HAProxy 1.8.20 was released on 2019/04/25. It added 48 new commits
after version 1.8.19.

The previous version was release few months ago. This one fixes several bugs,
some rather important bugs:

  - A crash may happen upon exit if a thread closes a listener FD at
    the exact same moment another thread tries to accept() a pending
    connection on it. Issue reported and fixed by Richard Russo.

  - Willy significantly improved the listener's accept code by reducing the
    scope of the listener lock. He also made the code mode robust. At the end,
    thanks to this patch, the accept rate has doubled on a shared port between 8
    threads, and multiplied by 4 the connection rate on a tcp-request connection
    reject rule. Moreover, Olivier implemented self-locked lists that can safely
    be manipulated with multiple threads without having to worry about
    concurrency issues. This allowed Willy to remove the lock on the listener
    queue thus fixing a possible AB/BA lock issue.

  - A bug affects the stats code from 1.5 and above when POST requests are
    supported (when admin mode is enabled) : some large POST requests may
    end up in a situation where the applet waits for more body and the
    analyser cannot send it because the buffer is considered full. This
    ultimately freezes the session. Now it is verified that the body length
    doesn't exceed what can fit in a request buffer.

  - The SPOE per-thread initialization would rely on a wrong agent pointer
    derivated from the last one known when parsing the configuration, making it
    fail if more than one agent is declared. Other bugs were also fixed on the
    SPOE, mainly on the way fragmented frames was handled internally.

  - An issue, fixed by Ricardo Nabinger Sanchez, affects checks and may
    occasionally cause crashes.

  - A very old bug on how HTTP sample fetches work was fixed. All HTTP sample
    fetches were buggy because the channel used was chosen depending on the
    sample direction and not on the keyword really used. The request channel was
    used when called during the request analysis and the response one was used
    when called during the response analysis, regardless the sample really
    called. It could cause a whole bunch of bugs, from undefined behavior
    because the data were extracted from the wrong buffer to crash of HAProxy.

  - Dragan Dosen fixed a possible segfault when HAProxy is built with the
    51Degrees support but not configured to use it. Only builds that use Pattern
    algorithm were affected.

  - Pierre Cheynier fixed the TLS 1.3 cipher suites. Any attempt to put TLS 1.3
    ciphers on servers failed with output 'unable to set TLS 1.3 cipher suites'.

  - A bug during the load of a map was fixed. Now when a map file is loaded, the
    default value is parsed only when it is present. This fixes segfaults at
    parsing time when no default value is provided.

  - Pattern IDs are now assigned after checking the config validity. It fixes a
    bug where some map identifiers were not assigned (appearing as -1 in show
    map). Thanks to Pavlos Parissis to report this bug.

  - A bug was fixed in the peers. Peer sessions were not always cleanly reset on
    release, resulting in a bad state for new sessions.

  - Build of HAProxy on AIX 5.1 was fixed.

  - Missing locks was added in set-map and add-acl HTTP rules.

The rest is less important or doesn't have an immediately visible effect.

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : http://www.haproxy.org/download/1.8/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.8.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
   Changelog        : http://www.haproxy.org/download/1.8/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Christopher Faulet (9):
      BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
      BUG/MAJOR: stats: Fix how huge POST data are read from the channel
      BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the 
      BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented 
      BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
      BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP 
      BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
      BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
      BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet 

David Carlier (1):
      BUILD/MINOR: listener: Silent a few signedness warnings.

Dragan Dosen (1):
      BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()

Emeric Brun (1):
      BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on 

Freddy Spierenburg (1):
      DOC: The option httplog is no longer valid in a backend.

Lukas Tribus (1):
      BUG/MINOR: ssl: fix warning about ssl-min/max-ver support

Olivier Houchard (5):
      BUG/MAJOR: listener: Make sure the listener exist before using it.
      BUG/MEDIUM: logs: Only attempt to free startup_logs once.
      MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
      MINOR: lists: Implement locked variations.
      BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.

Pierre Cheynier (1):
      BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using 

Ricardo Nabinger Sanchez (1):
      BUG/MAJOR: checks: segfault during tcpcheck_main

Robin H. Johnson (1):
      MINOR: skip get_gmtime where tm is unused

William Lallemand (2):
      BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
      MINOR: cli: start addresses by a prefix in 'show cli sockets'

Willy Tarreau (24):
      BUG/MINOR: listener: keep accept rate counters accurate under saturation
      BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
      BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
      BUILD: makefile: work around an old bug in GNU make-3.80
      MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
      BUILD: makefile: fix build of IPv6 header on aix51
      BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
      BUILD: Makefile: disable shared cache on AIX 5.1
      BUILD: use inttypes.h instead of stdint.h
      BUILD: connection: fix naming of ip_v field
      BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
      BUG/MINOR: threads: fix the process range of thread masks
      BUG/MEDIUM: list: fix the rollback on addq in the locked liss
      BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
      BUG/MEDIUM: list: add missing store barriers when updating elements and 
      MINOR: list: make the delete and pop operations idempotent
      BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last 
      BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
      BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
      MAJOR: listener: do not hold the listener lock in listener_accept()
      BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
      BUG/MEDIUM: listener: make sure the listener never accepts too many conns
      BUG/MEDIUM: maps: only try to parse the default value when it's present
      BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR

Christopher Faulet

Reply via email to