Changes:
Released version 1.5.14 with the following main changes :
- BUILD/MINOR: tools: rename popcount to my_popcountl
- BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
Released version 1.5.13 with the following main changes :
- BUG/MINOR: check: fix tcpcheck error message
- CLEANUP: deinit: remove codes for cleaning p->block_rules
- DOC: Update doc about weight, act and bck fields in the statistics
- MINOR: ssl: add a destructor to free allocated SSL ressources
- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
- MEDIUM: ssl: replace standards DH groups with custom ones
- BUG/MINOR: debug: display (null) in place of "meth"
- BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
- BUG/MEDIUM: cfgparse: segfault when userlist is misused
- BUG/MEDIUM: stats: properly initialize the scope before dumping stats
- BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
- CLEANUP: checks: simplify the loop processing of tcp-checks
- BUG/MAJOR: checks: always check for end of list before proceeding
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
- BUG/MEDIUM: peers: apply a random reconnection timeout
- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
- MEDIUM: init: don't stop proxies in parent process when exiting
- MINOR: peers: store the pointer to the signal handler
- MEDIUM: peers: unregister peers that were never started
- MEDIUM: config: propagate the table's process list to the peers sections
- MEDIUM: init: stop any peers section not bound to the correct process
- MEDIUM: config: validate that peers sections are bound to exactly one process
- MAJOR: peers: allow peers section to be used with nbproc > 1
- DOC: relax the peers restriction to single-process
- CLEANUP: config: fix misleading information in error message.
- MINOR: config: report the number of processes using a peers section in the error case
- BUG/MEDIUM: config: properly compute the default number of processes for a proxy
pkgsrc changes:
Thanks to "rename popcount to my_popcountl" one of patches can be removed.
2015/05/02 : 1.5.12
- BUG/MINOR: ssl: Display correct filename in error message
- DOC: Fix L4TOUT typo in documentation
- BUG/MEDIUM: Do not consider an agent check as failed on L7 error
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
- BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax
- BUG/MEDIUM: peers: correctly configure the client timeout
- BUG/MINOR: compression: consider the expansion factor in init
- BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
- BUG/MEDIUM: listener: don't report an error when resuming unbound listeners
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified
- BUG/MEDIUM: http: remove content-length from chunked messages
- DOC: http: update the comments about the rules for determining transfer-length
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request
- BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding
- MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230
- MEDIUM: http: add option-ignore-probes to get rid of the floods of 408
- BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies
- MINOR: stick-table: don't attach to peers in stopped state
- MEDIUM: config: initialize stick-tables after peers, not before
- MEDIUM: peers: add the ability to disable a peers section
- DOC: document option http-ignore-probes
- DOC: fix the comments about the meaning of msg->sol in HTTP
- BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body
- BUG/MAJOR: http: prevent risk of reading past end with balance url_param
- DOC: update the doc on the proxy protocol
ChangeLog :
===========
2015/02/01 : 1.5.11
- BUG/MEDIUM: backend: correctly detect the domain when use_domain_only is used
- MINOR: ssl: load certificates in alphabetical order
- BUG/MINOR: checks: prevent http keep-alive with http-check expect
- BUG/MEDIUM: Do not set agent health to zero if server is disabled in config
- MEDIUM/BUG: Only explicitly report "DOWN (agent)" if the agent health is zero
- BUG/MINOR: stats:Fix incorrect printf type.
- DOC: add missing entry for log-format and clarify the text
- BUG/MEDIUM: http: fix header removal when previous header ends with pure LF
- BUG/MEDIUM: channel: fix possible integer overflow on reserved size computation
- BUG/MINOR: channel: compare to_forward with buf->i, not buf->size
- MINOR: channel: add channel_in_transit()
- MEDIUM: channel: make buffer_reserved() use channel_in_transit()
- MEDIUM: channel: make bi_avail() use channel_in_transit()
- BUG/MEDIUM: channel: don't schedule data in transit for leaving until connected
- BUG/MAJOR: log: don't try to emit a log if no logger is set
- BUG/MINOR: args: add missing entry for ARGT_MAP in arg_type_names
- BUG/MEDIUM: http: make http-request set-header compute the string before removal
- BUG/MINOR: http: fix incorrect header value offset in replace-hdr/replace-value
- BUG/MINOR: http: abort request processing on filter failure
2014/12/31 : 1.5.10
- DOC: fix a few typos
- BUG/MINOR: http: fix typo: "401 Unauthorized" => "407 Unauthorized"
- BUG/MINOR: parse: refer curproxy instead of proxy
- DOC: httplog does not support 'no'
- MINOR: map/acl/dumpstats: remove the "Done." message
- BUG/MEDIUM: sample: fix random number upper-bound
- BUG/MEDIUM: patterns: previous fix was incomplete
- BUG/MEDIUM: payload: ensure that a request channel is available
- BUG/MINOR: tcp-check: don't condition data polling on check type
- BUG/MEDIUM: tcp-check: don't rely on random memory contents
- BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect
- BUG/MINOR: config: fix typo in condition when propagating process binding
- BUG/MEDIUM: config: do not propagate processes between stopped processes
- BUG/MAJOR: stream-int: properly check the memory allocation return
- BUG/MEDIUM: memory: fix freeing logic in pool_gc2()
- BUG/MEDIUM: compression: correctly report zlib_mem
- BUILD: fix "make install" to support spaces in the install dirs
- BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthcheck
s
- BUG/MEDIUM: ssl: fix bad ssl context init can cause segfault in case of OO
M.
- BUG/MINOR: samples: fix unnecessary memcopy converting binary to string.
- BUG/MEDIUM: connection: sanitize PPv2 header length before parsing address
information
- BUG/MEDIUM: pattern: don't load more than once a pattern list.
- BUG/MEDIUM: ssl: force a full GC in case of memory shortage
- BUG/MINOR: config: don't inherit the default balance algorithm in frontend
s
- BUG/MAJOR: frontend: initialize capture pointers earlier
- BUG/MINOR: stats: correctly set the request/response analysers
- DOC: fix typo in the body parser documentation for msg.sov
- BUG/MINOR: peers: the buffer size is global.tune.bufsize, not trash.size
- MINOR: sample: add a few basic internal fetches (nbproc, proc, stopping)
- BUG/MAJOR: sessions: unlink session from list on out of memory
===========
2014/10/31 : 1.5.8
- BUG/MAJOR: buffer: check the space left is enough or not when input data in a buffer is wrapped
- BUG/BUILD: revert accidental change in the makefile from latest SSL fix
2014/10/30 : 1.5.7
- BUG/MEDIUM: regex: fix pcre_study error handling
- BUG/MINOR: log: fix request flags when keep-alive is enabled
- MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER formatted certs
- MINOR: ssl: add statement to force some ssl options in global.
- BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates
- BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR
- BUG/MAJOR: cli: explicitly call cli_release_handler() upon error
- BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol
- BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets
2014/10/18 : 1.5.6
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
- MINOR: systemd: Check configuration before start
- BUG/MEDIUM: config: avoid skipping disabled proxies
- BUG/MINOR: config: do not accept more track-sc than configured
- BUG/MEDIUM: backend: fix URI hash when a query string is present
2014/10/08 : 1.5.5
- DOC: Address issue where documentation is excluded due to a gitignore rule.
- MEDIUM: Improve signal handling in systemd wrapper.
- BUG/MINOR: config: don't propagate process binding for dynamic use_backend
- MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper
- DOC: clearly state that the "show sess" output format is not fixed
- MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer()
- DOC: indicate in the doc that track-sc* can wait if data are missing
- MEDIUM: http: enable header manipulation for 101 responses
- BUG/MEDIUM: config: propagate frontend to backend process binding again.
- MEDIUM: config: properly propagate process binding between proxies
- MEDIUM: config: make the frontends automatically bind to the listeners' processes
- MEDIUM: config: compute the exact bind-process before listener's maxaccept
- MEDIUM: config: only warn if stats are attached to multi-process bind directives
- MEDIUM: config: report it when tcp-request rules are misplaced
- MINOR: config: detect the case where a tcp-request content rule has no inspect-delay
- MEDIUM: systemd-wrapper: support multiple executable versions and names
- BUG/MEDIUM: remove debugging code from systemd-wrapper
- BUG/MEDIUM: http: adjust close mode when switching to backend
- BUG/MINOR: config: don't propagate process binding on fatal errors.
- BUG/MEDIUM: check: rule-less tcp-check must detect connect failures
- BUG/MINOR: tcp-check: report the correct failed step in the status
- DOC: indicate that weight zero is reported as DRAIN
Changes:
- BUG: config: error in http-response replace-header number of arguments
- BUG/MINOR: Fix search for -p argument in systemd wrapper.
- BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm
- BUG/MEDIUM: config: userlists should ensure that encrypted passwords are supported
- MEDIUM: connection: add new bit in Proxy Protocol V2
- BUG/MINOR: server: move the directive #endif to the end of file
- BUG/MEDIUM: http: tarpit timeout is reset
- BUG/MAJOR: tcp: fix a possible busy spinning loop in content track-sc*
- BUG/MEDIUM: http: fix inverted condition in pat_match_meth()
- BUG/MEDIUM: http: fix improper parsing of HTTP methods for use with ACLs
- BUG/MINOR: pattern: remove useless allocation of unused trash in pat_parse_reg()
- BUG/MEDIUM: acl: correctly compute the output type when a converter is used
- CLEANUP: acl: cleanup some of the redundancy and spaghetti after last fix
- BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer
2014/07/25 : 1.5.3
- DOC: fix typo in Unix Socket commands
- BUG/MEDIUM: connection: fix memory corruption when building a proxy
v2 header
- BUG/MEDIUM: ssl: Fix a memory leak in DHE key exchange
- DOC: mention that Squid correctly responds 400 to PPv2 header
- BUG/MINOR: http: base32+src should use the big endian version of base32
- BUG/MEDIUM: connection: fix proxy v2 header again!
1.5.2
-----
Two extra important issues were discovered since 1.5.1 which were fixed
in 1.5.2. The first one can cause some sample fetch combinations to fail
together in a same expression, and one artificial case (but totally
useless) may even crash the process. The second one is an incomplete
fix in 1.5-dev23 for the request body forwarding. Hash-based balancing
algorithms and http-send-name-header may fail if a request contains
a body which starts to be forwarded before the contents are used.
A few other bugs were fixed, and the max syslog line length is now
configurable per logger.
1.5.1
-----
Version 1.5.1 fixes a few bugs from 1.5.0 among which a really annoying
one which can cause some file descriptor leak when dealing with clients
which disappear from the net, resulting in the impossibility to accept
new connections after some time.
1.5.0
-----
1.5 expands 1.4 with many new features and performance improvements,
including native SSL support on both sides with SNI/NPN/ALPN and OCSP
stapling, IPv6 and UNIX sockets are supported everywhere, full HTTP
keep-alive for better support of NTLM and improved efficiency in
static farms, HTTP/1.1 compression (deflate, gzip) to save bandwidth,
PROXY protocol versions 1 and 2 on both sides, data sampling on
everything in request or response, including payload, ACLs can use
any matching method with any input sample maps and dynamic ACLs
updatable from the CLI stick-tables support counters to track
activity on any input sample custom format for logs, unique-id,
header rewriting, and redirects, improved health checks (SSL,
scripted TCP, check agent, ...), much more scalable configuration
supports hundreds of thousands of backends and certificates without
sweating.
Full changelog for the 1.5 branch:
http://www.haproxy.org/download/1.5/src/CHANGELOG
* Don't hardcode PREFIX nor PKG_SYSCONFDIR;
* Add a configtest() function to test the configuration file before restart
so lazy SysOps (me) don't have to remember command arguments;
From CHANGELOG:
- DOC: typo: nosepoll self reference in config guide
- BUG/MINOR: deinit: free fdinfo while doing cleanup
- BUG/MEDIUM: server: set the macro for server's max weight SRV_UWGHT_MAX to SRV_UWGHT_RANGE
- BUG/MINOR: use the same check condition for server as other algorithms
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN for recv()
- BUG/MINOR: fix forcing fastinter in "on-error"
- BUG/MEDIUM: http/auth: Sometimes the authentication credentials can be mix between two requests
- BUG/MAJOR: http: don't emit the send-name-header when no server is available
- BUG/MEDIUM: http: "option checkcache" fails with the no-cache header
- MEDIUM: session: disable lingering on the server when the client aborts
- MINOR: config: warn when a server with no specific port uses rdp-cookie
- MEDIUM: increase chunk-size limit to 2GB-1
- DOC: add a mention about the limited chunk size
- MEDIUM: http: add "redirect scheme" to ease HTTP to HTTPS redirection
- BUILD: proto_tcp: remove a harmless warning
- BUG/MINOR: acl: remove patterns from the tree before freeing them
- BUG/MEDIUM: checks: fix slow start regression after fix attempt
- BUG/MAJOR: server: weight calculation fails for map-based algorithms
- BUG/MINOR: backend: fix target address retrieval in transparent mode
- BUG/MEDIUM: stick: completely remove the unused flag from the store entries
- BUG/MEDIUM: stick-tables: complete the latest fix about store-responses
- BUG/MEDIUM: checks: tracking servers must not inherit the MAINT flag
- BUG/MINOR: stats: report correct throttling percentage for servers in slowstart
- BUG/MINOR: stats: correctly report throttle rate of low weight servers
- BUG/MINOR: checks: successful check completion must not re-enable MAINT servers
- BUG/MEDIUM: stats: the web interface must check the tracked servers before enabling
- BUG/MINOR: channel: initialize xfer_small/xfer_large on new buffers
- BUG/MINOR: stream-int: also consider ENOTCONN in addition to EAGAIN
- BUG/MEDIUM: http: don't start to forward request data before the connect
- DOC: fix misleading information about SIGQUIT
- BUILD: simplify the date and version retrieval in the makefile
- BUILD: prepare the makefile to skip format lines in SUBVERS and VERDATE
- BUILD: use format tags in VERDATE and SUBVERS files
ChangeLog:
- BUG/MAJOR: backend: consistent hash can loop forever in certain circumstances
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks are used
- MEDIUM: protocol: implement a "drain" function in protocol layers
- BUG/CRITICAL: fix a possible crash when using negative header occurrences
ChangeLog:
2013/04/03 : 1.4.23
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
- BUG: fix garbage data when http-send-name-header replaces an existing header
- BUG/MEDIUM: remove supplementary groups when changing gid
- BUG/MINOR: Correct logic in cut_crlf()
- BUG/MINOR: config: use a copy of the file name in proxy configurations
- BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
- MINOR: halog: sort output by cookie code
- BUG/MINOR: halog: -ad/-ac report the correct number of output lines
- BUG/MINOR: halog: fix help message for -ut/-uto
- BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel mode
- BUG/MEDIUM: command-line option -D must have precedence over "debug"
- OPTIM: halog: keep a fast path for the lines-count only
- MINOR: halog: add a parameter to limit output line count
- BUG: halog: fix broken output limitation
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
- MEDIUM: checks: prevent TIME_WAITs from appearing also on timeouts
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the back-ref list
- BUG/MINOR: http: don't report client aborts as server errors
- BUG/MINOR: http: don't log a 503 on client errors while waiting for requests
- BUG/MEDIUM: tcp: process could theorically crash on lack of source ports
- BUG/MINOR: http: don't abort client connection on premature responses
- BUILD: no need to clean up when making git-tar
- MINOR: http: always report PR-- flags for redirect rules
- BUG/MINOR: time: frequency counters are not totally accurate
- BUG/MINOR: http: don't process abortonclose when request was sent
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
- BUG/MINOR: config: fix improper check for failed memory alloc in ACL parser
- BUG/MEDIUM: checks: ensure the health_status is always within bounds
- CLEANUP: http: remove a useless null check
- BUG/MEDIUM: signal: signal handler does not properly check for signal bounds
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on memory shortage
- CLEANUP: config: slowstart is never negative
- BUILD: improve the makefile's support for libpcre
- BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
- MEDIUM: halog: add support for counting per source address (-ic)
- DOC: mention the new HTTP 307 and 308 redirect statues (cherry picked from commit b67fdc4cd8bde202f2805d98683ddab929469a05)
- MEDIUM: poll: do not use FD_* macros anymore
- BUG/MAJOR: ev_select: disable the select() poller if maxsock > FD_SETSIZE
- BUILD: enable poll() by default in the makefile
- BUILD: add explicit support for Mac OS/X
- BUG/CRITICAL: using HTTP information in tcp-request content may crash the process
- MEDIUM: http: implement redirect 307 and 308
- MINOR: http: status 301 should not be marked non-cacheable
- BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on full-length matches
ChangeLog:
2012/05/21 : 1.4.21
- MINOR: patch for minor typo (ressources/resources)
- CLEANUP: fix typo in findserver() log message
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: stats admin: allow unordered parameters in POST requests
- MINOR: stats admin: use the backend id instead of its name in the form
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- BUG/MAJOR: possible crash when using capture headers on TCP frontends
- MINOR: config: disable header captures in TCP mode and complain
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- CLEANUP: remove a few warning about unchecked return values in debug code
- CLEANUP: http: remove unused http_msg->col
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs too
- BUILD: http: stop gcc-4.1.2 from complaining about possibly uninitialized values
- BUG/MINOR: stop connect timeout when connect succeeds
2012/03/10 : 1.4.20
- BUG/MINOR: fix typo in processing of http-send-name-header
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line (cherry picked from commit 615674cdec067066a42f53f5d55628ab7b207e6c)
- BUILD: fix build error on FreeBSD
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on partial writes
- DOC: enumerate valid status codes for "observe layer7"
- BUILD: make it possible to look for pcre in the default system paths
Changes:
- MEDIUM: http: add support for sending the server's name in the outgoing request
- BUG/MINOR: fix options forwardfor if-none when an alternative header name is specified
- MINOR: task: new function task_schedule() to schedule a wake up
- BUG/MEDIUM: checks: fix slowstart behaviour when server tracking is in use
- BUG: tcp: option nolinger does not work on backends
- BUG: ebtree: ebst_lookup() could return the wrong entry
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP requests
- CLEANUP: ebtree: remove a few annoying signedness warnings
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates insertion code
- CLEANUP: ebtree: remove another typo, a wrong initialization in insertion code
- BUG: proto_tcp: set AF_INET on tproxy for use with recent kernels
- MINOR: halog: add support for matching queued requests
- BUG: http: tighten the list of allowed characters in a URI
availability, load balancing, and proxying for TCP and HTTP-based
applications. It is particularly suited for web sites crawling under
very high loads while needing persistence or Layer7 processing.
Supporting tens of thousands of connections is clearly realistic with
todays hardware.
