HAProxy 2.3-dev4 was released on 2020/09/11. It added 89 new commits
after version 2.3-dev3.

Some might have noticed that we missed the previous dev released two weeks
ago. The fact is that I've been trying hard to attack a deeply rooted old
crap that's been there for more than a decade, and couldn't yet manage to
win the battle after 4 attacks over the last 3 weeks. But I still have yet
another plan. In short, we've been accumulating hacks in the address
management code that's used everywhere an address is parsed, and these
hacks consist in using dummy address families to represent some variants
like socket pairs, external FDs, UDP, QUIC etc. And this has precisely
become a massive obstacle to the rework of listeners that is essential to
get QUIC eventually integrated. This has diverted me long enough to miss
the previous releases. But I never give up and here's a pause for a new
release (without this code yet).

Some of the required code to rework the listeners was merged, including
the one that makes sure we start the listeners in one place (previously
they were started twice, once by scanning the proxies, and once by scanning
the protocols). Despite the main patch being tagged MAJOR, I can't see any
side effect it could have since all listeners were registered in the
protocol lists. But if you discover that some odd service doesn't start
anymore or fails to reload since dev4, please report it.

I've also added the minimally needed changes to let haproxy be built with
the TCC compiler. That's very convenient during development or to quickly
test if a patch broke something, as it builds the whole project in 0.5s
instead of 17s on my machine. Threads are not supported however, but it's
convenient to quickly test potential breakage with various option

Tim's "iif()" converter was just merged (a few minutes before the release,
with the trivial doc typo that was reported a few minutes after :-)). This
will likely simplify quite some configs.

There was the usual batch of deinit() cleanups.

One possible user-visible change is that we'll now hard-error on truncted
lines in the config file. It used to appear as a warning in 2.2 and now
it's an error. This never happens, unless you accidently truncated your
file and don't want it to run this way at all! Another visible change is
that configs with duplicate cache section names are now rejected (again,
this must never happen except by accident).

Shimi Gersner added support for SAN extension and certificate chaining when
generating certs on the fly, as by default the emitted certificate didn't
contain the whole CA chain.

The pathq/set-pathq/replace-pathq sample fetch and actions that were merged
into 2.2 were integrated into this version. And the rest is essentially bug

Ah, last point, I added a "Work in progress" page in the wiki to list known
long-term developments that are being worked on. I'm currently only aware
of QUIC by Fred, but if others are silently working on certain features that
will take time to get in shape for a merge and they want to add a link there
to avoid effort duplication, they're welcome to do so. Maybe the page is
poorly named, just rename it if you have a better proposal :-)

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.3/src/
   Git repository   : http://git.haproxy.org/git/haproxy.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy.git
   Changelog        : http://www.haproxy.org/download/2.3/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Bertrand Jacquin (1):
      MINOR: contrib/spoa-server: allow MAX_FRAME_SIZE override

Christopher Faulet (13):
      BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from 
      MINOR: http-htx: Add an option to eval query-string when the path is 
      BUG/MINOR: http-rules: Replace path and query-string in "replace-path" 
      MINOR: http-htx: Handle an optional reason when replacing the response 
      Revert "BUG/MINOR: http-rules: Replace path and query-string in 
"replace-path" action"
      BUG/MEDIUM: doc: Fix replace-path action description
      MINOR: http-rules: Add set-pathq and replace-pathq actions
      MINOR: http-fetch: Add pathq sample fetch
      REGTEST: Add a test for request path manipulations, with and without the 
      BUG/MEDIUM: dns: Don't store additional records in a linked-list
      BUG/MEDIUM: dns: Be sure to renew IP address for already known servers
      MINOR: server: Improve log message sent when server address is updated
      BUG/MEDIUM: pattern: Renew the pattern expression revision when it is 

Gilchrist Dadaglo (5):
      BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to 
memory leak
      BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed
      BUG/MINOR: contrib/spoa-server: Do not free reference to NULL
      BUG/MINOR: contrib/spoa-server: Updating references to free in case of 
      BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of 

Jerome Magnin (1):
      DOC: ssl-load-extra-files only applies to certificates on bind lines

Lukas Tribus (1):
      DOC: overhauling github issue templates

MIZUTA Takeshi (1):
      DOC: add description of pidfile in master-worker mode

Shimi Gersner (2):
      MEDIUM: ssl: Support certificate chaining for certificate generation
      MINOR: ssl: Support SAN extension for certificate generation

Thierry Fournier (1):
      MINOR: hlua: Add error message relative to the Channel manipulation and 
HTTP mode

Tim Duesterhus (11):
      MEDIUM: cfgparse: Emit hard error on truncated lines
      DOC: cache: Use '<name>' instead of '<id>' in error message
      MINOR: cache: Reject duplicate cache names
      MINOR: Commit .gitattributes
      CLEANUP: Update .gitignore
      BUG/MINOR: haproxy: Free uri_auth->scope during deinit
      CLEANUP: Free old_argv on deinit
      CLEANUP: haproxy: Free post_proxy_check_list in deinit()
      CLEANUP: haproxy: Free per_thread_*_list in deinit()
      CLEANUP: haproxy: Free post_check_list in deinit()
      MINOR: sample: Add iif(<true>,<false>) converter

Victor Kislov (1):
      BUG/MINOR: auth: report valid crypto(3) support depending on build options

William Lallemand (3):
      BUG/MEDIUM: ssl: crt-list negative filters don't work
      BUG/MEDIUM: ssl: fix ssl_bind_conf double free w/ wildcards
      BUG/MINOR: startup: haproxy -s cause 100% cpu

Willy Tarreau (48):
      REGTEST: remove stray leading spaces in converteers_ref_cnt_never_dec.vtc
      BUILD: tools: include auxv a bit later
      BUILD: task: work around a bogus warning in gcc 4.7/4.8 at -O1
      MINOR: tcp: don't try to set/clear v6only on inherited sockets
      BUG/MINOR: reload: detect the OS's v6only status before choosing an old 
      MINOR: reload: determine the foreing binding status from the socket
      MEDIUM: reload: stop passing listener options along with FDs
      MEDIUM: fd: replace usages of fd_remove() with fd_stop_both()
      CLEANUP: fd: remove fd_remove() and rename fd_dodelete() to fd_delete()
      MINOR: fd: add a new "exported" flag and use it for all regular listeners
      MEDIUM: reload: pass all exportable FDs, not just listeners
      BUG/MINOR: reload: do not fail when no socket is sent
      REORG: tcp: move TCP actions from proto_tcp.c to tcp_act.c
      CLEANUP: tcp: stop exporting smp_fetch_src()
      REORG: tcp: move TCP sample fetches from proto_tcp.c to tcp_sample.c
      REORG: tcp: move TCP bind/server keywords from proto_tcp.c to 
      REORG: unix: move UNIX bind/server keywords from proto_uxst.c to 
      REORG: sock: start to move some generic socket code to sock.c
      MINOR: sock: introduce sock_inet and sock_unix
      MINOR: tcp/udp/unix: make use of proto->addrcmp() to compare addresses
      MINOR: sock_inet: implement sock_inet_get_dst()
      REORG: inet: replace tcp_is_foreign() with sock_inet_is_foreign()
      REORG: sock_inet: move v6only_default from proto_tcp.c to sock_inet.c
      REORG: sock_inet: move default_tcp_maxseg from proto_tcp.c
      REORG: listener: move xfer_sock_list to sock.{c,h}.
      MINOR: sock: add interface and namespace length to xfer_sock_list
      MINOR: sock: implement sock_find_compatible_fd()
      MINOR: sock_inet: move the IPv4/v6 transparent mode code to sock_inet
      REORG: sock: move get_old_sockets() from haproxy.c
      MINOR: sock: do not use LI_O_* in xfer_sock_list anymore
      MINOR: sock: distinguish dgram from stream types when retrieving old 
      BUILD: sock_unix: fix build issue with isdigit()
      CLEANUP: http: silence a cppcheck warning in get_http_auth()
      REGTEST: increase some short timeouts to make tests more reliable
      BUG/MINOR: threads: work around a libgcc_s issue with chrooting
      BUILD: thread: limit the libgcc_s workaround to glibc only
      MINOR: protocol: do not call proto->bind_all() anymore
      MINOR: protocol: do not call proto->unbind_all() anymore
      CLEANUP: protocol: remove all ->bind_all() and ->unbind_all() functions
      MAJOR: init: start all listeners via protocols and not via proxies anymore
      BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections
      BUILD: threads: better workaround for late loading of libgcc_s
      BUILD: compiler: reserve the gcc version checks to the gcc compiler
      BUILD: compiler: workaround a glibc madness around __attribute__()
      BUILD: intops: on x86_64, the bswap instruction is called bswapq
      BUILD: trace: always have an argument before variadic args in macros
      BUILD: traces: don't pass an empty argument for missing ones
      REORG: tools: move PARSE_OPT_* from tools.h to tools-t.h

zurikus (1):
      MINOR: stats: prevent favicon.ico requests for stats page


Reply via email to