* [RELEASE] Released version 2.1.2
* BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility
* BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
* BUG/MINOR: state-file: do not leak memory on parse errors
* BUG/MINOR: state-file: do not store duplicates in the global tree
* BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry
* BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
* BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd
* MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
* BUG/MEDIUM: ssl: Revamp the way early data are handled.
* BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
* MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
* MINOR: http: add a new "replace-path" action
* MINOR: debug: support logging to various sinks
* BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
* MINOR: sample: Validate the number of bits for the sha2 converter
* BUG/MINOR: sample: always check converters' arguments
* BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
* DOC: clarify the fact that replace-uri works on a full URI
- drop the udev buildrequires completely
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=211
* [RELEASE] Released version 2.1.1
* BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy()
* BUG/MINOR: listener: fix off-by-one in state name check
* BUG/MINOR: server: make "agent-addr" work on default-server line
* BUG/MINOR: listener: do not immediately resume on transient error
* BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers
* BUG/MINOR: log: fix minor resource leaks on logformat error path
* DOC: remove references to the outdated architecture.txt
* DOC: proxies: HAProxy only supports 3 connection modes
* BUG/MINOR: tasks: only requeue a task if it was already in the queue
* DOC: listeners: add a few missing transitions
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=209
* BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
* BUG/MAJOR: dns: add minimalist error processing on the Rx path
* BUG/MEDIUM: kqueue: Make sure we report read events even when no data.
* DOC: document the listener state transitions
* BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept()
* BUG/MINOR: listener: also clear the error flag on a paused listener
* BUG/MINOR: listener/threads: always use atomic ops to clear the FD events
* BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state
* BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted
* BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=208
* BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
* BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
* BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
* BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
* BUG/MEDIUM: listener/thread: fix a race when pausing a listener
* BUG/MINOR: ssl/cli: don't overwrite the filters variable
* BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
* BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
* DOC: move the "group" keyword at the right place
* DOC: Fix ordered list in summary
- switch to the 2.1 branch
https://www.haproxy.com/blog/haproxy-2-1/https://www.mail-archive.com/haproxy@formilux.org/msg35491.html
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=206
* BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
* BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
* BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
* BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
* BUG/MEDIUM: listener/thread: fix a race when pausing a listener
* BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
* BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
* DOC: move the "group" keyword at the right place
* DOC: clarify matching strings on binary fetches
* DOC: Clarify behavior of server maxconn in HTTP mode
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=205
* [RELEASE] Released version 2.0.10
* SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands
* SCRIPTS: create-release: show the correct origin name in suggested commands
* BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state
* BUG/MAJOR: h2: make header field name filtering stronger
* BUG/MAJOR: h2: reject header values containing invalid chars
* MINOR: ist: add ist_find_ctl()
* BUG/MINOR: ssl: fix curve setup with LibreSSL
* BUG/MINOR: cli: fix out of bounds in -S parser
* DOC: Add documentation about the use-service action
* DOC: Add missing stats fields in the management manual
* BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message
* BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser()
* MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps
* REGTEST: vtest can now enable mcli with its own flag
* MINOR: stats: Report max times in addition of the averages for sessions
* BUG/MINOR: stream-int: Fix si_cs_recv() return value
* MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance
* MINOR: contrib/prometheus-exporter: filter exported metrics by scope
* MINOR: contrib/prometheus-exporter: report the number of idle conns per server
* BUG/MINOR: contrib/prometheus-exporter: Rename some metrics
* MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions
* MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time
* MINOR: stream: Remove the lock on the proxy to update time stats
* MINOR: freq_ctr: Make the sliding window sums thread-safe
* BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding
* BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
* BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests
* BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported
* BUILD/MINOR: ssl: fix compiler warning about useless statement
* BUG/MINOR: peers: "peer alive" flag not reset when deconnecting.
* BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=201
* BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
* BUG/MINOR: peers: Wrong null "server_name" data field handling.
* MINOR: peers: Add debugging information to "show peers".
* MINOR: peers: Add TX/RX heartbeat counters.
* MINOR: peers: Alway show the table info for disconnected peers.
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=196
- Update to version 2.0.6+git0.58706ab4:
* [RELEASE] Released version 2.0.6
* MINOR: sample: Add UUID-fetch
* BUG/MINOR: Missing stat_field_names (since f21d17bb)
* BUG/MINOR: backend: Fix a possible null pointer dereference
* BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed
* BUG/MINOR: filters: Properly set the HTTP status code on analysis error
* BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding
* BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context
* BUG/MINOR: listener: Fix a possible null pointer dereference
* MINOR: stats: report the number of idle connections for each server
* BUG/MEDIUM: connection: don't keep more idle connections than ever needed
* BUG/MAJOR: ssl: ssl_sock was not fully initialized.
* BUG/MINOR: lb/leastconn: ignore the server weights for empty servers
* MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers
* BUG/MINOR: checks: do not uselessly poll for reads before the connection is up
* BUG/MINOR: checks: make __event_chk_srv_r() report success before closing
* BUG/MINOR: checks: start sending the request right after connect()
* BUG/MINOR: checks: stop polling for write when we have nothing left to send
* BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big
* BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks
* BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers
* BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached
* BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing
* BUG/MINOR: h1: Properly reset h1m when parsing is restarted
* BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled
* BUG/MEDIUM: peers: local peer socket not bound.
* BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data
* BUG/MEDIUM: url32 does not take the path part into account in the returned hash.
* BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener()
OBS-URL: https://build.opensuse.org/request/show/731948
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=193
* [RELEASE] Released version 2.0.5
* BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
* MINOR: fd: make sure to mark the thread as not stuck in fd_update_events()
* BUG/MINOR: stats: Wait the body before processing POST requests
* BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout
* BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected.
* BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers
* BUG/MINOR: lua: fix setting netfilter mark
* BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream.
* BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX.
* BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it
* MINOR: ssl: ssl_fc_has_early should work for BoringSSL
* BUG/MINOR: ssl: fix 0-RTT for BoringSSL
* BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
* [RELEASE] Released version 2.0.4
* BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak
* BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame
* BUG/MINOR: mux-h2: always send stream window update before connection's
* BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition
* BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads
* BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data()
* BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one
* BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete().
* BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2
* BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
* BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
* BUG/MINOR: stream-int: also update analysers timeouts on activity
* BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
* BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=189
- Update to version 2.0.3+git14.0ff395c1 (bsc#1142529) (CVE-2019-14241):
* BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
* BUG/MINOR: htx: Fix free space addresses calculation during a block expansion
* BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready
* MINOR: hlua: Add a flag on the lua txn to know in which context it can be used
* MINOR: hlua: Don't set request analyzers on response channel for lua actions
* BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class
* BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called
* DOC: improve the wording in CONTRIBUTING about how to document a bug fix
* BUG/MINOR: log: make sure writev() is not interrupted on a file output
* BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send.
* BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
* BUILD: threads: add the definition of PROTO_LOCK
* BUG/MINOR: proxy: always lock stop_proxy()
* BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff
* [RELEASE] Released version 2.0.3
* BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter
* BUG/MINOR: http_htx: Support empty errorfiles
* BUG/MINOR: http_ana: Be sure to have an allocated buffer to generate an error
* BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream
* BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach()
* BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction
* BUG/MINOR: checks: do not exit tcp-checks from the middle of the loop
* BUG/MINOR: session: Send a default HTTP error if accept fails for a H1 socket
* BUG/MINOR: session: Emit an HTTP error if accept fails only for H1 connection
* BUG/MINOR: debug: Remove flags CO_FL_SOCK_WR_ENA/CO_FL_SOCK_RD_ENA
* DOC: htx: Update comments in HTX files
* BUG/MINOR: hlua: Make the function txn:done() HTX aware
* BUG/MINOR: cache/htx: Make maxage calculation HTX aware
* BUG/MINOR: http_htx: Initialize HTX error messages for TCP proxies
OBS-URL: https://build.opensuse.org/request/show/719829
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=188
- Update to version 2.0.1+git27.5db881ff:
* BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
* BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it.
* BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si
* MINOR: stream-int: Factorize processing done after sending data in si_cs_send()
* BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
* BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted
* BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
* BUG/MEDIUM: http/applet: Finish request processing when a service is registered
* MINOR: action: Add the return code ACT_RET_DONE for actions
* BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
* MINOR: server: Add "no-tfo" option.
* BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
* BUG/MEDIUM: servers: Authorize tfo in default-server.
* BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux.
* BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent
* BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
* BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
* BUG/MINOR: hlua: Don't use channel_htx_recv_max()
* BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
* BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.
* BUG/MEDIUM: connections: Always call shutdown, with no linger.
* BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
* BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
* BUG/MEDIUM: checks: unblock signals in external checks
* BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
* BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
* BUG/MINOR: mworker/cli: don't output a \n before the response
* BUG/MINOR: mux-h1: Make format errors during output formatting fatal
* BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages
OBS-URL: https://build.opensuse.org/request/show/714254
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=71
- Update to version 2.0.1+git27.5db881ff:
* BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
* BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it.
* BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si
* MINOR: stream-int: Factorize processing done after sending data in si_cs_send()
* BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
* BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted
* BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
* BUG/MEDIUM: http/applet: Finish request processing when a service is registered
* MINOR: action: Add the return code ACT_RET_DONE for actions
* BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
* MINOR: server: Add "no-tfo" option.
* BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
* BUG/MEDIUM: servers: Authorize tfo in default-server.
* BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux.
* BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent
* BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
* BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
* BUG/MINOR: hlua: Don't use channel_htx_recv_max()
* BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
* BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.
* BUG/MEDIUM: connections: Always call shutdown, with no linger.
* BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
* BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
* BUG/MEDIUM: checks: unblock signals in external checks
* BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
* BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
* BUG/MINOR: mworker/cli: don't output a \n before the response
* BUG/MINOR: mux-h1: Make format errors during output formatting fatal
* BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages
OBS-URL: https://build.opensuse.org/request/show/714216
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=186