summaryrefslogtreecommitdiffstats
path: root/CHANGELOG
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-03 05:11:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-03 05:11:10 +0000
commitcff6d757e3ba609c08ef2aaa00f07e53551e5bf6 (patch)
tree08c4fc3255483ad397d712edb4214ded49149fd9 /CHANGELOG
parentAdding upstream version 2.9.7. (diff)
downloadhaproxy-cff6d757e3ba609c08ef2aaa00f07e53551e5bf6.tar.xz
haproxy-cff6d757e3ba609c08ef2aaa00f07e53551e5bf6.zip
Adding upstream version 3.0.0.upstream/3.0.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'CHANGELOG')
-rw-r--r--CHANGELOG1167
1 files changed, 1028 insertions, 139 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 801a344..abd27db 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,38 +1,658 @@
ChangeLog :
===========
-2024/04/05 : 2.9.7
- - MINOR: mux-h2: add a counter of "glitches" on a connection
- - BUG/MINOR: mux-h2: count rejected DATA frames against the connection's flow control
- - MINOR: mux-h2: count excess of CONTINUATION frames as a glitch
- - MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch
+2024/05/29 : 3.0.0
+ - MINOR: sample: implement the uptime sample fetch
+ - CI: scripts: fix build of vtest regarding option -C
+ - CI: scripts: build vtest using multiple CPUs
+ - MINOR: log: rename 'log-format tag' to 'log-format alias'
+ - DOC: config: document logformat item naming and typecasting features
+ - BUILD: makefile: yearly reordering of objects by build time
+ - BUILD: fd: errno is also needed without poll()
+ - DOC: config: fix two typos "RST_STEAM" vs "RST_STREAM"
+ - DOC: config: refer to the non-deprecated keywords in ocsp-update on/off
+ - DOC: streamline http-reuse and connection naming definition
+ - REGTESTS: complete http-reuse test with pool-conn-name
+ - DOC: config: add %ID logformat alias alternative
+ - CLEANUP: ssl/ocsp: readable ifdef in ssl_sock_load_ocsp
+ - BUG/MINOR: ssl/ocsp: init callback func ptr as NULL
+ - CLEANUP: ssl_sock: move dirty openssl-1.0.2 wrapper to openssl-compat
+ - BUG/MINOR: activity: fix Delta_calls and Delta_bytes count
+ - CI: github: upgrade the WolfSSL job to 5.7.0
+ - DOC: install: update quick build reminders with some missing options
+ - DOC: install: update the range of tested openssl version to cover 3.3
+ - DEV: patchbot: prepare for new version 3.1-dev
+ - MINOR: version: mention that it's 3.0 LTS now.
+
+2024/05/24 : 3.0-dev13
+ - CLEANUP: ssl/cli: remove unused code in dump_crtlist_conf
+ - MINOR: ssl: check parameter in ckch_conf_cmp()
+ - BUG/MINOR: ring: free ring's allocated area not ring's usable area when using maps
+ - DOC: configuration: rework the crt-store load documentation
+ - DEBUG: tools: add vma_set_name() helper
+ - DEBUG: shctx: name shared memory using vma_set_name()
+ - DEBUG: sink: add name hint for memory area used by memory-backed sinks
+ - DEBUG: pollers: add name hint for large memory areas used by pollers
+ - DEBUG: errors: add name hint for startup-logs memory area
+ - DEBUG: fd: add name hint for large memory areas
+ - MEDIUM: ssl: don't load file by discovering them in crt-store
+ - DOC: configuration: update the crt-list documentation
+ - DOC: configuration: add the supported crt-store options in crt-list
+ - BUG/MEDIUM: proto: fix fd leak in <proto>_connect_server
+ - MINOR: sock: set conn->err_code in case of EPERM
+ - BUG/MINOR: http-ana: Don't crush stream termination condition on internal error
+ - MAJOR: spoe: Let the SPOE back into the game
+ - BUG/MINOR: connection: parse PROXY TLV for LOCAL mode
+ - BUG/MINOR: server: free PROXY v2 TLVs on srv drop
+ - MINOR: rhttp: add log on connection allocation failure
+ - BUG/MEDIUM: rhttp: fix preconnect on single-thread
+ - BUG/MINOR: rhttp: prevent listener suspend
+ - BUG/MINOR: rhttp: fix task_wakeup state
+ - MINOR: session: define flag to explicitely release listener on free
+ - MEDIUM: rhttp: create session for active preconnect
+ - MINOR: rhttp: support PROXY emission on preconnect
+ - MINOR: connection: support PROXY v2 TLV emission without stream
+ - MINOR: traces: enumerate the list of levels/verbosities when not found
+ - BUG/MINOR: sock: fix sock_create_server_socket
+ - MINOR: proto: fix coding style
+ - BUG/MAJOR: quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only)
+ - REGTESTS: scripts: allow to change the vtest timeout
+ - BUG/MEDIUM: quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305
+ - CI: scripts/build-ssl.sh: loudly fail on unsupported platforms
+ - BUG/MEDIUM: mux-quic: Create sedesc in same time of the QUIC stream
+ - MINOR: mux-quic: Set abort info for SC-less QCS on STOP_SENDING frame
+ - CI: scripts/build-ssl: add a DESTDIR and TMPDIR variable
+ - CI: scripts/buil-ssl: cleanup the boringssl and quictls build
+ - MINOR: config: add thread-hard-limit to set an upper bound to nbthread
+ - BUILD: quic: fix unused variable warning when threads are disabled
+ - BUG/MEDIUM: stick-tables: Fix race with peers when trashing oldest entries
+ - BUG/MEDIUM: stick-tables: Fix race with peers when killing a sticky session
+ - BUG/MEDIUM: stick-tables: make sure never to create two same remote entries
+ - CLEANUP: stick-tables: remove a few unneeded tests for use_wrlock
+ - MINOR: stick-tables: remove the uneeded read lock in stksess_free()
+ - CLEANUP: tools: fix vma_set_name() function comment
+ - DEBUG: tools: add vma_set_name_id() helper
+ - DEBUG: pollers/fd: add thread id suffix to per-thread memory areas name hints
+ - DOC: config: fix aes_gcm_enc() description text
+ - BUILD: trace: fix warning on null dereference
+ - MEDIUM: config: prevent communication with privileged ports
+ - MAJOR: config: prevent QUIC with clients privileged port by default
+ - BUG/MINOR: quic: adjust restriction for stateless reset emission
+ - MINOR: quic: clarify doc for quic_recv()
+ - MINOR: server: generalize sni expr parsing
+ - MINOR: server: define pool-conn-name keyword
+ - MEDIUM: connection: use pool-conn-name instead of sni on reuse
+ - BUG/MINOR: rhttp: initialize session origin after preconnect reversal
+ - BUG/MEDIUM: server/dns: preserve server's port upon resolution timeout or error
+ - BUG/MINOR: http-htx: Support default path during scheme based normalization
+ - BUG/MINOR: server: Don't reset resolver options on a new default-server line
+ - DOC: quic: specify that connection migration is not supported
+ - DOC: config: fix incorrect section reference about custom log format
+ - DOC: config: uniformize the naming and description of custom log format args
+ - DOC: config: clarify the fact that custom log format is not just for logging
+ - REGTESTS: acl_cli_spaces: avoid a warning caused by undefined logs
+
+2024/05/18 : 3.0-dev12
+ - CI: drop asan.log umbrella completely
+ - BUG/MINOR: log: fix leak in add_sample_to_logformat_list() error path
+ - BUG/MINOR: log: smp_rgs array issues with inherited global log directives
+ - MINOR: rhttp: Don't require SSL when attach-srv name parsing
+ - REGTESTS: ssl: be more verbose with ocsp_compat_check.vtc
+ - DOC: Update UUID references to RFC 9562
+ - MINOR: hlua: add hlua_nb_instruction getter
+ - MEDIUM: hlua: take nbthread into account in hlua_get_nb_instruction()
+ - BUG/MEDIUM: server: clear purgeable conns before server deletion
+ - BUG/MINOR: mux-quic: fix error code on shutdown for non HTTP/3
+ - BUG/MINOR: qpack: fix error code reported on QPACK decoding failure
+ - BUG/MEDIUM: htx: mark htx_sl as packed since it may be realigned
+ - BUG/MEDIUM: stick-tables: properly mark stktable_data as packed
+ - SCRIPTS: run-regtests: fix a few occurrences of extended regexes
+ - BUG/MINOR: ssl_sock: fix xprt_set_used() to properly clear the TASK_F_USR1 bit
+ - MINOR: dynbuf: provide a b_dequeue() variant for multi-thread
+ - BUG/MEDIUM: muxes: enforce buf_wait check in takeover()
+ - BUG/MINOR: h1: Check authority for non-CONNECT methods only if a scheme is found
+ - BUG/MEDIUM: h1: Reject CONNECT request if the target has a scheme
+ - BUG/MAJOR: h1: Be stricter on request target validation during message parsing
+ - MINOR: qpack: prepare error renaming
+ - MINOR: h3/qpack: adjust naming for errors
+ - MINOR: h3: adjust error reporting on sending
+ - MINOR: h3: adjust error reporting on receive
+ - MINOR: mux-quic: support glitches
+ - MINOR: h3: report glitch on RFC violation
+ - BUILD: stick-tables: better mark the stktable_data as 32-bit aligned
+ - MINOR: ssl: rename tune.ssl.ocsp-update.mode in ocsp-update.mode
+ - REGTESTS: update the ocsp-update tests
+ - BUILD: stats: remove non portable getline() usage
+ - MEDIUM: ssl: add ocsp-update.mindelay and ocsp-update.maxdelay
+ - BUILD: log: get rid of non-portable strnlen() func
+ - BUG/MEDIUM: fd: prevent memory waste in fdtab array
+ - CLEANUP: compat: make the MIN/MAX macros more reliable
+ - Revert: MEDIUM: evports: permit to report multiple events at once"
+ - BUG/MINOR: stats: Don't state the 303 redirect response is chunked
+ - MINOR: mux-h1: Add a flag to ignore the request payload
+ - REORG: mux-h1: Group H1S_F_BODYLESS_* flags
+ - CLEANUP: mux-h1: Remove unused H1S_F_ERROR_MASK mask value
+ - MEDIUM: mux-h1: Support C-L/T-E header suppressions when sending messages
+ - MINOR: ssl: ckch_store_new_load_files_conf() loads filenames from ckch_conf
+ - MEDIUM: ssl/crtlist: loading crt-store keywords from a crt-list
+ - CLEANUP: ssl/ocsp: remove the deprecated parsing code for "ocsp-update"
+ - MINOR: ssl: pass ckch_store instead of ckch_data to ssl_sock_load_ocsp()
+ - MEDIUM: ssl: ckch_conf_parse() uses -1/0/1 for off/default/on
+ - MINOR: ssl: handle PARSE_TYPE_INT and PARSE_TYPE_ONOFF in ckch_store_load_files()
+ - MINOR: ssl/ocsp: use 'ocsp-update' in crt-store
+ - MINOR: ssl: ckch_conf_clean() utility function for ckch_conf
+ - MEDIUM: ssl: add ocsp-update.disable global option
+ - MEDIUM: ssl/cli: handle crt-store keywords in crt-list over the CLI
+ - MINOR: ssl: ckch_conf_cmp() compare multiple ckch_conf structures
+ - MEDIUM: ssl: temporarily load files by detecting their presence in crt-store
+ - REGTESTS: ocsp-update: change the reg-test to support the new crt-store mode
+ - DOC: capabilities: fix chapter header rendering
+
+2024/05/10 : 3.0-dev11
+ - BUILD: clock: improve check for pthread_getcpuclockid()
+ - CI: add Illumos scheduled workflow
+ - CI: netbsd: limit scheduled workflow to parent repo only
+ - OPTIM: log: resolve logformat options during postparsing
+ - BUG/MINOR: haproxy: only tid 0 must not sleep if got signal
+ - REGTEST: add tests for acl() sample fetch
+ - BUG/MINOR: acl: support built-in ACLs with acl() sample
+ - BUG/MINOR: cfgparse: use curproxy global var from config post validation
+ - MEDIUM: stconn/muxes: Add an abort reason for SE shutdowns on muxes
+ - MINOR: mux-h2: Set the SE abort reason when a RST_STREAM frame is received
+ - MEDIUM: mux-h2: Forward h2 client cancellations to h2 servers
+ - MINOR: mux-quic: Set tha SE abort reason when a STOP_SENDING frame is received
+ - MINOR: stconn: Add samples to retrieve about stream aborts
+ - MINOR: mux-quic: Add .ctl callback function to get info about a mux connection
+ - MINOR: muxes: Add ctl commands to get info on streams for a connection
+ - MINOR: connection: Add samples to retrieve info on streams for a connection
+ - BUG/MEDIUM: log/ring: broken syslog octet counting
+ - BUG/MEDIUM: mux-quic: fix crash on STOP_SENDING received without SD
+ - DOC: lua: fix filters.txt file location
+ - MINOR: dynbuf: pass a criticality argument to b_alloc()
+ - MINOR: dynbuf: add functions to help queue/requeue buffer_wait fields
+ - MINOR: dynbuf: use the b_queue()/b_requeue() functions everywhere
+ - MEDIUM: dynbuf: make the buffer_wq an array of list heads
+ - CLEANUP: tinfo: better align fields in thread_ctx
+ - MINOR: dynbuf: provide a b_dequeue() function to detach a bw from the queue
+ - MEDIUM: dynbuf: generalize the use of b_dequeue() to detach buffer_wait
+ - MEDIUM: dynbuf/stream: re-enable queueing upon failed buffer allocation
+ - MEDIUM: dynbuf/stream: do not allocate the buffers in the callback
+ - MEDIUM: applet: make appctx_buf_available() only wake the applet up, not allocate
+ - MINOR: applet: set the blocking flag in the buffer allocation function
+ - MINOR: applet: adjust the allocation criticity based on the requested buffer
+ - MINOR: dynbuf/mux-h1: use different criticalities for buffer allocations
+ - MEDIUM: dynbuf/mux-h1: do not allocate the buffers in the callback
+ - MEDIUM: dynbuf: refrain from offering a buffer if more critical ones are waiting
+ - MINOR: stconn: report that a buffer allocation succeeded
+ - MINOR: stream: report that a buffer allocation succeeded
+ - MINOR: applet: report about buffer allocation success
+ - MINOR: mux-h1: report that a buffer allocation succeeded
+ - MEDIUM: stream: allocate without queuing when retrying
+ - MEDIUM: channel: allocate without queuing when retrying
+ - MEDIUM: mux-h1: allocate without queuing when retrying
+ - MEDIUM: dynbuf: implement emergency buffers
+ - MEDIUM: dynbuf: use emergency buffers upon failed memory allocations
+
+2024/05/04 : 3.0-dev10
+ - BUG/MEDIUM: cache: Vary not working properly on anything other than accept-encoding
+ - REGTESTS: cache: Add test on 'vary' other than accept-encoding
+ - BUG/MINOR: stats: replace objt_* by __objt_* macros
+ - CLEANUP: tools/cbor: rename cbor_encode_ctx struct members
+ - MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx
+ - BUG/MINOR: log: fix global lf_expr node options behavior
+ - CLEANUP: log: add a macro to know if a lf_node is configurable
+ - MINOR: httpclient: allow to use absolute URI with new flag HC_F_HTTPROXY
+ - MINOR: ssl: introduce ocsp_update.http_proxy for ocsp-update keyword
+ - BUG/MINOR: log/encode: consider global options for key encoding
+ - BUG/MINOR: log/encode: fix potential NULL-dereference in LOGCHAR()
+ - BUG/MINOR: log: fix global lf_expr node options behavior (2nd try)
+ - MINOR: log/cbor: _lf_cbor_encode_byte() explicitly requires non-NULL ctx (again)
+ - BUG/MEDIUM: log: don't ignore disabled node's options
+ - BUG/MINOR: stconn: don't wake up an applet waiting on buffer allocation
+ - MINOR: sock: rename sock to sock_fd in sock_create_server_socket
+ - MEDIUM: proto_uxst: take in account server namespace
+ - MEIDUM: unix sock: use my_socketat to create bind socket
+ - MINOR: sock_set_mark: take sock family in account
+ - MEDIUM: proto: make common fd checks in sock_create_server_socket
+ - MINOR: sock: add EPERM case in sock_handle_system_err
+ - MINOR: capabilities: add cap_sys_admin support
+ - CLEANUP: ssl: clean the includes in ssl_ocsp.c
+ - CLEANUP: ssl: move the global ocsp-update options parsing to ssl_ocsp.c
+ - MINOR: stats: fix visual alignment for stat_cols_px definition
+ - MINOR: stats: convert req_tot as generic column
+ - MINOR: stats: prepare stats-file support for values other than FN_COUNTER
+ - MINOR: counters: move freq-ctr from proxy/server into counters struct
+ - MINOR: stats: support rate in stats-file
+ - MINOR: stats: convert rate as generic column for proxy stats
+ - MINOR: counters: move last_change into counters struct
+ - MINOR: stats: support age in stats-file
+ - MINOR: stats: convert age as generic column for proxy stat
+ - CLEANUP: ssl: rename new_ckch_store_load_files_path() to ckch_store_new_load_files_path()
+ - MINOR: ssl: rename ocsp_update.http_proxy into ocsp-update.httpproxy
+ - REORG: stats: define stats-proxy source module
+ - MINOR: stats: extract proxy clear-counter in a dedicated function
+ - REGTESTS: stats: add test stats-file counters preload
+ - CI: netbsd: adjust packages after NetBSD-10 released
+ - CLEANUP: assorted typo fixes in the code and comments
+ - REGTESTS: replace REQUIRE_VERSION by version_atleast
+ - MEDIUM: log: optimizing tmp->type handling in sess_build_logline()
+ - BUG/MINOR: log: prevent double spaces emission in sess_build_logline()
+ - OPTIM: log: declare empty buffer as global variable
+ - OPTIM: log: use thread local lf_buildctx to stop pushing it on the stack
+ - OPTIM: log: use lf_buildctx's buffer instead of temporary stack buffers
+ - OPTIM: log: speedup date printing in sess_build_logline() when no encoding is used
+
+2024/04/27 : 3.0-dev9
+ - BUILD: ssl: use %zd for sizeof() in ssl_ckch.c
+ - MINOR: backend: use be_counters for health down accounting
+ - BUG/MINOR: backend: use cum_sess counters instead of cum_conn
+ - BUG/MINOR: stats: fix stot metric for listeners
+ - REGTESTS: use -dI for insecure fork by default in the regtest scripts
+ - MINOR: stats: rename proxy stats
+ - MINOR: stats: rename ambiguous stat_l and stat_count
+ - MINOR: stats: rename info stats
+ - MINOR: stats: use stricter naming stats/field/line
+ - MINOR: stats: use STAT_F_* prefix for flags
+ - BUG/MEDIUM: applet: Let's applets decide if they have more data to deliver
+ - BUILD: stick-tables: silence build warnings when threads are disabled
+ - MINOR: tools: Rename `ha_generate_uuid` to `ha_generate_uuid_v4`
+ - MINOR: Add `ha_generate_uuid_v7`
+ - MINOR: Add support for UUIDv7 to the `uuid` sample fetch
+ - MEDIUM: shctx: Naming shared memory context
+ - BUG/MINOR: h1: fix detection of upper bytes in the URI
+ - MINOR: intops: add a pair of functions to check multi-byte ranges
+ - TESTS: add a unit test for the multi-byte range checks
+ - CLEANUP: h1: make use of the multi-byte matching functions
+ - REGTESTS: ssl: Remove "sleep" calls from ocsp auto update test
+ - BUG/MEDIUM: peers: Automatically start to learn on local peer
+ - BUG/MEDIUM: peers: Reprocess peer state after all session shutdowns
+ - MINOR: peers: Remove unused PEERS_F_RESYNC_REQUESTED flag
+ - MINOR: peers: Don't set TEACH flags on a peer from the sync task
+ - MINOR: peers: Use a peer flag to block the applet waiting ack of the sync task
+ - BUG/MEDIUM: peers: Wait for sync task ack when a resynchro is finished
+ - MINOR: peers: Remove unused PEERS_F_RESYNC_PROCESS flag
+ - MINOR: applet: Add a function to know the side where an applet was created
+ - MEDIUM: peers: Simplify the peer flags dealing with the connection state
+ - MEDIUM: peers: Use true states for the peer applets as seen from outside
+ - MEDIUM: peers: Use true states for the learn state of a peer
+ - MINOR: peers: Start learning for local peer before receiving messages
+ - MINOR: peers: Rename PEERS_F_TEACH_COMPLETE to PEERS_F_LOCAL_TEACH_COMPLETE
+ - MINOR: peers: Reorder and slightly rename PEER flags
+ - MINOR: peers: Reorder and rename PEERS flags
+ - REORG: peers: Move peer and peers flags in the corresponding header file
+ - DEV: flags/peers: Decode PEER and PEERS flags
+ - MINOR: peers: Add comment on processing functions of the sync task
+ - MINOR: peers: Use a static variable to wait a resync on reload
+ - BUG/MEDIUM: peers: Use atomic operations on peers flags when necessary
+ - REORG: peers: Rename all occurrences to 'ps' variable
+ - BUG/MINOR: peers: Don't wait for a remote resync if there no remote peer
+ - MINOR: stats: update ambiguous "metrics" naming to "stat_cols"
+ - MINOR: stats: introduce a more expressive stat definition method
+ - MINOR: stats: implement automatic metric generation from stat_col
+ - MINOR: stats: hide some columns in output
+ - MEDIUM: stats: convert counters to new column definition
+ - MINOR: stats: define stats-file output format support
+ - MEDIUM: stats: implement dump stats-file CLI
+ - MINOR: ist: define iststrip() new function
+ - MINOR: guid: define guid_is_valid_fmt()
+ - MINOR: stats: apply stats-file on process startup
+ - MINOR: stats: parse header lines from stats-file
+ - MINOR: stats: parse values from stats-file
+ - MEDIUM: stats: define stats-file keyword
+ - BUG/MINOR: mworker: reintroduce way to disable seamless reload with -x /dev/null
+ - CLEANUP: log: remove unused checks for encode_{chunk,string}
+ - MINOR: log: store lf_expr nodes inside substruct
+ - MINOR: log: global lf_expr node options
+ - CLEANUP: log: simplify complex values usages in sess_build_logline()
+ - MINOR: log: skip custom logformat_node name if empty
+ - MINOR: log: add lf_int() wrapper to print integers
+ - MINOR: log: add lf_rawtext{_len}() functions
+ - MEDIUM: log: pass date strings to lf_rawtext()
+ - MEDIUM: log: write raw strings using lf_rawtext()
+ - MEDIUM: log: use lf_rawtext for lf_ip() and lf_port() hex strings
+ - MINOR: log: explicitly handle %ts and %tsc as text strings
+ - MINOR: log: use LOG_VARTEXT_{START,END} to enclose text strings
+ - MINOR: log: make all lf_* sess build helper static
+ - MINOR: log: merge lf_encode_string() and lf_encode_chunk() logic
+ - MEDIUM: log: lf_* build helpers now take a ctx argument
+ - MINOR: log: expose node typecast in lf_buildctx struct
+ - MINOR: log: postpone conversion for sample expressions in sess_build_logline()
+ - MINOR: log: add LOG_OPT_NONE flag
+ - MINOR: log: add no_escape_map to bypass escape with _lf_encode_bytes()
+ - MINOR: log: add +bin logformat node option
+ - MINOR: log: add +json encoding option
+ - MINOR: tools: add cbor encode helpers
+ - MINOR: log: add +cbor encoding option
+ - MINOR: log: support true cbor binary encoding
+ - CLEANUP: dynbuf: move the reserve and limit parsers to dynbuf.c
+ - MINOR: list: add a macro to detect that a list contains at most one element
+ - MINOR: cli/wait: rename the condition "srv-unused" to "srv-removable"
+
+2024/04/19 : 3.0-dev8
+ - BUG/MINOR: cli: Don't warn about a too big command for incomplete commands
+ - BUG/MINOR: listener: always assign distinct IDs to shards
+ - BUG/MINOR: log: fix lf_text_len() truncate inconsistency
+ - BUG/MINOR: tools/log: invalid encode_{chunk,string} usage
+ - BUG/MINOR: log: invalid snprintf() usage in sess_build_logline()
+ - CLEANUP: log: lf_text_len() returns a pointer not an integer
+ - MINOR: quic: simplify qc_send_hdshk_pkts() return
+ - MINOR: quic: uniformize sending methods for handshake
+ - MINOR: quic: improve sending API on retransmit
+ - MINOR: quic: use qc_send_hdshk_pkts() in handshake IO cb
+ - MEDIUM: quic: remove duplicate hdshk/app send functions
+ - OPTIM: quic: do not call qc_send() if nothing to emit
+ - OPTIM: quic: do not call qc_prep_pkts() if everything sent
+ - BUG/MEDIUM: http-ana: Deliver 502 on keep-alive for fressh server connection
+ - BUG/MINOR: http-ana: Fix TX_L7_RETRY and TX_D_L7_RETRY values
+ - BUILD: makefile: warn about unknown USE_* variables
+ - BUILD: makefile: support USE_xxx=0 as well
+ - BUG/MINOR: guid: fix crash on invalid guid name
+ - BUILD: atomic: fix peers build regression on gcc < 4.7 after recent changes
+ - BUG/MINOR: debug: make sure DEBUG_STRICT=0 does work as documented
+ - BUILD: cache: fix non-inline vs inline declaration mismatch to silence a warning
+ - BUILD: debug: make DEBUG_STRICT=1 the default
+ - BUILD: pools: make DEBUG_MEMORY_POOLS=1 the default option
+ - CI: update the build options to get rid of unneeded DEBUG options
+ - BUILD: makefile: get rid of the config CFLAGS variable
+ - BUILD: makefile: allow to use CFLAGS to append build options
+ - BUILD: makefile: drop the SMALL_OPTS settings
+ - BUILD: makefile: move -O2 from CPU_CFLAGS to OPT_CFLAGS
+ - BUILD: makefile: get rid of the CPU variable
+ - BUILD: makefile: drop the ARCH variable and better document ARCH_FLAGS
+ - BUILD: makefile: extract ARCH_FLAGS out of LDFLAGS
+ - BUILD: makefile: move the fwrapv option to STD_CFLAGS
+ - BUILD: makefile: make the ERR variable also support 0
+ - BUILD: makefile: add FAILFAST to select the -Wfatal-errors behavior
+ - BUILD: makefile: extract -Werror/-Wfatal-errors from automatic CFLAGS
+ - BUILD: makefile: split WARN_CFLAGS from SPEC_CFLAGS
+ - BUILD: makefile: rename SPEC_CFLAGS to NOWARN_CFLAGS
+ - BUILD: makefile: do not pass warnings to VERBOSE_CFLAGS
+ - BUILD: makefile: also drop DEBUG_CFLAGS
+ - CLEANUP: makefile: make the output of the "opts" target more readable
+ - DOC: install: clarify the build process by splitting it into subsections
+ - BUG/MINOR: server: fix slowstart behavior
+ - BUG/MEDIUM: cache/stats: Handle inbuf allocation failure in the I/O handler
+ - MINOR: ssl: add the section parser for 'crt-store'
+ - DOC: configuration: Add 3.12 Certificate Storage
+ - REGTESTS: ssl: test simple case of crt-store
+ - MINOR: ssl: rename ckchs_load_cert_file to new_ckch_store_load_files_path
+ - MINOR: ssl/crtlist: alloc ssl_conf only when a valid keyword is found
+ - BUG/MEDIUM: stick-tables: fix the task's next expiration date
+ - CLEANUP: stick-tables: always respect the to_batch limit when trashing
+ - BUG/MEDIUM: peers/trace: fix crash when listing event types
+ - BUG/MAJOR: stick-tables: fix race with peers in entry expiration
+ - DEBUG: pool: improve decoding of corrupted pools
+ - REORG: pool: move the area dump with symbol resolution to tools.c
+ - DEBUG: pools: report the data around the offending area in case of mismatch
+ - MINOR: listener/protocol: add proto name in alerts
+ - MINOR: proto_quic: add proto name in alert
+ - BUG/MINOR: lru: fix the standalone test case for invalid revision
+ - DOC: management: fix typos
+ - CI: revert kernel addr randomization introduced in 3a0fc864
+ - MINOR: ring: clarify the usage of ring_size() and add ring_allocated_size()
+ - BUG/MAJOR: ring: use the correct size to reallocate startup_logs
+ - MINOR: ring: always check that the old ring fits in the new one in ring_dup()
+ - CLEANUP: ssl: remove dead code in cfg_parse_crtstore()
+ - MINOR: ssl: supports crt-base in crt-store
+ - MINOR: ssl: 'key-base' allows to load a 'key' from a specific path
+ - MINOR: net_helper: Add support for floats/doubles.
+ - BUG/MEDIUM: grpc: Fix several unaligned 32/64 bits accesses
+ - MINOR: peers: Split resync process function to separate running/stopping states
+ - MINOR: peers: Add 2 peer flags about the peer learn status
+ - MINOR: peers: Add flags to report the peer state to the resync task
+ - MINOR: peers: sligthly adapt part processing the stopping signal
+ - MINOR: peers: Add functions to commit peer changes from the resync task
+ - BUG/MINOR: peers: Report a resync was explicitly requested from a thread-safe manner
+ - BUG/MAJOR: peers: Update peers section state from a thread-safe manner
+ - MEDIUM: peers: Only lock one peer at a time in the sync process function
+ - MINOR: peer: Restore previous peer flags value to ease debugging
+ - BUG/MEDIUM: stconn: Don't forward channel data if input data must be filtered
+ - BUILD: cache: fix a build warning with gcc < 7
+ - BUILD: xxhash: silence a build warning on Solaris + gcc-5.5
+ - CI: reduce ASAN log redirection umbrella size
+ - CLEANUP: assorted typo fixes in the code and comments
+ - BUG/MEDIUM: evports: do not clear returned events list on signal
+ - MEDIUM: evports: permit to report multiple events at once
+ - MEDIUM: ssl: support aliases in crt-store
+ - BUG/MINOR: ssl: check on forbidden character on wrong value
+ - BUG/MINOR: ssl: fix crt-store load parsing
+ - BUG/MEDIUM: applet: Fix applet API to put input data in a buffer
+ - BUG/MEDIUM: spoe: Always retry when an applet fails to send a frame
+ - BUG/MEDIUM: peers: Fix exit condition when max-updates-at-once is reached
+ - BUILD: linuxcap: Properly declare prepare_caps_from_permitted_set()
+ - BUG/MEDIUM: peers: fix localpeer regression with 'bind+server' config style
+ - MINOR: peers: stop relying on srv->addr to find peer port
+ - MEDIUM: ssl: support a named crt-store section
+ - MINOR: stats: remove implicit static trash_chunk usage
+ - REORG: stats: extract HTML related functions
+ - REORG: stats: extract JSON related functions
+ - MEDIUM: ssl: crt-base and key-base local keywords for crt-store
+ - MINOR: stats: Get the right prototype for stats_dump_html_end().
+ - MAJOR: ssl: use the msg callback mecanism for backend connections
+ - MINOR: ssl: implement keylog fetches for backend connections
+ - BUG/MINOR: stconn: Fix sc_mux_strm() return value
+ - MINOR: mux-pt: Test conn flags instead of sedesc ones to perform a full close
+ - MINOR: stconn/connection: Move shut modes at the SE descriptor level
+ - MINOR: stconn: Rewrite shutdown functions to simplify the switch statements
+ - MEDIUM: stconn: Use only one SC function to shut connection endpoints
+ - MEDIUM: stconn: Explicitly pass shut modes to shut applet endpoints
+ - MEDIUM: stconn: Use one function to shut connection and applet endpoints
+ - MEDIUM: muxes: Use one callback function to shut a mux stream
+ - BUG/MINOR: sock: handle a weird condition with connect()
+ - BUG/MINOR: fd: my_closefrom() on Linux could skip contiguous series of sockets
+ - BUG/MEDIUM: peers: Don't set PEERS_F_RESYNC_PROCESS flag on a peer
+ - BUG/MEDIUM: peers: Fix state transitions of a peer
+ - MINOR: init: use RLIMIT_DATA instead of RLIMIT_AS
+ - CI: modernize macos matrix
+
+2024/04/06 : 3.0-dev7
+ - BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message
+ - BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities
+ - MEDIUM: ssl: Add 'tune.ssl.ocsp-update.mode' global option
+ - REGTESTS: ssl: Add OCSP update compatibility tests
+ - REGTESTS: ssl: Add functional test for global ocsp-update option
+ - BUG/MINOR: server: reject enabled for dynamic server
+ - BUG/MINOR: server: fix persistence cookie for dynamic servers
+ - MINOR: server: allow cookie for dynamic servers
+ - REGTESTS: Fix script about OCSP update compatibility tests
+ - BUG/MINOR: cli: Report an error to user if command or payload is too big
+ - MINOR: sc_strm: Add generic version to perform sync receives and sends
+ - MEDIUM: stream: Use generic version to perform sync receives and sends
+ - MEDIUM: buf: Add b_getline() and b_getdelim() functions
+ - MEDIUM: applet: Handle applets with their own buffers in put functions
+ - MEDIUM: cli/applet: Stop to test opposite SC in I/O handler of CLI commands
+ - MINOR: applet: Always use applet API to set appctx flags
+ - BUG/MEDIUM: applet: State appctx have more data if its EOI/EOS/ERROR flag is set
+ - MAJOR: cli: Update the CLI applet to handle its own buffers
+ - MINOR: applet: Let's applets .snd_buf function deal with full input buffers
+ - MINOR: stconn: Add a connection flag to notify sending data are the last ones
+ - MAJOR: cli: Use a custom .snd_buf function to only copy the current command
+ - DOC: config: balance 'first' not usable in LOG mode
+ - BUG/MINOR: log/balance: detect if user tries to use unsupported algo
+ - MINOR: lbprm: implement true "sticky" balance algo
+ - MEDIUM: log/balance: leverage lbprm api for log load-balancing
+ - BUG/BUILD: debug: fix unused variable error
+ - MEDIUM: lb-chash: Deterministic node hashes based on server address
+ - BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task
+ - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (4)
+ - REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests (2)
+ - CLEANUP: Reapply ist.cocci (3)
+ - CLEANUP: Reapply strcmp.cocci (2)
+ - CLEANUP: Reapply xalloc_cast.cocci
+ - CLEANUP: Reapply ha_free.cocci
+ - CI: vtest: show coredumps if any
+ - REGTESTS: ssl: disable ssl/ocsp_auto_update.vtc
+ - BUG/MINOR: backend: properly handle redispatch 0
+ - MINOR: quic: HyStart++ implementation (RFC 9406)
+ - BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty
+ - BUG/MEDIUM: stick-table: use the update lock when reading tables from peers
+ - BUG/MAJOR: applet: fix a MIN vs MAX usage in appctx_raw_rcv_buf()
+ - OPTIM: peers: avoid the locking dance around peer_send_teach_process_msgs()
+ - BUILD: quic: 32 bits compilation issue (QUIC_MIN() usage)
+ - BUG/MEDIUM: server/lbprm: fix crash in _srv_set_inetaddr_port()
+ - MEDIUM: mworker: get rid of libsystemd
+ - BUILD: systemd: fix build error on non-systemd systems with USE_SYSTEMD=1
+ - BUG/MINOR: bwlim/config: fix missing '\n' after error messages
+ - MINOR: stick-tables: mark the seen stksess with a flag "seen"
+ - OPTIM: stick-tables: check the stksess without taking the read lock
+ - MAJOR: stktable: split the keys across multiple shards to reduce contention
+ - CI: extend Fedora Rawhide, add m32 mode
+ - BUG/MINOR: stick-tables: Missing stick-table key nullity check
+ - BUILD: systemd: enable USE_SYSTEMD by default with TARGET=linux-glibc
+ - MINOR: systemd: Include MONOTONIC_USEC field in RELOADING=1 message
+ - BUG/MINOR: proxy: fix logformat expression leak in use_backend rules
+ - MEDIUM: log: rename logformat var to logformat tag
+ - MINOR: log: expose logformat_tag struct
+ - MEDIUM: log: carry tag context in logformat node
+ - MEDIUM: tree-wide: add logformat expressions wrapper
+ - MINOR: proxy: add PR_FL_CHECKED flag
+ - MAJOR: log: implement proper postparsing for logformat expressions
+ - MEDIUM: log: add compiling logic to logformat expressions
+ - MEDIUM: proxy/log: leverage lf_expr API for logformat preparsing
+ - MINOR: guid: introduce global UID module
+ - MINOR: guid: restrict guid format
+ - MINOR: proxy: implement GUID support
+ - MINOR: server: implement GUID support
+ - MINOR: listener: implement GUID support
+ - DOC: configuration: grammar fixes for strict-sni
+ - BUG/MINOR: init: relax LSTCHK_NETADM checks for non root
+ - MEDIUM: capabilities: check process capabilities sets
+ - CLEANUP: global: remove LSTCHK_CAP_BIND
+ - BUG/MEDIUM: quic: don't blindly rely on unaligned accesses
+
+2024/03/26 : 3.0-dev6
- MINOR: mux-h2: always use h2c_report_glitch()
- MEDIUM: mux-h2: allow to set the glitches threshold to kill a connection
- - MINOR: connection: add a new mux_ctl to report number of connection glitches
- - MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES
- - MINOR: connection: add sample fetches to report per-connection glitches
- - BUG/MINOR: quic: reject unknown frame type
- - BUG/MINOR: quic: reject HANDSHAKE_DONE as server
- - BUG/MINOR: qpack: reject invalid increment count decoding
- - BUG/MINOR: qpack: reject invalid dynamic table capacity
- - DOC: quic: Missing tuning setting in "Global parameters"
- - BUG/MEDIUM: applet: Immediately free appctx on early error
- - BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets
- - BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data
- - BUG/MEDIUM: quic: fix transient send error with listener socket
- - DOC: quic: fix recommandation for bind on multiple address
- - MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support
- - BUG/MINOR: ist: allocate nul byte on istdup
- - BUG/MINOR: stats: drop srv refcount on early release
- - BUG/MAJOR: server: fix stream crash due to deleted server
- - MINOR: cli: Remove useless loop on commands to find unescaped semi-colon
- - BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n
- - BUG/MINOR: quic: fix output of show quic
- - BUG/MINOR: ist: only store NUL byte on succeeded alloc
+ - MINOR: quic: simplify rescheduling for handshake
+ - MINOR: quic: remove qc_treat_rx_crypto_frms()
+ - DOC: configuration: clarify ciphersuites usage (V2)
+ - MINOR: tools: use public interface for FreeBSD get_exec_path()
+ - BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm()
+ - BUG/MINOR: ssl: do not set the aead_tag flags in sample_conv_aes_gcm()
+ - BUG/MINOR: server: fix first server template not being indexed
+ - MEDIUM: ssl: initialize the SSL stack explicitely
+ - MEDIUM: ssl: allow to change the OpenSSL security level from global section
+ - CLEANUP: ssl: remove useless #ifdef in openssl-compat.h
+ - CI: github: add -DDEBUG_LIST to the default builds
+ - BUG/MINOR: hlua: segfault when loading the same filter from different contexts
+ - BUG/MINOR: hlua: missing lock in hlua_filter_new()
+ - BUG/MINOR: hlua: fix missing lock in hlua_filter_delete()
+ - DEBUG: lua: precisely identify if stream is stuck inside lua or not
+ - MINOR: hlua: use accessors for stream hlua ctx
+ - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
+ - MINOR: debug: enable insecure fork on the command line
+ - CI: github: add -dI to haproxy arguments
+ - BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release
+ - BUG/MINOR: listener: Don't schedule frontend without task in listener_release()
+ - MINOR: session: rename private conns elements
+ - BUG/MAJOR: server: do not delete srv referenced by session
+ - BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout
+ - BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop
+ - MAJOR: spoe: Deprecate the SPOE filter
+ - MINOR: cfgparse: Add a global option to expose deprecated directives
+ - MINOR: spoe: Add SPOE filters in the exposed deprecated directives
+ - CLEANUP: assorted typo fixes in the code and comments
+ - CI: temporarily adjust kernel entropy to work with ASAN/clang
+ - BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
+ - BUG/MINOR: session: ensure conn owner is set after insert into session
+ - BUG/MEDIUM: http_ana: ignore NTLM for reuse aggressive/always and no H1
+ - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe
+ - BUG/MAJOR: ocsp: Separate refcount per instance and per store
+ - REGTESTS: ssl: Add OCSP related tests
+ - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
+ - BUG/MEDIUM: ssl: Fix crash in ocsp-update log function
+ - MEDIUM: ssl: Change output of ocsp-update log
+ - MINOR: ssl: Change level of ocsp-update logs
+ - CLEANUP: ssl: Remove undocumented ocsp fetches
+ - REGTESTS: ssl: Add checks on ocsp-update log format
+ - MINOR: connection: implement conn_release()
+ - MINOR: connection: extend takeover with release option
+ - MEDIUM: server: close idle conn on server deletion
+ - MEDIUM: mux: prepare for takeover on private connections
+ - MEDIUM: server: close private idle connection before server deletion
+ - BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet
+ - BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block
+ - BUILD: server: fix build regression on old compilers (<= gcc-4.4)
+ - OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6}
+ - MINOR: debug: add "debug dev trace" to flood with traces
+ - MINOR: atomic: add a read-specific variant of __ha_cpu_relax()
+ - MINOR: applet: add new function applet_append_line()
+ - MINOR: log/applet: add new function syslog_applet_append_event()
+ - MEDIUM: ring/sink: use applet_append_line()/syslog_applet_append_event() for readers
+ - REORG: dns/ring: split the ring between the generic one and the DNS one
+ - MEDIUM: ring: move the ring reader code to ring_dispatch_messages()
+ - MEDIUM: sink: move the generic ring forwarder code use ring_dispatch_messages()
+ - MEDIUM: log/sink: make the log forwarder code use ring_dispatch_messages()
+ - MINOR: buf: add b_add_ofs() to add a count to an absolute position
+ - MINOR: buf: add b_rel_ofs() to turn an absolute offset into a relative one
+ - MINOR: buf: add b_putblk_ofs() to copy a block at a specific position
+ - MINOR: buf: add b_getblk_ofs() that works relative to area and not head
+ - MINOR: ring: make the ring reader use only absolute offsets
+ - MINOR: ring: reserve one special value for the readers count
+ - MINOR: vecpair: add new vector pair based data manipulation mechanisms
+ - MINOR: vecpair: add necessary functions to use vecpairss from/to ring APIs
+ - MINOR: ring: rename totlen vs msglen in ring_write()
+ - MINOR: ring: add ring_data() to report the amount of data in a ring
+ - MINOR: ring: add ring_size() to return the ring's size
+ - MINOR: ring: add ring_dup() to copy a ring into another one
+ - MINOR: ring: also add ring_area(), ring_head(), ring_tail()
+ - MINOR: ring: make callers use ring_data() and ring_size(), not ring->buf
+ - MINOR: errors: use ring_dup() to duplicate the startup_logs
+ - MINOR: ring: use ring_size(), ring_area(), ring_head() and ring_tail()
+ - MINOR: ring: add a flag to indicate a mapped file
+ - MAJOR: ring: insert an intermediary ring_storage level
+ - MINOR: ring: resize only under thread isolation
+ - MINOR: ring: allow to reduce a ring size
+ - MEDIUM: ring: replace the buffer API in ring_write() with the vec<->ring API
+ - MEDIUM: ring: change the ring reader to use the new vector-based API now
+ - MEDIUM: ring: remove the struct buffer from the ring
+ - MEDIUM: ring: align the head and tail fields in the ring_storage structure
+ - MINOR: ring: make the reader check the readers count before inc/dec
+ - MEDIUM: ring: lock the tail's readers counters before proceeding with the changes
+ - MEDIUM: ring: protect the reader's positions against writers
+ - MEDIUM: ring: use the topmost bit of the tail as a lock
+ - MEDIUM: move the ring's lock to only protect the readers list
+ - MEDIUM: ring: unlock the ring's tail earlier
+ - MINOR: ring: don't take the readers lock if there are no readers
+ - MEDIUM: ring/applet: turn the wait_entry list to an mt_list instead
+ - MEDIUM: ring: protect the initialization of the initial reader offset
+ - MINOR: ring: make sure ring_dispatch waits when facing a changing message
+ - MAJOR: ring: drop the now unneeded lock
+ - OPTIM: ring: don't even try to update offset when failed to read
+ - OPTIM: ring: have only one thread at a time wake up all readers
+ - MINOR: ring: keep a few frequently used pointers in the local stack
+ - MINOR: ring: add the definition of a ring waiting cell
+ - MINOR: ring: make the number of queues configurable
+ - MAJOR: ring: implement a waiting queue in front of the ring
+ - MEDIUM: ring: significant boost in the loop by checking the ring queue ptr first
+ - MEDIUM: ring: improve speed in the queue waiting loop on x86_64
+ - MINOR: ring: simplify the write loop a little bit
+ - CLEANUP: ring: further simplify the write loop
+ - MINOR: ring: it's not x86 but all non-ARMv8.1 which needs the read before OR
+ - MINOR: ring: avoid writes to cells during copy
+ - OPTIM: ring: use relaxed stores to release the threads
+ - CLEANUP: ring: use only curr_cell and not next_cell in the main write loop
+ - BUILD: ssl: fix build error on older compilers with openssl-3.2
+ - BUG/MINOR: server: 'source' interface ignored from 'default-server' directive
+ - BUG/MAJOR: ring: free the ring storage not the ring itself when using maps
+
+2024/03/09 : 3.0-dev5
+ - BUG/MEDIUM: applet: Fix HTX .rcv_buf callback function to release outbuf buffer
+ - BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
+ - BUG/MEDIUM: server: fix dynamic servers initial settings
- BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
- LICENSE: event_hdl: fix GPL license version
- LICENSE: http_ext: fix GPL license version
+ - BUG/MEDIUM: mux-h1: Fix again 0-copy forwarding of chunks with an unknown size
- BUG/MINOR: mux-h1: Properly report when mux is blocked during a nego
+ - MINOR: mux-h1: Move checks performed before a shutdown in a dedicated function
+ - MINOR: mux-h1: Move all stuff to detach a stream in an internal function
+ - MAJOR: mux-h1: Drain requests on client side before shut a stream down
+ - MEDIUM: htx/http-ana: No longer close connection on early HAProxy response
+ - MINOR: quic: filter show quic by address
+ - MINOR: quic: specify show quic output fields
+ - MINOR: quic: add MUX output for show quic
+ - CLEANUP: mux-h2: Fix h2s_make_data() comment about the return value
- DOC: configuration: clarify ciphersuites usage
- BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener
- BUG/MINOR: hlua: Fix log level to the right value when set via TXN:set_loglevel
@@ -46,195 +666,464 @@ ChangeLog :
- BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP()
- BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume()
- BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe()
+ - MINOR: hlua: use SEND_ERR to report errors in hlua_event_runner()
+ - CLEANUP: hlua: txn class functions may LJMP
- BUG/MINOR: sink: fix a race condition in the TCP log forwarding code
+ - BUILD: thread: move lock label definitions to thread-t.h
+ - BUILD: tree-wide: fix a few missing includes in a few files
+ - BUILD: buf: make b_ncat() take a const for the source
+ - CLEANUP: assorted typo fixes in the code and comments
+ - CLEANUP: fix typo in naming for variable "unused"
+ - CI: run more smoke tests on config syntax to check memory related issues
+ - CI: enable monthly build only test on netbsd-9.3
- CI: skip scheduled builds on forks
- BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description
+ - BUG/MEDIUM: quic: fix connection freeze on post handshake
+ - BUG/MINOR: mux-quic: fix crash on aborting uni remote stream
+ - CLEANUP: log: fix obsolete comment for add_sample_to_logformat_list()
+ - CLEANUP: tree-wide: use proper ERR_* return values for PRE_CHECK fcts
- BUG/MINOR: cfgparse: report proper location for log-format-sd errors
+ - MINOR: vars: export var_set and var_unset functions
+ - MINOR: Add aes_gcm_enc converter
- BUG/MEDIUM: quic: fix handshake freeze under high traffic
- MINOR: quic: always use ncbuf for rx CRYPTO
+ - BUILD: ssl: define EVP_CTRL_AEAD_GET_TAG for older versions
+ - DOC: design: write first notes about ring-v2
+ - OPTIM: sink: try to merge "dropped" messages faster
+ - OPTIM: sink: drop the sink lock used to count drops
+ - DEV: haring: make haring not depend on the struct ring itself
+ - DEV: haring: split the code between ring and buffer
+ - DEV: haring: automatically use the advertised ring header size
- BUILD: solaris: fix compilation errors
- - DOC: configuration: clarify ciphersuites usage (V2)
- - BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm()
- - CI: github: add -DDEBUG_LIST to the default builds
- - BUG/MINOR: hlua: segfault when loading the same filter from different contexts
- - BUG/MINOR: hlua: missing lock in hlua_filter_new()
- - BUG/MINOR: hlua: fix missing lock in hlua_filter_delete()
- - DEBUG: lua: precisely identify if stream is stuck inside lua or not
- - MINOR: hlua: use accessors for stream hlua ctx
- - BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread (2nd try)
- - BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release
- - BUG/MINOR: listener: Don't schedule frontend without task in listener_release()
- - BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing timeout
- - BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on soft-stop
- - CI: temporarily adjust kernel entropy to work with ASAN/clang
- - BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
- - BUG/MINOR: session: ensure conn owner is set after insert into session
- - BUG/MEDIUM: ssl: Fix crash in ocsp-update log function
- - BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet
- - BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX block
- - OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6}
- - BUG/MINOR: server: 'source' interface ignored from 'default-server' directive
- - BUILD: ssl: fix build error on older compilers with openssl-3.2
- - BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message
- - BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities
- - BUG/MINOR: server: fix persistence cookie for dynamic servers
- - MINOR: server: allow cookie for dynamic servers
- - BUG/MINOR: server: ignore 'enabled' for dynamic servers
- - DOC: config: balance 'first' not usable in LOG mode
- - BUG/MINOR: log/balance: detect if user tries to use unsupported algo
- - BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task
- - BUG/MINOR: backend: properly handle redispatch 0
- - BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty
- - BUG/MEDIUM: stick-table: use the update lock when reading tables from peers
- - BUG/MINOR: proxy: fix logformat expression leak in use_backend rules
- - BUG/MINOR: init: relax LSTCHK_NETADM checks for non root
-2024/02/26 : 2.9.6
+2024/02/23 : 3.0-dev4
+ - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
+ - BUG/MEDIUM: quic: Wrong K CUBIC calculation.
+ - MINOR: quic: Update K CUBIC calculation (RFC 9438)
+ - MINOR: quic: Dynamic packet reordering threshold
+ - MINOR: quic: Add a counter for reordered packets
+ - BUG/MAJOR: mux-h1: Fix zero-copy forwarding when sending chunks of unknown size
+ - MINOR: stats: Use a dedicated function to check if output is almost full
+ - BUG/MEDIUM: applet: Add a flag to state an applet is using zero-copy forwarding
+ - BUG/MEDIUM: stconn/applet: Block 0-copy forwarding if producer needs more room
+ - MINOR: applet: Remove uselelss test on SE_FL_SHR/SHW flags
+ - MEDIUM: applet: Add notion of shutdown for write for applets
+ - MINOR: cli: No longer check SC for shutdown to interrupt wait command
+ - BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
+ - BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
+ - CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
+ - MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
+ - MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
+ - MINOR: muxes: Announce support for zero-copy forwarding on consumer side
+ - BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
+ - MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
+ - BUG/MINOR: quic: reject unknown frame type
+ - MINOR: quic: handle all frame types on reception
+ - BUG/MINOR: quic: reject HANDSHAKE_DONE as server
+ - BUG/MINOR: qpack: reject invalid increment count decoding
+ - BUG/MINOR: qpack: reject invalid dynamic table capacity
+ - DOC/MINOR: userlists: mention solutions to high cpu with hashes
+ - DOC: quic: Missing tuning setting in "Global parameters"
+ - BUG/MEDIUM: applet: Immediately free appctx on early error
+ - BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets
+ - BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received data
+ - BUG/MEDIUM: quic: fix transient send error with listener socket
+ - MINOR: log: custom name for logformat node
+ - MINOR: sample: add type_to_smp() helper function
+ - MINOR: log: explicit typecasting for logformat nodes
+ - MINOR: log: simplify last_isspace in sess_build_logline()
+ - MINOR: log: simplify quotes handling in sess_build_logline()
+ - MINOR: log: print metadata prefixes separately in sess_build_logline()
+ - MINOR: log: automate string array construction in sess_build_logline()
+ - DOC: quic: fix recommandation for bind on multiple address
+ - MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support
+ - OPTIM: quic: improve slightly qc_snd_buf() internal
+ - MINOR: quic: move IP_PKTINFO on send on a dedicated function
+ - MINOR: quic: remove sendto() usage variant
+ - MINOR: quic: only use sendmsg() syscall variant
+ - BUILD: applet: fix build on some 32-bit archs
+ - BUG/MINOR: quic: initialize msg_flags before sendmsg
+ - BUG/MEDIUM: mux-h1: Don't emit 0-CRLF chunk in h1_done_ff() when iobuf is empty
+ - CLEANUP: proxy/log: remove unused proxy flag
+ - CLEANUP: log: fix process_send_log() indentation
+ - CLEANUP: log: use free_logformat_list() in parse_logformat_string()
+ - MINOR: log: add free_logformat_node() helper function
+ - BUG/MINOR: log: fix potential lf->name memory leak
+ - BUG/MINOR: ist: allocate nul byte on istdup
+ - BUG/MINOR: stats: drop srv refcount on early release
- BUG/MAJOR: promex: fix crash on deleted server
- - BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
+ - BUG/MAJOR: server: fix stream crash due to deleted server
+ - BUG/MEDIUM: mux-quic: do not crash on qcs_destroy for connection error
+ - MINOR: cli: Remove useless loop on commands to find unescaped semi-colon
+ - BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n
+ - BUG/MAJOR: cli: Restore non-interactive mode behavior with pipelined commands
+ - BUG/MINOR: quic: fix output of show quic
+ - MINOR: ssl: Call callback function after loading SSL CRL data
+ - BUG/MINOR: ist: only store NUL byte on succeeded alloc
-2024/02/15 : 2.9.5
+2024/02/10 : 3.0-dev3
+ - DOC: configuration: clarify http-request wait-for-body
+ - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
+ - MINOR: h3: add traces for stream sending function
+ - BUG/MEDIUM: h3: do not crash on invalid response status code
+ - BUG/MEDIUM: qpack: allow 6xx..9xx status codes
+ - BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
+ - CLEANUP: log: deinitialization of the log buffer in one function
+ - BUG/MINOR: h1: Don't support LF only at the end of chunks
+ - BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
+ - MINOR: ssl: add HAVE_SSL_0RTT constant
+ - MINOR: ssl: rename HA_OPENSSL_HAVE_0RTT_SUPPORT constant to HAVE_SSL_0RTT_QUIC
+ - MEDIUM: ssl/quic: always compile the ssl_conf.early_data test
+ - DOC: httpclient: add dedicated httpclient section
+ - BUG/MINOR: h1-htx: properly initialize the err_pos field
+ - BUG/MEDIUM: h1: always reject the NUL character in header values
+ - CLEANUP: h1: remove unused function h1_measure_trailers()
+ - BUG/MINOR: ssl/quic: fix 0RTT define
+ - MINOR: mux-quic: prepare for earlier flow control update
+ - MINOR: mux-quic: define a flow control related type
+ - MEDIUM: mux-quic: limit stream flow control on snd_buf
+ - MEDIUM: mux-quic: limit conn flow control on snd_buf
+ - MINOR: mux-quic: remove unneeded sent-offset fields
+ - MINOR: mux-quic: check fctl during STREAM frame build
+ - MAJOR: mux-quic: remove intermediary Tx buffer
+ - MEDIUM: mux-quic: simplify sending API
+ - MEDIUM: mux-quic: release Tx buf on too small room
+ - MEDIUM: mux-quic: properly handle conn Tx buf exhaustion
+ - MINOR: mux-quic: realign Tx buffer if possible
+ - CLEANUP: connection: remove obsolete comment in header file
+ - OPTIM: connection: progressive hash for conn_calculate_hash()
+ - MINOR: tcp_act: fix alphabetical ordering of tcp request content actions
+ - MINOR: tcp-act: Rename "set-{mark,tos}" to "set-fc-{mark,tos}"
+ - MINOR: hlua: Rename set_{tos, mark} to set_fc_{tos, mark}
+ - MEDIUM: tcp-act: <expr> support for set-fc-{mark,tos} actions
+ - MEDIUM: tcp-act/backend: support for set-bc-{mark,tos} actions
+ - MINOR: stats: Be able to access to registered stats modules from anywhere
+ - MEDIUM: stats: Be able to access a specific field into a stats module
+ - MINOR: promex: Add a param to override the description when a metric is dumped
+ - MINOR: promex: Add info in the promex context to dump extra counters
+ - MEDIUM: promex: Dump frontends extra counters if requested
+ - MEDIUM: promex: Dump backends extra counters if requested
+ - MEDIUM: promex: Dump servers extra counters if requested
+ - MEDIUM: promex: Dump listeners extra counters if requested
+ - DOC: promex: Add documentation about extra-counters
+ - MINOR: promex: Always limit the number of labels dumped for each metric
+ - MEDIUM: promex: Simplify the context using generic pointers for restart points
+ - MINOR: promex: Remove unsued htx parameter when a metric is dumped
+ - MEDIUM: promex: Add a registration mechanism to support modules
+ - MEDIUM: promex: Dump metrics of registered modules with a way to filter them
+ - MEDIUM: promex/stick-table: Dump stick-table metrics via a promex module
+ - MEDIUM: promex/resolvers: Dump resolvers metrics via a promex module
+ - MINOR: promex: Rename dump functions to use the right wording
+ - MINOR: promex: Always pass the final name and description to promex_dmp_ts()
+ - MEDIUM: promex: Add support for filters on metric names
+ - REGTESTS: promex: Adapt script to be less verbose
+ - MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
+ - MINOR: debug: make sure calls to ha_crash_now() are never merged
+ - MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
- BUG/MINOR: diag: always show the version before dumping a diag warning
- BUG/MINOR: diag: run the final diags before quitting when using -c
+ - MINOR: acl: add extra diagnostics about suspicious string patterns
- BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
- BUILD: quic: Variable name typo inside a BUG_ON().
+ - DOC: config: fix typo for '%ms' log format alternative
+ - DOC: config: fix ordering for "txn.*" fetches
+ - MINOR: stream: add "txn.redispatch" fetch
+ - BUILD: debug: remove leftover parentheses in ABORT_NOW()
+ - MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
- BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
+ - MINOR: debug: support passing an optional message in ABORT_NOW()
+ - MINOR: debug: add an optional message argument to the BUG_ON() family
+ - DEBUG: make the "debug dev {debug|warn|check}" command print a message
- CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
- BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
- MINOR: quic: Stop using 1024th of a second.
- - MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
- - MINOR: debug: make sure calls to ha_crash_now() are never merged
- - MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
- - BUILD: debug: remove leftover parentheses in ABORT_NOW()
- - MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
+ - CI: github: abandon asan matrix.py helper
+ - CI: ssl: add yet another OpenSSL download fallback
+ - DOC: install: clarify WolfSSL chroot requirements
+ - MINOR: task: Move wait_event in the task header file
+ - MINOR: stconn: Be able to detect applets using HTX
+ - MINOR: stconn: Explicitly use an appctx to attach a stconn on it
+ - MINOR: stconn: Be prepared to handle error when a SC is attached to an applet
+ - MINOR: applet: Add dedicated IN/OUT buffers for appctx
+ - MINOR: applet: Add traces to debug receive/send and block/wake events
+ - MINOR: applet: Add support for callback functions to exchange data with channels
+ - MINOR: applet: Implement default functions to exchange data with channels
+ - MEDIUM: stconn: Add functions to handle applets I/O from the SC layer
+ - MEDIM: applet: Add the applet handler based on IN/OUT buffers
+ - MINOR: applet: Show IN/OUT buffers in trace messages when used
+ - MINOR: applet: Add flags on the appctx and stop abusing its state
+ - MINIOR: applet: Add flags to deal with ends of input, ends of stream and errors
+ - MINOR: applet: Remove appctx state field to only used the flags
+ - MINOR: applet: Add an appctx flag to report shutdown to applets
+ - MEDIUM: applet: Use appctx flags to report EOS/EOI/ERROR to SE
+ - MINOR: applet: Add callback function to deal with zero-copy forwarding
+ - MEDIUM: applet: Add support for zero-copy forwarding from an applet
+ - MINOR: applet: Automatically handle applets having more data for the stream
+ - MEDIUM: stats: Don't interrupt processing on partial post
+ - MAJOR: stats: Update HTTP stats applet to handle its own buffers
+ - MEDIUM: cache: Temporarily remove zero-copy forwarding support
+ - MAJOR: cache: Update HTTP cache applet to handle its own buffers
+ - MAJOR: cache: Send cached objects using zero-copy forwarding
+ - MINOR: stconn: Add support for flags during zero-copy forwarding negotiation
+ - MINOR: mux-h1: Be able to define the length of a chunk size when it is prepended
+ - MEDIUM: stconn: Nofify requested size during zero-copy forwarding nego is exact
+ - MINOR: mux-h1: Stop zero-copy forwarding during nego for too big requested size
+ - MEDIUM: mux-h1: Support zero-copy forwarding for chunks with an unknown size
+ - MAJOR: stats: Send stats dump over HTTP using zero-copy forwarding
+ - MEDIUM: applet: Simplify a bit API to exchange data with applets
+ - MINOR: cache: Remove unsed .data_sent field from the cache applet context
+ - MINOR: applet: Use an option to disable zero-copy forwarding for all applets
+ - MINOR: applet: Identify applets using their own buffers via a flag
- BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
- - BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
- MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
+ - BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
- BUG/MEDIUM: ocsp: Separate refcount per instance and per store
- BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
- BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
- - REGTESTS: ssl: Fix empty line in cli command input
- REGTESTS: ssl: Add OCSP related tests
+ - REGTESTS: ssl: Fix empty line in cli command input
- DOC: install: recommend pcre2
- DOC: config: fix misplaced "txn.conn_retries"
- DOC: config: fix typos for "bytes_{in,out}"
- DOC: config: fix misplaced "bytes_{in,out}"
+ - DOC: config: add more custom log format table alternatives
+ - MINOR: stream: rename "txn.redispatch" to "txn.redispatched"
+ - MINOR: sample: implement bc_{be,srv}_queue samples
+ - BUG/MINOR: mux-h2: count rejected DATA frames against the connection's flow control
+ - MINOR: mux-h2: count excess of CONTINUATION frames as a glitch
+ - MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch
- DOC: internal: update missing data types in peers-v2.0.txt
+ - MEDIUM: stick-tables: add a new stored type for glitch_cnt and glitch_rate
+ - MINOR: session: add the necessary functions to update the per-session glitches
+ - MEDIUM: mux-h2: update session trackers with number of glitches
+ - BUG/MINOR: server/cli: add missing LF at the end of certain notice/error lines
- BUG/MINOR: vars/cli: fix missing LF after "get var" output
- BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
+ - MINOR: cli: make sure to always print a pending message after release()
+ - MINOR: cli: always reset the applet task's timeout
+ - MINOR: cli: add a new "wait" command to wait for a certain delay
+ - BUG/MINOR: applet: Always release empty appctx buffers after processing
+ - MINOR: server: split the server deletion code in two parts
+ - MINOR: cli/wait: make the wait command support a more detailed help message
+ - MINOR: cli/wait: also support an unrecoverable failure status
+ - MINOR: cli/wait: also pass up to 4 arguments to the external conditions
+ - MINOR: cli/wait: add a condition to wait on a server to become unused
- CI: Update to actions/cache@v4
- BUILD: address a few remaining calloc(size, n) cases
- BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
- - BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
- - BUG/MEDIUM: quic: Wrong K CUBIC calculation.
- - MINOR: quic: Update K CUBIC calculation (RFC 9438)
- - MINOR: quic: Dynamic packet reordering threshold
- - MINOR: quic: Add a counter for reordered packets
- - BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
- - BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
- - CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
- - MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
- - MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
- - MINOR: muxes: Announce support for zero-copy forwarding on consumer side
- - BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
- - MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
- - BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
- - BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
- - BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
- - BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
-2024/01/31 : 2.9.4
- - BUG/MINOR: h3: fix checking on NULL Tx buffer
+2024/01/26 : 3.0-dev2
+ - MINOR: ot: logsrv struct becomes logger
+ - MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name
+ - CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec()
+ - DEV: patchbot: produce a verdict for too long commit messages
+ - CLEANUP: ssl: fix indentation in smp_fetch_ssl_fc_ec() (part 2)
+ - CLEANUP: quic: Double quic_dgram_parse() prototype declaration.
+ - BUG/MINOR: map: list-based matching potential ordering regression
+ - REGTESTS: add a test to ensure map-ordering is preserved
+ - DOC: config: fix typo about map_*_key converters
+ - DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay
+ - MINOR: map: mapfile ordering also matters for tree-based match types
+ - DEV: phash: add a trivial perfect hash generator for integers
+ - OPTIM: http: simplify http_get_status_idx() using a hash
+ - CLEANUP: http: avoid duplicating literals in find_http_meth()
+ - MINOR: http: add infrastructure to choose status codes for err / fail
+ - MEDIUM: http_act: check status codes against the bit fields for err/fail
+ - MEDIUM: http: add the ability to redefine http-err-codes and http-fail-codes
+ - CI: codespell: ignore some words in URLs
+ - CI: codespell: add more words to whitelist
+ - CLEANUP: fix spelling of "occured" in src/h3.c
+ - BUILD: quic: missing include for quic_tp
+ - BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
+ - MEDIUM: ssl: allow multiple fallback certificate to allow ECDSA/RSA selection
+ - MEDIUM: ssl: generate '*' SNI filters for default certificates
+ - MEDIUM: ssl: does not use default_ctx for 'generate-certificate' option
+ - REORG: ssl: move 'generate-certificates' code to ssl_gencert.c
+ - DOC: configuration: update configuration on how to have multiple default certs
+ - MEDIUM: ssl: implements 'default-crt' keyword for bind Lines
+ - CI: github: update wolfSSL to 5.6.6
+ - DOC: INSTALL: require at least WolfSSL 5.6.6
+ - DEV: h2: add support for multiple flags in mkhdr
+ - DEV: h2: support hex-encoded data sequences in mkhdr
+ - BUG/MINOR: mux-h2: also count streams for refused ones
+ - BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
+ - MINOR: vars: fix indentation in var_clear_buffer()
- DOC: configuration: fix set-dst in actions keywords matrix
- BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
- MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
+ - MINOR: mux-h2: add a counter of "glitches" on a connection
+ - MINOR: connection: add a new mux_ctl to report number of connection glitches
+ - MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES
+ - MINOR: connection: add sample fetches to report per-connection glitches
+ - BUILD: stick-table: fix build error on 32-bit platforms
+ - MINOR: quic: Transport parameters encoding without version_information
+ - MINOR: quic: Enable early data at SSL session level (aws-lc)
+ - MINOR: ssl_sock: Early data disabled during SSL_CTX switching (aws-lc)
+ - MINOR: quic: Correctly wait for the completion of handshakes with early data (aws-lc)
- BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
- BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
+ - BUILD: quic: fix build error when using the compatibility layer
+ - BUILD: quic: Fix build error when building QUIC against wolfssl.
+ - BUILD: quic: Fix build error when building QUIC against libressl.
- BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
+ - CLEANUP: hlua: fix indent, remove extra return in hlua_core_get_var()
- BUG/MEDIUM: cache: Fix crash when deleting secondary entry
- BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available
- CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
- MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
- MINOR: quic: extract qc_stream_buf free in a dedicated function
- BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
- - DOC: configuration: clarify http-request wait-for-body
- - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
- - MINOR: h3: add traces for stream sending function
- - BUG/MEDIUM: h3: do not crash on invalid response status code
- - BUG/MEDIUM: qpack: allow 6xx..9xx status codes
- - BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
- - BUG/MINOR: h1: Don't support LF only at the end of chunks
- - BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
- - DOC: httpclient: add dedicated httpclient section
- - BUG/MINOR: h1-htx: properly initialize the err_pos field
- - BUG/MEDIUM: h1: always reject the NUL character in header values
-
-2024/01/18 : 2.9.3
- - BUILD: quic: missing include for quic_tp
- - BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
- - BUG/MINOR: mux-h2: also count streams for refused ones
- - BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
-
-2024/01/11 : 2.9.2
+ - CLEANUP: fix spelling of "elemt"
+ - CI: extend spell check white list
+ - CI: enable spell check on git push
+ - BUILD: makefile: also define cmd_CXX to pretty-print C++ build commands
+ - BUILD/MEDIUM: deviceatlas: addon build rework.
+ - DOC: deviceatlas: update to be in line with the v3 api.
+ - BUILD/MEDIUM: deviceatlas: updating the addon part.
+ - BUILD: deviceatlas: remove unneeded depenency on libcurl / libzip
+ - BUILD: deviceatlas: fix empty "-I" left on CFLAGS
+ - Revert "CI: enable spell check on git push"
+
+2024/01/06 : 3.0-dev1
+ - MINOR: channel: Use dedicated functions to deal with STREAMER flags
+ - MEDIUM: applet: Handle channel's STREAMER flags on applets size
+ - MINOR: applets: Use channel's field to compute amount of data received
+ - MEDIUM: cache: Save body size of cached objects and track it on delivery
+ - MEDIUM: cache: Add support for endp-to-endp fast-forwarding
+ - MINOR: cache: Add global option to enable/disable zero-copy forwarding
+ - MINOR: pattern: Use reference name as filename to read patterns from a file
+ - MEDIUM: pattern: Add support for virtual and optional files for patterns
+ - DOC: config: Add section about name format for maps and ACLs
+ - DOC: management/lua: Update commands about map and acl
+ - MINOR: promex: Add support for specialized front/back/li/srv metric names
+ - MINOR: promex: Export active/backup metrics per-server
+ - BUG/MINOR: ssl: Double free of OCSP Certificate ID
+ - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
+ - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
+ - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
+ - DOC: configuration: typo req.ssl_hello_type
+ - MINOR: hq-interop: add fastfwd support
+ - CLEANUP: mux_quic: rename ffwd function with prefix qmux_strm_
+ - MINOR: mux-quic: add traces for 0-copy/fast-forward
+ - BUG/MINOR: mworker/cli: fix set severity-output support
+ - CLEANUP: mworker/cli: add comments about pcli_find_and_exec_kw()
+ - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
+ - BUILD: ssl: update types in wolfssl cert selection callback
+ - MINOR: ssl: activate the certificate selection callback for WolfSSL
+ - CI: github: switch to wolfssl git-c4b77ad for new PR
+ - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
+ - BUG/MINOR: ext-check: cannot use without preserve-env
+ - CLEANUP: mux-quic: remove unused prototype
+ - MINOR: mux-quic: clean up qcs Rx buffer allocation API
+ - MINOR: mux-quic: clean up qcs Tx buffer allocation API
+ - CLEANUP: mux-quic: clean up app ops callback definitions
+ - MINOR: mux-quic: factorize QC_SF_UNKNOWN_PL_LENGTH set
+ - MINOR: h3: complete traces for sending
+ - MINOR: h3: adjust zero-copy sending related code
+ - MINOR: hq-interop: use zero-copy to transfer single HTX data block
+ - BUG/MEDIUM: quic: QUIC CID removed from tree without locking
+ - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side
+ - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
+ - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally
+ - CLEANUP: mux-h1: Fix a trace message about C-L header addition
+ - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
+ - BUG/MEDIUM: mux-quic: report early error on stream
+ - DOC: config: add arguments to sample fetch methods in the table
+ - DOC: config: also add arguments to the converters in the table
- BUG/MINOR: resolvers: default resolvers fails when network not configured
+ - SCRIPTS: mk-patch-list: produce a list of patches
+ - DEV: patchbot: add the AI-based bot to pre-select candidate patches to backport
+ - BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
+ - BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
+ - BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
+ - BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
- DOC: config: Update documentation about local haproxy response
+ - DEV: patchbot: use checked buttons as reference instead of internal table
+ - DEV: patchbot: allow to show/hide backported patches
+ - MINOR: h3: remove quic_conn only reference
- BUG/MINOR: server: Use the configured address family for the initial resolution
+ - MINOR: mux-quic: remove qcc_shutdown() from qcc_release()
+ - MINOR: mux-quic: use qcc_release in case of init failure
+ - MINOR: mux-quic: adjust error code in init failure
+ - MINOR: h3: add traces for connection init stage
+ - BUG/MINOR: h3: properly handle alloc failure on finalize
+ - MINOR: h3: use INTERNAL_ERROR code for init failure
- BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error
- MINOR: stats: store the parent proxy in stats ctx (http)
- BUG/MEDIUM: stats: unhandled switching rules with TCP frontend
+ - MEDIUM: proxy: set PR_O_HTTP_UPG on implicit upgrades
+ - MINOR: proxy: monitor-uri works with tcp->http upgrades
+ - OPTIM: server: eb lookup for server_find_by_name()
+ - OPTIM: server: ebtree lookups for findserver_unique_* functions
- MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage
- MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype
- BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event
+ - MINOR: server: ensure connection cleanup on server addr changes
+ - CLEANUP: server/event_hdl: remove purge_conn hint in INETADDR event
+ - MEDIUM: server: merge srv_update_addr() and srv_update_addr_port() logic
+ - CLEANUP: server: remove unused server_parse_addr_change_request() function
+ - CLEANUP: resolvers: remove duplicate func prototype
+ - MINOR: resolvers: add unique numeric id to nameservers
+ - MEDIUM: server: make server_set_inetaddr() updater serializable
+ - MINOR: server/event_hdl: expose updater info through INETADDR event
+ - MINOR: server: add dns hint in server_inetaddr_updater struct
+ - MEDIUM: server/dns: clear RMAINT when addr resolves again
+ - BUG/MINOR: server/dns: use server_set_inetaddr() to unset srv addr from DNS
+ - BUG/MEDIUM: server/dns: perform svc_port updates atomically from SRV records
+ - MEDIUM: peers: use server as stream target
+ - CLEANUP: peers: remove unused sock_init_arg struct member
+ - CLEANUP: peers: remove unused "proto" and "xprt" struct members
+ - MINOR: peers: rely on srv->addr and remove peer->addr
+ - DOC: config: add context hint for server keywords
+ - MINOR: stktable: add table_process_entry helper function
+ - MINOR: stktable: use {show,set,clear} table with ptr
+ - MINOR: map: add map_*_key converters to provide the matching key
- DOC: fix typo for fastfwd QUIC option
- BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission
+ - MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS
- BUG/MINOR: mux-quic: disable fast-fwd if connection on error
- BUG/MINOR: quic: Wrong keylog callback setting.
- BUG/MINOR: quic: Missing call to TLS message callbacks
- MINOR: h3: check connection error during sending
- BUG/MINOR: h3: close connection on header list too big
- - MINOR: h3: add traces for connection init stage
- - BUG/MINOR: h3: properly handle alloc failure on finalize
- BUG/MINOR: h3: close connection on sending alloc errors
- BUG/MINOR: h3: disable fast-forward on buffer alloc failure
+ - Revert "MINOR: mux-quic: Disable zero-copy forwarding for send by default"
+ - MINOR: stktable: stktable_data_ptr() cannot fail in table_process_entry()
+ - CLEANUP: assorted typo fixes in the code and comments
- CI: use semantic version compare for determing "latest" OpenSSL
+ - CLEANUP: server: remove ambiguous check in srv_update_addr_port()
+ - CLEANUP: resolvers: remove unused RSLV_UPD_OBSOLETE_IP flag
+ - CLEANUP: resolvers: remove some more unused RSLV_UDP flags
+ - MEDIUM: server: simplify snr_set_srv_down() to prevent confusions
+ - MINOR: backend: export get_server_*() functions
+ - MINOR: tcpcheck: export proxy_parse_tcpcheck()
+ - MEDIUM: udp: allow to retrieve the frontend destination address
- MINOR: global: export a way to list build options
- MINOR: debug: add features and build options to "show dev"
+ - BUG/MINOR: server: fix server_find_by_name() usage during parsing
- REGTESTS: check attach-srv out of order declaration
- CLEANUP: quic: Remaining useless code into server part
- BUILD: quic: Missing quic_ssl.h header protection
- BUG/MEDIUM: h3: fix incorrect snd_buf return value
+ - MINOR: h3: do not consider missing buf room as error on trailers
- BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable
- BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego
- BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up
- MINOR: mux-h2: support limiting the total number of H2 streams per connection
- - MINOR: ot: logsrv struct becomes logger
- - MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name
- - CLEANUP: quic: Double quic_dgram_parse() prototype declaration.
- - BUG/MINOR: map: list-based matching potential ordering regression
- - REGTESTS: add a test to ensure map-ordering is preserved
- - DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay
-
-2023/12/15 : 2.9.1
- - BUG/MINOR: ssl: Double free of OCSP Certificate ID
- - MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
- - BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
- - BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
- - DOC: configuration: typo req.ssl_hello_type
- - BUG/MINOR: mworker/cli: fix set severity-output support
- - BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
- - BUILD: ssl: update types in wolfssl cert selection callback
- - BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
- - BUG/MINOR: ext-check: cannot use without preserve-env
- - MINOR: version: mention that it's stable now
- - BUG/MEDIUM: quic: QUIC CID removed from tree without locking
- - BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side
- - BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
- - BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally
- - CLEANUP: mux-h1: Fix a trace message about C-L header addition
- - BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
- - BUG/MEDIUM: mux-quic: report early error on stream
- - DOC: config: add arguments to sample fetch methods in the table
- - DOC: config: also add arguments to the converters in the table
+ - CLEANUP: mux-h2: remove the printfs from previous commit on h2 streams limit.
+ - DEV: h2: add the ability to emit literals in mkhdr
+ - DEV: h2: add the preface as well in supported output types
+ - DEV: h2: support passing raw data for a frame
+ - IMPORT: ebtree: implement and use flsnz_long() to count bits
+ - IMPORT: ebtree: switch the sizes and offsets to size_t and ssize_t
+ - IMPORT: ebtree: rework the fls macros to better deal with arch-specific ones
+ - IMPORT: ebtree: make string_equal_bits turn back to unsigned char
+ - IMPORT: ebtree: use unsigned ints for flznz()
+ - IMPORT: ebtree: make string_equal_bits() return an unsigned
+
+2023/12/05 : 3.0-dev0
+ - exact copy of 2.9.0
2023/12/05 : 2.9.0
- DOC: config: add missing colon to "bytes_out" sample fetch keyword (2)