[RELEASE] Released version 2.2-dev6
Released version 2.2-dev6 with the following main changes :
- BUG/MINOR: ssl: memory leak when find_chain is NULL
- CLEANUP: ssl: rename ssl_get_issuer_chain to ssl_get0_issuer_chain
- MINOR: ssl: rework add cert chain to CTX to be libssl independent
- BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
- BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
- BUG/MINOR: peers: Use after free of "peers" section.
- CI: github actions: add weekly h2spec test
- BUG/MEDIUM: mux_h1: Process a new request if we already received it.
- MINOR: build: Fix build in mux_h1
- CLEANUP: remove obsolete comments
- BUG/MEDIUM: dns: improper parsing of aditional records
- MINOR: ssl: skip self issued CA in cert chain for ssl_ctx
- MINOR: listener: add so_name sample fetch
- MEDIUM: stream: support use-server rules with dynamic names
- MINOR: servers: Add a counter for the number of currently used connections.
- MEDIUM: connections: Revamp the way idle connections are killed
- MINOR: cli: add a general purpose pointer in the CLI struct
- MINOR: ssl: add a list of bind_conf in struct crtlist
- REORG: ssl: move SETCERT enum to ssl_sock.h
- BUG/MINOR: ssl: ckch_inst wrongly inserted in crtlist_entry
- REORG: ssl: move some functions above crtlist_load_cert_dir()
- MINOR: ssl: use crtlist_free() upon error in directory loading
- MINOR: ssl: add a list of crtlist_entry in ckch_store
- MINOR: ssl: store a ptr to crtlist in crtlist_entry
- MINOR: ssl/cli: update pointer to store in 'commit ssl cert'
- MEDIUM: ssl/cli: 'add ssl crt-list' command
- REGTEST: ssl/cli: test the 'add ssl crt-list' command
- BUG/MINOR: ssl: entry->ckch_inst not initialized
- REGTEST: ssl/cli: change test type to devel
- REGTEST: make the PROXY TLV validation depend on version 2.2
- CLEANUP: assorted typo fixes in the code and comments
- BUG/MINOR: stats: Fix color of draining servers on stats page
- DOC: internals: Fix spelling errors in filters.txt
- MINOR: connections: Don't mark conn flags 0x00000001 and 0x00000002 as unused.
- REGTEST: make the unique-id test depend on version 2.0
- BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive
- MINOR: ssl: split the line parsing of the crt-list
- MINOR: ssl/cli: support filters and options in add ssl crt-list
- MINOR: ssl: add a comment above the ssl_bind_conf keywords
- REGTEST: ssl/cli: tests options and filters w/ add ssl crt-list
- REGTEST: ssl: pollute the crt-list file
- BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
- BUG/MINOR: protocol_buffer: Wrong maximum shifting.
- CLEANUP: src/fd.c: mask setsockopt with DISGUISE
- BUG/MINOR: ssl/cli: initialize fcount int crtlist_entry
- REGTEST: ssl/cli: add other cases of 'add ssl crt-list'
- CLEANUP: assorted typo fixes in the code and comments
- DOC: management: add the new crt-list CLI commands
- BUG/MINOR: ssl/cli: fix spaces in 'show ssl crt-list'
- MINOR: ssl/cli: 'del ssl crt-list' delete an entry
- MINOR: ssl/cli: replace dump/show ssl crt-list by '-n' option
- CI: use better SSL library definition
- CI: travis-ci: enable DEBUG_STRICT=1 for CI builds
- CI: travis-ci: upgrade openssl to 1.1.1f
- MINOR: ssl: improve the errors when a crt can't be open
- CI: cirrus-ci: rename openssl package after it is renamed in FreeBSD
- CI: adopt openssl download script to download all versions
- BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete
- MINOR: ssl/cli: improve error for bundle in add/del ssl crt-list
- MINOR: ssl/cli: 'del ssl cert' deletes a certificate
- BUG/MINOR: ssl: trailing slashes in directory names wrongly cached
- BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
- CLEANUP: ssl: use the refcount for the SSL_CTX'
- CLEANUP: ssl/cli: use the list of filters in the crtlist_entry
- BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
- CLEANUP: ssl: remove a commentary in struct ckch_inst
- MINOR: ssl: initialize all list in ckch_inst_new()
- MINOR: ssl: free instances and SNIs with ckch_inst_free()
- MINOR: ssl: replace ckchs_free() by ckch_store_free()
- BUG/MEDIUM: ssl/cli: trying to access to free'd memory
- MINOR: ssl: ckch_store_new() alloc and init a ckch_store
- MINOR: ssl: crtlist_new() alloc and initialize a struct crtlist
- REORG: ssl: move some free/new functions
- MINOR: ssl: crtlist_entry_{new, free}
- BUG/MINOR: ssl: ssl_conf always set to NULL on crt-list parsing
- MINOR: ssl: don't alloc ssl_conf if no option found
- BUG/MINOR: connection: always send address-less LOCAL PROXY connections
- BUG/MINOR: peers: Incomplete peers sections should be validated.
- MINOR: init: report in "haproxy -c" whether there were warnings or not
- MINOR: init: add -dW and "zero-warning" to reject configs with warnings
- MINOR: init: report the compiler version in haproxy -vv
- CLEANUP: assorted typo fixes in the code and comments
- MINOR: init: report the haproxy version and executable path once on errors
- DOC: Make how "option redispatch" works more explicit
- BUILD: Makefile: add linux-musl to TARGET
- CLEANUP: assorted typo fixes in the code and comments
- CLEANUP: http: Fixed small typo in parse_http_return
- DOC: hashing: update link to hashing functions
diff --git a/CHANGELOG b/CHANGELOG
index 2fed2b4..2d09e39 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,96 @@
ChangeLog :
===========
+2020/04/17 : 2.2-dev6
+ - BUG/MINOR: ssl: memory leak when find_chain is NULL
+ - CLEANUP: ssl: rename ssl_get_issuer_chain to ssl_get0_issuer_chain
+ - MINOR: ssl: rework add cert chain to CTX to be libssl independent
+ - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
+ - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
+ - BUG/MINOR: peers: Use after free of "peers" section.
+ - CI: github actions: add weekly h2spec test
+ - BUG/MEDIUM: mux_h1: Process a new request if we already received it.
+ - MINOR: build: Fix build in mux_h1
+ - CLEANUP: remove obsolete comments
+ - BUG/MEDIUM: dns: improper parsing of aditional records
+ - MINOR: ssl: skip self issued CA in cert chain for ssl_ctx
+ - MINOR: listener: add so_name sample fetch
+ - MEDIUM: stream: support use-server rules with dynamic names
+ - MINOR: servers: Add a counter for the number of currently used connections.
+ - MEDIUM: connections: Revamp the way idle connections are killed
+ - MINOR: cli: add a general purpose pointer in the CLI struct
+ - MINOR: ssl: add a list of bind_conf in struct crtlist
+ - REORG: ssl: move SETCERT enum to ssl_sock.h
+ - BUG/MINOR: ssl: ckch_inst wrongly inserted in crtlist_entry
+ - REORG: ssl: move some functions above crtlist_load_cert_dir()
+ - MINOR: ssl: use crtlist_free() upon error in directory loading
+ - MINOR: ssl: add a list of crtlist_entry in ckch_store
+ - MINOR: ssl: store a ptr to crtlist in crtlist_entry
+ - MINOR: ssl/cli: update pointer to store in 'commit ssl cert'
+ - MEDIUM: ssl/cli: 'add ssl crt-list' command
+ - REGTEST: ssl/cli: test the 'add ssl crt-list' command
+ - BUG/MINOR: ssl: entry->ckch_inst not initialized
+ - REGTEST: ssl/cli: change test type to devel
+ - REGTEST: make the PROXY TLV validation depend on version 2.2
+ - CLEANUP: assorted typo fixes in the code and comments
+ - BUG/MINOR: stats: Fix color of draining servers on stats page
+ - DOC: internals: Fix spelling errors in filters.txt
+ - MINOR: connections: Don't mark conn flags 0x00000001 and 0x00000002 as unused.
+ - REGTEST: make the unique-id test depend on version 2.0
+ - BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive
+ - MINOR: ssl: split the line parsing of the crt-list
+ - MINOR: ssl/cli: support filters and options in add ssl crt-list
+ - MINOR: ssl: add a comment above the ssl_bind_conf keywords
+ - REGTEST: ssl/cli: tests options and filters w/ add ssl crt-list
+ - REGTEST: ssl: pollute the crt-list file
+ - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping
+ - BUG/MINOR: protocol_buffer: Wrong maximum shifting.
+ - CLEANUP: src/fd.c: mask setsockopt with DISGUISE
+ - BUG/MINOR: ssl/cli: initialize fcount int crtlist_entry
+ - REGTEST: ssl/cli: add other cases of 'add ssl crt-list'
+ - CLEANUP: assorted typo fixes in the code and comments
+ - DOC: management: add the new crt-list CLI commands
+ - BUG/MINOR: ssl/cli: fix spaces in 'show ssl crt-list'
+ - MINOR: ssl/cli: 'del ssl crt-list' delete an entry
+ - MINOR: ssl/cli: replace dump/show ssl crt-list by '-n' option
+ - CI: use better SSL library definition
+ - CI: travis-ci: enable DEBUG_STRICT=1 for CI builds
+ - CI: travis-ci: upgrade openssl to 1.1.1f
+ - MINOR: ssl: improve the errors when a crt can't be open
+ - CI: cirrus-ci: rename openssl package after it is renamed in FreeBSD
+ - CI: adopt openssl download script to download all versions
+ - BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete
+ - MINOR: ssl/cli: improve error for bundle in add/del ssl crt-list
+ - MINOR: ssl/cli: 'del ssl cert' deletes a certificate
+ - BUG/MINOR: ssl: trailing slashes in directory names wrongly cached
+ - BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
+ - CLEANUP: ssl: use the refcount for the SSL_CTX'
+ - CLEANUP: ssl/cli: use the list of filters in the crtlist_entry
+ - BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
+ - CLEANUP: ssl: remove a commentary in struct ckch_inst
+ - MINOR: ssl: initialize all list in ckch_inst_new()
+ - MINOR: ssl: free instances and SNIs with ckch_inst_free()
+ - MINOR: ssl: replace ckchs_free() by ckch_store_free()
+ - BUG/MEDIUM: ssl/cli: trying to access to free'd memory
+ - MINOR: ssl: ckch_store_new() alloc and init a ckch_store
+ - MINOR: ssl: crtlist_new() alloc and initialize a struct crtlist
+ - REORG: ssl: move some free/new functions
+ - MINOR: ssl: crtlist_entry_{new, free}
+ - BUG/MINOR: ssl: ssl_conf always set to NULL on crt-list parsing
+ - MINOR: ssl: don't alloc ssl_conf if no option found
+ - BUG/MINOR: connection: always send address-less LOCAL PROXY connections
+ - BUG/MINOR: peers: Incomplete peers sections should be validated.
+ - MINOR: init: report in "haproxy -c" whether there were warnings or not
+ - MINOR: init: add -dW and "zero-warning" to reject configs with warnings
+ - MINOR: init: report the compiler version in haproxy -vv
+ - CLEANUP: assorted typo fixes in the code and comments
+ - MINOR: init: report the haproxy version and executable path once on errors
+ - DOC: Make how "option redispatch" works more explicit
+ - BUILD: Makefile: add linux-musl to TARGET
+ - CLEANUP: assorted typo fixes in the code and comments
+ - CLEANUP: http: Fixed small typo in parse_http_return
+ - DOC: hashing: update link to hashing functions
+
2020/03/23 : 2.2-dev5
- CLEANUP: ssl: is_default is a bit in ckch_inst
- BUG/MINOR: ssl/cli: sni_ctx' mustn't always be used as filters
diff --git a/VERDATE b/VERDATE
index c55c85b..65d50e4 100644
--- a/VERDATE
+++ b/VERDATE
@@ -1,2 +1,2 @@
$Format:%ci$
-2020/03/23
+2020/04/17
diff --git a/VERSION b/VERSION
index 58c67de..386c580 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2-dev5
+2.2-dev6
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6657cb8..5d01835 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -4,7 +4,7 @@
----------------------
version 2.2
willy tarreau
- 2020/03/23
+ 2020/04/17
This document covers the configuration language as implemented in the version
diff --git a/doc/internals/hashing.txt b/doc/internals/hashing.txt
index 1bf6b26..da358b0 100644
--- a/doc/internals/hashing.txt
+++ b/doc/internals/hashing.txt
@@ -2,7 +2,7 @@
This document describes how Haproxy implements hashing both map-based and
consistent hashing, both prior to versions 1.5 and the motivation and tests
-that were done when providing additional options starting in version 1.5.
+that were done when providing additional options starting in version 2.2
A note on hashing in general, hash functions strive to have little
correlation between input and output. The heart of a hash function is its