[RELEASE] Released version 1.8-dev1
Released version 1.8-dev1 with the following main changes :
- BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
- BUG/MINOR: stats: make field_str() return an empty string on NULL
- DOC: Spelling fixes
- BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
- BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn
- BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
- BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
- BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode
- BUG/MAJOR: stream: fix session abort on resource shortage
- OPTIM: stream-int: don't disable polling anymore on DONT_READ
- BUG/MINOR: cli: allow the backslash to be escaped on the CLI
- BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
- DOC: Fix map table's format
- DOC: Added 51Degrees conv and fetch functions to documentation.
- BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
- DOC: mention that req_tot is for both frontends and backends
- BUG/MEDIUM: variables: some variable name can hide another ones
- MINOR: lua: Allow argument for actions
- BUILD: rearrange target files by build time
- CLEANUP: hlua: just indent functions
- MINOR: lua: give HAProxy variable access to the applets
- BUG/MINOR: stats: fix be/sessions/max output in html stats
- MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
- DOC: lua: Documentation about some entry missing
- DOC: lua: Add documentation about variable manipulation from applet
- MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set
- DOC: Add undocumented argument of the trace filter
- DOC: Fix some typo in SPOE documentation
- MINOR: cli: Remove useless call to bi_putchk
- BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
- MINOR: applet: Count number of (active) applets
- MINOR: task: Rename run_queue and run_queue_cur counters
- BUG/MEDIUM: stream: Save unprocessed events for a stream
- BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
- BUILD/MEDIUM: Fixing the build using LibreSSL
- BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
- SCRIPTS: git-show-backports: fix a harmless typo
- SCRIPTS: git-show-backports: add -H to use the hash of the commit message
- BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
- CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context
- CLEANUP: applet/table: add an "action" entry in ->table context
- CLEANUP: applet: remove the now unused appctx->private field
- DOC: lua: documentation about time parser functions
- DOC: lua: improve links
- DOC: lua: section declared twice
- MEDIUM: cli: 'show cli sockets' list the CLI sockets
- BUG/MINOR: cli: "show cli sockets" wouldn't list all processes
- BUG/MINOR: cli: "show cli sockets" would always report process 64
- CLEANUP: lua: rename one of the lua appctx union
- BUG/MINOR: lua/cli: bad error message
- MEDIUM: lua: use memory pool for hlua struct in applets
- MINOR: lua/signals: Remove Lua part from signals.
- DOC: cli: show cli sockets
- MINOR: cli: automatically enable a CLI I/O handler when there's no parser
- CLEANUP: memory: remove the now unused cli_parse_show_pools() function
- CLEANUP: applet: group all CLI contexts together
- CLEANUP: stats: move a misplaced stats context initialization
- MINOR: cli: add two general purpose pointers and integers in the CLI struct
- MINOR: appctx/cli: remove the cli_socket entry from the appctx union
- MINOR: appctx/cli: remove the env entry from the appctx union
- MINOR: appctx/cli: remove the "be" entry from the appctx union
- MINOR: appctx/cli: remove the "dns" entry from the appctx union
- MINOR: appctx/cli: remove the "server_state" entry from the appctx union
- MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- MINOR/DOC: lua: just precise one thing
- DOC: fix small typo in fe_id (backend instead of frontend)
- BUG/MINOR: Fix the sending function in Lua's cosocket
- BUG/MINOR: lua: memory leak executing tasks
- BUG/MINOR: lua: bad return code
- BUG/MINOR: lua: memleak when Lua/cli fails
- MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools
- CLEANUP: haproxy: statify unexported functions
- MINOR: haproxy: add a registration for build options
- CLEANUP: wurfl: use the build options list to report it
- CLEANUP: 51d: use the build options list to report it
- CLEANUP: da: use the build options list to report it
- CLEANUP: namespaces: use the build options list to report it
- CLEANUP: tcp: use the build options list to report transparent modes
- CLEANUP: lua: use the build options list to report it
- CLEANUP: regex: use the build options list to report the regex type
- CLEANUP: ssl: use the build options list to report the SSL details
- CLEANUP: compression: use the build options list to report the algos
- CLEANUP: auth: use the build options list to report its support
- MINOR: haproxy: add a registration for post-check functions
- CLEANUP: checks: make use of the post-init registration to start checks
- CLEANUP: filters: use the function registration to initialize all proxies
- CLEANUP: wurfl: make use of the late init registration
- CLEANUP: 51d: make use of the late init registration
- CLEANUP: da: make use of the late init registration code
- MINOR: haproxy: add a registration for post-deinit functions
- CLEANUP: wurfl: register the deinit function via the dedicated list
- CLEANUP: 51d: register the deinitialization function
- CLEANUP: da: register the deinitialization function
- CLEANUP: wurfl: move global settings out of the global section
- CLEANUP: 51d: move global settings out of the global section
- CLEANUP: da: move global settings out of the global section
- MINOR: cfgparse: add two new functions to check arguments count
- MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock
- MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock
- MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock
- MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock
- MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock
- MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c
- BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
- BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
- BUG/MINOR: stats: fix be/sessions/current out in typed stats
- MINOR: tcp-rules: check that the listener exists before updating its counters
- MEDIUM: spoe: don't create a dummy listener for outgoing connections
- MINOR: listener: move the transport layer pointer to the bind_conf
- MEDIUM: move listener->frontend to bind_conf->frontend
- MEDIUM: ssl: remote the proxy argument from most functions
- MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops
- MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf()
- MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops
- MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()
- MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL
- MINOR: connection: add a minimal transport layer registration system
- CLEANUP: connection: remove all direct references to raw_sock and ssl_sock
- CLEANUP: connection: unexport raw_sock and ssl_sock
- MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops
- MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv()
- CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback
- CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c
- BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
- BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
- BUG/MINOR: systemd: potential zombie processes
- DOC: Add timings events schemas
- BUILD: lua: build failed on FreeBSD.
- MINOR: samples: add xx-hash functions
- MEDIUM: regex: pcre2 support
- BUG/MINOR: option prefer-last-server must be ignored in some case
- MINOR: stats: Support "select all" for backend actions
- BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
- BUG/MAJOR: channel: Fix the definition order of channel analyzers
- BUG/MINOR: http: report real parser state in error captures
- BUILD: scripts: automatically update the branch in version.h when releasing
- MINOR: tools: add a generic hexdump function for debugging
- BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
- MINOR: http: custom status reason.
- MINOR: connection: add sample fetch "fc_rcvd_proxy"
- BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
- BUG/MINOR: tools: fix off-by-one in port size check
- BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
- MEDIUM: server: split the address and the port into two different fields
- MINOR: tools: make str2sa_range() return the port in a separate argument
- MINOR: server: take the destination port from the port field, not the addr
- MEDIUM: server: disable protocol validations when the server doesn't resolve
- BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
- BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
- BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL
- MINOR: Use "500 Internal Server Error" for 500 error/status code message.
- MINOR: proto_http.c 502 error txt typo.
- DOC: add deprecation notice to "block"
- MINOR: compression: fix -vv output without zlib/slz
- BUG/MINOR: Reset errno variable before calling strtol(3)
- MINOR: ssl: don't show prefer-server-ciphers output
- OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration
- BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
- MAJOR: ssl: bind configuration per certificat
- MINOR: ssl: add curve suite for ECDHE negotiation
- MINOR: checks: Add agent-addr config directive
- MINOR: cli: Add possiblity to change agent config via CLI/socket
- MINOR: doc: Add docs for agent-addr configuration variable
- MINOR: doc: Add docs for agent-addr and agent-send CLI commands
- BUILD: ssl: fix to build (again) with boringssl
- BUILD: ssl: fix build on OpenSSL 1.0.0
- BUILD: ssl: silence a warning reported for ERR_remove_state()
- BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes()
- BUILD: ssl: kill a build warning introduced by BoringSSL compatibility
- BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
- BUG/MINOR: unix: fix connect's polling in case no data are scheduled
- MINOR: server: extend the flags to 32 bits
- BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword
- MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested
- BUG/MAJOR: dns: restart sockets after fork()
- MINOR: chunks: implement a simple dynamic allocator for trash buffers
- BUG/MEDIUM: http: prevent redirect from overwriting a buffer
- BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined
- BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
- BUG/MINOR: http: Return an error when a replace-header rule failed on the response
- BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
- BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()
- BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
- BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule
- MINOR: http: don't close when redirect location doesn't start with "/"
- MEDIUM: boringssl: support native multi-cert selection without bundling
- BUG/MEDIUM: ssl: fix verify/ca-file per certificate
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation.
- BUILD: ssl: fix build with -DOPENSSL_NO_DH
- MEDIUM: ssl: add new sample-fetch which captures the cipherlist
- MEDIUM: ssl: remove ssl-options from crt-list
- BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored.
- BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls
- MINOR: ssl: improved cipherlist captures
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents
- MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example
- MINOR: spoe: Remove SPOE details from the appctx structure
- MINOR: spoe: Add status code in error variable instead of hardcoded value
- MINOR: spoe: Send a log message when an error occurred during event processing
- MINOR: spoe: Check the scope of sample fetches used in SPOE messages
- MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer
- MINOR: spoe: Use the min of all known max_frame_size to encode messages
- MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames
- MINOR: spoe: Add support for fragmentation capability in the SPOA example
- MAJOR: spoe: refactor the filter to clean up the code
- MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames
- REORG: spoe: Move struct and enum definitions in dedicated header file
- REORG: spoe: Move low-level encoding/decoding functions in dedicated header file
- MINOR: spoe: Improve implementation of the payload fragmentation
- MINOR: spoe: Add support of negation for options in SPOE configuration file
- MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section
- MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
- MINOR: spoe: Add "send-frag-payload" option in spoe-agent section
- MINOR: spoe: Add "max-frame-size" statement in spoe-agent section
- DOC: spoe: Update SPOE documentation to reflect recent changes
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- MINOR: Add nbsrv sample converter
- CLEANUP: Replace repeated code to count usable servers with be_usable_srv()
- MINOR: Add hostname sample fetch
- CLEANUP: Remove comment that's no longer valid
- MEDIUM: http_error_message: txn->status / http_get_status_idx.
- MINOR: http-request tarpit deny_status.
- CLEANUP: http: make http_server_error() not set the status anymore
- MEDIUM: stats: Add JSON output option to show (info|stat)
- MEDIUM: stats: Add show json schema
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- MINOR: server: Add dynamic session cookies.
- MINOR: cli: Let configure the dynamic cookies from the cli.
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is provided.
- CLEANUP: config: Typo in comment.
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- TESTS: add a test configuration to stress handshake combinations
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- MEDIUM: connection: don't test for CO_FL_WAKE_DATA
- CLEANUP: connection: completely remove CO_FL_WAKE_DATA
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility
- BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- OPTIM: poll: enable support for POLLRDHUP
- MINOR: kqueue: exclusively rely on the kqueue returned status
- MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy
- MEDIUM: kqueue: only set FD_POLL_IN when there are pending data
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- MINOR: dns: improve DNS response parsing to use as many available records as possible
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: server: Make 'default-server' support 'backup' keyword.
- MINOR: server: Make 'default-server' support 'check-send-proxy' keyword.
- CLEANUP: server: code alignement.
- MINOR: server: Make 'default-server' support 'non-stick' keyword.
- MINOR: server: Make 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords.
- MINOR: server: Make 'default-server' support 'check-ssl' keyword.
- MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords.
- CLEANUP: server: code alignement.
- MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords.
- MINOR: server: Make 'default-server' support 'ssl' keyword.
- MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords.
- CLEANUP: server: code alignement.
- MINOR: server: Make 'default-server' support 'verify' keyword.
- MINOR: server: Make 'default-server' support 'verifyhost' setting.
- MINOR: server: Make 'default-server' support 'check' keyword.
- MINOR: server: Make 'default-server' support 'track' setting.
- MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings.
- MINOR: server: Make 'default-server' support 'redir' keyword.
- MINOR: server: Make 'default-server' support 'observe' keyword.
- MINOR: server: Make 'default-server' support 'cookie' keyword.
- MINOR: server: Make 'default-server' support 'ciphers' keyword.
- MINOR: server: Make 'default-server' support 'tcp-ut' keyword.
- MINOR: server: Make 'default-server' support 'namespace' keyword.
- MINOR: server: Make 'default-server' support 'source' keyword.
- MINOR: server: Make 'default-server' support 'sni' keyword.
- MINOR: server: Make 'default-server' support 'addr' keyword.
- MINOR: server: Make 'default-server' support 'disabled' keyword.
- MINOR: server: Add 'no-agent-check' server keyword.
- DOC: server: Add docs for "server" and "default-server" new "no-*" and other settings.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
- CLEANUP: time: curr_sec_ms doesn't need to be exported
- BUG/MEDIUM: server: Wrong server default CRT filenames initialization.
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
- CLEANUP: http: Remove channel_congested function
- CLEANUP: buffers: Remove buffer_bounce_realign function
- CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions
- MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request
- MINOR: http: Add debug messages when HTTP body analyzers are called
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
diff --git a/CHANGELOG b/CHANGELOG
index afbbb83..40d24d4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,327 @@
ChangeLog :
===========
+2017/04/03 : 1.8-dev1
+ - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
+ - BUG/MINOR: stats: make field_str() return an empty string on NULL
+ - DOC: Spelling fixes
+ - BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
+ - BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled txn
+ - BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and IS_DATA_FILTER
+ - BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and XFER_DATA analyzers
+ - BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in tunnel mode
+ - BUG/MAJOR: stream: fix session abort on resource shortage
+ - OPTIM: stream-int: don't disable polling anymore on DONT_READ
+ - BUG/MINOR: cli: allow the backslash to be escaped on the CLI
+ - BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
+ - DOC: Fix map table's format
+ - DOC: Added 51Degrees conv and fetch functions to documentation.
+ - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
+ - DOC: mention that req_tot is for both frontends and backends
+ - BUG/MEDIUM: variables: some variable name can hide another ones
+ - MINOR: lua: Allow argument for actions
+ - BUILD: rearrange target files by build time
+ - CLEANUP: hlua: just indent functions
+ - MINOR: lua: give HAProxy variable access to the applets
+ - BUG/MINOR: stats: fix be/sessions/max output in html stats
+ - MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
+ - DOC: lua: Documentation about some entry missing
+ - DOC: lua: Add documentation about variable manipulation from applet
+ - MINOR: Do not forward the header "Expect: 100-continue" when the option http-buffer-request is set
+ - DOC: Add undocumented argument of the trace filter
+ - DOC: Fix some typo in SPOE documentation
+ - MINOR: cli: Remove useless call to bi_putchk
+ - BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
+ - MINOR: applet: Count number of (active) applets
+ - MINOR: task: Rename run_queue and run_queue_cur counters
+ - BUG/MEDIUM: stream: Save unprocessed events for a stream
+ - BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
+ - BUILD/MEDIUM: Fixing the build using LibreSSL
+ - BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
+ - SCRIPTS: git-show-backports: fix a harmless typo
+ - SCRIPTS: git-show-backports: add -H to use the hash of the commit message
+ - BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
+ - CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context
+ - CLEANUP: applet/table: add an "action" entry in ->table context
+ - CLEANUP: applet: remove the now unused appctx->private field
+ - DOC: lua: documentation about time parser functions
+ - DOC: lua: improve links
+ - DOC: lua: section declared twice
+ - MEDIUM: cli: 'show cli sockets' list the CLI sockets
+ - BUG/MINOR: cli: "show cli sockets" wouldn't list all processes
+ - BUG/MINOR: cli: "show cli sockets" would always report process 64
+ - CLEANUP: lua: rename one of the lua appctx union
+ - BUG/MINOR: lua/cli: bad error message
+ - MEDIUM: lua: use memory pool for hlua struct in applets
+ - MINOR: lua/signals: Remove Lua part from signals.
+ - DOC: cli: show cli sockets
+ - MINOR: cli: automatically enable a CLI I/O handler when there's no parser
+ - CLEANUP: memory: remove the now unused cli_parse_show_pools() function
+ - CLEANUP: applet: group all CLI contexts together
+ - CLEANUP: stats: move a misplaced stats context initialization
+ - MINOR: cli: add two general purpose pointers and integers in the CLI struct
+ - MINOR: appctx/cli: remove the cli_socket entry from the appctx union
+ - MINOR: appctx/cli: remove the env entry from the appctx union
+ - MINOR: appctx/cli: remove the "be" entry from the appctx union
+ - MINOR: appctx/cli: remove the "dns" entry from the appctx union
+ - MINOR: appctx/cli: remove the "server_state" entry from the appctx union
+ - MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union
+ - CONTRIB: tcploop: add limits.h to fix build issue with some compilers
+ - MINOR/DOC: lua: just precise one thing
+ - DOC: fix small typo in fe_id (backend instead of frontend)
+ - BUG/MINOR: Fix the sending function in Lua's cosocket
+ - BUG/MINOR: lua: memory leak executing tasks
+ - BUG/MINOR: lua: bad return code
+ - BUG/MINOR: lua: memleak when Lua/cli fails
+ - MEDIUM: lua: remove Lua struct from session, and allocate it with memory pools
+ - CLEANUP: haproxy: statify unexported functions
+ - MINOR: haproxy: add a registration for build options
+ - CLEANUP: wurfl: use the build options list to report it
+ - CLEANUP: 51d: use the build options list to report it
+ - CLEANUP: da: use the build options list to report it
+ - CLEANUP: namespaces: use the build options list to report it
+ - CLEANUP: tcp: use the build options list to report transparent modes
+ - CLEANUP: lua: use the build options list to report it
+ - CLEANUP: regex: use the build options list to report the regex type
+ - CLEANUP: ssl: use the build options list to report the SSL details
+ - CLEANUP: compression: use the build options list to report the algos
+ - CLEANUP: auth: use the build options list to report its support
+ - MINOR: haproxy: add a registration for post-check functions
+ - CLEANUP: checks: make use of the post-init registration to start checks
+ - CLEANUP: filters: use the function registration to initialize all proxies
+ - CLEANUP: wurfl: make use of the late init registration
+ - CLEANUP: 51d: make use of the late init registration
+ - CLEANUP: da: make use of the late init registration code
+ - MINOR: haproxy: add a registration for post-deinit functions
+ - CLEANUP: wurfl: register the deinit function via the dedicated list
+ - CLEANUP: 51d: register the deinitialization function
+ - CLEANUP: da: register the deinitialization function
+ - CLEANUP: wurfl: move global settings out of the global section
+ - CLEANUP: 51d: move global settings out of the global section
+ - CLEANUP: da: move global settings out of the global section
+ - MINOR: cfgparse: add two new functions to check arguments count
+ - MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock
+ - MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock
+ - MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock
+ - MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to ssl_sock
+ - MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock
+ - MEDIUM: compression: move the zlib-specific stuff from global.h to compression.c
+ - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
+ - BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
+ - BUG/MINOR: stats: fix be/sessions/current out in typed stats
+ - MINOR: tcp-rules: check that the listener exists before updating its counters
+ - MEDIUM: spoe: don't create a dummy listener for outgoing connections
+ - MINOR: listener: move the transport layer pointer to the bind_conf
+ - MEDIUM: move listener->frontend to bind_conf->frontend
+ - MEDIUM: ssl: remote the proxy argument from most functions
+ - MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops
+ - MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf()
+ - MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops
+ - MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()
+ - MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL
+ - MINOR: connection: add a minimal transport layer registration system
+ - CLEANUP: connection: remove all direct references to raw_sock and ssl_sock
+ - CLEANUP: connection: unexport raw_sock and ssl_sock
+ - MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops
+ - MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv()
+ - CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback
+ - CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c
+ - BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
+ - BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
+ - BUG/MINOR: systemd: potential zombie processes
+ - DOC: Add timings events schemas
+ - BUILD: lua: build failed on FreeBSD.
+ - MINOR: samples: add xx-hash functions
+ - MEDIUM: regex: pcre2 support
+ - BUG/MINOR: option prefer-last-server must be ignored in some case
+ - MINOR: stats: Support "select all" for backend actions
+ - BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
+ - BUG/MAJOR: channel: Fix the definition order of channel analyzers
+ - BUG/MINOR: http: report real parser state in error captures
+ - BUILD: scripts: automatically update the branch in version.h when releasing
+ - MINOR: tools: add a generic hexdump function for debugging
+ - BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
+ - MINOR: http: custom status reason.
+ - MINOR: connection: add sample fetch "fc_rcvd_proxy"
+ - BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
+ - BUG/MINOR: tools: fix off-by-one in port size check
+ - BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
+ - MEDIUM: server: split the address and the port into two different fields
+ - MINOR: tools: make str2sa_range() return the port in a separate argument
+ - MINOR: server: take the destination port from the port field, not the addr
+ - MEDIUM: server: disable protocol validations when the server doesn't resolve
+ - BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
+ - BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
+ - BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL
+ - MINOR: Use "500 Internal Server Error" for 500 error/status code message.
+ - MINOR: proto_http.c 502 error txt typo.
+ - DOC: add deprecation notice to "block"
+ - MINOR: compression: fix -vv output without zlib/slz
+ - BUG/MINOR: Reset errno variable before calling strtol(3)
+ - MINOR: ssl: don't show prefer-server-ciphers output
+ - OPTIM/MINOR: config: Optimize fullconn automatic computation loading configuration
+ - BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
+ - MAJOR: ssl: bind configuration per certificat
+ - MINOR: ssl: add curve suite for ECDHE negotiation
+ - MINOR: checks: Add agent-addr config directive
+ - MINOR: cli: Add possiblity to change agent config via CLI/socket
+ - MINOR: doc: Add docs for agent-addr configuration variable
+ - MINOR: doc: Add docs for agent-addr and agent-send CLI commands
+ - BUILD: ssl: fix to build (again) with boringssl
+ - BUILD: ssl: fix build on OpenSSL 1.0.0
+ - BUILD: ssl: silence a warning reported for ERR_remove_state()
+ - BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes()
+ - BUILD: ssl: kill a build warning introduced by BoringSSL compatibility
+ - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
+ - BUG/MINOR: unix: fix connect's polling in case no data are scheduled
+ - MINOR: server: extend the flags to 32 bits
+ - BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved keyword
+ - MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested
+ - BUG/MAJOR: dns: restart sockets after fork()
+ - MINOR: chunks: implement a simple dynamic allocator for trash buffers
+ - BUG/MEDIUM: http: prevent redirect from overwriting a buffer
+ - BUG/MEDIUM: filters: Do not truncate HTTP response when body length is undefined
+ - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
+ - BUG/MINOR: http: Return an error when a replace-header rule failed on the response
+ - BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
+ - BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()
+ - BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
+ - BUG/MEDIUM: config: reject anything but "if" or "unless" after a use-backend rule
+ - MINOR: http: don't close when redirect location doesn't start with "/"
+ - MEDIUM: boringssl: support native multi-cert selection without bundling
+ - BUG/MEDIUM: ssl: fix verify/ca-file per certificate
+ - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
+ - MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation.
+ - BUILD: ssl: fix build with -DOPENSSL_NO_DH
+ - MEDIUM: ssl: add new sample-fetch which captures the cipherlist
+ - MEDIUM: ssl: remove ssl-options from crt-list
+ - BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored.
+ - BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls
+ - MINOR: ssl: improved cipherlist captures
+ - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
+ - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
+ - MAJOR: spoe: Add support of pipelined and asynchronous exchanges with agents
+ - MINOR: spoe: Add support for pipelining/async capabilities in the SPOA example
+ - MINOR: spoe: Remove SPOE details from the appctx structure
+ - MINOR: spoe: Add status code in error variable instead of hardcoded value
+ - MINOR: spoe: Send a log message when an error occurred during event processing
+ - MINOR: spoe: Check the scope of sample fetches used in SPOE messages
+ - MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer
+ - MINOR: spoe: Use the min of all known max_frame_size to encode messages
+ - MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames
+ - MINOR: spoe: Add support for fragmentation capability in the SPOA example
+ - MAJOR: spoe: refactor the filter to clean up the code
+ - MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK frames
+ - REORG: spoe: Move struct and enum definitions in dedicated header file
+ - REORG: spoe: Move low-level encoding/decoding functions in dedicated header file
+ - MINOR: spoe: Improve implementation of the payload fragmentation
+ - MINOR: spoe: Add support of negation for options in SPOE configuration file
+ - MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section
+ - MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
+ - MINOR: spoe: Add "send-frag-payload" option in spoe-agent section
+ - MINOR: spoe: Add "max-frame-size" statement in spoe-agent section
+ - DOC: spoe: Update SPOE documentation to reflect recent changes
+ - MINOR: config: warn when some HTTP rules are used in a TCP proxy
+ - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
+ - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
+ - BUG/MINOR: Fix "get map <map> <value>" CLI command
+ - MINOR: Add nbsrv sample converter
+ - CLEANUP: Replace repeated code to count usable servers with be_usable_srv()
+ - MINOR: Add hostname sample fetch
+ - CLEANUP: Remove comment that's no longer valid
+ - MEDIUM: http_error_message: txn->status / http_get_status_idx.
+ - MINOR: http-request tarpit deny_status.
+ - CLEANUP: http: make http_server_error() not set the status anymore
+ - MEDIUM: stats: Add JSON output option to show (info|stat)
+ - MEDIUM: stats: Add show json schema
+ - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
+ - MINOR: server: Add dynamic session cookies.
+ - MINOR: cli: Let configure the dynamic cookies from the cli.
+ - BUG/MINOR: checks: attempt clean shutw for SSL check
+ - CONTRIB: tcploop: make it build on FreeBSD
+ - CONTRIB: tcploop: fix time format to silence build warnings
+ - CONTRIB: tcploop: report action 'K' (kill) in usage message
+ - CONTRIB: tcploop: fix connect's address length
+ - CONTRIB: tcploop: use the trash instead of NULL for recv()
+ - BUG/MEDIUM: listener: do not try to rebind another process' socket
+ - BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is provided.
+ - CLEANUP: config: Typo in comment.
+ - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
+ - TESTS: add a test configuration to stress handshake combinations
+ - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
+ - BUG/MEDIUM: connection: ensure to always report the end of handshakes
+ - MEDIUM: connection: don't test for CO_FL_WAKE_DATA
+ - CLEANUP: connection: completely remove CO_FL_WAKE_DATA
+ - BUG: payload: fix payload not retrieving arbitrary lengths
+ - BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility
+ - BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl
+ - BUG/MAJOR: http: fix typo in http_apply_redirect_rule
+ - MINOR: doc: 2.4. Examples should be 2.5. Examples
+ - BUG/MEDIUM: stream: fix client-fin/server-fin handling
+ - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
+ - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
+ - OPTIM: poll: enable support for POLLRDHUP
+ - MINOR: kqueue: exclusively rely on the kqueue returned status
+ - MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy
+ - MEDIUM: kqueue: only set FD_POLL_IN when there are pending data
+ - DOC/MINOR: Fix typos in proxy protocol doc
+ - DOC: Protocol doc: add checksum, TLV type ranges
+ - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
+ - DOC: Protocol doc: add noop TLV
+ - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
+ - MINOR: dns: improve DNS response parsing to use as many available records as possible
+ - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
+ - MINOR: server: irrelevant error message with 'default-server' config file keyword.
+ - MINOR: server: Make 'default-server' support 'backup' keyword.
+ - MINOR: server: Make 'default-server' support 'check-send-proxy' keyword.
+ - CLEANUP: server: code alignement.
+ - MINOR: server: Make 'default-server' support 'non-stick' keyword.
+ - MINOR: server: Make 'default-server' support 'send-proxy' and 'send-proxy-v2 keywords.
+ - MINOR: server: Make 'default-server' support 'check-ssl' keyword.
+ - MINOR: server: Make 'default-server' support 'force-sslv3' and 'force-tlsv1[0-2]' keywords.
+ - CLEANUP: server: code alignement.
+ - MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*' keywords.
+ - MINOR: server: Make 'default-server' support 'ssl' keyword.
+ - MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*' keywords.
+ - CLEANUP: server: code alignement.
+ - MINOR: server: Make 'default-server' support 'verify' keyword.
+ - MINOR: server: Make 'default-server' support 'verifyhost' setting.
+ - MINOR: server: Make 'default-server' support 'check' keyword.
+ - MINOR: server: Make 'default-server' support 'track' setting.
+ - MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and 'crt' settings.
+ - MINOR: server: Make 'default-server' support 'redir' keyword.
+ - MINOR: server: Make 'default-server' support 'observe' keyword.
+ - MINOR: server: Make 'default-server' support 'cookie' keyword.
+ - MINOR: server: Make 'default-server' support 'ciphers' keyword.
+ - MINOR: server: Make 'default-server' support 'tcp-ut' keyword.
+ - MINOR: server: Make 'default-server' support 'namespace' keyword.
+ - MINOR: server: Make 'default-server' support 'source' keyword.
+ - MINOR: server: Make 'default-server' support 'sni' keyword.
+ - MINOR: server: Make 'default-server' support 'addr' keyword.
+ - MINOR: server: Make 'default-server' support 'disabled' keyword.
+ - MINOR: server: Add 'no-agent-check' server keyword.
+ - DOC: server: Add docs for "server" and "default-server" new "no-*" and other settings.
+ - MINOR: doc: fix use-server example (imap vs mail)
+ - BUG/MEDIUM: tcp: don't require privileges to bind to device
+ - BUILD: make the release script use shortlog for the final changelog
+ - BUILD: scripts: fix typo in announce-release error message
+ - CLEANUP: time: curr_sec_ms doesn't need to be exported
+ - BUG/MEDIUM: server: Wrong server default CRT filenames initialization.
+ - BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
+ - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
+ - BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next request
+ - CLEANUP: http: Remove channel_congested function
+ - CLEANUP: buffers: Remove buffer_bounce_realign function
+ - CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions
+ - MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request
+ - MINOR: http: Add debug messages when HTTP body analyzers are called
+ - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
+ - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
+ - DOC: fix parenthesis and add missing "Example" tags
+ - DOC: update the contributing file
+ - DOC: log-format/tcplog/httplog update
+ - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
+
2016/11/25 : 1.8-dev0
2016/11/25 : 1.7.0