7569 lines
423 KiB
Plaintext
7569 lines
423 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Nov 07 18:40:53 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 3.0.6+git0.c2c009086:
|
|
* [RELEASE] Released version 3.0.6
|
|
* MINOR: debug: move the "recover now" warn message after the optional notes
|
|
* BUILD: Missing inclusion header for ssize_t type
|
|
* BUILD: debug: also declare strlen() in __ABORT_NOW()
|
|
* DEBUG: wdt: add a stats counter "BlockedTrafficWarnings" in show info
|
|
* DEBUG: wdt: make the blocked traffic warning delay configurable
|
|
* DEBUG: cli: make it possible for "debug dev loop" to trigger warnings
|
|
* DEBUG: wdt: better detect apparently locked up threads and warn about them
|
|
* MINOR: debug: add a function to dump a stuck thread
|
|
* MINOR: wdt: move the local timers to a struct
|
|
* MINOR: debug: remove the redundant process.thread_info array from post_mortem
|
|
* MINOR: debug: also add fdtab and acitvity to struct post_mortem
|
|
* MINOR: debug: also add a pointer to struct global to post_mortem
|
|
* MINOR: debug: do not limit backtraces to stuck threads
|
|
* MINOR: debug: print gdb hints when crashing
|
|
* MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name
|
|
* MINOR: rawsock: set connection error codes when returning from recv/send/splice
|
|
* MINOR: connection: add more connection error codes to cover common errno
|
|
* BUG/MINOR: stats: Fix the name for the total number of streams created
|
|
* MINOR: stream/stats: Expose the total number of streams ever created in stats
|
|
* MINOR: stream/stats: Expose the current number of streams in stats
|
|
* MINOR: cli/debug: show dev: add cmdline and version
|
|
* BUG/MINOR: quic: fix malformed probing packet building
|
|
* CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry
|
|
* DOC: config: document connection error 44 (reverse connect failure)
|
|
* BUG/MEDIUM: promex: Fix dump of extra counters
|
|
* MINOR: stream: Save last evaluated rule on invalid yield
|
|
* BUG/MINOR: http-ana: Report internal error if an action yields on a final eval
|
|
* BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections
|
|
* DOC: config: add missing glitch_{cnt,rate} sample definitions
|
|
* DOC: config: add missing glitch_{cnt,rate} data types
|
|
* BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly
|
|
* BUG/MINOR: trace: stop rewriting argv with -dt
|
|
* MINOR: cli: remove non-printable characters from 'debug dev fd'
|
|
* MINOR: debug: store important pointers in post_mortem
|
|
* MINOR: debug: place the post_mortem struct in its own section.
|
|
* MINOR: debug: place a magic pattern at the beginning of post_mortem
|
|
* MINOR: pools: export the pools variable
|
|
* BUILD: debug: silence a build warning with threads disabled
|
|
* BUG/MEDIUM: server: fix race on servers_list during server deletion
|
|
* BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side
|
|
* BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding
|
|
* BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error
|
|
* BUG/MINOR: server: fix dynamic server leak with check on failed init
|
|
* MINOR: activity/memprofile: show per-DSO stats
|
|
* MINOR: activity/memprofile: always return "other" bin on NULL return address
|
|
* BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families
|
|
* BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF
|
|
* BUG/MEDIUM: stats-html: Never dump more data than expected during 0-copy FF
|
|
* BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent
|
|
* BUG/MINOR: mworker: fix mworker-max-reloads parser
|
|
* DOC: config: fix rfc7239 forwarded typo in desc
|
|
* BUG/MEDIUM: quic: avoid freezing 0RTT connections
|
|
* BUG/MINOR: quic: avoid leaking post handshake frames
|
|
* REGTESTS: Never reuse server connection in http-messaging/truncated.vtc
|
|
* BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter
|
|
* BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify()
|
|
* BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid
|
|
* BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send
|
|
* BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new()
|
|
* BUG/MEDIUM: queue: make sure never to queue when there's no more served conns
|
|
* BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests
|
|
* BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}()
|
|
* BUG/MEDIUM: hlua: make hlua_ctx_renew() safe
|
|
* BUG/MEDIUM: server: server stuck in maintenance after FQDN change
|
|
* MEDIUM: debug: on panic, make the target thread automatically allocate its buf
|
|
* MINOR: debug: replace ha_thread_dump() with its two components
|
|
* MINOR: debug: make ha_thread_dump_done() take the pointer to be used
|
|
* MINOR: debug: slightly change the thread_dump_pointer signification
|
|
* MINOR: debug: split ha_thread_dump() in two parts
|
|
* MINOR: chunk: drop the global thread_dump_buffer
|
|
* MINOR: debug: make mark_tainted() return the previous value
|
|
* BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade
|
|
* BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding
|
|
* BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server
|
|
* MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute()
|
|
* BUG/MINOR: queue: make sure that maintenance redispatches server queue
|
|
* BUG/MEDIUM: stream: make stream_shutdown() async-safe
|
|
* MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG
|
|
* MINOR: tools: do not attempt to use backtrace() on linux without glibc
|
|
* BUILD: tools: only include execinfo.h for the real backtrace() function
|
|
* BUG/MINOR: cfgparse-global: fix allowed args number for setenv
|
|
* BUG/MINOR: server: make sure the HMAINT state is part of MAINT
|
|
* BUG/MEDIUM: cli: Deadlock when setting frontend maxconn
|
|
* BUG/MEDIUM: cli: Be sure to catch immediate client abort
|
|
* BUG/MINOR: mux-quic: report glitches to session
|
|
* REGTESTS: shorten a bit the delay for the h1/h2 upgrade test
|
|
* REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades
|
|
* BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only
|
|
* MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state
|
|
* BUG/MINOR: h2: reject extended connect for h2c protocol
|
|
* BUG/MINOR: h1: do not forward h2c upgrade header token
|
|
* MINOR: connection: No longer include stconn type header in connection-t.h
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 30 19:36:53 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 3.0.5+git0.8e879a52e: (VUL-0: CVE-2024-49214 boo#1231612)
|
|
* [RELEASE] Released version 3.0.5
|
|
* BUG/MINOR: quic: prevent freeze after early QCS closure
|
|
* BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM
|
|
* MINOR: quic: implement function to check if STREAM is fully acked
|
|
* MINOR: quic: convert qc_stream_desc release field to flags
|
|
* BUG/MINOR: cfgparse-listen: fix option httpslog override warning message
|
|
* BUG/MEDIUM: promex: Wait to have the request before sending the response
|
|
* BUG/MEDIUM: cache/stats: Wait to have the request before sending the response
|
|
* BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send
|
|
* DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options
|
|
* BUG/MINOR: peers: local entries updates may not be advertised after resync
|
|
* BUG/MEDIUM: queue: implement a flag to check for the dequeuing
|
|
* BUG/MINOR: clock: validate that now_offset still applies to the current date
|
|
* BUG/MINOR: clock: make time jump corrections a bit more accurate
|
|
* BUG/MINOR: polling: fix time reporting when using busy polling
|
|
* MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option
|
|
* BUG/MINOR: pattern: do not leave a leading comma on "set" error messages
|
|
* BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established
|
|
* BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state
|
|
* BUG/MEDIUM: pattern: prevent UAF on reused pattern expr
|
|
* BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg()
|
|
* BUG/MEDIUM: clock: detect and cover jumps during execution
|
|
* REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load
|
|
* DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line
|
|
* BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only)
|
|
* BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC)
|
|
* BUG/MEDIUM: quic: always validate sender address on 0-RTT
|
|
* MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event.
|
|
* MINOR: quic: Implement qc_ssl_eary_data_accepted().
|
|
* MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct)
|
|
* BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder
|
|
* MINOR: quic: Token for future connections implementation.
|
|
* MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD
|
|
* MINOR: quic: Implement quic_tls_derive_token_secret().
|
|
* MINOR: tools: Implement ipaddrcpy().
|
|
* BUG/MEDIUM: clock: also update the date offset on time jumps
|
|
* BUILD: quic: 32bits build broken by wrong integer conversions for printf()
|
|
* BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list
|
|
* DOC: config: correct the table for option tcplog
|
|
* BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
|
|
* BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
|
|
* BUG/MINOR: h3: properly reject too long header responses
|
|
* BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
|
|
* BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID
|
|
* REGTESTS: mcli: test the pipelined commands on master CLI
|
|
* BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI
|
|
* MINOR: channel: implement ci_insert() function
|
|
* BUG/MINOR: proto_tcp: keep error msg if listen() fails
|
|
* BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
|
|
* BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE
|
|
* BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion
|
|
* BUG/MINOR: trace: automatically start in waiting mode with "start <evt>"
|
|
* BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED()
|
|
* BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc
|
|
* BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn
|
|
* DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted
|
|
* BUG/MINOR: fcgi-app: handle a possible strdup() failure
|
|
* BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync
|
|
* BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream
|
|
* BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams
|
|
* BUG/MEDIUM: http-ana: Report error on write error waiting for the response
|
|
* BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content
|
|
* BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC
|
|
* BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC
|
|
* BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect
|
|
* BUILD: mux-pt: Use the right name for the sedesc variable
|
|
* BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path
|
|
* BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set
|
|
* BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 03 14:08:47 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 3.0.4+git0.7a59afa93: (CVE-2024-45506 boo#1229993)
|
|
* [RELEASE] Released version 3.0.4
|
|
* BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in mux_pt_shut()
|
|
* BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns
|
|
* BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only)
|
|
* BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf
|
|
* MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places
|
|
* BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered
|
|
* BUG/MINOR: quic: unexploited retransmission cases for Initial pktns.
|
|
* BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli
|
|
* BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown
|
|
* BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry
|
|
* BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready
|
|
* BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding
|
|
* MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status
|
|
* DOC: quic: fix default minimal value for max window size
|
|
* MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck()
|
|
* Revert "MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface"
|
|
* BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn
|
|
* MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2)
|
|
* BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue()
|
|
* MINOR: queue: add a function to check for TOCTOU after queueing
|
|
* MEDIUM: h1: allow to preserve keep-alive on T-E + C-L
|
|
* MINOR: quic: Add information to "show quic" for CUBIC cc.
|
|
* MINOR: quic: Dump TX in flight bytes vs window values ratio.
|
|
* BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature
|
|
* BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)
|
|
* MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface
|
|
* BUG/MINOR: quic: Non optimal first datagram.
|
|
* BUG/MINOR: cli: Atomically inc the global request counter between CLI commands
|
|
* BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution
|
|
* BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
|
|
* DOC: config: improve the http-keep-alive section
|
|
* DOC: configuration: issuers-chain-path not compatible with OCSP
|
|
* BUG/MAJOR: mux-h2: force a hard error upon short read with pending error
|
|
* BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
|
|
* DOC: install: don't reference removed CPU arg
|
|
* BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts
|
|
* BUG/MINOR: session: Eval L4/L5 rules defined in the default section
|
|
* CLEANUP: quic: rename TID affinity elements
|
|
* CLEANUP: proto: rename TID affinity callbacks
|
|
* BUG/MEDIUM: quic: prevent crash on accept queue full
|
|
* BUILD: listener: silence a build warning about unused value without threads
|
|
* MINOR: proto: extend connection thread rebind API
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 11 14:57:46 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- refreshed patches:
|
|
haproxy-1.6.0-makefile_lib.patch
|
|
haproxy-1.6.0-sec-options.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 11 14:56:11 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 3.0.3+git0.95a607c4b:
|
|
* [RELEASE] Released version 3.0.3
|
|
* BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past
|
|
* DEV: flags/quic: decode quic_conn flags
|
|
* BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread
|
|
* BUG/MEDIUM: h1: Reject empty Transfer-encoding header
|
|
* BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value
|
|
* BUG/MINOR: h1: Fail to parse empty transfer coding names
|
|
* BUG/MINOR: jwt: fix variable initialisation
|
|
* Revert "MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD"
|
|
* BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx
|
|
* DOC: configuration: update maxconn description
|
|
* MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD
|
|
* BUG/MINOR: jwt: don't try to load files with HMAC algorithm
|
|
* BUG/MEDIUM: server: fix race on server_atomic_sync()
|
|
* DOC: configuration: more details about the master-worker mode
|
|
* BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers
|
|
* BUG/MINOR: promex: Remove Help prefix repeated twice for each metric
|
|
* BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking
|
|
* BUG/MINOR: quic: fix race-condition on trace for CID retrieval
|
|
* BUG/MINOR: quic: fix race condition in qc_check_dcid()
|
|
* BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid()
|
|
* BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid
|
|
* BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid
|
|
* BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error
|
|
* MINOR: activity: make the memory profiling hash size configurable at build time
|
|
* BUG/MINOR: server: fix first server template name lookup UAF
|
|
* DOC: configuration: add details about crt-store in bind "crt" keyword
|
|
* BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session
|
|
* BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct()
|
|
* DEV: flags/show-fd-to-flags: adapt to recent versions
|
|
* BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure
|
|
* BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure
|
|
* BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure
|
|
* BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission
|
|
* DOC: api/event_hdl: small updates, fix an example and add some precisions
|
|
* SCRIPTS: git-show-backports: do not truncate git-show output
|
|
* BUG/MAJOR: quic: fix padding with short packets
|
|
* DOC: management: document ptr lookup for table commands
|
|
* DOC: configuration: fix alphabetical order of bind options
|
|
* BUG/MEDIUM: proxy: fix email-alert invalid free
|
|
* REGTESTS: ssl: fix some regtests 'feature cmd' start condition
|
|
* DEBUG: hlua: distinguish burst timeout errors from exec timeout errors
|
|
* BUG/MINOR: log: fix broken '+bin' logformat node option
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 16 06:44:56 UTC 2024 - andreas.stieger@gmx.de
|
|
|
|
- Update to version 3.0.2+git0.a45a8e623:
|
|
* [RELEASE] Released version 3.0.2
|
|
* DOC: management: rename show stats domain cli "dns" to "resolvers"
|
|
* DOC/MINOR: management: add -dZ option
|
|
* DOC/MINOR: management: add missed -dR and -dv options
|
|
* BUG/MINOR: quic: fix padding of INITIAL packets
|
|
* BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request
|
|
* CLEANUP: log/proxy: fix comment in proxy_free_common()
|
|
* BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions
|
|
* MINOR: proxy: add proxy_free_common() helper function
|
|
* BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section
|
|
* DOC: config: add missing context hint for new server and proxy keywords
|
|
* DOC: config: add missing section hint for "guid" proxy keyword
|
|
* DOC: config: move "hash-key" from proxy to server options
|
|
* BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section
|
|
* BUG/MINOR: proxy: fix header_unique_id leak on deinit()
|
|
* BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit()
|
|
* BUG/MINOR: proxy: fix dyncookie_key leak on deinit()
|
|
* BUG/MINOR: proxy: fix check_{command,path} leak on deinit()
|
|
* BUG/MINOR: proxy: fix email-alert leak on deinit()
|
|
* BUG/MINOR: proxy: fix log_tag leak on deinit()
|
|
* BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit()
|
|
* MINOR: log: fix "http-send-name-header" ignore warning message
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 10 14:52:46 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 3.0.1+git0.471a1b2f1:
|
|
* [RELEASE] Released version 3.0.1
|
|
* BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag
|
|
* BUG/MAJOR: mux-h1: Properly copy chunked input data during zero-copy nego
|
|
* BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts
|
|
* BUG/MINOR: quic: ensure Tx buf is always purged
|
|
* BUG/MINOR: quic: fix computed length of emitted STREAM frames
|
|
* BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL
|
|
* BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
|
|
* BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego
|
|
* CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume()
|
|
* BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path
|
|
* BUG/MINOR: hlua: prevent LJMP in hlua_traceback()
|
|
* BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage
|
|
* BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP
|
|
* CLEANUP: hlua: use hlua_pusherror() where relevant
|
|
* BUG/MINOR: quic: prevent crash on qc_kill_conn()
|
|
* BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released
|
|
* MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd
|
|
* BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless
|
|
* BUG/MINOR: hlua: use CertCache.set() from various hlua contexts
|
|
* DOC: configuration: add an example for keywords from crt-store
|
|
* BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory
|
|
* BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser
|
|
* BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 31 12:07:48 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- AppArmor: allow haproxy to read the files needed for the
|
|
"p post_mortem" support
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 29 14:00:25 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 3.0.0+git0.5590ada47:
|
|
https://www.haproxy.com/blog/announcing-haproxy-3-0
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg44993.html
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 26 19:55:05 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 2.9.6+git0.9eafce5dc:
|
|
* [RELEASE] Released version 2.9.6
|
|
* BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
|
|
* BUG/MAJOR: promex: fix crash on deleted server
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 26 19:54:49 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 2.9.5+git0.260dbb8a6:
|
|
* [RELEASE] Released version 2.9.5
|
|
* BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
|
|
* BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
|
|
* BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
|
|
* BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
|
|
* MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
|
|
* BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
|
|
* MINOR: muxes: Announce support for zero-copy forwarding on consumer side
|
|
* MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
|
|
* MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
|
|
* CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
|
|
* BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
|
|
* BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
|
|
* MINOR: quic: Add a counter for reordered packets
|
|
* MINOR: quic: Dynamic packet reordering threshold
|
|
* MINOR: quic: Update K CUBIC calculation (RFC 9438)
|
|
* BUG/MEDIUM: quic: Wrong K CUBIC calculation.
|
|
* BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
|
|
* BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
|
|
* BUILD: address a few remaining calloc(size, n) cases
|
|
* CI: Update to actions/cache@v4
|
|
* BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
|
|
* BUG/MINOR: vars/cli: fix missing LF after "get var" output
|
|
* DOC: internal: update missing data types in peers-v2.0.txt
|
|
* DOC: config: fix misplaced "bytes_{in,out}"
|
|
* DOC: config: fix typos for "bytes_{in,out}"
|
|
* DOC: config: fix misplaced "txn.conn_retries"
|
|
* DOC: install: recommend pcre2
|
|
* REGTESTS: ssl: Add OCSP related tests
|
|
* REGTESTS: ssl: Fix empty line in cli command input
|
|
* BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
|
|
* BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
|
|
* BUG/MEDIUM: ocsp: Separate refcount per instance and per store
|
|
* MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
|
|
* BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
|
|
* BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
|
|
* MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
|
|
* BUILD: debug: remove leftover parentheses in ABORT_NOW()
|
|
* MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
|
|
* MINOR: debug: make sure calls to ha_crash_now() are never merged
|
|
* MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
|
|
* MINOR: quic: Stop using 1024th of a second.
|
|
* BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
|
|
* CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
|
|
* BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
|
|
* BUILD: quic: Variable name typo inside a BUG_ON().
|
|
* BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
|
|
* BUG/MINOR: diag: run the final diags before quitting when using -c
|
|
* BUG/MINOR: diag: always show the version before dumping a diag warning
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 26 19:54:25 UTC 2024 - mrueckert@suse.de
|
|
|
|
- Update to version 2.9.4+git0.4e071ad92:
|
|
* [RELEASE] Released version 2.9.4
|
|
* BUG/MEDIUM: h1: always reject the NUL character in header values
|
|
* BUG/MINOR: h1-htx: properly initialize the err_pos field
|
|
* DOC: httpclient: add dedicated httpclient section
|
|
* BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
|
|
* BUG/MINOR: h1: Don't support LF only at the end of chunks
|
|
* BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
|
|
* BUG/MEDIUM: qpack: allow 6xx..9xx status codes
|
|
* BUG/MEDIUM: h3: do not crash on invalid response status code
|
|
* MINOR: h3: add traces for stream sending function
|
|
* BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
|
|
* DOC: configuration: clarify http-request wait-for-body
|
|
* BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
|
|
* MINOR: quic: extract qc_stream_buf free in a dedicated function
|
|
* MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
|
|
* CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
|
|
* BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available
|
|
* BUG/MEDIUM: cache: Fix crash when deleting secondary entry
|
|
* BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
|
|
* BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
|
|
* BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
|
|
* MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
|
|
* BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
|
|
* DOC: configuration: fix set-dst in actions keywords matrix
|
|
* BUG/MINOR: h3: fix checking on NULL Tx buffer
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
|
|
|
|
- Set /run/haproxy as the default PID file and socket location
|
|
Adds haproxy-service.patch
|
|
- Allow custom stats socket names
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com
|
|
|
|
- Update to version 2.9.3+git0.de3ab549a:
|
|
* [RELEASE] Released version 2.9.3
|
|
* BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
|
|
* BUG/MINOR: mux-h2: also count streams for refused ones
|
|
* BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
|
|
* BUILD: quic: missing include for quic_tp
|
|
* [RELEASE] Released version 2.9.2
|
|
* DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay
|
|
* REGTESTS: add a test to ensure map-ordering is preserved
|
|
* BUG/MINOR: map: list-based matching potential ordering regression
|
|
* CLEANUP: quic: Double quic_dgram_parse() prototype declaration.
|
|
* MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name
|
|
* MINOR: ot: logsrv struct becomes logger
|
|
* MINOR: mux-h2: support limiting the total number of H2 streams per connection
|
|
* BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up
|
|
* BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego
|
|
* BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable
|
|
* BUG/MEDIUM: h3: fix incorrect snd_buf return value
|
|
* BUILD: quic: Missing quic_ssl.h header protection
|
|
* CLEANUP: quic: Remaining useless code into server part
|
|
* REGTESTS: check attach-srv out of order declaration
|
|
* MINOR: debug: add features and build options to "show dev"
|
|
* MINOR: global: export a way to list build options
|
|
* CI: use semantic version compare for determing "latest" OpenSSL
|
|
* BUG/MINOR: h3: disable fast-forward on buffer alloc failure
|
|
* BUG/MINOR: h3: close connection on sending alloc errors
|
|
* BUG/MINOR: h3: properly handle alloc failure on finalize
|
|
* MINOR: h3: add traces for connection init stage
|
|
* BUG/MINOR: h3: close connection on header list too big
|
|
* MINOR: h3: check connection error during sending
|
|
* BUG/MINOR: quic: Missing call to TLS message callbacks
|
|
* BUG/MINOR: quic: Wrong keylog callback setting.
|
|
* BUG/MINOR: mux-quic: disable fast-fwd if connection on error
|
|
* BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission
|
|
* DOC: fix typo for fastfwd QUIC option
|
|
* BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event
|
|
* MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype
|
|
* MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage
|
|
* BUG/MEDIUM: stats: unhandled switching rules with TCP frontend
|
|
* MINOR: stats: store the parent proxy in stats ctx (http)
|
|
* BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error
|
|
* BUG/MINOR: server: Use the configured address family for the initial resolution
|
|
* DOC: config: Update documentation about local haproxy response
|
|
* BUG/MINOR: resolvers: default resolvers fails when network not configured
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 15 15:15:07 UTC 2023 - varkoly@suse.com
|
|
|
|
- Update to version 2.9.1+git0.f72603ceb:
|
|
* [RELEASE] Released version 2.9.1
|
|
* DOC: config: also add arguments to the converters in the table
|
|
* DOC: config: add arguments to sample fetch methods in the table
|
|
* BUG/MEDIUM: mux-quic: report early error on stream
|
|
* BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
|
|
* CLEANUP: mux-h1: Fix a trace message about C-L header addition
|
|
* BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally
|
|
* BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
|
|
* BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side
|
|
* BUG/MEDIUM: quic: QUIC CID removed from tree without locking
|
|
* MINOR: version: mention that it's stable now
|
|
* BUG/MINOR: ext-check: cannot use without preserve-env
|
|
* BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
|
|
* BUILD: ssl: update types in wolfssl cert selection callback
|
|
* BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
|
|
* BUG/MINOR: mworker/cli: fix set severity-output support
|
|
* DOC: configuration: typo req.ssl_hello_type
|
|
* BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
|
|
* BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
|
|
* MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
|
|
* BUG/MINOR: ssl: Double free of OCSP Certificate ID
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 11 09:20:20 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- Update to version 2.9.0+git0.fddb8c13b:
|
|
new major branch:
|
|
https://www.haproxy.com/blog/announcing-haproxy-2-9
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg44400.html
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 07 14:28:36 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.8.5+git0.aaba8d090:
|
|
* [RELEASE] Released version 2.8.5
|
|
* BUG/MEDIUM: proxy: always initialize the default settings after init
|
|
* BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
|
|
* BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
|
|
* MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
|
|
* BUG/MINOR: ssl: Double free of OCSP Certificate ID
|
|
* BUG/MINOR: quic: Packet number spaces too lately initialized
|
|
* BUG/MINOR: quic: Missing QUIC connection path member initialization
|
|
* BUG/MINOR: quic: Possible leak of TX packets under heavy load
|
|
* BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load
|
|
* BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed
|
|
* BUG/MEDIUM: peers: fix partial message decoding
|
|
* DOC: Clarify the differences between field() and word()
|
|
* BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
|
|
* REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter
|
|
* DOC: config: fix monitor-fail typo
|
|
* DOC: config: add matrix entry for "max-session-srv-conns"
|
|
* DOC: config: specify supported sections for "max-session-srv-conns"
|
|
* BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
|
|
* BUG/MINOR: config: Stopped parsing upon unmatched environment variables
|
|
* BUG/MINOR: quic_tp: fix preferred_address decoding
|
|
* DOC: config: fix missing characters in set-spoe-group action
|
|
* BUG/MINOR: h3: always reject PUSH_PROMISE
|
|
* BUG/MINOR: h3: fix TRAILERS encoding
|
|
* BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1
|
|
* BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request()
|
|
* BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding
|
|
* DOC: lua: fix Proxy.get_mode() output
|
|
* DOC: lua: add sticktable class reference from Proxy.stktable
|
|
* REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY
|
|
* DOC: config: fix timeout check inheritance restrictions
|
|
* DOC: 51d: updated 51Degrees repo URL for v3.2.10
|
|
* BUG/MINOR: server: do not leak default-server in defaults sections
|
|
* BUG/MINOR: quic: Possible RX packet memory leak under heavy load
|
|
* BUG/MEDIUM: quic: Possible crash for connections to be killed
|
|
* BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them
|
|
* BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly
|
|
* REGTESTS: http: add a test to validate chunked responses delivery
|
|
* BUG/MINOR: proxy/stktable: missing frees on proxy cleanup
|
|
* MINOR: stktable: add stktable_deinit function
|
|
* BUG/MINOR: stream/cli: report correct stream age in "show sess"
|
|
* BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover()
|
|
* BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover()
|
|
* BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover()
|
|
* BUG/MAJOR: quic: complete thread migration before tcp-rules
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 24 11:31:13 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.8.4+git0.a4ebf9d3b:
|
|
* [RELEASE] Released version 2.8.4
|
|
* BUG/MINOR: stconn: Report read activity on non-indep streams for partial sends
|
|
* BUG/MINOR: stconn/applet: Report send activity only if there was output data
|
|
* BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer
|
|
* BUG/MINOR: stconn: Fix streamer detection for HTX streams
|
|
* MINOR: channel: Add functions to get info on buffers and deal with HTX streams
|
|
* MINOR: htx: Use a macro for overhead induced by HTX
|
|
* BUG/MEDIUM: stconn: Update fsb date on partial sends
|
|
* BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented
|
|
* BUG/MEDIUM: mworker: set the master variable earlier
|
|
* BUG/MEDIUM: applet: Report a send activity everytime data were sent
|
|
* BUG/MEDIUM: stconn: Report a send activity everytime data were sent
|
|
* REGTESTS: http: Improve script testing abortonclose option
|
|
* BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only
|
|
* MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads
|
|
* MINOR: connection: Add a CTL flag to notify mux it should wait for reads again
|
|
* BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up
|
|
* BUG/MEDIUM: connection: report connection errors even when no mux is installed
|
|
* DOC: quic: Wrong syntax for "quic-cc-algo" keyword.
|
|
* BUG/MINOR: sink: don't learn srv port from srv addr
|
|
* BUG/MEDIUM: applet: Remove appctx from buffer wait list on release
|
|
* DOC: config: use the word 'backend' instead of 'proxy' in 'track' description
|
|
* BUG/MINOR: quic: fix retry token check inconsistency
|
|
* DOC: management: -q is quiet all the time
|
|
* BUG/MEDIUM: stconn: Don't update stream expiration date if already expired
|
|
* BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures
|
|
* BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets
|
|
* BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree
|
|
* BUG/MINOR: quic: idle timer task requeued in the past
|
|
* BUG/MEDIUM: pool: fix releasable pool calculation when overloaded
|
|
* BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period
|
|
* BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts
|
|
* BUG/MINOR: stick-table/cli: Check for invalid ipv4 key
|
|
* BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure
|
|
* BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure
|
|
* CLEANUP: htx: Properly indent htx_reserve_max_data() function
|
|
* BUG/MINOR: stconn: Sanitize report for read activity
|
|
* BUG/MEDIUM: Don't apply a max value on room_needed in sc_need_room()
|
|
* BUG/MEDIUM: stconn: Don't report rcv/snd expiration date if SC cannot epxire
|
|
* BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range()
|
|
* BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure
|
|
* BUG/MINOR: stktable: missing free in parse_stick_table()
|
|
* BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure
|
|
* BUG/MEDIUM: ssl: segfault when cipher is NULL
|
|
* BUG/MINOR: mux-quic: fix early close if unset client timeout
|
|
* BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
|
|
* MEDIUM: quic: count quic_conn for global sslconns
|
|
* MEDIUM: quic: count quic_conn instance for maxconn
|
|
* MINOR: frontend: implement a dedicated actconn increment function
|
|
* BUG/MINOR: ssl: use a thread-safe sslconns increment
|
|
* BUG/MINOR: quic: do not consider idle timeout on CLOSING state
|
|
* BUG/MEDIUM: server: "proto" not working for dynamic servers
|
|
* MINOR: connection: add conn_pr_mode_to_proto_mode() helper func
|
|
* DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder
|
|
* MINOR: lua: Add flags to configure logging behaviour
|
|
* BUG/MINOR: ssl: load correctly @system-ca when ca-base is define
|
|
* DOC: internal: filters: fix reference to entities.pdf
|
|
* BUG/MINOR: mux-h2: update tracked counters with req cnt/req err
|
|
* BUG/MINOR: mux-h2: commit the current stream ID even on reject
|
|
* BUG/MEDIUM: peers: Fix synchro for huge number of tables
|
|
* BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task
|
|
* BUG/MINOR: trace: fix trace parser error reporting
|
|
* BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again
|
|
* BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending
|
|
* BUG/MINOR: mux-h2: make up other blocked streams upon removal from list
|
|
* BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request
|
|
* BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash
|
|
* BUG/MINOR: mux-quic: fix free on qcs-new fail alloc
|
|
* BUG/MINOR: h3: strengthen host/authority header parsing
|
|
* BUG/MINOR: mux-quic: support initial 0 max-stream-data
|
|
* BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream
|
|
* BUG/MINOR: quic: reject packet with no frame
|
|
* BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos
|
|
* BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room()
|
|
* BUG/MINOR: hq-interop: simplify parser requirement
|
|
* BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set
|
|
* BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set
|
|
* BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried
|
|
* BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only
|
|
* MINOR: hlua: Test the hlua struct first when the lua socket is connecting
|
|
* MINOR: hlua: Save the lua socket's server in its context
|
|
* MINOR: hlua: Save the lua socket's timeout in its context
|
|
* MINOR: hlua: Don't preform operations on a not connected socket
|
|
* MINOR: hlua: Set context's appctx when the lua socket is created
|
|
* BUG/MEDIUM: http-ana: Try to handle response before handling server abort
|
|
* BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed
|
|
* BUG/MEDIUM: actions: always apply a longest match on prefix lookup
|
|
* BUG/MINOR: mux-quic: remove full demux flag on ncbuf release
|
|
* BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams
|
|
* MINOR: pattern: fix pat_{parse,match}_ip() function comments
|
|
* BUG/MINOR: server: add missing free for server->rdr_pfx
|
|
* BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers
|
|
* BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API
|
|
* BUG/MEDIUM: master/cli: Pin the master CLI on the first thread of the group 1
|
|
* BUG/MINOR: promex: fix backend_agg_check_status
|
|
* BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records
|
|
* BUG/MINOR: hlua/init: coroutine may not resume itself
|
|
* BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume()
|
|
* CI: musl: drop shopt in workflow invocation
|
|
* CI: musl: highlight section if there are coredumps
|
|
* Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token"
|
|
* BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread
|
|
* MINOR: hlua: add hlua_stream_ctx_prepare helper function
|
|
* BUILD: quic: fix build on centos 8 and USE_QUIC_OPENSSL_COMPAT
|
|
* BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code
|
|
* BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind
|
|
* BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help
|
|
* MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option
|
|
* MINOR: quic+openssl_compat: Do not start without "limited-quic"
|
|
* MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic"
|
|
* BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels
|
|
* DOC: quic: Add "limited-quic" new tuning setting
|
|
* MINOR: quic: Add "limited-quic" new tuning setting
|
|
* MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper.
|
|
* MINOR: quic: Add a quic_openssl_compat struct to quic_conn struct
|
|
* MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog()
|
|
* MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper
|
|
* MINOR: quic: Export some KDF functions (QUIC-TLS)
|
|
* MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper
|
|
* MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled()
|
|
* MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method()
|
|
* MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT
|
|
* MINOR: quic: Include QUIC opensssl wrapper header from TLS stacks compatibility header
|
|
* MINOR: quic: QUIC openssl wrapper implementation
|
|
* BUG/MINOR: quic: Wrong cluster secret initialization
|
|
* BUG/MINOR: quic: Leak of frames to send.
|
|
* BUILD: bug: make BUG_ON() void to avoid a rare warning
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 07 22:07:54 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.8.3+git0.86e043add:
|
|
* [RELEASE] Released version 2.8.3
|
|
* CI: Update to actions/checkout@v4
|
|
* MEDIUM: capabilities: enable support for Linux capabilities
|
|
* BUG/MINOR: hlua/action: incorrect message on E_YIELD error
|
|
* BUG/MINOR: ring/cli: Don't expect input data when showing events
|
|
* BUG/MINOR: applet: Always expect data when CLI is waiting for a new command
|
|
* NUG/MEDIUM: stconn: Always update stream's expiration date after I/O
|
|
* BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout
|
|
* BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC
|
|
* BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC
|
|
* BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer
|
|
* BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var)
|
|
* BUG/MINOR: quic: Wrong RTT adjusments
|
|
* MINOR: httpclient: allow to configure the timeout.connect
|
|
* MINOR: httpclient: allow to configure the retries
|
|
* DOC: configuration: update examples for req.ver
|
|
* BUG/MINOR: stream: further protect stream_dump() against incomplete sessions
|
|
* BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer
|
|
* BUG/MAJOR: quic: Really ignore malformed ACK frames.
|
|
* BUG/MINOR: quic: Possible skipped RTT sampling
|
|
* BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown
|
|
* BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending shutdown
|
|
* BUG/MINOR: stconn: Don't report blocked sends during connection establishment
|
|
* BUG/MEDIUM: stconn: Update stream expiration date on blocked sends
|
|
* DEBUG: applet: Properly report opposite SC expiration dates in traces
|
|
* BUG/MINOR: checks: do not queue/wake a bounced check
|
|
* DOC: config: mention uid dependency on the tune.quic.socket-owner option
|
|
* BUG/MINOR: stream: protect stream_dump() against incomplete streams
|
|
* BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate
|
|
* BUILD: import: guard plock.h against multiple inclusion
|
|
* BUG/MINOR: ssl_sock: fix possible memory leak on OOM
|
|
* DOC: lua: fix core.register_action typo
|
|
* BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage
|
|
* CI: fedora: fix "dnf" invocation syntax
|
|
* IMPORT: xxhash: update xxHash to version 0.8.2
|
|
* MINOR: atomic: make sure to always relax after a failed CAS
|
|
* MINOR: threads: inline the wait function for pthread_rwlock emulation
|
|
* IMPORT: plock: also support inlining the int code
|
|
* BUILD: Makefile: add the USE_QUIC option to make help
|
|
* DOC: jwt: Add explicit list of supported algorithms
|
|
* REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3)
|
|
* SCRIPTS: git-show-backports: automatic ref and base detection with -m
|
|
* DOC: typo: fix sc-set-gpt references
|
|
* BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection
|
|
* BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection
|
|
* DEV: flags/show-sess-to-flags: properly decode fd.state
|
|
* BUG/MINOR: hlua: fix invalid use of lua_pop on error paths
|
|
* BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing
|
|
* CI: get rid of travis-ci wrapper for Coverity scan
|
|
* CI: do not use "groupinstall" for Fedora Rawhide builds
|
|
- drop 0001-IMPORT-xxhash-update-xxHash-to-version-0.8.2.patch:
|
|
part of the version update
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 30 09:04:25 UTC 2023 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
- Apply upstream patch for the ppc64le issue:
|
|
Add patch:
|
|
0001-IMPORT-xxhash-update-xxHash-to-version-0.8.2.patch
|
|
Remove patch:
|
|
fix-invalid-parameter-combination-for-AltiVec-intrinsic-__builtin_vec_ld.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 21 14:38:51 UTC 2023 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
- Build error on ppc64le: include/import/xxhash.h:4148:9: error: invalid parameter combination for AltiVec intrinsic __builtin_vec_ld
|
|
Add patch:
|
|
fix-invalid-parameter-combination-for-AltiVec-intrinsic-__builtin_vec_ld.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 09 12:31:26 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.8.2+git0.61a0f576a: (boo#1214102) CVE-2023-40225
|
|
* [RELEASE] Released version 2.8.2
|
|
* BUG/MINOR: http: skip leading zeroes in content-length values
|
|
* DOC: clarify the handling of URL fragments in requests
|
|
* REGTESTS: http-rules: verify that we block '#' by default for normalize-uri
|
|
* BUG/MINOR: h3: reject more chars from the :path pseudo header
|
|
* BUG/MINOR: h2: reject more chars from the :path pseudo header
|
|
* BUG/MINOR: h1: do not accept '#' as part of the URI component
|
|
* REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests
|
|
* MINOR: h2: pass accept-invalid-http-request down the request parser
|
|
* MINOR: http: add new function http_path_has_forbidden_char()
|
|
* MINOR: ist: add new function ist_find_range() to find a character range
|
|
* BUG/MAJOR: http: reject any empty content-length header value
|
|
* BUG/MAJOR: h3: reject header values containing invalid chars
|
|
* REORG: http: move has_forbidden_char() from h2.c to http.h
|
|
* BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
|
|
* BUILD: quic: fix wrong potential NULL dereference
|
|
* BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error
|
|
* BUG/MINOR: http-client: Don't forget to commit changes on HTX message
|
|
* BUG/MEDIUM: quic: consume contig space on requeue datagram
|
|
* BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends
|
|
* BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame
|
|
* BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full
|
|
* DOC: configuration: describe Td in Timing events
|
|
* BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line
|
|
* BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX
|
|
* MINOR: quic: Useless call to SSL_CTX_set_quic_method()
|
|
* MINOR: quic: Make ->set_encryption_secrets() be callable two times
|
|
* BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary
|
|
* BUG/MINOR: server-state: Avoid warning on 'file not found'
|
|
* BUG/MINOR: server-state: Ignore empty files
|
|
* BUG/MINOR: quic: Missing parentheses around PTO probe variable.
|
|
* BUG/MINOR: server: Don't warn on server resolution failure with init-addr none
|
|
* BUG/MINOR: init: set process' affinity even in foreground
|
|
* BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct
|
|
* BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured
|
|
* MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found
|
|
* BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses
|
|
* BUG/MINOR: hlua: add check for lua_newstate
|
|
* BUILD: quic: fix warning during compilation using gcc-6.5
|
|
* CI: explicitely highlight VTest result section if there's something
|
|
* CI: add naming convention documentation
|
|
* BUG/MINOR: http: Return the right reason for 302
|
|
* BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters
|
|
* DOC: config: Fix fc_src description to state the source address is returned
|
|
* BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing
|
|
* BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers
|
|
* CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt
|
|
* BUG/MEDIUM: quic: timestamp shared in token was using internal time clock
|
|
* BUG/MEDIUM: quic: missing check of dcid for init pkt including a token
|
|
* BUG/MINOR: quic: retry token remove one useless intermediate expand
|
|
* BUG/MEDIUM: quic: token IV was not computed using a strong secret
|
|
* BUG/MINOR: config: Remove final '\n' in error messages
|
|
* BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size
|
|
* EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script
|
|
* BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv()
|
|
* MINOR: hlua_fcn/mailers: handle timeout mail from mailers section
|
|
* BUG/MINOR: server: set rid default value in new_server()
|
|
* BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring()
|
|
* BUG/MINOR: sink: invalid sft free in sink_deinit()
|
|
* BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward()
|
|
* BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward()
|
|
* BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward()
|
|
* BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets
|
|
* MINOR: sink/api: pass explicit maxlen parameter to sink_write()
|
|
* BUG/MINOR: log: LF upsets maxlen for UDP targets
|
|
* BUG/MINOR: ring: maxlen warning reported as alert
|
|
* BUG/MINOR: ring: size warning incorrectly reported as fatal error
|
|
* BUG/MINOR: sink: missing sft free in sink_deinit()
|
|
* BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239()
|
|
* BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv()
|
|
* BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden by a s-maxage
|
|
* BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT
|
|
* DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list only aspect
|
|
* DOC: ssl: Fix typo in 'ocsp-update' option
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 03 14:52:58 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.8.1+git0.a90123aa8:
|
|
* [RELEASE] Released version 2.8.1
|
|
* CLEANUP: quic: Remove server specific about Initial packet number space
|
|
* MINOR: quic: Reduce the maximum length of TLS secrets
|
|
* MINOR: quic: Move packet number space related functions
|
|
* MINOR: quic: Move QUIC encryption level structure definition
|
|
* BUILD: debug: avoid a build warning related to epoll_wait() in debug code
|
|
* MINOR: compression/slz: add support for a pure flush of pending bytes
|
|
* IMPORT: slz: implement a synchronous flush() operation
|
|
* BUG/MINOR: quic: Wrong endianess for version field in Retry token
|
|
* BUG/MINOR: quic: Wrong Retry paquet version field endianess
|
|
* BUG/MINOR: quic: Missing random bits in Retry packet header
|
|
* BUG/MINOR: config: fix stick table duplicate name check
|
|
* BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag
|
|
* BUG/MINOR: quic: Prevent deadlock with CID tree lock
|
|
* BUG/MINOR: mworker: leak of a socketpair during startup failure
|
|
* BUG/MINOR: http_ext: fix if-none regression in forwardfor option
|
|
* DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size
|
|
* REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages
|
|
* DOC: Add tune.h2.max-frame-size option to table of contents
|
|
* DOC: Add tune.h2.be.* and tune.h2.fe.* options to table of contents
|
|
* BUG/MINOR: quic: ticks comparison without ticks API use
|
|
* BUG/MEDIUM: mworker: increase maxsock with each new worker
|
|
* BUG/MINOR: quic: Possible endless loop in quic_lstnr_dghdlr()
|
|
* BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update()
|
|
* BUG/MINOR: quic: Missing initialization (packet number space probing)
|
|
* BUG/MINOR: namespace: missing free in netns_sig_stop()
|
|
* BUG/MINOR: server: inherit from netns in srv_settings_cpy()
|
|
* BUG/MINOR: quic: Address inversion in "show quic full"
|
|
* BUG/MINOR: quic: Wrong encryption level flags checking
|
|
* BUG/MINOR: ssl: log message non thread safe in SSL Hanshake failure
|
|
* REG-TESTS: stickiness: Delay haproxys start to properly resolv variables
|
|
* BUG/MINOR: peers: Improve detection of config errors in peers sections
|
|
* BUG/MEDIUM: hlua: Use front SC to detect EOI in HTTP applets' receive functions
|
|
* BUG/MINOR: proxy/server: free default-server on deinit
|
|
* BUG/MINOR: proxy: add missing interface bind free in free_proxy
|
|
* BUG/MINOR: cfgparse-tcp: leak when re-declaring interface from bind line
|
|
* DOC: config: fix rfc7239 converter examples (again)
|
|
* DOC: config: fix jwt_verify() example using var()
|
|
* DOC: quic: fix misspelled tune.quic.socket-owner
|
|
* BUG/MINOR: spoe: Only skip sending new frame after a receive attempt
|
|
* CONTRIB: Add vi file extensions to .gitignore
|
|
* BUG/MINOR: quic: Possible crash when SSL session init fails
|
|
* BUG/MINOR: stream: do not use client-fin/server-fin with HTX
|
|
* BUG/MINOR: stats: Fix Lua's `get_stats` function
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 31 19:10:51 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Refreshed patches to apply cleanly again:
|
|
haproxy-1.6.0-makefile_lib.patch
|
|
haproxy-1.6.0-sec-options.patch
|
|
- Updated series file: removed outdated patches
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 31 19:07:54 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.8.0+git0.fdd8154ed:
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg43600.html
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 02 14:06:55 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.8+git0.58c657f26:
|
|
* [RELEASE] Released version 2.7.8
|
|
* MINOR: listener: remove the now useless LI_F_QUIC_LISTENER flag
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 2 10:44:33 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Add handling for the new startup logs in /dev/shm in the apparmor
|
|
profile
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 02 09:59:24 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.7+git0.feedf1414:
|
|
* [RELEASE] Released version 2.7.7
|
|
* BUG/MINOR: tools: check libssl and libcrypto separately
|
|
* MINOR: pools: report a replaced memory allocator instead of just malloc_trim()
|
|
* BUG/MINOR: pools: restore detection of built-in allocator
|
|
* MEDIUM: tools: further relax dlopen() checks too consider grouped symbols
|
|
* MINOR: tools: relax dlopen() on malloc/free checks
|
|
* MINOR: pattern: use trim_all_pools() instead of a conditional malloc_trim()
|
|
* MINOR: pools: export trim_all_pools()
|
|
* MEDIUM: pools: move the compat code from trim_all_pools() to malloc_trim()
|
|
* MINOR: pools: intercept malloc_trim() instead of trying to plug holes
|
|
* MINOR: pools: make sure 'no-memory-trimming' is always used
|
|
* BUG/MINOR: illegal use of the malloc_trim() function if jemalloc is used
|
|
* BUG/MINOR: quic: fix race on quic_conns list during affinity rebind
|
|
* MINOR: quic: finalize affinity change as soon as possible
|
|
* MINOR: mux-quic: do not allocate Tx buf for empty STREAM frame
|
|
* MINOR: mux-quic: do not set buffer for empty STREAM frame
|
|
* BUG/MINOR: quic: prevent buggy memcpy for empty STREAM
|
|
* BUG/MEDIUM: mux-quic: improve streams fairness to prevent early timeout
|
|
* BUG/MEDIUM: mux-quic: do not emit RESET_STREAM for unknown length
|
|
* CLEANUP: quic: Rename several <buf> variables into quic_sock.c
|
|
* CLEANUP: quic: Rename <buf> variable into qc_parse_hd_form()
|
|
* CLEANUP: quic: Rename <buf> variable into quic_packet_read_long_header()
|
|
* CLEANUP: quic: Rename several <buf> variables at low level
|
|
* CLEANUP: quic: Rename quic_get_dgram_dcid() <buf> variable
|
|
* CLEANUP: quic: Make qc_build_pkt() be more readable
|
|
* CLEANUP: quic: Rename <buf> variable for several low level functions
|
|
* CLEANUP: quic: Rename <buf> variable into quic_rx_pkt_parse()
|
|
* CLEANUP: quic: Rename <buf> variable into quic_padding_check()
|
|
* CLEANUP: quic: Rename <buf> variable to <token> in quic_generate_retry_token()
|
|
* CLEANUP: quic: Remove useless parameters passes to qc_purge_tx_buf()
|
|
* CLEANUP: quic: rename frame variables
|
|
* CLEANUP: quic: rename frame types with an explicit prefix
|
|
* BUG/MINOR: quic: Useless I/O handler task wakeups (draining, killing state)
|
|
* BUG/MINOR: quic: Useless probing retransmission in draining or killing state
|
|
* BUG/MINOR: quic: Possible leak during probing retransmissions
|
|
* BUG/MINOR: quic: Possible memory leak from TX packets
|
|
* MINOR: quic: Move traces at proto level
|
|
* BUILD: proto_tcp: export the correct names for proto_tcpv[46]
|
|
* BUILD: sock_inet: forward-declare struct receiver
|
|
* BUG/MINOR: config: fix NUMA topology detection on FreeBSD
|
|
* CI: cirrus-ci: bump FreeBSD image to 13-1
|
|
* BUG/MINOR: cli: clarify error message about stats bind-process
|
|
* MINOR: listener: remove unneeded local accept flag
|
|
* MAJOR: quic: support thread balancing on accept
|
|
* MINOR: quic: properly finalize thread rebinding
|
|
* MEDIUM: quic: implement thread affinity rebinding
|
|
* MINOR: fd: implement fd_migrate_on() to migrate on a non-local thread
|
|
* MINOR: fd: add a lock bit with the tgid
|
|
* MINOR: fd: optimize fd_claim_tgid() for use in fd_insert()
|
|
* MINOR: quic: delay post handshake frames after accept
|
|
* MINOR: protocol: define new callback set_affinity
|
|
* MINOR: quic: do not proceed to accept for closing conn
|
|
* MEDIUM: quic: handle conn bootstrap/handshake on a random thread
|
|
* MINOR: quic: remove TID encoding in CID
|
|
* MEDIUM: quic: use a global CID trees list
|
|
* BUG/MINOR: server: don't use date when restoring last_change from state file
|
|
* BUG/MINOR: server: don't miss server stats update on server state transitions
|
|
* BUG/MINOR: server: don't miss proxy stats update on server state transitions
|
|
* MINOR: server: explicitly commit state change in srv_update_status()
|
|
* BUG/MINOR: server: incorrect report for tracking servers leaving drain
|
|
* BUG/MEDIUM: Update read expiration date on synchronous send
|
|
* BUG/MINOR: quic: consume Rx datagram even on error
|
|
* BUG/MINOR: quic: prevent crash on qc_new_conn() failure
|
|
* BUG/MINOR: h3: fix crash on h3s alloc failure
|
|
* BUG/MINOR: mux-quic: properly handle STREAM frame alloc failure
|
|
* BUG/MINOR: mux-quic: fix crash with app ops install failure
|
|
* BUG/MINOR: quic: Wrong Retry token generation timestamp computing
|
|
* BUG/MINOR: quic: Unchecked buffer length when building the token
|
|
* MINOR: quic: Do not allocate too much ack ranges
|
|
* BUG/MINOR: quic: Stop removing ACK ranges when building packets
|
|
* BUG/MINOR: cfgparse: make sure to include openssl-compat
|
|
* BUG/MEDIUM: quic: prevent crash on Retry sending
|
|
* CLEANUP: backend: Remove useless debug message in assign_server()
|
|
* BUG/MINOR: quic: transform qc_set_timer() as a reentrant function
|
|
* MINOR: quic: remove TID ref from quic_conn
|
|
* MINOR: quic: adjust quic CID derive API
|
|
* MINOR: quic: adjust Rx packet type parsing
|
|
* MINOR: quic: remove uneeded tasklet_wakeup after accept
|
|
* CLEANUP: quic: rename quic_connection_id vars
|
|
* CLEANUP: quic: remove unused qc param on stateless reset token
|
|
* CLEANUP: quic: remove unused scid_node
|
|
* CLEANUP: quic: remove unused QUIC_LOCK label
|
|
* BUG/MINOR: task: allow to use tasklet_wakeup_after with tid -1
|
|
* BUG/MEDIUM: log: Properly handle client aborts in syslog applet
|
|
* MINOR: ssl: remove OpenSSL 1.0.2 mention into certificate loading error
|
|
* BUG/MINOR: quic: Do not use ack delay during the handshakes
|
|
* REGTESTS: fix the race conditions in log_uri.vtc
|
|
* BUG/MINOR: stream: Fix test on SE_FL_ERROR on the wrong entity
|
|
* CI: bump "actions/checkout" to v3 for cross zoo matrix
|
|
* BUG/MINOR: quic: Wrong Application encryption level selection when probing
|
|
* MINOR: quic: Remove a useless test about probing in qc_prep_pkts()
|
|
* MINOR: quic: Display the packet number space flags in traces
|
|
* BUG/MINOR: quic: SIGFPE in quic_cubic_update()
|
|
* BUG/MINOR: quic: Possible wrapped values used as ACK tree purging limit.
|
|
* BUG/MEDIUM: quic: Code sanitization about acknowledgements requirements
|
|
* MINOR: quic: Add connection flags to traces
|
|
* BUG/MINOR: quic: Ignored less than 1ms RTTs
|
|
* MINOR: quic: Add packet loss and maximum cc window to "show quic"
|
|
* BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it.
|
|
* BUG/MINOR: stick_table: alert when type len has incorrect characters
|
|
* MINOR: activity: add a line reporting the average CPU usage to "show activity"
|
|
* MINOR: quic: Add a trace for packet with an ACK frame
|
|
* MINOR: quic: Dump more information at proto level when building packets
|
|
* MINOR: quic: Modify qc_try_rm_hp() traces
|
|
* BUG/MINOR: quic: Wrong packet number space probing before confirmed handshake
|
|
* MINOR: quic: Trace fix in quic_pto_pktns() (handshaske status)
|
|
* BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions
|
|
* BUG/MINOR: resolvers: Wakeup DNS idle task on stopping
|
|
* BUG/MEDIUM: dns: Kill idle DNS sessions during stopping stage
|
|
* BUILD: compiler: fix __equals_1() on older compilers
|
|
* BUG/MINOR: errors: invalid use of memprintf in startup_logs_init()
|
|
* BUG/MINOR: mworker: unset more internal variables from program section
|
|
* MINOR: quic: remove address concatenation to ODCID
|
|
* MINOR: quic: remove ODCID dedicated tree
|
|
* MINOR: quic: derive first DCID from client ODCID
|
|
* BUG/MINOR: quic: Possible crashes in qc_idle_timer_task()
|
|
* BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload
|
|
* MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked
|
|
* BUG/MEDIUM: hlua: prevent deadlocks with main lua lock
|
|
* MINOR: hlua: simplify lua locking
|
|
* BUG/MINOR: hlua: prevent function and table reference leaks on errors
|
|
* BUG/MINOR: hlua: fix reference leak in hlua_post_init_state()
|
|
* BUG/MINOR: hlua: fix reference leak in core.register_task()
|
|
* MINOR: hlua: add simple hlua reference handling API
|
|
* CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy()
|
|
* BUG/MINOR: hlua: enforce proper running context for register_x functions
|
|
* BUG/MINOR: hlua: hook yield does not behave as expected
|
|
* BUG/MINOR: log: free log forward proxies on deinit()
|
|
* BUG/MINOR: sink: free forward_px on deinit()
|
|
* BUG/MINOR: stats: properly handle server stats dumping resumption
|
|
* BUG/MINOR: server/del: fix srv->next pointer consistency
|
|
* MINOR: server: add SRV_F_DELETED flag
|
|
* BUG/MEDIUM: dns: Properly handle error when a response consumed
|
|
* BUG/MEDIUM: channel: Improve reports for shut in co_getblk()
|
|
* BUG/MINOR: quic: Possible wrong PTO computing
|
|
* BUILD: quic: 32bits compilation issue in cli_io_handler_dump_quic()
|
|
* BUG/MINOR: quic: Wrong idle timer expiration (during 20s)
|
|
* BUG/MINOR: quic: Unexpected connection closures upon idle timer task execution
|
|
* MINOR: quic: Add trace to debug idle timer task issues
|
|
* DOC: config: strict-sni allows to start without certificate
|
|
* MINOR: http-act: emit a warning when a header field name contains forbidden chars
|
|
* BUG/MINOR: quic: Remove useless BUG_ON() in newreno and cubic algo implementation
|
|
* BUG/MAJOR: quic: Congestion algorithms states shared between the connection
|
|
* MINOR: quic: Add missing traces in cubic algorithm implementation
|
|
* BUG/MINOR: quic: Cubic congestion control window may wrap
|
|
* BUG/MINOR: quic: Remaining useless statements in cubic slow start callback
|
|
* BUG/MINOR: quic: Wrong rtt variance computing
|
|
* MEDIUM: quic: Ack delay implementation
|
|
* MINOR: quic: Traces adjustments at proto level.
|
|
* MINOR: quic: Adjustments for generic control congestion traces
|
|
* MINOR: quic: Implement cubic state trace callback
|
|
* BUG/MINOR: quic: Missing max_idle_timeout initialization for the connection
|
|
* BUG/MINOR: quic: Wrong use of now_ms timestamps (newreno algo)
|
|
* MINOR: quic: Add recovery related information to "show quic"
|
|
* BUG/MINOR: quic: Wrong use of now_ms timestamps (cubic algo)
|
|
* BUG/MINOR: backend: make be_usable_srv() consistent when stopping
|
|
* BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop
|
|
* DOC/MINOR: reformat configuration.txt's "quoting and escaping" table
|
|
* MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
|
|
* BUG/MINOR: quic: Missing padding in very short probe packets
|
|
* BUG/MEDIUM: mux-h2: Be able to detect connection error during handshake
|
|
* BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.
|
|
* Revert "BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached"
|
|
* BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 28 10:03:07 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.6+git0.4dadaaafb:
|
|
* [RELEASE] Released version 2.7.6
|
|
* BUG/MINOR: quic: Missing STREAM frame type updated
|
|
* BUG/MINOR: applet/new: fix sedesc freeing logic
|
|
* BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription
|
|
* DOC: config: set-var() dconv rendering issues
|
|
* BUG/MEDIUM: stats: Consume the request except when parsing the POST payload
|
|
* MINOR: mux-quic: close on frame alloc failure
|
|
* MINOR: mux-quic: close on qcs allocation failure
|
|
* MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn
|
|
* MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled
|
|
* BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown
|
|
* BUG/MINOR: h3: properly handle incomplete remote uni stream type
|
|
* MINOR: mux-quic: add flow-control info to minimal trace level
|
|
* MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv
|
|
* MINOR: mux-quic: complete traces for qcs emission
|
|
* BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset
|
|
* BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF
|
|
* BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup
|
|
* BUG/MINOR: quic: wake up MUX on probing only for 01RTT
|
|
* BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation
|
|
* BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s
|
|
* BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure
|
|
* BUG/MEDIUM: stconn: don't set the type before allocation succeeds
|
|
* BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
|
|
* BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd
|
|
* BUG/MEDIUM: stream: do not try to free a failed stream-conn
|
|
* BUG/MINOR: quic: Dysfunctional 01RTT packet number space probing
|
|
* MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames)
|
|
* MINOR: proto_ux: ability to dump ABNS names in error messages
|
|
* MEDIUM: proto_ux: properly suspend named UNIX listeners
|
|
* BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume
|
|
* MINOR: listener: pause_listener() becomes suspend_listener()
|
|
* BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener()
|
|
* BUG/MINOR: listener: fix resume_listener() resume return value handling
|
|
* BUG/MEDIUM: listener: fix pause_listener() suspend return value handling
|
|
* MINOR: listener: make sure we don't pause/resume bypassed listeners
|
|
* MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping
|
|
* MINOR: listener: add relax_listener() function
|
|
* MINOR: listener/api: add lli hint to listener functions
|
|
* MINOR: proto_uxst: add resume method
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 17 16:42:07 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.5+git0.8d230219e:
|
|
* [RELEASE] Released version 2.7.5
|
|
* OPTIM: mux-h1: limit first read size to avoid wrapping
|
|
* BUG/MAJOR: qpack: fix possible read out of bounds in static table
|
|
* BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp()
|
|
* BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all()
|
|
* BUG/MINOR: proto_ux: report correct error when bind_listener fails
|
|
* BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend
|
|
* BUG/MINOR: mux-h2: Fix possible null pointer deref on h2c in _h2_trace_header()
|
|
* MEDIUM: mux-h2/trace: add tracing support for headers
|
|
* MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers
|
|
* MEDIUM: bwlim: Support constants limit or period on set-bandwidth-limit actions
|
|
* BUG/MEDIUM: listener: duplicate inherited FDs if needed
|
|
* BUG/MINOR: quic: Missing STREAM frame data pointer updates
|
|
* BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data
|
|
* BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested
|
|
* MINOR: buffer: add br_single() to check if a buffer ring has more than one buf
|
|
* BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it
|
|
* BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list
|
|
* BUG/MINOR: quic: Missing STREAM frame length updates
|
|
* BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches
|
|
* BUG/MEDIUM: mux-h1: Don't block SE_FL_ERROR if EOS is not reported on H1C
|
|
* DEBUG: ssl-sock/show_fd: Display SSL error code
|
|
* DEBUG: cli/show_fd: Display connection error code
|
|
* BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop
|
|
* BUG/MEDIUM: proxy: properly stop backends on soft-stop
|
|
* BUG/MINOR: mux-h1: Don't report an H1C error on client timeout
|
|
* BUG/MEDIUM: mux-pt: Set EOS on error on sending path if read0 was received
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 12 12:30:54 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- switch to autopatch to simplify patch handling
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 12 12:28:41 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.4+git0.d28541d1f:
|
|
* [RELEASE] Released version 2.7.4
|
|
* DOC/CLEANUP: fix typos
|
|
* MINOR: quic_sock: un-statify quic_conn_sock_fd_iocb()
|
|
* BUG/MINOR: quic: Missing listener accept queue tasklet wakeups
|
|
* BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value
|
|
* BUG/MAJOR: fd/threads: close a race on closing connections after takeover
|
|
* BUG/MINOR: thread: report thread and group counts in the correct order
|
|
* BUG/MINOR: init: properly detect NUMA bindings on large systems
|
|
* MINOR: quic: Do not stress the peer during retransmissions of lost packets
|
|
* MINOR: fd/cli: report the polling mask in "show fd"
|
|
* BUG/MINOR: quic: Wrong RETIRE_CONNECTION_ID sequence number check
|
|
* MEDIUM: quic: release closing connections on stopping
|
|
* MINOR: quic: handle new closing list in show quic
|
|
* MINOR: quic: create a global list dedicated for closing QUIC conns
|
|
* MINOR: h3: add traces on h3_init_uni_stream() error paths
|
|
* MINOR: quic: Add transport parameters to "show quic"
|
|
* MINOR: quic: Add spin bit support
|
|
* MINOR: quic: Useless TLS context allocations in qc_do_rm_hp()
|
|
* MINOR: quic: RETIRE_CONNECTION_ID frame handling (RX)
|
|
* MINOR: quic: Typo fix for ACK_ECN frame
|
|
* MINOR: quic: Store the next connection IDs sequence number in the connection
|
|
* MINOR: quic: Do not accept wrong active_connection_id_limit values
|
|
* BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated
|
|
* BUG/MAJOR: fd/thread: fix race between updates and closing FD
|
|
* BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX
|
|
* MINOR: quic: Send PING frames when probing Initial packet number space
|
|
* BUG/MINOR: quic: Missing detections of amplification limit reached
|
|
* BUG/MINOR: quic: Do not resend already acked frames
|
|
* BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames
|
|
* BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets
|
|
* MINOR: quic: Add traces about QUIC TLS key update
|
|
* BUG/MINOR: quic: v2 Initial packets decryption failed
|
|
* BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted
|
|
* MINOR: quic: Add a BUG_ON_HOT() call for too small datagrams
|
|
* BUG/MINOR: quic: Do not send too small datagrams (with Initial packets)
|
|
* BUG/MINOR: cli: fix CLI handler "set anon global-key" call
|
|
* BUG/MEDIUM: quic: properly handle duplicated STREAM frames
|
|
* BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords
|
|
* MINOR: ssl: rename confusing ssl_bind_kws
|
|
* BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback
|
|
* BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data
|
|
* BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response
|
|
* BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry
|
|
* MINOR: quic: notify on send ready
|
|
* MEDIUM: quic: implement poller subscribe on sendto error
|
|
* MINOR: quic: purge txbuf before preparing new packets
|
|
* MINOR: quic: implement qc_notify_send()
|
|
* MINOR: quic: simplify return path in send functions
|
|
* BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory
|
|
* BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body
|
|
* BUG/MINOR: mux-h1: Don't report an error on an early response close
|
|
* BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list
|
|
* MINOR: quic: consider EBADF as critical on send()
|
|
* MEDIUM: quic: improve fatal error handling on send
|
|
* CLEANUP: listener: only store conn counts for local threads
|
|
* BUG/MEDIUM: fd: make fd_delete() support being called from a different group
|
|
* BUG/MINOR: fd: used the update list from the fd's group instead of tgid
|
|
* DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section
|
|
* BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing
|
|
* BUG/MEDIUM: fd: avoid infinite loops in fd_add_to_fd_list and fd_rm_from_fd_list
|
|
* BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables
|
|
* BUG/MINOR: ring: do not realign ring contents on resize
|
|
* BUILD: quic: 32-bits compilation issue with %zu in quic_rx_pkts_del()
|
|
* BUG/MINOR: cache: Check cache entry is complete in case of Vary
|
|
* BUG/MINOR: cache: Cache response even if request has "no-cache" directive
|
|
* REGTESTS: Fix ssl_errors.vtc script to wait for connections close
|
|
* DOC: config: Add the missing tune.fail-alloc option from global listing
|
|
* DOC: config: Fix description of options about HTTP connection modes
|
|
* BUG/MEDIUM: quic: Missing TX buffer draining from qc_send_ppkts()
|
|
* MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers()
|
|
* MINOR: mux-h2/traces: do not log h2s pointer for dummy streams
|
|
* MEDIUM: quic: trigger fast connection closing on process stopping
|
|
* MINOR: quic: mark quic-conn as jobs on socket allocation
|
|
* MEDIUM: mux-quic: properly implement soft-stop
|
|
* MINOR: mux-quic: implement client-fin timeout
|
|
* MINOR: mux-quic: define qc_process()
|
|
* MINOR: mux-quic: define qc_shutdown()
|
|
* MEDIUM: h3: enforce GOAWAY by resetting higher unhandled stream
|
|
* BUG/MINOR: h3: prevent hypothetical demux failure on int overflow
|
|
* BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released
|
|
* BUG/MINOR: quic: also send RESET_STREAM if MUX released
|
|
* MINOR: quic: adjust request reject when MUX is already freed
|
|
* BUG/MINOR: quic: Missing padding for short packets
|
|
* BUG/MINOR: quic: Do not drop too small datagrams with Initial packets
|
|
* BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean
|
|
* BUG/MINOR: quic: Do not probe with too little Initial packets
|
|
* MINOR: quic: Add <pto_count> to the traces
|
|
* MINOR: quic: Add a trace to identify connections which sent Initial packet.
|
|
* BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm()
|
|
* MINOR: quic: Make qc_dgrams_retransmit() return a status.
|
|
* MINOR: quic: Add traces to qc_kill_conn()
|
|
* MINOR: quic: Kill the connections on ICMP (port unreachable) packet receipt
|
|
* MINOR: quic: Simplication for qc_set_timer()
|
|
* BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer()
|
|
* MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock
|
|
* MINOR: quic: Add new traces about by connection RX buffer handling
|
|
* BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors
|
|
* MINOR: h3: add traces on decode_qcs callback
|
|
* BUG/MINOR: mworker: prevent incorrect values in uptime
|
|
* BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame
|
|
* MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set
|
|
* BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed
|
|
* BUG/MINOR: sched: properly report long_rq when tasks remain in the queue
|
|
* BUG/MEDIUM: wdt: fix wrong thread being checked for sleeping
|
|
* BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached
|
|
* BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy
|
|
* BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send()
|
|
* MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start
|
|
* BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong
|
|
* BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions
|
|
* BUG/MINOR: mworker: stop doing strtok directly from the env
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 14 16:32:41 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.3+git0.1065b1000: (boo#1208132 CVE-2023-25725)
|
|
* [RELEASE] Released version 2.7.3
|
|
* BUG/CRITICAL: http: properly reject empty http header field names
|
|
* BUG/MINOR: quic: Wrong datagram dispatch because of qc_check_dcid()
|
|
* DOC: proxy-protocol: fix wrong byte in provided example
|
|
* BUG/MEDIUM: quic: Buffer overflow when looking through QUIC CLI keyword list
|
|
* BUG/MINOR: clock/stats: also use start_time not start_date in HTML info
|
|
* BUG/MINOR: mworker: fix uptime for master process
|
|
* BUG/MINOR: quic: fix type bug on "show quic" for 32-bits arch
|
|
* BUG/MINOR: quic: fix filtering of closing connections on "show quic"
|
|
* MINOR: quic: filter closing conn on "show quic"
|
|
* MINOR: quic: display Tx stream info on "show quic"
|
|
* MINOR: quic: display infos about various encryption level on "show quic"
|
|
* MINOR: quic: display socket info on "show quic"
|
|
* MINOR: quic: display CIDs and state in "show quic"
|
|
* MINOR: quic: implement a basic "show quic" CLI handler
|
|
* BUG/MEDIUM: quic: fix crash when "option nolinger" is set in the frontend
|
|
* BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first
|
|
* BUG/MINOR: server/add: ensure minconn/maxconn consistency when adding server
|
|
* MINOR: cfgparse/server: move (min/max)conn postparsing logic into dedicated function
|
|
* BUG/MINOR: h3: fix crash due to h3 traces
|
|
* DOC: config: 'http-send-name-header' option may be used in default section
|
|
* DOC: config: fix option spop-check proxy compatibility
|
|
* BUG/MEDIUM: cache: use the correct time reference when comparing dates
|
|
* BUG/MINOR: clock: do not mix wall-clock and monotonic time in uptime calculation
|
|
* BUG/MEDIUM: stick-table: do not leave entries in end of window during purge
|
|
* BUG/MINOR: ssl/crt-list: warn when a line is malformated
|
|
* MINOR: quic: Update version_information transport parameter to draft-14
|
|
* BUG/MEDIUM: quic: do not split STREAM frames if no space
|
|
* BUG/MINOR: quic: Unchecked source connection ID
|
|
* MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks
|
|
* BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session
|
|
* MINOR: quic: When probing Handshake packet number space, also probe the Initial one
|
|
* BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans()
|
|
* MINOR: quic: Add a trace about variable states in qc_prep_fast_retrans()
|
|
* BUG/MINOR: quic: Too big PTO during handshakes
|
|
* BUG/MINOR: quic: Possible stream truncations under heavy loss
|
|
* CLEANUP: quic: no need for atomics on packet refcnt
|
|
* MINOR: quic: add config for retransmit limit
|
|
* MEDIUM: quic: implement a retransmit limit per frame
|
|
* MINOR: quic: refactor frame deallocation
|
|
* MINOR: quic: define new functions for frame alloc
|
|
* MINOR: quic: ensure offset is properly set for STREAM frames
|
|
* MINOR: quic: remove fin from quic_stream frame type
|
|
* BUG/MINOR: stats: Prevent HTTP "other sessions" counter underflows
|
|
* MINOR: stats: add by HTTP version cumulated number of sessions and requests
|
|
* BUG/MINOR: stats: fix STAT_STARTED behavior with full htx
|
|
* BUG/MINOR: stats: fix show stats field ctx for servers
|
|
* BUG/MINOR: stats: fix ctx->field update in stats_dump_proxy_to_buffer()
|
|
* BUG/MEDIUM: stats: fix resolvers dump
|
|
* BUG/MINOR: stats: fix source buffer size for http dump
|
|
* BUG/MINOR: stats: use proper buffer size for http dump
|
|
* BUG/MINOR: h3: fix crash due to h3 traces
|
|
* BUG/MEDIUM: ssl: wrong eviction from the session cache tree
|
|
* MINOR: h3: add missing traces on closure
|
|
* BUG/MINOR: h3: reject RESET_STREAM received for control stream
|
|
* BUG/MEDIUM: h3: handle STOP_SENDING on control stream
|
|
* MINOR: mux-quic/h3: define stream close callback
|
|
* OPTIM: h3: skip buf realign if no trailer to encode
|
|
* BUG/MEDIUM: h3: do not crash if no buf space for trailers
|
|
* BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section
|
|
* MINOR: trace: add the long awaited TRACE_PRINTF()
|
|
* MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback
|
|
* MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active
|
|
* DEV: hpack: fix `trash` build regression
|
|
* BUG/MINOR: sink: free the forwarding task on exit
|
|
* BUG/MINOR: ring: release the backing store name on exit
|
|
* BUG/MINOR: log: release global log servers on exit
|
|
* BUG/MEDIUM: hpack: fix incorrect huffman decoding of some control chars
|
|
* BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission
|
|
* BUG/MINOR: h3: fix GOAWAY emission
|
|
* MINOR: mux-quic/h3: send SETTINGS as soon as transport is ready
|
|
* MINOR: connection: add a BUG_ON() to detect destroying connection in idle list
|
|
* DEV: haring: add a new option "-r" to automatically repair broken files
|
|
* BUG/MINOR: sink: make sure to always properly unmap a file-backed ring
|
|
* MEDIUM: quic-sock: fix udp source address for send on listener socket
|
|
* BUG/MINOR: quic: Do not request h3 clients to close its unidirection streams
|
|
* BUG/MINOR: jwt: Wrong return value checked
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 14 16:32:26 UTC 2023 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.2+git0.7e295dd2c:
|
|
* [RELEASE] Released version 2.7.2
|
|
* BUILD: hpack: include global.h for the trash that is needed in debug mode
|
|
* BUG/MINOR: mux-h2: add missing traces on failed headers decoding
|
|
* BUG/MINOR: mux-h2: make sure to produce a log on invalid requests
|
|
* MINOR: h3: implement TRAILERS decoding
|
|
* MINOR: h3: implement TRAILERS encoding
|
|
* MINOR: h3: extend function for QUIC varint encoding
|
|
* BUG/MINOR: h3: properly handle connection headers
|
|
* BUG/MINOR: bwlim: Fix parameters check for set-bandwidth-limit actions
|
|
* BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions
|
|
* BUG/MEDIUM: debug/thread: make the debug handler not wait for !rdv_requests
|
|
* MINOR: threads: add a thread_harmless_end() version that doesn't wait
|
|
* BUG/MINOR: thread: always reload threads_enabled in loops
|
|
* BUG/MEDIUM: fd/threads: fix again incorrect thread selection in wakeup broadcast
|
|
* BUG/MINOR: listener: close tiny race between resume_listener() and stopping
|
|
* BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0)
|
|
* BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params)
|
|
* DOC: config: fix "Address formats" chapter syntax
|
|
* BUG/MINOR: mux-fcgi: Correctly set pathinfo
|
|
* MINOR: quic: Replace v2 draft definitions by those of the final 2 version
|
|
* MINOR: sample: Add "quic_enabled" sample fetch
|
|
* MINOR: quic: Add "no-quic" global option
|
|
* MINOR: quic: Disable the active connection migrations
|
|
* MINOR: quic: Useless test about datagram destination addresses
|
|
* BUG/MEDIUM: stconn: also consider SE_FL_EOI to switch to SE_FL_ERROR
|
|
* CLEANUP: stconn: always use se_fl_set_error() to set the pending error
|
|
* MINOR: listener: also support "quic+" as an address prefix
|
|
* DOC: config: mention the missing "quic4@" and "quic6@" in protocol prefixes
|
|
* DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@"
|
|
* DOC: config: fix wrong section number for "protocol prefixes"
|
|
* BUG/MINOR: listeners: fix suspend/resume of inherited FDs
|
|
* BUG/MINOR: http-ana: make set-status also update txn->status
|
|
* BUG/MEDIUM: mux-h2: Don't send CANCEL on shutw when response length is unkown
|
|
* BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state
|
|
* BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body
|
|
* BUG/MINOR: promex: Don't forget to consume the request on error
|
|
* BUG/MEDIUM: peers: make "show peers" more careful about partial initialization
|
|
* DEV: tcploop: add minimal support for unix sockets
|
|
* BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action
|
|
* BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc
|
|
* BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses
|
|
* MINOR: mux-quic: use send-list for immediate sending retry
|
|
* MINOR: mux-quic: use send-list for STOP_SENDING/RESET_STREAM emission
|
|
* MEDIUM: h3: send SETTINGS before STREAM frames
|
|
* MAJOR: mux-quic: rework stream sending priorization
|
|
* MINOR: mux-quic: add traces for flow-control limit reach
|
|
* BUG/MINOR: mux-quic: fix transfer of empty HTTP response
|
|
* DOC: management: add details about @system-ca in "show ssl ca-file"
|
|
* DOC: management: add details on "Used" status
|
|
* DOC: config: added optional rst-ttl argument to silent-drop in action lists
|
|
* CLEANUP: htx: fix a typo in an error message of http_str_to_htx
|
|
* BUG/MINOR: http: Memory leak of http redirect rules' format string
|
|
* BUG/MINOR: fd: avoid bad tgid assertion in fd_delete() from deinit()
|
|
* REGTEST: fix the race conditions in hmac.vtc
|
|
* REGTEST: fix the race conditions in digest.vtc
|
|
* REGTEST: fix the race conditions in add_item.vtc
|
|
* REGTEST: fix the race conditions in json_query.vtc
|
|
* BUG/MINOR: proxy: free orgto_hdr_name in free_proxy()
|
|
* DOC: config: remove duplicated "http-response sc-set-gpt0" directive
|
|
* DOC: config: fix alphabetical ordering of http-after-response rules
|
|
* BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
|
|
* BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set
|
|
* MINOR: config: add environment variables for default log format
|
|
* CI: Reformat `matrix.py` using `black`
|
|
* CI: Explicitly check environment variable against `None` in matrix.py
|
|
* CI: Unify the `GITHUB_TOKEN` name across matrix.py and vtest.yml
|
|
* CI: Use proper `if` blocks instead of conditional expressions in matrix.py
|
|
* CI: Add in-memory cache for the latest OpenSSL/LibreSSL
|
|
* CI: Improve headline in matrix.py
|
|
* BUG/MINOR: stick-table: report the correct action name in error message
|
|
* MINOR: cfgparse-ssl: avoid a possible crash on OOM in ssl_bind_parse_npn()
|
|
* BUG/MINOR: debug: don't mask the TH_FL_STUCK flag before dumping threads
|
|
* BUILD: makefile: make sure to also ignore SSL_INC when using wolfssl
|
|
* BUILD: makefile: clean the wolfssl include and lib generation rules
|
|
* BUILD: makefile: sort the features list
|
|
* BUILD: makefile: build the features list dynamically
|
|
* CI: github: use the GITHUB_TOKEN instead of a manually generated token
|
|
* BUG/MINOR: mux-quic: ignore remote unidirectional stream close
|
|
* CI: github: enable github api authentication for OpenSSL tags read
|
|
* MINOR: h3: use stream error when needed instead of connection
|
|
* MEDIUM: mux-quic: implement STOP_SENDING emission
|
|
* MINOR: mux-quic: handle RESET_STREAM reception
|
|
* MINOR: mux-quic: do not count stream flow-control if already closed
|
|
* MEDIUM: mux-quic: implement shutw
|
|
* MINOR: httpclient: don't add body when istlen is empty
|
|
* BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats
|
|
* BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set
|
|
* BUG/MINOR: quic: do not allocate more rxbufs than necessary
|
|
* BUG/MEDIUM: quic: properly take shards into account on bind lines
|
|
* BUG/MEDIUM: mux-quic: fix double delete from qcc.opening_list
|
|
* REGTESTS: ssl: enable the ssl_reuse.vtc test for WolfSSL
|
|
* OPTIM: pool: split the read_mostly from read_write parts in pool_head
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 25 06:01:14 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.1+git0.3e4af0ed7:
|
|
* [RELEASE] Released version 2.7.1
|
|
* BUG/MEDIUM: stats: Rely on a local trash buffer to dump the stats
|
|
* BUG/MINOR:: mux-h1: Never handle error at mux level for running connection
|
|
* BUG/MINOR: mux-h1: Report EOS on parsing/internal error for not running stream
|
|
* BUG/MEDIUM: tests: use tmpdir to create UNIX socket
|
|
* REGTESTS: startup: disable automatic_maxconn.vtc
|
|
* BUG/MINOR: quic: fix crash on PTO rearm if anti-amplification reset
|
|
* BUG/MINOR: stats: fix show stat json buffer limitation
|
|
* MINOR: stats: introduce stats field ctx
|
|
* MINOR: stats: provide ctx for dumping functions
|
|
* BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain
|
|
* MINOR: h3: check return values of htx_add_* on headers parsing
|
|
* BUG/MINOR: h3: fix memleak on HEADERS parsing failure
|
|
* BUG/MEDIUM: h3: fix cookie header parsing
|
|
* BUG/MINOR: mux-h1: Fix test instead a BUG_ON() in h1_send_error()
|
|
* BUG/MEDIUM: mux-h1: Don't release H1 stream upgraded from TCP on error
|
|
* LICENSE: wurfl: clarify the dummy library license.
|
|
* BUG/MINOR: mux-quic: handle properly alloc error in qcs_new()
|
|
* BUG/MINOR: mux-quic: remove qcs from opening-list on free
|
|
* CLEANUP: mux-quic: remove unused attribute on qcs_is_close_remote()
|
|
* BUG/MINOR: quic: handle alloc failure on qc_new_conn() for owned socket
|
|
* BUG/MINOR: quic: properly handle alloc failure in qc_new_conn()
|
|
* BUG/MINOR: quic: fix fd leak on startup check quic-conn owned socket
|
|
* MINOR: quic: reconnect quic-conn socket on address migration
|
|
* MEDIUM: quic: requeue datagrams received on wrong socket
|
|
* MINOR: mux-quic: rename duplicate function names
|
|
* MEDIUM: quic: move receive out of FD handler to quic-conn io-cb
|
|
* MEDIUM: quic: use quic-conn socket for reception
|
|
* MINOR: quic: use connection socket for emission
|
|
* MINOR: quic: allocate a socket per quic-conn
|
|
* MINOR: quic: define config option for socket per conn
|
|
* MINOR: quic: test IP_PKTINFO support for quic-conn owned socket
|
|
* MINOR: quic: startup detect for quic-conn owned socket support
|
|
* MINOR: quic: ignore address migration during handshake
|
|
* MINOR: quic: detect connection migration
|
|
* MINOR: tools: add port for ipcmp as optional criteria
|
|
* MINOR: quic: extract datagram parsing code
|
|
* MINOR: quic: complete traces in qc_rx_pkt_handle()
|
|
* MINOR: quic: remove qc from quic_rx_packet
|
|
* BUILD: peers: peers-t.h depends on stick-table-t.h
|
|
* CI: github: split matrix for development and stable branches
|
|
* CI: github: remove redundant ASAN loop
|
|
* MINOR: debug: add a balance of alloc - free at the end of the memstats dump
|
|
* MINOR: debug: support pool filtering on "debug dev memstats"
|
|
* BUG/MEDIUM: h3: parse content-length and reject invalid messages
|
|
* MINOR: http: extract content-length parsing from H2
|
|
* BUG/MEDIUM: h3: reject request with invalid pseudo header
|
|
* BUG/MEDIUM: h3: reject request with invalid header name
|
|
* REGTESTS: startup: add alternatives values in automatic_maxconn.vtc
|
|
* BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout
|
|
* BUG/MEDIUM: freq-ctr: Don't compute overshoot value for empty counters
|
|
* CLEANUP: ssl: remove check on srv->proxy
|
|
* REGTESTS: startup: activate automatic_maxconn.vtc
|
|
* CI: github: set ulimit -n to a greater value
|
|
* REGTESTS: startup: change the expected maxconn to 11000
|
|
* BUG/MINOR: startup: don't use internal proxies to compute the maxconn
|
|
* REGTESTS: startup: check maxconn computation
|
|
* REGTESTS: fix the race conditions in iff.vtc
|
|
* BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
|
|
* DOC: promex: Add missing backend metrics
|
|
* MINOR: promex: introduce haproxy_backend_agg_check_status
|
|
* BUG/MINOR: promex: create haproxy_backend_agg_server_status
|
|
* MINOR: pools: make DEBUG_UAF a runtime setting
|
|
* DEBUG: pool: show a few examples in -dMhelp
|
|
* CLEANUP: pools: get rid of CONFIG_HAP_POOLS
|
|
* REORG: pool: move all the OS specific code to pool-os.h
|
|
* CLEANUP: pool: only include pool-os from pool.c not pool.h
|
|
* CLEANUP: pools: move the write before free to the uaf-only function
|
|
* BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task
|
|
* BUILD: makefile/da: also clean Os/ in Device Atlas dummy lib dir
|
|
* BUILD: atomic: atomic.h may need compiler.h on ARMv8.2-a
|
|
* BUG/MINOR: init/threads: continue to limit default thread count to max per group
|
|
* BUG/MINOR: checks: restore legacy on-error fastinter behavior
|
|
* BUG/MEDIUM: mworker: create the mcli_reload socketpairs in case of upgrade
|
|
* BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers
|
|
* MINOR: mworker: display an alert upon a wait-mode exit
|
|
* BUG/MINOR: checks: make sure fastinter is used even on forced transitions
|
|
* BUG/MEDIUM: checks: do not reschedule a possibly running task on state change
|
|
* CI: github: split ssl lib selection based on git branch
|
|
* CI: github: reintroduce openssl 1.1.1
|
|
* BUG/MEDIIM: stconn: Flush output data before forwarding close to write side
|
|
* BUG/MINOR: ssl: initialize WolfSSL before parsing
|
|
* BUG/MINOR: ssl: initialize SSL error before parsing
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 01 15:25:38 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.7.0+git0.437fd289f:
|
|
https://www.haproxy.com/blog/announcing-haproxy-2-7/
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg42914.html
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 22 13:13:45 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- reenable the pcre jit after the last change
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 14 11:20:34 UTC 2022 - Stephan Kulow <coolo@suse.com>
|
|
|
|
- Switch from unmaintained pcre 8.45 to pcre2 10
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 26 13:19:38 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.6.6+git0.274d1a4df:
|
|
* [RELEASE] Released version 2.6.6
|
|
* BUG/MINOR: log: improper behavior when escaping log data
|
|
* REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc
|
|
* REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
|
|
* REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
|
|
* BUG/MEDIUM: mux-quic: properly trim HTX buffer on snd_buf reset
|
|
* MINOR: mux-quic: refactor snd_buf
|
|
* REORG: mux-quic: export HTTP related function in a dedicated file
|
|
* REORG: mux-quic: extract traces in a dedicated source file
|
|
* BUG/MINOR: mux-quic: do not keep detached qcs with empty Tx buffers
|
|
* BUG/MEDIUM: mux-quic: fix nb_hreq decrement
|
|
* SCRIPTS: announce-release: update some URLs to https
|
|
* BUILD: fd: fix a build warning on the DWCAS
|
|
* BUG/MEDIUM: captures: free() an error capture out of the proxy lock
|
|
* CLEANUP: quic,ssl: fix tiny typos in C comments
|
|
* BUG/MEDIUM: server: segv when adding server with hostname from CLI
|
|
* BUG/MINOR: mux-quic: do not remotely close stream too early
|
|
* CLEANUP: mux-quic: remove stconn usage in h3/hq
|
|
* BUG/MEDIUM: mux-quic: fix crash on early app-ops release
|
|
* MEDIUM: quic: separate path for rx and tx with set_encryption_secrets
|
|
* DOC: fix TOC in starter guide for subsection 3.3.8. Statistics
|
|
* REGTESTS: ssl/log: test the log-forward with SSL
|
|
* BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring.
|
|
* REGTESTS: log: test the log-forward feature
|
|
* BUG/MINOR: listener: null pointer dereference suspected by coverity
|
|
* CLEANUP: listener: function comment typo in stop_listener()
|
|
* REGTESTS: healthcheckmail: Relax matching on the healthcheck log message
|
|
* BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created
|
|
* CLEANUP: pollers: remove dead code in the polling loop
|
|
* BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN'
|
|
* MINOR: proxy/listener: support for additional PAUSED state
|
|
* MINOR: listener: small API change
|
|
* BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK
|
|
* DEV: flags: add missing CO_FL_FDLESS connection flag
|
|
* DEV: flags: fix usage message to reflect available options
|
|
* CI: cirrus-ci: bump FreeBSD image to 13-1
|
|
* BUG/MINOR: signals/poller: ensure wakeup from signals
|
|
* MINOR: h3: Send the h3 settings with others streams (requests)
|
|
* MINOR: h3: Missing connection argument for a TRACE_LEAVE() argument
|
|
* MINOR: h3: Add the quic_conn object to h3 traces
|
|
* BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal"
|
|
* BUG/MINOR: quic: Trace fix about packet number space information.
|
|
* BUG/MINOR: quic: Speed up the handshake completion only one time
|
|
* BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals
|
|
* BUG/MINOR: stream/sched: take into account CPU profiling for the last call
|
|
* MINOR: sched: store the current profile entry in the thread context
|
|
* BUG/MINOR: sched: properly account for the CPU time of dying tasks
|
|
* BUG/MINOR: task: Fix detection of tasks profiling in tasklet_wakeup_after()
|
|
* CLEANUP: task: rename ->call_date to ->wake_date
|
|
* MINOR: task: permanently enable latency measurement on tasklets
|
|
* BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet
|
|
* BUG/MINOR: task: always reset a new tasklet's call date
|
|
* BUG/MINOR: quic: Wrong connection ID to thread ID association
|
|
* MINOR: quic: No TRACE_LEAVE() in retrieve_qc_conn_from_cid()
|
|
* MINOR: quic: Add traces about sent or resent TX frames
|
|
* MINOR: quic: add QUIC support when no client_hello_cb
|
|
* BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx()
|
|
* BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx
|
|
* BUILD: quic: enable early data only with >= openssl 1.1.1
|
|
* BUILD: quic: temporarly ignore chacha20_poly1305 for libressl
|
|
* BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb
|
|
* BUILD: quic: add some ifdef around the SSL_ERROR_* for libressl
|
|
* BUG/MINOR: quic: Possible crash when verifying certificates
|
|
* BUG/MINOR: h1: Support headers case adjustment for TCP proxies
|
|
* BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines
|
|
* BUG/MINOR: quic: Retransmitted frames marked as acknowledged
|
|
* BUILD: makefile: enable crypt(3) for NetBSD
|
|
* MINOR: Revert part of clarifying samples support per os commit
|
|
* MEDIUM: peers: limit the number of updates sent at once
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Sep 17 16:50:03 UTC 2022 - dmueller@suse.com
|
|
|
|
- Update to version 2.6.5+git0.987a4e248:
|
|
* [RELEASE] Released version 2.6.5
|
|
* BUG/MINOR: http-act: initialize http fmt head earlier
|
|
* MINOR: debug: report applet pointer and handler in crashes when known
|
|
* DEBUG: stream: minor rearrangement of a few fields in struct stream.
|
|
* BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber
|
|
* BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber
|
|
* BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber
|
|
* BUG/MINOR: httpclient: keep-alive was accidentely disabled
|
|
* BUG/MEDIUM: httpclient: always detach the caller before self-killing
|
|
* BUG/MINOR: h2: properly set the direction flag on HTX response
|
|
* BUG/MINOR: quic: Frames leak during retransmissions
|
|
* MINOR: quic: Trace typo fix in qc_release_frm()
|
|
* MINOR: quic: Add TX frames addresses to traces to several trace events
|
|
* BUG/MINOR: quic: Do not ack when probing
|
|
* MINOR: backend: always satisfy the first req reuse rule with l7 retries
|
|
* BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools
|
|
* REGTESTS: http_request_buffer: Add a barrier to not mix up log messages
|
|
* BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support
|
|
* BUILD: debug: make sure debug macros are never empty
|
|
* CLEANUP: exclude haring with .gitignore
|
|
* DEV: haring: support remapping LF in contents with CR VT
|
|
* DEV: haring: add a simple utility to read file-backed rings
|
|
* MINOR: sink/ring: rotate non-empty file-backed contents only
|
|
* MINOR: ring: archive a previous file-backed ring on startup
|
|
* BUILD: sink: replace S_IRUSR, S_IWUSR with their octal value
|
|
* MINOR: ring: add support for a backing-file
|
|
* MINOR: ring: support creating a ring from a linear area
|
|
* BUILD: ring: forward-declare struct appctx to avoid a build warning
|
|
* BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2
|
|
* BUG/MINOR: quic: TX frames memleak
|
|
* MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event
|
|
* MINOR: quic: Add a trace to distinguish the datagram from the packets inside
|
|
* BUG/MINOR: quic: Missing header protection AES cipher context initialisations (draft-v2)
|
|
* BUG/MINOR: quic: Frames added to packets even if not built.
|
|
* BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace
|
|
* Revert "MINOR: quic: Remove useless traces about references to TX packets"
|
|
* MINOR: quic: Remove useless traces about references to TX packets
|
|
* CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv()
|
|
* CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet)
|
|
* BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup)
|
|
* BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets
|
|
* Revert "BUG/MINOR: quix: Memleak for non in flight TX packets"
|
|
* MINOR: quic: Replace MT_LISTs by LISTs for RX packets.
|
|
* BUG/MINOR: quic: Safer QUIC frame builders
|
|
* BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt()
|
|
* BUG/MINOR: quix: Memleak for non in flight TX packets
|
|
* BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged data
|
|
* MINOR: quic: Add reusable cipher contexts for header protection
|
|
* MINOR: quic: Trace fix in qc_release_frm()
|
|
* MINOR: quic: Add the QUIC connection to mux traces
|
|
* BUG/MINOR: quic: Wrong splitted duplicated frames handling
|
|
* MINOR: quic: Add frame addresses to QUIC_EV_CONN_PRSAFRM event traces
|
|
* BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame struct member
|
|
* MEDIUM: h3: concatenate multiple cookie headers
|
|
* REGTESTS: add test for HTTP/2 cookies concatenation
|
|
* REORG: h2: extract cookies concat function in http_htx
|
|
* BUG/MEDIUM: quic: fix crash on MUX send notification
|
|
* BUG/MINOR: quic: Missing initializations for ducplicated frames.
|
|
* BUG/MINOR: quic: do not notify MUX on frame retransmit
|
|
* MINOR: quic: refactor application send
|
|
* MINOR: mux-quic: add missing args on some traces
|
|
* MINOR: mux-quic: adjust traces on stream init
|
|
* BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control
|
|
* MINOR: qpack: report error on enc/dec stream close
|
|
* MINOR: h3: report error on control stream close
|
|
* MINOR: quic: adjust quic_frame flag manipulation
|
|
* BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt()
|
|
* BUG/MINOR: quic: MIssing check when building TX packets
|
|
* BUG/MINOR: mux-quic: fix crash with traces in qc_detach()
|
|
* BUG/MEDIUM: quic: Wrong use of <token_odcid> in qc_lsntr_pkt_rcv()
|
|
* BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init()
|
|
* BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg
|
|
* MINOR: mux-quic: define new traces
|
|
* CLEANUP: mux-quic: adjust traces level
|
|
* MINOR: mux-quic: define protocol error traces
|
|
* MINOR: mux-quic: adjust enter/leave traces
|
|
* CLEANUP: quic: Remove trailing spaces
|
|
* MINOR: quic: Remove useless lock for RX packets
|
|
* MEDIUM: quic: xprt traces rework
|
|
* BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level
|
|
* BUG/MINOR: mux-quic: open stream on STOP_SENDING
|
|
* MINOR: quic: skip sending if no frame to send in io-cb
|
|
* MINOR: quic: refactor datagram commit in Tx buffer
|
|
* MINOR: quic: release Tx buffer on each send
|
|
* MINOR: quic: replace custom buf on Tx by default struct buffer
|
|
* MINOR: quic: Replace pool_zalloc() by pool_malloc() for fake datagrams
|
|
* BUG/MINOR: quic: adjust errno handling on sendto
|
|
* MINOR: quic: Add two new stats counters for sendto() errors
|
|
* MEDIUM: mux-quic: implement http-request timeout
|
|
* MINOR: mux-quic: refactor refresh timeout function
|
|
* MINOR: mux-quic: refresh timeout on frame decoding
|
|
* MINOR: h3: support HTTP request framing state
|
|
* MEDIUM: mux-quic: implement http-keep-alive timeout
|
|
* MINOR: mux-quic: count in-progress requests
|
|
* MEDIUM: mux-quic: adjust timeout refresh
|
|
* MINOR: mux-quic: use timeout server for backend conns
|
|
* MINOR: mux-quic: save proxy instance into qcc
|
|
* MINOR: h3: implement graceful shutdown with GOAWAY
|
|
* MINOR: h3: store control stream in h3c
|
|
* MINOR: mux-quic: send one last time before release
|
|
* CLEANUP: mux-quic: move qc_release()
|
|
* MEDIUM: quic: send CONNECTION_CLOSE on released MUX
|
|
* MINOR: mux-quic/h3: prepare CONNECTION_CLOSE on release
|
|
* MINOR: mux-quic: support app graceful shutdown
|
|
* MINOR: quic: define a generic QUIC error type
|
|
* CLEANUP: quic: clean up include on quic_frame-t.h
|
|
* MEDIUM: mux-quic: implement STOP_SENDING handling
|
|
* MEDIUM: mux-quic: implement RESET_STREAM emission
|
|
* MINOR: mux-quic: use stream states to mark as detached
|
|
* MINOR: mux-quic: define basic stream states
|
|
* MINOR: mux-quic: support stream opening via MAX_STREAM_DATA
|
|
* MINOR: mux-quic: do not ack STREAM frames on unrecoverable error
|
|
* MINOR: mux-quic: filter send/receive-only streams on frame parsing
|
|
* MINOR: mux-quic: implement qcs_alert()
|
|
* MINOR: mux-quic: add traces on frame parsing functions
|
|
* MINOR: mux-quic: rename stream purge function
|
|
* REORG: mux-quic: rename stream initialization function
|
|
* MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size
|
|
* MINOR: mux-quic: rename qcs flag FIN_RECV to SIZE_KNOWN
|
|
* MEDIUM: mux-quic: refactor streams opening
|
|
* MINOR: mux-quic: implement accessor for sedesc
|
|
* REORG: mux-quic: reorganize flow-control fields
|
|
* CLEANUP: mux-quic: do not export qc_get_ncbuf
|
|
* CLEANUP: mux-quic: adjust comment on qcs_consume()
|
|
* BUG/MINOR: qpack: abort on dynamic index field line decoding
|
|
* BUG/MINOR: qpack: fix build with QPACK_DEBUG
|
|
* CLEANUP: pool/quic: remove suffix "_pool" from certain pool names
|
|
* MINOR: quic: Dump version_information transport parameter
|
|
* BUG/MINOR: qpack: abort on dynamic index field line decoding
|
|
* BUILD: quic: Wrong HKDF label constant variable initializations
|
|
* CLEANUP: quic: Remove any reference to boringssl
|
|
* MEDIUM: quic: Compatible version negotiation implementation (draft-08)
|
|
* MINOR: quic: Released QUIC TLS extension for QUIC v2 draft
|
|
* MEDIUM: quic: Add QUIC v2 draft support
|
|
* CLEANUP: quid: QUIC draft-28 no more supported
|
|
* MINOR: quic: Parse long packet version from qc_parse_hd_form()
|
|
* MINOR: quic: Add several nonce and key definitions for Retry tag
|
|
* MINOR: qpack: improve decoding function
|
|
* MINOR: qpack: add ABORT_NOW on unimplemented decoding
|
|
* MINOR: qpack: reduce dependencies on other modules
|
|
* CLEANUP: quic: use task_new_on() for single-threaded tasks
|
|
* MINOR: mux-quic: complete BUG_ON on TX flow-control enforcing
|
|
* BUG/MEDIUM: h3: fix SETTINGS parsing
|
|
* BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing
|
|
* BUG/MINOR: h3: fix return value on decode_qcs on error
|
|
* MINOR: mux-quic/h3: adjust demuxing function return values
|
|
* MINOR: mux-quic: simplify decode_qcs API
|
|
* CLEANUP: Re-apply xalloc_size.cocci (2)
|
|
* MINOR: connection: support HTTP/3.0 for smp_*_http_major fetch
|
|
* BUG/MINOR: dev/udp: properly preset the rx address size
|
|
* BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input
|
|
* BUG/MINOR: ssl: revert two wrong fixes with ckhi_link
|
|
* MINOR: quic: Revert recent QUIC commits
|
|
* BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released
|
|
* BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free()
|
|
* BUG/MINOR: ssl: fix deinit of the ca-file tree
|
|
* BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule)
|
|
* MINOR: quic: Add a trace to distinguish the datagram from the packets inside
|
|
* BUG/MINOR: applet: make the call_rate only count the no-progress calls
|
|
* BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler
|
|
* MINOR: quic: Replace MT_LISTs by LISTs for RX packets.
|
|
* BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets
|
|
* BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date
|
|
* BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
|
|
* BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
|
|
* BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
|
|
* BUG/MINOR: quic: Frames added to packets even if not built.
|
|
* DOC: configuration.txt: do-resolve must use host_only to remove its port.
|
|
* BUG/MINOR: httpclient: fix resolution with port
|
|
* MINOR: sample: add the host_only and port_only converters
|
|
* DOC: configuration: do-resolve doesn't work with a port in the string
|
|
* CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv()
|
|
* CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet)
|
|
* BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup)
|
|
* BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets
|
|
* MINOR: resolvers: shut the warning when "default" resolvers is implicit
|
|
* REGTESTS: Fix prometheus script to perform HTTP health-checks
|
|
* BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect
|
|
* BUG/MINOR: mworker: does not create the "default" resolvers in wait mode
|
|
* BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config()
|
|
* BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD
|
|
* BUG/MINOR: quic: Safer QUIC frame builders
|
|
* BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt()
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 22 13:29:50 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.6.4+git0.2a2078cba:
|
|
* [RELEASE] Released version 2.6.4
|
|
* BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
|
|
* BUG/MINOR: ssl/cli: error when the ca-file is empty
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 19 16:09:19 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.6.3+git0.76f187b36:
|
|
* [RELEASE] Released version 2.6.3
|
|
* BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured
|
|
* BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
|
|
* BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle
|
|
* BUG/MEDIUM: cli: always reset the service context between commands
|
|
* MINOR: applet: add a function to reset the svcctx of an applet
|
|
* BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names
|
|
* MINOR: stick-table: Add table_expire() and table_idle() new converters
|
|
* BUG/MINOR: quic: memleak on wrong datagram receipt
|
|
* BUG/MEDIUM: ring: fix too lax 'size' parser
|
|
* BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames()
|
|
* BUILD: debug: silence warning on gcc-5
|
|
* BUILD: stconn: fix build warning at -O3 about possible null sc
|
|
* BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq()
|
|
* BUG/MEDIUM: poller: use fd_delete() to release the poller pipes
|
|
* BUG/MEDIUM: quic: always remove the connection from the accept list on close
|
|
* CLEANUP: mux-quic: remove loop on sending frames
|
|
* BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection
|
|
* MINOR: quic: Too much useless traces in qc_build_frms()
|
|
* BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp()
|
|
* BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h
|
|
* CLEANUP: assorted typo fixes in the code and comments
|
|
* BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr
|
|
* MINOR: quic: explicitely ignore sendto error
|
|
* BUG/MINOR: quic: Missing Initial packet dropping case
|
|
* BUG/MINOR: quic: do not reject datagrams matching minimum permitted size
|
|
* BUG/MINOR: sink: fix a race condition between the writer and the reader
|
|
* BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing
|
|
* BUG/MINOR: ring/cli: fix a race condition between the writer and the reader
|
|
* BUG/MINOR: quic: Avoid sending truncated datagrams
|
|
* BUILD: http: silence an uninitialized warning affecting gcc-5
|
|
* BUG/MEDIUM: quic: Floating point exception in cubic_root()
|
|
* BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement
|
|
* MINOR: peers: Add a warning about incompatible SSL config for the local peer
|
|
* BUG/MEDIUM: proxy: Perform a custom copy for default server settings
|
|
* REORG: server: Export srv_settings_cpy() function
|
|
* MINOR: server: Constify source server to copy its settings
|
|
* BUG/MINOR: backend: Don't increment conn_retries counter too early
|
|
* BUG/MEDIUM: dns: Properly initialize new DNS session
|
|
* BUG/MINOR: peers: Use right channel flag to consider the peer as connected
|
|
* BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload
|
|
* MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer
|
|
* BUG/MINOR: mux-quic: do not free conn if attached streams
|
|
* CLEANUP: mux-quic: remove useless app_ops is_active callback
|
|
* BUG/MINOR: mux-quic: prevent crash if conn released during IO callback
|
|
* BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions
|
|
* MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups
|
|
* BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once
|
|
* MINOR: quic: Send packets as much as possible from qc_send_app_pkts()
|
|
* BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts()
|
|
* MINOR: quic: Stop looking for packet loss asap
|
|
* BUG/MINOR: quic: loss time limit variable computed but not used
|
|
* MINOR: quic: New "quic-cc-algo" bind keyword
|
|
* MEDIUM: quic: Cubic congestion control algorithm implementation
|
|
* MINOR: quic: Congestion control architecture refactoring
|
|
* BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks
|
|
* BUG/MINOR: mworker: PROC_O_LEAVING used but not updated
|
|
* MEDIUM: resolvers: continue startup if network is unavailable
|
|
* DEBUG: fd: split the fd check
|
|
* Revert "BUG/MINOR: peers: set the proxy's name to the peers section name"
|
|
* BUG/MINOR: sockpair: wrong return value for fd_send_uxst()
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 28 20:04:58 UTC 2022 - dmueller@suse.com
|
|
|
|
- Update to version 2.6.2+git0.16a3646fd:
|
|
* [RELEASE] Released version 2.6.2
|
|
* BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible
|
|
* BUILD: quic: fix anonymous union for gcc-4.4
|
|
* BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side
|
|
* BUILD: add detection for unsupported compiler models
|
|
* BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload
|
|
* BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap
|
|
* BUG/MINOR: mworker/cli: relative pid prefix not validated anymore
|
|
* BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake
|
|
* BUG/MINOR: tools: fix statistical_prng_range()'s output range
|
|
* BUG/MINOR: ssl: allow duplicate certificates in ca-file directories
|
|
* BUG/MINOR: resolvers: shut off the warning for the default resolvers
|
|
* MINOR: resolvers: resolvers_destroy() deinit and free a resolver
|
|
* BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2)
|
|
* BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX
|
|
* BUG/MEDIUM: tools: avoid calling dlsym() in static builds
|
|
* BUG/MINOR: debug: enter ha_panic() only once
|
|
* BUG/MEDIUM: cli/threads: make "show threads" more robust on applets
|
|
* BUG/MINOR: quic: fix closing state on NO_ERROR code sent
|
|
* BUG/MEDIUM: mux-quic: fix server chunked encoding response
|
|
* CLEANUP: h2: Typo fix in h2_unsubcribe() traces
|
|
* MINOR: qpack: properly handle invalid dynamic table references
|
|
* MINOR: h3: handle errors on HEADERS parsing/QPACK decoding
|
|
* MINOR: h3: add h3c pointer into h3s instance
|
|
* BUG/MINOR: mux-quic: do not signal FIN if gap in buffer
|
|
* MINOR: ncbuf: implement ncb_is_fragmented()
|
|
* MINOR: quic: Increase the QUIC connections RX buffer size (upto 64Kb)
|
|
* MINOR: quic: Improvements for the datagrams receipt
|
|
* MINOR: task: Add tasklet_wakeup_after()
|
|
* MINOR: quic: Duplicated QUIC_RX_BUFSZ definition
|
|
* MINOR: quic: Add new stats counter to diagnose RX buffer overrun
|
|
* BUG/MINOR: quic: Dropped packets not counted (with RX buffers full)
|
|
* BUILD: quic+h3: 32-bit compilation errors fixes
|
|
* BUG/MAJOR: quic: Big RX dgrams leak with POST requests
|
|
* BUG/MAJOR: quic: Big RX dgrams leak when fulfilling a buffer
|
|
* BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer
|
|
* BUG/MINOR: quic: Missing acknowledgments for trailing packets
|
|
* MEDIUM: mworker: set the iocb of the socketpair without using fd_insert()
|
|
* BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send
|
|
* BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state
|
|
* BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer
|
|
* REGTEESTS: filters: Fix CONNECT request in random-forwarding script
|
|
* BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream
|
|
* MINOR: http-htx: Use new HTTP functions for the scheme based normalization
|
|
* BUG/MEDIUM: h1: Improve authority validation for CONNCET request
|
|
* MINOR: http: Add function to detect default port
|
|
* MINOR: http: Add function to get port part of a host
|
|
* BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo
|
|
* BUG/MINOR: peers: fix possible NULL dereferences at config parsing
|
|
* BUG/MINOR: http-act: Properly generate 103 responses when several rules are used
|
|
* BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule
|
|
* BUG/MINOR: peers/config: always fill the bind_conf's argument
|
|
* MINOR: fd: Add BUG_ON checks on fd_insert()
|
|
* CI: re-enable gcc asan builds
|
|
* BUILD: Makefile: Add Lua 5.4 autodetect
|
|
* BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
|
|
* MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD
|
|
* BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch
|
|
* BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created
|
|
* BUG/MINOR: ssl: Do not look for key in extra files if already in pem
|
|
* MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames
|
|
- drop lua54.patch (upstream)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 09 20:13:15 UTC 2022 - elimat@opensuse.org
|
|
|
|
- Update to version 2.6.1+git0.f6ca66d44:
|
|
* [RELEASE] Released version 2.6.1
|
|
* REGTESTS: ssl: add the same cert for client/server
|
|
* BUG/MEDIUM: mworker: use default maxconn in wait mode
|
|
* BUG/MINOR: quic: Acknowledgement must be forced during handshake
|
|
* BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list
|
|
* BUG/MINOR: quic: free rejected Rx packets
|
|
* BUG/MINOR: quic: purge conn Rx packet list on release
|
|
* BUG/MINOR: quic_stats: Duplicate "quic_streams_data_blocked_bidi" field name
|
|
* BUG/MINOR: quic: Unexpected half open connection counter wrapping
|
|
* BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option
|
|
* MINOR: stream: Rely on stconn flags to abort stream destructive upgrade
|
|
* BUG/MEDIUM: stream: Properly handle destructive client connection upgrades
|
|
* BUG/MINOR: task: fix thread assignment in tasklet_kill()
|
|
* BUG/MINOR: quic: Wrong PTO calculation
|
|
* BUG/MINOR: quic: Stop hardcoding Retry packet Version field
|
|
* BUG/BUILD: h3: fix wrong label name
|
|
* BUG/MINOR: h3/qpack: deal with too many headers
|
|
* MINOR: qpack: add comments and remove a useless trace
|
|
* BUG/MINOR: qpack: support header litteral name decoding
|
|
* BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup
|
|
* BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing
|
|
* BUG/MEDIUM: stconn: Don't wakeup applet for send if it won't consume data
|
|
* BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration
|
|
* BUG/MINOR: mux-quic: fix memleak on frames rejected by transport
|
|
* BUG/MEDIUM: mux-quic: fix flow control connection Tx level
|
|
* BUG/MINOR: cli/stats: add missing trailing LF after "show info json"
|
|
* BUG/MINOR: server: do not enable DNS resolution on disabled proxies
|
|
* BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs
|
|
* BUG/MINOR: h3: fix frame type definition
|
|
* REGTESTS: healthcheckmail: Relax health-check failure condition
|
|
* REGTESTS: healthcheckmail: Update the test to be functionnal again
|
|
* BUG/MINOR: checks: Properly handle email alerts in trace messages
|
|
* BUG/MINOR: trace: Test server existence for health-checks to get proxy
|
|
* BUG/MEDIUM: mailers: Set the object type for check attached to an email alert
|
|
* BUILD: compiler: implement unreachable for older compilers too
|
|
* REGTESTS: restrict_req_hdr_names: Extend supported versions
|
|
* REGTESTS: http_abortonclose: Extend supported versions
|
|
* BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler
|
|
* BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler
|
|
* BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler
|
|
* BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd
|
|
* BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield
|
|
* BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield
|
|
* BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield
|
|
* BUG/MINOR: ssl_ckch: Use right type for old entry in show_crlfile_ctx
|
|
* REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients
|
|
* REGTESTS: abortonclose: Add a barrier to not mix up log messages
|
|
* MEDIUM: httpclient: Don't close CLI applet at the end of a response
|
|
* MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs
|
|
* BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases
|
|
* BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them
|
|
* BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases
|
|
* BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases
|
|
* BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases
|
|
* BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry
|
|
* BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry
|
|
* BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified
|
|
* BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified
|
|
* BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails
|
|
* BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 31 15:54:35 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.6.0+git0.a1efc048b:
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg42371.html
|
|
- refreshed patches
|
|
- haproxy-1.6.0-makefile_lib.patch
|
|
- haproxy-1.6.0-sec-options.patch
|
|
- haproxy-1.6.0_config_haproxy_user.patch
|
|
- lua54.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 13 14:54:15 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.7+git0.2ef551d02:
|
|
* [RELEASE] Released version 2.5.7
|
|
* CLEANUP: mux-h1: Fix comments and error messages for global options
|
|
* MINOR: mux-h1: Add global option accpet payload for any HTTP/1.0 requests
|
|
* BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized
|
|
* CLEANUP: applet: make appctx_new() initialize the whole appctx
|
|
* BUG/MINOR: conn_stream: do not confirm a connection from the frontend path
|
|
* DOC/MINOR: fix typos in the lua-api document
|
|
* BUG/MEDIUM: lua: fix argument handling in data removal functions
|
|
* BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes).
|
|
* DOC: install: update gcc version requirements
|
|
* BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-(
|
|
* BUILD: listener: shut report of possible null-deref in listener_accept()
|
|
* BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
|
|
* BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation
|
|
* BUG/MINOR: ssl: Fix typos in crl-file related CLI commands
|
|
* CI: dynamically determine actual version of h2spec
|
|
* DOC: fix typo "ant" for "and" in INSTALL
|
|
* BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts
|
|
* BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts
|
|
* BUG/MINOR: ssl/cli: fix "show ssl ca-file <name>" not to mix cli+ssl contexts
|
|
* BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts
|
|
* BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail
|
|
* BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init
|
|
* BUG/MINOR: map/cli: protect the backref list during "show map" errors
|
|
* BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend"
|
|
* BUG/MEDIUM: cli: make "show cli sockets" really yield
|
|
* BUG/MEDIUM: resolvers: make "show resolvers" properly yield
|
|
* BUG/MINOR: startup: usage() when no -cc arguments
|
|
* BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port]
|
|
* DOC: config: Update doc for PR/PH session states to warn about rewrite failures
|
|
* MINOR: mux-h2: report a trace event when failing to create a new stream
|
|
* BUG/MINOR: mux-h2: mark the stream as open before processing it not after
|
|
* BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket
|
|
* BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified
|
|
* BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message
|
|
* SCRIPTS: announce-release: add URL of dev packages
|
|
* CI: github actions: update LibreSSL to 3.5.2
|
|
* BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel
|
|
* MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
|
|
* BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all()
|
|
* BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit()
|
|
* BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option
|
|
* MINOR: connection: Add way to disable active connection closing during soft-stop
|
|
* BUILD: compiler: properly distinguish weak and global symbols
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 26 21:59:04 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.6+git0.ba44b4312:
|
|
* [RELEASE] Released version 2.5.6
|
|
* REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
|
|
* BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time'
|
|
* BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args
|
|
* Revert "CI: github actions: disable -Wno-deprecated"
|
|
* BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments
|
|
* BUG/MEDIUM: rules: Be able to use captures defined in defaults section
|
|
* BUG/MINOR: rules: Forbid captures in defaults section if used by a backend
|
|
* DOC: remove my name from the config doc
|
|
* MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
|
|
* MINOR: task: add a new task_instant_wakeup() function
|
|
* BUG/MAJOR: connection: Never remove connection from idle lists outside the lock
|
|
* BUG/MINOR: cache: Disable cache if applet creation fails
|
|
* BUILD: calltrace: fix wrong include when building with TRACE=1
|
|
* SCRIPTS: announce-release: add shortened links to pending issues
|
|
* DOC: lua: update a few doc URLs
|
|
* SCRIPTS: announce-release: update the doc's URL
|
|
* BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
|
|
* BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added
|
|
* BUG/MEDIUM: stream: do not abort connection setup too early
|
|
* BUILD: compiler: use a more portable set of asm(".weak") statements
|
|
* BUILD: sched: workaround crazy and dangerous warning in Clang 14
|
|
* BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
|
|
* BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive
|
|
* BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
|
|
* BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
|
|
* BUG/MINOR: cache: do not display expired entries in "show cache"
|
|
* BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
|
|
* CI: cirrus: switch to FreeBSD-13.0
|
|
* CI: github actions: disable -Wno-deprecated
|
|
* BUG/MINOR: stats: define the description' background color in dark color scheme
|
|
* CI: Update to actions/cache@v3
|
|
* CI: Update to actions/checkout@v3
|
|
* MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window
|
|
* Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time"
|
|
* MAJOR: opentracing: reenable usage of vars to transmit opentracing context
|
|
* DEBUG: opentracing: display the contents of the err variable after setting
|
|
* CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum
|
|
* DEBUG: opentracing: show return values of all functions in the debug output
|
|
* MINOR: opentracing: improved normalization of context variable names
|
|
* CLEANUP: opentracing: added variable to store variable length
|
|
* CLEANUP: opentracing: added flt_ot_smp_init() function
|
|
* MINOR: opentracing: only takes the variables lock on shared entries
|
|
* Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'"
|
|
* CLEANUP: opentracing: removed unused function flt_ot_var_get()
|
|
* CLEANUP: opentracing: removed unused function flt_ot_var_unset()
|
|
* DOC: opentracing: corrected comments in function descriptions
|
|
* EXAMPLES: opentracing: refined shell scripts for testing filter performance
|
|
* BUG/BUILD: opentracing: fixed OT_DEFINE variable setting
|
|
* BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set()
|
|
* BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
|
|
* BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
|
|
* BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached
|
|
* BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
|
|
* BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet
|
|
* BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
|
|
* BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
|
|
* BUG/MINOR: httpclient: end callback in applet release
|
|
* BUG/MINOR: ssl/cli: Remove empty lines from CLI output
|
|
* CI: github actions: update OpenSSL to 3.0.2
|
|
* DOC: remove double blanks in configuration.txt
|
|
* BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
|
|
* BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
|
|
* BUG/MINOR: samples: add missing context names for sample fetch functions
|
|
* REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check
|
|
* BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing
|
|
* BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing
|
|
* DOC: reflect H2 timeout changes
|
|
* BUG/MINOR: tools: url2sa reads too far when no port nor path
|
|
* DOC: config: Explictly add supported MQTT versions
|
|
* MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
|
|
* BUG/MINOR: rules: Initialize the list element when allocating a new rule
|
|
* BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
|
|
* MEDIUM: mux-h2: slightly relax timeout management rules
|
|
* BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner
|
|
* BUG/MEDIUM: stream-int: do not rely on the connection error once established
|
|
* BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
|
|
* CI: github actions: switch to LibreSSL-3.5.1
|
|
* BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty()
|
|
* BUG/MINOR: httpclient: process the response when received before the end of the request
|
|
* BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA
|
|
* BUG/MINOR: server/ssl: free the SNI sample expression
|
|
* BUILD: httpclient: fix build without SSL
|
|
* BUG/MINOR: httpclient: send the SNI using the host header
|
|
* MINOR: server: export server_parse_sni_expr() function
|
|
* BUG/MINOR: httpclient/lua: stuck when closing without data
|
|
* BUG/MINOR: tools: fix url2sa return value with IPv4
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 17:11:09 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.5+git0.384c5c59a:
|
|
* [RELEASE] Released version 2.5.5
|
|
* REGTESTS: fix the race conditions in be2hex.vtc
|
|
* BUG/MEDIUM: httpclient: must manipulate head, not first
|
|
* BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
|
|
* BUG/MINOR: httpclient: consume partly the blocks when necessary
|
|
* CLEANUP: htx: remove unused co_htx_remove_blk()
|
|
* BUG/MEDIUM: httpclient: don't consume data before it was analyzed
|
|
* BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
|
|
* BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
|
|
* DEBUG: stream: Fix stream trace message to print response buffer state
|
|
* DEBUG: stream: Add the missing descriptions for stream trace events
|
|
* BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
|
|
* DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
|
|
* BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
|
|
* BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
|
|
* BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
|
|
* BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
|
|
* BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
|
|
* BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
|
|
* BUG/MINOR: cli: shows correct mode in "show sess"
|
|
* BUG/MINOR: add missing modes in proxy_mode_str()
|
|
* BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
|
|
* BUILD: pools: fix backport of no-memory-trimming on non-linux OS
|
|
* MINOR: stats: Add dark mode support for socket rows
|
|
* MINOR: pools: add a new global option "no-memory-trimming"
|
|
* BUILD: fix kFreeBSD build.
|
|
* BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
|
|
* BUG/MINOR: pool: always align pool_heads to 64 bytes
|
|
* BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
|
|
* REGTESTS: fix the race conditions in secure_memcmp.vtc
|
|
* REGTESTS: fix the race conditions in normalize_uri.vtc
|
|
* BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
|
|
* BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
|
|
* BUILD: tree-wide: mark a few numeric constants as explicitly long long
|
|
* BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
|
|
* CI: Consistently use actions/checkout@v2
|
|
* CI: github actions: use cache for SSL libs
|
|
* CI: refactor OpenTracing build script
|
|
* CI: github actions: use cache for OpenTracing
|
|
* CI: github actions: add the output of $CC -dM -E-
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 25 16:21:33 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.4+git0.e55ab4208:
|
|
* [RELEASE] Released version 2.5.4
|
|
* BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
|
|
* CI: github: enable pool debugging by default
|
|
* REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
|
|
* BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
|
|
* DOC: Fix usage/examples of deprecated ACLs
|
|
* BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
|
|
* BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
|
|
* BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 24 18:16:09 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- apparmor: profile now needs access to /sys/devices/system/node/
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 18 21:45:27 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.3+git0.abf078b15:
|
|
* [RELEASE] Released version 2.5.3
|
|
* DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
|
|
* BUG/MEDIUM: httpclient: limit transfers to the maximum available room
|
|
* BUG/MINOR: tools: url2sa reads ipv4 too far
|
|
* CLEANUP: httpclient/cli: fix indentation alignment of the help message
|
|
* BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
|
|
* BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
|
|
* BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
|
|
* BUG/MINOR: mailers: negotiate SMTP, not ESMTP
|
|
* BUG/MINOR: httpclient: reinit flags in httpclient_start()
|
|
* MINOR: httpclient: Don't limit data transfer to 1024 bytes
|
|
* BUG/MAJOR: compiler: relax alignment constraints on certain structures
|
|
* BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
|
|
* BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
|
|
* BUG/MINOR: sink: Use the right field in appctx context in release callback
|
|
* BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
|
|
* BUG/MEDIUM: mworker: close unused transferred FDs on load failure
|
|
* MINOR: sock: move the unused socket cleaning code into its own function
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 18 21:44:43 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.2+git0.042feec44: (CVE-2022-0711 boo#1196408)
|
|
* [RELEASE] Released version 2.5.2
|
|
* BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
|
|
* BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
|
|
* REGTESTS: peers: leave a bit more time to peers to synchronize
|
|
* REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
|
|
* BUG/MAJOR: spoe: properly detach all agents when releasing the applet
|
|
* BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
|
|
* BUG/MINOR: httpclient/cli: display junk characters in vsn
|
|
* BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
|
|
* BUG/MINOR: jwt: Missing pkey free during cleanup
|
|
* BUG/MINOR: jwt: Double free in deinit function
|
|
* BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
|
|
* BUG/MEDIUM: httpclient: Xfer the request when the stream is created
|
|
* BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
|
|
* BUG/MEDIUM: listener: read-lock the listener during accept()
|
|
* MINOR: listener: replace the listener's spinlock with an rwlock
|
|
* DEBUG: fd: make sure we never try to insert/delete an impossible FD number
|
|
* BUG/MINOR: mworker: does not erase the pidfile upon reload
|
|
* BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
|
|
* DEBUG: pools: replace the link pointer with the caller's address on pool_free()
|
|
* DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
|
|
* DEBUG: pools: add extra sanity checks when picking objects from a local cache
|
|
* BUG/MINOR: pools: always flush pools about to be destroyed
|
|
* BUG/MINOR: mworker: does not add the -sf in wait mode
|
|
* BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
|
|
* REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
|
|
* DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
|
|
* BUILD: debug/cli: condition test of O_ASYNC to its existence
|
|
* DEBUG: cli: add a new "debug dev fd" expert command
|
|
* BUG/MINOR: stream: make the call_rate only count the no-progress calls
|
|
* BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
|
|
* BUG/MEDIUM: mcli: do not try to parse empty buffers
|
|
* BUG/MEDIUM: cli: Never wait for more data on client shutdown
|
|
* MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
|
|
* BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
|
|
* MINOR: channel: add new function co_getdelim() to support multiple delimiters
|
|
* MEDIUM: cli: yield between each pipelined command
|
|
* DOC: management: mark "set server ssl" as deprecated
|
|
* BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
|
|
* BUILD/MINOR: fix solaris build with clang.
|
|
* BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
|
|
* BUG/MINOR: httpclient: set default Accept and User-Agent headers
|
|
* BUG/MINOR: httpclient: don't send an empty body
|
|
* BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
|
|
* BUG/MEDIUM: connection: properly leave stopping list on error
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 4 10:13:35 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
|
|
|
- Add now working CONFIG parameter to sysusers generator
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 11 17:20:22 UTC 2022 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.1+git0.86b093a51:
|
|
* [RELEASE] Released version 2.5.1
|
|
* CI: github actions: clean default step conditions
|
|
* BUILD: cpuset: fix build issue on macos introduced by previous change
|
|
* BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
|
|
* BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
|
|
* BUG/MEDIUM: mworker: don't use _getsocks in wait mode
|
|
* BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
|
|
* BUG/MINOR: cli: fix _getsocks with musl libc
|
|
* BUILD/MINOR: tools: solaris build fix on dladdr.
|
|
* CI: github actions: update OpenSSL to 3.0.1
|
|
* BUILD/MINOR: cpuset FreeBSD 14 build fix.
|
|
* REGTESTS: ssl: update of a crt with server deletion
|
|
* BUG/MEDIUM: ssl: free the ckch instance linked to a server
|
|
* BUG/MINOR: ssl: free the fields in srv->ssl_ctx
|
|
* CI: Github Actions: do not show VTest failures if build failed
|
|
* BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
|
|
* MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
|
|
* MINOR: proxy: add option idle-close-on-response
|
|
* MINOR: debug: add support for -dL to dump library names at boot
|
|
* MINOR: debug: add ability to dump loaded shared libraries
|
|
* MINOR: compat: detect support for dl_iterate_phdr()
|
|
* REGTESTS: ssl: fix ssl_default_server.vtc
|
|
* BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
|
|
* BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
|
|
* DEBUG: ssl: make sure we never change a servername on established connections
|
|
* DOC: fix misspelled keyword "resolve_retries" in resolvers
|
|
* BUILD: ssl: unbreak the build with newer libressl
|
|
* BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
|
|
* BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
|
|
* BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
|
|
* BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
|
|
* MINOR: pools: work around possibly slow malloc_trim() during gc
|
|
* MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
|
|
* BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
|
|
* DOC: config: fix error-log-format example
|
|
* DOC: config: retry-on list is space-delimited
|
|
* DOC: config: Specify %Ta is only available in HTTP mode
|
|
* DOC: spoe: Clarify use of the event directive in spoe-message section
|
|
* BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
|
|
* MINOR: http-rules: Add capture action to http-after-response ruleset
|
|
* IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
|
|
* BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
|
|
* MINOR: cli: "show version" displays the current process version
|
|
* BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
|
|
* BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
|
|
* MINOR: mux-h1: Improve H1 traces by adding info about http parsers
|
|
* BUG/MINOR: mworker: deinit of thread poller was called when not initialized
|
|
* BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
|
|
* BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
|
|
* BUG/MAJOR: segfault using multiple log forward sections.
|
|
* BUG/MEDIUM: resolvers: Detach query item on response error
|
|
* BUG/MINOR: server: Don't rely on last default-server to init server SSL context
|
|
* BUG/MINOR: vars: Fix the set-var and unset-var converters
|
|
* BUILD: evports: remove a leftover from the dead_fd cleanup
|
|
* BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
|
|
* BUG/MINOR: lua: remove loop initial declarations
|
|
* BUG/MINOR: lua: don't expose internal proxies
|
|
* BUG/MINOR: httpclient: allow to replace the host header
|
|
* BUG/MINOR: cache: Fix loop on cache entries in "show cache"
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 23 15:17:02 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.5.0+git0.f2e0833f1:
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg41508.html
|
|
- refreshed patches to apply cleanly again
|
|
haproxy-1.6.0-sec-options.patch
|
|
haproxy-1.6.0_config_haproxy_user.patch
|
|
lua54.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 03 16:31:38 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.8+git0.d1f8d41e0:
|
|
* [RELEASE] Released version 2.4.8
|
|
* SCRIPTS: git-show-backports: re-enable file-based filtering
|
|
* DOC/peers: some grammar fixes for peers 2.1 spec
|
|
* MINOR: stream: Improve dump of bogus streams
|
|
* BUILD/MINOR: cpuset freebsd build fix
|
|
* DOC: config: Fix alphabetical order of fc_* samples
|
|
* BUG/MINOR: sample: fix backend direction flags consecutive to last fix
|
|
* BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags
|
|
* BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data
|
|
* BUG/MINOR: http: Authorization value can have multiple spaces after the scheme
|
|
* BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration
|
|
* MINOR: halog: Add support for extracting captures using -hdr
|
|
* BUG/MINOR: halog: Add missing newlines in die() messages
|
|
* CLEANUP: halog: Use consistent indentation in help()
|
|
* MINOR: halog: Rename -qry to -query
|
|
* DOC: halog: Move the `-qry` parameter into the correct section in help text
|
|
* MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX
|
|
* BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions
|
|
* BUG/MEDIUM: resolvers: Don't recursively perform requester unlink
|
|
* MEDIUM: resolvers: remove the last occurrences of the "safe" argument
|
|
* MEDIUM: resolvers: use a kill list to preserve the list consistency
|
|
* CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT
|
|
* CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters
|
|
* CLEANUP: always initialize the answer_list
|
|
* CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records()
|
|
* BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released
|
|
* BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed
|
|
* BUILD: atomic: fix build on mac/arm64
|
|
* BUG/MINOR: backend: fix improper insert in avail tree for always reuse
|
|
* BUILD: fix compilation on NetBSD
|
|
* MINOR: memprof: add one pointer size to the size of allocations
|
|
* MINOR: memprof: report the delta between alloc and free on realloc()
|
|
* BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems
|
|
* BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame
|
|
* BUG/MINOR: task: do not set TASK_F_USR1 for no reason
|
|
* BUG/MAJOR: buf: fix varint API post- vs pre- increment
|
|
* BUG/MEDIUM: resolvers: always check a valid item in query_list
|
|
* BUILD: resolvers: avoid a possible warning on null-deref
|
|
* BUG/MAJOR: resolvers: add other missing references during resolution removal
|
|
* MINOR: resolvers: merge address and target into a union "data"
|
|
* BUG/MEDIUM: resolvers: use correct storage for the target address
|
|
* BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix
|
|
* MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero
|
|
* BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records
|
|
* BUG/MEDIUM: resolver: make sure to always use the correct hostname length
|
|
* MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero
|
|
* BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier
|
|
* BUG/MAJOR: dns: tcp session can remain attached to a list after a free
|
|
* BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors
|
|
* Revert "CLEANUP: server: always include the storage for SSL settings"
|
|
* BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error
|
|
* BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD
|
|
* BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data
|
|
* BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back
|
|
* MINOR: initcall: Rename __GLOBL and __GLOBL1.
|
|
* DOC: configuration: add clarification on escaping in keyword arguments
|
|
* BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames
|
|
* BUG/MEDIUM: sample: properly verify that variables cast to sample
|
|
* MINOR: sample: provide a generic var-to-sample conversion function
|
|
* CLEANUP: sample: uninline sample_conv_var2smp_str()
|
|
* CLEANUP: sample: rename sample_conv_var2smp() to *_sint
|
|
* CLEANUP: server: always include the storage for SSL settings
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 04 13:15:48 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.7+git0.b5e51a5e2:
|
|
* [RELEASE] Released version 2.4.7
|
|
* BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 04 09:56:29 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.6+git0.d83fd76a1:
|
|
* [RELEASE] Released version 2.4.6
|
|
* BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 01 16:45:18 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.5+git0.e74a1b34b:
|
|
* [RELEASE] Released version 2.4.5
|
|
* MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
|
|
* BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
|
|
* BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
|
|
* MINOR: arg: Be able to forbid unresolved args when building an argument list
|
|
* BUG/MAJOR: lua: use task_wakeup() to properly run a task once
|
|
* BUG/MEDIUM: lua: fix wakeup condition from sleep()
|
|
* MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
|
|
* DOC: peers: fix doc "enable" statement on "peers" sections
|
|
* BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
|
|
* MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
|
|
* BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
|
|
* MINOR: htx: Add a function to know if the free space wraps
|
|
* MINOR: htx: Add an HTX flag to know when a message is fragmented
|
|
* MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
|
|
* BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
|
|
* BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
|
|
* BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
|
|
* BUG/MINOR: stats: use refcount to protect dynamic server on dump
|
|
* MINOR: server: return the next srv instance on free_server
|
|
* BUG/MINOR: server: do not use refcount in free_server in stopping mode
|
|
* MINOR: global: define MODE_STOPPING
|
|
* MINOR: server: implement a refcount for dynamic servers
|
|
* BUG/MINOR: http-ana: increment internal_errors counter on response error
|
|
* BUG/MINOR: h1-htx: Fix a typo when request parser is reset
|
|
* BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
|
|
* BUG/MINOR: server: allow 'enable health' only if check configured
|
|
* BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
|
|
* BUILD: halog: fix a -Wundef warning on non-glibc systems
|
|
* BUILD: compiler: fixed a missing test on defined(__GNUC__)
|
|
* BUILD: fix dragonfly build again on __read_mostly
|
|
* BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
|
|
* BUG/MINOR: vars: truncate the variable name in error reports about scope.
|
|
* BUG/MINOR: vars: properly set the argument parsing context in the expression
|
|
* MINOR: sample: add missing ARGC_ entries
|
|
* BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
|
|
* BUILD: tools: properly guard __GLIBC__ with defined()
|
|
* BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
|
|
* BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
|
|
* BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
|
|
* IMPORT: slz: silence a build warning with -Wundef
|
|
* BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
|
|
* BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
|
|
* BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
|
|
* MINOR: proc: setting the process to produce a core dump on FreeBSD.
|
|
* MINOR: tools: add FreeBSD support to get_exec_path()
|
|
* BUILD: tools: get the absolute path of the current binary on NetBSD.
|
|
* BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
|
|
* BUG/MINOR: cli/payload: do not search for args inside payload
|
|
* BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
|
|
* BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
|
|
* DOC: management: certificate files must be sanitized before injection
|
|
* BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
|
|
* BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
|
|
* MINOR: pools: use mallinfo2() when available instead of mallinfo()
|
|
* MINOR: pools: automatically disable malloc_trim() with external allocators
|
|
* CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
|
|
* BUG/MINOR: compat: make sure __WORDSIZE is always defined
|
|
* BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
|
|
* CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
|
|
* MINOR: htx: Skip headers with no value when adding a header list to a message
|
|
* BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
|
|
* BUG/MINOR: systemd: ExecStartPre must use -Ws
|
|
* BUG/MINOR: filters: Set right FLT_END analyser depending on channel
|
|
* BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
|
|
* BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
|
|
* BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
|
|
* BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
|
|
* BUG/MINOR: lua: Yield in channel functions only if lua context can yield
|
|
* MINOR: lua: Add a flag on lua context to know the yield capability at run time
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 07 15:43:22 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877)
|
|
* [RELEASE] Released version 2.4.4
|
|
* Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive"
|
|
* BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
|
|
* CLEANUP: htx: remove comments about "must be < 256 MB"
|
|
* BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
|
|
* DOC: configuration: remove wrong tcp-request examples in tcp-response
|
|
* BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
|
|
* CLEANUP: Add missing include guard to signal.h
|
|
* BUG/MINOR: tools: Fix loop condition in dump_text()
|
|
* BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
|
|
* BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
|
|
* MINOR: time: add report_idle() to report process-wide idle time
|
|
* BUG/MINOR: time: fix idle time computation for long sleeps
|
|
* BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
|
|
* MINOR: compiler: implement an ONLY_ONCE() macro
|
|
* BUG/MINOR: base64: base64urldec() ignores padding in output size check
|
|
* BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
|
|
* BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
|
|
* MINOR: hlua: take the global Lua lock inside a global function
|
|
* REGTESTS: abortonclose: after retries, 503 is expected, not close
|
|
* REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
|
|
* BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 17 15:50:01 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.3+git0.4dd5a5a6c:
|
|
CVE-2021-39240 CVE-2021-39241 CVE-2021-39242
|
|
(boo#1189366 boo#1189548 boo#1189549)
|
|
* [RELEASE] Released version 2.4.3
|
|
* REGTESTS: add a test to prevent h2 desync attacks
|
|
* BUG/MEDIUM: h2: give :authority precedence over Host
|
|
* BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header
|
|
* BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it
|
|
* BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax
|
|
* MINOR: http: add a new function http_validate_scheme() to validate a scheme
|
|
* DOC/MINOR: fix typo in management document
|
|
* CLEANUP: assorted typo fixes in the code and comments
|
|
* BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check
|
|
* BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued
|
|
* DOC: config: Fix 'http-response send-spoe-group' documentation
|
|
* DOC: Improve the lua documentation
|
|
* BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer
|
|
* BUG/MINOR: buffer: fix buffer_dump() formatting
|
|
* BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released
|
|
* MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure
|
|
* ADMIN: dyncookie: implement a simple dynamic cookie calculator
|
|
* MINOR: server: unmark deprecated on enable health/agent cli
|
|
* BUG/MINOR: server: update last_change on maint->ready transitions too
|
|
* BUG/MINOR: server: remove srv from px list on CLI 'add server' error
|
|
* BUILD: opentracing: fixed build when using pkg-config utility
|
|
* DOC: internals: document the FD takeover process
|
|
* BUG/MINOR: fd: protect fd state harder against a concurrent takeover
|
|
* BUG/MINOR: pollers: always program an update for migrated FDs
|
|
* BUG/MINOR: poll: fix abnormally high skip_fd counter
|
|
* BUG/MINOR: select: fix excess number of dead/skip reported
|
|
* BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before
|
|
* BUG/MEDIUM: connection: close a rare race between idle conn close and takeover
|
|
* BUG/MINOR: connection: Add missing error labels to conn_err_code_str
|
|
* BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames
|
|
* BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called
|
|
* BUG/MINOR: mux-h2: Obey dontlognull option during the preface
|
|
* BUG/MINOR: mux-h1: Obey dontlognull option for empty requests
|
|
* BUG/MINOR: systemd: must check the configuration using -Ws
|
|
* BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree
|
|
* BUG/MINOR: check: fix the condition to validate a port-less server
|
|
* BUG/MINOR: stats: Add missing agent stats on servers
|
|
* BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request
|
|
* BUILD/MINOR: memprof fix macOs build.
|
|
* BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs
|
|
* BUG/MEDIUM: mworker: do not register an exit handler if exit is expected
|
|
* BUILD: lua: silence a build warning with TCC
|
|
* BUILD: add detection of missing important CFLAGS
|
|
* BUG/MINOR: ssl: Default-server configuration ignored by server
|
|
* MINOR: mux_h2: define config to disable h2 websocket support
|
|
* BUILD: http_htx: fix ci compilation error with isdigit for Windows
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 07 23:30:56 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.2+git0.553dee326:
|
|
* [RELEASE] Released version 2.4.2
|
|
* REGTESTS: add http scheme-based normalization test
|
|
* MEDIUM: h2: apply scheme-based normalization on h2 requests
|
|
* MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
|
|
* MEDIUM: http: implement scheme-based normalization
|
|
* MINOR: http: implement http_get_scheme
|
|
* Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules"
|
|
* BUG/MINOR: cli: fix server name output in "show fd"
|
|
* BUG/MEDIUM: sock: make sure to never miss early connection failures
|
|
* DOC: stick-table: add missing documentation about gpt0 stored type
|
|
* BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
|
|
* BUG/MINOR: stick-table: fix several printf sign errors dumping tables
|
|
* DOC: config: use CREATE USER for mysql-check
|
|
* BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution
|
|
* BUG/MINOR: mqtt: Support empty client ID in CONNECT message
|
|
* BUG/MINOR: mqtt: Fix parser for string with more than 127 characters
|
|
* BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
|
|
* BUILD: Makefile: fix linkage for Haiku.
|
|
* BUG/MINOR: checks: return correct error code for srv_parse_agent_check
|
|
* MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response()
|
|
* BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
|
|
* BUG/MINOR: resolvers: Always attach server on matching record on resolution
|
|
* CLEANUP: dns: Remove a forgotten debug message
|
|
* DOC: config: Add missing actions in "tcp-request session" documentation
|
|
* MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
|
|
* REGTESTS: fix maxconn update with agent-check
|
|
* BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
|
|
* BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header
|
|
* BUG/MINOR: server/cli: Fix locking in function processing "set server" command
|
|
* BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
|
|
* BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status
|
|
* MINOR: resolvers: Remove server from named_servers tree when removing a SRV item
|
|
* MINOR: resolvers: Clean server in a dedicated function when removing a SRV item
|
|
* BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
|
|
* BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled
|
|
* BUG/MINOR: server-state: load SRV resolution only if params match the config
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 17 16:38:50 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.1+git0.1ce7d4925:
|
|
* [RELEASE] Released version 2.4.1
|
|
* BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces
|
|
* BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace
|
|
* MINOR: mux-h2: obey http-ignore-probes during the preface
|
|
* BUG/MINOR: stats: make "show stat typed desc" work again
|
|
* CLEANUP: mux-h2/traces: better align user messages
|
|
* MINOR: mux-h2/trace: report a few connection-level info during h2_init()
|
|
* MINOR: connection: add helper conn_append_debug_info()
|
|
* BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers
|
|
* BUG/MINOR: mux-h1: do not skip the error response on bad requests
|
|
* MINOR: backend: only skip LB when there are actual connections
|
|
* BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue
|
|
* CLEANUP: global: remove unused definition of stopping_task[]
|
|
* BUG/MINOR: mworker: fix typo in chroot error message
|
|
* BUG/MINOR: ssl: use atomic ops to update global shctx stats
|
|
* BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE
|
|
* BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node
|
|
* BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree
|
|
* BUG/MEDIUM: server: do not forget to generate the dynamic servers ids
|
|
* BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees
|
|
* BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server'
|
|
* BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id
|
|
* DOC: lua: Add a warning about buffers modification in HTTP
|
|
* BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs
|
|
* MEDIUM: resolvers: add a ref between servers and srv request or used SRV record
|
|
* MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item
|
|
* BUG/MINOR: resolvers: answser item list was randomly purged or errors
|
|
* CLEANUP: l7-retries: do not test the buffer before calling b_alloc()
|
|
* BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default
|
|
* BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded
|
|
* CLEANUP: pools: remove now unused seq and pool_free_list
|
|
* BUG/MAJOR: pools: fix possible race with free() in the lockless variant
|
|
* MEDIUM: pools: use a single pool_gc() function for locked and lockless
|
|
* MINOR: pools: call malloc_trim() under thread isolation
|
|
* MINOR: pools: do not maintain the lock during pool_flush()
|
|
* BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location
|
|
* BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush()
|
|
* BUG/MEDIUM: compression: Add a flag to know the filter is still processing data
|
|
* BUG/MEDIUM: compression: Properly get the next block to iterate on payload
|
|
* BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block
|
|
* BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode
|
|
* Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode"
|
|
* BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
|
|
* BUILD: make tune.ssl.keylog available again
|
|
* DOC: use the req.ssl_sni in examples
|
|
* MINOR: errors: allow empty va_args for diag variadic macro
|
|
* BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry
|
|
* DOC/MINOR: move uuid in the configuration to the right alphabetical order
|
|
* BUG/MINOR: vars: Be sure to have a session to get checks variables
|
|
* CLEANUP: http-ana: Remove useless if statement about L7 retries
|
|
* BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree
|
|
* BUG/MINOR: http: Missing calloc return value check in make_arg_list
|
|
* BUG/MINOR: http: Missing calloc return value check while parsing redirect rule
|
|
* BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list
|
|
* BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo
|
|
* BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule
|
|
* BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response
|
|
* BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy
|
|
* BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare
|
|
* BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture
|
|
* BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
|
|
* BUG/MINOR: peers: Missing calloc return value check in peers_register_table
|
|
* BUG/MINOR: server: Missing calloc return value check in srv_parse_source
|
|
* DOC: intro: Fix typo in starter guide
|
|
* MINOR: cfgparse: Fail when encountering extra arguments in macro
|
|
* MINOR: http-ana: Perform L7 retries because of status codes in response analyser
|
|
* BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts
|
|
* BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry
|
|
* Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers"
|
|
* BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response
|
|
* BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter
|
|
* BUILD/MINOR: opentracing: fixed build when using clang
|
|
* BUG/MAJOR: server: prevent deadlock when using 'set maxconn server'
|
|
* BUG/MEDIUM: ebtree: Invalid read when looking for dup entry
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 14 08:31:04 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.4.0+git0.6cbbecf09:
|
|
https://www.haproxy.com/blog/announcing-haproxy-2-4/
|
|
|
|
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
- refreshed patches to apply cleanly again
|
|
haproxy-1.6.0-makefile_lib.patch
|
|
haproxy-1.6.0-sec-options.patch
|
|
lua54.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 23 20:35:49 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.10+git0.4764f0e4e:
|
|
* [RELEASE] Released version 2.3.10
|
|
* BUG/MEDIUM: peers: re-work refcnt on table to protect against flush
|
|
* BUG/MEDIUM: peers: re-work connection to new process during reload.
|
|
* BUG/MINOR: peers: remove useless table check if initial resync is finished
|
|
* BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data
|
|
* BUG/MINOR: mworker: don't use oldpids[] anymore for reload
|
|
* BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases
|
|
* BUG/MEDIUM: config: fix cpu-map notation with both process and threads
|
|
* BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames
|
|
* BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers
|
|
* BUG/MINOR: server: free srv.lb_nodes in free_server
|
|
* BUG/MINOR: mux-h1: Release idle server H1 connection if data are received
|
|
* BUG/MINOR: logs: Report the true number of retries if there was no connection
|
|
* BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function
|
|
* BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded
|
|
* BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check
|
|
* MINOR: connection: Make bc_http_major compatible with tcp-checks
|
|
* BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections
|
|
* MINOR: logs: Add support of checks as session origin to format lf strings
|
|
* BUG/MINOR: checks: Set missing id to the dummy checks frontend
|
|
* BUG/MEDIUM: threads: Ignore current thread to end its harmless period
|
|
* DOC: ssl: Certificate hot update only works on fronted certificates
|
|
* BUG/MEDIUM: sample: Fix adjusting size in field converter
|
|
* MINOR: No longer rely on deprecated sample fetches for predefined ACLs
|
|
* DOC: clarify that compression works for HTTP/2
|
|
* BUG/MINOR: tools: fix parsing "us" unit for timers
|
|
* CONTRIB: halog: fix issue with array of type char
|
|
* REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken
|
|
* DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options
|
|
* REGTESTS: ssl: "set ssl cert" and multi-certificates bundle
|
|
* BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free
|
|
* BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
|
|
* BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one
|
|
* BUG/MINOR: ssl: Fix update of default certificate
|
|
* BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
|
|
* BUG/MINOR: tcp: fix silent-drop workaround for IPv6
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 30 17:35:22 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.9+git1.afb63bc04:
|
|
* BUILD: backend: fix build breakage in idle conn locking fix
|
|
* [RELEASE] Released version 2.3.9
|
|
* BUG/MEDIUM: time: make sure to always initialize the global tick
|
|
* BUG/MINOR: stats: Apply proper styles in HTML status page.
|
|
* BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv
|
|
* MEDIUM: backend: use a trylock to grab a connection on high FD counts as well
|
|
* BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 25 15:51:22 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.8+git0.e572195c7:
|
|
* [RELEASE] Released version 2.3.8
|
|
* BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters
|
|
* MINOR: tools: make url2ipv4 return the exact number of bytes parsed
|
|
* BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless
|
|
* BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available.
|
|
* CLEANUP: fd: remove unused fd_set_running_excl()
|
|
* BUG/MEDIUM: fd: do not wait on FD removal in fd_delete()
|
|
* MINOR: fd: remove the unneeded running bit from fd_insert()
|
|
* MINOR: fd: make fd_clr_running() return the remaining running mask
|
|
* BUG/MEDIUM: lua: Always init the lua stack before referencing the context
|
|
* BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback
|
|
* MINOR: lua: Slightly improve function dumping the lua traceback
|
|
* BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro
|
|
* BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list"
|
|
* BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable
|
|
* MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua
|
|
* MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket
|
|
* BUG/MINOR: protocol: add missing support of dgram unix socket.
|
|
* BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable
|
|
* MINOR: time: also provide a global, monotonic global_now_ms timer
|
|
* BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback
|
|
* BUG/MINOR: freq_ctr/threads: make use of the last updated global time
|
|
* MINOR: time: export the global_now variable
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 16 15:21:00 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.7+git0.2d39ce334:
|
|
* [RELEASE] Released version 2.3.7
|
|
* BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames
|
|
* MINOR: resolvers: Don't try to match immediatly renewed ADD items
|
|
* MINOR: resolvers: Use milliseconds for cached items in resolver responses
|
|
* BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set
|
|
* BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks
|
|
* MINOR: resolvers: Directly call srvrq_update_srv_state() when possible
|
|
* MINOR: resolvers: Add function to change the srv status based on SRV resolution
|
|
* MINOR: resolvers: Purge answer items when a SRV resolution triggers an error
|
|
* MINOR: resolvers: Use a function to remove answers attached to a resolution
|
|
* BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete
|
|
* BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item
|
|
* MINOR: resolvers: new function find_srvrq_answer_record()
|
|
* BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item
|
|
* BUG/MEDIUM: resolvers: Don't set an address-less server as UP
|
|
* BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution
|
|
* BUG/MINOR: resolvers: Reset server address on DNS error only on status change
|
|
* BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error
|
|
* Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record"
|
|
* CLEANUP: tcp-rules: add missing actions in the tcp-request error message
|
|
* BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check
|
|
* BUG/MINOR: session: Add some forgotten tests on session's listener
|
|
* BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters
|
|
* BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check
|
|
* BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached
|
|
* BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw()
|
|
* BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc.
|
|
* OPTIM: task: automatically adjust the default runqueue-depth to the threads
|
|
* MINOR: task: give the scheduler a bit more flexibility in the runqueue size
|
|
* MEDIUM: task: remove the tasks_run_queue counter and have one per thread
|
|
* MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks
|
|
* MINOR: xprt: add new xprt_set_idle and xprt_set_used methods
|
|
* MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1
|
|
* MINOR: task: add an application specific flag to the state: TASK_F_USR1
|
|
* BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake
|
|
* MINOR: ssl: mark the SSL handshake tasklet as heavy
|
|
* MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY
|
|
* MEDIUM: backend: use a trylock when trying to grab an idle connection
|
|
* MINOR: pools: double the local pool cache size to 1 MB
|
|
* MEDIUM: pools: add CONFIG_HAP_NO_GLOBAL_POOLS and CONFIG_HAP_GLOBAL_POOLS
|
|
* MEDIUM: streams: do not use the streams lock anymore
|
|
* MINOR: streams: use one list per stream instead of a global one
|
|
* MINOR: cli/streams: make "show sess" dump all streams till the new epoch
|
|
* MINOR: stream: add an "epoch" to figure which streams appeared when
|
|
* MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold
|
|
* MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait
|
|
* MINOR: dynbuf: make the buffer wait queue per thread
|
|
* OPTIM: lb-leastconn: do not unlink the server if it did not change
|
|
* OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn
|
|
* OPTIM: lb-first: do not take the server lock on take_conn/drop_conn
|
|
* MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock
|
|
* MINOR: server: move actconns to the per-thread structure
|
|
* OPTIM: server: switch the actconn list to an mt-list
|
|
* MINOR: listener: refine the default MAX_ACCEPT from 64 to 4
|
|
* MINOR: tasks: refine the default run queue depth
|
|
* BUG/MEDIUM: session: NULL dereference possible when accessing the listener
|
|
* MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs
|
|
* MINOR: atomic: add armv8.1-a atomics variant for cas-dw
|
|
* BUG/MINOR: mt-list: always perform a cpu_relax call on failure
|
|
* REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h
|
|
* BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode
|
|
* BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring()
|
|
* BUG/MINOR: backend: fix condition for reuse on mode HTTP
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 03 15:17:18 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.6+git0.7851701ed:
|
|
* [RELEASE] Released version 2.3.6
|
|
* BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout
|
|
* BUG/MINOR: mux-h2: Fix typo in scheme adjustment
|
|
* DOC: spoe: Add a note about fragmentation support in HAProxy
|
|
* BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1
|
|
* BUG/MINOR: connection: Use the client's dst family for adressless servers
|
|
* BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule
|
|
* BUG/MINOR: http-ana: Only consider dst address to process originalto option
|
|
* BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf()
|
|
* BUG/MINOR: stats: fix compare of no-maint url suffix
|
|
* CLEANUP: muxes: Remove useless if condition in show_fd function
|
|
* BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup()
|
|
* BUG/MEDIUM: resolvers: Reset address for unresolved servers
|
|
* BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records
|
|
* BUG/MINOR: resolvers: new callback to properly handle SRV record errors
|
|
* BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record
|
|
* BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned
|
|
* BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl()
|
|
* BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal
|
|
* BUG/MEDIUM: cli/shutdown sessions: make it thread-safe
|
|
* BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop
|
|
* BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe
|
|
* BUG/MINOR: sample: secure convs that accept base64 string and var name as args
|
|
* MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes
|
|
* BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert"
|
|
* BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok
|
|
* BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line
|
|
* BUG/MINOR: server: Init params before parsing a new server-state line
|
|
* BUG/MINOR: http-rules: Always replace the response status on a return action
|
|
* BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer
|
|
* BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ().
|
|
* DOC: explain the relation between pool-low-conn and tune.idle-pool.shared
|
|
* BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions
|
|
* BUG/MINOR: sample: Always consider zero size string samples as unsafe
|
|
* BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust()
|
|
* BUG/MINOR: checks: properly handle wrapping time in __health_adjust()
|
|
* BUG/MINOR: session: atomically increment the tracked sessions counter
|
|
* BUG/MINOR: server: Remove RMAINT from admin state when loading server state
|
|
* CLEANUP: channel: fix comment in ci_putblk.
|
|
* DOC: tune: explain the origin of block size for ssl.cachesize
|
|
* BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL
|
|
* BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines
|
|
* BUG/MINOR: stats: revert the change on ST_CONVDONE
|
|
* BUG/MEDIUM: config: don't pick unset values from last defaults section
|
|
* CLEANUP: deinit: release global and per-proxy server-state variables on deinit
|
|
* BUG/MINOR: server: Fix server-state-file-name directive
|
|
* BUG/MINOR: backend: hold correctly lock when killing idle conn
|
|
* BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints()
|
|
* BUG/MINOR: server: re-align state file fields number
|
|
* BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state
|
|
* BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors
|
|
* BUG/MINOR: intops: fix mul32hi()'s off-by-one
|
|
* BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro
|
|
* BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro
|
|
* BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro
|
|
* MINOR: check: do not ignore a connection header for http-check send
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 06 16:29:34 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.5+git0.5902ad99b:
|
|
* [RELEASE] Released version 2.3.5
|
|
* MINOR: config: Deprecate and ignore tune.chksize global option
|
|
* BUG/MINOR: sock: Unclosed fd in case of connection allocation failure
|
|
* BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED
|
|
* BUG/MEDIUM: mux-h2: handle remaining read0 cases
|
|
* BUILD: Makefile: move REGTESTST_TYPE default setting
|
|
* MINOR: cli/show_fd: report local and report ports when known
|
|
* BUILD: ssl: fix build breakage with last commit
|
|
* BUG/MINOR: ssl: do not try to use early data if not configured
|
|
* BUG/MINOR: xxhash: make sure armv6 uses memcpy()
|
|
* BUG/MINOR: mux_h2: fix incorrect stat titles
|
|
* BUG/MEDIUM: ssl: check a connection's status before computing a handshake
|
|
* BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store
|
|
* BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list
|
|
* DOC: management: fix "show resolvers" alphabetical ordering
|
|
* MINOR: h1: Raise the chunk size limit up to (2^52 - 1)
|
|
* MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls
|
|
* MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls
|
|
* MINOR: ssl/show_fd: report some FDs as suspicious when possible
|
|
* MINOR: cli/show_fd: report some easily detectable suspicious states
|
|
* MINOR: cli: give the show_fd helpers the ability to report a suspicious entry
|
|
* MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known
|
|
* MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known
|
|
* MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known
|
|
* MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them
|
|
* MINOR: ssl: provide a "show fd" helper to report important SSL information
|
|
* MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps.
|
|
* MINOR: cli: make "show fd" also report the xprt and xprt_ctx
|
|
* CLEANUP: cli: make "show fd" use a const connection to access other fields
|
|
* CLEANUP: tools: make resolve_sym_name() take a const pointer
|
|
* MINOR: contrib: Make the wireshark peers dissector compile for more distribs.
|
|
* BUG/MINOR: backend: check available list allocation for reuse
|
|
* BUG/MEDIUM: backend: never reuse a connection for tcp mode
|
|
* REORG: backend: simplify conn_backend_get
|
|
* BUG/MEDIUM: session: only retrieve ready idle conn from session
|
|
* BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file()
|
|
* BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name
|
|
* BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown
|
|
* DOC: Improve documentation of the various hdr() fetches
|
|
* BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX
|
|
* BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
|
|
* BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context
|
|
* BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
|
|
* BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper
|
|
* BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
|
|
* MINOR: build: discard echoing in help target
|
|
* BUG/MINOR: peers: Possible appctx pointer dereference.
|
|
* BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition
|
|
* BUILD: peers: fix build warning about unused variable
|
|
* BUG/MINOR: dns: SRV records ignores duplicated AR records (v2)
|
|
* MINOR: peers: Add traces for peer control messages.
|
|
* BUG/MINOR: threads: Fixes the number of possible cpus report for Mac.
|
|
* MINOR: server: Forbid server definitions in frontend sections
|
|
* MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities
|
|
* BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 27 16:19:26 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
|
|
|
- Add lua54.patch to fix building with lua 5.4
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 13 16:02:43 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.4+git0.10189c965:
|
|
* [RELEASE] Released version 2.3.4
|
|
* MINOR: contrib/prometheus-exporter: use fill_info for process dump
|
|
* MINOR: contrib/prometheus-exporter: avoid connection close header
|
|
* BUG/MINOR: init: enforce strict-limits when using master-worker
|
|
* BUG/MINOR: check: Don't perform any check on servers defined in a frontend
|
|
* BUG/MINOR: sample: Memory leak of sample_expr structure in case of error
|
|
* Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records"
|
|
* MINOR: reg-tests: add base prometheus test
|
|
* BUG/MINOR: reg-tests: fix service dependency script
|
|
* BUG/MINOR: sample: check alloc_trash_chunk return value in concat()
|
|
* MINOR: reg-tests: add a way to add service dependency
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 08 21:10:38 UTC 2021 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.3+git0.9233c2143:
|
|
* [RELEASE] Released version 2.3.3
|
|
* BUG/MINOR: sample: fix concat() converter's corruption with non-string variables
|
|
* DOC: Add maintainers for the Prometheus exporter
|
|
* SCRIPTS: announce-release: fix typo in help message
|
|
* DOC: fix some spelling issues over multiple files
|
|
* MINOR: contrib/prometheus-exporter: export build_info
|
|
* CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error
|
|
* BUILD: Makefile: exclude broken tests by default
|
|
* MINOR: converter: adding support for url_enc
|
|
* BUG/MINOR: srv: do not cleanup idle conns if pool max is null
|
|
* BUG/MINOR: srv: do not init address if backend is disabled
|
|
* SCRIPTS: make announce release support preparing announces before tag exists
|
|
* SCRIPTS: improve announce-release to support different tag and versions
|
|
* BUG/MINOR: stats: Make stat_l variable used to dump a stat line thread local
|
|
* DOC: Improve the message printed when running `make` w/o `TARGET`
|
|
* BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule
|
|
* BUG/MINOR: cfgparse: Fail if the strdup() for `rule->be.name` for `use_backend` fails
|
|
* BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails
|
|
* MINOR: atomic: don't use ; to separate instruction on aarch64.
|
|
* BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
|
|
* BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup
|
|
* DOC: fix "smp_size" vs "sample_size" in "log" directive arguments
|
|
* BUG/MINOR: dns: SRV records ignores duplicated AR records
|
|
* BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call
|
|
* BUILD: plock: remove dead code that causes a warning in gcc 11
|
|
* CONTRIB: debug: address "poll" utility build on non-linux platforms
|
|
* CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps
|
|
* CONTRIB: halog: mark the has_zero* functions unused
|
|
* CONTRIB: halog: fix build issue caused by %L printf format
|
|
* BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request
|
|
* BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode
|
|
* BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests
|
|
* BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well
|
|
* BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call
|
|
* REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
|
|
* BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert"
|
|
* BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight
|
|
* BUG/MINOR: tools: Reject size format not starting by a digit
|
|
* BUG/MINOR: tools: make parse_time_err() more strict on the timer validity
|
|
* MINOR: tcpcheck: Only wait for more payload data on HTTP expect rules
|
|
* BUG/MINOR: tcpcheck: Don't rearm the check timeout on each read
|
|
* BUG/MINOR: http-check: Use right condition to consider HTX message as full
|
|
* DOC: email change of the DeviceAtlas maintainer
|
|
* BUG/MEDIUM: spoa/python: Fixing references to None
|
|
* BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments
|
|
* BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails
|
|
* BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations
|
|
* DOC: spoa/python: Fixing typos in comments
|
|
* DOC: spoa/python: Rephrasing memory related error messages
|
|
* DOC: spoa/python: Fixing typo in IP related error messages
|
|
* BUG/MAJOR: spoa/python: Fixing return None
|
|
* MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1
|
|
* MINOR: listener: now use a generic add_listener() function
|
|
* MINOR: listener: automatically set the port when creating listeners
|
|
* MINOR: protocol: add a ->set_port() helper to address families
|
|
* BUG/MINOR: mux-h1: Handle keep-alive timeout for idle frontend connections
|
|
* BUG/MINOR: listener: use sockaddr_in6 for IPv6
|
|
* DOC/MINOR: Fix formatting in Management Guide
|
|
* BUILD/MINOR: haproxy DragonFlyBSD affinity build update.
|
|
* BUG/MAJOR: ring: tcp forward on ring can break the reader counter.
|
|
* BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times
|
|
* MINOR: cli: add a function to look up a CLI service description
|
|
* MINOR: actions: add a function returning a service pointer from its name
|
|
* MINOR: actions: Export actions lookup functions
|
|
* BUG/MINOR: lua: Some lua init operation are processed unsafe
|
|
* BUG/MINOR: lua: Post init register function are not executed beyond the first one
|
|
* BUG/MINOR: lua: lua-load doesn't check its parameters
|
|
* BUG/MINOR: lua: missing "\n" in error message
|
|
* BUG/MINOR: mux-h2/stats: not all GOAWAY frames are errors
|
|
* BUG/MINOR: mux-h2/stats: make stream/connection proto errors more accurate
|
|
* BUG/MEDIUM: local log format regression.
|
|
* BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
|
|
* MINOR: task: remove __tasklet_remove_from_tasklet_list()
|
|
* BUG/MEDIUM: lists: Lock the element while we check if it is in a list.
|
|
* MINOR: plock: use an ARMv8 instruction barrier for the pause instruction
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 30 16:59:46 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.2+git0.d522db763:
|
|
* [RELEASE] Released version 2.3.2
|
|
* BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check
|
|
* DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section
|
|
* BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool
|
|
* MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main
|
|
* BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check
|
|
* DOC: Clarify %HP description in log-format
|
|
* DOC: better document the config file format and escaping/quoting rules
|
|
* BUG/MAJOR: peers: fix partial message decoding
|
|
* BUG/MEDIUM: http_act: Restore init of log-format list
|
|
* BUILD: Show the value of DEBUG= in haproxy -vv
|
|
* BUILD: Make DEBUG part of .build_opts
|
|
* MINOR: http_act: Add -m flag for del-header name matching method
|
|
* REGTESTS: converter: add url_dec test
|
|
* REGTESTS: Add sample_fetches/cook.vtc
|
|
* DOC: cache: Add new caching limitation information
|
|
* MEDIUM: cache: Change caching conditions
|
|
* BUG/MAJOR: filters: Always keep all offsets up to date during data filtering
|
|
* DOC: better describes how to configure a fallback crt
|
|
* BUG/MINOR: http_htx: Fix searching headers by substring
|
|
* BUG/MAJOR: connection: reset conn->owner when detaching from session list
|
|
* CLEANUP: connection: do not use conn->owner when the session is known
|
|
* DOC: clarify how to create a fallback crt
|
|
* BUILD: makefile: enable crypt(3) for OpenBSD
|
|
* BUG/MEDIUM: ssl/crt-list: fix error when no file found
|
|
* BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated
|
|
* BUG/MEDIUM: ssl: error when no certificate are found
|
|
* BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list
|
|
* BUG/MEDIUM: http-ana: Don't eval http-after-response ruleset on empty messages
|
|
* BUG/MINOR: ssl: segv on startup when AKID but no keyid
|
|
* DOC: add missing 3.10 in the summary
|
|
* BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests
|
|
* BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering
|
|
* CLEANUP: cfgparse: remove duplicate registration for transparent build options
|
|
* BUILD: http-htx: fix build warning regarding long type in printf
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 13 22:14:25 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.1+git0.bdd7178b8:
|
|
* [RELEASE] Released version 2.3.1
|
|
* REGTEST: make ssl_client_samples and ssl_server_samples require to 2.2
|
|
* MINOR: peers: Add traces to peer_treat_updatemsg().
|
|
* REGTEST: ssl: mark reg-tests/ssl/ssl_crt-list_filters.vtc as broken
|
|
* REGTEST: ssl: test wildcard and multi-type + exclusions
|
|
* MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error.
|
|
* MINOR: config/mux-h2: Return ERR_ flags from init_h2() instead of a status
|
|
* MINOR: init: Fix the prototype for per-thread free callbacks
|
|
* BUG/MINOR: tcpcheck: Don't warn on unused rules if check option is after
|
|
* MINOR: spoe: Don't close connection in sync mode on processing timeout
|
|
* BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet
|
|
* BUG/MINOR: http-htx: Handle warnings when parsing http-error and http-errors
|
|
* MINOR: check: report error on incompatible connect proto
|
|
* MINOR: check: report error on incompatible proto
|
|
* BUG/MEDIUM: check: reuse srv proto only if using same mode
|
|
* BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches
|
|
* BUG/MINOR: http-fetch: Extract cookie value even when no cookie name
|
|
* BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages
|
|
* BUG/MINOR: peers: Missing TX cache entries reset.
|
|
* BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries.
|
|
* BUG/MINOR: stats: free dynamically stats fields/lines on shutdown
|
|
* BUG/MINOR: lua: set buffer size during map lookups
|
|
* BUG/MINOR: pattern: a sample marked as const could be written
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 06 16:14:26 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.0+git4.689d98154:
|
|
* BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 06 13:10:28 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.0+git3.7a50763d1:
|
|
* DOC: config: Fix a typo on ssl_c_chain_der
|
|
* MINOR: http-htx: Add understandable errors for the errorfiles parsing
|
|
* BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 5 18:56:00 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- apparmor: do not limit to tcp sockets. haproxy can do udp as
|
|
well.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 05 16:43:01 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.3.0+git0.1c0a722a8:
|
|
https://www.haproxy.com/blog/announcing-haproxy-2-3/
|
|
|
|
for all the details see
|
|
/usr/share/doc/packages/haproxy/CHANGELOG
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 05 14:49:02 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.2.5+git0.34b2b1066:
|
|
* [RELEASE] Released version 2.2.5
|
|
* BUG/MEDIUM: server: make it possible to kill last idle connections
|
|
* CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream
|
|
* BUG/MEDIUM: stick-table: limit the time spent purging old entries
|
|
* BUG/MINOR: filters: Skip disabled proxies during startup only
|
|
* BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade
|
|
* MINOR: server: Copy configuration file and line for server templates
|
|
* BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup
|
|
* BUG/MINOR: checks: Report a socket error before any connection attempt
|
|
* BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies
|
|
* BUG/MEDIUM: filters: Don't try to init filters for disabled proxies
|
|
* BUG/MINOR: cache: Inverted variables in http_calc_maxage function
|
|
* BUG/MINOR: cache: Manage multiple values in cache-control header value
|
|
* MINOR: ist: Add a case insensitive istmatch function
|
|
* BUG/MINOR: lua: initialize sample before using it
|
|
* BUG/MINOR: server: fix down_time report for stats
|
|
* BUG/MINOR: server: fix srv downtime calcul on starting
|
|
* BUG/MINOR: log: fix risk of null deref on error path
|
|
* BUG/MINOR: log: fix memory leak on logsrv parse error
|
|
* BUG/MINOR: extcheck: add missing checks on extchk_setenv()
|
|
* BUG/MEDIUM: ssl: OCSP must work with BoringSSL
|
|
* Revert "MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension"
|
|
* BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible
|
|
* BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests
|
|
* BUG/MEDIUM: server: support changing the slowstart value from state-file
|
|
* BUG/MINOR: queue: properly report redistributed connections
|
|
* MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension
|
|
* BUILD: ssl: make BoringSSL use its own version numbers
|
|
* BUG/MINOR: disable dynamic OCSP load with BoringSSL
|
|
* BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions.
|
|
* DOC: fix typo in MAX_SESS_STKCTR
|
|
* BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn
|
|
* BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages
|
|
* BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided
|
|
* BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once
|
|
* BUG/MINOR: connection: fix loop iter on connection takeover
|
|
* MINOR: fd: report an error message when failing initial allocations
|
|
* BUG/MINOR: mux-h2: do not stop outgoing connections on stopping
|
|
* BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited
|
|
* BUILD: connection: fix build on clang after the VAR_ARRAY cleanup
|
|
* CLEANUP: tree-wide: use VAR_ARRAY instead of [0] in various definitions
|
|
* BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses
|
|
* BUG/MINOR: http: Fix content-length of the default 500 error
|
|
* DOC: Fix typos in configuration.txt
|
|
* BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams
|
|
* BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams
|
|
* DOC: Add missing stats fields in the management doc
|
|
* DOC: fix a confusing typo on a regsub example
|
|
* BUG/MINOR: mux-h1: Always set the session on frontend h1 stream
|
|
* BUG/MINOR: mux-h1: Be sure to only set CO_RFL_READ_ONCE for the first read
|
|
* BUG/MINOR: peers: Inconsistency when dumping peer status codes.
|
|
* MINOR: hlua: Display debug messages on stderr only in debug mode
|
|
* BUG/MINOR: stats: fix validity of the json schema
|
|
* MINOR: counters: fix a typo in comment
|
|
* MINOR: ssl: Add warning if a crt-list might be truncated
|
|
* BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe
|
|
* BUG/MINOR: tcpcheck: Set socks4 and send-proxy flags before the connect call
|
|
* DOC: tcp-rules: Refresh details about L7 matching for tcp-request content rules
|
|
* BUG/MINOR: Fix several leaks of 'log_tag' in init().
|
|
* MINOR: ssl: Add error if a crt-list might be truncated
|
|
* BUILD: makefile: Fix building with closefrom() support enabled
|
|
* BUILD: ssl_crtlist: work around another bogus gcc-9.3 warning
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 2 13:15:38 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- apparmor profile:
|
|
- we need net_admin capability for non local bind and setting
|
|
"source" for server entries.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 24 01:18:29 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- apparmor profile fixes:
|
|
- include abstractions that give access to the openssl config,
|
|
ssl certs and ssl keys
|
|
- include local configs only with "if exists" so they do not have
|
|
to exist.
|
|
- move local files to %ghost
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 2 14:38:51 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- use parallel build
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 02 14:37:00 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.2.4+git0.de456726d:
|
|
* [RELEASE] Released version 2.2.4
|
|
* REGTEST: make map_regm_with_backref require 1.7
|
|
* REGTEST: make abns_socket.vtc require 1.8
|
|
* REGTEST: make agent-check.vtc require 1.8
|
|
* REGTEST: fix host part in balance-uri-path-only.vtc
|
|
* BUG/MINOR: ssl/crt-list: exit on warning out of crtlist_parse_line()
|
|
* DOC: agent-check: fix typo in "fail" word expected reply
|
|
* REGTESTS: use "command" instead of "which" for better POSIX compatibility
|
|
* BUILD: trace: include tools.h
|
|
* BUG/MEDIUM: listeners: do not pause foreign listeners
|
|
* REGTESTS: add a few load balancing tests
|
|
* MINOR: backend: add a new "path-only" option to "balance uri"
|
|
* MINOR: backend: make the "whole" option of balance uri take only one bit
|
|
* MINOR: h2/trace: also display the remaining frame length in traces
|
|
* BUG/MINOR: Fix memory leaks cfg_parse_peers
|
|
* BUG/MEDIUM: h2: report frame bits only for handled types
|
|
* BUG/MINOR: config: Fix memory leak on config parse listen
|
|
* BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch
|
|
* BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK
|
|
* BUG/MINOR: ssl/crt-list: crt-list could end without a \n
|
|
* BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly.
|
|
* BUG/MINOR: server: report correct error message for invalid port on "socks4"
|
|
* BUG/MINOR: ssl: verifyhost is case sensitive
|
|
* BUG/MINOR: Fix type passed of sizeof() for calloc()
|
|
* BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned
|
|
* BUILD: threads: better workaround for late loading of libgcc_s
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 08 15:02:38 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.2.3+git0.0e58a340d:
|
|
* [RELEASE] Released version 2.2.3
|
|
* BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections
|
|
* BUG/MINOR: auth: report valid crypto(3) support depending on build options
|
|
* DOC: ssl-load-extra-files only applies to certificates on bind lines
|
|
* MINOR: server: Improve log message sent when server address is updated
|
|
* BUG/MEDIUM: dns: Be sure to renew IP address for already known servers
|
|
* BUG/MEDIUM: dns: Don't store additional records in a linked-list
|
|
* CLEANUP: dns: remove 45 "return" statements from dns_validate_dns_response()
|
|
* CLEANUP: Update .gitignore
|
|
* MINOR: Commit .gitattributes
|
|
* BUILD: thread: limit the libgcc_s workaround to glibc only
|
|
* BUG/MINOR: threads: work around a libgcc_s issue with chrooting
|
|
* BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate
|
|
* MINOR: arg: Use chunk_destroy() to release string arguments
|
|
* BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp()
|
|
* REGTEST: Add a test for request path manipulations, with and without the QS
|
|
* MINOR: http-fetch: Add pathq sample fetch
|
|
* MINOR: http-rules: Add set-pathq and replace-pathq actions
|
|
* BUG/MEDIUM: doc: Fix replace-path action description
|
|
* Revert "BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action"
|
|
* BUG/MINOR: startup: haproxy -s cause 100% cpu
|
|
* BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address
|
|
* BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure
|
|
* BUG/MINOR: contrib/spoa-server: Do not free reference to NULL
|
|
* BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed
|
|
* BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak
|
|
* BUILD: task: work around a bogus warning in gcc 4.7/4.8 at -O1
|
|
* BUILD: tools: include auxv a bit later
|
|
* MINOR: cache: Reject duplicate cache names
|
|
* DOC: cache: Use '<name>' instead of '<id>' in error message
|
|
* BUG/MEDIUM: ssl: crt-list negative filters don't work
|
|
* BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action
|
|
* MINOR: http-htx: Add an option to eval query-string when the path is replaced
|
|
* BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers
|
|
* BUG/MINOR: reload: do not fail when no socket is sent
|
|
* BUG/MEDIUM: ssl: fix ssl_bind_conf double free w/ wildcards
|
|
* BUG/MEDIUM: ssl: never generates the chain from the verify store
|
|
* BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction
|
|
* BUG/MINOR: stats: use strncmp() instead of memcmp() on health states
|
|
* BUG/MINOR: ssl: ssl-skip-self-issued-ca requires >= 1.0.2
|
|
* BUG/MEDIUM: ssl: fix the ssl-skip-self-issued-ca option
|
|
* BUG/MINOR: snapshots: leak of snapshots on deinit()
|
|
* MEDIUM: lua: Don't filter exported fetches and converters
|
|
* BUG/MINOR: lua: Duplicate lua strings in sample fetches/converters arg array
|
|
* MINOR: hlua: Don't needlessly copy lua strings in trash during args validation
|
|
* BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation
|
|
* BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation
|
|
* BUG/MINOR: arg: Fix leaks during arguments validation for fetches/converters
|
|
* BUG/MINOR: lua: Duplicate map name to load it when a new Map object is created
|
|
* BUG/MINOR: converters: Store the sink in an arg pointer for debug() converter
|
|
* MINOR: arg: Add an argument type to keep a reference on opaque data
|
|
* BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime
|
|
* BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free()
|
|
* BUG/MINOR: ssl: fix memory leak at OCSP loading
|
|
* DOC: spoa-server: fix false friends `actually`
|
|
* BUG/MINOR: spoa-server: fix size_t format printing
|
|
* BUG/MAJOR: dns: disabled servers through SRV records never recover
|
|
* CLEANUP: dns: typo in reported error message
|
|
* BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send
|
|
* SCRIPTS: git-show-backports: emit the shell command to backport a commit
|
|
* SCRIPTS: git-show-backports: make -m most only show the left branch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 31 10:56:54 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.2.2+git0.b8a2763d5:
|
|
* [RELEASE] Released version 2.2.2
|
|
* BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux
|
|
* BUG/MEDIUM: backend: always attach the transport before installing the mux
|
|
* SCRIPTS: announce-release: add the link to the wiki in the announce messages
|
|
* MINOR: stream-int: Be sure to have a mux to do sends and receives
|
|
* MINOR: connection: Preinstall the mux for non-ssl connect
|
|
* BUG/MEDIUM: connection: Be sure to always install a mux for sync connect
|
|
* BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
|
|
* BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort
|
|
* BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation
|
|
* BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation
|
|
* MEDIUM: lua: Add support for the Lua 5.4
|
|
* BUG/MAJOR: dns: don't treat Authority records as an error
|
|
* BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status
|
|
* BUG/MINOR: debug: Don't dump the lua stack if it is not initialized
|
|
* BUILD: tools: fix build with static only toolchains
|
|
* BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 23 15:00:50 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.2.1+git0.0ef71a557:
|
|
* [RELEASE] Released version 2.2.1
|
|
* BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering
|
|
* BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected
|
|
* BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one
|
|
* MEDIUM: htx: Add a flag on a HTX message when no more data are expected
|
|
* BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
|
|
* BUG/MAJOR: dns: Make the do-resolve action thread-safe
|
|
* BUG/MAJOR: tasks: don't requeue global tasks into the local queue
|
|
* BUG/MEDIUM: resolve: fix init resolving for ring and peers section.
|
|
* BUG/MEDIUM: arg: empty args list must be dropped
|
|
* DOC: ssl: req_ssl_sni needs implicit TLS
|
|
* BUILD: config: fix again bugs gcc warnings on calloc
|
|
* BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed
|
|
* BUILD: config: address build warning on raspbian+rpi4
|
|
* BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked
|
|
* BUG/MEDIUM: server: fix possibly uninitialized state file on close
|
|
* BUG/MEDIUM: server: resolve state file handle leak on reload
|
|
* BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers
|
|
* BUG/MEDIUM: log: issue mixing sampled to not sampled log servers.
|
|
* BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT
|
|
* BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding
|
|
* BUG/MINOR: mux-fcgi: Handle empty STDERR record
|
|
* BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode
|
|
* BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list
|
|
* BUG/MEDIUM: mux-h2: Don't add private connections in available connection list
|
|
* CONTRIB: da: fix memory leak in dummy function da_atlas_open()
|
|
* BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ
|
|
* BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD()
|
|
* BUG/MINOR: sample: Free str.area in smp_check_const_meth
|
|
* BUG/MINOR: sample: Free str.area in smp_check_const_bool
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 07 15:13:34 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.2.0+git0.3a00c915f:
|
|
https://www.haproxy.com/blog/announcing-haproxy-2-2/
|
|
|
|
* [RELEASE] Released version 2.2.0
|
|
* MINOR: version: mention that it's an LTS release now
|
|
* DOC: minor update to coding style file
|
|
* DOC: update INSTALL with new compiler versions
|
|
* CLEANUP: ssl: remove unrelevant comment in smp_fetch_ssl_x_keylog()
|
|
* DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x
|
|
* BUG/MINOR: connection: See new connection as available only on reuse always
|
|
* BUG/MEDIUM: connection: Don't consider new private connections as available
|
|
* BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server
|
|
* MINOR: mux-h1: Improve traces about the splicing
|
|
- refreshed patches to apply cleanly again:
|
|
haproxy-1.6.0-makefile_lib.patch
|
|
haproxy-1.6.0-sec-options.patch
|
|
- track series file in source rpm
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 09 20:27:50 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.7+git0.8bebf80fb:
|
|
* [RELEASE] Released version 2.1.7
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 08 22:04:10 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.6+git1.661c88907:
|
|
* BUG/MAJOR: http-htx: Don't forget to copy error messages from defaults sections
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 08 21:58:40 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.6+git0.34db76106:
|
|
* [RELEASE] Released version 2.1.6
|
|
* BUG/MINOR: mworker: fix a memleak when execvp() failed
|
|
* BUG/MINOR: ssl: fix a trash buffer leak in some error cases
|
|
* BUG/MEDIUM: mworker: fix the reload with an -- option
|
|
* BUG/MINOR: init: -S can have a parameter starting with a dash
|
|
* BUG/MINOR: init: -x can have a parameter starting with a dash
|
|
* BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
|
|
* BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics
|
|
* BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations
|
|
* BUG/MEDIUM: http-htx: Duplicate error messages as raw data instead of string
|
|
* BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action
|
|
* BUG/MINOR: peers: fix internal/network key type mapping.
|
|
* SCRIPTS: publish-release: pass -n to gzip to remove timestamp
|
|
* Revert "BUG/MEDIUM: connections: force connections cleanup on server changes"
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 29 11:28:18 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.5+git0.36e14bd31:
|
|
* [RELEASE] Released version 2.1.5
|
|
* BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
|
|
* BUG/MINOR: lua: Add missing string length for lua sticktable lookup
|
|
* BUG/MEDIUM: logs: fix trailing zeros on log message.
|
|
* REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used
|
|
* BUG/MINOR: logs: prevent double line returns in some events.
|
|
* DOC: SPOE is no longer experimental
|
|
* DOC/MINOR: halog: Add long help info for ic flag
|
|
* DOC: retry-on can only be used with mode http
|
|
* BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
|
|
* BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
|
|
* BUG/MEDIUM: ring: write-lock the ring while attaching/detaching
|
|
* BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason
|
|
* BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
|
|
* BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.
|
|
* BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
|
|
* BUILD: select: only declare existing local labels to appease clang
|
|
* BUG/MINOR: soft-stop: always wake up waiting threads on stopping
|
|
* BUG/MINOR: pollers: remove uneeded free in global init
|
|
* BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
|
|
* BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
|
|
* BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
|
|
* BUG/MINOR: http-ana: fix NTLM response parsing again
|
|
* BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
|
|
* BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT
|
|
* BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
|
|
* BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
|
|
* BUG/MINOR: sample: Set the correct type when a binary is converted to a string
|
|
* CLEANUP: connections: align function declaration
|
|
* BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
|
|
* BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed
|
|
* BUG/MEDIUM: connections: force connections cleanup on server changes
|
|
* BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach()
|
|
* BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release()
|
|
* BUG/MINOR: checks: Remove a warning about http health checks
|
|
* BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks
|
|
* BUG/MINOR: checks/server: use_ssl member must be signed
|
|
* Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections"
|
|
* Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY connections"
|
|
* REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script
|
|
* REGTEST: ssl: test the client certificate authentication
|
|
* BUILD: Makefile: add linux-musl to TARGET
|
|
* BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr()
|
|
* BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms
|
|
* MINOR: debug: dump the whole trace if we can't spot the starting point
|
|
* MINOR: debug: use our own backtrace function on clang+x86_64
|
|
* MINOR: debug: improve backtrace() on aarch64 and possibly other systems
|
|
* MINOR: debug: report the number of entries in the backtrace
|
|
* MINOR: wdt: do not depend on USE_THREAD
|
|
* BUILD: Makefile: include librt before libpthread
|
|
* MINOR: debug: call backtrace() once upon startup
|
|
* MEDIUM: debug: add support for dumping backtraces of stuck threads
|
|
* MINOR: cli: make "show fd" rely on resolve_sym_name()
|
|
* MINOR: debug: use resolve_sym_name() to dump task handlers
|
|
* MINOR: tools: add resolve_sym_name() to resolve function pointers
|
|
* MINOR: tools: add new function dump_addr_and_bytes()
|
|
* MINOR: haproxy: export run_poll_loop
|
|
* MINOR: stream: report the list of active filters on stream crashes
|
|
* BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
|
|
* BUG/MEDIUM: shctx: really check the lock's value while waiting
|
|
* BUG/MINOR: debug: properly use long long instead of long for the thread ID
|
|
* MINOR: threads: export the POSIX thread ID in panic dumps
|
|
* BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
|
|
* BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
|
|
* BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
|
|
* BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
|
|
* BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
|
|
* BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream
|
|
* BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it
|
|
* BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
|
|
* BUG/MINOR: checks: chained expect will not properly wait for enough data
|
|
* BUG/MEDIUM: server/checks: Init server check during config validity check
|
|
* BUG/MINOR: checks: Respect the no-check-ssl option
|
|
* MINOR: checks: Add a way to send custom headers and payload during http chekcs
|
|
* BUG/MINOR: check: Update server address and port to execute an external check
|
|
* MINOR: contrib: make the peers wireshark dissector a plugin
|
|
* MEDIUM: memory: make pool_gc() run under thread isolation
|
|
* DOC: option logasap does not depend on mode
|
|
* BUG/MINOR: http: make url_decode() optionally convert '+' to SP
|
|
* BUG/MINOR: tools: fix the i386 version of the div64_32 function
|
|
* BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
|
|
* BUG/MINOR: ssl: default settings for ssl server options are not used
|
|
* DOC: Improve documentation on http-request set-src
|
|
* MINOR: version: Show uname output in display_version()
|
|
* DOC: hashing: update link to hashing functions
|
|
* BUG/MINOR: peers: Incomplete peers sections should be validated.
|
|
* BUG/MINOR: connection: always send address-less LOCAL PROXY connections
|
|
* BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
|
|
* BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
|
|
* MINOR: ssl: improve the errors when a crt can't be open
|
|
* BUG/MINOR: protocol_buffer: Wrong maximum shifting.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 15 23:10:28 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- use the "profile profilename /path/to/binary" syntax to make
|
|
"ps aufxZ" more readable
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 2 13:24:34 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100
|
|
- SCRIPTS: make announce-release executable again
|
|
- BUG/MINOR: namespace: avoid closing fd when socket failed in
|
|
my_socketat
|
|
- BUG/MEDIUM: muxes: Use the right argument when calling the
|
|
destroy method.
|
|
- BUG/MINOR: mux-fcgi: Forbid special characters when matching
|
|
PATH_INFO param
|
|
- MINOR: mux-fcgi: Make the capture of the path-info optional in
|
|
pathinfo regex
|
|
- SCRIPTS: announce-release: use mutt -H instead of -i to include
|
|
the draft
|
|
- MINOR: http-htx: Add a function to retrieve the headers size of
|
|
an HTX message
|
|
- MINOR: filters: Forward data only if the last filter forwards
|
|
something
|
|
- BUG/MINOR: filters: Count HTTP headers as filtered data but
|
|
don't forward them
|
|
- BUG/MINOR: http-htx: Don't return error if authority is updated
|
|
without changes
|
|
- BUG/MINOR: http-ana: Matching on monitor-uri should be
|
|
case-sensitive
|
|
- MINOR: http-ana: Match on the path if the monitor-uri starts by
|
|
a /
|
|
- BUG/MAJOR: http-ana: Always abort the request when a tarpit is
|
|
triggered
|
|
- MINOR: ist: add an iststop() function
|
|
- BUG/MINOR: http: http-request replace-path duplicates the query
|
|
string
|
|
- BUG/MEDIUM: shctx: make sure to keep all blocks aligned
|
|
- MINOR: compiler: move CPU capabilities definition from config.h
|
|
and complete them
|
|
- BUG/MEDIUM: ebtree: don't set attribute packed without
|
|
unaligned access support
|
|
- BUILD: fix recent build failure on unaligned archs
|
|
- CLEANUP: cfgparse: Fix type of second calloc() parameter
|
|
- BUG/MINOR: sample: fix the json converter's endian-sensitivity
|
|
- BUG/MEDIUM: ssl: fix several bad pointer aliases in a few
|
|
sample fetch functions
|
|
- BUG/MINOR: connection: make sure to correctly tag local PROXY
|
|
connections
|
|
- MINOR: compiler: add new alignment macros
|
|
- BUILD: ebtree: improve architecture-specific alignment
|
|
- BUG/MINOR: h2: reject again empty :path pseudo-headers
|
|
- BUG/MINOR: sample: Make sure to return stable IDs in the
|
|
unique-id fetch
|
|
- BUG/MINOR: dns: ignore trailing dot
|
|
- BUG/MINOR: http-htx: Do case-insensive comparisons on Host
|
|
header name
|
|
- MINOR: contrib/prometheus-exporter: Add heathcheck status/code
|
|
in server metrics
|
|
- MINOR: contrib/prometheus-exporter: Add the last heathcheck
|
|
duration metric
|
|
- BUG/MEDIUM: random: initialize the random pool a bit better
|
|
- MINOR: tools: add 64-bit rotate operators
|
|
- BUG/MEDIUM: random: implement a thread-safe and process-safe
|
|
PRNG
|
|
- MINOR: backend: use a single call to ha_random32() for the
|
|
random LB algo
|
|
- BUG/MINOR: checks/threads: use ha_random() and not rand()
|
|
- BUG/MAJOR: list: fix invalid element address calculation
|
|
- MINOR: debug: report the task handler's pointer relative to
|
|
main
|
|
- BUG/MEDIUM: debug: make the debug_handler check for the thread
|
|
in threads_to_dump
|
|
- MINOR: haproxy: export main to ease access from debugger
|
|
- BUILD: tools: remove obsolete and conflicting trace() from
|
|
standard.c
|
|
- BUG/MINOR: wdt: do not return an error when the watchdog
|
|
couldn't be enabled
|
|
- DOC: fix incorrect indentation of http_auth_*
|
|
- OPTIM: startup: fast unique_id allocation for acl.
|
|
- BUG/MINOR: pattern: Do not pass len = 0 to calloc()
|
|
- DOC: configuration.txt: fix various typos
|
|
- DOC: assorted typo fixes in the documentation and Makefile
|
|
- BUG/MINOR: init: make the automatic maxconn consider the max of
|
|
soft/hard limits
|
|
- BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
|
|
- REGTEST: make the PROXY TLV validation depend on version 2.2
|
|
- BUG/MINOR: filters: Use filter offset to decude the amount of
|
|
forwarded data
|
|
- BUG/MINOR: filters: Forward everything if no data filters are
|
|
called
|
|
- MINOR: htx: Add a function to return a block at a specific
|
|
offset
|
|
- BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the
|
|
response payload
|
|
- BUG/MEDIUM: compression/filters: Fix loop on HTX blocks
|
|
compressing the payload
|
|
- BUG/MINOR: http-ana: Reset request analysers on a response side
|
|
error
|
|
- BUG/MINOR: lua: Ignore the reserve to know if a channel is full
|
|
or not
|
|
- BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject
|
|
action
|
|
- BUG/MINOR: http-rules: Fix a typo in the reject action function
|
|
- BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop
|
|
action
|
|
- BUG/MINOR: rules: Increment be_counters if backend is assigned
|
|
for a silent-drop
|
|
- DOC: fix typo about no-tls-tickets
|
|
- DOC: improve description of no-tls-tickets
|
|
- DOC: assorted typo fixes in the documentation
|
|
- DOC: ssl: clarify security implications of TLS tickets
|
|
- BUILD: wdt: only test for SI_TKILL when compiled with thread
|
|
support
|
|
- BUG/MEDIUM: mt_lists: Make sure we set the deleted element to
|
|
NULL;
|
|
- MINOR: mt_lists: Appease gcc.
|
|
- BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
|
|
- BUG/MEDIUM: pools: Always update free_list in pool_gc().
|
|
- BUG/MINOR: haproxy: always initialize sleeping_thread_mask
|
|
- BUG/MINOR: listener/mq: do not dispatch connections to remote
|
|
threads when stopping
|
|
- BUG/MINOR: haproxy/threads: try to make all threads leave
|
|
together
|
|
- DOC: proxy_protocol: Reserve TLV type 0x05 as
|
|
PP2_TYPE_UNIQUE_ID
|
|
- DOC: correct typo in alert message about rspirep
|
|
- BUILD: on ARM, must be linked to libatomic.
|
|
- BUILD: makefile: fix regex syntax in ARM platform detection
|
|
- BUILD: makefile: fix expression again to detect ARM platform
|
|
- BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong
|
|
cases.
|
|
- DOC: assorted typo fixes in the documentation
|
|
- MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into
|
|
types/signal.h.
|
|
- BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in
|
|
__signal_process_queue().
|
|
- MINOR: memory: Change the flush_lock to a spinlock, and don't
|
|
get it in alloc.
|
|
- BUG/MINOR: connections: Make sure we free the connection on
|
|
failure.
|
|
- REGTESTS: use "command -v" instead of "which"
|
|
- REGTEST: increase timeouts on the seamless-reload test
|
|
- BUG/MINOR: haproxy/threads: close a possible race in soft-stop
|
|
detection
|
|
- BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
|
|
- BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
|
|
- BUG/MINOR: peers: Use after free of "peers" section.
|
|
- MINOR: listener: add so_name sample fetch
|
|
- BUILD: ssl: only pass unsigned chars to isspace()
|
|
- BUG/MINOR: stats: Fix color of draining servers on stats page
|
|
- DOC: internals: Fix spelling errors in filters.txt
|
|
- MINOR: http-rules: Add a flag on redirect rules to know the
|
|
rule direction
|
|
- BUG/MINOR: http_ana: make sure redirect flags don't have
|
|
overlapping bits
|
|
- MINOR: http-rules: Handle the rule direction when a redirect is
|
|
evaluated
|
|
- BUG/MINOR: http-ana: Reset request analysers on error when
|
|
waiting for response
|
|
- BUG/CRITICAL: hpack: never index a header into the headroom
|
|
after wrapping
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 14 13:23:23 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Remove unsupported options from example haproxy.cfg
|
|
- Make haproxy useable for containers
|
|
- Use sysusers.d to create users.
|
|
- Use systemd_ordering instead of requiring systemd.
|
|
- Own vim syntax directory instead of requiring vim. This also
|
|
solves the problem the directory got never removed if vim is
|
|
updated before haproxy.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 12 15:42:26 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.3+git0.5c020bbdd:
|
|
* [RELEASE] Released version 2.1.3
|
|
* BUG/MINOR: tcp: don't try to set defaultmss when value is negative
|
|
* BUG/MINOR: http-ana: Set HTX_FL_PROXY_RESP flag if a server perform a redirect
|
|
* BUG/MINOR: http-ana: Don't overwrite outgoing data when an error is reported
|
|
* MINOR: htx/channel: Add a function to copy an HTX message in a channel's buffer
|
|
* MINOR: htx: Add a function to append an HTX message to another one
|
|
* DOC: word converter ignores delimiters at the start or end of input string
|
|
* MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs
|
|
* BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
|
|
* BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
|
|
* BUG/MEDIUM: listener: only consider running threads when resuming listeners
|
|
* BUG/MINOR: dns: allow 63 char in hostname
|
|
* BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
|
|
* DOC: schematic of the SSL certificates architecture
|
|
* BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init
|
|
* SCRIPTS: announce-release: allow the user to force to overwrite old files
|
|
* SCRIPTS: announce-release: place the send command in the mail's header
|
|
* CONTRIB: debug: also support reading values from stdin
|
|
* MINOR: acl: Warn when an ACL is named 'or'
|
|
* CONTRIB: debug: support reporting multiple values at once
|
|
* CONTRIB: debug: add the possibility to decode the value as certain types only
|
|
* CONTRIB: debug: add missing flags SF_HTX and SF_MUX
|
|
* BUG/MINOR: ssl: clear the SSL errors on DH loading failure
|
|
* BUG/MINOR: ssl: we may only ignore the first 64 errors
|
|
* BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty.
|
|
* BUG/MEDIUM: memory: Add a rwlock before freeing memory.
|
|
* MINOR: memory: Only init the pool spinlock once.
|
|
* BUG/MEDIUM: memory_pool: Update the seq number in pool_flush().
|
|
* BUG/MEDIUM: connections: Don't forget to unlock when killing a connection.
|
|
* BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2
|
|
* BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer.
|
|
* BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error
|
|
* BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack
|
|
* BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.
|
|
* MINOR: lua: Add HLUA_PREPEND_C?PATH build option
|
|
* MINOR: lua: Add lua-prepend-path configuration option
|
|
* MINOR: lua: Add hlua_prepend_path function
|
|
* BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines
|
|
* BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers"
|
|
* BUG/MINOR: stktable: report the current proxy name in error messages
|
|
* BUG/MEDIUM: 0rtt: Only consider the SSL handshake.
|
|
* BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert"
|
|
* BUG/MINOR: ssl: typo in previous patch
|
|
* BUG/MINOR: ssl: memory leak w/ the ocsp_issuer
|
|
* BUG/MINOR: ssl: increment issuer refcount if in chain
|
|
* CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2
|
|
* BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded
|
|
* BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
|
|
* BUG/MEDIUM: netscaler: Don't forget to allocate storage for conn->src/dst.
|
|
* BUG/MINOR: http_act: don't check capture id in backend
|
|
* MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive
|
|
* BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak
|
|
* BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak
|
|
* BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak
|
|
* BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing
|
|
* BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing
|
|
* BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
|
|
* BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters
|
|
* BUILD: pattern: include errno.h
|
|
* BUG/MINOR: 51d: Fix bug when HTX is enabled
|
|
* BUG/MINOR: dns: Make dns_query_id_seed unsigned
|
|
* BUG/MINOR: cache: Fix leak of cache name in error path
|
|
* BUG/MINOR: pattern: handle errors from fgets when trying to load patterns
|
|
* BUG/MEDIUM: connection: add a mux flag to indicate splice usability
|
|
* BUG/MINOR: stream: don't mistake match rules for store-request rules
|
|
* BUG/MEDIUM: cli: _getsocks must send the peers sockets
|
|
* REGTEST: add sample_fetches/hashes.vtc to validate hashes
|
|
* BUG/MAJOR: hashes: fix the signedness of the hash inputs
|
|
* BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed().
|
|
* BUG/MEDIUM: mworker: remain in mworker mode during reload
|
|
* REGTEST: mcli/mcli_start_progs: start 2 programs
|
|
* BUG/MINOR: cli/mworker: can't start haproxy with 2 programs
|
|
* BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary
|
|
* BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch
|
|
* BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send()
|
|
* BUG/MEDIUM: tasks: Use the MT macros in tasklet_free().
|
|
* BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached
|
|
* BUG/MEDIUM: session: do not report a failure when rejecting a session
|
|
* BUG/MINOR: channel: inject output data at the end of output
|
|
* BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied
|
|
* BUG/MINOR: proxy: Fix input data copy when an error is captured
|
|
* BUG/MINOR: h1: Report the right error position when a header value is invalid
|
|
* MINOR: ssl: Remove unused variable "need_out".
|
|
* MINOR: config: disable busy polling on old processes
|
|
* BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection.
|
|
* BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready.
|
|
* BUG/MINOR: checks: refine which errno values are really errors.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 07 12:48:02 UTC 2020 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.2+git0.d5b6759b5:
|
|
* [RELEASE] Released version 2.1.2
|
|
* BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility
|
|
* BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
|
|
* BUG/MINOR: state-file: do not leak memory on parse errors
|
|
* BUG/MINOR: state-file: do not store duplicates in the global tree
|
|
* BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry
|
|
* BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
|
|
* BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd
|
|
* MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
|
|
* BUG/MEDIUM: ssl: Revamp the way early data are handled.
|
|
* BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
|
|
* MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
|
|
* MINOR: http: add a new "replace-path" action
|
|
* MINOR: debug: support logging to various sinks
|
|
* BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
|
|
* MINOR: sample: Validate the number of bits for the sha2 converter
|
|
* BUG/MINOR: sample: always check converters' arguments
|
|
* BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
|
|
* DOC: clarify the fact that replace-uri works on a full URI
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 7 12:46:02 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- drop the udev buildrequires completely
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 23 13:10:03 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
|
|
shortcut through the -mini flavors.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 11 17:07:41 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.1+git0.4ae521379:
|
|
* [RELEASE] Released version 2.1.1
|
|
* BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy()
|
|
* BUG/MINOR: listener: fix off-by-one in state name check
|
|
* BUG/MINOR: server: make "agent-addr" work on default-server line
|
|
* BUG/MINOR: listener: do not immediately resume on transient error
|
|
* BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers
|
|
* BUG/MINOR: log: fix minor resource leaks on logformat error path
|
|
* DOC: remove references to the outdated architecture.txt
|
|
* DOC: proxies: HAProxy only supports 3 connection modes
|
|
* BUG/MINOR: tasks: only requeue a task if it was already in the queue
|
|
* DOC: listeners: add a few missing transitions
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 10 19:29:31 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.0+git33.8e4a62508:
|
|
* BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
|
|
* BUG/MAJOR: dns: add minimalist error processing on the Rx path
|
|
* BUG/MEDIUM: kqueue: Make sure we report read events even when no data.
|
|
* DOC: document the listener state transitions
|
|
* BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept()
|
|
* BUG/MINOR: listener: also clear the error flag on a paused listener
|
|
* BUG/MINOR: listener/threads: always use atomic ops to clear the FD events
|
|
* BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state
|
|
* BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted
|
|
* BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 06 15:30:10 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.0+git23.e77b108cd:
|
|
* BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting.
|
|
* BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity().
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 05 15:46:01 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.1.0+git21.67ff2112b:
|
|
* BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
|
|
* BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
|
|
* BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
|
|
* BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
|
|
* BUG/MEDIUM: listener/thread: fix a race when pausing a listener
|
|
* BUG/MINOR: ssl/cli: don't overwrite the filters variable
|
|
* BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
|
|
* BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
|
|
* DOC: move the "group" keyword at the right place
|
|
* DOC: Fix ordered list in summary
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 5 15:46:00 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- switch to the 2.1 branch
|
|
https://www.haproxy.com/blog/haproxy-2-1/
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg35491.html
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 05 15:37:44 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.10+git14.7caf150a:
|
|
* BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
|
|
* BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
|
|
* BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
|
|
* BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
|
|
* BUG/MEDIUM: listener/thread: fix a race when pausing a listener
|
|
* BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
|
|
* BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
|
|
* DOC: move the "group" keyword at the right place
|
|
* DOC: clarify matching strings on binary fetches
|
|
* DOC: Clarify behavior of server maxconn in HTTP mode
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 29 13:44:19 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.10+git4.6d9a455d:
|
|
* BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 28 15:45:58 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.10+git3.200c6215:
|
|
* BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 27 11:52:45 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.10+git2.3a00e5fc:
|
|
* BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones
|
|
* BUG/MINOR: stream: init variables when the list is empty
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 25 20:11:36 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.10+git0.ac198b92: (bsc#1157712) (bsc#1157714)
|
|
* [RELEASE] Released version 2.0.10
|
|
* SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands
|
|
* SCRIPTS: create-release: show the correct origin name in suggested commands
|
|
* BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state
|
|
* BUG/MAJOR: h2: make header field name filtering stronger
|
|
* BUG/MAJOR: h2: reject header values containing invalid chars
|
|
* MINOR: ist: add ist_find_ctl()
|
|
* BUG/MINOR: ssl: fix curve setup with LibreSSL
|
|
* BUG/MINOR: cli: fix out of bounds in -S parser
|
|
* DOC: Add documentation about the use-service action
|
|
* DOC: Add missing stats fields in the management manual
|
|
* BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message
|
|
* BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser()
|
|
* MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps
|
|
* REGTEST: vtest can now enable mcli with its own flag
|
|
* MINOR: stats: Report max times in addition of the averages for sessions
|
|
* BUG/MINOR: stream-int: Fix si_cs_recv() return value
|
|
* MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance
|
|
* MINOR: contrib/prometheus-exporter: filter exported metrics by scope
|
|
* MINOR: contrib/prometheus-exporter: report the number of idle conns per server
|
|
* BUG/MINOR: contrib/prometheus-exporter: Rename some metrics
|
|
* MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions
|
|
* MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time
|
|
* MINOR: stream: Remove the lock on the proxy to update time stats
|
|
* MINOR: freq_ctr: Make the sliding window sums thread-safe
|
|
* BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding
|
|
* BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
|
|
* BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests
|
|
* BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported
|
|
* BUILD/MINOR: ssl: fix compiler warning about useless statement
|
|
* BUG/MINOR: peers: "peer alive" flag not reset when deconnecting.
|
|
* BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 19 14:16:54 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.9+git6.26b7b800:
|
|
* BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
|
|
* BUG/MINOR: peers: Wrong null "server_name" data field handling.
|
|
* MINOR: peers: Add debugging information to "show peers".
|
|
* MINOR: peers: Add TX/RX heartbeat counters.
|
|
* MINOR: peers: Alway show the table info for disconnected peers.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 19 13:55:05 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.9+git1.caf02113:
|
|
* BUG/MINOR: init: fix set-dumpable when using uid/gid
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 19 13:54:57 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.9+git0.efac87ee (bsc#1154980) (CVE-2019-18277):
|
|
* [RELEASE] Released version 2.0.9
|
|
* BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe
|
|
* BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams
|
|
* BUG/MINOR: log: limit the size of the startup-logs
|
|
* BUILD: contrib/da: remove an "unused" warning
|
|
* MINOR: memory: also poison the area on freeing
|
|
* CLEANUP: session: slightly simplify idle connection cleanup logic
|
|
* BUG/MEDIUM: Make sure we leave the session list in session_free().
|
|
* BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition
|
|
* BUG/MINOR: queue/threads: make the queue unlinking atomic
|
|
* DOC: management: fix typo on "cache_lookups" stats output
|
|
* DOC: management: document cache_hits and cache_lookups in the CSV format
|
|
* DOC: management: document reuse and connect counters in the CSV format
|
|
* BUG: dns: timeout resolve not applied for valid resolutions
|
|
* BUG/MINOR: action: do-resolve now use cached response
|
|
* BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams
|
|
* MINOR: doc: http-reuse connection pool fix
|
|
* BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it
|
|
* BUG/MEDIUM: mux-h1: Disable splicing for chunked messages
|
|
* BUG/MEDIUM: mux-h2: immediately report connection errors on streams
|
|
* BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list
|
|
* BUG/MEDIUM: mux-h2: report no available stream on a connection having errors
|
|
* BUG/MINOR: config: Update cookie domain warn to RFC6265
|
|
* BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready.
|
|
* BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready.
|
|
* MINOR: mux: Add a new method to get informations about a mux.
|
|
* BUG/MINOR: spoe: fix off-by-one length in UUID format string
|
|
* BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached
|
|
* BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent
|
|
* BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed
|
|
* MINOR: tcp: avoid confusion in time parsing init
|
|
* BUG/MINOR: mux-h2: do not emit logs on backend connections
|
|
* MINOR: config: warn on presence of "\n" in header values/replacements
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 19 13:54:51 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.8+git0.60e6020c:
|
|
* [RELEASE] Released version 2.0.8
|
|
* BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless
|
|
* BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion
|
|
* BUG/MINOR: ssl: fix memcpy overlap without consequences.
|
|
* BUG/MEDIUM: http: unbreak redirects in legacy mode
|
|
* BUG/MINOR: mux-h2: also make sure blocked legacy connections may expire
|
|
* BUG/MINOR: sample: Make the `field` converter compatible with `-m found`
|
|
* BUG/MINOR: cache: alloc shctx after check config
|
|
* BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr
|
|
* BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed
|
|
* BUG/MINOR: mworker/cli: reload fail with inherited FD
|
|
* BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1
|
|
* CLEANUP: bind: handle warning label on bind keywords parsing.
|
|
* CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn
|
|
* CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn
|
|
* CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes
|
|
* REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI
|
|
* BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to receive.
|
|
* BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream attached.
|
|
* Revert e8826ded5fea3593d89da2be5c2d81c522070995.
|
|
* BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads
|
|
* BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing.
|
|
* BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers
|
|
* BUG/MINOR: mworker/ssl: close openssl FDs unconditionally
|
|
* BUG/MINOR: http-htx: Properly set htx flags on error files to support keep-alive
|
|
* MINOR: version: make the version strings variables, not constants
|
|
* BUG/MINOR: WURFL: fix send_log() function arguments
|
|
* BUG/MINOR: mux-h1: Capture ignored parsing errors
|
|
* BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is interrupted
|
|
* BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data
|
|
* BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are formatted to h1
|
|
* BUILD: ssl: wrong #ifdef for SSL engines code
|
|
* BUG/MINOR: ssl: abort on sni_keytypes allocation failure
|
|
* BUG/MINOR: ssl: free the sni_keytype nodes
|
|
* BUG/MINOR: ssl: abort on sni allocation failure
|
|
* BUG/MEDIUM: applet: always check a fast running applet's activity before killing
|
|
* MINOR: stats: mention in the help message support for "json" and "typed"
|
|
* DOC: fix typo in Prometheus exporter doc
|
|
* DOC: clarify some points around http-send-name-header's behavior
|
|
* BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri
|
|
* BUG/MINOR: peers: crash on reload without local peer.
|
|
* BUG/MEDIUM: mux-h2: do not enforce timeout on long connections
|
|
* BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const
|
|
* MINOR: mux-h2: add a per-connection list of blocked streams
|
|
* BUG/MINOR: action: do-resolve does not yield on requests with body
|
|
* BUG/MEDIUM: lua: Store stick tables into the sample's `t` field
|
|
* BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg)
|
|
* BUG/MINOR: stats: Add a missing break in a switch statement
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 07 08:05:46 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 2.0.7+git0.1909aa1e:
|
|
* [RELEASE] Released version 2.0.7
|
|
* BUG/MEDIUM: namespace: fix fd leak in master-worker mode
|
|
* DOC: Fix documentation about the cli command to get resolver stats
|
|
* BUG/MINOR: contrib/prometheus-exporter: Return the time averages in seconds
|
|
* MINOR: stats: Add the support of float fields in stats
|
|
* MINOR: spoe: Support the async mode with several threads
|
|
* MINOR: spoe: Improve generation of the engine-id
|
|
* BUG/MEDIUM: spoe: Use a different engine-id per process
|
|
* BUG/MINOR: mux-h1: Do h2 upgrade only on the first request
|
|
* BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames
|
|
* BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed stream
|
|
* BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams
|
|
* BUG/MEDIUM: namespace: close open namespaces during soft shutdown
|
|
* BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready
|
|
* BUG/MEDIUM: checks: make sure the connection is ready before trying to recv
|
|
* BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous sends
|
|
* BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send()
|
|
* BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1
|
|
* BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame
|
|
* BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe
|
|
* BUG/MEDIUM: stick-table: Properly handle "show table" with a data type argument
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 17 15:41:39 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 2.0.6+git0.58706ab4:
|
|
* [RELEASE] Released version 2.0.6
|
|
* MINOR: sample: Add UUID-fetch
|
|
* BUG/MINOR: Missing stat_field_names (since f21d17bb)
|
|
* BUG/MINOR: backend: Fix a possible null pointer dereference
|
|
* BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed
|
|
* BUG/MINOR: filters: Properly set the HTTP status code on analysis error
|
|
* BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding
|
|
* BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context
|
|
* BUG/MINOR: listener: Fix a possible null pointer dereference
|
|
* MINOR: stats: report the number of idle connections for each server
|
|
* BUG/MEDIUM: connection: don't keep more idle connections than ever needed
|
|
* BUG/MAJOR: ssl: ssl_sock was not fully initialized.
|
|
* BUG/MINOR: lb/leastconn: ignore the server weights for empty servers
|
|
* MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers
|
|
* BUG/MINOR: checks: do not uselessly poll for reads before the connection is up
|
|
* BUG/MINOR: checks: make __event_chk_srv_r() report success before closing
|
|
* BUG/MINOR: checks: start sending the request right after connect()
|
|
* BUG/MINOR: checks: stop polling for write when we have nothing left to send
|
|
* BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big
|
|
* BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks
|
|
* BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers
|
|
* BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached
|
|
* BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing
|
|
* BUG/MINOR: h1: Properly reset h1m when parsing is restarted
|
|
* BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled
|
|
* BUG/MEDIUM: peers: local peer socket not bound.
|
|
* BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data
|
|
* BUG/MEDIUM: url32 does not take the path part into account in the returned hash.
|
|
* BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener()
|
|
* BUG/MINOR: mworker: disable SIGPROF on re-exec
|
|
* DOC: fixed typo in management.txt
|
|
* BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full
|
|
* BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary
|
|
* MEDIUM: debug: make the thread dump code show Lua backtraces
|
|
* MINOR: lua: export applet and task handlers
|
|
* MINOR: tools: add append_prefixed_str()
|
|
* MINOR: debug: indicate the applet name when the task is task_run_applet()
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 22 11:23:04 CEST 2019 - kukuk@suse.de
|
|
|
|
- Use %license instead of %doc [bsc#1082318]
|
|
- Recommend apparmor, it's not required to work (make haproxy
|
|
useable in a container)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 20 15:05:47 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- enable prometheus exporter
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 20 14:05:47 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- enable verbose make output
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 20 14:01:33 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.5+git0.d905f49a:
|
|
* [RELEASE] Released version 2.0.5
|
|
* BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
|
|
* MINOR: fd: make sure to mark the thread as not stuck in fd_update_events()
|
|
* BUG/MINOR: stats: Wait the body before processing POST requests
|
|
* BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout
|
|
* BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected.
|
|
* BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers
|
|
* BUG/MINOR: lua: fix setting netfilter mark
|
|
* BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream.
|
|
* BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX.
|
|
* BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it
|
|
* MINOR: ssl: ssl_fc_has_early should work for BoringSSL
|
|
* BUG/MINOR: ssl: fix 0-RTT for BoringSSL
|
|
* BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
|
|
* [RELEASE] Released version 2.0.4
|
|
* BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak
|
|
* BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame
|
|
* BUG/MINOR: mux-h2: always send stream window update before connection's
|
|
* BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition
|
|
* BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads
|
|
* BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data()
|
|
* BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one
|
|
* BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete().
|
|
* BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2
|
|
* BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
|
|
* BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
|
|
* BUG/MINOR: stream-int: also update analysers timeouts on activity
|
|
* BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
|
|
* BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased
|
|
* MINOR: wdt: also consider that waiting in the thread dumper is normal
|
|
* BUG/MINOR: debug: fix a small race in the thread dumping code
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 30 13:16:56 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 2.0.3+git14.0ff395c1 (bsc#1142529) (CVE-2019-14241):
|
|
* BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
|
|
* BUG/MINOR: htx: Fix free space addresses calculation during a block expansion
|
|
* BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready
|
|
* MINOR: hlua: Add a flag on the lua txn to know in which context it can be used
|
|
* MINOR: hlua: Don't set request analyzers on response channel for lua actions
|
|
* BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class
|
|
* BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called
|
|
* DOC: improve the wording in CONTRIBUTING about how to document a bug fix
|
|
* BUG/MINOR: log: make sure writev() is not interrupted on a file output
|
|
* BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send.
|
|
* BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
|
|
* BUILD: threads: add the definition of PROTO_LOCK
|
|
* BUG/MINOR: proxy: always lock stop_proxy()
|
|
* BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff
|
|
* [RELEASE] Released version 2.0.3
|
|
* BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter
|
|
* BUG/MINOR: http_htx: Support empty errorfiles
|
|
* BUG/MINOR: http_ana: Be sure to have an allocated buffer to generate an error
|
|
* BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream
|
|
* BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach()
|
|
* BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction
|
|
* BUG/MINOR: checks: do not exit tcp-checks from the middle of the loop
|
|
* BUG/MINOR: session: Send a default HTTP error if accept fails for a H1 socket
|
|
* BUG/MINOR: session: Emit an HTTP error if accept fails only for H1 connection
|
|
* BUG/MINOR: debug: Remove flags CO_FL_SOCK_WR_ENA/CO_FL_SOCK_RD_ENA
|
|
* DOC: htx: Update comments in HTX files
|
|
* BUG/MINOR: hlua: Make the function txn:done() HTX aware
|
|
* BUG/MINOR: cache/htx: Make maxage calculation HTX aware
|
|
* BUG/MINOR: http_htx: Initialize HTX error messages for TCP proxies
|
|
* BUG/MINOR: http_fetch: Fix http_auth/http_auth_group when called from TCP rules
|
|
* BUG/MINOR: backend: do not try to install a mux when the connection failed
|
|
* BUG/MEDIUM: http/htx: unbreak option http_proxy
|
|
* BUG/MEDIUM: checks: Don't attempt to receive data if we already subscribed.
|
|
* BUG/MINOR: dns: remove irrelevant dependency on a client connection
|
|
* [RELEASE] Released version 2.0.2
|
|
* BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored
|
|
* BUG/MEDIUM: tcp-check: unbreak multiple connect rules again
|
|
* BUG/MINOR: mux-pt: do not pretend there's more data after a read0
|
|
* BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't set.
|
|
* BUG/MEDIUM: streams: Don't give up if we couldn't send the request.
|
|
* BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are used
|
|
* BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to send
|
|
* BUG/MAJOR: listener: fix thread safety in resume_listener()
|
|
* MINOR: task: introduce work lists
|
|
* BUG/MEDIUM: servers: Fix a race condition with idle connections.
|
|
* DOC: Fix typos and grammer in configuration.txt
|
|
* BUG/MEDIUM: da: cast the chunk to string.
|
|
* BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection.
|
|
* BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections
|
|
* BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 09 11:48:41 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 2.0.1+git27.5db881ff:
|
|
* BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
|
|
* BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it.
|
|
* BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si
|
|
* MINOR: stream-int: Factorize processing done after sending data in si_cs_send()
|
|
* BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
|
|
* BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted
|
|
* BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
|
|
* BUG/MEDIUM: http/applet: Finish request processing when a service is registered
|
|
* MINOR: action: Add the return code ACT_RET_DONE for actions
|
|
* BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
|
|
* MINOR: server: Add "no-tfo" option.
|
|
* BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
|
|
* BUG/MEDIUM: servers: Authorize tfo in default-server.
|
|
* BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux.
|
|
* BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent
|
|
* BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
|
|
* BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
|
|
* BUG/MINOR: hlua: Don't use channel_htx_recv_max()
|
|
* BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
|
|
* BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.
|
|
* BUG/MEDIUM: connections: Always call shutdown, with no linger.
|
|
* BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
|
|
* BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
|
|
* BUG/MEDIUM: checks: unblock signals in external checks
|
|
* BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
|
|
* BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
|
|
* BUG/MINOR: mworker/cli: don't output a \n before the response
|
|
* BUG/MINOR: mux-h1: Make format errors during output formatting fatal
|
|
* BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages
|
|
* BUG/MEDIUM: proto_htx: Don't add EOM on 1xx informational messages
|
|
* BUG/MINOR: log: Detect missing sampling ranges in config
|
|
* BUG/MINOR: memory: Set objects size for pools in the per-thread cache
|
|
* BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is formatted
|
|
* BUG/MINOR: htx: Save hdrs_bytes when the HTX start-line is replaced
|
|
* BUG/MEDIUM: ssl: Don't do anything in ssl_subscribe if we have no ctx.
|
|
* BUG/MEDIUM: connections: Always add the xprt handshake if needed.
|
|
* BUG/MEDIUM: stream_interface: Don't add SI_FL_ERR the state is < SI_ST_CON.
|
|
* BUG/MINOR: spoe: Fix memory leak if failing to allocate memory
|
|
* BUG/MEDIUM: mworker/cli: command pipelining doesn't work anymore
|
|
* BUG/MEDIUM: mworker: don't call the thread and fdtab deinit
|
|
* BUG/MINOR: mworker-prog: Fix segmentation fault during cfgparse
|
|
* BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL condition.
|
|
* BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock
|
|
* BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked
|
|
* BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 30 10:24:18 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Correct version line, which should be 2.0.0+git6.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 18 12:09:15 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- allow the new master socket path in the apparmor profile
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 18 12:04:20 UTC 2019 - mrueckert@suse.de
|
|
|
|
- Update to version 2.0.0~git6.41dc8432:
|
|
* BUG/MEDIUM: htx: Fully update HTX message when the block value is changed
|
|
* MINOR: htx: Add the function htx_change_blk_value_len()
|
|
* BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses
|
|
* BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages
|
|
* BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware
|
|
* BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 17 12:33:47 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 2.0.0~git0.ba23630a:
|
|
- new internal native HTTP representation called HTX, was already in 1.9
|
|
and is now enabled by default in 2.0 ;
|
|
|
|
- end-to-end HTTP/2 support including trailers and continuation frames,
|
|
as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
|
|
the H2 preface;
|
|
|
|
- server connection pooling and more advanced reuse, with ALPN protocol
|
|
negotiation (already in 1.9) ;
|
|
|
|
- layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
|
|
as well as on the frontend ;
|
|
|
|
- much more scalable multi-threading, which is even enabled by default on
|
|
platforms where it was successfully tested ; by default, as many threads
|
|
are started as the number of CPUs haproxy is allowed to run on. This
|
|
removes a lot of configuration burden in VMs and containers ;
|
|
|
|
- automatic maxconn setting for the process and the frontends, directly
|
|
based on the number of available FDs (easier configuration in containers
|
|
and with systemd) ;
|
|
|
|
- logging to stdout for use in containers and systemd (already in 1.9).
|
|
Logs can now provide micro-second resolution for some events ;
|
|
|
|
- peers now support SSL, declaration of multiple stick-tables directly in
|
|
the peers section, and synchronization of server names, not just IDs ;
|
|
|
|
- In master-worker mode, the master process now exposes its own CLI and
|
|
can communicate with all other processes (including the stopping ones),
|
|
even allowing to connect to their CLI and check their state. It is also
|
|
possible to start some sidecar programs and monitor them from the master,
|
|
and the master can automatically kill old processes that survived too
|
|
many reloads ;
|
|
|
|
- the incoming connections are load-balanced between all threads depending
|
|
on their load to minimize the processing time and maximize the capacity
|
|
(already in 1.9) ;
|
|
|
|
- the SPOE connection load-balancing was significantly improved in order
|
|
to reduce high percentiles of SPOA response time (already in 1.9) ;
|
|
|
|
- the "random" load balancing algorithm and a power-of-two-choices variant
|
|
were introduced ;
|
|
|
|
- statistics improvements with per-thread counters for certain things, and
|
|
a prometheus exporter for all our statistics;
|
|
|
|
- lots of debugging help, it's easier to produce a core dump, there are
|
|
new commands on the CLI to control various things, there is a watchdog
|
|
to fail cleanly when a thread deadlock or a spinning task are detected,
|
|
so overall it should provide a better experience in field and less
|
|
round trips between users and developers (hence less stress during an
|
|
incident).
|
|
|
|
- all 3 device detection engines are now compatible with multi-threading
|
|
and can be build-tested without any external dependencies ;
|
|
|
|
- "do-resolve" http-request action to perform a DNS resolution on any,
|
|
sample, and resolvers now support relying on /etc/resolv.conf to match
|
|
the local resolver ;
|
|
|
|
- log sampling and balancing : it's now possible to send 1 log every 10
|
|
to a server, or to spread the logging load over multiple log servers;
|
|
|
|
- a new SPOA agent (spoa_server) allows to interface haproxy with Python
|
|
and Lua programs ;
|
|
|
|
- support for Solaris' event ports (equivalent of kqueue or epoll) which
|
|
will significantly improve the performance there when dealing with
|
|
numerous connections ;
|
|
|
|
- some warnings are now reported for some deprecated options that will
|
|
be removed in 2.1. Since 2.0 is long term supported, there's no
|
|
emergency to convert them, however if you see these warnings, you
|
|
need to understand that you're among their extremely rare users and
|
|
just because of this you may be taking risks by keeping them ;
|
|
|
|
- A new SOCKS4 server-side layer was provided ; it allows outgoing
|
|
connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
|
|
|
|
- priority- and latency- aware server queues : it is possible now to
|
|
assign priorities to certain requests and/or to give them a time
|
|
bonus or penalty to refine control of the traffic and be able to
|
|
engage on SLAs.
|
|
|
|
- internally the architecture was significantly redesigned to allow to
|
|
further improve performance and make it easier to implement protocols
|
|
that span over multiple layers (such as QUIC). This work started in
|
|
1.9 and will continue with 2.1.
|
|
|
|
- the I/O, applets and tasks now share the same multi-threaded scheduler,
|
|
giving a much better responsiveness and fairness between all tasks as
|
|
is visible with the CLI which always responds instantly even under
|
|
extreme loads (started in 1.9) ;
|
|
|
|
- the internal buffers were redesigned to ease zero-copy operations, so
|
|
that it is possible to sustain a high bandwidth even when forwarding
|
|
HTTP/1 to/from HTTP/2 (already in 1.9) ;
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 03 12:56:13 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.20~git0.6fb9fadc:
|
|
* [RELEASE] Released version 1.8.20
|
|
* BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler
|
|
* BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
|
|
* BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
|
|
* BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules
|
|
* BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
|
|
* BUG/MEDIUM: maps: only try to parse the default value when it's present
|
|
* BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
|
|
* MINOR: skip get_gmtime where tm is unused
|
|
* BUILD/MINOR: listener: Silent a few signedness warnings.
|
|
* BUG/MEDIUM: listener: make sure the listener never accepts too many conns
|
|
* BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
|
|
* MAJOR: listener: do not hold the listener lock in listener_accept()
|
|
* BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
|
|
* BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
|
|
* BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element
|
|
* MINOR: list: make the delete and pop operations idempotent
|
|
* BUG/MEDIUM: list: add missing store barriers when updating elements and head
|
|
* BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
|
|
* BUG/MEDIUM: list: fix the rollback on addq in the locked liss
|
|
* BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
|
|
* MINOR: lists: Implement locked variations.
|
|
* BUG/MINOR: threads: fix the process range of thread masks
|
|
* BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages
|
|
* BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream
|
|
* BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
|
|
* BUILD: connection: fix naming of ip_v field
|
|
* BUILD: use inttypes.h instead of stdint.h
|
|
* BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release.
|
|
* MINOR: cli: start addresses by a prefix in 'show cli sockets'
|
|
* BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
|
|
* BUILD: Makefile: disable shared cache on AIX 5.1
|
|
* BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
|
|
* BUILD: makefile: fix build of IPv6 header on aix51
|
|
* MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
|
|
* BUILD: makefile: work around an old bug in GNU make-3.80
|
|
* BUG/MAJOR: checks: segfault during tcpcheck_main
|
|
* DOC: The option httplog is no longer valid in a backend.
|
|
* BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites
|
|
* BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
|
|
* BUG/MAJOR: stats: Fix how huge POST data are read from the channel
|
|
* BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
|
|
* BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
|
|
* MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
|
|
* BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
|
|
* BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
|
|
* BUG/MEDIUM: logs: Only attempt to free startup_logs once.
|
|
* BUG/MINOR: listener: keep accept rate counters accurate under saturation
|
|
* BUG/MAJOR: listener: Make sure the listener exist before using it.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 11 15:16:38 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.19~git0.ebf033b4:
|
|
* [RELEASE] Released version 1.8.19
|
|
* BUG/MINOR: config: Reinforce validity check when a process number is parsed
|
|
* BUG/MAJOR: stream: avoid double free on unique_id
|
|
* BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
|
|
* BUG/MEDIUM: server: initialize the idle conns list after parsing the config
|
|
* BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
|
|
* BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
|
|
* BUG/MINOR: spoe: do not assume agent->rt is valid on exit
|
|
* DOC: ssl: Stop documenting ciphers example to use
|
|
* DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
|
|
* [RELEASE] Released version 1.8.18
|
|
* BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules
|
|
* BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
|
|
* BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
|
|
* BUG/MINOR: config: fix bind line thread mask validation
|
|
* BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
|
|
* BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
|
|
* MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
|
|
* MINOR: stream-int: add a new flag to mention that we want the connection to be killed
|
|
* MINOR: stream-int: expand the flags to 32-bit
|
|
* BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection
|
|
* BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
|
|
* BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
|
|
* BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update
|
|
* MINOR: xref: Add missing barriers.
|
|
* BUG/MINOR: stream: don't close the front connection when facing a backend error
|
|
* SCRIPTS: add the issue tracker URL to the announce script
|
|
* SCRIPTS: add the slack channel URL to the announce script
|
|
* BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
|
|
* BUG/MINOR: spoe: corrected fragmentation string size
|
|
* DOC: nbthread is no longer experimental.
|
|
* BUG/MINOR: hpack: return a compression error on invalid table size updates
|
|
* BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream
|
|
* BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error
|
|
* BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
|
|
* MINOR: h2: declare new sets of frame types
|
|
* MINOR: h2: add a bit-based frame type representation
|
|
* DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
|
|
* BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
|
|
* BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk()
|
|
* BUG/MINOR: server: don't always trust srv_check_health when loading a server state
|
|
* BUG/MINOR: stick_table: Prevent conn_cur from underflowing
|
|
* BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
|
|
* BUG/MINOR: backend: balance uri specific options were lost across defaults
|
|
* BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
|
|
* BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
|
|
* DOC: Be a bit more explicit about allow-0rtt security implications.
|
|
* BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT.
|
|
* BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
|
|
* DOC: http-request cache-use / http-response cache-store expects cache name
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 10 08:42:33 UTC 2019 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.17~git0.e89d25b2 (bsc#1121283) (CVE-2018-20615):
|
|
* BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
|
|
* BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
|
|
* BUG/MINOR: lua: bad args are returned for Lua actions
|
|
* BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything
|
|
* BUG/MEDIUM: cli: make "show sess" really thread-safe
|
|
* MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
|
|
* MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
|
|
* MINOR: lb: allow redispatch when using consistent hash
|
|
* BUG/MEDIUM: server: Also copy "check-sni" for server templates.
|
|
* BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
|
|
* MINOR: mux-h2: only increase the connection window with the first update
|
|
* BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
|
|
* BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
|
|
* BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
|
|
* BUG/MINOR: logs: leave startup-logs global and not per-thread
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 17 09:42:18 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.15~git0.6b6a350a: (bsc#1119419) (CVE-2018-20103) (VUL-0) (bsc#1119368) (CVE-2018-20102)
|
|
* DOC: Update configuration doc about the maximum number of stick counters.
|
|
* BUG: dns: Fix off-by-one write in dns_validate_dns_response()
|
|
* BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
|
|
* BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
|
|
* BUG: dns: Prevent out-of-bounds read in dns_read_name()
|
|
* BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
|
|
* DOC: refer to check-sni in the documentation of sni
|
|
* DOC: clarify that check-sni needs an argument.
|
|
* MINOR: servers: Free [idle|safe|priv]_conns on exit.
|
|
* MINOR: stats: report the number of active jobs and listeners in "show info"
|
|
* BUG/MINOR: mux-h2: advertise a larger connection window size
|
|
* BUG/MINOR: mux-h2: refrain from muxing during the preface
|
|
* BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
|
|
* BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
|
|
* BUG/MINOR: lb-map: fix unprotected update to server's score
|
|
* BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
|
|
* BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
|
|
* BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
|
|
* BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
|
|
* BUG/MINOR: config: Copy default error messages when parsing of a backend starts
|
|
* BUG/MEDIUM: Make sure stksess is properly aligned.
|
|
* BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
|
|
* BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
|
|
* BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
|
|
* BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
|
|
* BUG/MINOR: only mark connections private if NTLM is detected
|
|
* DOC: cache: Missing information about "total-max-size"
|
|
* BUG/MINOR: ssl: Wrong usage of shctx_init().
|
|
* BUG/MINOR: cache: Wrong usage of shctx_init().
|
|
* BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
|
|
* BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
|
|
* BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
|
|
* DOC: fix reference to map files in MAINTAINERS
|
|
* MINOR: peers: use defines instead of enums to appease clang.
|
|
* MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
|
|
* MINOR: server: Use memcpy() instead of strncpy().
|
|
* CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause
|
|
* MINOR: lua: all functions calling lua_yieldk() may return
|
|
* BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile
|
|
* BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
|
|
* BUG/MEDIUM: stream: don't crash on out-of-memory
|
|
* BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.
|
|
* BUG/MINOR: checks: queues null-deref
|
|
* BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
|
|
* MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
|
|
* BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2.
|
|
* BUG/MINOR: backend: check that the mux installed properly
|
|
* BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2
|
|
* DOC: clarify force-private-cache is an option
|
|
* MINOR: threads: Make sure threads_sync_pipe is initialized before using it.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 20 13:03:31 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- also fix the systemd case for the apparmor_reload change
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 20 12:50:35 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- only reload the apparmor profile on newer distros, seems older
|
|
distros do not have apparmor-rpm-macros yet
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 20 12:45:57 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- only use network namespaces on 12.x and newer, failed to build on
|
|
sle11
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 20 12:39:42 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- guard all parts referring to systemd to fix build on sle 11
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 20 12:34:47 UTC 2018 - mrueckert@suse.de
|
|
|
|
- Update to version 1.8.14~git0.52e4d43b: (bsc#1108683) (CVE-2018-14645)
|
|
* [RELEASE] Released version 1.8.14
|
|
* BUG/CRITICAL: hpack: fix improper sign check on the header index value
|
|
* BUG/MINOR: cli: make sure the "getsock" command is only called on connections
|
|
* BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4
|
|
* BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list
|
|
* DOC: Fix typos in lua documentation
|
|
* BUG/MINOR: server: Crash when setting FQDN via CLI.
|
|
* BUG/MAJOR: kqueue: Don't reset the changes number by accident.
|
|
* BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors
|
|
* BUG/MINOR: http/threads: atomically increment the error snapshot ID
|
|
* BUG/MINOR: dns: check and link servers' resolvers right after config parsing
|
|
* BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames
|
|
* BUG/MEDIUM: session: fix reporting of handshake processing time in the logs
|
|
* BUG/MINOR: stream: use atomic increments for the request counter
|
|
* MINOR: thread: implement HA_ATOMIC_XADD()
|
|
* BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1
|
|
* BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file
|
|
* BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.
|
|
* BUG/MAJOR: thread: lua: Wrong SSL context initialization.
|
|
* BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
|
|
* BUG/MEDIUM: lua: reset lua transaction between http requests
|
|
* BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake()
|
|
* BUG/MINOR: lua: Bad HTTP client request duration.
|
|
* BUG/MEDIUM: unix: provide a ->drain() function
|
|
* DOC: Fix spelling error in configuration doc
|
|
* BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations
|
|
* BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates
|
|
* BUG/MEDIUM: lua: socket timeouts are not applied
|
|
* DOC: ssl: Use consistent naming for TLS protocols
|
|
* DOC: dns: explain set server ... fqdn requires resolver
|
|
* BUG/MINOR: map: fix map_regm with backref
|
|
* BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
|
|
* BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
|
|
* BUG/MINOR: ssl: empty connections reported as errors.
|
|
* BUG/MEDIUM: cli: make "show fd" thread-safe
|
|
* MEDIUM: hathreads: implement a more flexible rendez-vous point
|
|
* BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point
|
|
* MINOR: threads: add more consistency between certain variables in no-thread case
|
|
* BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7
|
|
* MINOR: threads: Introduce double-width CAS on x86_64 and arm.
|
|
* BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 17 11:41:35 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Require apparmor-abstractions to reduce dependencies (bsc#1100787)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 16 07:08:12 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.13~git4.c1bfcd00:
|
|
* MINOR: dns: new DNS options to allow/prevent IP address duplication
|
|
* MINOR: dns: fix wrong score computation in dns_get_ip_from_response
|
|
* BUG/MEDIUM: queue: prevent a backup server from draining the proxy's connections
|
|
* BUG/MEDIUM: servers: check the queues once enabling a server
|
|
* MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
|
|
* BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
|
|
* MINOR: threads: move "nbthread" parsing to hathreads.c
|
|
* BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
|
|
* BUG/MINOR: threads: Handle nbthread == MAX_THREADS.
|
|
* BUG/MINOR: config: stick-table is not supported in defaults section
|
|
* BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
|
|
* BUG/MEDIUM: threads/sync: use sched_yield when available
|
|
* BUG/MINOR: servers: Don't make "server" in a frontend fatal.
|
|
* BUG/MEDIUM: stats: don't ask for more data as long as we're responding
|
|
* BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
|
|
* MINOR: h2: add the error code and the max/last stream IDs to "show fd"
|
|
* BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
|
|
* MINOR: debug: Add checks for conn_stream flags
|
|
* MINOR: debug: Add check for CO_FL_WILL_UPDATE
|
|
* BUG/MINOR: http: Set brackets for the unlikely macro at the right place
|
|
* BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
|
|
* BUG/MEDIUM: h2: never leave pending data in the output buffer on close
|
|
* BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
|
|
* MINOR: h2: add the mux and demux buffer lengths on "show fd"
|
|
* MINOR: h2: keep a count of the number of conn_streams attached to the mux
|
|
* BUG/MINOR: h2: remove accidental debug code introduced with show_fd function
|
|
* MINOR: h2: implement a basic "show_fd" function
|
|
* MINOR: mux: add a "show_fd" function to dump debugging information for "show fd"
|
|
* BUG/MINOR: ssl: properly ref-count the tls_keys entries
|
|
* MINOR: systemd: consider exit status 143 as successful
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 27 17:33:49 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.12~git0.8a200c71:
|
|
* MINOR: stick-tables: make stktable_release() do nothing on NULL
|
|
* BUG/MAJOR: stick_table: Complete incomplete SEGV fix
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 27 08:36:29 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.11~git0.1d6ef58d:
|
|
* BUG/BUILD: threads: unbreak build without threads
|
|
* BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 25 05:16:57 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.10~git0.ec17d7a9:
|
|
* MINOR: threads: Be sure to remove threads from all_threads_mask on exit
|
|
* BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
|
|
* BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
|
|
* BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
|
|
* BUG/MAJOR: ssl: Random crash with cipherlist capture
|
|
* BUG/MINOR: lua: Segfaults with wrong usage of types.
|
|
* BUG/MAJOR: map: fix a segfault when using http-request set-map
|
|
* MINOR: lua: Increase debug information
|
|
* BUG/MINOR: signals: ha_sigmask macro for multithreading
|
|
* BUG/MINOR: don't ignore SIG{BUS,FPE,ILL,SEGV} during signal processing
|
|
* BUG/MEDIUM: threads: handle signal queue only in thread 0
|
|
* BUG/MINOR: unix: Make sure we can transfer abns sockets on seamless reload.
|
|
* BUG/MINOR: contrib/modsecurity: update pointer on the end of the frame
|
|
* BUG/MINOR: contrib/mod_defender: update pointer on the end of the frame
|
|
* BUG/MINOR: contrib/modsecurity: Don't reset the status code during disconnect
|
|
* BUG/MINOR: contrib/mod_defender: Don't reset the status code during disconnect
|
|
* BUG/MINOR: contrib/spoa_example: Don't reset the status code during disconnect
|
|
* MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
|
|
* BUG/MEDIUM: lua/socket: Buffer error, may segfault
|
|
* BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
|
|
* BUG/MEDIUM: lua/socket: Notification error
|
|
* BUG/MAJOR: lua: Dead lock with sockets
|
|
* BUG/MEDIUM: lua/socket: wrong scheduling for sockets
|
|
* MINOR: task/notification: Is notifications registered ?
|
|
* BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode
|
|
* BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
|
|
* BUG/MEDIUM: lua/socket: Length required read doesn't work
|
|
* BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
|
|
* BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 29 07:09:26 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.9~git9.6d82e611:
|
|
* BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846) (CVE-2018-11469)
|
|
* BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
|
|
* BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation
|
|
* BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags
|
|
* BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags
|
|
* BUG/MEDIUM: spoe: Flags are not encoded in network order
|
|
* BUG/MINOR: lua: Socket.send threw runtime error: 'close' needs 1 arguments.
|
|
* BUG/MINOR: spoe: Mistake in error message about SPOE configuration
|
|
* BUG/MEDIUM: ssl: properly protect SSL cert generation
|
|
* BUG/MEDIUM: pollers: Use a global list for fd shared between threads.
|
|
* BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
|
|
* BUG/MINOR: lua: ensure large proxy IDs can be represented
|
|
* BUG/MINOR: lua: schedule socket task upon lua connect()
|
|
* BUG/MEDIUM: task: Don't free a task that is about to be run.
|
|
* BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
|
|
* DOC/MINOR: clean up LUA documentation re: servers & array/table.
|
|
* BUG/MINOR: lua: Put tasks to sleep when waiting for data
|
|
* BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
|
|
* BUG/MINOR: checks: Fix check->health computation for flapping servers
|
|
* BUG/MINOR: config: disable http-reuse on TCP proxies
|
|
* BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread
|
|
* BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
|
|
* MINOR: h2: detect presence of CONNECT and/or content-length
|
|
* BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
|
|
* BUG/MINOR: log: t_idle (%Ti) is not set for some requests
|
|
* BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
|
|
* BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid()
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 07 12:57:54 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.8:
|
|
* BUG/CRITICAL: h2: fix incorrect frame length check (VUL-0) (bsc#1089837)
|
|
* MINOR: cli: Ensure the CLI always outputs an error when it should
|
|
* BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
|
|
* BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors.
|
|
* BUG/MINOR: http: Return an error in proxy mode when url2sa fails
|
|
* BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
|
|
* BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Apr 07 00:15:13 UTC 2018 - mrueckert@suse.de
|
|
|
|
- Update to version 1.8.7:
|
|
* [RELEASE] Released version 1.8.7
|
|
* MINOR: servers: Support alphanumeric characters for the server templates names
|
|
* BUG/MAJOR: cache: always initialize newly created objects
|
|
* [RELEASE] Released version 1.8.6
|
|
* BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk
|
|
* BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
|
|
* BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
|
|
* BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
|
|
* BUG/MINOR: cache: fix "show cache" output
|
|
* BUG/MINOR: email-alert: Set the mailer port during alert initialization
|
|
* BUG/MINOR: checks: check the conn_stream's readiness and not the connection
|
|
* BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
|
|
* BUILD/MINOR: threads: always export thread_sync_io_handler()
|
|
* BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
|
|
* BUG/MEDIUM: h2/threads: never release the task outside of the task handler
|
|
* MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
|
|
* MINOR: h2: always call h2s_detach() in h2_detach()
|
|
* BUG/MAJOR: h2: remove orphaned streams from the send list before closing
|
|
* MINOR: h2: provide and use h2s_detach() and h2s_free()
|
|
* CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
|
|
* BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
|
|
* BUILD/MINOR: cli: fix a build warning introduced by last commit
|
|
* MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
|
|
* MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
|
|
* BUILD/MINOR: fix build when USE_THREAD is not defined
|
|
* BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
|
|
* BUG/MINOR: lua: the function returns anything
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 26 06:53:19 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.5:
|
|
* BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected
|
|
* BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
|
|
* BUG/MEDIUM: h2: properly account for DATA padding in flow control
|
|
* DOC: don't suggest using http-server-close
|
|
* DOC: log: more than 2 log servers are allowed
|
|
* BUILD/BUG: enable -fno-strict-overflow by default
|
|
* MINOR: log: stop emitting alerts when it's not possible to write on the socket
|
|
* BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
|
|
* BUG/MINOR: tcp-check: use the server's service port as a fallback
|
|
* BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
|
|
* BUG/MINOR: lua: return bad error messages
|
|
* BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
|
|
* BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
|
|
* BUG/MINOR: seemless reload: Fix crash when an interface is specified.
|
|
* BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
|
|
* BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
|
|
* BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
|
|
* BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
|
|
* BUG/MINOR: force-persist and ignore-persist only apply to backends
|
|
* BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
|
|
* BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
|
|
* BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
|
|
* BUG/MEDIUM: h2: also arm the h2 timeout when sending
|
|
* BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
|
|
* BUG/MINOR: session: Fix tcp-request session failure if handshake.
|
|
* MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
|
|
* MINOR: systemd: Add SystemD's Protect*= options to the unit file
|
|
* MINOR: systemd: Add section for SystemD sandboxing to unit file
|
|
* BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
|
|
* BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
|
|
* BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
|
|
* MINOR: stats: display the number of threads in the statistics.
|
|
* BUG/MINOR: h2: Set the target of dbuf_wait to h2c
|
|
* MINOR: debug/pools: make DEBUG_UAF also detect underflows
|
|
* BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
|
|
* DOC: cfgparse: Warn on option (tcp|http)log in backend
|
|
* DOC: lua: new prototype for function "register_action()"
|
|
* BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
|
|
* BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
|
|
* BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
|
|
* BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
|
|
* BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
|
|
* BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
|
|
* BUG/MINOR: threads: fix missing thread lock labels for 1.8
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 8 19:19:06 UTC 2018 - mrueckert@suse.de
|
|
|
|
- if we lock down the permissions the home directory has to be
|
|
owned by haproxy (bsc#1077716)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 4 08:36:21 UTC 2018 - jengelh@inai.de
|
|
|
|
- Avoid %__-type macro indirections. Remove redundant %clean
|
|
section. Do not ignore errors from useradd.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 2 16:37:25 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Ensure haproxy home directory is not world readable (bsc#1077716)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 08 13:15:17 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.4 (bsc#1080069):
|
|
* BUG/MINOR: config: don't emit a warning when global stats is incompletely configured
|
|
* DOC: Mention -Ws in the list of available options
|
|
* DOC: Describe routing impact of using interface keyword on bind lines
|
|
* MINOR: init: emit warning when -sf/-sd cannot parse argument
|
|
* BUG/MEDIUM: standard: Fix memory leak in str2ip2()
|
|
* BUG/MINOR: time/threads: ensure the adjusted time is always correct
|
|
* BUG/MEDIUM: spoe: Allow producer to read and to forward shutdown on request side
|
|
* BUG/MEDIUM: spoe: Always try to receive or send the frame to detect shutdowns
|
|
* BUG/MINOR: epoll/threads: only call epoll_ctl(DEL) on polled FDs
|
|
* BUG/MINOR: threads: Update labels array because of changes in lock_label enum
|
|
* BUG/MINOR: cli: use global.maxsock and not maxfd to list all FDs
|
|
* CLEANUP: Fix typo in ARGT_MSK6 comment
|
|
* BUG/MINOR: sample: Fix output type of c_ipv62ip
|
|
* CLEANUP: sample: Fix outdated comment about sample casts functions
|
|
* CLEANUP: sample: Fix comment encoding of sample.c
|
|
* BUILD: kqueue/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
|
|
* BUILD: epoll/threads: Add test on MAX_THREADS to avoid warnings when complied without threads
|
|
* MINOR: threads: Use __decl_hathreads instead of #ifdef/#endif
|
|
* BUG/MINOR: kqueue/threads: Don't forget to close kqueue_fd[tid] on each thread
|
|
* BUG/MEDIUM: checks: Don't try to release undefined conn_stream when a check is freed
|
|
* BUG/MEDIUM: threads/server: Fix deadlock in srv_set_stopping/srv_set_admin_flag
|
|
* BUG/MINOR: threads: always set an owner to the thread_sync pipe
|
|
* MINOR: threads: Fix build when we're not compiling with threads.
|
|
* BUG/MINOR: mworker: only write to pidfile if it exists
|
|
* BUG/MEDIUM: threads/mworker: fix a race on startup
|
|
* BUG/MEDIUM: kqueue/threads: use one kqueue_fd per thread
|
|
* BUG/MEDIUM: epoll/threads: use one epoll_fd per thread
|
|
* MINOR: fd: add a bitmask to indicate that an FD is known by the poller
|
|
* BUG/MEDIUM: fd: maintain a per-thread update mask
|
|
* BUG/MEDIUM: threads/polling: Use fd_cache_mask instead of fd_cache_num
|
|
* MINOR: threads/fd: Use a bitfield to know if there are FDs for a thread in the FD cache
|
|
* MINOR: global: add some global activity counters to help debugging
|
|
* MINOR: threads: add a MAX_THREADS define instead of LONGBITS
|
|
* MINOR: global/threads: move cpu_map at the end of the global struct
|
|
* MINOR: servers: Don't report duplicate dyncookies for disabled servers.
|
|
* BUG/MEDIUM: peers: fix expire date wasn't updated if entry is modified remotely.
|
|
* BUG/MINOR: poll: too large size allocation for FD events
|
|
* CONTRIB: debug: fix a few flags definitions
|
|
* DOC: clarify the scope of ssl_fc_is_resumed
|
|
* BUG/MEDIUM: stream: properly handle client aborts during redispatch
|
|
* BUILD/MINOR: ancient gcc versions atomic fix
|
|
* BUG/MEDIUM: mworker: execvp failure depending on argv[0]
|
|
* MINOR: dns: Handle SRV record weight correctly.
|
|
* BUG/MINOR: lua: Fix return value of Socket.settimeout
|
|
* BUG/MEDIUM: lua: Fix IPv6 with separate port support for Socket.connect
|
|
* DOC: lua: Fix typos in comments of hlua_socket_receive
|
|
* BUG/MINOR: lua: Fix default value for pattern in Socket.receive
|
|
* BUG/MEDIUM: ssl: cache doesn't release shctx blocks
|
|
* BUG/MEDIUM: h2: properly handle the END_STREAM flag on empty DATA frames
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 8 07:21:58 UTC 2018 - kgronlund@suse.com
|
|
|
|
- Add dependency on apparmor-profiles (bsc#1079985)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 31 02:26:13 UTC 2017 - mrueckert@suse.de
|
|
|
|
- Update to version 1.8.3:
|
|
* [RELEASE] Released version 1.8.3
|
|
* MEDIUM: h2: prepare a graceful shutdown when the frontend is stopped
|
|
* BUG/MAJOR: hpack: don't return direct references to the dynamic headers table
|
|
* BUG/MEDIUM: http: don't automatically forward request close
|
|
* MINOR: don't close stdio anymore
|
|
* BUG/MEDIUM: mworker: don't close stdio several time
|
|
* BUG/MEDIUM: h2: ensure we always know the stream before sending a reset
|
|
* DOC/MINOR: configuration: typo, formatting fixes
|
|
* BUG/MEDIUM: h2: improve handling of frames received on closed streams
|
|
* BUG/MEDIUM: h2: properly handle and report some stream errors
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 24 23:30:31 UTC 2017 - mrueckert@suse.de
|
|
|
|
- Update to version 1.8.2:
|
|
* [RELEASE] Released version 1.8.2
|
|
* BUG/MEDIUM: checks: properly set servers to stopping state on 404
|
|
* BUG/MAJOR: connection: refine the situations where we don't send shutw()
|
|
* BUG/MEDIUM: cache: don't cache the response on no-cache="set-cookie"
|
|
* BUG/MEDIUM: cache: respect the request cache-control header
|
|
* BUG/MEDIUM: cache: replace old object on store
|
|
* BUG/MEDIUM: cache: do not try to retrieve host-less requests from the cache
|
|
* MINOR: http: add a function to check request's cache-control header field
|
|
* BUG/MINOR: cache: do not force the TX_CACHEABLE flag before checking cacheability
|
|
* BUG/MINOR: http: properly detect max-age=0 and s-maxage=0 in responses
|
|
* BUG/MINOR: http: do not ignore cache-control: public
|
|
* MINOR: http: start to compute the transaction's cacheability from the request
|
|
* MINOR: http: update the list of cacheable status codes as per RFC7231
|
|
* MINOR: http: adjust the list of supposedly cacheable methods
|
|
* BUG/MEDIUM: lua: fix crash when using bogus mode in register_service()
|
|
* BUG/MEDIUM: checks: a server passed in maint state was not forced down.
|
|
* MEDIUM: netscaler: add support for standard NetScaler CIP protocol
|
|
* MEDIUM: netscaler: do not analyze original IP packet size
|
|
* MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header
|
|
* BUG/MEDIUM: stream: don't consider abortonclose on muxes which close cleanly
|
|
* MINOR: stream-int: set flag SI_FL_CLEAN_ABRT when mux supports clean aborts
|
|
* MINOR: mux: add flags to describe a mux's capabilities
|
|
* BUG/MINOR: h2: properly report a stream error on RST_STREAM
|
|
* CONTRIB: halog: Fix compiler warnings in halog.c
|
|
* CONTRIB: iprange: Fix compiler warning in iprange.c
|
|
* BUG/MAJOR: netscaler: address truncated CIP header detection
|
|
* BUG/MEDIUM: netscaler: use the appropriate IPv6 header size
|
|
* MINOR: netscaler: rename cip_len to clarify its uage
|
|
* MINOR: netscaler: remove the use of cip_magic only used once
|
|
* MINOR: netscaler: respect syntax
|
|
* DOC/MINOR: intro: typo, wording, formatting fixes
|
|
* BUG/MEDIUM: mworker: Set FD_CLOEXEC flag on log fd
|
|
* BUILD/MINOR: Makefile : enabling USE_CPU_AFFINITY
|
|
* BUG: MINOR: http: don't check http-request capture id when len is provided
|
|
* BUG: MAJOR: lb_map: server map calculation broken
|
|
* BUG/MINOR: stream-int: don't try to receive again after receiving an EOS
|
|
* BUG/MEDIUM: h2: fix stream limit enforcement
|
|
* BUG/MEDIUM: http: don't disable lingering on requests with tunnelled responses
|
|
* BUG/MEDIUM: h2: don't close after the first DATA frame on tunnelled responses
|
|
* BUG/MEDIUM: h2: don't switch the state to HREM before end of DATA frame
|
|
* MINOR: h2: don't demand that a DATA frame is complete before processing it
|
|
* BUG/MEDIUM: h2: support uploading partial DATA frames
|
|
* MINOR: h2: store the demux padding length in the h2c struct
|
|
* BUG/MEDIUM: h2: debug incoming traffic in h2_wake()
|
|
* BUG/MEDIUM: h2: work around a connection API limitation
|
|
* BUG/MEDIUM: h2: enable recv polling whenever demuxing is possible
|
|
* BUG/MEDIUM: h2: automatically set CS_FL_RCV_MORE when the output buffer is full
|
|
* BUG/MEDIUM: stream-int: always set SI_FL_WAIT_ROOM on CS_FL_RCV_MORE
|
|
* MINOR: conn_stream: add new flag CS_FL_RCV_MORE to indicate pending data
|
|
* BUG/MEDIUM: lua/notification: memory leak
|
|
* DOC: notifications: add precisions about thread usage
|
|
* MINOR: systemd: remove comment about HAPROXY_STATS_SOCKET
|
|
* BUG/MEDIUM: threads/vars: Fix deadlock in register_name
|
|
* BUG/MEDIUM: email-alert: don't set server check status from a email-alert task
|
|
* CONTRIB: halog: Add help text for -s switch in halog program
|
|
* MINOR: mworker: Improve wording in `void mworker_wait()`
|
|
* MINOR: mworker: Update messages referencing exit-on-failure
|
|
* BUG/MEDIUM: h2: fix handling of end of stream again
|
|
* BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface
|
|
* BUG/MEDIUM: checks: a down server going to maint remains definitely stucked on down state.
|
|
* BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically.
|
|
* BUG/MEDIUM: mworker: also close peers sockets in the master
|
|
* BUG/MINOR: ssl: support tune.ssl.cachesize 0 again
|
|
* BUG/MAJOR: hpack: don't pretend large headers fit in empty table
|
|
* BUG/MINOR: action: Don't check http capture rules when no id is defined
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 04 10:33:40 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.8.1 (bsc#1069954):
|
|
* BUG/MAJOR: h2: correctly check the request length when building an H1 request
|
|
* BUG/MAJOR: thread: Be sure to request a sync between threads only once at a time
|
|
* BUG/MAJOR: thread/peers: fix deadlock on peers sync.
|
|
* BUG/MEDIUM: h2: do not accept upper case letters in request header names
|
|
* BUG/MEDIUM: h2: remove connection-specific headers from request
|
|
* BUG/MEDIUM: h2: enforce the per-connection stream limit
|
|
* BUG/MEDIUM: checks: Be sure we have a mux if we created a cs.
|
|
* BUG/MEDIUM: peers: fix some track counter rules dont register entries for sync.
|
|
* BUG/MEDIUM: h2: don't report an error after parsing a 100-continue response
|
|
* BUG/MEDIUM: threads/peers: decrement, not increment jobs on quitting
|
|
* BUG/MEDIUM: stream: fix session leak on applet-initiated connections
|
|
* BUG/MEDIUM: cache: bad computation of the remaining size
|
|
* BUG/MEDIUM: ssl: don't allocate shctx several time
|
|
* BUG/MEDIUM: tcp-check: Don't lock the server in tcpcheck_main
|
|
* BUG/MEDIUM: kqueue: Don't bother closing the kqueue after fork.
|
|
* BUG/MINOR: h2: use the H2_F_DATA_* macros for DATA frames
|
|
* BUG/MINOR: h2: reject response pseudo-headers from requests
|
|
* BUG/MINOR: h2: properly check PRIORITY frames
|
|
* BUG/MINOR: h2: reject incorrect stream dependencies on HEADERS frame
|
|
* BUG/MINOR: h2: do not accept SETTINGS_ENABLE_PUSH other than 0 or 1
|
|
* BUG/MINOR: h2: the TE header if present may only contain trailers
|
|
* BUG/MINOR: h2: fix a typo causing PING/ACK to be responded to
|
|
* BUG/MINOR: h2: ":path" must not be empty
|
|
* BUG/MINOR: h2: try to abort closed streams as soon as possible
|
|
* BUG/MINOR: h2: immediately close if receiving GOAWAY after the last stream
|
|
* BUG/MINOR: hpack: dynamic table size updates are only allowed before headers
|
|
* BUG/MINOR: hpack: reject invalid header index
|
|
* BUG/MINOR: hpack: must reject huffman literals padded with more than 7 bits
|
|
* BUG/MINOR: hpack: fix debugging output of pseudo header names
|
|
* BUG/MINOR: mworker: detach from tty when in daemon mode
|
|
* BUG/MINOR: mworker: fix validity check for the pipe FDs
|
|
* BUG/MINOR: ssl: CO_FL_EARLY_DATA removal is managed by stream
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 28 13:54:07 UTC 2017 - kgronlund@suse.com
|
|
|
|
- License is now GPL-3.0+ and LGPL-2.1+
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 27 13:40:32 UTC 2017 - mrueckert@suse.de
|
|
|
|
- [apparmor]: allow haproxy to restart itself. needed for seamless
|
|
restart. also reload the apparmor profile on update.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 27 13:31:07 UTC 2017 - mrueckert@suse.de
|
|
|
|
- enable network namespaces on 42.3
|
|
- Enabled systemd notify mode: new BR: pkgconfig(libsystemd)
|
|
This fixes problems with starting 1.8 on 42.3.
|
|
- apply build option changes as adviced by upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 27 13:30:30 UTC 2017 - mrueckert@suse.de
|
|
|
|
- Update to version 1.8.0 (bsc#1069954):
|
|
https://www.mail-archive.com/haproxy@formilux.org/msg28004.html
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 23 06:52:05 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.9:
|
|
* BUG/MINOR: peers: peer synchronization issue (with several peers sections).
|
|
* BUG/MINOR: lua: In error case, the safe mode is not removed
|
|
* BUG/MINOR: lua: executes the function destroying the Lua session in safe mode
|
|
* BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted
|
|
* BUG/MEDIUM: lua: bad memory access
|
|
* DOC: update the list of OpenSSL versions in the README
|
|
* DOC: Updated 51Degrees git URL to point to a stable version.
|
|
* BUG/MINOR: http: Set the response error state in http_sync_res_state
|
|
* MINOR: http: Reorder/rewrite checks in http_resync_states
|
|
* MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags
|
|
* BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined
|
|
* BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state
|
|
* BUG/MINOR: lua: Fix Server.get_addr() port values
|
|
* BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()
|
|
* BUG/MINOR: lua: always detach the tcp/http tasks before freeing them
|
|
* BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 10 12:05:16 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.8:
|
|
* BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue
|
|
* BUG/MAJOR: cli: fix custom io_release was crushed by NULL.
|
|
* BUG/MAJOR: map: fix segfault during 'show map/acl' on cli.
|
|
* BUG/MAJOR: compression: Be sure to release the compression state in all cases
|
|
* DOC: fix references to the section about time format.
|
|
* BUG/MEDIUM: map/acl: fix unwanted flags inheritance.
|
|
* BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel
|
|
* BUG/MINOR: http: Don't reset the transaction if there are still data to send
|
|
* BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels
|
|
* BUG/MINOR: http: properly handle all 1xx informational responses
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 10 12:05:07 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.7:
|
|
* BUG/MINOR: Wrong peer task expiration handling during synchronization processing.
|
|
* BUG/MEDIUM: http: Drop the connection establishment when a redirect is performed
|
|
* BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range 1..32767
|
|
* DOC: fix references to the section about the unix socket
|
|
* BUG/MINOR: log: pin the front connection when front ip/ports are logged
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 19 05:09:38 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.6:
|
|
* DOC: changed "block"(deprecated) examples to http-request deny
|
|
* DOC: add few comments to examples.
|
|
* DOC: update sample code for PROXY protocol
|
|
* DOC: mention lighttpd 1.4.46 implements PROXY
|
|
* DOC: stick-table is available in frontend sections
|
|
* BUG/MINOR: dns: Wrong address family used when creating IPv6 sockets.
|
|
* BUG/MINOR: config: missing goto out after parsing an incorrect ACL character
|
|
* BUG/MINOR: arg: don't try to add an argument on failed memory allocation
|
|
* BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments on error
|
|
* BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr()
|
|
* MINOR: lua: ensure the memory allocator is used all the time
|
|
* CLEANUP: logs: typo: simgle => single
|
|
* BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr()
|
|
* BUG/MAJOR: Use -fwrapv.
|
|
* BUG/MINOR: server: don't use "proxy" when px is really meant.
|
|
* BUG/MINOR: server: missing default server 'resolvers' setting duplication.
|
|
* DOC: add layer 4 links/cross reference to "block" keyword.
|
|
* DOC: errloc/errorloc302/errorloc303 missing status codes.
|
|
* BUG/MEDIUM: lua: memory leak
|
|
* MEDIUM: config: don't check config validity when there are fatal errors
|
|
* BUG/MINOR: hash-balance-factor isn't effective in certain circumstances
|
|
* MINOR/DOC: lua: just precise one thing
|
|
* BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
|
|
* DOC: update RFC references
|
|
* BUG/MINOR: checks: don't send proxy protocol with agent checks
|
|
* BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return anything
|
|
* BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer
|
|
* BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers
|
|
* BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map
|
|
* BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING
|
|
* BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
|
|
* BUG/MAJOR: server: Segfault after parsing server state file.
|
|
* BUG/MEDIUM: unix: never unlink a unix socket from the file system
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 08 13:18:54 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.5:
|
|
* BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
|
|
* BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
|
|
* BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
|
|
* BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
|
|
* MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 29 11:53:23 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.4:
|
|
* MINOR: config: warn when some HTTP rules are used in a TCP proxy
|
|
* BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
|
|
* BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
|
|
* BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
|
|
* BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
|
|
* BUG/MINOR: Fix "get map <map> <value>" CLI command
|
|
* BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
|
|
* BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
|
|
* BUG/MINOR: checks: attempt clean shutw for SSL check
|
|
* BUG/MEDIUM: listener: do not try to rebind another process' socket
|
|
* BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
|
|
* BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
|
|
* BUG/MEDIUM: connection: ensure to always report the end of handshakes
|
|
* BUG: payload: fix payload not retrieving arbitrary lengths
|
|
* BUG/MAJOR: http: fix typo in http_apply_redirect_rule
|
|
* BUG/MEDIUM: stream: fix client-fin/server-fin handling
|
|
* MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
|
|
* BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
|
|
* DOC/MINOR: Fix typos in proxy protocol doc
|
|
* DOC: Protocol doc: add checksum, TLV type ranges
|
|
* DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
|
|
* DOC: Protocol doc: add noop TLV
|
|
* MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
|
|
* BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
|
|
* MINOR: server: irrelevant error message with 'default-server' config file keyword.
|
|
* MINOR: doc: fix use-server example (imap vs mail)
|
|
* BUG/MEDIUM: tcp: don't require privileges to bind to device
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 28 11:31:02 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.3:
|
|
* BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
|
|
* BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
|
|
* BUG/MINOR: unix: fix connect's polling in case no data are scheduled
|
|
* BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword
|
|
* MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested
|
|
* BUG/MAJOR: dns: restart sockets after fork()
|
|
* MINOR: chunks: implement a simple dynamic allocator for trash buffers
|
|
* BUG/MEDIUM: http: prevent redirect from overwriting a buffer
|
|
* BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined
|
|
* BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
|
|
* BUG/MINOR: http: Return an error when a replace-header rule failed on the response
|
|
* BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
|
|
* BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
|
|
* BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule
|
|
* MINOR: http: don't close when redirect location doesn't start with "/"
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 30 14:43:01 UTC 2017 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.2 (bsc#1023141):
|
|
* BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
|
|
* BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
|
|
* DOC: lua: documentation about time parser functions
|
|
* DOC: lua: section declared twice
|
|
* BUG/MINOR: lua/cli: bad error message
|
|
* DOC: fix small typo in fe_id (backend instead of frontend)
|
|
* BUG/MINOR: Fix the sending function in Lua's cosocket
|
|
* BUG/MINOR: lua: memory leak executing tasks
|
|
* BUG/MINOR: lua: bad return code
|
|
* BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
|
|
* BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
|
|
* BUG/MINOR: stats: fix be/sessions/current out in typed stats
|
|
* BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
|
|
* BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
|
|
* BUG/MINOR: systemd: potential zombie processes
|
|
* DOC: Add timings events schemas
|
|
* BUG/MINOR: option prefer-last-server must be ignored in some case
|
|
* MINOR: stats: Support "select all" for backend actions
|
|
* BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
|
|
* BUG/MAJOR: channel: Fix the definition order of channel analyzers
|
|
* BUG/MINOR: http: report real parser state in error captures
|
|
* BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
|
|
* MINOR: http: custom status reason.
|
|
* MINOR: connection: add sample fetch "fc_rcvd_proxy"
|
|
* BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
|
|
* BUG/MINOR: tools: fix off-by-one in port size check
|
|
* BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
|
|
* MEDIUM: server: split the address and the port into two different fields
|
|
* MINOR: tools: make str2sa_range() return the port in a separate argument
|
|
* MINOR: server: take the destination port from the port field, not the addr
|
|
* MEDIUM: server: disable protocol validations when the server doesn't resolve
|
|
* BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
|
|
* BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
|
|
* MINOR: proto_http.c 502 error txt typo.
|
|
* DOC: add deprecation notice to "block"
|
|
* BUG/MINOR: Reset errno variable before calling strtol(3)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 24 02:36:10 UTC 2016 - mrueckert@suse.de
|
|
|
|
- Update to version 1.7.1:
|
|
* BUG/MAJOR: stream: fix session abort on resource shortage
|
|
* BUG/MINOR: cli: allow the backslash to be escaped on the CLI
|
|
* BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
|
|
* DOC: Fix map table's format
|
|
* DOC: Added 51Degrees conv and fetch functions to documentation.
|
|
* BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
|
|
* DOC: mention that req_tot is for both frontends and backends
|
|
* BUG/MEDIUM: variables: some variable name can hide another ones
|
|
* BUG/MINOR: stats: fix be/sessions/max output in html stats
|
|
* MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
|
|
* DOC: lua: Documentation about some entry missing
|
|
* MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set
|
|
* DOC: Add undocumented argument of the trace filter
|
|
* DOC: Fix some typo in SPOE documentation
|
|
* BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
|
|
* MINOR: applet: Count number of (active) applets
|
|
* MINOR: task: Rename run_queue and run_queue_cur counters
|
|
* BUG/MEDIUM: stream: Save unprocessed events for a stream
|
|
* BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
|
|
* BUILD/MEDIUM: Fixing the build using LibreSSL
|
|
* [RELEASE] Released version 1.7.1
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 02 07:31:16 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to version 1.7.0:
|
|
* BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
|
|
* BUG/MINOR: stats: make field_str() return an empty string on NULL
|
|
* BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
|
|
* BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn
|
|
* BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
|
|
* BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
|
|
* BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 02 07:30:49 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to version 1.6.10:
|
|
* BUG/MEDIUM: systemd-wrapper: return correct exit codes
|
|
* BUG/MEDIUM: srv-state: properly restore the DRAIN state
|
|
* BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags
|
|
* BUG/MEDIUM: servers: properly propagate the maintenance states during startup
|
|
* BUG: vars: Fix 'set-var' converter because of a typo
|
|
* BUG/MEDIUM: channel: bad unlikely macro
|
|
* CLEANUP: lua: move comment
|
|
* CLEANUP: lua: control executed twice
|
|
* CLEANUP: ssl: Fix bind keywords name in comments
|
|
* DOC: ssl: Use correct wording for ca-sign-pass
|
|
* BUG/MINOR: stick-table: handle out-of-memory condition gracefully
|
|
* BUG/MEDIUM: connection: check the control layer before stopping polling
|
|
* BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory
|
|
* CONTRIB: initiate a debugging suite to make debugging easier
|
|
* BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
|
|
* BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 02 16:56:57 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to version 1.6.9+git.1477940904.ab45181 (fate#321723)
|
|
* BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang
|
|
* MINOR: cfgparse: few memory leaks fixes.
|
|
* MINOR: build: Allow linking to device-atlas library file
|
|
* DOC: Fix typo in description of `-st` parameter in man page
|
|
* BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream
|
|
* BUG/MEDIUM: peers: fix use after free in peer_session_create()
|
|
* BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed
|
|
* MINOR: systemd: report it when execve() fails
|
|
* BUG/MINOR: systemd: check return value of calloc()
|
|
* BUG/MINOR: systemd: always restore signals before execve()
|
|
* BUG/MINOR: systemd: make the wrapper return a non-null status code on error
|
|
* BUG/MINOR: ssl: prevent multiple entries for the same certificate
|
|
* BUG/MINOR: ssl: Check malloc return code
|
|
* BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session
|
|
* BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
|
|
* BUG/MINOR: vars: use sess and not s->sess in action_store()
|
|
* MEDIUM: make SO_REUSEPORT configurable
|
|
* MINOR: Add fe_req_rate sample fetch
|
|
* MINOR: show Running on zlib version
|
|
* MINOR: show Built with PCRE version
|
|
* BUG/MINOR: displayed PCRE version is running release
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 1 07:16:13 UTC 2016 - kgronlund@suse.com
|
|
|
|
- Update to 1.6.9 (bsc#1003264)
|
|
- MINOR: cli: allow the semi-colon to be escaped on the CLI
|
|
- BUG/MINOR: payload: fix SSLv2 version parser
|
|
- BUG/MAJOR: stream: properly mark the server address as unset on connect retry
|
|
- DOC: Updated 51Degrees readme.
|
|
- BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table
|
|
- BUG/MINOR: peers: empty chunks after a resync.
|
|
- BUG/MINOR: peers: some updates are pushed twice after a resync.
|
|
- MINOR: sample: use smp_make_rw() in upper/lower converters
|
|
- BUG/MEDIUM: stick-table: properly convert binary samples to keys
|
|
- BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size
|
|
- BUG/MAJOR: server: the "sni" directive could randomly cause trouble
|
|
- MINOR: sample: provide smp_is_rw() and smp_make_rw()
|
|
- MINOR: sample: implement smp_is_safe() and smp_make_safe()
|
|
- BUG/MEDIUM: samples: make smp_dup() always duplicate the sample
|
|
- BUG/MAJOR: compression: initialize avail_in/next_in even during flush
|
|
- BUILD: make proto_tcp.c compatible with musl library
|
|
- DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
|
|
- BUG/MEDIUM: stream-int: completely detach connection on connect error
|
|
- BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests
|
|
- DOC: lua: remove old functions
|
|
- BUG/MINOR: peers: Fix peers data decoding issue
|
|
- BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash
|
|
- BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 19 01:50:28 UTC 2016 - mrueckert@suse.de
|
|
|
|
- update to 1.6.7
|
|
- MINOR: new function my_realloc2 = realloc + free upon failure
|
|
- CLEANUP: fixed some usages of realloc leading to memory leak
|
|
- Revert "BUG/MINOR: ssl: fix potential memory leak in
|
|
ssl_sock_load_dh_params()"
|
|
- BUG/MEDIUM: dns: fix alignment issues in the DNS response
|
|
parser
|
|
- BUG/MINOR: Fix endiness issue in DNS header creation code
|
|
- changes from 1.6.6
|
|
- BUG/MAJOR: fix listening IP address storage for frontends
|
|
- BUG/MINOR: fix listening IP address storage for frontends
|
|
(cont)
|
|
- DOC: Fix typo so fetch is properly parsed by Cyril's converter
|
|
- BUG/MAJOR: http: fix breakage of "reqdeny" causing random
|
|
crashes
|
|
- BUG/MEDIUM: stick-tables: fix breakage in table converters
|
|
- BUG/MEDIUM: dns: unbreak DNS resolver after header fix
|
|
- BUILD: fix build on Solaris 11
|
|
- CLEANUP: connection: fix double negation on memcmp()
|
|
- BUG/MEDIUM: stats: show servers state may show an servers from
|
|
another backend
|
|
- BUG/MEDIUM: fix risk of segfault with "show tls-keys"
|
|
- BUG/MEDIUM: sticktables: segfault in some configuration error
|
|
cases
|
|
- BUG/MEDIUM: lua: converters doesn't work
|
|
- BUG/MINOR: http: add-header: header name copied twice
|
|
- BUG/MEDIUM: http: add-header: buffer overwritten
|
|
- BUG/MINOR: ssl: fix potential memory leak in
|
|
ssl_sock_load_dh_params()
|
|
- BUG/MINOR: http: url32+src should use the big endian version of
|
|
url32
|
|
- BUG/MINOR: http: url32+src should check cli_conn before using
|
|
it
|
|
- DOC: http: add documentation for url32 and url32+src
|
|
- BUG/MINOR: fix http-response set-log-level parsing error
|
|
- MINOR: systemd: Use variable for config and pidfile paths
|
|
- MINOR: systemd: Perform sanity check on config before reload
|
|
(cherry picked from commit
|
|
68535bddf305fdd22f1449a039939b57245212e7)
|
|
- BUG/MINOR: init: always ensure that global.rlimit_nofile
|
|
matches actual limits
|
|
- BUG/MINOR: init: ensure that FD limit is raised to the max
|
|
allowed
|
|
- BUG/MEDIUM: external-checks: close all FDs right after the
|
|
fork()
|
|
- BUG/MAJOR: external-checks: use asynchronous signal delivery
|
|
- BUG/MINOR: external-checks: do not unblock undesired signals
|
|
- BUILD/MEDIUM: rebuild everything when an include file is
|
|
changed
|
|
- BUILD/MEDIUM: force a full rebuild if some build options change
|
|
- BUG/MINOR: srv-state: fix incorrect output of state file
|
|
- BUG/MINOR: ssl: close ssl key file on error
|
|
- BUG/MINOR: http: fix misleading error message for response
|
|
captures
|
|
- BUG/BUILD: don't automatically run "make" on "make install"
|
|
- DOC: add missing doc for
|
|
http-request deny [deny_status <status>]
|
|
- drop patches which were pulled from git before
|
|
0001-BUG-MAJOR-fix-listening-IP-address-storage-for-front.patch
|
|
0002-BUG-MINOR-fix-listening-IP-address-storage-for-front.patch
|
|
0003-DOC-Fix-typo-so-fetch-is-properly-parsed-by-Cyril-s-.patch
|
|
0004-BUG-MAJOR-http-fix-breakage-of-reqdeny-causing-rando.patch
|
|
0005-BUG-MEDIUM-stick-tables-fix-breakage-in-table-conver.patch
|
|
0006-BUG-MEDIUM-dns-unbreak-DNS-resolver-after-header-fix.patch
|
|
0007-BUILD-fix-build-on-Solaris-11.patch
|
|
0008-CLEANUP-connection-fix-double-negation-on-memcmp.patch
|
|
0009-BUG-MEDIUM-stats-show-servers-state-may-show-an-serv.patch
|
|
0010-BUG-MEDIUM-fix-risk-of-segfault-with-show-tls-keys.patch
|
|
0011-BUG-MEDIUM-sticktables-segfault-in-some-configuratio.patch
|
|
0012-BUG-MEDIUM-lua-converters-doesn-t-work.patch
|
|
0013-BUG-MINOR-http-add-header-header-name-copied-twice.patch
|
|
0014-BUG-MEDIUM-http-add-header-buffer-overwritten.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 9 12:48:27 UTC 2016 - mrueckert@suse.de
|
|
|
|
- pull patches from git to fix some important issues (bsc#983972) (bsc#983974):
|
|
0001-BUG-MAJOR-fix-listening-IP-address-storage-for-front.patch
|
|
0002-BUG-MINOR-fix-listening-IP-address-storage-for-front.patch
|
|
0003-DOC-Fix-typo-so-fetch-is-properly-parsed-by-Cyril-s-.patch
|
|
0004-BUG-MAJOR-http-fix-breakage-of-reqdeny-causing-rando.patch
|
|
0005-BUG-MEDIUM-stick-tables-fix-breakage-in-table-conver.patch
|
|
0006-BUG-MEDIUM-dns-unbreak-DNS-resolver-after-header-fix.patch
|
|
0007-BUILD-fix-build-on-Solaris-11.patch
|
|
0008-CLEANUP-connection-fix-double-negation-on-memcmp.patch
|
|
0009-BUG-MEDIUM-stats-show-servers-state-may-show-an-serv.patch
|
|
0010-BUG-MEDIUM-fix-risk-of-segfault-with-show-tls-keys.patch
|
|
0011-BUG-MEDIUM-sticktables-segfault-in-some-configuratio.patch
|
|
0012-BUG-MEDIUM-lua-converters-doesn-t-work.patch
|
|
0013-BUG-MINOR-http-add-header-header-name-copied-twice.patch
|
|
0014-BUG-MEDIUM-http-add-header-buffer-overwritten.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 10 14:24:24 UTC 2016 - mrueckert@suse.de
|
|
|
|
- update to 1.6.5
|
|
- BUG/MINOR: log: Don't use strftime() which can clobber timezone
|
|
if chrooted
|
|
- BUILD: namespaces: fix a potential build warning in
|
|
namespaces.c
|
|
- DOC: add encoding to json converter example
|
|
- BUG/MINOR: conf: "listener id" expects integer, but its not
|
|
checked
|
|
- DOC: Clarify tunes.vars.xxx-max-size settings
|
|
- BUG/MEDIUM: peers: fix incorrect age in frequency counters
|
|
- BUG/MEDIUM: Fix RFC5077 resumption when more than
|
|
TLS_TICKETS_NO are present
|
|
- BUG/MAJOR: Fix crash in http_get_fhdr with exactly
|
|
MAX_HDR_HISTORY headers
|
|
- BUG/MINOR: lua: can't load external libraries
|
|
- DOC: "addr" parameter applies to both health and agent checks
|
|
- DOC: timeout client: pointers to timeout http-request
|
|
- DOC: typo on stick-store response
|
|
- DOC: stick-table: amend paragraph blaming the loss of table
|
|
upon reload
|
|
- DOC: typo: ACL subdir match
|
|
- DOC: typo: maxconn paragraph is wrong due to a wrong buffer
|
|
size
|
|
- DOC: regsub: parser limitation about the inability to use
|
|
closing square brackets
|
|
- DOC: typo: req.uri is now replaced by capture.req.uri
|
|
- DOC: name set-gpt0 mismatch with the expected keyword
|
|
- BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the
|
|
connection state.
|
|
- DOC: fix "needed" typo
|
|
- BUG/MINOR: dns: inapropriate way out after a resolution timeout
|
|
- BUG/MINOR: dns: trigger a DNS query type change on resolution
|
|
timeout
|
|
- BUG/MINOR : allow to log cookie for tarpit and denied request
|
|
- OPTIM/MINOR: session: abort if possible before connecting to
|
|
the backend
|
|
- BUG/MEDIUM: trace.c: rdtsc() is defined in two files
|
|
- BUG/MEDIUM: channel: fix miscalculation of available buffer
|
|
space (2nd try)
|
|
- BUG/MINOR: cfgparse: couple of small memory leaks.
|
|
- BUG/MEDIUM: sample: initialize the pointer before parse_binary
|
|
call.
|
|
- DOC: fix discrepancy in the example for http-request redirect
|
|
- DOC: Clarify IPv4 address / mask notation rules
|
|
- CLEANUP: fix inconsistency between fd->iocb, proto->accept and
|
|
accept()
|
|
- BUG/MEDIUM: fix maxaccept computation on per-process listeners
|
|
- BUG/MINOR: listener: stop unbound listeners on startup
|
|
- BUG/MINOR: fix maxaccept computation according to the frontend
|
|
process range
|
|
- MEDIUM: unblock signals on startup.
|
|
- BUG/MEDIUM: channel: don't allow to overwrite the reserve until
|
|
connected
|
|
- BUG/MEDIUM: channel: incorrect polling condition may delay
|
|
event delivery
|
|
- BUG/MEDIUM: channel: fix miscalculation of available buffer
|
|
space (3rd try)
|
|
- BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields
|
|
in TCP mode
|
|
- BUG/MEDIUM: lua: protects the upper boundary of the argument
|
|
list for converters/fetches.
|
|
- BUG/MINOR: log: fix a typo that would cause %HP to log <BADREQ>
|
|
- MINOR: channel: add new function channel_congested()
|
|
- BUG/MEDIUM: http: fix risk of CPU spikes with pipelined
|
|
requests from dead client
|
|
- BUG/MAJOR: channel: fix miscalculation of available buffer
|
|
space (4th try)
|
|
- BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly
|
|
cleared
|
|
- BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1
|
|
transfers
|
|
- BUG/MEDIUM: stats: show servers state may show an empty or
|
|
incomplete result
|
|
- BUG/MEDIUM: stats: show backend may show an empty or incomplete
|
|
result
|
|
- MINOR: stats: fix typo in help messages
|
|
- MINOR: stats: show stat resolvers missing in the help message
|
|
- BUG/MINOR: dns: fix DNS header definition
|
|
- BUG/MEDIUM: dns: fix alignment issue when building DNS queries
|
|
- CLEANUP/MINOR: stats: fix accidental addition of member "env"
|
|
in the applet ctx
|
|
- refreshed patches to apply cleanly again
|
|
- haproxy-1.6.0-makefile_lib.patch
|
|
- haproxy-1.6.0-sec-options.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 02:45:05 UTC 2016 - mrueckert@suse.de
|
|
|
|
- update to 1.6.4 (fate#320607) (bsc#937202)
|
|
- BUG/MINOR: http: fix several off-by-one errors in the url_param
|
|
parser
|
|
- BUG/MINOR: http: Be sure to process all the data received from
|
|
a server
|
|
- BUG/MINOR: chunk: make chunk_dup() always check and set
|
|
dst->size
|
|
- MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
|
|
- MINOR: chunks: add chunk_strcat() and chunk_newstr()
|
|
- MINOR: chunk: make chunk_initstr() take a const string
|
|
- MINOR: lru: new function to delete <nb> least recently used
|
|
keys
|
|
- DOC: add Ben Shillito as the maintainer of 51d
|
|
- BUG/MINOR: 51d: Ensures a unique domain for each configuration
|
|
- BUG/MINOR: 51d: Aligns Pattern cache implementation with
|
|
HAProxy best practices.
|
|
- BUG/MINOR: 51d: Releases workset back to pool.
|
|
- BUG/MINOR: 51d: Aligned const pointers to changes in 51Degrees.
|
|
- CLEANUP: 51d: Aligned if statements with HAProxy best practices
|
|
and removed casts from malloc.
|
|
- DOC: fix a few spelling mistakes (cherry picked from commit
|
|
cc123c66c2075add8524a6a9925382927daa6ab0)
|
|
- DOC: fix "workaround" spelling
|
|
- BUG/MINOR: examples: Fixing haproxy.spec to remove references
|
|
to .cfg files
|
|
- MINOR: fix the return type for dns_response_get_query_id()
|
|
function
|
|
- MINOR: server state: missing LF (\n) on error message printed
|
|
when parsing server state file
|
|
- BUG/MEDIUM: dns: no DNS resolution happens if no ports provided
|
|
to the nameserver
|
|
- BUG/MAJOR: servers state: server port is erased when dns
|
|
resolution is enabled on a server
|
|
- BUG/MEDIUM: servers state: server port is used uninitialized
|
|
- BUG/MEDIUM: config: Adding validation to stick-table expire
|
|
value.
|
|
- BUG/MEDIUM: sample: http_date() doesn't provide the right day
|
|
of the week
|
|
- BUG/MEDIUM: channel: fix miscalculation of available buffer
|
|
space.
|
|
- MEDIUM: pools: add a new flag to avoid rounding pool size up
|
|
- BUG/MEDIUM: buffers: do not round up buffer size during
|
|
allocation
|
|
- BUG/MINOR: stream: don't force retries if the server is DOWN
|
|
- BUG/MINOR: counters: make the sc-inc-gpc0 and sc-set-gpt0 touch
|
|
the table
|
|
- MINOR: unix: don't mention free ports on EAGAIN
|
|
- BUG/CLEANUP: CLI: report the proper field states in "show sess"
|
|
- MINOR: stats: send content-length with the redirect to allow
|
|
keep-alive
|
|
- BUG: stream_interface: Reuse connection even if the output
|
|
channel is empty
|
|
- DOC: remove old tunnel mode assumptions
|
|
- BUG/MAJOR: http-reuse: fix risk of orphaned connections
|
|
- BUG/MEDIUM: http-reuse: do not share private connections across
|
|
backends
|
|
- BUG/MINOR: ssl: Be sure to use unique serial for regenerated
|
|
certificates
|
|
- BUG/MINOR: stats: fix missing comma in stats on agent drain
|
|
- BUG/MINOR: lua: unsafe initialization
|
|
- DOC: lua: fix somme errors
|
|
- DOC: add server name at rate-limit sessions example
|
|
- BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
|
|
- BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
|
|
- DOC: LUA: fix some typos and syntax errors
|
|
- MINOR: cfgparse: warn for incorrect 'timeout retry' keyword
|
|
spelling in resolvers
|
|
- MINOR: mailers: increase default timeout to 10 seconds
|
|
- MINOR: mailers: use <CRLF> for all line endings
|
|
- BUG/MAJOR: lua: applets can't sleep.
|
|
- BUG/MINOR: server: some prototypes are renamed
|
|
- BUG/MINOR: lua: Useless copy
|
|
- BUG/MEDIUM: stats: stats bind-process doesn't propagate the
|
|
process mask correctly
|
|
- BUG/MINOR: server: fix the format of the warning on address
|
|
change
|
|
- BUG/MEDIUM: chunks: always reject negative-length chunks
|
|
- BUG/MINOR: systemd: ensure we don't miss signals
|
|
- BUG/MINOR: systemd: report the correct signal in debug message
|
|
output
|
|
- BUG/MINOR: systemd: propagate the correct signal to haproxy
|
|
- MINOR: systemd: ensure a reload doesn't mask a stop
|
|
- BUG/MEDIUM: cfgparse: wrong argument offset after parsing
|
|
server "sni" keyword
|
|
- CLEANUP: stats: Avoid computation with uninitialized bits.
|
|
- CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
|
|
- CLEANUP: map: Avoid memory leak in out-of-memory condition.
|
|
- BUG/MINOR: tcpcheck: fix incorrect list usage resulting in
|
|
failure to load certain configs
|
|
- BUG/MAJOR: samples: check smp->strm before using it
|
|
- MINOR: sample: add a new helper to initialize the owner of a
|
|
sample
|
|
- MINOR: sample: always set a new sample's owner before
|
|
evaluating it
|
|
- BUG/MAJOR: vars: always retrieve the stream and session from
|
|
the sample
|
|
- CLEANUP: payload: remove useless and confusing nullity checks
|
|
for channel buffer
|
|
- BUG/MINOR: ssl: fix usage of the various sample fetch functions
|
|
- MINOR: cfgparse: warn when uid parameter is not a number
|
|
- MINOR: cfgparse: warn when gid parameter is not a number
|
|
- BUG/MINOR: standard: Avoid free of non-allocated pointer
|
|
- BUG/MINOR: pattern: Avoid memory leak on out-of-memory
|
|
condition
|
|
- CLEANUP: http: fix a build warning introduced by a recent fix
|
|
- BUG/MINOR: log: GMT offset not updated when entering/leaving
|
|
DST
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 11 14:22:44 UTC 2016 - e.istomin@edss.ee
|
|
|
|
- update to 1.6.3 (fate#320607)
|
|
- BUG/MEDIUM: lua: clean output buffer
|
|
- BUG/MEDIUM: http: switch the request channel to no-delay once done.
|
|
- BUG/MEDIUM: http: don't enable auto-close on the response side
|
|
- BUG/MEDIUM: stream: fix half-closed timeout handling
|
|
- BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
|
|
- BUG/MEDIUM: sample: urlp can't match an empty value
|
|
- BUG/MEDIUM: da: stop DeviceAtlas processing in the convertor if there is no input.
|
|
- BUG/MEDIUM: checks: email-alert not working when declared in defaults
|
|
- BUG/MEDIUM: http: fix http-reuse when frontend and backend differ
|
|
- BUG/MEDIUM: config: properly adjust maxconn with nbproc when memmax is forced
|
|
- BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
|
|
- BUG/MEDIUM: peers: old stick table updates could be repushed
|
|
- BUG/MEDIUM: lua: Lua applets must not fetch samples using http_txn
|
|
- BUG/MEDIUM: lua: Forbid HTTP applets from being called from tcp rulesets
|
|
- BUG/MAJOR: lua: Do not force the HTTP analysers in use-services
|
|
|
|
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
or http://www.haproxy.org/download/1.6/src/CHANGELOG
|
|
-------------------------------------------------------------------
|
|
Sat Nov 21 01:36:11 UTC 2015 - mrueckert@suse.de
|
|
|
|
- on sle11 we still need to own /etc/apparmor.d/local
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Nov 21 01:15:07 UTC 2015 - mrueckert@suse.de
|
|
|
|
- instead of owning the apparmor directories, BR apparmor-profiles.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 10 14:50:26 UTC 2015 - mrueckert@suse.de
|
|
|
|
- fix link to tarball
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 3 12:02:19 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.6.2
|
|
- BUILD: ssl: fix build error introduced in commit 7969a3 with
|
|
OpenSSL < 1.0.0
|
|
- DOC: fix a typo for a "deviceatlas" keyword
|
|
- FIX: small typo in an example using the "Referer" header
|
|
- BUG/MEDIUM: config: count memory limits on 64 bits, not 32
|
|
- BUG/MAJOR: dns: first DNS response packet not matching queried
|
|
hostname may lead to a loop
|
|
- BUG/MINOR: dns: unable to parse CNAMEs response
|
|
- BUG/MINOR: examples/haproxy.init: missing brace in
|
|
quiet_check()
|
|
- DOC: deviceatlas: more example use cases.
|
|
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
|
|
install-bin.
|
|
- BUG/MAJOR: http: don't requeue an idle connection that is
|
|
already queued
|
|
- DOC: typo on capture.res.hdr and capture.req.hdr
|
|
- BUG/MINOR: dns: check for duplicate nameserver id in a
|
|
resolvers section was missing
|
|
- CLEANUP: use direction names in place of numeric values
|
|
- BUG/MEDIUM: lua: sample fetches based on response doesn't work
|
|
- drop haproxy-1.6.0-ssl-098.patch: included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 22 10:21:00 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.6.1
|
|
- DOC: specify that stats socket doc (section 9.2) is in
|
|
management
|
|
- BUILD: install only relevant and existing documentation
|
|
- CLEANUP: don't ignore debian/ directory if present
|
|
- BUG/MINOR: dns: parsing error of some DNS response
|
|
- BUG/MEDIUM: namespaces: don't fail if no namespace is used
|
|
- BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
|
|
disabled
|
|
- MEDIUM: dns: Don't use the ANY query type
|
|
- drop haproxy-1.6.0-ssl.crash.patch included in update
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 19 16:15:57 UTC 2015 - mrueckert@suse.de
|
|
|
|
- add haproxy-1.6.0-ssl-098.patch:
|
|
fix building on openssl 0.9.8
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 16 17:16:40 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added haproxy-1.6.0-ssl.crash.patch: fix SNI related crash
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 15 23:19:33 UTC 2015 - mrueckert@suse.de
|
|
|
|
- only use network namespace support on distros newer than 13.2
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 13 19:39:12 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.6.0
|
|
The most user-visible changes, we can cite the simpler handling
|
|
of multiple configuration files, the support for quotes and
|
|
environment variables in the configuration, a significant
|
|
reduction of the memory usage thanks to a new dynamic buffer
|
|
allocator, notifications over e-mail, server state keeping across
|
|
reloads, dynamic DNS-based server address resolution, new
|
|
scripting capabilities thanks to the embedded Lua interpreter,
|
|
use of variables in the configuration to manipulate samples,
|
|
request body buffering and analysis, support for two third-party
|
|
device identification products (DeviceAtlas and 51Degrees), a lot
|
|
of new sample converters including arithmetic operators and table
|
|
lookups, TLS ticket secret sharing between nodes, TLS SNI to the
|
|
server, full tables replication between peers, ability to
|
|
instruct the kernel to quickly kill dead connections, support for
|
|
Linux namespaces, and a number of other less visible goodies. The
|
|
performance has also been improved a lot with support for server
|
|
connection multiplexing, much faster and cheaper HTTP compression
|
|
via libslz, and the addition of a pattern cache to speed up
|
|
certain expensive ACLs. The great flexibility offered by this
|
|
version will allow many users to significantly simplify their
|
|
configurations. Some users will notice a huge performance boost
|
|
after they enable the features designed for them.
|
|
|
|
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
- drop patches we pulled from upstream git:
|
|
0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
|
0002-DOC-usesrc-root-privileges-requirements.patch
|
|
0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
|
0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
|
0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
|
0006-DOC-typo-in-redirect-302-code-meaning.patch
|
|
0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
|
0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
|
0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
|
0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
|
0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
|
0012-DOC-ssl-missing-LF.patch
|
|
0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
|
0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
|
0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
|
- refresh/redo patches to apply cleanly again:
|
|
old: haproxy-1.2.16_config_haproxy_user.patch
|
|
new: haproxy-1.6.0_config_haproxy_user.patch
|
|
old: haproxy-makefile_lib.patch
|
|
new: haproxy-1.6.0-makefile_lib.patch
|
|
old: sec-options.patch
|
|
new: haproxy-1.6.0-sec-options.patch
|
|
- added new haproxy.cfg to have a minimal config we can actually
|
|
launch!
|
|
- drop patch haproxy-1.5.8-fix-bashisms.patch: patched files no
|
|
longer exist
|
|
- drop haproxy.vim: we will use the copy which ships with the
|
|
upstream tarball now.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 23 19:26:54 UTC 2015 - dmueller@suse.com
|
|
|
|
- fix haproxy status checks (bsc#947204)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 8 09:10:02 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Backport patches from upstream:
|
|
- BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
|
|
- BUG/MAJOR: http: don't call http_send_name_header() after an error
|
|
- Add 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
|
|
- Add 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 26 22:47:34 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Backport patches from upstream:
|
|
- BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
|
|
- DOC: usesrc root privileges requirements
|
|
- BUILD: ssl: Allow building against libssl without SSLv3.
|
|
- DOC/MINOR: fix OpenBSD versions where haproxy works
|
|
- BUG/MINOR: http/sample: gmtime/localtime can fail
|
|
- DOC: typo in 'redirect', 302 code meaning
|
|
- DOC: mention that %ms is left-padded with zeroes.
|
|
- CLEANUP: .gitignore: ignore more test files
|
|
- CLEANUP: .gitignore: finally ignore everything but what is known.
|
|
- MEDIUM: config: emit a warning on a frontend without listener
|
|
- BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
|
|
- DOC: ssl: missing LF
|
|
- DOC: fix example of http-request using ssl_fc_session_id
|
|
|
|
- Add 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
|
|
- Add 0002-DOC-usesrc-root-privileges-requirements.patch
|
|
- Add 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
|
|
- Add 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
|
|
- Add 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
|
|
- Add 0006-DOC-typo-in-redirect-302-code-meaning.patch
|
|
- Add 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
|
|
- Add 0008-CLEANUP-.gitignore-ignore-more-test-files.patch
|
|
- Add 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
|
|
- Add 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
|
|
- Add 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
|
|
- Add 0012-DOC-ssl-missing-LF.patch
|
|
- Add 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 3 16:37:55 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Update to 1.5.14 (CVE-2015-3281) (bsc#937042)
|
|
+ BUILD/MINOR: tools: rename popcount to my_popcountl
|
|
+ BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 26 11:45:33 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Update to 1.5.13
|
|
- Dropped all patches backported from git, no further changes
|
|
than those patches provided.
|
|
|
|
- Removed patches:
|
|
+ Remove 0001-BUG-MEDIUM-stats-properly-initialize-the-scope-befor.patch
|
|
+ Remove 0002-BUG-MEDIUM-http-don-t-forward-client-shutdown-withou.patch
|
|
+ Remove 0003-BUG-MINOR-check-fix-tcpcheck-error-message.patch
|
|
+ Remove 0004-CLEANUP-checks-fix-double-usage-of-cur-current_step-.patch
|
|
+ Remove 0005-BUG-MEDIUM-checks-do-not-dereference-head-of-a-tcp-c.patch
|
|
+ Remove 0006-CLEANUP-checks-simplify-the-loop-processing-of-tcp-c.patch
|
|
+ Remove 0007-BUG-MAJOR-checks-always-check-for-end-of-list-before.patch
|
|
+ Remove 0008-BUG-MEDIUM-checks-do-not-dereference-a-list-as-a-tcp.patch
|
|
+ Remove 0009-BUG-MEDIUM-peers-apply-a-random-reconnection-timeout.patch
|
|
+ Remove 0010-DOC-Update-doc-about-weight-act-and-bck-fields-in-th.patch
|
|
+ Remove 0011-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
|
|
+ Remove 0012-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
|
|
+ Remove 0013-BUG-MINOR-cfgparse-fix-typo-in-option-httplog-error-.patch
|
|
+ Remove 0014-BUG-MEDIUM-cfgparse-segfault-when-userlist-is-misuse.patch
|
|
+ Remove 0015-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
|
|
+ Remove 0016-BUG-MINOR-debug-display-null-in-place-of-meth.patch
|
|
+ Remove 0017-CLEANUP-deinit-remove-codes-for-cleaning-p-block_rul.patch
|
|
+ Remove 0018-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
|
|
+ Remove 0019-MEDIUM-init-don-t-stop-proxies-in-parent-process-whe.patch
|
|
+ Remove 0020-MINOR-peers-store-the-pointer-to-the-signal-handler.patch
|
|
+ Remove 0021-MEDIUM-peers-unregister-peers-that-were-never-starte.patch
|
|
+ Remove 0022-MEDIUM-config-propagate-the-table-s-process-list-to-.patch
|
|
+ Remove 0023-MEDIUM-init-stop-any-peers-section-not-bound-to-the-.patch
|
|
+ Remove 0024-MEDIUM-config-validate-that-peers-sections-are-bound.patch
|
|
+ Remove 0025-MAJOR-peers-allow-peers-section-to-be-used-with-nbpr.patch
|
|
+ Remove 0026-DOC-relax-the-peers-restriction-to-single-process.patch
|
|
+ Remove 0027-CLEANUP-config-fix-misleading-information-in-error-m.patch
|
|
+ Remove 0028-MINOR-config-report-the-number-of-processes-using-a-.patch
|
|
+ Remove 0029-BUG-MEDIUM-config-properly-compute-the-default-numbe.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 25 15:01:34 UTC 2015 - kgronlund@suse.com
|
|
|
|
- Backport upstream patches:
|
|
+ DOC: Update doc about weight, act and bck fields in the statistics
|
|
+ MINOR: ssl: add a destructor to free allocated SSL ressources
|
|
+ BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
|
|
+ BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
|
|
+ BUG/MEDIUM: cfgparse: segfault when userlist is misused
|
|
+ MEDIUM: ssl: replace standards DH groups with custom ones
|
|
+ BUG/MINOR: debug: display (null) in place of "meth"
|
|
+ CLEANUP: deinit: remove codes for cleaning p->block_rules
|
|
+ BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
|
|
+ MEDIUM: init: don't stop proxies in parent process when exiting
|
|
+ MINOR: peers: store the pointer to the signal handler
|
|
+ MEDIUM: peers: unregister peers that were never started
|
|
+ MEDIUM: config: propagate the table's process list to the peers sections
|
|
+ MEDIUM: init: stop any peers section not bound to the correct process
|
|
+ MEDIUM: config: validate that peers sections are bound to exactly one process
|
|
+ MAJOR: peers: allow peers section to be used with nbproc > 1
|
|
+ DOC: relax the peers restriction to single-process
|
|
+ CLEANUP: config: fix misleading information in error message.
|
|
+ MINOR: config: report the number of processes using a peers section in the error case
|
|
+ BUG/MEDIUM: config: properly compute the default number of processes for a proxy
|
|
|
|
- Added patches:
|
|
+ Add 0010-DOC-Update-doc-about-weight-act-and-bck-fields-in-th.patch
|
|
+ Add 0011-MINOR-ssl-add-a-destructor-to-free-allocated-SSL-res.patch
|
|
+ Add 0012-BUG-MEDIUM-ssl-fix-tune.ssl.default-dh-param-value-b.patch
|
|
+ Add 0013-BUG-MINOR-cfgparse-fix-typo-in-option-httplog-error-.patch
|
|
+ Add 0014-BUG-MEDIUM-cfgparse-segfault-when-userlist-is-misuse.patch
|
|
+ Add 0015-MEDIUM-ssl-replace-standards-DH-groups-with-custom-o.patch
|
|
+ Add 0016-BUG-MINOR-debug-display-null-in-place-of-meth.patch
|
|
+ Add 0017-CLEANUP-deinit-remove-codes-for-cleaning-p-block_rul.patch
|
|
+ Add 0018-BUG-MINOR-ssl-fix-smp_fetch_ssl_fc_session_id.patch
|
|
+ Add 0019-MEDIUM-init-don-t-stop-proxies-in-parent-process-whe.patch
|
|
+ Add 0020-MINOR-peers-store-the-pointer-to-the-signal-handler.patch
|
|
+ Add 0021-MEDIUM-peers-unregister-peers-that-were-never-starte.patch
|
|
+ Add 0022-MEDIUM-config-propagate-the-table-s-process-list-to-.patch
|
|
+ Add 0023-MEDIUM-init-stop-any-peers-section-not-bound-to-the-.patch
|
|
+ Add 0024-MEDIUM-config-validate-that-peers-sections-are-bound.patch
|
|
+ Add 0025-MAJOR-peers-allow-peers-section-to-be-used-with-nbpr.patch
|
|
+ Add 0026-DOC-relax-the-peers-restriction-to-single-process.patch
|
|
+ Add 0027-CLEANUP-config-fix-misleading-information-in-error-m.patch
|
|
+ Add 0028-MINOR-config-report-the-number-of-processes-using-a-.patch
|
|
+ Add 0029-BUG-MEDIUM-config-properly-compute-the-default-numbe.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 25 09:34:58 UTC 2015 - kgronlund@suse.com
|
|
|
|
- BUG/MINOR: check: fix tcpcheck error message
|
|
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
|
|
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
|
|
- CLEANUP: checks: simplify the loop processing of tcp-checks
|
|
- BUG/MAJOR: checks: always check for end of list before proceeding
|
|
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
|
|
- BUG/MEDIUM: peers: apply a random reconnection timeout
|
|
- Add 0003-BUG-MINOR-check-fix-tcpcheck-error-message.patch
|
|
- Add 0004-CLEANUP-checks-fix-double-usage-of-cur-current_step-.patch
|
|
- Add 0005-BUG-MEDIUM-checks-do-not-dereference-head-of-a-tcp-c.patch
|
|
- Add 0006-CLEANUP-checks-simplify-the-loop-processing-of-tcp-c.patch
|
|
- Add 0007-BUG-MAJOR-checks-always-check-for-end-of-list-before.patch
|
|
- Add 0008-BUG-MEDIUM-checks-do-not-dereference-a-list-as-a-tcp.patch
|
|
- Add 0009-BUG-MEDIUM-peers-apply-a-random-reconnection-timeout.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 11 19:27:33 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added 0002-BUG-MEDIUM-http-don-t-forward-client-shutdown-withou.patch
|
|
BUG/MEDIUM: http: don't forward client shutdown without NOLINGER
|
|
except for tunnels
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 4 22:02:30 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added first patch from the 1.5 branch after the update:
|
|
0001-BUG-MEDIUM-stats-properly-initialize-the-scope-befor.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 2 22:17:57 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.5.12
|
|
- BUG/MINOR: ssl: Display correct filename in error message
|
|
- DOC: Fix L4TOUT typo in documentation
|
|
- BUG/MEDIUM: Do not consider an agent check as failed on L7
|
|
error
|
|
- BUG/MINOR: pattern: error message missing
|
|
- BUG/MEDIUM: pattern: some entries are not deleted with case
|
|
insensitive match
|
|
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
|
|
- BUG/MAJOR: http: don't read past buffer's end in
|
|
http_replace_value
|
|
- BUG/MEDIUM: http: the function "(req|res)-replace-value"
|
|
doesn't respect the HTTP syntax
|
|
- BUG/MEDIUM: peers: correctly configure the client timeout
|
|
- BUG/MINOR: compression: consider the expansion factor in init
|
|
- BUG/MEDIUM: http: hdr_cnt would not count any header when
|
|
called without name
|
|
- BUG/MEDIUM: listener: don't report an error when resuming
|
|
unbound listeners
|
|
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes
|
|
only
|
|
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is
|
|
nullified
|
|
- BUG/MEDIUM: http: remove content-length from chunked messages
|
|
- DOC: http: update the comments about the rules for determining
|
|
transfer-length
|
|
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding
|
|
to HTTP/1.1
|
|
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a
|
|
bad request
|
|
- BUG/MEDIUM: http: remove content-length form responses with bad
|
|
transfer-encoding
|
|
- MEDIUM: http: restrict the HTTP version token to 1 digit as per
|
|
RFC7230
|
|
- MEDIUM: http: add option-ignore-probes to get rid of the floods
|
|
of 408
|
|
- BUG/MINOR: config: clear proxy->table.peers.p for disabled
|
|
proxies
|
|
- MINOR: stick-table: don't attach to peers in stopped state
|
|
- MEDIUM: config: initialize stick-tables after peers, not before
|
|
- MEDIUM: peers: add the ability to disable a peers section
|
|
- DOC: document option http-ignore-probes
|
|
- DOC: fix the comments about the meaning of msg->sol in HTTP
|
|
- BUG/MEDIUM: http: wait for the exact amount of body bytes in
|
|
wait_for_request_body
|
|
- BUG/MAJOR: http: prevent risk of reading past end with balance
|
|
url_param
|
|
- DOC: update the doc on the proxy protocol
|
|
- remove patches that we pulled from the 1.5 tree
|
|
0001-BUG-MINOR-pattern-error-message-missing.patch
|
|
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
|
|
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
|
|
0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
|
|
0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
|
|
0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
|
|
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
|
|
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
|
|
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
|
|
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
|
|
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
|
|
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 20 10:52:12 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pull 3 patches from upstream:
|
|
0010-BUG-MINOR-ssl-Display-correct-filename-in-error-mess.patch
|
|
0011-BUG-MEDIUM-listener-don-t-report-an-error-when-resum.patch
|
|
0012-BUG-MEDIUM-init-don-t-limit-cpu-map-to-the-first-32-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 2 10:54:29 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pull 3 patches from upstream:
|
|
0007-BUG-MEDIUM-http-the-function-req-res-replace-value-d.patch
|
|
0008-BUG-MINOR-compression-consider-the-expansion-factor-.patch
|
|
0009-BUG-MEDIUM-http-hdr_cnt-would-not-count-any-header-w.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 16 15:00:13 UTC 2015 - kgronlund@suse.com
|
|
|
|
- pull 3 patches from upstream:
|
|
- BUG/MEDIUM: peers: correctly configure the client timeout
|
|
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
|
|
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
|
|
- Add 0004-BUG-MEDIUM-peers-correctly-configure-the-client-time.patch
|
|
- Add 0005-BUG-MEDIUM-buffer-one-byte-miss-in-buffer-free-space.patch
|
|
- Add 0006-BUG-MAJOR-http-don-t-read-past-buffer-s-end-in-http_.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 5 22:10:56 UTC 2015 - mrueckert@suse.de
|
|
|
|
- added another fix from upstream:
|
|
0003-BUG-MEDIUM-Do-not-consider-an-agent-check-as-failed-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 11 12:38:06 GMT 2015 - aspiers@suse.com
|
|
|
|
- haproxy.init: fix reload and force-reload not to start a stopped
|
|
service
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 6 18:47:17 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pulled 2 patches from upstream:
|
|
0001-BUG-MINOR-pattern-error-message-missing.patch
|
|
0002-BUG-MEDIUM-pattern-some-entries-are-not-deleted-with.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 1 08:27:43 UTC 2015 - mrueckert@suse.de
|
|
|
|
- update to 1.5.11
|
|
- BUG/MEDIUM: backend: correctly detect the domain when
|
|
use_domain_only is used
|
|
- MINOR: ssl: load certificates in alphabetical order
|
|
- BUG/MINOR: checks: prevent http keep-alive with http-check
|
|
expect
|
|
- BUG/MEDIUM: Do not set agent health to zero if server is
|
|
disabled in config
|
|
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent
|
|
health is zero
|
|
- BUG/MINOR: stats:Fix incorrect printf type.
|
|
- DOC: add missing entry for log-format and clarify the text
|
|
- BUG/MEDIUM: http: fix header removal when previous header ends
|
|
with pure LF
|
|
- BUG/MEDIUM: channel: fix possible integer overflow on reserved
|
|
size computation
|
|
- BUG/MINOR: channel: compare to_forward with buf->i, not
|
|
buf->size
|
|
- MINOR: channel: add channel_in_transit()
|
|
- MEDIUM: channel: make buffer_reserved() use
|
|
channel_in_transit()
|
|
- MEDIUM: channel: make bi_avail() use channel_in_transit()
|
|
- BUG/MEDIUM: channel: don't schedule data in transit for leaving
|
|
until connected
|
|
- BUG/MAJOR: log: don't try to emit a log if no logger is set
|
|
- BUG/MINOR: args: add missing entry for ARGT_MAP in
|
|
arg_type_names
|
|
- BUG/MEDIUM: http: make http-request set-header compute the
|
|
string before removal
|
|
- BUG/MINOR: http: fix incorrect header value offset in
|
|
replace-hdr/replace-value
|
|
- BUG/MINOR: http: abort request processing on filter failure
|
|
- drop patch included in update:
|
|
0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 6 09:28:16 UTC 2015 - mrueckert@suse.de
|
|
|
|
- pull fix from usptream:
|
|
0001-BUG-MEDIUM-backend-correctly-detect-the-domain-when-.patch
|
|
BUG/MEDIUM: backend: correctly detect the domain when
|
|
use_domain_only is used
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 31 22:17:18 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.10
|
|
- DOC: fix a few typos
|
|
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407
|
|
Unauthorized"
|
|
- BUG/MINOR: parse: refer curproxy instead of proxy
|
|
- DOC: httplog does not support 'no'
|
|
- MINOR: map/acl/dumpstats: remove the "Done." message
|
|
- BUG/MEDIUM: sample: fix random number upper-bound
|
|
- BUG/MEDIUM: patterns: previous fix was incomplete
|
|
- BUG/MEDIUM: payload: ensure that a request channel is available
|
|
- BUG/MINOR: tcp-check: don't condition data polling on check
|
|
type
|
|
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
|
|
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is
|
|
an expect
|
|
- BUG/MINOR: config: fix typo in condition when propagating
|
|
process binding
|
|
- BUG/MEDIUM: config: do not propagate processes between stopped
|
|
processes
|
|
- BUG/MAJOR: stream-int: properly check the memory allocation
|
|
return
|
|
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
|
|
- BUG/MEDIUM: compression: correctly report zlib_mem
|
|
- drop patches that we pulled from git before:
|
|
0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
|
|
0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
|
|
0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
|
|
0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
|
|
0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
|
|
0006-DOC-fix-a-few-typos.patch
|
|
0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
|
|
0008-DOC-httplog-does-not-support-no.patch
|
|
0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
|
|
0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
|
|
0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
|
|
0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 20 01:20:07 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pulled some more fixes from git:
|
|
0003-BUG-MINOR-tcp-check-don-t-condition-data-polling-on-.patch
|
|
0004-BUG-MEDIUM-tcp-check-don-t-rely-on-random-memory-con.patch
|
|
0005-BUG-MEDIUM-tcp-checks-disable-quick-ack-unless-next-.patch
|
|
0006-DOC-fix-a-few-typos.patch
|
|
0007-BUG-MEDIUM-sample-fix-random-number-upper-bound.patch
|
|
0008-DOC-httplog-does-not-support-no.patch
|
|
0009-BUG-MINOR-http-fix-typo-401-Unauthorized-407-Unautho.patch
|
|
0010-BUG-MINOR-parse-refer-curproxy-instead-of-proxy.patch
|
|
0011-BUG-MINOR-config-fix-typo-in-condition-when-propagat.patch
|
|
0012-BUG-MEDIUM-config-do-not-propagate-processes-between.patch
|
|
|
|
see patch headers for details.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 28 18:21:43 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pulled 2 fixes from git:
|
|
- 0001-BUG-MEDIUM-patterns-previous-fix-was-incomplete.patch
|
|
Dmitry Sivachenko <trtrmitya@gmail.com> reported that commit
|
|
315ec42 ("BUG/MEDIUM: pattern: don't load more than once a
|
|
pattern list.") relies on an uninitialised variable in the
|
|
stack. While it used to work fine during the tests, if the
|
|
uninitialized variable is non-null, some patterns may be
|
|
aggregated if loaded multiple times, resulting in slower
|
|
processing, which was the original issue it tried to address.
|
|
- 0002-BUG-MEDIUM-payload-ensure-that-a-request-channel-is-.patch
|
|
Denys Fedoryshchenko reported a segfault when using certain
|
|
sample fetch functions in the "tcp-request connection" rulesets
|
|
despite the warnings. This is because some tests for the
|
|
existence of the channel were missing.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 26 12:29:42 UTC 2014 - ledest@gmail.com
|
|
|
|
- fix bashisms in example scripts
|
|
- add patches:
|
|
* haproxy-1.5.8-fix-bashisms.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.9
|
|
- BUILD: fix "make install" to support spaces in the install dirs
|
|
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl
|
|
healthchecks
|
|
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in
|
|
case of OOM.
|
|
- BUG/MINOR: samples: fix unnecessary memcopy converting binary
|
|
to string.
|
|
- BUG/MEDIUM: connection: sanitize PPv2 header length before
|
|
parsing address information
|
|
- BUG/MEDIUM: pattern: don't load more than once a pattern list.
|
|
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
|
- BUG/MINOR: config: don't inherit the default balance algorithm
|
|
in frontends
|
|
- BUG/MAJOR: frontend: initialize capture pointers earlier
|
|
- BUG/MINOR: stats: correctly set the request/response analysers
|
|
- DOC: fix typo in the body parser documentation for msg.sov
|
|
- BUG/MINOR: peers: the buffer size is global.tune.bufsize, not
|
|
trash.size
|
|
- MINOR: sample: add a few basic internal fetches (nbproc, proc,
|
|
stopping)
|
|
- BUG/MAJOR: sessions: unlink session from list on out of memory
|
|
- Drop patches pulled from git
|
|
- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
|
- 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
|
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
|
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
|
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
|
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUILD: fix "make install" to support spaces in the install dirs
|
|
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
|
|
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
|
|
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
|
|
- BUG/MINOR: config: don't inherit the default balance algorithm in frontends
|
|
- BUG/MAJOR: frontend: initialize capture pointers earlier
|
|
|
|
- Add patches:
|
|
- 0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch
|
|
- 0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch
|
|
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
|
|
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
|
|
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
|
|
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 09 21:52:00 UTC 2014 - Led <ledest@gmail.com>
|
|
|
|
- fix bashisms in pre script
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 31 22:24:27 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.8
|
|
- BUG/MAJOR: buffer: check the space left is enough or not when
|
|
input data in a buffer is wrapped
|
|
- BUG/BUILD: revert accidental change in the makefile from latest
|
|
SSL fix
|
|
- changes in 1.5.7
|
|
- BUG/MEDIUM: regex: fix pcre_study error handling
|
|
- BUG/MINOR: log: fix request flags when keep-alive is enabled
|
|
- MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return
|
|
DER formatted certs
|
|
- MINOR: ssl: add statement to force some ssl options in global.
|
|
- BUG/MINOR: ssl: correctly initialize ssl ctx for invalid
|
|
certificates
|
|
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
|
|
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon
|
|
error
|
|
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
|
|
- BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET
|
|
sockets
|
|
- Dropped patches:
|
|
- 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
|
|
- 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
|
|
- 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
|
|
- 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 29 08:07:07 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
|
|
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
|
|
- BUG/MINOR: log: fix request flags when keep-alive is enabled
|
|
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
|
|
|
|
- Added patches:
|
|
- 0001-BUG-MEDIUM-http-don-t-dump-debug-headers-on-MSG_ERRO.patch
|
|
- 0002-BUG-MAJOR-cli-explicitly-call-cli_release_handler-up.patch
|
|
- 0003-BUG-MINOR-log-fix-request-flags-when-keep-alive-is-e.patch
|
|
- 0004-BUG-MEDIUM-tcp-fix-outgoing-polling-based-on-proxy-p.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 18 18:23:29 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.6
|
|
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
|
|
- MINOR: systemd: Check configuration before start
|
|
- BUG/MEDIUM: config: avoid skipping disabled proxies
|
|
- BUG/MINOR: config: do not accept more track-sc than configured
|
|
- BUG/MEDIUM: backend: fix URI hash when a query string is present
|
|
- dropped patches that were pulled from upstream
|
|
0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch
|
|
0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
|
|
0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
|
|
0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch
|
|
- dropped patch we sent upstream
|
|
haproxy-1.5_check_config_before_start.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 17 16:03:39 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MINOR: config: do not accept more track-sc than configured
|
|
- BUG/MEDIUM: backend: fix URI hash when a query string is present
|
|
- Add patch: 0004-BUG-MINOR-config-do-not-accept-more-track-sc-than-co.patch
|
|
- Add patch: 0005-BUG-MEDIUM-backend-fix-URI-hash-when-a-query-string-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 10 20:01:33 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: config: avoid skipping disabled proxies
|
|
- Add patch: 0001-BUG-MEDIUM-config-avoid-skipping-disabled-proxies.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 9 14:24:45 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Fix check config before start patch to apply after previous patch
|
|
- Update patch: haproxy-1.5_check_config_before_start.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 9 14:14:35 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
|
|
- Add patch:
|
|
- 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 8 12:53:41 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.5.5
|
|
- DOC: indicate that weight zero is reported as DRAIN
|
|
- DOC: Address issue where documentation is excluded due to a gitignore rule
|
|
- This update includes all previous patches since 1.5.4
|
|
|
|
- Removed patches:
|
|
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
|
|
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
|
|
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
|
|
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
|
|
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
|
|
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
|
|
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
|
|
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
|
|
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
|
|
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
|
|
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
|
|
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
|
|
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
|
|
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
|
|
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
|
|
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
|
|
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
|
|
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
|
|
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
|
|
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 6 09:09:58 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Backported fixes:
|
|
- BUG/MEDIUM: http: adjust close mode when switching to backend
|
|
- BUG/MINOR: config: don't propagate process binding on fatal errors.
|
|
- BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
|
|
- BUG/MINOR: tcp-check: report the correct failed step in the status
|
|
- BUG/MINOR: config: don't propagate process binding for dynamic use_backend
|
|
|
|
- Added patches:
|
|
- 0016-BUG-MEDIUM-http-adjust-close-mode-when-switching-to-.patch
|
|
- 0017-BUG-MINOR-config-don-t-propagate-process-binding-on-.patch
|
|
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
|
|
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
|
|
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 25 16:10:08 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Backported fixes (bnc#898498):
|
|
- DOC: clearly state that the "show sess" output format is not fixed
|
|
- MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
|
|
- MEDIUM: Improve signal handling in systemd wrapper.
|
|
- MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
|
|
- DOC: indicate in the doc that track-sc* can wait if data are missing
|
|
- MEDIUM: http: enable header manipulation for 101 responses
|
|
- BUG/MEDIUM: config: propagate frontend to backend process binding again.
|
|
- MEDIUM: config: properly propagate process binding between proxies
|
|
- MEDIUM: config: make the frontends automatically bind to the listeners' processes
|
|
- MEDIUM: config: compute the exact bind-process before listener's maxaccept
|
|
- MEDIUM: config: only warn if stats are attached to multi-process bind directives
|
|
- MEDIUM: config: report it when tcp-request rules are misplaced
|
|
- MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
|
|
- MEDIUM: systemd-wrapper: support multiple executable versions and names
|
|
- BUG/MEDIUM: remove debugging code from systemd-wrapper
|
|
|
|
- Added patches:
|
|
- 0001-DOC-clearly-state-that-the-show-sess-output-format-i.patch
|
|
- 0002-MINOR-stats-fix-minor-typo-fix-in-stats_dump_errors_.patch
|
|
- 0003-MEDIUM-Improve-signal-handling-in-systemd-wrapper.patch
|
|
- 0004-MINOR-Also-accept-SIGHUP-SIGTERM-in-systemd-wrapper.patch
|
|
- 0005-DOC-indicate-in-the-doc-that-track-sc-can-wait-if-da.patch
|
|
- 0006-MEDIUM-http-enable-header-manipulation-for-101-respo.patch
|
|
- 0007-BUG-MEDIUM-config-propagate-frontend-to-backend-proc.patch
|
|
- 0008-MEDIUM-config-properly-propagate-process-binding-bet.patch
|
|
- 0009-MEDIUM-config-make-the-frontends-automatically-bind-.patch
|
|
- 0010-MEDIUM-config-compute-the-exact-bind-process-before-.patch
|
|
- 0011-MEDIUM-config-only-warn-if-stats-are-attached-to-mul.patch
|
|
- 0012-MEDIUM-config-report-it-when-tcp-request-rules-are-m.patch
|
|
- 0013-MINOR-config-detect-the-case-where-a-tcp-request-con.patch
|
|
- 0014-MEDIUM-systemd-wrapper-support-multiple-executable-v.patch
|
|
- 0015-BUG-MEDIUM-remove-debugging-code-from-systemd-wrappe.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 3 07:35:14 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.5.4 (bnc#895849 CVE-2014-6269)
|
|
- BUG: config: error in http-response replace-header number of arguments
|
|
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
|
|
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
|
|
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
|
|
- MEDIUM: connection: add new bit in Proxy Protocol V2
|
|
- BUG/MINOR: server: move the directive #endif to the end of file
|
|
- BUG/MEDIUM: http: tarpit timeout is reset
|
|
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
|
|
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
|
|
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
|
|
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
|
|
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
|
|
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
|
|
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
|
|
|
|
- Dropped patches:
|
|
- 0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
|
|
- 0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
|
|
- 0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
|
|
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
|
|
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 22 14:38:59 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pull 2 more fixes from git:
|
|
- 0004-BUG-config-error-in-http-response-replace-header-num.patch
|
|
A couple of typo fixed in 'http-response replace-header':
|
|
- an error when counting the number of arguments
|
|
- a typo in the alert message
|
|
- 0005-BUG-MEDIUM-http-tarpit-timeout-is-reset.patch
|
|
Before the commit bbba2a8ecc35daf99317aaff7015c1931779c33b
|
|
(1.5-dev24-8), the tarpit section set timeout and return, after
|
|
this commit, the tarpit section set the timeout, and go to the
|
|
"done" label which reset the timeout.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 30 09:47:38 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pull important fixes from git:
|
|
0001-BUG-MINOR-server-move-the-directive-endif-to-the-end.patch
|
|
0002-BUG-MINOR-Fix-search-for-p-argument-in-systemd-wrapp.patch
|
|
0003-BUG-MAJOR-tcp-fix-a-possible-busy-spinning-loop-in-c.patch
|
|
Especially the last patch is important:
|
|
As a consequence of various recent changes on the sample
|
|
conversion, a corner case has emerged where it is possible to
|
|
wait forever for a sample in track-sc*.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 28 11:33:14 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.5.3
|
|
- DOC: fix typo in Unix Socket commands
|
|
- BUG/MEDIUM: connection: fix memory corruption when building a proxy v2 header
|
|
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
|
|
- DOC: mention that Squid correctly responds 400 to PPv2 header
|
|
- BUG/MINOR: http: base32+src should use the big endian version of base32
|
|
- BUG/MEDIUM: connection: fix proxy v2 header again!
|
|
- Removed backported patches:
|
|
- 0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
|
- 0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
|
- 0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
|
- 0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
|
- 0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch
|
|
- 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 21 13:45:40 UTC 2014 - mrueckert@suse.de
|
|
|
|
- added 0006-BUG-MEDIUM-connection-fix-proxy-v2-header-again.patch:
|
|
Last commit 77d1f01 ("BUG/MEDIUM: connection: fix memory
|
|
corruption when building a proxy v2 header") was wrong, using
|
|
&cn_trash instead of cn_trash resulting in a warning and the
|
|
client's SSL cert CN not being stored at the proper location.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 18 15:01:53 UTC 2014 - mrueckert@suse.de
|
|
|
|
- added
|
|
0005-BUG-MEDIUM-connection-fix-memory-corruption-when-bui.patch:
|
|
BUG/MEDIUM: connection: fix memory corruption when building a
|
|
proxy v2 header
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 17 10:45:28 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pulled a few fixes from the 1.5 branch: most notable the DHE
|
|
memleak fix. Adds the following patches:
|
|
0001-DOC-mention-that-Squid-correctly-responds-400-to-PPv.patch
|
|
0002-DOC-fix-typo-in-Unix-Socket-commands.patch
|
|
0003-BUG-MEDIUM-ssl-Fix-a-memory-leak-in-DHE-key-exchange.patch
|
|
0004-BUG-MINOR-http-base32-src-should-use-the-big-endian-.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 12 16:56:27 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.2
|
|
- BUG/MEDIUM: backend: Update hash to use unsigned int throughout
|
|
- BUG/MINOR: ssl: Fix external function in order not to return a
|
|
pointer on an internal trash buffer.
|
|
- DOC: expand the docs for the provided stats.
|
|
- BUG/MEDIUM: unix: do not unlink() abstract namespace sockets
|
|
upon failure.
|
|
- MINOR: stats: fix minor typo in HTML page
|
|
- BUG/MEDIUM: http: fetch "base" is not compatible with
|
|
set-header
|
|
- BUG/MINOR: counters: do not untrack counters before logging
|
|
- BUG/MAJOR: sample: correctly reinitialize sample fetch context
|
|
before calling sample_process()
|
|
- MINOR: stick-table: make stktable_fetch_key() indicate why it
|
|
failed
|
|
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable
|
|
contents
|
|
- BUILD: remove TODO from the spec file and add README
|
|
- MINOR: log: make MAX_SYSLOG_LEN overridable at build time
|
|
- MEDIUM: log: support a user-configurable max log line length
|
|
- DOC: provide an example of how to use ssl_c_sha1
|
|
- BUILD: http: fix isdigit & isspace warnings on Solaris
|
|
- BUG/MINOR: listener: set the listener's fd to -1 after deletion
|
|
- BUG/MEDIUM: unix: failed abstract socket binding is retryable
|
|
- MEDIUM: listener: implement a per-protocol pause() function
|
|
- MEDIUM: listener: support rebinding during resume()
|
|
- BUG/MEDIUM: unix: completely unbind abstract sockets during a
|
|
pause()
|
|
- DOC: explicitly mention the limits of abstract namespace
|
|
sockets
|
|
- DOC: minor fix on {sc,src}_kbytes_{in,out}
|
|
- DOC: fix alphabetical sort of converters
|
|
- BUG/MAJOR: http: correctly rewind the request body after start
|
|
of forwarding
|
|
- DOC: remove references to CPU=native in the README
|
|
- DOC: mention that "compression offload" is ignored in defaults
|
|
section
|
|
- drop patches including in version upgrade.
|
|
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
|
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
|
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
|
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
|
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
|
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
|
- use www.haproxy.org now instead of the old domain which is just
|
|
redirecting to haproxy.org now.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 1 12:13:33 UTC 2014 - kgronlund@suse.com
|
|
|
|
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
|
|
- MINOR: stick-table: make stktable_fetch_key() indicate why it failed
|
|
- BUG/MAJOR: sample: correctly reinitialize sample fetch context before calling sample_process()
|
|
- BUG/MINOR: counters: do not untrack counters before logging
|
|
- BUG/MINOR: ssl: Fix external function in order not to return a pointer on an internal trash buffer.
|
|
- BUG/MEDIUM: http: fetch "base" is not compatible with set-header
|
|
|
|
- Add patches:
|
|
- 0001-BUG-MEDIUM-http-fetch-base-is-not-compatible-with-se.patch
|
|
- 0002-BUG-MINOR-ssl-Fix-external-function-in-order-not-to-.patch
|
|
- 0003-BUG-MINOR-counters-do-not-untrack-counters-before-lo.patch
|
|
- 0004-BUG-MAJOR-sample-correctly-reinitialize-sample-fetch.patch
|
|
- 0005-MINOR-stick-table-make-stktable_fetch_key-indicate-w.patch
|
|
- 0006-BUG-MEDIUM-counters-fix-track-sc-to-wait-on-unstable.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 15:55:48 UTC 2014 - mrueckert@suse.de
|
|
|
|
- install the vim file into the versioned directory and dont cover
|
|
the current symlink with a directory
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 13:00:39 UTC 2014 - mrueckert@suse.de
|
|
|
|
- add Requires to vim to make the ownership of the vim directory
|
|
clear and not break any symlink handling the vim package might
|
|
use.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.1
|
|
- BUG/MINOR: config: http-request replace-header arg typo
|
|
- BUG/MINOR: ssl: rejects OCSP response without nextupdate.
|
|
- BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses.
|
|
- BUG/MINOR: ssl: Fix OCSP resp update fails with the same
|
|
certificate configured twice. (cherry picked from commit
|
|
1d3865b096b43b9a6d6a564ffb424ffa6f1ef79f)
|
|
- BUG/MEDIUM: Consistently use 'check' in process_chk
|
|
- BUG/MAJOR: session: revert all the crappy client-side timeout
|
|
changes
|
|
- BUG/MINOR: logs: properly initialize and count log sockets
|
|
- drop haproxy-1.5.0_consistently_use_check.patch:
|
|
included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Install vim file to a more appropriate location
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com
|
|
|
|
- added pre macro for systemd service file
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com
|
|
|
|
- Use better systemd detection consistently
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 22 19:48:11 UTC 2014 - mrueckert@suse.de
|
|
|
|
- pull commit 9ac7cabaf9945fb92c96cb92f5ea85235f54f7d6:
|
|
Consistently use 'check' in process_chk
|
|
I am not entirely sure that this is a bug, but it seems
|
|
to me that it may cause a problem if there agent-check is
|
|
configured and there is some kind of error making a connection
|
|
for it.
|
|
adds patch haproxy-1.5.0_consistently_use_check.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 20 14:37:21 UTC 2014 - mrueckert@suse.de
|
|
|
|
- update to 1.5.0
|
|
For people who don't follow the development versions, 1.5 expands
|
|
1.4 with many new features and performance improvements,
|
|
including native SSL support on both sides with SNI/NPN/ALPN and
|
|
OCSP stapling, IPv6 and UNIX sockets are supported everywhere,
|
|
full HTTP keep-alive for better support of NTLM and improved
|
|
efficiency in static farms, HTTP/1.1 compression (deflate, gzip)
|
|
to save bandwidth, PROXY protocol versions 1 and 2 on both sides,
|
|
data sampling on everything in request or response, including
|
|
payload, ACLs can use any matching method with any input sample
|
|
maps and dynamic ACLs updatable from the CLI stick-tables support
|
|
counters to track activity on any input sample custom format for
|
|
logs, unique-id, header rewriting, and redirects, improved health
|
|
checks (SSL, scripted TCP, check agent, ...), much more scalable
|
|
configuration supports hundreds of thousands of backends and
|
|
certificates without sweating.
|
|
|
|
For all the details see /usr/share/doc/packages/haproxy/CHANGELOG
|
|
|
|
- enable tcp fast open if the kernel is recent enough
|
|
- enable PCRE JIT if PCRE is recent enough
|
|
- enable openssl support!
|
|
- haproxy can finally terminate ssl itself and also talk SSL to
|
|
the backend servers.
|
|
- including SNI/NPN/ALPN support.
|
|
new buildrequires openssl and pkgconfig
|
|
- enable deflate support
|
|
new buildrequires zlib-devel
|
|
- enable transparent proxy support
|
|
- enable usage of accept4. reduces the syscall amount.
|
|
- enable building and installing of halog
|
|
- install vim file into the correct place
|
|
- dropped patches:
|
|
0001-MEDIUM-add-systemd-service.patch
|
|
0002-MEDIUM-add-haproxy-systemd-wrapper.patch
|
|
0003-MEDIUM-New-cli-option-Ds-for-systemd-compatibility.patch
|
|
0004-BUG-MEDIUM-systemd-wrapper-don-t-leak-zombie-process.patch
|
|
0005-BUILD-stdbool-is-not-portable-again.patch
|
|
0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
|
|
0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
|
|
0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
|
|
0009-openSUSE-Configure-haproxy-user.patch
|
|
0010-openSUSE-Fix-path-to-PCRE-library.patch
|
|
0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
|
|
0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
|
|
0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
|
|
0014-MINOR-systemd-wrapper-improve-logging.patch
|
|
0015-MINOR-systemd-wrapper-propagate-exit-status.patch
|
|
- added haproxy-1.2.16_config_haproxy_user.patch:
|
|
(replaces 0009-openSUSE-Configure-haproxy-user.patch)
|
|
- added haproxy-1.5_check_config_before_start.patch:
|
|
systemd allows us to run other things before we start the final
|
|
daemon. use this to check the configuration before launching.
|
|
- added haproxy-makefile_lib.patch
|
|
(replaces 0010-openSUSE-Fix-path-to-PCRE-library.patch)
|
|
- added sec-options.patch:
|
|
allow it more easily to build haproxy with PIE, stackprotector
|
|
and relro. all those options are enabled on our build.
|
|
- added apparmor profile
|
|
usr.sbin.haproxy.apparmor
|
|
local.usr.sbin.haproxy.apparmor
|
|
- change the conditionals for systemd to use bcond_with to make it
|
|
more obvious what we are guarding.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 21 10:50:21 UTC 2014 - jsegitz@novell.com
|
|
|
|
- added necessary macros for systemd files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 6 06:12:08 UTC 2014 - kgronlund@suse.com
|
|
|
|
- update to 1.4.25 (bnc#876438)
|
|
- DOC: typo: nosepoll self reference in config guide
|
|
- BUG/MINOR: deinit: free fdinfo while doing cleanup
|
|
- BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
|
|
- BUG/MINOR: use the same check condition for server as other algorithms
|
|
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv()
|
|
- BUG/MINOR: fix forcing fastinter in "on-error"
|
|
- BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
|
|
- BUG/MAJOR: http: don't emit the send-name-header when no server is available
|
|
- BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
|
|
- MEDIUM: session: disable lingering on the server when the client aborts
|
|
- MINOR: config: warn when a server with no specific port uses rdp-cookie
|
|
- MEDIUM: increase chunk-size limit to 2GB-1
|
|
- DOC: add a mention about the limited chunk size
|
|
- MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
|
|
- BUILD: proto_tcp: remove a harmless warning
|
|
- BUG/MINOR: acl: remove patterns from the tree before freeing them
|
|
- BUG/MEDIUM: checks: fix slow start regression after fix attempt
|
|
- BUG/MAJOR: server: weight calculation fails for map-based algorithms
|
|
- BUG/MINOR: backend: fix target address retrieval in transparent mode
|
|
- BUG/MEDIUM: stick: completely remove the unused flag from the store entries
|
|
- BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
|
|
- BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
|
|
- BUG/MINOR: stats: report correct throttling percentage for servers in slowstart
|
|
- BUG/MINOR: stats: correctly report throttle rate of low weight servers
|
|
- BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
|
|
- BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
|
|
- BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
|
|
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN
|
|
- BUG/MEDIUM: http: don't start to forward request data before the connect
|
|
- DOC: fix misleading information about SIGQUIT
|
|
- BUILD: simplify the date and version retrieval in the makefile
|
|
- BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
|
|
- BUILD: use format tags in VERDATE and SUBVERS files
|
|
|
|
- Reorganized patches and backported fixes for systemd wrapper:
|
|
- Renamed 0006-haproxy-1.2.16_config_haproxy_user.patch to 0009-openSUSE-Configure-haproxy-user.patch
|
|
- Renamed 0007-haproxy-makefile_lib.patch to 0010-openSUSE-Fix-path-to-PCRE-library.patch
|
|
- Removed 0008-MEDIUM-haproxy-systemd-wrapper-Revised-implementatio.patch
|
|
- Added 0006-MEDIUM-haproxy-systemd-wrapper-Use-haproxy-in-same-d.patch
|
|
- Added 0007-MEDIUM-systemd-wrapper-Kill-child-processes-when-int.patch
|
|
- Added 0008-LOW-systemd-wrapper-Write-debug-information-to-stdou.patch
|
|
- Added 0011-BUILD-MINOR-systemd-fix-compiler-warning-about-unuse.patch
|
|
- Added 0012-BUG-MEDIUM-systemd-wrapper-fix-locating-of-haproxy-b.patch
|
|
- Added 0013-MINOR-systemd-wrapper-re-execute-on-SIGUSR2.patch
|
|
- Added 0014-MINOR-systemd-wrapper-improve-logging.patch
|
|
- Added 0015-MINOR-systemd-wrapper-propagate-exit-status.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 22 09:54:48 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Backport haproxy-systemd-wrapper from upstream
|
|
- Patch haproxy-systemd-wrapper to work on openSUSE
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 12:46:04 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Remove duplicate Requires: from .spec file.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 12:41:12 UTC 2013 - kgronlund@suse.com
|
|
|
|
- Re-enable sysvinit support for older versions
|
|
(server:http still builds for older versions)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 28 14:32:00 UTC 2013 - p.drouand@gmail.com
|
|
|
|
- Add systemd support
|
|
Target distributions all support systemd; keep alive sysvinit support
|
|
is useless
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com
|
|
|
|
- license update: GPL-2.0+ and LGPL-2.1+
|
|
only header files are LGPL, the rest is still GPL
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de
|
|
|
|
- update to 1.4.24 (bnc#825412)
|
|
- BUG/MAJOR: backend: consistent hash can loop forever in certain
|
|
circumstances
|
|
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks
|
|
are used
|
|
- MEDIUM: protocol: implement a "drain" function in protocol
|
|
layers
|
|
- BUG/CRITICAL: fix a possible crash when using negative header
|
|
occurrences CVE-2013-2175
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 3 14:47:43 UTC 2013 - mrueckert@suse.de
|
|
|
|
- update to 1.4.23 CVE-2013-1912
|
|
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
|
|
- BUG: fix garbage data when http-send-name-header replaces an
|
|
existing header
|
|
- BUG/MEDIUM: remove supplementary groups when changing gid
|
|
- BUG/MINOR: Correct logic in cut_crlf()
|
|
- BUG/MINOR: config: use a copy of the file name in proxy
|
|
configurations
|
|
- BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
|
|
- MINOR: halog: sort output by cookie code
|
|
- BUG/MINOR: halog: -ad/-ac report the correct number of output
|
|
lines
|
|
- BUG/MINOR: halog: fix help message for -ut/-uto
|
|
- BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel
|
|
mode
|
|
- BUG/MEDIUM: command-line option -D must have precedence over
|
|
"debug"
|
|
- OPTIM: halog: keep a fast path for the lines-count only
|
|
- MINOR: halog: add a parameter to limit output line count
|
|
- BUG: halog: fix broken output limitation
|
|
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
|
|
- MEDIUM: checks: prevent TIME_WAITs from appearing also on
|
|
timeouts
|
|
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the
|
|
back-ref list
|
|
- BUG/MINOR: http: don't report client aborts as server errors
|
|
- BUG/MINOR: http: don't log a 503 on client errors while waiting
|
|
for requests
|
|
- BUG/MEDIUM: tcp: process could theorically crash on lack of
|
|
source ports
|
|
- BUG/MINOR: http: don't abort client connection on premature
|
|
responses
|
|
- BUILD: no need to clean up when making git-tar
|
|
- MINOR: http: always report PR-- flags for redirect rules
|
|
- BUG/MINOR: time: frequency counters are not totally accurate
|
|
- BUG/MINOR: http: don't process abortonclose when request was
|
|
sent
|
|
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
|
|
- BUG/MINOR: config: fix improper check for failed memory alloc
|
|
in ACL parser
|
|
- BUG/MEDIUM: checks: ensure the health_status is always within
|
|
bounds
|
|
- CLEANUP: http: remove a useless null check
|
|
- BUG/MEDIUM: signal: signal handler does not properly check for
|
|
signal bounds
|
|
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on
|
|
memory shortage
|
|
- CLEANUP: config: slowstart is never negative
|
|
- BUILD: improve the makefile's support for libpcre
|
|
- BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
|
|
- MEDIUM: halog: add support for counting per source address
|
|
(-ic)
|
|
- DOC: mention the new HTTP 307 and 308 redirect statues
|
|
(cherry picked from commit
|
|
b67fdc4cd8bde202f2805d98683ddab929469a05)
|
|
- MEDIUM: poll: do not use FD_* macros anymore
|
|
- BUG/MAJOR: ev_select: disable the select() poller if maxsock >
|
|
FD_SETSIZE
|
|
- BUILD: enable poll() by default in the makefile
|
|
- BUILD: add explicit support for Mac OS/X
|
|
- BUG/CRITICAL: using HTTP information in tcp-request content may
|
|
crash the process CVE-2013-1912
|
|
- MEDIUM: http: implement redirect 307 and 308
|
|
- MINOR: http: status 301 should not be marked non-cacheable
|
|
- adapt haproxy-makefile_lib.patch to the rewritten Makefile
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de
|
|
|
|
- switch license tag to spdx format.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de
|
|
|
|
- update to 1.4.22
|
|
- BUG/MEDIUM: option forwardfor if-none doesn't work with some
|
|
configurations
|
|
- MINOR: balance uri: added 'whole' parameter to include query
|
|
string in hash calculation
|
|
- DOC: specify the default value for maxconn in the context of a
|
|
proxy
|
|
- BUG/MINOR: checks: expire on timeout.check if smaller than
|
|
timeout.connect
|
|
- REORG/MINOR: use dedicated proxy flags for the cookie handling
|
|
- BUG/MINOR: config: do not report twice the incompatibility
|
|
between cookie and non-http
|
|
- MINOR: http: add support for "httponly" and "secure" cookie
|
|
attributes
|
|
- MEDIUM: stats: add support for soft stop/soft start in the
|
|
admin interface
|
|
- BUILD: add support for linux kernels >= 2.6.28
|
|
- MINOR: contrib/iprange: add a network IP range to mask
|
|
converter
|
|
- BUILD: add an AIX 5.2 (and later) target.
|
|
- MINOR: halog: use the more recent dual-mode fgets2
|
|
implementation
|
|
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on
|
|
full-length matches
|
|
- CLEANUP: halog: make clean should also remove .o files
|
|
(cherry picked from commit
|
|
8ad4193100aafa19f04929670371bf823dbe11d0)
|
|
- OPTIM: halog: make use of memchr() on platforms which provide a
|
|
fast one
|
|
- OPTIM: halog: improve cold-cache behaviour when loading a file
|
|
- [MINOR] config: make it possible to specify a cookie even
|
|
without a server
|
|
- MINOR: config: tolerate server "cookie" setting in non-HTTP
|
|
mode
|
|
- BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de
|
|
|
|
- fix description in the init script
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.21 (bnc#763833) CVE-2012-2391
|
|
- MINOR: patch for minor typo (ressources/resources)
|
|
- CLEANUP: fix typo in findserver() log message
|
|
- DOC: cleanup indentation, alignment, columns and chapters
|
|
- DOC: fix some keywords arguments documentation
|
|
- MINOR: stats admin: allow unordered parameters in POST requests
|
|
- MINOR: stats admin: use the backend id instead of its name in
|
|
the form
|
|
- BUG/MAJOR: trash must always be the size of a buffer
|
|
- DOC: fix minor regex example issue and improve doc on stats
|
|
- BUG/MAJOR: possible crash when using capture headers on TCP
|
|
frontends
|
|
- MINOR: config: disable header captures in TCP mode and complain
|
|
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
|
|
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
|
|
- CLEANUP: remove a few warning about unchecked return values in
|
|
debug code
|
|
- CLEANUP: http: remove unused http_msg->col
|
|
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
|
|
- BUG/MAJOR: checks: don't call set_server_status_* when no LB
|
|
algo is set
|
|
- MINOR: proxy: make findproxy() return proxies from numeric IDs
|
|
too
|
|
- BUILD: http: stop gcc-4.1.2 from complaining about possibly
|
|
uninitialized values
|
|
- BUG/MINOR: stop connect timeout when connect succeeds
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.20:
|
|
- BUG/MINOR: fix typo in processing of http-send-name-header
|
|
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
|
|
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
|
|
- MINOR: halog: add some help on the command line (cherry picked from
|
|
commit 615674cdec067066a42f53f5d55628ab7b207e6c)
|
|
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
|
|
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
|
|
- BUG: checks: fix server maintenance exit sequence
|
|
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on
|
|
partial writes
|
|
- DOC: enumerate valid status codes for "observe layer7"
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 8 15:30:58 UTC 2012 - mrueckert@suse.de
|
|
|
|
- update to 1.4.19
|
|
- MEDIUM: http: add support for sending the server's name in the
|
|
outgoing request
|
|
- BUG/MINOR: fix options forwardfor if-none when an alternative
|
|
header name is specified
|
|
- MINOR: task: new function task_schedule() to schedule a wake up
|
|
- BUG/MEDIUM: checks: fix slowstart behaviour when server
|
|
tracking is in use
|
|
- BUG: tcp: option nolinger does not work on backends
|
|
- BUG: ebtree: ebst_lookup() could return the wrong entry
|
|
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP
|
|
requests
|
|
- CLEANUP: ebtree: remove a few annoying signedness warnings
|
|
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates
|
|
insertion code
|
|
- CLEANUP: ebtree: remove another typo, a wrong initialization in
|
|
insertion code
|
|
- BUG: proto_tcp: set AF_INET on tproxy for use with recent
|
|
kernels
|
|
- MINOR: halog: add support for matching queued requests
|
|
- BUG: http: tighten the list of allowed characters in a URI
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 9 12:09:33 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to 1.4.18
|
|
- [MINOR] http: *_dom matching header functions now also split on
|
|
":"
|
|
- [MINOR] halog: support backslash-escaped quotes
|
|
- BUILD/MINOR: fix the source URL in the spec file
|
|
- DOC: acl is http_first_req, not http_req_first
|
|
- BUG/MEDIUM: don't trim last spaces from headers consisting only
|
|
of spaces
|
|
- MINOR: acl: add new matches for header/path/url length
|
|
- [MINOR] halog: do not consider byte 0x8A as end of line
|
|
- [OPTIM] halog: make fgets parse more bytes by blocks
|
|
- [OPTIM] halog: add assembly version of the field lookup code
|
|
- [CLEANUP] startup: report only the basename in the usage
|
|
message
|
|
- [DOC] update the README file to reflect new naming rules for
|
|
patches
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.17:
|
|
- [MINOR] halog: add support for termination code matching (-tcn/-TCN)
|
|
- [MINOR] halog: make SKIP_CHAR stop on field delimiters
|
|
- [MINOR] halog: add support for HTTP log matching (-H)
|
|
- [MINOR] halog: gain back performance before SKIP_CHAR fix
|
|
- [OPTIM] halog: cache some common fields positions
|
|
- [OPTIM] halog: check once for correct line format and reuse the pointer
|
|
- [OPTIM] halog: remove many 'if' by using a function pointer for the filters
|
|
- [OPTIM] halog: remove support for tab delimiters in input data
|
|
- [MINOR] halog: add -hs/-HS to filter by HTTP status code range
|
|
- [CLEANUP] update the year in the copyright banner
|
|
- [BUG] check: http-check expect + regex would crash in defaults section
|
|
- [MEDIUM] http: make x-forwarded-for addition conditional
|
|
- [DOC] fixed a few "sensible" -> "sensitive" errors
|
|
- [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
|
|
- [BUG] http: trailing white spaces must also be trimmed after headers
|
|
- [MINOR] http: take a capture of too large requests and responses
|
|
- [MINOR] http: take a capture of truncated responses
|
|
- [MINOR] http: take a capture of bad content-lengths.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to version 1.4.16
|
|
- [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
|
|
- [DOC] Minor spelling fixes and grammatical enhancements
|
|
- [CLEANUP] Remove assigned but unused variables
|
|
- [BUG] checks: http-check expect could fail a check on
|
|
multi-packet responses
|
|
- [DOC] fix minor typo in the "dispatch" doc
|
|
- [MINOR] http: make the "HTTP 200" status code configurable.
|
|
- [MINOR] http: partially revert the chunking optimization for
|
|
now
|
|
- [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete
|
|
transfer
|
|
- [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out
|
|
test
|
|
- [MEDIUM] http: add support for "http-no-delay"
|
|
- [OPTIM] http: optimize chunking again in non-interactive mode
|
|
- [OPTIM] stream_sock: avoid fast-forwarding of partial data
|
|
- [OPTIM] stream_sock: don't use splice on too small payloads
|
|
- [BUG] stats: support url-encoded forms
|
|
- [BUG] halog: correctly handle truncated last line
|
|
- [DOC] fix typos, "#" is a sharp, not a dash
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
- revert splitting out the documentation
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org
|
|
|
|
- split out documentation and examples into haproxy-doc
|
|
- add rpmlintrc to suppress false positive warnings about
|
|
script examples in documentation files (without exec flag)
|
|
- fix license
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to version 1.4.15
|
|
- [CRITICAL] fix risk of crash when dealing with space in
|
|
response cookies
|
|
- additional changes from 1.4.14
|
|
- [MINOR] config: fix endianness of server check port
|
|
- [BUG] http: fix possible incorrect forwarded wrapping chunk
|
|
size (take 2)
|
|
- [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
|
|
- [BUG] http: fix content-length handling on 32-bit platforms
|
|
- [OPTIM] buffers: uninline buffer_forward()
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to 1.4.13
|
|
- config: don't crash on empty pattern files.
|
|
- additional changes from 1.4.12
|
|
- stats: add support for several packets in stats admin
|
|
- stats: admin commands must check the proxy state
|
|
- stats: admin web interface must check the proxy state
|
|
- http: update the header list's tail when removing the last
|
|
header
|
|
- fix typos (http-request instead of http-check) (cherry
|
|
picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c)
|
|
- http: use correct ACL pointer when evaluating authentication
|
|
- cfgparse: correctly count one socket per port in ranges
|
|
- startup: set the rlimits before binding ports, not after.
|
|
- acl: srv_id must return no match when the server is NULL
|
|
- acl: fd leak when reading patterns from file
|
|
- fix minor typo in "usesrc"
|
|
- http: fix possible incorrect forwarded wrapping chunk size
|
|
- http: fix computation of message body length after forwarding
|
|
has started
|
|
- http: balance url_param did not work with first parameters on
|
|
POST
|
|
- update the url_param regression test to test check_post too
|
|
|
|
-------------------------------------------------------------------
|
|
>>>>>>> ./haproxy.changes.r40
|
|
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de
|
|
|
|
- update to 1.4.11
|
|
- cfgparse: Check whether the path given for the stats socket
|
|
actually fits into the sockaddr_un structure to avoid
|
|
truncation.
|
|
- fix a minor typo
|
|
- fix ignore-persist documentation
|
|
- http: fix http-pretend-keepalive and httpclose/tunnel mode
|
|
- add warnings on features not compatible with multi-process mode
|
|
- acl: add be_id/srv_id to match backend's and server's id
|
|
- log: add support for passing the forwarded hostname
|
|
- log: ability to override the syslog tag
|
|
- fix minor typos in the doc
|
|
- fix another typo in the doc
|
|
- http chunking: don't report a parsing error on connection
|
|
errors
|
|
- stream_interface: truncate buffers when sending error messages
|
|
- http: fix incorrect error reporting during data transfers
|
|
- session: correctly leave turn-around and queue states on abort
|
|
- session: release slot before processing pending connections
|
|
- stats: report HTTP message state and buffer flags in error
|
|
dumps
|
|
- http: support wrapping messages in error captures
|
|
- http: capture incorrectly chunked message bodies
|
|
- stats: add global event ID and count
|
|
- http: don't send each chunk in a separate packet
|
|
- acl: fix handling of empty lines in pattern files
|
|
- ebtree: fix ebmb_lookup() with len smaller than the tree's keys
|
|
- ebtree: ebmb_lookup: reduce stack usage by moving the return
|
|
code out of the loop
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.10:
|
|
* a possible crash when using Cookie-based persistence with
|
|
appsessions was fixed
|
|
* header processing could become wrong after a single reqidel
|
|
rule removed exactly two headers
|
|
* some out-of-memory conditions were not correctly handled in
|
|
appsession or cookie captures
|
|
* users of appsessions are strongly encouraged to upgrade
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.9:
|
|
* the Web interface now allows you to enable or disable servers
|
|
* the ECV and LDAPv3 checks were merged
|
|
* the MySQL check was improved to support a real login sequence
|
|
* persistence cookies can now be timestamped to support a maximum
|
|
idle time and a maximum life time, and can be removed by the
|
|
server if needed (e.g. logout)
|
|
* the SNMP plugin was improved to report socket stats
|
|
* some Cacti templates were merged
|
|
* the halog tool can now instantly report per-URL response times
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de
|
|
|
|
- implement graceful restart in the init script
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de
|
|
|
|
- update to 1.4.8:
|
|
* mention 'option http-server-close' effect in Tq section
|
|
* summarize and highlight persistent connections behaviour
|
|
* add configuration samples
|
|
* stick_table: the fix for the memory leak caused a regression
|
|
* client: don't add a new session to the list too early
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.7:
|
|
* fixes problems where consistent hashing was broken when no
|
|
server ID was specified in the configuration
|
|
* some errors were incorrectly reported as failed instead of
|
|
denied in the statistics
|
|
* the dispatch and http_proxy modes were fixed
|
|
* a few termination flags in the logs used for troubleshooting
|
|
were corrected
|
|
* a few other minor issues were fixed
|
|
* upgrading is recommended
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.6:
|
|
* a minor precision about RDP cookies was added to the
|
|
documentation
|
|
* a new ACL keyword was added
|
|
* those who had no problem building and running 1.4.5 don't need
|
|
to upgrade
|
|
|
|
- drop haproxy-fix_dprintf.patch, merged upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.5:
|
|
* Haproxy can now read huge ACL pattern lists from files and
|
|
match inputs against them without any noticeable performance
|
|
impact, making geolocation possible
|
|
* adds a new "ignore-persist" directive, allowing it to ignore
|
|
the persistence cookie if an ACL-based condition is matched
|
|
(which is useful for static objects in stateful farms)
|
|
* a few other minor improvements
|
|
* a nice performance boost of the log analyzer, which can now
|
|
process more than 1 GB of logs per second and report request
|
|
counts by status codes
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.4:
|
|
* brings a new option to work around optimization issues with
|
|
Tomcat and Jetty in server close mode, and for a bug in Jetty's
|
|
handling of Expect: 100-continue
|
|
* a very old appsession unexpected match of shorter cookie names
|
|
was also fixed
|
|
* a new feature to make it possible to connect to a server from
|
|
an IP found in a header was merged: it allows you to run
|
|
stunnel+haproxy in transparent mode together
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.3:
|
|
* fxes a regression introduced in 1.4.2 which could cause a
|
|
connection to still be attempted on the server side in case of
|
|
an error on the client side; this issue could even lead to a
|
|
crash if a Layer7 hash algorithm was used, so this code was
|
|
strengthened
|
|
* the configuration parser now detects many more inappropriate
|
|
options in TCP mode and emits related warnings
|
|
* it is now possible to indicate in the configuration that a
|
|
server will start in the "disabled" state
|
|
* other very minor issues were fixed
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.2:
|
|
* fixes a very rare case of stuck client sessions when using
|
|
keep-alive
|
|
* fixes a url_param hash bug which could result in a dead server
|
|
in very rare situations
|
|
* fixes status codes 501 and 505 which could cause a server to be
|
|
marked down if on-error was used
|
|
* fixes a risk of getting truncated HTTP responses when
|
|
chunk-encoding was used
|
|
* fixes an issue with anonymous ACLs
|
|
* improvements on health checks
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.1:
|
|
* some errors were incorrectly reported as 502 with the flags
|
|
"SL" in the logs; this is now fixed
|
|
* other minor issues were fixed
|
|
* documentation was updated
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org
|
|
|
|
- update to 1.4.0:
|
|
* new features:
|
|
+ keep-alive
|
|
+ IP-based stickiness
|
|
+ consistent hashing
|
|
+ support for the RDP protocol
|
|
+ a much nicer stats interface
|
|
+ a much-improved performance level
|
|
* add -fno-strict-aliasing
|
|
|
|
- changes from 1.4rc1:
|
|
* new features:
|
|
+ server maintenance mode
|
|
+ HTTP authentication (server and proxy)
|
|
+ secure passwords
|
|
+ conditional request/response header rewriting using ACLs
|
|
+ anonymous ACLs that can be declared inline
|
|
+ support for HTTP/1.1 101+Upgrade status code to support non-
|
|
HTTP protocols such as WebSocket
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de
|
|
|
|
- update to 1.3.23
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.20
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 3 13:54:40 CEST 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.17
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 9 16:40:38 CET 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.15.8
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 4 15:13:15 CET 2009 - mrueckert@suse.de
|
|
|
|
- update to 1.3.15.7
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de
|
|
|
|
- update to 1.3.15.4
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 4 21:21:35 CET 2007 - mrueckert@suse.de
|
|
|
|
- update to 1.3.13.1:
|
|
too many changes see changelog file
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 2 00:53:38 CEST 2007 - mrueckert@suse.de
|
|
|
|
- prepared spec for easy split out of -snapshot packages.
|
|
- added vim syntax file
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de
|
|
|
|
- update to 1.2.17:
|
|
- replaced the linked-list with a faster rbtree in the scheduler
|
|
- add user/group support (Marcus Rueckert)
|
|
- add the "except" keyword to the "forwardfor" option (Bryan
|
|
Germann)
|
|
- re-implemented support for multi-line headers (was
|
|
incidently reverted)
|
|
- fixed possible crash when no cookie was set on a server
|
|
- fixed various length checks in appsession
|
|
- fixed unlikely memory leak in appsession in case of memory
|
|
shortage
|
|
- updates to the architecture guide
|
|
- remove haproxy-1.2.16_username_groupname_support.patch:
|
|
patch included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 8 00:27:17 CET 2007 - mrueckert@suse.de
|
|
|
|
- initial package of 1.2.16
|
|
- added 2 patches:
|
|
haproxy-1.2.16_config_haproxy_user.patch
|
|
haproxy-1.2.16_username_groupname_support.patch
|
|
the patches allow to specify username and groupname instead of
|
|
uid/gid. The patches are needed as we do not have a static
|
|
uid/gid for the haproxy user/group.
|
|
|