Hi,
HAProxy 1.8.20 was released on 2019/04/25. It added 48 new commits
after version 1.8.19.
The previous version was release few months ago. This one fixes several bugs,
some rather important bugs:
- A crash may happen upon exit if a thread closes a listener FD at
the exact same moment another thread tries to accept() a pending
connection on it. Issue reported and fixed by Richard Russo.
- Willy significantly improved the listener's accept code by reducing the
scope of the listener lock. He also made the code mode robust. At the end,
thanks to this patch, the accept rate has doubled on a shared port between 8
threads, and multiplied by 4 the connection rate on a tcp-request connection
reject rule. Moreover, Olivier implemented self-locked lists that can safely
be manipulated with multiple threads without having to worry about
concurrency issues. This allowed Willy to remove the lock on the listener
queue thus fixing a possible AB/BA lock issue.
- A bug affects the stats code from 1.5 and above when POST requests are
supported (when admin mode is enabled) : some large POST requests may
end up in a situation where the applet waits for more body and the
analyser cannot send it because the buffer is considered full. This
ultimately freezes the session. Now it is verified that the body length
doesn't exceed what can fit in a request buffer.
- The SPOE per-thread initialization would rely on a wrong agent pointer
derivated from the last one known when parsing the configuration, making it
fail if more than one agent is declared. Other bugs were also fixed on the
SPOE, mainly on the way fragmented frames was handled internally.
- An issue, fixed by Ricardo Nabinger Sanchez, affects checks and may
occasionally cause crashes.
- A very old bug on how HTTP sample fetches work was fixed. All HTTP sample
fetches were buggy because the channel used was chosen depending on the
sample direction and not on the keyword really used. The request channel was
used when called during the request analysis and the response one was used
when called during the response analysis, regardless the sample really
called. It could cause a whole bunch of bugs, from undefined behavior
because the data were extracted from the wrong buffer to crash of HAProxy.
- Dragan Dosen fixed a possible segfault when HAProxy is built with the
51Degrees support but not configured to use it. Only builds that use Pattern
algorithm were affected.
- Pierre Cheynier fixed the TLS 1.3 cipher suites. Any attempt to put TLS 1.3
ciphers on servers failed with output 'unable to set TLS 1.3 cipher suites'.
- A bug during the load of a map was fixed. Now when a map file is loaded, the
default value is parsed only when it is present. This fixes segfaults at
parsing time when no default value is provided.
- Pattern IDs are now assigned after checking the config validity. It fixes a
bug where some map identifiers were not assigned (appearing as -1 in show
map). Thanks to Pavlos Parissis to report this bug.
- A bug was fixed in the peers. Peer sessions were not always cleanly reset on
release, resulting in a bad state for new sessions.
- Build of HAProxy on AIX 5.1 was fixed.
- Missing locks was added in set-map and add-acl HTTP rules.
The rest is less important or doesn't have an immediately visible effect.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/1.8/src/
Git repository : http://git.haproxy.org/git/haproxy-1.8.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
---
Complete changelog :
Christopher Faulet (9):
BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
BUG/MAJOR: stats: Fix how huge POST data are read from the channel
BUG/MEDIUM: spoe: Queue message only if no SPOE applet is attached to the
stream
BUG/MEDIUM: spoe: Return an error if nothing is encoded for fragmented
messages
BUG/MAJOR: http_fetch: Get the channel depending on the keyword used
BUG/MEDIUM: thread/http: Add missing locks in set-map and add-acl HTTP
rules
BUG/MINOR: 51d: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
BUG/MINOR: da: Get the request channel to call CHECK_HTTP_MESSAGE_FIRST()
BUG/MINOR: spoe: Don't systematically wakeup SPOE stream in the applet
handler
David Carlier (1):
BUILD/MINOR: listener: Silent a few signedness warnings.
Dragan Dosen (1):
BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
Emeric Brun (1):
BUG/MEDIUM: peers: fix a case where peer session is not cleanly reset on
release.
Freddy Spierenburg (1):
DOC: The option httplog is no longer valid in a backend.
Lukas Tribus (1):
BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
Olivier Houchard (5):
BUG/MAJOR: listener: Make sure the listener exist before using it.
BUG/MEDIUM: logs: Only attempt to free startup_logs once.
MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
MINOR: lists: Implement locked variations.
BUG/MEDIUM: lists: Properly handle the case we're removing the first elt.
Pierre Cheynier (1):
BUG/MEDIUM: ssl: ability to set TLS 1.3 ciphers using
ssl-default-server-ciphersuites
Ricardo Nabinger Sanchez (1):
BUG/MAJOR: checks: segfault during tcpcheck_main
Robin H. Johnson (1):
MINOR: skip get_gmtime where tm is unused
William Lallemand (2):
BUG/MINOR: cli: correctly handle abns in 'show cli sockets'
MINOR: cli: start addresses by a prefix in 'show cli sockets'
Willy Tarreau (24):
BUG/MINOR: listener: keep accept rate counters accurate under saturation
BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
BUILD: makefile: work around an old bug in GNU make-3.80
MINOR: tools: make memvprintf() never pass a NULL target to vsnprintf()
BUILD: makefile: fix build of IPv6 header on aix51
BUILD: makefile: add _LINUX_SOURCE_COMPAT to build on AIX-51
BUILD: Makefile: disable shared cache on AIX 5.1
BUILD: use inttypes.h instead of stdint.h
BUILD: connection: fix naming of ip_v field
BUG/MEDIUM: pattern: assign pattern IDs after checking the config validity
BUG/MINOR: threads: fix the process range of thread masks
BUG/MEDIUM: list: fix the rollback on addq in the locked liss
BUG/MEDIUM: list: fix LIST_POP_LOCKED's removal of the last pointer
BUG/MEDIUM: list: add missing store barriers when updating elements and
head
MINOR: list: make the delete and pop operations idempotent
BUG/MEDIUM: list: correct fix for LIST_POP_LOCKED's removal of last
element
BUG/MEDIUM: list: fix again LIST_ADDQ_LOCKED
BUG/MEDIUM: list: fix incorrect pointer unlocking in LIST_DEL_LOCKED()
MAJOR: listener: do not hold the listener lock in listener_accept()
BUG/MEDIUM: listener: use a self-locked list for the dequeue lists
BUG/MEDIUM: listener: make sure the listener never accepts too many conns
BUG/MEDIUM: maps: only try to parse the default value when it's present
BUG/MINOR: acl: properly detect pattern type SMP_T_ADDR
--
Christopher Faulet
