Changes since version 1.8-dev0 : Baptiste Assmann (2): MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested BUG/MAJOR: dns: restart sockets after fork() Ben Shillito (1): DOC: Added 51Degrees conv and fetch functions to documentation. Christopher Faulet (42): BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode DOC: Add undocumented argument of the trace filter DOC: Fix some typo in SPOE documentation MINOR: cli: Remove useless call to bi_putchk BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full MINOR: applet: Count number of (active) applets MINOR: task: Rename run_queue and run_queue_cur counters BUG/MEDIUM: stream: Save unprocessed events for a stream BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled BUG/MINOR: Fix the sending function in Lua's cosocket BUG/MAJOR: channel: Fix the definition order of channel analyzers BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer BUG/MINOR: http: Return an error when a replace-header rule failed on the response BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example MINOR: spoe: Remove SPOE details from the appctx structure MINOR: spoe: Add status code in error variable instead of hardcoded value MINOR: spoe: Send a log message when an error occurred during event processing MINOR: spoe: Check the scope of sample fetches used in SPOE messages MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer MINOR: spoe: Use the min of all known max_frame_size to encode messages MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames MINOR: spoe: Add support for fragmentation capability in the SPOA example MAJOR: spoe: refactor the filter to clean up the code MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames REORG: spoe: Move struct and enum definitions in dedicated header file REORG: spoe: Move low-level encoding/decoding functions in dedicated header file MINOR: spoe: Improve implementation of the payload fragmentation MINOR: spoe: Add support of negation for options in SPOE configuration file MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing MINOR: spoe: Add "send-frag-payload" option in spoe-agent section MINOR: spoe: Add "max-frame-size" statement in spoe-agent section DOC: spoe: Update SPOE documentation to reflect recent changes David Carlier (1): MEDIUM: regex: pcre2 support David Harrigan (1): MINOR: stats: Support "select all" for backend actions Dragan Dosen (1): BUG/MINOR: cli: allow the backslash to be escaped on the CLI Emeric Brun (2): MINOR: connection: add sample fetch "fc_rcvd_proxy" OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration Emmanuel Hocdet (14): BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL MAJOR: ssl: bind configuration per certificat MINOR: ssl: add curve suite for ECDHE negotiation BUILD: ssl: fix to build (again) with boringssl MEDIUM: boringssl: support native multi-cert selection without bundling BUG/MEDIUM: ssl: fix verify/ca-file per certificate BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation. BUILD: ssl: fix build with -DOPENSSL_NO_DH MEDIUM: ssl: remove ssl-options from crt-list BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored. BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls MINOR: ssl: improved cipherlist captures Guillaume de Lafond (1): DOC: Add timings events schemas Janusz Dziemidowicz (1): BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file Jarno Huuskonen (5): MINOR: Use "500 Internal Server Error" for 500 error/status code message. MINOR: proto_http.c 502 error txt typo. DOC: add deprecation notice to "block" MEDIUM: http_error_message: txn->status / http_get_status_idx. MINOR: http-request tarpit deny_status. Luca Pizzamiglio (1): BUILD/MEDIUM: Fixing the build using LibreSSL Lukas Tribus (2): MINOR: compression: fix -vv output without zlib/slz MINOR: ssl: don't show prefer-server-ciphers output Marcin Deranek (3): MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id DOC: fix small typo in fe_id (backend instead of frontend) BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled Matthieu Guegan (1): BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect Misiek (4): MINOR: checks: Add agent-addr config directive MINOR: cli: Add possiblity to change agent config via CLI/socket MINOR: doc: Add docs for agent-addr configuration variable MINOR: doc: Add docs for agent-addr and agent-send CLI commands Nenad Merdanovic (6): BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup BUG/MINOR: Fix "get map " CLI command MINOR: Add nbsrv sample converter CLEANUP: Replace repeated code to count usable servers with be_usable_srv() MINOR: Add hostname sample fetch CLEANUP: Remove comment that's no longer valid Olivier Doucet (1): BUG/MINOR: option prefer-last-server must be ignored in some case Robin H. Johnson (1): MINOR: http: custom status reason. Ruoshan Huang (1): DOC: Fix map table's format Ryabin Sergey (1): BUG/MINOR: Reset errno variable before calling strtol(3) Simon Horman (2): MEDIUM: stats: Add JSON output option to show (info|stat) MEDIUM: stats: Add show json schema Thierry FOURNIER (22): BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2) DOC: lua: documentation about time parser functions DOC: lua: improve links DOC: lua: section declared twice CLEANUP: lua: rename one of the lua appctx union BUG/MINOR: lua/cli: bad error message MEDIUM: lua: use memory pool for hlua struct in applets MINOR: lua/signals: Remove Lua part from signals. MINOR/DOC: lua: just precise one thing BUG/MINOR: lua: memory leak executing tasks BUG/MINOR: lua: bad return code BUG/MINOR: lua: memleak when Lua/cli fails MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools BUG/MINOR: stats: fix be/sessions/current out in typed stats BUILD: lua: build failed on FreeBSD. MINOR: samples: add xx-hash functions BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0 BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword BUG/MEDIUM: http: prevent redirect from overwriting a buffer BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1' MEDIUM: ssl: add new sample-fetch which captures the cipherlist Thierry FOURNIER / OZON.IO (7): BUG/MEDIUM: variables: some variable name can hide another ones MINOR: lua: Allow argument for actions CLEANUP: hlua: just indent functions MINOR: lua: give HAProxy variable access to the applets DOC: lua: Documentation about some entry missing DOC: lua: Add documentation about variable manipulation from applet MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set Tim Düsterhus (1): DOC: Spelling fixes William Lallemand (3): MEDIUM: cli: 'show cli sockets' list the CLI sockets DOC: cli: show cli sockets BUG/MINOR: systemd: potential zombie processes Willy Tarreau (105): BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos BUG/MINOR: stats: make field_str() return an empty string on NULL BUG/MAJOR: stream: fix session abort on resource shortage OPTIM: stream-int: don't disable polling anymore on DONT_READ BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys" DOC: mention that req_tot is for both frontends and backends BUILD: rearrange target files by build time BUG/MINOR: stats: fix be/sessions/max output in html stats SCRIPTS: git-show-backports: fix a harmless typo SCRIPTS: git-show-backports: add -H to use the hash of the commit message BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context CLEANUP: applet/table: add an "action" entry in ->table context CLEANUP: applet: remove the now unused appctx->private field BUG/MINOR: cli: "show cli sockets" wouldn't list all processes BUG/MINOR: cli: "show cli sockets" would always report process 64 MINOR: cli: automatically enable a CLI I/O handler when there's no parser CLEANUP: memory: remove the now unused cli_parse_show_pools() function CLEANUP: applet: group all CLI contexts together CLEANUP: stats: move a misplaced stats context initialization MINOR: cli: add two general purpose pointers and integers in the CLI struct MINOR: appctx/cli: remove the cli_socket entry from the appctx union MINOR: appctx/cli: remove the env entry from the appctx union MINOR: appctx/cli: remove the "be" entry from the appctx union MINOR: appctx/cli: remove the "dns" entry from the appctx union MINOR: appctx/cli: remove the "server_state" entry from the appctx union MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union CONTRIB: tcploop: add limits.h to fix build issue with some compilers CLEANUP: haproxy: statify unexported functions MINOR: haproxy: add a registration for build options CLEANUP: wurfl: use the build options list to report it CLEANUP: 51d: use the build options list to report it CLEANUP: da: use the build options list to report it CLEANUP: namespaces: use the build options list to report it CLEANUP: tcp: use the build options list to report transparent modes CLEANUP: lua: use the build options list to report it CLEANUP: regex: use the build options list to report the regex type CLEANUP: ssl: use the build options list to report the SSL details CLEANUP: compression: use the build options list to report the algos CLEANUP: auth: use the build options list to report its support MINOR: haproxy: add a registration for post-check functions CLEANUP: checks: make use of the post-init registration to start checks CLEANUP: filters: use the function registration to initialize all proxies CLEANUP: wurfl: make use of the late init registration CLEANUP: 51d: make use of the late init registration CLEANUP: da: make use of the late init registration code MINOR: haproxy: add a registration for post-deinit functions CLEANUP: wurfl: register the deinit function via the dedicated list CLEANUP: 51d: register the deinitialization function CLEANUP: da: register the deinitialization function CLEANUP: wurfl: move global settings out of the global section CLEANUP: 51d: move global settings out of the global section CLEANUP: da: move global settings out of the global section MINOR: cfgparse: add two new functions to check arguments count MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake BUG/MEDIUM: ssl: avoid double free when releasing bind_confs MINOR: tcp-rules: check that the listener exists before updating its counters MEDIUM: spoe: don't create a dummy listener for outgoing connections MINOR: listener: move the transport layer pointer to the bind_conf MEDIUM: move listener->frontend to bind_conf->frontend MEDIUM: ssl: remote the proxy argument from most functions MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf() MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf() MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL MINOR: connection: add a minimal transport layer registration system CLEANUP: connection: remove all direct references to raw_sock and ssl_sock CLEANUP: connection: unexport raw_sock and ssl_sock MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv() CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c BUG/MEDIUM: ssl: for a handshake when server-side SNI changes BUG/MINOR: http: report real parser state in error captures BUILD: scripts: automatically update the branch in version.h when releasing MINOR: tools: add a generic hexdump function for debugging BUG/MAJOR: http: fix risk of getting invalid reports of bad requests BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options BUG/MINOR: tools: fix off-by-one in port size check BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family MEDIUM: server: split the address and the port into two different fields MINOR: tools: make str2sa_range() return the port in a separate argument MINOR: server: take the destination port from the port field, not the addr MEDIUM: server: disable protocol validations when the server doesn't resolve BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0 BUILD: ssl: fix build on OpenSSL 1.0.0 BUILD: ssl: silence a warning reported for ERR_remove_state() BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes() BUILD: ssl: kill a build warning introduced by BoringSSL compatibility BUG/MEDIUM: tcp: don't poll for write when connect() succeeds BUG/MINOR: unix: fix connect's polling in case no data are scheduled MINOR: server: extend the flags to 32 bits MINOR: chunks: implement a simple dynamic allocator for trash buffers BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw() BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule MINOR: http: don't close when redirect location doesn't start with "/" MINOR: config: warn when some HTTP rules are used in a TCP proxy CLEANUP: http: make http_server_error() not set the status anymore