Hi,
HAProxy 2.2.12 was released on 2021/03/31. It added 29 new commits
after version 2.2.11. This makes 2.2.12 catch up with the fixes that went
into 2.3.9:
- One issue was a regression of the rate counters causing those
spanning over a period (like in stick-tables) to increase forever
consecutive to a fix in 2.2.11 to prevent them from being randomly
reset every second.
- A rare issue causing old processes to abort on reload due to a
deadlock between the listeners and the file descriptors was also
addressed. This one was unveiled in 2.2.10 and was not visible
before due to another bug!
- In the unlikely even that the watchdog would trigger within Lua
code (most likely caused by threads waiting on the Lua lock), it
was sometimes possible to deadlock inside the libc on its own
malloc() lock when trying to dump the Lua backtrace. This was
addressed by using the home-grown backtrace function instead which
doesn't require allocations.
- Processes built with DEBUG_UAF could deadlock when doing this
under thread isolation.
- The fix for too lax hdr_ip() parsing was integrated (it could
incorrectly return only the parsable part of an address if the
sender would send garbage).
- The H1's shutdown code was made idempotent (as it ought to
be). Only a single user faces some crashes on this one, it's very
strange, it indicates that a number of conditions must be met to
trigger it.
- The SSL fixes for "add ssl crt-list" making inconsistent use of FS
accesses at run time vs boot time were integrated.
- down-going-up server state transition on the stats page was
mistakenly reported as the same color as up-going-down.
- unix-bind-prefix was incorrectly applied to the master socket.
And among the recent ones that were merged into 2.3-maint after 2.3.9:
- the fix for the silent-drop fallback in IPv6 was merged (the TTL is
IPV6_UNICAST_HOPS in this case)
- the update on the CLI of the default SSL certificate used not to work
correctly as the previous one was not removed, resulting in a random
behavior namely on the SNI.
This time I hope that all the recent mess experienced since 2.2.10 was
properly addressed. Those who faced DNS issues when upgrading from 2.2.9
to 2.2.10 or rate counter issues from 2.2.10 to 2.2.11, and who possibly
rolled back to 2.2.9 are strongly encouraged to try again.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.2/src/
Git repository : http://git.haproxy.org/git/haproxy-2.2.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.2.git
Changelog : http://www.haproxy.org/download/2.2/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Christopher Faulet (7):
MEDIUM: lua: Use a per-thread counter to track some non-reentrant parts
of lua
BUG/MEDIUM: debug/lua: Don't dump the lua stack if not dumpable
MINOR: lua: Slightly improve function dumping the lua traceback
BUG/MEDIUM: debug/lua: Use internal hlua function to dump the lua
traceback
BUG/MEDIUM: lua: Always init the lua stack before referencing the context
BUG/MEDIUM: thread: Fix a deadlock if an isolated thread is marked as
harmless
BUG/MINOR: payload: Wait for more data if buffer is empty in
payload/payload_lv
Eric Salama (1):
MINOR/BUG: mworker/cli: do not use the unix_bind prefix for the master
CLI socket
Florian Apolloner (1):
BUG/MINOR: stats: Apply proper styles in HTML status page.
Ilya Shipitsin (1):
BUILD: ssl: guard ecdh functions with SSL_CTX_set_tmp_ecdh macro
Olivier Houchard (1):
BUG/MEDIUM: fd: Take the fd_mig_lock when closing if no DWCAS is
available.
Remi Tricot-Le Breton (4):
BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list"
BUG/MINOR: ssl: Fix update of default certificate
BUG/MINOR: ssl: Prevent removal of crt-list line if the instance is a
default one
BUG/MINOR: ssl: Add missing free on SSL_CTX in ckch_inst_free
Willy Tarreau (14):
MINOR: time: also provide a global, monotonic global_now_ms timer
BUG/MEDIUM: freq_ctr/threads: use the global_now_ms variable
MINOR: fd: make fd_clr_running() return the remaining running mask
MINOR: fd: remove the unneeded running bit from fd_insert()
BUG/MEDIUM: fd: do not wait on FD removal in fd_delete()
CLEANUP: fd: remove unused fd_set_running_excl()
MINOR: tools: make url2ipv4 return the exact number of bytes parsed
BUG/MINOR: http_fetch: make hdr_ip() reject trailing characters
BUG/MEDIUM: mux-h1: make h1_shutw_conn() idempotent
BUG/MEDIUM: time: make sure to always initialize the global tick
BUG/MINOR: tcp: fix silent-drop workaround for IPv6
BUILD: tcp: use IPPROTO_IPV6 instead of SOL_IPV6 on FreeBSD/MacOS
BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
REGTESTS: ssl: add missing file simple.crt-list from previous SSL fix
---
