Hi, HAProxy 2.0.7 was released on 2019/09/27. It added 20 new commits after version 2.0.6.
This release fixes several issues in the H2 multiplexer, among which 2 major bugs about the way received frames are handled on the error path. The first one comes from the first age of the H2 multiplexer. During frames demultiplexing, when an error is reported on a stream, payload of the current frame must be drained to allow parsing of the following frames. This part was buggy. All the announced frame length was systematically drained and not only the available part of it. For frames partially received, too many data were drained from the demux buffer, leaving it in a buggy state and thus corrupting the memory on the next receives. This old bug is certainly responsible of many hardly reproducible and unresolved issues and also crashes. The second major bug is about a desync of the HPACK decoder. HEADERS frames received for an unknown or already closed stream were simply ignored. As stated in RFC7540#5.1, those frames must be skipped. But because they carry a compression state they must still be processed before being dropped to keep the HPACK decoder synchronized. Because those HEADERS frame were not decoded, the HPACK decoder was able to be out of sync. It is a major bug because it led to a mix-up of headers for the following streams. A regression on the checks was fixed. In the 2.0.6, when default checks was enabled (not "option *-check"), some failures on connect were erroneously reported, making checks failed. What was valid for the 2.1 proved wrong for the 2.0 because of the FD cache, still here in 2.0 and earlier. Other checks are not concerned. And an issue about the thread-safety of external checks was also fixed. A bug in the SPOE was fixed by Kevin Zhu. The same engine-id was used when nbproc was more than 1. So, in async mode, an agent receiving a NOTIFY frame from a process was able to send the ACK to another process. So thanks to Kevin, now a different engine-id is generated for each process. In addition, a similar change was made when several threads are started, making the SPOE async mode compatible with multithreaded configuration. Krisztián Kovács fixed 2 issues about the namespaces. First, he fixed a FD leak in master-worker mode. The FDs opened during namespaces configuration parsing were not closed when the master process was re-executing itself, effectively leaking the fds and preventing destruction of namespaces no longer present in the configuration. Then, he fixed a bug during the soft shutdown, introducing a cleanup function that closes all namespace file descriptors by iterating over the namespace ebtree. Finally, the usual bunch of bug fixes here and there. The CLI command "show table" was fixed to properly handle the data type argument. The implicit h2 upgrade from an h1 connection is now really performed on the first request only. The H2 multiplexer was slightly improved, avoiding the wake up of streams before the mux is ready. In the Prometheus exporter, average times (QTIME, CTIME, RTIME and TTIME) are now returned in seconds using a float representation instead of in milliseconds, making those metrics consistent with their announced type. As usual, all users of the 2.0 are encouraged to upgrade. But if you are using HTTP/2, you must upgrade as soon as possible. --- Complete changelog : Christopher Faulet (13): BUG/MEDIUM: stick-table: Properly handle "show table" with a data type argument BUG/MINOR: mux-h2: Be sure to have a connection to unsubcribe BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM frame BUG/MINOR: stream-int: Process connection/CS errors first in si_cs_send() BUG/MEDIUM: stream-int: Process connection/CS errors during synchronous sends BUG/MINOR: mux-h2: Use the dummy error when decoding headers for a closed stream BUG/MAJOR: mux_h2: Don't consume more payload than received for skipped frames BUG/MINOR: mux-h1: Do h2 upgrade only on the first request MINOR: spoe: Improve generation of the engine-id MINOR: spoe: Support the async mode with several threads MINOR: stats: Add the support of float fields in stats BUG/MINOR: contrib/prometheus-exporter: Return the time averages in seconds DOC: Fix documentation about the cli command to get resolver stats Kevin Zhu (1): BUG/MEDIUM: spoe: Use a different engine-id per process Krisztian Kovacs (1): BUG/MEDIUM: namespace: close open namespaces during soft shutdown Krisztián Kovács (kkovacs) (1): BUG/MEDIUM: namespace: fix fd leak in master-worker mode Willy Tarreau (4): BUG/MEDIUM: check/threads: make external checks run exclusively on thread 1 BUG/MEDIUM: checks: make sure the connection is ready before trying to recv BUG/MINOR: mux-h2: do not wake up blocked streams before the mux is ready BUG/MEDIUM: mux-h2: don't reject valid frames on closed streams -- Christopher Faulet