From d0089302651d36c236b94648dffe019e5626eef9 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 17 Apr 2020 14:19:38 +0200 Subject: [PATCH] [RELEASE] Released version 2.2-dev6 Released version 2.2-dev6 with the following main changes : - BUG/MINOR: ssl: memory leak when find_chain is NULL - CLEANUP: ssl: rename ssl_get_issuer_chain to ssl_get0_issuer_chain - MINOR: ssl: rework add cert chain to CTX to be libssl independent - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL - BUG/MINOR: peers: Use after free of "peers" section. - CI: github actions: add weekly h2spec test - BUG/MEDIUM: mux_h1: Process a new request if we already received it. - MINOR: build: Fix build in mux_h1 - CLEANUP: remove obsolete comments - BUG/MEDIUM: dns: improper parsing of aditional records - MINOR: ssl: skip self issued CA in cert chain for ssl_ctx - MINOR: listener: add so_name sample fetch - MEDIUM: stream: support use-server rules with dynamic names - MINOR: servers: Add a counter for the number of currently used connections. - MEDIUM: connections: Revamp the way idle connections are killed - MINOR: cli: add a general purpose pointer in the CLI struct - MINOR: ssl: add a list of bind_conf in struct crtlist - REORG: ssl: move SETCERT enum to ssl_sock.h - BUG/MINOR: ssl: ckch_inst wrongly inserted in crtlist_entry - REORG: ssl: move some functions above crtlist_load_cert_dir() - MINOR: ssl: use crtlist_free() upon error in directory loading - MINOR: ssl: add a list of crtlist_entry in ckch_store - MINOR: ssl: store a ptr to crtlist in crtlist_entry - MINOR: ssl/cli: update pointer to store in 'commit ssl cert' - MEDIUM: ssl/cli: 'add ssl crt-list' command - REGTEST: ssl/cli: test the 'add ssl crt-list' command - BUG/MINOR: ssl: entry->ckch_inst not initialized - REGTEST: ssl/cli: change test type to devel - REGTEST: make the PROXY TLV validation depend on version 2.2 - CLEANUP: assorted typo fixes in the code and comments - BUG/MINOR: stats: Fix color of draining servers on stats page - DOC: internals: Fix spelling errors in filters.txt - MINOR: connections: Don't mark conn flags 0x00000001 and 0x00000002 as unused. - REGTEST: make the unique-id test depend on version 2.0 - BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive - MINOR: ssl: split the line parsing of the crt-list - MINOR: ssl/cli: support filters and options in add ssl crt-list - MINOR: ssl: add a comment above the ssl_bind_conf keywords - REGTEST: ssl/cli: tests options and filters w/ add ssl crt-list - REGTEST: ssl: pollute the crt-list file - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping - BUG/MINOR: protocol_buffer: Wrong maximum shifting. - CLEANUP: src/fd.c: mask setsockopt with DISGUISE - BUG/MINOR: ssl/cli: initialize fcount int crtlist_entry - REGTEST: ssl/cli: add other cases of 'add ssl crt-list' - CLEANUP: assorted typo fixes in the code and comments - DOC: management: add the new crt-list CLI commands - BUG/MINOR: ssl/cli: fix spaces in 'show ssl crt-list' - MINOR: ssl/cli: 'del ssl crt-list' delete an entry - MINOR: ssl/cli: replace dump/show ssl crt-list by '-n' option - CI: use better SSL library definition - CI: travis-ci: enable DEBUG_STRICT=1 for CI builds - CI: travis-ci: upgrade openssl to 1.1.1f - MINOR: ssl: improve the errors when a crt can't be open - CI: cirrus-ci: rename openssl package after it is renamed in FreeBSD - CI: adopt openssl download script to download all versions - BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete - MINOR: ssl/cli: improve error for bundle in add/del ssl crt-list - MINOR: ssl/cli: 'del ssl cert' deletes a certificate - BUG/MINOR: ssl: trailing slashes in directory names wrongly cached - BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' - CLEANUP: ssl: use the refcount for the SSL_CTX' - CLEANUP: ssl/cli: use the list of filters in the crtlist_entry - BUG/MINOR: ssl: memleak of the struct cert_key_and_chain - CLEANUP: ssl: remove a commentary in struct ckch_inst - MINOR: ssl: initialize all list in ckch_inst_new() - MINOR: ssl: free instances and SNIs with ckch_inst_free() - MINOR: ssl: replace ckchs_free() by ckch_store_free() - BUG/MEDIUM: ssl/cli: trying to access to free'd memory - MINOR: ssl: ckch_store_new() alloc and init a ckch_store - MINOR: ssl: crtlist_new() alloc and initialize a struct crtlist - REORG: ssl: move some free/new functions - MINOR: ssl: crtlist_entry_{new, free} - BUG/MINOR: ssl: ssl_conf always set to NULL on crt-list parsing - MINOR: ssl: don't alloc ssl_conf if no option found - BUG/MINOR: connection: always send address-less LOCAL PROXY connections - BUG/MINOR: peers: Incomplete peers sections should be validated. - MINOR: init: report in "haproxy -c" whether there were warnings or not - MINOR: init: add -dW and "zero-warning" to reject configs with warnings - MINOR: init: report the compiler version in haproxy -vv - CLEANUP: assorted typo fixes in the code and comments - MINOR: init: report the haproxy version and executable path once on errors - DOC: Make how "option redispatch" works more explicit - BUILD: Makefile: add linux-musl to TARGET - CLEANUP: assorted typo fixes in the code and comments - CLEANUP: http: Fixed small typo in parse_http_return - DOC: hashing: update link to hashing functions --- CHANGELOG | 90 +++++++++++++++++++++++++++++++++++++++ VERDATE | 2 +- VERSION | 2 +- doc/configuration.txt | 2 +- doc/internals/hashing.txt | 2 +- 5 files changed, 94 insertions(+), 4 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 2fed2b46d..2d09e39a9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,96 @@ ChangeLog : =========== +2020/04/17 : 2.2-dev6 + - BUG/MINOR: ssl: memory leak when find_chain is NULL + - CLEANUP: ssl: rename ssl_get_issuer_chain to ssl_get0_issuer_chain + - MINOR: ssl: rework add cert chain to CTX to be libssl independent + - BUG/MINOR: peers: init bind_proc to 1 if it wasn't initialized + - BUG/MINOR: peers: avoid an infinite loop with peers_fe is NULL + - BUG/MINOR: peers: Use after free of "peers" section. + - CI: github actions: add weekly h2spec test + - BUG/MEDIUM: mux_h1: Process a new request if we already received it. + - MINOR: build: Fix build in mux_h1 + - CLEANUP: remove obsolete comments + - BUG/MEDIUM: dns: improper parsing of aditional records + - MINOR: ssl: skip self issued CA in cert chain for ssl_ctx + - MINOR: listener: add so_name sample fetch + - MEDIUM: stream: support use-server rules with dynamic names + - MINOR: servers: Add a counter for the number of currently used connections. + - MEDIUM: connections: Revamp the way idle connections are killed + - MINOR: cli: add a general purpose pointer in the CLI struct + - MINOR: ssl: add a list of bind_conf in struct crtlist + - REORG: ssl: move SETCERT enum to ssl_sock.h + - BUG/MINOR: ssl: ckch_inst wrongly inserted in crtlist_entry + - REORG: ssl: move some functions above crtlist_load_cert_dir() + - MINOR: ssl: use crtlist_free() upon error in directory loading + - MINOR: ssl: add a list of crtlist_entry in ckch_store + - MINOR: ssl: store a ptr to crtlist in crtlist_entry + - MINOR: ssl/cli: update pointer to store in 'commit ssl cert' + - MEDIUM: ssl/cli: 'add ssl crt-list' command + - REGTEST: ssl/cli: test the 'add ssl crt-list' command + - BUG/MINOR: ssl: entry->ckch_inst not initialized + - REGTEST: ssl/cli: change test type to devel + - REGTEST: make the PROXY TLV validation depend on version 2.2 + - CLEANUP: assorted typo fixes in the code and comments + - BUG/MINOR: stats: Fix color of draining servers on stats page + - DOC: internals: Fix spelling errors in filters.txt + - MINOR: connections: Don't mark conn flags 0x00000001 and 0x00000002 as unused. + - REGTEST: make the unique-id test depend on version 2.0 + - BUG/MEDIUM: dns: Consider the fact that dns answers are case-insensitive + - MINOR: ssl: split the line parsing of the crt-list + - MINOR: ssl/cli: support filters and options in add ssl crt-list + - MINOR: ssl: add a comment above the ssl_bind_conf keywords + - REGTEST: ssl/cli: tests options and filters w/ add ssl crt-list + - REGTEST: ssl: pollute the crt-list file + - BUG/CRITICAL: hpack: never index a header into the headroom after wrapping + - BUG/MINOR: protocol_buffer: Wrong maximum shifting. + - CLEANUP: src/fd.c: mask setsockopt with DISGUISE + - BUG/MINOR: ssl/cli: initialize fcount int crtlist_entry + - REGTEST: ssl/cli: add other cases of 'add ssl crt-list' + - CLEANUP: assorted typo fixes in the code and comments + - DOC: management: add the new crt-list CLI commands + - BUG/MINOR: ssl/cli: fix spaces in 'show ssl crt-list' + - MINOR: ssl/cli: 'del ssl crt-list' delete an entry + - MINOR: ssl/cli: replace dump/show ssl crt-list by '-n' option + - CI: use better SSL library definition + - CI: travis-ci: enable DEBUG_STRICT=1 for CI builds + - CI: travis-ci: upgrade openssl to 1.1.1f + - MINOR: ssl: improve the errors when a crt can't be open + - CI: cirrus-ci: rename openssl package after it is renamed in FreeBSD + - CI: adopt openssl download script to download all versions + - BUG/MINOR: ssl/cli: lock the ckch structures during crt-list delete + - MINOR: ssl/cli: improve error for bundle in add/del ssl crt-list + - MINOR: ssl/cli: 'del ssl cert' deletes a certificate + - BUG/MINOR: ssl: trailing slashes in directory names wrongly cached + - BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' + - CLEANUP: ssl: use the refcount for the SSL_CTX' + - CLEANUP: ssl/cli: use the list of filters in the crtlist_entry + - BUG/MINOR: ssl: memleak of the struct cert_key_and_chain + - CLEANUP: ssl: remove a commentary in struct ckch_inst + - MINOR: ssl: initialize all list in ckch_inst_new() + - MINOR: ssl: free instances and SNIs with ckch_inst_free() + - MINOR: ssl: replace ckchs_free() by ckch_store_free() + - BUG/MEDIUM: ssl/cli: trying to access to free'd memory + - MINOR: ssl: ckch_store_new() alloc and init a ckch_store + - MINOR: ssl: crtlist_new() alloc and initialize a struct crtlist + - REORG: ssl: move some free/new functions + - MINOR: ssl: crtlist_entry_{new, free} + - BUG/MINOR: ssl: ssl_conf always set to NULL on crt-list parsing + - MINOR: ssl: don't alloc ssl_conf if no option found + - BUG/MINOR: connection: always send address-less LOCAL PROXY connections + - BUG/MINOR: peers: Incomplete peers sections should be validated. + - MINOR: init: report in "haproxy -c" whether there were warnings or not + - MINOR: init: add -dW and "zero-warning" to reject configs with warnings + - MINOR: init: report the compiler version in haproxy -vv + - CLEANUP: assorted typo fixes in the code and comments + - MINOR: init: report the haproxy version and executable path once on errors + - DOC: Make how "option redispatch" works more explicit + - BUILD: Makefile: add linux-musl to TARGET + - CLEANUP: assorted typo fixes in the code and comments + - CLEANUP: http: Fixed small typo in parse_http_return + - DOC: hashing: update link to hashing functions + 2020/03/23 : 2.2-dev5 - CLEANUP: ssl: is_default is a bit in ckch_inst - BUG/MINOR: ssl/cli: sni_ctx' mustn't always be used as filters diff --git a/VERDATE b/VERDATE index c55c85bc8..65d50e416 100644 --- a/VERDATE +++ b/VERDATE @@ -1,2 +1,2 @@ $Format:%ci$ -2020/03/23 +2020/04/17 diff --git a/VERSION b/VERSION index 58c67dea8..386c58024 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.2-dev5 +2.2-dev6 diff --git a/doc/configuration.txt b/doc/configuration.txt index 6657cb88e..5d01835d7 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -4,7 +4,7 @@ ---------------------- version 2.2 willy tarreau - 2020/03/23 + 2020/04/17 This document covers the configuration language as implemented in the version diff --git a/doc/internals/hashing.txt b/doc/internals/hashing.txt index 1bf6b26a4..da358b04b 100644 --- a/doc/internals/hashing.txt +++ b/doc/internals/hashing.txt @@ -2,7 +2,7 @@ This document describes how Haproxy implements hashing both map-based and consistent hashing, both prior to versions 1.5 and the motivation and tests -that were done when providing additional options starting in version 1.5. +that were done when providing additional options starting in version 2.2 A note on hashing in general, hash functions strive to have little correlation between input and output. The heart of a hash function is its