Hi,
HAProxy 1.6.6 was released on 2016/06/26. It added 33 new commits
after version 1.6.5. Users of 1.6 definitely need to update, as a
significant number of annoying bugs were fixed since 1.6.5.
Most of these commits fix bugs. A few of them have a major stability impact.
The most significant ones are :
- BUG/MAJOR: external-checks: use asynchronous signal delivery
=> random segfaults may happen when external checks are used due to
a race condition when accessing the run queue from a signal handler
- BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
=> the "reqdeny" directive was broken in 1.6-dev2 when the deny_status
option was added to "http-request deny" (which was not documented by
the way)
- BUG/MAJOR: fix listening IP address storage for frontends
=> gcc 6 doesn't copy the padding between fields in structures,
resulting in some addresses not being properly initialized when
copying struct sockaddr_storage. This would result in some IPv4
addresses to be ignored on bind lines.
- BUG/MEDIUM: dns: unbreak DNS resolver after header fix
=> some DNS requests got corrupted after a fix that went into 1.6.5.
- BUG/MEDIUM: stats: show servers state may show an servers from another
backend
=> some incorrect backend IDs could be dumped in "show servers state"
- BUG/MEDIUM: fix risk of segfault with "show tls-keys"
=> This command may be issued on the CLI. It's rarely used but it's not
fun for the unlucky users.
- BUG/MEDIUM: sticktables: segfault in some configuration error cases
=> may crash when track-sc0 is used on a table and sc0_inc_gpc0 on
another one and the key doesn't exist there.
- BUG/MEDIUM: external-checks: close all FDs right after the fork()
=> fix some FD leak to external processes causing all sort of issues
when the external processes write to these FDs.
The other fixes are less important (ie: just produce an unexpected behaviour).
In addition, as recently announced, I've backported the small change from 1.7
ensuring that "make" always rebuilds every file whenever any ".h" file changes
or any build option changes. It has the side effect that "make install" doesn't
build anymore, it only installs (previously it would randomly build what was
not built yet, possibly with different options). It should get rid of the bug
reports caused by lack of "make clean" after a minor update and will save the
reporters from having to try again when there's a doubt.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.6/src/
Git repository : http://git.haproxy.org/git/haproxy-1.6.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.6.git
Changelog : http://www.haproxy.org/download/1.6/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
- BUG/MAJOR: fix listening IP address storage for frontends
- BUG/MINOR: fix listening IP address storage for frontends (cont)
- DOC: Fix typo so fetch is properly parsed by Cyril's converter
- BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes
- BUG/MEDIUM: stick-tables: fix breakage in table converters
- BUG/MEDIUM: dns: unbreak DNS resolver after header fix
- BUILD: fix build on Solaris 11
- CLEANUP: connection: fix double negation on memcmp()
- BUG/MEDIUM: stats: show servers state may show an servers from another
backend
- BUG/MEDIUM: fix risk of segfault with "show tls-keys"
- BUG/MEDIUM: sticktables: segfault in some configuration error cases
- BUG/MEDIUM: lua: converters doesn't work
- BUG/MINOR: http: add-header: header name copied twice
- BUG/MEDIUM: http: add-header: buffer overwritten
- BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
- BUG/MINOR: http: url32+src should use the big endian version of url32
- BUG/MINOR: http: url32+src should check cli_conn before using it
- DOC: http: add documentation for url32 and url32+src
- BUG/MINOR: fix http-response set-log-level parsing error
- MINOR: systemd: Use variable for config and pidfile paths
- MINOR: systemd: Perform sanity check on config before reload (cherry picked
from commit 68535bddf305fdd22f1449a039939b57245212e7)
- BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual
limits
- BUG/MINOR: init: ensure that FD limit is raised to the max allowed
- BUG/MEDIUM: external-checks: close all FDs right after the fork()
- BUG/MAJOR: external-checks: use asynchronous signal delivery
- BUG/MINOR: external-checks: do not unblock undesired signals
- BUILD/MEDIUM: rebuild everything when an include file is changed
- BUILD/MEDIUM: force a full rebuild if some build options change
- BUG/MINOR: srv-state: fix incorrect output of state file
- BUG/MINOR: ssl: close ssl key file on error
- BUG/MINOR: http: fix misleading error message for response captures
- BUG/BUILD: don't automatically run "make" on "make install"
- DOC: add missing doc for http-request deny [deny_status <status>]
---
