Hi, HAProxy 1.7-dev4 was released on 2016/08/14. It added 112 new commits after version 1.7-dev3, it was time to issue another release. Many of them were bugs also fixed in 1.6, so I won't enumerate them again.
One change that may affect some users is that we removed the magic consisting in assigning a server's check port to the same port as the first port of the first "bind" directive in the listener if any. It doesn't make sense at all, is not documented, doesn't work in many situations (eg: unix sockets) and makes it impossible to improve the configuration. Normally nobody uses this anymore since 1.6 due to the fact that it is not allowed anymore to specify a port on the "listen" line. Developers may notice that now everything is rebuilt when they modify a ".h" file. Just do like me, append "DEP=" to your make command line and it will continue to work as before. Non-developer users are protected against easy mistakes and we are not bothered by a dependency hell. A number of build fixes for OpenBSD were merged. In fact it would not build anymore since 1.6 due to various missing includes (or include order). It's now OK. I'm surprized that we didn't receive any complaint in one year, in the past people would report OpenBSD breakage. Maybe these users are now on FreeBSD which seems to work very well. There were other updates like "set-src-port", "set-dst", "set-dst-port" actions, to force the incoming src/dst address/port to be replaced by the one in argument (useful for logging and also to force a connection to go to a server configured as 0.0.0.0). Another new action is the "track-sc" for http-response. This is nice to for counting certain response events. The "show tls-keys" CLI command can now display the current secrets. There were some filter changes that I don't remember well about but I know were important (sorry Chris). The SNI filters now support multicerts (rsa/ecdsa). We can also decode the Netscaler's CIP protocol which is an alternative to haproxy's PROXY protocol. We now have a few new sample fetch functions reporting various TCP-level information on Linux, FreeBSD and NetBSD such as RTT, number of retransmits, etc. It can make logs more usable during troubleshooting. And finally the command-line "-f" argument now supports directories in addition to file names. Files are loaded in alphabetical order. It is convenient for certain users, but beware of the orderning, use at your own risk! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.7/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/1.7/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Baptiste Assmann (4): BUILD: make proto_tcp.c compatible with musl library MINOR: standard.c: ipcmp() function to compare 2 IP addresses stored in 2 struct sockaddr_storage MINOR: standard.c: ipcpy() function to copy an IP address from a struct sockaddr_storage into an other one MAJOR: listen section: don't use first bind port anymore when no server ports are provided Bertrand Jacquin (2): MINOR: listener: add the "accept-netscaler-cip" option to the "bind" keyword MINOR: tcp: add "tcp-request connection expect-netscaler-cip layer4" Christopher Faulet (7): MEDIUM: filters: Move HTTP headers filtering in its own callback MINOR: filters: Simplify calls to analyzers using 2 new macros MEDIUM: filters: Add pre and post analyzer callbacks DOC: filters: Update the filters documentation accordingly to recent changes BUG/MEDIUM: filters: Fix data filtering when data are modified BUG/MINOR: filters: Fix HTTP parsing when a filter loops on data forwarding BUG/MINOR: Rework slightly commit 9962f8fc to clean code and avoid mistakes Cyril Bonté (1): BUG/MEDIUM: stats: show servers state may show an servers from another backend Dan Lloyd (1): DOC: spelling fixes David Carlier (2): CLEANUP: dumpstats: u64 field is an unsigned type. CLEANUP: connection: using internal struct to hold source and dest port. Dragan Dosen (6): MINOR: stream: export the function 'smp_create_src_stkctr' BUG/MINOR: http: url32+src should use the big endian version of url32 BUG/MINOR: http: url32+src should check cli_conn before using it DOC: http: add documentation for url32 and url32+src MINOR: standard: add function "escape_string" BUG/MEDIUM: log: use function "escape_string" instead of "escape_chunk" Emeric Brun (2): BUG/MINOR: peers: some updates are pushed twice after a resync. BUG/MINOR: peers: empty chunks after a resync. Emmanuel Hocdet (2): MEDIUM: ssl: support SNI filters with multicerts MINOR: ssl: crt-list parsing factor Frédéric Lécaille (1): BUG/MINOR: peers: Fix peers data decoding issue Herve COMMOWICK (1): DOC: fix json converter example and error message Hubert Verstraete (2): MINOR: new function my_realloc2 = realloc + free upon failure CLEANUP: fixed some usages of realloc leading to memory leak Joe Williams (1): MINOR: tcp: add further tcp info fetchers Lukas Tribus (1): BUG/MEDIUM: dns: unbreak DNS resolver after header fix Maxime de Roucy (4): MINOR: add list_append_word function MEDIUM: init: use list_append_word in haproxy.c MEDIUM: init: allow directory as argument of -f BUG/MEDIUM: init: don't use environment locale Nenad Merdanovic (2): DOC: Fix typo so fetch is properly parsed by Cyril's converter BUG/MINOR: Fix endiness issue in DNS header creation code Olivier Doucet (1): DOC: minor typo fixes to improve HTML parsing by haproxy-dconv Pavlos Parissis (2): MINOR: systemd: Use variable for config and pidfile paths MINOR: systemd: Perform sanity check on config before reload Remi Gacogne (1): BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() Roberto Guimaraes (1): BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params() Ruoshan Huang (2): BUG/MINOR: fix http-response set-log-level parsing error MEDIUM: http: implement http-response track-sc* directive Thierry FOURNIER (2): BUG/MEDIUM: lua: the function txn_done() from sample fetches can crash BUG/MEDIUM: lua: the function txn_done() from action wrapper can crash Thierry FOURNIER / OZON.IO (2): DOC: lua: remove old functions BUG/MEDIUM: lua: somme HTTP manipulation functions are called without valid requests Thierry Fournier (4): BUG/MEDIUM: sticktables: segfault in some configuration error cases BUG/MEDIUM: lua: converters doesn't work BUG/MINOR: http: add-header: header name copied twice BUG/MEDIUM: http: add-header: buffer overwritten Thierry Fournier / OZON.IO (1): MINOR: tcp: Return TCP statistics like RTT and RTT variance Vincent Bernat (2): BUG/MAJOR: fix listening IP address storage for frontends BUG/MINOR: fix listening IP address storage for frontends (cont) William Lallemand (9): BUG/MEDIUM: fix risk of segfault with "show tls-keys" MEDIUM: dumpstats: 'show tls-keys' is now able to show secrets DOC: update doc about tls-tickets-keys dump MEDIUM: tcp: add 'set-src' to 'tcp-request connection' MINOR: set the CO_FL_ADDR_FROM_SET flags with 'set-src' MEDIUM: tcp/http: add 'set-src-port' action MEDIUM: tcp/http: new set-dst/set-dst-port actions BUG/MEDIUM: dumpstats: undefined behavior in stats_tlskeys_list() MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump Willy Tarreau (46): CLEANUP: config: detect double registration of a config section MINOR: log: add the %Td log-format specifier SCRIPTS: teach git-show-backports how to report upstream commits SCRIPTS: make git-show-backports capable of limiting its history BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes BUG/MEDIUM: stick-tables: fix breakage in table converters MINOR: stick-table: change all stick-table converters' inputs to SMP_T_ANY BUILD: fix build on Solaris 11 BUG/MEDIUM: config: fix multiple declaration of section parsers BUILD/MEDIUM: rebuild everything when an include file is changed BUILD/MEDIUM: force a full rebuild if some build options change BUILD: ssl: fix typo causing a build failure in the multicert patch BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual limits BUG/MINOR: init: ensure that FD limit is raised to the max allowed BUG/MEDIUM: external-checks: close all FDs right after the fork() BUG/MAJOR: external-checks: use asynchronous signal delivery BUG/MINOR: external-checks: do not unblock undesired signals CLEANUP: external-check: don't block/unblock SIGCHLD when manipulating the list BUG/MINOR: srv-state: fix incorrect output of state file BUG/MINOR: http: fix misleading error message for response captures BUG/BUILD: don't automatically run "make" on "make install" DOC: add missing doc for http-request deny [deny_status <status>] BUG/MEDIUM: http: unbreak uri/header/url_param hashing Revert "BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()" BUG/MEDIUM: dns: fix alignment issues in the DNS response parser BUG/MINOR: peers: don't count track-sc multiple times on errors BUG/MEDIUM: stream-int: completely detach connection on connect error BUG/MAJOR: compression: initialize avail_in/next_in even during flush BUG/MEDIUM: samples: make smp_dup() always duplicate the sample MINOR: sample: implement smp_is_safe() and smp_make_safe() MINOR: sample: provide smp_is_rw() and smp_make_rw() BUG/MAJOR: server: the "sni" directive could randomly cause trouble BUG/MEDIUM: stick-tables: do not fail on string keys with no allocated size BUG/MEDIUM: stick-table: properly convert binary samples to keys MINOR: sample: use smp_make_rw() in upper/lower converters MINOR: tcp: add dst_is_local and src_is_local BUILD: protocol: fix some build errors on OpenBSD BUILD: log: iovec requires to include sys/uio.h on OpenBSD BUILD: tcp: do not include netinet/ip.h for IP_TTL BUILD: connection: fix build breakage on openbsd due to missing in_systm.h BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD BUILD: tcp: define SOL_TCP when only IPPROTO_TCP exists BUILD: compression: remove a warning when no compression lib is used BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong table [RELEASE] Released version 1.7-dev4 mildis (1): BUG/MINOR: ssl: close ssl key file on error
