Changes since version 1.8-dev2 :
Adis Nezirovic (1):
BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions.
Christopher Faulet (25):
BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers
BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map
BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0
BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING
BUG/MINOR: cfgparse: Check if tune.http.maxhdr is in the range 1..32767
MINOR: queue: Change pendconn_get_next_strm into private function
MINOR: backends: Change get_server_sh/get_server_uh into private function
MINOR: queue: Change pendconn_from_srv/pendconn_from_px into private functions
BUG/MAJOR: compression: Be sure to release the compression state in all cases
MINOR: compression: Use a memory pool to allocate compression states
BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel
BUG/MINOR: http: Don't reset the transaction if there are still data to send
BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels
BUG/MINOR: http: Set the response error state in http_sync_res_state
MINOR: http: Reorder/rewrite checks in http_resync_states
MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags
BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined
MINOR: http: Rely on analyzers mask to end processing in forward_body functions
BUG/MINOR: http: Fix bug introduced in previous patch in http_resync_states
BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state
MINOR: samples: Handle the type SMP_T_METH when we duplicate a sample in smp_dup
MINOR: samples: Handle the type SMP_T_METH in smp_is_safe and smp_is_rw
MINOR: samples: Don't allocate memory for SMP_T_METH sample when method is known
BUG/MINOR: ssl: Fix check against SNI during server certificate verification
BUG/MEDIUM: ssl: Fix regression about certificates generation
David Carlier (4):
BUG/MINOR: haproxy/cli : fix for solaris/illumos distros for CMSG* macros
BUG/MINOR: contrib/modsecurity: BSD build fix
BUG/MINOR: contrib/mod_defender: build fix
MINOR: memory: remove macros
Emeric Brun (12):
BUG/MAJOR: ssl: fix segfault on connection close using async engines.
BUG/MAJOR: ssl: buffer overflow using offloaded ciphering on async engine
BUG/MINOR: ssl: do not call directly the conn_fd_handler from async_fd_handler
BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue
MAJOR: task: task scheduler rework.
MINOR: task/stream: tasks related to a stream must be init by the caller.
MAJOR: applet: applet scheduler rework.
BUG/MAJOR: cli: fix custom io_release was crushed by NULL.
BUG/MAJOR: map: fix segfault during 'show map/acl' on cli.
BUG/MAJOR: applet: fix a freeze if data is immedately forwarded.
BUG/MEDIUM: map/acl: fix unwanted flags inheritance.
BUG/MAJOR: http: fix buffer overflow on loguri buffer.
Emmanuel Hocdet (10):
REORG: ssl: move defines and methodVersions table upper
MEDIUM: ssl: ctx_set_version/ssl_set_version func for methodVersions table
MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list
MEDIUM: ssl: disable SSLv3 per default for bind
BUG/MINOR: ssl: remove haproxy SSLv3 support when ssl lib have no SSLv3
MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy
BUILD: ssl: fix compatibility with openssl without TLSEXT_signature_*
MINOR: ssl: add "no-ca-names" parameter for bind
MINOR: ssl: allow to start without certificate if strict-sni is set
BUILD: ssl: replace SSL_CTX_get0_privatekey for openssl < 1.0.2
Frédéric Lécaille (7):
CONTRIB: plug qdiscs: Plug queuing disciplines mini HOWTO.
BUG/MEDIUM: peers: Peers CLOSE_WAIT issue.
BUG/MAJOR: server: Segfault after parsing server state file.
BUG/MINOR: Wrong peer task expiration handling during synchronization processing.
MINOR: peers: Add additional information to stick-table definition messages.
BUG/MINOR: peers: peer synchronization issue (with several peers sections).
MINOR: Add server port field to server state file.
Jarno Huuskonen (1):
DOC: fix references to the section about time format.
Nan Liu (1):
BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04
Nenad Merdanovic (2):
BUG/MINOR: lua: Fix Server.get_addr() port values
BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()
Olivier Houchard (7):
BUG/MINOR: Prevent a use-after-free on error scenario on option "-x".
MINOR: dns: Cache previous DNS answers.
MINOR: obj: Add a new type of object, OBJ_TYPE_SRVRQ.
Add a few functions to do unaligned access.
MINOR: dns: Handle SRV records.
MINOR: check: Fix checks when using SRV records.
MINOR: doc: Document SRV label usage.
Thierry FOURNIER (8):
BUG/MINOR: lua: In error case, the safe mode is not removed
BUG/MINOR: lua: executes the function destroying the Lua session in safe mode
BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted
BUG/MEDIUM: lua: bad memory access
BUG/MINOR: Lua: variable already initialized
MINOR: lua: Add proxy as member of proxy object.
DOC: lua: Proxy class doc update
MINOR: lua: Add lists of frontends and backends
William Lallemand (7):
BUG/MEDIUM: build without openssl broken
BUG/MINOR: warning: ‘need_resend’ may be used uninitialized
BUG/MEDIUM: misplaced exit and wrong exit code
BUG/MEDIUM: fix segfault when no argument to -x option
MINOR: warning on multiple -x
MINOR: mworker: don't copy -x argument anymore in copy_argv()
BUG/MEDIUM: mworker: don't reuse PIDs passed to the master
Willy Tarreau (37):
BUILD: scripts: make publish-release support bare repositories
BUILD: scripts: add an automatic mode for publish-release
BUILD: scripts: add a "quiet" mode to publish-release
BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer
BUG/MEDIUM: unix: never unlink a unix socket from the file system
scripts: create-release pass -n to tail
SCRIPTS: create-release: enforce GIT_COMMITTER_{NAME|EMAIL} validity
BUG/MINOR: log: pin the front connection when front ip/ports are logged
DOC: fix references to the section about the unix socket
MEDIUM: stream: make stream_new() always set the target and analysers
MINOR: frontend: initialize HTTP layer after the debugging code
MINOR: connection: add a .get_alpn() method to xprt_ops
MINOR: ssl: add a get_alpn() method to ssl_sock
MINOR: frontend: retrieve the ALPN name when available
MINOR: frontend: report the connection's ALPN in the debug output
MINOR: stream: don't set backend's nor response analysers on SF_TUNNEL
MINOR: connection: send data before receiving
BUG/MAJOR: frontend: don't dereference a null conn on outgoing connections
MINOR: ssl: compare server certificate names to the SNI on outgoing connections
BUG/MINOR: http: properly handle all 1xx informational responses
OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer
CLEANUP: hdr_idx: make some function arguments const where possible
DOC: update CONTRIBUTING regarding optional parts and message format
DOC: update the list of OpenSSL versions in the README
MINOR: tools: add a portable timegm() alternative
BUILD: lua: replace timegm() with my_timegm() to fix build on Solaris 10
BUG/MINOR: lua: always detach the tcp/http tasks before freeing them
MINOR: task: always preinitialize the task's timeout in task_init()
CLEANUP: task: remove all initializations to TICK_ETERNITY after task_new()
BUG/MAJOR: lua: properly dequeue hlua_applet_wakeup() for new scheduler
BUG/MINOR: ssl: make use of the name in SNI before verifyhost
MINOR: ssl: add a new error codes for wrong server certificates
BUG/MEDIUM: stream: don't retry SSL connections which fail the SNI name check
DOC: fix alphabetical order of "show commands" in management.txt
MINOR: listener: add a function to return a listener's state as a string
MINOR: cli: add a new "show fd" command
BUILD/MINOR: cli: shut a minor gcc warning in "show fd"
ben51degrees (1):
DOC: Updated 51Degrees git URL to point to a stable version.