Summary

2022/08/30 : 2.3r1 (1.0.0-251.618) 2022/07/29 : 2.3r1 (1.0.0-250.618) - BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized 2022/05/12 : 2.3r1 (1.0.0-248.617) - MINOR: mux-h2: report a trace event when failing to create a new stream - BUG/MINOR: mux-h2: mark the stream as open before processing it not after - BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket 2022/05/05 : 2.3r1 (1.0.0-248.614) - BUILD: proto_uxst: do not set unused flag - BUILD: sockpair: do not set unused flag - BUILD: fd: remove unused variable totlen in fd_write_frag_line() - CLEANUP: acl: Remove unused variable when releasing an acl expression - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments - DOC: remove my name from the config doc - BUG/MINOR: cache: Disable cache if applet creation fails - SCRIPTS: announce-release: add shortened links to pending issues - DOC: lua: update a few doc URLs - SCRIPTS: announce-release: update the doc's URL - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side - BUG/MINOR: cache: do not display expired entries in "show cache" - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent - CI: cirrus: switch to FreeBSD-13.0 - CI: Update to actions/cache@v3 - CI: Update to actions/checkout@v3 - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests - CI: github actions: update OpenSSL to 3.0.2 - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream - BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads - DOC: reflect H2 timeout changes - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts - MEDIUM: mux-h2: slightly relax timeout management rules - BUG/MEDIUM: stream-int: do not rely on the connection error once established 2022/03/29 : 2.3r1 (1.0.0-247.582) - HAPEE: update backported HAPEE patches - DOC: config: Explictly add supported MQTT versions - MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 - BUG/MEDIUM: mux-h1: Properly detect full buffer cases when adding EOM block - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing - BUG/MINOR: tools: url2sa reads too far when no port nor path - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf - CI: github actions: switch to LibreSSL-3.5.1 2022/03/25 : 2.3r1 (1.0.0-246.572) - BUG/MINOR: tools: fix url2sa return value with IPv4 2022/03/17 : 2.3r1 (1.0.0-246.571) 2022/03/14 : 2.3r1 (1.0.0-245.571) - BUILD: tree-wide: mark a few numeric constants as explicitly long long - DOC: Fix usage/examples of deprecated ACLs - BUG/MINOR: stream: make the call_rate only count the no-progress calls - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - DEBUG: stream: Fix stream trace message to print response buffer state - DEBUG: stream: Add the missing descriptions for stream trace events - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request - BUG/MINOR: cli: shows correct mode in "show sess" - BUG/MINOR: add missing modes in proxy_mode_str() 2022/03/01 : 2.3r1 (1.0.0-245.557) - CI: github actions: use cache for SSL libs - CI: github actions: add the output of $CC -dM -E- - BUILD/MINOR: sched: drop the DEBUG_TASK parts from latest fix - REGTESTS: fix the race conditions in secure_memcmp.vtc - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks - BUG/MINOR: task: do not set TASK_F_USR1 for no reason - CLEANUP: atomic: add a fetch-and-xxx variant for common operations 2022/02/25 : 2.3r1 (1.0.0-245.550) - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message - BUG/MINOR: tools: url2sa reads ipv4 too far - BUG/MINOR: mailers: negotiate SMTP, not ESMTP - CI: github actions: update OpenSSL to 3.0.1 - CI: github: switch to OpenSSL 3.0.0 - CI: github actions: relax OpenSSL-3.0.0 version comparision - CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 - CI: github actions: add OpenSSL-3.0.0 builds - BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 - BUILD: fix compilation for OpenSSL-3.0.0-alpha17 - CI: ssl: keep the old method for ancient OpenSSL versions - CI: ssl: do not needlessly build the OpenSSL docs - CI: ssl: enable parallel builds for OpenSSL on Linux - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names - BUG/MINOR: sink: Use the right field in appctx context in release callback - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload - BUG/MEDIUM: mworker: close unused transferred FDs on load failure - MINOR: sock: move the unused socket cleaning code into its own function - BUG/MAJOR: spoe: properly detach all agents when releasing the applet - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies - BUG/MEDIUM: listener: read-lock the listener during accept() - MINOR: listener: replace the listener's spinlock with an rwlock - BUG/MINOR: mworker: does not erase the pidfile upon reload - BUG/MEDIUM: mworker: don't lose the stats socket on failed reload - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them - BUG/MEDIUM: mcli: do not try to parse empty buffers - BUG/MEDIUM: cli: Never wait for more data on client shutdown - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands - MINOR: channel: add new function co_getdelim() to support multiple delimiters - MEDIUM: cli: yield between each pipelined command - BUILD/MINOR: fix solaris build with clang. - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer - DOC/MINOR: fix typo in management document 2022/01/13 : 2.3r1 (1.0.0-245.513) - BUG/MINOR: ssl: free the fields in srv->ssl_ctx - CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free - REGTESTS: ssl: fix ssl_default_server.vtc - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server - BUG/MINOR: ssl: Default-server configuration ignored by server - BUG/MEDIUM: mworker: don't use _getsocks in wait mode - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry - BUG/MINOR: cli: fix _getsocks with musl libc - BUILD/MINOR: tools: solaris build fix on dladdr. - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning - DOC: fix misspelled keyword "resolve_retries" in resolvers - BUILD: ssl: unbreak the build with newer libressl - BUILD: cli: clear a maybe-unused warning on some older compilers - BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode - BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose - BUG/MINOR: backend: do not set sni on connection reuse - MINOR: pools: work around possibly slow malloc_trim() during gc - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode - DOC: config: retry-on list is space-delimited - DOC: config: Specify %Ta is only available in HTTP mode - DOC: spoe: Clarify use of the event directive in spoe-message section - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types - MINOR: cli: "show version" displays the current process version - REGTESTS: mark the abns test as broken again - MINOR: ssl: make tlskeys_list_get_next() take a list element - CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() - CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() - MEDIUM: task: extend the state field to 32 bits - CI: Github Actions: temporarily disable BoringSSL builds - CI: Github Actions: switch to LibreSSL-3.3.3 - CI: github actions: update LibreSSL to 3.2.5 - Revert "CI: Pin VTest to a known good commit" - CI: github actions: switch to stable LibreSSL release - CI: Fix the coverity builds - CI: Fix DEBUG_STRICT definition for Coverity - CI: Pin VTest to a known good commit - CI: github actions: build several popular "contrib" tools - CI: GitHub Actions: enable daily Coverity scan - CI: github actions: enable 51degrees feature - CI: github actions: update LibreSSL to 3.3.0 - CI: Set DEBUG=-DDEBUG_STRICT=1 in GitHub Actions - CI: Clean up Windows CI - CI: Pass the github.event_name to matrix.py - CI: Github Action: run "apt-get update" before packages restore - CI: Github Actions: enable BoringSSL builds - CI: Github Actions: remove LibreSSL-3.0.2 builds - CI: Github Actions: enable prometheus exporter - CI: Make the h2spec workflow more consistent with the VTest workflow - CI: Stop hijacking the hosts file - CI: Expand use of GitHub Actions for CI - DOC: configuration: issuers-chain-path only applies to bind lines 2021/12/29 : 2.3r1 (1.0.0-245.462) - BUG/MAJOR: ssl: free of incorrect ptr in ssl_sess_new_srv_cb() 2021/12/07 : 2.3r1 (1.0.0-245.461) - BUG/MEDIUM: ssl: Properly release the SNI when the server ctx is freed 2021/12/02 : 2.3r1 (1.0.0-245.460) - BUG/MAJOR: segfault using multiple log forward sections. - BUG/MEDIUM: resolvers: Detach query item on response error - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time 2021/11/25 : 2.3r1 (1.0.0-245.457) - BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 - MINOR: shctx: add a few BUG_ON() for consistency checks - BUG/MINOR: shctx: do not look for available blocks when the first one is enough - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found - BUG/MEDIUM: mux-h2: always process a pending shut read - BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found - MINOR: mux-h2: perform a full cycle shutdown+drain on close - MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close - BUG/MINOR: stick-table/cli: Check for invalid ipv6 key - BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent - BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value - BUG/MINOR: mworker: doesn't launch the program postparser - BUG/MEDIUM: conn-stream: Don't reset CS flags on close - DOC: lua: Be explicit with the Reply object limits - Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" - BUG/MINOR: http-ana: Apply stop to the current section for http-response rules - DOC: config: Fix typo in ssl_fc_unique_id description - BUG/MEDIUM: mux-h1: Fix H1C_F_ST_SILENT_SHUT value - HAPEE: update backported, hapee and dropped - BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data - SCRIPTS: git-show-backports: re-enable file-based filtering - DOC/peers: some grammar fixes for peers 2.1 spec - MINOR: stream: Improve dump of bogus streams - MINOR: halog: Add support for extracting captures using -hdr - BUG/MINOR: halog: Add missing newlines in die() messages - CLEANUP: halog: Use consistent indentation in help() - MINOR: halog: Rename -qry to -query - DOC: halog: Move the `-qry` parameter into the correct section in help text - MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX - DOC: config: Fix alphabetical order of fc_* samples - BUG/MINOR: sample: fix backend direction flags consecutive to last fix - BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags - BUG/MINOR: vars: properly set the argument parsing context in the expression - MINOR: sample: add missing ARGC_ entries - BUG/MINOR: vars: improve accuracy of the rules used to check expression validity - BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data - BUG/MINOR: http: Authorization value can have multiple spaces after the scheme - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration - BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions - BUG/MEDIUM: resolvers: Don't recursively perform requester unlink - MEDIUM: resolvers: remove the last occurrences of the "safe" argument - MEDIUM: resolvers: use a kill list to preserve the list consistency - CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT - CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters - CLEANUP: always initialize the answer_list - CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records() - BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released - BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed - BUILD: fix compilation on NetBSD - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame - BUG/MAJOR: buf: fix varint API post- vs pre- increment - BUG/MEDIUM: resolvers: always check a valid item in query_list - BUILD: resolvers: avoid a possible warning on null-deref - BUG/MAJOR: resolvers: add other missing references during resolution removal - MINOR: resolvers: merge address and target into a union "data" - BUG/MEDIUM: resolvers: use correct storage for the target address - BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix - MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero - BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records - BUG/MEDIUM: resolver: make sure to always use the correct hostname length - MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero - BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors 2021/10/19 : 2.3r1 (1.0.0-245.395) - BUG/MEDIUM: sample: properly verify that variables cast to sample - MINOR: sample: provide a generic var-to-sample conversion function - CLEANUP: sample: uninline sample_conv_var2smp_str() - CLEANUP: sample: rename sample_conv_var2smp() to *_sint - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error - BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back - MINOR: initcall: Rename __GLOBL and __GLOBL1. - BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary - MINOR: htx: Add a function to know if the free space wraps - MINOR: htx: Add an HTX flag to know when a message is fragmented - BUILD: hapee/modules: select either md5 or md5sum 2021/10/08 : 2.3r1 (1.0.0-243.383) - BUG/MEDIUM: leastconn: fix rare possibility of divide by zero - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release - MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue() - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing - MINOR: arg: Be able to forbid unresolved args when building an argument list - BUG/MAJOR: lua: use task_wakeup() to properly run a task once - BUG/MEDIUM: lua: fix wakeup condition from sleep() - DOC: peers: fix doc "enable" statement on "peers" sections - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers" - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer - BUG/MINOR: http-ana: increment internal_errors counter on response error - BUG/MINOR: h1-htx: Fix a typo when request parser is reset - BUG/MINOR: server: allow 'enable health' only if check configured 2021/09/20 : 2.3r1 (1.0.0-243.366) - BUG/MINOR: cli/payload: do not search for args inside payload - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc - DOC: management: certificate files must be sanitized before injection - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check - MINOR: pools: use mallinfo2() when available instead of mallinfo() - MINOR: pools: automatically disable malloc_trim() with external allocators - CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools() - BUG/MINOR: compat: make sure __WORDSIZE is always defined - Revert "REGTESTS: mark http_abortonclose as broken" - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached - BUG/MINOR: systemd: ExecStartPre must use -Ws - BUG/MINOR: filters: Set right FLT_END analyser depending on channel - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered - BUG/MINOR: lua: Don't yield in channel.append() and channel.set() - BUG/MINOR: lua: Yield in channel functions only if lua context can yield - MINOR: lua: Add a flag on lua context to know the yield capability at run time - REGTESTS: mark http_abortonclose as broken - MINOR: action: Use a generic function to check validity of an action rule list - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" 2021/09/07 : 2.3r1 (1.0.0-243.345) 2021/09/03 : 2.3r1 (1.0.0-242.345) - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer - CLEANUP: htx: remove comments about "must be < 256 MB" - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB - DOC: configuration: remove wrong tcp-request examples in tcp-response - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser - CLEANUP: Add missing include guard to signal.h - BUG/MINOR: tools: Fix loop condition in dump_text() - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords - MINOR: compiler: implement an ONLY_ONCE() macro - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions - REGTESTS: abortonclose: after retries, 503 is expected, not close - BUG/MEDIUM: sock: really fix detection of early connection failures in for 2.3- 2021/08/20 : 2.3r1 (1.0.0-242.330) - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path 2021/08/13 : 2.3r1 (1.0.0-241.329) - REGTESTS: add a test to prevent h2 desync attacks - BUG/MEDIUM: h2: give :authority precedence over Host - BUG/MAJOR: h2: enforce checks on the method syntax before translating to HTX - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax - MINOR: http: add a new function http_validate_scheme() to validate a scheme - BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check - MINOR: hapee: update list of patches backported from 2.4 - BUILD/MINOR: memprof fix macOs build. - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued - DOC: config: Fix 'http-response send-spoe-group' documentation - DOC: Improve the lua documentation - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer - BUG/MINOR: buffer: fix buffer_dump() formatting - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure - BUG/MINOR: server: update last_change on maint->ready transitions too - BUG/MINOR: pollers: always program an update for migrated FDs - BUG/MINOR: poll: fix abnormally high skip_fd counter - BUG/MINOR: select: fix excess number of dead/skip reported - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before - BUG/MINOR: connection: Add missing error labels to conn_err_code_str - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames - BUG/MINOR: mux-h2: Obey dontlognull option during the preface - BUG/MINOR: systemd: must check the configuration using -Ws - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree - BUG/MINOR: check: fix the condition to validate a port-less server - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected - BUILD: lua: silence a build warning with TCC - BUILD: add detection of missing important CFLAGS 2021/07/09 : 2.3r1 (1.0.0-239.297) - MINOR: hapee: .hapee/backports renamed to .hapee/backported - MINOR: hapee: Update the list of backported patches - BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header - BUG/MINOR: mqtt: Support empty client ID in CONNECT message - BUG/MINOR: mqtt: Fix parser for string with more than 127 characters - BUG/MAJOR: pools: second fix for incomplete backport of lockless pool fix - BUG/MAJOR: pools: fix incomplete backport of lockless pool fix - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response() - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response - BUG/MINOR: resolvers: Always attach server on matching record on resolution - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task() - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled - BUG/MINOR: server-state: load SRV resolution only if params match the config - DOC: config: use CREATE USER for mysql-check - DOC: peers: fix the protocol tag name in the doc - DOC: stick-table: add missing documentation about gpt0 stored type - BUG/MINOR: stick-table: fix several printf sign errors dumping tables - BUG/MINOR: cli: fix server name output in "show fd" - BUG/MEDIUM: sock: make sure to never miss early connection failures - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules - BUG/MINOR: checks: return correct error code for srv_parse_agent_check - DOC: config: Add missing actions in "tcp-request session" documentation - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules - REGTESTS: fix maxconn update with agent-check - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check - BUG/MINOR: server/cli: Fix locking in function processing "set server" command - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item - BUG/MINOR: resolvers: answser item list was randomly purged or errors 2021/06/21 : 2.3r1 (1.0.0-239.260) - BUILD: cfgparse-ssl: Remove const from defpx param in keylog parsing function - BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected broken - MINOR: mux-h2: obey http-ignore-probes during the preface - BUG/MINOR: stats: make "show stat typed desc" work again - MINOR: backend: only skip LB when there are actual connections - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue - BUG/MINOR: mworker: fix typo in chroot error message - BUG/MINOR: ssl: use atomic ops to update global shctx stats - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id - DOC: lua: Add a warning about buffers modification in HTTP - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded - CLEANUP: pools: remove now unused seq and pool_free_list - BUG/MAJOR: pools: fix possible race with free() in the lockless variant - MEDIUM: pools: use a single pool_gc() function for locked and lockless - MINOR: pools: call malloc_trim() under thread isolation - MINOR: pools: do not maintain the lock during pool_flush() - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future - BUILD: make tune.ssl.keylog available again - DOC: use the req.ssl_sni in examples - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry - DOC/MINOR: move uuid in the configuration to the right alphabetical order - BUG/MINOR: lua/vars: prevent get_var() from allocating a new name - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree - BUG/MINOR: http: Missing calloc return value check in make_arg_list - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine - BUG/MINOR: peers: Missing calloc return value check in peers_register_table - BUG/MINOR: server: Missing calloc return value check in srv_parse_source - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry - REGTESTS: Add script to test abortonclose option - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set - MEDIUM: mux-h1: Don't block reads when waiting for the other side - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() 2021/05/11 : 2.3r1 (1.0.0-239.210) - MINOR: memprof: also report the totals and delta alloc-free - MINOR: memprof: also report the method used by each call - BUG/MINOR: memprof: properly account for differences for realloc() - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD - BUILD: memprof: make the old caller pointer a const in get_prof_bin() - DOC: ssl: Add information about crl-file option - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry - BUG/MINOR: stream: properly clear the previous error mask on L7 retries - BUG/MINOR: stream: Decrement server current session counter on L7 retry - BUG/MEDIUM: dns: reset file descriptor if send returns an error 2021/05/07 : 2.3r1 (1.0.0-239.197) - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc() - BUILD: activity: do not include malloc.h - MINOR: hapee: Update the list of backported patches - BUILD: makefile: add new option USE_MEMORY_PROFILING - MINOR: activity: add the profiling.memory global setting - MINOR: activity: make "show profiling" also dump the memoery usage - MINOR: activity: make "show profiling" support a few arguments - MINOR: activity: clean up the show profiling io_handler a little bit - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING - MINOR: activity: declare the storage for memory usage statistics - MINOR: activity: add a "memory" entry to "profiling" - MINOR: tools: add functions to retrieve the address of a symbol 2021/05/05 : 2.3r1 (1.0.0-239.185) - MINOR: debug: add a new "debug dev sym" command in expert mode - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS - MEDIUM: pools: call malloc_trim() from pool_gc() - MINOR: compat: automatically include malloc.h on glibc - BUG/MINOR: ssl/cli: fix a lock leak when no memory available - BUG/MEDIUM: cli: prevent memory leak on write errors - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - REGTESTS: add minimal CLI "add map" tests 2021/04/29 : 2.3r1 (1.0.0-239.177) - MINOR: hapee: Update the list of backported/hapee patches - DOC: general: fix example in set-timeout - REGTESTS: add regtest for http-request set-timeout - MINOR: stream: add timeout sample fetches - MINOR: stream: add sample fetches - MINOR: backend: add timeout sample fetches - MINOR: frontend: add client timeout sample fetch - MEDIUM: http_act: define set-timeout server/tunnel action - MEDIUM: stream: support a dynamic tunnel timeout - MEDIUM: stream: support a dynamic server timeout - MINOR: stream: prepare the hot refresh of timeouts - MINOR: action: define enum for timeout type of the set-timeout rule 2021/04/28 : 2.3r1 (1.0.0-239.165) - MINOR: peers: add informative flags about resync process for debugging - BUG/MEDIUM: peers: reset tables stage flags stages on new conns - BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly - BUG/MEDIUM: peers: reset commitupdate value in new conns - BUG/MEDIUM: peers: reset starting point if peers appears longly disconnected - BUG/MEDIUM: peers: stop considering ack messages teaching a full resync - BUG/MEDIUM: peers: register last acked value as origin receiving a resync req - BUG/MEDIUM: peers: initialize resync timer to get an initial full resync - MINOR: hapee: Update the list of backported/hapee patches - BUG/MINOR: ssl: ssl_sock_prepare_ssl_ctx does not return an error code - BUG/MINOR: applet: Notify the other side if data were consumed by an applet - BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message - BUG/MINOR: mux-fcgi: Don't send normalized uri to FCGI application - BUG/MEDIUM: peers: re-work refcnt on table to protect against flush - BUG/MEDIUM: peers: re-work connection to new process during reload. - BUG/MINOR: peers: remove useless table check if initial resync is finished - BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data - BUG/MINOR: mworker: don't use oldpids[] anymore for reload - BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases - BUG/MEDIUM: config: fix cpu-map notation with both process and threads - BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames - BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers - BUG/MINOR: server: free srv.lb_nodes in free_server - BUG/MINOR: mux-h1: Release idle server H1 connection if data are received - BUG/MINOR: logs: Report the true number of retries if there was no connection - BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function - BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded - BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check - MINOR: connection: Make bc_http_major compatible with tcp-checks - BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections - MINOR: logs: Add support of checks as session origin to format lf strings - BUG/MINOR: checks: Set missing id to the dummy checks frontend - BUG/MEDIUM: threads: Ignore current thread to end its harmless period - DOC: ssl: Certificate hot update only works on fronted certificates - BUG/MEDIUM: sample: Fix adjusting size in field converter - MINOR: No longer rely on deprecated sample fetches for predefined ACLs - DOC: clarify that compression works for HTTP/2 - BUG/MINOR: tools: fix parsing "us" unit for timers - CONTRIB: halog: fix issue with array of type char - REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken - DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options 2021/04/02 : 2.3r1 (1.0.0-239.124) - MINOR: hapee: Update list of dropped/hapee patches - REGTESTS: ssl: "set ssl cert" and multi-certificates bundle 2021/04/01 : 2.3r1 (1.0.0-239.122) - MINOR: hapee: fix the backports command line - BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields - BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one - BUG/MINOR: ssl: Fix update of default certificate - BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS - BUG/MINOR: tcp: fix silent-drop workaround for IPv6 - BUILD: backend: fix build breakage in idle conn locking fix - BUG/MEDIUM: time: make sure to always initialize the global tick - BUG/MINOR: stats: Apply proper styles in HTML status page. - BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv - MEDIUM: backend: use a trylock to grab a connection on high FD counts as well - BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent - BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters - MINOR: tools: make url2ipv4 return the exact number of bytes parsed - BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless - BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available. 2021/03/26 : 2.3r1 (1.0.0-239.106) 2021/03/24 : 2.3r1 (1.0.0-238.106) - CLEANUP: fd: remove unused fd_set_running_excl() - BUG/MEDIUM: fd: do not wait on FD removal in fd_delete() - MINOR: fd: remove the unneeded running bit from fd_insert() - MINOR: fd: make fd_clr_running() return the remaining running mask - MINOR: hapee: Update the list of backported/hapee patches - MINOR: ssl: add SSL_SERVER_LOCK label in threads.h - BUG/MEDIUM: lua: Always init the lua stack before referencing the context - BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback - MINOR: lua: Slightly improve function dumping the lua traceback - BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro - BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" - BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable - MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua - MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket - BUG/MINOR: protocol: add missing support of dgram unix socket. - BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable - MINOR: time: also provide a global, monotonic global_now_ms timer - BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback 2021/03/18 : 2.3r1 (1.0.0-238.88) - BUG/MINOR: sample: Rename SenderComID/TargetComID to SenderCompID/TargetCompID - MINOR: hapee: Update list of backports - BUG/MINOR: freq_ctr/threads: make use of the last updated global time - MINOR: time: export the global_now variable - BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames - MINOR: resolvers: Don't try to match immediatly renewed ADD items - MINOR: resolvers: Use milliseconds for cached items in resolver responses - BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set - BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks - MINOR: resolvers: Directly call srvrq_update_srv_state() when possible - MINOR: resolvers: Add function to change the srv status based on SRV resolution - MINOR: resolvers: Purge answer items when a SRV resolution triggers an error - MINOR: resolvers: Use a function to remove answers attached to a resolution - BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete - BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item - MINOR: resolvers: new function find_srvrq_answer_record() - BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item - BUG/MEDIUM: resolvers: Don't set an address-less server as UP - BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution - BUG/MINOR: resolvers: Reset server address on DNS error only on status change - BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error - Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record" - CLEANUP: tcp-rules: add missing actions in the tcp-request error message - BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check - BUG/MINOR: session: Add some forgotten tests on session's listener - BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters - BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check - BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached - BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw() - BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc. - OPTIM: task: automatically adjust the default runqueue-depth to the threads - MINOR: task: give the scheduler a bit more flexibility in the runqueue size - MEDIUM: task: remove the tasks_run_queue counter and have one per thread - MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks - MINOR: xprt: add new xprt_set_idle and xprt_set_used methods - MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1 - MINOR: task: add an application specific flag to the state: TASK_F_USR1 - BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake - MINOR: ssl: mark the SSL handshake tasklet as heavy - MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY - MEDIUM: backend: use a trylock when trying to grab an idle connection - MINOR: pools: double the local pool cache size to 1 MB - MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS - MEDIUM: streams: do not use the streams lock anymore - MINOR: streams: use one list per stream instead of a global one - MINOR: cli/streams: make "show sess" dump all streams till the new epoch - MINOR: stream: add an "epoch" to figure which streams appeared when - MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold - MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait - MINOR: dynbuf: make the buffer wait queue per thread - OPTIM: lb-leastconn: do not unlink the server if it did not change - OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn - OPTIM: lb-first: do not take the server lock on take_conn/drop_conn - MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock - MINOR: server: move actconns to the per-thread structure - OPTIM: server: switch the actconn list to an mt-list - MINOR: listener: refine the default MAX_ACCEPT from 64 to 4 - MINOR: tasks: refine the default run queue depth - BUG/MEDIUM: session: NULL dereference possible when accessing the listener - MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs - MINOR: atomic: add armv8.1-a atomics variant for cas-dw - BUG/MINOR: mt-list: always perform a cpu_relax call on failure - REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h - BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode - BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring() - BUG/MINOR: backend: fix condition for reuse on mode HTTP - BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout - BUG/MINOR: mux-h2: Fix typo in scheme adjustment - DOC: spoe: Add a note about fragmentation support in HAProxy - BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1 - BUG/MINOR: connection: Use the client's dst family for adressless servers - BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule - BUG/MINOR: http-ana: Only consider dst address to process originalto option - BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf() - BUG/MINOR: stats: fix compare of no-maint url suffix - CLEANUP: muxes: Remove useless if condition in show_fd function - BUG/MEDIUM: resolvers: Reset address for unresolved servers - BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records - BUG/MINOR: resolvers: new callback to properly handle SRV record errors - BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record - BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned - BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl() - BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal - BUG/MEDIUM: cli/shutdown sessions: make it thread-safe - BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop - BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe - BUG/MINOR: sample: secure convs that accept base64 string and var name as args - MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes 2021/03/16 : 2.3r1 (1.0.0-238.0) 2021/03/01 : 2.3r1 (1.0.0-237.0)