HAProxy 2.0-dev3 was released on 2019/05/15. It added 393 new commits
after version 2.0-dev2.

This is another huge version, having been distacted by a number of bugs
lately, this one was postponed a bit too much in my taste. As usual for a
development version, I'll skip over the bugfixes which are uninteresting
for this changelog.

The main points of this release are :
  - HTX enabled by default on all proxies. The only showstopper used to
    be the lack of ability to upgrade from TCP to HTTP in HTX mode when
    branching from a TCP frontend to an HTTP backend. Since it now works
    there is no reason for staying in legacy mode anymore. This means
    that all features (backend H2 etc) are all implicitly allowed without
    the need for an extra option. It is still possible to disable HTX in
    case of regression or suspicion using "no option http-use-htx". Keep
    in mind that any problem ought to be reported as the intent is to
    remove legacy mode with 2.1, so 2.0 will be the last one supporting
    both modes.

  - HTTP/2 is now supported on HTTP/1 ports (in HTX mode). Whenever the
    H2 preface is met on an H1 listener, the connection is automatically
    switched to H2.

  - significant scheduler improvements to improve fairness between all
    tasks in multi-threaded mode. There used to be a situation where some
    tasks could starve other ones, which was observable by some CLI commands
    timing out too early when doing "echo foo|socat"

  - lockup bug detection : if a task loops forever and uses all the CPU, this
    is a bug and haproxy will be killed. Similarly if a task locks up for a
    long time, haproxy is killed. This is enabled for now in development, and
    maybe it will stay enabled by default after the release as it would have
    helped a number of users to recover faster from some annoying bugs. If you
    see haproxy crash in an abort() and dump a core, first you'll know you've
    hit a serious bug and it managed to stop it, second keep in mind that
    there are developers who could be interested by knowing what was detected
    so please don't erase the trace and the core immediately. I still have
    some watchdog code under development that is even able to detect dead
    locks and crash the process in this case, I need to polish it.

  - Layer 7 retries : <rant> many of you know my disgust for such a feature
    essentially requested by incompetent admins trying to hide their horribly
    bogus applications and who prefer to shoot themselves in the foot instead
    of fixing the code, but there are a few valid (read riskless) use cases.
    One of them concerns the use of TCP fastopen to connect to the servers.
    It is not usable without such retries. Another one concerns 0-RTT to the
    servers where it's highly desirable that haproxy retries itself if the
    server ignores the early data. In addition to this there are some more
    legitimate users with known idempotent applications (static file servers
    and applications using replay-safe transaction numbers) where this can
    be understandable. The thing is that all these use cases require exactly
    the same mechanism. So now that this was implemented, it will also be
    available for those who want to do whatever and who will complain that
    haproxy multiplies their payment requests or kills all their servers in
    a domino effect. They'd rather not complain here or I may reserve them
    a selection of not-so-kind words. It is possible to finely enumerate
    the situations where a retry is permitted (see "retry-on"), and a few
    status codes are permitted (404 was included as this one is sometimes
    requested by content providers). In addition there is a new HTTP request
    action "disable-l7-retry" which allows to prevent such retries from
    happening (e.g. POST to an application not specifically designed to be
    replay-safe). Of course it is not enabled by default.</rant>

  - TFO is now supported when talking to servers. It is one of the positive
    effects of having L7 retries. Similarly 0-RTT can now be replayed without
    going back to the client.

  - stick-tables can now be declared inside peers sections. Many of those
    using tons of stick-tables have many backends with only one stick-table
    line. These backends also pollute the stats. And these stick-tables have
    to reference a peers section to be synchronized. We figured that since
    it is not possible to synchronize stick-tables between multiple peers
    sections, it made quite some sense to be able to declare several of
    them directly inside peers sections so that they are easily found,
    automatically synchronized, and require less configuration. These ones
    will be accessible using the peers section name followed by a slash and
    the stick-table name.

  - http-request/tcp-request action "do-resolve", which takes an argument,
    submits it to the DNS resolvers and sets the result back into a variable.
    It can be used to resolve anything on the fly. I already hear some people
    asking if we'll become a forward proxy, the response is "no" :-)  But
    Baptiste had a working demo of something like this just for fun.

  - log sampling and load balancing. The idea is to specify intervals of
    wider ranges for which logs will be sent to a given server. Thus it
    is possible for example to send only 1 log every 100 to a server to
    perform some sampling, or to send 1/3 to log server 1, 2/3 to log
    server 2 and 3/3 to log server 3 and perform some log load balancing.
    It's likely that over the long term we could add some hashing rules so
    that logs belonging to a same session end up on the same log server,
    but one thing at a time :-)

  - it is possible to load sidecar programs from the global section using
    the "program" keyword in master-worker mode. They will be monitored by
    the master process. This is mainly aimed at simplifying some complex
    setups and allowing haproxy + extra components to start/stop together.
    For example some may want to load a syslog relay. In the very distant
    past we could have imagined loading stud or stunnel to offload SSL.

  - idle server connections are better controlled now so that we don't
    enter a situation where a single session could collect tons of them 
    and not reuse them. Some heuristics are applied so that we give back
    idle connections more often.

  - the WURFL device detection was reintroduced. The Scientiamobile team
    has done a pretty good job at addressing all the issues that were
    raised and led to their removal so there was no reason to keep them
    out anymore. One nice improvement is that they provided a dummy library
    which allows to compile their code without any external dependency.
    This was the main issue developers were facing, and it turned out to
    be quite easy. Thus DeviceAtlas followed on the same principle and
    51Degrees said they'll contribute such a thing soon as well. It will
    then be possible to detect internal API regressions affecting any of
    them during development so that these issues should only be bad
    memories by now. We should even enable them in Travis builds by the
    way. There are still a few WURFL patches pending for review but
    nothing dramatic.

  - DeviceAtlas implemented support for HTX mode, so it's already 2.0-ready
    as well.

  - some systemd unit file changes were brought to ease the activation of
    the master socket. My understanding is that it will look at a few config
    files to figure the options passed on the command line so it should work
    on multiple distros.

  - Just like we used to rely on "hard-stop-after" to limit the number of
    old processes upon reload, it is now possible to limit the number of
    reloads a process survives (see "mworker-max-reloads") before being
    actively killed. Those reloading very frequently will probably like
    this one!

  - new "set-dumpable" global keyword. It tries its best to re-enable
    core dumps. It will do the equivalent of "ulimit -c unlimited" and
    of enabling dumps after setuid, which should save lots of trouble
    to users willing to provide some help on bug reports.

  - lots of cleanups and reorganization of the regtests. They have a
    real name now, which is more convenient to manipulate them, and their
    dependencies are cleaner as they can depend on individual build options.

  - I discovered an old SPOA server that Thierry implemented more than one
    year ago, and which provides SPOA to Python and Lua programs. I could
    verify that it starts so I merged it, it can be useful to a number of
    people, including developers who want an example of a more complex
    application than the basic examples.

  - Travis-CI integration : the patches we push are now automatically tested
    in about a dozen of setups (OS, SSL versions) and the reg tests are run.
    This has already saved quite some time to detect bugs. Thanks to Ilya
    for working on this.

  - addressed some build issues, mainly old AIX support and LibreSSL
    compatibility issues caused by their creative numbering (they pretend
    to be OpenSSL 2.0.0, complicating many compatibility tests). Now it
    should not break every morning anymore. Also some build issues of the
    "ist" strings affecting at least Cygwin should be addressed now (once
    I get a confirmation I can backport this to 1.9).

Yes I know it's a long list. There are still a few things pending but we're
seeing the end of the tunnel. Some SSL layering changes that will be needed
for QUIC were started and are currently being finished. I really want to
have them in 2.0 so that we don't have two distinct architectures to deal
with between 2.0 (which is long-term supported) and 2.1+. Manu has proposed
the support of Solaris' event ports as a much better poller than poll(). I
reviewed it, he's doing the final polishing and should be ready soon. Some
deprecated keywords which do not generate a warning should be addressed as
well or we'll never manage to get rid of them. I know that Christopher is
still addressing some HTX design concepts that could make the long term
maintenance much easier and that I'd rather see merged early. Tim already
has some patches for this. Alec Liu proposed to integrate the support of
SOCKS4. At first I was a bit worried but it turns out the protocol could
be supported in a very non-intrusive way so if it's ready in time I'm fine
with integrating it. I'm aware of a few other things people are working
on, we'll see. I'm not disclosing them to avoid putting needless pressure!

I've also seen based on recent reports and patch submissions that a few
harmless bugs here and there might still be present, but nothing to be
alarmed of. Given that recently we've been working on lots of bug reports
and that things start to cool down, I'm considering that we're getting much

I'd like to emit a new -dev release next week with the rest of the pending
stuff, aiming at a final release by the end of this month. Please do test
and report issues so that we don't get all of them in the last 3 days as
usual. We all know releases slip a bit and I'm fine with this, but at
least I'd like this to be for a good reason. Oh and keep in mind, this
is *development* so please be careful with it. We all really appreciate
to see bugs reported on live traffic but please don't use it as an excuse
for switching all your LBs on it, or it may bite you hard!

I'm going to open a -next branch to collect the pending stuff for 2.1. This 
one will periodically be rebased on top of master so that it can become the
next master after the release.

Have fun!

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/2.0/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog        : http://www.haproxy.org/download/2.0/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Apollon Oikonomopoulos (1):
      MINOR: systemd: Use the variables from /etc/default/haproxy

Baptiste Assmann (5):
      MINOR: proto_tcp: tcp-request content: enable set-dst and set-dst-var
      MINOR: dns: dns_requester structures are now in a memory pool
      MINOR: dns: move callback affection in dns_link_resolution()
      MINOR: obj_type: new object type for struct stream
      MINOR: action: new '(http-request|tcp-request content) do-resolve' action

Chris Packham (1):
      BUILD: threads: Add __ha_cas_dw fallback for single threaded builds

Christopher Faulet (79):
      BUG/MINOR: contrib/prometheus-exporter: Fix applet accordingly to recent 
      BUG/MINOR: mux-h1: Only skip invalid C-L headers on output
      BUG/MINOR: htx: Preserve empty HTX messages with an unprocessed parsing 
      BUG/MINOR: proto_htx: Reset to_forward value when a message is set to DONE
      REGTEST: http-capture/h00000: Relax a regex matching the log message
      REGTEST: http-messaging/h00000: Fix the test when the HTX is enabled
      REGTEST: http-rules/h00003: Use a different client for requests expecting 
a 301
      REGTEST: log/b00000: Be sure the client always hits its timeout
      REGTEST: lua/b00003: Relax the regex matching the log message
      REGTEST: lua/b00003: Specify the HAProxy pid when the command ss is 
      BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the 
      BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented 
      BUG/MINOR: spoe: Be sure to set tv_request when each message fragment is 
      BUG/MEDIUM: htx: Defrag if blocks position is changed and the payloads 
      BUG/MEDIUM: htx: Don't crush blocks payload when append is done on a data 
      MEDIUM: htx: Deprecate the option 'http-tunnel' and ignore it in HTX
      MINOR: proto_htx: Don't adjust transaction mode anymore in HTX analyzers
      BUG/MEDIUM: htx: Fix the process of HTTP CONNECT with h2 connections
      MINOR: mux-h1: Simplify handling of 1xx responses
      MINOR: stats/htx: Don't add "Connection: close" header anymore in stats 
      MEDIUM: h1: Add an option to sanitize connection headers during parsing
      MEDIUM: mux-h1: Simplify the connection mode management by sanitizing 
      MINOR: mux-h1: Don't release the conn_stream anymore when h1s is destroyed
      BUG/MINOR: mux-h1: Handle the flag CS_FL_KILL_CONN during a shutdown 
      MINOR: mux-h2: Add a mux_ops dedicated to the HTX mode
      MINOR: muxes: Add a flag to specify a multiplexer uses the HTX
      MINOR: stream: Set a flag when the stream uses the HTX
      MINOR: http: update the macro IS_HTX_STRM() to check the stream flag 
      MINOR: http_fetch/htx: Use stream flags instead of px mode in 
      MINOR: filters/htx: Use stream flags instead of px mode to instanciate a 
      MINOR: muxes: Rely on conn_is_back() during init to handle front/back conn
      MEDIUM: muxes: Add an optional input buffer during mux initialization
      MINOR: muxes: Pass the context of the mux to destroy() instead of the 
      MEDIUM: muxes: Be prepared to don't own connection during the release
      MEDIUM: connection: Add conn_upgrade_mux_fe() to handle mux upgrades
      MEDIUM: htx: Allow the option http-use-htx to be used on TCP proxies too
      MAJOR: proxy/htx: Handle mux upgrades from TCP to HTTP in HTX mode
      MAJOR: muxes/htx: Handle inplicit upgrades from h1 to h2
      MAJOR: htx: Enable the HTX mode by default for all proxies
      REGTEST: Use HTX by default and add '--no-htx' option to disable it
      BUG/MEDIUM: muxes: Don't dereference mux context if null in release 
      BUG/MINOR: mux-h1: Process input even if the input buffer is empty
      BUG/MINOR: mux-h1: Don't switch the parser in busy mode if other side has 
      BUG/MEDIUM: mux-h1: Notify the stream waiting for TCP splicing if ibuf is 
      BUG/MEDIUM: mux-h1: Enable TCP splicing to exchange data only
      MINOR: mux-h1: Handle read0 during TCP splicing
      BUG/MEDIUM: htx: Don't return the start-line if the HTX message is empty
      BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
      BUG/MINOR: http_fetch/htx: Allow permissive sample prefetch for the HTX
      BUG/MINOR: http_fetch/htx: Use HTX versions if the proxy enables the HTX 
      BUG/MINOR: contrib/prometheus-exporter: Fix a typo in the run-queue 
metric type
      MINOR: contrib/prometheus-exporter: Remove usless rate metrics
      MINOR: contrib/prometheus-exporter: Rename some metrics to be more usable
      MINOR: contrib/prometheus-exporter: Follow best practices about metrics 
      BUG/MEDIUM: h1: Don't parse chunks CRLF if not enough data are available
      BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP 
      BUG/MEDIUM: stream: Don't request a server connection if a shutw was 
      BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
      BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
      MINOR: gcc: Fix a silly gcc warning in connect_server()
      BUG/MEDIUM: stream: Fix the way early aborts on the client side are 
      BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet 
      BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP proxies 
      BUG/MINOR: htx: Exclude TCP proxies when the HTX mode is handled during 
      BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per 
      MINOR: spoe: Use the sample context to pass frag_ctx info during encoding
      BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is 
      MINOR: config: Test validity of tune.maxaccept during the config parsing
      CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1
      BUG/MEDIUM: spoe: Be sure the sample is found before setting its context
      BUG/MINOR: mux-h1: Fix the parsing of trailers
      BUG/MINOR: htx: Never transfer more than expected in htx_xfer_blks()
      MINOR: htx: Split on DATA blocks only when blocks are moved to an HTX 
      MINOR: htx: Don't try to append a trailer block with the previous one
      MINOR: htx: Remove support for unused OOB HTX blocks
      BUG/MINOR: stream: Attach the read side on the response as soon as 
      BUG/MEDIUM: http: Use pointer to the begining of input to parse message 
      MINOR: spoe: Set the argument chunk size to 0 when SPOE variables are 
      BUG/MEDIUM: mux-h2: Set EOI on the conn_stream during h2_rcv_buf()

David CARLIER (1):
      MEDIUM: da: HTX mode support.

David Carlier (2):
      BUILD/MINOR: listener: Silent a few signedness warnings.
      BUILD/MEDIUM: contrib: Dummy DeviceAtlas API.

Dragan Dosen (7):
      BUG/MINOR: haproxy: fix rule->file memory leak
      BUG/MINOR: log: properly free memory on logformat parse error and deinit()
      BUG/MINOR: checks: free memory allocated for tasklets
      BUG/MEDIUM: pattern: fix memory leak in regex pattern functions
      MEDIUM: regex: modify regex_comp() to atomically allocate/free the 
my_regex struct
      BUG/MEDIUM: stick-table: fix regression caused by a change in proxy struct
      BUG/MEDIUM: tasks: fix possible segfault on task_destroy()

Emeric Brun (3):
      BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on 
      MINOR: peers: adds counters on show peers about tasks calls.
      MINOR: ssl/cli: async fd io-handlers printable on show fd

Emmanuel Hocdet (1):
      MINOR: ssl: Activate aes_gcm_dec converter for BoringSSL

Freddy Spierenburg (1):
      DOC: The option httplog is no longer valid in a backend.

Frédéric Lécaille (1):
      REGTEST: Missing REQUIRE_VERSION declarations.

Frédéric Lécaille (32):
      BUG/MINOR: peers: Really close the sessions with no heartbeat.
      CLEANUP: peers: remove useless annoying tabulations.
      CLEANUP: peers: replace timeout constants by macros.
      REGTEST: Enable again reg tests with HEAD HTTP method usage.
      DOC: peers: Peers protocol documentation update.
      BUG/MINOR: peers: Missing initializations after peer session shutdown.
      MINOR: peers: Add a new command to the CLI for peers.
      DOC: update for "show peers" CLI command.
      MINOR: log: Extract some code to send syslog messages.
      REGTEST: replace LEVEL option by a more human readable one.
      REGTEST: rename the reg test files.
      REGTEST: adapt some reg tests after renaming.
      BUG/MAJOR: stream: Missing DNS context initializations.
      MINOR: log: Add "sample" new keyword to "log" lines.
      MINOR: log: Enable the log sampling and load-balancing feature.
      DOC: log: Document the sampling and load-balancing logging feature.
      REGTEST: Add a new reg test for log load-balancing feature.
      REGTEST: Make this reg test be Linux specific.
      BUILD: travis: TMPDIR replacement.
      MINOR: config: Extract the code of "stick-table" line parsing.
      BUILD/MINOR: stick-table: Compilation fix.
      MEDIUM: stick-table: Stop handling stick-tables as proxies.
      MINOR: stick-tables: Add peers process binding computing.
      MINOR: stick-table: Add prefixes to stick-table names.
      MINOR: peers: Do not emit global stick-table names.
      DOC: Update for "table" lines in "peers" section.
      REGTEST: Add reg tests for "table" lines in "peers" sections.
      REGTEST: Flag some slow reg tests.
      REGTEST: Reg tests file renaming.
      REGTEST: Wrong renaming for one reg test.
      REGTEST: Wrong assumption in IP:port logging test.
      BUG/MINOR: log: Wrong log format initialization.

Ilya Shipitsin (11):
      REGTESTS: exclude tests that require ssl, pcre if no such feature is 
      MEDIUM: enable travis-ci builds
      BUG/MEDIUM: servers: fix typo "src" instead of "srv"
      BUILD: extend travis-ci matrix
      BUILD: remove "build_libressl" duplicate declaration
      BUILD: travis-ci: get back to osx without openssl support
      BUILD: enable several LibreSSL hacks, including
      BUILD: temporarily mark LibreSSL builds as allowed to fail
      BUILD: travis-ci bugfixes and improvements
      BUILD: add BoringSSL to travis-ci build matrix
      BUILD: travis-ci: make TMPDIR global variable in travis-ci

Kevin Zhu (1):
      BUG/MEDIUM: spoe: arg len encoded in previous frag frame but len changed

Nenad Merdanovic (3):
      MINOR: ssl: Add aes_gcm_dec converter
      BUG/MEDIUM: map: Fix memory leak in the map converter
      BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation

Olivier Houchard (55):
      BUG/MEDIUM: checks: Don't bother subscribing if we have a connection 
      BUG/MEDIUM: h2: Don't attempt to recv from h2_process_demux if we 
      BUG/MEDIUM: streams: Don't remove the SI_FL_ERR flag in si_update_both().
      BUG/MEDIUM: streams: Store prev_state before calling si_update_both().
      BUG/MEDIUM: stream: Don't clear the stream_interface flags in 
      MINOR: initcall: Don't forget to define the __start/stop_init_##stg 
      MINOR: threads: Implement thread_cpus_enabled() for FreeBSD.
      BUG/MEDIUM: streams: Only re-run process_stream if we're in a connected 
      BUG/MEDIUM: stream_interface: Don't bother doing chk_rcv/snd if not 
      BUG/MEDIUM: muxes: Make sure we unsubcribed when destroying mux ctx.
      BUG/MEDIUM: h2: Make sure we're not already in the send_list in 
      BUG/MEDIUM: h2: Revamp the way send subscriptions works.
      MINOR: connections: Remove the SUB_CALL_UNSUBSCRIBE flag.
      BUG/MEDIUM: Threads: Only use the gcc >= 4.7 builtins when using gcc >= 
      BUG/MEDIUM: tasks: Make sure we modify global_tasks_mask with the rq_lock.
      MINOR: tasks: Don't consider we can wake task with tasklet_wakeup().
      MEDIUM: tasks: No longer use rq.node.leaf_p as a lock.
      MINOR: tasks: Don't set the TASK_RUNNING flag when adding in the tasklet 
      BUG/MEDIUM: applets: Don't use task_in_rq().
      MEDIUM: tasks: Merge task_delete() and task_free() into task_destroy().
      MEDIUM: tasks: Don't account a destroyed task as a runned task.
      MEDIUM: tasks: Use __ha_barrier_store after modifying global_tasks_mask.
      MEDIUM: ssl: Give ssl_sock its own context.
      MEDIUM: connections: Move some fields from struct connection to 
      MEDIUM: ssl: provide its own subscribe/unsubscribe function.
      MEDIUM: connections: Provide a xprt_ctx for each xprt method.
      MEDIUM: ssl: provide our own BIO.
      BUILD/medium: ssl: Fix build with OpenSSL < 1.1.0
      MINOR: fd: Add a counter of used fds.
      MEDIUM: connections: Add a way to control the number of idling 
      BUG/MEDIUM: ssl: Return -1 on recv/send if we got EAGAIN.
      MINOR: threads: Implement HA_ATOMIC_LOAD().
      BUG/MEDIUM: port_range: Make the ring buffer lock-free.
      BUG/MEDIUM: ssl: Don't pretend we can retry a recv/send if we got a 
      BUG/MEDIUM: channels: Don't forget to reset output in channel_erase().
      BUG/MEDIUM: connections: Make sure we remove CO_FL_SESS_IDLE on disown.
      BUG/MEDIUM: ssl: Use the early_data API the right way.
      BUG/MEDIUM: streams: Don't add CF_WRITE_ERROR if early data were rejected.
      MEDIUM: streams: Add the ability to retry a request on L7 failure.
      MEDIUM: streams: Add a way to replay failed 0rtt requests.
      MEDIUM: streams: Add a new keyword for retry-on, "junk-response"
      BUG/MEDIUM: ssl: Don't attempt to use early data with libressl.
      MINOR: doc: Document allow-0rtt on the server line.
      MINOR: doc: Document the interaction of allow-0rtt and retry-on 
      MEDIUM: proto: Change the prototype of the connect() method.
      BUG/MEDIUM: servers: Don't use the same srv flag for cookie-set and TFO.
      BUG/MEDIUM: h2: Make sure we set send_list to NULL in h2_detach().
      BUG/MEDIUM: h2: Don't check send_wait to know if we're in the send_list.
      BUG/MEDIUM: streams: Make sur SI_FL_L7_RETRY is set before attempting a 
      MEDIUM: streams: Add a new http action, disable-l7-retry.
      MINOR: streams: Introduce a new retry-on keyword, all-retryable-errors.
      BUG/MEDIUM: connections: Don't forget to set xprt_ctx to NULL on close.
      MINOR: h2: Use BUG_ON() to enforce rules in subscribe/unsubscribe.
      MINOR: h1: Use BUG_ON() to enforce rules in subscribe/unsubscribe.
      MINOR: connections: Use BUG_ON() to enforce rules in 

Ricardo Nabinger Sanchez (1):
      BUG/MAJOR: checks: segfault during tcpcheck_main

Rob Allen (1):
      BUG/MINOR: mworker/ssl: close OpenSSL FDs on reload

Robin H. Johnson (1):
      MINOR: skip get_gmtime where tm is unused

Thierry FOURNIER (14):
      MINOR: spoa-server: Clone the v1.7 spoa-example project
      MINOR: spoa-server: move some definition from spoa_server.c to 
      MINOR: spoa-server: Externalise debug functions
      MINOR: spoe-server: rename "worker" functions
      MINOR: spoa-server: Replace the thread init system by processes
      MINOR: spoa-server: With debug mode, start only one process
      MINOR: spoa-server: Allow registering external processes
      MINOR: spoa-server: Allow registering message processors
      MINOR: spoa-server: Load files
      MINOR: spoa-server: Prepare responses
      MINOR: spoa-server: Execute registered callbacks
      MINOR: spoa-server: Add Lua processing
      MINOR: spoa-server: Add python
      MINOR/DOC: spoe-server: Add documentation

Tim Duesterhus (7):
      BUILD: extend Travis CI config to support more platforms
      CLEANUP: Remove appsession documentation
      DOC: Fix typo in keyword matrix
      MINOR: systemd: Make use of master socket in systemd unit
      BUG/MINOR: vars: Fix memory leak in vars_check_arg
      BUG/MINOR: peers: Fix memory leak in cfg_parse_peers
      BUG/MINOR: vars: Fix memory leak in vars_check_arg

William Lallemand (28):
      BUG/MEDIUM: mworker: don't free the wrong child when not found
      REORG: mworker: move serializing functions to mworker.c
      REORG: mworker: move signals functions to mworker.c
      REORG: mworker: move IPC functions to mworker.c
      REORG: mworker: move signal handlers and related functions
      REORG: mworker: move mworker_cleanlisteners to mworker.c
      MINOR: mworker: calloc mworker_proc structures
      MINOR: mworker: don't use children variable anymore
      MINOR: cli: export cli_parse_default() definition in cli.h
      REORG: mworker/cli: move CLI functions to mworker.c
      MEDIUM: mworker-prog: implement program for master-worker
      MINOR: mworker/cli: show programs in 'show proc'
      BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
      MINOR: cli: start addresses by a prefix in 'show cli sockets'
      MINOR: cli: export HAPROXY_CLI environment variable
      MEDIUM: mworker: store the leaving state of a process
      MEDIUM: mworker-prog: implements 'option start-on-reload'
      CLEANUP: mworker: remove the type field in mworker_proc
      MEDIUM: mworker/cli: export the HAPROXY_MASTER_CLI variable
      MINOR: cli: don't add a semicolon at the end of HAPROXY_CLI
      MINOR: mworker: export HAPROXY_MWORKER=1 when running in mworker mode
      BUG/MINOR: mworker: mworker_kill should apply on every children
      BUG/MINOR: mworker: don't exit with an ambiguous value
      BUG/MINOR: mworker: ensure that we still quits with SIGINT
      MINOR: systemd: support /etc/sysconfig/ for redhat based distrib
      MINOR: mworker: support a configurable maximum number of reloads
      BUG/MAJOR: ssl: segfault upon an heartbeat request
      BUG/MINOR: mworker: use after free when the PID not assigned

Willy Tarreau (130):
      REGTEST: remove unexpected "nbthread" statement from Lua test cases
      BUILD: Makefile: remove 11-years old workarounds for deprecated options
      BUILD: remove 10-years old error message for obsolete option USE_TCPSPLICE
      BUILD: Makefile: remove outdated support for dlmalloc
      BUILD: Makefile: consider a variable's origin and not its value for the 
options list
      BUILD: Makefile: also report disabled options in the BUILD_OPTIONS 
      BUILD: Makefile: shorten default settings declaration
      BUILD: Makefile: clean up the target declarations
      BUILD: report the whole feature set with their status in haproxy -vv
      BUILD: pass all "USE_*" variables as -DUSE_* to the compiler
      REGTEST: script: make the script use the new features list
      REGTEST: script: remove platform-specific assigments of OPTIONS
      BUILD: makefile: work around an old bug in GNU make-3.80
      BUILD: makefile: work around another bug in make 3.80
      BUILD: http: properly mark some struct as extern
      BUILD: chunk: properly declare pool_head_trash as extern
      BUILD: cache: avoid a build warning with some compilers/linkers
      MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
      MINOR: tools: add an unsetenv() implementation
      BUILD: re-implement an initcall variant without using executable sections
      BUILD: use inttypes.h instead of stdint.h
      BUILD: connection: fix naming of ip_v field
      BUILD: makefile: fix build of IPv6 header on aix51
      BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
      BUILD: define unsetenv on AIX 5.1
      BUILD: Makefile: disable shared cache on AIX 5.1
      BUG/MEDIUM: htx: fix random premature abort of data transfers
      BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
      BUG/MEDIUM: task/threads: address a fairness issue between local and 
global tasks
      BUG/MINOR: tasks: make sure the first task to be queued keeps its nice 
      BUG/MINOR: listener: renice the accept ring processing task
      MINOR: cli/listener: report the number of accepts on "show activity"
      MINOR: cli/activity: report the accept queue sizes in "show activity"
      CLEANUP: task: do not export rq_next anymore
      MEDIUM: tasks: improve fairness between the local and global queues
      MEDIUM: tasks: only base the nice offset on the run queue depth
      MINOR: tasks: restore the lower latency scheduling when niced tasks are 
      BUILD: task/thread: fix single-threaded build of task.c
      BUILD: cli/threads: fix build in single-threaded mode
      BUILD: address a few cases of "static <type> inline foo()"
      BUILD: do not specify "const" on functions returning structs or scalars
      BUILD: htx: fix a used uninitialized warning on is_cookie2
      BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB
      MINOR: init: add a "set-dumpable" global directive to enable core dumps
      BUG/MINOR: listener/mq: correctly scan all bound threads under low load
      BUG/MEDIUM: tasks: Make sure we set TASK_QUEUED before adding a task to 
the rq.
      BUG/MAJOR: task: make sure never to delete a queued task
      MINOR: task/thread: factor out a wake-up condition
      CLEANUP: task: remain consistent when using the task's handler
      BUG/MINOR: mworker: disable busy polling in the master process
      BUG/MEDIUM: maps: only try to parse the default value when it's present
      BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
      Revert "CLEANUP: wurfl: remove dead, broken and unmaintained code"
      BUILD: add USE_WURFL to the list of known build options
      MINOR: wurfl: indicate in haproxy -vv the wurfl version in use
      REGTEST: make the "run-regtests" script search for tests in reg-tests by 
      BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB
      CLEANUP: task: report calls as unsigned in show sess
      MINOR: tasks/activity: report the context switch and task wakeup rates
      MINOR: stream: measure and report a stream's call rate in "show sess"
      MINOR: applet: measure and report an appctx's call rate in "show sess"
      REGTEST: exclude osx and generic targets for 40be_2srv_odd_health_checks
      REGTEST: relax the IPv6 address format checks in 
      REGTEST: exclude OSX and generic targets from abns_socket.vtc
      BUILD: travis: remove the "allow_failures" entry
      BUG/MINOR: activity: always initialize the profiling variable
      MINOR: activity: make the profiling status per thread and not global
      MINOR: activity: enable automatic profiling turn on/off
      CLEANUP: standard: use proper const to addr_to_str() and port_to_str()
      BUG/MINOR: proto_http: properly reset the stream's call rate on keep-alive
      MINOR: connection: make the debugging helper functions safer
      MINOR: stream/debug: make a stream dump and crash function
      MEDIUM: appctx/debug: force a crash if an appctx spins over itself forever
      MEDIUM: stream/debug: force a crash if a stream spins over itself forever
      MEDIUM: streams: measure processing time and abort when detecting bugs
      BUG/MEDIUM: mux-h2: properly deal with too large headers frames
      BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI
      CLEANUP: task: move the task_per_thread definition to task.h
      MINOR: activity: report context switch counts instead of rates
      MINOR: threads: flatten the per-thread cpu-map
      MINOR: init/threads: remove the useless tids[] array
      MINOR: init/threads: make the threads array global
      BUG/MINOR: stream: also increment the retry stats counter on L7 retries
      BUG/MEDIUM: checks: make sure the warmup task takes the server lock
      BUG/MINOR: logs/threads: properly split the log area upon startup
      MEDIUM: tcp: add the "tfo" option to support TCP fastopen on the server
      REGTEST: make the tls_health_checks test much faster
      REGTEST: make the "table in peers" test require v2.0
      BUG/MINOR: mux-h2: rely on trailers output not input to turn them to 
empty data
      BUG/MEDIUM: h2/htx: always fail on too large trailers
      MEDIUM: mux-h2: discard contents that are to be sent after a shutdown
      BUG/MEDIUM: mux-h2/htx: never wait for EOM when processing trailers
      BUG/MEDIUM: h2/htx: never leave a trailers block alone with no EOM block
      CLEANUP: task: remove unneeded tests before task_destroy()
      BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend
      BUILD: ssl: fix again a libressl build failure after the openssl FD leak 
      CLEANUP: ssl-sock: use HA_OPENSSL_VERSION_NUMBER instead of 
      BUILD: ssl: make libressl use its own version numbers
      CLEANUP: ssl: remove 57 occurrences of useless tests on 
      MINOR: ssl: enable aes_gcm_dec on LibreSSL
      BUILD: ssl: fix libressl build again after aes-gcm-enc
      REORG: ssl: move openssl-compat from proto to common
      REORG: ssl: move some OpenSSL defines from ssl_sock to openssl-compat
      CLEANUP: ssl: never include openssl/*.h outside of openssl-compat.h 
      CLEANUP: ssl: make inclusion of openssl headers safe
      CLEANUP: ssl: move the SSL_OP_* and SSL_MODE_* definitions to 
      CLEANUP: ssl: remove ifdef around SSL_CTX_get_extra_chain_certs()
      CLEANUP: ssl: move all BIO_* definitions to openssl-compat
      BUILD: threads: fix again the __ha_cas_dw() definition
      BUG/MAJOR: mux-h2: do not add a stream twice to the send list
      Revert "BUG/MINOR: vars: Fix memory leak in vars_check_arg"
      BUG/MINOR: htx: make sure to always initialize the HTTP method when 
parsing a buffer
      REGTEST: fix tls_health_checks random failures on MacOS in Travis-CI
      MINOR: lists: add LIST_ADDED() to check if an element belongs to a list
      CLEANUP: mux-h2: use LIST_ADDED() instead of LIST_ISEMPTY() where relevant
      MINOR: mux-h2: add two H2S flags to report the need for shutr/shutw
      CLEANUP: mux-h2: simply use h2s->flags instead of ret in 
      CLEANUP: connection: remove the handle field from the wait_event struct
      BUG/MINOR: mux-h2: make the do_shut{r,w} functions more robust against 
      MINOR: mux-h2: remove useless test on stream ID vs last in wake function
      MINOR: mux-h2: make h2_wake_some_streams() not depend on the CS flags
      MINOR: mux-h2: make h2s_wake_one_stream() the only function to deal with 
      MINOR: mux-h2: make h2s_wake_one_stream() not depend on temporary CS flags
      BUG/MINOR: mux-h2: make sure to honor KILL_CONN in do_shut{r,w}
      CLEANUP: mux-h2: don't test for impossible CS_FL_REOS conditions
      MINOR: mux-h2: add macros to check multiple stream states at once
      MINOR: mux-h2: stop relying on CS_FL_REOS
      BUILD: debug: make gcc not complain on the ABORT_NOW() macro
      MINOR: debug: add a new BUG_ON macro
      BUILD: ist: turn the lower/upper case tables to literal on obsolete 

Yann Cézard (2):
      DOC: contrib/modsecurity: Typos and fix the reject example
      BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to 
strdup it

paulborile (5):
      BUILD: wurfl: build fix for 1.9/2.0 code base
      CLEANUP: wurfl: removed deprecated methods
      DOC: wurfl: added point of contact in MAINTAINERS file
      MINOR: wurfl: enabled multithreading mode
      MINOR: contrib: dummy wurfl library


Reply via email to