[RELEASE] Released version 1.5-dev18
Released version 1.5-dev18 with the following main changes :
- DOCS: Add explanation of intermediate certs to crt paramater
- DOC: typo and minor fixes in compression paragraph
- MINOR: config: http-request configuration error message misses new keywords
- DOC: minor typo fix in documentation
- BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured.
- MEDIUM: ssl: add bind-option "strict-sni"
- MEDIUM: ssl: add mapping from SNI to cert file using "crt-list"
- MEDIUM: regex: Use PCRE JIT in acl
- DOC: simplify bind option "interface" explanation
- DOC: tfo: bump required kernel to linux-3.7
- BUILD: add explicit support for TFO with USE_TFO
- MEDIUM: New cli option -Ds for systemd compatibility
- MEDIUM: add haproxy-systemd-wrapper
- MEDIUM: add systemd service
- BUG/MEDIUM: systemd-wrapper: don't leak zombie processes
- BUG/MEDIUM: remove supplementary groups when changing gid
- BUG/MEDIUM: config: fix parser crash with bad bind or server address
- BUG/MINOR: Correct logic in cut_crlf()
- CLEANUP: checks: Make desc argument to set_server_check_status const
- CLEANUP: dumpstats: Make cli_release_handler() static
- MEDIUM: server: Break out set weight processing code
- MEDIUM: server: Allow relative weights greater than 100%
- MEDIUM: server: Tighten up parsing of weight string
- MEDIUM: checks: Add agent health check
- BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot
- BUG/MINOR: time: frequency counters are not totally accurate
- BUG/MINOR: http: don't process abortonclose when request was sent
- BUG/MEDIUM: stream_interface: don't close outgoing connections on shutw()
- BUG/MEDIUM: checks: ignore late resets after valid responses
- DOC: fix bogus recommendation on usage of gpc0 counter
- BUG/MINOR: http-compression: lookup Cache-Control in the response, not the request
- MINOR: signal: don't block SIGPROF by default
- OPTIM: epoll: make use of EPOLLRDHUP
- OPTIM: splice: detect shutdowns and avoid splice() == 0
- OPTIM: splice: assume by default that splice is working correctly
- BUG/MINOR: log: temporary fix for lost SSL info in some situations
- BUG/MEDIUM: peers: only the last peers section was used by tables
- BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
- BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser
- BUG/MINOR: config: free peer's address when exiting upon parsing error
- BUG/MINOR: config: check the proper variable when parsing log minlvl
- BUG/MEDIUM: checks: ensure the health_status is always within bounds
- BUG/MINOR: cli: show sess should always validate s->listener
- BUG/MINOR: log: improper NULL return check on utoa_pad()
- CLEANUP: http: remove a useless null check
- CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener()
- BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
- BUG/MEDIUM: tools: off-by-one in quote_arg()
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
- BUG/MINOR: unix: remove the 'level' field from the ux struct
- CLEANUP: http: don't try to deinitialize http compression if it fails before init
- CLEANUP: config: slowstart is never negative
- CLEANUP: config: maxcompcpuusage is never negative
- BUG/MEDIUM: log: emit '-' for empty fields again
- BUG/MEDIUM: checks: fix a race condition between checks and observe layer7
- BUILD: fix a warning emitted by isblank() on non-c99 compilers
- BUILD: improve the makefile's support for libpcre
- MEDIUM: halog: add support for counting per source address (-ic)
- MEDIUM: tools: make str2sa_range support all address syntaxes
- MEDIUM: config: make use of str2sa_range() instead of str2sa()
- MEDIUM: config: use str2sa_range() to parse server addresses
- MEDIUM: config: use str2sa_range() to parse peers addresses
- MINOR: tests: add a config file to ease address parsing tests.
- MINOR: ssl: add a global tunable for the max SSL/TLS record size
- BUG/MINOR: syscall: fix NR_accept4 system call on sparc/linux
- BUILD/MINOR: syscall: add definition of NR_accept4 for ARM
- MINOR: config: report missing peers section name
- BUG/MEDIUM: tools: fix bad character handling in str2sa_range()
- BUG/MEDIUM: stats: never apply "unix-bind prefix" to the global stats socket
- MINOR: tools: prepare str2sa_range() to return an error message
- BUG/MEDIUM: checks: don't call connect() on unsupported address families
- MINOR: tools: prepare str2sa_range() to accept a prefix
- MEDIUM: tools: make str2sa_range() parse unix addresses too
- MEDIUM: config: make str2listener() use str2sa_range() to parse unix addresses
- MEDIUM: config: use a single str2sa_range() call to parse bind addresses
- MEDIUM: config: use str2sa_range() to parse log addresses
- CLEANUP: tools: remove str2sun() which is not used anymore.
- MEDIUM: config: add complete support for str2sa_range() in dispatch
- MEDIUM: config: add complete support for str2sa_range() in server addr
- MEDIUM: config: add complete support for str2sa_range() in 'server'
- MEDIUM: config: add complete support for str2sa_range() in 'peer'
- MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc'
- CLEANUP: minor cleanup in str2sa_range() and str2ip()
- CLEANUP: config: do not use multiple errmsg at once
- MEDIUM: tools: support specifying explicit address families in str2sa_range()
- MAJOR: listener: support inheriting a listening fd from the parent
- MAJOR: tools: support environment variables in addresses
- BUG/MEDIUM: http: add-header should not emit "-" for empty fields
- BUG/MEDIUM: config: ACL compatibility check on "redirect" was wrong
- BUG/MEDIUM: http: fix another issue caused by http-send-name-header
- DOC: mention the new HTTP 307 and 308 redirect statues
- MEDIUM: poll: do not use FD_* macros anymore
- BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
- BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings
- BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern
- BUILD: fix usual isdigit() warning on solaris
- BUG/MEDIUM: tools: vsnprintf() is not always reliable on Solaris
- OPTIM: buffer: remove one jump in buffer_count()
- OPTIM: http: improve branching in chunk size parser
- OPTIM: http: optimize the response forward state machine
- BUILD: enable poll() by default in the makefile
- BUILD: add explicit support for Mac OS/X
- BUG/MAJOR: http: use a static storage for sample fetch context
- BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file()
- BUG/MAJOR: http: fix regression introduced by commit a890d072
- BUG/MAJOR: http: fix regression introduced by commit d655ffe
- BUG/CRITICAL: using HTTP information in tcp-request content may crash the process
- MEDIUM: acl: remove flag ACL_MAY_LOOKUP which is improperly used
- MEDIUM: samples: use new flags to describe compatibility between fetches and their usages
- MINOR: log: indicate it when some unreliable sample fetches are logged
- MEDIUM: samples: move payload-based fetches and ACLs to their own file
- MINOR: backend: rename sample fetch functions and declare the sample keywords
- MINOR: frontend: rename sample fetch functions and declare the sample keywords
- MINOR: listener: rename sample fetch functions and declare the sample keywords
- MEDIUM: http: unify acl and sample fetch functions
- MINOR: session: rename sample fetch functions and declare the sample keywords
- MAJOR: acl: make all ACLs reference the fetch function via a sample.
- MAJOR: acl: remove the arg_mask from the ACL definition and use the sample fetch's
- MAJOR: acl: remove fetch argument validation from the ACL struct
- MINOR: http: add new direction-explicit sample fetches for headers and cookies
- MINOR: payload: add new direction-explicit sample fetches
- CLEANUP: acl: remove ACL hooks which were never used
- MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed"
- MINOR: sample: provide a function to report the name of a sample check point
- MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires
- CLEANUP: acl: remove unused references to ACL_USE_*
- MINOR: http: replace acl_parse_ver with acl_parse_str
- MEDIUM: acl: move the ->parse, ->match and ->smp fields to acl_expr
- MAJOR: acl: add option -m to change the pattern matching method
- MINOR: acl: remove the use_count in acl keywords
- MEDIUM: acl: have a pointer to the keyword name in acl_expr
- MEDIUM: acl: support using sample fetches directly in ACLs
- MEDIUM: http: remove val_usr() to validate user_lists
- MAJOR: sample: maintain a per-proxy list of the fetch args to resolve
- MINOR: ssl: add support for the "alpn" bind keyword
- MINOR: http: status code 303 is HTTP/1.1 only
- MEDIUM: http: implement redirect 307 and 308
- MINOR: http: status 301 should not be marked non-cacheable
diff --git a/CHANGELOG b/CHANGELOG
index 53c947a..4546f5d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,147 @@
ChangeLog :
===========
+2013/04/03 : 1.5-dev18
+ - DOCS: Add explanation of intermediate certs to crt paramater
+ - DOC: typo and minor fixes in compression paragraph
+ - MINOR: config: http-request configuration error message misses new keywords
+ - DOC: minor typo fix in documentation
+ - BUG/MEDIUM: ssl: ECDHE ciphers not usable without named curve configured.
+ - MEDIUM: ssl: add bind-option "strict-sni"
+ - MEDIUM: ssl: add mapping from SNI to cert file using "crt-list"
+ - MEDIUM: regex: Use PCRE JIT in acl
+ - DOC: simplify bind option "interface" explanation
+ - DOC: tfo: bump required kernel to linux-3.7
+ - BUILD: add explicit support for TFO with USE_TFO
+ - MEDIUM: New cli option -Ds for systemd compatibility
+ - MEDIUM: add haproxy-systemd-wrapper
+ - MEDIUM: add systemd service
+ - BUG/MEDIUM: systemd-wrapper: don't leak zombie processes
+ - BUG/MEDIUM: remove supplementary groups when changing gid
+ - BUG/MEDIUM: config: fix parser crash with bad bind or server address
+ - BUG/MINOR: Correct logic in cut_crlf()
+ - CLEANUP: checks: Make desc argument to set_server_check_status const
+ - CLEANUP: dumpstats: Make cli_release_handler() static
+ - MEDIUM: server: Break out set weight processing code
+ - MEDIUM: server: Allow relative weights greater than 100%
+ - MEDIUM: server: Tighten up parsing of weight string
+ - MEDIUM: checks: Add agent health check
+ - BUG/MEDIUM: ssl: openssl 0.9.8 doesn't open /dev/random before chroot
+ - BUG/MINOR: time: frequency counters are not totally accurate
+ - BUG/MINOR: http: don't process abortonclose when request was sent
+ - BUG/MEDIUM: stream_interface: don't close outgoing connections on shutw()
+ - BUG/MEDIUM: checks: ignore late resets after valid responses
+ - DOC: fix bogus recommendation on usage of gpc0 counter
+ - BUG/MINOR: http-compression: lookup Cache-Control in the response, not the request
+ - MINOR: signal: don't block SIGPROF by default
+ - OPTIM: epoll: make use of EPOLLRDHUP
+ - OPTIM: splice: detect shutdowns and avoid splice() == 0
+ - OPTIM: splice: assume by default that splice is working correctly
+ - BUG/MINOR: log: temporary fix for lost SSL info in some situations
+ - BUG/MEDIUM: peers: only the last peers section was used by tables
+ - BUG/MEDIUM: config: verbosely reject peers sections with multiple local peers
+ - BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
+ - BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser
+ - BUG/MINOR: config: free peer's address when exiting upon parsing error
+ - BUG/MINOR: config: check the proper variable when parsing log minlvl
+ - BUG/MEDIUM: checks: ensure the health_status is always within bounds
+ - BUG/MINOR: cli: show sess should always validate s->listener
+ - BUG/MINOR: log: improper NULL return check on utoa_pad()
+ - CLEANUP: http: remove a useless null check
+ - CLEANUP: tcp/unix: remove useless NULL check in {tcp,unix}_bind_listener()
+ - BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
+ - BUG/MEDIUM: tools: off-by-one in quote_arg()
+ - BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
+ - BUG/MINOR: unix: remove the 'level' field from the ux struct
+ - CLEANUP: http: don't try to deinitialize http compression if it fails before init
+ - CLEANUP: config: slowstart is never negative
+ - CLEANUP: config: maxcompcpuusage is never negative
+ - BUG/MEDIUM: log: emit '-' for empty fields again
+ - BUG/MEDIUM: checks: fix a race condition between checks and observe layer7
+ - BUILD: fix a warning emitted by isblank() on non-c99 compilers
+ - BUILD: improve the makefile's support for libpcre
+ - MEDIUM: halog: add support for counting per source address (-ic)
+ - MEDIUM: tools: make str2sa_range support all address syntaxes
+ - MEDIUM: config: make use of str2sa_range() instead of str2sa()
+ - MEDIUM: config: use str2sa_range() to parse server addresses
+ - MEDIUM: config: use str2sa_range() to parse peers addresses
+ - MINOR: tests: add a config file to ease address parsing tests.
+ - MINOR: ssl: add a global tunable for the max SSL/TLS record size
+ - BUG/MINOR: syscall: fix NR_accept4 system call on sparc/linux
+ - BUILD/MINOR: syscall: add definition of NR_accept4 for ARM
+ - MINOR: config: report missing peers section name
+ - BUG/MEDIUM: tools: fix bad character handling in str2sa_range()
+ - BUG/MEDIUM: stats: never apply "unix-bind prefix" to the global stats socket
+ - MINOR: tools: prepare str2sa_range() to return an error message
+ - BUG/MEDIUM: checks: don't call connect() on unsupported address families
+ - MINOR: tools: prepare str2sa_range() to accept a prefix
+ - MEDIUM: tools: make str2sa_range() parse unix addresses too
+ - MEDIUM: config: make str2listener() use str2sa_range() to parse unix addresses
+ - MEDIUM: config: use a single str2sa_range() call to parse bind addresses
+ - MEDIUM: config: use str2sa_range() to parse log addresses
+ - CLEANUP: tools: remove str2sun() which is not used anymore.
+ - MEDIUM: config: add complete support for str2sa_range() in dispatch
+ - MEDIUM: config: add complete support for str2sa_range() in server addr
+ - MEDIUM: config: add complete support for str2sa_range() in 'server'
+ - MEDIUM: config: add complete support for str2sa_range() in 'peer'
+ - MEDIUM: config: add complete support for str2sa_range() in 'source' and 'usesrc'
+ - CLEANUP: minor cleanup in str2sa_range() and str2ip()
+ - CLEANUP: config: do not use multiple errmsg at once
+ - MEDIUM: tools: support specifying explicit address families in str2sa_range()
+ - MAJOR: listener: support inheriting a listening fd from the parent
+ - MAJOR: tools: support environment variables in addresses
+ - BUG/MEDIUM: http: add-header should not emit "-" for empty fields
+ - BUG/MEDIUM: config: ACL compatibility check on "redirect" was wrong
+ - BUG/MEDIUM: http: fix another issue caused by http-send-name-header
+ - DOC: mention the new HTTP 307 and 308 redirect statues
+ - MEDIUM: poll: do not use FD_* macros anymore
+ - BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
+ - BUG/MINOR: acl: ssl_fc_{alg,use}_keysize must parse integers, not strings
+ - BUG/MINOR: acl: ssl_c_used, ssl_fc{,_has_crt,_has_sni} take no pattern
+ - BUILD: fix usual isdigit() warning on solaris
+ - BUG/MEDIUM: tools: vsnprintf() is not always reliable on Solaris
+ - OPTIM: buffer: remove one jump in buffer_count()
+ - OPTIM: http: improve branching in chunk size parser
+ - OPTIM: http: optimize the response forward state machine
+ - BUILD: enable poll() by default in the makefile
+ - BUILD: add explicit support for Mac OS/X
+ - BUG/MAJOR: http: use a static storage for sample fetch context
+ - BUG/MEDIUM: ssl: improve error processing and reporting in ssl_sock_load_cert_list_file()
+ - BUG/MAJOR: http: fix regression introduced by commit a890d072
+ - BUG/MAJOR: http: fix regression introduced by commit d655ffe
+ - BUG/CRITICAL: using HTTP information in tcp-request content may crash the process
+ - MEDIUM: acl: remove flag ACL_MAY_LOOKUP which is improperly used
+ - MEDIUM: samples: use new flags to describe compatibility between fetches and their usages
+ - MINOR: log: indicate it when some unreliable sample fetches are logged
+ - MEDIUM: samples: move payload-based fetches and ACLs to their own file
+ - MINOR: backend: rename sample fetch functions and declare the sample keywords
+ - MINOR: frontend: rename sample fetch functions and declare the sample keywords
+ - MINOR: listener: rename sample fetch functions and declare the sample keywords
+ - MEDIUM: http: unify acl and sample fetch functions
+ - MINOR: session: rename sample fetch functions and declare the sample keywords
+ - MAJOR: acl: make all ACLs reference the fetch function via a sample.
+ - MAJOR: acl: remove the arg_mask from the ACL definition and use the sample fetch's
+ - MAJOR: acl: remove fetch argument validation from the ACL struct
+ - MINOR: http: add new direction-explicit sample fetches for headers and cookies
+ - MINOR: payload: add new direction-explicit sample fetches
+ - CLEANUP: acl: remove ACL hooks which were never used
+ - MEDIUM: proxy: remove acl_requires and just keep a flag "http_needed"
+ - MINOR: sample: provide a function to report the name of a sample check point
+ - MAJOR: acl: convert all ACL requires to SMP use+val instead of ->requires
+ - CLEANUP: acl: remove unused references to ACL_USE_*
+ - MINOR: http: replace acl_parse_ver with acl_parse_str
+ - MEDIUM: acl: move the ->parse, ->match and ->smp fields to acl_expr
+ - MAJOR: acl: add option -m to change the pattern matching method
+ - MINOR: acl: remove the use_count in acl keywords
+ - MEDIUM: acl: have a pointer to the keyword name in acl_expr
+ - MEDIUM: acl: support using sample fetches directly in ACLs
+ - MEDIUM: http: remove val_usr() to validate user_lists
+ - MAJOR: sample: maintain a per-proxy list of the fetch args to resolve
+ - MINOR: ssl: add support for the "alpn" bind keyword
+ - MINOR: http: status code 303 is HTTP/1.1 only
+ - MEDIUM: http: implement redirect 307 and 308
+ - MINOR: http: status 301 should not be marked non-cacheable
+
2012/12/28 : 1.5-dev17
- MINOR: ssl: Setting global tune.ssl.cachesize value to 0 disables SSL session cache.
- BUG/MEDIUM: stats: fix stats page regression introduced by commit 20b0de5