- [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail
- [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning
- [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes.
- [PATCH 08/13] CLEANUP: .gitignore: ignore more test files
- [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what
- [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without
- [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0
- [PATCH 12/13] DOC: ssl: missing LF
- [PATCH 13/13] DOC: fix example of http-request using
Signed-off-by: heil <heil@terminal-consulting.de>
- BUILD/MINOR: tools: rename popcount to my_popcountl
- BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
Signed-off-by: heil <heil@terminal-consulting.de>
Released version 1.5.13 with the following main changes :
- BUG/MINOR: check: fix tcpcheck error message
- CLEANUP: deinit: remove codes for cleaning p->block_rules
- DOC: Update doc about weight, act and bck fields in the statistics
- MINOR: ssl: add a destructor to free allocated SSL ressources
- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
- MEDIUM: ssl: replace standards DH groups with custom ones
- BUG/MINOR: debug: display (null) in place of "meth"
- BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
- BUG/MEDIUM: cfgparse: segfault when userlist is misused
- BUG/MEDIUM: stats: properly initialize the scope before dumping stats
- BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
- CLEANUP: checks: simplify the loop processing of tcp-checks
- BUG/MAJOR: checks: always check for end of list before proceeding
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
- BUG/MEDIUM: peers: apply a random reconnection timeout
- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
- MEDIUM: init: don't stop proxies in parent process when exiting
- MINOR: peers: store the pointer to the signal handler
- MEDIUM: peers: unregister peers that were never started
- MEDIUM: config: propagate the table's process list to the peers sections
- MEDIUM: init: stop any peers section not bound to the correct process
- MEDIUM: config: validate that peers sections are bound to exactly one process
- MAJOR: peers: allow peers section to be used with nbproc > 1
- DOC: relax the peers restriction to single-process
- CLEANUP: config: fix misleading information in error message.
- MINOR: config: report the number of processes using a peers section in the error case
- BUG/MEDIUM: config: properly compute the default number of processes for a proxy
Signed-off-by: heil <heil@terminal-consulting.de>
- [PATCH 1/2] BUG/MEDIUM: stats: properly initialize the scope before
- [PATCH 2/2] BUG/MEDIUM: http: don't forward client shutdown without
- [PATCH 3/8] BUG/MINOR: check: fix tcpcheck error message
- [PATCH 4/8] CLEANUP: checks: fix double usage of cur / current_step
- [PATCH 5/8] BUG/MEDIUM: checks: do not dereference head of a
- [PATCH 6/8] CLEANUP: checks: simplify the loop processing of
- [PATCH 7/8] BUG/MAJOR: checks: always check for end of list before
- [PATCH 8/8] BUG/MEDIUM: checks: do not dereference a list as a
- [PATCH 09/10] BUG/MEDIUM: peers: apply a random reconnection timeout
- [PATCH 10/10] DOC: Update doc about weight, act and bck fields in the
- [PATCH 11/14] MINOR: ssl: add a destructor to free allocated SSL
- [PATCH 12/14] BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value
- [PATCH 13/14] BUG/MINOR: cfgparse: fix typo in 'option httplog' error
- [PATCH 14/14] BUG/MEDIUM: cfgparse: segfault when userlist is misused
Signed-off-by: heil <heil@terminal-consulting.de>
[RELEASE] Released version 1.5.12
Released version 1.5.12 with the following main changes :
- BUG/MINOR: ssl: Display correct filename in error message
- DOC: Fix L4TOUT typo in documentation
- BUG/MEDIUM: Do not consider an agent check as failed on L7 error
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
- BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax
- BUG/MEDIUM: peers: correctly configure the client timeout
- BUG/MINOR: compression: consider the expansion factor in init
- BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
- BUG/MEDIUM: listener: don't report an error when resuming unbound listeners
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified
- BUG/MEDIUM: http: remove content-length from chunked messages
- DOC: http: update the comments about the rules for determining transfer-length
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request
- BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding
- MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230
- MEDIUM: http: add option-ignore-probes to get rid of the floods of 408
- BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies
- MINOR: stick-table: don't attach to peers in stopped state
- MEDIUM: config: initialize stick-tables after peers, not before
- MEDIUM: peers: add the ability to disable a peers section
- DOC: document option http-ignore-probes
- DOC: fix the comments about the meaning of msg->sol in HTTP
- BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body
- BUG/MAJOR: http: prevent risk of reading past end with balance url_param
- DOC: update the doc on the proxy protocol
Signed-off-by: heil <heil@terminal-consulting.de>
- [PATCH 3/9] BUG/MEDIUM: Do not consider an agent check as failed on
- [PATCH 4/9] BUG/MEDIUM: peers: correctly configure the client timeout
- [PATCH 5/9] BUG/MEDIUM: buffer: one byte miss in buffer free space
- [PATCH 6/9] BUG/MAJOR: http: don't read past buffer's end in
- [PATCH 7/9] BUG/MEDIUM: http: the function "(req|res)-replace-value"
- [PATCH 8/9] BUG/MINOR: compression: consider the expansion factor in
- [PATCH 9/9] BUG/MEDIUM: http: hdr_cnt would not count any header when
Signed-off-by: heil <heil@terminal-consulting.de>
- BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used
- MINOR: ssl: load certificates in alphabetical order
- BUG/MINOR: checks: prevent http keep-alive with http-check expect
- BUG/MEDIUM: Do not set agent health to zero if server is disabled in config
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero
- BUG/MINOR: stats:Fix incorrect printf type.
- DOC: add missing entry for log-format and clarify the text
- BUG/MEDIUM: http: fix header removal when previous header ends with pure LF
- BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation
- BUG/MINOR: channel: compare to_forward with buf->i, not buf->size
- MINOR: channel: add channel_in_transit()
- MEDIUM: channel: make buffer_reserved() use channel_in_transit()
- MEDIUM: channel: make bi_avail() use channel_in_transit()
- BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected
- BUG/MAJOR: log: don't try to emit a log if no logger is set
- BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names
- BUG/MEDIUM: http: make http-request set-header compute the string before removal
- BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value
- BUG/MINOR: http: abort request processing on filter failure
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- DOC: fix a few typos
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized"
- BUG/MINOR: parse: refer curproxy instead of proxy
- DOC: httplog does not support 'no'
- MINOR: map/acl/dumpstats: remove the "Done." message
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MINOR: tcp-check: don't condition data polling on check type
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MINOR: config: fix typo in condition when propagating process binding
- BUG/MEDIUM: config: do not propagate processes between stopped processes
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MEDIUM: compression: correctly report zlib_mem
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- BUILD: fix "make install" to support spaces in the install dirs
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OOM.
- BUG/MINOR: samples: fix unnecessary memcopy converting binary to string.
- BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address information
- BUG/MEDIUM: pattern: don't load more than once a pattern list.
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- BUG/MINOR: config: don't inherit the default balance algorithm in frontends
- BUG/MAJOR: frontend: initialize capture pointers earlier
- BUG/MINOR: stats: correctly set the request/response analysers
- DOC: fix typo in the body parser documentation for msg.sov
- BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size
- MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping)
- BUG/MAJOR: sessions: unlink session from list on out of memory
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- [PATCH 1/6] BUILD: fix "make install" to support spaces in the
- [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause
- [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory
- [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks
- [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance
- [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Released version 1.5.8 with the following main changes :
- BUG/MAJOR: buffer: check the space left is enough or not
when input data in a buffer is wrapped
- BUG/BUILD: revert accidental change in the
makefile from latest SSL fix
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
According to Issue #342 here is a proposal to add a nossl variant to
that builts haproxy without ssl
Add pending patch from upstream
- [PATCH 14/14] MEDIUM: systemd-wrapper: support multiple executable
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- [PATCH 01/13] DOC: clearly state that the "show sess" output format
- [PATCH 02/13] MINOR: stats: fix minor typo fix in
- [PATCH 03/13] MEDIUM: Improve signal handling in systemd wrapper.
- [PATCH 04/13] MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
- [PATCH 05/13] DOC: indicate in the doc that track-sc* can wait if
- [PATCH 06/13] MEDIUM: http: enable header manipulation for 101
- [PATCH 07/13] BUG/MEDIUM: config: propagate frontend to backend
- [PATCH 08/13] MEDIUM: config: properly propagate process binding
- [PATCH 09/13] MEDIUM: config: make the frontends automatically bind
- [PATCH 10/13] MEDIUM: config: compute the exact bind-process before
- [PATCH 11/13] MEDIUM: config: only warn if stats are attached to
- [PATCH 12/13] MEDIUM: config: report it when tcp-request rules are
- [PATCH 13/13] MINOR: config: detect the case where a tcp-request
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- BUG: config: error in http-response replace-header number of arguments
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MEDIUM: http: tarpit timeout is reset
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- [PATCH 5/6] BUG/MEDIUM: http: tarpit timeout is reset
- [PATCH 6/6] MEDIUM: connection: add new bit in Proxy Protocol V2
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- upgrade to 1.5.3
- [PATCH 1/3] BUG/MINOR: server: move the directive #endif to the end
- [PATCH 2/3] BUG/MINOR: Fix search for -p argument in systemd wrapper.
- [PATCH 3/3] BUG/MAJOR: tcp: fix a possible busy spinning loop in
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
[PATCH 4/5] BUG/MINOR: http: base32+src should use the big endian
[PATCH 5/5] BUG/MEDIUM: connection: fix memory corruption when
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- [PATCH 22/25] DOC: minor fix on {sc,src}_kbytes_{in,out}
- [PATCH 23/25] DOC: fix alphabetical sort of converters
- [PATCH 24/25] BUG/MAJOR: http: correctly rewind the request body
- [PATCH 25/25] DOC: remove references to CPU=native in the README
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
this patch series mainly fixes a lot of reported issues in conjuction with
abstract socktet handling, improved the docs about the stats
- [PATCH 13/21] BUILD: http: fix isdigit & isspace warnings on Solaris
- [PATCH 14/21] BUG/MINOR: listener: set the listener's fd to -1 after
- [PATCH 15/21] BUG/MEDIUM: unix: failed abstract socket binding is
- [PATCH 16/21] MEDIUM: listener: implement a per-protocol pause()
- [PATCH 17/21] MEDIUM: listener: support rebinding during resume()
- [PATCH 18/21] BUG/MEDIUM: unix: completely unbind abstract sockets
- [PATCH 19/21] DOC: explicitly mention the limits of abstract
- [PATCH 20/21] DOC: expand the docs for the provided stats.
- [PATCH 21/21] BUG/MEDIUM: backend: Update hash to use unsigned int
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- [PATCH 10/12] MINOR: stats: fix minor typo in HTML page
- [PATCH 11/12] BUG/MEDIUM: unix: do not unlink() abstract namespace
- [PATCH 12/12] DOC: provide an example of how to use ssl_c_sha1
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- [PATCH 7/9] BUILD: remove TODO from the spec file and add READM
- [PATCH 8/9] MINOR: log: make MAX_SYSLOG_LEN overridable at build time
- [PATCH 9/9] MEDIUM: log: support a user-configurable max log line
length
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- BUG/MINOR: ssl: Fix external function in order not to return a pointer
on an internal trash buffer
- BUG/MINOR: counters: do not untrack counters before logging
- BUG/MAJOR: sample: correctly reinitialize sample fetch context before
calling sample_process()
- MINOR: stick-table: make stktable_fetch_key() indicate why it failed
- BUG/MEDIUM: counters: fix track-sc* to wait on unstable contents
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Bugs from 1.5.0 can cause file descriptor leak, results in the
impossibility to accept new connections after some time.
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
- includes support for SSL Termination, Compression Offloading, OCSP
Stapling support and much more
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
heil
Alexander Ryzhov