From 7f0031e394d46a60efb2b8967b5ea9f39f867126 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 20 Mar 2025 14:27:37 +0100 Subject: [PATCH] [RELEASE] Released version 3.0.9 Released version 3.0.9 with the following main changes : - BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3 - BUG/MEDIUM: mux-quic: do not attach on already closed stream - MINOR: mux-quic: change return value of qcs_attach_sc() - BUG/MINOR: mux-quic: handle closure of uni-stream - BUG/MINOR: spoe: Check the shared waiting queue to shut applets during stopping - BUG/MINOR: spoe: Allow applet creation when closing the last one during stopping - BUG/MEDIUM: spoe: Don't wakeup idle applets in loop during stopping - BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED - REGTESTS: Fix truncated.vtc to send 0-CRLF - BUG/MEDIUM: htx: wrong count computation in htx_xfer_blks() - DOC: htx: clarify parameter for htx_xfer_blks() - DOC: option redispatch should mention persist options - BUG/MEDIUM: server: properly initialize PROXY v2 TLVs - TESTS: ist: fix wrong array size - CI: github: fix h2spec.config proxy names - BUG/MINOR: stream: fix age calculation in "show sess" output - BUG/MINOR: cfgparse-tcp: relax namespace bind check - MINOR: startup: adjust alert messages, when capabilities are missed - BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity - DOC: management: rename some last occurences from domain "dns" to "resolvers" - BUG/MINOR: server: fix the "server-template" prefix memory leak - BUILD: ssl: allow to build without the renegotiation API of WolfSSL - BUILD: ssl: more cleaner approach to WolfSSL without renegotiation - BUG/MEDIUM: debug: close a possible race between thread dump and panic() - BUG/MINOR: quic: reserve length field for long header encoding - BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks sigals - BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker - BUG/MEDIUM: filters: Handle filters registered on data with no payload callback - BUG/MINOR: fcgi: Don't set the status to 302 if it is already set - BUG/MINOR: quic: prevent crash on conn access after MUX init failure - BUG/MINOR: mux-quic: prevent crash after MUX init failure - BUG/MINOR: mux-h2: Properly handle full or truncated HTX messages on shut - BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval - BUG/MINOR: cli: Don't set SE flags from the cli applet - BUG/MINOR: cli: Fix memory leak on error for _getsocks command - BUG/MINOR: cli: Fix a possible infinite loop in _getsocks() - BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive - BUG/MINOR: auth: Fix a leak on error path when parsing user's groups - BUG/MINOR: flt-trace: Support only one name option - BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer - BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers - BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers - MINOR: clock: always use atomic ops for global_now_ms - BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info() - MINOR: tinfo: add a new thread flag to indicate a call from a sig handler - BUG/MEDIUM: stream: never allocate connection addresses from signal handler - MINOR: freq_ctr: provide non-blocking read functions - BUG/MEDIUM: stream: use non-blocking freq_ctr calls from the stream dumper - BUG/MINOR: h2: always trim leading and trailing LWS in header values - BUG/MINOR: h3: do not report transfer as aborted on preemptive response - CLEANUP: h3: fix documentation of h3_rcv_buf() - BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer - CLEANUP: log: removing "log-balance" references - BUG/MINOR: log: set proper smp size for balance log-hash - BUG/MEIDUM: startup: return to initial cwd only after check_config_validity() - BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server - BUG/MINOR: cfgparse/peers: properly handle ignored local peer case - BUG/MINOR: server: dont return immediately from parse_server() when skipping checks - MINOR: cfgparse/peers: provide more info when ignoring invalid "peer" or "server" lines - BUG/MINOR: stats: fix capabilities and hide settings for some generic metrics - BUG/MINOR: namespace: handle a possible strdup() failure - BUG/MINOR: ssl_crtlist: handle a possible strdup() failure - BUG/MINOR: http-check: Don't pretend a C-L heeader is set before adding it - BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup() - BUG/MEDIUM: stream: don't use localtime in dumps from a signal handler - MINOR: compiler: add a simple macro to concatenate resolved strings - MINOR: compiler: add a new __decl_thread_var() macro to declare local variables - MINOR: tools: resolve main() only once in resolve_sym_name() - MINOR: tools: use only opportunistic symbols resolution - BUILD: tools: silence a build warning when USE_THREAD=0 - MINOR: tinfo: split the signal handler report flags into 3 - MINOR: cli: export cli_io_handler() to ease symbol resolution - MINOR: tools: improve symbol resolution without dl_addr - MINOR: tools: ease the declaration of known symbols in resolve_sym_name() - MINOR: tools: teach resolve_sym_name() a few more common symbols - BUILD: tools: avoid a build warning on gcc-4.8 in resolve_sym_name() --- CHANGELOG | 80 +++++++++++++++++++++++++++++++++++++++++++++++++ VERDATE | 2 +- VERSION | 2 +- doc/configuration.txt | 2 +- 4 files changed, 83 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 58a43d8..00b2204 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,86 @@ ChangeLog : =========== +2025/03/20 : 3.0.9 + - BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3 + - BUG/MEDIUM: mux-quic: do not attach on already closed stream + - MINOR: mux-quic: change return value of qcs_attach_sc() + - BUG/MINOR: mux-quic: handle closure of uni-stream + - BUG/MINOR: spoe: Check the shared waiting queue to shut applets during stopping + - BUG/MINOR: spoe: Allow applet creation when closing the last one during stopping + - BUG/MEDIUM: spoe: Don't wakeup idle applets in loop during stopping + - BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED + - REGTESTS: Fix truncated.vtc to send 0-CRLF + - BUG/MEDIUM: htx: wrong count computation in htx_xfer_blks() + - DOC: htx: clarify parameter for htx_xfer_blks() + - DOC: option redispatch should mention persist options + - BUG/MEDIUM: server: properly initialize PROXY v2 TLVs + - TESTS: ist: fix wrong array size + - CI: github: fix h2spec.config proxy names + - BUG/MINOR: stream: fix age calculation in "show sess" output + - BUG/MINOR: cfgparse-tcp: relax namespace bind check + - MINOR: startup: adjust alert messages, when capabilities are missed + - BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity + - DOC: management: rename some last occurences from domain "dns" to "resolvers" + - BUG/MINOR: server: fix the "server-template" prefix memory leak + - BUILD: ssl: allow to build without the renegotiation API of WolfSSL + - BUILD: ssl: more cleaner approach to WolfSSL without renegotiation + - BUG/MEDIUM: debug: close a possible race between thread dump and panic() + - BUG/MINOR: quic: reserve length field for long header encoding + - BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding + - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals + - BUG/MINOR: ssl/cli: "show ssl crt-list" lacks sigals + - BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker + - BUG/MEDIUM: filters: Handle filters registered on data with no payload callback + - BUG/MINOR: fcgi: Don't set the status to 302 if it is already set + - BUG/MINOR: quic: prevent crash on conn access after MUX init failure + - BUG/MINOR: mux-quic: prevent crash after MUX init failure + - BUG/MINOR: mux-h2: Properly handle full or truncated HTX messages on shut + - BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval + - BUG/MINOR: cli: Don't set SE flags from the cli applet + - BUG/MINOR: cli: Fix memory leak on error for _getsocks command + - BUG/MINOR: cli: Fix a possible infinite loop in _getsocks() + - BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive + - BUG/MINOR: auth: Fix a leak on error path when parsing user's groups + - BUG/MINOR: flt-trace: Support only one name option + - BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer + - BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers + - BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers + - MINOR: clock: always use atomic ops for global_now_ms + - BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info() + - MINOR: tinfo: add a new thread flag to indicate a call from a sig handler + - BUG/MEDIUM: stream: never allocate connection addresses from signal handler + - MINOR: freq_ctr: provide non-blocking read functions + - BUG/MEDIUM: stream: use non-blocking freq_ctr calls from the stream dumper + - BUG/MINOR: h2: always trim leading and trailing LWS in header values + - BUG/MINOR: h3: do not report transfer as aborted on preemptive response + - CLEANUP: h3: fix documentation of h3_rcv_buf() + - BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer + - CLEANUP: log: removing "log-balance" references + - BUG/MINOR: log: set proper smp size for balance log-hash + - BUG/MEIDUM: startup: return to initial cwd only after check_config_validity() + - BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server + - BUG/MINOR: cfgparse/peers: properly handle ignored local peer case + - BUG/MINOR: server: dont return immediately from parse_server() when skipping checks + - MINOR: cfgparse/peers: provide more info when ignoring invalid "peer" or "server" lines + - BUG/MINOR: stats: fix capabilities and hide settings for some generic metrics + - BUG/MINOR: namespace: handle a possible strdup() failure + - BUG/MINOR: ssl_crtlist: handle a possible strdup() failure + - BUG/MINOR: http-check: Don't pretend a C-L heeader is set before adding it + - BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup() + - BUG/MEDIUM: stream: don't use localtime in dumps from a signal handler + - MINOR: compiler: add a simple macro to concatenate resolved strings + - MINOR: compiler: add a new __decl_thread_var() macro to declare local variables + - MINOR: tools: resolve main() only once in resolve_sym_name() + - MINOR: tools: use only opportunistic symbols resolution + - BUILD: tools: silence a build warning when USE_THREAD=0 + - MINOR: tinfo: split the signal handler report flags into 3 + - MINOR: cli: export cli_io_handler() to ease symbol resolution + - MINOR: tools: improve symbol resolution without dl_addr + - MINOR: tools: ease the declaration of known symbols in resolve_sym_name() + - MINOR: tools: teach resolve_sym_name() a few more common symbols + - BUILD: tools: avoid a build warning on gcc-4.8 in resolve_sym_name() + 2025/01/29 : 3.0.8 - BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state - BUG/MINOR: stats: decrement srv refcount on stats-file release diff --git a/VERDATE b/VERDATE index 9c02e5c..3be5a34 100644 --- a/VERDATE +++ b/VERDATE @@ -1,2 +1,2 @@ $Format:%ci$ -2025/01/29 +2025/03/20 diff --git a/VERSION b/VERSION index 67786e2..747457c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.0.8 +3.0.9 diff --git a/doc/configuration.txt b/doc/configuration.txt index 32efaf7..8bcc3b7 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3,7 +3,7 @@ Configuration Manual ---------------------- version 3.0 - 2025/01/29 + 2025/03/20 This document covers the configuration language as implemented in the version -- 1.7.10.4