Commit Graph

195 Commits

Author SHA1 Message Date
Willy Tarreau
3b50e5c164 [RELEASE] Released version 2.8-dev8
Released version 2.8-dev8 with the following main changes :
    - BUG/MEDIUM: cli: Set SE_FL_EOI flag for '_getsocks' and 'quit' commands
    - BUG/MEDIUM: cli: Eat output data when waiting for appctx shutdown
    - BUG/MEDIUM: http-client: Eat output data when waiting for appctx shutdown
    - BUG/MEDIUM: stats: Eat output data when waiting for appctx shutdown
    - BUG/MEDIUM: log: Eat output data when waiting for appctx shutdown
    - BUG/MEDIUM: dns: Kill idle DNS sessions during stopping stage
    - BUG/MINOR: resolvers: Wakeup DNS idle task on stopping
    - BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions
    - MINOR: hlua: Stop to check the SC state when executing a hlua cli command
    - BUG/MEDIUM: mux-h1: Report EOI when a TCP connection is upgraded to H2
    - BUG/MEDIUM: mux-h2: Never set SE_FL_EOS without SE_FL_EOI or SE_FL_ERROR
    - MINOR: quic: Trace fix in quic_pto_pktns() (handshaske status)
    - BUG/MINOR: quic: Wrong packet number space probing before confirmed handshake
    - MINOR: quic: Modify qc_try_rm_hp() traces
    - MINOR: quic: Dump more information at proto level when building packets
    - MINOR: quic: Add a trace for packet with an ACK frame
    - MINOR: activity: add a line reporting the average CPU usage to "show activity"
    - BUG/MINOR: stick_table: alert when type len has incorrect characters
    - MINOR: thread: keep a bitmask of enabled groups in thread_set
    - MINOR: fd: optimize fd_claim_tgid() for use in fd_insert()
    - MINOR: fd: add a lock bit with the tgid
    - MINOR: fd: implement fd_migrate_on() to migrate on a non-local thread
    - MINOR: receiver: reserve special values for "shards"
    - MINOR: bind-conf: support a new shards value: "by-group"
    - BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it.
    - MINOR: quic: Add packet loss and maximum cc window to "show quic"
    - BUG/MINOR: quic: Ignored less than 1ms RTTs
    - MINOR: quic: Add connection flags to traces
    - BUG/MEDIUM: quic: Code sanitization about acknowledgements requirements
    - BUG/MINOR: quic: Possible wrapped values used as ACK tree purging limit.
    - BUG/MINOR: quic: SIGFPE in quic_cubic_update()
    - MINOR: quic: Display the packet number space flags in traces
    - MINOR: quic: Remove a useless test about probing in qc_prep_pkts()
    - BUG/MINOR: quic: Wrong Application encryption level selection when probing
    - CI: bump "actions/checkout" to v3 for cross zoo matrix
    - CI: enable monthly test on Fedora Rawhide
    - BUG/MINOR: stream: Fix test on SE_FL_ERROR on the wrong entity
    - BUG/MEDIUM: stream: Report write timeouts before testing the flags
    - BUG/MEDIUM: stconn: Do nothing in sc_conn_recv() when the SC needs more room
    - MINOR: stream: Uninline and export sess_set_term_flags() function
    - MINOR: filters: Review and simplify errors handling
    - REGTESTS: fix the race conditions in log_uri.vtc
    - MINOR: channel: Forwad close to other side on abort
    - MINOR: stream: Introduce stream_abort() to abort on both sides in same time
    - MINOR: stconn: Rename SC_FL_SHUTR_NOW in SC_FL_ABRT_WANTED
    - MINOR: channel/stconn: Replace channel_shutr_now() by sc_schedule_abort()
    - MINOR: stconn: Rename SC_FL_SHUTW_NOW in SC_FL_SHUT_WANTED
    - MINOR: channel/stconn: Replace channel_shutw_now() by sc_schedule_shutdown()
    - MINOR: stconn: Rename SC_FL_SHUTR in SC_FL_ABRT_DONE
    - MINOR: channel/stconn: Replace sc_shutr() by sc_abort()
    - MINOR: stconn: Rename SC_FL_SHUTW in SC_FL_SHUT_DONE
    - MINOR: channel/stconn: Replace sc_shutw() by sc_shutdown()
    - MINOR: tree-wide: Replace several chn_cons() by the corresponding SC
    - MINOR: tree-wide: Replace several chn_prod() by the corresponding SC
    - BUG/MINOR: cli: Don't close when SE_FL_ERR_PENDING is set in cli analyzer
    - MINOR: stconn: Stop to set SE_FL_ERROR on sending path
    - MEDIUM: stconn: Forbid applets with more to deliver if EOI was reached
    - MINOR: stconn: Don't clear SE_FL_ERROR when endpoint is reset
    - MINOR: stconn: Add a flag to ack endpoint errors at SC level
    - MINOR: backend: Set SC_FL_ERROR on connection error
    - MINOR: stream: Set SC_FL_ERROR on channels' buffer allocation error
    - MINOR: tree-wide: Test SC_FL_ERROR with SE_FL_ERROR from upper layer
    - MEDIUM: tree-wide: Stop to set SE_FL_ERROR from upper layer
    - MEDIUM: backend: Stop to use SE flags to detect connection errors
    - MEDIUM: stream: Stop to use SE flags to detect read errors from analyzers
    - MEDIUM: stream: Stop to use SE flags to detect endpoint errors
    - MEDIUM: stconn: Rely on SC flags to handle errors instead of SE flags
    - BUG/MINOR: stconn: Don't set SE_FL_ERROR at the end of sc_conn_send()
    - BUG/MINOR: quic: Do not use ack delay during the handshakes
    - CLEANUP: use "offsetof" where appropriate
    - MINOR: ssl: remove OpenSSL 1.0.2 mention into certificate loading error
    - BUG/MEDIUM: http-ana: Properly switch the request in tunnel mode on upgrade
    - BUG/MEDIUM: log: Properly handle client aborts in syslog applet
    - MINOR: stconn: Add a flag to report EOS at the stream-connector level
    - MINOR: stconn: Propagate EOS from a mux to the attached stream-connector
    - MINOR: stconn: Propagate EOS from an applet to the attached stream-connector
    - MINOR: mux-h2: make the initial window size configurable per side
    - MINOR: mux-h2: make the max number of concurrent streams configurable per side
    - BUG/MINOR: task: allow to use tasklet_wakeup_after with tid -1
    - CLEANUP: quic: remove unused QUIC_LOCK label
    - CLEANUP: quic: remove unused scid_node
    - CLEANUP: quic: remove unused qc param on stateless reset token
    - CLEANUP: quic: rename quic_connection_id vars
    - MINOR: quic: remove uneeded tasklet_wakeup after accept
    - MINOR: quic: adjust Rx packet type parsing
    - MINOR: quic: adjust quic CID derive API
    - MINOR: quic: remove TID ref from quic_conn
    - MEDIUM: quic: use a global CID trees list
    - MINOR: quic: remove TID encoding in CID
    - MEDIUM: quic: handle conn bootstrap/handshake on a random thread
    - MINOR: quic: do not proceed to accept for closing conn
    - MINOR: protocol: define new callback set_affinity
    - MINOR: quic: delay post handshake frames after accept
    - MEDIUM: quic: implement thread affinity rebinding
    - BUG/MINOR: quic: transform qc_set_timer() as a reentrant function
    - MINOR: quic: properly finalize thread rebinding
    - MAJOR: quic: support thread balancing on accept
    - MINOR: listener: remove unneeded local accept flag
    - BUG/MINOR: http-ana: Update analyzers on both sides when switching in TUNNEL mode
    - CLEANUP: backend: Remove useless debug message in assign_server()
    - CLEANUP: cli: Remove useless debug message in cli_io_handler()
    - BUG/MEDIUM: stconn: Propagate error on the SC on sending path
    - MINOR: config: add "no-alpn" support for bind lines
    - REGTESTS: add a new "ssl_alpn" test to test ALPN negotiation
    - DOC: add missing documentation for "no-alpn" on bind lines
    - MINOR: ssl: do not set ALPN callback with the empty string
    - MINOR: ssl_crtlist: dump "no-alpn" on "show crtlist" when "no-alpn" was set
    - MEDIUM: config: set useful ALPN defaults for HTTPS and QUIC
    - BUG/MEDIUM: quic: prevent crash on Retry sending
    - BUG/MINOR: cfgparse: make sure to include openssl-compat
    - MINOR: clock: add now_mono_time_fast() function
    - MINOR: clock: add now_cpu_time_fast() function
    - MEDIUM: hlua: reliable timeout detection
    - MEDIUM: hlua: introduce tune.lua.burst-timeout
    - CLEANUP: hlua: avoid confusion between internal timers and tick based timers
    - MINOR: hlua: hook yield on known lua state
    - MINOR: hlua: safe coroutine.create()
    - BUG/MINOR: quic: Stop removing ACK ranges when building packets
    - MINOR: quic: Do not allocate too much ack ranges
    - BUG/MINOR: quic: Unchecked buffer length when building the token
    - BUG/MINOR: quic: Wrong Retry token generation timestamp computing
    - BUG/MINOR: mux-quic: fix crash with app ops install failure
    - BUG/MINOR: mux-quic: properly handle STREAM frame alloc failure
    - BUG/MINOR: h3: fix crash on h3s alloc failure
    - BUG/MINOR: quic: prevent crash on qc_new_conn() failure
    - BUG/MINOR: quic: consume Rx datagram even on error
    - CLEANUP: errors: fix obsolete function comments
    - CLEANUP: server: fix update_status() function comment
    - MINOR: server/event_hdl: add proxy_uuid to event_hdl_cb_data_server
    - MINOR: hlua/event_hdl: rely on proxy_uuid instead of proxy_name for lookups
    - MINOR: hlua/event_hdl: expose proxy_uuid variable in server events
    - MINOR: hlua/event_hdl: fix return type for hlua_event_hdl_cb_data_push_args
    - MINOR: server/event_hdl: prepare for upcoming refactors
    - BUG/MINOR: event_hdl: don't waste 1 event subtype slot
    - CLEANUP: event_hdl: updating obsolete comment for EVENT_HDL_CB_DATA
    - CLEANUP: event_hdl: fix comment typo about _sync assertion
    - MINOR: event_hdl: dynamically allocated event data members
    - MINOR: event_hdl: provide event->when for advanced handlers
    - MINOR: hlua/event_hdl: timestamp for events
    - DOC: lua: restore 80 char limitation
    - BUG/MINOR: server: incorrect report for tracking servers leaving drain
    - MINOR: server: explicitly commit state change in srv_update_status()
    - BUG/MINOR: server: don't miss proxy stats update on server state transitions
    - BUG/MINOR: server: don't miss server stats update on server state transitions
    - BUG/MINOR: server: don't use date when restoring last_change from state file
    - MINOR: server: central update for server counters on state change
    - MINOR: server: propagate server state change to lb through single function
    - MINOR: server: propagate lb changes through srv_lb_propagate()
    - MINOR: server: change adm_st_chg_cause storage type
    - MINOR: server: srv_append_status refacto
    - MINOR: server: change srv_op_st_chg_cause storage type
    - CLEANUP: server: remove unused variables in srv_update_status()
    - CLEANUP: server: fix srv_set_{running, stopping, stopped} function comment
    - MINOR: server: pass adm and op cause to srv_update_status()
    - MEDIUM: server: split srv_update_status() in two functions
    - MINOR: server/event_hdl: prepare for server event data wrapper
    - MINOR: quic: support migrating the listener as well
    - MINOR: quic_sock: index li->per_thr[] on local thread id, not global one
    - MINOR: listener: support another thread dispatch mode: "fair"
    - MINOR: receiver: add a struct shard_info to store info about each shard
    - MINOR: receiver: add RX_F_MUST_DUP to indicate that an rx must be duped
    - MEDIUM: proto: duplicate receivers marked RX_F_MUST_DUP
    - MINOR: proto: skip socket setup for duped FDs
    - MEDIUM: config: permit to start a bind on multiple groups at once
    - MINOR: listener: make accept_queue index atomic
    - MEDIUM: listener: rework thread assignment to consider all groups
    - MINOR: listener: use a common thr_idx from the reference listener
    - MINOR: listener: resync with the thread index before heavy calculations
    - MINOR: listener: make sure to avoid ABA updates in per-thread index
    - MINOR: listener: always compare the local thread as well
    - MINOR: Make `tasklet_free()` safe to be called with `NULL`
    - CLEANUP: Stop checking the pointer before calling `tasklet_free()`
    - CLEANUP: Stop checking the pointer before calling `pool_free()`
    - CLEANUP: Stop checking the pointer before calling `task_free()`
    - CLEANUP: Stop checking the pointer before calling `ring_free()`
    - BUG/MINOR: cli: clarify error message about stats bind-process
    - CI: cirrus-ci: bump FreeBSD image to 13-1
    - REGTESTS: remove unsupported "stats bind-process" keyword
    - CI: extend spellchecker whitelist, add "clen" as well
    - CLEANUP: assorted typo fixes in the code and comments
    - BUG/MINOR: sock_inet: use SO_REUSEPORT_LB where available
    - BUG/MINOR: tools: check libssl and libcrypto separately
    - BUG/MINOR: config: fix NUMA topology detection on FreeBSD
    - BUILD: sock_inet: forward-declare struct receiver
    - BUILD: proto_tcp: export the correct names for proto_tcpv[46]
    - CLEANUP: protocol: move the l3_addrlen to plug a hole in proto_fam
    - CLEANUP: protocol: move the nb_receivers to plug a hole in protocol
    - REORG: listener: move the bind_conf's thread setup code to listener.c
    - MINOR: proxy: make proxy_type_str() recognize peers sections
    - MEDIUM: peers: call bind_complete_thread_setup() to finish the config
    - MINOR: protocol: add a flags field to store info about protocols
    - MINOR: protocol: move the global reuseport flag to the protocols
    - MINOR: listener: automatically adjust shards based on support for SO_REUSEPORT
    - MINOR: protocol: add a function to check if some features are supported
    - MINOR: sock: add a function to check for SO_REUSEPORT support at runtime
    - MINOR: protocol: perform a live check for SO_REUSEPORT support
    - MINOR: listener: do not restrict CLI to first group anymore
    - MINOR: listener: add a new global tune.listener.default-shards setting
    - MEDIUM: listener: switch the default sharding to by-group
2023-04-23 10:21:37 +02:00
Willy Tarreau
768b62857e [RELEASE] Released version 2.8-dev7
Released version 2.8-dev7 with the following main changes :
    - BUG/MINOR: stats: Don't replace sc_shutr() by SE_FL_EOS flag yet
    - BUG/MEDIUM: mux-h2: Be able to detect connection error during handshake
    - BUG/MINOR: quic: Missing padding in very short probe packets
    - MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
    - CLEANUP: proxy: remove stop_time related dead code
    - DOC/MINOR: reformat configuration.txt's "quoting and escaping" table
    - MINOR: http_fetch: Add support for empty delim in url_param
    - MINOR: http_fetch: add case insensitive support for smp_fetch_url_param
    - MINOR: http_fetch: Add case-insensitive argument for url_param/urlp_val
    - REGTESTS : Add test support for case insentitive for url_param
    - BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop
    - BUG/MINOR: backend: make be_usable_srv() consistent when stopping
    - BUG/MINOR: ssl: Remove dead code in cli_parse_update_ocsp_response
    - BUG/MINOR: ssl: Fix potential leak in cli_parse_update_ocsp_response
    - BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in crt-list
    - BUG/MINOR: quic: Wrong use of now_ms timestamps (cubic algo)
    - MINOR: quic: Add recovery related information to "show quic"
    - BUG/MINOR: quic: Wrong use of now_ms timestamps (newreno algo)
    - BUG/MINOR: quic: Missing max_idle_timeout initialization for the connection
    - MINOR: quic: Implement cubic state trace callback
    - MINOR: quic: Adjustments for generic control congestion traces
    - MINOR: quic: Traces adjustments at proto level.
    - MEDIUM: quic: Ack delay implementation
    - BUG/MINOR: quic: Wrong rtt variance computing
    - MINOR: cli: support filtering on FD types in "show fd"
    - MINOR: quic: Add a fake congestion control algorithm named "nocc"
    - CI: run smoke tests on config syntax to check memory related issues
    - CLEANUP: assorted typo fixes in the code and comments
    - CI: exclude doc/{design-thoughts,internals} from spell check
    - BUG/MINOR: quic: Remaining useless statements in cubic slow start callback
    - BUG/MINOR: quic: Cubic congestion control window may wrap
    - MINOR: quic: Add missing traces in cubic algorithm implementation
    - BUG/MAJOR: quic: Congestion algorithms states shared between the connection
    - BUG/MINOR: ssl: Undefined reference when building with OPENSSL_NO_DEPRECATED
    - BUG/MINOR: quic: Remove useless BUG_ON() in newreno and cubic algo implementation
    - MINOR: http-act: emit a warning when a header field name contains forbidden chars
    - DOC: config: strict-sni allows to start without certificate
    - MINOR: quic: Add trace to debug idle timer task issues
    - BUG/MINOR: quic: Unexpected connection closures upon idle timer task execution
    - BUG/MINOR: quic: Wrong idle timer expiration (during 20s)
    - BUILD: quic: 32bits compilation issue in cli_io_handler_dump_quic()
    - BUG/MINOR: quic: Possible wrong PTO computing
    - BUG/MINOR: tcpcheck: Be able to expect an empty response
    - BUG/MEDIUM: stconn: Add a missing return statement in sc_app_shutr()
    - BUG/MINOR: stream: Fix test on channels flags to set clientfin/serverfin touts
    - MINOR: applet: Uninline appctx_free()
    - MEDIUM: applet/trace: Register a new trace source with its events
    - CLEANUP: stconn: Remove remaining debug messages
    - BUG/MEDIUM: channel: Improve reports for shut in co_getblk()
    - BUG/MEDIUM: dns: Properly handle error when a response consumed
    - MINOR: stconn: Remove unecessary test on SE_FL_EOS before receiving data
    - MINOR: stconn/channel: Move CF_READ_DONTWAIT into the SC and rename it
    - MINOR: stconn/channel: Move CF_SEND_DONTWAIT into the SC and rename it
    - MINOR: stconn/channel: Move CF_NEVER_WAIT into the SC and rename it
    - MINOR: stconn/channel: Move CF_EXPECT_MORE into the SC and rename it
    - MINOR: mux-pt: Report end-of-input with the end-of-stream after a read
    - BUG/MINOR: mux-h1: Properly report EOI/ERROR on read0 in h1_rcv_pipe()
    - CLEANUP: mux-h1/mux-pt: Remove useless test on SE_FL_SHR/SE_FL_SHW flags
    - MINOR: mux-h1: Report an error to the SE descriptor on truncated message
    - MINOR: stconn: Always ack EOS at the end of sc_conn_recv()
    - MINOR: stconn/applet: Handle EOI in the applet .wake callback function
    - MINOR: applet: No longer set EOI on the SC
    - MINOR: stconn/applet: Handle EOS in the applet .wake callback function
    - MEDIUM: cache: Use the sedesc to report and detect end of processing
    - MEDIUM: cli: Use the sedesc to report and detect end of processing
    - MINOR: dns: Remove the test on the opposite SC state to send requests
    - MEDIUM: dns: Use the sedesc to report and detect end of processing
    - MEDIUM: spoe: Use the sedesc to report and detect end of processing
    - MEDIUM: hlua/applet: Use the sedesc to report and detect end of processing
    - MEDIUM: log: Use the sedesc to report and detect end of processing
    - MEDIUM: peers: Use the sedesc to report and detect end of processing
    - MINOR: sink: Remove the tests on the opposite SC state to process messages
    - MEDIUM: sink: Use the sedesc to report and detect end of processing
    - MEDIUM: stats: Use the sedesc to report and detect end of processing
    - MEDIUM: promex: Use the sedesc to report and detect end of processing
    - MEDIUM: http_client: Use the sedesc to report and detect end of processing
    - MINOR: stconn/channel: Move CF_EOI into the SC and rename it
    - MEDIUM: tree-wide: Move flags about shut from the channel to the SC
    - MINOR: tree-wide: Simplifiy some tests on SHUT flags by accessing SCs directly
    - MINOR: stconn/applet: Add BUG_ON_HOT() to be sure SE_FL_EOS is never set alone
    - MINOR: server: add SRV_F_DELETED flag
    - BUG/MINOR: server/del: fix srv->next pointer consistency
    - BUG/MINOR: stats: properly handle server stats dumping resumption
    - BUG/MINOR: sink: free forward_px on deinit()
    - BUG/MINOR: log: free log forward proxies on deinit()
    - MINOR: server: always call ssl->destroy_srv when available
    - MINOR: server: correctly free servers on deinit()
    - BUG/MINOR: hlua: hook yield does not behave as expected
    - MINOR: hlua: properly handle hlua_process_task HLUA_E_ETMOUT
    - BUG/MINOR: hlua: enforce proper running context for register_x functions
    - MINOR: hlua: Fix two functions that return nothing useful
    - MEDIUM: hlua: Dynamic list of frontend/backend in Lua
    - MINOR: hlua_fcn: alternative to old proxy and server attributes
    - MEDIUM: hlua_fcn: dynamic server iteration and indexing
    - MEDIUM: hlua_fcn/api: remove some old server and proxy attributes
    - CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy()
    - MINOR: hlua: add simple hlua reference handling API
    - MINOR: hlua: fix return type for hlua_checkfunction() and hlua_checktable()
    - BUG/MINOR: hlua: fix reference leak in core.register_task()
    - BUG/MINOR: hlua: fix reference leak in hlua_post_init_state()
    - BUG/MINOR: hlua: prevent function and table reference leaks on errors
    - CLEANUP: hlua: use hlua_ref() instead of luaL_ref()
    - CLEANUP: hlua: use hlua_pushref() instead of lua_rawgeti()
    - CLEANUP: hlua: use hlua_unref() instead of luaL_unref()
    - MINOR: hlua: simplify lua locking
    - BUG/MEDIUM: hlua: prevent deadlocks with main lua lock
    - MINOR: hlua_fcn: add server->get_rid() method
    - MINOR: hlua: support for optional arguments to core.register_task()
    - DOC: lua: silence "literal block ends without a blank line" Sphinx warnings
    - DOC: lua: silence "Unexpected indentation" Sphinx warnings
    - BUG/MINOR: event_hdl: fix rid storage type
    - BUG/MINOR: event_hdl: make event_hdl_subscribe thread-safe
    - MINOR: event_hdl: global sublist management clarification
    - BUG/MEDIUM: event_hdl: clean soft-stop handling
    - BUG/MEDIUM: event_hdl: fix async data refcount issue
    - MINOR: event_hdl: normal tasks support for advanced async mode
    - MINOR: event_hdl: add event_hdl_async_equeue_isempty() function
    - MINOR: event_hdl: add event_hdl_async_equeue_size() function
    - MINOR: event_hdl: pause/resume for subscriptions
    - MINOR: proxy: add findserver_unique_id() and findserver_unique_name()
    - MEDIUM: hlua/event_hdl: initial support for event handlers
    - MINOR: hlua/event_hdl: per-server event subscription
    - EXAMPLES: add basic event_hdl lua example script
    - MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked
    - BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload
    - BUG/MINOR: quic: Possible crashes in qc_idle_timer_task()
    - MINOR: quic: derive first DCID from client ODCID
    - MINOR: quic: remove ODCID dedicated tree
    - MINOR: quic: remove address concatenation to ODCID
    - BUG/MINOR: mworker: unset more internal variables from program section
    - BUG/MINOR: errors: invalid use of memprintf in startup_logs_init()
    - MINOR: applet: Use unsafe version to get stream from SC in the trace function
    - BUG/MUNOR: http-ana: Use an unsigned integer for http_msg flags
    - MINOR: compression: Make compression offload a flag
    - MINOR: compression: Prepare compression code for request compression
    - MINOR: compression: Store algo and type for both request and response
    - MINOR: compression: Count separately request and response compression
    - MEDIUM: compression: Make it so we can compress requests as well.
    - BUG/MINOR: lua: remove incorrect usage of strncat()
    - CLEANUP: tcpcheck: remove the only occurrence of sprintf() in the code
    - CLEANUP: ocsp: do no use strpcy() to copy a path!
    - CLEANUP: tree-wide: remove strpcy() from constant strings
    - CLEANUP: opentracing: remove the last two occurrences of strncat()
    - BUILD: compiler: fix __equals_1() on older compilers
    - MINOR: compiler: define a __attribute__warning() macro
    - BUILD: bug.h: add a warning in the base API when unsafe functions are used
    - BUG/MEDIUM: listeners: Use the right parameters for strlcpy2().
2023-04-08 17:38:39 +02:00
Willy Tarreau
4c7588dd22 [RELEASE] Released version 2.8-dev6
Released version 2.8-dev6 with the following main changes :
    - BUG/MEDIUM: mux-pt: Set EOS on error on sending path if read0 was received
    - MINOR: ssl: Change the ocsp update log-format
    - MINOR: ssl: Use ocsp update task for "update ssl ocsp-response" command
    - BUG/MINOR: ssl: Fix double free in ocsp update deinit
    - MINOR: ssl: Accept certpath as param in "show ssl ocsp-response" CLI command
    - MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output
    - BUG/MEDIUM: proxy: properly stop backends on soft-stop
    - BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop
    - DEBUG: cli/show_fd: Display connection error code
    - DEBUG: ssl-sock/show_fd: Display SSL error code
    - BUG/MEDIUM: mux-h1: Don't block SE_FL_ERROR if EOS is not reported on H1C
    - BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches
    - BUG/MINOR: quic: Missing STREAM frame length updates
    - BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list
    - BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it
    - MINOR: buffer: add br_count() to return the number of allocated bufs
    - MINOR: buffer: add br_single() to check if a buffer ring has more than one buf
    - BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested
    - BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data
    - BUG/MINOR: quic: Missing STREAM frame data pointer updates
    - MINOR: stick-table: add sc-add-gpc() to http-after-response
    - MINOR: doc: missing entries for sc-add-gpc()
    - BUG/MAJOR: qpack: fix possible read out of bounds in static table
    - OPTIM: mux-h1: limit first read size to avoid wrapping
    - MINOR: mux-h2: set CO_SFL_MSG_MORE when sending multiple buffers
    - MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack
    - MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames)
    - BUG/MINOR: quic: Dysfunctional 01RTT packet number space probing
    - BUG/MEDIUM: stream: do not try to free a failed stream-conn
    - BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd
    - BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
    - BUG/MEDIUM: stconn: don't set the type before allocation succeeds
    - BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure
    - MINOR: dynbuf: set POOL_F_NO_FAIL on buffer allocation
    - MINOR: pools: preset the allocation failure rate to 1% with -dMfail
    - BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s
    - BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation
    - BUG/MINOR: quic: wake up MUX on probing only for 01RTT
    - BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup
    - BUILD: thread: implement thread_harmless_end_sig() for threadless builds
    - BUILD: thread: silence a build warning when threads are disabled
    - MINOR: debug: support dumping the libs addresses when running in verbose mode
    - BUG/MINOR: illegal use of the malloc_trim() function if jemalloc is used
    - BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF
    - BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset
    - MINOR: mux-quic: complete traces for qcs emission
    - MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv
    - MINOR: mux-quic: add flow-control info to minimal trace level
    - MINOR: pools: make sure 'no-memory-trimming' is always used
    - MINOR: pools: intercept malloc_trim() instead of trying to plug holes
    - MEDIUM: pools: move the compat code from trim_all_pools() to malloc_trim()
    - MINOR: pools: export trim_all_pools()
    - MINOR: pattern: use trim_all_pools() instead of a conditional malloc_trim()
    - MINOR: tools: relax dlopen() on malloc/free checks
    - MEDIUM: tools: further relax dlopen() checks too consider grouped symbols
    - BUG/MINOR: pools: restore detection of built-in allocator
    - MINOR: pools: report a replaced memory allocator instead of just malloc_trim()
    - BUG/MINOR: h3: properly handle incomplete remote uni stream type
    - BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown
    - MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled
    - MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn
    - MINOR: mux-quic: close on qcs allocation failure
    - MINOR: mux-quic: close on frame alloc failure
    - BUG/MINOR: syslog: Request for more data if message was not fully received
    - BUG/MEDIUM: stats: Consume the request except when parsing the POST payload
    - DOC: config: set-var() dconv rendering issues
    - BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription
    - BUG/MINOR: applet/new: fix sedesc freeing logic
    - BUG/MINOR: quic: Missing STREAM frame type updated
    - BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.
    - BUG/MINOR: ssl: Stop leaking `err` in ssl_sock_load_ocsp()
2023-03-28 13:58:56 +02:00
Willy Tarreau
fc0ad29c29 [RELEASE] Released version 2.8-dev5
Released version 2.8-dev5 with the following main changes :
    - MINOR: ssl: rename confusing ssl_bind_kws
    - BUG/MINOR: config: crt-list keywords mistaken for bind ssl keywords
    - BUG/MEDIUM: http-ana: Detect closed SC on opposite side during body forwarding
    - BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI was reached
    - MINOR: global: Add an option to disable the data fast-forward
    - MINOR: haproxy: Add an command option to disable data fast-forward
    - REGTESTS: Remove unsupported feature command in http_splicing.vtc
    - BUG/MEDIUM: wdt: fix wrong thread being checked for sleeping
    - BUG/MINOR: sched: properly report long_rq when tasks remain in the queue
    - BUG/MEDIUM: sched: allow a bit more TASK_HEAVY to be processed when needed
    - MINOR: threads: add flags to know if a thread is started and/or running
    - MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set
    - BUG/MINOR: mux-quic: transfer FIN on empty STREAM frame
    - BUG/MINOR: mworker: prevent incorrect values in uptime
    - MINOR: h3: add traces on decode_qcs callback
    - BUG/MINOR: quic: Possible unexpected counter incrementation on send*() errors
    - MINOR: quic: Add new traces about by connection RX buffer handling
    - MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock
    - BUG/MINOR: quic: Really cancel the connection timer from qc_set_timer()
    - MINOR: quic: Simplication for qc_set_timer()
    - MINOR: quic: Kill the connections on ICMP (port unreachable) packet receipt
    - MINOR: quic: Add traces to qc_kill_conn()
    - MINOR: quic: Make qc_dgrams_retransmit() return a status.
    - BUG/MINOR: quic: Missing call to task_queue() in qc_idle_timer_do_rearm()
    - MINOR: quic: Add a trace to identify connections which sent Initial packet.
    - MINOR: quic: Add <pto_count> to the traces
    - BUG/MINOR: quic: Do not probe with too little Initial packets
    - BUG/MINOR: quic: Wrong initialization for io_cb_wakeup boolean
    - BUG/MINOR: quic: Do not drop too small datagrams with Initial packets
    - BUG/MINOR: quic: Missing padding for short packets
    - MINOR: quic: adjust request reject when MUX is already freed
    - BUG/MINOR: quic: also send RESET_STREAM if MUX released
    - BUG/MINOR: quic: acknowledge STREAM frame even if MUX is released
    - BUG/MINOR: h3: prevent hypothetical demux failure on int overflow
    - MEDIUM: h3: enforce GOAWAY by resetting higher unhandled stream
    - MINOR: mux-quic: define qc_shutdown()
    - MINOR: mux-quic: define qc_process()
    - MINOR: mux-quic: implement client-fin timeout
    - MEDIUM: mux-quic: properly implement soft-stop
    - MINOR: quic: mark quic-conn as jobs on socket allocation
    - MEDIUM: quic: trigger fast connection closing on process stopping
    - MINOR: mux-h2/traces: do not log h2s pointer for dummy streams
    - MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_handle_headers()
    - BUG/MEDIUM: quic: Missing TX buffer draining from qc_send_ppkts()
    - DEBUG: stream: Add a BUG_ON to never exit process_stream with an expired task
    - DOC: config: Fix description of options about HTTP connection modes
    - MINOR: proxy: Only consider backend httpclose option for server connections
    - BUG/MINOR: haproxy: Fix option to disable the fast-forward
    - DOC: config: Add the missing tune.fail-alloc option from global listing
    - MINOR: cfgcond: Implement strstr condition expression
    - MINOR: cfgcond: Implement enabled condition expression
    - REGTESTS: Skip http_splicing.vtc script if fast-forward is disabled
    - REGTESTS: Fix ssl_errors.vtc script to wait for connections close
    - BUG/MINOR: mworker: stop doing strtok directly from the env
    - BUG/MEDIUM: mworker: prevent inconsistent reload when upgrading from old versions
    - BUG/MEDIUM: mworker: don't register mworker_accept_wrapper() when master FD is wrong
    - MINOR: startup: HAPROXY_STARTUP_VERSION contains the version used to start
    - BUG/MINOR: cache: Cache response even if request has "no-cache" directive
    - BUG/MINOR: cache: Check cache entry is complete in case of Vary
    - MINOR: compiler: add a TOSTR() macro to turn a value into a string
    - BUG/MINOR: lua/httpclient: missing free in hlua_httpclient_send()
    - BUG/MEDIUM: httpclient/lua: fix a race between lua GC and hlua_ctx_destroy
    - MEDIUM: channel: Remove CF_READ_NOEXP flag
    - MAJOR: channel: Remove flags to report READ or WRITE errors
    - DEBUG: stream/trace: Add sedesc flags in trace messages
    - MINOR: channel/stconn: Move rto/wto from the channel to the stconn
    - MEDIUM: channel/stconn: Move rex/wex timer from the channel to the sedesc
    - MEDIUM: stconn: Don't requeue the stream's task after I/O
    - MEDIUM: stconn: Replace read and write timeouts by a unique I/O timeout
    - MEDIUM: stconn: Add two date to track successful reads and blocked sends
    - MINOR: applet/stconn: Add a SE flag to specify an endpoint does not expect data
    - MAJOR: stream: Use SE descriptor date to detect read/write timeouts
    - MINOR: stream: Dump the task expiration date in trace messages
    - MINOR: stream: Report rex/wex value using the sedesc date in trace messages
    - MINOR: stream: Use relative expiration date in trace messages
    - MINOR: stconn: Always report READ/WRITE event on shutr/shutw
    - CLEANUP: stconn: Remove old read and write expiration dates
    - MINOR: stconn: Set half-close timeout using proxy settings
    - MINOR: stconn: Remove half-closed timeout
    - REGTESTS: cache: Use rxresphdrs to only get headers for 304 responses
    - MINOR: stconn: Add functions to set/clear SE_FL_EXP_NO_DATA flag from endpoint
    - BUG/MINOR: proto_ux: report correct error when bind_listener fails
    - BUG/MINOR: protocol: fix minor memory leak in protocol_bind_all()
    - MINOR: proto_uxst: add resume method
    - MINOR: listener/api: add lli hint to listener functions
    - MINOR: listener: add relax_listener() function
    - MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping
    - MINOR: listener: make sure we don't pause/resume bypassed listeners
    - BUG/MEDIUM: listener: fix pause_listener() suspend return value handling
    - BUG/MINOR: listener: fix resume_listener() resume return value handling
    - BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener()
    - MINOR: listener: pause_listener() becomes suspend_listener()
    - BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume
    - BUG/MINOR: sock_unix: match finalname with tempname in sock_unix_addrcmp()
    - MEDIUM: proto_ux: properly suspend named UNIX listeners
    - MINOR: proto_ux: ability to dump ABNS names in error messages
    - MINOR: haproxy: always protocol unbind on startup error path
    - BUILD: quic: 32-bits compilation issue with %zu in quic_rx_pkts_del()
    - BUG/MINOR: ring: do not realign ring contents on resize
    - MEDIUM: ring: make the offset relative to the head/tail instead of absolute
    - CLEANUP: ring: remove the now unused ring's offset
    - MINOR: config: add HAPROXY_BRANCH environment variable
    - BUILD: thead: Fix several 32 bits compilation issues with uint64_t variables
    - BUG/MEDIUM: fd: avoid infinite loops in fd_add_to_fd_list and fd_rm_from_fd_list
    - BUG/MEDIUM: h1-htx: Never copy more than the max data allowed during parsing
    - BUG/MINOR: stream: Remove BUG_ON about the task expiration in process_stream()
    - MINOR: stream: Handle stream's timeouts in a dedicated function
    - MEDIUM: stream: Eventually handle stream timeouts when exiting process_stream()
    - MINOR: stconn: Report a send activity when endpoint is willing to consume data
    - BUG/MEDIUM: stconn: Report a blocked send if some output data are not consumed
    - MEDIUM: mux-h1: Don't expect data from server as long as request is unfinished
    - MEDIUM: mux-h2: Don't expect data from server as long as request is unfinished
    - MEDIUM: mux-quic: Don't expect data from server as long as request is unfinished
    - DOC: config: Clarify the meaning of 'hold' in the 'resolvers' section
    - DOC: config: Replace TABs by spaces
    - BUG/MINOR: fd: used the update list from the fd's group instead of tgid
    - BUG/MEDIUM: fd: make fd_delete() support being called from a different group
    - CLEANUP: listener: only store conn counts for local threads
    - MINOR: tinfo: make thread_set functions return nth group/mask instead of first
    - MEDIUM: quic: improve fatal error handling on send
    - MINOR: quic: consider EBADF as critical on send()
    - BUG/MEDIUM: connection: Clear flags when a conn is removed from an idle list
    - BUG/MINOR: mux-h1: Don't report an error on an early response close
    - BUG/MINOR: http-check: Don't set HTX_SL_F_BODYLESS flag with a log-format body
    - BUG/MINOR: http-check: Skip C-L header for empty body when it's not mandatory
    - BUG/MINOR: http-fetch: recognize IPv6 addresses in square brackets in req.hdr_ip()
    - REGTEST: added tests covering smp_fetch_hdr_ip()
    - MINOR: quic: simplify return path in send functions
    - MINOR: quic: implement qc_notify_send()
    - MINOR: quic: purge txbuf before preparing new packets
    - MEDIUM: quic: implement poller subscribe on sendto error
    - MINOR: quic: notify on send ready
    - BUG/MINOR: http-ana: Don't increment conn_retries counter before the L7 retry
    - BUG/MINOR: http-ana: Do a L7 retry on read error if there is no response
    - BUG/MEDIUM: http-ana: Don't close request side when waiting for response
    - BUG/MINOR: mxu-h1: Report a parsing error on abort with pending data
    - MINOR: ssl: Destroy ocsp update http_client during cleanup
    - MINOR: ssl: Reinsert ocsp update entries later in case of unknown error
    - MINOR: ssl: Add ocsp update success/failure counters
    - MINOR: ssl: Store specific ocsp update errors in response and update ctx
    - MINOR: ssl: Add certificate's path to certificate_ocsp structure
    - MINOR: ssl: Add 'show ssl ocsp-updates' CLI command
    - MINOR: ssl: Add sample fetches related to OCSP update
    - MINOR: ssl: Use dedicated proxy and log-format for OCSP update
    - MINOR: ssl: Reorder struct certificate_ocsp members
    - MINOR: ssl: Increment OCSP update replay delay in case of failure
    - MINOR: ssl: Add way to dump ocsp response in base64
    - MINOR: ssl: Add global options to modify ocsp update min/max delay
    - REGTESTS: ssl: Fix ocsp update crt-lists
    - REGTESTS: ssl: Add test for new ocsp update cli commands
    - MINOR: ssl: Add ocsp-update information to "show ssl crt-list"
    - BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list"
    - MINOR: ssl: Replace now.tv_sec with date.tv_sec in ocsp update task
    - BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback
    - BUG/MEDIUM: quic: properly handle duplicated STREAM frames
    - BUG/MINOR: cli: fix CLI handler "set anon global-key" call
    - MINOR: http_ext: adding some documentation, forgot to inline function
    - BUG/MINOR: quic: Do not send too small datagrams (with Initial packets)
    - MINOR: quic: Add a BUG_ON_HOT() call for too small datagrams
    - BUG/MINOR: quic: Ensure to be able to build datagrams to be retransmitted
    - BUG/MINOR: quic: v2 Initial packets decryption failed
    - MINOR: quic: Add traces about QUIC TLS key update
    - BUG/MINOR: quic: Remove force_ack for Initial,Handshake packets
    - BUG/MINOR: quic: Ensure not to retransmit packets with no ack-eliciting frames
    - BUG/MINOR: quic: Do not resend already acked frames
    - BUG/MINOR: quic: Missing detections of amplification limit reached
    - MINOR: quic: Send PING frames when probing Initial packet number space
    - BUG/MEDIUM: quic: do not crash when handling STREAM on released MUX
    - BUG/MAJOR: fd/thread: fix race between updates and closing FD
    - BUG/MEDIUM: dns: ensure ring offset is properly reajusted to head
    - BUG/MINOR: mux-quic: properly init STREAM frame as not duplicated
    - MINOR: quic: Do not accept wrong active_connection_id_limit values
    - MINOR: quic: Store the next connection IDs sequence number in the connection
    - MINOR: quic: Typo fix for ACK_ECN frame
    - MINOR: quic: RETIRE_CONNECTION_ID frame handling (RX)
    - MINOR: quic: Useless TLS context allocations in qc_do_rm_hp()
    - MINOR: quic: Add spin bit support
    - MINOR: quic: Add transport parameters to "show quic"
    - BUG/MEDIUM: sink/forwarder: ensure ring offset is properly readjusted to head
    - BUG/MINOR: dns: fix ring offset calculation on first read
    - BUG/MINOR: dns: fix ring offset calculation in dns_resolve_send()
    - MINOR: jwt: Add support for RSA-PSS signatures (PS256 algorithm)
    - MINOR: h3: add traces on h3_init_uni_stream() error paths
    - MINOR: quic: create a global list dedicated for closing QUIC conns
    - MINOR: quic: handle new closing list in show quic
    - MEDIUM: quic: release closing connections on stopping
    - BUG/MINOR: quic: Wrong RETIRE_CONNECTION_ID sequence number check
    - MINOR: fd/cli: report the polling mask in "show fd"
    - CLEANUP: sock: always perform last connection updates before wakeup
    - MINOR: quic: Do not stress the peer during retransmissions of lost packets
    - BUG/MINOR: init: properly detect NUMA bindings on large systems
    - BUG/MINOR: thread: report thread and group counts in the correct order
    - BUG/MAJOR: fd/threads: close a race on closing connections after takeover
    - MINOR: debug: add random delay injection with "debug dev delay-inj"
    - BUG/MINOR: mworker: use MASTER_MAXCONN as default maxconn value
    - BUG/MINOR: quic: Missing listener accept queue tasklet wakeups
    - MINOR: quic_sock: un-statify quic_conn_sock_fd_iocb()
    - DOC: config: fix typo "dependeing" in bind thread description
    - DOC/CLEANUP: fix typos
2023-03-10 16:28:37 +01:00
Willy Tarreau
c80560bae7 [RELEASE] Released version 2.8-dev4
Released version 2.8-dev4 with the following main changes :
    - BUG/MINOR: stats: fix source buffer size for http dump
    - BUG/MEDIUM: stats: fix resolvers dump
    - BUG/MINOR: stats: fix ctx->field update in stats_dump_proxy_to_buffer()
    - BUG/MINOR: stats: fix show stats field ctx for servers
    - BUG/MINOR: stats: fix STAT_STARTED behavior with full htx
    - MINOR: quic: Update version_information transport parameter to draft-14
    - BUG/MINOR: stats: Prevent HTTP "other sessions" counter underflows
    - BUG/MEDIUM: thread: fix extraneous shift in the thread_set parser
    - BUG/MEDIUM: listener/thread: bypass shards setting on failed thread resolution
    - BUG/MINOR: ssl/crt-list: warn when a line is malformated
    - BUG/MEDIUM: stick-table: do not leave entries in end of window during purge
    - BUG/MINOR: clock: do not mix wall-clock and monotonic time in uptime calculation
    - BUG/MEDIUM: cache: use the correct time reference when comparing dates
    - MEDIUM: clock: force internal time to wrap early after boot
    - BUILD: ssl/ocsp: ssl_ocsp-t.h depends on ssl_sock-t.h
    - MINOR: ssl/ocsp: add a function to check the OCSP update configuration
    - MINOR: cfgparse/server: move (min/max)conn postparsing logic into dedicated function
    - BUG/MINOR: server/add: ensure minconn/maxconn consistency when adding server
    - BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first
    - BUG/MEDIUM: quic: fix crash when "option nolinger" is set in the frontend
    - MINOR: quic: implement a basic "show quic" CLI handler
    - MINOR: quic: display CIDs and state in "show quic"
    - MINOR: quic: display socket info on "show quic"
    - MINOR: quic: display infos about various encryption level on "show quic"
    - MINOR: quic: display Tx stream info on "show quic"
    - MINOR: quic: filter closing conn on "show quic"
    - BUG/MINOR: quic: fix filtering of closing connections on "show quic"
    - BUG/MEDIUM: stconn: Don't needlessly wake the stream on send during fast-forward
    - BUG/MINOR: quic: fix type bug on "show quic" for 32-bits arch
    - BUG/MINOR: mworker: fix uptime for master process
    - BUG/MINOR: clock/stats: also use start_time not start_date in HTML info
    - BUG/MEDIUM: stconn: stop to enable/disable reads from streams via si_update_rx
    - BUG/MEDIUM: quic: Buffer overflow when looking through QUIC CLI keyword list
    - DOC: proxy-protocol: fix wrong byte in provided example
    - MINOR: ssl-ckch: Stop to test CF_WRITE_ERROR to commit CA/CRL file
    - MINOR: bwlim: Remove useless test on CF_READ_ERROR to detect the last packet
    - BUG/MINOR: http-ana: Fix condition to set LAST termination flag
    - BUG/MINOR: mux-h1: Don't report an H1C error on client timeout
    - BUG/MEDIUM: spoe: Don't set the default traget for the SPOE agent frontend
    - BUG/MINOR: quic: Wrong datagram dispatch because of qc_check_dcid()
    - BUG/CRITICAL: http: properly reject empty http header field names
2023-02-14 16:55:17 +01:00
Willy Tarreau
e74d77b301 [RELEASE] Released version 2.8-dev3
Released version 2.8-dev3 with the following main changes :
    - BUG/MINOR: sink: make sure to always properly unmap a file-backed ring
    - DEV: haring: add a new option "-r" to automatically repair broken files
    - BUG/MINOR: ssl: Fix leaks in 'update ssl ocsp-response' CLI command
    - MINOR: ssl: Remove debug fprintf in 'update ssl ocsp-response' cli command
    - MINOR: connection: add a BUG_ON() to detect destroying connection in idle list
    - MINOR: mux-quic/h3: send SETTINGS as soon as transport is ready
    - BUG/MINOR: h3: fix GOAWAY emission
    - BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission
    - BUG/MEDIUM: hpack: fix incorrect huffman decoding of some control chars
    - BUG/MINOR: log: release global log servers on exit
    - BUG/MINOR: ring: release the backing store name on exit
    - BUG/MINOR: sink: free the forwarding task on exit
    - CLEANUP: trace: remove the QUIC-specific ifdefs
    - MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active
    - MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback
    - MINOR: trace: add the long awaited TRACE_PRINTF()
    - MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers
    - MEDIUM: mux-h2/trace: add tracing support for headers
    - CLEANUP: mux-h2/trace: shorten the name of the header enc/dec functions
    - DEV: hpack: fix `trash` build regression
    - MINOR: http_htx: add http_append_header() to append value to header
    - MINOR: http_htx: add http_prepend_header() to prepend value to header
    - MINOR: sample: add ARGC_OPT
    - MINOR: proxy: introduce http only options
    - MINOR: proxy/http_ext: introduce proxy forwarded option
    - REGTEST: add ifnone-forwardfor test
    - MINOR: proxy: move 'forwardfor' option to http_ext
    - MINOR: proxy: move 'originalto' option to http_ext
    - MINOR: http_ext: introduce http ext converters
    - MINOR: http_ext: add rfc7239_is_valid converter
    - MINOR: http_ext: add rfc7239_field converter
    - MINOR: http_ext: add rfc7239_n2nn converter
    - MINOR: http_ext: add rfc7239_n2np converter
    - REGTEST: add RFC7239 forwarded header tests
    - OPTIM: http_ext/7239: introduce c_mode to save some space
    - MINOR: http_ext/7239: warn the user when fetch is not available
    - MEDIUM: proxy/http_ext: implement dynamic http_ext
    - MINOR: cfgparse/http_ext: move post-parsing http_ext steps to http_ext
    - DOC: config: fix option spop-check proxy compatibility
    - BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section
    - DOC: config: 'http-send-name-header' option may be used in default section
    - BUG/MINOR: mux-h2: Fix possible null pointer deref on h2c in _h2_trace_header()
    - BUG/MINOR: http_ext/7239: ipv6 dumping relies on out of scope variables
    - BUG/MEDIUM: h3: do not crash if no buf space for trailers
    - OPTIM: h3: skip buf realign if no trailer to encode
    - MINOR: mux-quic/h3: define stream close callback
    - BUG/MEDIUM: h3: handle STOP_SENDING on control stream
    - BUG/MINOR: h3: reject RESET_STREAM received for control stream
    - MINOR: h3: add missing traces on closure
    - BUG/MEDIUM: ssl: wrong eviction from the session cache tree
    - BUG/MINOR: h3: fix crash due to h3 traces
    - BUG/MINOR: h3: fix crash due to h3 traces
    - BUG/MEDIUM: thread: consider secondary threads as idle+harmless during boot
    - BUG/MINOR: stats: use proper buffer size for http dump
    - BUILD: makefile: fix PCRE overriding specific lib path
    - MINOR: quic: remove fin from quic_stream frame type
    - MINOR: quic: ensure offset is properly set for STREAM frames
    - MINOR: quic: define new functions for frame alloc
    - MINOR: quic: refactor frame deallocation
    - MEDIUM: quic: implement a retransmit limit per frame
    - MINOR: quic: add config for retransmit limit
    - OPTIM: htx: inline the most common memcpy(8)
    - CLEANUP: quic: no need for atomics on packet refcnt
    - MINOR: stats: add by HTTP version cumulated number of sessions and requests
    - BUG/MINOR: quic: Possible stream truncations under heavy loss
    - BUG/MINOR: quic: Too big PTO during handshakes
    - MINOR: quic: Add a trace about variable states in qc_prep_fast_retrans()
    - BUG/MINOR: quic: Do not ignore coalesced packets in qc_prep_fast_retrans()
    - MINOR: quic: When probing Handshake packet number space, also probe the Initial one
    - BUG/MAJOR: quic: Possible crash when processing 1-RTT during 0-RTT session
    - MEDIUM: quic: Remove qc_conn_finalize() from the ClientHello TLS callbacks
    - BUG/MINOR: quic: Unchecked source connection ID
    - MEDIUM: listener: move the analysers mask to the bind_conf
    - MINOR: listener: move maxseg and tcp_ut to bind_conf
    - MINOR: listener: move maxaccept from listener to bind_conf
    - MINOR: listener: move the backlog setting from listener to bind_conf
    - MINOR: listener: move the maxconn parameter to the bind_conf
    - MINOR: listener: move the ->accept callback to the bind_conf
    - MINOR: listener: remove the useless ->default_target field
    - MINOR: listener: move the nice field to the bind_conf
    - MINOR: listener: move the NOLINGER option to the bind_conf
    - MINOR: listener: move the NOQUICKACK option to the bind_conf
    - MINOR: listener: move the DEF_ACCEPT option to the bind_conf
    - MINOR: listener: move TCP_FO to bind_conf
    - MINOR: listener: move the ACC_PROXY and ACC_CIP options to bind_conf
    - MINOR: listener: move LI_O_UNLIMITED and LI_O_NOSTOP to bind_conf
    - MINOR: listener: get rid of LI_O_TCP_L4_RULES and LI_O_TCP_L5_RULES
    - CLEANUP: listener: remove the now unused options field
    - MINOR: listener: remove the now useless LI_F_QUIC_LISTENER flag
    - CLEANUP: config: remove test for impossible case regarding bind thread mask
    - MINOR: thread: add a simple thread_set API
    - MEDIUM: listener/config: make the "thread" parser rely on thread_sets
    - CLEANUP: config: stop using bind_tgroup and bind_thread
    - CLEANUP: listener/thread: remove now unused bind_conf's bind_tgroup/bind_thread
    - CLEANUP: listener/config: remove the special case for shards==1
    - MEDIUM: config: restrict shards, not bind_conf to one group each
    - BUG/MEDIUM: quic: do not split STREAM frames if no space
    - BUILD: thread: fix build warnings with older gcc compilers
2023-02-04 10:51:05 +01:00
Willy Tarreau
0f29b34e0a [RELEASE] Released version 2.8-dev2
Released version 2.8-dev2 with the following main changes :
    - CLEANUP: htx: fix a typo in an error message of http_str_to_htx
    - DOC: config: added optional rst-ttl argument to silent-drop in action lists
    - BUG/MINOR: ssl: Fix crash in 'update ssl ocsp-response' CLI command
    - BUG/MINOR: ssl: Crash during cleanup because of ocsp structure pointer UAF
    - MINOR: ssl: Create temp X509_STORE filled with cert chain when checking ocsp response
    - MINOR: ssl: Only set ocsp->issuer if issuer not in cert chain
    - MINOR: ssl: Release ssl_ocsp_task_ctx.cur_ocsp when destroying task
    - MINOR: ssl: Detect more OCSP update inconsistencies
    - BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times
    - MINOR: ssl: Limit ocsp_uri buffer size to minimum
    - MINOR: ssl: Remove mention of ckch_store in error message of cli command
    - MINOR: channel: Don't test CF_READ_NULL while CF_SHUTR is enough
    - REORG: channel: Rename CF_READ_NULL to CF_READ_EVENT
    - REORG: channel: Rename CF_WRITE_NULL to CF_WRITE_EVENT
    - MEDIUM: channel: Use CF_READ_EVENT instead of CF_READ_PARTIAL
    - MEDIUM: channel: Use CF_WRITE_EVENT instead of CF_WRITE_PARTIAL
    - MINOR: channel: Remove CF_READ_ACTIVITY
    - MINOR: channel: Remove CF_WRITE_ACTIVITY
    - MINOR: channel: Remove CF_ANA_TIMEOUT and report CF_READ_EVENT instead
    - MEDIUM: channel: Remove CF_READ_ATTACHED and report CF_READ_EVENT instead
    - MINOR: channel: Stop to test CF_READ_ERROR flag if CF_SHUTR is enough
    - MINOR: channel/applets: Stop to test CF_WRITE_ERROR flag if CF_SHUTW is enough
    - DOC: management: add details on "Used" status
    - DOC: management: add details about @system-ca in "show ssl ca-file"
    - BUG/MINOR: mux-quic: fix transfer of empty HTTP response
    - MINOR: mux-quic: add traces for flow-control limit reach
    - MAJOR: mux-quic: rework stream sending priorization
    - MEDIUM: h3: send SETTINGS before STREAM frames
    - MINOR: mux-quic: use send-list for STOP_SENDING/RESET_STREAM emission
    - MINOR: mux-quic: use send-list for immediate sending retry
    - BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses
    - BUG/MINOR: hlua: Fix Channel.line and Channel.data behavior regarding the doc
    - BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action
    - BUG/MINOR: ssl: Remove unneeded pointer check in ocsp cli release function
    - BUG/MINOR: ssl: Missing ssl_conf pointer check when checking ocsp update inconsistencies
    - DEV: tcploop: add minimal support for unix sockets
    - BUG/MEDIUM: listener: duplicate inherited FDs if needed
    - BUG/MINOR: ssl: OCSP minimum update threshold not properly set
    - MINOR: ssl: Treat ocsp-update inconsistencies as fatal errors
    - MINOR: ssl: Do not wake ocsp update task if update tree empty
    - MINOR: ssl: Reinsert updated ocsp response later in tree in case of http error
    - REGTEST: ssl: Add test for 'update ssl ocsp-response' CLI command
    - OPTIM: global: move byte counts out of global and per-thread
    - BUG/MEDIUM: peers: make "show peers" more careful about partial initialization
    - BUG/MINOR: promex: Don't forget to consume the request on error
    - MINOR: http-ana: Add a function to set HTTP termination flags
    - MINOR: http-ana: Use http_set_term_flags() in most of HTTP analyzers
    - BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body
    - MINOR: http-ana: Use http_set_term_flags() when waiting the request body
    - BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state
    - MAJOR: http-ana: Review error handling during HTTP payload forwarding
    - CLEANUP: http-ana: Remove HTTP_MSG_ERROR state
    - BUG/MEDIUM: mux-h2: Don't send CANCEL on shutw when response length is unkown
    - MINOR: htx: Add an HTX value for the extra field is payload length is unknown
    - BUG/MINOR: http-ana: make set-status also update txn->status
    - BUG/MINOR: listeners: fix suspend/resume of inherited FDs
    - DOC: config: fix wrong section number for "protocol prefixes"
    - DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@"
    - DOC: config: mention the missing "quic4@" and "quic6@" in protocol prefixes
    - MINOR: listener: also support "quic+" as an address prefix
    - CLEANUP: stconn: always use se_fl_set_error() to set the pending error
    - BUG/MEDIUM: stconn: also consider SE_FL_EOI to switch to SE_FL_ERROR
    - MINOR: quic: Useless test about datagram destination addresses
    - MINOR: quic: Disable the active connection migrations
    - MINOR: quic: Add "no-quic" global option
    - MINOR: sample: Add "quic_enabled" sample fetch
    - MINOR: quic: Replace v2 draft definitions by those of the final 2 version
    - BUG/MINOR: mux-fcgi: Correctly set pathinfo
    - DOC: config: fix "Address formats" chapter syntax
    - BUG/MEDIUM: jwt: Properly process ecdsa signatures (concatenated R and S params)
    - BUILD: ssl: add ECDSA_SIG_set0() for openssl < 1.1 or libressl < 2.7
    - Revert "BUILD: ssl: add ECDSA_SIG_set0() for openssl < 1.1 or libressl < 2.7"
    - BUG/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 (missing ECDSA_SIG_set0)
    - BUG/MINOR: listener: close tiny race between resume_listener() and stopping
    - BUG/MINOR: h3: properly handle connection headers
    - MINOR: h3: extend function for QUIC varint encoding
    - MINOR: h3: implement TRAILERS encoding
    - BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions
    - MEDIUM: bwlim: Support constants limit or period on set-bandwidth-limit actions
    - BUG/MINOR: bwlim: Fix parameters check for set-bandwidth-limit actions
    - MINOR: h3: implement TRAILERS decoding
    - BUG/MEDIUM: fd/threads: fix again incorrect thread selection in wakeup broadcast
    - BUG/MINOR: thread: always reload threads_enabled in loops
    - MINOR: threads: add a thread_harmless_end() version that doesn't wait
    - BUG/MEDIUM: debug/thread: make the debug handler not wait for !rdv_requests
    - BUG/MINOR: mux-h2: make sure to produce a log on invalid requests
    - BUG/MINOR: mux-h2: add missing traces on failed headers decoding
    - BUILD: hpack: include global.h for the trash that is needed in debug mode
    - BUG/MINOR: jwt: Wrong return value checked
    - BUG/MINOR: quic: Do not request h3 clients to close its unidirection streams
    - MEDIUM: quic-sock: fix udp source address for send on listener socket
2023-01-22 14:20:57 +01:00
Willy Tarreau
40c88f997f [RELEASE] Released version 2.8-dev1
Released version 2.8-dev1 with the following main changes :
    - MEDIUM: 51d: add support for 51Degrees V4 with Hash algorithm
    - MINOR: debug: support pool filtering on "debug dev memstats"
    - MINOR: debug: add a balance of alloc - free at the end of the memstats dump
    - LICENSE: wurfl: clarify the dummy library license.
    - MINOR: event_hdl: add event handler base api
    - DOC/MINOR: api: add documentation for event_hdl feature
    - MEDIUM: ssl: rename the struct "cert_key_and_chain" to "ckch_data"
    - MINOR: quic: remove qc from quic_rx_packet
    - MINOR: quic: complete traces in qc_rx_pkt_handle()
    - MINOR: quic: extract datagram parsing code
    - MINOR: tools: add port for ipcmp as optional criteria
    - MINOR: quic: detect connection migration
    - MINOR: quic: ignore address migration during handshake
    - MINOR: quic: startup detect for quic-conn owned socket support
    - MINOR: quic: test IP_PKTINFO support for quic-conn owned socket
    - MINOR: quic: define config option for socket per conn
    - MINOR: quic: allocate a socket per quic-conn
    - MINOR: quic: use connection socket for emission
    - MEDIUM: quic: use quic-conn socket for reception
    - MEDIUM: quic: move receive out of FD handler to quic-conn io-cb
    - MINOR: mux-quic: rename duplicate function names
    - MEDIUM: quic: requeue datagrams received on wrong socket
    - MINOR: quic: reconnect quic-conn socket on address migration
    - MINOR: quic: activate socket per conn by default
    - BUG/MINOR: ssl: initialize SSL error before parsing
    - BUG/MINOR: ssl: initialize WolfSSL before parsing
    - BUG/MINOR: quic: fix fd leak on startup check quic-conn owned socket
    - BUG/MEDIIM: stconn: Flush output data before forwarding close to write side
    - MINOR: server: add srv->rid (revision id) value
    - MINOR: stats: add server revision id support
    - MINOR: server/event_hdl: add support for SERVER_ADD and SERVER_DEL events
    - MINOR: server/event_hdl: add support for SERVER_UP and SERVER_DOWN events
    - BUG/MEDIUM: checks: do not reschedule a possibly running task on state change
    - BUG/MINOR: checks: make sure fastinter is used even on forced transitions
    - CLEANUP: assorted typo fixes in the code and comments
    - MINOR: mworker: display an alert upon a wait-mode exit
    - BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers
    - BUG/MEDIUM: mworker: create the mcli_reload socketpairs in case of upgrade
    - BUG/MINOR: checks: restore legacy on-error fastinter behavior
    - MINOR: check: use atomic for s->consecutive_errors
    - MINOR: stats: properly handle ST_F_CHECK_DURATION metric
    - MINOR: mworker: remove unused legacy code in mworker_cleanlisteners
    - MINOR: peers: unused code path in process_peer_sync
    - BUG/MINOR: init/threads: continue to limit default thread count to max per group
    - CLEANUP: init: remove useless assignment of nbthread
    - BUILD: atomic: atomic.h may need compiler.h on ARMv8.2-a
    - BUILD: makefile/da: also clean Os/ in Device Atlas dummy lib dir
    - BUG/MEDIUM: httpclient/lua: double LIST_DELETE on end of lua task
    - CLEANUP: pools: move the write before free to the uaf-only function
    - CLEANUP: pool: only include pool-os from pool.c not pool.h
    - REORG: pool: move all the OS specific code to pool-os.h
    - CLEANUP: pools: get rid of CONFIG_HAP_POOLS
    - DEBUG: pool: show a few examples in -dMhelp
    - MINOR: pools: make DEBUG_UAF a runtime setting
    - BUG/MINOR: promex: create haproxy_backend_agg_server_status
    - MINOR: promex: introduce haproxy_backend_agg_check_status
    - DOC: promex: Add missing backend metrics
    - BUG/MAJOR: fcgi: Fix uninitialized reserved bytes
    - REGTESTS: fix the race conditions in iff.vtc
    - CI: github: reintroduce openssl 1.1.1
    - BUG/MINOR: quic: properly handle alloc failure in qc_new_conn()
    - BUG/MINOR: quic: handle alloc failure on qc_new_conn() for owned socket
    - CLEANUP: mux-quic: remove unused attribute on qcs_is_close_remote()
    - BUG/MINOR: mux-quic: remove qcs from opening-list on free
    - BUG/MINOR: mux-quic: handle properly alloc error in qcs_new()
    - CI: github: split ssl lib selection based on git branch
    - REGTESTS: startup: check maxconn computation
    - BUG/MINOR: startup: don't use internal proxies to compute the maxconn
    - REGTESTS: startup: change the expected maxconn to 11000
    - CI: github: set ulimit -n to a greater value
    - REGTESTS: startup: activate automatic_maxconn.vtc
    - MINOR: sample: add param converter
    - CLEANUP: ssl: remove check on srv->proxy
    - BUG/MEDIUM: freq-ctr: Don't compute overshoot value for empty counters
    - BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout
    - REGTESTS: startup: add alternatives values in automatic_maxconn.vtc
    - BUG/MEDIUM: h3: reject request with invalid header name
    - BUG/MEDIUM: h3: reject request with invalid pseudo header
    - MINOR: http: extract content-length parsing from H2
    - BUG/MEDIUM: h3: parse content-length and reject invalid messages
    - CI: github: remove redundant ASAN loop
    - CI: github: split matrix for development and stable branches
    - BUG/MEDIUM: mux-h1: Don't release H1 stream upgraded from TCP on error
    - BUG/MINOR: mux-h1: Fix test instead a BUG_ON() in h1_send_error()
    - MINOR: http-htx: add BUG_ON to prevent API error on http_cookie_register
    - BUG/MEDIUM: h3: fix cookie header parsing
    - BUG/MINOR: h3: fix memleak on HEADERS parsing failure
    - MINOR: h3: check return values of htx_add_* on headers parsing
    - MINOR: ssl: Remove unneeded buffer allocation in show ocsp-response
    - MINOR: ssl: Remove unnecessary alloc'ed trash chunk in show ocsp-response
    - BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain
    - MINOR: stats: provide ctx for dumping functions
    - MINOR: stats: introduce stats field ctx
    - BUG/MINOR: stats: fix show stat json buffer limitation
    - MINOR: stats: make show info json future-proof
    - BUG/MINOR: quic: fix crash on PTO rearm if anti-amplification reset
    - BUILD: 51d: fix build issue with recent compilers
    - REGTESTS: startup: disable automatic_maxconn.vtc
    - BUILD: peers: peers-t.h depends on stick-table-t.h
    - BUG/MEDIUM: tests: use tmpdir to create UNIX socket
    - BUG/MINOR: mux-h1: Report EOS on parsing/internal error for not running stream
    - BUG/MINOR:: mux-h1: Never handle error at mux level for running connection
    - BUG/MEDIUM: stats: Rely on a local trash buffer to dump the stats
    - OPTIM: pool: split the read_mostly from read_write parts in pool_head
    - MINOR: pool: make the thread-local hot cache size configurable
    - MINOR: freq_ctr: add opportunistic versions of swrate_add()
    - MINOR: pool: only use opportunistic versions of the swrate_add() functions
    - REGTESTS: ssl: enable the ssl_reuse.vtc test for WolfSSL
    - BUG/MEDIUM: mux-quic: fix double delete from qcc.opening_list
    - BUG/MEDIUM: quic: properly take shards into account on bind lines
    - BUG/MINOR: quic: do not allocate more rxbufs than necessary
    - MINOR: ssl: Add a lock to the OCSP response tree
    - MINOR: httpclient: Make the CLI flags public for future use
    - MINOR: ssl: Add helper function that extracts an OCSP URI from a certificate
    - MINOR: ssl: Add OCSP request helper function
    - MINOR: ssl: Add helper function that checks the validity of an OCSP response
    - MINOR: ssl: Add "update ssl ocsp-response" cli command
    - MEDIUM: ssl: Add ocsp_certid in ckch structure and discard ocsp buffer early
    - MINOR: ssl: Add ocsp_update_tree and helper functions
    - MINOR: ssl: Add crt-list ocsp-update option
    - MINOR: ssl: Store 'ocsp-update' mode in the ckch_data and check for inconsistencies
    - MEDIUM: ssl: Insert ocsp responses in update tree when needed
    - MEDIUM: ssl: Add ocsp update task main function
    - MEDIUM: ssl: Start update task if at least one ocsp-update option is set to on
    - DOC: ssl: Add documentation for ocsp-update option
    - REGTESTS: ssl: Add tests for ocsp auto update mechanism
    - MINOR: ssl: Move OCSP code to a dedicated source file
    - BUG/MINOR: ssl/ocsp: check chunk_strcpy() in ssl_ocsp_get_uri_from_cert()
    - CLEANUP: ssl/ocsp: add spaces around operators
    - BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set
    - BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats
    - BUG/MINOR: ssl/ocsp: httpclient blocked when doing a GET
    - MINOR: httpclient: don't add body when istlen is empty
    - MEDIUM: httpclient: change the default log format to skip duplicate proxy data
    - BUG/MINOR: httpclient/log: free of invalid ptr with httpclient_log_format
    - MEDIUM: mux-quic: implement shutw
    - MINOR: mux-quic: do not count stream flow-control if already closed
    - MINOR: mux-quic: handle RESET_STREAM reception
    - MEDIUM: mux-quic: implement STOP_SENDING emission
    - MINOR: h3: use stream error when needed instead of connection
    - CI: github: enable github api authentication for OpenSSL tags read
    - BUG/MINOR: mux-quic: ignore remote unidirectional stream close
    - CI: github: use the GITHUB_TOKEN instead of a manually generated token
    - BUILD: makefile: build the features list dynamically
    - BUILD: makefile: move common options-oriented macros to include/make/options.mk
    - BUILD: makefile: sort the features list
    - BUILD: makefile: initialize all build options' variables at once
    - BUILD: makefile: add a function to collect all options' CFLAGS/LDFLAGS
    - BUILD: makefile: start to automatically collect CFLAGS/LDFLAGS
    - BUILD: makefile: ensure that all USE_* handlers appear before CFLAGS are used
    - BUILD: makefile: clean the wolfssl include and lib generation rules
    - BUILD: makefile: make sure to also ignore SSL_INC when using wolfssl
    - BUILD: makefile: reference libdl only once
    - BUILD: makefile: make sure LUA_INC and LUA_LIB are always initialized
    - BUILD: makefile: do not restrict Lua's prepend path to empty LUA_LIB_NAME
    - BUILD: makefile: never force -latomic, set USE_LIBATOMIC instead
    - BUILD: makefile: add an implicit USE_MATH variable for -lm
    - BUILD: makefile: properly report USE_PCRE/USE_PCRE2 in features
    - CLEANUP: makefile: properly indent ifeq/ifneq conditional blocks
    - BUILD: makefile: rework 51D to split v3/v4
    - BUILD: makefile: support LIBCRYPT_LDFLAGS
    - BUILD: makefile: support RT_LDFLAGS
    - BUILD: makefile: support THREAD_LDFLAGS
    - BUILD: makefile: support BACKTRACE_LDFLAGS
    - BUILD: makefile: support SYSTEMD_LDFLAGS
    - BUILD: makefile: support ZLIB_CFLAGS and ZLIB_LDFLAGS
    - BUILD: makefile: support ENGINE_CFLAGS
    - BUILD: makefile: support OPENSSL_CFLAGS and OPENSSL_LDFLAGS
    - BUILD: makefile: support WOLFSSL_CFLAGS and WOLFSSL_LDFLAGS
    - BUILD: makefile: support LUA_CFLAGS and LUA_LDFLAGS
    - BUILD: makefile: support DEVICEATLAS_CFLAGS and DEVICEATLAS_LDFLAGS
    - BUILD: makefile: support PCRE[2]_CFLAGS and PCRE[2]_LDFLAGS
    - BUILD: makefile: refactor support for 51DEGREES v3/v4
    - BUILD: makefile: support WURFL_CFLAGS and WURFL_LDFLAGS
    - BUILD: makefile: make all OpenSSL variants use the same settings
    - BUILD: makefile: remove the special case of the SSL option
    - BUILD: makefile: only consider settings from enabled options
    - BUILD: makefile: also list per-option settings in 'make opts'
    - BUG/MINOR: debug: don't mask the TH_FL_STUCK flag before dumping threads
    - MINOR: cfgparse-ssl: avoid a possible crash on OOM in ssl_bind_parse_npn()
    - BUG/MINOR: ssl: Missing goto in error path in ocsp update code
    - BUG/MINOR: stick-table: report the correct action name in error message
    - CI: Improve headline in matrix.py
    - CI: Add in-memory cache for the latest OpenSSL/LibreSSL
    - CI: Use proper `if` blocks instead of conditional expressions in matrix.py
    - CI: Unify the `GITHUB_TOKEN` name across matrix.py and vtest.yml
    - CI: Explicitly check environment variable against `None` in matrix.py
    - CI: Reformat `matrix.py` using `black`
    - MINOR: config: add environment variables for default log format
    - REGTESTS: Remove REQUIRE_VERSION=1.9 from all tests
    - REGTESTS: Remove REQUIRE_VERSION=2.0 from all tests
    - REGTESTS: Remove tests with REQUIRE_VERSION_BELOW=1.9
    - BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set
    - BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned
    - DOC: config: fix alphabetical ordering of http-after-response rules
    - MINOR: http-rules: Add missing actions in http-after-response ruleset
    - DOC: config: remove duplicated "http-response sc-set-gpt0" directive
    - BUG/MINOR: proxy: free orgto_hdr_name in free_proxy()
    - REGTEST: fix the race conditions in json_query.vtc
    - REGTEST: fix the race conditions in add_item.vtc
    - REGTEST: fix the race conditions in digest.vtc
    - REGTEST: fix the race conditions in hmac.vtc
    - BUG/MINOR: fd: avoid bad tgid assertion in fd_delete() from deinit()
    - BUG/MINOR: http: Memory leak of http redirect rules' format string
    - MEDIUM: stick-table: set the track-sc limit at boottime via tune.stick-counters
    - MINOR: stick-table: implement the sc-add-gpc() action
2023-01-07 09:45:17 +01:00
Willy Tarreau
437fd289f2 [RELEASE] Released version 2.7.0
Released version 2.7.0 with the following main changes :
    - MINOR: ssl: forgotten newline in error messages on ca-file
    - BUG/MINOR: ssl: shut the ca-file errors emitted during httpclient init
    - DOC: config: provide some configuration hints for "http-reuse"
    - DOC: config: refer to section about quoting in the "add_item" converter
    - DOC: halog: explain how to use -ac and -ad in the help message
    - DOC: config: clarify the fact that SNI should not be used in HTTP scenarios
    - DOC: config: mention that a single monitor-uri rule is supported
    - DOC: config: explain how default matching method for ACL works
    - DOC: config: clarify the fact that "retries" is not just for connections
    - BUILD: halog: fix missing double-quote at end of help line
    - DOC: config: clarify the -m dir and -m dom pattern matching methods
    - MINOR: activity: report uptime in "show activity"
    - REORG: activity/cli: move the "show activity" handler to activity.c
    - DEV: poll: add support for epoll
    - DEV: tcploop: centralize the polling code into wait_for_fd()
    - DEV: tcploop: add support for POLLRDHUP when supported
    - DEV: tcploop: do not report an error on POLLERR
    - DEV: tcploop: add optional support for epoll
    - SCRIPTS: announce-release: add a link to the data plane API
    - CLEANUP: stick-table: fill alignment holes in the stktable struct
    - MINOR: stick-table: store a per-table hash seed and use it
    - MINOR: stick-table: show the shard number in each entry's "show table" output
    - CLEANUP: ncbuf: remove ncb_blk args by value
    - CLEANUP: ncbuf: inline small functions
    - CLEANUP: ncbuf: use standard BUG_ON with DEBUG_STRICT
    - BUG/MINOR: quic: Endless loop during retransmissions
    - MINOR: mux-h2: add the expire task and its expiration date in "show fd"
    - BUG/MINOR: peers: always initialize the stksess shard value
    - REGTESTS: fix peers-related regtests regarding "show table"
    - BUG/MEDIUM: mux-h1: Close client H1C on EOS when there is no output data
    - MINOR: stick-table: change the API of the function used to calculate the shard
    - CLEANUP: peers: factor out the key len calculation in received updates
    - BUG/MINOR: peers: always update the stksess shard number on incoming updates
    - CLEANUP: assorted typo fixes in the code and comments
    - MINOR: mux-h1: add the expire task and its expiration date in "show fd"
    - MINOR: debug: improve error handling on the memstats command parser
    - BUILD: quic: allow build with USE_QUIC and USE_OPENSSL_WOLFSSL
    - CLEANUP: anon: clarify the help message on "debug dev hash"
    - MINOR: debug: relax access restrictions on "debug dev hash" and "memstats"
    - SCRIPTS: run-regtests: add a version check
    - MINOR: version: mention that it's stable now
2022-12-01 15:16:46 +01:00
Willy Tarreau
0279df9e82 [RELEASE] Released version 2.7-dev10
Released version 2.7-dev10 with the following main changes :
    - MEDIUM: tcp-act: add parameter rst-ttl to silent-drop
    - BUG/MAJOR: quic: Crash upon retransmission of dgrams with several packets
    - MINOR: cli: print parsed command when not found
    - BUG/MAJOR: quic: Crash after discarding packet number spaces
    - CLEANUP: quic: replace "choosen" with "chosen" all over the code
    - MINOR: cli/pools: store "show pools" results into a temporary array
    - MINOR: cli/pools: add sorting capabilities to "show pools"
    - MINOR: cli/pools: add pool name filtering capability to "show pools"
    - DOC: configuration: fix quic prefix typo
    - MINOR: quic: report error if force-retry without cluster-secret
    - MINOR: global: generate random cluster.secret if not defined
    - BUG/MINOR: resolvers: do not run the timeout task when there's no resolution
    - BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns
    - MINOR: server/idle: make the next_takeover index per-tgroup
    - BUILD: listener: fix build warning on global_listener_rwlock without threads
    - BUG/MAJOR: sched: protect task during removal from wait queue
    - BUILD: sched: fix build with DEBUG_THREAD with the previous commit
    - DOC: quic: add note on performance issue with listener contention
    - BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance
    - BUG/MINOR: log: fix parse_log_message rfc5424 size check
    - CLEANUP: arg: remove extra check in make_arg_list arg escaping
    - CLEANUP: tools: extra check in utoa_pad
    - MINOR: h1: Consider empty port as invalid in authority for CONNECT
    - MINOR: http: Considere empty ports as valid default ports
    - BUG/MINOR: http-htx: Normalized absolute URIs with an empty port
    - BUG/MINOR: h1: Replace authority validation to conform RFC3986
    - REG-TESTS: http: Add more tests about authority/host matching
    - BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action
    - BUG/MEDIUM: mux-h1: Don't release H1C on timeout if there is a SC attached
    - BUG/MEDIUM: mux-h1: Subscribe for reads on error on sending path
    - BUILD: http-htx: Silent build error about a possible NULL start-line
    - DOC: configuration.txt: add default_value for table_idle signature
    - BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk()
    - BUG/MEDIUM: mux-h1: Remove H1C_F_WAIT_NEXT_REQ flag on a next request
    - BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out
    - MINOR: mux-h1: Remove H1C_F_WAIT_NEXT_REQ in functions handling errors
    - MINOR: mux-h1: Avoid useless call to h1_send() if no error is sent
    - DOC: configuration.txt: fix typo in table_idle signature
    - BUILD: stick-tables: fix build breakage in xxhash on older compilers
    - BUILD: compiler: include compiler's definitions before ours
    - BUILD: quic: global.h is needed in cfgparse-quic
    - CLEANUP: tools: do not needlessly include xxhash nor cli from tools.h
    - BUILD: flags: really restrict the cases where flags are exposed
    - BUILD: makefile: minor reordering of objects by build time
    - BUILD: quic: silence two invalid build warnings at -O1 with gcc-6.5
    - BUILD: quic: use openssl-compat.h instead of openssl/ssl.h
    - MEDIUM: ssl: add minimal WolfSSL support with OpenSSL compatibility mode
    - MINOR: sample: make the rand() sample fetch function use the statistical_prng
    - MINOR: auth: silence null dereference warning in check_user()
    - CLEANUP: peers: fix format string for status messages (int signedness)
    - CLEANUP: qpack: fix format string in debugging code (int signedness)
    - CLEANUP: qpack: properly use the QPACK macros not HPACK ones in debug code
    - BUG/MEDIUM: quic: fix datagram dropping on queueing failed
2022-11-24 17:13:05 +01:00
Willy Tarreau
a0abec8bc0 [RELEASE] Released version 2.7-dev9
Released version 2.7-dev9 with the following main changes :
    - BUILD: quic: QUIC mux build fix for 32-bit build
    - BUILD: scripts: disable tests build on QuicTLS build
    - BUG/MEDIUM: httpclient: segfault when the httpclient parser fails
    - BUILD: ssl_sock: fix null dereference for QUIC build
    - BUILD: quic: Fix build for m68k cross-compilation
    - BUG/MINOR: quic: fix buffer overflow on retry token generation
    - MINOR: quic: add version field on quic_rx_packet
    - MINOR: quic: extend pn_offset field from quic_rx_packet
    - MINOR: quic: define first packet flag
    - MINOR: quic: extract connection retrieval
    - MINOR: quic: split and rename qc_lstnr_pkt_rcv()
    - MINOR: quic: refactor packet drop on reception
    - MINOR: quic: extend Retry token check function
    - BUG/MINOR: log: Preserve message facility when the log target is a ring buffer
    - BUG/MINOR: ring: Properly parse connect timeout
    - BUG/MEDIUM: httpclient/lua: crash when the lua task timeout before the httpclient
    - BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler
    - REGTESTS: httpclient/lua: test the lua task timeout with the httpclient
    - CI: github: dump the backtrace of coredumps in the alpine container
    - BUILD: Makefile: add "USE_SHM_OPEN" on the linux-musl target
    - DOC: lua: add a note about compression w/ httpclient
    - CLEANUP: mworker/cli: rename the status function to loadstatus
    - MINOR: mworker/cli: does no try to dump the startup-logs w/o USE_SHM_OPEN
    - MINOR: list: fixing typo in MT_LIST_LOCK_ELT
    - DOC/MINOR: list: fixing MT_LIST_LOCK_ELT macro documentation
    - MINOR: list: adding MT_LIST_APPEND_LOCKED macro
    - BUG/MINOR: mux-quic: complete flow-control for uni streams
    - BUG/MEDIUM: compression: handle rewrite errors when updating response headers
    - MINOR: quic: do not crash on unhandled sendto error
    - MINOR: quic: display unknown error sendto counter on stat page
    - MINOR: peers: Support for peer shards
    - MINOR: peers: handle multiple resync requests using shards
    - BUG/MINOR: sink: Only use backend capability for the sink proxies
    - BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers
    - MINOR: ssl: add the SSL error string when failing to load a certificate
    - MINOR: ssl: add the SSL error string before the chain
    - MEDIUM: ssl: be stricter about chain error
    - BUG/MAJOR: stick-table: don't process store-response rules for applets
    - MINOR: quic: remove unnecessary quic_session_accept()
    - BUG/MINOR: quic: fix subscribe operation
    - BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting
    - MINOR: ssl: dump the SSL string error when SSL_CTX_use_PrivateKey() failed.
    - MINOR: quic: add counter for interrupted reception
    - BUG/MINOR: quic: fix race condition on datagram purging
    - CI: add monthly gcc cross compile jobs
    - CLEANUP: assorted typo fixes in the code and comments
    - CLEANUP: ssl: remove dead code in ssl_sock_load_pem_into_ckch()
    - BUG/MINOR: httpclient: fixed memory allocation for the SSL ca_file
    - BUG/MINOR: ssl: Memory leak of DH BIGNUM fields
    - BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer
    - BUG/MINOR: ssl: ocsp structure not freed properly in case of error
    - CI: switch to the "latest" LibreSSL
    - CI: enable QUIC for LibreSSL builds
    - BUG/MEDIUM: ssl: Verify error codes can exceed 63
    - MEDIUM: ssl: {ca,crt}-ignore-err can now use error constant name
    - MINOR: ssl: x509_v_err_str converter transforms an integer to a X509_V_ERR name
    - CLEANUP: cli: rename dynamic error printing state
    - MINOR: cli: define usermsgs print context
    - MINOR: server: clear prefix on stderr logs after add server
    - BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC
    - BUILD: ssl_utils: fix build on gcc versions before 8
    - BUILD: debug: remove unnecessary quotes in HA_WEAK() calls
    - CI: emit the compiler's version in the build reports
    - IMPORT: xxhash: update xxHash to version 0.8.1
    - IMPORT: slz: declare len to fix debug build when optimal match is enabled
    - IMPORT: slz: mention the potential header in slz_finish()
    - IMPORT: slz: define and use a __fallthrough statement for switch/case
    - BUILD: compiler: add a macro to detect if another one is set and equals 1
    - BUILD: compiler: add a default definition for __has_attribute()
    - BUILD: compiler: define a __fallthrough statement for switch/case
    - BUILD: sample: use __fallthrough in smp_is_rw() and smp_dup()
    - BUILD: quic: use __fallthrough in quic_connect_server()
    - BUILD: ssl/crt-list: use __fallthrough in cli_io_handler_add_crtlist()
    - BUILD: ssl: use __fallthrough in cli_io_handler_commit_{cert,cafile_crlfile}()
    - BUILD: ssl: use __fallthrough in cli_io_handler_tlskeys_files()
    - BUILD: hlua: use __fallthrough in hlua_post_init_state()
    - BUILD: stream: use __fallthrough in stats_dump_full_strm_to_buffer()
    - BUILD: tcpcheck: use __fallthrough in check_proxy_tcpcheck()
    - BUILD: stats: use __fallthrough in stats_dump_proxy_to_buffer()
    - BUILD: peers: use __fallthrough in peer_io_handler()
    - BUILD: hash: use __fallthrough in hash_djb2()
    - BUILD: tools: use __fallthrough in url_decode()
    - BUILD: args: use __fallthrough in make_arg_list()
    - BUILD: acl: use __fallthrough in parse_acl_expr()
    - BUILD: spoe: use __fallthrough in spoe_handle_appctx()
    - BUILD: logs: use __fallthrough in build_log_header()
    - BUILD: check: use __fallthrough in __health_adjust()
    - BUILD: http_act: use __fallthrough in parse_http_del_header()
    - BUILD: h1_htx: use __fallthrough in h1_parse_chunk()
    - BUILD: vars: use __fallthrough in var_accounting_{diff,add}()
    - BUILD: map: use __fallthrough in cli_io_handler_*()
    - BUILD: compression: use __fallthrough in comp_http_payload()
    - BUILD: stconn: use __fallthrough in various shutw() functions
    - BUILD: prometheus: use __fallthrough in promex_dump_metrics() and IO handler()
    - CLEANUP: ssl: remove printf in bind_parse_ignore_err
    - BUG/MINOR: ssl:  crt-ignore-err memory leak with 'all' parameter
    - BUG/MINOR: ssl: Fix potential overflow
    - CLEANUP: stick-table: remove the unused table->exp_next
    - OPTIM: stick-table: avoid atomic ops in stktable_requeue_exp() when possible
    - BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task
    - MEDIUM: http-ana: remove set-cookie2 support
    - BUG/MEDIUM: wdt/clock: properly handle early task hangs
    - MINOR: deinit: add a "quick-exit" option to bypass the deinit step
    - OPTIM: ebtree: make ebmb_insert_prefix() keep a copy the new node's pfx
    - OPTIM: ebtree: make ebmb_insert_prefix() keep a copy the new node's key
    - MINOR: ssl: ssl_sock_load_cert_chain() display error strings
    - MINOR: ssl: reintroduce ERR_GET_LIB(ret) == ERR_LIB_PEM in ssl_sock_load_pem_into_ckch()
    - BUG/MINOR: http-htx: Fix error handling during parsing http replies
    - BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure
    - BUG/MINOR: resolvers: Set port before IP address when processing SRV records
    - BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy
    - BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once
    - BUG/MINOR: ssl: SSL_load_error_strings might not be defined
    - MINOR: pool/debug: create a new pool_alloc_flag() macro
    - MINOR: dynbuf: switch allocation and release to macros to better track users
    - BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers
    - REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses
    - DOC: config: fix alphabetical ordering of global section
    - MINOR: trace: split the CLI "trace" parser in CLI vs statement
    - MEDIUM: trace: create a new "trace" statement in the "global" section
    - BUG/MEDIUM: ring: fix creation of server in uninitialized ring
    - BUILD: quic: fix dubious 0-byte overflow on qc_release_lost_pkts
    - BUILD: makefile: mark poll and tcploop targets as phony
    - BUILD: makefile: properly pass CC to sub-projects
    - BUILD: makefile: move default verbosity settings to include/make/verbose.mk
    - BUILD: makefile: use $(cmd_MAKE) in quiet mode
    - BUILD: makefile: move the compiler option detection stuff to compiler.mk
    - DEV: poll: make the connect() step an action as well
    - DEV: poll: strip the "do_" prefix from reported function names
    - DEV: poll: indicate the FD's side in front of its value
    - BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes
    - MINOR: mux-h1: Remove usless code inside shutr callback
    - CLEANUP: mux-h1; Rename H1S_F_ERROR flag into H1S_F_ERROR_MASK
    - REORG: mux-h1: Reorg the H1C structure
    - CLEANUP: mux-h1: Rename H1C_F_ST_ERROR and H1C_F_ST_SILENT_SHUT flags
    - MINOR: mux-h1: Add a dedicated enum to deal with H1 connection state
    - MEDIUM: mux-h1: Handle H1C states via its state field instead of H1C_F_ST_*
    - MINOR: mux-h1: Don't handle subscribe for reads in h1_process_demux()
    - CLEANUP: mux-h1: Rename H1C_F_ERR_PENDING into H1C_F_ABRT_PENDING
    - MINOR: mux-h1: Add flag on H1 stream to deal with internal errors
    - MEDIUM: mux-h1: Rely on the H1C to deal with shutdown for reads
    - CLEANUP: mux-h1: Reorder H1 connection flags to avoid holes
    - MEDIUM: mux-h1: Don't report a final error whe a message is aborted
    - MEDIUM: mux-pt: Don't always set a final error on SE on the sending path
    - MEDIUM: mux-h2: Introduce flags to deal with connection read/write errors
    - CLEANUP: mux-h2: Remove unused fields in h2c structures
    - MEDIUM: mux-fcgi: Introduce flags to deal with connection read/write errors
    - MINOR: sconn: Set SE_FL_ERROR only when there is no more data to read
    - MINOR: mux-h1: Rely on a H1S flag to know a WS key was found or not
    - DOC: lua-api: Remove warning about the lua filters
    - BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task
    - CLEANUP: listener: Remove useless task_queue from manage_global_listener_queue
    - BUG/MINOR: mux-h1: Fix error handling when H1S allocation failed on client side
    - DOC: internal: commit notes about polling states and flags
    - DOC: internal: commit notes about polling states and flags on connect()
    - CLEANUP: mux-h1: Don't test h1c in h1_shutw_conn()
    - BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists
    - BUG/MEDIUM: raw-sock: Don't report connection error if something was received
    - BUG/MINOR: ssl: don't initialize the keylog callback when not required
    - BUILD: Makefile: enable USE_SHM_OPEN by default on freebsd
    - BUG/MEDIUM: peers: messages about unkown tables not correctly ignored
    - MINOR: cfgparse: Always check the section position
    - MEDIUM: thread: Restric nbthread/thread-group(s) to very first global sections
    - BUILD: peers: Remove unused variables
    - MINOR: ncbuf: complete doc for ncb_advance()
    - BUG/MEDIUM: quic: fix unsuccessful handshakes on ncb_advance error
    - BUG/MEDIUM: quic: fix memleak for out-of-order crypto data
    - MINOR: quic: complete traces/debug for handshake
2022-11-18 17:48:49 +01:00
Willy Tarreau
ea8aebe8c5 [RELEASE] Released version 2.7-dev8
Released version 2.7-dev8 with the following main changes :
    - BUG/MINOR: checks: update pgsql regex on auth packet
    - DOC: config: Fix pgsql-check documentation to make user param mandatory
    - CLEANUP: mux-quic: remove usage of non-standard ull type
    - CLEANUP: quic: remove global var definition in quic_tls header
    - BUG/MINOR: quic: adjust quic_tls prototypes
    - CLEANUP: quic: fix headers
    - CLEANUP: quic: remove unused function prototype
    - CLEANUP: quic: remove duplicated varint code from xprt_quic.h
    - CLEANUP: quic: create a dedicated quic_conn module
    - BUG/MINOR: mux-quic: ignore STOP_SENDING for locally closed stream
    - BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure
    - BUG/MEDIUM: lua: handle stick table implicit arguments right.
    - BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os
    - MINOR: fd: add a new function to only raise RLIMIT_NOFILE
    - MINOR: init: do not try to shrink existing RLIMIT_NOFIlE
    - BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth()
    - BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os
    - BUG/MINOR: hlua: hlua_channel_insert_data() behavior conflicts with documentation
    - MINOR: quic: limit usage of ssl_sock_ctx in favor of quic_conn
    - MINOR: mux-quic: check quic-conn return code on Tx
    - CLEANUP: quic: fix indentation
    - MEDIUM: quic: retrieve frontend destination address
    - CLEANUP: Reapply ist.cocci (2)
    - CLEANUP: Reapply strcmp.cocci
    - CLEANUP: quic/receiver: remove the now unused tx_qring list
    - BUG/MINOR: quic: set IP_PKTINFO socket option for QUIC receivers only
    - MINOR: hlua: some luaL_checktype() calls were not guarded with MAY_LJMP
    - DOC: configuration: missing 'if' in tcp-request content example
    - MINOR: hlua: removing ambiguous lua_pushvalue with 0 index
    - BUG/MAJOR: stick-tables: do not try to index a server name for applets
    - MINOR: plock: support disabling exponential back-off
    - MINOR: freq_ctr: use the thread's local time whenever possible
    - MEDIUM: stick-table: switch the table lock to rwlock
    - MINOR: stick-table: do not take an exclusive lock when downing ref_cnt
    - MINOR: stick-table: move the write lock inside stktable_touch_with_exp()
    - MEDIUM: stick-table: only take the lock when needed in stktable_touch_with_exp()
    - MEDIUM: stick-table: make stksess_kill_if_expired() avoid the exclusive lock
    - MEDIUM: stick-table: return inserted entry in __stktable_store()
    - MEDIUM: stick-table: free newly allocated stkess if it couldn't be inserted
    - MEDIUM: stick-table: switch to rdlock in stktable_lookup() and lookup_key()
    - MEDIUM: stick-table: make stktable_get_entry() look up under a read lock
    - MEDIUM: stick-table: do not take a lock to update t->current anymore.
    - MEDIUM: stick-table: make stktable_set_entry() look up under a read lock
    - MEDIUM: stick-table: requeue the expiration task out of the exclusive lock
    - MINOR: stick-table: split stktable_store() between key and requeue
    - MEDIUM: stick-table: always use atomic ops to requeue the table's task
    - MEDIUM: stick-table: requeue the wakeup task out of the write lock
    - BUG/MINOR: stick-table: fix build with DEBUG_THREAD
    - REORG: mux-fcgi: Extract flags and enums into mux_fcgi-t.h
    - MINOR: flags/mux-fcgi: Decode FCGI connection and stream flags
    - BUG/MEDIUM: mux-h1: Add connection error handling when reading/sending on a pipe
    - BUG/MEDIUM: mux-h1: Handle abort with an incomplete message during parsing
    - BUG/MINOR: server: make sure "show servers state" hides private bits
    - MINOR: checks: use the lighter PRNG for spread checks
    - MEDIUM: checks: spread the checks load over random threads
    - CI: SSL: use proper version generating when "latest" semantic is used
    - CI: SSL: temporarily stick to LibreSSL=3.5.3
    - MINOR: quic: New quic_cstream object implementation
    - MINOR: quic: Extract CRYPTO frame parsing from qc_parse_pkt_frms()
    - MINOR: quic: Use a non-contiguous buffer for RX CRYPTO data
    - BUG/MINOR: quic: Stalled 0RTT connections with big ClientHello TLS message
    - MINOR: quic: Split the secrets key allocation in two parts
    - CLEANUP: quic: remove unused rxbufs member in receiver
    - CLEANUP: quic: improve naming for rxbuf/datagrams handling
    - MINOR: quic: implement datagram cleanup for quic_receiver_buf
    - MINOR: ring: ring_cast_from_area() cast from an allocated area
    - MINOR: buffers: split b_force_xfer() into b_cpy() and b_force_xfer()
    - MINOR: logs: startup-logs can use a shm for logging the reload
    - MINOR: mworker/cli: reload command displays the startup-logs
    - MEDIUM: quic: respect the threads assigned to a bind line
    - DOC: management: update the "reload" command of the master CLI
    - BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk()
    - BUG/MEDIUM: httpclient: Don't set EOM flag on an empty HTX message
    - MINOR: httpclient/lua: Don't set req_payload callback if body is empty
    - DOC/CLEANUP: lua-api: some minor corrections
    - DOC: lua-api: updating toolbox link
    - DOC/CLEANUP: lua-api: removing duplicate core.proxies attribute
    - DOC: management: add forgotten "show startup-logs"
    - DOC: management: "show startup-logs" for master CLI
    - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py
    - CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition
2022-10-14 20:45:23 +02:00
Willy Tarreau
dd4a2a69dc [RELEASE] Released version 2.7-dev7
Released version 2.7-dev7 with the following main changes :
    - BUG/MEDIUM: mux-quic: fix nb_hreq decrement
    - CLEANUP: httpclient: deleted unused variables
    - MINOR: httpclient: enabled the use of SNI presets
    - OPTIM: hpack-huff: reduce the cache footprint of the huffman decoder
    - BUG/MINOR: mux-quic: do not keep detached qcs with empty Tx buffers
    - REORG: mux-quic: extract traces in a dedicated source file
    - REORG: mux-quic: export HTTP related function in a dedicated file
    - MINOR: mux-quic: refactor snd_buf
    - BUG/MEDIUM: mux-quic: properly trim HTX buffer on snd_buf reset
    - BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error
    - BUG/MINOR: log: improper behavior when escaping log data
    - CLEANUP: tools: removing escape_chunk() function
    - MINOR: clock: split local and global date updates
    - MINOR: pollers: only update the local date during busy polling
    - MINOR: clock: do not update the global date too often
    - REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies
    - MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands
    - BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction
    - MINOR: list: documenting mt_list_for_each_entry_safe() macro
    - CLEANUP: list: Fix mt_list_for_each_entry_safe indentation
    - BUG/MINOR: hlua: Remove \n in Lua error message built with memprintf
    - MINOR: hlua: Allow argument on lua-lod(-per-thread) directives
    - BUG/MINOR: anon: memory illegal accesses in tools.c with hash_anon and hash_ipanon
    - MEDIUM: mworker/cli: keep the connection of the FD that ask for a reload
    - BUG/MINOR: hlua: fixing ambiguous sizeof in hlua_load_per_thread
    - MINOR: mworker/cli: replace close() by fd_delete()
    - MINOR: mworker: store and shows loading status
    - MINOR: mworker: mworker_cli_proxy_new_listener() returns a bind_conf
    - MINOR: mworker: stores the mcli_reload bind_conf
    - MINOR: mworker/cli: the mcli_reload bind_conf only send the reload status
    - DOC: management: describe the new reload command behavior
    - CLEANUP: list: fix again some style issues in the recent comments
    - BUG/MINOR: stream: Perform errors handling in right order in stream_new()
    - BUG/MEDIUM: stconn: Reset SE descriptor when we fail to create a stream
    - BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree
    - DOC: management: add timeout on the "reload" command
    - BUG/MINOR: ring: fix the size check in ring_make_from_area()
    - BUG/MINOR: config: don't count trailing spaces as empty arg
    - Revert "BUG/MINOR: config: don't count trailing spaces as empty arg"
    - BUG/MINOR: hlua: fixing hlua_http_msg_del_data behavior
    - BUG/MINOR: hlua: fixing hlua_http_msg_insert_data behavior
    - MINOR: cli: Add anonymization on a missed element for 'show sess all'
    - MINOR: cli: remove error message with 'set anon on|off'
    - MINOR: tools: modify hash_ipanon in order to use it in cli
    - MINOR: cli: use hash_ipanon to anonymized address
    - MINOR: cli: Add an anonymization on a missed element in 'show server state'
    - MINOR: config: correct errors about argument number in condition in cfgparse.c
    - MINOR: config: Add other keywords when dump the anonymized configuration file
    - MINOR: config: Add option line when the configuration file is dumped
    - MINOR: cli: correct commentary and replace 'set global-key' name
    - MINOR: tools: Impprove hash_ipanon to support dgram sockets and port offsets
    - MINOR: tools: Impprove hash_ipanon to not hash FD-based addresses
    - BUG/MINOR: hlua: _hlua_http_msg_delete incorrect behavior when offset is used
    - DOC: management: httpclient can resolve server names in URLs
    - BUG/MINOR: hlua: prevent crash when loading numerous arguments using lua-load(per-thread)
    - DOC/CLEANUP: lua-api: removing duplicate date functions doc
    - MINOR: hlua: ambiguous lua_pushvalue with 0 index
    - BUG/MINOR: config: don't count trailing spaces as empty arg (v2)
    - BUG/MEDIUM: config: count line arguments without dereferencing the output
    - BUG/MAJOR: conn-idle: fix hash indexing issues on idle conns
    - BUG/MINOR: config: insufficient syntax check of the global "maxconn" value
    - BUG/MINOR: backend: only enforce turn-around state when not redispatching
2022-10-03 15:20:38 +02:00
Willy Tarreau
4b10a5c439 [RELEASE] Released version 2.7-dev6
Released version 2.7-dev6 with the following main changes :
    - MINOR: Revert part of clarifying samples support per os commit
    - BUILD: makefile: enable crypt(3) for NetBSD
    - BUG/MINOR: quic: Retransmitted frames marked as acknowledged
    - BUG/MINOR: quic: Possible crash with "tls-ticket-keys" on QUIC bind lines
    - MINOR: http-check: Remove support for headers/body in "option httpchk" version
    - BUG/MINOR: h1: Support headers case adjustment for TCP proxies
    - BUG/MINOR: quic: Possible crash when verifying certificates
    - BUILD: quic: add some ifdef around the SSL_ERROR_* for libressl
    - BUILD: ssl: fix ssl_sock_switchtx_cbk when no client_hello_cb
    - BUILD: quic: temporarly ignore chacha20_poly1305 for libressl
    - BUILD: quic: enable early data only with >= openssl 1.1.1
    - BUILD: ssl: fix the ifdef mess in ssl_sock_initial_ctx
    - BUILD: quic: fix the #ifdef in ssl_quic_initial_ctx()
    - MINOR: quic: add QUIC support when no client_hello_cb
    - MINOR: quic: Add traces about sent or resent TX frames
    - MINOR: quic: No TRACE_LEAVE() in retrieve_qc_conn_from_cid()
    - BUG/MINOR: quic: Wrong connection ID to thread ID association
    - BUG/MINOR: task: always reset a new tasklet's call date
    - BUG/MINOR: task: make task_instant_wakeup() work on a task not a tasklet
    - MINOR: task: permanently enable latency measurement on tasklets
    - CLEANUP: task: rename ->call_date to ->wake_date
    - BUG/MINOR: sched: properly account for the CPU time of dying tasks
    - MINOR: sched: store the current profile entry in the thread context
    - BUG/MINOR: stream/sched: take into account CPU profiling for the last call
    - MINOR: tasks: do not keep cpu and latency times in struct task
    - MINOR: tools: add generic pointer hashing functions
    - CLEANUP: activity: make memprof use the generic ptr_hash() function
    - CLEANUP: activity: make taskprof use ptr_hash()
    - MINOR: debug: add struct ha_caller to describe a calling location
    - CLEANUP: debug: use struct ha_caller for memstat
    - DEBUG: task: define a series of wakeup types for tasks and tasklets
    - DEBUG: task: use struct ha_caller instead of arrays of file:line
    - DEBUG: applet: instrument appctx_wakeup() to log the caller's location
    - DEBUG: task: simplify the caller recording in DEBUG_TASK
    - CLEANUP: task: move tid and wake_date into the common part
    - CLEANUP: sched: remove duplicate code in run_tasks_from_list()
    - CLEANUP: activity: make the number of sched activity entries more configurable
    - DEBUG: resolvers: unstatify process_resolvers() to make it appear in profiling
    - DEBUG: quic: export the few task handlers that often appear in task dumps
    - MEDIUM: tasks/activity: combine the called function with the caller
    - MINOR: tasks/activity: improve the caller-callee activity hash
    - MINOR: activity/cli: support aggregating task profiling outputs
    - MINOR: activity/cli: support sorting task profiling by total CPU time
    - BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals
    - BUG/MINOR: quic: Speed up the handshake completion only one time
    - BUG/MINOR: quic: Trace fix about packet number space information.
    - BUG/MINOR: h3: Crash when h3 trace verbosity is "minimal"
    - MINOR: h3: Add the quic_conn object to h3 traces
    - MINOR: h3: Missing connection argument for a TRACE_LEAVE() argument
    - MINOR: h3: Send the h3 settings with others streams (requests)
    - MINOR: dev/udp: Apply the corruption to both directions
    - BUILD: udp-perturb: Add a make target for udp-perturb tool
    - BUG/MINOR: signals/poller: ensure wakeup from signals
    - CI: cirrus-ci: bump FreeBSD image to 13-1
    - DEV: flags: fix usage message to reflect available options
    - DEV: flags: add missing CO_FL_FDLESS connection flag
    - MINOR: flags: add a new file to host flag dumping macros
    - MINOR: flags: implement a macro used to dump enums inside masks
    - MINOR: flags/channel: use flag dumping for channel flags and analysers
    - MINOR: flags/connection: use flag dumping for connection flags
    - MINOR: flags/stconn: use flag dumping for stconn and sedesc flags
    - MINOR: flags/stream: use flag dumping for stream error type
    - MINOR: flags/stream: use flag dumping for stream flags
    - MINOR: flags/task: use flag dumping for task state
    - MINOR: flags/http_ana: use flag dumping for txn flags
    - DEV: flags: remove the now unused SHOW_FLAG() definition
    - DEV: flags: remove the now useless intermediary functions
    - MINOR: flags/htx: use flag dumping to show htx and start-line flags
    - MINOR: flags/http_ana: use flag dumping to show http msg states
    - BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK
    - MINOR: listener: small API change
    - MINOR: proxy/listener: support for additional PAUSED state
    - BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN'
    - BUILD: flags: fix build warning in some macros used by show_flags
    - BUILD: flags: fix the fallback macros for missing stdio
    - CLEANUP: pollers: remove dead code in the polling loop
    - BUG/MINOR: mux-h1: Increment open_streams counter when H1 stream is created
    - REGTESTS: healthcheckmail: Relax matching on the healthcheck log message
    - CLEANUP: listener: function comment typo in stop_listener()
    - BUG/MINOR: listener: null pointer dereference suspected by coverity
    - MINOR: flags/fd: decode FD flags states
    - REORG: mux-h2: extract flags and enums into mux_h2-t.h
    - MINOR: flags/mux-h2: decode H2C and H2S flags
    - REGTESTS: log: test the log-forward feature
    - BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring.
    - REGTESTS: ssl/log: test the log-forward with SSL
    - MEDIUM: httpclient: httpclient_create_proxy() creates a proxy for httpclient
    - MEDIUM: httpclient: allow to use another proxy
    - DOC: fix TOC in starter guide for subsection 3.3.8. Statistics
    - MINOR: httpclient: export httpclient_create_proxy()
    - MEDIUM: quic: separate path for rx and tx with set_encryption_secrets
    - BUG/MEDIUM: mux-quic: fix crash on early app-ops release
    - REORG: mux-h1: extract flags and enums into mux_h1-t.h
    - MINOR: flags/mux-h1: decode H1C and H1S flags
    - CLEANUP: mux-quic: remove stconn usage in h3/hq
    - BUG/MINOR: mux-quic: do not remotely close stream too early
    - CLEANUP: exclude udp-perturb with .gitignore
    - BUG/MEDIUM: server: segv when adding server with hostname from CLI
    - CLEANUP: quic,ssl: fix tiny typos in C comments
    - BUG/MEDIUM: captures: free() an error capture out of the proxy lock
    - BUILD: fd: fix a build warning on the DWCAS
    - MINOR: anon: add new macros and functions to anonymize contents
    - MINOR: anon: store the anonymizing key in the global structure
    - MINOR: anon: store the anonymizing key in the CLI's appctx
    - MINOR: cli: anonymize commands 'show sess' and 'show sess all'
    - MINOR: cli: anonymize 'show servers state' and 'show servers conn'
    - MINOR: config: add command-line -dC to dump the configuration file
    - SCRIPTS: announce-release: update some URLs to https
2022-09-17 12:24:53 +02:00
Willy Tarreau
3bb2b5db50 [RELEASE] Released version 2.7-dev5
Released version 2.7-dev5 with the following main changes :
    - BUG/MINOR: mux-quic: Fix memleak on QUIC stream buffer for unacknowledged data
    - BUG/MEDIUM: cpu-map: fix thread 1's affinity affecting all threads
    - MINOR: cpu-map: remove obsolete diag warning about combined ranges
    - BUG/MAJOR: mworker: fix infinite loop on master with no proxies.
    - REGTESTS: launch http_reuse_always in mworker mode
    - BUG/MINOR: quix: Memleak for non in flight TX packets
    - BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt()
    - BUG/MINOR: quic: Safer QUIC frame builders
    - MINOR: quic: Replace MT_LISTs by LISTs for RX packets.
    - BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler
    - BUG/MINOR: applet: make the call_rate only count the no-progress calls
    - MEDIUM: peers: limit the number of updates sent at once
    - BUILD: tcp_sample: fix build of get_tcp_info() on OpenBSD
    - BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config()
    - BUG/MINOR: mworker: does not create the "default" resolvers in wait mode
    - BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect
    - REGTESTS: Fix prometheus script to perform HTTP health-checks
    - MINOR: resolvers: shut the warning when "default" resolvers is implicit
    - Revert "BUG/MINOR: quix: Memleak for non in flight TX packets"
    - BUG/MINOR: quic: Leak in qc_release_lost_pkts() for non in flight TX packets
    - BUG/MINOR: quic: Stalled connections (missing I/O handler wakeup)
    - CLEANUP: quic: No more use ->rx_list MT_LIST entry point (quic_rx_packet)
    - CLEANUP: quic: Remove a useless check in qc_lstnr_pkt_rcv()
    - MINOR: quic: Remove useless traces about references to TX packets
    - Revert "MINOR: quic: Remove useless traces about references to TX packets"
    - DOC: configuration: do-resolve doesn't work with a port in the string
    - MINOR: sample: add the host_only and port_only converters
    - BUG/MINOR: httpclient: fix resolution with port
    - DOC: configuration.txt: do-resolve must use host_only to remove its port.
    - BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace
    - BUG/MINOR: quic: Frames added to packets even if not built.
    - BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
    - BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
    - BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
    - BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date
    - BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets
    - BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input
    - BUG/MINOR: epoll: do not actively poll for Rx after an error
    - MINOR: raw-sock: don't try to send if an error was already reported
    - BUG/MINOR: quic: Missing header protection AES cipher context initialisations (draft-v2)
    - MINOR: quic: Add a trace to distinguish the datagram from the packets inside
    - BUG/MINOR: ssl: fix deinit of the ca-file tree
    - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free()
    - BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule)
    - BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released
    - BUG/MINOR: ssl: revert two wrong fixes with ckhi_link
    - BUG/MINOR: dev/udp: properly preset the rx address size
    - BUILD: debug: make sure debug macros are never empty
    - MINOR: quic: Move traces about RX/TX bytes from QUIC_EV_CONN_PRSAFRM event
    - BUG/MINOR: quic: TX frames memleak
    - BUG/MINOR: ssl: leak of ckch_inst_link in ckch_inst_free() v2
    - MINOR: sink/ring: rotate non-empty file-backed contents only
    - BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support
    - REGTESTS: http_request_buffer: Add a barrier to not mix up log messages
    - BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools
    - MINOR: backend: always satisfy the first req reuse rule with l7 retries
    - BUG/MINOR: quic: Do not ack when probing
    - MINOR: quic: Add TX frames addresses to traces to several trace events
    - MINOR: quic: Trace typo fix in qc_release_frm()
    - BUG/MINOR: quic: Frames leak during retransmissions
    - BUG/MINOR: h2: properly set the direction flag on HTX response
    - BUG/MEDIUM: httpclient: always detach the caller before self-killing
    - BUG/MINOR: httpclient: only ask for more room on failed writes
    - BUG/MINOR: httpclient: keep-alive was accidentely disabled
    - MEDIUM: httpclient: enable ALPN support on outgoing https connections
    - BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber
    - BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber
    - BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber
    - DEBUG: stream: minor rearrangement of a few fields in struct stream.
    - MINOR: debug: report applet pointer and handler in crashes when known
    - MINOR: mux-h2: extract the stream dump function out of h2_show_fd()
    - MINOR: mux-h2: extract the connection dump function out of h2_show_fd()
    - MINOR: muxes: add a "show_sd" helper to complete "show sess" dumps
    - MINOR: mux-h2: provide a "show_sd" helper to output stream debugging info
    - MINOR: mux-h2: insert line breaks in "show sess all" output for legibility
    - MINOR: mux-quic: provide a "show_sd" helper to output stream debugging info
    - MINOR: mux-h1: split "show_fd" into connection and stream
    - MINOR: mux-h1: provide a "show_sd" helper to output stream debugging info
    - BUG/MINOR: http-act: initialize http fmt head earlier
2022-09-02 19:36:50 +02:00
Willy Tarreau
f53201940b [RELEASE] Released version 2.7-dev4
Released version 2.7-dev4 with the following main changes :
    - BUG/MEDIUM: quic: Wrong packet length check in qc_do_rm_hp()
    - MINOR: quic: Too much useless traces in qc_build_frms()
    - BUG/MEDIUM: quic: Missing AEAD TAG check after removing header protection
    - MINOR: quic: Replace pool_zalloc() by pool_malloc() for fake datagrams
    - MINOR: debug: make the mem_stats section aligned to void*
    - MINOR: debug: store and report the pool's name in struct mem_stats
    - MINOR: debug: also store the function name in struct mem_stats
    - MINOR: debug/memstats: automatically determine first column size
    - MINOR: debug/memstats: permit to pass the size to free()
    - CLEANUP: mux-quic: remove loop on sending frames
    - MINOR: quic: replace custom buf on Tx by default struct buffer
    - MINOR: quic: release Tx buffer on each send
    - MINOR: quic: refactor datagram commit in Tx buffer
    - MINOR: quic: skip sending if no frame to send in io-cb
    - BUG/MINOR: mux-quic: open stream on STOP_SENDING
    - BUG/MINOR: quic: fix crash on handshake io-cb for null next enc level
    - BUG/MEDIUM: quic: always remove the connection from the accept list on close
    - BUG/MEDIUM: poller: use fd_delete() to release the poller pipes
    - BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq()
    - MEDIUM: quic: xprt traces rework
    - BUILD: stconn: fix build warning at -O3 about possible null sc
    - MINOR: quic: Remove useless lock for RX packets
    - BUG/MINOR: quic: Possible infinite loop in quic_build_post_handshake_frames()
    - CLEANUP: quic: Remove trailing spaces
    - MINOR: mux-quic: adjust enter/leave traces
    - MINOR: mux-quic: define protocol error traces
    - CLEANUP: mux-quic: adjust traces level
    - MINOR: mux-quic: define new traces
    - BUG/MEDIUM: mux-quic: fix crash due to invalid trace arg
    - BUG/MEDIUM: quic: Possible use of uninitialized <odcid> variable in qc_lstnr_params_init()
    - BUG/MEDIUM: ring: fix too lax 'size' parser
    - BUG/MEDIUM: quic: Wrong use of <token_odcid> in qc_lsntr_pkt_rcv()
    - BUILD: ring: forward-declare struct appctx to avoid a build warning
    - MINOR: ring: support creating a ring from a linear area
    - MINOR: ring: add support for a backing-file
    - DEV: haring: add a simple utility to read file-backed rings
    - DEV: haring: support remapping LF in contents with CR VT
    - BUG/MINOR: quic: memleak on wrong datagram receipt
    - BUILD: sink: replace S_IRUSR, S_IWUSR with their octal value
    - MINOR: ring: archive a previous file-backed ring on startup
    - BUG/MINOR: mux-quic: fix crash with traces in qc_detach()
    - BUG/MINOR: quic: MIssing check when building TX packets
    - BUG/MINOR: quic: Wrong status returned by qc_pkt_decrypt()
    - MINOR: memprof: export the minimum definitions for memory profiling
    - MINOR: pool/memprof: report pool alloc/free in memory profiling
    - MINOR: pools/memprof: store and report the pool's name in each bin
    - MINOR: chunk: inline alloc_trash_chunk()
    - MINOR: stick-table: Add table_expire() and table_idle() new converters
    - CLEANUP: exclude haring with .gitignore
    - MINOR: quic: adjust quic_frame flag manipulation
    - MINOR: h3: report error on control stream close
    - MINOR: qpack: report error on enc/dec stream close
    - BUG/MEDIUM: mux-quic: reject uni stream ID exceeding flow control
    - MINOR: mux-quic: adjust traces on stream init
    - MINOR: mux-quic: add missing args on some traces
    - MINOR: quic: refactor application send
    - BUG/MINOR: quic: do not notify MUX on frame retransmit
    - BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names
    - BUG/MINOR: quic: Missing initializations for ducplicated frames.
    - BUG/MEDIUM: quic: fix crash on MUX send notification
    - REORG: h2: extract cookies concat function in http_htx
    - REGTESTS: add test for HTTP/2 cookies concatenation
    - MEDIUM: h3: concatenate multiple cookie headers
    - MINOR: applet: add a function to reset the svcctx of an applet
    - BUG/MEDIUM: cli: always reset the service context between commands
    - BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle
    - MINOR: mux-h2/traces: report transition to SETTINGS1 before not after
    - MINOR: mux-h2: make streams know if they need to send more data
    - BUG/MINOR: mux-h2: send a CANCEL instead of ES on truncated writes
    - BUG/MINOR: quic: Possible crashes when dereferencing ->pkt quic_frame struct member
    - MINOR: quic: Add frame addresses to QUIC_EV_CONN_PRSAFRM event traces
    - BUG/MINOR: quic: Wrong splitted duplicated frames handling
    - MINOR: quic: Add the QUIC connection to mux traces
    - MINOR: quic: Trace fix in qc_release_frm()
    - BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized
    - BUG/MAJOR: log-forward: Fix ssl layer not initialized on bind even if configured
    - MINOR: quic: Add reusable cipher contexts for header protection
    - BUG/MINOR: ssl/cli: error when the ca-file is empty
    - MINOR: ssl: handle ca-file appending in cafile_entry
    - MINOR: ssl/cli: implement "add ssl ca-file"
2022-08-20 15:56:31 +02:00
Willy Tarreau
87e95d38a9 [RELEASE] Released version 2.7-dev3
Released version 2.7-dev3 with the following main changes :
    - BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX
    - BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2)
    - MINOR: resolvers: resolvers_destroy() deinit and free a resolver
    - BUG/MINOR: resolvers: shut off the warning for the default resolvers
    - BUG/MINOR: ssl: allow duplicate certificates in ca-file directories
    - BUG/MINOR: tools: fix statistical_prng_range()'s output range
    - BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake
    - BUILD: debug: Add braces to if statement calling only CHECK_IF()
    - BUG/MINOR: fd: Properly init the fd state in fd_insert()
    - BUG/MEDIUM: fd/threads: fix incorrect thread selection in wakeup broadcast
    - MINOR: init: load OpenSSL error strings
    - MINOR: ssl: enhance ca-file error emitting
    - BUG/MINOR: mworker/cli: relative pid prefix not validated anymore
    - BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap
    - BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload
    - BUILD: add detection for unsupported compiler models
    - BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side
    - BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible
    - BUG/MEDIUM: master: force the thread count earlier
    - BUG/MAJOR: poller: drop FD's tgid when masks don't match
    - DEBUG: fd: detect possibly invalid tgid in fd_insert()
    - BUG/MINOR: sockpair: wrong return value for fd_send_uxst()
    - MINOR: sockpair: move send_fd_uxst() error message in caller
    - Revert "BUG/MINOR: peers: set the proxy's name to the peers section name"
    - DEBUG: fd: split the fd check
    - MEDIUM: resolvers: continue startup if network is unavailable
    - BUG/MINOR: fd: always remove late updates when freeing fd_updt[]
    - MINOR: cli: emit a warning when _getsocks was used more than once
    - BUG/MINOR: mworker: PROC_O_LEAVING used but not updated
    - Revert "MINOR: cli: emit a warning when _getsocks was used more than once"
    - MINOR: cli: warning on _getsocks when socket were closed
    - BUG/MEDIUM: mux-quic: fix missing EOI flag to prevent streams leaks
    - MINOR: quic: Congestion control architecture refactoring
    - MEDIUM: quic: Cubic congestion control algorithm implementation
    - MINOR: quic: New "quic-cc-algo" bind keyword
    - BUG/MINOR: quic: loss time limit variable computed but not used
    - MINOR: quic: Stop looking for packet loss asap
    - BUG/MAJOR: quic: Useless resource intensive loop qc_ackrng_pkts()
    - MINOR: quic: Send packets as much as possible from qc_send_app_pkts()
    - BUG/MEDIUM: queue/threads: limit the number of entries dequeued at once
    - MAJOR: threads/plock: update the embedded library
    - MINOR: thread: provide an alternative to pthread's rwlock
    - DEBUG: tools: provide a tree dump function for ebmbtrees as well
    - MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups
    - BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions
    - BUG/MINOR: mux-quic: prevent crash if conn released during IO callback
    - CLEANUP: mux-quic: remove useless app_ops is_active callback
    - BUG/MINOR: mux-quic: do not free conn if attached streams
    - MINOR: mux-quic: save proxy instance into qcc
    - MINOR: mux-quic: use timeout server for backend conns
    - MEDIUM: mux-quic: adjust timeout refresh
    - MINOR: mux-quic: count in-progress requests
    - MEDIUM: mux-quic: implement http-keep-alive timeout
    - MINOR: peers: Add a warning about incompatible SSL config for the local peer
    - MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer
    - BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload
    - BUG/MINOR: peers: Use right channel flag to consider the peer as connected
    - BUG/MEDIUM: dns: Properly initialize new DNS session
    - BUG/MINOR: backend: Don't increment conn_retries counter too early
    - MINOR: server: Constify source server to copy its settings
    - REORG: server: Export srv_settings_cpy() function
    - BUG/MEDIUM: proxy: Perform a custom copy for default server settings
    - BUG/MINOR: quic: Missing in flight ack eliciting packet counter decrement
    - BUG/MEDIUM: quic: Floating point exception in cubic_root()
    - MINOR: h3: support HTTP request framing state
    - MINOR: mux-quic: refresh timeout on frame decoding
    - MINOR: mux-quic: refactor refresh timeout function
    - MEDIUM: mux-quic: implement http-request timeout
    - BUG/MINOR: quic: Avoid sending truncated datagrams
    - BUG/MINOR: ring/cli: fix a race condition between the writer and the reader
    - BUG/MEDIUM: sink: Set the sink ref for forwarders created during ring parsing
    - BUG/MINOR: sink: fix a race condition between the writer and the reader
    - BUG/MINOR: quic: do not reject datagrams matching minimum permitted size
    - MINOR: quic: Add two new stats counters for sendto() errors
    - BUG/MINOR: quic: Missing Initial packet dropping case
    - MINOR: quic: explicitely ignore sendto error
    - BUG/MINOR: quic: adjust errno handling on sendto
    - BUG/MEDIUM: quic: break out of the loop in quic_lstnr_dghdlr
    - MINOR: threads: report the number of thread groups in build options
    - MINOR: config: automatically preset MAX_THREADS based on MAX_TGROUPS
    - BUILD: SSL: allow to pass additional configure args to QUICTLS
    - CI: enable weekly "m32" builds on x86_64
    - CLEANUP: assorted typo fixes in the code and comments
    - BUG/MEDIUM: fix DH length when EC key is used
    - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
    - REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
    - REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc
    - BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h
2022-08-07 17:28:59 +02:00
Willy Tarreau
2200a9caef [RELEASE] Released version 2.7-dev2
Released version 2.7-dev2 with the following main changes :
    - BUG/MINOR: qpack: fix build with QPACK_DEBUG
    - MINOR: h3: handle errors on HEADERS parsing/QPACK decoding
    - BUG/MINOR: qpack: abort on dynamic index field line decoding
    - MINOR: qpack: properly handle invalid dynamic table references
    - MINOR: task: Add tasklet_wakeup_after()
    - BUG/MINOR: quic: Dropped packets not counted (with RX buffers full)
    - MINOR: quic: Add new stats counter to diagnose RX buffer overrun
    - MINOR: quic: Duplicated QUIC_RX_BUFSZ definition
    - MINOR: quic: Improvements for the datagrams receipt
    - CLEANUP: h2: Typo fix in h2_unsubcribe() traces
    - MINOR: quic: Increase the QUIC connections RX buffer size (upto 64Kb)
    - CLEANUP: mux-quic: adjust comment on qcs_consume()
    - MINOR: ncbuf: implement ncb_is_fragmented()
    - BUG/MINOR: mux-quic: do not signal FIN if gap in buffer
    - MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD
    - BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
    - MINOR: tinfo: make tid temporarily still reflect global ID
    - CLEANUP: config: remove unused proc_mask()
    - MINOR: debug: remove mask support from "debug dev sched"
    - MEDIUM: task: add and preset a thread ID in the task struct
    - MEDIUM: task/debug: move the ->thread_mask integrity checks to ->tid
    - MAJOR: task: use t->tid instead of ffsl(t->thread_mask) to take the thread ID
    - MAJOR: task: replace t->thread_mask with 1<<t->tid when thread mask is needed
    - CLEANUP: task: remove thread_mask from the struct task
    - MEDIUM: applet: only keep appctx_new_*() and drop appctx_new()
    - MEDIUM: task: only keep task_new_*() and drop task_new()
    - MINOR: applet: always use task_new_on() on applet creation
    - MEDIUM: task: remove TASK_SHARED_WQ and only use t->tid
    - MINOR: task: replace task_set_affinity() with task_set_thread()
    - CLEANUP: task: remove the unused task_unlink_rq()
    - CLEANUP: task: remove the now unused TASK_GLOBAL flag
    - MINOR: task: make rqueue_ticks atomic
    - MEDIUM: task: move the shared runqueue to one per thread
    - MEDIUM: task: replace the global rq_lock with a per-rq one
    - MINOR: task: remove grq_total and use rq_total instead
    - MINOR: task: replace global_tasks_mask with a check for tree's emptiness
    - MEDIUM: task: use regular eb32 trees for the run queues
    - MEDIUM: queue: revert to regular inter-task wakeups
    - MINOR: thread: make wake_thread() take care of the sleeping threads mask
    - MINOR: thread: move the flags to the shared cache line
    - MINOR: thread: only use atomic ops to touch the flags
    - MINOR: poller: centralize poll return handling
    - MEDIUM: polling: make update_fd_polling() not care about sleeping threads
    - MINOR: poller: update_fd_polling: wake a random other thread
    - MEDIUM: thread: add a new per-thread flag TH_FL_NOTIFIED to remember wakeups
    - MEDIUM: tasks/fd: replace sleeping_thread_mask with a TH_FL_SLEEPING flag
    - MINOR: tinfo: add the tgid to the thread_info struct
    - MINOR: tinfo: replace the tgid with tgid_bit in tgroup_info
    - MINOR: tinfo: add the mask of enabled threads in each group
    - MINOR: debug: use ltid_bit in ha_thread_dump()
    - MINOR: wdt: use ltid_bit in wdt_handler()
    - MINOR: clock: use ltid_bit in clock_report_idle()
    - MINOR: thread: use ltid_bit in ha_tkillall()
    - MINOR: thread: add a new all_tgroups_mask variable to know about active tgroups
    - CLEANUP: thread: remove thread_sync_release() and thread_sync_mask
    - MEDIUM: tinfo: add a dynamic thread-group context
    - MEDIUM: thread: make stopping_threads per-group and add stopping_tgroups
    - MAJOR: threads: change thread_isolate to support inter-group synchronization
    - MINOR: thread: add is_thread_harmless() to know if a thread already is harmless
    - MINOR: debug: mark oneself harmless while waiting for threads to finish
    - MINOR: wdt: do not rely on threads_to_dump anymore
    - MEDIUM: debug: make the thread dumper not rely on a thread mask anymore
    - BUILD: debug: fix build issue on clang with previous commit
    - BUILD: debug: re-export thread_dump_state
    - BUG/MEDIUM: threads: fix incorrect thread group being used on soft-stop
    - BUG/MEDIUM: thread: check stopping thread against local bit and not global one
    - MINOR: proxy: use tg->threads_enabled in hard_stop() to detect stopped threads
    - BUILD: Makefile: Add Lua 5.4 autodetect
    - CI: re-enable gcc asan builds
    - MEDIUM: mworker: set the iocb of the socketpair without using fd_insert()
    - MINOR: fd: Add BUG_ON checks on fd_insert()
    - CLEANUP: mworker: rename mworker_pipe to mworker_sockpair
    - CLEANUP: mux-quic: do not export qc_get_ncbuf
    - REORG: mux-quic: reorganize flow-control fields
    - MINOR: mux-quic: implement accessor for sedesc
    - MEDIUM: mux-quic: refactor streams opening
    - MINOR: mux-quic: rename qcs flag FIN_RECV to SIZE_KNOWN
    - MINOR: mux-quic: emit FINAL_SIZE_ERROR on invalid STREAM size
    - BUG/MINOR: peers/config: always fill the bind_conf's argument
    - BUG/MEDIUM: peers/config: properly set the thread mask
    - CLEANUP: bwlim: Set pointers to NULL when memory is released
    - BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule
    - BUG/MINOR: http-act: Properly generate 103 responses when several rules are used
    - BUG/MEDIUM: thread: mask stopping_threads with threads_enabled when checking it
    - CLEANUP: thread: also remove a thread's bit from stopping_threads on stop
    - BUG/MINOR: peers: fix possible NULL dereferences at config parsing
    - BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo
    - MINOR: http: Add function to get port part of a host
    - MINOR: http: Add function to detect default port
    - BUG/MEDIUM: h1: Improve authority validation for CONNCET request
    - MINOR: http-htx: Use new HTTP functions for the scheme based normalization
    - BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream
    - REGTEESTS: filters: Fix CONNECT request in random-forwarding script
    - MEDIUM: mworker/systemd: send STATUS over sd_notify
    - BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer
    - BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state
    - BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send
    - MEDIUM: epoll: don't synchronously delete migrated FDs
    - BUILD: debug: silence warning on gcc-5
    - BUILD: http: silence an uninitialized warning affecting gcc-5
    - BUG/MEDIUM: mux-quic: fix server chunked encoding response
    - REORG: mux-quic: rename stream initialization function
    - MINOR: mux-quic: rename stream purge function
    - MINOR: mux-quic: add traces on frame parsing functions
    - MINOR: mux-quic: implement qcs_alert()
    - MINOR: mux-quic: filter send/receive-only streams on frame parsing
    - MINOR: mux-quic: do not ack STREAM frames on unrecoverable error
    - MINOR: mux-quic: support stream opening via MAX_STREAM_DATA
    - MINOR: mux-quic: define basic stream states
    - MINOR: mux-quic: use stream states to mark as detached
    - MEDIUM: mux-quic: implement RESET_STREAM emission
    - MEDIUM: mux-quic: implement STOP_SENDING handling
    - BUG/MEDIUM: debug: fix possible hang when multiple threads dump at once
    - BUG/MINOR: quic: fix closing state on NO_ERROR code sent
    - CLEANUP: quic: clean up include on quic_frame-t.h
    - MINOR: quic: define a generic QUIC error type
    - MINOR: mux-quic: support app graceful shutdown
    - MINOR: mux-quic/h3: prepare CONNECTION_CLOSE on release
    - MEDIUM: quic: send CONNECTION_CLOSE on released MUX
    - CLEANUP: mux-quic: move qc_release()
    - MINOR: mux-quic: send one last time before release
    - MINOR: h3: store control stream in h3c
    - MINOR: h3: implement graceful shutdown with GOAWAY
    - BUG/MINOR: threads: produce correct global mask for tgroup > 1
    - BUG/MEDIUM: cli/threads: make "show threads" more robust on applets
    - BUG/MINOR: thread: use the correct thread's group in ha_tkillall()
    - BUG/MINOR: debug: enter ha_panic() only once
    - BUG/MEDIUM: debug: fix parallel thread dumps again
    - MINOR: cli/streams: show a stream's tgid next to its thread ID
    - DEBUG: cli: add a new "debug dev deadlock" expert command
    - MINOR: cli/activity: add a thread number argument to "show activity"
    - CLEANUP: applet: remove the obsolete command context from the appctx
    - MEDIUM: config: remove deprecated "bind-process" directives from frontends
    - MEDIUM: config: remove the "process" keyword on "bind" lines
    - MINOR: listener/config: make "thread" always support up to LONGBITS
    - CLEANUP: fd: get rid of the __GET_{NEXT,PREV} macros
    - MEDIUM: debug/threads: make the lock debugging take tgroups into account
    - MEDIUM: proto: stop protocols under thread isolation during soft stop
    - MEDIUM: poller: program the update in fd_update_events() for a migrated FD
    - MEDIUM: poller: disable thread-groups for poll() and select()
    - MINOR: thread: remove MAX_THREADS limitation
    - MEDIUM: cpu-map: replace the process number with the thread group number
    - MINOR: mworker/threads: limit the mworker sockets to group 1
    - MINOR: cli/threads: always bind CLI to thread group 1
    - MINOR: fd/thread: get rid of thread_mask()
    - MEDIUM: task/thread: move the task shared wait queues per thread group
    - MINOR: task: move the niced_tasks counter to the thread group context
    - DOC: design: add some thoughts about how to handle the update_list
    - MEDIUM: conn: make conn_backend_get always scan the same group
    - MAJOR: fd: remove pending updates upon real close
    - MEDIUM: fd/poller: make the update-list per-group
    - MINOR: fd: delete unused updates on close()
    - MINOR: fd: make fd_insert() apply the thread mask itself
    - MEDIUM: fd: add the tgid to the fd and pass it to fd_insert()
    - MINOR: cli/fd: show fd's tgid and refcount in "show fd"
    - MINOR: fd: add functions to manipulate the FD's tgid
    - MINOR: fd: add fd_get_running() to atomically return the running mask
    - MAJOR: fd: grab the tgid before manipulating running
    - MEDIUM: fd/poller: turn polled_mask to group-local IDs
    - MEDIUM: fd/poller: turn update_mask to group-local IDs
    - MEDIUM: fd/poller: turn running_mask to group-local IDs
    - MINOR: fd: make fd_clr_running() return the previous value instead
    - MEDIUM: fd: make thread_mask now represent group-local IDs
    - MEDIUM: fd: make fd_insert() take local thread masks
    - MEDIUM: fd: make fd_insert/fd_delete atomically update fd.tgid
    - MEDIUM: fd: quit fd_update_events() when FD is closed
    - MEDIUM: thread: change thread_resolve_group_mask() to return group-local values
    - MEDIUM: listener: switch bind_thread from global to group-local
    - MINOR: fd: add fd_reregister_all() to deal with boot-time FDs
    - MEDIUM: fd: support stopping FDs during starting
    - MAJOR: pollers: rely on fd_reregister_all() at boot time
    - MAJOR: poller: only touch/inspect the update_mask under tgid protection
    - MEDIUM: fd: support broadcasting updates for foreign groups in updt_fd_polling
    - CLEANUP: threads: remove the now unused all_threads_mask and tid_bit
    - MINOR: config: change default MAX_TGROUPS to 16
    - BUG/MEDIUM: tools: avoid calling dlsym() in static builds
2022-07-16 17:17:22 +02:00
Willy Tarreau
f9de4e9fae [RELEASE] Released version 2.7-dev1
Released version 2.7-dev1 with the following main changes :
    - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails
    - BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails
    - BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified
    - BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified
    - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry
    - BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry
    - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases
    - BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases
    - BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases
    - BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them
    - BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases
    - MEDIUM: httpclient: Don't close CLI applet at the end of a response
    - MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs
    - CLEANUP: Re-apply xalloc_size.cocci (2)
    - REGTESTS: abortonclose: Add a barrier to not mix up log messages
    - REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients
    - CLEANUP: ssl_ckch: Use corresponding enum for commit_cacrlfile_ctx.cafile_type
    - MINOR: ssl_ckch: Simplify I/O handler to commit changes on CA/CRL entry
    - BUG/MINOR: ssl_ckch: Use right type for old entry in show_crlfile_ctx
    - BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield
    - BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield
    - BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield
    - BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd
    - CLEANUP: ssl_ckch: Remove unused field in commit_cacrlfile_ctx structure
    - MINOR: ssl_ckch: Simplify structure used to commit changes on CA/CRL entries
    - MINOR: ssl_ckch: Remove service context for "set ssl cert" command
    - MINOR: ssl_ckch: Remove service context for "set ssl ca-file" command
    - MINOR: ssl_ckch: Remove service context for "set ssl crl-file" command
    - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler
    - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler
    - BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler
    - BUILD: ssl_ckch: Fix build error about a possible uninitialized value
    - BUG/MINOR: ssl_ckch: Fix another possible uninitialized value
    - REGTESTS: http_abortonclose: Extend supported versions
    - REGTESTS: restrict_req_hdr_names: Extend supported versions
    - MINOR: connection: support HTTP/3.0 for smp_*_http_major fetch
    - MINOR: h3: add h3c pointer into h3s instance
    - MINOR: mux-quic: simplify decode_qcs API
    - MINOR: mux-quic/h3: adjust demuxing function return values
    - BUG/MINOR: h3: fix return value on decode_qcs on error
    - BUILD: quic: fix anonymous union for gcc-4.4
    - BUILD: compiler: implement unreachable for older compilers too
    - DEV: tcploop: reorder options in the usage message
    - DEV: tcploop: make the current address the default address
    - DEV: tcploop: make it possible to change the target address of a connect()
    - DEV: tcploop: factor out the socket creation
    - DEV: tcploop: permit port 0 to ease handling of default options
    - DEV: tcploop: add a new "bind" command to bind to ip/port.
    - DEV: tcploop: add minimal UDP support
    - BUG/MINOR: trace: Test server existence for health-checks to get proxy
    - BUG/MINOR: checks: Properly handle email alerts in trace messages
    - BUG/MEDIUM: mailers: Set the object type for check attached to an email alert
    - REGTESTS: healthcheckmail: Update the test to be functionnal again
    - REGTESTS: healthcheckmail: Relax health-check failure condition
    - BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing
    - MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames
    - OPTIM: mux-h2: increase h2_settings_initial_window_size default to 64k
    - BUG/MINOR: h3: fix frame type definition
    - BUG/MEDIUM: h3: fix SETTINGS parsing
    - BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs
    - BUG/MINOR: server: do not enable DNS resolution on disabled proxies
    - BUG/MINOR: cli/stats: add missing trailing LF after "show info json"
    - DOC: design: update the notes on thread groups
    - BUG/MEDIUM: mux-quic: fix flow control connection Tx level
    - MINOR: mux-quic: complete BUG_ON on TX flow-control enforcing
    - BUG/MINOR: mux-quic: fix memleak on frames rejected by transport
    - BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration
    - CLEANUP: check: Remove useless tests on check's stream-connector
    - BUG/MEDIUM: stconn: Don't wakeup applet for send if it won't consume data
    - BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing
    - BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup
    - MINOR: task: move profiling bit to per-thread
    - CLEANUP: quic: use task_new_on() for single-threaded tasks
    - MINOR: tinfo: remove the global thread ID bit (tid_bit)
    - CLEANUP: hlua: check for at least 2 threads on a task
    - MINOR: thread: get rid of MAX_THREADS_MASK
    - OPTIM: task: do not consult shared WQ when we're already full
    - DOC: design: update the task vs thread affinity requirements
    - MINOR: qpack: add comments and remove a useless trace
    - MINOR: qpack: reduce dependencies on other modules
    - BUG/MINOR: qpack: support header litteral name decoding
    - MINOR: qpack: add ABORT_NOW on unimplemented decoding
    - BUG/MINOR: h3/qpack: deal with too many headers
    - MINOR: qpack: improve decoding function
    - MINOR: qpack: implement standalone decoder tool
    - BUG/BUILD: h3: fix wrong label name
    - BUG/MINOR: quic: Stop hardcoding Retry packet Version field
    - MINOR: quic: Add several nonce and key definitions for Retry tag
    - BUG/MINOR: quic: Wrong PTO calculation
    - MINOR: quic: Parse long packet version from qc_parse_hd_form()
    - CLEANUP: quid: QUIC draft-28 no more supported
    - MEDIUM: quic: Add QUIC v2 draft support
    - MINOR: quic: Released QUIC TLS extension for QUIC v2 draft
    - MEDIUM: quic: Compatible version negotiation implementation (draft-08)
    - CLEANUP: quic: Remove any reference to boringssl
    - BUG/MINOR: task: fix thread assignment in tasklet_kill()
    - BUG/MEDIUM: stream: Properly handle destructive client connection upgrades
    - MINOR: stream: Rely on stconn flags to abort stream destructive upgrade
    - CLEANUP: stconn: Don't expect to have no sedesc on detach
    - BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option
    - MINOR: hlua: don't dump empty entries in hlua_traceback()
    - MINOR: hlua: add a new hlua_show_current_location() function
    - MEDIUM: debug: add a tainted flag when a shared library is loaded
    - MEDIUM: debug: detect redefinition of symbols upon dlopen()
    - BUILD: quic: Wrong HKDF label constant variable initializations
    - BUG/MINOR: quic: Unexpected half open connection counter wrapping
    - BUG/MINOR: quic_stats: Duplicate "quic_streams_data_blocked_bidi" field name
    - BUG/MINOR: quic: purge conn Rx packet list on release
    - BUG/MINOR: quic: free rejected Rx packets
    - BUG/MINOR: qpack: abort on dynamic index field line decoding
    - BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list
    - REGTESTS: ssl: add the same cert for client/server
    - BUG/MINOR: quic: Acknowledgement must be forced during handshake
    - MINOR: quic: Dump version_information transport parameter
    - BUG/MEDIUM: mworker: use default maxconn in wait mode
    - MINOR: intops: add a function to return a valid bit position from a mask
    - TESTS: add a unit test for one_among_mask()
    - BUILD: ssl_ckch: fix "maybe-uninitialized" build error on gcc-9.4 + ARM
    - BUG/MINOR: ssl: Do not look for key in extra files if already in pem
    - BUG/MINOR: quic: Missing acknowledgments for trailing packets
    - BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created
    - BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch
    - MINOR: freq_ctr: Add a function to get events excess over the current period
    - BUG/MINOR: stream: only free the req/res captures when set
    - CLEANUP: pool/tree-wide: remove suffix "_pool" from certain pool names
    - MEDIUM: debug: improve DEBUG_MEM_STATS to also report pool alloc/free
    - BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer
    - BUG/MAJOR: quic: Big RX dgrams leak when fulfilling a buffer
    - BUG/MAJOR: quic: Big RX dgrams leak with POST requests
    - BUILD: quic+h3: 32-bit compilation errors fixes
    - MEDIUM: bwlim: Add support of bandwith limitation at the stream level
2022-06-24 22:09:05 +02:00
Willy Tarreau
a1efc048bf [RELEASE] Released version 2.6.0
Released version 2.6.0 with the following main changes :
    - DOC: Fix formatting in configuration.txt to fix dconv
    - CLEANUP: tcpcheck: Remove useless test on the stream-connector in tcpcheck_main
    - CLEANUP: muxes: Consider stream's sd as defined in .show_fd callback functions
    - MINOR: quic: Ignore out of packet padding.
    - CLEANUP: quic: Useless QUIC_CONN_TX_BUF_SZ definition
    - CLEANUP: quic: No more used handshake output buffer
    - MINOR: quic: QUIC transport parameters split.
    - MINOR: quic: Transport parameters dump
    - DOC: quic: Update documentation for QUIC Retry
    - MINOR: quic: Tunable "max_idle_timeout" transport parameter
    - MINOR: quic: Tunable "initial_max_streams_bidi" transport parameter
    - MINOR: quic: Clarifications about transport parameters value
    - MINOIR: quic_stats: add QUIC connection errors counters
    - BUG/MINOR: quic: Largest RX packet numbers mixing
    - MINOR: quic_stats: Add transport new counters (lost, stateless reset, drop)
    - DOC: quic: Documentation update for QUIC
    - MINOR: quic: Connection TX buffer setting renaming.
    - MINOR: h3: Add a statistics module for h3
    - MINOR: quic: Send STOP_SENDING frames if mux is released
    - MINOR: quic: Do not drop packets with RESET_STREAM frames
    - BUG/MINOR: qpack: fix buffer API usage on prefix integer encoding
    - BUG/MINOR: qpack: support bigger prefix-integer encoding
    - BUG/MINOR: h3: do not report bug on unknown method
    - SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs
    - SCRIPTS: make publish-release try to launch make-releases-json
    - MINOR: htx: add an unchecked version of htx_get_head_blk()
    - BUILD: htx: use the unchecked version of htx_get_head_blk() where needed
    - BUILD: quic: use inttypes.h instead of stdint.h
    - DOC: internal: remove totally outdated diagrams
    - DOC: remove the outdated ROADMAP file
    - DOC: add maintainers for QUIC and HTTP/3
    - MINOR: h3: define h3 trace module
    - MINOR: h3: add traces on frame recv
    - MINOR: h3: add traces on frame send
    - MINOR: h3: add traces on h3s init/end
    - EXAMPLES: remove completely outdated acl-content-sw.cfg
    - BUILD: makefile: reorder objects by build time
    - DOC: fix a few spelling mistakes in the docs
    - BUG/MEDIUM: peers/cli: fix "show peers" crash
    - CLEANUP: peers/cli: stop misusing the appctx local variable
    - CLEANUP: peers/cli: make peers_dump_peer() take an appctx instead of an stconn
    - BUG/MINOR: peers: set the proxy's name to the peers section name
    - MINOR: server: indicate when no address was expected for a server
    - BUG/MINOR: peers: detect and warn on init_addr/resolvers/check/agent-check
    - DOC: peers: indicate that some server settings are not usable
    - DOC: peers: clarify when entry expiration date is renewed.
    - DOC: peers: fix port number and addresses on new peers section format
    - DOC: gpc/gpt: add commments of gpc/gpt array definitions on stick tables.
    - DOC: install: update supported OpenSSL versions in the INSTALL doc
    - MINOR: ncbuf: adjust ncb_data with NCBUF_NULL
    - BUG/MINOR: h3: fix frame demuxing
    - BUG/MEDIUM: h3: fix H3_EXCESSIVE_LOAD when receiving H3 frame header only
    - BUG/MINOR: quic: Fix QUIC_EV_CONN_PRSAFRM event traces
    - CLEANUP: quic: remove useless check on local UNI stream reception
    - BUG/MINOR: qpack: do not consider empty enc/dec stream as error
    - DOC: intro: adjust the numbering of paragrams to keep the output ordered
    - MINOR: version: mention that it's LTS now.
2022-05-31 16:58:21 +02:00
Willy Tarreau
0edb9977b3 [RELEASE] Released version 2.6-dev12
Released version 2.6-dev12 with the following main changes :
    - CLEANUP: tools: Clean up non-QUIC error message handling in str2sa_range()
    - BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str
    - CLEANUP: tools: Crash if inet_ntop fails due to ENOSPC in sa2str
    - BUG/MEDIUM: mux-quic: adjust buggy proxy closing support
    - Revert "MINOR: quic: activate QUIC traces at compilation"
    - Revert "MINOR: mux-quic: activate qmux traces on stdout via macro"
    - CLEANUP: init: address a coverity warning about possible multiply overflow
    - BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols
    - MEDIUM: h1: enlarge the scope of accepted version chars with accept-invalid-http-request
    - BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function
    - BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections
    - BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section
    - BUG/MINOR: task: Don't defer tasks release when HAProxy is stopping
    - MINOR: h3: mark ncbuf as const on h3_b_dup
    - MINOR: mux-quic: do not alloc quic_stream_desc for uni remote stream
    - MINOR: mux-quic: delay cs_endpoint allocation
    - MINOR: mux-quic: add traces in qc_recv()
    - MINOR: mux-quic: adjust return value of decode_qcs
    - CLEANUP: h3: rename struct h3 -> h3c
    - CLEANUP: h3: rename uni stream type constants
    - BUG/MINOR: h3: prevent overflow when parsing SETTINGS
    - MINOR: h3: refactor h3_control_send()
    - MINOR: quic: support CONNECTION_CLOSE_APP emission
    - MINOR: mux-quic: disable read on CONNECTION_CLOSE emission
    - MINOR: h3: reject too big frames
    - MINOR: mux-quic: emit STREAM_STATE_ERROR in qcc_recv
    - BUG/MINOR: mux-quic: refactor uni streams TX/send H3 SETTINGS
    - MINOR: h3/qpack: use qcs as type in decode callbacks
    - MINOR: h3: define stream type
    - MINOR: h3: refactor uni streams initialization
    - MINOR: h3: check if frame is valid for stream type
    - MINOR: h3: define non-h3 generic parsing function
    - MEDIUM: quic: refactor uni streams RX
    - CLEANUP: h3: remove h3 uni tasklet
    - MINOR: h3: abort read on unknown uni stream
    - MINOR: h3: refactor SETTINGS parsing/error reporting
    - Revert "BUG/MINOR: task: Don't defer tasks release when HAProxy is stopping"
    - DOC: configuration: add a warning for @system-ca on bind
    - CLEANUP: init: address another coverity warning about a possible multiply overflow
    - BUG/MINOR: ssl/lua: use correctly cert_ext in CertCache.set()
    - BUG/MEDIUM: sample: Fix adjusting size in word converter
    - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2)
    - CLEANUP: conn_stream: remove unneeded exclusion of RX_WAIT_EP from RXBLK_ANY
    - CLEANUP: conn_stream: rename the cs_endpoint's context to "conn"
    - MINOR: conn_stream: add new sets of functions to set/get endpoint flags
    - DEV: coccinelle: add cs_endp_flags.cocci
    - CLEANUP: conn_stream: apply cs_endp_flags.cocci tree-wide
    - DEV: coccinelle: add endp_flags.cocci
    - CLEANUP: conn_stream: apply endp_flags.cocci tree-wide
    - CLEANUP: conn_stream: rename the stream endpoint flags CS_EP_* to  SE_FL_*
    - CLEANUP: conn_stream: rename the cs_endpoint's target to "se"
    - CLEANUP: conn_stream: rename cs_endpoint to sedesc (stream endpoint descriptor)
    - CLEANUP: applet: rename the sedesc pointer from "endp" to "sedesc"
    - CLEANUP: conn_stream: rename the conn_stream's endp to sedesc
    - CLEANUP: conn_stream: rename cs_app_* to sc_app_*
    - CLEANUP: conn_stream: tree-wide rename to stconn (stream connector)
    - CLEANUP: mux-h1: add and use h1s_sc() to retrieve the stream connector
    - CLEANUP: mux-h2: add and use h2s_sc() to retrieve the stream connector
    - CLEANUP: mux-fcgi: add and use fcgi_strm_sc() to retrieve the stream connector
    - CLEANUP: mux-pt: add and use pt_sc() to retrieve the stream connector
    - CLEANUP: stdesc: rename the stream connector ->cs field to ->sc
    - CLEANUP: stream: rename "csf" and "csb" to "scf" and "scb"
    - CLEANUP: stconn: tree-wide rename stream connector flags CS_FL_* to SC_FL_*
    - CLEANUP: stconn: tree-wide rename stconn states CS_ST/SB_* to SC_ST/SB_*
    - MINOR: check: export wake_srv_chk()
    - MINOR: conn_stream: test the various ops functions before calling them
    - MEDIUM: stconn: merge the app_ops and the data_cb fields
    - MINOR: applet: add new wrappers to put chk/blk/str/chr to channel from appctx
    - CLEANUP: applet: use applet_put*() everywhere possible
    - CLEANUP: stconn: rename cs_{i,o}{b,c} to sc_{i,o}{b,c}
    - CLEANUP: stconn: rename cs_{check,strm,strm_task} to sc_strm_*
    - CLEANUP: stconn: rename cs_conn() to sc_conn()
    - CLEANUP: stconn: rename cs_mux() to sc_mux_strm()
    - CLEANUP: stconn: rename cs_conn_mux() to sc_mux_ops()
    - CLEANUP: stconn: rename cs_appctx() to sc_appctx()
    - CLEANUP: stconn: rename __cs_endp_target() to __sc_endp()
    - CLEANUP: stconn: rename cs_get_data_name() to sc_get_data_name()
    - CLEANUP: stconn: rename cs_conn_*() to sc_conn_*()
    - CLEANUP: stconn: rename cs_conn_get_first() to conn_get_first_sc()
    - CLEANUP: stconn: rename cs_ep_set_error() to se_fl_set_error()
    - CLEANUP: stconn: make a few functions take a const argument
    - CLEANUP: stconn: use a single function to know if SC may send to SE
    - MINOR: stconn: consider CF_SHUTW for sc_is_send_allowed()
    - MINOR: stconn: remove calls to cs_done_get()
    - MEDIUM: stconn: always rely on CF_SHUTR in addition to cs_rx_blocked()
    - MEDIUM: stconn: remove SE_FL_RXBLK_SHUT
    - MINOR: stconn: rename SE_FL_RXBLK_CONN to SE_FL_APPLET_NEED_CONN
    - MEDIUM: stconn: take SE_FL_APPLET_NEED_CONN out of the RXBLK_ANY flags
    - CLEANUP: stconn: rename cs_rx_room_{blk,rdy} to sc_{need,have}_room()
    - CLEANUP: stconn: rename cs_rx_chan_{blk,rdy} to sc_{wont,will}_read()
    - CLEANUP: stconn: rename cs_rx_buff_{blk,rdy} to sc_{need,have}_buff()
    - MINOR: stconn: start to rename cs_rx_endp_{more,done}() to se_have_{no_,}more_data()
    - MINOR: stconn: add sc_is_recv_allowed() to check for ability to receive
    - CLEANUP: stconn: rename SE_FL_RX_WAIT_EP to SE_FL_HAVE_NO_DATA
    - MEDIUM: stconn: move the RXBLK flags to the stream connector
    - CLEANUP: stconn: rename SE_FL_WANT_GET to SE_FL_WILL_CONSUME
    - CLEANUP: stconn: remove cs_tx_blocked() and cs_tx_endp_ready()
    - CLEANUP: stconn: rename cs_{want,stop}_get() to se_{will,wont}_consume()
    - CLEANUP: stconn: rename cs_cant_get() to se_need_more_data()
    - CLEANUP: stconn: rename cs_{new,create,free,destroy}_* to sc_*
    - CLEANUP: stconn: rename remaining management functions from cs_* to sc_*
    - CLEANUP: stconn: rename cs{,_get}_{src,dst} to sc_*
    - CLEANUP: stconn: rename cs_{shut,chk}* to sc_*
    - CLEANUP: stconn: rename final state manipulation functions from cs_* to sc_*
    - CLEANUP: quic: drop the name "conn_stream" from the pool variable names
    - REORG: rename cs_utils.h to sc_strm.h
    - REORG: stconn: rename conn_stream.{c,h} to stconn.{c,h}
    - CLEANUP: muxes: rename "get_first_cs" to "get_first_sc"
    - DEV: flags: use "sc" for stream conns instead of "cs"
    - CLEANUP: check: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: connection: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: stconn: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: quic/h3: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: stream: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: promex: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: stats: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: cli: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: applet: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: cache: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: dns: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: spoe: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: hlua: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: log-forward: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: http-client: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: mux-fcgi: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: mux-h1: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: mux-h2: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: mux-pt: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: peers: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: sink: rename all occurrences of stconn "cs" to "sc"
    - CLEANUP: sslsock: remove only occurrence of local variable "cs"
    - CLEANUP: applet: rename appctx_cs() to appctx_sc()
    - CLEANUP: stream: rename stream_upgrade_from_cs() to stream_upgrade_from_sc()
    - CLEANUP: obj_type: rename OBJ_TYPE_CS to OBJ_TYPE_SC
    - CLEANUP: stconn: replace a few remaining occurrences of CS in comments or traces
    - DOC: internal: update the muxes doc to mention the stconn
    - CLEANUP: mux-quic: rename the "endp" field to "sd"
    - CLEANUP: mux-h1: rename the "endp" field to "sd"
    - CLEANUP: mux-h2: rename the "endp" field to "sd"
    - CLEANUP: mux-fcgi: rename the "endp" field to "sd"
    - CLEANUP: mux-pt: rename the "endp" field to "sd"
    - CLEANUP: stconn: rename a few "endp" arguments and variables to "sd"
    - MINOR: stconn: turn SE_FL_WILL_CONSUME to SE_FL_WONT_CONSUME
    - CLEANUP: stream: remove unneeded test on appctx during initialization
    - CLEANUP: stconn: remove the new unneeded SE_FL_APP_MASK
    - DEV: flags: fix "siet" shortcut name
    - DEV: flags: rename the "endp" shortcut to "sd" for "stream descriptor"
    - DEV: flags: reorder a few SC/SE flags
    - DOC: internal: add a description of the stream connectors and descriptors
2022-05-27 19:49:31 +02:00
Willy Tarreau
137c8fde78 [RELEASE] Released version 2.6-dev11
Released version 2.6-dev11 with the following main changes :
    - CI: determine actual LibreSSL version dynamically
    - BUG/MEDIUM: ncbuf: fix null buffer usage
    - MINOR: ncbuf: fix warnings for testing build
    - MEDIUM: http-ana: Add a proxy option to restrict chars in request header names
    - MEDIUM: ssl: Delay random generator initialization after config parsing
    - MINOR: ssl: Add 'ssl-propquery' global option
    - MINOR: ssl: Add 'ssl-provider' global option
    - CLEANUP: Add missing header to ssl_utils.c
    - CLEANUP: Add missing header to hlua_fcn.c
    - CLEANUP: Remove unused function hlua_get_top_error_string
    - BUILD: fix build warning on solaris based systems with __maybe_unused.
    - MINOR: tools: add get_exec_path implementation for solaris based systems.
    - BUG/MINOR: ssl: Fix crash when no private key is found in pem
    - CLEANUP: conn-stream: Remove cs_applet_shut declaration from header file
    - MINOR: applet: Prepare appctx to own the session on frontend side
    - MINOR: applet: Let the frontend appctx release the session
    - MINOR: applet: Change return value for .init callback function
    - MINOR: stream: Export stream_free()
    - MINOR: applet: Add appctx_init() helper fnuction
    - MINOR: applet: Add a function to finalize frontend appctx startup
    - MINOR: applet: Add function to release appctx on error during init stage
    - MEDIUM: dns: Refactor dns appctx creation
    - MEDIUM: spoe: Refactor SPOE appctx creation
    - MEDIUM: lua: Refactor cosocket appctx creation
    - MEDIUM: httpclient: Refactor http-client appctx creation
    - MINOR: sink: Add a ref to sink in the sink_forward_target structure
    - MEDIUM: sink: Refactor sink forwarder appctx creation
    - MINOR: peers: Add a ref to peers section in the peer structure
    - MEDIUM: peers: Refactor peer appctx creation
    - MINOR: applet: Add API to start applet on a thread subset
    - MEDIUM: applet: Add support for async appctx startup on a thread subset
    - MINOR: peers: Track number of applets run by thread
    - MEDIUM: peers: Balance applets across threads
    - MINOR: conn-stream/applet: Stop setting appctx as the endpoint context
    - CLEANUP: proxy: Remove dead code when parsing "http-restrict-req-hdr-names" option
    - REGTESTS: abortonclose: Fix some race conditions
    - MINOR: ssl: Add 'ssl-provider-path' global option
    - CLEANUP: http_ana: Make use of the return value of stream_generate_unique_id()
    - BUG/MINOR: spoe: Fix error handling in spoe_init_appctx()
    - CLEANUP: peers: Remove unreachable code in peer_session_create()
    - CLEANUP: httpclient: Remove useless test on ss_dst in httpclient_applet_init()
    - BUG/MEDIUM: quic: fix Rx buffering
    - OPTIM: quic: realign empty Rx buffer
    - BUG/MINOR: ncbuf: fix ncb_is_empty()
    - MINOR: ncbuf: refactor ncb_advance()
    - BUG/MINOR: mux-quic: update session's idle delay before stream creation
    - MINOR: h3: do not wait a complete frame for demuxing
    - MINOR: h3: flag demux as full on HTX full
    - MEDIUM: mux-quic: implement recv on io-cb
    - MINOR: mux-quic: remove qcc_decode_qcs() call in XPRT
    - MINOR: mux-quic: reorganize flow-control frames emission
    - MINOR: mux-quic: implement MAX_STREAM_DATA emission
    - MINOR: mux-quic: implement MAX_DATA emission
    - BUG/MINOR: mux-quic: support nul buffer with qc_free_ncbuf()
    - MINOR: mux-quic: free RX buf if empty
    - BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile()
    - BUG/MINOR: check: Reinit the buffer wait list at the end of a check
    - MEDIUM: check: No longer shutdown the connection in .wake callback function
    - REORG: check: Rename and export I/O callback function
    - MEDIUM: check: Use the CS to handle subscriptions for read/write events
    - BUG/MINOR: quic: break for error on sendto
    - MINOR: quic: abort on unlisted errno on sendto()
    - MINOR: quic: detect EBADF on sendto()
    - BUG/MEDIUM: quic: fix initialization for local/remote TPs
    - CLEANUP: quic: adjust comment/coding style for TPs init
    - BUG/MINOR: cfgparse: abort earlier in case of allocation error
    - MINOR: quic: Dump initial derived secrets
    - MINOR: quic_tls: Add quic_tls_derive_retry_token_secret()
    - MINOR: quic_tls: Add quic_tls_decrypt2() implementation
    - MINOR: quic: Retry implementation
    - MINOR: cfgparse: Update for "cluster-secret" keyword for QUIC Retry
    - MINOR: quic: Move quic_lstnr_dgram_dispatch() out of xprt_quic.c
    - BUILD: stats: Missing headers inclusions from stats.h
    - MINOR: quic_stats: Add a new stats module for QUIC
    - MINOR: quic: Attach proxy QUIC stats counters to the QUIC connection
    - BUG/MINOR: quic: Fix potential memory leak during QUIC connection allocations
    - MINOR: quic: QUIC stats counters handling
    - MINOR: quic: Add tune.quic.retry-threshold keyword
    - MINOR: quic: Dynamic Retry implementation
    - MINOR: quic/mux-quic: define CONNECTION_CLOSE send API
    - MINOR: mux-quic: emit FLOW_CONTROL_ERROR
    - MINOR: mux-quic: emit STREAM_LIMIT_ERROR
    - MINOR: mux-quic: close connection on error if different data at offset
    - BUG/MINOR: peers: fix error reporting of "bind" lines
    - CLEANUP: config: improve address parser error report for unmatched protocols
    - CLEANUP: config: provide cleare hints about unsupported QUIC addresses
    - MINOR: protocol: replace ctrl_type with xprt_type and clarify it
    - MINOR: listener: provide a function to process all of a bind_conf's arguments
    - MINOR: config: use the new bind_parse_args_list() to parse a "bind" line
    - CLEANUP: listener: add a comment about what the BC_SSL_O_* flags are for
    - MINOR: listener: add a new "options" entry in bind_conf
    - CLEANUP: listener: replace all uses of bind_conf->is_ssl with BC_O_USE_SSL
    - CLEANUP: listener: replace bind_conf->generate_cers with BC_O_GENERATE_CERTS
    - CLEANUP: listener: replace bind_conf->quic_force_retry with BC_O_QUIC_FORCE_RETRY
    - CLEANUP: listener: store stream vs dgram at the bind_conf level
    - MINOR: listener: detect stream vs dgram conflict during parsing
    - MINOR: listener: set the QUIC xprt layer immediately after parsing the args
    - MINOR: listener/ssl: set the SSL xprt layer only once the whole config is known
    - MINOR: connection: add flag MX_FL_FRAMED to mark muxes relying on framed xprt
    - MINOR: config: detect and report mux and transport incompatibilities
    - MINOR: listener: automatically select a QUIC mux with a QUIC transport
    - MINOR: listener: automatically enable SSL if a QUIC transport is found
    - BUG/MINOR: quic: Fixe a typo in qc_idle_timer_task()
    - BUG/MINOR: quic: Missing <conn_opening> stats counter decrementation
    - BUILD/MINOR: cpuset fix build for FreeBSD 13.1
    - CI: determine actual OpenSSL version dynamically
2022-05-20 23:31:51 +02:00
Willy Tarreau
370332572b [RELEASE] Released version 2.6-dev10
Released version 2.6-dev10 with the following main changes :
    - MINOR: ssl: ignore dotfiles when loading a dir w/ ca-file
    - MEDIUM: ssl: ignore dotfiles when loading a dir w/ crt
    - BUG/MINOR: ssl: Fix typos in crl-file related CLI commands
    - MINOR: compiler: add a new macro to set an attribute on an enum when possible
    - BUILD: stats: conditionally mark obsolete stats states as deprecated
    - BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation
    - BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
    - BUILD: listener: shut report of possible null-deref in listener_accept()
    - BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-(
    - DOC: install: update gcc version requirements
    - BUILD: makefile: add -Wfatal-errors to the default flags
    - BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes).
    - BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket
    - BUG/MINOR: mux-h2: mark the stream as open before processing it not after
    - MINOR: mux-h2: report a trace event when failing to create a new stream
    - DOC: configuration: add the httpclient keywords to the global keywords index
    - MINOR: quic: Add a debug counter for sendto() errors
    - BUG/MINOR: quic: Dropped peer transport parameters
    - BUG/MINOR: quic: Wrong unit for ack delay for incoming ACK frames
    - MINOR: quic: Congestion controller event trace fix (loss)
    - MINOR: quic: Add correct ack delay values to ACK frames
    - MINOR: config: Add "cluster-secret" new global keyword
    - MINOR: quic-tls: Add quic_hkdf_extract_and_expand() for HKDF
    - MINOR: quic: new_quic_cid() code moving
    - MINOR: quic: Initialize stateless reset tokens with HKDF secrets
    - MINOR: qc_new_conn() rework for stateless reset
    - MINOR: quic: Stateless reset token copy to transport parameters
    - MINOR: quic: Send stateless reset tokens
    - MINOR: quic: Short packets always embed a trailing AEAD TAG
    - CLEANUP: quic: wrong use of eb*entry() macro
    - CLEANUP: quic: Useless use of pointer for quic_hkdf_extract()
    - CLEANUP: quic_tls: QUIC_TLS_IV_LEN defined two times
    - MINOR: ncbuf: define non-contiguous buffer
    - MINOR: ncbuf: complete API and define block interal abstraction
    - MINOR: ncbuf: optimize storage for the last gap
    - MINOR: ncbuf: implement insertion
    - MINOR: ncbuf: define various insertion modes
    - MINOR: ncbuf: implement advance
    - MINOR: ncbuf: write unit tests
    - BUG/MEDIUM: lua: fix argument handling in data removal functions
    - DOC/MINOR: fix typos in the lua-api document
    - BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized
    - MINOR: mux-h1: Add global option accpet payload for any HTTP/1.0 requests
    - CLEANUP: mux-h1: Fix comments and error messages for global options
    - MINOR: conn_stream: make cs_set_error() work on the endpoint instead
    - CLEANUP: mux-h1: always take the endp from the h1s not the cs
    - CLEANUP: mux-h2: always take the endp from the h2s not the cs
    - CLEANUP: mux-pt: always take the endp from the context not the cs
    - CLEANUP: mux-fcgi: always take the endp from the fstrm not the cs
    - CLEANUP: mux-quic: always take the endp from the qcs not the cs
    - CLEANUP: applet: use the appctx's endp instead of cs->endp
    - MINOR: conn_stream: add a pointer back to the cs from the endpoint
    - MINOR: mux-h1: remove the now unneeded h1s->cs
    - MINOR: mux-h2: make sure any h2s always has an endpoint
    - MINOR: mux-h2: remove the now unneeded conn_stream from the h2s
    - MINOR: mux-fcgi: make sure any stream always has an endpoint
    - MINOR: mux-fcgi: remove the now unneeded conn_stream from the fcgi_strm
    - MINOR: mux-quic: remove the now unneeded conn_stream from the qcs
    - MINOR: mux-pt: remove the now unneeded conn_stream from the context
    - CLEANUP: muxes: make mux->attach/detach take a conn_stream endpoint
    - MINOR: applet: replace cs_applet_shut() with appctx_shut()
    - MINOR: applet: add appctx_strm() and appctx_cs() to access common fields
    - CLEANUP: applet: remove the unneeded appctx->owner
    - CLEANUP: conn_stream: merge cs_new_from_{mux,applet} into cs_new_from_endp()
    - MINOR: ext-check: indicate the transport and protocol of a server
    - BUG/MEDIUM: mux-quic: fix a thinko in the latest cs/endpoint cleanup
    - MINOR: tools: improve error message accuracy in str2sa_range
    - MINOR: config: make sure never to mix dgram and stream protocols on a bind line
    - BUG/MINOR: ncbuf: fix coverity warning on uninit sz_data
    - MINOR: xprt_quic: adjust flow-control according to bufsize
    - MEDIUM: mux-quic/h3/hq-interop: use ncbuf for bidir streams
    - MEDIUM: mux-quic/h3/qpack: use ncbuf for uni streams
    - CLEANUP: mux-quic: remove unused fields for Rx
    - CLEANUP: quic: remove unused quic_rx_strm_frm
2022-05-14 16:05:50 +02:00
Willy Tarreau
e979796584 [RELEASE] Released version 2.6-dev9
Released version 2.6-dev9 with the following main changes :
    - MINOR: mux-quic: support full request channel buffer
    - BUG/MINOR: h3: fix parsing of unknown frame type with null length
    - CLEANUP: backend: make alloc_{bind,dst}_address() idempotent
    - MEDIUM: stream: remove the confusing SF_ADDR_SET flag
    - MINOR: conn_stream: remove the now unused CS_FL_ADDR_*_SET flags
    - CLEANUP: protocol: make sure the connect_* functions always receive a dst
    - MINOR: connection: get rid of the CO_FL_ADDR_*_SET flags
    - MINOR: session: get rid of the now unused SESS_FL_ADDR_*_SET flags
    - CLEANUP: mux: Useless xprt_quic-t.h inclusion
    - MINOR: quic: Make the quic_conn be aware of the number of streams
    - BUG/MINOR: quic: Dropped retransmitted STREAM frames
    - BUG/MINOR: mux_quic: Dropped packet upon retransmission for closed streams
    - MEDIUM: httpclient: remove url2sa to use a more flexible parser
    - MEDIUM: httpclient: http-request rules for resolving
    - MEDIUM: httpclient: allow address and port change for resolving
    - CLEANUP: httpclient: remove the comment about resolving
    - MINOR: httpclient: handle unix and other socket types in dst
    - MINOR: httpclient: rename dash by dot in global option
    - MINOR: init: exit() after pre-check upon error
    - MINOR: httpclient: cleanup the error handling in init
    - MEDIUM: httpclient: hard-error when SSL is configured
    - MINOR: httpclient: allow to configure the ca-file
    - MINOR: httpclient: configure the resolvers section to use
    - MINOR: httpclient: allow ipv4 or ipv6 preference for resolving
    - DOC: configuration: httpclient global option
    - MINOR: conn-stream: Add mask from flags set by endpoint or app layer
    - BUG/MEDIUM: conn-stream: Only keep app layer flags of the endpoint on reset
    - BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message
    - BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified
    - DOC: config: Update doc for PR/PH session states to warn about rewrite failures
    - MINOR: resolvers: cleanup alert/warning in parse-resolve-conf
    - MINOR: resolvers: move the resolv.conf parser in parse_resolv_conf()
    - MINOR: resolvers: resolvers_new() create a resolvers with default values
    - BUILD: debug: unify the definition of ha_backtrace_to_stderr()
    - BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port]
    - MEDIUM: resolvers: create a "default" resolvers section at startup
    - DOC: resolvers: default resolvers section
    - BUG/MINOR: startup: usage() when no -cc arguments
    - BUG/MEDIUM: resolvers: make "show resolvers" properly yield
    - BUG/MEDIUM: cli: make "show cli sockets" really yield
    - BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend"
    - BUG/MINOR: map/cli: protect the backref list during "show map" errors
    - BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init
    - BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts
    - BUG/MINOR: ssl/cli: fix "show ssl ca-file <name>" not to mix cli+ssl contexts
    - BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts
    - BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts
    - CLEANUP: ssl/cli: do not loop on unknown states in "add ssl crt-list" handler
    - MINOR: applet: reserve some generic storage in the applet's context
    - CLEANUP: applet: make appctx_new() initialize the whole appctx
    - CLEANUP: stream/cli: take the "show sess" context definition out of the appctx
    - CLEANUP: stream/cli: stop using appctx->st2 for the dump state
    - CLEANUP: stream/cli: remove the unneeded init state from "show sess"
    - CLEANUP: stream/cli: remove the unneeded STATE_FIN state from "show sess"
    - CLEANUP: stream/cli: remove the now unneeded dump state from "show sess"
    - CLEANUP: proxy/cli: take the "show errors" context definition out of the appctx
    - CLEANUP: stick-table/cli: take the "show table" context definition out of the appctx
    - CLEANUP: stick-table/cli: stop using appctx->st2 for the dump state
    - CLEANUP: stick-table/cli: remove the unneeded STATE_INIT for "show table"
    - CLEANUP: map/cli: take the "show map" context definition out of the appctx
    - CLEANUP: map/cli: stop using cli.i0/i1 to store the generation numbers
    - CLEANUP: map/cli: stop using appctx->st2 for the dump state
    - CLEANUP: map/cli: always detach the backref from the list after "show map"
    - CLEANUP: peers/cli: take the "show peers" context definition out of the appctx
    - CLEANUP: peers/cli: stop using appctx->st2 for the dump state
    - CLEANUP: peers/cli: remove unneeded state STATE_INIT
    - CLEANUP: cli: initialize the whole appctx->ctx, not just the stats part
    - CLEANUP: promex: make the applet use its own context
    - CLEANUP: promex: stop using appctx->st2
    - CLEANUP: stats/cli: take the "show stat" context definition out of the appctx
    - CLEANUP: stats/cli: stop using appctx->st2
    - CLEANUP: hlua/cli: take the hlua_cli context definition out of the appctx
    - CLEANUP: ssl/cli: use a local context for "show cafile"
    - CLEANUP: ssl/cli: use a local context for "show crlfile"
    - CLEANUP: ssl/cli: use a local context for "show ssl cert"
    - CLEANUP: ssl/cli: use a local context for "commit ssl cert"
    - CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl cert"
    - CLEANUP: ssl/cli: use a local context for "set ssl cert"
    - CLEANUP: ssl/cli: use a local context for "set ssl cafile"
    - CLEANUP: ssl/cli: use a local context for "set ssl crlfile"
    - CLEANUP: ssl/cli: use a local context for "commit ssl {ca|crl}file"
    - CLEANUP: ssl/cli: stop using appctx->st2 for "commit ssl ca/crl"
    - CLEANUP: ssl/cli: stop using ctx.cli.i0/i1/p0 for "show tls-keys"
    - CLEANUP: ssl/cli: add a new "dump_entries" field to "show_keys_ref"
    - CLEANUP: ssl/cli: make "show tlskeys" not use appctx->st2 anymore
    - CLEANUP: ssl/cli: make "show ssl ocsp-response" not use cli.p0 anymore
    - CLEANUP: ssl/cli: make "{show|dump} ssl crtlist" use its own context
    - CLEANUP: ssl/cli: make "add ssl crtlist" use its own context
    - CLEANUP: ssl/cli: make "add ssl crtlist" not use st2 anymore
    - CLEANUP: dns: stop abusing the sink forwarder's context
    - CLEANUP: sink: use the generic context to store the forwarder's context
    - CLEANUP: activity/cli: make "show profiling" not use ctx.cli anymore
    - CLEANUP: debug/cli: make "debug dev fd" not use ctx.cli anymore
    - CLEANUP: debug/cli: make "debug dev memstats" not use ctx.cli anymore
    - CLEANUP: ring: pass the ring watch flags to ring_attach_cli(), not in ctx.cli
    - CLEANUP: ring/cli: use a locally-defined context instead of using ctx.cli
    - CLEANUP: resolvers/cli: make "show resolvers" use a locally-defined context
    - CLEANUP: resolvers/cli: remove the unneeded appctx->st2 from "show resolvers"
    - CLEANUP: cache/cli: make use of a locally defined context for "show cache"
    - CLEANUP: proxy/cli: make use of a locally defined context for "show servers"
    - CLEANUP: proxy/cli: get rid of appctx->st2 in "show servers"
    - CLEANUP: proxy/cli: make "show backend" only use the generic context
    - CLEANUP: cli: make "show fd" use its own context
    - CLEANUP: cli: make "show env" use its own context
    - CLEANUP: cli: simplify the "show cli sockets" I/O handler
    - CLEANUP: cli: make "show cli sockets" use its own context
    - CLEANUP: httpclient/cli: use a locally-defined context instead of ctx.cli
    - CLEANUP: httpclient: do not use the appctx.ctx anymore
    - CLEANUP: peers: do not use appctx.ctx anymore
    - CLEANUP: spoe: do not use appctx.ctx anymore
    - BUILD: applet: mark the CLI's generic variables as deprecated
    - BUILD: applet: mark the appctx's st2 variable as deprecated
    - CLEANUP: cache: take the context out of appctx.ctx
    - MEDIUM: lua: move the cosocket storage outside of appctx.ctx
    - MINOR: lua: move the tcp service storage outside of appctx.ctx
    - MINOR: lua: move the http service context out of appctx.ctx
    - CLEANUP: cli: move the status print context into its own context
    - CLEANUP: stats: rename the stats state values an mark the old ones deprecated
    - DOC: internal: document the new cleaner approach to the appctx
    - MINOR: tcp: socket translate TCP_KEEPIDLE for macOs equivalent
    - DOC: fix typo "ant" for "and" in INSTALL
    - CI: dynamically determine actual version of h2spec
2022-05-08 11:44:15 +02:00
Willy Tarreau
026fef98a0 [RELEASE] Released version 2.6-dev8
Released version 2.6-dev8 with the following main changes :
    - BUG/MINOR: quic: fix use-after-free with trace on ACK consume
    - BUG/MINOR: rules: Forbid captures in defaults section if used by a backend
    - BUG/MEDIUM: rules: Be able to use captures defined in defaults section
    - BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments
    - BUG/MINOR: http-act: make release_http_redir() more robust
    - BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args
    - MINOR: sample: don't needlessly call c_none() in sample_fetch_as_type()
    - MINOR: sample: make the bool type cast to bin
    - MEDIUM: backend: add new "balance hash <expr>" algorithm
    - MINOR: init: add global setting "fd-hard-limit" to bound system limits
    - BUILD: pollers: use an initcall to register the pollers
    - BUILD: xprt: use an initcall to register the transport layers
    - BUILD: thread: use initcall instead of a constructor
    - BUILD: http: remove the two unused constructors in rules and ana
    - CLEANUP: compression: move the default setting of maxzlibmem to defaults
    - MINOR: tree-wide: always consider EWOULDBLOCK in addition to EAGAIN
    - BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time'
    - MINOR: fd: add functions to set O_NONBLOCK and FD_CLOEXEC
    - CLEANUP: tree-wide: use fd_set_nonblock() and fd_set_cloexec()
    - CLEANUP: tree-wide: remove 25 occurrences of unneeded fcntl.h
    - REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
    - REGTESTS: webstats: remove unused stats socket in /tmp
    - MEDIUM: httpclient: disable SSL when the ca-file couldn't be loaded
    - BUG/MINOR: httpclient/lua: error when the httpclient_start() fails
    - BUG/MINOR: ssl: free the cafile entries on deinit
    - BUG/MINOR: ssl: memory leak when trying to load a directory with ca-file
    - MEDIUM: httpclient: re-enable the verify by default
    - BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail
    - BUILD: compiler: properly distinguish weak and global symbols
    - MINOR: connection: Add way to disable active connection closing during soft-stop
    - BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option
    - CLEANUP: Destroy `http_err_chunks` members during deinit
    - BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit()
    - MINOR: Call deinit_and_exit(0) for `haproxy -vv`
    - BUILD: fd: disguise the fd_set_nonblock/cloexec result
    - BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all()
    - MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
    - CLEANUP: errors: also call deinit_errors_buffers() on deinit()
    - CLEANUP: chunks: release trash also in deinit
    - CLEANUP: deinit: release the pre-check callbacks
    - CLEANUP: deinit: release the config postparsers
    - CLEANUP: listeners/deinit: release accept queue tasklets on deinit
    - CLEANUP: connections/deinit: destroy the idle_conns tasks
    - BUG/MINOR: mux-quic: fix build in release mode
    - MINOR: mux-quic: adjust comment on emission function
    - MINOR: mux-quic: remove unused bogus qcc_get_stream()
    - BUG/MINOR: mux-quic: fix leak if cs alloc failure
    - MINOR: mux-quic: count local flow-control stream limit on reception
    - BUG/MINOR: h3: fix incomplete POST requests
    - BUG/MEDIUM: h3: fix use-after-free on mux Rx buffer wrapping
    - MINOR: mux-quic: partially copy Rx frame if almost full buf
    - MINOR: h3: change frame demuxing API
    - MINOR: mux-quic: add a app-layer context in qcs
    - MINOR: h3: implement h3 stream context
    - MINOR: h3: support DATA demux if buffer full
    - MINOR: quic: decode as much STREAM as possible
    - MINOR: quic: Improve qc_prep_pkts() flexibility
    - MINOR: quic: Prepare quic_frame struct duplication
    - MINOR: quic: Do not retransmit frames from coalesced packets
    - MINOR: quic: Add traces about TX frame memory releasing
    - MINOR: quic: process_timer() rework
    - MEDIUM: quic: New functions for probing rework
    - MEDIUM: quic: Retransmission functions rework
    - MEDIUM: quic: qc_requeue_nacked_pkt_tx_frms() rework
    - MINOR: quic: old data distinction for qc_send_app_pkt()
    - MINOR: quic: Mark packets as probing with old data
    - MEDIUM: quic: Mark copies of acknowledged frames as acknowledged
    - MEDIUM: quic: Enable the new datagram probing process
    - MINOR: quic: Do not send ACK frames when probing
    - BUG/MINOR: quic: Wrong returned status by qc_build_frms()
    - BUG/MINOR: quic: Avoid sending useless PADDING frame
    - BUG/MINOR: quic: Traces fix about remaining frames upon packet build failure
    - MINOR: quic: Wake up the mux to probe with new data
    - BUG/MEDIUM: quic: Possible crash on STREAM frame loss
    - BUG/MINOR: quic: Missing Initial packet length check
    - CLEANUP: quic: Rely on the packet length set by qc_lstnr_pkt_rcv()
    - MINOR: quic: Drop 0-RTT packets if not allowed
    - BUG/MINOR: httpclient/ssl: use the correct verify constant
    - BUG/MEDIUM: conn-stream: Don't erase endpoint flags on reset
    - BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel
    - BUG/MINOR: httpclient: Count metadata in size to transfer via htx_xfer_blks()
    - MINOR: httpclient: Don't use co_set_data() to decrement output
    - BUG/MINOR: conn_stream: do not confirm a connection from the frontend path
    - MEDIUM: quic: do not ACK packet with STREAM if MUX not present
    - MEDIUM: quic: do not ack packet with invalid STREAM
    - MINOR: quic: Drop 0-RTT packets without secrets
    - CLEANUP: quic: Remaining fprintf() debug trace
    - MINOR: quic: moving code for QUIC loss detection
    - BUG/MINOR: quic: Missing time threshold multiplifier for loss delay computation
    - CI: github actions: update LibreSSL to 3.5.2
    - SCRIPTS: announce-release: add URL of dev packages
2022-04-30 14:17:51 +02:00
Willy Tarreau
3e69fcc240 [RELEASE] Released version 2.6-dev7
Released version 2.6-dev7 with the following main changes :
    - BUILD: calltrace: fix wrong include when building with TRACE=1
    - MINOR: ssl: Use DH parameters defined in RFC7919 instead of hard coded ones
    - MEDIUM: ssl: Disable DHE ciphers by default
    - BUILD: ssl: Fix compilation with OpenSSL 1.0.2
    - MINOR: mux-quic: split xfer and STREAM frames build
    - REORG: quic: use a dedicated module for qc_stream_desc
    - MINOR: quic-stream: use distinct tree nodes for quic stream and qcs
    - MINOR: quic-stream: add qc field
    - MEDIUM: quic: implement multi-buffered Tx streams
    - MINOR: quic-stream: refactor ack management
    - MINOR: quic: limit total stream buffers per connection
    - MINOR: mux-quic: implement immediate send retry
    - MINOR: cfg-quic: define tune.quic.conn-buf-limit
    - MINOR: ssl: Add 'show ssl providers' cli command and providers list in -vv option
    - REGTESTS: ssl: Update error messages that changed with OpenSSLv3.1.0-dev
    - BUG/MEDIUM: quic: Possible crash with released mux
    - BUG/MINOR: mux-quic: unsubscribe on release
    - BUG/MINOR: mux-quic: handle null timeout
    - BUG/MEDIUM: logs: fix http-client's log srv initialization
    - BUG/MINOR: mux-quic: remove dead code in qcs_xfer_data()
    - DEV: stream: Fix conn-streams dump in full stream message
    - CLEANUP: conn-stream: Rename cs_conn_close() and cs_conn_drain_and_close()
    - CLEANUP: conn-stream: Rename cs_applet_release()
    - MINOR: conn-stream: Rely on endpoint shutdown flags to shutdown an applet
    - BUG/MINOR: cache: Disable cache if applet creation fails
    - BUG/MINOR: backend: Don't allow to change backend applet
    - BUG/MEDIUM: conn-stream: Set back CS to RDY state when the appctx is created
    - MINOR: stream: Don't needlessly detach server endpoint on early client abort
    - MINOR: conn-stream: Make cs_detach_* private and use cs_destroy() from outside
    - MINOR: init: add the pre-check callback
    - MEDIUM: httpclient: change the init sequence
    - MEDIUM: httpclient/ssl: verify required
    - MINOR: httpclient/mworker: disable in the master process
    - MEDIUM: httpclient/ssl: verify is configurable and disabled by default
    - BUG/MAJOR: connection: Never remove connection from idle lists outside the lock
    - BUG/MEDIUM: mux-quic: fix stalled POST requets
    - BUG/MINOR: mux-quic: fix POST with abortonclose
    - MINOR: task: add a new task_instant_wakeup() function
    - MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
    - DOC: remove my name from the config doc
2022-04-23 04:38:36 +02:00
Willy Tarreau
a8b1065b6b [RELEASE] Released version 2.6-dev6
Released version 2.6-dev6 with the following main changes :
    - CLEANUP: connection: reduce the with of the mux dump output
    - CI: Update to actions/checkout@v3
    - CI: Update to actions/cache@v3
    - DOC: adjust QUIC instruction in INSTALL
    - BUG/MINOR: stats: define the description' background color in dark color scheme
    - BUILD: ssl: add USE_ENGINE and disable the openssl engine by default
    - BUILD: makefile: pass USE_ENGINE to cflags
    - BUILD: xprt-quic: replace ERR_func_error_string() with ERR_peek_error_func()
    - DOC: install: document the fact that SSL engines are not enabled by default
    - CI: github actions: disable -Wno-deprecated
    - BUILD: makefile: silence unbearable OpenSSL deprecation warnings
    - MINOR: sock: check configured limits at the sock layer, not the listener's
    - MINOR: connection: add a new flag CO_FL_FDLESS on fd-less connections
    - MINOR: connection: add conn_fd() to retrieve the FD only when it exists
    - MINOR: stream: only dump connections' FDs when they are valid
    - MINOR: connection: use conn_fd() when displaying connection errors
    - MINOR: connection: skip FD-based syscalls for FD-less connections
    - MEDIUM: connection: panic when calling FD-specific functions on FD-less conns
    - MINOR: mux-quic: properly set the flags and name fields
    - MINOR: connection: rearrange conn_get_src/dst to be a bit more extensible
    - MINOR: protocol: add get_src() and get_dst() at the protocol level
    - MINOR: quic-sock: provide a pair of get_src/get_dst functions
    - MEDIUM: ssl: improve retrieval of ssl_sock_ctx and SSL detection
    - MEDIUM: ssl: stop using conn->xprt_ctx to access the ssl_sock_ctx
    - MEDIUM: xprt-quic: implement get_ssl_sock_ctx()
    - MEDIUM: quic: move conn->qc into conn->handle
    - BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx
    - BUILD: ssl: add an unchecked version of __conn_get_ssl_sock_ctx()
    - MINOR: ssl: refine the error testing for fc_err and fc_err_str
    - BUG/MINOR: sock: do not double-close the accepted socket on the error path
    - CI: cirrus: switch to FreeBSD-13.0
    - MINOR: log: add '~' to frontend when the transport layer provides SSL
    - BUILD/DEBUG: lru: fix printf format in debug code
    - BUILD: peers: adjust some printf format to silence cppcheck
    - BUILD/DEBUG: hpack-tbl: fix format string in standalone debug code
    - BUILD/DEBUG: hpack: use unsigned int in printf format in debug code
    - BUILD: halog: fix some incorrect signs in printf formats for integers
    - BUG/MINOR: h3: fix build with DEBUG_H3
    - BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
    - BUG/MINOR: cache: do not display expired entries in "show cache"
    - BUG/MINOR: mux-h1: Don't release unallocated CS on error path
    - MINOR: applet: Make .init callback more generic
    - MINOR: conn-stream: Add flags to set the type of the endpoint
    - MEDIUM: applet: Set the appctx owner during allocation
    - MAJOR: conn-stream: Invert conn-stream endpoint and its context
    - REORG: Initialize the conn-stream by hand in cs_init()
    - MEDIUM: conn-stream: Add an endpoint structure in the conn-stream
    - MINOR: conn-stream: Move some CS flags to the endpoint
    - MEDIUM: conn-stream: Be able to pass endpoint to create a conn-stream
    - MEDIUM: conn-stream: Pre-allocate endpoint to create CS from muxes and applets
    - REORG: applet: Uninline appctx_new function
    - MAJOR: conn-stream: Share endpoint struct between the CS and the mux/applet
    - MEDIUM: conn-stream: Move remaning flags from CS to endpoint
    - MINOR: mux-pt: Rely on the endpoint instead of the conn-stream when possible
    - MINOR: conn-stream: Add ISBACK conn-stream flag
    - MINOR: conn-stream: Add header file with util functions related to conn-streams
    - MEDIUM: tree-wide: Use CS util functions instead of SI ones
    - MINOR: stream-int/txn: Move buffer for L7 retries in the HTTP transaction
    - CLEANUP: http-ana: Remove http_alloc_txn() function
    - MINOR: stream-int/stream: Move conn_retries counter in the stream
    - MINOR: stream: Simplify retries counter calculation
    - MEDIUM: stream-int/conn-stream: Move src/dst addresses in the conn-stream
    - MINOR: stream-int/conn-stream: Move half-close timeout in the conn-stream
    - MEDIUM: stream-int/stream: Use connect expiration instead of SI expiration
    - MINOR: stream-int/conn-stream: Report error to the CS instead of the SI
    - MEDIUM: conn-stream: Use endpoint error instead of conn-stream error
    - MINOR: channel: Use conn-streams as channel producer and consumer
    - MINOR: stream-int: Remove SI_FL_KILL_CON to rely on conn-stream endpoint only
    - MINOR: mux-h2/mux-fcgi: Fully rely on CS_EP_KILL_CONN
    - MINOR: stream-int: Remove SI_FL_NOLINGER/NOHALF to rely on CS flags instead
    - MINOR: stream-int: Remove SI_FL_DONT_WAKE to rely on CS flags instead
    - MINOR: stream-int: Remove SI_FL_INDEP_STR to rely on CS flags instead
    - MINOR: stream-int: Remove SI_FL_SRC_ADDR to rely on stream flags instead
    - CLEANUP: stream-int: Remove unused SI_FL_CLEAN_ABRT flag
    - MINOR: stream: Only save previous connection state for the server side
    - MEDIUM: stream-int: Move SI err_type in the stream
    - MEDIUM: stream-int/conn-stream: Move stream-interface state in the conn-stream
    - MINOR: stream-int/stream: Move si_retnclose() in the stream scope
    - MINOR: stream-int/backend: Move si_connect() in the backend scope
    - MINOR: stream-int/conn-stream: Move si_conn_ready() in the conn-stream scope
    - MINOR: conn-stream/connection: Move SHR/SHW modes in the connection scope
    - MEDIUM: conn-stream: Be prepared to fail to attach a cs to a mux
    - MEDIUM: stream-int/conn-stream: Handle I/O subscriptions in the conn-stream
    - MINOR: conn-stream: Rename CS functions dedicated to connections
    - MINOR: stream-int/conn-stream: Move si_shut* and si_chk* in conn-stream scope
    - MEDIUM: stream-int/conn-stream: Move si_ops in the conn-stream scope
    - MINOR: applet: Use the CS to register and release applets instead of SI
    - MINOR: connection: unconst mux's get_fist_cs() callback function
    - MINOR: stream-int/connection: Move conn_si_send_proxy() in the connection scope
    - REORG: stream-int: Export si_cs_recv(), si_cs_send() and si_cs_process()
    - REORG: stream-int: Move si_is_conn_error() in the header file
    - REORG: conn-stream: Move cs_shut* and cs_chk* in cs_utils
    - REORG: conn-stream: Move cs_app_ops in conn_stream.c
    - MINOR: stream-int-conn-stream: Move si_update_* in conn-stream scope
    - MINOR: stream-int/stream: Move si_update_both in stream scope
    - MEDIUM: conn-stream/applet: Add a data callback for applets
    - MINOR: stream-int/conn-stream: Move stream_int_read0() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move stream_int_notify() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move si_cs_io_cb() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move si_sync_recv/send() in conn-stream scope
    - MINOR: conn-stream: Move si_conn_cb in the conn-stream scope
    - MINOR: stream-int/conn-stream Move si_is_conn_error() in the conn-stream scope
    - MINOR: stream-int/conn-stream: Move si_alloc_ibuf() in the conn-stream scope
    - CLEANUP: stream-int:  Remove unused SI functions
    - MEDIUM: stream-int/conn-stream: Move blocking flags from SI to CS
    - MEDIUM: stream-int/conn-stream: Move I/O functions to conn-stream
    - REORG: stream-int/conn-stream: Move remaining functions to conn-stream
    - MINOR: stream: Use conn-stream to report server error
    - MINOR: http-ana: Use CS to perform L7 retries
    - MEDIUM: stream: Don't use the stream-int anymore in process_stream()
    - MINOR: conn-stream: Remove the stream-interface from the conn-stream
    - DEV: flags: No longer dump SI flags
    - CLEANUP: tree-wide: Remove any ref to stream-interfaces
    - CLEANUP: conn-stream: Don't export internal functions
    - DOC: conn-stream: Add comments on functions of the new CS api
    - MEDIUM: check: Use a new conn-stream for each health-check run
    - CLEANUP: muxes: Remove MX_FL_CLEAN_ABRT flag
    - MINOR: conn-stream: Use a dedicated function to conditionally remove a CS
    - CLEANUP: conn-stream: rename cs_register_applet() to cs_applet_create()
    - MINOR: muxes: Improve show_fd callbacks to dump endpoint flags
    - MINOR: mux-h1: Rely on the endpoint instead of the conn-stream when possible
    - BUG/MINOR: quic: Avoid starting the mux if no ALPN sent by the client
    - BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
    - BUILD: initcall: mark the __start_i_* symbols as weak, not global
    - BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
    - BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive
    - MINOR: muxes: Don't expect to have a mux without connection in destroy callback
    - MINOR: muxes: Don't handle proto upgrade for muxes not supporting it
    - MINOR: muxes: Don't expect to call release function with no mux defined
    - MINOR: conn-stream: Use unsafe functions to get conn/appctx in cs_detach_endp
    - BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
    - BUILD: http-client: Avoid dead code when compiled without SSL support
    - BUG/MINOR: mux-quic: prevent a crash in session_free on mux.destroy
    - BUG/MINOR: quic-sock: do not double free session on conn init failure
    - BUG/MINOR: quic: fix return value for error in start
    - MINOR: quic: emit CONNECTION_CLOSE on app init error
    - BUILD: sched: workaround crazy and dangerous warning in Clang 14
    - BUILD: compiler: use a more portable set of asm(".weak") statements
    - BUG/MEDIUM: stream: do not abort connection setup too early
    - CLEANUP: extcheck: do not needlessly preset the server's address/port
    - MINOR: extcheck: fill in the server's UNIX socket address when known
    - BUG/MEDIUM: connection: Don't crush context pointer location if it is a CS
    - BUG/MEDIUM: quic: properly clean frames on stream free
    - BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added
    - BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
    - MINOR: tcp_sample: clarifying samples support per os, for further expansion.
    - MINOR: tcp_sample: extend support for get_tcp_info to macOs.
    - SCRIPTS: announce-release: update the doc's URL
    - DOC: lua: update a few doc URLs
    - SCRIPTS: announce-release: add shortened links to pending issues
2022-04-16 12:15:47 +02:00
Willy Tarreau
d3b4cd11f7 [RELEASE] Released version 2.6-dev5
Released version 2.6-dev5 with the following main changes :
    - DOC: reflect H2 timeout changes
    - BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing
    - BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing
    - BUG/MINOR: log: Initialize the list element when allocating a new log server
    - BUG/MINOR: samples: add missing context names for sample fetch functions
    - MINOR: management: add some basic keyword dump infrastructure
    - MINOR: config: add a function to dump all known config keywords
    - MINOR: filters: extend flt_dump_kws() to dump to stdout
    - MINOR: services: extend list_services() to dump to stdout
    - MINOR: cli: add a new keyword dump function
    - MINOR: acl: add a function to dump the list of known ACL keywords
    - MINOR: samples: add a function to list register sample fetch keywords
    - MINOR: sample: list registered sample converter functions
    - MINOR: tools: add strordered() to check whether strings are ordered
    - MINOR: action: add a function to dump the list of actions for a ruleset
    - MINOR: config: alphanumerically sort config keywords output
    - MINOR: sample: alphanumerically sort sample & conv keyword dumps
    - MINOR: acl: alphanumerically sort the ACL dump
    - MINOR: cli: alphanumerically sort the dump of supported commands
    - MINOR: filters: alphabetically sort the list of filter names
    - MINOR: services: alphabetically sort service names
    - MEDIUM: httpclient/lua: be stricter with httpclient parameters
    - MINOR: ssl: split the cert commit io handler
    - MINOR: ssl: move the cert_exts and the CERT_TYPE enum
    - MINOR: ssl: simplify the certificate extensions array
    - MINOR: ssl: export ckch_inst_rebuild()
    - MINOR: ssl: add "crt" in the cert_exts array
    - MINOR: ssl/lua: CertCache.set() allows to update an SSL certificate file
    - BUILD: ssl/lua: CacheCert needs OpenSSL
    - DOC: lua: CertCache class documentation
    - BUG/MEDIUM: quic: do not use qcs from quic_stream on ACK parsing
    - MINOR: mux-quic: return qcs instance from qcc_get_qcs
    - MINOR: mux-quic: reorganize qcs free
    - MINOR: mux-quic: define release app-ops
    - BUG/MINOR: h3: release resources on close
    - BUG/MINOR: mux-quic: ensure to free all qcs on MUX release
    - CLEANUP: quic: complete comment on qcs_try_to_consume
    - MINOR: quic: implement stream descriptor for transport layer
    - MEDIUM: quic: move transport fields from qcs to qc_conn_stream
    - MEDIUM: mux-quic: remove qcs tree node
    - BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
    - DOC: management: add missing dot in 9.4.1
    - BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
    - DOC: remove double blanks in configuration.txt
    - CI: github actions: update OpenSSL to 3.0.2
    - BUG/MEDIUM: quic: Possible crash in ha_quic_set_encryption_secrets()
    - CLEANUP: quic: Remove all atomic operations on quic_conn struct
    - CLEANUP: quic: Remove all atomic operations on packet number spaces
    - MEDIUM: quic: Send ACK frames asap
    - BUG/MINOR: quic: Missing probing packets when coalescing
    - BUG/MINOR: quic: Discard Initial packet number space only one time
    - MINOR: quic: Do not display any timer value from process_timer()
    - BUG/MINOR: quic: Do not probe from an already probing packet number space
    - BUG/MINOR: quic: Non duplicated frames upon fast retransmission
    - BUG/MINOR: quic: Too much prepared retransmissions due to anti-amplification
    - MINOR: quic: Useless call to SSL_CTX_set_default_verify_paths()
    - MINOR: quic: Add traces about list of frames
    - BUG/MINOR: h3: Missing wait event struct field initialization
    - BUG/MINOR: quic: QUIC TLS secrets memory leak
    - BUG/MINOR: quic: Missing ACK range deallocations
    - BUG/MINOR: quic: Missing TX packet deallocations
    - CLEANUP: hpack: be careful about integer promotion from uint8_t
    - OPTIM: hpack: read 32 bits at once when possible.
    - MEDIUM: ssl: allow loading of a directory with the ca-file directive
    - BUG/MINOR: ssl: continue upon error when opening a directory w/ ca-file
    - MINOR: ssl: ca-file @system-ca loads the system trusted CA
    - DOC: configuration: add the ca-file changes
    - MINOR: sample: converter: Add add_item convertor
    - BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL
    - BUG/MINOR: ssl/cli: Remove empty lines from CLI output
    - MINOR: httpclient: enable request buffering
    - MEDIUM: httpclient: enable l7-retry
    - BUG/MINOR: httpclient: end callback in applet release
    - MINOR: quic: Add draining connection state.
    - MINOR: quic: Add closing connection state
    - BUG/MEDIUM: quic: ensure quic-conn survives to the MUX
    - CLEANUP: quic: use static qualifer on quic_close
    - CLEANUP: mux-quic: remove unused QC_CF_CC_RECV
    - BUG/MINOR: fix memleak on quic-conn streams cleaning
    - MINOR: mux-quic: factorize conn-stream attach
    - MINOR: mux-quic: adjust timeout to accelerate closing
    - MINOR: mux-quic: define is_active app-ops
    - MINOR: mux-quic: centralize send operations in qc_send
    - MEDIUM: mux-quic: report CO_FL_ERROR on send
    - MEDIUM: mux-quic: report errors on conn-streams
    - MEDIUM: quic: report closing state for the MUX
    - BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
    - BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
    - BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet
    - BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
    - BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached
    - BUG/MINOR: http_client: Don't add input data on an empty request buffer
    - BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
    - BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
    - CLEANUP: mux-quic: remove uneeded TODO in qc_detach
    - BUG/MEDIUM: mux-quic: properly release conn-stream on detach
    - BUG/MINOR: quic: set the source not the destination address on accept()
    - BUG/MEDIUM: quic: Possible crash from quic_free_arngs()
    - MINOR: quic_tls: Add reusable cipher contexts to QUIC TLS contexts
    - MINOR: quic_tls: Stop hardcoding cipher IV lengths
    - CLEANUP: quic: Do not set any cipher/group from ssl_quic_initial_ctx()
    - MINOR: quic: Add short packet key phase bit values to traces
    - MINOR: quic_tls: Make key update use of reusable cipher contexts
    - BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set()
    - BUG/BUILD: opentracing: fixed OT_DEFINE variable setting
    - EXAMPLES: opentracing: refined shell scripts for testing filter performance
    - DOC: opentracing: corrected comments in function descriptions
    - CLEANUP: opentracing: removed unused function flt_ot_var_unset()
    - CLEANUP: opentracing: removed unused function flt_ot_var_get()
    - Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'"
    - MINOR: opentracing: only takes the variables lock on shared entries
    - CLEANUP: opentracing: added flt_ot_smp_init() function
    - CLEANUP: opentracing: added variable to store variable length
    - MINOR: opentracing: improved normalization of context variable names
    - DEBUG: opentracing: show return values of all functions in the debug output
    - CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum
    - DEBUG: opentracing: display the contents of the err variable after setting
    - MAJOR: opentracing: reenable usage of vars to transmit opentracing context
    - Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time"
    - MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window
2022-04-09 11:31:40 +02:00
Willy Tarreau
0541c2b978 [RELEASE] Released version 2.6-dev4
Released version 2.6-dev4 with the following main changes :
    - BUG/MEDIUM: httpclient: don't consume data before it was analyzed
    - CLEANUP: htx: remove unused co_htx_remove_blk()
    - BUG/MINOR: httpclient: consume partly the blocks when necessary
    - BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
    - BUG/MEDIUM: httpclient: must manipulate head, not first
    - REGTESTS: fix the race conditions in be2hex.vtc
    - BUG/MEDIUM: quic: Blocked STREAM when retransmitted
    - BUG/MAJOR: quic: Possible crash with full congestion control window
    - BUG/MINOR: httpclient/lua: stuck when closing without data
    - BUG/MEDIUM: applet: Don't call .release callback function twice
    - BUG/MEDIUM: cli/debug: Properly get the stream-int in all debug I/O handlers
    - BUG/MEDIUM: sink: Properly get the stream-int in appctx callback functions
    - DEV: udp: switch parser to getopt() instead of positional arguments
    - DEV: udp: add support for random packet corruption
    - MINOR: server: export server_parse_sni_expr() function
    - BUG/MINOR: httpclient: send the SNI using the host header
    - BUILD: httpclient: fix build without SSL
    - BUG/MINOR: server/ssl: free the SNI sample expression
    - BUG/MINOR: logs: fix logsrv leaks on clean exit
    - MINOR: actions: add new function free_act_rule() to free a single rule
    - BUG/MINOR: tcp-rules: completely free incorrect TCP rules on error
    - BUG/MINOR: http-rules: completely free incorrect TCP rules on error
    - BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA
    - BUG/MINOR: httpclient: process the response when received before the end of the request
    - BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty()
    - CI: github actions: switch to LibreSSL-3.5.1
    - BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
    - BUG/MEDIUM: stream-int: do not rely on the connection error once established
    - BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner
    - MEDIUM: mux-h2: slightly relax timeout management rules
    - BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
    - BUG/MINOR: rules: Initialize the list element when allocating a new rule
    - BUG/MINOR: http-rules: Don't free new rule on allocation failure
    - DEV: coccinelle: Fix incorrect replacement in ist.cocci
    - CLEANUP: Reapply ist.cocci with `--include-headers-for-types --recursive-includes`
    - DEV: coccinelle: Add a new pattern to ist.cocci
    - CLEANUP: Reapply ist.cocci
    - REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+
    - MINOR: quic: Code factorization (TX buffer reuse)
    - CLEANUP: quic: "largest_acked_pn" pktns struc member moving
    - MEDIUM: quic: Limit the number of ACK ranges
    - MEDIUM: quic: Rework of the TX packets memory handling
    - BUG/MINOR: quic: Possible crash in parse_retry_token()
    - BUG/MINOR: quic: Possible leak in quic_build_post_handshake_frames()
    - BUG/MINOR: quic: Unsent frame because of qc_build_frms()
    - BUG/MINOR: mux-quic: Access to empty frame list from qc_send_frames()
    - BUG/MINOR: mux-quic: Missing I/O handler events initialization
    - BUG/MINOR: quic: Missing TX packet initializations
    - BUG/MINOR: quic: 1RTT packets ignored after mux was released
    - BUG/MINOR: quic: Incorrect peer address validation
    - BUG/MINOR: quic: Non initialized variable in quic_build_post_handshake_frames()
    - BUG/MINOR: quic: Wrong TX packet related counters handling
    - MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
    - DOC: config: Explictly add supported MQTT versions
    - MINOR: quic: Add traces about stream TX buffer consumption
    - MINOR: quic: Add traces in qc_set_timer() (scheduling)
    - CLEANUP: mux-quic: change comment style to not mess with git conflict
    - CLEANUP: mux-quic: adjust comment for coding-style
    - MINOR: mux-quic: complete trace when stream is not found
    - MINOR: mux-quic: add comments for send functions
    - MINOR: mux-quic: use shorter name for flow-control fields
    - MEDIUM: mux-quic: respect peer bidirectional stream data limit
    - MEDIUM: mux-quic: respect peer connection data limit
    - MINOR: mux-quic: support MAX_STREAM_DATA frame parsing
    - MINOR: mux-quic: support MAX_DATA frame parsing
    - BUILD: stream-int: avoid a build warning when DEBUG is empty
    - BUG/MINOR: quic: Wrong buffer length passed to generate_retry_token()
    - BUG/MINOR: tools: fix url2sa return value with IPv4
    - MINOR: mux-quic: convert fin on push-frame as boolean
    - BUILD: quic: add missing includes
    - REORG: quic: use a dedicated quic_loss.c
    - MINOR: mux-quic: declare the qmux trace module
    - MINOR: mux-quic: replace printfs by traces
    - MINOR: mux-quic: add trace event for frame sending
    - MINOR: mux-quic: add trace event for qcs_push_frame
    - MINOR: mux-quic: activate qmux traces on stdout via macro
    - BUILD: qpack: fix unused value when not using DEBUG_HPACK
    - CLEANUP: qpack: suppress by default stdout traces
    - CLEANUP: h3: suppress by default stdout traces
    - BUG/MINOR: tools: url2sa reads too far when no port nor path
2022-03-26 08:31:33 +01:00
Willy Tarreau
bc8b7a14ff [RELEASE] Released version 2.6-dev3
Released version 2.6-dev3 with the following main changes :
    - DEBUG: rename WARN_ON_ONCE() to CHECK_IF()
    - DEBUG: improve BUG_ON output message accuracy
    - DEBUG: implement 4 levels of choices between warn and crash.
    - DEBUG: add two new macros to enable debugging in hot paths
    - DEBUG: buf: replace some sensitive BUG_ON() with BUG_ON_HOT()
    - DEBUG: buf: add BUG_ON_HOT() to most buffer management functions
    - MINOR: channel: don't use co_set_data() to decrement output
    - DEBUG: channel: add consistency checks using BUG_ON_HOT() in some key functions
    - MINOR: conn-stream: Improve API to have safe/unsafe accessors
    - MEDIUM: tree-wide: Use unsafe conn-stream API when it is relevant
    - CLEANUP: stream-int: Make si_cs_send() function static
    - REORG: stream-int: Uninline si_sync_recv() and make si_cs_recv() private
    - BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
    - BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
    - REGTESTS: fix the race conditions in normalize_uri.vtc
    - DEBUG: stream-int: Fix BUG_ON used to test appctx in si_applet_ops callbacks
    - BUILD: debug: fix build warning on older compilers around DEBUG_STRICT_ACTION
    - CLEANUP: connection: Indicate unreachability to the compiler in conn_recv_proxy
    - MINOR: connection: Transform safety check in PROXYv2 parsing into BUG_ON()
    - DOC: install: it's DEBUG_CFLAGS, not DEBUG, which is set to -g
    - DOC: install: describe the DEP variable
    - DOC: install: describe how to choose options used in the DEBUG variable
    - MINOR: queue: Replace if() + abort() with BUG_ON()
    - CLEANUP: adjust indentation in bidir STREAM handling function
    - MINOR: quic: simplify copy of STREAM frames to RX buffer
    - MINOR: quic: handle partially received buffered stream frame
    - MINOR: mux-quic: define flag for last received frame
    - BUG/MINOR: quic: support FIN on Rx-buffered STREAM frames
    - MEDIUM: quic: rearchitecture Rx path for bidirectional STREAM frames
    - REGTESTS: fix the race conditions in secure_memcmp.vtc
    - CLEANUP: stream: Remove useless tests on conn-stream in stream_dump()
    - BUILD: ssl: another build warning on LIBRESSL_VERSION_NUMBER
    - MINOR: quic: Ensure PTO timer is not set in the past
    - MINOR: quic: Post handshake I/O callback switching
    - MINOR: quic: Drop the packets of discarded packet number spaces
    - CLEANUP: quic: Useless tests in qc_try_rm_hp()
    - CLEANUP: quic: Indentation fix in qc_prep_pkts()
    - MINOR: quic: Assemble QUIC TLS flags at the same level
    - BUILD: conn_stream: avoid null-deref warnings on gcc 6
    - BUILD: connection: do not declare register_mux_proto() inline
    - BUILD: http_rules: do not declare http_*_keywords_registre() inline
    - BUILD: trace: do not declare trace_registre_source() inline
    - BUILD: tcpcheck: do not declare tcp_check_keywords_register() inline
    - DEBUG: reduce the footprint of BUG_ON() calls
    - BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
    - BUG/MINOR: pool: always align pool_heads to 64 bytes
    - DEV: udp: add a tiny UDP proxy for testing
    - DEV: udp: implement pseudo-random reordering/loss
    - DEV: udp: add an optional argument to set the prng seed
    - BUG/MINOR: quic: fix segfault on CC if mux uninitialized
    - BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
    - CLEANUP: tree-wide: remove a few rare non-ASCII chars
    - CI: coverity: simplify debugging options
    - CLEANUP: quic: complete ABORT_NOW with a TODO comment
    - MINOR: quic: qc_prep_app_pkts() implementation
    - MINOR: quic: Send short packet from a frame list
    - MINOR: quic: Make qc_build_frms() build ack-eliciting frames from a list
    - MINOR: quic: Export qc_send_app_pkts()
    - MINOR: mux-quic: refactor transport parameters init
    - MINOR: mux-quic: complete functions to detect stream type
    - MINOR: mux-quic: define new unions for flow-control fields
    - MEDIUM: mux-quic: use direct send transport API for STREAMs
    - MINOR: mux-quic: retry send opportunistically for remaining frames
    - MEDIUM: mux-quic: implement MAX_STREAMS emission for bidir streams
    - BUILD: fix kFreeBSD build.
    - MINOR: quic: Retry on qc_build_pkt() failures
    - BUG/MINOR: quic: Missing recovery start timer reset
    - CLEANUP: quic: Remove QUIC path manipulations out of the congestion controller
    - MINOR: quic: Add a "slow start" callback to congestion controller
    - MINOR: quic: Persistent congestion detection outside of controllers
    - CLEANUP: quic: Remove useless definitions from quic_cc_event struct
    - BUG/MINOR: quic: Confusion betwen "in_flight" and "prep_in_flight" in quic_path_prep_data()
    - MINOR: quic: More precise window update calculation
    - CLEANUP: quic: Remove window redundant variable from NewReno algorithm state struct
    - MINOR: quic: Add quic_max_int_by_size() function
    - BUG/MAJOR: quic: Wrong quic_max_available_room() returned value
    - MINOR: pools: add a new global option "no-memory-trimming"
    - BUG/MINOR: add missing modes in proxy_mode_str()
    - BUG/MINOR: cli: shows correct mode in "show sess"
    - BUG/MEDIUM: quic: do not drop packet on duplicate stream/decoding error
    - MINOR: stats: Add dark mode support for socket rows
    - BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
    - BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
    - BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
    - BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
    - DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
    - BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
    - DEBUG: stream: Add the missing descriptions for stream trace events
    - DEBUG: stream: Fix stream trace message to print response buffer state
    - MINOR: proxy: Store monitor_uri as a `struct ist`
    - MINOR: proxy: Store fwdfor_hdr_name as a `struct ist`
    - MINOR: proxy: Store orgto_hdr_name as a `struct ist`
    - MEDIUM: proxy: Store server_id_hdr_name as a `struct ist`
    - CLEANUP: fcgi: Replace memcpy() on ist by istcat()
    - CLEANUP: fcgi: Use `istadv()` in `fcgi_strm_send_params`
    - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
    - DOC: sample fetch methods: move distcc_* to the right locations
    - MINOR: rules: record the last http/tcp rule that gave a final verdict
    - MINOR: stream: add "last_rule_file" and "last_rule_line" samples
    - BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
    - MINOR: quic: Add max_idle_timeout advertisement handling
    - MEDIUM: quic: Remove the QUIC connection reference counter
    - BUG/MINOR: quic: ACK_REQUIRED and ACK_RECEIVED flag collision
    - BUG/MINOR: quic: Missing check when setting the anti-amplification limit as reached
    - MINOR: quic: Add a function to compute the current PTO
    - MEDIUM: quic: Implement the idle timeout feature
    - BUG/MEDIUM: quic: qc_prep_app_pkts() retries on qc_build_pkt() failures
    - CLEANUP: quic: Comments fix for qc_prep_(app)pkts() functions
    - MINOR: mux-quic: prevent push frame for unidir streams
    - MINOR: mux-quic: improve opportunistic retry sending for STREAM frames
    - MINOR: quic: implement sending confirmation
    - MEDIUM: mux-quic: improve bidir STREAM frames sending
    - MEDIUM: check: do not auto configure SSL/PROXY for dynamic servers
    - REGTESTS: server: test SSL/PROXY with checks for dynamic servers
    - MEDIUM: server: remove experimental-mode for dynamic servers
    - BUG/MINOR: buffer: fix debugging condition in b_peek_varint()
2022-03-11 18:09:24 +01:00
Willy Tarreau
3b1d190831 [RELEASE] Released version 2.6-dev2
Released version 2.6-dev2 with the following main changes :
    - DOC: management: rework the Master CLI section
    - DOC: management: add expert and experimental mode in 9.4.1
    - CLEANUP: cleanup a commentary in pcli_parse_request()
    - BUG/MINOR: mworker/cli: don't display help on master applet
    - MINOR: mworker/cli: mcli-debug-mode enables every command
    - MINOR: mworker/cli: add flags in the prompt
    - BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
    - BUG/MEDIUM: httpclient: Xfer the request when the stream is created
    - MINOR: httpclient: Don't limit data transfer to 1024 bytes
    - BUILD: ssl: adjust guard for X509_get_X509_PUBKEY(x)
    - REGTESTS: ssl: skip show_ssl_ocspresponse.vtc when BoringSSL is used
    - MINOR: quic: Do not modify a marked as consumed datagram
    - MINOR: quic: Wrong datagram buffer passed to quic_lstnr_dgram_dispatch()
    - MINOR: quic: Remove a useless test in quic_get_dgram_dcid()
    - BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
    - CLEANUP: ssl: Remove unused ssl_sock_create_cert function
    - MINOR: ssl: Use high level OpenSSL APIs in sha2 converter
    - MINOR: ssl: Remove EC_KEY related calls when preparing SSL context
    - REGTESTS: ssl: Add test for "curves" and "ecdhe" SSL options
    - MINOR: ssl: Remove EC_KEY related calls when creating a certificate
    - REGTESTS: ssl: Add test for "generate-certificates" SSL option
    - MINOR: ssl: Remove call to SSL_CTX_set_tlsext_ticket_key_cb with OpenSSLv3
    - MINOR: ssl: Remove call to HMAC_Init_ex with OpenSSLv3
    - MINOR: h3: hardcode the stream id of control stream
    - MINOR: mux-quic: remove quic_transport_params_update
    - MINOR: quic: rename local tid variable
    - MINOR: quic: remove unused xprt rcv_buf operation
    - MINOR: quic: take out xprt snd_buf operation
    - CI: enable QUIC for Coverity scan
    - BUG/MINOR: mworker: does not erase the pidfile upon reload
    - MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3
    - MINOR: ssl: Remove call to ERR_load_SSL_strings with OpenSSLv3
    - REGTESTS: ssl: Add tests for DH related options
    - MINOR: ssl: Create HASSL_DH wrapper structure
    - MINOR: ssl: Add ssl_sock_get_dh_from_bio helper function
    - MINOR: ssl: Factorize ssl_get_tmp_dh and append a cbk to its name
    - MINOR: ssl: Add ssl_sock_set_tmp_dh helper function
    - MINOR: ssl: Add ssl_sock_set_tmp_dh_from_pkey helper function
    - MINOR: ssl: Add ssl_new_dh_fromdata helper function
    - MINOR: ssl: Build local DH of right size when needed
    - MINOR: ssl: Set default dh size to 2048
    - MEDIUM: ssl: Replace all DH objects by EVP_PKEY on OpenSSLv3 (via HASSL_DH type)
    - MINOR: ssl: Remove calls to SSL_CTX_set_tmp_dh_callback on OpenSSLv3
    - MINOR: quic: Remove an RX buffer useless lock
    - MINOR: quic: Variable used before being checked in ha_quic_add_handshake_data()
    - MINOR: quic: EINTR error ignored
    - MINOR: quic: Potential overflow expression in qc_parse_frm()
    - MINOR: quic: Possible overflow in qpack_get_varint()
    - CLEANUP: h3: Unreachable target in h3_uqs_init()
    - MINOR: quic: Possible memleak in qc_new_conn()
    - MINOR: quic: Useless statement in quic_crypto_data_cpy()
    - BUG/MEDIUM: pools: ensure items are always large enough for the pool_cache_item
    - BUG/MINOR: pools: always flush pools about to be destroyed
    - CLEANUP: pools: don't needlessly set a call mark during refilling of caches
    - DEBUG: pools: add extra sanity checks when picking objects from a local cache
    - DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
    - DEBUG: pools: replace the link pointer with the caller's address on pool_free()
    - BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
    - MINOR: quic: use a global dghlrs for each thread
    - BUG/MEDIUM: quic: fix crash on CC if mux not present
    - MINOR: qpack: fix typo in trace
    - BUG/MINOR: quic: fix FIN stream signaling
    - BUG/MINOR: h3: fix the header length for QPACK decoding
    - MINOR: h3: remove transfer-encoding header
    - MINOR: h3: add documentation on h3_decode_qcs
    - MINOR: h3: set properly HTX EOM/BODYLESS on HEADERS parsing
    - MINOR: mux-quic: implement rcv_buf
    - MINOR: mux-quic: set EOS on rcv_buf
    - MINOR: h3: set CS_FL_NOT_FIRST
    - MINOR: h3: report frames bigger than rx buffer
    - MINOR: h3: extract HEADERS parsing in a dedicated function
    - MINOR: h3: implement DATA parsing
    - MINOR: quic: Wrong smoothed rtt initialization
    - MINOR: quic: Wrong loss delay computation
    - MINOR: quic: Code never reached in qc_ssl_sess_init()
    - MINOR: quic: ha_quic_set_encryption_secrets without server specific code
    - MINOR: quic: Avoid warning about NULL pointer dereferences
    - MINOR: quic: Useless test in quic_lstnr_dghdlr()
    - MINOR: quic: Non checked returned value for cs_new() in hq_interop_decode_qcs()
    - MINOR: h3: Dead code in h3_uqs_init()
    - MINOR: quic: Non checked returned value for cs_new() in h3_decode_qcs()
    - MINOR: quic: Possible frame parsers array overrun
    - MINOR: quic: Do not retransmit too much packets.
    - MINOR: quic: Move quic_rxbuf_pool pool out of xprt part
    - MINOR: h3: report error on HEADERS/DATA parsing
    - BUG/MINOR: jwt: Double free in deinit function
    - BUG/MINOR: jwt: Missing pkey free during cleanup
    - BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
    - BUG/MINOR: httpclient/cli: display junk characters in vsn
    - MINOR: h3: remove unused return value on decode_qcs
    - BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
    - BUG/MAJOR: spoe: properly detach all agents when releasing the applet
    - REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
    - REGTESTS: peers: leave a bit more time to peers to synchronize
    - BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
    - BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
    - BUG/MINOR: httpclient: reinit flags in httpclient_start()
    - BUG/MINOR: mailers: negotiate SMTP, not ESMTP
    - MINOR: httpclient: sets an alternative destination
    - MINOR: httpclient/lua: add 'dst' optionnal field
    - BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
    - BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
    - BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
    - CLEANUP: httpclient/cli: fix indentation alignment of the help message
    - BUG/MINOR: tools: url2sa reads ipv4 too far
    - BUG/MEDIUM: httpclient: limit transfers to the maximum available room
    - DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
    - MINOR: mux-quic: fix a possible null dereference in qc_timeout_task
    - BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
    - BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
    - BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
    - DEBUG: stream-int: Check CS_FL_WANT_ROOM is not set with an empty input buffer
    - MINOR: quic: do not modify offset node if quic_rx_strm_frm in tree
    - MINOR: h3: fix compiler warning variable set but not used
    - MINOR: mux-quic: fix uninitialized return on qc_send
    - MINOR: quic: fix handling of out-of-order received STREAM frames
    - MINOR: pools: mark most static pool configuration variables as read-mostly
    - CLEANUP: pools: remove the now unused pool_is_crowded()
    - REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
    - BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
    - MINOR: httpclient/lua: ability to set a server timeout
    - BUG/MINOR: httpclient/lua: missing pop for new timeout parameter
    - DOC: httpclient/lua: fix the type of the dst parameter
    - CLEANUP: httpclient: initialize the client in stage INIT not REGISTER
    - CLEANUP: muxes: do not use a dynamic trash in list_mux_protos()
    - CLEANUP: vars: move the per-process variables initialization to vars.c
    - CLEANUP: init: remove the ifdef on HAPROXY_MEMMAX
    - MINOR: pools: disable redundant poisonning on pool_free()
    - MINOR: pools: introduce a new pool_debugging global variable
    - MINOR: pools: switch the fail-alloc test to runtime only
    - MINOR: pools: switch DEBUG_DONT_SHARE_POOLS to runtime
    - MINOR: pools: add a new debugging flag POOL_DBG_COLD_FIRST
    - MINOR: pools: add a new debugging flag POOL_DBG_INTEGRITY
    - MINOR: pools: make the global pools a runtime option.
    - MEDIUM: pools: replace CONFIG_HAP_POOLS with a runtime "NO_CACHE" flag.
    - MINOR: pools: store the allocated size for each pool
    - MINOR: pools: get rid of POOL_EXTRA
    - MINOR: pools: replace DEBUG_POOL_TRACING with runtime POOL_DBG_CALLER
    - MINOR: pools: replace DEBUG_MEMORY_POOLS with runtime POOL_DBG_TAG
    - MINOR: pools: add a debugging flag for memory poisonning option
    - MEDIUM: initcall: move STG_REGISTER earlier
    - MEDIUM: init: split the early initialization in its own function
    - MINOR: init: extract args parsing to their own function
    - MEDIUM: init: handle arguments earlier
    - MINOR: pools: delegate parsing of command line option -dM to a new function
    - MINOR: pools: support setting debugging options using -dM
    - BUILD: makefile: enable both DEBUG_STRICT and DEBUG_MEMORY_POOLS by default
    - CI: github: enable pool debugging by default
    - DOC: Fix usage/examples of deprecated ACLs
    - DOC: internal: update the pools API to mention boot-time settings
    - DOC: design: add design thoughts for later simplification of the pools
    - DOC: design: commit the temporary design notes on thread groups
    - MINOR: stream-int: Handle appctx case first when releasing the endpoint
    - MINOR: connection: Be prepared to handle conn-stream with no connection
    - MINOR: stream: Handle appctx case first when creating a new stream
    - MINOR: connection: Add a function to detach a conn-stream from the connection
    - MINOR: stream-int: Add function to reset a SI endpoint
    - MINOR: stream-int: Add function to attach a connection to a SI
    - MINOR: stream-int: Be able to allocate a CS without connection
    - MEDIUM: stream: No longer release backend conn-stream on connection retry
    - MEDIUM: stream: Allocate backend CS when the stream is created
    - REORG: conn_stream: move conn-stream stuff in dedicated files
    - MEDIUM: conn-stream: No longer access connection field directly
    - MEDIUM: conn-stream: Be prepared to use an appctx as conn-stream endpoint
    - MAJOR: conn_stream/stream-int: move the appctx to the conn-stream
    - MEDIUM: applet: Set the conn-stream as appctx owner instead of the stream-int
    - MEDIUM: conn_stream: Add a pointer to the app object into the conn-stream
    - MINOR: stream: Add pointer to front/back conn-streams into stream struct
    - MINOR: stream: Slightly rework stream_new to separate CS/SI initialization
    - MINOR: stream-int: Always access the stream-int via the conn-stream
    - MINOR: backend: Always access the stream-int via the conn-stream
    - MINOR: stream: Always access the stream-int via the conn-stream
    - MINOR: http-ana: Always access the stream-int via the conn-stream
    - MINOR: cli: Always access the stream-int via the conn-stream
    - MINOR: log: Always access the stream-int via the conn-stream
    - MINOR: frontend: Always access the stream-int via the conn-stream
    - MINOR: proxy: Always access the stream-int via the conn-stream
    - MINOR: peers: Always access the stream-int via the conn-stream
    - MINOR: debug: Always access the stream-int via the conn-stream
    - MINOR: hlua: Always access the stream-int via the conn-stream
    - MINOR: cache: Always access the stream-int via the conn-stream
    - MINOR: dns: Always access the stream-int via the conn-stream
    - MINOR: http-act: Always access the stream-int via the conn-stream
    - MINOR: httpclient: Always access the stream-int via the conn-stream
    - MINOR: tcp-act: Always access the stream-int via the conn-stream
    - MINOR: sink: Always access the stream-int via the conn-stream
    - MINOR: conn-stream: Rename cs_detach() to cs_detach_endp()
    - CLEANUP: conn-stream: Don't export conn-stream pool
    - MAJOR: stream/conn_stream: Move the stream-interface into the conn-stream
    - CLEANUP: stream-int: rename si_reset() to si_init()
    - MINOR: conn-stream: Release a CS when both app and endp are detached
    - MINOR: stream: Don't destroy conn-streams but detach app and endp
    - MAJOR: check: Use a persistent conn-stream for health-checks
    - CLEANUP: conn-stream: Remove cs_destroy()
    - CLEANUP: backend: Don't export connect_server anymore
    - BUG/MINOR: h3/hq_interop: Fix CS and stream creation
    - BUILD: tree-wide: Avoid warnings about undefined entities retrieved from a CS
    - BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
    - BUG/MEDIUM: quic: fix received ACK stream calculation
    - BUILD: stream: fix build warning with older compilers
    - BUG/MINOR: debug: fix get_tainted() to properly read an atomic value
    - DEBUG: move the tainted stuff to bug.h for easier inclusion
    - DEBUG: cleanup back trace generation
    - DEBUG: cleanup BUG_ON() configuration
    - DEBUG: mark ABORT_NOW() as unreachable
    - DBEUG: add a new WARN_ON() macro
    - DEBUG: make the _BUG_ON() macro return the condition
    - DEBUG: add a new WARN_ON_ONCE() macro
    - DEBUG: report BUG_ON() and WARN_ON() in the tainted flags
    - MINOR: quic: adjust buffer handling for STREAM transmission
    - MINOR: quic: liberate the TX stream buffer after ACK processing
    - MINOR: quic: add a TODO for a memleak frame on ACK consume
2022-02-25 17:12:11 +01:00
Willy Tarreau
2454d6ef5b [RELEASE] Released version 2.6-dev1
Released version 2.6-dev1 with the following main changes :
    - BUG/MINOR: cache: Fix loop on cache entries in "show cache"
    - BUG/MINOR: httpclient: allow to replace the host header
    - BUG/MINOR: lua: don't expose internal proxies
    - MEDIUM: mworker: seamless reload use the internal sockpairs
    - BUG/MINOR: lua: remove loop initial declarations
    - BUG/MINOR: mworker: does not add the -sf in wait mode
    - BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
    - MINOR: quic: do not reject PADDING followed by other frames
    - REORG: quic: add comment on rare thread concurrence during CID alloc
    - CLEANUP: quic: add comments on CID code
    - MEDIUM: quic: handle CIDs to rattach received packets to connection
    - MINOR: qpack: support litteral field line with non-huff name
    - MINOR: quic: activate QUIC traces at compilation
    - MINOR: quic: use more verbose QUIC traces set at compile-time
    - MEDIUM: pool: refactor malloc_trim/glibc and jemalloc api addition detections.
    - MEDIUM: pool: support purging jemalloc arenas in trim_all_pools()
    - BUG/MINOR: mworker: deinit of thread poller was called when not initialized
    - BUILD: pools: only detect link-time jemalloc on ELF platforms
    - CI: github actions: add the output of $CC -dM -E-
    - BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
    - BUILD: evports: remove a leftover from the dead_fd cleanup
    - MINOR: quic: Set "no_application_protocol" alert
    - MINOR: quic: More accurate immediately close.
    - MINOR: quic: Immediately close if no transport parameters extension found
    - MINOR: quic: Rename qc_prep_hdshk_pkts() to qc_prep_pkts()
    - MINOR: quic: Possible crash when inspecting the xprt context
    - MINOR: quic: Dynamically allocate the secrete keys
    - MINOR: quic: Add a function to derive the key update secrets
    - MINOR: quic: Add structures to maintain key phase information
    - MINOR: quic: Optional header protection key for quic_tls_derive_keys()
    - MINOR: quic: Add quic_tls_key_update() function for Key Update
    - MINOR: quic: Enable the Key Update process
    - MINOR: quic: Delete the ODCIDs asap
    - BUG/MINOR: vars: Fix the set-var and unset-var converters
    - MEDIUM: pool: Following up on previous pool trimming update.
    - BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
    - BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
    - MINOR: mux-h1: Improve H1 traces by adding info about http parsers
    - MINOR: mux-h1: register a stats module
    - MINOR: mux-h1: add counters instance to h1c
    - MINOR: mux-h1: count open connections/streams on stats
    - MINOR: mux-h1: add stat for total count of connections/streams
    - MINOR: mux-h1: add stat for total amount of bytes received and sent
    - REGTESTS: h1: Add a script to validate H1 splicing support
    - BUG/MINOR: server: Don't rely on last default-server to init server SSL context
    - BUG/MEDIUM: resolvers: Detach query item on response error
    - MEDIUM: resolvers: No longer store query items in a list into the response
    - BUG/MAJOR: segfault using multiple log forward sections.
    - BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
    - BUG/MINOR: resolvers: Don't overwrite the error for invalid query domain name
    - BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
    - BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
    - DOC: spoe: Clarify use of the event directive in spoe-message section
    - DOC: config: Specify %Ta is only available in HTTP mode
    - BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
    - IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
    - MINOR: quic: fix segfault on CONNECTION_CLOSE parsing
    - MINOR: h3: add BUG_ON on control receive function
    - MEDIUM: xprt-quic: finalize app layer initialization after ALPN nego
    - MINOR: h3: remove duplicated FIN flag position
    - MAJOR: mux-quic: implement a simplified mux version
    - MEDIUM: mux-quic: implement release mux operation
    - MEDIUM: quic: detect the stream FIN
    - MINOR: mux-quic: implement subscribe on stream
    - MEDIUM: mux-quic: subscribe on xprt if remaining data after send
    - MEDIUM: mux-quic: wake up xprt on data transferred
    - MEDIUM: mux-quic: handle when sending buffer is full
    - MINOR: quic: RX buffer full due to wrong CRYPTO data handling
    - MINOR: quic: Race issue when consuming RX packets buffer
    - MINOR: quic: QUIC encryption level RX packets race issue
    - MINOR: quic: Delete remaining RX handshake packets
    - MINOR: quic: Remove QUIC TX packet length evaluation function
    - MINOR: hq-interop: fix tx buffering
    - MINOR: mux-quic: remove uneeded code to check fin on TX
    - MINOR: quic: add HTX EOM on request end
    - BUILD: mux-quic: fix compilation with DEBUG_MEM_STATS
    - MINOR: http-rules: Add capture action to http-after-response ruleset
    - BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
    - MINOR: mux-quic: do not release qcs if there is remaining data to send
    - MINOR: quic: notify the mux on CONNECTION_CLOSE
    - BUG/MINOR: mux-quic: properly initialize flow control
    - MINOR: quic: Compilation fix for quic_rx_packet_refinc()
    - MINOR: h3: fix possible invalid dereference on htx parsing
    - DOC: config: retry-on list is space-delimited
    - DOC: config: fix error-log-format example
    - BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
    - MINOR: hq-interop: refix tx buffering
    - REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check
    - MINOR: cli: "show version" displays the current process version
    - CLEANUP: cfgparse: modify preprocessor guards around numa detection code
    - MEDIUM: cfgparse: numa detect topology on FreeBSD.
    - BUILD: ssl: unbreak the build with newer libressl
    - MINOR: vars: Move UPDATEONLY flag test to vars_set_ifexist
    - MINOR: vars: Set variable type to ANY upon creation
    - MINOR: vars: Delay variable content freeing in var_set function
    - MINOR: vars: Parse optional conditions passed to the set-var converter
    - MINOR: vars: Parse optional conditions passed to the set-var actions
    - MEDIUM: vars: Enable optional conditions to set-var converter and actions
    - DOC: vars: Add documentation about the set-var conditions
    - REGTESTS: vars: Add new test for conditional set-var
    - MINOR: quic: Attach timer task to thread for the connection.
    - CLEANUP: quic_frame: Remove a useless suffix to STOP_SENDING
    - MINOR: quic: Add traces for STOP_SENDING frame and modify others
    - CLEANUP: quic: Remove cdata_len from quic_tx_packet struct
    - MINOR: quic: Enable TLS 0-RTT if needed
    - MINOR: quic: No TX secret at EARLY_DATA encryption level
    - MINOR: quic: Add quic_set_app_ops() function
    - MINOR: ssl_sock: Set the QUIC application from ssl_sock_advertise_alpn_protos.
    - MINOR: quic: Make xprt support 0-RTT.
    - MINOR: qpack: Missing check for truncated QPACK fields
    - CLEANUP: quic: Comment fix for qc_strm_cpy()
    - MINOR: hq_interop: Stop BUG_ON() truncated streams
    - MINOR: quic: Do not mix packet number space and connection flags
    - CLEANUP: quic: Shorten a litte bit the traces in lstnr_rcv_pkt()
    - MINOR: mux-quic: fix trace on stream creation
    - CLEANUP: quic: fix spelling mistake in a trace
    - CLEANUP: quic: rename quic_conn conn to qc in quic_conn_free
    - MINOR: quic: add missing lock on cid tree
    - MINOR: quic: rename constant for haproxy CIDs length
    - MINOR: quic: refactor concat DCID with address for Initial packets
    - MINOR: quic: compare coalesced packets by DCID
    - MINOR: quic: refactor DCID lookup
    - MINOR: quic: simplify the removal from ODCID tree
    - REGTESTS: vars: Remove useless ssl tunes from conditional set-var test
    - MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
    - MINOR: quic: Increase the RX buffer for each connection
    - MINOR: quic: Add a function to list remaining RX packets by encryption level
    - MINOR: quic: Stop emptying the RX buffer asap.
    - MINOR: quic: Do not expect to receive only one O-RTT packet
    - MINOR: quic: Do not forget STREAM frames received in disorder
    - MINOR: quic: Wrong packet refcount handling in qc_pkt_insert()
    - DOC: fix misspelled keyword "resolve_retries" in resolvers
    - CLEANUP: quic: rename quic_conn instances to qc
    - REORG: quic: move mux function outside of xprt
    - MINOR: quic: add reference to quic_conn in ssl context
    - MINOR: quic: add const qualifier for traces function
    - MINOR: trace: add quic_conn argument definition
    - MINOR: quic: use quic_conn as argument to traces
    - MINOR: quic: add quic_conn instance in traces for qc_new_conn
    - MINOR: quic: Add stream IDs to qcs_push_frame() traces
    - MINOR: quic: unchecked qc_retrieve_conn_from_cid() returned value
    - MINOR: quic: Wrong dropped packet skipping
    - MINOR: quic: Handle the cases of overlapping STREAM frames
    - MINOR: quic: xprt traces fixes
    - MINOR: quic: Drop asap Retry or Version Negotiation packets
    - MINOR: pools: work around possibly slow malloc_trim() during gc
    - DEBUG: ssl: make sure we never change a servername on established connections
    - MINOR: quic: Add traces for RX frames (flow control related)
    - MINOR: quic: Add CONNECTION_CLOSE phrase to trace
    - REORG: quic: remove qc_ prefix on functions which not used it directly
    - BUG/MINOR: quic: upgrade rdlock to wrlock for ODCID removal
    - MINOR: quic: remove unnecessary call to free_quic_conn_cids()
    - MINOR: quic: store ssl_sock_ctx reference into quic_conn
    - MINOR: quic: remove unnecessary if in qc_pkt_may_rm_hp()
    - MINOR: quic: replace usage of ssl_sock_ctx by quic_conn
    - MINOR: quic: delete timer task on quic_close()
    - MEDIUM: quic: implement refcount for quic_conn
    - BUG/MINOR: quic: fix potential null dereference
    - BUG/MINOR: quic: fix potential use of uninit pointer
    - BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
    - BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
    - CI: Github Actions: do not show VTest failures if build failed
    - BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
    - MINOR: compat: detect support for dl_iterate_phdr()
    - MINOR: debug: add ability to dump loaded shared libraries
    - MINOR: debug: add support for -dL to dump library names at boot
    - BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
    - REGTESTS: ssl: fix ssl_default_server.vtc
    - BUG/MINOR: ssl: free the fields in srv->ssl_ctx
    - BUG/MEDIUM: ssl: free the ckch instance linked to a server
    - REGTESTS: ssl: update of a crt with server deletion
    - BUILD/MINOR: cpuset FreeBSD 14 build fix.
    - MINOR: pools: always evict oldest objects first in pool_evict_from_local_cache()
    - DOC: pool: document the purpose of various structures in the code
    - CLEANUP: pools: do not use the extra pointer to link shared elements
    - CLEANUP: pools: get rid of the POOL_LINK macro
    - MINOR: pool: allocate from the shared cache through the local caches
    - CLEANUP: pools: group list updates in pool_get_from_cache()
    - MINOR: pool: rely on pool_free_nocache() in pool_put_to_shared_cache()
    - MINOR: pool: make pool_is_crowded() always true when no shared pools are used
    - MINOR: pool: check for pool's fullness outside of pool_put_to_shared_cache()
    - MINOR: pool: introduce pool_item to represent shared pool items
    - MINOR: pool: add a function to estimate how many may be released at once
    - MEDIUM: pool: compute the number of evictable entries once per pool
    - MINOR: pools: prepare pool_item to support chained clusters
    - MINOR: pools: pass the objects count to pool_put_to_shared_cache()
    - MEDIUM: pools: centralize cache eviction in a common function
    - MEDIUM: pools: start to batch eviction from local caches
    - MEDIUM: pools: release cached objects in batches
    - OPTIM: pools: reduce local pool cache size to 512kB
    - CLEANUP: assorted typo fixes in the code and comments This is 29th iteration of typo fixes
    - CI: github actions: update OpenSSL to 3.0.1
    - BUILD/MINOR: tools: solaris build fix on dladdr.
    - BUG/MINOR: cli: fix _getsocks with musl libc
    - BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
    - MINOR: quic: Wrong traces after rework
    - MINOR: quic: Add trace about in flight bytes by packet number space
    - MINOR: quic: Wrong first packet number space computation
    - MINOR: quic: Wrong packet number space computation for PTO
    - MINOR: quic: Wrong loss time computation in qc_packet_loss_lookup()
    - MINOR: quic: Wrong ack_delay compution before calling quic_loss_srtt_update()
    - MINOR: quic: Remove nb_pto_dgrams quic_conn struct member
    - MINOR: quic: Wrong packet number space trace in qc_prep_pkts()
    - MINOR: quic: Useless test in qc_prep_pkts()
    - MINOR: quic: qc_prep_pkts() code moving
    - MINOR: quic: Speeding up Handshake Completion
    - MINOR: quic: Probe Initial packet number space more often
    - MINOR: quic: Probe several packet number space upon timer expiration
    - MINOR: quic: Comment fix.
    - MINOR: quic: Improve qc_prep_pkts() flexibility
    - MINOR: quic: Do not drop secret key but drop the CRYPTO data
    - MINOR: quic: Prepare Handshake packets asap after completed handshake
    - MINOR: quic: Flag asap the connection having reached the anti-amplification limit
    - MINOR: quic: PTO timer too often reset
    - MINOR: quic: Re-arm the PTO timer upon datagram receipt
    - MINOR: proxy: add option idle-close-on-response
    - MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
    - CI: refactor spelling check
    - CLEANUP: assorted typo fixes in the code and comments
    - BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
    - MINOR: quic: Only one CRYPTO frame by encryption level
    - MINOR: quic: Missing retransmission from qc_prep_fast_retrans()
    - MINOR: quic: Non-optimal use of a TX buffer
    - BUG/MEDIUM: mworker: don't use _getsocks in wait mode
    - BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
    - BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
    - DOC: internals: document the pools architecture and API
    - CI: github actions: clean default step conditions
    - BUILD: cpuset: fix build issue on macos introduced by previous change
    - MINOR: quic: Remaining TRACEs with connection as firt arg
    - MINOR: quic: Reset ->conn quic_conn struct member when calling qc_release()
    - MINOR: quic: Flag the connection as being attached to a listener
    - MINOR: quic: Wrong CRYPTO frame concatenation
    - MINOR: quid: Add traces quic_close() and quic_conn_io_cb()
    - REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
    - MINOR: quic: Do not dereference ->conn quic_conn struct member
    - MINOR: quic: fix return of quic_dgram_read
    - MINOR: quic: add config parse source file
    - MINOR: quic: implement Retry TLS AEAD tag generation
    - MEDIUM: quic: implement Initial token parsing
    - MINOR: quic: define retry_source_connection_id TP
    - MEDIUM: quic: implement Retry emission
    - MINOR: quic: free xprt tasklet on its thread
    - BUG/MEDIUM: connection: properly leave stopping list on error
    - MINOR: pools: enable pools with DEBUG_FAIL_ALLOC as well
    - MINOR: quic: As server, skip 0-RTT packet number space
    - MINOR: quic: Do not wakeup the I/O handler before the mux is started
    - BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
    - CI: github actions: use cache for OpenTracing
    - BUG/MINOR: httpclient: don't send an empty body
    - BUG/MINOR: httpclient: set default Accept and User-Agent headers
    - BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
    - BUILD/MINOR: fix solaris build with clang.
    - BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
    - CI: refactor OpenTracing build script
    - DOC: management: mark "set server ssl" as deprecated
    - MEDIUM: cli: yield between each pipelined command
    - MINOR: channel: add new function co_getdelim() to support multiple delimiters
    - BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
    - MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
    - MINOR: quic: Retransmit the TX frames in the same order
    - MINOR: quic: Remove the packet number space TX MT_LIST
    - MINOR: quic: Splice the frames which could not be added to packets
    - MINOR: quic: Add the number of TX bytes to traces
    - CLEANUP: quic: Replace <nb_pto_dgrams> by <probe>
    - MINOR: quic: Send two ack-eliciting packets when probing packet number spaces
    - MINOR: quic: Probe regardless of the congestion control
    - MINOR: quic: Speeding up handshake completion
    - MINOR: quic: Release RX Initial packets asap
    - MINOR: quic: Release asap TX frames to be transmitted
    - MINOR: quic: Probe even if coalescing
    - BUG/MEDIUM: cli: Never wait for more data on client shutdown
    - BUG/MEDIUM: mcli: do not try to parse empty buffers
    - BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
    - BUG/MINOR: stream: make the call_rate only count the no-progress calls
    - MINOR: quic: do not use quic_conn after dropping it
    - MINOR: quic: adjust quic_conn refcount decrement
    - MINOR: quic: fix race-condition on xprt tasklet free
    - MINOR: quic: free SSL context on quic_conn free
    - MINOR: quic: Add QUIC_FT_RETIRE_CONNECTION_ID parsing case
    - MINOR: quic: Wrong packet number space selection
    - DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
    - MINOR: quic: add missing include in quic_sock
    - MINOR: quic: fix indentation in qc_send_ppkts
    - MINOR: quic: remove dereferencement of connection when possible
    - MINOR: quic: set listener accept cb on parsing
    - MEDIUM: quic/ssl: add new ex data for quic_conn
    - MINOR: quic: initialize ssl_sock_ctx alongside the quic_conn
    - MINOR: ssl: fix build in release mode
    - MINOR: pools: partially uninline pool_free()
    - MINOR: pools: partially uninline pool_alloc()
    - MINOR: pools: prepare POOL_EXTRA to be split into multiple extra fields
    - MINOR: pools: extend pool_cache API to pass a pointer to a caller
    - DEBUG: pools: add new build option DEBUG_POOL_TRACING
    - DEBUG: cli: add a new "debug dev fd" expert command
    - MINOR: fd: register the write side of the poller pipe as well
    - CI: github actions: use cache for SSL libs
    - BUILD: debug/cli: condition test of O_ASYNC to its existence
    - BUILD: pools: fix build error on DEBUG_POOL_TRACING
    - MINOR: quic: refactor header protection removal
    - MINOR: quic: handle app data according to mux/connection layer status
    - MINOR: quic: refactor app-ops initialization
    - MINOR: receiver: define a flag for local accept
    - MEDIUM: quic: flag listener for local accept
    - MINOR: quic: do not manage connection in xprt snd_buf
    - MINOR: quic: remove wait handshake/L6 flags on init connection
    - MINOR: listener: add flags field
    - MINOR: quic: define QUIC flag on listener
    - MINOR: quic: create accept queue for QUIC connections
    - MINOR: listener: define per-thr struct
    - MAJOR: quic: implement accept queue
    - CLEANUP: mworker: simplify mworker_free_child()
    - BUILD/DEBUG: lru: update the standalone code to support the revision
    - DEBUG: lru: use a xorshift generator in the testing code
    - BUG/MAJOR: compiler: relax alignment constraints on certain structures
    - BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
    - MINOR: quic: No DCID length for datagram context
    - MINOR: quic: Comment fix about the token found in Initial packets
    - MINOR: quic: Get rid of a struct buffer in quic_lstnr_dgram_read()
    - MINOR: quic: Remove the QUIC haproxy server packet parser
    - MINOR: quic: Add new defintion about DCIDs offsets
    - MINOR: quic: Add a list to QUIC sock I/O handler RX buffer
    - MINOR: quic: Allocate QUIC datagrams from sock I/O handler
    - MINOR: proto_quic: Allocate datagram handlers
    - MINOR: quic: Pass CID as a buffer to quic_get_cid_tid()
    - MINOR: quic: Convert quic_dgram_read() into a task
    - CLEANUP: quic: Remove useless definition
    - MINOR: proto_quic: Wrong allocations for TX rings and RX bufs
    - MINOR: quic: Do not consume the RX buffer on QUIC sock i/o handler side
    - MINOR: quic: Do not reset a full RX buffer
    - MINOR: quic: Attach all the CIDs to the same connection
    - MINOR: quic: Make usage of by datagram handler trees
    - MEDIUM: da: new optional data file download scheduler service.
    - MEDIUM: da: update doc and build for new scheduler mode service.
    - MEDIUM: da: update module to handle schedule mode.
    - MINOR: quic: Drop Initial packets with wrong ODCID
    - MINOR: quic: Wrong RX buffer tail handling when no more contiguous data
    - MINOR: quic: Iterate over all received datagrams
    - MINOR: quic: refactor quic CID association with threads
    - BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
    - DEV: flags: Add missing flags
    - BUG/MINOR: sink: Use the right field in appctx context in release callback
    - MINOR: sock: move the unused socket cleaning code into its own function
    - BUG/MEDIUM: mworker: close unused transferred FDs on load failure
    - BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
    - BUILD: cpuset: do not use const on the source of CPU_AND/CPU_ASSIGN
    - BUILD: checks: fix inlining issue on set_srv_agent_[addr,port}
    - BUILD: vars: avoid overlapping field initialization
    - BUILD: server-state: avoid using not-so-portable isblank()
    - BUILD: mux_fcgi: avoid aliasing of a const struct in traces
    - BUILD: tree-wide: mark a few numeric constants as explicitly long long
    - BUILD: tools: fix warning about incorrect cast with dladdr1()
    - BUILD: task: use list_to_mt_list() instead of casting list to mt_list
    - BUILD: mworker: include tools.h for platforms without unsetenv()
    - BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
    - MINOR: mworker: set the master side of ipc_fd in the worker to -1
    - MINOR: mworker: allocate and initialize a mworker_proc
    - CI: Consistently use actions/checkout@v2
    - REGTESTS: Remove REQUIRE_VERSION=1.8 from all tests
    - MINOR: mworker: sets used or closed worker FDs to -1
    - MINOR: quic: Try to accept 0-RTT connections
    - MINOR: quic: Do not try to treat 0-RTT packets without started mux
    - MINOR: quic: Do not try to accept a connection more than one time
    - MINOR: quic: Initialize the connection timer asap
    - MINOR: quic: Do not use connection struct xprt_ctx too soon
    - Revert "MINOR: mworker: sets used or closed worker FDs to -1"
    - BUILD: makefile: avoid testing all -Wno-* options when not needed
    - BUILD: makefile: validate support for extra warnings by batches
    - BUILD: makefile: only compute alternative options if required
    - DEBUG: fd: make sure we never try to insert/delete an impossible FD number
    - MINOR: mux-quic: add comment
    - MINOR: mux-quic: properly initialize qcc flags
    - MINOR: mux-quic: do not consider CONNECTION_CLOSE for the moment
    - MINOR: mux-quic: create a timeout task
    - MEDIUM: mux-quic: delay the closing with the timeout
    - MINOR: mux-quic: release idle conns on process stopping
    - MINOR: listener: replace the listener's spinlock with an rwlock
    - BUG/MEDIUM: listener: read-lock the listener during accept()
    - MINOR: mworker/cli: set expert/experimental mode from the CLI
2022-02-01 18:06:59 +01:00
Willy Tarreau
f2e0833f16 [RELEASE] Released version 2.5.0
Released version 2.5.0 with the following main changes :
    - BUILD: SSL: add quictls build to scripts/build-ssl.sh
    - BUILD: SSL: add QUICTLS to build matrix
    - CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis
    - BUILD: cli: clear a maybe-unused  warning on some older compilers
    - BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword
    - BUG/MINOR: ssl: make SSL counters atomic
    - CLEANUP: assorted typo fixes in the code and comments
    - BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
    - MINOR: version: mention that it's stable now
2021-11-23 15:40:21 +01:00
Willy Tarreau
a99cdfb531 [RELEASE] Released version 2.5-dev15
Released version 2.5-dev15 with the following main changes :
    - BUG/MINOR: stick-table/cli: Check for invalid ipv6 key
    - CLEANUP: peers: Remove useless test on peer variable in peer_trace()
    - DOC: log: Add comments to specify when session's listener is defined or not
    - BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C
    - REGTESTS: ssl_crt-list_filters: feature cmd incorrectly set
    - DOC: internals: document the list API
    - BUG/MINOR: h3: ignore unknown frame types
    - MINOR: quic: redirect app_ops snd_buf through mux
    - MEDIUM: quic: inspect ALPN to install app_ops
    - MINOR: quic: support hq-interop
    - MEDIUM: quic: send version negotiation packet on unknown version
    - BUG/MEDIUM: mworker: cleanup the listeners when reexecuting
    - DOC: internals: document the scheduler API
    - BUG/MINOR: quic: fix version negotiation packet generation
    - CLEANUP: ssl: fix wrong #else commentary
    - MINOR: config: support default values for environment variables
    - SCRIPTS: run-regtests: reduce the number of processes needed to check options
    - SCRIPT: run-regtests: avoid several calls to grep to test for features
    - SCRIPT: run-regtests: avoid calling awk to compute the version
    - REGTEST: set retries count to zero for all tests that expect at 503
    - REGTESTS: make tcp-check_min-recv fail fast
    - REGTESTS: extend the default I/O timeouts and make them overridable
    - BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3
    - BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found
    - REGTESTS: ssl: test the TLS resumption
    - BUILD: makefile: stop opening sub-shells for each and every command
    - BUILD: makefile: reorder objects by build time
    - BUG/MEDIUM: mux-h2: always process a pending shut read
    - MINOR: quic_sock: missing CO_FL_ADDR_TO_SET flag
    - MINOR: quic: Possible wrong connection identification
    - MINOR: quic: Correctly pad UDP datagrams
    - MINOR: quic: Support transport parameters draft TLS extension
    - MINOR: quic: Anti-amplification implementation
    - MINOR: quic: Wrong Initial packet connection initialization
    - MINOR: quic: Wrong ACK range building
    - MINOR: quic: Update some QUIC protocol errors
    - MINOR: quic: Send CONNECTION_CLOSE frame upon TLS alert
    - MINOR: quic: Wrong largest acked packet number parsing
    - MINOR: quic: Add minimalistic support for stream flow control frames
    - MINOR: quic: Wrong value for version negotiation packet 'Unused' field
    - MINOR: quic: Support draft-29 QUIC version
    - BUG/MINOR: quic: fix segfault on trace for version negotiation
    - BUG/MINOR: hq-interop: fix potential NULL dereference
    - BUILD: quic: fix potential NULL dereference on xprt_quic
    - DOC: lua: documentation about the httpclient API
    - BUG/MEDIUM: cache/cli: make "show cache" thread-safe
    - BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found
    - BUG/MINOR: shctx: do not look for available blocks when the first one is enough
    - MINOR: shctx: add a few BUG_ON() for consistency checks
2021-11-19 19:30:04 +01:00
Willy Tarreau
d83f6e6224 [RELEASE] Released version 2.5-dev14
Released version 2.5-dev14 with the following main changes :
    - DEV: coccinelle: Remove unused `expression e`
    - DEV: coccinelle: Add rule to use `istend()` where possible
    - CLEANUP: Apply ist.cocci
    - CLEANUP: Re-apply xalloc_size.cocci
    - CLEANUP: halog: make the default usage message fit in small screens
    - MINOR: h3/qpack: fix gcc11 warnings
    - MINOR: mux-quic: fix gcc11 warning
    - MINOR: h3: fix potential NULL dereference
    - MINOR: quic: Fix potential null pointer dereference
    - CLEANUP: halog: remove unused strl2ui()
    - OPTIM: halog: improve field parser speed for modern compilers
    - OPTIM: halog: skip fields 64 bits at a time when supported
    - DEV: coccinelle: Add rule to use `isttrim()` where possible
    - CLEANUP: Apply ist.cocci
    - DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_memcat()`
    - DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_strncat()`
    - CLEANUP: Apply ist.cocci
    - CLEANUP: chunk: Remove duplicated chunk_Xcat implementation
    - CLEANUP: chunk: remove misleading chunk_strncat() function
    - BUG/MINOR: cache: properly ignore unparsable max-age in quotes
    - Revert "DEV: coccinelle: Add rule to use `chunk_istcat()` instead of `chunk_strncat()`"
    - DOC: stats: fix location of the text representation
    - DOC: internals: document the IST API
    - BUG/MINOR: httpclient/lua: rcv freeze when no request payload
    - BUG/MEDIUM: httpclient: channel_add_input() must use htx->data
    - MINOR: promex: backend aggregated server check status
    - DOC: config: Fix typo in ssl_fc_unique_id description
    - BUG/MINOR: http-ana: Apply stop to the current section for http-response rules
    - Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back"
    - DOC: config: Be more explicit in "allow" actions description
    - DOC: lua: Be explicit with the Reply object limits
    - MINOR: mux-h1: Slightly Improve H1 traces
    - BUG/MEDIUM: conn-stream: Don't reset CS flags on close
    - CLEANUP: mworker: remove any relative PID reference
    - MEDIUM: mworker: reexec in waitpid mode after successful loading
    - MINOR: mworker: clarify starting/failure messages
    - MINOR: mworker: only increment the number of reload in wait mode
    - MINOR: mworker: implement a reload failure counter
    - MINOR: mworker: ReloadFailed shown depending on failedreload
    - MINOR: mworker: change the way we set PROC_O_LEAVING
    - BUG/MINOR: mworker: doesn't launch the program postparser
    - DOC: management: edit the "show proc" example to show the current output
    - BUG/MEDIUM: httpclient/cli: free of unallocated hc->req.uri
    - REGTESTS: httpclient/lua: add greater body values
    - BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value
    - BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode
    - BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent
    - BUILD: makefile: simplify detection of libatomic
2021-11-14 16:04:57 +01:00
Willy Tarreau
08d3220de5 [RELEASE] Released version 2.5-dev13
Released version 2.5-dev13 with the following main changes :
    - SCRIPTS: git-show-backports: re-enable file-based filtering
    - MINOR: jwt: Make invalid static JWT algorithms an error in `jwt_verify` converter
    - MINOR: mux-h2: add trace on extended connect usage
    - BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support
    - MINOR: stream/mux: implement websocket stream flag
    - MINOR: connection: implement function to update ALPN
    - MINOR: connection: add alternative mux_ops param for conn_install_mux_be
    - MEDIUM: server/backend: implement websocket protocol selection
    - MINOR: server: add ws keyword
    - BUG/MINOR: resolvers: fix sent messages were counted twice
    - BUG/MINOR: resolvers: throw log message if trash not large enough for query
    - MINOR: resolvers/dns: split dns and resolver counters in dns_counter struct
    - MEDIUM: resolvers: rename dns extra counters to resolvers extra counters
    - BUG/MINOR: jwt: Fix jwt_parse_alg incorrectly returning JWS_ALG_NONE
    - DOC: add QUIC instruction in INSTALL
    - CLEANUP: halog: Remove dead stores
    - DEV: coccinelle: Add ha_free.cocci
    - CLEANUP: Apply ha_free.cocci
    - DEV: coccinelle: Add rule to use `istnext()` where possible
    - CLEANUP: Apply ist.cocci
    - REGTESTS: Use `feature cmd` for 2.5+ tests (2)
    - DOC: internals: move some API definitions to an "api" subdirectory
    - MINOR: quic: Allocate listener RX buffers
    - CLEANUP: quic: Remove useless code
    - MINOR: quic: Enhance the listener RX buffering part
    - MINOR: quic: Remove a useless lock for CRYPTO frames
    - MINOR: quic: Use QUIC_LOCK QUIC specific lock label.
    - MINOR: backend: Get client dst address to set the server's one only if needful
    - MINOR: compression: Warn for 'compression offload' in defaults sections
    - MEDIUM: connection: rename fc_conn_err and bc_conn_err to fc_err and bc_err
    - DOC: configuration: move the default log formats to their own section
    - MINOR: ssl: make the ssl_fc_sni() sample-fetch function always available
    - MEDIUM: log: add the client's SNI to the default HTTPS log format
    - DOC: config: add an example of reasonably complete error-log-format
    - DOC: config: move error-log-format before custom log format
2021-11-06 09:25:57 +01:00
Willy Tarreau
35dc13f224 [RELEASE] Released version 2.5-dev12
Released version 2.5-dev12 with the following main changes :
    - MINOR: httpclient: support payload within a buffer
    - MINOR: httpclient/lua: support more HTTP methods
    - MINOR: httpclient/lua: return an error when it can't generate the request
    - CLEANUP: lua: Remove any ambiguities about lua txn execution context flags
    - BUG/MEDIUM: lua: fix invalid return types in hlua_http_msg_get_body
    - CLEANUP: connection: No longer export make_proxy_line_v1/v2 functions
    - CLEANUP: tools: Use const address for get_net_port() and get_host_port()
    - CLEANUP: lua: Use a const address to retrieve info about a connection
    - MINOR: connection: Add function to get src/dst without updating the connection
    - MINOR: session: Add src and dst addresses to the session
    - MINOR: stream-int: Add src and dst addresses to the stream-interface
    - MINOR: frontend: Rely on client src and dst addresses at stream level
    - MINOR: log: Rely on client addresses at the appropriate level to log messages
    - MINOR: session: Rely on client source address at session level to log error
    - MINOR: http-ana: Rely on addresses at stream level to set xff and xot headers
    - MINOR: http-fetch: Rely on addresses at stream level in HTTP sample fetches
    - MINOR: mux-fcgi: Rely on client addresses at stream level to set default params
    - MEDIUM: tcp-sample: Rely on addresses at the appropriate level in tcp samples
    - MEDIUM: connection: Rely on addresses at stream level to make proxy line
    - MEDIUM: backend: Rely on addresses at stream level to init server connection
    - MEDIUM: connection: Assign session addresses when PROXY line is received
    - MEDIUM: connection: Assign session addresses when NetScaler CIP proto is parsed
    - MEDIUM: tcp-act: Set addresses at the apprioriate level in set-(src/dst) actions
    - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
    - DOC: config: Fix alphabetical order of fc_* samples
    - MINOR: tcp-sample: Add samples to get original info about client connection
    - REGTESTS: Add script to test client src/dst manipulation at different levels
    - MINOR: stream: Use backend stream-interface dst address instead of target_addr
    - BUILD: log: Fix compilation without SSL support
    - DEBUG: protocol: yell loudly during registration of invalid sock_domain
    - MINOR: protocols: add a new protocol type selector
    - MINOR: protocols: make use of the protocol type to select the protocol
    - MINOR: protocols: replace protocol_by_family() with protocol_lookup()
    - MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX
    - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_hmac()
    - CLEANUP: jwt: Remove the use of a trash buffer in jwt_jwsverify_rsa_ecdsa()
    - DEV: coccinelle: Add realloc_leak.cocci
    - CLEANUP: hlua: Remove obsolete branch in `hlua_alloc()`
    - BUILD: atomic: prefer __atomic_compare_exchange_n() for __ha_cas_dw()
    - BUILD: atomic: fix build on mac/arm64
    - MINOR: atomic: remove the memcpy() call and dependency on string.h
    - MINOR: httpclient: request streaming with a callback
    - MINOR: httpclient/lua: handle the streaming into the lua applet
    - REGTESTS: lua: test httpclient with body streaming
    - DOC: halog: Move the `-qry` parameter into the correct section in help text
    - MINOR: halog: Rename -qry to -query
    - CLEANUP: halog: Use consistent indentation in help()
    - BUG/MINOR: halog: Add missing newlines in die() messages
    - MINOR: halog: Add support for extracting captures using -hdr
    - DOC: Typo fixed "it" should be "is"
    - BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed
    - BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released
    - BUG/MEDIUM: resolvers: Don't recursively perform requester unlink
    - BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration
    - BUG/MINOR: http: Authorization value can have multiple spaces after the scheme
    - BUG/MINOR: http: http_auth_bearer fetch does not work on custom header name
    - BUG/MINOR: httpclient/lua: misplaced luaL_buffinit()
    - BUILD/MINOR: cpuset freebsd build fix
    - BUG/MINOR: httpclient: use a placeholder value for Host header
    - BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data
    - BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions
    - MINOR: stream: Improve dump of bogus streams
    - DOC/peers: some grammar fixes for peers 2.1 spec
    - MEDIUM: vars: make the var() sample fetch function really return type ANY
    - MINOR: vars: add "set-var" for "tcp-request connection" rules.
2021-11-02 18:05:41 +01:00
Willy Tarreau
b4d0cd02c1 [RELEASE] Released version 2.5-dev11
Released version 2.5-dev11 with the following main changes :
    - DEV: coccinelle: Add strcmp.cocci
    - CLEANUP: Apply strcmp.cocci
    - CI: Add `permissions` to GitHub Actions
    - CI: Clean up formatting in GitHub Action definitions
    - MINOR: add ::1 to predefined LOCALHOST acl
    - CLEANUP: assorted typo fixes in the code and comments
    - CLEANUP: Consistently `unsigned int` for bitfields
    - MEDIUM: resolvers: lower-case labels when converting from/to DNS names
    - MEDIUM: resolvers: replace bogus resolv_hostname_cmp() with memcmp()
    - MINOR: jwt: Empty the certificate tree during deinit
    - MINOR: jwt: jwt_verify returns negative values in case of error
    - MINOR: jwt: Do not rely on enum order anymore
    - BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error
    - MINOR: httpclient/cli: access should be only done from expert mode
    - DOC: management: doc about the CLI httpclient
    - BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors
    - BUG/MAJOR: dns: tcp session can remain attached to a list after a free
    - BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier
    - CLEANUP: dns: always detach the appctx from the dns session on release
    - DEBUG: dns: add a few more BUG_ON at sensitive places
    - BUG/MAJOR: resolvers: add other missing references during resolution removal
    - CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records()
    - BUILD: resolvers: avoid a possible warning on null-deref
    - BUG/MEDIUM: resolvers: always check a valid item in query_list
    - CLEANUP: always initialize the answer_list
    - CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters
    - CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT
    - MEDIUM: resolvers: use a kill list to preserve the list consistency
    - MEDIUM: resolvers: remove the last occurrences of the "safe" argument
    - BUG/MEDIUM: checks: fix the starting thread for external checks
    - MEDIUM: resolvers: replace the answer_list with a (flat) tree
    - MEDIUM: resolvers: hash the records before inserting them into the tree
    - BUG/MAJOR: buf: fix varint API post- vs pre- increment
    - OPTIM: resolvers: move the eb32 node before the data in the answer_item
    - MINOR: list: add new macro LIST_INLIST_ATOMIC()
    - OPTIM: dns: use an atomic check for the list membership
    - BUG/MINOR: task: do not set TASK_F_USR1 for no reason
    - BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame
    - MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close
    - MINOR: mux-h2: perform a full cycle shutdown+drain on close
    - CLEANUP: resolvers: get rid of single-iteration loop in resolv_get_ip_from_response()
    - MINOR: quic: Increase the size of handshake RX UDP datagrams
    - BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems
    - MINOR: memprof: report the delta between alloc and free on realloc()
    - MINOR: memprof: add one pointer size to the size of allocations
    - BUILD: fix compilation on NetBSD
    - MINOR: backend: add traces for idle connections reuse
    - BUG/MINOR: backend: fix improper insert in avail tree for always reuse
    - MINOR: backend: improve perf with tcp proxies skipping idle conns
    - MINOR: connection: remove unneeded memset 0 for idle conns
2021-10-22 19:40:44 +02:00
Willy Tarreau
f2b1b4dd14 [RELEASE] Released version 2.5-dev10
Released version 2.5-dev10 with the following main changes :
    - MINOR: initcall: Rename __GLOBL and __GLOBL1.
    - MINOR: rules: add a new function new_act_rule() to allocate act_rules
    - MINOR: rules: add a file name and line number to act_rules
    - MINOR: stream: report the current rule in "show sess all" when known
    - MINOR: stream: report the current filter in "show sess all" when known
    - CLEANUP: stream: Properly indent current_rule line in "show sess all"
    - BUG/MINOR: lua: Fix lua error handling in `hlua_config_prepend_path()`
    - CI: github: switch to OpenSSL 3.0.0
    - REGTESTS: ssl: Fix references to removed option in test description
    - MINOR: ssl: Add ssllib_name_startswith precondition
    - REGTESTS: ssl: Fix ssl_errors test for OpenSSL v3
    - REGTESTS: ssl: Reenable ssl_errors test for OpenSSL only
    - REGTESTS: ssl: Use mostly TLSv1.2 in ssl_errors test
    - MEDIUM: mux-quic: rationalize tx buffers between qcc/qcs
    - MEDIUM: h3: properly manage tx buffers for large data
    - MINOR: mux-quic: standardize h3 settings sending
    - CLEANUP: h3: remove dead code
    - MINOR: mux-quic: implement standard method to detect if qcc is dead
    - MEDIUM: mux-quic: defer stream shut if remaining tx data
    - MINOR: mux: remove last occurences of qcc ring buffer
    - MINOR: quic: handle CONNECTION_CLOSE frame
    - REGTESTS: ssl: re-enable set_ssl_cert_bundle.vtc
    - MINOR: ssl: add ssl_fc_is_resumed to "option httpslog"
    - MINOR: http: Add http_auth_bearer sample fetch
    - MINOR: jwt: Parse JWT alg field
    - MINOR: jwt: JWT tokenizing helper function
    - MINOR: jwt: Insert public certificates into dedicated JWT tree
    - MINOR: jwt: jwt_header_query and jwt_payload_query converters
    - MEDIUM: jwt: Add jwt_verify converter to verify JWT integrity
    - REGTESTS: jwt: Add tests for the jwt_verify converter
    - BUILD: jwt: fix declaration of EVP_KEY in jwt-h.h
    - MINOR: proto_tcp: use chunk_appendf() to ouput socket setup errors
    - MINOR: proto_tcp: also report the attempted MSS values in error message
    - MINOR: inet: report the faulty interface name in "bind" errors
    - MINOR: protocol: report the file and line number for binding/listening errors
    - MINOR: protocol: uniformize protocol errors
    - MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero
    - BUG/MEDIUM: resolver: make sure to always use the correct hostname length
    - BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records
    - MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero
    - MEDIUM: listeners: split the thread mask between receiver and bind_conf
    - MINOR: listeners: add clone_listener() to duplicate listeners at boot time
    - MEDIUM: listener: add the "shards" bind keyword
    - BUG/MEDIUM: resolvers: use correct storage for the target address
    - MINOR: resolvers: merge address and target into a union "data"
    - BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix
    - BUG/MEDIUM: jwt: fix base64 decoding error detection
    - BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs
    - DOC: jwt: fix a typo in the jwt_verify() keyword description
    - BUG/MEDIUM: sample/jwt: fix another instance of base64 error detection
    - BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back
    - BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data
    - DOC: config: Move 'tcp-response content' at the right place
    - BUG/MINOR: proxy: Use .disabled field as a bitfield as documented
    - MINOR: proxy: Introduce proxy flags to replace disabled bitfield
    - MINOR: sample/arg: Be able to resolve args found in defaults sections
    - MEDIUM: proxy: Warn about ambiguous use of named defaults sections
    - MINOR: proxy: Be able to reference the defaults section used by a proxy
    - MINOR: proxy: Add PR_FL_READY flag on fully configured and usable proxies
    - MINOR: config: Finish configuration for referenced default proxies
    - MINOR: config: No longer remove previous anonymous defaults section
    - MINOR: tcpcheck: Support 2-steps args resolution in defaults sections
    - MEDIUM: rules/acl: Parse TCP/HTTP rules and acls defined in defaults sections
    - MEDIUM: tcp-rules: Eval TCP rules defined in defaults sections
    - MEDIUM: http-ana: Eval HTTP rules defined in defaults sections
    - BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags
    - REGTESTS: Add scripts to test support of TCP/HTTP rules in defaults sections
    - DOC: config: Add documentation about TCP/HTTP rules in defaults section
    - DOC: config: Rework and uniformize how TCP/HTTP rules are documented
    - BUG/MINOR: proxy: Release ACLs and TCP/HTTP rules of default proxies
    - BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD
    - BUG/MINOR: sample: fix backend direction flags consecutive to last fix
    - BUG/MINOR: listener: fix incorrect return on out-of-memory
    - BUG/MINOR: listener: add an error check for unallocatable trash
    - CLEANUP: listeners: remove unreachable code in clone_listener()
2021-10-16 15:24:22 +02:00
Willy Tarreau
4c67bd6a06 [RELEASE] Released version 2.5-dev9
Released version 2.5-dev9 with the following main changes :
    - head-truc
    - REGTESTS: lua: test the httpclient:get() feature
    - Revert "head-truc"
    - BUG/MEDIUM: httpclient: replace ist0 by istptr
    - MINOR: config: use a standard parser for the "nbthread" keyword
    - CLEANUP: init: remove useless test against MAX_THREADS in affinity loop
    - MEDIUM: init: de-uglify the per-thread affinity setting
    - MINOR: init: extract the setup and end of threads to their own functions
    - MINOR: log: Try to get the status code when MUX_EXIT_STATUS is retrieved
    - MINOR: mux-h1: Set error code if possible when MUX_EXIT_STATUS is returned
    - MINOR: mux-h1: Be able to set custom status code on parsing error
    - MEDIUM: mux-h1: Reject HTTP/1.0 GET/HEAD/DELETE requests with a payload
    - MEDIUM: h1: Force close mode for invalid uses of T-E header
    - BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
    - MINOR: http: Add 422-Unprocessable-Content error message
    - MINOR: h1: Change T-E header parsing to fail if chunked encoding is found twice
    - BUG/MEDIUM: mux-h1/mux-fcgi: Reject messages with unknown transfer encoding
    - REGTESTS: Add script to validate T-E header parsing
    - REORG: pools: move default settings to defaults.h
    - DOC: peers: fix doc "enable" statement on "peers" sections
    - MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
    - MINOR: ssl: Set connection error code in case of SSL read or write fatal failure
    - MINOR: ssl: Rename ssl_bc_hsk_err to ssl_bc_err
    - MINOR: ssl: Store the last SSL error code in case of read or write failure
    - REGTESTS: ssl: enable show_ssl_ocspresponse.vtc again
    - REGTESTS: ssl: enable ssl_crt-list_filters.vtc again
    - BUG/MEDIUM: lua: fix wakeup condition from sleep()
    - BUG/MAJOR: lua: use task_wakeup() to properly run a task once
    - MINOR: arg: Be able to forbid unresolved args when building an argument list
    - BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
    - BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
    - MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
    - REGTESTS: ssl: show_ssl_ocspresponse w/ freebsd won't use base64
    - REGTESTS: ssl: wrong feature cmd in show_ssl_ocspresponse.vtc
    - CLEANUP: tasks: remove the long-unused work_lists
    - MINOR: task: provide 3 task_new_* wrappers to simplify the API
    - MINOR: time: uninline report_idle() and move it to task.c
    - REORG: sched: move idle time calculation from time.h to task.h
    - REORG: sched: move the stolen CPU time detection to sched_entering_poll()
    - BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
    - BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
    - MINOR: httpclient: destroy() must free the headers and the ists
    - MINOR: httpclient: set HTTPCLIENT_F_ENDED only in release
    - MINOR: httpclient: stop_and_destroy() ask the applet to autokill
    - MINOR: httpclient: test if started during stop_and_destroy()
    - MINOR: httpclient/lua: implement garbage collection
    - BUG/MEDIUM: httpclient/lua: crash because of b_xfer and get_trash_chunk()
    - MINOR: httpclient: destroy checks if a client was started but not stopped
    - BUG/MINOR: httpclient/lua: does not process headers when failed
    - MINOR: httpclient/lua: supports headers via named arguments
    - CLEANUP: server: always include the storage for SSL settings
    - CLEANUP: sample: rename sample_conv_var2smp() to *_sint
    - CLEANUP: sample: uninline sample_conv_var2smp_str()
    - MINOR: sample: provide a generic var-to-sample conversion function
    - BUG/MEDIUM: sample: properly verify that variables cast to sample
    - BUILD: action: add the relevant structures for function arguments
    - BUILD: extcheck: needs to include stream-t.h
    - BUILD: hlua: needs to include stream-t.h
    - BUILD: stats: define several missing structures in stats.h
    - BUILD: resolvers: define missing types in resolvers.h
    - BUILD: httpclient: include missing ssl_sock-t
    - BUILD: sample: include openssl-compat
    - BUILD: http_ana: need to include proxy-t to get redirect_rule
    - BUILD: http_rules: requires http_ana-t.h for REDIRECT_*
    - BUILD: vars: need to include xxhash
    - BUILD: peers: need to include eb{32/mb/pt}tree.h
    - BUILD: ssl_ckch: include ebpttree.h in ssl_ckch.c
    - BUILD: compiler: add the container_of() and container_of_safe() macros
    - BUILD: idleconns: include missing ebmbtree.h at several places
    - BUILD: connection: connection.h needs list.h and server.h
    - BUILD: tree-wide: add missing http_ana.h from many places
    - BUILD: cfgparse-ssl: add missing errors.h
    - BUILD: tcp_sample: include missing errors.h and session-t.h
    - BUILD: mworker: mworker-prog needs time.h for the 'now' variable
    - BUILD: tree-wide: add several missing activity.h
    - BUILD: compat: fix -Wundef on SO_REUSEADDR
    - CLEANUP: pools: pools-t.h doesn't need to include thread-t.h
    - REORG: pools: uninline the UAF allocator and force-inline the rest
    - REORG: thread: uninline the lock-debugging code
    - MINOR: thread/debug: replace nsec_now() with now_mono_time()
    - CLEANUP: remove some unneeded includes from applet-t.h
    - REORG: listener: move bind_conf_alloc() and listener_state_str() to listener.c
    - CLEANUP: listeners: do not include openssl-compat
    - CLEANUP: servers: do not include openssl-compat
    - REORG: ssl: move ssl_sock_is_ssl() to connection.h and rename it
    - CLEANUP: mux_fcgi: remove dependency on ssl_sock
    - CLEANUP: ssl/server: move ssl_sock_set_srv() to srv_set_ssl() in server.c
    - REORG: ssl-sock: move the sslconns/totalsslconns counters to global
    - REORG: sample: move the crypto samples to ssl_sample.c
    - REORG: sched: moved samp_time and idle_time to task.c as well
    - REORG: time/ticks: move now_ms and global_now_ms definitions to ticks.h
    - CLEANUP: tree-wide: remove unneeded include time.h in ~20 files
    - REORG: activity: uninline activity_count_runtime()
    - REORG: acitvity: uninline sched_activity_entry()
    - CLEANUP: stream: remove many unneeded includes from stream-t.h
    - CLEANUP: stick-table: no need to include socket nor in.h
    - MINOR: connection: use uint64_t for the hashes
    - REORG: connection: move the hash-related stuff to connection.c
    - REORG: connection: uninline conn_notify_mux() and conn_delete_from_tree()
    - REORG: server: uninline the idle conns management functions
    - REORG: ebtree: split structures into their own file ebtree-t.h
    - CLEANUP: tree-wide: only include ebtree-t from type files
    - REORG: connection: move the largest inlines from connection.h to connection.c
    - CLEANUP: connection: do not include http_ana!
    - CLEANUP: connection: remove unneeded tcpcheck-t.h and use only session-t.h
    - REORG: connection: uninline the rest of the alloc/free stuff
    - REORG: task: uninline the loop time measurement code
    - CLEANUP: time: move a few configurable defines to defaults.h
    - CLEANUP: fd: do not include time.h
    - REORG: fd: uninline compute_poll_timeout()
    - CLENAUP: wdt: use ha_tkill() instead of accessing pthread directly
    - REORG: thread: move the thread init/affinity/stop to thread.c
    - REORG: thread: move ha_get_pthread_id() to thread.c
    - MINOR: thread: use a dedicated static pthread_t array in thread.c
    - CLEANUP: thread: uninline ha_tkill/ha_tkillall/ha_cpu_relax()
    - DOC: configuration: add clarification on escaping in keyword arguments
    - BUG/MINOR: task: fix missing include with DEBUG_TASK
    - MINOR: pools: report the amount used by thread caches in "show pools"
    - MINOR: quic: Distinguish packet and SSL read enc. level in traces
    - MINOR: quic: Add a function to dump SSL stack errors
    - MINOR: quic: BUG_ON() SSL errors.
    - MINOR: quic: Fix SSL error issues (do not use ssl_bio_and_sess_init())
    - BUG/MEDIUM: mux-quic: reinsert all streams in by_id tree
    - BUG/MAJOR: xprt-quic: do not queue qc timer if not set
    - MINOR: mux-quic: release connection if no more bidir streams
    - BUG/MAJOR: quic: remove qc from receiver cids tree on free
    - BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames
    - MINOR: qpack: do not encode invalid http status code
    - MINOR: qpack: support non-indexed http status code encoding
    - MINOR: qpack: fix memory leak on huffman decoding
    - CLEANUP: mux-quic: remove unused code
    - BUG/MINOR: quic: fix includes for compilation
    - BUILD: connection: avoid a build warning on FreeBSD with SO_USER_COOKIE
    - BUILD: init: avoid a build warning on FreeBSD with USE_PROCCTL
    - REORG: time: move time-keeping code and variables to clock.c
    - REORG: clock: move the updates of cpu/mono time to clock.c
    - MINOR: activity: get the run_time from the clock updates
    - CLEANUP: clock: stop exporting before_poll and after_poll
    - REORG: clock: move the clock_id initialization to clock.c
    - REORG: clock/wdt: move wdt timer initialization to clock.c
    - MINOR: clock: move the clock_ids to clock.c
    - MINOR: wdt: move wd_timer to wdt.c
    - CLEANUP: wdt: do not remap SI_TKILL to SI_LWP, test the values directly
    - REORG: thread/sched: move the task_per_thread stuff to thread_ctx
    - REORG: thread/clock: move the clock parts of thread_info to thread_ctx
    - REORG: thread/sched: move the thread_info flags to the thread_ctx
    - REORG: thread/sched: move the last dynamic thread_info to thread_ctx
    - MINOR: thread: make "ti" a const pointer and clean up thread_info a bit
    - MINOR: threads: introduce a minimalistic notion of thread-group
    - MINOR: global: add a new "thread-groups" directive
    - MINOR: global: add a new "thread-group" directive
    - MINOR: threads: make tg point to the current thread's group
    - MEDIUM: threads: automatically assign threads to groups
    - MINOR: threads: set the group ID and its bit in the thread group
    - MINOR: threads: set the tid, ltid and their bit in thread_cfg
    - MEDIUM: threads: replace ha_set_tid() with ha_set_thread()
    - MINOR: threads: add the current group ID in thread-local "tgid" variable
    - MINOR: debug: report the group and thread ID in the thread dumps
    - MEDIUM: listeners: support the definition of thread groups on bind lines
    - MINOR: threads: add a new function to resolve config groups and masks
    - MEDIUM: config: resolve relative threads on bind lines to absolute ones
    - MEDIUM: stick-table: never learn the "conn_cur" value from peers
2021-10-08 18:22:24 +02:00
Willy Tarreau
538f3e04b5 [RELEASE] Released version 2.5-dev8
Released version 2.5-dev8 with the following main changes :
    - BUILD: compiler: fixed a missing test on  defined(__GNUC__)
    - BUILD: halog: fix a -Wundef warning on non-glibc systems
    - BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
    - BUG/MINOR: compat: make sure __WORDSIZE is always defined
    - BUILD: sample: fix format warning on 32-bit archs in sample_conv_be2dec_check()
    - CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
    - MINOR: pools: automatically disable malloc_trim() with external allocators
    - MINOR: pools: report it when malloc_trim() is enabled
    - DOC: Add .mailmap
    - CLEANUP: tree-wide: fix prototypes for functions taking no arguments.
    - CLEANUP: Remove prototype for non-existent thread_get_default_count()
    - CLEANUP: acl: Remove unused variable when releasing an acl expression
    - BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
    - DOC: update Tim's address in .mailmap
    - MINOR: pools: use mallinfo2() when available instead of mallinfo()
    - BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
    - DOC: management: certificate files must be sanitized before injection
    - BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
    - BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
    - BUG/MINOR: cli/payload: do not search for args inside payload
    - BUILD: sockpair: do not set unused flag
    - BUILD: proto_uxst: do not set unused flag
    - BUILD: fd: remove unused variable totlen in fd_write_frag_line()
    - MINOR: applet: remove the thread mask from appctx_new()
    - REORG: threads: move ha_get_pthread_id() to tinfo.h
    - CLEANUP: Apply ist.cocci
    - DEV: coccinelle: Add ist.cocci
    - CLEANUP: Apply bug_on.cocci
    - DEV: coccinelle: Add xalloc_size.cocci
    - DEV: coccinelle: Add bug_on.cocci
    - CLEANUP: Apply xalloc_size.cocci
    - DEV: coccinelle: Add xalloc_cast.cocci
    - BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
    - MINOR: httpclient: add the EOH when no headers where provided
    - CLEANUP: Include check.h in flt_spoe.c
    - CLEANUP: Remove unreachable `break` from parse_time_err()
    - BUG/MINOR: server: allow 'enable health' only if check configured
    - BUG/MINOR: server: alloc dynamic srv ssl ctx if proxy uses ssl chk rule
    - MINOR: server: enable more keywords for ssl checks for dynamic servers
    - MINOR: server: enable more check related keywords for dynamic servers
    - REORG: server: move slowstart init outside of checks
    - MINOR: server: enable slowstart for dynamic server
    - MEDIUM: listener: deprecate "process" in favor of "thread" on bind lines
    - BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
    - BUG/MINOR: quic: Possible NULL pointer dereferencing when dumping streams.
    - MINOR: quic: Move transport parmaters to anynomous struct.
    - MINOR: mux_quic: Add QUIC mux layer.
    - MINOR: connection: Add callbacks definitions for QUIC.
    - MINOR: quic: Attach QUIC mux connection objet to QUIC connection.
    - MINOR: quic: Add a new definition to store STREAM frames.
    - MINOR: h3: Add HTTP/3 definitions.
    - MINOR: qpack: Add QPACK compression.
    - MINOR: quic_sock: Finalize the QUIC connections.
    - MINOR: quic: Disable the action of ->rcv_buf() xprt callback
    - MINOR: quic: Add callbacks for (un)scribing to QUIC xprt.
    - MINOR: quic: Variable-length integer encoding/decoding into/from buffer struct.
    - BUG/MINOR: quic: Wrong ->accept() error handling
    - MINOR: quic: Add a wrapper function to update transport parameters.
    - MINOR: quic: Update the streams transport parameters.
    - MINOR: quic: Avoid header collisions
    - MINOR: quic: Replace max_packet_size by max_udp_payload size.
    - MINOR: quic: Enable some quic, h3 and qpack modules compilation.
    - MINOR: quic: Move an SSL func call from QUIC I/O handler to the xprt init.
    - MINOR: quic: Initialize the session before starting the xprt.
    - BUG/MINOR: quic: Do not check the acception of a new conn from I/O handler.
    - MINOR: quic: QUIC conn initialization from I/O handler
    - MINOR: quic: Remove header protection for conn with context
    - MINOR: quic: Derive the initial secrets asap
    - MINOR: quic: Remove header protection also for Initial packets
    - BUG/MINOR: quic: Wrong memory free in quic_update_ack_ranges_list()
    - MINOR: quic: quic_update_ack_ranges_list() code factorization
    - MINOR: quic: Useless test in quic_update_ack_ranges_list()
    - MINOR: quic: Remove a useless variable in quic_update_ack_ranges_list()
    - BUG/MINOR: quic: Missing cases treatement when updating ACK ranges
    - CLEAUNUP: quic: Usage of a useless variable in qc_treat_rx_pkts()
    - BUG/MINOR: quic: Wrong RX packet reference counter usage
    - MINOR: quic: Do not stop the packet parsing too early in qc_treat_rx_packets()
    - MINOR: quic: Add a lock for RX packets
    - MINOR: quic: Move the connection state
    - MINOR: quic: Replace quic_conn_ctx struct by ssl_sock_ctx struct
    - MINOR: quic: Replace the RX list of packet by a thread safety one.
    - MINOR: quic: Replace the RX unprotected packet list by a thread safety one.
    - MINOR: quic: Add useful traces for I/O dgram handler
    - MINOR: quic: Do not wakeup the xprt task on ACK receipt
    - MINOR: quic: Connection allocations rework
    - MINOR: quic: Move conn_prepare() to ->accept_conn() callback
    - MINOR: quic: Make qc_lstnr_pkt_rcv() be thread safe.
    - MINOR: quic: Add a ring buffer implementation for QUIC
    - MINOR: quic: Prefer x25519 as ECDH preferred parametes.
    - MINOR: quic: Add the QUIC v1 initial salt.
    - BUG/MINOR: quic: Too much reduced computed space to build handshake packets
    - MINOR: net_helper: add functions for pointers
    - MINOR: quic: Add ring buffer definition (struct qring) for QUIC
    - MINOR: proto_quic: Allocate TX ring buffers for listeners
    - MINOR: quic: Initialize pointers to TX ring buffer list
    - MINOR: quic: Make use of TX ring buffers to send QUIC packets
    - MINOR: quic_tls: Make use of the QUIC V1 salt.
    - MINOR: quic: Remove old TX buffer implementation
    - MINOR: Add function for TX packets reference counting
    - MINOR: quic: Add TX packets at the very last time to their tree.
    - MINOR: quic: Unitialized mux context upon Client Hello message receipt.
    - MINOR: quic: Missing encryption level rx.crypto member initialization and lock.
    - MINOR: quic: Rename ->rx.rwlock of quic_enc_level struct to ->rx.pkts_rwlock
    - MINOR: quic: Make qc_treat_rx_pkts() be thread safe.
    - MINOR: quic: Make ->tx.frms quic_pktns struct member be thread safe
    - MINOR: quic: Replace quic_tx_frm struct by quic_frame struct
    - MINOR: quic: Add a mask for TX frame builders and their authorized packet types
    - MINOR: quic: Add a useful function to compute any frame length.
    - MINOR: quic: Add the QUIC connection state to traces
    - MINOR: quic: Store post handshake frame in ->pktns.tx.frms MT_LIST
    - MINOR: quic: Add the packet type to quic_tx_packet struct
    - MINOR: quic: Modify qc_do_build_hdshk_pkt() to accept any packet type
    - MINOR: quic: Atomically handle packet number space ->largest_acked_pn variable
    - MINOR: quic: Modify qc_build_cfrms() to support any frame
    - MINOR: quic: quic_conn_io_cb() task rework
    - MINOR: quic: Make qc_build_hdshk_pkt() atomically consume a packet number
    - MINOR: quic: qc_do_build_hdshk_pkt() does not  need to pass a copy of CRYPTO frame
    - MINOR: quic: Remove Application level related functions
    - MINOR: quic: Rename functions which do not build only Handshake packets
    - MINOR: quic: Make circular buffer internal buffers be variable-sized.
    - MINOR: quic: Add a pool for TX ring buffer internal buffer
    - MINOR: quic: Make use of the last cbuf API when initializing TX ring buffers
    - MINOR: quic: Missing acks encoded size updates.
    - MINOR: quic: Evaluate the packet lengths in advance
    - MINOR: quic: Update the TLS extension for QUIC transport parameters
    - MINOR: quic: Fix handshake state debug strings
    - MINOR: quic: Atomically get/set the connection state
    - MINOR: quic: Missing QUIC encryption level for qc_build_pkt()
    - MINOR: quic: Coalesce Application level packets with Handshake packets.
    - MINOR: quic: Wrong flags handling for acks
    - MINOR: quic: Missing case when discarding HANDSHAKE secrets
    - MINOR: quic: Post handshake packet building improvements
    - MINOR: quic: Prepare Application level packet asap.
    - MINOR: h3: Send h3 settings asap
    - MINOR: quic: Wrong STREAM frame length computing
    - MINOR: quic: Wrong short packet minimum length
    - MINOR: quic: Prepare STREAM frames to fill QUIC packets
    - MINOR: h3: change default settings
    - MINOR: quic-enc: fix varint encoding
    - MINOR: qpack: fix wrong comment
    - MINOR: qpack: generate headers list on decoder
    - MINOR: h3: parse headers to htx
    - MINOR: h3: allocate stream on headers
    - MEDIUM: mux-quic: implement ring buffer on stream tx
    - MINOR: mux-quic: send SETTINGS on uni stream
    - MINOR: h3: define snd_buf callback and divert mux ops
    - MINOR: mux-quic: define FIN stream flag
    - MINOR: qpack: create qpack-enc module
    - MINOR: qpack: encode headers functions
    - MINOR: h3: encode htx headers to QPACK
    - MINOR: h3: send htx data
    - MINOR: h3/mux: detect fin on last h3 frame of the stream
    - MINOR: quic: Shorten some handshakes
    - MINOR: quic: Make QUIC-TLS support at least two initial salts
    - MINOR: quic: Attach the QUIC connection to a thread.
    - MINOR: quic: Missing active_connection_id_limit default value
    - MINOR: quic_sock: Do not flag QUIC connections as being set
    - MINOR: buf: Add b_force_xfer() function
    - MINOR: quic: Make use of buffer structs to handle STREAM frames
    - MINOR: mux_quic: move qc_process() code to qc_send()
    - MINOR: quic: Add a typedef for unsigned long long
    - MINOR: quic: Confusion between TX/RX for the frame builders
    - MINOR: quic: Wrong packet flags settings during frame building
    - MINOR: quic: Constantness fixes for frame builders/parsers.
    - MINOR: quic_tls: Client/serveur state reordering
    - MINOR: quic: Wrong packet loss detection due to wrong pktns order
    - MINOR: quic: Wrong packet number space selection in quic_loss_pktns()
    - MINOR: quic: Initial packet number spaced not discarded
    - MINOR: quic: Add useful trace about pktns discarding
    - MINOR: mux_quic: Export the mux related flags
    - MINOR: quic: Implement quic_conn_subscribe()
    - MINOR: quic: Wake up the mux upon ACK receipt
    - MINOR: quic: Stream FIN bit fix in qcs_push_frame()
    - MINOR: quic: Implement qc_process_mux()
    - MINOR: quic: Wake up the xprt from mux
    - CLEANUP: quic: Remove useless inline functions
    - MINOR: quic: RX packets memory leak
    - MINOR: quic: Possible endless loop in qc_treat_rx_pkts()
    - MINOR: quic: Crash upon too big packets receipt
    - MINOR: quic: define close handler
    - MEDIUM: quic: implement mux release/conn free
    - MINOR: quic: fix qcc subs initialization
    - BUG/MINOR: h1-htx: Fix a typo when request parser is reset
    - BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
    - BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
    - BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
    - MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
    - MINOR: htx: Add an HTX flag to know when a message is fragmented
    - MINOR: htx: Add a function to know if the free space wraps
    - BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
    - MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
    - BUG/MINOR: http-ana: increment internal_errors counter on response error
    - MINOR: stats: Enable dark mode on stat web page
    - CLEANUP: stats: Fix some alignment mistakes
    - MINOR: httpclient: httpclient_data() returns the available data
    - MINOR: httpclient: httpclient_ended() returns 1 if the client ended
    - MINOR: httpclient/lua: httpclient:get() API in lua
    - MINOR: httpclient/lua: implement the headers in the response object
    - BUG/MINOR: httpclient/lua: return an error on argument check
    - CLEANUP: slz: Mark `reset_refs` as static
2021-09-24 15:52:17 +02:00
Willy Tarreau
4b3a9fefab [RELEASE] Released version 2.5-dev7
Released version 2.5-dev7 with the following main changes :
    - BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
    - CLEANUP: htx: remove comments about "must be < 256 MB"
    - BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
    - Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive"
    - MINOR: proxy: add a global "grace" directive to postpone soft-stop
    - MINOR: vars: rename vars_init() to vars_init_head()
    - CLEANUP: vars: rename sample_clear_stream() to var_unset()
    - REORG: vars: remerge sample_store{,_stream}() into var_set()
    - MEDIUM: vars: make the ifexist variant of set-var only apply to the proc scope
    - MINOR: vars: add a VF_CREATEONLY flag for creation
    - MINOR: vars: support storing empty sample data with a variable
    - MINOR: vars: store flags into variables and add VF_PERMANENT
    - MEDIUM: vars: make var_clear() only reset VF_PERMANENT variables
    - MEDIUM: vars: pre-create parsed SCOPE_PROC variables as permanent ones
    - MINOR: vars: preset a random seed to hash variables names
    - MEDIUM: vars: replace the global name index with a hash
    - CLEANUP: vars: remove the now unused var_names array
    - MINOR: vars: centralize the lock/unlock into static inlines
    - OPTIM: vars: only takes the variables lock on shared entries
    - OPTIM: vars: remove internal bookkeeping for vars_global_size
    - OPTIM: vars: do not keep variables usage stats if no limit is set
    - BUILD: fix dragonfly build again on __read_mostly
    - CI: Github Actions: temporarily disable Opentracing
    - BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
    - MINOR: htx: Skip headers with no value when adding a header list to a message
    - CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
    - BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
    - BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
    - BUG/MINOR: filters: Set right FLT_END analyser depending on channel
    - CLEANUP: Add haproxy/xxhash.h to avoid modifying import/xxhash.h
    - CLEANUP: ebmbtree: Replace always-taken elseif by else
    - CLEANUP: Move XXH3 macro from haproxy/compat.h to haproxy/xxhash.h
    - BUILD: opentracing: exclude the use of haproxy variables for the OpenTracing context
    - BUG/MINOR: opentracing: enable the use of http headers without a set value
    - CLEANUP: opentracing: use the haproxy function to generate uuid
    - MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'
    - CI: Github Actions: re-enable Opentracing
    - CLEANUP: opentracing: simplify the condition on the empty header
    - BUG/MEDIUM lua: Add missing call to RESET_SAFE_LJMP in hlua_filter_new()
2021-09-12 11:36:38 +02:00
Willy Tarreau
f653e83064 [RELEASE] Released version 2.5-dev6
Released version 2.5-dev6 with the following main changes :
    - BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
    - BUG/MINOR: tools: Fix loop condition in dump_text()
    - BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
    - BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
    - BUILD: tools: properly guard __GLIBC__ with defined()
    - BUILD: globally enable -Wundef
    - MINOR: log: Remove log-error-via-logformat option
    - MINOR: log: Add new "error-log-format" option
    - BUG/MAJOR: queue: better protect a pendconn being picked from the proxy
    - CLEANUP: Add missing include guard to signal.h
    - MINOR: ssl: Add new ssl_bc_hsk_err sample fetch
    - MINOR: connection: Add a connection error code sample fetch for backend side
    - REGTESTS: ssl: Add tests for bc_conn_err and ssl_bc_hsk_err sample fetches
    - MINOR: http-rules: add a new "ignore-empty" option to redirects.
    - CI: Github Actions: temporarily disable BoringSSL builds
    - BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
    - BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
    - MINOR: sample: add missing ARGC_ entries
    - BUG/MINOR: vars: properly set the argument parsing context in the expression
    - DOC: configuration: remove wrong tcp-request examples in tcp-response
    - MEDIUM: vars: add a new "set-var-fmt" action
    - BUG/MEDIUM: vars: run over the correct list in release_store_rules()
    - BUG/MINOR: vars: truncate the variable name in error reports about scope.
    - BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
    - CLEANUP: vars: name the temporary proxy "CFG" instead of "CLI" for global vars
    - MINOR: log: make log-format expressions completely usable outside of req/resp
    - MINOR: vars: add a "set-var-fmt" directive to the global section
    - MEDIUM: vars: also support format strings in CLI's "set var" command
    - CLEANUP: vars: factor out common code from vars_get_by_{desc,name}
    - MINOR: vars: make vars_get_by_* support an optional default value
    - MINOR: vars: make the vars() sample fetch function support a default value
    - BUILD: ot: add argument for default value to vars_get_by_name()
2021-09-03 15:19:56 +02:00
Willy Tarreau
446344ccef [RELEASE] Released version 2.5-dev5
Released version 2.5-dev5 with the following main changes :
    - MINOR: httpclient: initialize the proxy
    - MINOR: httpclient: implement a simple HTTP Client API
    - MINOR: httpclient/cli: implement a simple client over the CLI
    - MINOR: httpclient/cli: change the User-Agent to "HAProxy"
    - MEDIUM: ssl: Keep a reference to the client's certificate for use in logs
    - BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
    - BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2
    - MINOR: server: check if srv is NULL in free_server()
    - MINOR: proxy: check if p is NULL in free_proxy()
    - BUG/MEDIUM: cfgparse: do not allocate IDs to automatic internal proxies
    - BUG/MINOR: http_client: make sure to preset the proxy's default settings
    - REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
    - REGTESTS: abortonclose: after retries, 503 is expected, not close
    - REGTESTS: server: fix agent-check syntax and expectation
    - BUG/MINOR: httpclient: fix uninitialized sl variable
    - BUG/MINOR: httpclient/cli: change the appctx test in the callbacks
    - BUG/MINOR: httpclient: check if hdr_num is not 0
    - MINOR: httpclient: cleanup the include files
    - MINOR: hlua: take the global Lua lock inside a global function
    - MINOR: tools: add FreeBSD support to get_exec_path()
    - BUG/MINOR: systemd: ExecStartPre must use -Ws
    - MINOR: systemd: remove the ExecStartPre line in the unit file
    - MINOR: ssl: add an openssl version string parser
    - MINOR: cfgcond: implements openssl_version_atleast and openssl_version_before
    - CLEANUP: ssl: remove useless check on p in openssl_version_parser()
    - BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
    - BUG/MINOR: httpclient: remove deinit of the httpclient
    - BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
    - MINOR: httpclient: set verify none on the https server
    - MINOR: httpclient: add the server to the proxy
    - BUG/MINOR: httpclient: fix Host header
    - BUILD: httpclient: fix build without OpenSSL
    - CI: github-actions: remove obsolete options
    - CLEANUP: assorted typo fixes in the code and comments
    - MINOR: proc: setting the process to produce a core dump on FreeBSD.
    - BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2
    - MINOR: server: return the next srv instance on free_server
    - BUG/MINOR: stats: use refcount to protect dynamic server on dump
    - MEDIUM: server: extend refcount for all servers
    - MINOR: server: define non purgeable server flag
    - MINOR: server: mark referenced servers as non purgeable
    - MINOR: server: mark servers referenced by LUA script as non purgeable
    - MEDIUM: server: allow to remove servers at runtime except non purgeable
    - BUG/MINOR: base64: base64urldec() ignores padding in output size check
    - REGTEST: add missing lua requirements on server removal test
    - REGTEST: fix haproxy required version for server removal test
    - BUG/MINOR: proxy: don't dump servers of internal proxies
    - REGTESTS: Use `feature cmd` for 2.5+ tests
    - REGTESTS: Remove REQUIRE_VERSION=1.5 from all tests
    - BUG/MINOR: resolvers: mark servers with name-resolution as non purgeable
    - MINOR: compiler: implement an ONLY_ONCE() macro
    - BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
    - MEDIUM: ssl: Capture more info from Client Hello
    - MINOR: sample: Expose SSL captures using new fetchers
    - MINOR: sample: Add be2dec converter
    - MINOR: sample: Add be2hex converter
    - MEDIUM: config: Deprecate tune.ssl.capture-cipherlist-size
    - BUG/MINOR: time: fix idle time computation for long sleeps
    - MINOR: time: add report_idle() to report process-wide idle time
    - BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
    - BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
    - BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
    - BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
    - IMPORT: slz: silence a build warning with -Wundef
    - BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
2021-08-28 13:46:11 +02:00
Willy Tarreau
08d0f23138 [RELEASE] Released version 2.5-dev4
Released version 2.5-dev4 with the following main changes :
    - MINOR: log: rename 'dontloglegacyconnerr' to 'log-error-via-logformat'
    - MINOR: doc: rename conn_status in `option httsplog`
    - MINOR: proxy: disabled takes a stopping and a disabled state
    - MINOR: stats: shows proxy in a stopped state
    - BUG/MINOR: server: fix race on error path of 'add server' CLI if track
    - CLEANUP: thread: fix fantaisist indentation of thread_harmless_till_end()
    - MINOR: threads: make thread_release() not wait for other ones to complete
    - MEDIUM: threads: add a stronger thread_isolate_full() call
    - MEDIUM: servers: make the server deletion code run under full thread isolation
    - BUG/MINOR: server: remove srv from px list on CLI 'add server' error
    - MINOR: activity/fd: remove the dead_fd counter
    - MAJOR: fd: get rid of the DWCAS when setting the running_mask
    - CLEANUP: fd: remove the now unused fd_set_running()
    - CLEANUP: fd: remove the now unneeded fd_mig_lock
    - BUG/MINOR: server: update last_change on maint->ready transitions too
    - MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure
    - BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released
    - BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued
    - MINOR: server: unmark deprecated on enable health/agent cli
    - MEDIUM: task: implement tasklet kill
    - MINOR: server: initialize fields for dynamic server check
    - MINOR: check: allocate default check ruleset for every backends
    - MINOR: check: export check init functions
    - MINOR: check: do not increment global maxsock at runtime
    - MINOR: server: implement a refcount for dynamic servers
    - MEDIUM: check: implement check deletion for dynamic servers
    - MINOR: check: enable safe keywords for dynamic servers
    - MEDIUM: server: implement check for dynamic servers
    - MEDIUM: server: implement agent check for dynamic servers
    - REGTESTS: server: add dynamic check server test
    - MINOR: doc: specify ulimit-n usage for dynamic servers
    - REGTESTS: server: fix dynamic server with checks test
    - CI: travis-ci: temporarily disable arm64 builds
    - BUG/MINOR: check: test if server is not null in purge
    - MINOR: global: define MODE_STOPPING
    - BUG/MINOR: server: do not use refcount in free_server in stopping mode
    - ADMIN: dyncookie: implement a simple dynamic cookie calculator
    - BUG/MINOR: check: do not reset check flags on purge
    - BUG/MINOR: check: fix leak on add dynamic server with agent-check error
    - BUG/MEDIUM: check: fix leak on agent-check purge
    - BUG/MEDIUM: server: support both check/agent-check on a dynamic instance
    - BUG/MINOR: buffer: fix buffer_dump() formatting
    - MINOR: channel: remove an htx block from a channel
    - BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer
    - BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
    - MINOR: lua: Add a flag on lua context to know the yield capability at run time
    - BUG/MINOR: lua: Yield in channel functions only if lua context can yield
    - BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
    - MINOR: filters/lua: Release filters before the lua context
    - MINOR: lua: Add a function to get a reference on a table in the stack
    - MEDIUM: lua: Process buffer data using an offset and a length
    - MEDIUM: lua: Improve/revisit the lua api to manipulate channels
    - DOC: Improve the lua documentation
    - MEDIUM: filters/lua: Add support for dummy filters written in lua
    - MINOR: lua: Add a function to get a filter attached to a channel class
    - MINOR: lua: Add flags on the lua TXN to know the execution context
    - MEDIUM: filters/lua: Be prepared to filter TCP payloads
    - MEDIUM: filters/lua: Support declaration of some filter callback functions in lua
    - MEDIUM: filters/lua: Add HTTPMessage class to help HTTP filtering
    - MINOR: filters/lua: Add request and response HTTP messages in the lua TXN
    - MINOR: filters/lua: Support the HTTP filtering from filters written in lua
    - DOC: config: Fix 'http-response send-spoe-group' documentation
    - BUG/MINOR: lua: Properly check negative offset in Channel/HttpMessage functions
    - BUG/MINOR: lua: Properly catch alloc errors when parsing lua filter directives
    - BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check
    - MINOR: cli: delare the CLI frontend as an internal proxy
    - MINOR: proxy: disable warnings for internal proxies
    - BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
    - BUG/MINOR: lua/filters: Return right code when txn:done() is called
    - DOC: lua-api: Add documentation about lua filters
    - CI: Remove obsolete USE_SLZ=1 CI job
    - CLEANUP: assorted typo fixes in the code and comments
    - CI: github actions: relax OpenSSL-3.0.0 version comparision
    - BUILD: tools: get the absolute path of the current binary on NetBSD.
    - DOC: Minor typo fix - 'question mark' -> 'exclamation mark'
    - DOC/MINOR: fix typo in management document
    - MINOR: http: add a new function http_validate_scheme() to validate a scheme
    - BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax
    - BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it
    - BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header
    - BUG/MEDIUM: h2: give :authority precedence over Host
    - REGTESTS: add a test to prevent h2 desync attacks
2021-08-17 14:08:55 +02:00
Willy Tarreau
8441deb1e2 [RELEASE] Released version 2.5-dev3
Released version 2.5-dev3 with the following main changes :
    - BUG/MINOR: arg: free all args on make_arg_list()'s error path
    - BUG/MINOR: cfgcond: revisit the condition freeing mechanism to avoid a leak
    - MEDIUM: proxy: remove long-broken 'option http_proxy'
    - CLEANUP: http_ana: Remove now unused label from http_process_request()
    - MINOR: deinit: always deinit the init_mutex on failed initialization
    - BUG/MEDIUM: cfgcond: limit recursion level in the condition expression parser
    - BUG/MEDIUM: mworker: do not register an exit handler if exit is expected
    - BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs
    - BUILD/MINOR: memprof fix macOs build.
    - BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request
    - BUG/MINOR: stats: Add missing agent stats on servers
    - BUG/MINOR: check: fix the condition to validate a port-less server
    - BUILD: threads: fix pthread_mutex_unlock when !USE_THREAD
    - BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree
    - MINOR: ssl: use __objt_* variant when retrieving counters
    - BUG/MINOR: systemd: must check the configuration using -Ws
    - BUG/MINOR: mux-h1: Obey dontlognull option for empty requests
    - BUG/MINOR: mux-h2: Obey dontlognull option during the preface
    - BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called
    - BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames
    - MINOR: proxy: rename PR_CAP_LUA to PR_CAP_INT
    - MINOR: mworker: the mworker CLI proxy is internal
    - MINOR: stats: don't output internal proxies (PR_CAP_INT)
    - CLEANUP: mworker: use the proxy helper functions in mworker_cli_proxy_create()
    - CLEANUP: mworker: PR_CAP already initialized with alloc_new_proxy()
    - BUG/MINOR: connection: Add missing error labels to conn_err_code_str
    - MINOR: connection: Add a connection error code sample fetch
    - MINOR: ssl: Enable error fetches in case of handshake error
    - MINOR: ssl: Add new ssl_fc_hsk_err sample fetch
    - MINOR: ssl: Define a default https log format
    - MEDIUM: connection: Add option to disable legacy error log
    - REGTESTS: ssl: Add tests for the connection and SSL error fetches
    - REGTESTS: ssl: ssl_errors.vtc does not work with old openssl version
    - BUG/MEDIUM: connection: close a rare race between idle conn close and takeover
    - BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before
    - BUG/MINOR: select: fix excess number of dead/skip reported
    - BUG/MINOR: poll: fix abnormally high skip_fd counter
    - BUG/MINOR: pollers: always program an update for migrated FDs
    - BUG/MINOR: fd: protect fd state harder against a concurrent takeover
    - DOC: internals: document the FD takeover process
    - MINOR: fd: update flags only once in fd_update_events()
    - MINOR: poll/epoll: move detection of RDHUP support earlier
    - REORG: fd: uninline fd_update_events()
    - MEDIUM: fd: rely more on fd_update_events() to detect changes
    - BUG/MINOR: freq_ctr: use stricter barriers between updates and readings
    - MEDIUM: atomic: simplify the atomic load/store/exchange operations
    - MEDIUM: atomic: relax the load/store barriers on x86_64
    - BUILD: opentracing: fixed build when using pkg-config utility
2021-08-01 18:19:51 +02:00
Willy Tarreau
bccc91d33e [RELEASE] Released version 2.5-dev2
Released version 2.5-dev2 with the following main changes :
    - BUILD/MEDIUM: tcp: set-mark support for OpenBSD
    - DOC: config: use CREATE USER for mysql-check
    - BUG/MINOR: stick-table: fix several printf sign errors dumping tables
    - BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
    - MINOR: stick-table: make skttable_data_cast to use only std types
    - MEDIUM: stick-table: handle arrays of standard types into stick-tables
    - MEDIUM: peers: handle arrays of std types in peers protocol
    - DOC: stick-table: add missing documentation about gpt0 stored type
    - MEDIUM: stick-table: add the new array of gpt data_type
    - MEDIUM: stick-table: make the use of 'gpt' excluding the use of 'gpt0'
    - MEDIUM: stick-table: add the new arrays of gpc and gpc_rate
    - MEDIUM: stick-table: make the use of 'gpc' excluding the use of 'gpc0/1''
    - BUG/MEDIUM: sock: make sure to never miss early connection failures
    - BUG/MINOR: cli: fix server name output in "show fd"
    - Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules"
    - MEDIUM: stats: include disabled proxies that hold active sessions to stats
    - BUILD: stick-table: shut up invalid "uninitialized" warning in gcc 8.3
    - MINOR: http: implement http_get_scheme
    - MEDIUM: http: implement scheme-based normalization
    - MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
    - MEDIUM: h2: apply scheme-based normalization on h2 requests
    - REGTESTS: add http scheme-based normalization test
    - BUILD: http_htx: fix ci compilation error with isdigit for Windows
    - MINOR: http: implement http uri parser
    - MINOR: http: use http uri parser for scheme
    - MINOR: http: use http uri parser for authority
    - REORG: http_ana: split conditions for monitor-uri in wait for request
    - MINOR: http: use http uri parser for path
    - BUG/MEDIUM: http_ana: fix crash for http_proxy mode during uri rewrite
    - MINOR: mux_h2: define config to disable h2 websocket support
    - CLEANUP: applet: remove unused thread_mask
    - BUG/MINOR: ssl: Default-server configuration ignored by server
    - BUILD: add detection of missing important CFLAGS
    - BUILD: lua: silence a build warning with TCC
    - MINOR: srv: extract tracking server config function
    - MINOR: srv: do not allow to track a dynamic server
    - MEDIUM: server: support track keyword for dynamic servers
    - REGTESTS: test track support for dynamic servers
    - MINOR: init: verify that there is a single word on "-cc"
    - MINOR: init: make -cc support environment variables expansion
    - MINOR: arg: add a free_args() function to free an args array
    - CLEANUP: config: use free_args() to release args array in cfg_eval_condition()
    - CLEANUP: hlua: use free_args() to release args arrays
    - REORG: config: move the condition preprocessing code to its own file
    - MINOR: cfgcond: start to split the condition parser to introduce terms
    - MEDIUM: cfgcond: report invalid trailing chars after expressions
    - MINOR: cfgcond: remerge all arguments into a single line
    - MINOR: cfgcond: support negating conditional expressions
    - MINOR: cfgcond: make the conditional term parser automatically allocate nodes
    - MINOR: cfgcond: insert an expression between the condition and the term
    - MINOR: cfgcond: support terms made of parenthesis around expressions
    - REGTEST: make check_condition.vtc fail as soon as possible
    - REGTESTS: add more complex check conditions to check_conditions.vtc
    - BUG/MEDIUM: init: restore behavior of command-line "-m" for memory limitation
2021-07-17 12:35:11 +02:00
Willy Tarreau
96a2f50b51 [RELEASE] Released version 2.5-dev1
Released version 2.5-dev1 with the following main changes :
    - CLEANUP: ssl: Move ssl_store related code to ssl_ckch.c
    - MINOR: ssl: Allow duplicated entries in the cafile_tree
    - MEDIUM: ssl: Chain ckch instances in ca-file entries
    - MINOR: ssl: Add reference to default ckch instance in bind_conf
    - MINOR: ssl: Add helper functions to create/delete cafile entries
    - MEDIUM: ssl: Add a way to load a ca-file content from memory
    - MINOR: ssl: Add helper function to add cafile entries
    - MINOR: ssl: Ckch instance rebuild and cleanup factorization in CLI handler
    - MEDIUM: ssl: Add "set+commit ssl ca-file" CLI commands
    - REGTESTS: ssl: Add new ca-file update tests
    - MINOR: ssl: Add "abort ssl ca-file" CLI command
    - MINOR: ssl: Add a cafile_entry type field
    - MINOR: ssl: Refactorize the "show certificate details" code
    - MEDIUM: ssl: Add "show ssl ca-file" CLI command
    - MEDIUM: ssl: Add "new ssl ca-file" CLI command
    - MINOR: ssl: Add "del ssl ca-file" CLI command
    - REGTESTS: ssl: Add "new/del ssl ca-file" tests
    - DOC: ssl: Add documentation about CA file hot update commands
    - DOC: internals: update the SSL architecture schema
    - MINOR: ssl: Chain instances in ca-file entries
    - MEDIUM: ssl: Add "set+commit ssl crl-file" CLI commands
    - MEDIUM: ssl: Add "new+del crl-file" CLI commands
    - MINOR: ssl: Add "abort ssl crl-file" CLI command
    - MEDIUM: ssl: Add "show ssl crl-file" CLI command
    - REGTESTS: ssl: Add "new/del ssl crl-file" tests
    - REGTESTS: ssl: Add "set/commit ssl crl-file" test
    - DOC: ssl: Add documentation about CRL file hot update commands
    - BUILD/MINOR: ssl: Fix compilation with SSL enabled
    - BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2
    - CI: introduce scripts/build-vtest.sh for installing VTest
    - CLEANUP: ssl: Fix coverity issues found in CA file hot update code
    - CI: github actions: add OpenTracing builds
    - BUG/MEDIUM: ebtree: Invalid read when looking for dup entry
    - BUG/MAJOR: server: prevent deadlock when using 'set maxconn server'
    - BUILD/MINOR: opentracing: fixed build when using clang
    - BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter
    - BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response
    - MINOR: map/acl: print the count of all the map/acl entries in "show map/acl"
    - CLEANUP: pattern: remove export of non-existent function pattern_delete()
    - MINOR: h1-htx: Update h1 parsing functions to return result as a size_t
    - MEDIUM: h1-htx: Adapt H1 data parsing to copy wrapping data in one call
    - MINOR: mux-h1/mux-fcgi: Don't needlessly loop on data parsing
    - MINOR: h1-htx: Move HTTP chunks parsing into a dedicated function
    - MEDIUM: h1-htx: Split function to parse a chunk and the loop on the buffer
    - MEDIUM: h1-htx: Add a function to parse contiguous small chunks
    - MINOR: h1-htx: Use a correlation table to speed-up small chunks parsing
    - MINOR: buf: Add function to realign a buffer with a specific head position
    - MINOR: muxes/h1-htx: Realign input buffer using b_slow_realign_ofs()
    - CLEANUP: mux-h1: Rename functions parsing input buf and filling output buf
    - Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers"
    - BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry
    - BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts
    - MINOR: http-ana: Perform L7 retries because of status codes in response analyser
    - MINOR: cfgparse: Fail when encountering extra arguments in macro
    - DOC: intro: Fix typo in starter guide
    - BUG/MINOR: server: Missing calloc return value check in srv_parse_source
    - BUG/MINOR: peers: Missing calloc return value check in peers_register_table
    - BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
    - BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture
    - BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare
    - BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy
    - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response
    - BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule
    - BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo
    - BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list
    - BUG/MINOR: http: Missing calloc return value check while parsing redirect rule
    - BUG/MINOR: http: Missing calloc return value check in make_arg_list
    - BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree
    - CLEANUP: http-ana: Remove useless if statement about L7 retries
    - BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry
    - MINOR: backend: Don't release SI endpoint anymore in connect_server()
    - BUG/MINOR: vars: Be sure to have a session to get checks variables
    - DOC/MINOR: move uuid in the configuration to the right alphabetical order
    - CLEANUP: mux-fcgi: Don't needlessly store result of data/trailers parsing
    - BUILD: fix compilation for OpenSSL-3.0.0-alpha17
    - MINOR: http-ana: Use -1 status for client aborts during queuing and connect
    - REGTESTS: Fix http_abortonclose.vtc to support -1 status for some client aborts
    - CLEANUP: backend: fix incorrect comments on locking conditions for lb functions
    - CLEANUP: reg-tests: Remove obsolete no-htx parameter for reg-tests
    - CI: github actions: add OpenSSL-3.0.0 builds
    - CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0
    - MINOR: errors: allow empty va_args for diag variadic macro
    - REORG: errors: split errors reporting function from log.c
    - CLEANUP: server: fix cosmetic of error message on sni parsing
    - MEDIUM: errors: implement user messages buffer
    - MINOR: log: do not discard stderr when starting is over
    - MEDIUM: errors: implement parsing context type
    - MINOR: errors: use user messages context in print_message
    - MINOR: log: display exec path on first warning
    - MINOR: errors: specify prefix "config" for parsing output
    - MINOR: log: define server user message format
    - REORG: server: use parsing ctx for server parsing
    - REORG: config: use parsing ctx for server config check
    - MINOR: server: use parsing ctx for server init addr
    - MINOR: server: use ha_alert in server parsing functions
    - DOC: use the req.ssl_sni in examples
    - CLEANUP: cfgparse: Remove duplication of `MAX_LINE_ARGS + 1`
    - CLEANUP: tools: Make errptr const in `parse_line()`
    - MINOR: haproxy: Add `-cc` argument
    - BUG: errors: remove printf positional args for user messages context
    - CI: Make matrix.py executable and add shebang
    - BUILD: make tune.ssl.keylog available again
    - BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
    - Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode"
    - BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode
    - SCRIPTS: opentracing: enable parallel builds in build-ot.sh
    - BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block
    - BUG/MEDIUM: compression: Properly get the next block to iterate on payload
    - BUG/MEDIUM: compression: Add a flag to know the filter is still processing data
    - MINOR: ssl: Keep the actual key length in the certificate_ocsp structure
    - MINOR: ssl: Add new "show ssl ocsp-response" CLI command
    - MINOR: ssl: Add the OCSP entry key when displaying the details of a certificate
    - MINOR: ssl: Add the "show ssl cert foo.pem.ocsp" CLI command
    - REGTESTS: ssl: Add "show ssl ocsp-response" test
    - BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers
    - BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush()
    - BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location
    - MINOR: pools: do not maintain the lock during pool_flush()
    - MINOR: pools: call malloc_trim() under thread isolation
    - MEDIUM: pools: use a single pool_gc() function for locked and lockless
    - BUG/MAJOR: pools: fix possible race with free() in the lockless variant
    - CLEANUP: pools: remove now unused seq and pool_free_list
    - MEDIUM: pools: remove the locked pools implementation
    - BUILD: ssl: Fix compilation with BoringSSL
    - BUG/MEDIUM: errors: include missing obj_type file
    - REGTESTS: ssl: show_ssl_ocspresponce.vtc is broken with BoringSSL
    - BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded
    - BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default
    - BUG/MINOR: h1-htx: Fix a signess bug with char data type when parsing chunk size
    - CLEANUP: l7-retries: do not test the buffer before calling b_alloc()
    - BUG/MINOR: resolvers: answser item list was randomly purged or errors
    - MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item
    - MEDIUM: resolvers: add a ref between servers and srv request or used SRV record
    - BUG/MINOR: server-state: load SRV resolution only if params match the config
    - MINOR: config: remove support for deprecated option "tune.chksize"
    - MINOR: config: completely remove support for "no option http-use-htx"
    - MINOR: log: remove the long-deprecated early log-format tags
    - MINOR: http: remove the long deprecated "set-cookie()" sample fetch function
    - MINOR: config: reject long-deprecated "option forceclose"
    - MINOR: config: remove deprecated option "http-tunnel"
    - MEDIUM: proxy: remove the deprecated "grace" keyword
    - MAJOR: config: remove parsing of the global "nbproc" directive
    - BUILD: init: remove initialization of multi-process thread mappings
    - BUILD: log: remove unused fmt_directive()
    - REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests
    - REGTESTS: Remove REQUIRE_VERSION=1.7 from all tests
    - CI: github actions: enable alpine/musl builds
    - BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs
    - DOC: lua: Add a warning about buffers modification in HTTP
    - MINOR: ssl: Use OpenSSL's ASN1_TIME convertor when available
    - BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id
    - BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server'
    - BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees
    - BUG/MEDIUM: server: do not forget to generate the dynamic servers ids
    - BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree
    - BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node
    - BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE
    - BUG/MINOR: ssl: use atomic ops to update global shctx stats
    - BUG/MINOR: mworker: fix typo in chroot error message
    - CLEANUP: global: remove unused definition of stopping_task[]
    - MEDIUM: init: remove the loop over processes during init
    - MINOR: mworker: remove the initialization loop over processes
    - CLEANUP: global: remove the nbproc field from the global structure
    - CLEANUP: global: remove pid_bit and all_proc_mask
    - MEDIUM: global: remove dead code from nbproc/bind_proc removal
    - MEDIUM: config: simplify cpu-map handling
    - MEDIUM: cpu-set: make the proc a single bit field and not an array
    - CLEANUP: global: remove unused definition of MAX_PROCS
    - MEDIUM: global: remove the relative_pid from global and mworker
    - DOC: update references to process numbers in cpu-map and bind-process
    - MEDIUM: config: warn about "bind-process" deprecation
    - CLEANUP: shctx: remove the different inter-process locking techniques
    - BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue
    - MINOR: backend: only skip LB when there are actual connections
    - BUG/MINOR: mux-h1: do not skip the error response on bad requests
    - MINOR: connection: add helper conn_append_debug_info()
    - MINOR: mux-h2/trace: report a few connection-level info during h2_init()
    - CLEANUP: mux-h2/traces: better align user messages
    - BUG/MINOR: stats: make "show stat typed desc" work again
    - MINOR: mux-h2: obey http-ignore-probes during the preface
    - BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace
    - BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces
    - CLEANUP: assorted typo fixes in the code and comments
    - CI: Replace the requirement for 'sudo' with a call to 'ulimit -n'
    - REGTESTS: Replace REQUIRE_VERSION=2.5 with 'haproxy -cc'
    - REGTESTS: Replace REQUIRE_OPTIONS with 'haproxy -cc' for 2.5+ tests
    - REGTESTS: Replace REQUIRE_BINARIES with 'command -v'
    - REGTESTS: Remove support for REQUIRE_BINARIES
    - CI: ssl: enable parallel builds for OpenSSL on Linux
    - CI: ssl: do not needlessly build the OpenSSL docs
    - CI: ssl: keep the old method for ancient OpenSSL versions
    - CLEANUP: server: a separate function for initializing the per_thr field
    - BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled
    - BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
    - MINOR: resolvers: Clean server in a dedicated function when removing a SRV item
    - MINOR: resolvers: Remove server from named_servers tree when removing a SRV item
    - BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status
    - BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose
    - BUG/MINOR: backend: do not set sni on connection reuse
    - BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
    - BUG/MINOR: server/cli: Fix locking in function processing "set server" command
    - BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header
    - MINOR: ssl: fix typo in usage for 'new ssl ca-file'
    - MINOR: ssl: always initialize random generator
    - MINOR: ssl: check allocation in ssl_sock_init_srv
    - MINOR: ssl: check allocation in parse ciphers/ciphersuites/verifyhost
    - MINOR: ssl: check allocation in parse npn/sni
    - MINOR: server: disable CLI 'set server ssl' for dynamic servers
    - MINOR: ssl: render file-access optional on server crt loading
    - MINOR: ssl: split parse functions for alpn/check-alpn
    - MINOR: ssl: support ca-file arg for dynamic servers
    - MINOR: ssl: support crt arg for dynamic servers
    - MINOR: ssl: support crl arg for dynamic servers
    - MINOR: ssl: enable a series of ssl keywords for dynamic servers
    - MINOR: ssl: support ssl keyword for dynamic servers
    - REGTESTS: server: test ssl support for dynamic servers
    - MINOR: queue: update the stream's pend_pos before queuing it
    - CLEANUP: Prevent channel-t.h from being detected as C++ by GitHub
    - BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
    - REGTESTS: fix maxconn update with agent-check
    - MEDIUM: queue: make pendconn_process_next_strm() only return the pendconn
    - MINOR: queue: update proxy->served once out of the loop
    - MEDIUM: queue: refine the locking in process_srv_queue()
    - MINOR: lb/api: remove the locked argument from take_conn/drop_conn
    - MINOR: queue: create a new structure type "queue"
    - MINOR: proxy: replace the pendconns-related stuff with a struct queue
    - MINOR: server: replace the pendconns-related stuff with a struct queue
    - MEDIUM: queue: use a dedicated lock for the queues
    - MEDIUM: queue: simplify again the process_srv_queue() API
    - MINOR: queue: factor out the proxy/server queuing code
    - MINOR: queue: use atomic-ops to update the queue's index
    - MEDIUM: queue: determine in process_srv_queue() if the proxy is usable
    - MEDIUM: queue: move the queue lock manipulation to pendconn_process_next_strm()
    - MEDIUM: queue: unlock as soon as possible
    - MINOR: queue: make pendconn_first() take the lock by itself
    - CLEANUP: backend: remove impossible case of round-robin + consistent hash
    - MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
    - DOC: config: Add missing actions in "tcp-request session" documentation
    - CLEANUP: dns: Remove a forgotten debug message
    - DOC: Replace issue templates by issue forms
    - Revert "MINOR: queue: make pendconn_first() take the lock by itself"
    - Revert "MEDIUM: queue: unlock as soon as possible"
    - Revert "MEDIUM: queue: move the queue lock manipulation to pendconn_process_next_strm()"
    - Revert "MEDIUM: queue: determine in process_srv_queue() if the proxy is usable"
    - Revert "MINOR: queue: use atomic-ops to update the queue's index"
    - Revert "MINOR: queue: factor out the proxy/server queuing code"
    - Revert "MEDIUM: queue: simplify again the process_srv_queue() API"
    - Revert "MEDIUM: queue: use a dedicated lock for the queues"
    - Revert "MEDIUM: queue: refine the locking in process_srv_queue()"
    - Revert "MINOR: queue: update proxy->served once out of the loop"
    - Revert "MEDIUM: queue: make pendconn_process_next_strm() only return the pendconn"
    - MEDIUM: queue: update px->served and lb's take_conn once per loop
    - MEDIUM: queue: use a dedicated lock for the queues (v2)
    - MEDIUM: queue: simplify again the process_srv_queue() API (v2)
    - MEDIUM: queue: determine in process_srv_queue() if the proxy is usable (v2)
    - MINOR: queue: factor out the proxy/server queuing code (v2)
    - MINOR: queue: use atomic-ops to update the queue's index (v2)
    - MEDIUM: queue: take the proxy lock only during the px queue accesses
    - MEDIUM: queue: use a trylock on the server's queue
    - MINOR: queue: add queue_init() to initialize a queue
    - MINOR: queue: add a pointer to the server and the proxy in the queue
    - MINOR: queue: store a pointer to the queue into the pendconn
    - MINOR: queue: remove the px/srv fields from pendconn
    - MINOR: queue: simplify pendconn_unlink() regarding srv vs px
    - BUG: backend: stop looking for queued connections once there's no more
    - BUG/MINOR: queue/debug: use the correct lock labels on the queue lock
    - BUG/MINOR: resolvers: Always attach server on matching record on resolution
    - BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
    - MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response()
    - BUG/MINOR: checks: return correct error code for srv_parse_agent_check
    - BUILD: Makefile: fix linkage for Haiku.
    - BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
    - MINOR: http-act/tcp-act: Add "set-log-level" for tcp content rules
    - MINOR: http-act/tcp-act: Add "set-nice" for tcp content rules
    - MINOR: http-act/tcp-act: Add "set-mark" and "set-tos" for tcp content rules
    - CLEANUP: tcp-act: Sort action lists
    - BUILD/MEDIUM: tcp: set-mark setting support for FreeBSD.
    - BUILD: tcp-act: avoid warning when set-mark / set-tos are not supported
    - BUG/MINOR: mqtt: Fix parser for string with more than 127 characters
    - BUG/MINOR: mqtt: Support empty client ID in CONNECT message
    - BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution
    - CLEANUP: peers: re-write intdecode function comment.
2021-06-30 16:16:14 +02:00
Willy Tarreau
6cbbecf097 [RELEASE] Released version 2.4.0
Released version 2.4.0 with the following main changes :
    - BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port
    - CLEANUP: cli/activity: Remove double spacing in set profiling command
    - CI: Build VTest with clang
    - CI: extend spellchecker whitelist, add "ists" as well
    - CLEANUP: assorted typo fixes in the code and comments
    - BUG/MINOR: memprof: properly account for differences for realloc()
    - MINOR: memprof: also report the method used by each call
    - MINOR: memprof: also report the totals and delta alloc-free
    - CLEANUP: pattern: remove the unused and dangerous pat_ref_reload()
    - BUG/MINOR: http_act: Fix normalizer names in error messages
    - MINOR: uri_normalizer: Add `fragment-strip` normalizer
    - MINOR: uri_normalizer: Add `fragment-encode` normalizer
    - IMPORT: slz: use the generic function for the last bytes of the crc32
    - IMPORT: slz: do not produce the crc32_fast table when CRC is natively supported
    - BUILD/MINOR: opentracing: fixed compilation with filter enabled
    - BUILD: makefile: add a few popular ARMv8 CPU targets
    - BUG/MEDIUM: stick_table: fix crash when using tcp smp_fetch_src
    - REGTESTS: stick-table: add src_conn_rate test
    - CLEANUP: stick-table: remove a leftover of an old keyword declaration
    - BUG/MINOR: stats: fix lastchk metric that got accidently lost
    - EXAMPLES: add a "basic-config-edge" example config
    - EXAMPLES: add a trivial config for quick testing
    - DOC: management: Correct example reload command in the document
    - Revert "CI: Build VTest with clang"
    - MINOR: activity/cli: optionally support sorting by address on "show profiling"
    - DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling
    - BUG/MINOR: lua/vars: prevent get_var() from allocating a new name
    - DOC: config: Fix configuration example for mqtt
    - BUG/MAJOR: config: properly initialize cpu_map.thread[] up to MAX_THREADS
    - BUILD: config: avoid a build warning on numa_detect_topology() without threads
    - DOC: update min requirements in INSTALL
    - IMPORT: slz: use inttypes.h instead of stdint.h
    - BUILD: sample: use strtoll() instead of atoll()
    - MINOR: version: mention that it's LTS now.
2021-05-14 09:03:30 +02:00
Willy Tarreau
46b93afdb3 [RELEASE] Released version 2.4-dev19
Released version 2.4-dev19 with the following main changes :
    - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers
    - BUG/MEDIUM: cli: prevent memory leak on write errors
    - BUG/MINOR: ssl/cli: fix a lock leak when no memory available
    - MINOR: debug: add a new "debug dev sym" command in expert mode
    - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS
    - CI: Github Actions: switch to LibreSSL-3.3.3
    - MINOR: srv: close all idle connections on shutdown
    - MINOR: connection: move session_list member in a union
    - MEDIUM: mux_h1: release idling frontend conns on soft-stop
    - MEDIUM: connection: close front idling connection on soft-stop
    - MINOR: tools: add functions to retrieve the address of a symbol
    - CLEANUP: activity: mark the profiling and task_profiling_mask __read_mostly
    - MINOR: activity: add a "memory" entry to "profiling"
    - MINOR: activity: declare the storage for memory usage statistics
    - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING
    - MINOR: activity: clean up the show profiling io_handler a little bit
    - MINOR: activity: make "show profiling" support a few arguments
    - MINOR: activity: make "show profiling" also dump the memoery usage
    - MINOR: activity: add the profiling.memory global setting
    - BUILD: makefile: add new option USE_MEMORY_PROFILING
    - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv()
    - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive
    - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set
    - MEDIUM: mux-h1: Don't block reads when waiting for the other side
    - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set
    - REGTESTS: Add script to test abortonclose option
    - MINOR: mux-h1: clean up conditions to enabled and disabled splicing
    - MINOR: mux-h1: Subscribe for sends if output buffer is not empty in h1_snd_pipe
    - MINOR: mux-h1: Always subscribe for reads when splicing is disabled
    - MEDIUM: mux-h1: Wake H1 stream when both sides a synchronized
    - CLEANUP: mux-h1: rename WAIT_INPUT/WAIT_OUTPUT flags
    - MINOR: mux-h1: Manage processing blocking flags on the H1 stream
    - BUG/MINOR: stream: Decrement server current session counter on L7 retry
    - BUG/MINOR: config: fix uninitialized initial state in ".if" block evaluator
    - BUG/MINOR: config: add a missing "ELIF_TAKE" test for ".elif" condition evaluator
    - BUG/MINOR: config: .if/.elif should also accept negative integers
    - MINOR: config: centralize the ".if"/".elif" condition parser and evaluator
    - MINOR: config: keep up-to-date current file/line/section in the global struct
    - MINOR: config: support some pseudo-variables for file/line/section
    - BUILD: activity: do not include malloc.h
    - MINOR: arg: improve the error message on missing closing parenthesis
    - MINOR: global: export the build features string list
    - MINOR: global: add version comparison functions
    - MINOR: config: improve .if condition error reporting
    - MINOR: config: make cfg_eval_condition() support predicates with arguments
    - MINOR: config: add predicate "defined()" to conditional expression blocks
    - MINOR: config: add predicates "streq()" and "strneq()" to conditional expressions
    - MINOR: config: add predicate "feature" to detect certain built-in features
    - MINOR: config: add predicates "version_atleast" and "version_before" to cond blocks
    - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc()
    - BUG/MINOR: stream: properly clear the previous error mask on L7 retries
    - MEDIUM: log: slightly refine the output format of alerts/warnings/etc
    - MINOR: config: add a new message directive: .diag
    - CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages
    - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry
    - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started
    - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set
    - MINOR: global: define tainted flag
    - MINOR: cfgparse: add a new field flags in cfg_keyword
    - MINOR: cfgparse: implement experimental config keywords
    - MINOR: action: replace match_pfx by a keyword flags field
    - MINOR: action: implement experimental actions
    - MINOR: cli: set tainted when using CLI expert/experimental mode
    - MINOR: stats: report tainted on show info
    - MINOR: http_act: mark normalize-uri as experimental
    - BUILD: fix usage of ha_alert without format string
    - MINOR: proxy: define PR_CAP_LB
    - BUG/MINOR: server: do not report diag for peer servers with null weight
    - DOC: ssl: Extra files loading now works for backends too
    - ADDONS: make addons/ discoverable by git via .gitignore
    - DOC: ssl: Add information about crl-file option
    - MINOR: sample: improve error reporting on missing arg to strcmp() converter
    - DOC: management: mention that some fields may be emitted as floats
    - MINOR: tools: implement trimming of floating point numbers
    - MINOR: tools: add a float-to-ascii conversion function
    - MINOR: freq_ctr: add new functions to report float measurements
    - MINOR: stats: avoid excessive padding of float values with trailing zeroes
    - MINOR: stats: add the HTML conversion for float types
    - MINOR: stats: pass the appctx flags to stats_fill_info()
    - MINOR: stats: support an optional "float" option to "show info"
    - MINOR: stats: use tv_remain() to precisely compute the uptime
    - MINOR: stats: report uptime and start time as floats with subsecond resolution
    - MINOR: stats: make "show info" able to report rates as floats when asked
    - MINOR: config: mark tune.fd.edge-triggered as experimental
    - REORG: vars: move the "proc" scope variables out of the global struct
    - REORG: threads: move all_thread_mask() to thread.h
    - BUILD: wdt: include signal-t.h
    - BUILD: auth: include missing list.h
    - REORG: mworker: move proc_self from global to mworker
    - BUILD: ssl: ssl_utils requires chunk.h
    - BUILD: config: cfgparse-ssl.c needs tools.h
    - BUILD: wurfl: wurfl.c needs tools.h
    - BUILD: spoe: flt_spoe.c needs tools.h
    - BUILD: promex: service-prometheus.c needs tools.h
    - BUILD: resolvers: include tools.h
    - BUILD: config: include tools.h in cfgparse-listen.c
    - BUILD: htx: include tools.h in http_htx.c
    - BUILD: proxy: include tools.h in proxy.c
    - BUILD: session: include tools.h in session.c
    - BUILD: cache: include tools.h in cache.c
    - BUILD: sink: include tools.h in sink.c
    - BUILD: connection: include tools.h in connection.c
    - BUILD: server-state: include tools.h from server_state.c
    - BUILD: dns: include tools.h in dns.c
    - BUILD: payload: include tools.h in payload.c
    - BUILD: vars: include tools.h in vars.c
    - BUILD: compression: include tools.h in compression.c
    - BUILD: mworker: include tools.h from mworker.c
    - BUILD: queue: include tools.h from queue.c
    - BUILD: udp: include tools.h from proto_udp.c
    - BUILD: stick-table: include freq_ctr.h from stick_table.h
    - BUILD: server: include tools.h from server.c
    - BUILD: server: include missing proxy.h in server.c
    - BUILD: sink: include proxy.h in sink.c
    - BUILD: mworker: include proxy.h in mworker.c
    - BUILD: filters: include proxy.h in filters.c
    - BUILD: fcgi-app: include proxy.h in fcgi-app.c
    - BUILD: connection: move list_mux_proto() to connection.c
    - REORG: stick-table: uninline stktable_alloc_data_type()
    - REORG: stick-table: move composite address functions to stick_table.h
    - REORG: config: uninline warnifnotcap() and failifnotcap()
    - BUILD: task: remove unused includes from task.c
    - MINOR: task: stop including stream.h from task.c
    - BUILD: connection: stop including listener-t.h
    - BUILD: hlua: include proxy.h from hlua.c
    - BUILD: mux-h1: include proxy.h from mux-h1.c
    - BUILD: mux-fcgi: include proxy.h from mux-fcgi.c
    - BUILD: listener: include proxy.h from listener.c
    - BUILD: http-rules: include proxy.h from http_rules.c
    - BUILD: thread: include log.h from thread.c
    - BUILD: comp: include proxy.h from flt_http_comp.c
    - BUILD: fd: include log.h from fd.c
    - BUILD: config: do not include proxy.h nor errors.h anymore in cfgparse.h
    - BUILD: makefile: reorder object files by build time
    - DOC: Fix a few grammar/spelling issues and casing of HAProxy
    - REGTESTS: run-regtests: match both "HAProxy" and "HA-Proxy" in the version
    - MINOR: version: report "HAProxy" not "HA-Proxy" in the version output
    - DOC: remove last occurrences of "HA-Proxy" syntax
    - DOC: peers: fix the protocol tag name in the doc
    - ADMIN: netsnmp: report "HAProxy" and not "Haproxy" in output descriptions
    - MEDIUM: mailers: use "HAProxy" nor "HAproxy" in the subject of messages
    - DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments
    - MINOR: tools/rnd: compute the result outside of the CAS loop
    - BUILD: http_fetch: address a few aliasing warnings with older compilers
    - BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version
    - BUILD: errors: include stdarg in errors.h
    - REGTESTS: disable inter-thread idle connection sharing on sensitive tests
    - MINOR: cli: make "help" support a command in argument
    - MINOR: cli: sort the output of the "help" keywords
    - CLEANUP: cli/mworker: properly align the help messages
    - BUILD: memprof: make the old caller pointer a const in get_prof_bin()
    - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD
    - CI: Github Actions: enable USE_QUIC=1 for BoringSSL builds
    - BUG/MEDIUM: quic: fix null deref on error path in qc_conn_init()
    - BUILD: cli: appease a null-deref warning in cli_gen_usage_msg()
2021-05-10 07:50:26 +02:00