Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

haproxy-2.6.2+git0.16a3646fd-1.1 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: haproxy Distribution: openSUSE Tumbleweed
Version: 2.6.2+git0.16a3646fd Vendor: openSUSE
Release: 1.1 Build date: Sun Jul 31 23:29:59 2022
Group: Productivity/Networking/Web/Proxy Build host: obs-arm-10
Size: 7139319 Source RPM: haproxy-2.6.2+git0.16a3646fd-1.1.src.rpm
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
HAProxy implements an event-driven, mono-process model which enables support
for very high number of simultaneous connections at very high speeds.
Multi-process or multi-threaded models can rarely cope with thousands of
connections because of memory limits, system scheduler limits, and lock
contention everywhere. Event-driven models do not have these problems because
implementing all the tasks in user-space allows a finer resource and time
management. The down side is that those programs generally don't scale well on
multi-processor systems. That's the reason why they must be optimized to get
the most work done from every CPU cycle.




GPL-3.0+ and LGPL-2.1+


* Thu Jul 28 2022
  - Update to version 2.6.2+git0.16a3646fd:
    * [RELEASE] Released version 2.6.2
    * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible
    * BUILD: quic: fix anonymous union for gcc-4.4
    * BUG/MEDIUM: stconn: Only reset connect expiration when processing backend side
    * BUILD: add detection for unsupported compiler models
    * BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload
    * BUG/MAJOR: mux_quic: fix invalid PROTOCOL_VIOLATION on POST data overlap
    * BUG/MINOR: mworker/cli: relative pid prefix not validated anymore
    * BUG/MINOR: quic: do not send CONNECTION_CLOSE_APP in initial/handshake
    * BUG/MINOR: tools: fix statistical_prng_range()'s output range
    * BUG/MINOR: ssl: allow duplicate certificates in ca-file directories
    * BUG/MINOR: resolvers: shut off the warning for the default resolvers
    * MINOR: resolvers: resolvers_destroy() deinit and free a resolver
    * BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2)
    * BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX
    * BUG/MEDIUM: tools: avoid calling dlsym() in static builds
    * BUG/MINOR: debug: enter ha_panic() only once
    * BUG/MEDIUM: cli/threads: make "show threads" more robust on applets
    * BUG/MINOR: quic: fix closing state on NO_ERROR code sent
    * BUG/MEDIUM: mux-quic: fix server chunked encoding response
    * CLEANUP: h2: Typo fix in h2_unsubcribe() traces
    * MINOR: qpack: properly handle invalid dynamic table references
    * MINOR: h3: handle errors on HEADERS parsing/QPACK decoding
    * MINOR: h3: add h3c pointer into h3s instance
    * BUG/MINOR: mux-quic: do not signal FIN if gap in buffer
    * MINOR: ncbuf: implement ncb_is_fragmented()
    * MINOR: quic: Increase the QUIC connections RX buffer size (upto 64Kb)
    * MINOR: quic: Improvements for the datagrams receipt
    * MINOR: task: Add tasklet_wakeup_after()
    * MINOR: quic: Duplicated QUIC_RX_BUFSZ definition
    * MINOR: quic: Add new stats counter to diagnose RX buffer overrun
    * BUG/MINOR: quic: Dropped packets not counted (with RX buffers full)
    * BUILD: quic+h3: 32-bit compilation errors fixes
    * BUG/MAJOR: quic: Big RX dgrams leak with POST requests
    * BUG/MAJOR: quic: Big RX dgrams leak when fulfilling a buffer
    * BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer
    * BUG/MINOR: quic: Missing acknowledgments for trailing packets
    * MEDIUM: mworker: set the iocb of the socketpair without using fd_insert()
    * BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send
    * BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state
    * BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer
    * REGTEESTS: filters: Fix CONNECT request in random-forwarding script
    * BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream
    * MINOR: http-htx: Use new HTTP functions for the scheme based normalization
    * BUG/MEDIUM: h1: Improve authority validation for CONNCET request
    * MINOR: http: Add function to detect default port
    * MINOR: http: Add function to get port part of a host
    * BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo
    * BUG/MINOR: peers: fix possible NULL dereferences at config parsing
    * BUG/MINOR: http-act: Properly generate 103 responses when several rules are used
    * BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule
    * BUG/MINOR: peers/config: always fill the bind_conf's argument
    * MINOR: fd: Add BUG_ON checks on fd_insert()
    * CI: re-enable gcc asan builds
    * BUILD: Makefile: Add Lua 5.4 autodetect
    * BUG/MEDIUM: ssl/fd: unexpected fd close using async engine
    * MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD
    * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch
    * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created
    * BUG/MINOR: ssl: Do not look for key in extra files if already in pem
    * MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames
  - drop lua54.patch (upstream)
* Sat Jul 09 2022
  - Update to version 2.6.1+git0.f6ca66d44:
    * [RELEASE] Released version 2.6.1
    * REGTESTS: ssl: add the same cert for client/server
    * BUG/MEDIUM: mworker: use default maxconn in wait mode
    * BUG/MINOR: quic: Acknowledgement must be forced during handshake
    * BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list
    * BUG/MINOR: quic: free rejected Rx packets
    * BUG/MINOR: quic: purge conn Rx packet list on release
    * BUG/MINOR: quic_stats: Duplicate "quic_streams_data_blocked_bidi" field name
    * BUG/MINOR: quic: Unexpected half open connection counter wrapping
    * BUG/MINOR: log: Properly test connection retries to fix dontlog-normal option
    * MINOR: stream: Rely on stconn flags to abort stream destructive upgrade
    * BUG/MEDIUM: stream: Properly handle destructive client connection upgrades
    * BUG/MINOR: task: fix thread assignment in tasklet_kill()
    * BUG/MINOR: quic: Wrong PTO calculation
    * BUG/MINOR: quic: Stop hardcoding Retry packet Version field
    * BUG/BUILD: h3: fix wrong label name
    * BUG/MINOR: h3/qpack: deal with too many headers
    * MINOR: qpack: add comments and remove a useless trace
    * BUG/MINOR: qpack: support header litteral name decoding
    * BUG/MEDIUM: mux-quic: fix segfault on flow-control frame cleanup
    * BUG/MEDIUM: cli: Notify cli applet won't consume data during request processing
    * BUG/MEDIUM: stconn: Don't wakeup applet for send if it won't consume data
    * BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration
    * BUG/MINOR: mux-quic: fix memleak on frames rejected by transport
    * BUG/MEDIUM: mux-quic: fix flow control connection Tx level
    * BUG/MINOR: cli/stats: add missing trailing LF after "show info json"
    * BUG/MINOR: server: do not enable DNS resolution on disabled proxies
    * BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs
    * BUG/MINOR: h3: fix frame type definition
    * REGTESTS: healthcheckmail: Relax health-check failure condition
    * REGTESTS: healthcheckmail: Update the test to be functionnal again
    * BUG/MINOR: checks: Properly handle email alerts in trace messages
    * BUG/MINOR: trace: Test server existence for health-checks to get proxy
    * BUG/MEDIUM: mailers: Set the object type for check attached to an email alert
    * BUILD: compiler: implement unreachable for older compilers too
    * REGTESTS: restrict_req_hdr_names: Extend supported versions
    * REGTESTS: http_abortonclose: Extend supported versions
    * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_crlfile I/O handler
    * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cafile I/O handler
    * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler
    * BUG/MINOR: ssl_ckch: Init right field when parsing "commit ssl crl-file" cmd
    * BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield
    * BUG/MINOR: ssl_ckch: Dump CA transaction only once if show command yield
    * BUG/MINOR: ssl_ckch: Dump CRL transaction only once if show command yield
    * BUG/MINOR: ssl_ckch: Use right type for old entry in show_crlfile_ctx
    * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients
    * REGTESTS: abortonclose: Add a barrier to not mix up log messages
    * MEDIUM: httpclient: Don't close CLI applet at the end of a response
    * MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs
    * BUG/MEDIUM: httpclient: Rework CLI I/O handler to handle full buffer cases
    * BUG/MEDIUM: httpclient: Don't remove HTX header blocks before duplicating them
    * BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases
    * BUG/MEDIUM: ssl_ckch: Rework 'commit ssl ca-file' to handle full buffer cases
    * BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases
    * BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a CA/CRL entry
    * BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry
    * BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified
    * BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified
    * BUG/MINOR: ssl_ckch: Free error msg if commit changes on a CA/CRL entry fails
    * BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails
* Tue May 31 2022
  - Update to version 2.6.0+git0.a1efc048b:
  - refreshed patches
    - haproxy-1.6.0-makefile_lib.patch
    - haproxy-1.6.0-sec-options.patch
    - haproxy-1.6.0_config_haproxy_user.patch
    - lua54.patch
* Fri May 13 2022
  - Update to version 2.5.7+git0.2ef551d02:
    * [RELEASE] Released version 2.5.7
    * CLEANUP: mux-h1: Fix comments and error messages for global options
    * MINOR: mux-h1: Add global option accpet payload for any HTTP/1.0 requests
    * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized
    * CLEANUP: applet: make appctx_new() initialize the whole appctx
    * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path
    * DOC/MINOR: fix typos in the lua-api document
    * BUG/MEDIUM: lua: fix argument handling in data removal functions
    * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes).
    * DOC: install: update gcc version requirements
    * BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-(
    * BUILD: listener: shut report of possible null-deref in listener_accept()
    * BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings
    * BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation
    * BUG/MINOR: ssl: Fix typos in crl-file related CLI commands
    * CI: dynamically determine actual version of h2spec
    * DOC: fix typo "ant" for "and" in INSTALL
    * BUG/MINOR: ssl/cli: fix "show ssl cert" not to mix cli+ssl contexts
    * BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts
    * BUG/MINOR: ssl/cli: fix "show ssl ca-file <name>" not to mix cli+ssl contexts
    * BUG/MINOR: ssl/cli: fix "show ssl ca-file/crl-file" not to mix cli+ssl contexts
    * BUG/MEDIUM: ssl/cli: fix yielding in show_cafile_detail
    * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init
    * BUG/MINOR: map/cli: protect the backref list during "show map" errors
    * BUG/MINOR: proxy/cli: don't enumerate internal proxies on "show backend"
    * BUG/MEDIUM: cli: make "show cli sockets" really yield
    * BUG/MEDIUM: resolvers: make "show resolvers" properly yield
    * BUG/MINOR: startup: usage() when no -cc arguments
    * BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port]
    * DOC: config: Update doc for PR/PH session states to warn about rewrite failures
    * MINOR: mux-h2: report a trace event when failing to create a new stream
    * BUG/MINOR: mux-h2: mark the stream as open before processing it not after
    * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket
    * BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified
    * BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message
    * SCRIPTS: announce-release: add URL of dev packages
    * CI: github actions: update LibreSSL to 3.5.2
    * BUG/MEDIUM: httpclient: Fix loop consuming HTX blocks from the response channel
    * MINOR: ssl: add a new global option "tune.ssl.hard-maxrecord"
    * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all()
    * BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit()
    * BUG/MEDIUM: http-ana: Fix memleak in redirect rules with ignore-empty option
    * MINOR: connection: Add way to disable active connection closing during soft-stop
    * BUILD: compiler: properly distinguish weak and global symbols
* Tue Apr 26 2022
  - Update to version 2.5.6+git0.ba44b4312:
    * [RELEASE] Released version 2.5.6
    * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc
    * BUG/MINOR: connection: "connection:close" header added despite 'close-spread-time'
    * BUG/MINOR: sample: add missing use_backend/use-server contexts in smp_resolve_args
    * Revert "CI: github actions: disable -Wno-deprecated"
    * BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments
    * BUG/MEDIUM: rules: Be able to use captures defined in defaults section
    * BUG/MINOR: rules: Forbid captures in defaults section if used by a backend
    * DOC: remove my name from the config doc
    * MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks
    * MINOR: task: add a new task_instant_wakeup() function
    * BUG/MAJOR: connection: Never remove connection from idle lists outside the lock
    * BUG/MINOR: cache: Disable cache if applet creation fails
    * BUILD: calltrace: fix wrong include when building with TRACE=1
    * SCRIPTS: announce-release: add shortened links to pending issues
    * DOC: lua: update a few doc URLs
    * SCRIPTS: announce-release: update the doc's URL
    * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags
    * BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added
    * BUG/MEDIUM: stream: do not abort connection setup too early
    * BUILD: compiler: use a more portable set of asm(".weak") statements
    * BUILD: sched: workaround crazy and dangerous warning in Clang 14
    * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers
    * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive
    * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side
    * BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak
    * BUG/MINOR: cache: do not display expired entries in "show cache"
    * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent
    * CI: cirrus: switch to FreeBSD-13.0
    * CI: github actions: disable -Wno-deprecated
    * BUG/MINOR: stats: define the description' background color in dark color scheme
    * CI: Update to actions/cache@v3
    * CI: Update to actions/checkout@v3
    * MEDIUM: global: Add a "close-spread-time" option to spread soft-stop on time window
    * Revert "BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time"
    * MAJOR: opentracing: reenable usage of vars to transmit opentracing context
    * DEBUG: opentracing: display the contents of the err variable after setting
    * CLEANUP: opentracing: added FLT_OT_PARSE_INVALID_enum enum
    * DEBUG: opentracing: show return values of all functions in the debug output
    * MINOR: opentracing: improved normalization of context variable names
    * CLEANUP: opentracing: added variable to store variable length
    * CLEANUP: opentracing: added flt_ot_smp_init() function
    * MINOR: opentracing: only takes the variables lock on shared entries
    * Revert "MINOR: opentracing: change the scope of the variable 'ot.uuid' from 'sess' to 'txn'"
    * CLEANUP: opentracing: removed unused function flt_ot_var_get()
    * CLEANUP: opentracing: removed unused function flt_ot_var_unset()
    * DOC: opentracing: corrected comments in function descriptions
    * EXAMPLES: opentracing: refined shell scripts for testing filter performance
    * BUG/BUILD: opentracing: fixed OT_DEFINE variable setting
    * BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set()
    * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
    * BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples
    * BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached
    * BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message
    * BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet
    * BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message
    * BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests
    * BUG/MINOR: httpclient: end callback in applet release
    * BUG/MINOR: ssl/cli: Remove empty lines from CLI output
    * CI: github actions: update OpenSSL to 3.0.2
    * DOC: remove double blanks in configuration.txt
    * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream
    * BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads
    * BUG/MINOR: samples: add missing context names for sample fetch functions
    * REGTESTS: ssl: use X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY for cert check
    * BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing
    * BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing
    * DOC: reflect H2 timeout changes
    * BUG/MINOR: tools: url2sa reads too far when no port nor path
    * DOC: config: Explictly add supported MQTT versions
    * MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1
    * BUG/MINOR: rules: Initialize the list element when allocating a new rule
    * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts
    * MEDIUM: mux-h2: slightly relax timeout management rules
    * BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner
    * BUG/MEDIUM: stream-int: do not rely on the connection error once established
    * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf
    * CI: github actions: switch to LibreSSL-3.5.1
    * BUG/MINOR: httpclient: CF_SHUTW_NOW should be tested with channel_is_empty()
    * BUG/MINOR: httpclient: process the response when received before the end of the request
    * BUG/MINOR: httpclient: only check co_data() instead of HTTP_MSG_DATA
    * BUG/MINOR: server/ssl: free the SNI sample expression
    * BUILD: httpclient: fix build without SSL
    * BUG/MINOR: httpclient: send the SNI using the host header
    * MINOR: server: export server_parse_sni_expr() function
    * BUG/MINOR: httpclient/lua: stuck when closing without data
    * BUG/MINOR: tools: fix url2sa return value with IPv4
* Mon Mar 14 2022
  - Update to version 2.5.5+git0.384c5c59a:
    * [RELEASE] Released version 2.5.5
    * REGTESTS: fix the race conditions in be2hex.vtc
    * BUG/MEDIUM: httpclient: must manipulate head, not first
    * BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
    * BUG/MINOR: httpclient: consume partly the blocks when necessary
    * CLEANUP: htx: remove unused co_htx_remove_blk()
    * BUG/MEDIUM: httpclient: don't consume data before it was analyzed
    * BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
    * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
    * DEBUG: stream: Fix stream trace message to print response buffer state
    * DEBUG: stream: Add the missing descriptions for stream trace events
    * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
    * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
    * BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
    * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
    * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
    * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
    * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
    * BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
    * BUG/MINOR: cli: shows correct mode in "show sess"
    * BUG/MINOR: add missing modes in proxy_mode_str()
    * BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
    * BUILD: pools: fix backport of no-memory-trimming on non-linux OS
    * MINOR: stats: Add dark mode support for socket rows
    * MINOR: pools: add a new global option "no-memory-trimming"
    * BUILD: fix kFreeBSD build.
    * BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
    * BUG/MINOR: pool: always align pool_heads to 64 bytes
    * BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
    * REGTESTS: fix the race conditions in secure_memcmp.vtc
    * REGTESTS: fix the race conditions in normalize_uri.vtc
    * BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
    * BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
    * BUILD: tree-wide: mark a few numeric constants as explicitly long long
    * BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
    * CI: Consistently use actions/checkout@v2
    * CI: github actions: use cache for SSL libs
    * CI: refactor OpenTracing build script
    * CI: github actions: use cache for OpenTracing
    * CI: github actions: add the output of $CC -dM -E-
* Fri Feb 25 2022
  - Update to version 2.5.4+git0.e55ab4208:
    * [RELEASE] Released version 2.5.4
    * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
    * CI: github: enable pool debugging by default
    * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
    * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
    * DOC: Fix usage/examples of deprecated ACLs
    * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
    * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
    * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
* Thu Feb 24 2022 Marcus Rueckert <>
  - apparmor: profile now needs access to /sys/devices/system/node/
* Fri Feb 18 2022
  - Update to version 2.5.3+git0.abf078b15:
    * [RELEASE] Released version 2.5.3
    * DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
    * BUG/MEDIUM: httpclient: limit transfers to the maximum available room
    * BUG/MINOR: tools: url2sa reads ipv4 too far
    * CLEANUP: httpclient/cli: fix indentation alignment of the help message
    * BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
    * BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
    * BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
    * BUG/MINOR: mailers: negotiate SMTP, not ESMTP
    * BUG/MINOR: httpclient: reinit flags in httpclient_start()
    * MINOR: httpclient: Don't limit data transfer to 1024 bytes
    * BUG/MAJOR: compiler: relax alignment constraints on certain structures
    * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
    * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
    * BUG/MINOR: sink: Use the right field in appctx context in release callback
    * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
    * BUG/MEDIUM: mworker: close unused transferred FDs on load failure
    * MINOR: sock: move the unused socket cleaning code into its own function
* Fri Feb 18 2022
  - Update to version 2.5.2+git0.042feec44: (CVE-2022-0711 boo#1196408)
    * [RELEASE] Released version 2.5.2
    * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
    * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
    * REGTESTS: peers: leave a bit more time to peers to synchronize
    * REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
    * BUG/MAJOR: spoe: properly detach all agents when releasing the applet
    * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
    * BUG/MINOR: httpclient/cli: display junk characters in vsn
    * BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
    * BUG/MINOR: jwt: Missing pkey free during cleanup
    * BUG/MINOR: jwt: Double free in deinit function
    * BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
    * BUG/MEDIUM: httpclient: Xfer the request when the stream is created
    * BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
    * BUG/MEDIUM: listener: read-lock the listener during accept()
    * MINOR: listener: replace the listener's spinlock with an rwlock
    * DEBUG: fd: make sure we never try to insert/delete an impossible FD number
    * BUG/MINOR: mworker: does not erase the pidfile upon reload
    * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
    * DEBUG: pools: replace the link pointer with the caller's address on pool_free()
    * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
    * DEBUG: pools: add extra sanity checks when picking objects from a local cache
    * BUG/MINOR: pools: always flush pools about to be destroyed
    * BUG/MINOR: mworker: does not add the -sf in wait mode
    * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
    * REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
    * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
    * BUILD: debug/cli: condition test of O_ASYNC to its existence
    * DEBUG: cli: add a new "debug dev fd" expert command
    * BUG/MINOR: stream: make the call_rate only count the no-progress calls
    * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
    * BUG/MEDIUM: mcli: do not try to parse empty buffers
    * BUG/MEDIUM: cli: Never wait for more data on client shutdown
    * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
    * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
    * MINOR: channel: add new function co_getdelim() to support multiple delimiters
    * MEDIUM: cli: yield between each pipelined command
    * DOC: management: mark "set server ssl" as deprecated
    * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
    * BUILD/MINOR: fix solaris build with clang.
    * BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
    * BUG/MINOR: httpclient: set default Accept and User-Agent headers
    * BUG/MINOR: httpclient: don't send an empty body
    * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
    * BUG/MEDIUM: connection: properly leave stopping list on error
* Fri Feb 04 2022 Callum Farmer <>
  - Add now working CONFIG parameter to sysusers generator
* Tue Jan 11 2022
  - Update to version 2.5.1+git0.86b093a51:
    * [RELEASE] Released version 2.5.1
    * CI: github actions: clean default step conditions
    * BUILD: cpuset: fix build issue on macos introduced by previous change
    * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
    * BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
    * BUG/MEDIUM: mworker: don't use _getsocks in wait mode
    * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
    * BUG/MINOR: cli: fix _getsocks with musl libc
    * BUILD/MINOR: tools: solaris build fix on dladdr.
    * CI: github actions: update OpenSSL to 3.0.1
    * BUILD/MINOR: cpuset FreeBSD 14 build fix.
    * REGTESTS: ssl: update of a crt with server deletion
    * BUG/MEDIUM: ssl: free the ckch instance linked to a server
    * BUG/MINOR: ssl: free the fields in srv->ssl_ctx
    * CI: Github Actions: do not show VTest failures if build failed
    * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
    * MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
    * MINOR: proxy: add option idle-close-on-response
    * MINOR: debug: add support for -dL to dump library names at boot
    * MINOR: debug: add ability to dump loaded shared libraries
    * MINOR: compat: detect support for dl_iterate_phdr()
    * REGTESTS: ssl: fix ssl_default_server.vtc
    * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
    * BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
    * DEBUG: ssl: make sure we never change a servername on established connections
    * DOC: fix misspelled keyword "resolve_retries" in resolvers
    * BUILD: ssl: unbreak the build with newer libressl
    * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
    * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
    * BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
    * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
    * MINOR: pools: work around possibly slow malloc_trim() during gc
    * MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
    * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
    * DOC: config: fix error-log-format example
    * DOC: config: retry-on list is space-delimited
    * DOC: config: Specify %Ta is only available in HTTP mode
    * DOC: spoe: Clarify use of the event directive in spoe-message section
    * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
    * MINOR: http-rules: Add capture action to http-after-response ruleset
    * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
    * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
    * MINOR: cli: "show version" displays the current process version
    * BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
    * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
    * MINOR: mux-h1: Improve H1 traces by adding info about http parsers
    * BUG/MINOR: mworker: deinit of thread poller was called when not initialized
    * BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
    * BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
    * BUG/MAJOR: segfault using multiple log forward sections.
    * BUG/MEDIUM: resolvers: Detach query item on response error
    * BUG/MINOR: server: Don't rely on last default-server to init server SSL context
    * BUG/MINOR: vars: Fix the set-var and unset-var converters
    * BUILD: evports: remove a leftover from the dead_fd cleanup
    * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
    * BUG/MINOR: lua: remove loop initial declarations
    * BUG/MINOR: lua: don't expose internal proxies
    * BUG/MINOR: httpclient: allow to replace the host header
    * BUG/MINOR: cache: Fix loop on cache entries in "show cache"
* Tue Nov 23 2021
  - Update to version 2.5.0+git0.f2e0833f1:
  - refreshed patches to apply cleanly again
* Wed Nov 03 2021
  - Update to version 2.4.8+git0.d1f8d41e0:
    * [RELEASE] Released version 2.4.8
    * SCRIPTS: git-show-backports: re-enable file-based filtering
    * DOC/peers: some grammar fixes for peers 2.1 spec
    * MINOR: stream: Improve dump of bogus streams
    * BUILD/MINOR: cpuset freebsd build fix
    * DOC: config: Fix alphabetical order of fc_* samples
    * BUG/MINOR: sample: fix backend direction flags consecutive to last fix
    * BUG/MEDIUM: sample: Cumulate frontend and backend sample validity flags
    * BUG/MEDIUM: stream-int: Block reads if channel cannot receive more data
    * BUG/MINOR: http: Authorization value can have multiple spaces after the scheme
    * BUG/MEDIUM: http-ana: Drain request data waiting the tarpit timeout expiration
    * MINOR: halog: Add support for extracting captures using -hdr
    * BUG/MINOR: halog: Add missing newlines in die() messages
    * CLEANUP: halog: Use consistent indentation in help()
    * MINOR: halog: Rename -qry to -query
    * DOC: halog: Move the `-qry` parameter into the correct section in help text
    * MINOR: halog: Add -qry parameter allowing to preserve the query string in -uX
    * BUG/MEDIUM: resolvers: Track api calls with a counter to free resolutions
    * BUG/MEDIUM: resolvers: Don't recursively perform requester unlink
    * MEDIUM: resolvers: remove the last occurrences of the "safe" argument
    * MEDIUM: resolvers: use a kill list to preserve the list consistency
    * CLEANUP: resolvers: replace all LIST_DELETE with LIST_DEL_INIT
    * CLEANUP: resolvers: simplify resolv_link_resolution() regarding requesters
    * CLEANUP: always initialize the answer_list
    * CLEANUP: resolvers: do not export resolv_purge_resolution_answer_records()
    * BUG/MEDIUM: mux-h1: Perform a connection shutdown when the h1c is released
    * BUG/MINOR: mux-h1: Save shutdown mode if the shutdown is delayed
    * BUILD: atomic: fix build on mac/arm64
    * BUG/MINOR: backend: fix improper insert in avail tree for always reuse
    * BUILD: fix compilation on NetBSD
    * MINOR: memprof: add one pointer size to the size of allocations
    * MINOR: memprof: report the delta between alloc and free on realloc()
    * BUG/MEDIUM: lua: fix memory leaks with realloc() on non-glibc systems
    * BUG/MINOR: mux-h2: do not prevent from sending a final GOAWAY frame
    * BUG/MINOR: task: do not set TASK_F_USR1 for no reason
    * BUG/MAJOR: buf: fix varint API post- vs pre- increment
    * BUG/MEDIUM: resolvers: always check a valid item in query_list
    * BUILD: resolvers: avoid a possible warning on null-deref
    * BUG/MAJOR: resolvers: add other missing references during resolution removal
    * MINOR: resolvers: merge address and target into a union "data"
    * BUG/MEDIUM: resolvers: use correct storage for the target address
    * BUG/MEDIUM: resolvers: fix truncated TLD consecutive to the API fix
    * MINOR: resolvers: fix the resolv_dn_label_to_str() API about trailing zero
    * BUG/MINOR: resolvers: do not reject host names of length 255 in SRV records
    * BUG/MEDIUM: resolver: make sure to always use the correct hostname length
    * MINOR: resolvers: fix the resolv_str_to_dn_label() API about trailing zero
    * BUG/MAJOR: dns: attempt to lock globaly for msg waiter list instead of use barrier
    * BUG/MAJOR: dns: tcp session can remain attached to a list after a free
    * BUG/MEDIUM: tcpcheck: Properly catch early HTTP parsing errors
    * Revert "CLEANUP: server: always include the storage for SSL settings"
    * BUG/MEDIUM: stream: Keep FLT_END analyzers if a stream detects a channel error
    * BUG/MEDIUM: cpuset: fix cpuset size for FreeBSD
    * BUG/MINOR: sample: Fix 'fix_tag_value' sample when waiting for more data
    * BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back
    * MINOR: initcall: Rename __GLOBL and __GLOBL1.
    * DOC: configuration: add clarification on escaping in keyword arguments
    * BUG/MEDIUM: mux_h2: Handle others remaining read0 cases on partial frames
    * BUG/MEDIUM: sample: properly verify that variables cast to sample
    * MINOR: sample: provide a generic var-to-sample conversion function
    * CLEANUP: sample: uninline sample_conv_var2smp_str()
    * CLEANUP: sample: rename sample_conv_var2smp() to *_sint
    * CLEANUP: server: always include the storage for SSL settings
* Mon Oct 04 2021
  - Update to version 2.4.7+git0.b5e51a5e2:
    * [RELEASE] Released version 2.4.7
    * BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
* Mon Oct 04 2021
  - Update to version 2.4.6+git0.d83fd76a1:
    * [RELEASE] Released version 2.4.6
    * BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
* Fri Oct 01 2021
  - Update to version 2.4.5+git0.e74a1b34b:
    * [RELEASE] Released version 2.4.5
    * MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
    * BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
    * BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
    * MINOR: arg: Be able to forbid unresolved args when building an argument list
    * BUG/MAJOR: lua: use task_wakeup() to properly run a task once
    * BUG/MEDIUM: lua: fix wakeup condition from sleep()
    * MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
    * DOC: peers: fix doc "enable" statement on "peers" sections
    * BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
    * MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
    * BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
    * MINOR: htx: Add a function to know if the free space wraps
    * MINOR: htx: Add an HTX flag to know when a message is fragmented
    * MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
    * BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
    * BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
    * BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
    * BUG/MINOR: stats: use refcount to protect dynamic server on dump
    * MINOR: server: return the next srv instance on free_server
    * BUG/MINOR: server: do not use refcount in free_server in stopping mode
    * MINOR: global: define MODE_STOPPING
    * MINOR: server: implement a refcount for dynamic servers
    * BUG/MINOR: http-ana: increment internal_errors counter on response error
    * BUG/MINOR: h1-htx: Fix a typo when request parser is reset
    * BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
    * BUG/MINOR: server: allow 'enable health' only if check configured
    * BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
    * BUILD: halog: fix a -Wundef warning on non-glibc systems
    * BUILD: compiler: fixed a missing test on  defined(__GNUC__)
    * BUILD: fix dragonfly build again on __read_mostly
    * BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
    * BUG/MINOR: vars: truncate the variable name in error reports about scope.
    * BUG/MINOR: vars: properly set the argument parsing context in the expression
    * MINOR: sample: add missing ARGC_ entries
    * BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
    * BUILD: tools: properly guard __GLIBC__ with defined()
    * BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
    * BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
    * BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
    * IMPORT: slz: silence a build warning with -Wundef
    * BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
    * BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
    * BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
    * MINOR: proc: setting the process to produce a core dump on FreeBSD.
    * MINOR: tools: add FreeBSD support to get_exec_path()
    * BUILD: tools: get the absolute path of the current binary on NetBSD.
    * BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
    * BUG/MINOR: cli/payload: do not search for args inside payload
    * BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
    * BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
    * DOC: management: certificate files must be sanitized before injection
    * BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
    * BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
    * MINOR: pools: use mallinfo2() when available instead of mallinfo()
    * MINOR: pools: automatically disable malloc_trim() with external allocators
    * CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
    * BUG/MINOR: compat: make sure __WORDSIZE is always defined
    * BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
    * CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
    * MINOR: htx: Skip headers with no value when adding a header list to a message
    * BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
    * BUG/MINOR: systemd: ExecStartPre must use -Ws
    * BUG/MINOR: filters: Set right FLT_END analyser depending on channel
    * BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
    * BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
    * BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
    * BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
    * BUG/MINOR: lua: Yield in channel functions only if lua context can yield
    * MINOR: lua: Add a flag on lua context to know the yield capability at run time
* Tue Sep 07 2021
  - Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877)
    * [RELEASE] Released version 2.4.4
    * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive"
    * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer
    * CLEANUP: htx: remove comments about "must be < 256 MB"
    * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB
    * DOC: configuration: remove wrong tcp-request examples in tcp-response
    * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser
    * CLEANUP: Add missing include guard to signal.h
    * BUG/MINOR: tools: Fix loop condition in dump_text()
    * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time
    * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long
    * MINOR: time: add report_idle() to report process-wide idle time
    * BUG/MINOR: time: fix idle time computation for long sleeps
    * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords
    * MINOR: compiler: implement an ONLY_ONCE() macro
    * BUG/MINOR: base64: base64urldec() ignores padding in output size check
    * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec}
    * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions
    * MINOR: hlua: take the global Lua lock inside a global function
    * REGTESTS: abortonclose: after retries, 503 is expected, not close
    * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2
    * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path
* Tue Aug 17 2021
  - Update to version 2.4.3+git0.4dd5a5a6c:
      CVE-2021-39240 CVE-2021-39241 CVE-2021-39242
      (boo#1189366 boo#1189548 boo#1189549)
    * [RELEASE] Released version 2.4.3
    * REGTESTS: add a test to prevent h2 desync attacks
    * BUG/MEDIUM: h2: give :authority precedence over Host
    * BUG/MAJOR: h2: enforce stricter syntax checks on the :method pseudo-header
    * BUG/MAJOR: h2: verify that :path starts with a '/' before concatenating it
    * BUG/MAJOR: h2: verify early that non-http/https schemes match the valid syntax
    * MINOR: http: add a new function http_validate_scheme() to validate a scheme
    * DOC/MINOR: fix typo in management document
    * CLEANUP: assorted typo fixes in the code and comments
    * BUG/MEDIUM: cfgcheck: verify existing log-forward listeners during config check
    * BUG/MEDIUM: spoe: Fix policy to close applets when SPOE connections are queued
    * DOC: config: Fix 'http-response send-spoe-group' documentation
    * DOC: Improve the lua documentation
    * BUG/MINOR: tcpcheck: Properly detect pending HTTP data in output buffer
    * BUG/MINOR: buffer: fix buffer_dump() formatting
    * BUG/MEDIUM: spoe: Create a SPOE applet if necessary when the last one is released
    * MINOR: spoe: Add a pointer on the filter config in the spoe_agent structure
    * ADMIN: dyncookie: implement a simple dynamic cookie calculator
    * MINOR: server: unmark deprecated on enable health/agent cli
    * BUG/MINOR: server: update last_change on maint->ready transitions too
    * BUG/MINOR: server: remove srv from px list on CLI 'add server' error
    * BUILD: opentracing: fixed build when using pkg-config utility
    * DOC: internals: document the FD takeover process
    * BUG/MINOR: fd: protect fd state harder against a concurrent takeover
    * BUG/MINOR: pollers: always program an update for migrated FDs
    * BUG/MINOR: poll: fix abnormally high skip_fd counter
    * BUG/MINOR: select: fix excess number of dead/skip reported
    * BUG/MEDIUM: pollers: clear the sleeping bit after waking up, not before
    * BUG/MEDIUM: connection: close a rare race between idle conn close and takeover
    * BUG/MINOR: connection: Add missing error labels to conn_err_code_str
    * BUG/MEDIUM: mux-h2: Handle remaining read0 cases on partial frames
    * BUG/MINOR: mux-h1: Be sure to swap H1C to splice mode when rcv_pipe() is called
    * BUG/MINOR: mux-h2: Obey dontlognull option during the preface
    * BUG/MINOR: mux-h1: Obey dontlognull option for empty requests
    * BUG/MINOR: systemd: must check the configuration using -Ws
    * BUG/MINOR: resolvers: Use a null-terminated string to lookup in servers tree
    * BUG/MINOR: check: fix the condition to validate a port-less server
    * BUG/MINOR: stats: Add missing agent stats on servers
    * BUG/MEDIUM: ssl_sample: fix segfault for srv samples on invalid request
    * BUILD/MINOR: memprof fix macOs build.
    * BUG/MINOR: mworker: do not export HAPROXY_MWORKER_REEXEC across programs
    * BUG/MEDIUM: mworker: do not register an exit handler if exit is expected
    * BUILD: lua: silence a build warning with TCC
    * BUILD: add detection of missing important CFLAGS
    * BUG/MINOR: ssl: Default-server configuration ignored by server
    * MINOR: mux_h2: define config to disable h2 websocket support
    * BUILD: http_htx: fix ci compilation error with isdigit for Windows
* Wed Jul 07 2021
  - Update to version 2.4.2+git0.553dee326:
    * [RELEASE] Released version 2.4.2
    * REGTESTS: add http scheme-based normalization test
    * MEDIUM: h2: apply scheme-based normalization on h2 requests
    * MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
    * MEDIUM: http: implement scheme-based normalization
    * MINOR: http: implement http_get_scheme
    * Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules"
    * BUG/MINOR: cli: fix server name output in "show fd"
    * BUG/MEDIUM: sock: make sure to never miss early connection failures
    * DOC: stick-table: add missing documentation about gpt0 stored type
    * BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
    * BUG/MINOR: stick-table: fix several printf sign errors dumping tables
    * DOC: config: use CREATE USER for mysql-check
    * BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV resolution
    * BUG/MINOR: mqtt: Support empty client ID in CONNECT message
    * BUG/MINOR: mqtt: Fix parser for string with more than 127 characters
    * BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
    * BUILD: Makefile: fix linkage for Haiku.
    * BUG/MINOR: checks: return correct error code for srv_parse_agent_check
    * MINOR: resolvers: Reset server IP on error in resolv_get_ip_from_response()
    * BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
    * BUG/MINOR: resolvers: Always attach server on matching record on resolution
    * CLEANUP: dns: Remove a forgotten debug message
    * DOC: config: Add missing actions in "tcp-request session" documentation
    * MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
    * REGTESTS: fix maxconn update with agent-check
    * BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
    * BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding' header
    * BUG/MINOR: server/cli: Fix locking in function processing "set server" command
    * BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
    * BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution status
    * MINOR: resolvers: Remove server from named_servers tree when removing a SRV item
    * MINOR: resolvers: Clean server in a dedicated function when removing a SRV item
    * BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
    * BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is enabled
    * BUG/MINOR: server-state: load SRV resolution only if params match the config
* Thu Jun 17 2021
  - Update to version 2.4.1+git0.1ce7d4925:
    * [RELEASE] Released version 2.4.1
    * BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces
    * BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace
    * MINOR: mux-h2: obey http-ignore-probes during the preface
    * BUG/MINOR: stats: make "show stat typed desc" work again
    * CLEANUP: mux-h2/traces: better align user messages
    * MINOR: mux-h2/trace: report a few connection-level info during h2_init()
    * MINOR: connection: add helper conn_append_debug_info()
    * BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers
    * BUG/MINOR: mux-h1: do not skip the error response on bad requests
    * MINOR: backend: only skip LB when there are actual connections
    * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue
    * CLEANUP: global: remove unused definition of stopping_task[]
    * BUG/MINOR: mworker: fix typo in chroot error message
    * BUG/MINOR: ssl: use atomic ops to update global shctx stats
    * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE
    * BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node
    * BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree
    * BUG/MEDIUM: server: do not forget to generate the dynamic servers ids
    * BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees
    * BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server'
    * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id
    * DOC: lua: Add a warning about buffers modification in HTTP
    * BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs
    * MEDIUM: resolvers: add a ref between servers and srv request or used SRV record
    * MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item
    * BUG/MINOR: resolvers: answser item list was randomly purged or errors
    * CLEANUP: l7-retries: do not test the buffer before calling b_alloc()
    * BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default
    * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded
    * CLEANUP: pools: remove now unused seq and pool_free_list
    * BUG/MAJOR: pools: fix possible race with free() in the lockless variant
    * MEDIUM: pools: use a single pool_gc() function for locked and lockless
    * MINOR: pools: call malloc_trim() under thread isolation
    * MINOR: pools: do not maintain the lock during pool_flush()
    * BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location
    * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush()
    * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data
    * BUG/MEDIUM: compression: Properly get the next block to iterate on payload
    * BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block
    * BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode
    * Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode"
    * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
    * BUILD: make tune.ssl.keylog available again
    * DOC: use the req.ssl_sni in examples
    * MINOR: errors: allow empty va_args for diag variadic macro
    * BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry
    * DOC/MINOR: move uuid in the configuration to the right alphabetical order
    * BUG/MINOR: vars: Be sure to have a session to get checks variables
    * CLEANUP: http-ana: Remove useless if statement about L7 retries
    * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree
    * BUG/MINOR: http: Missing calloc return value check in make_arg_list
    * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule
    * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list
    * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo
    * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule
    * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response
    * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy
    * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare
    * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture
    * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
    * BUG/MINOR: peers: Missing calloc return value check in peers_register_table
    * BUG/MINOR: server: Missing calloc return value check in srv_parse_source
    * DOC: intro: Fix typo in starter guide
    * MINOR: cfgparse: Fail when encountering extra arguments in macro
    * MINOR: http-ana: Perform L7 retries because of status codes in response analyser
    * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts
    * BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry
    * Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers"
    * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response
    * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter
    * BUILD/MINOR: opentracing: fixed build when using clang
    * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server'
    * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry
* Fri May 14 2021
  - Update to version 2.4.0+git0.6cbbecf09:
    for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
  - refreshed patches to apply cleanly again
* Fri Apr 23 2021
  - Update to version 2.3.10+git0.4764f0e4e:
    * [RELEASE] Released version 2.3.10
    * BUG/MEDIUM: peers: re-work refcnt on table to protect against flush
    * BUG/MEDIUM: peers: re-work connection to new process during reload.
    * BUG/MINOR: peers: remove useless table check if initial resync is finished
    * BUG/MEDIUM: mux-h2: Properly handle shutdowns when received with data
    * BUG/MINOR: mworker: don't use oldpids[] anymore for reload
    * BUG/MINOR: mworker/init: don't reset nb_oldpids in non-mworker cases
    * BUG/MEDIUM: config: fix cpu-map notation with both process and threads
    * BUG/MEDIUM: mux-h2: Fix dfl calculation when merging CONTINUATION frames
    * BUG/MAJOR: mux-h2: Properly detect too large frames when decoding headers
    * BUG/MINOR: server: free srv.lb_nodes in free_server
    * BUG/MINOR: mux-h1: Release idle server H1 connection if data are received
    * BUG/MINOR: logs: Report the true number of retries if there was no connection
    * BUG/MINOR: http_htx: Remove BUG_ON() from http_get_stline() function
    * BUG/MINOR: http-fetch: Make method smp safe if headers were already forwarded
    * BUG/MINOR: ssl-samples: Fix ssl_bc_* samples when called from a health-check
    * MINOR: connection: Make bc_http_major compatible with tcp-checks
    * BUG/MINOR: connection: Fix fc_http_major and bc_http_major for TCP connections
    * MINOR: logs: Add support of checks as session origin to format lf strings
    * BUG/MINOR: checks: Set missing id to the dummy checks frontend
    * BUG/MEDIUM: threads: Ignore current thread to end its harmless period
    * DOC: ssl: Certificate hot update only works on fronted certificates
    * BUG/MEDIUM: sample: Fix adjusting size in field converter
    * MINOR: No longer rely on deprecated sample fetches for predefined ACLs
    * DOC: clarify that compression works for HTTP/2
    * BUG/MINOR: tools: fix parsing "us" unit for timers
    * CONTRIB: halog: fix issue with array of type char
    * REGTESTS: ssl: mark set_ssl_cert_bundle.vtc as broken
    * DOC: Explicitly state only IPv4 are supported by forwardfor/originalto options
    * REGTESTS: ssl: "set ssl cert" and multi-certificates bundle
    * BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free
    * BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
    * BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a default one
    * BUG/MINOR: ssl: Fix update of default certificate
    * BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
    * BUG/MINOR: tcp: fix silent-drop workaround for IPv6
* Tue Mar 30 2021
  - Update to version 2.3.9+git1.afb63bc04:
    * BUILD: backend: fix build breakage in idle conn locking fix
    * [RELEASE] Released version 2.3.9
    * BUG/MEDIUM: time: make sure to always initialize the global tick
    * BUG/MINOR: stats: Apply proper styles in HTML status page.
    * BUG/MINOR: payload: Wait for more data if buffer is empty in payload/payload_lv
    * MEDIUM: backend: use a trylock to grab a connection on high FD counts as well
    * BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent
* Thu Mar 25 2021
  - Update to version 2.3.8+git0.e572195c7:
    * [RELEASE] Released version 2.3.8
    * BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters
    * MINOR: tools: make url2ipv4 return the exact number of bytes parsed
    * BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as harmless
    * BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is available.
    * CLEANUP: fd: remove unused fd_set_running_excl()
    * BUG/MEDIUM: fd: do not wait on FD removal in fd_delete()
    * MINOR: fd: remove the unneeded running bit from fd_insert()
    * MINOR: fd: make fd_clr_running() return the remaining running mask
    * BUG/MEDIUM: lua: Always init the lua stack before referencing the context
    * BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua traceback
    * MINOR: lua: Slightly improve function dumping the lua traceback
    * BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro
    * BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list"
    * BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable
    * MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts of lua
    * MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master CLI socket
    * BUG/MINOR: protocol: add missing support of dgram unix socket.
    * BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable
    * MINOR: time: also provide a global, monotonic global_now_ms timer
    * BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback
    * BUG/MINOR: freq_ctr/threads: make use of the last updated global time
    * MINOR: time: export the global_now variable
* Tue Mar 16 2021
  - Update to version 2.3.7+git0.2d39ce334:
    * [RELEASE] Released version 2.3.7
    * BUG/MINOR: resolvers: Add missing case-insensitive comparisons of DNS hostnames
    * MINOR: resolvers: Don't try to match immediatly renewed ADD items
    * MINOR: resolvers: Use milliseconds for cached items in resolver responses
    * BUG/MEDIUM: resolvers: Skip DNS resolution at startup if SRV resolution is set
    * BUG/MEDIUM: resolvers: Don't release resolution from a requester callbacks
    * MINOR: resolvers: Directly call srvrq_update_srv_state() when possible
    * MINOR: resolvers: Add function to change the srv status based on SRV resolution
    * MINOR: resolvers: Purge answer items when a SRV resolution triggers an error
    * MINOR: resolvers: Use a function to remove answers attached to a resolution
    * BUG/MEDIUM: resolvers: Trigger a DNS resolution if an ADD item is obsolete
    * BUG/MINOR; resolvers: Ignore DNS resolution for expired SRV item
    * MINOR: resolvers: new function find_srvrq_answer_record()
    * BUG/MEDIUM: resolvers: Fix the loop looking for an existing ADD item
    * BUG/MEDIUM: resolvers: Don't set an address-less server as UP
    * BUG/MINOR: resolvers: Unlink DNS resolution to set RMAINT on SRV resolution
    * BUG/MINOR: resolvers: Reset server address on DNS error only on status change
    * BUG/MINOR: resolvers: Consider server to have no IP on DNS resolution error
    * Revert "BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record"
    * CLEANUP: tcp-rules: add missing actions in the tcp-request error message
    * BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check
    * BUG/MINOR: session: Add some forgotten tests on session's listener
    * BUG/MINOR: proxy/session: Be sure to have a listener to increment its counters
    * BUG/MINOR: tcpcheck: Update .health threshold of agent inside an agent-check
    * BUG/MEDIUM: filters: Set CF_FL_ANALYZE on channels when filters are attached
    * BUILD: atomic/arm64: force the register pairs to use in __ha_cas_dw()
    * BUG/MEDIUM: stick-tables: fix ref counter in table entry using multiple http tracksc.
    * OPTIM: task: automatically adjust the default runqueue-depth to the threads
    * MINOR: task: give the scheduler a bit more flexibility in the runqueue size
    * MEDIUM: task: remove the tasks_run_queue counter and have one per thread
    * MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks
    * MINOR: xprt: add new xprt_set_idle and xprt_set_used methods
    * MEDIUM: muxes: mark idle conns tasklets with TASK_F_USR1
    * MINOR: task: add an application specific flag to the state: TASK_F_USR1
    * BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake
    * MINOR: ssl: mark the SSL handshake tasklet as heavy
    * MINOR: task: limit the number of subsequent heavy tasks with flag TASK_HEAVY
    * MEDIUM: backend: use a trylock when trying to grab an idle connection
    * MINOR: pools: double the local pool cache size to 1 MB
    * MEDIUM: streams: do not use the streams lock anymore
    * MINOR: streams: use one list per stream instead of a global one
    * MINOR: cli/streams: make "show sess" dump all streams till the new epoch
    * MINOR: stream: add an "epoch" to figure which streams appeared when
    * MINOR: dynbuf: pass offer_buffers() the number of buffers instead of a threshold
    * MINOR: dynbuf: use regular lists instead of mt_lists for buffer_wait
    * MINOR: dynbuf: make the buffer wait queue per thread
    * OPTIM: lb-leastconn: do not unlink the server if it did not change
    * OPTIM: lb-leastconn: do not take the server lock on take_conn/drop_conn
    * OPTIM: lb-first: do not take the server lock on take_conn/drop_conn
    * MINOR: lb/api: let callers of take_conn/drop_conn tell if they have the lock
    * MINOR: server: move actconns to the per-thread structure
    * OPTIM: server: switch the actconn list to an mt-list
    * MINOR: listener: refine the default MAX_ACCEPT from 64 to 4
    * MINOR: tasks: refine the default run queue depth
    * BUG/MEDIUM: session: NULL dereference possible when accessing the listener
    * MINOR: atomic: implement a more efficient arm64 __ha_cas_dw() using pairs
    * MINOR: atomic: add armv8.1-a atomics variant for cas-dw
    * BUG/MINOR: mt-list: always perform a cpu_relax call on failure
    * REORG: atomic: reimplement pl_cpu_relax() from atomic-ops.h
    * BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode
    * BUG/MINOR: hlua: Don't strip last non-LWS char in hlua_pushstrippedstring()
    * BUG/MINOR: backend: fix condition for reuse on mode HTTP
* Wed Mar 03 2021
  - Update to version 2.3.6+git0.7851701ed:
    * [RELEASE] Released version 2.3.6
    * BUG/MINOR: http-ana: Don't increment HTTP error counter on read error/timeout
    * BUG/MINOR: mux-h2: Fix typo in scheme adjustment
    * DOC: spoe: Add a note about fragmentation support in HAProxy
    * BUG/MEDIUM: spoe: Kill applets if there are pending connections and nbthread > 1
    * BUG/MINOR: connection: Use the client's dst family for adressless servers
    * BUG/MINOR: tcp-act: Don't forget to set the original port for IPv4 set-dst rule
    * BUG/MINOR: http-ana: Only consider dst address to process originalto option
    * BUG/MINOR: mux-h1: Immediately report H1C errors from h1_snd_buf()
    * BUG/MINOR: stats: fix compare of no-maint url suffix
    * CLEANUP: muxes: Remove useless if condition in show_fd function
    * BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup()
    * BUG/MEDIUM: resolvers: Reset address for unresolved servers
    * BUG/MEDIUM: resolvers: Reset server address and port for obselete SRV records
    * BUG/MINOR: resolvers: new callback to properly handle SRV record errors
    * BUG/MINOR: resolvers: Only renew TTL for SRV records with an additional record
    * BUG/MINOR: resolvers: Fix condition to release received ARs if not assigned
    * BUG/MINOR: fd: properly wait for !running_mask in fd_set_running_excl()
    * BUG/MINOR: proxy: wake up all threads when sending the hard-stop signal
    * BUG/MEDIUM: cli/shutdown sessions: make it thread-safe
    * BUG/MEDIUM: proxy: use thread-safe stream killing on hard-stop
    * BUG/MEDIUM: vars: make functions vars_get_by_{name,desc} thread-safe
    * BUG/MINOR: sample: secure convs that accept base64 string and var name as args
    * MINOR: Configure the `cpp` userdiff driver for *.[ch] in .gitattributes
    * BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert"
    * BUG/MEDIUM: mux-h1: Fix handling of responses to CONNECT other than 200-ok
    * BUG/MINOR: server: Be sure to cut the last parsed field of a server-state line
    * BUG/MINOR: server: Init params before parsing a new server-state line
    * BUG/MINOR: http-rules: Always replace the response status on a return action
    * BUG/MEDIUM: spoe: Resolve the sink if a SPOE logs in a ring buffer
    * BUG/MEDIUM: lists: Avoid an infinite loop in MT_LIST_TRY_ADDQ().
    * DOC: explain the relation between pool-low-conn and tune.idle-pool.shared
    * BUILD: ssl: introduce fine guard for OpenSSL specific SCTL functions
    * BUG/MINOR: sample: Always consider zero size string samples as unsafe
    * BUG/MEDIUM: checks: don't needlessly take the server lock in health_adjust()
    * BUG/MINOR: checks: properly handle wrapping time in __health_adjust()
    * BUG/MINOR: session: atomically increment the tracked sessions counter
    * BUG/MINOR: server: Remove RMAINT from admin state when loading server state
    * CLEANUP: channel: fix comment in ci_putblk.
    * DOC: tune: explain the origin of block size for ssl.cachesize
    * BUG/MINOR: server: Don't call fopen() with server-state filepath set to NULL
    * BUG/MINOR: cfgparse: do not mention "addr:port" as supported on proxy lines
    * BUG/MINOR: stats: revert the change on ST_CONVDONE
    * BUG/MEDIUM: config: don't pick unset values from last defaults section
    * CLEANUP: deinit: release global and per-proxy server-state variables on deinit
    * BUG/MINOR: server: Fix server-state-file-name directive
    * BUG/MINOR: backend: hold correctly lock when killing idle conn
    * BUG/MINOR: tools: Fix a memory leak on error path in parse_dotted_uints()
    * BUG/MINOR: server: re-align state file fields number
    * BUG/MEDIUM: mux-h1: Always set CS_FL_EOI for response in MSG_DONE state
    * BUG/MINOR: http-ana: Don't increment HTTP error counter on internal errors
    * BUG/MINOR: intops: fix mul32hi()'s off-by-one
    * BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro
    * BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro
    * BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro
    * MINOR: check: do not ignore a connection header for http-check send
* Sat Feb 06 2021
  - Update to version 2.3.5+git0.5902ad99b:
    * [RELEASE] Released version 2.3.5
    * MINOR: config: Deprecate and ignore tune.chksize global option
    * BUG/MINOR: sock: Unclosed fd in case of connection allocation failure
    * BUG/MEDIUM: mux-h2: do not quit the demux loop before setting END_REACHED
    * BUG/MEDIUM: mux-h2: handle remaining read0 cases
    * BUILD: Makefile: move REGTESTST_TYPE default setting
    * MINOR: cli/show_fd: report local and report ports when known
    * BUILD: ssl: fix build breakage with last commit
    * BUG/MINOR: ssl: do not try to use early data if not configured
    * BUG/MINOR: xxhash: make sure armv6 uses memcpy()
    * BUG/MINOR: mux_h2: fix incorrect stat titles
    * BUG/MEDIUM: ssl: check a connection's status before computing a handshake
    * BUG/MEDIUM: ssl/cli: abort ssl cert is freeing the old store
    * BUG/MINOR: stick-table: Always call smp_fetch_src() with a valid arg list
    * DOC: management: fix "show resolvers" alphabetical ordering
    * MINOR: h1: Raise the chunk size limit up to (2^52 - 1)
    * MINOR: mux-h1/show_fd: report as suspicious an entry with too many calls
    * MINOR: mux-h2/show_fd: report as suspicious an entry with too many calls
    * MINOR: ssl/show_fd: report some FDs as suspicious when possible
    * MINOR: cli/show_fd: report some easily detectable suspicious states
    * MINOR: cli: give the show_fd helpers the ability to report a suspicious entry
    * MINOR: mux-fcgi: make the "show fd" helper also decode the fstrm subscriber when known
    * MINOR: mux-h1: make the "show fd" helper also decode the h1s subscriber when known
    * MINOR: mux-h2: make the "show fd" helper also decode the h2s subscriber when known
    * MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them
    * MINOR: ssl: provide a "show fd" helper to report important SSL information
    * MINOR: xprt: add a new show_fd() helper to complete some "show fd" dumps.
    * MINOR: cli: make "show fd" also report the xprt and xprt_ctx
    * CLEANUP: cli: make "show fd" use a const connection to access other fields
    * CLEANUP: tools: make resolve_sym_name() take a const pointer
    * MINOR: contrib: Make the wireshark peers dissector compile for more distribs.
    * BUG/MINOR: backend: check available list allocation for reuse
    * BUG/MEDIUM: backend: never reuse a connection for tcp mode
    * REORG: backend: simplify conn_backend_get
    * BUG/MEDIUM: session: only retrieve ready idle conn from session
    * BUG/MINOR: ssl: init tmp chunk correctly in ssl_sock_load_sctl_from_file()
    * BUG/MINOR: config: fix leak on proxy.conn_src.bind_hdr_name
    * BUG/MEDIUM: filters/htx: Fix data forwarding when payload length is unknown
    * DOC: Improve documentation of the various hdr() fetches
    * BUILD/MINOR: lua: define _GNU_SOURCE for LLONG_MAX
    * BUG/MEDIUM: mux-h2: fix read0 handling on partial frames
    * BUG/MEDIUM: tcpcheck: Don't destroy connection in the wake callback context
    * BUG/MINOR: mworker: define _GNU_SOURCE for strsignal()
    * BUG/MINOR: mux_h2: missing space between "st" and ".flg" in the "show fd" helper
    * BUG/MINOR: peers: Wrong "new_conn" value for "show peers" CLI command.
    * MINOR: build: discard echoing in help target
    * BUG/MINOR: peers: Possible appctx pointer dereference.
    * BUG/MEDIUM: stats: add missing INF_BUILD_INFO definition
    * BUILD: peers: fix build warning about unused variable
    * BUG/MINOR: dns: SRV records ignores duplicated AR records (v2)
    * MINOR: peers: Add traces for peer control messages.
    * BUG/MINOR: threads: Fixes the number of possible cpus report for Mac.
    * MINOR: server: Forbid server definitions in frontend sections
    * MINOR: config: Add failifnotcap() to emit an alert on proxy capabilities
    * BUG/MINOR: init: Use a dynamic buffer to set HAPROXY_CFGFILES env variable
* Wed Jan 27 2021 Callum Farmer <>
  - Add lua54.patch to fix building with lua 5.4
* Wed Jan 13 2021
  - Update to version 2.3.4+git0.10189c965:
    * [RELEASE] Released version 2.3.4
    * MINOR: contrib/prometheus-exporter: use fill_info for process dump
    * MINOR: contrib/prometheus-exporter: avoid connection close header
    * BUG/MINOR: init: enforce strict-limits when using master-worker
    * BUG/MINOR: check: Don't perform any check on servers defined in a frontend
    * BUG/MINOR: sample: Memory leak of sample_expr structure in case of error
    * Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records"
    * MINOR: reg-tests: add base prometheus test
    * BUG/MINOR: reg-tests: fix service dependency script
    * BUG/MINOR: sample: check alloc_trash_chunk return value in concat()
    * MINOR: reg-tests: add a way to add service dependency
* Fri Jan 08 2021
  - Update to version 2.3.3+git0.9233c2143:
    * [RELEASE] Released version 2.3.3
    * BUG/MINOR: sample: fix concat() converter's corruption with non-string variables
    * DOC: Add maintainers for the Prometheus exporter
    * SCRIPTS: announce-release: fix typo in help message
    * DOC: fix some spelling issues over multiple files
    * MINOR: contrib/prometheus-exporter: export build_info
    * CLEANUP: cfgparse: replace "realloc" with "my_realloc2" to fix to memory leak on error
    * BUILD: Makefile: exclude broken tests by default
    * MINOR: converter: adding support for url_enc
    * BUG/MINOR: srv: do not cleanup idle conns if pool max is null
    * BUG/MINOR: srv: do not init address if backend is disabled
    * SCRIPTS: make announce release support preparing announces before tag exists
    * SCRIPTS: improve announce-release to support different tag and versions
    * BUG/MINOR: stats: Make stat_l variable used to dump a stat line thread local
    * DOC: Improve the message printed when running `make` w/o `TARGET`
    * BUG/MINOR: tcpcheck: Report a L7OK if the last evaluated rule is a send rule
    * BUG/MINOR: cfgparse: Fail if the strdup() for `rule->` for `use_backend` fails
    * BUG/MINOR: sink: Return an allocation failure in __sink_new if strdup() fails
    * MINOR: atomic: don't use ; to separate instruction on aarch64.
    * BUILD: hpack: hpack-tbl-t.h uses VAR_ARRAY but does not include compiler.h
    * BUG/MEDIUM: mux_h2: Add missing braces in h2_snd_buf()around trace+wakeup
    * DOC: fix "smp_size" vs "sample_size" in "log" directive arguments
    * BUG/MINOR: dns: SRV records ignores duplicated AR records
    * BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call
    * BUILD: plock: remove dead code that causes a warning in gcc 11
    * CONTRIB: debug: address "poll" utility build on non-linux platforms
    * CONTRIB: halog: fix signed/unsigned build warnings on counts and timestamps
    * CONTRIB: halog: mark the has_zero* functions unused
    * CONTRIB: halog: fix build issue caused by %L printf format
    * BUG/MEDIUM: mux-h1: Handle h1_process() failures on a pipelined request
    * BUG/MEDIUM: http-ana: Never for sending data in TUNNEL mode
    * BUG/MINOR: mux-h1: Don't set CS_FL_EOI too early for protocol upgrade requests
    * BUILD: Makefile: have "make clean" destroy .o/.a/.s in contrib subdirs as well
    * BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call
    * REGTESTS: make use of HAPROXY_ARGS and pass -dM by default
    * BUG/MEDIUM: ssl/crt-list: bad behavior with "commit ssl cert"
    * BUG/MEDIUM: lb-leastconn: Reposition a server using the right eweight
    * BUG/MINOR: tools: Reject size format not starting by a digit
    * BUG/MINOR: tools: make parse_time_err() more strict on the timer validity
    * MINOR: tcpcheck: Only wait for more payload data on HTTP expect rules
    * BUG/MINOR: tcpcheck: Don't rearm the check timeout on each read
    * BUG/MINOR: http-check: Use right condition to consider HTX message as full
    * DOC: email change of the DeviceAtlas maintainer
    * BUG/MEDIUM: spoa/python: Fixing references to None
    * BUG/MEDIUM: spoa/python: Fixing PyObject_Call positional arguments
    * BUG/MINOR: spoa/python: Cleanup ipaddress objects if initialization fails
    * BUG/MINOR: spoa/python: Cleanup references for failed Module Addobject operations
    * DOC: spoa/python: Fixing typos in comments
    * DOC: spoa/python: Rephrasing memory related error messages
    * DOC: spoa/python: Fixing typo in IP related error messages
    * BUG/MAJOR: spoa/python: Fixing return None
    * MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1
    * MINOR: listener: now use a generic add_listener() function
    * MINOR: listener: automatically set the port when creating listeners
    * MINOR: protocol: add a ->set_port() helper to address families
    * BUG/MINOR: mux-h1: Handle keep-alive timeout for idle frontend connections
    * BUG/MINOR: listener: use sockaddr_in6 for IPv6
    * DOC/MINOR: Fix formatting in Management Guide
    * BUILD/MINOR: haproxy DragonFlyBSD affinity build update.
    * BUG/MAJOR: ring: tcp forward on ring can break the reader counter.
    * BUG/MINOR: lua: warn when registering action, conv, sf, cli or applet multiple times
    * MINOR: cli: add a function to look up a CLI service description
    * MINOR: actions: add a function returning a service pointer from its name
    * MINOR: actions: Export actions lookup functions
    * BUG/MINOR: lua: Some lua init operation are processed unsafe
    * BUG/MINOR: lua: Post init register function are not executed beyond the first one
    * BUG/MINOR: lua: lua-load doesn't check its parameters
    * BUG/MINOR: lua: missing "\n" in error message
    * BUG/MINOR: mux-h2/stats: not all GOAWAY frames are errors
    * BUG/MINOR: mux-h2/stats: make stream/connection proto errors more accurate
    * BUG/MEDIUM: local log format regression.
    * BUG/MEDIUM: task: close a possible data race condition on a tasklet's list link
    * MINOR: task: remove __tasklet_remove_from_tasklet_list()
    * BUG/MEDIUM: lists: Lock the element while we check if it is in a list.
    * MINOR: plock: use an ARMv8 instruction barrier for the pause instruction
* Mon Nov 30 2020
  - Update to version 2.3.2+git0.d522db763:
    * [RELEASE] Released version 2.3.2
    * BUG/MINOR: http-fetch: Fix smp_fetch_body() when called from a health-check
    * DOC: config: Move req.hdrs and req.hdrs_bin in L7 samples fetches section
    * BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer pool
    * MINOR: tcpcheck: Don't handle anymore in-progress send rules in tcpcheck_main
    * BUG/MINOR: tcpcheck: Don't forget to reset tcp-check flags on new kind of check
    * DOC: Clarify %HP description in log-format
    * DOC: better document the config file format and escaping/quoting rules
    * BUG/MAJOR: peers: fix partial message decoding
    * BUG/MEDIUM: http_act: Restore init of log-format list
    * BUILD: Show the value of DEBUG= in haproxy -vv
    * BUILD: Make DEBUG part of .build_opts
    * MINOR: http_act: Add -m flag for del-header name matching method
    * REGTESTS: converter: add url_dec test
    * REGTESTS: Add sample_fetches/cook.vtc
    * DOC: cache: Add new caching limitation information
    * MEDIUM: cache: Change caching conditions
    * BUG/MAJOR: filters: Always keep all offsets up to date during data filtering
    * DOC: better describes how to configure a fallback crt
    * BUG/MINOR: http_htx: Fix searching headers by substring
    * BUG/MAJOR: connection: reset conn->owner when detaching from session list
    * CLEANUP: connection: do not use conn->owner when the session is known
    * DOC: clarify how to create a fallback crt
    * BUILD: makefile: enable crypt(3) for OpenBSD
    * BUG/MEDIUM: ssl/crt-list: fix error when no file found
    * BUG/MINOR: ssl/crt-list: load bundle in crt-list only if activated
    * BUG/MEDIUM: ssl: error when no certificate are found
    * BUG/MEDIUM: ssl/crt-list: bundle support broken in crt-list
    * BUG/MEDIUM: http-ana: Don't eval http-after-response ruleset on empty messages
    * BUG/MINOR: ssl: segv on startup when AKID but no keyid
    * DOC: add missing 3.10 in the summary
    * BUG/MINOR: http-ana: Don't wait for the body of CONNECT requests
    * BUG/MEDIUM: filters: Forward all filtered data at the end of http filtering
    * CLEANUP: cfgparse: remove duplicate registration for transparent build options
    * BUILD: http-htx: fix build warning regarding long type in printf
* Fri Nov 13 2020
  - Update to version 2.3.1+git0.bdd7178b8:
    * [RELEASE] Released version 2.3.1
    * REGTEST: make ssl_client_samples and ssl_server_samples require to 2.2
    * MINOR: peers: Add traces to peer_treat_updatemsg().
    * REGTEST: ssl: mark reg-tests/ssl/ssl_crt-list_filters.vtc as broken
    * REGTEST: ssl: test wildcard and multi-type + exclusions
    * MINOR: cfgparse: tighten the scope of newnameserver variable, free it on error.
    * MINOR: config/mux-h2: Return ERR_ flags from init_h2() instead of a status
    * MINOR: init: Fix the prototype for per-thread free callbacks
    * BUG/MINOR: tcpcheck: Don't warn on unused rules if check option is after
    * MINOR: spoe: Don't close connection in sync mode on processing timeout
    * BUG/MAJOR: spoe: Be sure to remove all references on a released spoe applet
    * BUG/MINOR: http-htx: Handle warnings when parsing http-error and http-errors
    * MINOR: check: report error on incompatible connect proto
    * MINOR: check: report error on incompatible proto
    * BUG/MEDIUM: check: reuse srv proto only if using same mode
    * BUG/MINOR: http-fetch: Fix calls w/o parentheses of the cookie sample fetches
    * BUG/MINOR: http-fetch: Extract cookie value even when no cookie name
    * BUG/MEDIUM: peers: fix decoding of multi-byte length in stick-table messages
    * BUG/MINOR: peers: Missing TX cache entries reset.
    * BUG/MINOR: peers: Do not ignore a protocol error for dictionary entries.
    * BUG/MINOR: stats: free dynamically stats fields/lines on shutdown
    * BUG/MINOR: lua: set buffer size during map lookups
    * BUG/MINOR: pattern: a sample marked as const could be written
* Fri Nov 06 2020
  - Update to version 2.3.0+git4.689d98154:
    * BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded
* Fri Nov 06 2020
  - Update to version 2.3.0+git3.7a50763d1:
    * DOC: config: Fix a typo on ssl_c_chain_der
    * MINOR: http-htx: Add understandable errors for the errorfiles parsing
    * BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher
* Thu Nov 05 2020 Marcus Rueckert <>
  - apparmor: do not limit to tcp sockets. haproxy can do udp as
* Thu Nov 05 2020
  - Update to version 2.3.0+git0.1c0a722a8:
    for all the details see
* Thu Nov 05 2020
  - Update to version 2.2.5+git0.34b2b1066:
    * [RELEASE] Released version 2.2.5
    * BUG/MEDIUM: server: make it possible to kill last idle connections
    * CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream
    * BUG/MEDIUM: stick-table: limit the time spent purging old entries
    * BUG/MINOR: filters: Skip disabled proxies during startup only
    * BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade
    * MINOR: server: Copy configuration file and line for server templates
    * BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup
    * BUG/MINOR: checks: Report a socket error before any connection attempt
    * BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies
    * BUG/MEDIUM: filters: Don't try to init filters for disabled proxies
    * BUG/MINOR: cache: Inverted variables in http_calc_maxage function
    * BUG/MINOR: cache: Manage multiple values in cache-control header value
    * MINOR: ist: Add a case insensitive istmatch function
    * BUG/MINOR: lua: initialize sample before using it
    * BUG/MINOR: server: fix down_time report for stats
    * BUG/MINOR: server: fix srv downtime calcul on starting
    * BUG/MINOR: log: fix risk of null deref on error path
    * BUG/MINOR: log: fix memory leak on logsrv parse error
    * BUG/MINOR: extcheck: add missing checks on extchk_setenv()
    * BUG/MEDIUM: ssl: OCSP must work with BoringSSL
    * Revert "MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension"
    * BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible
    * BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests
    * BUG/MEDIUM: server: support changing the slowstart value from state-file
    * BUG/MINOR: queue: properly report redistributed connections
    * MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension
    * BUILD: ssl: make BoringSSL use its own version numbers
    * BUG/MINOR: disable dynamic OCSP load with BoringSSL
    * BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions.
    * DOC: fix typo in MAX_SESS_STKCTR
    * BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn
    * BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages
    * BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided
    * BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once
    * BUG/MINOR: connection: fix loop iter on connection takeover
    * MINOR: fd: report an error message when failing initial allocations
    * BUG/MINOR: mux-h2: do not stop outgoing connections on stopping
    * BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited
    * BUILD: connection: fix build on clang after the VAR_ARRAY cleanup
    * CLEANUP: tree-wide: use VAR_ARRAY instead of [0] in various definitions
    * BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses
    * BUG/MINOR: http: Fix content-length of the default 500 error
    * DOC: Fix typos in configuration.txt
    * BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams
    * BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams
    * DOC: Add missing stats fields in the management doc
    * DOC: fix a confusing typo on a regsub example
    * BUG/MINOR: mux-h1: Always set the session on frontend h1 stream
    * BUG/MINOR: mux-h1: Be sure to only set CO_RFL_READ_ONCE for the first read
    * BUG/MINOR: peers: Inconsistency when dumping peer status codes.
    * MINOR: hlua: Display debug messages on stderr only in debug mode
    * BUG/MINOR: stats: fix validity of the json schema
    * MINOR: counters: fix a typo in comment
    * MINOR: ssl: Add warning if a crt-list might be truncated
    * BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe
    * BUG/MINOR: tcpcheck: Set socks4 and send-proxy flags before the connect call
    * DOC: tcp-rules: Refresh details about L7 matching for tcp-request content rules
    * BUG/MINOR: Fix several leaks of 'log_tag' in init().
    * MINOR: ssl: Add error if a crt-list might be truncated
    * BUILD: makefile: Fix building with closefrom() support enabled
    * BUILD: ssl_crtlist: work around another bogus gcc-9.3 warning
* Mon Nov 02 2020 Marcus Rueckert <>
  - apparmor profile:
    - we need net_admin capability for non local bind and setting
      "source" for server entries.
* Sat Oct 24 2020 Marcus Rueckert <>
  - apparmor profile fixes:
    - include abstractions that give access to the openssl config,
      ssl certs and ssl keys
    - include local configs only with "if exists" so they do not have
      to exist.
  - move local files to %ghost
* Fri Oct 02 2020 Marcus Rueckert <>
  - use parallel build
* Fri Oct 02 2020
  - Update to version 2.2.4+git0.de456726d:
    * [RELEASE] Released version 2.2.4
    * REGTEST: make map_regm_with_backref require 1.7
    * REGTEST: make abns_socket.vtc require 1.8
    * REGTEST: make agent-check.vtc require 1.8
    * REGTEST: fix host part in balance-uri-path-only.vtc
    * BUG/MINOR: ssl/crt-list: exit on warning out of crtlist_parse_line()
    * DOC: agent-check: fix typo in "fail" word expected reply
    * REGTESTS: use "command" instead of "which" for better POSIX compatibility
    * BUILD: trace: include tools.h
    * BUG/MEDIUM: listeners: do not pause foreign listeners
    * REGTESTS: add a few load balancing tests
    * MINOR: backend: add a new "path-only" option to "balance uri"
    * MINOR: backend: make the "whole" option of balance uri take only one bit
    * MINOR: h2/trace: also display the remaining frame length in traces
    * BUG/MINOR: Fix memory leaks cfg_parse_peers
    * BUG/MEDIUM: h2: report frame bits only for handled types
    * BUG/MINOR: config: Fix memory leak on config parse listen
    * BUG/MINOR: http-fetch: Don't set the sample type during the htx prefetch
    * BUG/MINOR: h2/trace: do not display "stream error" after a frame ACK
    * BUG/MINOR: ssl/crt-list: crt-list could end without a \n
    * BUG/MEDIUM: ssl: Don't call ssl_sock_io_cb() directly.
    * BUG/MINOR: server: report correct error message for invalid port on "socks4"
    * BUG/MINOR: ssl: verifyhost is case sensitive
    * BUG/MINOR: Fix type passed of sizeof() for calloc()
    * BUG/MEDIUM: pattern: Renew the pattern expression revision when it is pruned
    * BUILD: threads: better workaround for late loading of libgcc_s
* Tue Sep 08 2020
  - Update to version 2.2.3+git0.0e58a340d:
    * [RELEASE] Released version 2.2.3
    * BUG/MEDIUM: mux-h1: always apply the timeout on half-closed connections
    * BUG/MINOR: auth: report valid crypto(3) support depending on build options
    * DOC: ssl-load-extra-files only applies to certificates on bind lines
    * MINOR: server: Improve log message sent when server address is updated
    * BUG/MEDIUM: dns: Be sure to renew IP address for already known servers
    * BUG/MEDIUM: dns: Don't store additional records in a linked-list
    * CLEANUP: dns: remove 45 "return" statements from dns_validate_dns_response()
    * CLEANUP: Update .gitignore
    * MINOR: Commit .gitattributes
    * BUILD: thread: limit the libgcc_s workaround to glibc only
    * BUG/MINOR: threads: work around a libgcc_s issue with chrooting
    * BUG/MEDIUM: ssl: does not look for all SNIs before chosing a certificate
    * MINOR: arg: Use chunk_destroy() to release string arguments
    * BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp()
    * REGTEST: Add a test for request path manipulations, with and without the QS
    * MINOR: http-fetch: Add pathq sample fetch
    * MINOR: http-rules: Add set-pathq and replace-pathq actions
    * BUG/MEDIUM: doc: Fix replace-path action description
    * Revert "BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action"
    * BUG/MINOR: startup: haproxy -s cause 100% cpu
    * BUG/MEDIUM: contrib/spoa-server: Fix ipv4_address used instead of ipv6_address
    * BUG/MINOR: contrib/spoa-server: Updating references to free in case of failure
    * BUG/MINOR: contrib/spoa-server: Do not free reference to NULL
    * BUG/MINOR: contrib/spoa-server: Ensure ip address references are freed
    * BUG/MAJOR: contrib/spoa-server: Fix unhandled python call leading to memory leak
    * BUILD: task: work around a bogus warning in gcc 4.7/4.8 at -O1
    * BUILD: tools: include auxv a bit later
    * MINOR: cache: Reject duplicate cache names
    * DOC: cache: Use '<name>' instead of '<id>' in error message
    * BUG/MEDIUM: ssl: crt-list negative filters don't work
    * BUG/MINOR: http-rules: Replace path and query-string in "replace-path" action
    * MINOR: http-htx: Add an option to eval query-string when the path is replaced
    * BUG/MEDIUM: http-ana: Don't wait to send 1xx responses received from servers
    * BUG/MINOR: reload: do not fail when no socket is sent
    * BUG/MEDIUM: ssl: fix ssl_bind_conf double free w/ wildcards
    * BUG/MEDIUM: ssl: never generates the chain from the verify store
    * BUG/MEDIUM: htx: smp_prefetch_htx() must always validate the direction
    * BUG/MINOR: stats: use strncmp() instead of memcmp() on health states
    * BUG/MINOR: ssl: ssl-skip-self-issued-ca requires >= 1.0.2
    * BUG/MEDIUM: ssl: fix the ssl-skip-self-issued-ca option
    * BUG/MINOR: snapshots: leak of snapshots on deinit()
    * MEDIUM: lua: Don't filter exported fetches and converters
    * BUG/MINOR: lua: Duplicate lua strings in sample fetches/converters arg array
    * MINOR: hlua: Don't needlessly copy lua strings in trash during args validation
    * BUG/MINOR: lua: Check argument type to convert it to IP mask in arg validation
    * BUG/MINOR: lua: Check argument type to convert it to IPv4/IPv6 arg validation
    * BUG/MINOR: arg: Fix leaks during arguments validation for fetches/converters
    * BUG/MINOR: lua: Duplicate map name to load it when a new Map object is created
    * BUG/MINOR: converters: Store the sink in an arg pointer for debug() converter
    * MINOR: arg: Add an argument type to keep a reference on opaque data
    * BUG/MEDIUM: map/lua: Return an error if a map is loaded during runtime
    * BUG/MEDIUM: ssl: memory leak of ocsp data at SSL_CTX_free()
    * BUG/MINOR: ssl: fix memory leak at OCSP loading
    * DOC: spoa-server: fix false friends `actually`
    * BUG/MINOR: spoa-server: fix size_t format printing
    * BUG/MAJOR: dns: disabled servers through SRV records never recover
    * CLEANUP: dns: typo in reported error message
    * BUG/MEDIUM: mux-h1: Refresh H1 connection timeout after a synchronous send
    * SCRIPTS: git-show-backports: emit the shell command to backport a commit
    * SCRIPTS: git-show-backports: make -m most only show the left branch
* Fri Jul 31 2020
  - Update to version 2.2.2+git0.b8a2763d5:
    * [RELEASE] Released version 2.2.2
    * BUG/MEDIUM: tcp-checks: always attach the transport before installing the mux
    * BUG/MEDIUM: backend: always attach the transport before installing the mux
    * SCRIPTS: announce-release: add the link to the wiki in the announce messages
    * MINOR: stream-int: Be sure to have a mux to do sends and receives
    * MINOR: connection: Preinstall the mux for non-ssl connect
    * BUG/MEDIUM: connection: Be sure to always install a mux for sync connect
    * BUG/MINOR: tcp-rules: Set the inspect-delay when a tcp-response action yields
    * BUG/MINOR: tcp-rules: Preserve the right filter analyser on content eval abort
    * BUG/MINOR: lua: Abort execution of actions that yield on a final evaluation
    * BUG/MEDIUM: dns: Don't yield in do-resolve action on a final evaluation
    * MEDIUM: lua: Add support for the Lua 5.4
    * BUG/MAJOR: dns: don't treat Authority records as an error
    * BUG/MAJOR: dns: fix null pointer dereference in snr_update_srv_status
    * BUG/MINOR: debug: Don't dump the lua stack if it is not initialized
    * BUILD: tools: fix build with static only toolchains
    * BUG/MINOR: mux-fcgi: Don't url-decode the QUERY_STRING parameter anymore
* Thu Jul 23 2020
  - Update to version 2.2.1+git0.0ef71a557:
    * [RELEASE] Released version 2.2.1
    * BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering
    * BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected
    * BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one
    * MEDIUM: htx: Add a flag on a HTX message when no more data are expected
    * BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed
    * BUG/MAJOR: dns: Make the do-resolve action thread-safe
    * BUG/MAJOR: tasks: don't requeue global tasks into the local queue
    * BUG/MEDIUM: resolve: fix init resolving for ring and peers section.
    * BUG/MEDIUM: arg: empty args list must be dropped
    * DOC: ssl: req_ssl_sni needs implicit TLS
    * BUILD: config: fix again bugs gcc warnings on calloc
    * BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed
    * BUILD: config: address build warning on raspbian+rpi4
    * BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked
    * BUG/MEDIUM: server: fix possibly uninitialized state file on close
    * BUG/MEDIUM: server: resolve state file handle leak on reload
    * BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers
    * BUG/MEDIUM: log: issue mixing sampled to not sampled log servers.
    * BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT
    * BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding
    * BUG/MINOR: mux-fcgi: Handle empty STDERR record
    * BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode
    * BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list
    * BUG/MEDIUM: mux-h2: Don't add private connections in available connection list
    * CONTRIB: da: fix memory leak in dummy function da_atlas_open()
    * BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ
    * BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD()
    * BUG/MINOR: sample: Free str.area in smp_check_const_meth
    * BUG/MINOR: sample: Free str.area in smp_check_const_bool
* Tue Jul 07 2020
  - Update to version 2.2.0+git0.3a00c915f:
    * [RELEASE] Released version 2.2.0
    * MINOR: version: mention that it's an LTS release now
    * DOC: minor update to coding style file
    * DOC: update INSTALL with new compiler versions
    * CLEANUP: ssl: remove unrelevant comment in smp_fetch_ssl_x_keylog()
    * DOC: configuration: remove obsolete mentions of H2 being converted to HTTP/1.x
    * BUG/MINOR: connection: See new connection as available only on reuse always
    * BUG/MEDIUM: connection: Don't consider new private connections as available
    * BUG/MINOR: backend: Remove CO_FL_SESS_IDLE if a client remains on the last server
    * MINOR: mux-h1: Improve traces about the splicing
  - refreshed patches to apply cleanly again:
  - track series file in source rpm
* Tue Jun 09 2020
  - Update to version 2.1.7+git0.8bebf80fb:
    * [RELEASE] Released version 2.1.7
* Mon Jun 08 2020
  - Update to version 2.1.6+git1.661c88907:
    * BUG/MAJOR: http-htx: Don't forget to copy error messages from defaults sections
* Mon Jun 08 2020
  - Update to version 2.1.6+git0.34db76106:
    * [RELEASE] Released version 2.1.6
    * BUG/MINOR: mworker: fix a memleak when execvp() failed
    * BUG/MINOR: ssl: fix a trash buffer leak in some error cases
    * BUG/MEDIUM: mworker: fix the reload with an -- option
    * BUG/MINOR: init: -S can have a parameter starting with a dash
    * BUG/MINOR: init: -x can have a parameter starting with a dash
    * BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
    * BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump metrics
    * BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del operations
    * BUG/MEDIUM: http-htx: Duplicate error messages as raw data instead of string
    * BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua action
    * BUG/MINOR: peers: fix internal/network key type mapping.
    * SCRIPTS: publish-release: pass -n to gzip to remove timestamp
    * Revert "BUG/MEDIUM: connections: force connections cleanup on server changes"
* Fri May 29 2020
  - Update to version 2.1.5+git0.36e14bd31:
    * [RELEASE] Released version 2.1.5
    * BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
    * BUG/MINOR: lua: Add missing string length for lua sticktable lookup
    * BUG/MEDIUM: logs: fix trailing zeros on log message.
    * REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used
    * BUG/MINOR: logs: prevent double line returns in some events.
    * DOC: SPOE is no longer experimental
    * DOC/MINOR: halog: Add long help info for ic flag
    * DOC: retry-on can only be used with mode http
    * BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable
    * BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified
    * BUG/MEDIUM: ring: write-lock the ring while attaching/detaching
    * BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason
    * BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt()
    * BUG/MEDIUM: stream: Only allow L7 retries when using HTTP.
    * BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry.
    * BUILD: select: only declare existing local labels to appease clang
    * BUG/MINOR: soft-stop: always wake up waiting threads on stopping
    * BUG/MINOR: pollers: remove uneeded free in global init
    * BUG/MINOR: pools: use %u not %d to report pool stats in "show pools"
    * BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered
    * BUG/MEDIUM: http_ana: make the detection of NTLM variants safer
    * BUG/MINOR: http-ana: fix NTLM response parsing again
    * BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur
    * BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT
    * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}()
    * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS()
    * BUG/MINOR: sample: Set the correct type when a binary is converted to a string
    * CLEANUP: connections: align function declaration
    * BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()
    * BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed
    * BUG/MEDIUM: connections: force connections cleanup on server changes
    * BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach()
    * BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release()
    * BUG/MINOR: checks: Remove a warning about http health checks
    * BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks
    * BUG/MINOR: checks/server: use_ssl member must be signed
    * Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections"
    * Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY connections"
    * REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script
    * REGTEST: ssl: test the client certificate authentication
    * BUILD: Makefile: add linux-musl to TARGET
    * BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr()
    * BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms
    * MINOR: debug: dump the whole trace if we can't spot the starting point
    * MINOR: debug: use our own backtrace function on clang+x86_64
    * MINOR: debug: improve backtrace() on aarch64 and possibly other systems
    * MINOR: debug: report the number of entries in the backtrace
    * MINOR: wdt: do not depend on USE_THREAD
    * BUILD: Makefile: include librt before libpthread
    * MINOR: debug: call backtrace() once upon startup
    * MEDIUM: debug: add support for dumping backtraces of stuck threads
    * MINOR: cli: make "show fd" rely on resolve_sym_name()
    * MINOR: debug: use resolve_sym_name() to dump task handlers
    * MINOR: tools: add resolve_sym_name() to resolve function pointers
    * MINOR: tools: add new function dump_addr_and_bytes()
    * MINOR: haproxy: export run_poll_loop
    * MINOR: stream: report the list of active filters on stream crashes
    * BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock
    * BUG/MEDIUM: shctx: really check the lock's value while waiting
    * BUG/MINOR: debug: properly use long long instead of long for the thread ID
    * MINOR: threads: export the POSIX thread ID in panic dumps
    * BUG/MEDIUM: listener: mark the thread as not stuck inside the loop
    * BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream
    * BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam
    * BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam
    * BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream
    * BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream
    * BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it
    * BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function
    * BUG/MINOR: checks: chained expect will not properly wait for enough data
    * BUG/MEDIUM: server/checks: Init server check during config validity check
    * BUG/MINOR: checks: Respect the no-check-ssl option
    * MINOR: checks: Add a way to send custom headers and payload during http chekcs
    * BUG/MINOR: check: Update server address and port to execute an external check
    * MINOR: contrib: make the peers wireshark dissector a plugin
    * MEDIUM: memory: make pool_gc() run under thread isolation
    * DOC: option logasap does not depend on mode
    * BUG/MINOR: http: make url_decode() optionally convert '+' to SP
    * BUG/MINOR: tools: fix the i386 version of the div64_32 function
    * BUG/MEDIUM: http-ana: Handle NTLM messages correctly.
    * BUG/MINOR: ssl: default settings for ssl server options are not used
    * DOC: Improve documentation on http-request set-src
    * MINOR: version: Show uname output in display_version()
    * DOC: hashing: update link to hashing functions
    * BUG/MINOR: peers: Incomplete peers sections should be validated.
    * BUG/MINOR: connection: always send address-less LOCAL PROXY connections
    * BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
    * BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
    * MINOR: ssl: improve the errors when a crt can't be open
    * BUG/MINOR: protocol_buffer: Wrong maximum shifting.
* Wed Apr 15 2020 Marcus Rueckert <>
  - use the "profile profilename /path/to/binary" syntax to make
    "ps aufxZ" more readable
* Thu Apr 02 2020 Marcus Rueckert <>
  - Update to version 2.1.4+git0.3cfc2f1d9: (boo#1168023) CVE-2020-11100
    - SCRIPTS: make announce-release executable again
    - BUG/MINOR: namespace: avoid closing fd when socket failed in
    - BUG/MEDIUM: muxes: Use the right argument when calling the
      destroy method.
    - BUG/MINOR: mux-fcgi: Forbid special characters when matching
      PATH_INFO param
    - MINOR: mux-fcgi: Make the capture of the path-info optional in
      pathinfo regex
    - SCRIPTS: announce-release: use mutt -H instead of -i to include
      the draft
    - MINOR: http-htx: Add a function to retrieve the headers size of
      an HTX message
    - MINOR: filters: Forward data only if the last filter forwards
    - BUG/MINOR: filters: Count HTTP headers as filtered data but
      don't forward them
    - BUG/MINOR: http-htx: Don't return error if authority is updated
      without changes
    - BUG/MINOR: http-ana: Matching on monitor-uri should be
    - MINOR: http-ana: Match on the path if the monitor-uri starts by
      a /
    - BUG/MAJOR: http-ana: Always abort the request when a tarpit is
    - MINOR: ist: add an iststop() function
    - BUG/MINOR: http: http-request replace-path duplicates the query
    - BUG/MEDIUM: shctx: make sure to keep all blocks aligned
    - MINOR: compiler: move CPU capabilities definition from config.h
      and complete them
    - BUG/MEDIUM: ebtree: don't set attribute packed without
      unaligned access support
    - BUILD: fix recent build failure on unaligned archs
    - CLEANUP: cfgparse: Fix type of second calloc() parameter
    - BUG/MINOR: sample: fix the json converter's endian-sensitivity
    - BUG/MEDIUM: ssl: fix several bad pointer aliases in a few
      sample fetch functions
    - BUG/MINOR: connection: make sure to correctly tag local PROXY
    - MINOR: compiler: add new alignment macros
    - BUILD: ebtree: improve architecture-specific alignment
    - BUG/MINOR: h2: reject again empty :path pseudo-headers
    - BUG/MINOR: sample: Make sure to return stable IDs in the
      unique-id fetch
    - BUG/MINOR: dns: ignore trailing dot
    - BUG/MINOR: http-htx: Do case-insensive comparisons on Host
      header name
    - MINOR: contrib/prometheus-exporter: Add heathcheck status/code
      in server metrics
    - MINOR: contrib/prometheus-exporter: Add the last heathcheck
      duration metric
    - BUG/MEDIUM: random: initialize the random pool a bit better
    - MINOR: tools: add 64-bit rotate operators
    - BUG/MEDIUM: random: implement a thread-safe and process-safe
    - MINOR: backend: use a single call to ha_random32() for the
      random LB algo
    - BUG/MINOR: checks/threads: use ha_random() and not rand()
    - BUG/MAJOR: list: fix invalid element address calculation
    - MINOR: debug: report the task handler's pointer relative to
    - BUG/MEDIUM: debug: make the debug_handler check for the thread
      in threads_to_dump
    - MINOR: haproxy: export main to ease access from debugger
    - BUILD: tools: remove obsolete and conflicting trace() from
    - BUG/MINOR: wdt: do not return an error when the watchdog
      couldn't be enabled
    - DOC: fix incorrect indentation of http_auth_*
    - OPTIM: startup: fast unique_id allocation for acl.
    - BUG/MINOR: pattern: Do not pass len = 0 to calloc()
    - DOC: configuration.txt: fix various typos
    - DOC: assorted typo fixes in the documentation and Makefile
    - BUG/MINOR: init: make the automatic maxconn consider the max of
      soft/hard limits
    - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths
    - REGTEST: make the PROXY TLV validation depend on version 2.2
    - BUG/MINOR: filters: Use filter offset to decude the amount of
      forwarded data
    - BUG/MINOR: filters: Forward everything if no data filters are
    - MINOR: htx: Add a function to return a block at a specific
    - BUG/MEDIUM: cache/filters: Fix loop on HTX blocks caching the
      response payload
    - BUG/MEDIUM: compression/filters: Fix loop on HTX blocks
      compressing the payload
    - BUG/MINOR: http-ana: Reset request analysers on a response side
    - BUG/MINOR: lua: Ignore the reserve to know if a channel is full
      or not
    - BUG/MINOR: http-rules: Preserve FLT_END analyzers on reject
    - BUG/MINOR: http-rules: Fix a typo in the reject action function
    - BUG/MINOR: rules: Preserve FLT_END analyzers on silent-drop
    - BUG/MINOR: rules: Increment be_counters if backend is assigned
      for a silent-drop
    - DOC: fix typo about no-tls-tickets
    - DOC: improve description of no-tls-tickets
    - DOC: assorted typo fixes in the documentation
    - DOC: ssl: clarify security implications of TLS tickets
    - BUILD: wdt: only test for SI_TKILL when compiled with thread
    - BUG/MEDIUM: mt_lists: Make sure we set the deleted element to
    - MINOR: mt_lists: Appease gcc.
    - BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
    - BUG/MEDIUM: pools: Always update free_list in pool_gc().
    - BUG/MINOR: haproxy: always initialize sleeping_thread_mask
    - BUG/MINOR: listener/mq: do not dispatch connections to remote
      threads when stopping
    - BUG/MINOR: haproxy/threads: try to make all threads leave
    - DOC: proxy_protocol: Reserve TLV type 0x05 as
    - DOC: correct typo in alert message about rspirep
    - BUILD: on ARM, must be linked to libatomic.
    - BUILD: makefile: fix regex syntax in ARM platform detection
    - BUILD: makefile: fix expression again to detect ARM platform
    - BUG/MEDIUM: peers: resync ended with RESYNC_PARTIAL in wrong
    - DOC: assorted typo fixes in the documentation
    - MINOR: wdt: Move the definitions of WDTSIG and DEBUGSIG into
    - BUG/MEDIUM: wdt: Don't ignore WDTSIG and DEBUGSIG in
    - MINOR: memory: Change the flush_lock to a spinlock, and don't
      get it in alloc.
    - BUG/MINOR: connections: Make sure we free the connection on
    - REGTESTS: use "command -v" instead of "which"
    - REGTEST: increase timeouts on the seamless-reload test
    - BUG/MINOR: haproxy/threads: close a possible race in soft-stop
    - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized
    - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL
    - BUG/MINOR: peers: Use after free of "peers" section.
    - MINOR: listener: add so_name sample fetch
    - BUILD: ssl: only pass unsigned chars to isspace()
    - BUG/MINOR: stats: Fix color of draining servers on stats page
    - DOC: internals: Fix spelling errors in filters.txt
    - MINOR: http-rules: Add a flag on redirect rules to know the
      rule direction
    - BUG/MINOR: http_ana: make sure redirect flags don't have
      overlapping bits
    - MINOR: http-rules: Handle the rule direction when a redirect is
    - BUG/MINOR: http-ana: Reset request analysers on error when
      waiting for response
    - BUG/CRITICAL: hpack: never index a header into the headroom
      after wrapping
* Fri Feb 14 2020 Thorsten Kukuk <>
  - Remove unsupported options from example haproxy.cfg
  - Make haproxy useable for containers
    - Use sysusers.d to create users.
    - Use systemd_ordering instead of requiring systemd.
    - Own vim syntax directory instead of requiring vim. This also
      solves the problem the directory got never removed if vim is
      updated before haproxy.
* Wed Feb 12 2020
  - Update to version 2.1.3+git0.5c020bbdd:
    * [RELEASE] Released version 2.1.3
    * BUG/MINOR: tcp: don't try to set defaultmss when value is negative
    * BUG/MINOR: http-ana: Set HTX_FL_PROXY_RESP flag if a server perform a redirect
    * BUG/MINOR: http-ana: Don't overwrite outgoing data when an error is reported
    * MINOR: htx/channel: Add a function to copy an HTX message in a channel's buffer
    * MINOR: htx: Add a function to append an HTX message to another one
    * DOC: word converter ignores delimiters at the start or end of input string
    * MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs
    * BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
    * BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
    * BUG/MEDIUM: listener: only consider running threads when resuming listeners
    * BUG/MINOR: dns: allow 63 char in hostname
    * BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
    * DOC: schematic of the SSL certificates architecture
    * BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init
    * SCRIPTS: announce-release: allow the user to force to overwrite old files
    * SCRIPTS: announce-release: place the send command in the mail's header
    * CONTRIB: debug: also support reading values from stdin
    * MINOR: acl: Warn when an ACL is named 'or'
    * CONTRIB: debug: support reporting multiple values at once
    * CONTRIB: debug: add the possibility to decode the value as certain types only
    * CONTRIB: debug: add missing flags SF_HTX and SF_MUX
    * BUG/MINOR: ssl: clear the SSL errors on DH loading failure
    * BUG/MINOR: ssl: we may only ignore the first 64 errors
    * BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty.
    * BUG/MEDIUM: memory: Add a rwlock before freeing memory.
    * MINOR: memory: Only init the pool spinlock once.
    * BUG/MEDIUM: memory_pool: Update the seq number in pool_flush().
    * BUG/MEDIUM: connections: Don't forget to unlock when killing a connection.
    * BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2
    * BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer.
    * BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error
    * BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack
    * BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.
    * MINOR: lua: Add HLUA_PREPEND_C?PATH build option
    * MINOR: lua: Add lua-prepend-path configuration option
    * MINOR: lua: Add hlua_prepend_path function
    * BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines
    * BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers"
    * BUG/MINOR: stktable: report the current proxy name in error messages
    * BUG/MEDIUM: 0rtt: Only consider the SSL handshake.
    * BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert"
    * BUG/MINOR: ssl: typo in previous patch
    * BUG/MINOR: ssl: memory leak w/ the ocsp_issuer
    * BUG/MINOR: ssl: increment issuer refcount if in chain
    * CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2
    * BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded
    * BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
    * BUG/MEDIUM: netscaler: Don't forget to allocate storage for conn->src/dst.
    * BUG/MINOR: http_act: don't check capture id in backend
    * MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive
    * BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak
    * BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak
    * BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak
    * BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing
    * BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing
    * BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
    * BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters
    * BUILD: pattern: include errno.h
    * BUG/MINOR: 51d: Fix bug when HTX is enabled
    * BUG/MINOR: dns: Make dns_query_id_seed unsigned
    * BUG/MINOR: cache: Fix leak of cache name in error path
    * BUG/MINOR: pattern: handle errors from fgets when trying to load patterns
    * BUG/MEDIUM: connection: add a mux flag to indicate splice usability
    * BUG/MINOR: stream: don't mistake match rules for store-request rules
    * BUG/MEDIUM: cli: _getsocks must send the peers sockets
    * REGTEST: add sample_fetches/hashes.vtc to validate hashes
    * BUG/MAJOR: hashes: fix the signedness of the hash inputs
    * BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed().
    * BUG/MEDIUM: mworker: remain in mworker mode during reload
    * REGTEST: mcli/mcli_start_progs: start 2 programs
    * BUG/MINOR: cli/mworker: can't start haproxy with 2 programs
    * BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary
    * BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch
    * BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send()
    * BUG/MEDIUM: tasks: Use the MT macros in tasklet_free().
    * BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached
    * BUG/MEDIUM: session: do not report a failure when rejecting a session
    * BUG/MINOR: channel: inject output data at the end of output
    * BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied
    * BUG/MINOR: proxy: Fix input data copy when an error is captured
    * BUG/MINOR: h1: Report the right error position when a header value is invalid
    * MINOR: ssl: Remove unused variable "need_out".
    * MINOR: config: disable busy polling on old processes
    * BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection.
    * BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready.
    * BUG/MINOR: checks: refine which errno values are really errors.
* Fri Feb 07 2020
  - Update to version 2.1.2+git0.d5b6759b5:
    * [RELEASE] Released version 2.1.2
    * BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility
    * BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
    * BUG/MINOR: state-file: do not leak memory on parse errors
    * BUG/MINOR: state-file: do not store duplicates in the global tree
    * BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry
    * BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
    * BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd
    * MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
    * BUG/MEDIUM: ssl: Revamp the way early data are handled.
    * BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
    * MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
    * MINOR: http: add a new "replace-path" action
    * MINOR: debug: support logging to various sinks
    * BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
    * MINOR: sample: Validate the number of bits for the sha2 converter
    * BUG/MINOR: sample: always check converters' arguments
    * BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
    * DOC: clarify the fact that replace-uri works on a full URI
* Fri Feb 07 2020 Marcus Rueckert <>
  - drop the udev buildrequires completely
* Thu Jan 23 2020 Dominique Leuenberger <>
  - BuildRequire pkgconfig(udev) instead of udev: allow OBS to
    shortcut through the -mini flavors.
* Wed Dec 11 2019
  - Update to version 2.1.1+git0.4ae521379:
    * [RELEASE] Released version 2.1.1
    * BUILD/MINOR: unix sockets: silence an absurd gcc warning about strncpy()
    * BUG/MINOR: listener: fix off-by-one in state name check
    * BUG/MINOR: server: make "agent-addr" work on default-server line
    * BUG/MINOR: listener: do not immediately resume on transient error
    * BUG/MINOR: mworker: properly pass SIGTTOU/SIGTTIN to workers
    * BUG/MINOR: log: fix minor resource leaks on logformat error path
    * DOC: remove references to the outdated architecture.txt
    * DOC: proxies: HAProxy only supports 3 connection modes
    * BUG/MINOR: tasks: only requeue a task if it was already in the queue
    * DOC: listeners: add a few missing transitions
* Tue Dec 10 2019
  - Update to version 2.1.0+git33.8e4a62508:
    * BUG/MEDIUM: proto_udp/threads: recv() and send() must not be exclusive.
    * BUG/MAJOR: dns: add minimalist error processing on the Rx path
    * BUG/MEDIUM: kqueue: Make sure we report read events even when no data.
    * DOC: document the listener state transitions
    * BUG/MEDIUM: listener/threads: fix a remaining race in the listener's accept()
    * BUG/MINOR: listener: also clear the error flag on a paused listener
    * BUG/MINOR: listener/threads: always use atomic ops to clear the FD events
    * BUG/MINOR: proxy: make soft_stop() also close FDs in LI_PAUSED state
    * BUG/MEDIUM: mux-fcgi: Handle cases where the HTX EOM block cannot be inserted
    * BUG/MINOR: mux-h1: Be sure to set CS_FL_WANT_ROOM when EOM can't be added
* Fri Dec 06 2019
  - Update to version 2.1.0+git23.e77b108cd:
    * BUG/MEDIUM: checks: Make sure we set the task affinity just before connecting.
    * BUG/MEDIUM: tasks: Make sure we switch wait queues in task_set_affinity().
* Thu Dec 05 2019
  - Update to version 2.1.0+git21.67ff2112b:
    * BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
    * BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
    * BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
    * BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
    * BUG/MEDIUM: listener/thread: fix a race when pausing a listener
    * BUG/MINOR: ssl/cli: don't overwrite the filters variable
    * BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
    * BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
    * DOC: move the "group" keyword at the right place
    * DOC: Fix ordered list in summary
* Thu Dec 05 2019 Marcus Rueckert <>
  - switch to the 2.1 branch
* Thu Dec 05 2019
  - Update to version 2.0.10+git14.7caf150a:
    * BUG/MINOR: mux-h1: Fix conditions to know whether or not we may receive data
    * BUG/MINOR: mux-h1: Don't rely on CO_FL_SOCK_RD_SH to set H1C_F_CS_SHUTDOWN
    * BUG/MEDIUM: mux-h1: Never reuse H1 connection if a shutw is pending
    * BUG/MINOR: ssl: certificate choice can be unexpected with openssl >= 1.1.1
    * BUG/MEDIUM: listener/thread: fix a race when pausing a listener
    * BUG/MINOR: stream-int: avoid calling rcv_buf() when splicing is still possible
    * BUG/MEDIUM: stream-int: don't subscribed for recv when we're trying to flush data
    * DOC: move the "group" keyword at the right place
    * DOC: clarify matching strings on binary fetches
    * DOC: Clarify behavior of server maxconn in HTTP mode
* Fri Nov 29 2019
  - Update to version 2.0.10+git4.6d9a455d:
    * BUG/MINOR: http-htx: Don't make http_find_header() fail if the value is empty
* Thu Nov 28 2019
  - Update to version 2.0.10+git3.200c6215:
    * BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only
* Wed Nov 27 2019
  - Update to version 2.0.10+git2.3a00e5fc:
    * BUG/MINOR: contrib/prometheus-exporter: Use HTX errors and not legacy ones
    * BUG/MINOR: stream: init variables when the list is empty
* Mon Nov 25 2019
  - Update to version 2.0.10+git0.ac198b92: (bsc#1157712) (bsc#1157714)
    * [RELEASE] Released version 2.0.10
    * SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands
    * SCRIPTS: create-release: show the correct origin name in suggested commands
    * BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state
    * BUG/MAJOR: h2: make header field name filtering stronger
    * BUG/MAJOR: h2: reject header values containing invalid chars
    * MINOR: ist: add ist_find_ctl()
    * BUG/MINOR: ssl: fix curve setup with LibreSSL
    * BUG/MINOR: cli: fix out of bounds in -S parser
    * DOC: Add documentation about the use-service action
    * DOC: Add missing stats fields in the management manual
    * BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message
    * BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser()
    * MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps
    * REGTEST: vtest can now enable mcli with its own flag
    * MINOR: stats: Report max times in addition of the averages for sessions
    * BUG/MINOR: stream-int: Fix si_cs_recv() return value
    * MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance
    * MINOR: contrib/prometheus-exporter: filter exported metrics by scope
    * MINOR: contrib/prometheus-exporter: report the number of idle conns per server
    * BUG/MINOR: contrib/prometheus-exporter: Rename some metrics
    * MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions
    * MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time
    * MINOR: stream: Remove the lock on the proxy to update time stats
    * MINOR: freq_ctr: Make the sliding window sums thread-safe
    * BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding
    * BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
    * BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests
    * BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported
    * BUILD/MINOR: ssl: fix compiler warning about useless statement
    * BUG/MINOR: peers: "peer alive" flag not reset when deconnecting.
    * BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec
* Tue Nov 19 2019
  - Update to version 2.0.9+git6.26b7b800:
    * BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
    * BUG/MINOR: peers: Wrong null "server_name" data field handling.
    * MINOR: peers: Add debugging information to "show peers".
    * MINOR: peers: Add TX/RX heartbeat counters.
    * MINOR: peers: Alway show the table info for disconnected peers.
* Tue Nov 19 2019
  - Update to version 2.0.9+git1.caf02113:
    * BUG/MINOR: init: fix set-dumpable when using uid/gid
* Tue Nov 19 2019
  - Update to version 2.0.9+git0.efac87ee (bsc#1154980) (CVE-2019-18277):
    * [RELEASE] Released version 2.0.9
    * BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe
    * BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams
    * BUG/MINOR: log: limit the size of the startup-logs
    * BUILD: contrib/da: remove an "unused" warning
    * MINOR: memory: also poison the area on freeing
    * CLEANUP: session: slightly simplify idle connection cleanup logic
    * BUG/MEDIUM: Make sure we leave the session list in session_free().
    * BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition
    * BUG/MINOR: queue/threads: make the queue unlinking atomic
    * DOC: management: fix typo on "cache_lookups" stats output
    * DOC: management: document cache_hits and cache_lookups in the CSV format
    * DOC: management: document reuse and connect counters in the CSV format
    * BUG: dns: timeout resolve not applied for valid resolutions
    * BUG/MINOR: action: do-resolve now use cached response
    * BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams
    * MINOR: doc: http-reuse connection pool fix
    * BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it
    * BUG/MEDIUM: mux-h1: Disable splicing for chunked messages
    * BUG/MEDIUM: mux-h2: immediately report connection errors on streams
    * BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list
    * BUG/MEDIUM: mux-h2: report no available stream on a connection having errors
    * BUG/MINOR: config: Update cookie domain warn to RFC6265
    * BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready.
    * BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready.
    * MINOR: mux: Add a new method to get informations about a mux.
    * BUG/MINOR: spoe: fix off-by-one length in UUID format string
    * BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached
    * BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent
    * BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed
    * MINOR: tcp: avoid confusion in time parsing init
    * BUG/MINOR: mux-h2: do not emit logs on backend connections
    * MINOR: config: warn on presence of "\n" in header values/replacements
* Tue Nov 19 2019
  - Update to version 2.0.8+git0.60e6020c:
    * [RELEASE] Released version 2.0.8
    * BUG/MEDIUM: pattern: make the pattern LRU cache thread-local and lockless
    * BUG/MINOR: stick-table: fix an incorrect 32 to 64 bit key conversion
    * BUG/MINOR: ssl: fix memcpy overlap without consequences.
    * BUG/MEDIUM: http: unbreak redirects in legacy mode
    * BUG/MINOR: mux-h2: also make sure blocked legacy connections may expire
    * BUG/MINOR: sample: Make the `field` converter compatible with `-m found`
    * BUG/MINOR: cache: alloc shctx after check config
    * BUG/MINOR: stick-table: Never exceed (MAX_SESS_STKCTR-1) when fetching a stkctr
    * BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed
    * BUG/MINOR: mworker/cli: reload fail with inherited FD
    * BUG/MEDIUM: ssl: 'tune.ssl.default-dh-param' value ignored with openssl > 1.1.1
    * CLEANUP: bind: handle warning label on bind keywords parsing.
    * CLEANUP: ssl: make ssl_sock_load_dh_params handle errcode/warn
    * CLEANUP: ssl: make ssl_sock_put_ckch_into_ctx handle errcode/warn
    * CLEANUP: ssl: make ssl_sock_load_cert*() return real error codes
    * REGTEST: mcli/mcli_show_info: launch a 'show info' on the master CLI
    * BUG/MEDIUM: mux_pt: Only call the wake emthod if nobody subscribed to receive.
    * BUG/MEDIUM: mux_pt: Don't destroy the connection if we have a stream attached.
    * Revert e8826ded5fea3593d89da2be5c2d81c522070995.
    * BUG/MAJOR: idle conns: schedule the cleanup task on the correct threads
    * BUG/MEDIUM: mux_pt: Make sure we don't have a conn_stream before freeing.
    * BUG/MINOR: tcp: Don't alter counters returned by tcp info fetchers
    * BUG/MINOR: mworker/ssl: close openssl FDs unconditionally
    * BUG/MINOR: http-htx: Properly set htx flags on error files to support keep-alive
    * MINOR: version: make the version strings variables, not constants
    * BUG/MINOR: WURFL: fix send_log() function arguments
    * BUG/MINOR: mux-h1: Capture ignored parsing errors
    * BUG/MINOR: mux-h1: Mark the output buffer as full when the xfer is interrupted
    * BUG/MINOR: chunk: Fix tests on the chunk size in functions copying data
    * BUG/MEDIUM: htx: Catch chunk_memcat() failures when HTX data are formatted to h1
    * BUILD: ssl: wrong #ifdef for SSL engines code
    * BUG/MINOR: ssl: abort on sni_keytypes allocation failure
    * BUG/MINOR: ssl: free the sni_keytype nodes
    * BUG/MINOR: ssl: abort on sni allocation failure
    * BUG/MEDIUM: applet: always check a fast running applet's activity before killing
    * MINOR: stats: mention in the help message support for "json" and "typed"
    * DOC: fix typo in Prometheus exporter doc
    * DOC: clarify some points around http-send-name-header's behavior
    * BUG/MEDIUM: cache: make sure not to cache requests with absolute-uri
    * BUG/MINOR: peers: crash on reload without local peer.
    * BUG/MEDIUM: mux-h2: do not enforce timeout on long connections
    * BUILD: ebtree: make eb_is_empty() and eb_is_dup() take a const
    * MINOR: mux-h2: add a per-connection list of blocked streams
    * BUG/MINOR: action: do-resolve does not yield on requests with body
    * BUG/MEDIUM: lua: Store stick tables into the sample's `t` field
    * BUG/MINOR: lua: Properly initialize the buffer's fields for string samples in hlua_lua2(smp|arg)
    * BUG/MINOR: stats: Add a missing break in a switch statement
* Mon Oct 07 2019
  - Update to version 2.0.7+git0.1909aa1e:
    * [RELEASE] Released version 2.0.7
    * BUG/MEDIUM: namespace: fix fd leak in master-worker mode
    * DOC: Fix documentation about the cli command to get resolver stats
    * BUG/MINOR: contrib/prometheus-exporter: Return the time averages in seconds
    * MINOR: stats: Add the support of float fields in stats
    * MINOR: spoe: Support the async mode with several threads
    * MINOR: spoe: Improve generation of the engine-id
    * BUG/MEDIUM: spoe: Use a different engine-id per process
    * BUG/MINOR: mux-h1: Do h2 upgrade only on the first request
    * BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames
    * BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed stream
    * BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams
    * BUG/MEDIUM: namespace: close open namespaces during soft shutdown
    * BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready
    * BUG/MEDIUM: checks: make sure the connection is ready before trying to recv
    * BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous sends
    * BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send()
    * BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1
    * BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame
    * BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe
    * BUG/MEDIUM: stick-table: Properly handle "show table" with a data type argument
* Tue Sep 17 2019
  - Update to version 2.0.6+git0.58706ab4:
    * [RELEASE] Released version 2.0.6
    * MINOR: sample: Add UUID-fetch
    * BUG/MINOR: Missing stat_field_names (since f21d17bb)
    * BUG/MINOR: backend: Fix a possible null pointer dereference
    * BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed
    * BUG/MINOR: filters: Properly set the HTTP status code on analysis error
    * BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding
    * BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context
    * BUG/MINOR: listener: Fix a possible null pointer dereference
    * MINOR: stats: report the number of idle connections for each server
    * BUG/MEDIUM: connection: don't keep more idle connections than ever needed
    * BUG/MAJOR: ssl: ssl_sock was not fully initialized.
    * BUG/MINOR: lb/leastconn: ignore the server weights for empty servers
    * MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers
    * BUG/MINOR: checks: do not uselessly poll for reads before the connection is up
    * BUG/MINOR: checks: make __event_chk_srv_r() report success before closing
    * BUG/MINOR: checks: start sending the request right after connect()
    * BUG/MINOR: checks: stop polling for write when we have nothing left to send
    * BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big
    * BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks
    * BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers
    * BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached
    * BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing
    * BUG/MINOR: h1: Properly reset h1m when parsing is restarted
    * BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled
    * BUG/MEDIUM: peers: local peer socket not bound.
    * BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data
    * BUG/MEDIUM: url32 does not take the path part into account in the returned hash.
    * BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener()
    * BUG/MINOR: mworker: disable SIGPROF on re-exec
    * DOC: fixed typo in management.txt
    * BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full
    * BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary
    * MEDIUM: debug: make the thread dump code show Lua backtraces
    * MINOR: lua: export applet and task handlers
    * MINOR: tools: add append_prefixed_str()
    * MINOR: debug: indicate the applet name when the task is task_run_applet()
* Thu Aug 22 2019
  - Use %license instead of %doc [bsc#1082318]
  - Recommend apparmor, it's not required to work (make haproxy
    useable in a container)
* Tue Aug 20 2019 Marcus Rueckert <>
  - enable prometheus exporter
* Tue Aug 20 2019 Marcus Rueckert <>
  - enable verbose make output
* Tue Aug 20 2019
  - Update to version 2.0.5+git0.d905f49a:
    * [RELEASE] Released version 2.0.5
    * BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
    * MINOR: fd: make sure to mark the thread as not stuck in fd_update_events()
    * BUG/MINOR: stats: Wait the body before processing POST requests
    * BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout
    * BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected.
    * BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers
    * BUG/MINOR: lua: fix setting netfilter mark
    * BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream.
    * BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX.
    * BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it
    * MINOR: ssl: ssl_fc_has_early should work for BoringSSL
    * BUG/MINOR: ssl: fix 0-RTT for BoringSSL
    * BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
    * [RELEASE] Released version 2.0.4
    * BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak
    * BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame
    * BUG/MINOR: mux-h2: always send stream window update before connection's
    * BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition
    * BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads
    * BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data()
    * BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one
    * BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete().
    * BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2
    * BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
    * BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
    * BUG/MINOR: stream-int: also update analysers timeouts on activity
    * BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
    * BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased
    * MINOR: wdt: also consider that waiting in the thread dumper is normal
    * BUG/MINOR: debug: fix a small race in the thread dumping code
* Tue Jul 30 2019
  - Update to version 2.0.3+git14.0ff395c1 (bsc#1142529) (CVE-2019-14241):
    * BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
    * BUG/MINOR: htx: Fix free space addresses calculation during a block expansion
    * BUG/MINOR: hlua: Only execute functions of HTTP class if the txn is HTTP ready
    * MINOR: hlua: Add a flag on the lua txn to know in which context it can be used
    * MINOR: hlua: Don't set request analyzers on response channel for lua actions
    * BUG/MEDIUM: hlua: Check the calling direction in lua functions of the HTTP class
    * BUG/MINOR: hlua/htx: Reset channels analyzers when txn:done() is called
    * DOC: improve the wording in CONTRIBUTING about how to document a bug fix
    * BUG/MINOR: log: make sure writev() is not interrupted on a file output
    * BUG/MEDIUM: streams: Don't switch the SI to SI_ST_DIS if we have data to send.
    * BUG/MEDIUM: lb-chash: Fix the realloc() when the number of nodes is increased
    * BUILD: threads: add the definition of PROTO_LOCK
    * BUG/MINOR: proxy: always lock stop_proxy()
    * BUG/MEDIUM: protocols: add a global lock for the init/deinit stuff
    * [RELEASE] Released version 2.0.3
    * BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by a delimiter
    * BUG/MINOR: http_htx: Support empty errorfiles
    * BUG/MINOR: http_ana: Be sure to have an allocated buffer to generate an error
    * BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream
    * BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach()
    * BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction
    * BUG/MINOR: checks: do not exit tcp-checks from the middle of the loop
    * BUG/MINOR: session: Send a default HTTP error if accept fails for a H1 socket
    * BUG/MINOR: session: Emit an HTTP error if accept fails only for H1 connection
    * BUG/MINOR: debug: Remove flags CO_FL_SOCK_WR_ENA/CO_FL_SOCK_RD_ENA
    * DOC: htx: Update comments in HTX files
    * BUG/MINOR: hlua: Make the function txn:done() HTX aware
    * BUG/MINOR: cache/htx: Make maxage calculation HTX aware
    * BUG/MINOR: http_htx: Initialize HTX error messages for TCP proxies
    * BUG/MINOR: http_fetch: Fix http_auth/http_auth_group when called from TCP rules
    * BUG/MINOR: backend: do not try to install a mux when the connection failed
    * BUG/MEDIUM: http/htx: unbreak option http_proxy
    * BUG/MEDIUM: checks: Don't attempt to receive data if we already subscribed.
    * BUG/MINOR: dns: remove irrelevant dependency on a client connection
    * [RELEASE] Released version 2.0.2
    * BUG/MEDIUM: threads: cpu-map designating a single thread/process are ignored
    * BUG/MEDIUM: tcp-check: unbreak multiple connect rules again
    * BUG/MINOR: mux-pt: do not pretend there's more data after a read0
    * BUG/MEDIUM: streams: Don't redispatch with L7 retries if redispatch isn't set.
    * BUG/MEDIUM: streams: Don't give up if we couldn't send the request.
    * BUG/MINOR: mux-h1: Correctly report Ti timer when HTX and keepalives are used
    * BUG/MEDIUM: mux-h1: Don't release h1 connection if there is still data to send
    * BUG/MAJOR: listener: fix thread safety in resume_listener()
    * MINOR: task: introduce work lists
    * BUG/MEDIUM: servers: Fix a race condition with idle connections.
    * DOC: Fix typos and grammer in configuration.txt
    * BUG/MEDIUM: da: cast the chunk to string.
    * BUG/MEDIUM: checks: Don't attempt to read if we destroyed the connection.
    * BUG/MINOR: server: Be really able to keep "pool-max-conn" idle connections
    * BUG/MEDIUM: fd/threads: fix excessive CPU usage on multi-thread accept
* Tue Jul 09 2019
  - Update to version 2.0.1+git27.5db881ff:
    * BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
    * BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it.
    * BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si
    * MINOR: stream-int: Factorize processing done after sending data in si_cs_send()
    * BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
    * BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted
    * BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
    * BUG/MEDIUM: http/applet: Finish request processing when a service is registered
    * MINOR: action: Add the return code ACT_RET_DONE for actions
    * BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
    * MINOR: server: Add "no-tfo" option.
    * BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
    * BUG/MEDIUM: servers: Authorize tfo in default-server.
    * BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux.
    * BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent
    * BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
    * BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
    * BUG/MINOR: hlua: Don't use channel_htx_recv_max()
    * BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
    * BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.
    * BUG/MEDIUM: connections: Always call shutdown, with no linger.
    * BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
    * BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
    * BUG/MEDIUM: checks: unblock signals in external checks
    * BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
    * BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
    * BUG/MINOR: mworker/cli: don't output a \n before the response
    * BUG/MINOR: mux-h1: Make format errors during output formatting fatal
    * BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages
    * BUG/MEDIUM: proto_htx: Don't add EOM on 1xx informational messages
    * BUG/MINOR: log: Detect missing sampling ranges in config
    * BUG/MINOR: memory: Set objects size for pools in the per-thread cache
    * BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is formatted
    * BUG/MINOR: htx: Save hdrs_bytes when the HTX start-line is replaced
    * BUG/MEDIUM: ssl: Don't do anything in ssl_subscribe if we have no ctx.
    * BUG/MEDIUM: connections: Always add the xprt handshake if needed.
    * BUG/MEDIUM: stream_interface: Don't add SI_FL_ERR the state is < SI_ST_CON.
    * BUG/MINOR: spoe: Fix memory leak if failing to allocate memory
    * BUG/MEDIUM: mworker/cli: command pipelining doesn't work anymore
    * BUG/MEDIUM: mworker: don't call the thread and fdtab deinit
    * BUG/MINOR: mworker-prog: Fix segmentation fault during cfgparse
    * BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL condition.
    * BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock
    * BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked
    * BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux
* Sun Jun 30 2019 Jan Engelhardt <>
  - Correct version line, which should be 2.0.0+git6.
* Tue Jun 18 2019 Marcus Rueckert <>
  - allow the new master socket path in the apparmor profile
* Tue Jun 18 2019
  - Update to version 2.0.0~git6.41dc8432:
    * BUG/MEDIUM: htx: Fully update HTX message when the block value is changed
    * MINOR: htx: Add the function htx_change_blk_value_len()
    * BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses
    * BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages
    * BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware
    * BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built
* Mon Jun 17 2019
  - Update to version 2.0.0~git0.ba23630a:
    - new internal native HTTP representation called HTX, was already in 1.9
      and is now enabled by default in 2.0 ;
    - end-to-end HTTP/2 support including trailers and continuation frames,
      as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
      the H2 preface;
    - server connection pooling and more advanced reuse, with ALPN protocol
      negotiation (already in 1.9) ;
    - layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
      as well as on the frontend ;
    - much more scalable multi-threading, which is even enabled by default on
      platforms where it was successfully tested ; by default, as many threads
      are started as the number of CPUs haproxy is allowed to run on. This
      removes a lot of configuration burden in VMs and containers ;
    - automatic maxconn setting for the process and the frontends, directly
      based on the number of available FDs (easier configuration in containers
      and with systemd) ;
    - logging to stdout for use in containers and systemd (already in 1.9).
      Logs can now provide micro-second resolution for some events ;
    - peers now support SSL, declaration of multiple stick-tables directly in
      the peers section, and synchronization of server names, not just IDs ;
    - In master-worker mode, the master process now exposes its own CLI and
      can communicate with all other processes (including the stopping ones),
      even allowing to connect to their CLI and check their state. It is also
      possible to start some sidecar programs and monitor them from the master,
      and the master can automatically kill old processes that survived too
      many reloads ;
    - the incoming connections are load-balanced between all threads depending
      on their load to minimize the processing time and maximize the capacity
      (already in 1.9) ;
    - the SPOE connection load-balancing was significantly improved in order
      to reduce high percentiles of SPOA response time (already in 1.9) ;
    - the "random" load balancing algorithm and a power-of-two-choices variant
      were introduced ;
    - statistics improvements with per-thread counters for certain things, and
      a prometheus exporter for all our statistics;
    - lots of debugging help, it's easier to produce a core dump, there are
      new commands on the CLI to control various things, there is a watchdog
      to fail cleanly when a thread deadlock or a spinning task are detected,
      so overall it should provide a better experience in field and less
      round trips between users and developers (hence less stress during an
    - all 3 device detection engines are now compatible with multi-threading
      and can be build-tested without any external dependencies ;
    - "do-resolve" http-request action to perform a DNS resolution on any,
      sample, and resolvers now support relying on /etc/resolv.conf to match
      the local resolver ;
    - log sampling and balancing : it's now possible to send 1 log every 10
      to a server, or to spread the logging load over multiple log servers;
    - a new SPOA agent (spoa_server) allows to interface haproxy with Python
      and Lua programs ;
    - support for Solaris' event ports (equivalent of kqueue or epoll) which
      will significantly improve the performance there when dealing with
      numerous connections ;
    - some warnings are now reported for some deprecated options that will
      be removed in 2.1. Since 2.0 is long term supported, there's no
      emergency to convert them, however if you see these warnings, you
      need to understand that you're among their extremely rare users and
      just because of this you may be taking risks by keeping them ;
    - A new SOCKS4 server-side layer was provided ; it allows outgoing
      connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
    - priority- and latency- aware server queues : it is possible now to
      assign priorities to certain requests and/or to give them a time
      bonus or penalty to refine control of the traffic and be able to
      engage on SLAs.
    - internally the architecture was significantly redesigned to allow to
      further improve performance and make it easier to implement protocols
      that span over multiple layers (such as QUIC). This work started in
      1.9 and will continue with 2.1.
    - the I/O, applets and tasks now share the same multi-threaded scheduler,
      giving a much better responsiveness and fairness between all tasks as
      is visible with the CLI which always responds instantly even under
      extreme loads (started in 1.9) ;
    - the internal buffers were redesigned to ease zero-copy operations, so
      that it is possible to sustain a high bandwidth even when forwarding
      HTTP/1 to/from HTTP/2 (already in 1.9) ;
* Fri May 03 2019
  - Update to version 1.8.20~git0.6fb9fadc:
    * [RELEASE] Released version 1.8.20
    * BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet handler
    * BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
    * BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
    * BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP rules
    * BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
    * BUG/MEDIUM: maps: only try to parse the default value when it's present
    * BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
    * MINOR: skip get_gmtime where tm is unused
    * BUILD/MINOR: listener: Silent a few signedness warnings.
    * BUG/MEDIUM: listener: make sure the listener never accepts too many conns
    * BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
    * MAJOR: listener: do not hold the listener lock in listener_accept()
    * BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
    * BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
    * BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last element
    * MINOR: list: make the delete and pop operations idempotent
    * BUG/MEDIUM: list: add missing store barriers when updating elements and head
    * BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
    * BUG/MEDIUM: list: fix the rollback on addq in the locked liss
    * BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
    * MINOR: lists: Implement locked variations.
    * BUG/MINOR: threads: fix the process range of thread masks
    * BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented messages
    * BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the stream
    * BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
    * BUILD: connection: fix naming of ip_v field
    * BUILD: use inttypes.h instead of stdint.h
    * BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on release.
    * MINOR: cli: start addresses by a prefix in 'show cli sockets'
    * BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
    * BUILD: Makefile: disable shared cache on AIX 5.1
    * BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
    * BUILD: makefile: fix build of IPv6 header on aix51
    * MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
    * BUILD: makefile: work around an old bug in GNU make-3.80
    * BUG/MAJOR: checks: segfault during tcpcheck_main
    * DOC: The option httplog is no longer valid in a backend.
    * BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using ssl-default-server-ciphersuites
    * BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
    * BUG/MAJOR: stats: Fix how huge POST data are read from the channel
    * BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
    * BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
    * MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
    * BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
    * BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
    * BUG/MEDIUM: logs: Only attempt to free startup_logs once.
    * BUG/MINOR: listener: keep accept rate counters accurate under saturation
    * BUG/MAJOR: listener: Make sure the listener exist before using it.
* Mon Feb 11 2019
  - Update to version 1.8.19~git0.ebf033b4:
    * [RELEASE] Released version 1.8.19
    * BUG/MINOR: config: Reinforce validity check when a process number is parsed
    * BUG/MAJOR: stream: avoid double free on unique_id
    * BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
    * BUG/MEDIUM: server: initialize the idle conns list after parsing the config
    * BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
    * BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
    * BUG/MINOR: spoe: do not assume agent->rt is valid on exit
    * DOC: ssl: Stop documenting ciphers example to use
    * DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
    * [RELEASE] Released version 1.8.18
    * BUG/MINOR: config: make sure to count the error on incorrect track-sc/stick rules
    * BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
    * BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
    * BUG/MINOR: config: fix bind line thread mask validation
    * BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
    * BUG/MEDIUM: mux-h2: do not close the connection on aborted streams
    * MINOR: connstream: have a new flag CS_FL_KILL_CONN to kill a connection
    * MINOR: stream-int: add a new flag to mention that we want the connection to be killed
    * MINOR: stream-int: expand the flags to 32-bit
    * BUG/MEDIUM: mux-h2: wait for the mux buffer to be empty before closing the connection
    * BUG/MEDIUM: mux-h2: make sure never to send GOAWAY on too old streams
    * BUG/MEDIUM: mux-h2: fix two half-closed to closed transitions
    * BUG/MEDIUM: mux-h2: wake up flow-controlled streams on initial window update
    * MINOR: xref: Add missing barriers.
    * BUG/MINOR: stream: don't close the front connection when facing a backend error
    * SCRIPTS: add the issue tracker URL to the announce script
    * SCRIPTS: add the slack channel URL to the announce script
    * BUG/MINOR: deinit: tcp_rep.inspect_rules not deinit, add to deinit
    * BUG/MINOR: spoe: corrected fragmentation string size
    * DOC: nbthread is no longer experimental.
    * BUG/MINOR: hpack: return a compression error on invalid table size updates
    * BUG/MINOR: mux-h2: make it possible to set the error code on an already closed stream
    * BUG/MINOR: mux-h2: headers-type frames in HREM are always a connection error
    * BUG/MINOR: mux-h2: CONTINUATION in closed state must always return GOAWAY
    * MINOR: h2: declare new sets of frame types
    * MINOR: h2: add a bit-based frame type representation
    * DOC: mention the effect of nf_conntrack_tcp_loose on src/dst
    * BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
    * BUG/MINOR: check: Wake the check task if the check is finished in wake_srv_chk()
    * BUG/MINOR: server: don't always trust srv_check_health when loading a server state
    * BUG/MINOR: stick_table: Prevent conn_cur from underflowing
    * BUG/MINOR: backend: BE_LB_LKUP_CHTREE is a value, not a bit
    * BUG/MINOR: backend: balance uri specific options were lost across defaults
    * BUG/MINOR: backend: don't use url_param_name as a hint for BE_LB_ALGO_PH
    * BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
    * DOC: Be a bit more explicit about allow-0rtt security implications.
    * BUG/MEDIUM: ssl: Disable anti-replay protection and set max data with 0RTT.
    * BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
    * DOC: http-request cache-use / http-response cache-store expects cache name
* Thu Jan 10 2019
  - Update to version 1.8.17~git0.e89d25b2 (bsc#1121283) (CVE-2018-20615):
    * BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
    * BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
    * BUG/MINOR: lua: bad args are returned for Lua actions
    * BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything
    * BUG/MEDIUM: cli: make "show sess" really thread-safe
    * MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
    * MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
    * MINOR: lb: allow redispatch when using consistent hash
    * BUG/MEDIUM: server: Also copy "check-sni" for server templates.
    * BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
    * MINOR: mux-h2: only increase the connection window with the first update
    * BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
    * BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
    * BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
    * BUG/MINOR: logs: leave startup-logs global and not per-thread



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Aug 19 23:15:38 2022