Hi,
HAProxy 1.8-dev1 was released on 2017/04/03. It added 319 new commits
after version 1.8-dev0, brought by 33 contributors among which the
following 13 ones were newcomers :
Andriy Palamarchuk
David Harrigan
Felipe Guerreiro Barbosa Ruiz
Guillaume de Lafond
Hongbo Long
Luca Pizzamiglio
Marcin Deranek
Matthieu Guegan
Misiek
Olivier Houchard
Robin H. Johnson
Ryabin Sergey
Steven Davidovitz
Tim Düsterhus
So this is the end of development phase 1. Now please don't submit stuff
that has not been previously discussed. Developers working on various
features should now have more time to focus on finishing what they've
started and to fix their bugs.
Compared to 1.7.0, 1.8-dev1 brought a few new features :
- pipelined and asynchronous SPOE to improve performance of remote
processing / content validation ;
- bind configuration is now per certificate, which means that you can
expect some client authentication on certain host names only if you
want, while they're shared on the same IP:port as others not having
such a requirement (it also works for alpn, ciphers etc)
- BoringSSL and LibreSSL are supposed to be much better supported
- DNS multiple responses are now better spread over the server farm to
limit duplicates so that all servers get a different one when there
are more addresses than servers.
- stats output now supports JSON format
- support for "no-<keyword>" for all server keywords and support for
all such keywords in the default-server directive
- a few new sample fetch functions like hostname, or the ability to
extract the cipher list presented by a browser, apparently it's
sometimes useful to distinguish real vs fake browsers
- "show cli sockets" is supported on the CLI to report what other
sockets are available, useful in multi-process mode.
- "hard-stop-after" allows an old process to die after a grace period
during reloads, to avoid accumulation of very old processes when
facing never-ending connections. (backported to 1.7 as well).
- check agent's address can now be set using agent-addr, and all agent
settings can be changed over the CLI (useful in some auto-scale
environments where a central controller informs about the availability
of each server).
- dynamic cookie valuation : the new keyword "dynamic" on the "cookie" line
will compute an automatic, unique and consistent cookie value for a server
based on its proto:ip:port so that it's possible to maintain stickiness
over a cluster of load balancers regardless of the order of the servers
they learned over DNS or other means
- support for setting the status code on http-request tarpit, and setting
a custom reason as well on various rules.
- pcre2 support for regex
- improved Lua memory usage using pools
- improved error/warning reporting during config parsing
- small performance improvements with the kqueue poller (FreeBSD/OpenBSD)
- large number of documentation fixes and cleanups
- for developers, the code is now cleaner and more callback-based,
it's possible to create new files which register their own config,
version reporting, deinit code and even CLI keywords, meaning that
it's easier to add optional support for some stuff. As an exercise
(and a cleanup process), we could move the 3 device detection engines
to their own file without any reference at all from the rest of the
code, this will also significantly improve their maintenance and
limit the risk of accidental breakage when other contributors don't
have everything necessary to test them.
- for developers, the code builds significantly faster on machines
with many cores, after having reordered the sources in the makefile
according to their build time, so that slower ones are started first.
That's about all for now (I might have missed a few things, sorry if that's
the case and it's the feature you implemented, feel free to blame me here).
Now for the next steps, we have some pending stuff already that several
of us are still working on :
- openssl async API (Grant Zhang, under tests by Emeric, still facing
a few issues, possibly related to the engine we're using, should be
sorted out soon -- hopefully)
- dealing with the openssl version configuration mess revealed by
the new APIs (Manu and Emeric) -- this will impact some server
keywords. At this point I think there's agreement on what the
config should look like, maybe it's going to be OK with the
implementation, I expect this to get merged soon.
- HTTP/2 frontend (not kidding, but still quite a hard work)
- initial multi-threading support (Emeric and Christopher) : things
start to look scarier once observed closer :-)
- RAM-based "favicon" cache (William)
- make userlists updatable from the CLI (William) -- turning them to
maps was done already but never merged, it didn't appear sustainable
so a new approach will be followed
- master/worker model to get rid of systemd-wrapper (William)
- ability to pass the listening FDs from the old to the new process
during a reload to workaround the painful (rare but existing) RST
issue under Linux when closing the listener (Olivier).
- server-template (Fred) : pre-provisionning of disabled servers that
can easily be enabled over CLI/DNS/whatever.
- a few connection management fixes/improvements that are pending
in a few of my branches (improved close handling & polling
accuracy), possibly a hack to use eBPF to destroy empty ACKs during
reload to prevent empty connections from getting killed by close().
- improve handling of error-file by splitting headers and body -- I
don't know if someone is still working on this, but it's still
welcome and should not interfer with the other devs
Now I won't disclose a trade secret by saying that 1.8-dev1 is an
accumulation of a lot of young code that has not got a lot of testing
yet and that it's mostly aimed at developers. Thus feedback is welcome,
but if you want to push it in production, do it when you're around or
only if you have an automatic failover to the stable version :-)
Last point, we're in the process of migrating the server hosting the
mailing list and hosting haproxy.org (git and downloads). For now we
managed to avoid outages but there may be a few short hicups in the
upcoming days so don't worry.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.8/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Andriy Palamarchuk (4):
DOC/MINOR: Fix typos in proxy protocol doc
DOC: Protocol doc: add checksum, TLV type ranges
DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
DOC: Protocol doc: add noop TLV
Baptiste (1):
MINOR: dns: improve DNS response parsing to use as many available records
as possible
Baptiste Assmann (2):
MINOR: dns: give ability to dns_init_resolvers() to close a socket when
requested
BUG/MAJOR: dns: restart sockets after fork()
Ben Shillito (1):
DOC: Added 51Degrees conv and fetch functions to documentation.
Christopher Faulet (53):
BUG/MEDIUM: http: Fix tunnel mode when the CONNECT method is used
BUG/MINOR: http: Keep the same behavior between 1.6 and 1.7 for tunneled
txn
BUG/MINOR: filters: Protect args in macros HAS_DATA_FILTERS and
IS_DATA_FILTER
BUG/MINOR: filters: Invert evaluation order of HTTP_XFER_BODY and
XFER_DATA analyzers
BUG/MINOR: http: Call XFER_DATA analyzer when HTTP txn is switched in
tunnel mode
DOC: Add undocumented argument of the trace filter
DOC: Fix some typo in SPOE documentation
MINOR: cli: Remove useless call to bi_putchk
BUG/MINOR: cli: be sure to always warn the cli applet when input buffer
is full
MINOR: applet: Count number of (active) applets
MINOR: task: Rename run_queue and run_queue_cur counters
BUG/MEDIUM: stream: Save unprocessed events for a stream
BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
BUG/MINOR: Fix the sending function in Lua's cosocket
BUG/MAJOR: channel: Fix the definition order of channel analyzers
BUG/MINOR: stream: Fix how backend-specific analyzers are set on a stream
BUG/MEDIUM: filters: Do not truncate HTTP response when body length is
undefined
BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer
BUG/MINOR: http: Return an error when a replace-header rule failed on the
response
BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe
filters
BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
MAJOR: spoe: Add support of pipelined and asynchronous exchanges with
agents
MINOR: spoe: Add support for pipelining/async capabilities in the SPOA
example
MINOR: spoe: Remove SPOE details from the appctx structure
MINOR: spoe: Add status code in error variable instead of hardcoded value
MINOR: spoe: Send a log message when an error occurred during event
processing
MINOR: spoe: Check the scope of sample fetches used in SPOE messages
MEDIUM: spoe: Be sure to wakeup the good entity waiting for a buffer
MINOR: spoe: Use the min of all known max_frame_size to encode messages
MAJOR: spoe: Add support of payload fragmentation in NOTIFY frames
MINOR: spoe: Add support for fragmentation capability in the SPOA example
MAJOR: spoe: refactor the filter to clean up the code
MINOR: spoe: Handle NOTIFY frames cancellation using ABORT bit in ACK
frames
REORG: spoe: Move struct and enum definitions in dedicated header file
REORG: spoe: Move low-level encoding/decoding functions in dedicated
header file
MINOR: spoe: Improve implementation of the payload fragmentation
MINOR: spoe: Add support of negation for options in SPOE configuration
file
MINOR: spoe: Add "pipelining" and "async" options in spoe-agent section
MINOR: spoe: Rely on alertif_too_many_arg during configuration parsing
MINOR: spoe: Add "send-frag-payload" option in spoe-agent section
MINOR: spoe: Add "max-frame-size" statement in spoe-agent section
DOC: spoe: Update SPOE documentation to reflect recent changes
BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
BUG/MAJOR: http: fix typo in http_apply_redirect_rule
BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
BUG/MINOR: http: Fix conditions to clean up a txn and to handle the next
request
CLEANUP: http: Remove channel_congested function
CLEANUP: buffers: Remove buffer_bounce_realign function
CLEANUP: buffers: Remove buffer_contig_area and buffer_work_area functions
MINOR: http: remove useless check on HTTP_MSGF_XFER_LEN for the request
MINOR: http: Add debug messages when HTTP body analyzers are called
BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is
enabled
BUG/MINOR: filters: Don't force the stream's wakeup when we wait in
flt_end_analyze
Cyril Bonté (1):
MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
David Carlier (1):
MEDIUM: regex: pcre2 support
David Harrigan (1):
MINOR: stats: Support "select all" for backend actions
Dragan Dosen (1):
BUG/MINOR: cli: allow the backslash to be escaped on the CLI
Emeric Brun (3):
MINOR: connection: add sample fetch "fc_rcvd_proxy"
OPTIM/MINOR: config: Optimize fullconn automatic computation loading
configuration
BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
Emmanuel Hocdet (16):
BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL
MAJOR: ssl: bind configuration per certificat
MINOR: ssl: add curve suite for ECDHE negotiation
BUILD: ssl: fix to build (again) with boringssl
MEDIUM: boringssl: support native multi-cert selection without bundling
BUG/MEDIUM: ssl: fix verify/ca-file per certificate
BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
MINOR: ssl: removes SSL_CTX_set_ssl_version call and cleanup CTX creation.
BUILD: ssl: fix build with -DOPENSSL_NO_DH
MEDIUM: ssl: remove ssl-options from crt-list
BUG/MEDIUM: ssl: in bind line, ssl-options after 'crt' are ignored.
BUG/MINOR: ssl: fix cipherlist captures with sustainable SSL calls
MINOR: ssl: improved cipherlist captures
BUILD: ssl: simplify SSL_CTX_set_ecdh_auto compatibility
BUILD: ssl: fix OPENSSL_NO_SSL_TRACE for boringssl and libressl
Felipe Guerreiro Barbosa Ruiz (1):
BUG: payload: fix payload not retrieving arbitrary lengths
Frédéric Lécaille (32):
BUG/MINOR: cfgparse: loop in tracked servers lists not detected by
check_config_validity().
MINOR: server: irrelevant error message with 'default-server' config file
keyword.
MINOR: server: Make 'default-server' support 'backup' keyword.
MINOR: server: Make 'default-server' support 'check-send-proxy' keyword.
CLEANUP: server: code alignement.
MINOR: server: Make 'default-server' support 'non-stick' keyword.
MINOR: server: Make 'default-server' support 'send-proxy' and
'send-proxy-v2 keywords.
MINOR: server: Make 'default-server' support 'check-ssl' keyword.
MINOR: server: Make 'default-server' support 'force-sslv3' and
'force-tlsv1[0-2]' keywords.
CLEANUP: server: code alignement.
MINOR: server: Make 'default-server' support 'no-ssl*' and 'no-tlsv*'
keywords.
MINOR: server: Make 'default-server' support 'ssl' keyword.
MINOR: server: Make 'default-server' support 'send-proxy-v2-ssl*'
keywords.
CLEANUP: server: code alignement.
MINOR: server: Make 'default-server' support 'verify' keyword.
MINOR: server: Make 'default-server' support 'verifyhost' setting.
MINOR: server: Make 'default-server' support 'check' keyword.
MINOR: server: Make 'default-server' support 'track' setting.
MINOR: server: Make 'default-server' support 'ca-file', 'crl-file' and
'crt' settings.
MINOR: server: Make 'default-server' support 'redir' keyword.
MINOR: server: Make 'default-server' support 'observe' keyword.
MINOR: server: Make 'default-server' support 'cookie' keyword.
MINOR: server: Make 'default-server' support 'ciphers' keyword.
MINOR: server: Make 'default-server' support 'tcp-ut' keyword.
MINOR: server: Make 'default-server' support 'namespace' keyword.
MINOR: server: Make 'default-server' support 'source' keyword.
MINOR: server: Make 'default-server' support 'sni' keyword.
MINOR: server: Make 'default-server' support 'addr' keyword.
MINOR: server: Make 'default-server' support 'disabled' keyword.
MINOR: server: Add 'no-agent-check' server keyword.
DOC: server: Add docs for "server" and "default-server" new "no-*" and
other settings.
BUG/MEDIUM: server: Wrong server default CRT filenames initialization.
Guillaume de Lafond (3):
DOC: Add timings events schemas
DOC: log-format/tcplog/httplog update
MINOR: config parsing: add warning when log-format/tcplog/httplog is
overriden in "defaults" sections
Hongbo Long (1):
BUG/MEDIUM: stream: fix client-fin/server-fin handling
Janusz Dziemidowicz (1):
BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
Jarno Huuskonen (6):
MINOR: Use "500 Internal Server Error" for 500 error/status code message.
MINOR: proto_http.c 502 error txt typo.
DOC: add deprecation notice to "block"
MEDIUM: http_error_message: txn->status / http_get_status_idx.
MINOR: http-request tarpit deny_status.
DOC: fix parenthesis and add missing "Example" tags
Luca Pizzamiglio (1):
BUILD/MEDIUM: Fixing the build using LibreSSL
Lukas Tribus (4):
MINOR: compression: fix -vv output without zlib/slz
MINOR: ssl: don't show prefer-server-ciphers output
MINOR: doc: 2.4. Examples should be 2.5. Examples
MINOR: doc: fix use-server example (imap vs mail)
Marcin Deranek (3):
MINOR: proxy: Add fe_name/be_name fetchers next to existing fe_id/be_id
DOC: fix small typo in fe_id (backend instead of frontend)
BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
Matthieu Guegan (1):
BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
Misiek (4):
MINOR: checks: Add agent-addr config directive
MINOR: cli: Add possiblity to change agent config via CLI/socket
MINOR: doc: Add docs for agent-addr configuration variable
MINOR: doc: Add docs for agent-addr and agent-send CLI commands
Nenad Merdanovic (6):
BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
BUG/MINOR: Fix "get map <map> <value>" CLI command
MINOR: Add nbsrv sample converter
CLEANUP: Replace repeated code to count usable servers with
be_usable_srv()
MINOR: Add hostname sample fetch
CLEANUP: Remove comment that's no longer valid
Olivier Doucet (1):
BUG/MINOR: option prefer-last-server must be ignored in some case
Olivier Houchard (4):
MINOR: server: Add dynamic session cookies.
MINOR: cli: Let configure the dynamic cookies from the cli.
BUG/MEDIUM server: Fix crash when dynamic is defined, but not key is
provided.
CLEANUP: config: Typo in comment.
Robin H. Johnson (1):
MINOR: http: custom status reason.
Ruoshan Huang (1):
DOC: Fix map table's format
Ryabin Sergey (1):
BUG/MINOR: Reset errno variable before calling strtol(3)
Simon Horman (2):
MEDIUM: stats: Add JSON output option to show (info|stat)
MEDIUM: stats: Add show json schema
Steven Davidovitz (1):
BUG/MINOR: checks: attempt clean shutw for SSL check
Thierry FOURNIER (22):
BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
DOC: lua: documentation about time parser functions
DOC: lua: improve links
DOC: lua: section declared twice
CLEANUP: lua: rename one of the lua appctx union
BUG/MINOR: lua/cli: bad error message
MEDIUM: lua: use memory pool for hlua struct in applets
MINOR: lua/signals: Remove Lua part from signals.
MINOR/DOC: lua: just precise one thing
BUG/MINOR: lua: memory leak executing tasks
BUG/MINOR: lua: bad return code
BUG/MINOR: lua: memleak when Lua/cli fails
MEDIUM: lua: remove Lua struct from session, and allocate it with memory
pools
BUG/MINOR: stats: fix be/sessions/current out in typed stats
BUILD: lua: build failed on FreeBSD.
MINOR: samples: add xx-hash functions
BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches
sc*_get_gpt0
BUG/MINOR: lua: Map.end are not reliable because "end" is a reserved
keyword
BUG/MEDIUM: http: prevent redirect from overwriting a buffer
BUG/MINOR: sendmail: The return of vsnprintf is not cleanly tested
BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val
HTTP/1.1'
MEDIUM: ssl: add new sample-fetch which captures the cipherlist
Thierry FOURNIER / OZON.IO (7):
BUG/MEDIUM: variables: some variable name can hide another ones
MINOR: lua: Allow argument for actions
CLEANUP: hlua: just indent functions
MINOR: lua: give HAProxy variable access to the applets
DOC: lua: Documentation about some entry missing
DOC: lua: Add documentation about variable manipulation from applet
MINOR: Do not forward the header "Expect: 100-continue" when the option
http-buffer-request is set
Tim Düsterhus (1):
DOC: Spelling fixes
William Lallemand (3):
MEDIUM: cli: 'show cli sockets' list the CLI sockets
DOC: cli: show cli sockets
BUG/MINOR: systemd: potential zombie processes
Willy Tarreau (128):
BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
BUG/MINOR: stats: make field_str() return an empty string on NULL
BUG/MAJOR: stream: fix session abort on resource shortage
OPTIM: stream-int: don't disable polling anymore on DONT_READ
BUG/MEDIUM: cli: fix "show stat resolvers" and "show tls-keys"
DOC: mention that req_tot is for both frontends and backends
BUILD: rearrange target files by build time
BUG/MINOR: stats: fix be/sessions/max output in html stats
SCRIPTS: git-show-backports: fix a harmless typo
SCRIPTS: git-show-backports: add -H to use the hash of the commit message
BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
CLEANUP: applet/lua: create a dedicated ->fcn entry in hlua_cli context
CLEANUP: applet/table: add an "action" entry in ->table context
CLEANUP: applet: remove the now unused appctx->private field
BUG/MINOR: cli: "show cli sockets" wouldn't list all processes
BUG/MINOR: cli: "show cli sockets" would always report process 64
MINOR: cli: automatically enable a CLI I/O handler when there's no parser
CLEANUP: memory: remove the now unused cli_parse_show_pools() function
CLEANUP: applet: group all CLI contexts together
CLEANUP: stats: move a misplaced stats context initialization
MINOR: cli: add two general purpose pointers and integers in the CLI
struct
MINOR: appctx/cli: remove the cli_socket entry from the appctx union
MINOR: appctx/cli: remove the env entry from the appctx union
MINOR: appctx/cli: remove the "be" entry from the appctx union
MINOR: appctx/cli: remove the "dns" entry from the appctx union
MINOR: appctx/cli: remove the "server_state" entry from the appctx union
MINOR: appctx/cli: remove the "tlskeys" entry from the appctx union
CONTRIB: tcploop: add limits.h to fix build issue with some compilers
CLEANUP: haproxy: statify unexported functions
MINOR: haproxy: add a registration for build options
CLEANUP: wurfl: use the build options list to report it
CLEANUP: 51d: use the build options list to report it
CLEANUP: da: use the build options list to report it
CLEANUP: namespaces: use the build options list to report it
CLEANUP: tcp: use the build options list to report transparent modes
CLEANUP: lua: use the build options list to report it
CLEANUP: regex: use the build options list to report the regex type
CLEANUP: ssl: use the build options list to report the SSL details
CLEANUP: compression: use the build options list to report the algos
CLEANUP: auth: use the build options list to report its support
MINOR: haproxy: add a registration for post-check functions
CLEANUP: checks: make use of the post-init registration to start checks
CLEANUP: filters: use the function registration to initialize all proxies
CLEANUP: wurfl: make use of the late init registration
CLEANUP: 51d: make use of the late init registration
CLEANUP: da: make use of the late init registration code
MINOR: haproxy: add a registration for post-deinit functions
CLEANUP: wurfl: register the deinit function via the dedicated list
CLEANUP: 51d: register the deinitialization function
CLEANUP: da: register the deinitialization function
CLEANUP: wurfl: move global settings out of the global section
CLEANUP: 51d: move global settings out of the global section
CLEANUP: da: move global settings out of the global section
MINOR: cfgparse: add two new functions to check arguments count
MINOR: cfgparse: move parsing of "ca-base" and "crt-base" to ssl_sock
MEDIUM: cfgparse: move all tune.ssl.* keywords to ssl_sock
MEDIUM: cfgparse: move maxsslconn parsing to ssl_sock
MINOR: cfgparse: move parsing of ssl-default-{bind,server}-ciphers to
ssl_sock
MEDIUM: cfgparse: move ssl-dh-param-file parsing to ssl_sock
MEDIUM: compression: move the zlib-specific stuff from global.h to
compression.c
BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
MINOR: tcp-rules: check that the listener exists before updating its
counters
MEDIUM: spoe: don't create a dummy listener for outgoing connections
MINOR: listener: move the transport layer pointer to the bind_conf
MEDIUM: move listener->frontend to bind_conf->frontend
MEDIUM: ssl: remote the proxy argument from most functions
MINOR: connection: add a new prepare_bind_conf() entry to xprt_ops
MEDIUM: ssl_sock: implement ssl_sock_prepare_bind_conf()
MINOR: connection: add a new destroy_bind_conf() entry to xprt_ops
MINOR: ssl_sock: implement ssl_sock_destroy_bind_conf()
MINOR: server: move the use_ssl field out of the ifdef USE_OPENSSL
MINOR: connection: add a minimal transport layer registration system
CLEANUP: connection: remove all direct references to raw_sock and ssl_sock
CLEANUP: connection: unexport raw_sock and ssl_sock
MINOR: connection: add new prepare_srv()/destroy_srv() entries to xprt_ops
MINOR: ssl_sock: implement and use prepare_srv()/destroy_srv()
CLEANUP: ssl: move tlskeys_finalize_config() to a post_check callback
CLEANUP: ssl: move most ssl-specific global settings to ssl_sock.c
BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
BUG/MINOR: http: report real parser state in error captures
BUILD: scripts: automatically update the branch in version.h when
releasing
MINOR: tools: add a generic hexdump function for debugging
BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
BUG/MINOR: config: emit a warning if http-reuse is enabled with
incompatible options
BUG/MINOR: tools: fix off-by-one in port size check
BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
MEDIUM: server: split the address and the port into two different fields
MINOR: tools: make str2sa_range() return the port in a separate argument
MINOR: server: take the destination port from the port field, not the addr
MEDIUM: server: disable protocol validations when the server doesn't
resolve
BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
BUILD: ssl: fix build on OpenSSL 1.0.0
BUILD: ssl: silence a warning reported for ERR_remove_state()
BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding
RAND_pseudo_bytes()
BUILD: ssl: kill a build warning introduced by BoringSSL compatibility
BUG/MEDIUM: tcp: don't poll for write when connect() succeeds
BUG/MINOR: unix: fix connect's polling in case no data are scheduled
MINOR: server: extend the flags to 32 bits
MINOR: chunks: implement a simple dynamic allocator for trash buffers
BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()
BUG/MEDIUM: config: reject anything but "if" or "unless" after a
use-backend rule
MINOR: http: don't close when redirect location doesn't start with "/"
MINOR: config: warn when some HTTP rules are used in a TCP proxy
CLEANUP: http: make http_server_error() not set the status anymore
BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data
layer
CONTRIB: tcploop: make it build on FreeBSD
CONTRIB: tcploop: fix time format to silence build warnings
CONTRIB: tcploop: report action 'K' (kill) in usage message
CONTRIB: tcploop: fix connect's address length
CONTRIB: tcploop: use the trash instead of NULL for recv()
BUG/MEDIUM: listener: do not try to rebind another process' socket
TESTS: add a test configuration to stress handshake combinations
BUG/MAJOR: stream-int: do not depend on connection flags to detect
connection
BUG/MEDIUM: connection: ensure to always report the end of handshakes
MEDIUM: connection: don't test for CO_FL_WAKE_DATA
CLEANUP: connection: completely remove CO_FL_WAKE_DATA
MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
OPTIM: poll: enable support for POLLRDHUP
MINOR: kqueue: exclusively rely on the kqueue returned status
MEDIUM: kqueue: take care of EV_EOF to improve polling status accuracy
MEDIUM: kqueue: only set FD_POLL_IN when there are pending data
BUG/MEDIUM: tcp: don't require privileges to bind to device
BUILD: make the release script use shortlog for the final changelog
BUILD: scripts: fix typo in announce-release error message
CLEANUP: time: curr_sec_ms doesn't need to be exported
DOC: update the contributing file
---
