Hi,
HAProxy 2.2-dev9 was released on 2020/06/11. It added 205 new commits
after version 2.2-dev8.
Among the user-visible changes, we've now integrated Emeric's work on
the "ring" sections which allow to forward ring contents to remote servers
over TCP. This is directly usable to send syslog over TCP (possibly even
with TLS). It will probably be improved in the short term so that logging
over established FDs always passes through such a ring buffer. I'm glad
we could get this one in, as it's been on the todo list for many years.
The other main visible change is the switch to TLSv1.2 as the new default
minimum version, as was discussed here.
The rest is the usual bunch of bug fixes, whose severity has significantly
reduced, which is an excellent indicator. And the last point which justifies
a lot of patches but which are not interesting for non-developers is the
reorganization of the include files to get rid of some circular dependencies
we've met quite a few times recently when adding code.
We still have a few things to address before the release:
- the spinning stream regression that William Dauchy has reported
(issue #662). I've been busy not able to diagnose it further but the
trace definitely shows a bug.
- there's an annoyance detected by oss-fuzz, which is that the unescaping
operations works in O(N^2) where N is the line length. The reason is that
we use memmove() to keep the rest of the line. But if you put hundreds of
thousands of escape chars on a line it can take minutes of CPU to process
the config. I see how to fix this, it's annoying and not critical since
it has been working like this since version 1.0. So if I can address it
before the release that's fine otherwise we'll release this way.
- there's a lock around the writev() call when writing logs to plain file
descriptors (e.g. log to a pipe) to make sure log lines are never
interleaved. Given that the FD is set to non-blocking mode it's not a
problem, unless you log to a terminal (which we don't put to non-blocking)
or to a file (strongly recommended against but not forbidden) which
ignores non-blocking. In both cases the lock will spin while another
thread blocks on the write() and in addition to blocking the thread, it
will end up triggering the watchdog (as expected in such a stalled
situation). I'm thinking about a few ideas to deal with this, none of
them pleases me, and probably that the best solution will be to use the
rings and get rid of it once for all.
- Yves Lafon figured a way to handle spaces on the CLI without breaking
existing setups using backslashes. William started to look at this one
closer (considering the impacts on the master CLI as well) and it indeed
seems possible to integrate this and address this annoying issue that
prevents users from updating maps/acls containing user-agents, which
embed spaces and semi-colons.
- I noticed that the uname output in "haproxy -v" looks dirty on non-linux
OSes. On FreeBSD, the uts_version contains the full name while uts_release
only contains name+version, which causes the name and version to appear
twice on the line. On AIX, the version and release are both the minor
and major version and are reported swapped. I think that we should change
the output format to possibly emit "release=", "version=" etc or something
similar to remove ambiguities.
- finish to read all the docs and possibly update the ones that are lagging
behind if any.
- ah and I've just seen a CI report of build breakage on Windows very likely
consecutive to the include files reorganization (I only tested on Linux,
FreeBSD and AIX for now).
So we're getting pretty good for a release very soon. I think that this
might be the last development release so it can be considered almost as a
release candidate, and that if everything goes well, we could release by the
end of next week, which is close to initial estimates.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/2.2/src/
Git repository : http://git.haproxy.org/git/haproxy.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy.git
Changelog : http://www.haproxy.org/download/2.2/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Bertrand Jacquin (1):
BUG/MEDIUM: contrib/spoa: do not register python3.8 if --embed fail
Christopher Faulet (22):
BUG/MINOR: http-htx: Don't forget to release the http reply in release
function
BUG/MINOR: http-htx: Fix a leak on error path during http reply parsing
MINOR: checks: Remove dead code from process_chk_conn()
REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used
REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for
compression/lua_validation
REGTESTS: Require the version 2.2 to execute lua/set_var
BUG/MEDIUM: checks: Refresh the conn-stream and the connection after a
connect
MINOR: checks: Remove useless tests on the connection and conn-stream
BUG/MEDIUM: connection: Ignore PP2 unique ID for stream-less connections
BUG/MINOR: connection: Always get the stream when available to send PP2
line
MINOR: http-ana: Make the function http_reply_to_htx() public
MINOR: http-ana: Use proxy's error replies to emit 401/407 responses
MINOR: http-rules: Use an action function to eval http-request auth rules
CLEANUP: http: Remove unused HTTP message templates
BUG/MEDIUM: checks: Don't blindly subscribe for receive if waiting for
connect
MINOR: checks: I/O callback function only rely on the data layer wake
callback
BUG/MEDIUM: checks: Don't add a tcpcheck ruleset twice in the shared tree
MINOR: mux-h1/proxy: Add a proxy option to disable clear h2 upgrade
BUG/MEDIUM: lua: Reset analyse expiration timeout before executing a lua
action
BUG/MEDIUM: hlua: Lock pattern references to perform set/add/del
operations
BUG/MINOR: checks: Fix test on http-check rulesets during config validity
check
BUG/MEDIUM: contrib/prometheus-exporter: Properly set flags to dump
metrics
Emeric Brun (7):
MEDIUM: ring: new section ring to declare custom ring buffers.
BUG/MEDIUM: logs: fix trailing zeros on log message.
MINOR: ring: re-work ring attach generic API.
BUG/MINOR: error on unknown statement in ring section.
MEDIUM: ring: add server statement to forward messages from a ring
MEDIUM: ring: add new srv statement to support octet counting forward
BUG/MINOR: peers: fix internal/network key type mapping.
Ilya Shipitsin (1):
CI: cirrus-ci: skip
reg-tests/connection/proxy_protocol_send_unique_id_alpn.vtc on CentOS 6
Nathan Neulinger (1):
BUG/MINOR: lua: Add missing string length for lua sticktable lookup
Olivier Houchard (1):
BUG/MEDIUM: backend: set the connection owner to the session when using
alpn.
Tim Duesterhus (8):
REGTESTS: Add missing OPENSSL to REQUIRE_OPTIONS for lua/txn_get_priv
MINOR: lua: Use vars_unset_by_name_ifexist()
CLEANUP: vars: Remove void vars_unset_by_name(const char*, size_t, struct
sample*)
MINOR: vars: Make vars_(un|)set_by_name(_ifexist|) return a success value
MINOR: lua: Make `set_var()` and `unset_var()` return success
MEDIUM: lua: Add `ifexist` parameter to `set_var`
REGTEST: Add connection/proxy_protocol_send_unique_id_alpn
MINOR: sample: Add secure_memcmp converter
William Lallemand (11):
MEDIUM: ssl: use TLSv1.2 as the minimum default on bind lines
MINOR: ssl: set ssl-min-ver in ambiguous configurations
CLEANUP: ssl: remove comment from dump_crtlist_sslconf()
Revert "MINOR: ssl: rework add cert chain to CTX to be libssl independent"
DOC: add a line about comments in crt-list
BUG/MEDIUM: mworker: fix the copy of options in copy_argv()
BUG/MINOR: init: -x can have a parameter starting with a dash
BUG/MINOR: init: -S can have a parameter starting with a dash
BUG/MEDIUM: mworker: fix the reload with an -- option
BUG/MINOR: ssl: fix a trash buffer leak in some error cases
BUG/MINOR: mworker: fix a memleak when execvp() failed
Willy Tarreau (153):
MINOR: pools: compute an estimate of each pool's average needed objects
MEDIUM: pools: directly free objects when pools are too much crowded
BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf
CLEANUP: pools: use the regular lock for the flush operation on lockless
pools
SCRIPTS: publish-release: pass -n to gzip to remove timestamp
BUILD: sink: address build warning on 32-bit architectures
CLEANUP: regex: remove outdated support for regex actions
REORG: ebtree: move the C files from ebtree/ to src/
REORG: ebtree: move the include files from ebtree to include/import/
REORG: ebtree: clean up remains of the ebtree/ directory
REORG: include: create new file haproxy/api-t.h
REORG: include: create new file haproxy/api.h
REORG: include: update all files to use haproxy/api.h or api-t.h if needed
CLEANUP: include: remove common/config.h
CLEANUP: include: remove unused template.h
REORG: include: move MIN/MAX from tools.h to compat.h
REORG: include: move SWAP/MID_RANGE/MAX_RANGE from tools.h to standard.h
CLEANUP: include: remove unused common/tools.h
REORG: include: move the base files from common/ to haproxy/
REORG: include: move version.h to haproxy/
REORG: include: move base64.h, errors.h and hash.h from common to to
haproxy/
REORG: include: move openssl-compat.h from common/ to haproxy/
REORG: include: move ist.h from common/ to import/
REORG: include: move the BUG_ON() code to haproxy/bug.h
REORG: include: move debug.h from common/ to haproxy/
CLEANUP: debug: drop unused function p_malloc()
REORG: include: split buf.h into haproxy/buf-t.h and haproxy/buf.h
REORG: include: move istbuf.h to haproxy/
REORG: include: split mini-clist into haproxy/list and list-t.h
REORG: threads: extract atomic ops from hathreads.h
CLEANUP: threads: remove a few needless includes of hathreads.h
REORG: include: split hathreads into haproxy/thread.h and
haproxy/thread-t.h
CLEANUP: thread: rename __decl_hathreads() to __decl_thread()
REORG: include: move time.h from common/ to haproxy/
REORG: include: move integer manipulation functions from standard.h to
intops.h
CLEANUP: include: remove excessive includes of common/standard.h
REORG: include: move freq_ctr to haproxy/
CLEANUP: pool: include freq_ctr.h and remove locally duplicated functions
REORG: memory: move the pool type definitions to haproxy/pool-t.h
REORG: memory: move the OS-level allocator to haproxy/pool-os.h
MINOR: memory: don't let __pool_get_first() pick from the cache
MEDIUM: memory: don't let pool_put_to_cache() free the objects itself
MINOR: memory: move pool-specific path of the locked pool_free() to
__pool_free()
MEDIUM: memory: make local pools independent on lockless pools
REORG: include: move common/memory.h to haproxy/pool.h
REORG: include: move common/chunk.h to haproxy/chunk.h
REORG: include: move activity to haproxy/
REORG: include: move common/buffer.h to haproxy/dynbuf{,-t}.h
REORG: include: move common/net_helper.h to haproxy/net_helper.h
REORG: include: move common/namespace.h to haproxy/namespace{,-t}.h
REORG: include: split common/regex.h into haproxy/regex{,-t}.h
REORG: include: split common/xref.h into haproxy/xref{,-t}.h
REORG: include: move common/ticks.h to haproxy/ticks.h
REORG: include: split common/http.h into haproxy/http{,-t}.h
REORG: include: split common/http-hdr.h into haproxy/http-hdr{,-t}.h
REORG: include: move common/h1.h to haproxy/h1.h
REORG: include: split common/htx.h into haproxy/htx{,-t}.h
REORG: include: move hpack*.h to haproxy/ and split hpack-tbl
REORG: include: move common/h2.h to haproxy/h2.h
REORG: include: move common/fcgi.h to haproxy/
REORG: include: move protocol.h to haproxy/protocol{,-t}.h
REORG: tools: split common/standard.h into haproxy/tools{,-t}.h
REORG: include: move dict.h to hparoxy/dict{,-t}.h
REORG: include: move shctx to haproxy/shctx{,-t}.h
REORG: include: move port_range.h to haproxy/port_range{,-t}.h
REORG: include: move fd.h to haproxy/fd{,-t}.h
REORG: include: move ring to haproxy/ring{,-t}.h
REORG: include: move sink.h to haproxy/sink{,-t}.h
REORG: include: move pipe.h to haproxy/pipe{,-t}.h
CLEANUP: include: remove empty raw_sock.h
REORG: include: move proto_udp.h to haproxy/proto_udp{,-t}.h
REORG: include: move proto/proto_sockpair.h to haproxy/proto_sockpair.h
REORG: include: move compression.h to haproxy/compression{,-t}.h
REORG: include: move h1_htx.h to haproxy/h1_htx.h
REORG: include: move http_htx.h to haproxy/http_htx{,-t}.h
REORG: include: move hlua.h to haproxy/hlua{,-t}.h
REORG: include: move hlua_fcn.h to haproxy/hlua_fcn.h
REORG: include: move action.h to haproxy/action{,-t}.h
REORG: include: move arg.h to haproxy/arg{,-t}.h
REORG: include: move auth.h to haproxy/auth{,-t}.h
REORG: include: move dns.h to haproxy/dns{,-t}.h
REORG: include: move flt_http_comp.h to haproxy/
REORG: include: move counters.h to haproxy/counters-t.h
REORG: include: split mailers.h into haproxy/mailers{,-t}.h
REORG: include: move capture.h to haproxy/capture{,-t}.h
REORG: include: move frontend.h to haproxy/frontend.h
REORG: include: move obj_type.h to haproxy/obj_type{,-t}.h
REORG: include: move http_rules.h to haproxy/http_rules.h
CLEANUP: include: remove unused mux_pt.h
REORG: include: move mworker.h to haproxy/mworker{,-t}.h
REORG: include: move ssl_utils.h to haproxy/ssl_utils.h
REORG: include: move ssl_ckch.h to haproxy/ssl_ckch{,-t}.h
REORG: move ssl_crtlist.h to haproxy/ssl_crtlist{,-t}.h
REORG: include: move lb_chash.h to haproxy/lb_chash{,-t}.h
REORG: include: move lb_fas.h to haproxy/lb_fas{,-t}.h
REORG: include: move lb_fwlc.h to haproxy/lb_fwlc{,-t}.h
REORG: include: move lb_fwrr.h to haproxy/lb_fwrr{,-t}.h
REORG: include: move listener.h to haproxy/listener{,-t}.h
REORG: include: move pattern.h to haproxy/pattern{,-t}.h
REORG: include: move map to haproxy/map{,-t}.h
REORG: include: move payload.h to haproxy/payload.h
REORG: include: move sample.h to haproxy/sample{,-t}.h
REORG: include: move protocol_buffers.h to haproxy/protobuf{,-t}.h
REORG: include: move vars.h to haproxy/vars{,-t}.h
REORG: include: split global.h into haproxy/global{,-t}.h
REORG: include: move task.h to haproxy/task{,-t}.h
REORG: include: move proto_tcp.h to haproxy/proto_tcp.h
REORG: include: move signal.h to haproxy/signal{,-t}.h
REORG: include: move tcp_rules.h to haproxy/tcp_rules.h
REORG: include: move connection.h to haproxy/connection{,-t}.h
REORG: include: move checks.h to haproxy/check{,-t}.h
REORG: include: move http_fetch.h to haproxy/http_fetch.h
REORG: include: move peers.h to haproxy/peers{,-t}.h
REORG: include: move stick_table.h to haproxy/stick_table{,-t}.h
REORG: include: move session.h to haproxy/session{,-t}.h
REORG: include: move trace.h to haproxy/trace{,-t}.h
REORG: include: move acl.h to haproxy/acl.h{,-t}.h
REORG: include: split common/uri_auth.h into haproxy/uri_auth{,-t}.h
REORG: move applet.h to haproxy/applet{,-t}.h
REORG: include: move stats.h to haproxy/stats{,-t}.h
REORG: include: move cli.h to haproxy/cli{,-t}.h
REORG: include: move lb_map.h to haproxy/lb_map{,-t}.h
REORG: include: move ssl_sock.h to haproxy/ssl_sock{,-t}.h
REORG: include: move stream_interface.h to haproxy/stream_interface{,-t}.h
REORG: include: move channel.h to haproxy/channel{,-t}.h
REORG: include: move http_ana.h to haproxy/http_ana{,-t}.h
REORG: include: move filters.h to haproxy/filters{,-t}.h
REORG: include: move fcgi-app.h to haproxy/fcgi-app{,-t}.h
REORG: include: move log.h to haproxy/log{,-t}.h
REORG: include: move proxy.h to haproxy/proxy{,-t}.h
REORG: include: move spoe.h to haproxy/spoe{,-t}.h
REORG: include: move backend.h to haproxy/backend{,-t}.h
REORG: include: move queue.h to haproxy/queue{,-t}.h
REORG: include: move server.h to haproxy/server{,-t}.h
REORG: include: move stream.h to haproxy/stream{,-t}.h
REORG: include: move cfgparse.h to haproxy/cfgparse.h
CLEANUP: hpack: export debug functions and move inlines to .h
REORG: check: move the e-mail alerting code to mailers.c
REORG: check: move tcpchecks away from check.c
REORG: check: move email_alert* from proxy-t.h to mailers-t.h
REORG: check: extract the external checks from check.{c,h}
CLEANUP: include: don't include stddef.h directly
CLEANUP: include: don't include proxy-t.h in global-t.h
CLEANUP: include: move sample_data out of sample-t.h
REORG: include: move the error reporting functions to from log.h to
errors.h
BUILD: reorder objects in the Makefile for faster builds
CLEANUP: compiler: add a THREAD_ALIGNED macro and use it where appropriate
CLEANUP: include: make atomic.h part of the base API
REORG: include: move MAX_THREADS to defaults.h
REORG: include: move THREAD_LOCAL and __decl_thread() to compiler.h
CLEANUP: include: tree-wide alphabetical sort of include files
REORG: include: make list-t.h part of the base API
REORG: dgram: rename proto_udp to dgram
---
