after compiling the new 2.0.1, it seems the HTTP2 issue *we were seeing* on 2.0 but not on 1.9.8 are fixed.
Thank you. On Thu, Jun 27, 2019 at 7:19 AM Aleksandar Lazic <al-hapr...@none.at> wrote: > Am 26.06.2019 um 19:28 schrieb Christopher Faulet: > > Hi, > > > > HAProxy 2.0.1 was released on 2019/06/26. It added 27 new commits > > after version 2.0.0. > > > > This new version fixes several annoying bugs with various visible > effects. Among > > others, two majors bugs have been fixed. The first one is a regression on > > stick-tables. HAProxy was unable to start when a stick-table was used in > > "if/unless" ACL condition. An error claimed the stick-table name was > > missing. The second major bug is in the H1 multiplexer. The area of a > trash > > chunk was easily able to be released by error when an outgoing HTTP > message was > > formatted. So it is a pretty old bug and it is strange we never spotted > it > > before. But it led to a memory corruption and thus to a wide variety of > bugs. > > > > Several bugs in the HTX was fixed. One of them concerned the H2. When > cookie > > headers were grouped during the conversion of an H2 request into an HTX > message, > > the HTX message was not fully updated. When it happened, most of time the > > connection hung. Another bug concerned the way 1xx informational > messages was > > emitted by HAProxy. An EOM was mistakenly added in these HTX messages. > It was > > totally valid on HAProxy-1.9. But in 2.0, these messages are part of the > > response and must never have EOM block. This unexpected error was not > correctly > > caught, blocking the connection. Now, when HAProxy generates such > transitional > > responses, it does not emit EOM block. And if an unexpected error > happens during > > H1 output formatting, a fatal error is triggered and the connection is > closed. > > > > On the H1 multiplexer, parsing errors when a too big message was > received were > > not correctly caught, blocking connections. It was due to an > optimization to > > allow zero copy transfers. In the H2 multiplexer, the frame padding was > not > > correctly handled in two ways, leading in both cases to protocol errors. > > > > Olivier fixed a bug on the connection's layer when the PROXY protocol was > > used. The xprt handshake was not always present to send the PROXY > protocol > > header, leading to an infinite loop. He also fixed a bug in the SSL that > was > > able to crash HAProxy. In the function ssl_subscribe(), before doing > anything, > > we must be sure to have an xprt context. Finally he fixed a bug on > > stream-interfaces. The flag SI_FL_ERR was unconditionally set when an > error was > > detected on the connection or on the conn-stream. But it must only be > set when > > the stream-interface is connected or is attempting a connection. > > > > A segfault was fixed in the leastconn LB algorithm because of an unsafe > test > > outside the LB lock. Thanks to Tim Duesterhus, HAProxy now set the > header "Vary" > > in compressed responses. William fixed two bugs in the master-worker. > The first > > was a segfault when the master switched to wait mode because the thread > and > > the fdtab deinit functions were called. The second was about the master > cli that > > was unable to send commands to several workers. > > > > Finally, as always, some small other bugs were fixed here and there. > Thanks to > > everyone to report and/or fixed bugs, or just for testing this new major > > release. Of course, we encourage everyone to upgrade. Several bugs > considered as > > fixed are a bit hard or a bit long to reproduce. So we hope this release > is > > better than the last one. But please continue to report any issue you'll > meet! > > > > > > Please find the usual URLs below : > > Site index : http://www.haproxy.org/ > > Discourse : http://discourse.haproxy.org/ > > Slack channel : https://slack.haproxy.org/ > > Issue tracker : https://github.com/haproxy/haproxy/issues > > Sources : http://www.haproxy.org/download/2.0/src/ > > Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ > > Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git > > Changelog : http://www.haproxy.org/download/2.0/src/CHANGELOG > > Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ > > TLS 1.3 Image ready: https://hub.docker.com/r/me2digital/haproxy20-centos > > ``` > HA-Proxy version 2.0.1 2019/06/26 - https://haproxy.org/ > Build options : > TARGET = linux-glibc > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement > -fwrapv > -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered > -Wno-missing-field-initializers -Wtype-limits > OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1 > USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 > > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE > +PCRE_JIT > -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM > -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT > +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 > -ZLIB > +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD > -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS > > Default settings : > bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Built with multi-threading support (MAX_THREADS=64, default=1). > Built with OpenSSL version : OpenSSL 1.1.1c 28 May 2019 > Running on OpenSSL version : OpenSSL 1.1.1c 28 May 2019 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 > Built with Lua version : Lua 5.3.5 > Built with network namespace support. > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND > Built with libslz for stateless compression. > Compression algorithms supported : identity("identity"), > deflate("deflate"), > raw-deflate("deflate"), gzip("gzip") > Built with PCRE version : 8.32 2012-11-30 > Running on PCRE version : 8.32 2012-11-30 > PCRE library supports JIT : yes > Encrypted password support via crypt(3): yes > Built with the Prometheus exporter as a service > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Available multiplexer protocols : > (protocols marked as <default> cannot be specified using 'proto' keyword) > h2 : mode=HTX side=FE|BE mux=H2 > h2 : mode=HTTP side=FE mux=H2 > <default> : mode=HTX side=FE|BE mux=H1 > <default> : mode=TCP|HTTP side=FE|BE mux=PASS > > Available services : > prometheus-exporter > > Available filters : > [SPOE] spoe > [COMP] compression > [CACHE] cache > [TRACE] trace > ``` > > Regards > Aleks > >