HAProxy 2.8-dev6 was released on 2023/03/28. It added 71 new commits
after version 2.8-dev5.

It's a bit late, I wanted to emit this one by end of last week or the
week-end but got disturbed by pending bugs that I preferred to analyze

No less than 35 bugs were fixed in this release, most of them not
particularly new, so I can't say that we're degrading anything but it
indicates we still need to be careful, and chasing all of them continues
to slow everyone's progress down, so that's a pain.

A few 2.8-specific build errors and warnings were addressed when threads
are disabled. This is either a good indication that by now everyone uses
threads, or that very few people test -dev (or more likely that -dev is
not tested on rare systems where threads are disabled)

The detection of inherited incompatible libraries from external shared
libraries (typically Lua modules being loaded) was made more accurate and
is slightly relaxed. Instead of detecting that one of our dependencies
know about a different symbol, we now assume that it will use ours (which
is how ELF works) but we still detect if the lib expects an incompatible
API. For memory allocators, this means that building haproxy with jemalloc
is no longer incompatible with loading modules (and we've implemented a
generic version of the problematic call: malloc_trim()). For openssl, we
detect about 10 symbols to figure whether the loaded library is at risk of
calling a wrong combination of functions, and it proved efficient enough
to reject incompatible major libs, so that looks OK.

The -dMfail command line option that is used to inject random allocation
failures used to only enable the feature, but nothing was done until the
config was not modified to set the failure ratio. I got caught a few times
by this, thinking I was running under failures while I was not, so now by
default, setting it like this will automatically preset the failure rate
to 1%. This was sufficient to raise 8-10 bugs on error paths!

More info were made available in "show ssl ocsp-response" such as the
certificate path, and the OCSP update log format was improved. Some minor
QUIC updates and fixes were made, more debugging info was added to
"show fd". Some doc fixes for set-var() rendering in dconv. The DeviceAtlas
build command line was extended to support building in a way that is also
compatible with the v3 of the API that will become the default version in
by the end of this year.

Overall, nothing extraordinary, and the issue rate still remains a bit
high for my taste. As such, I think we'll continue to be careful about
changes to come in the near future and spend quite some time making what
we have more reliable.

Among the upcoming changes I'm still having in mind for the short term
  - Aurélien's updates on event handlers to notify Lua about servers
    going up and down (the final batch is just waiting for review at
    the moment)

  - Christopher's improvements on error propagation and handling. The
    short-term ones are mostly cosmetic but will continue to improve
    the mid-term debuggability of the code so the more of it we get
    done the better we'll be able to debug in the future.

  - I'm almost done with finally supporting "bind" lines that span
    multiple thread groups so that starting with many threads will not
    throw an error anymore and will not require to manually duplicate
    the line, so I'm finishing this.

  - I'm also aware of a few QUIC changes to come (though I don't
    exactly remember which ones)

  - I also remember that there are a few other things that don't
    immediately come to my mind, and as usual all the doc/cleanup/etc
    stuff that's suitable for a cool down period where we're debugging
    and stabilizing.

So basically I'm positive that we should get a clean 2.8 release, but
we should make sure not to try to push too late stuff if we want to
finish cleaning leftovers from previous versions.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.8/src/
   Git repository   : https://git.haproxy.org/git/haproxy.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy.git
   Changelog        : https://www.haproxy.org/download/2.8/src/CHANGELOG
   Dataplane API    : 
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Complete changelog :
Amaury Denoyelle (13):
      BUG/MINOR: quic: wake up MUX on probing only for 01RTT
      BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup
      BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF
      BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset
      MINOR: mux-quic: complete traces for qcs emission
      MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv
      MINOR: mux-quic: add flow-control info to minimal trace level
      BUG/MINOR: h3: properly handle incomplete remote uni stream type
      BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown
      MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled
      MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn
      MINOR: mux-quic: close on qcs allocation failure
      MINOR: mux-quic: close on frame alloc failure

Aurelien DARRAGON (5):
      BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local 
sample fetches
      MINOR: stick-table: add sc-add-gpc() to http-after-response
      MINOR: doc: missing entries for sc-add-gpc()
      DOC: config: set-var() dconv rendering issues
      BUG/MINOR: applet/new: fix sedesc freeing logic

Christopher Faulet (10):
      BUG/MEDIUM: mux-pt: Set EOS on error on sending path if read0 was received
      BUG/MEDIUM: proxy: properly stop backends on soft-stop
      BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop
      DEBUG: cli/show_fd: Display connection error code
      DEBUG: ssl-sock/show_fd: Display SSL error code
      BUG/MEDIUM: mux-h1: Don't block SE_FL_ERROR if EOS is not reported on H1C
      BUG/MEDIUM: connection: Preserve flags when a conn is removed from an 
idle list
      BUG/MINOR: syslog: Request for more data if message was not fully received
      BUG/MEDIUM: stats: Consume the request except when parsing the POST 
      BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription

David Carlier (1):
      BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards.

Frédéric Lécaille (5):
      BUG/MINOR: quic: Missing STREAM frame length updates
      BUG/MINOR: quic: Missing STREAM frame data pointer updates
      MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames)
      BUG/MINOR: quic: Dysfunctional 01RTT packet number space probing
      BUG/MINOR: quic: Missing STREAM frame type updated

Miroslav Zagorac (1):
      BUG/MINOR: illegal use of the malloc_trim() function if jemalloc is used

Remi Tricot-Le Breton (5):
      MINOR: ssl: Change the ocsp update log-format
      MINOR: ssl: Use ocsp update task for "update ssl ocsp-response" command
      BUG/MINOR: ssl: Fix double free in ocsp update deinit
      MINOR: ssl: Accept certpath as param in "show ssl ocsp-response" CLI 
      MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output

Tim Duesterhus (1):
      BUG/MINOR: ssl: Stop leaking `err` in ssl_sock_load_ocsp()

Willy Tarreau (30):
      BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it
      MINOR: buffer: add br_count() to return the number of allocated bufs
      MINOR: buffer: add br_single() to check if a buffer ring has more than 
one buf
      BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested
      BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data
      BUG/MAJOR: qpack: fix possible read out of bounds in static table
      OPTIM: mux-h1: limit first read size to avoid wrapping
      MINOR: mux-h2: set CO_SFL_MSG_MORE when sending multiple buffers
      MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack
      BUG/MEDIUM: stream: do not try to free a failed stream-conn
      BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd
      BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path
      BUG/MEDIUM: stconn: don't set the type before allocation succeeds
      BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure
      MINOR: dynbuf: set POOL_F_NO_FAIL on buffer allocation
      MINOR: pools: preset the allocation failure rate to 1% with -dMfail
      BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s
      BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation
      BUILD: thread: implement thread_harmless_end_sig() for threadless builds
      BUILD: thread: silence a build warning when threads are disabled
      MINOR: debug: support dumping the libs addresses when running in verbose 
      MINOR: pools: make sure 'no-memory-trimming' is always used
      MINOR: pools: intercept malloc_trim() instead of trying to plug holes
      MEDIUM: pools: move the compat code from trim_all_pools() to malloc_trim()
      MINOR: pools: export trim_all_pools()
      MINOR: pattern: use trim_all_pools() instead of a conditional 
      MINOR: tools: relax dlopen() on malloc/free checks
      MEDIUM: tools: further relax dlopen() checks too consider grouped symbols
      BUG/MINOR: pools: restore detection of built-in allocator
      MINOR: pools: report a replaced memory allocator instead of just 


Reply via email to