HAProxy 2.3.17 was released on 2022/01/11. It added 51 new commits
after version 2.3.16.

This is essentially an update of 2.3 with the relevant fixes that were
collected from 2.4.9 to 2.4.12. The list below was mostly composed from
the last few 2.4 changelogs:

 - using multiple log-forward sections would crash after parsing the
   config, that's now fixed.

 - possible crash on master CLI when trying to enter an old pid when
   in prompt mode

 - yet another risk of crash on resolvers was fixed, this time when
   getting a response error, because some invalid elements could be
   left in the list.

 - the problem where the SNI could be set again on a reused server
   connection was fixed

 - a workaround for a possibly slow malloc_trim() in modern libcs upon
   reload when using many threads, that could be slow enough to panic
   the old process.

 - there was a risk of frozen stream or spinning loop when combining
   layer-7 retries with some filters because an analyser responsible
   for releasing the filter was dropped. This was fixed.

 - eliminate a rare risk of deadlock when built with DEBUG_UAF. It
   would only affect developers chasing some user-after-free bugs,
   but better fix it anyway.

 - on reload we used to transfer listening sockets by packs of 253 between
   the old and the new process but it looks like for whatever reason on
   musl 253 doesn't work and the limit is 252. It might be caused by a
   slightly different layout for the message. So the limit was lowered by
   one as this will definitely not affect reload time!

 - Daniel Jakots fixed the build with libreSSL 3.5 and newer (some macros
   didn't work anymore).

 - David Carlier fixed the build with FreeBSD 14, which changes the cpuset
   API to better match Linux's.

 - the build warning with clang on i386 was addressed

 - fixed some usual "maybe unused" warnings on old compilers for
   unusual platform (gcc-4.7 on MIPS with threads disabled).

 - William fixed a bug in the master-worker when the master is executed in
   wait mode (only after a reload failure in 2.3). In this case, the master
   must never try to to get the listeners FD from the previous process
   using _getsocks on the stats socket. Otherwise, if a reload fails, the
   master exists with a EXIT_FAILURE status, killing all the workers.

 - the CLI's "show version" was backported to help with diagnostics and
   to uniformize APIs between versions.

 - various minor doc updates and typo fixes

 - some regtest and CI backports to ease stable maintainers' job

Please find the usual URLs below :
   Site index       : http://www.haproxy.org/
   Discourse        : http://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Wiki             : https://github.com/haproxy/wiki/wiki
   Sources          : http://www.haproxy.org/download/2.3/src/
   Git repository   : http://git.haproxy.org/git/haproxy-2.3.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-2.3.git
   Changelog        : http://www.haproxy.org/download/2.3/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Complete changelog :
Amaury Denoyelle (2):
      BUG/MINOR: backend: do not set sni on connection reuse
      BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose

Christopher Faulet (5):
      BUG/MEDIUM: cli: Properly set stream analyzers to process one command at 
a time
      BUG/MEDIUM: resolvers: Detach query item on response error
      DOC: spoe: Clarify use of the event directive in spoe-message section
      DOC: config: Specify %Ta is only available in HTTP mode
      BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry

Daniel Jakots (1):
      BUILD: ssl: unbreak the build with newer libressl

David Carlier (1):
      BUILD/MINOR: tools: solaris build fix on dladdr.

Emeric Brun (1):
      BUG/MAJOR: segfault using multiple log forward sections.

Ilya Shipitsin (11):
      CI: Github Actions: enable prometheus exporter
      CI: Github Actions: remove LibreSSL-3.0.2 builds
      CI: Github Actions: enable BoringSSL builds
      CI: Github Action: run "apt-get update" before packages restore
      CI: github actions: update LibreSSL to 3.3.0
      CI: github actions: enable 51degrees feature
      CI: GitHub Actions: enable daily Coverity scan
      CI: github actions: build several popular "contrib" tools
      CI: github actions: switch to stable LibreSSL release
      CI: github actions: update LibreSSL to 3.2.5
      CI: Github Actions: switch to LibreSSL-3.3.3

Lukas Tribus (1):
      DOC: config: retry-on list is space-delimited

Thierry Fournier (1):
      DOC: fix misspelled keyword "resolve_retries" in resolvers

Tim Duesterhus (12):
      CI: Expand use of GitHub Actions for CI
      CI: Stop hijacking the hosts file
      CI: Make the h2spec workflow more consistent with the VTest workflow
      CI: Pass the github.event_name to matrix.py
      CI: Clean up Windows CI
      CI: Set DEBUG=-DDEBUG_STRICT=1 in GitHub Actions
      CI: Pin VTest to a known good commit
      CI: Fix DEBUG_STRICT definition for Coverity
      CI: Fix the coverity builds
      Revert "CI: Pin VTest to a known good commit"
      CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next()
      CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next()

William Lallemand (6):
      DOC: configuration: issuers-chain-path only applies to bind lines
      MINOR: cli: "show version" displays the current process version
      BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt 
      BUG/MINOR: ssl: free the fields in srv->ssl_ctx
      BUG/MINOR: cli: fix _getsocks with musl libc
      BUG/MEDIUM: mworker: don't use _getsocks in wait mode

Willy Tarreau (10):
      CI: Github Actions: temporarily disable BoringSSL builds
      MEDIUM: task: extend the state field to 32 bits
      MINOR: ssl: make tlskeys_list_get_next() take a list element
      REGTESTS: mark the abns test as broken again
      BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
      MINOR: pools: work around possibly slow malloc_trim() during gc
      BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode
      BUILD: cli: clear a maybe-unused  warning on some older compilers
      BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive 
      CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free


Reply via email to