Hi,
HAProxy 2.5.14 was released on 2023/05/02. It added 56 new commits
after version 2.5.13, and is the last version of this branch.
It essentially contains pending fixes to flush the queue, but nobody
should deploy a final version unless they're very late on their migration
to a newer branch.
The fixes here are a subset of those that went into 2.6.13:
* The read expiration date is now updated on synchronous sends for all
streams except independent ones. This fixed an old bug when a filter
is configured. Write activities on synchronous sends were lost. With
slow clients uploading large object, it was possible to reach the
server timeout.
* we now force the connect timeout for the DNS resolution. The "resolve"
timeout is used to set its value. Have no connect timeout was an issue for
resolution over TCP. Connection failures might take quite long to report,
leading to an excess of unusable DNS sessions in connecting state. It was
especially visible on soft-stop because this prevented the process to
quickly exit. Still on the DNS, errors are now properly handled when a
response is consumed. This was an issue for truncated responses followed by
an abort. The applet could ignore the abort and loop waiting for more data
until a timeout is triggered. A similar issue was fixed in the syslog
applet.
* Several bugs in lua part were fixed. First, except for lua tasks,
it is no longer possible to register functions at runtime. It was
clearly stated in the documentation, but nothing forbidden it in
the code. An error is now triggered if this happens, preventing
potential segfaults. Memory leaks on references were fixed and the
lua locking was simplified to be re-entrant to prevent deadlocks.
* Aurélien fixed several issues on the servers management. The
"visible" server list consistency was fixed. It was possible, at
least in theory, to access an invalid server if several dynamic
server deletions were performed while the list was accessed. For
instance it might happen when the server list was dumped in the
stats. He also fixed wrong report for tracking servers leaving
drain state. Finally, he centralized proxy and server stats
updates on server state transition to be sure to not miss an
update on some transitions.
* Aurélien has extended the internal listener API to better handle
the resume operation. One noticeable effect is that listeners that
have an ABNS abstract namespace socket can now support reload
without crashing haproxy. (Note: this was already merged in 2.7
prior to 2.7.7, and left under observation for two versions before
backporting to 2.6).
* The pool_gc() calls that were made a bit too often on stopping
proxies were relaxed. Sometimes they were causing excess memory
contention and were even competing against malloc_trim().
* It was possible to trigger the watchdog purging stick-tables on
soft-stop. To not spend too much time purging expired entries, we now
enforce a budget limitation and the purge is performed in several
steps. In addition, memory is reclaimed only when entries are
released. Indeed, this operation involves a call to malloc_trim() on
glibc, which is rather expensive.
* It was possible for a thread to wait forever (well, till the watchdog
notices) to become the exclusive owner of a file descriptor after it
had lost it; this could happen with synchronous errors met in the
DNS for example.
* It was not possible to use the lua filter API if used in conjunction
with a "wait-for-body" action. Switching the HTTP message in DATA
state preventing the call to most of lua filter functions. It was
fixed by keep the HTTP message in BODY state at this stage.
* The read expiration date is now updated on synchronous sends for all
streams except independent ones. This fixed an old bug when a filter
is configured. Write activities on synchronous sends were lost. With
slow clients uploading large object, it was possible to reach the
server timeout.
* ssl-min-ver and ss-max-ver parameters are now duplicated for bundles
in crt-list.
* An error is reported during configuration parsing if when the "len"
argument of a stick table type contains incorrect characters.
* DeviceAtlas compile options were updated to support the API v3 from
3.1.7 and onwards.
* The strict-sni documentation was updated to state it is possible to
start without certificate on a bind line.
Thanks to all those who helped with these fixes and to Christopher for
dealing with the backports.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.5/src/
Git repository : https://git.haproxy.org/git/haproxy-2.5.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.5.git
Changelog : https://www.haproxy.org/download/2.5/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Aurelien DARRAGON (31):
MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
BUG/MINOR: sink: free forward_px on deinit()
BUG/MINOR: log: free log forward proxies on deinit()
BUG/MINOR: hlua: enforce proper running context for register_x functions
CLEANUP: hlua: fix conflicting comment in hlua_ctx_destroy()
MINOR: proto_uxst: add resume method
CLEANUP: listener: function comment typo in stop_listener()
BUG/MINOR: listener: null pointer dereference suspected by coverity
MINOR: listener/api: add lli hint to listener functions
MINOR: listener: add relax_listener() function
MINOR: listener: workaround for closing a tiny race between
resume_listener() and stopping
MINOR: listener: make sure we don't pause/resume bypassed listeners
BUG/MEDIUM: listener: fix pause_listener() suspend return value handling
BUG/MINOR: listener: fix resume_listener() resume return value handling
BUG/MEDIUM: resume from LI_ASSIGNED in default_resume_listener()
MINOR: listener: pause_listener() becomes suspend_listener()
BUG/MEDIUM: listener/proxy: fix listeners notify for proxy resume
MEDIUM: proto_ux: properly suspend named UNIX listeners
MINOR: proto_ux: ability to dump ABNS names in error messages
MINOR: hlua: add simple hlua reference handling API
BUG/MINOR: hlua: fix reference leak in core.register_task()
BUG/MINOR: hlua: fix reference leak in hlua_post_init_state()
BUG/MINOR: hlua: prevent function and table reference leaks on errors
MINOR: hlua: simplify lua locking
BUG/MEDIUM: hlua: prevent deadlocks with main lua lock
BUG/MEDIUM: proxy/sktable: prevent watchdog trigger on soft-stop
BUG/MINOR: server: incorrect report for tracking servers leaving drain
MINOR: server: explicitly commit state change in srv_update_status()
BUG/MINOR: server: don't miss proxy stats update on server state
transitions
BUG/MINOR: server: don't miss server stats update on server state
transitions
BUG/MINOR: server: don't use date when restoring last_change from state
file
Christopher Faulet (11):
Revert "BUG/MEDIUM: stconn: Don't rearm the read expiration date if EOI
was reached"
BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription
BUG/MEDIUM: channel: Improve reports for shut in co_getblk()
BUG/MEDIUM: dns: Properly handle error when a response consumed
MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was
checked
BUG/MINOR: http-ana: Don't switch message to DATA when waiting for payload
BUG/MEDIUM: resolvers: Force the connect timeout for DNS resolutions
REGTESTS: fix the race conditions in log_uri.vtc
BUG/MEDIUM: log: Properly handle client aborts in syslog applet
CLEANUP: backend: Remove useless debug message in assign_server()
BUG/MEDIUM: Update read expiration date on synchronous send
David Carlier (1):
BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.
Ilya Shipitsin (2):
CI: bump "actions/checkout" to v3 for cross zoo matrix
CI: cirrus-ci: bump FreeBSD image to 13-1
Olivier Houchard (1):
BUG/MEDIUM: fd: don't wait for tmask to stabilize if we're not in it.
Remi Tricot-Le Breton (1):
BUG/MINOR: ssl: ssl-(min|max)-ver parameter not duplicated for bundles in
crt-list
Tim Duesterhus (1):
CLEANUP: Remove unused function hlua_get_top_error_string
William Lallemand (2):
DOC: config: strict-sni allows to start without certificate
BUG/MINOR: stick_table: alert when type len has incorrect characters
Willy Tarreau (6):
BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
BUG/MINOR: cfgparse: make sure to include openssl-compat
BUG/MINOR: mux-h2: make sure to produce a log on invalid requests
BUILD: sock_inet: forward-declare struct receiver
BUILD: proto_tcp: export the correct names for proto_tcpv[46]
MINOR: version: Set the EOL of the 2.5 branch
---
