Hi,

HAProxy 2.5.1 was released on 2022/01/11. It added 58 new commits
after version 2.5.0.

As usual, this release fixes several issues and brings some improvements:

 - there was a possible slow memory leak of struct sockaddr during layer-7
   retries that would end up with a redispatch. We're speaking about ~200
   bytes per retried request, which normally doesn't harm, but can at least
   fool some monitoring and cause some concerns.

 - there was another memory leak in jwt_header_query and jwt_payload_query
   converters. A full buffer was leaking at each invocation (~16k by
   default).

 - there was a risk of frozen stream or spinning loop when combining
   layer-7 retries with some filters because an analyzer responsible
   for releasing the filter was dropped. This was fixed.

 - there was an allocation problem when SSL was configured using a
   "default-server" directive. Some SSL settings like "crt" or
   possibly "ca" as well were causing an SSL_CTX to be allocated too
   early (at the moment the directive was parsed) and replicated for
   each server inheriting it. But that led to problems when these
   fields were updated at runtime for a given server as that could
   affect other servers' as well. And during soft-stop it would cause
   double-free issues as reported in github issue 1488.

 - William found that a number of free() were missing for server SSL
   settings when deleting a server. That's not dramatic but it could
   definitely be noticeable by those adding/removing servers often.

 - splicing of HTTP/1.1 responses would always incorrectly end up in closing
   the client connection at the end of the transfer, and was simply disabled
   for messages of unknown lengths (neither content-length nor
   transfer-encoding). Fixing these issues, an inter-release regression was
   introduced. This was fixed and at the end, no 2.5 release is impacted.
   Only the 2.4.11 is concerned by this regression.

  - there was an issue with the HTTP/1.1 chunk-encoded message parsing, when
    the message headers were not received in one time. In this case, a
    parsing error could be erroneously reported. This was fixed.

  - using multiple log-forward sections would crash after parsing the
    config, that's now fixed.

  - a possible crash on master CLI when trying to enter an old pid when in
    prompt mode.

  - there was a FD leak on the eventpoll in the master-worker in wait
    mode. This was fixed. In addition, in this mode, on reload, the master
    was trying to get the listeners FD from the previous process using
    _getsocks on the stat socket. It was not necessary. And if the reload
    failed, it led the master to exit with EXIT_FAILURE status, killing the
    workers. This was fixed by restricting the use of _getsocks to some
    modes.

  - yet another risk of crash on resolvers was fixed, this time when
    getting a response error, because some invalid elements could be
    left in the list.

  - a possible crash when adding a server on the CLI with a custom ID
    because the key was not properly initialized.

  - there was an issue with "show cache" command. Each entry was reported
    several times because of a bug in the loop walking through the cache.

  - The http-client was systematically adding a Host header using the
    provided URL while it is possible to pass it in the header list. Now if
    it is found in the header list, no other Host header is added.

  - Client SNI was not saved in case of ClientHello error, making strict-sni
    related errors hard to debug. This was fixed.

  - conn_cur was not properly ignored from incoming peer messages,
    especially when frequency counters or arrays are exchanged after
    conn_cur. The stream was desynchronized and incorrect values were read.

  - Some server-side SSL settings could be lost when using more than one
    default-server directive.

  - since 2.4 during a soft-stop we're closing all idle frontend connections
    so that we don't have to wait for clients to time out nor for them to
    send a new request. But it turns out that doing it as any server would
    do it disturbs AWS' ALB, which immediately emits a 502 to their clients
    after failing to upload a new request on such a closed connection. It's
    well known (and documented) that reused connections have a window of
    uncertainty and that an agent must retry on them (which is why haproxy
    usually silently closes with the client when it experiences this so that
    the client can decide to retry). Thus ALB's behavior is incorrect and
    prevents from using keep-alive normally with the next hop. What was done
    here was to add an option "idle-close-on-response" to reintroduce the
    old behavior and wait for clients to speak first before closing.
    Credits go to William Dauchy for the report and the work around.

  - Daniel Jakots fixed the build with libreSSL 3.5 and newer (some macros
    didn't work anymore).

  - David Carlier fixed the build with FreeBSD 14, which changes the cpuset
    API to better match Linux's.

  - a small improvement, in order to help users provide exploitable cores,
    there's now a new command-line option "-dL" which dumps the dynamic
    libraries that were detected at run time just before forking. This
    possibly includes dependencies from Lua or various other libs that do
    not always appear in "ldd". Typically libgcc_s is listed. The output
    format allows to pipe that to tar to produce an archive of all
    executable code that apparently tends to open well with a core,
    irrelevant to the distros in use. Since it eases bug reports, we've
    decided to backport it.

  - another build issue, this time with clang on i386. It tries to make use
    of the CMPXCHG8B instruction to perform 64-bit atomics but incorrectly
    expects the operands to be 64-bit aligned while neither the ABI nor the
    instruction have this requirement. So basically it complains about the
    code it produces itself. The analysis showed that working around this
    would require tens to hundreds of isolated hacks and that the least
    dirty solution is to disable the warning. Firefox faced the same issue 3
    years ago and adopted the same work around. I guess nobody's interested
    anymore in i386 for anyone to expect a fix there anyway.

  - a workaround for a possibly slow malloc_trim() in modern libcs upon
    reload when using many threads, that could be slow enough to panic
    the old process.

  - a few other build fixes and doc fixes.

  - "show version" command was added to display the current process version.

  - "capture" action is now supported in http-after-response rulesets.

  - Empty lines were removed from "show ssl ocsp-response" command output.

Thanks everyone for your help and your contributions!

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.5/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.5.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.5.git
   Changelog        : http://www.haproxy.org/download/2.5/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/


---
Complete changelog :
Bertrand Jacquin (1):
      BUG/MINOR: lua: remove loop initial declarations

Christopher Faulet (15):
      BUG/MINOR: cache: Fix loop on cache entries in "show cache"
      BUG/MEDIUM: cli: Properly set stream analyzers to process one command at 
a time
      BUG/MINOR: server: Don't rely on last default-server to init server SSL 
context
      BUG/MEDIUM: resolvers: Detach query item on response error
      BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
      MINOR: mux-h1: Improve H1 traces by adding info about http parsers
      BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
      MINOR: http-rules: Add capture action to http-after-response ruleset
      BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
      DOC: spoe: Clarify use of the event directive in spoe-message section
      DOC: config: Specify %Ta is only available in HTTP mode
      BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
      BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
      BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
      BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data

Daniel Jakots (1):
      BUILD: ssl: unbreak the build with newer libressl

David CARLIER (3):
      MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
      BUILD/MINOR: cpuset FreeBSD 14 build fix.
      BUILD: cpuset: fix build issue on macos introduced by previous change

David Carlier (1):
      BUILD/MINOR: tools: solaris build fix on dladdr.

Emeric Brun (1):
      BUG/MAJOR: segfault using multiple log forward sections.

Ilya Shipitsin (3):
      CI: Github Actions: do not show VTest failures if build failed
      CI: github actions: update OpenSSL to 3.0.1
      CI: github actions: clean default step conditions

Lukas Tribus (2):
      DOC: config: retry-on list is space-delimited
      DOC: config: fix error-log-format example

Miroslav Zagorac (1):
      BUILD: opentracing: display warning in case of using OT_USE_VARS at 
compile time

Remi Tricot-Le Breton (3):
      BUG/MINOR: vars: Fix the set-var and unset-var converters
      MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
      BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello 
error

Thierry Fournier (1):
      DOC: fix misspelled keyword "resolve_retries" in resolvers

Tim Duesterhus (1):
      BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query

William Dauchy (1):
      MINOR: proxy: add option idle-close-on-response

William Lallemand (13):
      BUG/MINOR: httpclient: allow to replace the host header
      BUG/MINOR: lua: don't expose internal proxies
      BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
      BUG/MINOR: mworker: deinit of thread poller was called when not 
initialized
      MINOR: cli: "show version" displays the current process version
      BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt 
mode
      BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
      REGTESTS: ssl: fix ssl_default_server.vtc
      BUG/MINOR: ssl: free the fields in srv->ssl_ctx
      BUG/MEDIUM: ssl: free the ckch instance linked to a server
      REGTESTS: ssl: update of a crt with server deletion
      BUG/MINOR: cli: fix _getsocks with musl libc
      BUG/MEDIUM: mworker: don't use _getsocks in wait mode

Willy Tarreau (11):
      BUILD: evports: remove a leftover from the dead_fd cleanup
      BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
      IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
      MINOR: pools: work around possibly slow malloc_trim() during gc
      BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
      BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
      DEBUG: ssl: make sure we never change a servername on established 
connections
      MINOR: compat: detect support for dl_iterate_phdr()
      MINOR: debug: add ability to dump loaded shared libraries
      MINOR: debug: add support for -dL to dump library names at boot
      BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive 
warning

--
Christopher Faulet

Reply via email to