Hi, HAProxy 2.3-dev4 was released on 2020/09/11. It added 89 new commits after version 2.3-dev3.
Some might have noticed that we missed the previous dev released two weeks ago. The fact is that I've been trying hard to attack a deeply rooted old crap that's been there for more than a decade, and couldn't yet manage to win the battle after 4 attacks over the last 3 weeks. But I still have yet another plan. In short, we've been accumulating hacks in the address management code that's used everywhere an address is parsed, and these hacks consist in using dummy address families to represent some variants like socket pairs, external FDs, UDP, QUIC etc. And this has precisely become a massive obstacle to the rework of listeners that is essential to get QUIC eventually integrated. This has diverted me long enough to miss the previous releases. But I never give up and here's a pause for a new release (without this code yet). Some of the required code to rework the listeners was merged, including the one that makes sure we start the listeners in one place (previously they were started twice, once by scanning the proxies, and once by scanning the protocols). Despite the main patch being tagged MAJOR, I can't see any side effect it could have since all listeners were registered in the protocol lists. But if you discover that some odd service doesn't start anymore or fails to reload since dev4, please report it. I've also added the minimally needed changes to let haproxy be built with the TCC compiler. That's very convenient during development or to quickly test if a patch broke something, as it builds the whole project in 0.5s instead of 17s on my machine. Threads are not supported however, but it's convenient to quickly test potential breakage with various option combinations. Tim's "iif()" converter was just merged (a few minutes before the release, with the trivial doc typo that was reported a few minutes after :-)). This will likely simplify quite some configs. There was the usual batch of deinit() cleanups. One possible user-visible change is that we'll now hard-error on truncted lines in the config file. It used to appear as a warning in 2.2 and now it's an error. This never happens, unless you accidently truncated your file and don't want it to run this way at all! Another visible change is that configs with duplicate cache section names are now rejected (again, this must never happen except by accident). Shimi Gersner added support for SAN extension and certificate chaining when generating certs on the fly, as by default the emitted certificate didn't contain the whole CA chain. The pathq/set-pathq/replace-pathq sample fetch and actions that were merged into 2.2 were integrated into this version. And the rest is essentially bug fixes. Ah, last point, I added a "Work in progress" page in the wiki to list known long-term developments that are being worked on. I'm currently only aware of QUIC by Fred, but if others are silently working on certain features that will take time to get in shape for a merge and they want to add a link there to avoid effort duplication, they're welcome to do so. Maybe the page is poorly named, just rename it if you have a better proposal :-) Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.3/src/ Git repository : http://git.haproxy.org/git/haproxy.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy.git Changelog : http://www.haproxy.org/download/2.3/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Bertrand Jacquin (1): MINOR: contrib/spoa-server: allow MAX_FRAME_SIZE override Christopher Faulet (13): BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers MINOR: http-htx: Add an option to eval query-string when the path is replaced BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action MINOR: http-htx: Handle an optional reason when replacing the response status Revert "BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action" BUG/MEDIUM: doc: Fix replace-path action description MINOR: http-rules: Add set-pathq and replace-pathq actions MINOR: http-fetch: Add pathq sample fetch REGTEST: Add a test for request path manipulations, with and without the QS BUG/MEDIUM: dns: Don't store additional records in a linked-list BUG/MEDIUM: dns: Be sure to renew IP address for already known servers MINOR: server: Improve log message sent when server address is updated BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned Gilchrist Dadaglo (5): BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed BUG/MINOR: contrib/spoa-server: Do not free reference to NULL BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address Jerome Magnin (1): DOC: ssl-load-extra-files only applies to certificates on bind lines Lukas Tribus (1): DOC: overhauling github issue templates MIZUTA Takeshi (1): DOC: add description of pidfile in master-worker mode Shimi Gersner (2): MEDIUM: ssl: Support certificate chaining for certificate generation MINOR: ssl: Support SAN extension for certificate generation Thierry Fournier (1): MINOR: hlua: Add error message relative to the Channel manipulation and HTTP mode Tim Duesterhus (11): MEDIUM: cfgparse: Emit hard error on truncated lines DOC: cache: Use '<name>' instead of '<id>' in error message MINOR: cache: Reject duplicate cache names MINOR: Commit .gitattributes CLEANUP: Update .gitignore BUG/MINOR: haproxy: Free uri_auth->scope during deinit CLEANUP: Free old_argv on deinit CLEANUP: haproxy: Free post_proxy_check_list in deinit() CLEANUP: haproxy: Free per_thread_*_list in deinit() CLEANUP: haproxy: Free post_check_list in deinit() MINOR: sample: Add iif(<true>,<false>) converter Victor Kislov (1): BUG/MINOR: auth: report valid crypto(3) support depending on build options William Lallemand (3): BUG/MEDIUM: ssl: crt-list negative filters don't work BUG/MEDIUM: ssl: fix ssl_bind_conf double free w/ wildcards BUG/MINOR: startup: haproxy -s cause 100% cpu Willy Tarreau (48): REGTEST: remove stray leading spaces in converteers_ref_cnt_never_dec.vtc BUILD: tools: include auxv a bit later BUILD: task: work around a bogus warning in gcc 4.7/4.8 at -O1 MINOR: tcp: don't try to set/clear v6only on inherited sockets BUG/MINOR: reload: detect the OS's v6only status before choosing an old socket MINOR: reload: determine the foreing binding status from the socket MEDIUM: reload: stop passing listener options along with FDs MEDIUM: fd: replace usages of fd_remove() with fd_stop_both() CLEANUP: fd: remove fd_remove() and rename fd_dodelete() to fd_delete() MINOR: fd: add a new "exported" flag and use it for all regular listeners MEDIUM: reload: pass all exportable FDs, not just listeners BUG/MINOR: reload: do not fail when no socket is sent REORG: tcp: move TCP actions from proto_tcp.c to tcp_act.c CLEANUP: tcp: stop exporting smp_fetch_src() REORG: tcp: move TCP sample fetches from proto_tcp.c to tcp_sample.c REORG: tcp: move TCP bind/server keywords from proto_tcp.c to cfgparse-tcp.c REORG: unix: move UNIX bind/server keywords from proto_uxst.c to cfgparse-unix.c REORG: sock: start to move some generic socket code to sock.c MINOR: sock: introduce sock_inet and sock_unix MINOR: tcp/udp/unix: make use of proto->addrcmp() to compare addresses MINOR: sock_inet: implement sock_inet_get_dst() REORG: inet: replace tcp_is_foreign() with sock_inet_is_foreign() REORG: sock_inet: move v6only_default from proto_tcp.c to sock_inet.c REORG: sock_inet: move default_tcp_maxseg from proto_tcp.c REORG: listener: move xfer_sock_list to sock.{c,h}. MINOR: sock: add interface and namespace length to xfer_sock_list MINOR: sock: implement sock_find_compatible_fd() MINOR: sock_inet: move the IPv4/v6 transparent mode code to sock_inet REORG: sock: move get_old_sockets() from haproxy.c MINOR: sock: do not use LI_O_* in xfer_sock_list anymore MINOR: sock: distinguish dgram from stream types when retrieving old sockets BUILD: sock_unix: fix build issue with isdigit() CLEANUP: http: silence a cppcheck warning in get_http_auth() REGTEST: increase some short timeouts to make tests more reliable BUG/MINOR: threads: work around a libgcc_s issue with chrooting BUILD: thread: limit the libgcc_s workaround to glibc only MINOR: protocol: do not call proto->bind_all() anymore MINOR: protocol: do not call proto->unbind_all() anymore CLEANUP: protocol: remove all ->bind_all() and ->unbind_all() functions MAJOR: init: start all listeners via protocols and not via proxies anymore BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections BUILD: threads: better workaround for late loading of libgcc_s BUILD: compiler: reserve the gcc version checks to the gcc compiler BUILD: compiler: workaround a glibc madness around __attribute__() BUILD: intops: on x86_64, the bswap instruction is called bswapq BUILD: trace: always have an argument before variadic args in macros BUILD: traces: don't pass an empty argument for missing ones REORG: tools: move PARSE_OPT_* from tools.h to tools-t.h zurikus (1): MINOR: stats: prevent favicon.ico requests for stats page ---