + - BUG/MINOR: opentracing: enable the use of http headers without a set value + - CLEANUP: opentracing: use the haproxy function to generate uuid + - MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn' + - CI: Github Actions: re-enable Opentracing + - CLEANUP: opentracing: simplify the condition on the empty header + - BUG/MEDIUM lua: Add missing call to RESET_SAFE_LJMP in hlua_filter_new() + +2021/09/03 : 2.5-dev6 + - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time + - BUG/MINOR: tools: Fix loop condition in dump_text() + - BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER + - BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL + - BUILD: tools: properly guard __GLIBC__ with defined() + - BUILD: globally enable -Wundef + - MINOR: log: Remove log-error-via-logformat option + - MINOR: log: Add new "error-log-format" option + - BUG/MAJOR: queue: better protect a pendconn being picked from the proxy + - CLEANUP: Add missing include guard to signal.h + - MINOR: ssl: Add new ssl_bc_hsk_err sample fetch + - MINOR: connection: Add a connection error code sample fetch for backend side + - REGTESTS: ssl: Add tests for bc_conn_err and ssl_bc_hsk_err sample fetches + - MINOR: http-rules: add a new "ignore-empty" option to redirects. + - CI: Github Actions: temporarily disable BoringSSL builds + - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser + - BUG/MINOR: vars: improve accuracy of the rules used to check expression validity + - MINOR: sample: add missing ARGC_ entries + - BUG/MINOR: vars: properly set the argument parsing context in the expression + - DOC: configuration: remove wrong tcp-request examples in tcp-response + - MEDIUM: vars: add a new "set-var-fmt" action + - BUG/MEDIUM: vars: run over the correct list in release_store_rules() + - BUG/MINOR: vars: truncate the variable name in error reports about scope. + - BUG/MINOR: vars: do not talk about global section in CLI errors for set-var + - CLEANUP: vars: name the temporary proxy "CFG" instead of "CLI" for global vars + - MINOR: log: make log-format expressions completely usable outside of req/resp + - MINOR: vars: add a "set-var-fmt" directive to the global section + - MEDIUM: vars: also support format strings in CLI's "set var" command + - CLEANUP: vars: factor out common code from vars_get_by_{desc,name} + - MINOR: vars: make vars_get_by_* support an optional default value + - MINOR: vars: make the vars() sample fetch function support a default value + - BUILD: ot: add argument for default value to vars_get_by_name() + +2021/08/28 : 2.5-dev5 + - MINOR: httpclient: initialize the proxy + - MINOR: httpclient: implement a simple HTTP Client API + - MINOR: httpclient/cli: implement a simple client over the CLI + - MINOR: httpclient/cli: change the User-Agent to "HAProxy" + - MEDIUM: ssl: Keep a reference to the client's certificate for use in logs + - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path + - BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 + - MINOR: server: check if srv is NULL in free_server() + - MINOR: proxy: check if p is NULL in free_proxy() + - BUG/MEDIUM: cfgparse: do not allocate IDs to automatic internal proxies + - BUG/MINOR: http_client: make sure to preset the proxy's default settings + - REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 + - REGTESTS: abortonclose: after retries, 503 is expected, not close + - REGTESTS: server: fix agent-check syntax and expectation + - BUG/MINOR: httpclient: fix uninitialized sl variable + - BUG/MINOR: httpclient/cli: change the appctx test in the callbacks + - BUG/MINOR: httpclient: check if hdr_num is not 0 + - MINOR: httpclient: cleanup the include files + - MINOR: hlua: take the global Lua lock inside a global function + - MINOR: tools: add FreeBSD support to get_exec_path() + - BUG/MINOR: systemd: ExecStartPre must use -Ws + - MINOR: systemd: remove the ExecStartPre line in the unit file + - MINOR: ssl: add an openssl version string parser + - MINOR: cfgcond: implements openssl_version_atleast and openssl_version_before + - CLEANUP: ssl: remove useless check on p in openssl_version_parser() + - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions + - BUG/MINOR: httpclient: remove deinit of the httpclient + - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} + - MINOR: httpclient: set verify none on the https server + - MINOR: httpclient: add the server to the proxy + - BUG/MINOR: httpclient: fix Host header + - BUILD: httpclient: fix build without OpenSSL + - CI: github-actions: remove obsolete options + - CLEANUP: assorted typo fixes in the code and comments + - MINOR: proc: setting the process to produce a core dump on FreeBSD. + - BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 + - MINOR: server: return the next srv instance on free_server + - BUG/MINOR: stats: use refcount to protect dynamic server on dump + - MEDIUM: server: extend refcount for all servers + - MINOR: server: define non purgeable server flag + - MINOR: server: mark referenced servers as non purgeable + - MINOR: server: mark servers referenced by LUA script as non purgeable + - MEDIUM: server: allow to remove servers at runtime except non purgeable + - BUG/MINOR: base64: base64urldec() ignores padding in output size check + - REGTEST: add missing lua requirements on server removal test + - REGTEST: fix haproxy required version for server removal test + - BUG/MINOR: proxy: don't dump servers of internal proxies + - REGTESTS: Use `feature cmd` for 2.5+ tests + - REGTESTS: Remove REQUIRE_VERSION=1.5 from all tests + - BUG/MINOR: resolvers: mark servers with name-resolution as non purgeable + - MINOR: compiler: implement an ONLY_ONCE() macro + - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords + - MEDIUM: ssl: Capture more info from Client Hello + - MINOR: sample: Expose SSL captures using new fetchers + - MINOR: sample: Add be2dec converter + - MINOR: sample: Add be2hex converter + - MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size + - BUG/MINOR: time: fix idle time computation for long sleeps + - MINOR: time: add report_idle() to report process-wide idle time + - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long + - BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING + - BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef + - BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef + - IMPORT: slz: silence a build warning with -Wundef + - BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef + +2021/08/17 : 2.5-dev4 + - MINOR: log: rename 'dontloglegacyconnerr' to 'log-error-via-logformat' + - MINOR: doc: rename conn_status in `option httsplog` + - MINOR: proxy: disabled takes a stopping and a disabled state + - MINOR: stats: shows proxy in a stopped state + - BUG/MINOR: server: fix race on error path of 'add server' CLI if track + - CLEANUP: thread: fix fantaisist indentation of thread_harmless_till_end() + - MINOR: threads: make thread_release() not wait for other ones to complete + - MEDIUM: threads: add a stronger thread_isolate_full() call + - MEDIUM: servers: make the server deletion code run under full thread isolation + - BUG/MINOR: server: remove srv from px list on CLI 'add server' error + - MINOR: activity/fd: remove the dead_fd counter + - MAJOR: fd: get rid of the DWCAS when setting the running_mask + - CLEANUP: fd: remove the now unused fd_set_running() + - CLEANUP: fd: remove the now unneeded fd_mig_lock + - BUG/MINOR: server: update last_change on maint->ready transitions too + - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure + - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released + - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued + - MINOR: server: unmark deprecated on enable health/agent cli + - MEDIUM: task: implement tasklet kill + - MINOR: server: initialize fields for dynamic server check + - MINOR: check: allocate default check ruleset for every backends + - MINOR: check: export check init functions + - MINOR: check: do not increment global maxsock at runtime + - MINOR: server: implement a refcount for dynamic servers + - MEDIUM: check: implement check deletion for dynamic servers + - MINOR: check: enable safe keywords for dynamic servers + - MEDIUM: server: implement check for dynamic servers + - MEDIUM: server: implement agent check for dynamic servers + - REGTESTS: server: add dynamic check server test + - MINOR: doc: specify ulimit-n usage for dynamic servers + - REGTESTS: server: fix dynamic server with checks test + - CI: travis-ci: temporarily disable arm64 builds + - BUG/MINOR: check: test if server is not null in purge + - MINOR: global: define MODE_STOPPING + - BUG/MINOR: server: do not use refcount in free_server in stopping mode + - ADMIN: dyncookie: implement a simple dynamic cookie calculator + - BUG/MINOR: check: do not reset check flags on purge + - BUG/MINOR: check: fix leak on add dynamic server with agent-check error + - BUG/MEDIUM: check: fix leak on agent-check purge + - BUG/MEDIUM: server: support both check/agent-check on a dynamic instance + - BUG/MINOR: buffer: fix buffer_dump() formatting + - MINOR: channel: remove an htx block from a channel + - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer + - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered + - MINOR: lua: Add a flag on lua context to know the yield capability at run time + - BUG/MINOR: lua: Yield in channel functions only if lua context can yield + - BUG/MINOR: lua: Don't yield in channel.append() and channel.set() + - MINOR: filters/lua: Release filters before the lua context + - MINOR: lua: Add a function to get a reference on a table in the stack + - MEDIUM: lua: Process buffer data using an offset and a length + - MEDIUM: lua: Improve/revisit the lua api to manipulate channels + - DOC: Improve the lua documentation + - MEDIUM: filters/lua: Add support for dummy filters written in lua + - MINOR: lua: Add a function to get a filter attached to a channel class + - MINOR: lua: Add flags on the lua TXN to know the execution context + - MEDIUM: filters/lua: Be prepared to filter TCP payloads + - MEDIUM: filters/lua: Support declaration of some filter callback functions in lua + - MEDIUM: filters/lua: Add HTTPMessage class to help HTTP filtering + - MINOR: filters/lua: Add request and response HTTP messages in the lua TXN + - MINOR: filters/lua: Support the HTTP filtering from filters written in lua + - DOC: config: Fix 'http-response send-spoe-group' documentation + - BUG/MINOR: lua: Properly check negative offset in Channel/HttpMessage functions + - BUG/MINOR: lua: Properly catch alloc errors when parsing lua filter directives + - BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check + - MINOR: cli: delare the CLI frontend as an internal proxy + - MINOR: proxy: disable warnings for internal proxies + - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set + - BUG/MINOR: lua/filters: Return right code when txn:done() is called + - DOC: lua-api: Add documentation about lua filters + - CI: Remove obsolete USE_SLZ=1 CI job + - CLEANUP: assorted typo fixes in the code and comments + - CI: github actions: relax OpenSSL-3.0.0 version comparision + - BUILD: tools: get the absolute path of the current binary on NetBSD. + - DOC: Minor typo fix - 'question mark' -> 'exclamation mark' + - DOC/MINOR: fix typo in management document + - MINOR: http: add a new function http_validate_scheme() to validate a scheme + - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax + - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it + - BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header + - BUG/MEDIUM: h2: give :authority precedence over Host + - REGTESTS: add a test to prevent h2 desync attacks + +2021/08/01 : 2.5-dev3 + - BUG/MINOR: arg: free all args on make_arg_list()'s error path + - BUG/MINOR: cfgcond: revisit the condition freeing mechanism to avoid a leak + - MEDIUM: proxy: remove long-broken 'option http_proxy' + - CLEANUP: http_ana: Remove now unused label from http_process_request() + - MINOR: deinit: always deinit the init_mutex on failed initialization + - BUG/MEDIUM: cfgcond: limit recursion level in the condition expression parser + - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected + - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs + - BUILD/MINOR: memprof fix macOs build. + - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request + - BUG/MINOR: stats: Add missing agent stats on servers + - BUG/MINOR: check: fix the condition to validate a port-less server + - BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD + - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree + - MINOR: ssl: use __objt_* variant when retrieving counters + - BUG/MINOR: systemd: must check the configuration using -Ws + - BUG/MINOR: mux-h1: Obey dontlognull option for empty requests + - BUG/MINOR: mux-h2: Obey dontlognull option during the preface + - BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called + - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames + - MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT + - MINOR: mworker: the mworker CLI proxy is internal + - MINOR: stats: don't output internal proxies (PR_CAP_INT) + - CLEANUP: mworker: use the proxy helper functions in mworker_cli_proxy_create() + - CLEANUP: mworker: PR_CAP already initialized with alloc_new_proxy() + - BUG/MINOR: connection: Add missing error labels to conn_err_code_str + - MINOR: connection: Add a connection error code sample fetch + - MINOR: ssl: Enable error fetches in case of handshake error + - MINOR: ssl: Add new ssl_fc_hsk_err sample fetch + - MINOR: ssl: Define a default https log format + - MEDIUM: connection: Add option to disable legacy error log + - REGTESTS: ssl: Add tests for the connection and SSL error fetches + - REGTESTS: ssl: ssl_errors.vtc does not work with old openssl version + - BUG/MEDIUM: connection: close a rare race between idle conn close and takeover + - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before + - BUG/MINOR: select: fix excess number of dead/skip reported + - BUG/MINOR: poll: fix abnormally high skip_fd counter + - BUG/MINOR: pollers: always program an update for migrated FDs + - BUG/MINOR: fd: protect fd state harder against a concurrent takeover + - DOC: internals: document the FD takeover process + - MINOR: fd: update flags only once in fd_update_events() + - MINOR: poll/epoll: move detection of RDHUP support earlier + - REORG: fd: uninline fd_update_events() + - MEDIUM: fd: rely more on fd_update_events() to detect changes + - BUG/MINOR: freq_ctr: use stricter barriers between updates and readings + - MEDIUM: atomic: simplify the atomic load/store/exchange operations + - MEDIUM: atomic: relax the load/store barriers on x86_64 + - BUILD: opentracing: fixed build when using pkg-config utility + +2021/07/17 : 2.5-dev2 + - BUILD/MEDIUM: tcp: set-mark support for OpenBSD + - DOC: config: use CREATE USER for mysql-check + - BUG/MINOR: stick-table: fix several printf sign errors dumping tables + - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types + - MINOR: stick-table: make skttable_data_cast to use only std types + - MEDIUM: stick-table: handle arrays of standard types into stick-tables + - MEDIUM: peers: handle arrays of std types in peers protocol + - DOC: stick-table: add missing documentation about gpt0 stored type + - MEDIUM: stick-table: add the new array of gpt data_type + - MEDIUM: stick-table: make the use of 'gpt' excluding the use of 'gpt0' + - MEDIUM: stick-table: add the new arrays of gpc and gpc_rate + - MEDIUM: stick-table: make the use of 'gpc' excluding the use of 'gpc0/1'' + - BUG/MEDIUM: sock: make sure to never miss early connection failures + - BUG/MINOR: cli: fix server name output in "show fd" + - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" + - MEDIUM: stats: include disabled proxies that hold active sessions to stats + - BUILD: stick-table: shut up invalid "uninitialized" warning in gcc 8.3 + - MINOR: http: implement http_get_scheme + - MEDIUM: http: implement scheme-based normalization + - MEDIUM: h1-htx: apply scheme-based normalization on h1 requests + - MEDIUM: h2: apply scheme-based normalization on h2 requests + - REGTESTS: add http scheme-based normalization test + - BUILD: http_htx: fix ci compilation error with isdigit for Windows + - MINOR: http: implement http uri parser + - MINOR: http: use http uri parser for scheme + - MINOR: http: use http uri parser for authority + - REORG: http_ana: split conditions for monitor-uri in wait for request + - MINOR: http: use http uri parser for path + - BUG/MEDIUM: http_ana: fix crash for http_proxy mode during uri rewrite + - MINOR: mux_h2: define config to disable h2 websocket support + - CLEANUP: applet: remove unused thread_mask + - BUG/MINOR: ssl: Default-server configuration ignored by server + - BUILD: add detection of missing important CFLAGS + - BUILD: lua: silence a build warning with TCC + - MINOR: srv: extract tracking server config function + - MINOR: srv: do not allow to track a dynamic server + - MEDIUM: server: support track keyword for dynamic servers + - REGTESTS: test track support for dynamic servers + - MINOR: init: verify that there is a single word on "-cc" + - MINOR: init: make -cc support environment variables expansion + - MINOR: arg: add a free_args() function to free an args array + - CLEANUP: config: use free_args() to release args array in cfg_eval_condition() + - CLEANUP: hlua: use free_args() to release args arrays + - REORG: config: move the condition preprocessing code to its own file + - MINOR: cfgcond: start to split the condition parser to introduce terms + - MEDIUM: cfgcond: report invalid trailing chars after expressions + - MINOR: cfgcond: remerge all arguments into a single line + - MINOR: cfgcond: support negating conditional expressions + - MINOR: cfgcond: make the conditional term parser automatically allocate nodes + - MINOR: cfgcond: insert an expression between the condition and the term + - MINOR: cfgcond: support terms made of parenthesis around expressions + - REGTEST: make check_condition.vtc fail as soon as possible + - REGTESTS: add more complex check conditions to check_conditions.vtc + - BUG/MEDIUM: init: restore behavior of command-line "-m" for memory limitation + +2021/06/30 : 2.5-dev1 + - CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c + - MINOR: ssl: Allow duplicated entries in the cafile_tree + - MEDIUM: ssl: Chain ckch instances in ca-file entries + - MINOR: ssl: Add reference to default ckch instance in bind_conf + - MINOR: ssl: Add helper functions to create/delete cafile entries + - MEDIUM: ssl: Add a way to load a ca-file content from memory + - MINOR: ssl: Add helper function to add cafile entries + - MINOR: ssl: Ckch instance rebuild and cleanup factorization in CLI handler + - MEDIUM: ssl: Add "set+commit ssl ca-file" CLI commands + - REGTESTS: ssl: Add new ca-file update tests + - MINOR: ssl: Add "abort ssl ca-file" CLI command + - MINOR: ssl: Add a cafile_entry type field + - MINOR: ssl: Refactorize the "show certificate details" code + - MEDIUM: ssl: Add "show ssl ca-file" CLI command + - MEDIUM: ssl: Add "new ssl ca-file" CLI command + - MINOR: ssl: Add "del ssl ca-file" CLI command + - REGTESTS: ssl: Add "new/del ssl ca-file" tests + - DOC: ssl: Add documentation about CA file hot update commands + - DOC: internals: update the SSL architecture schema + - MINOR: ssl: Chain instances in ca-file entries + - MEDIUM: ssl: Add "set+commit ssl crl-file" CLI commands + - MEDIUM: ssl: Add "new+del crl-file" CLI commands + - MINOR: ssl: Add "abort ssl crl-file" CLI command + - MEDIUM: ssl: Add "show ssl crl-file" CLI command + - REGTESTS: ssl: Add "new/del ssl crl-file" tests + - REGTESTS: ssl: Add "set/commit ssl crl-file" test + - DOC: ssl: Add documentation about CRL file hot update commands + - BUILD/MINOR: ssl: Fix compilation with SSL enabled + - BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 + - CI: introduce scripts/build-vtest.sh for installing VTest + - CLEANUP: ssl: Fix coverity issues found in CA file hot update code + - CI: github actions: add OpenTracing builds + - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry + - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' + - BUILD/MINOR: opentracing: fixed build when using clang + - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter + - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response + - MINOR: map/acl: print the count of all the map/acl entries in "show map/acl" + - CLEANUP: pattern: remove export of non-existent function pattern_delete() + - MINOR: h1-htx: Update h1 parsing functions to return result as a size_t + - MEDIUM: h1-htx: Adapt H1 data parsing to copy wrapping data in one call + - MINOR: mux-h1/mux-fcgi: Don't needlessly loop on data parsing + - MINOR: h1-htx: Move HTTP chunks parsing into a dedicated function + - MEDIUM: h1-htx: Split function to parse a chunk and the loop on the buffer + - MEDIUM: h1-htx: Add a function to parse contiguous small chunks + - MINOR: h1-htx: Use a correlation table to speed-up small chunks parsing + - MINOR: buf: Add function to realign a buffer with a specific head position + - MINOR: muxes/h1-htx: Realign input buffer using b_slow_realign_ofs() + - CLEANUP: mux-h1: Rename functions parsing input buf and filling output buf + - Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers" + - BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry + - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts + - MINOR: http-ana: Perform L7 retries because of status codes in response analyser + - MINOR: cfgparse: Fail when encountering extra arguments in macro + - DOC: intro: Fix typo in starter guide + - BUG/MINOR: server: Missing calloc return value check in srv_parse_source + - BUG/MINOR: peers: Missing calloc return value check in peers_register_table + - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine + - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture + - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare + - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy + - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response + - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule + - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo + - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list + - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule + - BUG/MINOR: http: Missing calloc return value check in make_arg_list + - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree + - CLEANUP: http-ana: Remove useless if statement about L7 retries + - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry + - MINOR: backend: Don't release SI endpoint anymore in connect_server() + - BUG/MINOR: vars: Be sure to have a session to get checks variables + - DOC/MINOR: move uuid in the configuration to the right alphabetical order + - CLEANUP: mux-fcgi: Don't needlessly store result of data/trailers parsing + - BUILD: fix compilation for OpenSSL-3.0.0-alpha17 + - MINOR: http-ana: Use -1 status for client aborts during queuing and connect + - REGTESTS: Fix http_abortonclose.vtc to support -1 status for some client aborts + - CLEANUP: backend: fix incorrect comments on locking conditions for lb functions + - CLEANUP: reg-tests: Remove obsolete no-htx parameter for reg-tests + - CI: github actions: add OpenSSL-3.0.0 builds + - CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 + - MINOR: errors: allow empty va_args for diag variadic macro + - REORG: errors: split errors reporting function from log.c + - CLEANUP: server: fix cosmetic of error message on sni parsing + - MEDIUM: errors: implement user messages buffer + - MINOR: log: do not discard stderr when starting is over + - MEDIUM: errors: implement parsing context type + - MINOR: errors: use user messages context in print_message + - MINOR: log: display exec path on first warning + - MINOR: errors: specify prefix "config" for parsing output + - MINOR: log: define server user message format + - REORG: server: use parsing ctx for server parsing + - REORG: config: use parsing ctx for server config check + - MINOR: server: use parsing ctx for server init addr + - MINOR: server: use ha_alert in server parsing functions + - DOC: use the req.ssl_sni in examples + - CLEANUP: cfgparse: Remove duplication of `MAX_LINE_ARGS + 1` + - CLEANUP: tools: Make errptr const in `parse_line()` + - MINOR: haproxy: Add `-cc` argument + - BUG: errors: remove printf positional args for user messages context + - CI: Make matrix.py executable and add shebang + - BUILD: make tune.ssl.keylog available again + - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future + - Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode" + - BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode + - SCRIPTS: opentracing: enable parallel builds in build-ot.sh + - BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block + - BUG/MEDIUM: compression: Properly get the next block to iterate on payload + - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data + - MINOR: ssl: Keep the actual key length in the certificate_ocsp structure + - MINOR: ssl: Add new "show ssl ocsp-response" CLI command + - MINOR: ssl: Add the OCSP entry key when displaying the details of a certificate + - MINOR: ssl: Add the "show ssl cert foo.pem.ocsp" CLI command + - REGTESTS: ssl: Add "show ssl ocsp-response" test + - BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers + - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() + - BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location + - MINOR: pools: do not maintain the lock during pool_flush() + - MINOR: pools: call malloc_trim() under thread isolation + - MEDIUM: pools: use a single pool_gc() function for locked and lockless + - BUG/MAJOR: pools: fix possible race with free() in the lockless variant + - CLEANUP: pools: remove now unused seq and pool_free_list + - MEDIUM: pools: remove the locked pools implementation + - BUILD: ssl: Fix compilation with BoringSSL + - BUG/MEDIUM: errors: include missing obj_type file + - REGTESTS: ssl: show_ssl_ocspresponce.vtc is broken with BoringSSL + - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded + - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default + - BUG/MINOR: h1-htx: Fix a signess bug with char data type when parsing chunk size + - CLEANUP: l7-retries: do not test the buffer before calling b_alloc() + - BUG/MINOR: resolvers: answser item list was randomly purged or errors + - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item + - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record + - BUG/MINOR: server-state: load SRV resolution only if params match the config + - MINOR: config: remove support for deprecated option "tune.chksize" + - MINOR: config: completely remove support for "no option http-use-htx" + - MINOR: log: remove the long-deprecated early log-format tags + - MINOR: http: remove the long deprecated "set-cookie()" sample fetch function + - MINOR: config: reject long-deprecated "option forceclose" + - MINOR: config: remove deprecated option "http-tunnel" + - MEDIUM: proxy: remove the deprecated "grace" keyword + - MAJOR: config: remove parsing of the global "nbproc" directive + - BUILD: init: remove initialization of multi-process thread mappings + - BUILD: log: remove unused fmt_directive() + - REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests + - REGTESTS: Remove REQUIRE_VERSION=1.7 from all tests + - CI: github actions: enable alpine/musl builds + - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs + - DOC: lua: Add a warning about buffers modification in HTTP + - MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available + - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id + - BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server' + - BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees + - BUG/MEDIUM: server: do not forget to generate the dynamic servers ids + - BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree + - BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node + - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE + - BUG/MINOR: ssl: use atomic ops to update global shctx stats + - BUG/MINOR: mworker: fix typo in chroot error message + - CLEANUP: global: remove unused definition of stopping_task[] + - MEDIUM: init: remove the loop over processes during init + - MINOR: mworker: remove the initialization loop over processes + - CLEANUP: global: remove the nbproc field from the global structure + - CLEANUP: global: remove pid_bit and all_proc_mask + - MEDIUM: global: remove dead code from nbproc/bind_proc removal + - MEDIUM: config: simplify cpu-map handling + - MEDIUM: cpu-set: make the proc a single bit field and not an array + - CLEANUP: global: remove unused definition of MAX_PROCS + - MEDIUM: global: remove the relative_pid from global and mworker + - DOC: update references to process numbers in cpu-map and bind-process + - MEDIUM: config: warn about "bind-process" deprecation + - CLEANUP: shctx: remove the different inter-process locking techniques + - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue + - MINOR: backend: only skip LB when there are actual connections + - BUG/MINOR: mux-h1: do not skip the error response on bad requests + - MINOR: connection: add helper conn_append_debug_info() + - MINOR: mux-h2/trace: report a few connection-level info during h2_init() + - CLEANUP: mux-h2/traces: better align user messages + - BUG/MINOR: stats: make "show stat typed desc" work again + - MINOR: mux-h2: obey http-ignore-probes during the preface + - BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace + - BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces + - CLEANUP: assorted typo fixes in the code and comments + - CI: Replace the requirement for 'sudo' with a call to 'ulimit -n' + - REGTESTS: Replace REQUIRE_VERSION=2.5 with 'haproxy -cc' + - REGTESTS: Replace REQUIRE_OPTIONS with 'haproxy -cc' for 2.5+ tests + - REGTESTS: Replace REQUIRE_BINARIES with 'command -v' + - REGTESTS: Remove support for REQUIRE_BINARIES + - CI: ssl: enable parallel builds for OpenSSL on Linux + - CI: ssl: do not needlessly build the OpenSSL docs + - CI: ssl: keep the old method for ancient OpenSSL versions + - CLEANUP: server: a separate function for initializing the per_thr field + - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled + - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI + - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item + - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item + - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status + - BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose + - BUG/MINOR: backend: do not set sni on connection reuse + - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() + - BUG/MINOR: server/cli: Fix locking in function processing "set server" command + - BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header + - MINOR: ssl: fix typo in usage for 'new ssl ca-file' + - MINOR: ssl: always initialize random generator + - MINOR: ssl: check allocation in ssl_sock_init_srv + - MINOR: ssl: check allocation in parse ciphers/ciphersuites/verifyhost + - MINOR: ssl: check allocation in parse npn/sni + - MINOR: server: disable CLI 'set server ssl' for dynamic servers + - MINOR: ssl: render file-access optional on server crt loading + - MINOR: ssl: split parse functions for alpn/check-alpn + - MINOR: ssl: support ca-file arg for dynamic servers + - MINOR: ssl: support crt arg for dynamic servers + - MINOR: ssl: support crl arg for dynamic servers + - MINOR: ssl: enable a series of ssl keywords for dynamic servers + - MINOR: ssl: support ssl keyword for dynamic servers + - REGTESTS: server: test ssl support for dynamic servers + - MINOR: queue: update the stream's pend_pos before queuing it + - CLEANUP: Prevent channel-t.h from being detected as C++ by GitHub + - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check + - REGTESTS: fix maxconn update with agent-check + - MEDIUM: queue: make pendconn_process_next_strm() only return the pendconn + - MINOR: queue: update proxy->served once out of the loop + - MEDIUM: queue: refine the locking in process_srv_queue() + - MINOR: lb/api: remove the locked argument from take_conn/drop_conn + - MINOR: queue: create a new structure type "queue" + - MINOR: proxy: replace the pendconns-related stuff with a struct queue + - MINOR: server: replace the pendconns-related stuff with a struct queue + - MEDIUM: queue: use a dedicated lock for the queues + - MEDIUM: queue: simplify again the process_srv_queue() API + - MINOR: queue: factor out the proxy/server queuing code + - MINOR: queue: use atomic-ops to update the queue's index + - MEDIUM: queue: determine in process_srv_queue() if the proxy is usable + - MEDIUM: queue: move the queue lock manipulation to pendconn_process_next_strm() + - MEDIUM: queue: unlock as soon as possible + - MINOR: queue: make pendconn_first() take the lock by itself + - CLEANUP: backend: remove impossible case of round-robin + consistent hash + - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules + - DOC: config: Add missing actions in "tcp-request session" documentation + - CLEANUP: dns: Remove a forgotten debug message + - DOC: Replace issue templates by issue forms + - Revert "MINOR: queue: make pendconn_first() take the lock by itself" + - Revert "MEDIUM: queue: unlock as soon as possible" + - Revert "MEDIUM: queue: move the queue lock manipulation to pendconn_process_next_strm()" + - Revert "MEDIUM: queue: determine in process_srv_queue() if the proxy is usable" + - Revert "MINOR: queue: use atomic-ops to update the queue's index" + - Revert "MINOR: queue: factor out the proxy/server queuing code" + - Revert "MEDIUM: queue: simplify again the process_srv_queue() API" + - Revert "MEDIUM: queue: use a dedicated lock for the queues" + - Revert "MEDIUM: queue: refine the locking in process_srv_queue()" + - Revert "MINOR: queue: update proxy->served once out of the loop" + - Revert "MEDIUM: queue: make pendconn_process_next_strm() only return the pendconn" + - MEDIUM: queue: update px->served and lb's take_conn once per loop + - MEDIUM: queue: use a dedicated lock for the queues (v2) + - MEDIUM: queue: simplify again the process_srv_queue() API (v2) + - MEDIUM: queue: determine in process_srv_queue() if the proxy is usable (v2) + - MINOR: queue: factor out the proxy/server queuing code (v2) + - MINOR: queue: use atomic-ops to update the queue's index (v2) + - MEDIUM: queue: take the proxy lock only during the px queue accesses + - MEDIUM: queue: use a trylock on the server's queue + - MINOR: queue: add queue_init() to initialize a queue + - MINOR: queue: add a pointer to the server and the proxy in the queue + - MINOR: queue: store a pointer to the queue into the pendconn + - MINOR: queue: remove the px/srv fields from pendconn + - MINOR: queue: simplify pendconn_unlink() regarding srv vs px + - BUG: backend: stop looking for queued connections once there's no more + - BUG/MINOR: queue/debug: use the correct lock labels on the queue lock + - BUG/MINOR: resolvers: Always attach server on matching record on resolution + - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response + - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() + - BUG/MINOR: checks: return correct error code for srv_parse_agent_check + - BUILD: Makefile: fix linkage for Haiku. + - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules + - MINOR: http-act/tcp-act: Add "set-log-level" for tcp content rules + - MINOR: http-act/tcp-act: Add "set-nice" for tcp content rules + - MINOR: http-act/tcp-act: Add "set-mark" and "set-tos" for tcp content rules + - CLEANUP: tcp-act: Sort action lists + - BUILD/MEDIUM: tcp: set-mark setting support for FreeBSD. + - BUILD: tcp-act: avoid warning when set-mark / set-tos are not supported + - BUG/MINOR: mqtt: Fix parser for string with more than 127 characters + - BUG/MINOR: mqtt: Support empty client ID in CONNECT message + - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution + - CLEANUP: peers: re-write intdecode function comment. + +2021/05/14 : 2.5-dev0 + - MINOR: version: it's development again + +2021/05/14 : 2.4.0 + - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port + - CLEANUP: cli/activity: Remove double spacing in set profiling command + - CI: Build VTest with clang + - CI: extend spellchecker whitelist, add "ists" as well + - CLEANUP: assorted typo fixes in the code and comments + - BUG/MINOR: memprof: properly account for differences for realloc() + - MINOR: memprof: also report the method used by each call + - MINOR: memprof: also report the totals and delta alloc-free + - CLEANUP: pattern: remove the unused and dangerous pat_ref_reload() + - BUG/MINOR: http_act: Fix normalizer names in error messages + - MINOR: uri_normalizer: Add `fragment-strip` normalizer + - MINOR: uri_normalizer: Add `fragment-encode` normalizer + - IMPORT: slz: use the generic function for the last bytes of the crc32 + - IMPORT: slz: do not produce the crc32_fast table when CRC is natively supported + - BUILD/MINOR: opentracing: fixed compilation with filter enabled + - BUILD: makefile: add a few popular ARMv8 CPU targets + - BUG/MEDIUM: stick_table: fix crash when using tcp smp_fetch_src + - REGTESTS: stick-table: add src_conn_rate test + - CLEANUP: stick-table: remove a leftover of an old keyword declaration + - BUG/MINOR: stats: fix lastchk metric that got accidently lost + - EXAMPLES: add a "basic-config-edge" example config + - EXAMPLES: add a trivial config for quick testing + - DOC: management: Correct example reload command in the document + - Revert "CI: Build VTest with clang" + - MINOR: activity/cli: optionally support sorting by address on "show profiling" + - DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling + - BUG/MINOR: lua/vars: prevent get_var() from allocating a new name + - DOC: config: Fix configuration example for mqtt + - BUG/MAJOR: config: properly initialize cpu_map.thread[] up to MAX_THREADS + - BUILD: config: avoid a build warning on numa_detect_topology() without threads + - DOC: update min requirements in INSTALL + - IMPORT: slz: use inttypes.h instead of stdint.h + - BUILD: sample: use strtoll() instead of atoll() + - MINOR: version: mention that it's LTS now. + +2021/05/10 : 2.4-dev19 + - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers + - BUG/MEDIUM: cli: prevent memory leak on write errors + - BUG/MINOR: ssl/cli: fix a lock leak when no memory available + - MINOR: debug: add a new "debug dev sym" command in expert mode + - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS + - CI: Github Actions: switch to LibreSSL-3.3.3 + - MINOR: srv: close all idle connections on shutdown + - MINOR: connection: move session_list member in a union + - MEDIUM: mux_h1: release idling frontend conns on soft-stop + - MEDIUM: connection: close front idling connection on soft-stop + - MINOR: tools: add functions to retrieve the address of a symbol + - CLEANUP: activity: mark the profiling and task_profiling_mask __read_mostly + - MINOR: activity: add a "memory" entry to "profiling" + - MINOR: activity: declare the storage for memory usage statistics + - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING + - MINOR: activity: clean up the show profiling io_handler a little bit + - MINOR: activity: make "show profiling" support a few arguments + - MINOR: activity: make "show profiling" also dump the memoery usage + - MINOR: activity: add the profiling.memory global setting + - BUILD: makefile: add new option USE_MEMORY_PROFILING + - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() + - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive + - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set + - MEDIUM: mux-h1: Don't block reads when waiting for the other side + - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set + - REGTESTS: Add script to test abortonclose option + - MINOR: mux-h1: clean up conditions to enabled and disabled splicing + - MINOR: mux-h1: Subscribe for sends if output buffer is not empty in h1_snd_pipe + - MINOR: mux-h1: Always subscribe for reads when splicing is disabled + - MEDIUM: mux-h1: Wake H1 stream when both sides a synchronized + - CLEANUP: mux-h1: rename WAIT_INPUT/WAIT_OUTPUT flags + - MINOR: mux-h1: Manage processing blocking flags on the H1 stream + - BUG/MINOR: stream: Decrement server current session counter on L7 retry + - BUG/MINOR: config: fix uninitialized initial state in ".if" block evaluator + - BUG/MINOR: config: add a missing "ELIF_TAKE" test for ".elif" condition evaluator + - BUG/MINOR: config: .if/.elif should also accept negative integers + - MINOR: config: centralize the ".if"/".elif" condition parser and evaluator + - MINOR: config: keep up-to-date current file/line/section in the global struct + - MINOR: config: support some pseudo-variables for file/line/section + - BUILD: activity: do not include malloc.h + - MINOR: arg: improve the error message on missing closing parenthesis + - MINOR: global: export the build features string list + - MINOR: global: add version comparison functions + - MINOR: config: improve .if condition error reporting + - MINOR: config: make cfg_eval_condition() support predicates with arguments + - MINOR: config: add predicate "defined()" to conditional expression blocks + - MINOR: config: add predicates "streq()" and "strneq()" to conditional expressions + - MINOR: config: add predicate "feature" to detect certain built-in features + - MINOR: config: add predicates "version_atleast" and "version_before" to cond blocks + - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc() + - BUG/MINOR: stream: properly clear the previous error mask on L7 retries + - MEDIUM: log: slightly refine the output format of alerts/warnings/etc + - MINOR: config: add a new message directive: .diag + - CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages + - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry + - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started + - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set + - MINOR: global: define tainted flag + - MINOR: cfgparse: add a new field flags in cfg_keyword + - MINOR: cfgparse: implement experimental config keywords + - MINOR: action: replace match_pfx by a keyword flags field + - MINOR: action: implement experimental actions + - MINOR: cli: set tainted when using CLI expert/experimental mode + - MINOR: stats: report tainted on show info + - MINOR: http_act: mark normalize-uri as experimental + - BUILD: fix usage of ha_alert without format string + - MINOR: proxy: define PR_CAP_LB + - BUG/MINOR: server: do not report diag for peer servers with null weight + - DOC: ssl: Extra files loading now works for backends too + - ADDONS: make addons/ discoverable by git via .gitignore + - DOC: ssl: Add information about crl-file option + - MINOR: sample: improve error reporting on missing arg to strcmp() converter + - DOC: management: mention that some fields may be emitted as floats + - MINOR: tools: implement trimming of floating point numbers + - MINOR: tools: add a float-to-ascii conversion function + - MINOR: freq_ctr: add new functions to report float measurements + - MINOR: stats: avoid excessive padding of float values with trailing zeroes + - MINOR: stats: add the HTML conversion for float types + - MINOR: stats: pass the appctx flags to stats_fill_info() + - MINOR: stats: support an optional "float" option to "show info" + - MINOR: stats: use tv_remain() to precisely compute the uptime + - MINOR: stats: report uptime and start time as floats with subsecond resolution + - MINOR: stats: make "show info" able to report rates as floats when asked + - MINOR: config: mark tune.fd.edge-triggered as experimental + - REORG: vars: move the "proc" scope variables out of the global struct + - REORG: threads: move all_thread_mask() to thread.h + - BUILD: wdt: include signal-t.h + - BUILD: auth: include missing list.h + - REORG: mworker: move proc_self from global to mworker + - BUILD: ssl: ssl_utils requires chunk.h + - BUILD: config: cfgparse-ssl.c needs tools.h + - BUILD: wurfl: wurfl.c needs tools.h + - BUILD: spoe: flt_spoe.c needs tools.h + - BUILD: promex: service-prometheus.c needs tools.h + - BUILD: resolvers: include tools.h + - BUILD: config: include tools.h in cfgparse-listen.c + - BUILD: htx: include tools.h in http_htx.c + - BUILD: proxy: include tools.h in proxy.c + - BUILD: session: include tools.h in session.c + - BUILD: cache: include tools.h in cache.c + - BUILD: sink: include tools.h in sink.c + - BUILD: connection: include tools.h in connection.c + - BUILD: server-state: include tools.h from server_state.c + - BUILD: dns: include tools.h in dns.c + - BUILD: payload: include tools.h in payload.c + - BUILD: vars: include tools.h in vars.c + - BUILD: compression: include tools.h in compression.c + - BUILD: mworker: include tools.h from mworker.c + - BUILD: queue: include tools.h from queue.c + - BUILD: udp: include tools.h from proto_udp.c + - BUILD: stick-table: include freq_ctr.h from stick_table.h + - BUILD: server: include tools.h from server.c + - BUILD: server: include missing proxy.h in server.c + - BUILD: sink: include proxy.h in sink.c + - BUILD: mworker: include proxy.h in mworker.c + - BUILD: filters: include proxy.h in filters.c + - BUILD: fcgi-app: include proxy.h in fcgi-app.c + - BUILD: connection: move list_mux_proto() to connection.c + - REORG: stick-table: uninline stktable_alloc_data_type() + - REORG: stick-table: move composite address functions to stick_table.h + - REORG: config: uninline warnifnotcap() and failifnotcap() + - BUILD: task: remove unused includes from task.c + - MINOR: task: stop including stream.h from task.c + - BUILD: connection: stop including listener-t.h + - BUILD: hlua: include proxy.h from hlua.c + - BUILD: mux-h1: include proxy.h from mux-h1.c + - BUILD: mux-fcgi: include proxy.h from mux-fcgi.c + - BUILD: listener: include proxy.h from listener.c + - BUILD: http-rules: include proxy.h from http_rules.c + - BUILD: thread: include log.h from thread.c + - BUILD: comp: include proxy.h from flt_http_comp.c + - BUILD: fd: include log.h from fd.c + - BUILD: config: do not include proxy.h nor errors.h anymore in cfgparse.h + - BUILD: makefile: reorder object files by build time + - DOC: Fix a few grammar/spelling issues and casing of HAProxy + - REGTESTS: run-regtests: match both "HAProxy" and "HA-Proxy" in the version + - MINOR: version: report "HAProxy" not "HA-Proxy" in the version output + - DOC: remove last occurrences of "HA-Proxy" syntax + - DOC: peers: fix the protocol tag name in the doc + - ADMIN: netsnmp: report "HAProxy" and not "Haproxy" in output descriptions + - MEDIUM: mailers: use "HAProxy" nor "HAproxy" in the subject of messages + - DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments + - MINOR: tools/rnd: compute the result outside of the CAS loop + - BUILD: http_fetch: address a few aliasing warnings with older compilers + - BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version + - BUILD: errors: include stdarg in errors.h + - REGTESTS: disable inter-thread idle connection sharing on sensitive tests + - MINOR: cli: make "help" support a command in argument + - MINOR: cli: sort the output of the "help" keywords + - CLEANUP: cli/mworker: properly align the help messages + - BUILD: memprof: make the old caller pointer a const in get_prof_bin() + - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD + - CI: Github Actions: enable USE_QUIC=1 for BoringSSL builds + - BUG/MEDIUM: quic: fix null deref on error path in qc_conn_init() + - BUILD: cli: appease a null-deref warning in cli_gen_usage_msg() + +2021/05/01 : 2.4-dev18 + - DOC: Fix indentation for `path-strip-dot` normalizer + - DOC: Fix RFC reference for the percent-to-uppercase normalizer + - DOC: Add RFC references for the path-strip-dot(dot)? normalizers + - MINOR: uri_normalizer: Add a `percent-decode-unreserved` normalizer + - BUG/MINOR: mux-fcgi: Don't send normalized uri to FCGI application + - REORG: htx: Inline htx functions to add HTX blocks in a message + - CLEANUP: assorted typo fixes in the code and comments + - DOC: general: fix white spaces for HTML converter + - BUG/MINOR: ssl: ssl_sock_prepare_ssl_ctx does not return an error code + - BUG/MINOR: cpuset: move include guard at the very beginning + - BUG/MAJOR: fix build on musl with cpu_set_t support + - BUG/MEDIUM: cpuset: fix build on MacOS + - BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message + - MEDIUM: htx: Refactor htx_xfer_blks() to not rely on hdrs_bytes field + - CLEANUP: htx: Remove unsued hdrs_bytes field from the HTX start-line + - BUG/MINOR: mux-h2: Don't encroach on the reserve when decoding headers + - MEDIUM: http-ana: handle read error on server side if waiting for response + - MINOR: htx: Limit length of headers name/value when a HTX message is dumped + - BUG/MINOR: applet: Notify the other side if data were consumed by an applet + - BUG/MINOR: hlua: Don't consume headers when starting an HTTP lua service + - BUG/MEDIUM: mux-h2: Handle EOM flag when sending a DATA frame with zero-copy + - CLEANUP: channel: No longer notify the producer in co_skip()/co_htx_skip() + - DOC: general: fix example in set-timeout + - CLEANUP: cfgparse: de-uglify early file error handling in readcfgfile() + - MINOR: config: add a new "default-path" global directive + - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync + - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req + - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync + - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected + - BUG/MEDIUM: peers: reset commitupdate value in new conns + - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly + - BUG/MEDIUM: peers: reset tables stage flags stages on new conns + - MINOR: peers: add informative flags about resync process for debugging + - BUG/MEDIUM: time: fix updating of global_now upon clock drift + - CLEANUP: freq_ctr: make arguments of freq_ctr_total() const + - CLEANUP: hlua: rename hlua_appctx* appctx to luactx + - MINOR: server: fix doc/trace on lb algo for dynamic server creation + - REGTESTS: server: fix cli_add_server due to previous trace update + - REGTESTS: add minimal CLI "add map" tests + - DOC: management: move "set var" to the proper place + - CLEANUP: map: slightly reorder the add map function + - MINOR: map: get rid of map_add_key_value() + - MINOR: map: show the current and next pattern version in "show map" + - MINOR: map/acl: add the possibility to specify the version in "show map/acl" + - MINOR: pattern: support purging arbitrary ranges of generations + - MINOR: map/acl: add the possibility to specify the version in "clear map/acl" + - MINOR: map/acl: add the "prepare map/acl" CLI command + - MINOR: map/acl: add the "commit map/acl" CLI command + - MINOR: map/acl: make "add map/acl" support an optional version number + - CLEANUP: map/cli: properly align the map/acl help + - BUILD: compiler: do not use already defined __read_mostly on dragonfly + +2021/04/23 : 2.4-dev17 + - MINOIR: mux-pt/trace: Register a new trace source with its events + - BUG/MINOR: mux-pt: Fix a possible UAF because of traces in mux_pt_io_cb + - CI: travis: Drastically clean up .travis.yml + - CLEANUP: pattern: make all pattern tables read-only + - MINOR: trace: replace the trace() inline function with an equivalent macro + - MINOR: initcall: uniformize the section names between MacOS and other unixes + - CLEANUP: initcall: rename HA_SECTION to HA_INIT_SECTION + - MINOR: compiler: add macros to declare section names + - CLEANUP: initcall: rely on HA_SECTION_* instead of defining its own + - MINOR: global: declare a read_mostly section + - MINOR: fd: move a few read-mostly variables to their own section + - MINOR: epoll: move epoll_fd to read_mostly + - MINOR: kqueue: move kqueue_fd to read_mostly + - MINOR: pool: move pool declarations to read_mostly + - MINOR: threads: mark all_threads_mask as read_mostly + - MINOR: server: move idle_conn_task to read_mostly + - MINOR: protocol: move __protocol_by_family to read_mostly + - MINOR: pattern: make the pat_lru_seed read_mostly + - MINOR: trace: make trace sources read_mostly + - MINOR: freq_ctr: add a generic function to report the total value + - MEDIUM: freq_ctr: make read_freq_ctr_period() use freq_ctr_total() + - MEDIUM: freq_ctr: reimplement freq_ctr_remain_period() from freq_ctr_total() + - MINOR: freq_ctr: add the missing next_event_delay_period() + - MINOR: freq_ctr: unify freq_ctr and freq_ctr_period into freq_ctr + - MEDIUM: freq_ctr: replace the per-second counters with the generic ones + - MINOR: freq_ctr: add cpu_relax in the rotation loop of update_freq_ctr_period() + - MINOR: freq_ctr: simplify and improve the update function + - CLEANUP: time: remove the now unused ms_left_scaled + - MINOR: time: move the time initialization out of tv_update_date() + - MINOR: time: remove useless variable copies in tv_update_date() + - MINOR: time: change the global timeval and the the global tick at once + - MEDIUM: time: make the clock offset global and no per-thread + - MINOR: atomic: reimplement the relaxed version of x86 BTS/BTR + - MINOR: trace: Add the checks as a possible trace source + - MINOIR: checks/trace: Register a new trace source with its events + - MINOR: hlua: Add function to release a lua function + - BUG/MINOR: hlua: Fix memory leaks on error path when registering a task + - BUG/MINOR: hlua: Fix memory leaks on error path when registering a converter + - BUG/MINOR: hlua: Fix memory leaks on error path when registering a fetch + - BUG/MINOR: hlua: Fix memory leaks on error path when parsing a lua action + - BUG/MINOR: hlua: Fix memory leaks on error path when registering an action + - BUG/MINOR: hlua: Fix memory leaks on error path when registering a service + - BUG/MINOR: hlua: Fix memory leaks on error path when registering a cli keyword + - BUG/MINOR: cfgparse/proxy: Fix some leaks during proxy section parsing + - BUG/MINOR: listener: Handle allocation error when allocating a new bind_conf + - BUG/MINOR: cfgparse/proxy: Hande allocation errors during proxy section parsing + - MINOR: cfgparse/proxy: Group alloc error handling during proxy section parsing + - DOC: internals: update the SSL architecture schema + - BUG/MEDIUM: sample: Fix adjusting size in field converter + - MINOR: sample: add ub64dec and ub64enc converters + - CLEANUP: sample: align samples list in sample.c + - MINOR: ist: Add `istclear(struct ist*)` + - CI: cirrus: install "pcre" package + - MINOR: opentracing: correct calculation of the number of arguments in the args[] + - MINOR: opentracing: transfer of context names without prefix + - MINOR: sample: converter: Add mjson library. + - MINOR: sample: converter: Add json_query converter + - CI: travis-ci: enable weekly graviton2 builds + - DOC: ssl: Certificate hot update only works on fronted certificates + - DOC: ssl: Certificate hot update works on server certificates + - BUG/MEDIUM: threads: Ignore current thread to end its harmless period + - MINOR: threads: Only consider running threads to end a thread harmeless period + - BUG/MINOR: checks: Set missing id to the dummy checks frontend + - MINOR: logs: Add support of checks as session origin to format lf strings + - BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections + - MINOR: connection: Make bc_http_major compatible with tcp-checks + - BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check + - BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded + - MINOR: tcp_samples: Add samples to get src/dst info of the backend connection + - MINOR: tcp_samples: Be able to call bc_src/bc_dst from the health-checks + - BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function + - BUG/MINOR: logs: Report the true number of retries if there was no connection + - BUILD: makefile: Redirect stderr to /dev/null when probing options + - MINOR: uri_normalizer: Add uri_normalizer module + - MINOR: uri_normalizer: Add `enum uri_normalizer_err` + - MINOR: uri_normalizer: Add `http-request normalize-uri` + - MINOR: uri_normalizer: Add a `merge-slashes` normalizer to http-request normalize-uri + - MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri + - MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer + - MINOR: uri_normalizer: Add a `sort-query` normalizer + - MINOR: uri_normalizer: Add a `percent-upper` normalizer + - MEDIUM: http_act: Rename uri-normalizers + - DOC: Add introduction to http-request normalize-uri + - DOC: Note that URI normalization is experimental + - BUG/MINOR: pools: maintain consistent ->allocated count on alloc failures + - BUG/MINOR: pools/buffers: make sure to always reserve the required buffers + - MINOR: pools: drop the unused static history of artificially failed allocs + - CLEANUP: pools: remove unused arguments to pool_evict_from_cache() + - MEDIUM: pools: move the cache into the pool header + - MINOR: pool: remove the size field from pool_cache_head + - MINOR: pools: rename CONFIG_HAP_LOCAL_POOLS to CONFIG_HAP_POOLS + - MINOR: pools: enable the fault injector in all allocation modes + - MINOR: pools: make the basic pool_refill_alloc()/pool_free() update needed_avg + - MEDIUM: pools: unify pool_refill_alloc() across all models + - CLEANUP: pools: re-merge pool_refill_alloc() and __pool_refill_alloc() + - MINOR: pools: call pool_alloc_nocache() out of the pool's lock + - CLEANUP: pools: move the lock to the only __pool_get_first() that needs it + - CLEANUP: pools: rename __pool_get_first() to pool_get_from_shared_cache() + - CLEANUP: pools: rename pool_*_{from,to}_cache() to *_local_cache() + - CLEANUP: pools: rename __pool_free() to pool_put_to_shared_cache() + - MINOR: tools: add statistical_prng_range() to get a random number over a range + - MINOR: pools: use cheaper randoms for fault injections + - MINOR: pools: move the fault injector to __pool_alloc() + - MINOR: pools: split the OS-based allocator in two + - MINOR: pools: always use atomic ops to maintain counters + - MINOR: pools: move pool_free_area() out of the lock in the locked version + - MINOR: pools: factor the release code into pool_put_to_os() + - MEDIUM: pools: make CONFIG_HAP_POOLS control both local and shared pools + - MINOR: pools: create unified pool_{get_from,put_to}_cache() + - MINOR: pools: evict excess objects using pool_evict_from_local_cache() + - MEDIUM: pools: make pool_put_to_cache() always call pool_put_to_local_cache() + - CLEANUP: pools: make the local cache allocator fall back to the shared cache + - CLEANUP: pools: merge pool_{get_from,put_to}_local_caches with generic ones + - CLEANUP: pools: uninline pool_put_to_cache() + - CLEANUP: pools: declare dummy pool functions to remove some ifdefs + - BUILD: pools: fix build with DEBUG_FAIL_ALLOC + - BUG/MINOR: server: make srv_alloc_lb() allocate lb_nodes for consistent hash + - CONTRIB: mod_defender: import the minimal number of includes + - CONTRIB: mod_defender: make the code build with the embedded includes + - CONTRIB: modsecurity: import the minimal number of includes + - CONTRIB: modsecurity: make the code build with the embedded includes + - CLEANUP: sample: Improve local variables in sample_conv_json_query + - CLEANUP: sample: Explicitly handle all possible enum values from mjson + - CLEANUP: sample: Use explicit return for successful `json_query`s + - CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion + - CONTRIB: move spoa_example out of the tree + - BUG/MINOR: server: free srv.lb_nodes in free_server + - BUG/MINOR: logs: free logsrv.conf.file on exit + - BUG/MEDIUM: server: ensure thread-safety of server runtime creation + - MINOR: server: add log on dynamic server creation + - MINOR: server: implement delete server cli command + - CONTRIB: move spoa_server out of the tree + - CONTRIB: move modsecurity out of the tree + - BUG/MINOR: server: fix potential null gcc error in delete server + - BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers + - BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames + - BUG/MINOR: uri_normalizer: Use delim parameter when building the sorted query in uri_normalizer_query_sort + - CLEANUP: uri_normalizer: Remove trailing whitespace + - MINOR: uri_normalizer: Add a `strip-dot` normalizer + - CONTRIB: move mod_defender out of the tree + - CLEANUP: contrib: remove the last references to the now dead contrib/ directory + - BUG/MEDIUM: config: fix cpu-map notation with both process and threads + - MINOR: config: add a diag for invalid cpu-map statement + - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases + - BUG/MINOR: mworker: don't use oldpids[] anymore for reload + - BUILD: makefile: fix the "make clean" target on strict bourne shells + - IMPORT: slz: import slz into the tree + - BUILD: compression: switch SLZ from out-of-tree to in-tree + - CI: github: do not build libslz any more + - CLEANUP: compression: remove calls to SLZ init functions + - BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data + - MINOR: cpuset: define a platform-independent cpuset type + - MINOR: cfgparse: use hap_cpuset for parse_cpu_set + - MEDIUM: config: use platform independent type hap_cpuset for cpu-map + - MINOR: thread: implement the detection of forced cpu affinity + - MINOR: cfgparse: support the comma separator on parse_cpu_set + - MEDIUM: cfgparse: detect numa and set affinity if needed + - MINOR: global: add option to disable numa detection + - BUG/MINOR: haproxy: fix compilation on macOS + - BUG/MINOR: cpuset: fix compilation on platform without cpu affinity + - MINOR: time: avoid unneeded updates to now_offset + - MINOR: time: avoid overwriting the same values of global_now + - CLEANUP: time: use __tv_to_ms() in tv_update_date() instead of open-coding + - MINOR: time: avoid u64 needlessly expensive computations for the 32-bit now_ms + - BUG/MINOR: peers: remove useless table check if initial resync is finished + - BUG/MEDIUM: peers: re-work connection to new process during reload. + - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush + - BUG/MEDIUM: config: fix missing initialization in numa_detect_topology() + +2021/04/09 : 2.4-dev16 + - CLEANUP: dev/flags: remove useless test in the stdin number parser + - MINOR: No longer rely on deprecated sample fetches for predefined ACLs + - MINOR: acl: Add HTTP_2.0 predefined macro + - BUG/MINOR: hlua: Detect end of request when reading data for an HTTP applet + - BUG/MINOR: tools: fix parsing "us" unit for timers + - MINOR: server/bind: add support of new prefixes for addresses. + - MINOR: log: register config file and line number on log servers. + - MEDIUM: log: support tcp or stream addresses on log lines. + - BUG/MEDIUM: log: fix config parse error logging on stdout/stderr or any raw fd + - CLEANUP: fd: remove FD_POLL_DATA and FD_POLL_STICKY + - MEDIUM: fd: prepare FD_POLL_* to move to bits 8-15 + - MEDIUM: fd: merge fdtab[].ev and state for FD_EV_* and FD_POLL_* into state + - MINOR: fd: move .linger_risk into fdtab[].state + - MINOR: fd: move .cloned into fdtab[].state + - MINOR: fd: move .initialized into fdtab[].state + - MINOR: fd: move .et_possible into fdtab[].state + - MINOR: fd: move .exported into fdtab[].state + - MINOR: fd: implement an exclusive syscall bit to remove the ugly "log" lock + - MINOR: cli/show-fd: slightly reorganize the FD status flags + - MINOR: atomic/arm64: detect and use builtins for the double-word CAS + - CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or + - CLEANUP: atomic: make all standard add/or/and/sub operations return void + - CLEANUP: atomic: add a fetch-and-xxx variant for common operations + - CLEANUP: atomic: add HA_ATOMIC_INC/DEC for unit increments + - CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec + - CLEANUP: atomic: use the __atomic variant of BTS/BTR on modern compilers + - MINOR: atomic: implement native BTS/BTR for x86 + - MINOR: ist: Add `istappend(struct ist, char)` + - MINOR: ist: Add `istshift(struct ist*)` + - MINOR: ist: Add `istsplit(struct ist*, char)` + - BUG/MAJOR: fd: switch temp values to uint in fd_stop_both() + - MINOR: opentracing: register config file and line number on log servers + - MEDIUM: resolvers: add support of tcp address on nameserver line. + - MINOR: ist: Rename istappend() to __istappend() + - CLEANUP: htx: Make http_get_stline take a `const struct` + - CLEANUP: ist: Remove unused `count` argument from `ist2str*` + - CLEANUP: Remove useless malloc() casts + +2021/04/02 : 2.4-dev15 + - BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv + - BUG/MINOR: stats: Apply proper styles in HTML status page. + - BUG/MEDIUM: time: make sure to always initialize the global tick + - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 + - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS + - CLEANUP: socket: replace SOL_IP/IPV6/TCP with IPPROTO_IP/IPV6/TCP + - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields + - BUG/MINOR: mux-h2: Don't emit log twice if an error occurred on the preface + - MINOR: stream: Don't trigger errors on destructive HTTP upgrades + - MINOR: frontend: Create HTTP txn for HTX streams + - MINOR: stream: Be sure to set HTTP analysers when creating an HTX stream + - BUG/MINOR: stream: Properly handle TCP>H1>H2 upgrades in http_wait_for_request + - BUG/MINOR: config: Add warning for http-after-response rules in TCP mode + - MINOR: muxes: Add a flag to notify a mux does not support any upgrade + - MINOR: mux-h1: Don't perform implicit HTTP/2 upgrade if not supported by mux + - MINOR: mux-pt: Don't perform implicit HTTP upgrade if not supported by mux + - MEDIUM: mux-h1: Expose h1 in the list of supported mux protocols + - MEDIUM: mux-pt: Expose passthrough in the list of supported mux protocols + - MINOR: muxes: Show muxes flags when the mux list is displayed + - DOC: config: Improve documentation about proto/check-proto keywords + - MINOR: stream: Use stream type instead of proxy mode when appropriate + - MINOR: filters/http-ana: Decide to filter HTTP headers in HTTP analysers + - MINOR: http-ana: Simplify creation/destruction of HTTP transactions + - MINOR: stream: Handle stream HTTP upgrade in a dedicated function + - MEDIUM: Add tcp-request switch-mode action to perform HTTP upgrade + - MINOR: config/proxy: Don't warn for HTTP rules in TCP if 'switch-mode http' set + - MINOR: config/proxy: Warn if a TCP proxy without backend is upgradable to HTTP + - DOC: config: Add documentation about TCP to HTTP upgrades + - REGTESTS: Add script to tests TCP to HTTP upgrades + - BUG/MINOR: payload/htx: Ingore L6 sample fetches for HTX streams/checks + - MINOR: htx: Make internal.strm.is_htx an internal sample fetch + - MINOR: action: Use a generic function to check validity of an action rule list + - MINOR: payload/config: Warn if a L6 sample fetch is used from an HTTP proxy + - MEDIUM: http-rules: Add wait-for-body action on request and response side + - REGTESTS: Add script to tests the wait-for-body HTTP action + - BUG/MINOR: http-fetch: Fix test on message state to capture the version + - CLEANUP: vars: always pre-initialize smp in vars_parse_cli_get_var() + - MINOR: global: define diagnostic mode of execution + - MINOR: cfgparse: diag for multiple nbthread statements + - MINOR: server: diag for 0 weight server + - MINOR: diag: create cfgdiag module + - MINOR: diag: diag if servers use the same cookie value + - MINOR: config: diag if global section after non-global + - TESTS: slightly reorganize the code in the tests/ directory + - TESTS: move tests/*.cfg to tests/config + - REGTESTS: ssl: "set ssl cert" and multi-certificates bundle + - REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken + - CONTRIB: halog: fix issue with array of type char + - CONTRIB: tcploop: add a shutr command + - CONTRIB: debug: add the show-fd-to-flags script + - CONTRIB: debug: split poll from flags + - CONTRIB: move some dev-specific tools to dev/ + - BUILD: makefile: always build the flags utility + - DEV: flags: replace the unneeded makefile with a README + - BUILD: makefile: integrate the hpack tools + - CONTRIB: merge ip6range with iprange + - CONTRIB: move some admin-related sub-projects to admin/ + - CONTRIB: move halog to admin/ + - ADMIN: halog: automatically enable USE_MEMCHR on the right glibc version + - BUILD: makefile: build halog with the correct flags + - BUILD: makefile: add a "USE_PROMEX" variable to ease building prometheus-exporter + - CONTRIB: move prometheus-exporter to addons/promex + - DOC: add a few words about USE_* and the addons directory + - CONTRIB: move 51Degrees to addons/51degrees + - CONTRIB: move src/da.c and contrib/deviceatlas to addons/deviceatlas + - CONTRIB: move src/wurfl.c and contrib/wurfl to addons/wurfl + - CONTRIB: move contrib/opentracing to addons/ot + - BUG/MINOR: opentracing: initialization after establishing daemon mode + - DOC: clarify that compression works for HTTP/2 + +2021/03/27 : 2.4-dev14 + - MEDIUM: quic: Fix build. + - MEDIUM: quic: Fix build. + - CI: codespell: whitelist "Dragan Dosen" + - CLEANUP: assorted typo fixes in the code and comments + - CI: github actions: update LibreSSL to 3.2.5 + - REGTESTS: revert workaround for a crash with recent libressl on http-reuse sni + - CLEANUP: mark defproxy as const on parse tune.fail-alloc + - REGTESTS: remove unneeded experimental-mode in cli add server test + - REGTESTS: wait for proper return of enable server in cli add server test + - MINOR: compression: use pool_alloc(), not pool_alloc_dirty() + - MINOR: spoe: use pool_alloc(), not pool_alloc_dirty() + - MINOR: fcgi-app: use pool_alloc(), not pool_alloc_dirty() + - MINOR: cache: use pool_alloc(), not pool_alloc_dirty() + - MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() + - MINOR: opentracing: use pool_alloc(), not pool_alloc_dirty() + - MINOR: dynbuf: make b_alloc() always check if the buffer is allocated + - CLEANUP: compression: do not test for buffer before calling b_alloc() + - CLEANUP: l7-retries: do not test the buffer before calling b_alloc() + - MINOR: channel: simplify the channel's buffer allocation + - MEDIUM: dynbuf: remove last usages of b_alloc_margin() + - CLEANUP: dynbuf: remove b_alloc_margin() + - CLEANUP: dynbuf: remove the unused b_alloc_fast() function + - CLEANUP: pools: remove the unused pool_get_first() function + - MINOR: pools: make the pool allocator support a few flags + - MINOR: pools: add pool_zalloc() to return a zeroed area + - CLEANUP: connection: use pool_zalloc() in conn_alloc_hash_node() + - CLEANUP: filters: use pool_zalloc() in flt_stream_add_filter() + - CLEANUP: spoe: use pool_zalloc() instead of pool_alloc+memset + - CLEANUP: frontend: use pool_zalloc() in frontend_accept() + - CLEANUP: mailers: use pool_zalloc() in enqueue_one_email_alert() + - CLEANUP: resolvers: use pool_zalloc() in resolv_link_resolution() + - CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() + - CLEANUP: tcpcheck: use pool_zalloc() instead of pool_alloc+memset + - CLEANUP: quic: use pool_zalloc() instead of pool_alloc+memset + - MINOR: time: also provide a global, monotonic global_now_ms timer + - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable + - MINOR: tools: introduce new option PA_O_DEFAULT_DGRAM on str2sa_range. + - BUILD: tools: fix build error with new PA_O_DEFAULT_DGRAM + - BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" + - CLEANUP: ssl: remove unused definitions + - BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro + - MINOR: lua: Slightly improve function dumping the lua traceback + - BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback + - BUG/MEDIUM: lua: Always init the lua stack before referencing the context + - MINOR: fd: make fd_clr_running() return the remaining running mask + - MINOR: fd: remove the unneeded running bit from fd_insert() + - BUG/MEDIUM: fd: do not wait on FD removal in fd_delete() + - CLEANUP: fd: remove unused fd_set_running_excl() + - CLEANUP: fd: slightly simplify up _fd_delete_orphan() + - BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available. + - BUG/MEDIUM: release lock on idle conn killing on reached pool high count + - BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless + - MINOR: tools: make url2ipv4 return the exact number of bytes parsed + - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters + - BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent + - BUG/MINOR: ssl: Fix update of default certificate + - BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one + - BUILD: ssl: introduce fine guard for ssl random extraction functions + - REORG: global: move initcall register code in a dedicated file + - REORG: global: move free acl/action in their related source files + - REORG: split proxy allocation functions + - MINOR: proxy: implement a free_proxy function + - MINOR: proxy: define cap PR_CAP_LUA + - MINOR: lua: properly allocate the lua Socket proxy + - MINOR: lua: properly allocate the lua Socket servers + - MINOR: vars: make get_vars() allow the session to be null + - MINOR: vars: make the var() sample fetch keyword depend on nothing + - CLEANUP: sample: remove duplicate "stopping" sample fetch keyword + - MINOR: sample: make smp_resolve_args() return an allocate error message + - MINOR: sample: add a new SMP_SRC_CONST sample capability + - MINOR: sample: mark the truly constant sample fetch keywords as such + - MINOR: sample: add a new CFG_PARSER context for samples + - MINOR: action: add a new ACT_F_CFG_PARSER origin designation + - MEDIUM: vars: add support for a "set-var" global directive + - REGTESTS: add a basic reg-test for some "set-var" commands + - MINOR: sample: add a new CLI_PARSER context for samples + - MINOR: action: add a new ACT_F_CLI_PARSER origin designation + - MINOR: vars/cli: add a "get var" CLI command to retrieve global variables + - MEDIUM: cli: add a new experimental "set var" command + - MINOR: compat: add short aliases for a few very commonly used types + - BUILD: ssl: use EVP_CIPH_GCM_MODE macro instead of HA_OPENSSL_VERSION + - MEDIUM: backend: use a trylock to grab a connection on high FD counts as well + +2021/03/19 : 2.4-dev13 + - BUG/MEDIUM: cli: fix "help" crashing since recent spelling fixes + - BUG/MINOR: cfgparse: use the GLOBAL not LISTEN keywords list for spell checking + - MINOR: tools: improve word fingerprinting by counting presence + - MINOR: tools: do not sum squares of differences for word fingerprints + - MINOR: cli: improve fuzzy matching to work on all remaining words at once + - MINOR: cli: sort the suggestions by order of relevance + - MINOR: cli: limit spelling suggestions to 5 + - MINOR: cfgparse/proxy: also support spelling fixes on options + - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames + - MINOR: time: export the global_now variable + - BUG/MINOR: freq_ctr/threads: make use of the last updated global time + - MINOR: freq_ctr/threads: relax when failing to update a sliding window value + - MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket + - MINOR: mworker/cli: alert the user if we enabled a master CLI but not the master-worker mode + - MINOR: cli: implement experimental-mode + - REORG: server: add a free server function + - MINOR: cfgparse: always alloc idle conns task + - REORG: server: move keywords in srv_kws + - MINOR: server: remove fastinter from mistyped kw list + - REORG: server: split parse_server + - REORG: server: move alert traces in parse_server + - REORG: server: rename internal functions from parse_server + - REORG: server: attach servers in parse_server + - REORG: server: use flags for parse_server + - MINOR: server: prepare parsing for dynamic servers + - MINOR: stats: export function to allocate extra proxy counters + - MEDIUM: server: implement 'add server' cli command + - REGTESTS: implement test for 'add server' cli + - MINOR: server: enable standard options for dynamic servers + - MINOR: server: support keyword proto in 'add server' cli + - BUG/MINOR: protocol: add missing support of dgram unix socket. + - CLEANUP: Fix a typo in fix_is_valid description + - MINOR: raw_sock: Add a close method. + - MEDIUM: connections: Introduce a new XPRT method, start(). + - MEDIUM: connections: Implement a start() method for xprt_handshake. + - MEDIUM: connections: Implement a start() method in ssl_sock. + - MINOR: muxes: garbage collect the reset() method. + - CLEANUP: tcp-rules: Fix a typo in error messages about expect-netscaler-cip + - MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua + - BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable + +2021/03/13 : 2.4-dev12 + - CLEANUP: connection: Use `VAR_ARRAY` in `struct tlv` definition + - CLEANUP: connection: Remove useless test for NULL before calling `pool_free()` + - CLEANUP: connection: Use istptr / istlen for proxy_unique_id + - MINOR: connection: Use a `struct ist` to store proxy_authority + - CLEANUP: connection: Consistently use `struct ist` to process all TLV types + - BUILD: task: fix build at -O0 with threads disabled + - BUILD: bug: refine HA_LINK_ERROR() to only be used on gcc and derivatives + - CLEANUP: config: make the cfg_keyword parsers take a const for the defproxy + - BUILD: connection: do not use VAR_ARRAY in struct tlv + - BUG/MEDIUM: session: NULL dereference possible when accessing the listener + - MINOR: build: force CC to set a return code when probing options + - CLEANUP: stream: rename a few remaining occurrences of "stream *sess" + - BUG/MEDIUM: resolvers: handle huge responses over tcp servers. + - CLEANUP: config: also address the cfg_keyword API change in the compression code + - BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake + - BUG/MINOR: sample: Rename SenderComID/TargetComID to SenderCompID/TargetCompID + - MINOR: task: give the scheduler a bit more flexibility in the runqueue size + - OPTIM: task: automatically adjust the default runqueue-depth to the threads + - BUG/MINOR: connection: Missing QUIC initialization + - BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc. + - BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw() + - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached + - BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check + - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters + - BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check + - BUG/MINOR: server-state: properly handle the case where the base is not set + - BUG/MINOR: server-state: use the argument, not the global state + - CLEANUP: tcp-rules: add missing actions in the tcp-request error message + - CLEANUP: vars: make the error message clearer on missing arguments for set-var + - CLEANUP: http-rules: remove the unexpected comma before the list of action keywords + - CLEANUP: actions: the keyword must always be const from the rule + - MINOR: tools: add simple word fingerprinting to find similar-looking words + - MINOR: cfgparse: add cfg_find_best_match() to suggest an existing word + - MINOR: cfgparse: suggest correct spelling for unknown words in proxy sections + - MINOR: cfgparse: suggest correct spelling for unknown words in global section + - MINOR: cfgparse/server: try to fix spelling mistakes on server lines + - MINOR: cfgparse/bind: suggest correct spelling for unknown bind keywords + - MINOR: actions: add a function to suggest an action ressembling a given word + - MINOR: http-rules: suggest approaching action names on mismatch + - MINOR: tcp-rules: suggest approaching action names on mismatch + - BUG/MINOR: cfgparse/server: increment the extra keyword counter one at a time + - Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record" + - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error + - BUG/MINOR: resolvers: Reset server address on DNS error only on status change + - BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution + - BUG/MEDIUM: resolvers: Don't set an address-less server as UP + - BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item + - MINOR: resolvers: new function find_srvrq_answer_record() + - BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item + - BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete + - MINOR: resolvers: Use a function to remove answers attached to a resolution + - MINOR: resolvers: Purge answer items when a SRV resolution triggers an error + - MINOR: resolvers: Add function to change the srv status based on SRV resolution + - MINOR: resolvers: Directly call srvrq_update_srv_state() when possible + - BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks + - BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set + - MINOR: resolvers: Use milliseconds for cached items in resolver responses + - MINOR: resolvers: Don't try to match immediatly renewed ADD items + - CLEANUP: resolvers: Use ha_free() in srvrq_resolution_error_cb() + - CLEANUP: resolvers: Perform unsafe loop on requester list when possible + - BUG/MINOR: cli: make sure "help", "prompt", "quit" are enabled at master level + - CLEANUP: cli: fix misleading comment and better indent the access level flags + - MINOR: cli: set the ACCESS_MASTER* bits on the master bind_conf + - MINOR: cli: test the appctx level for master access instead of comparing pointers + - MINOR: cli: print the error message in the parser function itself + - MINOR: cli: filter the list of commands to the matching part + - MEDIUM: cli: apply spelling fixes for known commands before listing them + - MINOR: tools: add the ability to update a word fingerprint + - MINOR: cli: apply the fuzzy matching on the whole command instead of words + - CLEANUP: cli: rename MAX_STATS_ARGS to MAX_CLI_ARGS + - CLEANUP: cli: rename the last few "stats_" to "cli_" + - CLEANUP: task: make sure tasklet handlers always indicate their statuses + - CLEANUP: assorted typo fixes in the code and comments + +2021/03/05 : 2.4-dev11 + - CI: codespell: skip Makefile for spell check + - CLEANUP: assorted typo fixes in the code and comments + - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule + - BUG/MINOR: connection: Use the client's dst family for adressless servers + - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 + - CLEANUP: Use ist2(const void*, size_t) whenever possible + - CLEANUP: Use IST_NULL whenever possible + - BUILD: proxy: Missing header inclusion for quic_transport_params_init() + - BUILD: quic: Implicit conversion between SSL related enums. + - DOC: spoe: Add a note about fragmentation support in HAProxy + - MINOR: contrib: add support for heartbeat control messages. + - MINOR: contrib: Enhance peers dissector heuristic. + - BUG/MINOR: mux-h2: Fix typo in scheme adjustment + - CLEANUP: Reapply the ist2() replacement patch + - CLEANUP: Use istadv(const struct ist, const size_t) whenever possible + - CLEANUP: Use isttest(const struct ist) whenever possible + - Revert "CI: Pin VTest to a known good commit" + - CLEANUP: backend: fix a wrong comment + - BUG/MINOR: backend: free allocated bind_addr if reuse conn + - MINOR: backend: handle reuse for conns with no server as target + - REGTESTS: test http-reuse if no server target + - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() + - BUG/MINOR: server-state: Don't load server-state file for disabled backends + - CLEANUP: dns: Use DISGUISE() on a never-failing ring_attach() call + - CLEANUP: dns: Remove useless test on ns->dgram in dns_connect_nameserver() + - DOC: fix originalto except clause on destination address + - CLEANUP: Use the ist() macro whenever possible + - CLEANUP: Replace for loop with only a condition by while + - REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h + - BUG/MINOR: mt-list: always perform a cpu_relax call on failure + - MINOR: atomic: add armv8.1-a atomics variant for cas-dw + - MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs + - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode + - MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS + - MINOR: pools: double the local pool cache size to 1 MB + - MINOR: stream: use ABORT_NOW() and not abort() in stream_dump_and_crash() + - CLEANUP: stream: explain why we queue the stream at the head of the server list + - MEDIUM: backend: use a trylock when trying to grab an idle connection + - REORG: tools: promote the debug PRNG to more general use as a statistical one + - OPTIM: lb-random: use a cheaper PRNG to pick a server + - MINOR: task: stop abusing the nice field to detect a tasklet + - MINOR: task: move the nice field to the struct task only + - MEDIUM: task: extend the state field to 32 bits + - MINOR: task: add an application specific flag to the state: TASK_F_USR1 + - MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1 + - MINOR: xprt: add new xprt_set_idle and xprt_set_used methods + - MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks + - MINOR: server: don't read curr_used_conns multiple times + - CLEANUP: global: reorder some fields to respect cache lines + - CLEANUP: sockpair: silence a coverity check about fcntl() + - CLEANUP: lua: set a dummy file name and line number on the dummy servers + - MINOR: server: add a global list of all known servers + - MINOR: cfgparse: finish to set up servers outside of the proxy setup loop + - MINOR: server: allocate a per-thread struct for the per-thread connections stuff + - MINOR: server: move actconns to the per-thread structure + - CLEANUP: server: reorder some fields in the server struct to respect cache lines + - MINOR: backend: add a BUG_ON if conn mux NULL in connect_server + - BUG/MINOR: backend: fix condition for reuse on mode HTTP + - BUILD: Fix build when using clang without optimizing. + - CLEANUP: assorted typo fixes in the code and comments + +2021/02/26 : 2.4-dev10 + - BUILD: SSL: introduce fine guard for RAND_keep_random_devices_open + - MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes + - BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert" + - BUG/MINOR: sample: secure convs that accept base64 string and var name as args + - BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe + - CLEANUP: vars: make smp_fetch_var() to reuse vars_get_by_desc() + - DOC: muxes: add a diagram of the exchanges between muxes and outer world + - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop + - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe + - BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal + - MINOR: stream: add an "epoch" to figure which streams appeared when + - MINOR: cli/streams: make "show sess" dump all streams till the new epoch + - MINOR: streams: use one list per stream instead of a global one + - MEDIUM: streams: do not use the streams lock anymore + - BUILD: dns: avoid a build warning when threads are disabled (dss unused) + - MEDIUM: task: remove the tasks_run_queue counter and have one per thread + - MINOR: tasks: do not maintain the rqueue_size counter anymore + - CLEANUP: tasks: use a less confusing name for task_list_size + - CLEANUP: task: move the tree root detection from __task_wakeup() to task_wakeup() + - MINOR: task: limit the remote thread wakeup to the global runqueue only + - MINOR: task: move the allocated tasks counter to the per-thread struct + - CLEANUP: task: split the large tasklet_wakeup_on() function in two + - BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() + - BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned + - BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record + - BUG/MINOR: resolvers: new callback to properly handle SRV record errors + - BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records + - BUG/MEDIUM: resolvers: Reset address for unresolved servers + - DOC: Update the module list in MAINTAINERS file + - MINOR: htx: Add function to reserve the max possible size for an HTX DATA block + - DOC: Update the HTX API documentation + - DOC: Update the filters guide + - BUG/MEDIUM: contrib/prometheus-exporter: fix segfault in listener name dump + - MINOR: task: split the counts of local and global tasks picked + - MINOR: task: do not use __task_unlink_rq() from process_runnable_tasks() + - MINOR: task: don't decrement then increment the local run queue + - CLEANUP: task: re-merge __task_unlink_rq() with task_unlink_rq() + - MINOR: task: make grq_total atomic to move it outside of the grq_lock + - MINOR: tasks: also compute the tasklet latency when DEBUG_TASK is set + - MINOR: task: make tasklet wakeup latency measurements more accurate + - MINOR: server: Be more strict on the server-state line parsing + - MINOR: server: Only fill one array when parsing a server-state line + - MEDIUM: server: Refactor apply_server_state() to make it more readable + - CLEANUP: server: Rename state_line node to node instead of name_name + - CLEANUP: server: Rename state_line structure into server_state_line + - CLEANUP: server: Use a local eb-tree to store lines of the global server-state file + - MINOR: server: Be more strict when reading the version of a server-state file + - MEDIUM: server: Store parsed params of a server-state line in the tree + - MINOR: server: Remove cached line from global server-state tree when found + - MINOR: server: Move loading state of servers in a dedicated function + - MEDIUM: server: Use a tree to store local server-state lines + - MINOR: server: Parse and store server-state lines in a dedicated function + - MEDIUM: server: Don't load server-state file if a line is corrupted + - REORG: server: Export and rename some functions updating server info + - REORG: server-state: Move functions to deal with server-state in its own file + - MINOR: server-state: Don't load server-state file for serverless proxies + - CLEANUP: muxes: Remove useless if condition in show_fd function + - BUG/MINOR: stats: fix compare of no-maint url suffix + - MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY + - MINOR: ssl: mark the SSL handshake tasklet as heavy + - CLEANUP: server: rename srv_cleanup_{idle,toremove}_connections() + - BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup() + - MINOR: task: add one extra tasklet class: TL_HEAVY + - MINOR: task: place the heavy elements in TL_HEAVY + - MINOR: task: only limit TL_HEAVY tasks but not others + - BUG/MINOR: http-ana: Only consider dst address to process originalto option + - MINOR: tools: Add net_addr structure describing a network addess + - MINOR: tools: Add function to compare an address to a network address + - MEDIUM: http-ana: Add IPv6 support for forwardfor and orignialto options + - CLEANUP: hlua: Use net_addr structure internally to parse and compare addresses + - REGTESTS: Add script to test except param for fowardedfor/originalto options + - DOC: scheduler: add a diagram showing the different queues and their usages + - CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) + - CLEANUP: config: replace a few free() with ha_free() + - CLEANUP: vars: always zero the pointers after a free() + - CLEANUP: ssl: remove a useless "if" before freeing an error message + - CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free + - CLEANUP: ssl: use realloc() instead of free()+malloc() + +2021/02/20 : 2.4-dev9 + - BUG/MINOR: server: Remove RMAINT from admin state when loading server state + - CLEANUP: check: fix get_check_status_info declaration + - CLEANUP: contrib/prometheus-exporter: align for with srv status case + - MEDIUM: stats: allow to select one field in `stats_fill_li_stats` + - MINOR: stats: add helper to get status string + - MEDIUM: contrib/prometheus-exporter: add listen stats + - BUG/MINOR: dns: add test on result getting value from buffer into ring. + - BUG/MINOR: dns: dns_connect_server must return -1 unsupported nameserver's type + - BUG/MINOR: dns: missing test writing in output channel in session handler + - BUG/MINOR: dns: fix ring attach control on dns_session_new + - BUG/MEDIUM: dns: fix multiple double close on fd in dns.c + - BUG/MAJOR: connection: prevent double free if conn selected for removal + - BUG/MINOR: session: atomically increment the tracked sessions counter + - REGTESTS: fix http_reuse_conn_hash proxy test + - BUG/MINOR: backend: do not call smp_make_safe for sni conn hash + - MINOR: connection: remove pointers for prehash in conn_hash_params + - BUG/MINOR: checks: properly handle wrapping time in __health_adjust() + - BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust() + - DEBUG: thread: add 5 extra lock labels for statistics and debugging + - OPTIM: server: switch the actconn list to an mt-list + - Revert "MINOR: threads: change lock_t to an unsigned int" + - MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock + - OPTIM: lb-first: do not take the server lock on take_conn/drop_conn + - OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn + - OPTIM: lb-leastconn: do not unlink the server if it did not change + - MINOR: tasks: add DEBUG_TASK to report caller info in a task + - MINOR: tasks/debug: add some extra controls of use-after-free in DEBUG_TASK + - BUG/MINOR: sample: Always consider zero size string samples as unsafe + - MINOR: cli: add missing agent commands for set server + - BUILD/MEDIUM: da Adding pcre2 support. + - BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions + - REGTESTS: reorder reuse conn proxy protocol test + - DOC: explain the relation between pool-low-conn and tune.idle-pool.shared + - MINOR: tasks: refine the default run queue depth + - MINOR: listener: refine the default MAX_ACCEPT from 64 to 4 + - MINOR: mux_h2: do not try to remove front conn from idle trees + - REGTESTS: workaround for a crash with recent libressl on http-reuse sni + - BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ(). + - MINOR: connection: allocate dynamically hash node for backend conns + - DOC: DeviceAtlas documentation typo fix. + - BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer + - BUG/MINOR: http-rules: Always replace the response status on a return action + - BUG/MINOR: server: Init params before parsing a new server-state line + - BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line + - MEDIUM: server: Don't introduce a new server-state file version + - DOC: contrib/prometheus-exporter: remove htx reference + - REGTESTS: contrib/prometheus-exporter: test NaN values + - REGTESTS: contrib/prometheus-exporter: test well known labels + - CI: github actions: switch to stable LibreSSL release + - BUG/MINOR: server: Fix test on number of fields allowed in a server-state line + - MINOR: dynbuf: make the buffer wait queue per thread + - MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait + - MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold + - MINOR: sched: have one runqueue ticks counter per thread + +2021/02/13 : 2.4-dev8 + - BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro + - BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro + - BUG/MINOR: mux-h1: Don't emit extra CRLF for empty chunked messages + - MINOR: contrib/prometheus-exporter: use stats desc when possible followup + - MEDIUM: contrib/prometheus-exporter: export base stick table stats + - CLEANUP: assorted typo fixes in the code and comments + - CLEANUP: check: fix some typo in comments + - CLEANUP: tools: typo in `strl2irc` mention + - BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro + - MEDIUM: ssl: add a rwlock for SSL server session cache + - BUG/MINOR: intops: fix mul32hi()'s off-by-one + - BUG/MINOR: freq_ctr: fix a wrong delay calculation in next_event_delay() + - MINOR: stick-tables/counters: add http_fail_cnt and http_fail_rate data types + - MINOR: ssl: add SSL_SERVER_LOCK label in threads.h + - BUG/MINOR: mux-h1: Don't increment HTTP error counter for 408/500/501 errors + - BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors + - BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state + - BUG/MINOR: mux-h1: Fix data skipping for bodyless responses + - BUG/MINOR: mux-h1: Don't blindly skip EOT block for non-chunked messages + - BUG/MEDIUM: mux-h2: Add EOT block when EOM flag is set on an empty HTX message + - MINOR: mux-h1: Be sure EOM flag is set when processing end of outgoing message + - REGTESTS: Add a script to test payload skipping for bodyless HTTP responses + - BUG/MINOR: server: re-align state file fields number + - CLEANUP: muxes: Remove useless calls to b_realign_if_empty() + - BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints() + - CLEANUP: remove unused variable assigned found by Coverity + - CLEANUP: queue: Remove useless tests on p or pp in pendconn_process_next_strm() + - BUG/MINOR: backend: hold correctly lock when killing idle conn + - MEDIUM: connection: protect idle conn lists with locks + - MEDIUM: connection: replace idle conn lists by eb trees + - MINOR: backend: search conn in idle/safe trees after available + - MINOR: backend: search conn in idle tree after safe on always reuse + - MINOR: connection: prepare hash calcul for server conns + - MINOR: connection: use the srv pointer for the srv conn hash + - MINOR: backend: compare conn hash for session conn reuse + - MINOR: connection: use sni as parameter for srv conn hash + - MINOR: reg-tests: test http-reuse with sni + - MINOR: backend: rewrite alloc of stream target address + - MINOR: connection: use dst addr as parameter for srv conn hash + - MINOR: reg-test: test http-reuse with specific dst addr + - MINOR: backend: rewrite alloc of connection src address + - MINOR: connection: use src addr as parameter for srv conn hash + - MINOR: connection: use proxy protocol as parameter for srv conn hash + - MINOR: reg-tests: test http-reuse with proxy protocol + - MINOR: doc: update http reuse for new eligilible connections + - BUG/MINOR: backend: fix compilation without ssl + - REGTESTS: adjust http_reuse_conn_hash requirements + - REGTESTS: deactivate a failed test on CI in http_reuse_conn_hash + - REGTESTS: fix sni used in http_reuse_conn_hash for libressl 3.3.0 + - CI: cirrus: update FreeBSD image to 12.2 + - MEDIUM: cli: add check-addr command + - MEDIUM: cli: add agent-port command + - MEDIUM: server: add server-states version 2 + - MEDIUM: server: support {check,agent}_addr, agent_port in server state + - MINOR: server: enhance error precision when applying server state + - BUG/MINOR: server: Fix server-state-file-name directive + - CLEANUP: deinit: release global and per-proxy server-state variables on deinit + - BUG/MEDIUM: config: don't pick unset values from last defaults section + - BUG/MINOR: stats: revert the change on ST_CONVDONE + - BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines + - BUG/MINOR: http-htx: defpx must be a const in proxy_dup_default_conf_errors() + - BUG/MINOR: tcpheck: the source list must be a const in dup_tcpcheck_var() + - BUILD: proxy: add missing compression-t.h to proxy-t.h + - REORG: move init_default_instance() to proxy.c and pass it the defproxy pointer + - REORG: proxy: centralize the proxy allocation code into alloc_new_proxy() + - MEDIUM: proxy: only take defaults when a default proxy is passed. + - MINOR: proxy: move the defproxy freeing code to proxy.c + - MINOR: proxy: always properly reset the just freed default instance pointers + - BUG/MINOR: extcheck: proxy_parse_extcheck() must take a const for the defproxy + - BUG/MINOR: tcpcheck: proxy_parse_*check*() must take a const for the defproxy + - BUG/MINOR: server: parse_server() must take a const for the defproxy + - MINOR: cfgparse: move defproxy to cfgparse-listen as a static + - MINOR: proxy: add a new capability PR_CAP_DEF + - MINOR: cfgparse: check PR_CAP_DEF instead of comparing poiner against defproxy + - MINOR: cfgparse: use a pointer to the current default proxy + - MINOR: proxy: also store the name for a defaults section + - MINOR: proxy: support storing defaults sections into their own tree + - MEDIUM: proxy: store the default proxies in a tree by name + - MEDIUM: cfgparse: allow a proxy to designate the defaults section to use + - MINOR: http: add baseq sample fetch + - CLEANUP: tcpcheck: Remove a useless test on port variable + - BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL + - CLEANUP: server: Remove useless "filepath" variable in apply_server_state() + - MINOR: peers/cli: do not dump the peers dictionaries by default on "show peers" + - MINOR: cfgparse: implement a simple if/elif/else/endif macro block handler + - DOC: tune: explain the origin of block size for ssl.cachesize + - MINOR: tcp: add support for defer-accept on FreeBSD. + - MINOR: ring: adds new ring_init function. + - CLEANUP: channel: fix comment in ci_putblk. + - BUG/MINOR: dns: add missing sent counter and parent id to dns counters. + - BUG/MINOR: resolvers: fix attribute packed struct for dns + - MINOR: resolvers: renames some resolvers internal types and removes dns prefix + - MINOR: resolvers: renames type dns_resolvers to resolvers. + - MINOR: resolvers: renames some resolvers specific types to not use dns prefix + - MINOR: resolvers: renames some dns prefixed types using resolv prefix. + - MINOR: resolvers: renames resolvers DNS_RESP_* errcodes RSLV_RESP_* + - MINOR: resolvers: renames resolvers DNS_UPD_* returncodes to RSLV_UPD_* + - MINOR: resolvers: rework prototype suffixes to split resolving and dns. + - MEDIUM: resolvers: move resolvers section parsing from cfgparse.c to dns.c + - MINOR: resolvers: replace nameserver's resolver ref by generic parent pointer + - MINOR: resolvers: rework dns stats prototype because specific to resolvers + - MEDIUM: resolvers: split resolving and dns message exchange layers. + - MEDIUM: resolvers/dns: split dns.c into dns.c and resolvers.c + - MEDIUM: dns: adds code to su |