From 80c8bc355b415a151fd7de1583838d4e35adf132 Mon Sep 17 00:00:00 2001 From: Anton Novojilov Date: Sat, 2 Nov 2024 12:43:48 +0300 Subject: [PATCH] Update HAProxy to the latest versions --- specs/haproxy/haproxy.spec | 127 ++++++++++++++++++++++++++++++++++- specs/haproxy/haproxy26.spec | 73 +++++++++++++++++++- specs/haproxy/haproxy28.spec | 102 +++++++++++++++++++++++++++- specs/haproxy/haproxy30.spec | 127 ++++++++++++++++++++++++++++++++++- 4 files changed, 421 insertions(+), 8 deletions(-) diff --git a/specs/haproxy/haproxy.spec b/specs/haproxy/haproxy.spec index 6057b1a72..b71540adc 100644 --- a/specs/haproxy/haproxy.spec +++ b/specs/haproxy/haproxy.spec @@ -14,7 +14,7 @@ %define lua_ver 5.4.7 %define pcre_ver 10.44 -%define openssl_ver 3.2.2 +%define openssl_ver 3.2.3 %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -22,7 +22,7 @@ Name: haproxy Summary: TCP/HTTP reverse proxy for high availability environments -Version: 3.0.3 +Version: 3.0.5 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -216,6 +216,129 @@ fi ################################################################################ %changelog +* Sat Nov 02 2024 Anton Novojilov - 3.0.5-0 +- BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and + leak +- BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set +- BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending + path +- BUILD: mux-pt: Use the right name for the sedesc variable +- BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect +- BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC +- BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC +- BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content +- BUG/MEDIUM: http-ana: Report error on write error waiting for the response +- BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams +- BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream +- BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync +- BUG/MINOR: fcgi-app: handle a possible strdup() failure +- DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted +- BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn +- BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc +- BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() +- BUG/MINOR: trace: automatically start in waiting mode with "start " +- BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion +- BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE +- BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails +- BUG/MINOR: proto_tcp: keep error msg if listen() fails +- MINOR: channel: implement ci_insert() function +- BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI +- REGTESTS: mcli: test the pipelined commands on master CLI +- BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID +- BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails +- BUG/MINOR: h3: properly reject too long header responses +- BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity +- BUG/MINOR: pattern: pat_ref_set: return 0 if err was found +- DOC: config: correct the table for option tcplog +- BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list +- BUILD: quic: 32bits build broken by wrong integer conversions for printf() +- BUG/MEDIUM: clock: also update the date offset on time jumps +- MINOR: tools: Implement ipaddrcpy(). +- MINOR: quic: Implement quic_tls_derive_token_secret(). +- MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD +- MINOR: quic: Token for future connections implementation. +- BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder +- MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct) +- MINOR: quic: Implement qc_ssl_eary_data_accepted(). +- MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event. +- BUG/MEDIUM: quic: always validate sender address on 0-RTT +- BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC) +- BUG/MINOR: quic: Too short datagram during packet building failures + (aws-lc only) +- DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line +- REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load +- BUG/MEDIUM: clock: detect and cover jumps during execution +- BUG/MINOR: pattern: prevent const sample from being tampered in + pat_match_beg() +- BUG/MEDIUM: pattern: prevent UAF on reused pattern expr +- BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state +- BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is + established +- BUG/MINOR: pattern: do not leave a leading comma on "set" error messages +- MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option +- BUG/MINOR: polling: fix time reporting when using busy polling +- BUG/MINOR: clock: make time jump corrections a bit more accurate +- BUG/MINOR: clock: validate that now_offset still applies to the current date +- BUG/MEDIUM: queue: implement a flag to check for the dequeuing +- BUG/MINOR: peers: local entries updates may not be advertised after resync +- DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options +- BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send +- BUG/MEDIUM: cache/stats: Wait to have the request before sending the response +- BUG/MEDIUM: promex: Wait to have the request before sending the response +- BUG/MINOR: cfgparse-listen: fix option httpslog override warning message +- MINOR: quic: convert qc_stream_desc release field to flags +- MINOR: quic: implement function to check if STREAM is fully acked +- BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM +- BUG/MINOR: quic: prevent freeze after early QCS closure + +* Sat Nov 02 2024 Anton Novojilov - 3.0.4-0 +- MINOR: proto: extend connection thread rebind API +- BUILD: listener: silence a build warning about unused value without threads +- BUG/MEDIUM: quic: prevent crash on accept queue full +- CLEANUP: proto: rename TID affinity callbacks +- CLEANUP: quic: rename TID affinity elements +- BUG/MINOR: session: Eval L4/L5 rules defined in the default section +- BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts +- DOC: install: don't reference removed CPU arg +- BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path +- BUG/MAJOR: mux-h2: force a hard error upon short read with pending error +- DOC: configuration: issuers-chain-path not compatible with OCSP +- DOC: config: improve the http-keep-alive section +- BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter +- BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution +- BUG/MINOR: cli: Atomically inc the global request counter between CLI commands +- BUG/MINOR: quic: Non optimal first datagram. +- MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface +- BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) +- BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature +- MINOR: quic: Dump TX in flight bytes vs window values ratio. +- MINOR: quic: Add information to "show quic" for CUBIC cc. +- MEDIUM: h1: allow to preserve keep-alive on T-E + C-L +- MINOR: queue: add a function to check for TOCTOU after queueing +- BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() +- MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) +- BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn +- Revert "MEDIUM: sink: don't set NOLINGER flag on the outgoing stream + interface" +- MEDIUM: log: relax some checks and emit diag warnings instead in + lf_expr_postcheck() +- DOC: quic: fix default minimal value for max window size +- MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status +- BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding +- BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer + ready +- BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry +- BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown +- BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli +- BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. +- BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered +- MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places +- BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf +- BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) +- BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns +- BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in + mux_pt_shut() + * Sat Aug 17 2024 Anton Novojilov - 3.0.3-0 - BUG/MINOR: log: fix broken '+bin' logformat node option - DEBUG: hlua: distinguish burst timeout errors from exec timeout errors diff --git a/specs/haproxy/haproxy26.spec b/specs/haproxy/haproxy26.spec index 8671a7638..bb614723c 100644 --- a/specs/haproxy/haproxy26.spec +++ b/specs/haproxy/haproxy26.spec @@ -18,7 +18,7 @@ %define lua_ver 5.4.7 %define pcre_ver 10.44 -%define openssl_ver 3.0.14 +%define openssl_ver 3.0.15 %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -26,7 +26,7 @@ Name: haproxy%{comp_ver} Summary: TCP/HTTP reverse proxy for high availability environments -Version: 2.6.18 +Version: 2.6.19 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -220,6 +220,75 @@ fi ################################################################################ %changelog +* Fri Nov 01 2024 Anton Novojilov - 2.6.19-0 +- BUG/MEDIUM: cli: fix cli_output_msg() regression +- BUG/MINOR: quic: fix computed length of emitted STREAM frames +- DOC/MINOR: management: add missed -dR and -dv options +- DOC: management: rename show stats domain cli "dns" to "resolvers" +- DOC: configuration: fix alphabetical order of bind options +- SCRIPTS: git-show-backports: do not truncate git-show output +- BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure +- BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure +- BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() +- BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid +- BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid +- DOC: configuration: more details about the master-worker mode +- MEDIUM: ssl: initialize the SSL stack explicitely +- MINOR: mux-h2/traces: explicitly show the error/refused stream states +- REGTESTS: add a test to ensure map-ordering is preserved +- MINOR: quic: Add packet loss and maximum cc window to "show quic" +- MINOR: quic: Add a counter for reordered packets +- BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) +- BUG/MINOR: jwt: don't try to load files with HMAC algorithm +- BUG/MINOR: jwt: fix variable initialisation +- BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature +- BUG/MINOR: h1: Fail to parse empty transfer coding names +- BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value +- BUG/MEDIUM: h1: Reject empty Transfer-encoding header +- BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current + thread +- BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter +- BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution +- BUG/MINOR: cli: Atomically inc the global request counter between CLI commands +- MINOR: queue: add a function to check for TOCTOU after queueing +- BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() +- MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) +- BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn +- DOC: configuration: update maxconn description +- DOC: configuration: issuers-chain-path not compatible with OCSP +- DOC: config: improve the http-keep-alive section +- BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer + ready +- BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli +- BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content +- BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams +- BUG/MINOR: fcgi-app: handle a possible strdup() failure +- BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn +- CLEANUP: trace: remove the QUIC-specific ifdefs +- BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc +- BUG/MINOR: trace: automatically start in waiting mode with "start " +- BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion +- BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE +- BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails +- BUG/MINOR: proto_tcp: keep error msg if listen() fails +- REGTESTS: mcli: test the pipelined commands on master CLI +- BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID +- BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails +- BUG/MINOR: h3: properly reject too long header responses +- DOC: config: correct the table for option tcplog +- BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity +- BUG/MINOR: pattern: pat_ref_set: return 0 if err was found +- BUG/MINOR: pattern: do not leave a leading comma on "set" error messages +- REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load +- BUG/MINOR: pattern: prevent const sample from being tampered in + pat_match_beg() +- BUG/MEDIUM: pattern: prevent UAF on reused pattern expr +- BUG/MINOR: polling: fix time reporting when using busy polling +- BUG/MEDIUM: queue: implement a flag to check for the dequeuing +- BUG/MEDIUM: cache/stats: Wait to have the request before sending the response +- BUG/MEDIUM: promex: Wait to have the request before sending the response +- BUG/MINOR: cfgparse-listen: fix option httpslog override warning message + * Sat Aug 17 2024 Anton Novojilov - 2.6.18-0 - BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs - BUG/MEDIUM: mux-quic: report early error on stream diff --git a/specs/haproxy/haproxy28.spec b/specs/haproxy/haproxy28.spec index c65d7e3fc..105d38de4 100644 --- a/specs/haproxy/haproxy28.spec +++ b/specs/haproxy/haproxy28.spec @@ -18,7 +18,7 @@ %define lua_ver 5.4.7 %define pcre_ver 10.44 -%define openssl_ver 3.1.6 +%define openssl_ver 3.1.7 %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -26,7 +26,7 @@ Name: haproxy%{comp_ver} Summary: TCP/HTTP reverse proxy for high availability environments -Version: 2.8.10 +Version: 2.8.11 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -220,6 +220,104 @@ fi ################################################################################ %changelog +* Sat Nov 02 2024 Anton Novojilov - 2.8.11-0 +- BUG/MINOR: quic: fix computed length of emitted STREAM frames +- BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit() +- BUG/MINOR: proxy: fix log_tag leak on deinit() +- BUG/MINOR: proxy: fix check_{command,path} leak on deinit() +- BUG/MINOR: proxy: fix dyncookie_key leak on deinit() +- BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit() +- BUG/MINOR: proxy: fix header_unique_id leak on deinit() +- DOC/MINOR: management: add missed -dR and -dv options +- DOC: management: rename show stats domain cli "dns" to "resolvers" +- DOC: configuration: fix alphabetical order of bind options +- SCRIPTS: git-show-backports: do not truncate git-show output +- DOC: api/event_hdl: small updates, fix an example and add some precisions +- BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission +- BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure +- BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure +- BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() +- MINOR: activity: make the memory profiling hash size configurable at build + time +- BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid +- BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid +- BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() +- BUG/MINOR: quic: fix race condition in qc_check_dcid() +- BUG/MINOR: quic: fix race-condition on trace for CID retrieval +- BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking +- DOC: configuration: more details about the master-worker mode +- MEDIUM: ssl: initialize the SSL stack explicitely +- BUG/MINOR: jwt: don't try to load files with HMAC algorithm +- DOC: configuration: update maxconn description +- BUG/MINOR: jwt: fix variable initialisation +- BUG/MINOR: h1: Fail to parse empty transfer coding names +- BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value +- BUG/MEDIUM: h1: Reject empty Transfer-encoding header +- BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current + thread +- BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past +- BUG/MINOR: session: Eval L4/L5 rules defined in the default section +- BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts +- BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path +- DOC: configuration: issuers-chain-path not compatible with OCSP +- DOC: config: improve the http-keep-alive section +- BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter +- BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution +- BUG/MINOR: cli: Atomically inc the global request counter between CLI commands +- BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) +- BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature +- MINOR: queue: add a function to check for TOCTOU after queueing +- BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() +- MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) +- BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn +- BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer + ready +- BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli +- BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered +- BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set +- BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content +- BUG/MEDIUM: http-ana: Report error on write error waiting for the response +- BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams +- BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream +- BUG/MINOR: fcgi-app: handle a possible strdup() failure +- BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn +- BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc +- BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() +- BUG/MINOR: trace: automatically start in waiting mode with "start " +- BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion +- BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE +- BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails +- BUG/MINOR: proto_tcp: keep error msg if listen() fails +- MINOR: channel: implement ci_insert() function +- BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI +- REGTESTS: mcli: test the pipelined commands on master CLI +- BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID +- BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails +- BUG/MINOR: h3: properly reject too long header responses +- DOC: config: correct the table for option tcplog +- BUG/MEDIUM: clock: also update the date offset on time jumps +- BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending + path +- BUG/MINOR: stconn: Request to send something to be woken up when the pipe is + full +- BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity +- BUG/MINOR: pattern: pat_ref_set: return 0 if err was found +- BUG/MINOR: pattern: do not leave a leading comma on "set" error messages +- DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line +- REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load +- BUG/MEDIUM: clock: detect and cover jumps during execution +- BUG/MINOR: pattern: prevent const sample from being tampered in + pat_match_beg() +- BUG/MEDIUM: pattern: prevent UAF on reused pattern expr +- BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state +- BUG/MINOR: polling: fix time reporting when using busy polling +- BUG/MINOR: clock: make time jump corrections a bit more accurate +- BUG/MINOR: clock: validate that now_offset still applies to the current date +- BUG/MEDIUM: queue: implement a flag to check for the dequeuing +- BUG/MEDIUM: cache/stats: Wait to have the request before sending the response +- BUG/MEDIUM: promex: Wait to have the request before sending the response +- BUG/MINOR: cfgparse-listen: fix option httpslog override warning message + * Sat Aug 17 2024 Anton Novojilov - 2.8.10-0 - BUG/MINOR: cli: Report an error to user if command or payload is too big - BUG/MINOR: listener: always assign distinct IDs to shards diff --git a/specs/haproxy/haproxy30.spec b/specs/haproxy/haproxy30.spec index 6ced9ac45..531418657 100644 --- a/specs/haproxy/haproxy30.spec +++ b/specs/haproxy/haproxy30.spec @@ -18,7 +18,7 @@ %define lua_ver 5.4.7 %define pcre_ver 10.44 -%define openssl_ver 3.2.2 +%define openssl_ver 3.2.3 %define ncurses_ver 6.4 %define readline_ver 8.2 @@ -26,7 +26,7 @@ Name: haproxy%{comp_ver} Summary: TCP/HTTP reverse proxy for high availability environments -Version: 3.0.3 +Version: 3.0.5 Release: 0%{?dist} License: GPLv2+ URL: https://haproxy.1wt.eu @@ -220,6 +220,129 @@ fi ################################################################################ %changelog +* Sat Nov 02 2024 Anton Novojilov - 3.0.5-0 +- BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and + leak +- BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set +- BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending + path +- BUILD: mux-pt: Use the right name for the sedesc variable +- BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect +- BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC +- BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC +- BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content +- BUG/MEDIUM: http-ana: Report error on write error waiting for the response +- BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams +- BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream +- BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync +- BUG/MINOR: fcgi-app: handle a possible strdup() failure +- DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted +- BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn +- BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc +- BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED() +- BUG/MINOR: trace: automatically start in waiting mode with "start " +- BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion +- BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE +- BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails +- BUG/MINOR: proto_tcp: keep error msg if listen() fails +- MINOR: channel: implement ci_insert() function +- BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI +- REGTESTS: mcli: test the pipelined commands on master CLI +- BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID +- BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails +- BUG/MINOR: h3: properly reject too long header responses +- BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity +- BUG/MINOR: pattern: pat_ref_set: return 0 if err was found +- DOC: config: correct the table for option tcplog +- BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list +- BUILD: quic: 32bits build broken by wrong integer conversions for printf() +- BUG/MEDIUM: clock: also update the date offset on time jumps +- MINOR: tools: Implement ipaddrcpy(). +- MINOR: quic: Implement quic_tls_derive_token_secret(). +- MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD +- MINOR: quic: Token for future connections implementation. +- BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder +- MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct) +- MINOR: quic: Implement qc_ssl_eary_data_accepted(). +- MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event. +- BUG/MEDIUM: quic: always validate sender address on 0-RTT +- BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC) +- BUG/MINOR: quic: Too short datagram during packet building failures + (aws-lc only) +- DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line +- REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load +- BUG/MEDIUM: clock: detect and cover jumps during execution +- BUG/MINOR: pattern: prevent const sample from being tampered in + pat_match_beg() +- BUG/MEDIUM: pattern: prevent UAF on reused pattern expr +- BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state +- BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is + established +- BUG/MINOR: pattern: do not leave a leading comma on "set" error messages +- MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option +- BUG/MINOR: polling: fix time reporting when using busy polling +- BUG/MINOR: clock: make time jump corrections a bit more accurate +- BUG/MINOR: clock: validate that now_offset still applies to the current date +- BUG/MEDIUM: queue: implement a flag to check for the dequeuing +- BUG/MINOR: peers: local entries updates may not be advertised after resync +- DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options +- BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send +- BUG/MEDIUM: cache/stats: Wait to have the request before sending the response +- BUG/MEDIUM: promex: Wait to have the request before sending the response +- BUG/MINOR: cfgparse-listen: fix option httpslog override warning message +- MINOR: quic: convert qc_stream_desc release field to flags +- MINOR: quic: implement function to check if STREAM is fully acked +- BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM +- BUG/MINOR: quic: prevent freeze after early QCS closure + +* Sat Nov 02 2024 Anton Novojilov - 3.0.4-0 +- MINOR: proto: extend connection thread rebind API +- BUILD: listener: silence a build warning about unused value without threads +- BUG/MEDIUM: quic: prevent crash on accept queue full +- CLEANUP: proto: rename TID affinity callbacks +- CLEANUP: quic: rename TID affinity elements +- BUG/MINOR: session: Eval L4/L5 rules defined in the default section +- BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts +- DOC: install: don't reference removed CPU arg +- BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path +- BUG/MAJOR: mux-h2: force a hard error upon short read with pending error +- DOC: configuration: issuers-chain-path not compatible with OCSP +- DOC: config: improve the http-keep-alive section +- BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter +- BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution +- BUG/MINOR: cli: Atomically inc the global request counter between CLI commands +- BUG/MINOR: quic: Non optimal first datagram. +- MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface +- BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) +- BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature +- MINOR: quic: Dump TX in flight bytes vs window values ratio. +- MINOR: quic: Add information to "show quic" for CUBIC cc. +- MEDIUM: h1: allow to preserve keep-alive on T-E + C-L +- MINOR: queue: add a function to check for TOCTOU after queueing +- BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() +- MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) +- BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn +- Revert "MEDIUM: sink: don't set NOLINGER flag on the outgoing stream + interface" +- MEDIUM: log: relax some checks and emit diag warnings instead in + lf_expr_postcheck() +- DOC: quic: fix default minimal value for max window size +- MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status +- BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding +- BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer + ready +- BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry +- BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown +- BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli +- BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. +- BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered +- MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places +- BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf +- BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) +- BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns +- BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in + mux_pt_shut() + * Sat Aug 17 2024 Anton Novojilov - 3.0.3-0 - BUG/MINOR: log: fix broken '+bin' logformat node option - DEBUG: hlua: distinguish burst timeout errors from exec timeout errors