Changes since version 3.4-dev4 : Amaury Denoyelle (22): MINOR: cfgparse: validate defaults proxies separately MINOR: cfgparse: move proxy post-init in a dedicated function MINOR: proxy: refactor proxy inheritance of a defaults section MINOR: proxy: refactor mode parsing MINOR: backend: add function to check support for dynamic servers MINOR: proxy: define "add backend" handler MINOR: proxy: parse mode on dynamic backend creation MINOR: proxy: parse guid on dynamic backend creation MINOR: proxy: check default proxy compatibility on "add backend" MEDIUM: proxy: implement dynamic backend creation MINOR: proxy: assign dynamic proxy ID REGTESTS: add dynamic backend creation test BUG/MINOR: proxy: fix clang build error on "add backend" handler BUG/MINOR: proxy: fix null dereference in "add backend" handler BUG/MINOR: proxy: fix default ALPN bind settings BUG/MINOR: quic: ensure handshake speed up is only run once per conn BUG/MAJOR: quic: reject invalid token BUG/MAJOR: quic: fix parsing frame type BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS" BUG/MEDIUM: h3: reject frontend CONNECT as currently not implemented MINOR: mux-quic: add BUG_ON_STRESS() when draining data on closed stream REGTESTS: fix quoting in feature cmd which prevents test execution Aurelien DARRAGON (4): MINOR: filters: rework RESUME_FILTER_* macros as inline functions MINOR: filters: rework filter iteration for channel related callback functions MEDIUM: filters: use per-channel filter list when relevant MEDIUM: backend: make "balance random" consider tg local req rate when loads are equal Christopher Faulet (36): BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed BUG/MEDIUM: mux-h1: Stop sending vi fast-forward for unexpected states BUG/MEDIUM: applet: Fix test on shut flags for legacy applets (v2) DEV: term-events: Fix hanshake events decoding BUG/MINOR: flt-trace: Properly compute length of the first DATA block MINOR: flt-trace: Add an option to limit the amount of data forwarded CLEANUP: compression: Remove unused static buffers BUG/MEDIUM: shctx: Use the next block when data exactly filled a block BUG/MINOR: http-ana: Stop to wait for body on client error/abort MINOR: stconn: Add missing SC_FL_NO_FASTFWD flag in sc_show_flags REORG: stconn: Move functions related to channel buffers to sc_strm.h MINOR: tree-wide: Use the buffer size instead of global setting when possible MINOR: buffers: Swap buffers of same size only BUG/MINOR: config: Check buffer pool creation for failures MEDIUM: cache: Don't rely on a chunk to store messages payload MEDIUM: stream: Limit number of synchronous send per stream wakeup MEDIUM: compression: Be sure to never compress more than a chunk at once MEDIUM: mux-h1/mux-h2/mux-fcgi/h3: Disable 0-copy for buffers of different size MEDIUM: applet: Disable 0-copy for buffers of different size MINOR: h1-htx: Disable 0-copy for buffers of different size MEDIUM: stream: Offer buffers of default size only BUG/MEDIUM: htx: Fix function used to change part of a block value when defrag MEDIUM: htx: Refactor transfer of htx blocks to merge DATA blocks if possible MEDIUM: htx: Refactor htx defragmentation to merge data blocks MEDIUM: htx: Improve detection of fragmented/unordered HTX messages MINOR: http-ana: Do a defrag on unaligned HTX message when waiting for payload MINOR: http-fetch: Use pointer to HTX DATA block when retrieving HTX body MEDIUM: dynbuf: Add a pool for large buffers with a configurable size MEDIUM: chunk: Add support for large chunks MEDIUM: stconn: Properly handle large buffers during a receive MEDIUM: sample: Get chunks with a size dependent on input data when necessary MEDIUM: http-fetch: Be able to use large chunks when necessary MINPR: htx: Get large chunk if necessary to perform a defrag MEDIUM: http-ana: Use a large buffer if necessary when waiting for body MINOR: dynbuf: Add helpers to know if a buffer is a default or a large buffer MINOR: config: reject configs using HTTP with large bufsize >= 256 MB David Carlier (15): BUG/MINOR: deviceatlas: add missing return on error in config parsers BUG/MINOR: deviceatlas: add NULL checks on strdup() results in config parsers BUG/MEDIUM: deviceatlas: fix resource leaks on init error paths BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv() BUG/MINOR: deviceatlas: fix cookie vlen using wrong length after extraction BUG/MINOR: deviceatlas: fix double-checked locking race in checkinst BUG/MINOR: deviceatlas: fix resource leak on hot-reload compile failure BUG/MINOR: deviceatlas: fix deinit to only finalize when initialized BUG/MINOR: deviceatlas: set cache_size on hot-reloaded atlas instance MINOR: deviceatlas: check getproptype return and remove pprop indirection MINOR: deviceatlas: increase DA_MAX_HEADERS and header buffer sizes MINOR: deviceatlas: define header_evidence_entry in dummy library header MINOR: deviceatlas: precompute maxhdrlen to skip oversized headers early CLEANUP: deviceatlas: add unlikely hints and minor code tidying BUG/MEDIUM: jwe: fix timing side-channel and dead code in JWE decryption Egor Shestakov (3): BUG/MINOR: startup: fix allocation error message of progname string BUG/MINOR: startup: handle a possible strdup() failure CLEANUP: initcall: adjust comments to INITCALL{0,1} macros Frederic Lecaille (1): BUG/MEDIUM: ssl: SSL backend sessions used after free Ilia Shipitsin (1): CI: do not use ghcr.io for Quic Interop workflows Olivier Houchard (4): BUG/MINOR: threads: Initialize maxthrpertgroup earlier. BUG/MEDIUM: threads: Differ checking the max threads per group number MINOR: queues: Check minconn first in srv_dynamic_maxconn() MINOR: servers: Call process_srv_queue() without lock when possible Remi Tricot-Le Breton (4): MINOR: ssl: Missing '\n' in error message MINOR: jwt: Convert an RSA JWK into an EVP_PKEY MINOR: jwt: Add new jwt_decrypt_jwk converter REGTESTS: jwt: Add new "jwt_decrypt_jwk" tests William Lallemand (14): DOC: internals: addd mworker V3 internals MINOR: startup: Add the SSL lib verify directory in haproxy -vv BUG/MINOR: ssl: SSL_CERT_DIR environment variable doesn't affect haproxy MINOR: startup: Add HAVE_WORKING_TCP_MD5SIG in haproxy -vv MINOR: startup: sort the feature list in haproxy -vv MINOR: startup: show the list of detected features at runtime with haproxy -vv SCRIPTS: build-vtest: allow to set a TMPDIR and a DESTDIR BUG/MINOR: ssl: lack crtlist_dup_ssl_conf() declaration BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser BUG/MINOR: ssl: fix leak in ssl-f-use parser upon error BUG/MINOR: ssl: clarify ssl-f-use errors in post-section parsing BUG/MINOR: ssl: error with ssl-f-use when no "crt" CI: vtest: move the vtest2 URL to vinyl-cache.org CI: github: disable windows.yml by default on unofficials repo Willy Tarreau (10): MINOR: net_helper: extend the ip.fp output with an option presence mask CLEANUP: lb-chash: free lb_nodes from chash's deinit(), not global BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers CLEANUP: haproxy: fix bad line wrapping in run_poll_loop() MINOR: activity: support setting/clearing lock/memory watching for task profiling MEDIUM: activity: apply and use new finegrained task profiling settings MINOR: activity: allow to switch per-task lock/memory profiling at runtime DOC: proxy-proto: underline the packed attribute for struct pp2_tlv_ssl DEV: gdb: add a utility to find the post-mortem address from a core DEV: gdb: use unsigned longs to display pools memory usage