diff --git a/specs/haproxy/haproxy.spec b/specs/haproxy/haproxy.spec index b3351ba53..3b175e84d 100644 --- a/specs/haproxy/haproxy.spec +++ b/specs/haproxy/haproxy.spec @@ -14,7 +14,7 @@ %define lua_ver 5.4.6 %define pcre_ver 10.42 -%define openssl_ver 3.1.1 +%define openssl_ver 3.1.3 %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -22,7 +22,7 @@ Name: haproxy Summary: TCP/HTTP reverse proxy for high availability environments -Version: 2.8.1 +Version: 2.8.3 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -229,6 +229,137 @@ fi ################################################################################ %changelog +* Wed Oct 04 2023 Anton Novojilov - 2.8.3-0 +- CI: do not use "groupinstall" for Fedora Rawhide builds +- CI: get rid of travis-ci wrapper for Coverity scan +- BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing +- BUG/MINOR: hlua: fix invalid use of lua_pop on error paths +- DEV: flags/show-sess-to-flags: properly decode fd.state +- BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection +- BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection +- DOC: typo: fix sc-set-gpt references +- SCRIPTS: git-show-backports: automatic ref and base detection with -m +- REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3) +- DOC: jwt: Add explicit list of supported algorithms +- BUILD: Makefile: add the USE_QUIC option to make help +- IMPORT: plock: also support inlining the int code +- MINOR: threads: inline the wait function for pthread_rwlock emulation +- MINOR: atomic: make sure to always relax after a failed CAS +- IMPORT: xxhash: update xxHash to version 0.8.2 +- CI: fedora: fix "dnf" invocation syntax +- BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage +- DOC: lua: fix core.register_action typo +- BUG/MINOR: ssl_sock: fix possible memory leak on OOM +- BUILD: import: guard plock.h against multiple inclusion +- BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate +- BUG/MINOR: stream: protect stream_dump() against incomplete streams +- DOC: config: mention uid dependency on the tune.quic.socket-owner option +- BUG/MINOR: checks: do not queue/wake a bounced check +- DEBUG: applet: Properly report opposite SC expiration dates in traces +- BUG/MEDIUM: stconn: Update stream expiration date on blocked sends +- BUG/MINOR: stconn: Don't report blocked sends during connection establishment +- BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending + shutdown +- BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown +- BUG/MINOR: quic: Possible skipped RTT sampling +- BUG/MAJOR: quic: Really ignore malformed ACK frames. +- BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer +- BUG/MINOR: stream: further protect stream_dump() against incomplete sessions +- DOC: configuration: update examples for req.ver +- MINOR: httpclient: allow to configure the retries +- MINOR: httpclient: allow to configure the timeout.connect +- BUG/MINOR: quic: Wrong RTT adjusments +- BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) +- BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer +- BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC +- BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC +- BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout +- NUG/MEDIUM: stconn: Always update stream's expiration date after I/O +- BUG/MINOR: applet: Always expect data when CLI is waiting for a new command +- BUG/MINOR: ring/cli: Don't expect input data when showing events +- BUG/MINOR: hlua/action: incorrect message on E_YIELD error +- MEDIUM: capabilities: enable support for Linux capabilities +- CI: Update to actions/checkout@v4 + +* Wed Oct 04 2023 Anton Novojilov - 2.8.2-0 +- DOC: ssl: Fix typo in 'ocsp-update' option +- DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list + only aspect +- BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT +- BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden + by a s-maxage +- BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() +- BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239() +- BUG/MINOR: sink: missing sft free in sink_deinit() +- BUG/MINOR: ring: size warning incorrectly reported as fatal error +- BUG/MINOR: ring: maxlen warning reported as alert +- BUG/MINOR: log: LF upsets maxlen for UDP targets +- MINOR: sink/api: pass explicit maxlen parameter to sink_write() +- BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets +- BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() +- BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() +- BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() +- BUG/MINOR: sink: invalid sft free in sink_deinit() +- BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() +- BUG/MINOR: server: set rid default value in new_server() +- MINOR: hlua_fcn/mailers: handle timeout mail from mailers section +- BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() +- EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script +- BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size +- BUG/MINOR: config: Remove final '\n' in error messages +- BUG/MEDIUM: quic: token IV was not computed using a strong secret +- BUG/MINOR: quic: retry token remove one useless intermediate expand +- BUG/MEDIUM: quic: missing check of dcid for init pkt including a token +- BUG/MEDIUM: quic: timestamp shared in token was using internal time clock +- CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt +- BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers +- BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing +- DOC: config: Fix fc_src description to state the source address is returned +- BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters +- BUG/MINOR: http: Return the right reason for 302 +- CI: add naming convention documentation +- CI: explicitely highlight VTest result section if there's something +- BUILD: quic: fix warning during compilation using gcc-6.5 +- BUG/MINOR: hlua: add check for lua_newstate +- BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses +- MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found +- BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured +- BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct +- BUG/MINOR: init: set process' affinity even in foreground +- BUG/MINOR: server: Don't warn on server resolution failure with init-addr none +- BUG/MINOR: quic: Missing parentheses around PTO probe variable. +- BUG/MINOR: server-state: Ignore empty files +- BUG/MINOR: server-state: Avoid warning on 'file not found' +- BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary +- MINOR: quic: Make ->set_encryption_secrets() be callable two times +- MINOR: quic: Useless call to SSL_CTX_set_quic_method() +- BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX +- BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line +- DOC: configuration: describe Td in Timing events +- BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full +- BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame +- BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse + ends +- BUG/MEDIUM: quic: consume contig space on requeue datagram +- BUG/MINOR: http-client: Don't forget to commit changes on HTX message +- BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error +- BUILD: quic: fix wrong potential NULL dereference +- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value + replacement +- REORG: http: move has_forbidden_char() from h2.c to http.h +- BUG/MAJOR: h3: reject header values containing invalid chars +- BUG/MAJOR: http: reject any empty content-length header value +- MINOR: ist: add new function ist_find_range() to find a character range +- MINOR: http: add new function http_path_has_forbidden_char() +- MINOR: h2: pass accept-invalid-http-request down the request parser +- REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests +- BUG/MINOR: h1: do not accept '#' as part of the URI component +- BUG/MINOR: h2: reject more chars from the :path pseudo header +- BUG/MINOR: h3: reject more chars from the :path pseudo header +- REGTESTS: http-rules: verify that we block '#' by default for normalize-uri +- DOC: clarify the handling of URL fragments in requests +- BUG/MINOR: http: skip leading zeroes in content-length values + * Fri Jul 14 2023 Anton Novojilov - 2.8.1-0 - BUG/MINOR: stats: Fix Lua's `get_stats` function - BUG/MINOR: stream: do not use client-fin/server-fin with HTX diff --git a/specs/haproxy/haproxy22.spec b/specs/haproxy/haproxy22.spec index 770350399..af6cca4be 100644 --- a/specs/haproxy/haproxy22.spec +++ b/specs/haproxy/haproxy22.spec @@ -18,7 +18,7 @@ %define lua_ver 5.4.6 %define pcre_ver 10.42 -%define openssl_ver 1.1.1u +%define openssl_ver 1.1.1v %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -26,7 +26,7 @@ Name: haproxy%{comp_ver} Summary: TCP/HTTP reverse proxy for high availability environments -Version: 2.2.30 +Version: 2.2.31 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -227,6 +227,31 @@ fi ################################################################################ %changelog +* Wed Oct 04 2023 Anton Novojilov - 2.2.31-0 +- BUG/MINOR: server: inherit from netns in srv_settings_cpy() +- BUG/MINOR: namespace: missing free in netns_sig_stop() +- BUG/MEDIUM: mworker: increase maxsock with each new worker +- DOC: Add tune.h2.max-frame-size option to table of contents +- BUG/MINOR: ring: maxlen warning reported as alert +- BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters +- BUG/MINOR: http: Return the right reason for 302 +- CI: explicitely highlight VTest result section if there's something +- BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses +- DOC: configuration: describe Td in Timing events +- BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full +- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value + replacement +- BUG/MAJOR: http: reject any empty content-length header value +- MINOR: ist: add new function ist_find_range() to find a character range +- MINOR: ist: Add istend() function to return a pointer to the end of the string +- MINOR: http: add new function http_path_has_forbidden_char() +- MINOR: h2: pass accept-invalid-http-request down the request parser +- BUG/MINOR: h1: do not accept '#' as part of the URI component +- BUG/MINOR: h2: reject more chars from the :path pseudo header +- REGTESTS: http-rules: verify that we block '#' by default for normalize-uri +- DOC: clarify the handling of URL fragments in requests +- BUG/MINOR: http: skip leading zeroes in content-length values + * Mon Jul 10 2023 Anton Novojilov - 2.2.30-0 - DOC/MINOR: reformat configuration.txt's "quoting and escaping" table - BUG/MINOR: mworker: stop doing strtok directly from the env diff --git a/specs/haproxy/haproxy24.spec b/specs/haproxy/haproxy24.spec index 3ad70257c..b3e81ab72 100644 --- a/specs/haproxy/haproxy24.spec +++ b/specs/haproxy/haproxy24.spec @@ -18,7 +18,7 @@ %define lua_ver 5.4.6 %define pcre_ver 10.42 -%define openssl_ver 1.1.1u +%define openssl_ver 1.1.1v %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -26,7 +26,7 @@ Name: haproxy%{comp_ver} Summary: TCP/HTTP reverse proxy for high availability environments -Version: 2.4.23 +Version: 2.4.24 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -231,6 +231,73 @@ fi ################################################################################ %changelog +* Wed Oct 04 2023 Anton Novojilov - 2.4.24-0 +- MINOR: proto_uxst: add resume method +- CLEANUP: listener: function comment typo in stop_listener() +- BUG/MINOR: listener: null pointer dereference suspected by coverity +- MINOR: listener/api: add lli hint to listener functions +- MINOR: listener: add relax_listener() function +- MINOR: listener: workaround for closing a tiny race between resume_listener() + and stopping +- MINOR: listener: make sure we don't pause/resume bypassed listeners +- BUG/MEDIUM: listener: fix pause_listener() suspend return value handling +- BUG/MINOR: listener: fix resume_listener() resume return value handling +- BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener() +- MINOR: listener: pause_listener() becomes suspend_listener() +- BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume +- MEDIUM: proto_ux: properly suspend named UNIX listeners +- MINOR: proto_ux: ability to dump ABNS names in error messages +- MINOR: lua: Add a function to get a reference on a table in the stack +- CLEANUP: Remove unused function hlua_get_top_error_string +- MINOR: hlua: add simple hlua reference handling API +- BUG/MINOR: hlua: fix reference leak in core.register_task() +- BUG/MINOR: hlua: fix reference leak in hlua_post_init_state() +- MINOR: hlua: simplify lua locking +- BUG/MEDIUM: hlua: prevent deadlocks with main lua lock +- BUG/MINOR: server: inherit from netns in srv_settings_cpy() +- BUG/MINOR: namespace: missing free in netns_sig_stop() +- BUG/MEDIUM: mworker: increase maxsock with each new worker +- DOC: Add tune.h2.max-frame-size option to table of contents +- BUILD: debug: avoid a build warning related to epoll_wait() in debug code +- BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT +- BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden + by a s-maxage +- BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() +- BUG/MINOR: sink: missing sft free in sink_deinit() +- BUG/MINOR: ring: size warning incorrectly reported as fatal error +- BUG/MINOR: ring: maxlen warning reported as alert +- BUG/MINOR: log: LF upsets maxlen for UDP targets +- MINOR: sink/api: pass explicit maxlen parameter to sink_write() +- BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets +- BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() +- BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() +- BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() +- BUG/MINOR: sink: invalid sft free in sink_deinit() +- BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() +- BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() +- BUG/MINOR: config: Remove final '\n' in error messages +- BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers +- BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters +- BUG/MINOR: http: Return the right reason for 302 +- CI: explicitely highlight VTest result section if there's something +- BUG/MINOR: hlua: add check for lua_newstate +- BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses +- BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary +- DOC: configuration: describe Td in Timing events +- BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full +- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value + replacement +- BUG/MAJOR: http: reject any empty content-length header value +- MINOR: ist: add new function ist_find_range() to find a character range +- MINOR: http: add new function http_path_has_forbidden_char() +- MINOR: h2: pass accept-invalid-http-request down the request parser +- REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests +- BUG/MINOR: h1: do not accept '#' as part of the URI component +- BUG/MINOR: h2: reject more chars from the :path pseudo header +- REGTESTS: http-rules: verify that we block '#' by default for normalize-uri +- DOC: clarify the handling of URL fragments in requests +- BUG/MINOR: http: skip leading zeroes in content-length values + * Mon Jul 10 2023 Anton Novojilov - 2.4.23-0 - DEV: hpack: fix `trash` build regression - BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in diff --git a/specs/haproxy/haproxy26.spec b/specs/haproxy/haproxy26.spec index a8b735925..fb1bb9637 100644 --- a/specs/haproxy/haproxy26.spec +++ b/specs/haproxy/haproxy26.spec @@ -18,7 +18,7 @@ %define lua_ver 5.4.6 %define pcre_ver 10.42 -%define openssl_ver 3.0.9 +%define openssl_ver 3.0.11 %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -26,7 +26,7 @@ Name: haproxy%{comp_ver} Summary: TCP/HTTP reverse proxy for high availability environments -Version: 2.6.14 +Version: 2.6.15 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -231,6 +231,83 @@ fi ################################################################################ %changelog +* Wed Oct 04 2023 Anton Novojilov - 2.6.15-0 +- BUG/MINOR: quic: Wrong encryption level flags checking +- BUG/MINOR: server: inherit from netns in srv_settings_cpy() +- BUG/MINOR: namespace: missing free in netns_sig_stop() +- BUG/MINOR: quic: Missing initialization (packet number space probing) +- BUG/MEDIUM: mworker: increase maxsock with each new worker +- BUG/MINOR: quic: ticks comparison without ticks API use +- DOC: Add tune.h2.max-frame-size option to table of contents +- REGTESTS: h1_host_normalization : Add a barrier to not mix up log messages +- BUG/MINOR: mworker: leak of a socketpair during startup failure +- BUG/MEDIUM: mux-h2: make sure control frames do not refresh the idle timeout +- BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty +- BUG/MEDIUM: quic: error checking buffer large enought to receive the retry tag +- BUG/MINOR: config: fix stick table duplicate name check +- BUG/MINOR: quic: Missing random bits in Retry packet header +- BUG/MINOR: quic: Wrong Retry paquet version field endianess +- BUG/MINOR: quic: Wrong endianess for version field in Retry token +- IMPORT: slz: implement a synchronous flush() operation +- MINOR: compression/slz: add support for a pure flush of pending bytes +- BUILD: debug: avoid a build warning related to epoll_wait() in debug code +- MINOR: quic: Move QUIC encryption level structure definition +- MINOR: quic: Move packet number space related functions +- MINOR: quic: Reduce the maximum length of TLS secrets +- CLEANUP: quic: Remove server specific about Initial packet number space +- BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT +- BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden + by a s-maxage +- BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() +- BUG/MINOR: sink: missing sft free in sink_deinit() +- BUG/MINOR: ring: size warning incorrectly reported as fatal error +- BUG/MINOR: ring: maxlen warning reported as alert +- BUG/MINOR: log: LF upsets maxlen for UDP targets +- MINOR: sink/api: pass explicit maxlen parameter to sink_write() +- BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets +- BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() +- BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() +- BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() +- BUG/MINOR: sink: invalid sft free in sink_deinit() +- BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() +- BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() +- BUG/MINOR: config: Remove final '\n' in error messages +- BUG/MEDIUM: quic: token IV was not computed using a strong secret +- BUG/MINOR: quic: retry token remove one useless intermediate expand +- BUG/MEDIUM: quic: missing check of dcid for init pkt including a token +- BUG/MEDIUM: quic: timestamp shared in token was using internal time clock +- BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers +- DOC: config: Fix fc_src description to state the source address is returned +- BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters +- BUG/MINOR: http: Return the right reason for 302 +- CI: explicitely highlight VTest result section if there's something +- BUILD: quic: fix warning during compilation using gcc-6.5 +- BUG/MINOR: hlua: add check for lua_newstate +- BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses +- BUG/MINOR: quic: Missing parentheses around PTO probe variable. +- BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary +- MINOR: quic: Make ->set_encryption_secrets() be callable two times +- MINOR: quic: Useless call to SSL_CTX_set_quic_method() +- BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line +- DOC: configuration: describe Td in Timing events +- BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full +- BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame +- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value + replacement +- REORG: http: move has_forbidden_char() from h2.c to http.h +- BUG/MAJOR: h3: reject header values containing invalid chars +- BUG/MAJOR: http: reject any empty content-length header value +- MINOR: ist: add new function ist_find_range() to find a character range +- MINOR: http: add new function http_path_has_forbidden_char() +- MINOR: h2: pass accept-invalid-http-request down the request parser +- REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests +- BUG/MINOR: h1: do not accept '#' as part of the URI component +- BUG/MINOR: h2: reject more chars from the :path pseudo header +- BUG/MINOR: h3: reject more chars from the :path pseudo header +- REGTESTS: http-rules: verify that we block '#' by default for normalize-uri +- DOC: clarify the handling of URL fragments in requests +- BUG/MINOR: http: skip leading zeroes in content-length values + * Mon Jul 10 2023 Anton Novojilov - 2.6.14-0 - BUG/MINOR: fd: always remove late updates when freeing fd_updt[] - MINOR: ssl: ssl_sock_load_cert_chain() display error strings diff --git a/specs/haproxy/haproxy28.spec b/specs/haproxy/haproxy28.spec index e7be9bd6b..339ee7ec6 100644 --- a/specs/haproxy/haproxy28.spec +++ b/specs/haproxy/haproxy28.spec @@ -18,7 +18,7 @@ %define lua_ver 5.4.6 %define pcre_ver 10.42 -%define openssl_ver 3.1.1 +%define openssl_ver 3.1.3 %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -26,7 +26,7 @@ Name: haproxy%{comp_ver} Summary: TCP/HTTP reverse proxy for high availability environments -Version: 2.8.1 +Version: 2.8.3 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -231,6 +231,137 @@ fi ################################################################################ %changelog +* Wed Oct 04 2023 Anton Novojilov - 2.8.3-0 +- CI: do not use "groupinstall" for Fedora Rawhide builds +- CI: get rid of travis-ci wrapper for Coverity scan +- BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing +- BUG/MINOR: hlua: fix invalid use of lua_pop on error paths +- DEV: flags/show-sess-to-flags: properly decode fd.state +- BUG/MINOR: stktable: allow sc-set-gpt(0) from tcp-request connection +- BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection +- DOC: typo: fix sc-set-gpt references +- SCRIPTS: git-show-backports: automatic ref and base detection with -m +- REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (3) +- DOC: jwt: Add explicit list of supported algorithms +- BUILD: Makefile: add the USE_QUIC option to make help +- IMPORT: plock: also support inlining the int code +- MINOR: threads: inline the wait function for pthread_rwlock emulation +- MINOR: atomic: make sure to always relax after a failed CAS +- IMPORT: xxhash: update xxHash to version 0.8.2 +- CI: fedora: fix "dnf" invocation syntax +- BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage +- DOC: lua: fix core.register_action typo +- BUG/MINOR: ssl_sock: fix possible memory leak on OOM +- BUILD: import: guard plock.h against multiple inclusion +- BUG/MINOR: ssl/cli: can't find ".crt" files when replacing a certificate +- BUG/MINOR: stream: protect stream_dump() against incomplete streams +- DOC: config: mention uid dependency on the tune.quic.socket-owner option +- BUG/MINOR: checks: do not queue/wake a bounced check +- DEBUG: applet: Properly report opposite SC expiration dates in traces +- BUG/MEDIUM: stconn: Update stream expiration date on blocked sends +- BUG/MINOR: stconn: Don't report blocked sends during connection establishment +- BUG/MEDIUM: stconn: Wake applets on sending path if there is a pending + shutdown +- BUG/MEDIUM: stconn: Don't block sends if there is a pending shutdown +- BUG/MINOR: quic: Possible skipped RTT sampling +- BUG/MAJOR: quic: Really ignore malformed ACK frames. +- BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer +- BUG/MINOR: stream: further protect stream_dump() against incomplete sessions +- DOC: configuration: update examples for req.ver +- MINOR: httpclient: allow to configure the retries +- MINOR: httpclient: allow to configure the timeout.connect +- BUG/MINOR: quic: Wrong RTT adjusments +- BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) +- BUG/MEDIUM: applet: Fix API for function to push new data in channels buffer +- BUG/MEDIUM: stconn: Report read activity when a stream is attached to front SC +- BUG/MEDIUM: applet: Report an error if applet request more room on aborted SC +- BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout +- NUG/MEDIUM: stconn: Always update stream's expiration date after I/O +- BUG/MINOR: applet: Always expect data when CLI is waiting for a new command +- BUG/MINOR: ring/cli: Don't expect input data when showing events +- BUG/MINOR: hlua/action: incorrect message on E_YIELD error +- MEDIUM: capabilities: enable support for Linux capabilities +- CI: Update to actions/checkout@v4 + +* Wed Oct 04 2023 Anton Novojilov - 2.8.2-0 +- DOC: ssl: Fix typo in 'ocsp-update' option +- DOC: ssl: Add ocsp-update troubleshooting clues and emphasize on crt-list + only aspect +- BUG/MINOR: tcp_sample: bc_{dst,src} return IP not INT +- BUG/MINOR: cache: A 'max-age=0' cache-control directive can be overriden + by a s-maxage +- BUG/MEDIUM: sink: invalid server list in sink_new_from_logsrv() +- BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239() +- BUG/MINOR: sink: missing sft free in sink_deinit() +- BUG/MINOR: ring: size warning incorrectly reported as fatal error +- BUG/MINOR: ring: maxlen warning reported as alert +- BUG/MINOR: log: LF upsets maxlen for UDP targets +- MINOR: sink/api: pass explicit maxlen parameter to sink_write() +- BUG/MEDIUM: log: improper use of logsrv->maxlen for buffer targets +- BUG/MINOR: log: fix missing name error message in cfg_parse_log_forward() +- BUG/MINOR: log: fix multiple error paths in cfg_parse_log_forward() +- BUG/MINOR: log: free errmsg on error in cfg_parse_log_forward() +- BUG/MINOR: sink: invalid sft free in sink_deinit() +- BUG/MINOR: sink: fix errors handling in cfg_post_parse_ring() +- BUG/MINOR: server: set rid default value in new_server() +- MINOR: hlua_fcn/mailers: handle timeout mail from mailers section +- BUG/MINOR: sink/log: properly deinit srv in sink_new_from_logsrv() +- EXAMPLES: maintain haproxy 2.8 retrocompatibility for lua mailers script +- BUG/MINOR: hlua_fcn/queue: use atomic load to fetch queue size +- BUG/MINOR: config: Remove final '\n' in error messages +- BUG/MEDIUM: quic: token IV was not computed using a strong secret +- BUG/MINOR: quic: retry token remove one useless intermediate expand +- BUG/MEDIUM: quic: missing check of dcid for init pkt including a token +- BUG/MEDIUM: quic: timestamp shared in token was using internal time clock +- CLEANUP: quic: remove useless parameter 'key' from quic_packet_encrypt +- BUG/MINOR: hlua: hlua_yieldk ctx argument should support pointers +- BUG/MEDIUM: hlua_fcn/queue: bad pop_wait sequencing +- DOC: config: Fix fc_src description to state the source address is returned +- BUG/MINOR: sample: Fix wrong overflow detection in add/sub conveters +- BUG/MINOR: http: Return the right reason for 302 +- CI: add naming convention documentation +- CI: explicitely highlight VTest result section if there's something +- BUILD: quic: fix warning during compilation using gcc-6.5 +- BUG/MINOR: hlua: add check for lua_newstate +- BUG/MINOR: h1-htx: Return the right reason for 302 FCGI responses +- MINOR: cpuset: add cpu_map_configured() to know if a cpu-map was found +- BUG/MINOR: config: do not detect NUMA topology when cpu-map is configured +- BUG/MINOR: cpuset: remove the bogus "proc" from the cpu_map struct +- BUG/MINOR: init: set process' affinity even in foreground +- BUG/MINOR: server: Don't warn on server resolution failure with init-addr none +- BUG/MINOR: quic: Missing parentheses around PTO probe variable. +- BUG/MINOR: server-state: Ignore empty files +- BUG/MINOR: server-state: Avoid warning on 'file not found' +- BUG/MEDIUM: listener: Acquire proxy's lock in relax_listener() if necessary +- MINOR: quic: Make ->set_encryption_secrets() be callable two times +- MINOR: quic: Useless call to SSL_CTX_set_quic_method() +- BUG/MINOR: ssl: OCSP callback only registered for first SSL_CTX +- BUG/MEDIUM: h3: Properly report a C-L header was found to the HTX start-line +- DOC: configuration: describe Td in Timing events +- BUG/MINOR: chunk: fix chunk_appendf() to not write a zero if buffer is full +- BUG/MEDIUM: h3: Be sure to handle fin bit on the last DATA frame +- BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse + ends +- BUG/MEDIUM: quic: consume contig space on requeue datagram +- BUG/MINOR: http-client: Don't forget to commit changes on HTX message +- BUG/MINOR: quic: reappend rxbuf buffer on fake dgram alloc error +- BUILD: quic: fix wrong potential NULL dereference +- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value + replacement +- REORG: http: move has_forbidden_char() from h2.c to http.h +- BUG/MAJOR: h3: reject header values containing invalid chars +- BUG/MAJOR: http: reject any empty content-length header value +- MINOR: ist: add new function ist_find_range() to find a character range +- MINOR: http: add new function http_path_has_forbidden_char() +- MINOR: h2: pass accept-invalid-http-request down the request parser +- REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri tests +- BUG/MINOR: h1: do not accept '#' as part of the URI component +- BUG/MINOR: h2: reject more chars from the :path pseudo header +- BUG/MINOR: h3: reject more chars from the :path pseudo header +- REGTESTS: http-rules: verify that we block '#' by default for normalize-uri +- DOC: clarify the handling of URL fragments in requests +- BUG/MINOR: http: skip leading zeroes in content-length values + * Fri Jul 14 2023 Anton Novojilov - 2.8.1-0 - BUG/MINOR: stats: Fix Lua's `get_stats` function - BUG/MINOR: stream: do not use client-fin/server-fin with HTX