Hi.

Am 27.09.19 um 16:29 schrieb Christopher Faulet:
> Hi,
> 
> HAProxy 2.0.7 was released on 2019/09/27. It added 20 new commits
> after version 2.0.6.

Image is updated.
https://hub.docker.com/r/me2digital/haproxy20-centos

```
HA-Proxy version 2.0.7 2019/09/27 - https://haproxy.org/
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv
-Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
-Wno-missing-field-initializers -Wtype-limits
  OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1
USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1

Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE +PCRE_JIT
-PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM
-STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT
+CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 -ZLIB
+SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD
-OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=1).
Built with OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
Running on OpenSSL version : OpenSSL 1.1.1d  10 Sep 2019
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.5
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with the Prometheus exporter as a service

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE     mux=H2
              h2 : mode=HTTP       side=FE        mux=H2
       <default> : mode=HTX        side=FE|BE     mux=H1
       <default> : mode=TCP|HTTP   side=FE|BE     mux=PASS

Available services :
        prometheus-exporter

Available filters :
        [SPOE] spoe
        [COMP] compression
        [CACHE] cache
        [TRACE] trace
```

> This release fixes several issues in the H2 multiplexer, among which 2 major
> bugs about the way received frames are handled on the error path. The first 
> one
> comes from the first age of the H2 multiplexer. During frames demultiplexing,
> when an error is reported on a stream, payload of the current frame must be
> drained to allow parsing of the following frames. This part was buggy. All the
> announced frame length was systematically drained and not only the available
> part of it. For frames partially received, too many data were drained from the
> demux buffer, leaving it in a buggy state and thus corrupting the memory on 
> the
> next receives. This old bug is certainly responsible of many hardly
> reproducible and unresolved issues and also crashes. The second major bug is
> about a desync of the HPACK decoder. HEADERS frames received for an unknown or
> already closed stream were simply ignored. As stated in RFC7540#5.1, those 
> frames must be skipped. But because they carry a compression state they must
> still be processed before being dropped to keep the HPACK decoder 
> synchronized.
> Because those HEADERS frame were not decoded, the HPACK decoder was able to be
> out of sync. It is a major bug because it led to a mix-up of headers for the
> following streams.
> 
> A regression on the checks was fixed. In the 2.0.6, when default checks was
> enabled (not "option *-check"), some failures on connect were erroneously
> reported, making checks failed. What was valid for the 2.1 proved wrong for 
> the
> 2.0 because of the FD cache, still here in 2.0 and earlier. Other checks are 
> not
> concerned. And an issue about the thread-safety of external checks was also 
> fixed.
> 
> A bug in the SPOE was fixed by Kevin Zhu. The same engine-id was used when
> nbproc was more than 1. So, in async mode, an agent receiving a NOTIFY frame
> from a process was able to send the ACK to another process. So thanks to 
> Kevin,
> now a different engine-id is generated for each process. In addition, a 
> similar
> change was made when several threads are started, making the SPOE async mode
> compatible with multithreaded configuration.
> 
> Krisztián Kovács fixed 2 issues about the namespaces. First, he fixed a FD 
> leak
> in master-worker mode. The FDs opened during namespaces configuration parsing
> were not closed when the master process was re-executing itself, effectively
> leaking the fds and preventing destruction of namespaces no longer present in
> the configuration. Then, he fixed a bug during the soft shutdown, introducing 
> a
> cleanup function that closes all namespace file descriptors by iterating over
> the namespace ebtree.
> 
> Finally, the usual bunch of bug fixes here and there. The CLI command "show
> table" was fixed to properly handle the data type argument. The implicit h2
> upgrade from an h1 connection is now really performed on the first request
> only. The H2 multiplexer was slightly improved, avoiding the wake up of 
> streams
> before the mux is ready. In the Prometheus exporter, average times (QTIME,
> CTIME, RTIME and TTIME) are now returned in seconds using a float 
> representation
> instead of in milliseconds, making those metrics consistent with their 
> announced
> type.
> 
> As usual, all users of the 2.0 are encouraged to upgrade. But if you are using
> HTTP/2, you must upgrade as soon as possible.
> 
> ---
> Complete changelog :
[snipp]

Reply via email to