Hi,
HAProxy 2.3.11 was released on 2021/07/07. It added 106 new commits
after version 2.3.10.
This release is quite huge, mainly because the previous release is a bit
old. Several major bugs were fixed:
* Amaury fixed a possible deadlock if "set maxconn server" command was used
when there was a pending connection ready to be dequeued. This fix
introduced another possible deadlock that was also fixed.
* A possible infinite loop in process_stream() was fixed because a
connection error was reported while the stream was waiting for a
retry. The bug was happening because the previous server connection was
only released when a new connection attempt was performed, leaving a
place to catch unexpected connection error. Now the server connection is
release ASAP on retry.
* A possible race between free() and pool_alloc() in the pools lockless
variant was fixed. The bug was always there. It is a bit tricky. For
details see the corresponding commit and the issue #1275.
* A bug in the HTX defragmentation was fixed. It was happening when the
defragmentation was performed to be able to expand an HTX block. The bug
might be encountered in the HTTP compression filter or in HTTP header
replacement.
* An old bug preventing the dequeuing process was fixed, with Pierre
Cheynier's help. The bug was happening for servers with a very low
maxconn because the load balancing was not skipped when a new connection
was picked from the proxy's or server's queue.
Less important but still noticeable fixes:
* Willy fixed a bug in the sock part leading to high CPU usage because
some early connection failures might be missed if a connect() reported
an error directly via the poller without ever reporting send
readiness. It is an old bug revealed by recent changes.
* The SHCTX code, used for the cache and the SSL sessions, was fixed to
use thread-based locking when USE_PRIVATE_CACHE was enabled.
* Emeric fixed several bugs on the peers to improve the synchronization
process. He also fixed resolvers performance issues leading to watchdog
panics when dealing with large DNS responses. In addition, many bugs
were fixed in this area, most of them about the SRV resolution.
* A bug in the HTTP compression that could occasionally lead to truncated
or corrupted responses was fixed.
* The abortonclose option was fixed.
* A bug in lua HTTP applet was fixed to be sure to notify the producer
side when some data are consumed by the applet, to not block data
receipt.
* The FCGI multiplexer was slightly improved to send a relative path
instead of a normalized URI to an application and to expose
SERVER_SOFTWARE parameter by default.
* http-ignore-probes is now respected for H2 connections. When this option
is set, no errors are reported anymore when connections are aborted
during preface.
* As a consequence of the bug fixed in the pools, the code was
simplified. The lockless implementation is used everywhere, resulting in
the removal of the very old locked implementation that was kept for
non-capable architectures. As a result, threads will now be faster on
less common architectures (e.g. i686, MIPS, PPC64, ...)
* The "show fd" command output was fixed to displayed the server name as
<proxy>/<server> instead of the reverse.
* Synchronous connect when a tcpcheck is started are now properly
handled. This fixes a bug that was happening when several connections
come one after another.
* "url_ip" and "url_port" sample fetches were fixed to properly handled
url parsing error.
The rest is less visible but contains, as usual, cleanups, small fixes here and
there, improvements ... It is strongly advised to update to this version. Thanks
everyone for your help and your contributions!
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.3/src/
Git repository : http://git.haproxy.org/git/haproxy-2.3.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.3.git
Changelog : http://www.haproxy.org/download/2.3/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
---
Complete changelog :
Alex (1):
DOC: use the req.ssl_sni in examples
Alexandar Lazic (1):
DOC/MINOR: move uuid in the configuration to the right alphabetical order
Amaury Denoyelle (5):
BUG/MINOR: http_fetch: fix possible uninit sockaddr in fetch_url_ip/port
BUG/MAJOR: server: prevent deadlock when using 'set maxconn server'
BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id
BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
REGTESTS: fix maxconn update with agent-check
Christopher Faulet (39):
BUG/MINOR: mux-fcgi: Don't send normalized uri to FCGI application
BUG/MINOR: htx: Preserve HTX flags when draining data from an HTX message
BUG/MINOR: applet: Notify the other side if data were consumed by an
applet
BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers
BUG/MINOR: stream: Decrement server current session counter on L7 retry
BUG/MINOR: stream: Reset stream final state and si error type on L7 retry
BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started
BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is
set
MINOR: channel: Rely on HTX version if appropriate in channel_may_recv()
BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may
receive
MINOR: conn-stream: Force mux to wait for read events if abortonclose is
set
MEDIUM: mux-h1: Don't block reads when waiting for the other side
BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option
is set
REGTESTS: Add script to test abortonclose option
BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter
BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response
BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A
aborts
BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry
BUG/MEDIUM: compression: Add a flag to know the filter is still
processing data
BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded
BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default
DOC: lua: Add a warning about buffers modification in HTTP
BUILD: cfgparse-ssl: Remove const from defpx param in keylog parsing
function
BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
BUG/MINOR: server/cli: Fix locking in function processing "set server"
command
MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
DOC: config: Add missing actions in "tcp-request session" documentation
BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
BUG/MINOR: server-state: load SRV resolution only if params match the
config
BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is
enabled
MINOR: resolvers: Clean server in a dedicated function when removing a
SRV item
MINOR: resolvers: Remove server from named_servers tree when removing a
SRV item
BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution
status
BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
BUG/MINOR: resolvers: Always attach server on matching record on
resolution
BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
MINOR: resolvers: Reset server IP on error in
resolv_get_ip_from_response()
BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV
resolution
Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content"
rules"
Daniel Black (1):
DOC: config: use CREATE USER for mysql-check
Dirkjan Bussink (1):
BUG/MINOR: checks: return correct error code for srv_parse_agent_check
Emeric Brun (17):
BUG/MEDIUM: peers: initialize resync timer to get an initial full resync
BUG/MEDIUM: peers: register last acked value as origin receiving a resync
req
BUG/MEDIUM: peers: stop considering ack messages teaching a full resync
BUG/MEDIUM: peers: reset starting point if peers appears longly
disconnected
BUG/MEDIUM: peers: reset commitupdate value in new conns
BUG/MEDIUM: peers: re-work updates lookup during the sync on the fly
BUG/MEDIUM: peers: reset tables stage flags stages on new conns
MINOR: peers: add informative flags about resync process for debugging
BUG/MEDIUM: dns: reset file descriptor if send returns an error
BUG/MEDIUM: dns: send messages on closed/reused fd if fd was detected
broken
BUG/MINOR: resolvers: answser item list was randomly purged or errors
MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item
MEDIUM: resolvers: add a ref between servers and srv request or used SRV
record
BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs
BUG/MINOR: stick-table: fix several printf sign errors dumping tables
DOC: stick-table: add missing documentation about gpt0 stored type
BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
Remi Tricot-Le Breton (15):
BUG/MEDIUM: ebtree: Invalid read when looking for dup entry
BUG/MINOR: server: Missing calloc return value check in srv_parse_source
BUG/MINOR: peers: Missing calloc return value check in
peers_register_table
BUG/MINOR: ssl: Missing calloc return value check in
ssl_init_single_engine
BUG/MINOR: http: Missing calloc return value check in
parse_http_req_capture
BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare
BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy
BUG/MINOR: http: Missing calloc return value check while parsing
tcp-request/tcp-response
BUG/MINOR: http: Missing calloc return value check while parsing
tcp-request rule
BUG/MINOR: compression: Missing calloc return value check in
comp_append_type/algo
BUG/MINOR: worker: Missing calloc return value check in
mworker_env_to_proc_list
BUG/MINOR: http: Missing calloc return value check while parsing redirect
rule
BUG/MINOR: http: Missing calloc return value check in make_arg_list
BUG/MINOR: proxy: Missing calloc return value check in
chash_init_server_tree
BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the
future
William Lallemand (2):
BUG/MINOR: ssl/cli: fix a lock leak when no memory available
BUILD: make tune.ssl.keylog available again
Willy Tarreau (24):
REGTESTS: add minimal CLI "add map" tests
BUG/MEDIUM: cli: prevent memory leak on write errors
MINOR: compat: automatically include malloc.h on glibc
MEDIUM: pools: call malloc_trim() from pool_gc()
MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS
MINOR: debug: add a new "debug dev sym" command in expert mode
BUG/MINOR: stream: properly clear the previous error mask on L7 retries
BUG/MINOR: lua/vars: prevent get_var() from allocating a new name
BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush()
MINOR: pools: do not maintain the lock during pool_flush()
MINOR: pools: call malloc_trim() under thread isolation
MEDIUM: pools: use a single pool_gc() function for locked and lockless
BUG/MAJOR: pools: fix possible race with free() in the lockless variant
CLEANUP: pools: remove now unused seq and pool_free_list
BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE
BUG/MINOR: ssl: use atomic ops to update global shctx stats
BUG/MINOR: mworker: fix typo in chroot error message
BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue
MINOR: backend: only skip LB when there are actual connections
BUG/MINOR: stats: make "show stat typed desc" work again
MINOR: mux-h2: obey http-ignore-probes during the preface
BUG/MEDIUM: sock: make sure to never miss early connection failures
BUG/MINOR: cli: fix server name output in "show fd"
DOC: peers: fix the protocol tag name in the doc
--
Christopher Faulet
