Am 26.06.2019 um 19:28 schrieb Christopher Faulet:
> Hi,
> HAProxy 2.0.1 was released on 2019/06/26. It added 27 new commits
> after version 2.0.0.
> This new version fixes several annoying bugs with various visible effects. 
> Among
> others, two majors bugs have been fixed. The first one is a regression on
> stick-tables. HAProxy was unable to start when a stick-table was used in
> "if/unless" ACL condition. An error claimed the stick-table name was
> missing. The second major bug is in the H1 multiplexer. The area of a trash
> chunk was easily able to be released by error when an outgoing HTTP message 
> was
> formatted. So it is a pretty old bug and it is strange we never spotted it
> before. But it led to a memory corruption and thus to a wide variety of bugs.
> Several bugs in the HTX was fixed. One of them concerned the H2. When cookie
> headers were grouped during the conversion of an H2 request into an HTX 
> message,
> the HTX message was not fully updated. When it happened, most of time the
> connection hung. Another bug concerned the way 1xx informational messages was
> emitted by HAProxy. An EOM was mistakenly added in these HTX messages. It was
> totally valid on HAProxy-1.9. But in 2.0, these messages are part of the
> response and must never have EOM block. This unexpected error was not 
> correctly
> caught, blocking the connection. Now, when HAProxy generates such transitional
> responses, it does not emit EOM block. And if an unexpected error happens 
> during
> H1 output formatting, a fatal error is triggered and the connection is closed.
> On the H1 multiplexer, parsing errors when a too big message was received were
> not correctly caught, blocking connections. It was due to an optimization to
> allow zero copy transfers. In the H2 multiplexer, the frame padding was not
> correctly handled in two ways, leading in both cases to protocol errors.
> Olivier fixed a bug on the connection's layer when the PROXY protocol was
> used. The xprt handshake was not always present to send the PROXY protocol
> header, leading to an infinite loop. He also fixed a bug in the SSL that was
> able to crash HAProxy. In the function ssl_subscribe(), before doing anything,
> we must be sure to have an xprt context. Finally he fixed a bug on
> stream-interfaces. The flag SI_FL_ERR was unconditionally set when an error 
> was
> detected on the connection or on the conn-stream. But it must only be set when
> the stream-interface is connected or is attempting a connection.
> A segfault was fixed in the leastconn LB algorithm because of an unsafe test
> outside the LB lock. Thanks to Tim Duesterhus, HAProxy now set the header 
> "Vary"
> in compressed responses. William fixed two bugs in the master-worker. The 
> first
> was a segfault when the master switched to wait mode because the thread and
> the fdtab deinit functions were called. The second was about the master cli 
> that
> was unable to send commands to several workers.
> Finally, as always, some small other bugs were fixed here and there. Thanks to
> everyone to report and/or fixed bugs, or just for testing this new major
> release. Of course, we encourage everyone to upgrade. Several bugs considered 
> as
> fixed are a bit hard or a bit long to reproduce. So we hope this release is
> better than the last one. But please continue to report any issue you'll meet!
> Please find the usual URLs below :
>    Site index       :
>    Discourse        :
>    Slack channel    :
>    Issue tracker    :
>    Sources          :
>    Git repository   :
>    Git Web browsing :
>    Changelog        :
>    Cyril's HTML doc :

TLS 1.3 Image ready:

HA-Proxy version 2.0.1 2019/06/26 -
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
-Wno-missing-field-initializers -Wtype-limits


Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=1).
Built with OpenSSL version : OpenSSL 1.1.1c  28 May 2019
Running on OpenSSL version : OpenSSL 1.1.1c  28 May 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with the Prometheus exporter as a service

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE     mux=H2
              h2 : mode=HTTP       side=FE        mux=H2
       <default> : mode=HTX        side=FE|BE     mux=H1
       <default> : mode=TCP|HTTP   side=FE|BE     mux=PASS

Available services :

Available filters :
        [SPOE] spoe
        [COMP] compression
        [CACHE] cache
        [TRACE] trace


Reply via email to