Hi,
HAProxy 2.2-dev3 was released on 2020/02/25. It added 103 new commits
after version 2.2-dev2.
This version is mostly a bugfix and cleanup version after dev2, it
addresses roughly 30 bugs that were affecting it. It has very few new
features. Among the visible changes, I'd cite the fact that the
"show ssl cert" CLI command will now list the certificate chain and
issuer, that it now becomes possible to have a separate ".key" file for
the private key associated with a certificate (for this it must not be
present in the cert PEM file), and that the argument parser for the
config file finally supports quotes, braces and square brackets in
arguments, so that it is now possible to write character classes and
groups in the "regsub()" converter. For this these arguments must be
enclosed in quotes inside the argument, which means that you may either
backslash-quote them or have double quotes outside and single quotes
inside (i.e. the quote must appear as a delimiter in the argument after
the config is tokenized), like in this example stolen from Jérôme:
http-request redirect location '%[url,regsub("(foo|bar)([0-9]+)?","\2\1",i)]'
I wanted to write an extra section about this in the doc but figured it was
stupid to delay a release on doc that advances slower.
If you've met bugs with 2.2-dev2, it may be worth upgrading to dev3 which
should remain almost identical but more reliable.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.2/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.2/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Christian Lachner (1):
MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs
Christopher Faulet (13):
BUG/MINOR: http-act: Set stream error flag before returning an error
BUG/MINOR: http-act: Fix bugs on error path during parsing of return
actions
BUG/MEDIUM: tcp-rules: Fix track-sc* actions for L4/L5 TCP rules
BUG/MINOR: mux-fcgi: Forbid special characters when matching PATH_INFO
param
MINOR: mux-fcgi: Make the capture of the path-info optional in pathinfo
regex
MINOR: http-htx: Add a function to retrieve the headers size of an HTX
message
MINOR: filters: Forward data only if the last filter forwards something
BUG/MINOR: filters: Count HTTP headers as filtered data but don't forward
them
BUG/MINOR: http-htx: Don't return error if authority is updated without
changes
BUG/MINOR: stream: Don't incr frontend cum_req counter when stream is
closed
BUG/MINOR: http-ana: Matching on monitor-uri should be case-sensitive
MINOR: http-ana: Match on the path if the monitor-uri starts by a /
BUG/MAJOR: http-ana: Always abort the request when a tarpit is triggered
Emmanuel Hocdet (1):
MINOR: ssl: add "issuers-chain-path" directive.
Ilya Shipitsin (9):
BUILD: cirrus-ci: switch to "snap" images to unify openssl naming
BUILD: cirrus-ci: workaround "pkg install" bug
BUILD: cirrus-ci: add ERR=1 to freebsd builds
BUILD: travis-ci: no more allowed failures for openssl-1.0.2
BUILD: travis-ci: harden builds, add ERR=1 (warning ought to be errors)
BUILD: scripts/build-ssl.sh: use "uname" instead of ${TRAVIS_OS_NAME}
CLEANUP: ssl: remove unused functions in openssl-compat.h
BUILD: enable ERR=1 in github cygwin builds
BUILD: travis-ci: enable s390x builds
Jerome Magnin (4):
MINOR: sample: regsub now supports backreferences
MINOR: ist: add an iststop() function
BUG/MINOR: http: http-request replace-path duplicates the query string
CLEANUP: sample: use iststop instead of a for loop
Olivier Houchard (1):
BUG/MEDIUM: muxes: Use the right argument when calling the destroy method.
Tim Duesterhus (4):
BUG/MINOR: ssl: Stop passing dynamic strings as format arguments
CLEANUP: conn: Do not pass a pointer to likely
CLEANUP: net_helper: Do not negate the result of unlikely
CLEANUP: cfgparse: Fix type of second calloc() parameter
William Dauchy (3):
BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
BUG/MINOR: tcp: don't try to set defaultmss when value is negative
BUG/MINOR: namespace: avoid closing fd when socket failed in my_socketat
William Lallemand (8):
BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init
DOC: schematic of the SSL certificates architecture
MINOR: ssl: load the key from a dedicated file
BUG/MINOR: ssl: load .key in a directory only after PEM
MINOR: ssl/cli: 'show ssl cert' displays the chain
MINOR: ssl/cli: 'show ssl cert'displays the issuer in the chain
MINOR: ssl/cli: reorder 'show ssl cert' output
CLEANUP: ssl: move issuer_chain tree and definition
Willy Tarreau (59):
SCRIPTS: announce-release: place the send command in the mail's header
SCRIPTS: announce-release: allow the user to force to overwrite old files
SCRIPTS: backport: fix the master branch detection
BUG/MAJOR: mux-h2: don't wake streams after connection was destroyed
BUG/MINOR: unix: better catch situations where the unix socket path
length is close to the limit
BUG/MINOR: connection: correctly retry I/O on signals
CLEANUP: mini-clist: simplify nested do { while(1) {} } while (0)
BUILD: http_act: cast file sizes when reporting file size error
BUG/MEDIUM: listener: only consider running threads when resuming
listeners
BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
SCRIPTS: make announce-release executable again
MINOR: tools: add is_idchar() to tell if a char may belong to an
identifier
MINOR: chunk: implement chunk_strncpy() to copy partial strings
MINOR: sample/acl: use is_idchar() to locate the fetch/conv name
MEDIUM: arg: make make_arg_list() stop after its own arguments
MEDIUM: arg: copy parsed arguments into the trash instead of allocating
them
MEDIUM: arg: make make_arg_list() support quotes in arguments
MINOR: sample: make sample_parse_expr() able to return an end pointer
MEDIUM: log-format: make the LF parser aware of sample expressions' end
BUG/MINOR: arg: report an error if an argument is larger than bufsize
SCRIPTS: announce-release: use mutt -H instead of -i to include the draft
BUG/MINOR: arg: fix again incorrect argument length check
BUG/MINOR: tools: also accept '+' as a valid character in an identifier
BUG/MINOR: sample: exit regsub() in case of trash allocation error
REGTESTS: use "command -v" instead of "which"
BUG/MINOR: mux: do not call conn_xprt_stop_recv() on buffer shortage
MINOR: checks: do not call conn_xprt_stop_send() anymore
CLEANUP: epoll: place the struct epoll_event in the stack
MEDIUM: connection: remove the intermediary polling state from the
connection
MINOR: raw_sock: directly call fd_stop_send() and not
conn_xprt_stop_send()
MINOR: tcp/uxst/sockpair: use fd_want_send() instead of
conn_xprt_want_send()
MINOR: connection: remove the last calls to conn_xprt_{want,stop}_*
CLEANUP: connection: remove the definitions of
conn_xprt_{stop,want}_{send,recv}
MINOR: connection: introduce a new receive flag: CO_RFL_READ_ONCE
MINOR: mux-h1: pass CO_RFL_READ_ONCE to the lower layers when relevant
BUG/MEDIUM: shctx: make sure to keep all blocks aligned
MINOR: compiler: move CPU capabilities definition from config.h and
complete them
BUG/MEDIUM: ebtree: don't set attribute packed without unaligned access
support
CLEANUP: http/h1: rely on HA_UNALIGNED_LE instead of checking for CPU
families
BUILD: fix recent build failure on unaligned archs
MINOR: compiler: drop special cases of likely/unlikely for older compilers
BUILD: remove obsolete support for -mregparm / USE_REGPARM
BUILD: ssl: only pass unsigned chars to isspace()
BUILD: general: always pass unsigned chars to is* functions
BUG/MINOR: sample: fix the json converter's endian-sensitivity
BUG/MEDIUM: ssl: fix several bad pointer aliases in a few sample fetch
functions
CLEANUP: fd: use a union in fd_rm_from_fd_list() to shut aliasing warnings
CLEANUP: cache: use read_u32/write_u32 to access the cache entry's hash
CLEANUP: stick-tables: use read_u32() to display a node's key
CLEANUP: sample: use read_u64() in ipmask() to apply an IPv6 mask
MINOR: pattern: fix all remaining strict aliasing issues
CLEANUP: lua: fix aliasing issues in the address matching code
CLEANUP: connection: use read_u32() instead of a cast in the netscaler
parser
BUILD: makefile: re-enable strict aliasing
BUG/MINOR: connection: make sure to correctly tag local PROXY connections
MINOR: compiler: add new alignment macros
BUILD: ebtree: improve architecture-specific alignment
MINOR: config: mark global.debug as deprecated
DOC: proxy-protocol: clarify IPv6 address representation in the spec
---
