Hi, HAProxy 1.8.15 was released on 2018/12/13. It added 69 new commits after version 1.8.14.
Yes I know 1.8 has been lagging behind a little bit during these last few months, but all the people able to emit a release were all totally booked on finishing 1.9. So here comes the long-expected 1.8.15 which fixes an assorted number of issues. The most visible bugs are a failure to properly configure the connection window size in H2 which affects upload speed in 1.8, the HPACK encoding of the accept-ranges header field in H2 responses which was replaced by accept-language, an alignment issue on stick tables causing some strict aligned architectures to crash when using stick tables, an improper locking around crypt() which is not thread-safe, resulting in auth requests to randomly fail in thread environments, a change on the way 401/407 are handled so that the last server preference is only applied to non-deterministic algorithms (don't break hashing), a crash if someone configures the cache size to be larger than 2047 MB, a risk of deadlocks when using threads with queues or health checks state change depending on the compiler's optimizations, an obscure bug in master-worker and threads related to the handling of SIGUSR1 followed by SIGTERM, and thread-safe Cur/CumSslConns counters (the current one could wrap in either direction). In addition, Rémi Gacogne found, reported, and fixed 5 bugs in the DNS handling code which could be used to crash haproxy by spoofing response packets from a server. I don't consider them dramatic since nobody should make their LB rely on public, non-protected communication channels to configure their farms, so I think that the DNS is always in a safe area, but still we don't know. Rémi provided the fixes, and Karol Babioch from SuSE obtained the following CVE IDs if that helps : - CVE-2018-20102 -> out-of-bounds read in dns_validate_dns_response in dns.c - CVE-2018-20103 -> infinite recursion by making the pointer point to itself in DNS reply BTW, a quick point regarding the CVEs, I know that sometimes distros want to have them to ease their backports. Doing this is crap. 100% of the bugs cited above have much more likeliness to hit someone stronger than these ones. The only way to correctly use CVEs is as an indicator that's really time to emit a new version which contains 100% of the other fixes as well. Last but not least, Dirkjan Bussink brought the support for the new ciphersuite option that really is mandatory to support TLSv1.3, so we backported it to 1.8. Finally most of Joseph Herlant's user-visible doc fixes were backported as well. I won't claim it's the last 1.8 of the year because someone will want to prove me wrong. So let's say I'll just hope for it :-) Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.8/src/ Git repository : http://git.haproxy.org/git/haproxy-1.8.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Baptiste Assmann (1): BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id Bertrand Jacquin (1): DOC: Fix a few typos Christopher Faulet (3): BUG/MINOR: config: Copy default error messages when parsing of a backend starts BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed Dirkjan Bussink (2): MEDIUM: ssl: add support for ciphersuites option for TLSv1.3 CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause Emeric Brun (2): BUG/MEDIUM: Cur/CumSslConns counters not threadsafe. BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM. Frédéric Lécaille (4): BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB). BUG/MINOR: cache: Wrong usage of shctx_init(). BUG/MINOR: ssl: Wrong usage of shctx_init(). DOC: cache: Missing information about "total-max-size" Ilya Shipitsin (1): BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2 Joseph Herlant (3): DOC: Fix typos in README and CONTRIBUTING DOC: Fix typos in different subsections of the documentation DOC: fix a few typos in the documentation Jérôme Magnin (2): DOC: clarify that check-sni needs an argument. DOC: refer to check-sni in the documentation of sni Lukas Tribus (5): DOC: clarify force-private-cache is an option DOC: fix reference to map files in MAINTAINERS BUG/MINOR: only mark connections private if NTLM is detected BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic DOC: restore note about "independant" typo Moemen MHEDHBI (1): DOC: Update configuration doc about the maximum number of stick counters. Olivier Houchard (10): MINOR: threads: Make sure threads_sync_pipe is initialized before using it. BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2. MINOR: server: Use memcpy() instead of strncpy(). MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80. MINOR: peers: use defines instead of enums to appease clang. BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF. BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent. BUG/MEDIUM: Make sure stksess is properly aligned. BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR. MINOR: servers: Free [idle|safe|priv]_conns on exit. Remi Gacogne (5): BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name BUG: dns: Prevent out-of-bounds read in dns_read_name() BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response() BUG: dns: Fix off-by-one write in dns_validate_dns_response() Willy Tarreau (28): BUG/MINOR: backend: check that the mux installed properly BUG/MEDIUM: stream: don't crash on out-of-memory BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk() BUILD: stick-table: make sure not to fail on task_new() during initialization BUILD: peers: check allocation error during peers_init_sync() BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile BUILD: compiler: add a new statement "__unreachable()" MINOR: lua: all functions calling lua_yieldk() may return BUILD: lua: silence some compiler warnings about potential null derefs (#2) BUILD: lua: silence some compiler warnings after WILL_LJMP BUILD: Makefile: add a "make opts" target to simply show the build options BUILD: Makefile: speed up compiler options detection BUILD: Makefile: silence an option conflict warning with clang BUILD: compiler: rename __unreachable() to my_unreachable() BUILD: Makefile: add the new ERR variable to force -Werror BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field BUG/MINOR: lb-map: fix unprotected update to server's score BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation BUG/MINOR: mux-h2: refrain from muxing during the preface BUG/MINOR: mux-h2: advertise a larger connection window size BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM BUILD: threads: fix minor build warnings when threads are disabled MINOR: stats: report the number of active jobs and listeners in "show info" mildis (1): BUG/MINOR: checks: queues null-deref ---