Am 29.03.2019 um 11:50 schrieb Willy Tarreau: > Hi, > > HAProxy 1.9.6 was released on 2019/03/29. It added 34 new commits > after version 1.9.5. > > As mentioned in the 2.0-dev2 release, we've addressed quite a number > of issues recently and these fixes have now been backported into this > release. > > Two issues affect checks and may occasionally cause crashes, one fixed > by Olivier and the latest one by Ricardo Nabinger Sanchez. Christopher > fixed two long standing problems, one affecting the way POST requests > are processed by applets, which can sometimes leave data pending there > unread forever, and another one related to the confusion created in > 1.8's early H2 between an end of message and end of stream resulting > in spurious aborts when option abortonclose is set. Olivier addressed > a number of H2 stability issues, some related to connection error > handling, other ones related to a lack of fairness between streams > caused by the different stream processing flow in 1.9 vs 1.8 which can > result in some streams facing a huge latency. Pierre Cheynier fixed > the TLS 1.3 cipher suites, and William fixed a risk of crash in the > master-worker code in the unlikely case where one of the embedded > libraries would perform a fork() causing a waitpid() to succeed with > an unregistered process. Radek Zajic fixed the IPv6 address hex format > used in logs which seems to have been broken for a very long time, and > Fred re-enabled the reg test we regularly disable when vtest breaks :-) > > And this is one of the first release in which I did almost nothing, > which is awesome (it proves I'm no longer the bottleneck blocking the > project's ability to scale), so keep up the good work guys! > > Please find the usual URLs below : > Site index : http://www.haproxy.org/ > Discourse : http://discourse.haproxy.org/ > Slack channel : https://slack.haproxy.org/ > Issue tracker : https://github.com/haproxy/haproxy/issues > Sources : http://www.haproxy.org/download/1.9/src/ > Git repository : http://git.haproxy.org/git/haproxy-1.9.git/ > Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git > Changelog : http://www.haproxy.org/download/1.9/src/CHANGELOG > Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Container with openssl 1.1.1b and boringssl. https://hub.docker.com/r/me2digital/haproxy19 With openssl are 2 tests failed but I'm not sure because of the setup or a bug. https://gitlab.com/aleks001/haproxy19-centos/-/jobs/186769272 With boringssl are 3 tests failed but I'm not sure because of the setup or a bug. https://gitlab.com/aleks001/haproxy-19-boringssl/-/jobs/186780822 ### openssl HA-Proxy version 1.9.6 2019/03/29 - https://haproxy.org/ Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_THREAD=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 Running on OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.5 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.7 Running on zlib version : 1.2.7 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : yes Encrypted password support via crypt(3): yes Built with multi-threading support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTX side=FE|BE h2 : mode=HTTP side=FE <default> : mode=HTX side=FE|BE <default> : mode=TCP|HTTP side=FE|BE Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace ### Boringssl ### HA-Proxy version 1.9.6 2019/03/29 - https://haproxy.org/ Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference OPTIONS = USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_THREAD=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_TFO=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : BoringSSL OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.5 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.8 Running on zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE2 version : 10.22 2016-07-29 PCRE2 library supports JIT : yes Encrypted password support via crypt(3): yes Built with multi-threading support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTX side=FE|BE h2 : mode=HTTP side=FE <default> : mode=HTX side=FE|BE <default> : mode=TCP|HTTP side=FE|BE Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace ### > Willy Regards Aleks > --- > Complete changelog : > Christopher Faulet (12): > BUG/MINOR: cache: Fully consume large requests in the cache applet > BUG/MINOR: stats: Fully consume large requests in the stats applet > BUG/MEDIUM: lua: Fully consume large requests when an HTTP applet ends > BUG/MINOR: proto-http: Don't forward request body anymore on error > MINOR: mux-h2: Remove useless test on ES flag in h2_frt_transfer_data() > MINOR: connection: and new flag to mark end of input (EOI) > MINOR: channel: Report EOI on the input channel if it was reached in > the mux > MEDIUM: mux-h2: Don't mix the end of the message with the end of stream > MINOR: mux-h1: Set CS_FL_EOI the end of the message is reached > BUG/MEDIUM: http/htx: Fix handling of the option abortonclose > CLEANUP: muxes/stream-int: Remove flags CS_FL_READ_NULL and > SI_FL_READ_NULL > BUG/MINOR: mux-h1: Only skip invalid C-L headers on output > > Freddy Spierenburg (1): > DOC: The option httplog is no longer valid in a backend. > > Frédéric Lécaille (1): > REGTEST: Enable again reg tests with HEAD HTTP method usage. > > Olivier Houchard (10): > BUG/MEDIUM: mux-h2: Make sure we destroyed the h2s once shutr/shutw is > done. > BUG/MEDIUM: mux-h2: Don't bother keeping the h2s if detaching and > nothing to send. > BUG/MEDIUM: mux-h2: Use the right list in h2_stop_senders(). > BUG/MINOR: doc: Be accurate on the behavior on pool-purge-delay. > BUG/MEDIUM: h2: Try to be fair when sending data. > BUG/MEDIUM: h2: only destroy the h2s if h2s->cs is NULL. > BUG/MEDIUM: h2: Use the new sending_list in h2s_notify_send(). > BUG/MEDIUM: h2: Follow the same logic in h2_deferred_shut than in > h2_snd_buf. > BUG/MEDIUM: h2: Remove the tasklet from the task list if unsubscribing. > BUG/MEDIUM: checks: Don't bother subscribing if we have a connection > error. > > Pierre Cheynier (1): > BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using > ssl-default-server-ciphersuites > > Radek Zajic (1): > BUG/MINOR: log: properly format IPv6 address when LOG_OPT_HEXA modifier > is used. > > Ricardo Nabinger Sanchez (1): > BUG/MAJOR: checks: segfault during tcpcheck_main > > William Lallemand (1): > BUG/MEDIUM: mworker: don't free the wrong child when not found > > Willy Tarreau (6): > MINOR: mux-h2: copy small data blocks more often and reduce the number > of pauses > MINOR: lists: add a LIST_DEL_INIT() macro > CONTRIB: debug: report the CS and CF's EOI flags > BUG/MEDIUM: mux-h2: make sure to always notify streams of EOS condition > BUG/MEDIUM: task/h2: add an idempotent task removal fucntion > REGTEST: remove unexpected "nbthread" statement from Lua test cases > > --- >
