Hi,
HAProxy 2.8-dev6 was released on 2023/03/28. It added 71 new commits
after version 2.8-dev5.
It's a bit late, I wanted to emit this one by end of last week or the
week-end but got disturbed by pending bugs that I preferred to analyze
first.
No less than 35 bugs were fixed in this release, most of them not
particularly new, so I can't say that we're degrading anything but it
indicates we still need to be careful, and chasing all of them continues
to slow everyone's progress down, so that's a pain.
A few 2.8-specific build errors and warnings were addressed when threads
are disabled. This is either a good indication that by now everyone uses
threads, or that very few people test -dev (or more likely that -dev is
not tested on rare systems where threads are disabled)
The detection of inherited incompatible libraries from external shared
libraries (typically Lua modules being loaded) was made more accurate and
is slightly relaxed. Instead of detecting that one of our dependencies
know about a different symbol, we now assume that it will use ours (which
is how ELF works) but we still detect if the lib expects an incompatible
API. For memory allocators, this means that building haproxy with jemalloc
is no longer incompatible with loading modules (and we've implemented a
generic version of the problematic call: malloc_trim()). For openssl, we
detect about 10 symbols to figure whether the loaded library is at risk of
calling a wrong combination of functions, and it proved efficient enough
to reject incompatible major libs, so that looks OK.
The -dMfail command line option that is used to inject random allocation
failures used to only enable the feature, but nothing was done until the
config was not modified to set the failure ratio. I got caught a few times
by this, thinking I was running under failures while I was not, so now by
default, setting it like this will automatically preset the failure rate
to 1%. This was sufficient to raise 8-10 bugs on error paths!
More info were made available in "show ssl ocsp-response" such as the
certificate path, and the OCSP update log format was improved. Some minor
QUIC updates and fixes were made, more debugging info was added to
"show fd". Some doc fixes for set-var() rendering in dconv. The DeviceAtlas
build command line was extended to support building in a way that is also
compatible with the v3 of the API that will become the default version in
by the end of this year.
Overall, nothing extraordinary, and the issue rate still remains a bit
high for my taste. As such, I think we'll continue to be careful about
changes to come in the near future and spend quite some time making what
we have more reliable.
Among the upcoming changes I'm still having in mind for the short term
are:
- Aurélien's updates on event handlers to notify Lua about servers
going up and down (the final batch is just waiting for review at
the moment)
- Christopher's improvements on error propagation and handling. The
short-term ones are mostly cosmetic but will continue to improve
the mid-term debuggability of the code so the more of it we get
done the better we'll be able to debug in the future.
- I'm almost done with finally supporting "bind" lines that span
multiple thread groups so that starting with many threads will not
throw an error anymore and will not require to manually duplicate
the line, so I'm finishing this.
- I'm also aware of a few QUIC changes to come (though I don't
exactly remember which ones)
- I also remember that there are a few other things that don't
immediately come to my mind, and as usual all the doc/cleanup/etc
stuff that's suitable for a cool down period where we're debugging
and stabilizing.
So basically I'm positive that we should get a clean 2.8 release, but
we should make sure not to try to push too late stuff if we want to
finish cleaning leftovers from previous versions.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.8/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/2.8/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (13):
BUG/MINOR: quic: wake up MUX on probing only for 01RTT
BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup
BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF
BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset
MINOR: mux-quic: complete traces for qcs emission
MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv
MINOR: mux-quic: add flow-control info to minimal trace level
BUG/MINOR: h3: properly handle incomplete remote uni stream type
BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown
MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled
MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn
MINOR: mux-quic: close on qcs allocation failure
MINOR: mux-quic: close on frame alloc failure
Aurelien DARRAGON (5):
BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local
sample fetches
MINOR: stick-table: add sc-add-gpc() to http-after-response
MINOR: doc: missing entries for sc-add-gpc()
DOC: config: set-var() dconv rendering issues
BUG/MINOR: applet/new: fix sedesc freeing logic
Christopher Faulet (10):
BUG/MEDIUM: mux-pt: Set EOS on error on sending path if read0 was received
BUG/MEDIUM: proxy: properly stop backends on soft-stop
BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop
DEBUG: cli/show_fd: Display connection error code
DEBUG: ssl-sock/show_fd: Display SSL error code
BUG/MEDIUM: mux-h1: Don't block SE_FL_ERROR if EOS is not reported on H1C
BUG/MEDIUM: connection: Preserve flags when a conn is removed from an
idle list
BUG/MINOR: syslog: Request for more data if message was not fully received
BUG/MEDIUM: stats: Consume the request except when parsing the POST
payload
BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription
David Carlier (1):
BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.
Frédéric Lécaille (5):
BUG/MINOR: quic: Missing STREAM frame length updates
BUG/MINOR: quic: Missing STREAM frame data pointer updates
MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames)
BUG/MINOR: quic: Dysfunctional 01RTT packet number space probing
BUG/MINOR: quic: Missing STREAM frame type updated
Miroslav Zagorac (1):
BUG/MINOR: illegal use of the malloc_trim() function if jemalloc is used
Remi Tricot-Le Breton (5):
MINOR: ssl: Change the ocsp update log-format
MINOR: ssl: Use ocsp update task for "update ssl ocsp-response" command
BUG/MINOR: ssl: Fix double free in ocsp update deinit
MINOR: ssl: Accept certpath as param in "show ssl ocsp-response" CLI
command
MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output
Tim Duesterhus (1):
BUG/MINOR: ssl: Stop leaking `err` in ssl_sock_load_ocsp()
Willy Tarreau (30):
BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it
MINOR: buffer: add br_count() to return the number of allocated bufs
MINOR: buffer: add br_single() to check if a buffer ring has more than
one buf
BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested
BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data
BUG/MAJOR: qpack: fix possible read out of bounds in static table
OPTIM: mux-h1: limit first read size to avoid wrapping
MINOR: mux-h2: set CO_SFL_MSG_MORE when sending multiple buffers
MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack
BUG/MEDIUM: stream: do not try to free a failed stream-conn
BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd
BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
BUG/MEDIUM: stconn: don't set the type before allocation succeeds
BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure
MINOR: dynbuf: set POOL_F_NO_FAIL on buffer allocation
MINOR: pools: preset the allocation failure rate to 1% with -dMfail
BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s
BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation
BUILD: thread: implement thread_harmless_end_sig() for threadless builds
BUILD: thread: silence a build warning when threads are disabled
MINOR: debug: support dumping the libs addresses when running in verbose
mode
MINOR: pools: make sure 'no-memory-trimming' is always used
MINOR: pools: intercept malloc_trim() instead of trying to plug holes
MEDIUM: pools: move the compat code from trim_all_pools() to malloc_trim()
MINOR: pools: export trim_all_pools()
MINOR: pattern: use trim_all_pools() instead of a conditional
malloc_trim()
MINOR: tools: relax dlopen() on malloc/free checks
MEDIUM: tools: further relax dlopen() checks too consider grouped symbols
BUG/MINOR: pools: restore detection of built-in allocator
MINOR: pools: report a replaced memory allocator instead of just
malloc_trim()
---
