Hi,
HAProxy 1.7.0 was released on 2016/11/25. It added 107 new commits
after version 1.7-dev6. Most of them were late minor bug fixes and code
cleanups. Over the last two weeks we finally managed to clean a lot of
historical mess, just by splitting some huge code parts into several
files, or moving them into the appropriate file. It's better done
before than after a release since it will make backports easier for the
maintenance branch. To be honnest there's nothing outstanding compared
to 1.7-dev6 so I won't comment on these very latest changes.
Haproxy 1.7 now is what I would have liked 1.6 to be, and is what I
consider the cleanest version we've ever produced. When 1.6 was released
one year ago, I predicted that we'd face one year worth of bug fixes due
to the important changes that were brought to the connection management,
and it indeed took almost one year to get rid of all of them. Now we
mostly focused on fixes, cleanups and modularity, but not on earth-shaking
changes.
It's interesting to note that among the 706 commits that were produced
between 1.6.0 and 1.7.0, no less than 207 were bug fixes (roughly 1/3),
around 70 were build fixes and code reorganizations, and around 60 were
doc updates, so 1.7 was where the fixes for 1.6 were developped, and that
brings it its current level of maturity. We have almost not observed any
1.7-specific regression during its development for now which is a very
good sign of the code becoming more modular and much less tricky than
what it used to be. We had to emit 1.6.1 only one week after 1.6.0 due
to a major bug, I bet we'll be able to wait longer before requiring such
an update, time will tell.
Despite this it still brings quite some significant improvements over
1.6 :
- significant improvements of the CLI : it is now possible to easily
register new commands without causing some inter-dependencies between
the CLI code and the functional code, so we could already improve a
large number of commands with better help and extra arguments. In
addition to this, the Lua code can also register CLI commands, pushing
the limits as far as your imagination goes.
- typed statistics : will make it easier to aggregate statistics over
multiple processes. Additionally, all the fields that used to be
available in HTML are now also exported in the CSV output, such as
the server's address and port, cookie, average response times, etc.
- SPOE (stream processing offload engine) : ability to delegate some
slow, unreliable or dangerous processing to external processes,
ensuring it will be much less necessary to touch the core parts to
add new features, and that some parts could possibly work across
multiple versions.
- filters : these are a new type of internal hooks to many events and
around most analysers in order to plug code that can manipulate data
and headers. The compression was moved to a filter, and it will be
easy to write new code using filters. SPOE was built entirely as a
filter.
- log-format : the parser now honnors error processing. It's been a
huge source of complaints over the last few years where some log
fields were empty because improperly typed in the config, but the
much more modular architecture now made this possible.
- support of directories for config files : now if the argument to -f
is a directory, all files found there are loaded in alphabetical
order. Additionally, files can be specified after "--" without having
to repeat "-f".
- config : it is now possible to set/unset/preset environment variables
directly in the global section, and even to consult them on the CLI.
- init-addr : it is now possible to decide in which order the FQDN
should be resolved on "server" lines, and even accept to start with
no address, waiting for a run-time resolution.
- server update on the CLI : the CLI makes it possible to change a
server's address, port, maxconn, check address and port so that it
is not required anymore to reload haproxy just to update an address.
In conjunction with init-addr, it even allows to pre-populate some
server pools that are filled at run time.
- state change via the DNS : a valid DNS resolution can now start a
server, and repeated failures can stop it (configurable). This is
another step in the direction of a more dynamic configuration.
- agent-check : an agent can now change the server's maxconn setting. A
server may now take its own load into consideration when deciding what
its connection limit should be.
- support for OpenSSL 1.1.0 : this makes this new version future-proof
given that 1.1.0 is about to ship in some future distros. Compatibility
with older versions was validated on 0.9.8, 1.0.1 and 1.0.2.
- support of multi-certs : different certificates for a same domain so
that the best one can be picked according to browser support. The main
use is to be able to deliver ECDSA certificates to clients supporting
them, without breaking compatibility with older clients.
- updates to support OpenBSD 5.7. This brings accept4() and a few other
features I've totally forgotten.
- WURFL : this is another device detection engine, made by Scientiamobile.
Now we have 3 of them (DeviceAtlas and 51Degrees being the two others),
users will have a broad choice to compare based on their needs. Nothing
technically prevents them from being built in together.
- 51Degrees moved to a new API (v3) which is supposedly faster and cleaner,
it's different from v2 used in haproxy 1.6 so the lib has to be rebuilt
but the databases remain compatible.
- performance improvements : version 1.7 is about 10% faster than 1.6
on large requests or responses thanks to some speed ups in the HTTP
message parser.
- peers v2.1 : a small, backwards compatible, upgrade to the peers
protocol has consisted in transmitting expiration dates so that old
entries are not constantly refreshed upon reloads. This is important
for people who reload often.
- stick-tables : now support automatic type casting on the input sample.
This avoids a useless conversion to a string which can possibly lose
some information sometimes and which is not efficient. Now the tables
use the native sample type. It's also faster to perform lookups.
- hash-balance-factor : the consistent hash can now improve the balancing
to avoid a single node being overloaded. It progressively spreads the
excess load to adjacent nodes when the load difference is above a
configurable threshold. Very useful for large cache farms.
- "tcp-request session" rules : it was often painful not to be able to
track an IP address transferred via the proxy protocol without having
to pollute the "tcp-request content" rules which are called for each
request in case of HTTP keep-alive. This is now possible. It will also
be possible to take early decisions based on SSL layer information.
- a number of new actions, like "set-src", "set-dst", etc... which make
it possible to assign the source and destination addresses to what was
found in a HTTP header for example. This can also be used to build an
explicit (non-resolving) proxy when running in transparent mode.
- on Linux kernels 4.2 and above, IP_BIND_ADDRESS_NO_PORT is used on
outgoing connections so that the kernel knows it can reuse the same
source port. This is useful when dealing with hundreds of thousands
of concurrent connections.
- SO_REUSEPORT is now configurable and can be disabled. Some people
indeed prefer a second bind to fail instead of having two processes.
- a new completely rewritten and much safer DNS response parser. The
original one was fragile and required an extreme care. The new one
fills structures that are exploited by the requester, making it less
likely to do something wrong.
- "%Tq" decomposition : the "%Tq" timer in the logs has became useless
with keep-alive, showing large request times which were in fact idle
time. And with browsers' pre-connect, it has become even worse given
that even the first connection could appear long. Now we have extra
fields to separately report the idle and SSL handshake times so that
logs become accurate again.
- tcp: we now have many new sample fetch functions reporting tcp-level
information on the client-to-haproxy connection. This makes it possible
for example to collect statistics, or to decide to perform a redirect
to another site or to deliver compressed objects when the RTT is too
high.
- http-response track-sc : it's possible to track some information coming
from the response. One example consists in collecting statistics on
content-length or HTTP statuses. Another example is a counter to see if
a client-provided cookie was already seen on the server side.
- accept-netscaler-cip : it's an alternative to the PROXY protocol,
implemented in Citrix's NetScaler load balancers. Thanks to this, both
HAProxy and NetScaler can cooperate.
- Lua: a lot of additions, various classes to access many internal
objects like listeners, servers, proxies and I don't know what else.
- mailers : various improvements such as timeouts and better SMTP protocol
compliance.
- maps : support a new type of maps consisting in regex with replacement
values (a-la "sed").
And that's about all. This work was contributed by 62 different persons,
out of which about 2/3 were new contributors. It's the same progression
as we had in 1.6. Do not hesitate to say "thanks" to them when you meet
them, and particularly if they contributed a feature which made your life
easier. Please see the full log at the bottom of this e-mail for more
information.
Now enough typing, I still have quite a few instances to upgrade, and the
web site to update :-)
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.7/src/
Git repository : http://git.haproxy.org/git/haproxy-1.7.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git
Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog since 1.7-dev6 :
- SCRIPTS: make publish-release also copy the new SPOE doc
- BUILD: http: include types/sample.h in proto_http.h
- BUILD: debug/flags: remove test for SF_COMP_READY
- CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT
- MINOR: lua: add function which return true if the channel is full.
- MINOR: lua: add ip addresses and network manipulation function
- CONTRIB: tcploop: scriptable TCP I/O for debugging purposes
- CONTRIB: tcploop: implement fork()
- CONTRIB: tcploop: implement logging when called with -v
- CONTRIB: tcploop: update the usage output
- CONTRIB: tcploop: support sending plain strings
- CONTRIB: tcploop: don't report failed send() or recv()
- CONTRIB: tcploop: add basic loops via a jump instruction
- BUG/MEDIUM: channel: bad unlikely macro
- CLEANUP: lua: move comment
- CLEANUP: lua: control executed twice
- BUG/MEDIUM: ssl: Store certificate filename in a variable
- BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP
- CLEANUP: ssl: Remove goto after return dead code
- CLEANUP: ssl: Fix bind keywords name in comments
- DOC: ssl: Use correct wording for ca-sign-pass
- CLEANUP: lua: avoid directly calling getsockname/getpeername()
- BUG/MINOR: stick-table: handle out-of-memory condition gracefully
- MINOR: cli: add private pointer and release function
- MEDIUM: lua: Add cli handler for Lua
- BUG/MEDIUM: connection: check the control layer before stopping polling
- DEBUG: connection: mark the closed FDs with a value that is easier to detect
- BUG/MEDIUM: stick-table: fix regression caused by recent fix for
out-of-memory
- BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
- BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
- MINOR: filters: Add check_timeouts callback to handle timers expiration on
streams
- MINOR: spoe: Add 'timeout processing' option to limit time to process an
event
- MINOR: spoe: Remove useless 'timeout ack' option
- MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent section
- MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements
- MINOR: spoe: Add "option set-on-error" statement
- MINOR: stats: correct documentation of process ID for typed output
- BUILD: contrib: fix ip6range build on Centos 7
- BUILD: fix build on Solaris 10/11
- BUG/MINOR: cli: fix pointer size when reporting data/transport layer name
- BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
- BUG/MINOR: cli: wake up the CLI's task after a timeout update
- MINOR: connection: add a few functions to report the data and xprt layers'
names
- MINOR: connection: add names for transport and data layers
- REORG: cli: split dumpstats.c in src/cli.c and src/stats.c
- REORG: cli: split dumpstats.h in stats.h and cli.h
- REORG: cli: move ssl CLI functions to ssl_sock.c
- REORG: cli: move map and acl code to map.c
- REORG: cli: move show stat resolvers to dns.c
- MINOR: cli: create new function cli_has_level() to validate permissions
- MINOR: server: create new function cli_find_server() to find a server
- MINOR: proxy: create new function cli_find_frontend() to find a frontend
- REORG: cli: move 'set server' to server.c
- REORG: cli: move 'show pools' to memory.c
- REORG: cli: move 'show servers' to proxy.c
- REORG: cli: move 'show sess' to stream.c
- REORG: cli: move 'show backend' to proxy.c
- REORG: cli: move get/set weight to server.c
- REORG: cli: move "show stat" to stats.c
- REORG: cli: move "show info" to stats.c
- REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to
standard.c
- REORG: cli: move table dump/clear/set to stick_table.c
- REORG: cli: move "show errors" out of cli.c
- REORG: cli: make "show env" also use the generic keyword registration
- REORG: cli: move "set timeout" to its own handler
- REORG: cli: move "clear counters" to stats.c
- REORG: cli: move "set maxconn global" to its own handler
- REORG: cli: move "set maxconn server" to server.c
- REORG: cli: move "set maxconn frontend" to proxy.c
- REORG: cli: move "shutdown sessions server" to stream.c
- REORG: cli: move "shutdown session" to stream.c
- REORG: cli: move "shutdown frontend" to proxy.c
- REORG: cli: move "{enable|disable} frontend" to proxy.c
- REORG: cli: move "{enable|disable} server" to server.c
- REORG: cli: move "{enable|disable} health" to server.c
- REORG: cli: move "{enable|disable} agent" to server.c
- REORG: cli: move the "set rate-limit" functions to their own parser
- CLEANUP: cli: rename STAT_CLI_* to CLI_ST_*
- CLEANUP: cli: simplify the request parser a little bit
- CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers
- BUILD: server: remove a build warning introduced by latest series
- BUG/MINOR: log-format: uncatched memory allocation functions
- CLEANUP: log-format: useless file and line in json converter
- CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args()
and parse_logformat_var()
- CLEANUP: log-format: fix return code of the function parse_logformat_var()
- CLEANUP: log-format: fix return code of function parse_logformat_var_args()
- CLEANUP: log-format: remove unused arguments
- MEDIUM: log-format: strict parsing and enable fail
- MEDIUM: log-format/conf: take into account the parse_logformat_string()
return code
- BUILD: ssl: make the SSL layer build again with openssl 0.9.8
- BUILD: vars: remove a build warning on vars.c
- MINOR: lua: add utility function for check boolean argument
- MINOR: lua: Add tokenize function.
- BUG/MINOR: conf: calloc untested
- MINOR: http/conf: store the use_backend configuration file and line for logs
- MEDIUM: log-format: Use standard HAProxy log system to report errors
- CLEANUP: sample: report "converter" instead of "conv method" in error
messages
- BUG: spoe: Fix parsing of SPOE actions in ACK frames
- MINOR: cli: make "show stat" support a proxy name
- MINOR: cli: make "show errors" support a proxy name
- MINOR: cli: make "show errors" capable of dumping only request or response
- BUG/MINOR: freq-ctr: make swrate_add() support larger values
- CLEANUP: counters: move from 3 types to 2 types
- CLEANUP: cfgparse: cascade the warnif_misplaced_* rules
- REORG: tcp-rules: move tcp rules processing to their own file
- REORG: stkctr: move all the stick counters processing to stick-tables.c
- DOC: update the roadmap file with the latest changes
And full changelog since 1.6.0 :
Andreas Seltenreich (5):
CLEANUP: stats: Avoid computation with uninitialized bits.
CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
CLEANUP: map: Avoid memory leak in out-of-memory condition.
BUG/MINOR: standard: Avoid free of non-allocated pointer
BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
Andrew Hayworth (2):
MEDIUM: dns: Don't use the ANY query type
MINOR: cli: ability to set per-server maxconn
Andrew Rodland (5):
MINOR: proxy: add 'served' field to proxy, equal to total of all servers'
MINOR: backend: add hash-balance-factor option for hash-type consistent
MINOR: server: compute a "cumulative weight" to allow chash balancing to
hit its target
MEDIUM: server: Implement bounded-load hash algorithm
DOC: fix the entry for hash-balance-factor config option
Baptiste Assmann (53):
BUG/MINOR: dns: parsing error of some DNS response
BUG/MAJOR: dns: first DNS response packet not matching queried hostname
may lead to a loop
BUG/MINOR: dns: unable to parse CNAMEs response
DOC: typo on capture.res.hdr and capture.req.hdr
BUG/MINOR: dns: check for duplicate nameserver id in a resolvers section
was missing
BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
DOC: relation between timeout http-request and option http-buffer-request
BUG/MINOR: tcpcheck: conf parsing error when no port configured on server
and last rule is a CONNECT with no port
BUG/MINOR: tcpcheck: conf parsing error when no port configured on server
and first rule(s) is (are) COMMENT
DOC: mailers: typo in 'hostname' description
DOC: compression: missing mention of libslz for compression algorithm
MINOR: lru: new function to delete <nb> least recently used keys
MINOR: server state: missing LF (\n) on error message printed when
parsing server state file
BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the
nameserver
BUG/MAJOR: servers state: server port is erased when dns resolution is
enabled on a server
MINOR: cfgparse: warn when uid parameter is not a number
MINOR: cfgparse: warn when gid parameter is not a number
DOC: "addr" parameter applies to both health and agent checks
DOC: timeout client: pointers to timeout http-request
DOC: typo on stick-store response
DOC: stick-table: amend paragraph blaming the loss of table upon reload
DOC: typo: ACL subdir match
DOC: typo: maxconn paragraph is wrong due to a wrong buffer size
DOC: regsub: parser limitation about the inability to use closing square
brackets
DOC: typo: req.uri is now replaced by capture.req.uri
BUG/MINOR: dns: inapropriate way out after a resolution timeout
BUG/MINOR: dns: trigger a DNS query type change on resolution timeout
BUG/MINOR: DNS: resolution structure change
BUILD: make proto_tcp.c compatible with musl library
MINOR: standard.c: ipcmp() function to compare 2 IP addresses stored in 2
struct sockaddr_storage
MINOR: standard.c: ipcpy() function to copy an IP address from a struct
sockaddr_storage into an other one
MAJOR: listen section: don't use first bind port anymore when no server
ports are provided
MINOR: cli: change a server health check port through the stats socket
MAJOR: check: find out which port to use for health check at run time
MINOR: server: introduction of 3 new server flags
MINOR: new update_server_addr_port() function to change both server's
ADDR and service PORT
MINOR: cli: ability to change a server's port
CLEANUP/MINOR dns: comment do not follow up code update
MINOR: chunk: new strncat function
MINOR: dns: wrong DNS_MAX_UDP_MESSAGE value
MINOR: dns: new MAX values
MINOR: dns: new macro to compute DNS header size
MINOR: dns: new DNS structures to store received packets
MEDIUM: dns: new DNS response parser
MINOR: dns: query type change when last record is a CNAME
MINOR: dns: proper domain name validation when receiving DNS response
MINOR: dns: comments in types/dns.h about structures endianness
MINOR: init: move apply_server_state in haproxy.c before MODE_CHECK
MAJOR: server: postpone address resolution
MINOR: new srv_admin flag: SRV_ADMF_RMAINT
MINOR: dns: implement extra 'hold' timers.
MAJOR: dns: runtime resolution can change server admin state
MEDIUM: server: add a new init-addr server line setting
Ben Cabot (1):
BUG/MEDIUM: config: Adding validation to stick-table expire value.
Ben Shillito (8):
DOC: Edited 51Degrees section of README/
DOC: add Ben Shillito as the maintainer of 51d
BUILD/MAJOR:updated 51d Trie implementation to incorperate latest update
to 51Degrees.c
BUG/MINOR: 51d: Ensures a unique domain for each configuration
BUG/MINOR: 51d: Aligns Pattern cache implementation with HAProxy best
practices.
BUG/MINOR: 51d: Releases workset back to pool.
BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees.
CLEANUP: 51d: Aligned if statements with HAProxy best practices and
removed casts from malloc.
Benoit GARNIER (2):
BUG/MINOR: log: GMT offset not updated when entering/leaving DST
BUG/MINOR: log: Don't use strftime() which can clobber timezone if
chrooted
Bertrand Jacquin (8):
MINOR: listener: add the "accept-netscaler-cip" option to the "bind"
keyword
MINOR: tcp: add "tcp-request connection expect-netscaler-cip layer4"
MINOR: build: Allow linking to device-atlas library file
BUG/MEDIUM: ssl: Store certificate filename in a variable
BUG/MINOR: ssl: Print correct filename when error occurs reading OCSP
CLEANUP: ssl: Remove goto after return dead code
CLEANUP: ssl: Fix bind keywords name in comments
DOC: ssl: Use correct wording for ca-sign-pass
Bertrand Paquet (1):
BUG/MINOR : allow to log cookie for tarpit and denied request
Chad Lavoie (2):
MINOR: cli: allow the semi-colon to be escaped on the CLI
MINOR: stats: Escape equals sign on socket dump
Chris Short (1):
BUG/MINOR: examples: Fixing haproxy.spec to remove references to .cfg
files
Christopher Faulet (58):
BUILD: ssl: fix build error introduced in commit 7969a3 with OpenSSL <
1.0.0
BUG/MINOR: http: Be sure to process all the data received from a server
MINOR: filters/http: Use a wrapper function instead of
stream_int_retnclose
BUG: stream_interface: Reuse connection even if the output channel is
empty
BUG/MINOR: ssl: Be sure to use unique serial for regenerated certificates
MAJOR: filters: Add filters support
MINOR: filters: Do not reset stream analyzers if the client is gone
REORG: filters: Prepare creation of the HTTP compression filter
MAJOR: filters/http: Rewrite the HTTP compression as a filter
MEDIUM: filters: Use macros to call filters callbacks to speed-up
processing
MEDIUM: filters: remove http_start_chunk, http_last_chunk and
http_chunk_end
MEDIUM: filters: Replace filter_http_headers callback by an analyzer
MEDIUM: filters/http: Move body parsing of HTTP messages in dedicated
functions
MINOR: filters: Add stream_filters structure to hide filters info
MAJOR: filters: Require explicit registration to filter HTTP body and TCP
data
MINOR: filters: Remove unused or useless stuff and do small optimizations
MEDIUM: filters: Optimize the HTTP compression for chunk encoded response
MINOR: filters/http: Slightly update the parsing of chunks
MINOR: filters/http: Forward remaining data when a channel has no "data"
filters
MINOR: filters: Add an filter example
MINOR: filters: Extract proxy stuff from the struct filter
MINOR: filters: Print the list of existing filters during HA startup
MINOR: filters: Typo in an error message
MINOR: filters: Filters must define the callbacks struct during config
parsing
DOC: filters: Add filters documentation
BUG/MINOR: dumpstats: Fix the "Total bytes saved" counter in backends
stats
MEDIUM: filters: Move HTTP headers filtering in its own callback
MINOR: filters: Simplify calls to analyzers using 2 new macros
MEDIUM: filters: Add pre and post analyzer callbacks
DOC: filters: Update the filters documentation accordingly to recent
changes
BUG/MEDIUM: filters: Fix data filtering when data are modified
BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data
forwarding
BUG/MINOR: Rework slightly commit 9962f8fc to clean code and avoid
mistakes
BUG/MEDIUM: http/compression: Fix how chunked data are copied during the
HTTP body parsing
BUG: vars: Fix 'set-var' converter because of a typo
CLEANUP: remove last references to 'ruleset' section
MEDIUM: filters: Add attch/detach and stream_set_backend callbacks
MINOR: filters: Update filters documentation accordingly to recent changes
MINOR: filters: Call stream_set_backend callbacks before updating backend
stats
MINOR: filters: Remove backend filters attached to a stream only for HTTP
streams
MINOR: flt_trace: Add hexdump option to dump forwarded data
MINOR: cfgparse: Add functions to backup and restore registered sections
MINOR: cfgparse: Parse scope lines and save the last one parsed
REORG: sample: move code to release a sample expression in sample.c
MINOR: vars: Allow '.' in variable names
MINOR: vars: Add vars_set_by_name_ifexist function
MEDIUM: vars: Add a per-process scope for variables
MINOR: vars: Add 'unset-var' action/converter
MAJOR: spoe: Add an experimental Stream Processing Offload Engine
MINOR: spoe: add random ip-reputation service as SPOA example
MINOR: spoe/checks: Add support for SPOP health checks
MINOR: filters: Add check_timeouts callback to handle timers expiration
on streams
MINOR: spoe: Add 'timeout processing' option to limit time to process an
event
MINOR: spoe: Remove useless 'timeout ack' option
MINOR: spoe: Add 'option continue-on-error' statement in spoe-agent
section
MINOR: spoe: Add "maxconnrate" and "maxerrrate" statements
MINOR: spoe: Add "option set-on-error" statement
BUG: spoe: Fix parsing of SPOE actions in ACK frames
Coen Rosdorff (1):
DOC: fix discrepancy in the example for http-request redirect
Conrad Hoffmann (1):
BUG/MINOR: dumpstats: fix write to global chunk
Cyril Bonté (16):
BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week
DOC: fix a typo for a "deviceatlas" keyword
FIX: small typo in an example using the "Referer" header
BUG/MEDIUM: sample: urlp can't match an empty value
BUG/MEDIUM: checks: email-alert not working when declared in defaults
BUG/MINOR: checks: email-alert causes a segfault when an unknown mailers
section is configured
BUG/MINOR: checks: typo in an email-alert error message
BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask
correctly
BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni"
keyword
BUG/MINOR: fix maxaccept computation according to the frontend process
range
BUG/MEDIUM: stats: show servers state may show an empty or incomplete
result
BUG/MEDIUM: stats: show backend may show an empty or incomplete result
MINOR: stats: fix typo in help messages
MINOR: stats: show stat resolvers missing in the help message
BUG/MEDIUM: stats: show servers state may show an servers from another
backend
DOC: stats: provide state details for show servers state
Dan Lloyd (1):
DOC: spelling fixes
Daniel Jakots (2):
BUILD: check for libressl to be able to build against it
BUILD: Make use of accept4() on OpenBSD.
Daniel Schneller (3):
DOC: Clarify tunes.vars.xxx-max-size settings
MINOR: acl: Add predefined METH_DELETE, METH_PUT
DOC: Clarify IPv4 address / mask notation rules
David Carlier (21):
BUILD: Make deviceatlas require PCRE
CLEANUP: proxy: calloc call inverted arguments
CLEANUP: connection: fix double negation on memcmp()
DOC: deviceatlas: more example use cases.
BUILD: dumpstats: silencing warning for printf format specifier / time_t
MINOR: da: silent logging by default and displaying DeviceAtlas support
if built.
BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is
no input.
CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
MINOR: sample: Moves ARGS underlying type from 32 to 64 bits.
MINOR: da: Using ARG12 macro for the sample fetch and the convertor.
CLEANUP: chunk: adding NULL check to chunk_dup allocation.
CLEANUP: proto_http: few corrections for gcc warnings.
BUG/MINOR: server: risk of over reading the pref_net array.
BUG/MINOR: cfgparse: couple of small memory leaks.
BUG/MEDIUM: sample: initialize the pointer before parse_binary call.
BUG/MEDIUM: lua: protects the upper boundary of the argument list for
converters/fetches.
MINOR: lua: migrate the argument mask to 64 bits type.
CLEANUP: dumpstats: u64 field is an unsigned type.
CLEANUP: connection: using internal struct to hold source and dest port.
MINOR: cfgparse: few memory leaks fixes.
BUILD: fix build on Solaris 10/11
Dinko Korunic (1):
BUG/MINOR: Fix OSX compilation errors
Dirkjan Bussink (1):
MEDIUM: ssl: Add support for OpenSSL 1.1.0
Dragan Dosen (9):
BUG/MINOR: server: check return value of fgets() in apply_server_state()
MINOR: standard: add function "escape_chunk"
MEDIUM: log: add a new log format flag "E"
MINOR: stream: export the function 'smp_create_src_stkctr'
BUG/MINOR: http: url32+src should use the big endian version of url32
BUG/MINOR: http: url32+src should check cli_conn before using it
DOC: http: add documentation for url32 and url32+src
MINOR: standard: add function "escape_string"
BUG/MEDIUM: log: use function "escape_string" instead of "escape_chunk"
Emeric Brun (4):
BUG/MEDIUM: peers: table entries learned from a remote are pushed to
others after a random delay.
BUG/MEDIUM: peers: old stick table updates could be repushed.
BUG/MINOR: peers: some updates are pushed twice after a resync.
BUG/MINOR: peers: empty chunks after a resync.
Emmanuel Hocdet (2):
MEDIUM: ssl: support SNI filters with multicerts
MINOR: ssl: crt-list parsing factor
Erwan Velu (3):
CLEANUP: proto_http: Removing useless variable assignation
CLEANUP: dumpstats: Removing useless variables allocation
CLEANUP: dns: Removing usless variable & assignation
Frederik Deweerdt (1):
OPTIM/MINOR: session: abort if possible before connecting to the backend
Frédéric Lécaille (2):
BUG/MINOR: peers: Fix peers data decoding issue
MEDIUM: peers: Fix a peer stick-tables synchronization issue.
Godbach (1):
DOC: LUA: fix some typos and syntax errors
Grant (1):
MINOR: examples: Update haproxy.spec URLs to haproxy.org
Herve COMMOWICK (1):
DOC: fix json converter example and error message
Hubert Verstraete (2):
MINOR: new function my_realloc2 = realloc + free upon failure
CLEANUP: fixed some usages of realloc leading to memory leak
Ian Miell (1):
CLEANUP: cfgparse: Very minor spelling correction
James Brown (1):
MINOR: check: add agent-send server parameter
Jerome Duval (2):
BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
BUILD: add Haiku as supported target.
Joe Williams (1):
MINOR: tcp: add further tcp info fetchers
Jorrit Schippers (1):
DOC: Fix typo in description of `-st` parameter in man page
Kevin Decherf (1):
DOC: specify that stats socket doc (section 9.2) is in management
Lukas Tribus (10):
BUG/MINOR: acl: don't use record layer in req_ssl_ver
BUG/MINOR: lua: don't force-sslv3 LUA's SSL socket
MINOR: unix: don't mention free ports on EAGAIN
DOC: remove old tunnel mode assumptions
BUG/MEDIUM: dns: unbreak DNS resolver after header fix
BUG/MINOR: displayed PCRE version is running release
MINOR: show Built with PCRE version
MINOR: show Running on zlib version
MEDIUM: make SO_REUSEPORT configurable
MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections
Mac Browning (1):
DOC: add encoding to json converter example
Marcoen Hirschberg (1):
BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
Maxime de Roucy (4):
MINOR: add list_append_word function
MEDIUM: init: use list_append_word in haproxy.c
MEDIUM: init: allow directory as argument of -f
BUG/MEDIUM: init: don't use environment locale
Nenad Merdanovic (8):
BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are
present
BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY headers
MINOR: Add ability for agent-check to set server maxconn
CLEANUP: Use server_parse_maxconn_change_request for maxconn CLI updates
BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ>
DOC: Fix typo so fetch is properly parsed by Cyril's converter
BUG/MINOR: Fix endiness issue in DNS header creation code
MINOR: Add fe_req_rate sample fetch
Olivier Doucet (1):
DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
Panagiotis Panagiotopoulos (1):
DOC: add server name at rate-limit sessions example
Pavlos Parissis (2):
MINOR: systemd: Use variable for config and pidfile paths
MINOR: systemd: Perform sanity check on config before reload
Pieter Baauw (5):
DOC: lua-api/index.rst small example fixes, spelling correction.
MEDIUM: cfgparse: reject incorrect 'timeout retry' keyword spelling in
resolvers
MINOR: mailers: increase default timeout to 10 seconds
MINOR: mailers: use <CRLF> for all line endings
MINOR: mailers: make it possible to configure the connection timeout
Raghu Udiyar (1):
BUG/MINOR: stats: fix missing comma in stats on agent drain
Remi Gacogne (1):
BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
Roberto Guimaraes (1):
BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
Ruoshan Huang (3):
DOC: prefer using http-request/response over reqXXX/rspXXX directives
BUG/MINOR: fix http-response set-log-level parsing error
MEDIUM: http: implement http-response track-sc* directive
Simon Horman (1):
MINOR: stats: correct documentation of process ID for typed output
Thiago Farina (2):
MINOR: fix the return type for dns_response_get_query_id() function
DOC: fix "needed" typo
Thierry FOURNIER (100):
CLEANUP: use direction names in place of numeric values
BUG/MEDIUM: lua: sample fetches based on response doesn't work
BUILD: freebsd: double declaration
BUG/MEDIUM: lua: clean output buffer
DOC: lua: architecture and first steps
MINOR: lua: service/applet can have access to the HTTP headers when a
POST is received
REORG/MINOR: lua: convert boolean "int" to bitfield
BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
BUG/MINOR: lua: Lua applets must not use http_txn
BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
CLEANUP: lua: bad error messages
DOC: lua: fix lua API
BUILD/MINOR: regex: missing header
BUG/MINOR: stream: bad return code
DOC: lua: fix somme errors and add implicit types
MINOR: lua: add set/get priv for applets
DOC: lua: fix somme errors
BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash
BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash
DOC: lua: remove old functions
BUG/MEDIUM: lua: somme HTTP manipulation functions are called without
valid requests
MEDIUM: log: Decompose %Tq in %Th %Ti %TR
MINOR: ssl: add debug traces
BUILD/CLEANUP: ssl: Check BIO_reset() return code
BUG/MINOR: ssl: Check malloc return code
BUG/MINOR: ssl: prevent multiple entries for the same certificate
MINOR: lua: add function which return true if the channel is full.
MINOR: lua: add ip addresses and network manipulation function
BUG/MEDIUM: channel: bad unlikely macro
CLEANUP: lua: move comment
CLEANUP: lua: control executed twice
MINOR: cli: add private pointer and release function
MEDIUM: lua: Add cli handler for Lua
BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
BUG/MINOR: log-format: uncatched memory allocation functions
CLEANUP: log-format: useless file and line in json converter
CLEANUP/MINOR: log-format: unexport functions parse_logformat_var_args()
and parse_logformat_var()
CLEANUP: log-format: fix return code of the function parse_logformat_var()
CLEANUP: log-format: fix return code of function
parse_logformat_var_args()
CLEANUP: log-format: remove unused arguments
MEDIUM: log-format: strict parsing and enable fail
MEDIUM: log-format/conf: take into account the parse_logformat_string()
return code
MINOR: lua: add utility function for check boolean argument
MINOR: lua: Add tokenize function.
BUG/MINOR: conf: calloc untested
MINOR: http/conf: store the use_backend configuration file and line for
logs
MEDIUM: log-format: Use standard HAProxy log system to report errors
MINOR: map: Add regex matching replacement
BUG/MINOR: lua: unsafe initialization
MINOR: lua: file dedicated to unsafe functions
MINOR: lua: add "now" time function
MINOR: standard: add RFC HTTP date parser
MINOR: lua: Add date functions
MINOR: lua: move common function
MINOR: lua: merge function
MINOR: lua: Add concat class
BUG/MAJOR: lua: segfault using Concat object
DOC: lua: copyrights
MINOR: common: mask conversion
MEDIUM: dns: extract options
MEDIUM: dns: add a "resolve-net" option which allow to prefer an ip in a
network
BUG/MAJOR: lua: applets can't sleep.
BUG/MINOR: server: some prototypes are renamed
BUG/MINOR: lua: Useless copy
BUG/MINOR: server: fix the format of the warning on address change
CLEANUP: server: add "const" to some message strings
MINOR: server: generalize the "updater" source
BUG/MINOR: conf: "listener id" expects integer, but its not checked
BUG/MINOR: lua: can't load external libraries
BUG/MINOR: prevent the dump of uninitialized vars
CLEANUP: map: it seems that the map were planed to be chained
MINOR: lua: move class registration facilities
MINOR: lua: remove some useless checks
CLEANUP: lua: Remove two same functions
MINOR: lua: refactor the Lua object registration
MINOR: lua: precise message when a critical error is catched
MINOR: lua: post initialization
MINOR: lua: Add internal function which strip spaces
MINOR: lua: convert field to lua type
DOC: name set-gpt0 mismatch with the expected keyword
MINOR: http: sample fetch which returns unique-id
MINOR: dumpstats: extract stats fields enum and names
MINOR: dumpstats: split stats_dump_info_to_buffer() in two parts
MINOR: dumpstats: split stats_dump_fe_stats() in two parts
MINOR: dumpstats: split stats_dump_li_stats() in two parts
MINOR: dumpstats: split stats_dump_sv_stats() in two parts
MINOR: dumpstats: split stats_dump_be_stats() in two parts
MINOR: lua: dump general info
MINOR: lua: add class proxy
MINOR: lua: add class server
MINOR: lua: add class listener
BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the
connection state.
DOC: http: rename the unique-id sample and add the documentation
MINOR: filters: add opaque data
BUG/MEDIUM: sticktables: segfault in some configuration error cases
BUG/MEDIUM: lua: converters doesn't work
BUG/MINOR: http: add-header: header name copied twice
BUG/MEDIUM: http: add-header: buffer overwritten
MINOR: tcp: Return TCP statistics like RTT and RTT variance
Vincent Bernat (10):
BUILD: install only relevant and existing documentation
CLEANUP: don't ignore debian/ directory if present
CLEANUP: remove unneeded casts
CLEANUP: uniformize last argument of malloc/calloc
CLEANUP: .gitignore cleanup
BUG/MINOR: dns: fix DNS header definition
BUG/MEDIUM: dns: fix alignment issue when building DNS queries
BUG/MAJOR: fix listening IP address storage for frontends
BUG/MINOR: fix listening IP address storage for frontends (cont)
BUG/MINOR: stick-table: handle out-of-memory condition gracefully
William Lallemand (23):
MINOR: rename master process name in -Ds (systemd mode)
BUG/MEDIUM: trace.c: rdtsc() is defined in two files
BUG/MEDIUM: fix risk of segfault with "show tls-keys"
MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets
DOC: update doc about tls-tickets-keys dump
MEDIUM: tcp: add 'set-src' to 'tcp-request connection'
MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src'
MEDIUM: tcp/http: add 'set-src-port' action
MEDIUM: tcp/http: new set-dst/set-dst-port actions
BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list()
MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys
dump
MEDIUM: cli: register CLI keywords with cli_register_kw()
REORG: cli: split dumpstats.c in src/cli.c and src/stats.c
REORG: cli: split dumpstats.h in stats.h and cli.h
REORG: cli: move ssl CLI functions to ssl_sock.c
REORG: cli: move map and acl code to map.c
REORG: cli: move show stat resolvers to dns.c
REORG: cli: move 'set server' to server.c
REORG: cli: move 'show pools' to memory.c
REORG: cli: move 'show servers' to proxy.c
REORG: cli: move 'show sess' to stream.c
REORG: cli: move 'show backend' to proxy.c
REORG: cli: move get/set weight to server.c
Willy Tarreau (292):
[RELEASE] Released version 1.7-dev0
BUG/MEDIUM: namespaces: don't fail if no namespace is used
BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is disabled
DEBUG/MINOR: memory: add a build option to disable memory pools sharing
DEBUG/MEDIUM: memory: optionally protect free data in pools
DEBUG/MEDIUM: memory: add optional control pool memory operations
MEDIUM: memory: add accounting for failed allocations
BUG/MEDIUM: config: count memory limits on 64 bits, not 32
BUG/MAJOR: http: don't requeue an idle connection that is already queued
BUG/MEDIUM: http: switch the request channel to no-delay once done.
BUILD/MINOR: http: proto_http.h needs sample.h
BUG/MEDIUM: http: don't enable auto-close on the response side
BUG/MEDIUM: stream: fix half-closed timeout handling
CLEANUP: compression: don't allocate DEFAULT_MAXZLIBMEM without USE_ZLIB
BUG/MEDIUM: cli: changing compression rate-limiting must require admin
level
BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
BUILD: ssl: set SSL_SOCK_NUM_KEYTYPES with openssl < 1.0.2
MINOR: config: make tune.recv_enough configurable
BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is
forced
CONTRIB: initiate a debugging suite to make debugging easier
[RELEASE] Released version 1.7-dev1
BUG/MINOR: http: fix several off-by-one errors in the url_param parser
BUG/MINOR: chunk: make chunk_dup() always check and set dst->size
MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
MINOR: chunks: add chunk_strcat() and chunk_newstr()
MINOR: chunk: make chunk_initstr() take a const string
MEDIUM: tools: add csv_enc_append() to preserve the original chunk
MINOR: tools: make csv_enc_append() always start at the first byte of the
chunk
DOC: fix "workaround" spelling
BUG/MEDIUM: servers state: server port is used uninitialized
BUG/MEDIUM: channel: fix miscalculation of available buffer space.
MEDIUM: pools: add a new flag to avoid rounding pool size up
BUG/MEDIUM: buffers: do not round up buffer size during allocation
BUG/MINOR: stream: don't force retries if the server is DOWN
BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch the table
BUG/CLEANUP: CLI: report the proper field states in "show sess"
MINOR: stats: send content-length with the redirect to allow keep-alive
BUG/MAJOR: http-reuse: fix risk of orphaned connections
BUG/MEDIUM: http-reuse: do not share private connections across backends
BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
MINOR: cli: add a new "show env" command
MEDIUM: config: allow to manipulate environment variables in the global
section
BUG/MEDIUM: chunks: always reject negative-length chunks
BUG/MINOR: systemd: ensure we don't miss signals
BUG/MINOR: systemd: report the correct signal in debug message output
BUG/MINOR: systemd: propagate the correct signal to haproxy
MINOR: systemd: ensure a reload doesn't mask a stop
BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to
load certain configs
BUG/MAJOR: samples: check smp->strm before using it
MINOR: sample: add a new helper to initialize the owner of a sample
MINOR: sample: always set a new sample's owner before evaluating it
BUG/MAJOR: vars: always retrieve the stream and session from the sample
CLEANUP: payload: remove useless and confusing nullity checks for channel
buffer
BUG/MINOR: ssl: fix usage of the various sample fetch functions
MINOR: stats: create fields types suitable for all CSV output data
MINOR: stats: add all the "show info" fields in a table
MEDIUM: stats: fill all the show info elements prior to displaying them
MINOR: stats: add a function to emit fields into a chunk
MINOR: stats: add stats_dump_info_fields() to dump one field per line
MEDIUM: stats: make use of stats_dump_info_fields() for "show info"
MINOR: stats: add a declaration of all stats fields
MINOR: stats: don't hard-code the CSV fields list anymore
MINOR: stats: create stats fields storage and CSV dump function
MEDIUM: stats: convert stats_dump_fe_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_fe_stats() use stats fields for HTML dump
MEDIUM: stats: convert stats_dump_li_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_li_stats() use stats fields for HTML dump
MEDIUM: stats: convert stats_dump_be_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_be_stats() use stats fields for HTML dump
MEDIUM: stats: convert stats_dump_sv_stats() to use
stats_dump_fields_csv()
MEDIUM: stats: make stats_dump_sv_stats() use the stats field for HTML
MEDIUM: stats: move the server state coloring logic to the server dump
function
MINOR: stats: do not use srv->admin & STATS_ADMF_MAINT in HTML dumps
MINOR: stats: do not check srv->state for SRV_ST_STOPPED in HTML dumps
MINOR: stats: make CSV report server check status only when enabled
MINOR: stats: only report backend's down time if it has servers
MINOR: stats: prepend '*' in front of the check status when in progress
MINOR: stats: make HTML stats dump rely on the table for the check status
MINOR: stats: add agent_status, agent_code, agent_duration to output
MINOR: stats: add check_desc and agent_desc to the output fields
MINOR: stats: add check and agent's health values in the output
MEDIUM: stats: make the HTML server state dump use the CSV states
MEDIUM: stats: only report observe errors when observe is set
MEDIUM: stats: expose the same flags for CLI and HTTP accesses
MEDIUM: stats: report server's address in the CSV output
MEDIUM: stats: report the cookie value in the server & backend CSV dumps
MEDIUM: stats: compute the color code only in the HTML form
MEDIUM: stats: report the listeners' address in the CSV output
MEDIUM: stats: make it possible to report the WAITING state for listeners
REORG: stats: dump the frontend's HTML stats via a generic function
REORG: stats: dump the socket stats via the generic function
REORG: stats: dump the server stats via the generic function
REORG: stats: dump the backend stats via the generic function
MEDIUM: stats: add a new "mode" column to report the proxy mode
MINOR: stats: report the load balancing algorithm in CSV output
MINOR: stats: add 3 fields to report the frontend-specific connection
stats
MINOR: stats: report number of intercepted requests for frontend and
backends
MINOR: stats: introduce stats_dump_one_line() to dump one stats line
CLEANUP: stats: make stats_dump_fields_html() not rely on proxy anymore
MINOR: stats: add ST_SHOWADMIN to pass the admin info in the regular flags
MINOR: stats: make stats_dump_fields_html() not use &trash by default
MINOR: stats: add functions to emit typed fields into a chunk
MEDIUM: stats: support "show info typed" on the CLI
MEDIUM: stats: implement a typed output format for stats
DOC: document the "show info typed" and "show stat typed" output formats
CLEANUP: http: fix a build warning introduced by a recent fix
[RELEASE] Released version 1.7-dev2
BUILD: namespaces: fix a potential build warning in namespaces.c
BUG/MEDIUM: peers: fix incorrect age in frequency counters
MEDIUM: proxy: use dynamic allocation for error dumps
BUG/MEDIUM: ssl: rewind the BIO when reading certificates
BUG/MEDIUM: channel: fix miscalculation of available buffer space (2nd
try)
CLEANUP: fix inconsistency between fd->iocb, proto->accept and accept()
BUG/MEDIUM: fix maxaccept computation on per-process listeners
BUG/MINOR: listener: stop unbound listeners on startup
TESTS: add blocksig.c to run tests with all signals blocked
MEDIUM: unblock signals on startup.
BUG/MEDIUM: channel: don't allow to overwrite the reserve until connected
BUG/MEDIUM: channel: incorrect polling condition may delay event delivery
BUG/MEDIUM: channel: fix miscalculation of available buffer space (3rd
try)
BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP mode
BUG/MEDIUM: http: fix incorrect reporting of server errors
MINOR: channel: add new function channel_congested()
BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from
dead client
BUG/MAJOR: channel: fix miscalculation of available buffer space (4th try)
BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared
BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers
CLEANUP: don't ignore scripts in .gitignore
BUILD: add a few release and backport scripts in scripts/
[RELEASE] Released version 1.7-dev3
CLEANUP: config: detect double registration of a config section
MINOR: log: add the %Td log-format specifier
SCRIPTS: teach git-show-backports how to report upstream commits
SCRIPTS: make git-show-backports capable of limiting its history
BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
BUG/MEDIUM: stick-tables: fix breakage in table converters
MINOR: stick-table: change all stick-table converters' inputs to SMP_T_ANY
BUILD: fix build on Solaris 11
BUG/MEDIUM: config: fix multiple declaration of section parsers
BUILD/MEDIUM: rebuild everything when an include file is changed
BUILD/MEDIUM: force a full rebuild if some build options change
BUILD: ssl: fix typo causing a build failure in the multicert patch
BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual
limits
BUG/MINOR: init: ensure that FD limit is raised to the max allowed
BUG/MEDIUM: external-checks: close all FDs right after the fork()
BUG/MAJOR: external-checks: use asynchronous signal delivery
BUG/MINOR: external-checks: do not unblock undesired signals
CLEANUP: external-check: don't block/unblock SIGCHLD when manipulating
the list
BUG/MINOR: srv-state: fix incorrect output of state file
BUG/MINOR: http: fix misleading error message for response captures
BUG/BUILD: don't automatically run "make" on "make install"
DOC: add missing doc for http-request deny [deny_status <status>]
BUG/MEDIUM: http: unbreak uri/header/url_param hashing
Revert "BUG/MINOR: ssl: fix potential memory leak in
ssl_sock_load_dh_params()"
BUG/MEDIUM: dns: fix alignment issues in the DNS response parser
BUG/MINOR: peers: don't count track-sc multiple times on errors
BUG/MEDIUM: stream-int: completely detach connection on connect error
BUG/MAJOR: compression: initialize avail_in/next_in even during flush
BUG/MEDIUM: samples: make smp_dup() always duplicate the sample
MINOR: sample: implement smp_is_safe() and smp_make_safe()
MINOR: sample: provide smp_is_rw() and smp_make_rw()
BUG/MAJOR: server: the "sni" directive could randomly cause trouble
BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated
size
BUG/MEDIUM: stick-table: properly convert binary samples to keys
MINOR: sample: use smp_make_rw() in upper/lower converters
MINOR: tcp: add dst_is_local and src_is_local
BUILD: protocol: fix some build errors on OpenBSD
BUILD: log: iovec requires to include sys/uio.h on OpenBSD
BUILD: tcp: do not include netinet/ip.h for IP_TTL
BUILD: connection: fix build breakage on openbsd due to missing in_systm.h
BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD
BUILD: tcp: define SOL_TCP when only IPPROTO_TCP exists
BUILD: compression: remove a warning when no compression lib is used
BUILD: poll: remove unused hap_fd_isset() which causes a warning with
clang
BUG/MAJOR: stick-counters: possible crash when using sc_trackers with
wrong table
[RELEASE] Released version 1.7-dev4
CLEANUP: logs: remove unused log format field definitions
BUG/MAJOR: stream: properly mark the server address as unset on connect
retry
BUG/MINOR: payload: fix SSLv2 version parser
BUG/MINOR: stats: report the correct conn_time in backend's html output
BUG/MEDIUM: dns: don't randomly crash on out-of-memory
MINOR: tcp: make set-src/set-src-port and set-dst/set-dst-port commutative
DOC: fix missed entry for "set-{src,dst}{,-port}"
BUG/MINOR: vars: use sess and not s->sess in action_store()
BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session
MINOR: stats: output dcon
CLEANUP: tcp rules: mention everywhere that tcp-conn rules are L4
MINOR: counters: add new fields for denied_sess
MEDIUM: tcp: add registration and processing of TCP L5 rules
MINOR: stats: emit dses
DOC: document tcp-request session
BUG/MINOR: systemd: make the wrapper return a non-null status code on
error
BUG/MINOR: systemd: always restore signals before execve()
BUG/MINOR: systemd: check return value of calloc()
MINOR: systemd: report it when execve() fails
BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or
failed
SCRIPTS: make git-show-backports also dump a "git show" command
[RELEASE] Released version 1.7-dev5
BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream
BUG/MEDIUM: peers: fix use after free in peer_session_create()
MINOR: peers: make peer_session_forceshutdown() use the appctx and not
the stream
MINOR: peers: remove the pointer to the stream
BUG/MEDIUM: systemd-wrapper: return correct exit codes
MEDIUM: tools: make str2ip2() preserve existing ports
CLEANUP: tools: make ipcpy() preserve the original port
OPTIM: http: move all http character classs tables into a single one
OPTIM: http: improve parsing performance of long header lines
OPTIM: http: improve parsing performance of long URIs
OPTIM: http: optimize lookup of comma and quote in header values
BUG/MEDIUM: srv-state: properly restore the DRAIN state
BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags
MINOR: server: do not emit warnings/logs/alerts on server state changes
at boot
BUG/MEDIUM: servers: properly propagate the maintenance states during
startup
DOC: move the device detection modules documentation to their own files
CLEANUP: wurfl: reduce exposure in the rest of the code
MINOR: stream: make option contstats usable again
MEDIUM: tools: make str2sa_range() return the FQDN even when not resolving
MINOR: server: indicate in the logs when RMAINT is cleared
MINOR: stats: indicate it when a server is down due to resolution
MINOR: server: make srv_set_admin_state() capable of telling why this
happens
MEDIUM: cli: leave the RMAINT state when setting an IP address on the CLI
MEDIUM: server: make use of init-addr
MINOR: server: implement init-addr none
MEDIUM: server: make libc resolution failure non-fatal
MINOR: server: add support for explicit numeric address in init-addr
DOC: add some documentation for the "init-addr" server keyword
MINOR: init: add -dr to ignore server address resolution failures
MEDIUM: server: do not restrict anymore usage of IP address from the
state file
DOC: update ROADMAP file
[RELEASE] Released version 1.7-dev6
SCRIPTS: make publish-release also copy the new SPOE doc
BUILD: http: include types/sample.h in proto_http.h
BUILD: debug/flags: remove test for SF_COMP_READY
CONTRIB: debug/flags: add check for SF_ERR_CHK_PORT
CONTRIB: tcploop: scriptable TCP I/O for debugging purposes
CONTRIB: tcploop: implement fork()
CONTRIB: tcploop: implement logging when called with -v
CONTRIB: tcploop: update the usage output
CONTRIB: tcploop: support sending plain strings
CONTRIB: tcploop: don't report failed send() or recv()
CONTRIB: tcploop: add basic loops via a jump instruction
CLEANUP: lua: avoid directly calling getsockname/getpeername()
BUG/MEDIUM: connection: check the control layer before stopping polling
DEBUG: connection: mark the closed FDs with a value that is easier to
detect
BUG/MEDIUM: stick-table: fix regression caused by recent fix for
out-of-memory
BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
BUILD: contrib: fix ip6range build on Centos 7
BUG/MINOR: cli: fix pointer size when reporting data/transport layer name
BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
BUG/MINOR: cli: wake up the CLI's task after a timeout update
MINOR: connection: add a few functions to report the data and xprt
layers' names
MINOR: connection: add names for transport and data layers
MINOR: cli: create new function cli_has_level() to validate permissions
MINOR: server: create new function cli_find_server() to find a server
MINOR: proxy: create new function cli_find_frontend() to find a frontend
REORG: cli: move "show stat" to stats.c
REORG: cli: move "show info" to stats.c
REORG: cli: move dump_text(), dump_text_line(), and dump_binary() to
standard.c
REORG: cli: move table dump/clear/set to stick_table.c
REORG: cli: move "show errors" out of cli.c
REORG: cli: make "show env" also use the generic keyword registration
REORG: cli: move "set timeout" to its own handler
REORG: cli: move "clear counters" to stats.c
REORG: cli: move "set maxconn global" to its own handler
REORG: cli: move "set maxconn server" to server.c
REORG: cli: move "set maxconn frontend" to proxy.c
REORG: cli: move "shutdown sessions server" to stream.c
REORG: cli: move "shutdown session" to stream.c
REORG: cli: move "shutdown frontend" to proxy.c
REORG: cli: move "{enable|disable} frontend" to proxy.c
REORG: cli: move "{enable|disable} server" to server.c
REORG: cli: move "{enable|disable} health" to server.c
REORG: cli: move "{enable|disable} agent" to server.c
REORG: cli: move the "set rate-limit" functions to their own parser
CLEANUP: cli: rename STAT_CLI_* to CLI_ST_*
CLEANUP: cli: simplify the request parser a little bit
CLEANUP: cli: remove assignments to st0 and st2 in keyword parsers
BUILD: server: remove a build warning introduced by latest series
BUILD: ssl: make the SSL layer build again with openssl 0.9.8
BUILD: vars: remove a build warning on vars.c
CLEANUP: sample: report "converter" instead of "conv method" in error
messages
MINOR: cli: make "show stat" support a proxy name
MINOR: cli: make "show errors" support a proxy name
MINOR: cli: make "show errors" capable of dumping only request or response
BUG/MINOR: freq-ctr: make swrate_add() support larger values
CLEANUP: counters: move from 3 types to 2 types
CLEANUP: cfgparse: cascade the warnif_misplaced_* rules
REORG: tcp-rules: move tcp rules processing to their own file
REORG: stkctr: move all the stick counters processing to stick-tables.c
DOC: update the roadmap file with the latest changes
[RELEASE] Released version 1.7.0
fengpeiyuan (1):
DOC: fix a few spelling mistakes
jesse.de...@asu.edu (1):
BUG/MINOR: examples/haproxy.init: missing brace in quiet_check()
lsenta (1):
BUG: http: do not abort keep-alive connections on server timeout
mildis (2):
MINOR: config: allow IPv6 bracketed literals
BUG/MINOR: ssl: close ssl key file on error
scientiamobile (1):
MEDIUM: wurfl: add Scientiamobile WURFL device detection module
yanbzhu (7):
MINOR: ssl: Added cert_key_and_chain struct
MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs
MINOR: ssl: Added multi cert support for crt-list config keyword
MEDIUM: ssl: Added multi cert support for loading crt directories
MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling
DOC: ssl: Adding docs for Multi-Cert bundling
DOC: ssl: fixed some formatting errors in crt tag
---
