Hi, HAProxy 2.8-dev6 was released on 2023/03/28. It added 71 new commits after version 2.8-dev5.
It's a bit late, I wanted to emit this one by end of last week or the week-end but got disturbed by pending bugs that I preferred to analyze first. No less than 35 bugs were fixed in this release, most of them not particularly new, so I can't say that we're degrading anything but it indicates we still need to be careful, and chasing all of them continues to slow everyone's progress down, so that's a pain. A few 2.8-specific build errors and warnings were addressed when threads are disabled. This is either a good indication that by now everyone uses threads, or that very few people test -dev (or more likely that -dev is not tested on rare systems where threads are disabled) The detection of inherited incompatible libraries from external shared libraries (typically Lua modules being loaded) was made more accurate and is slightly relaxed. Instead of detecting that one of our dependencies know about a different symbol, we now assume that it will use ours (which is how ELF works) but we still detect if the lib expects an incompatible API. For memory allocators, this means that building haproxy with jemalloc is no longer incompatible with loading modules (and we've implemented a generic version of the problematic call: malloc_trim()). For openssl, we detect about 10 symbols to figure whether the loaded library is at risk of calling a wrong combination of functions, and it proved efficient enough to reject incompatible major libs, so that looks OK. The -dMfail command line option that is used to inject random allocation failures used to only enable the feature, but nothing was done until the config was not modified to set the failure ratio. I got caught a few times by this, thinking I was running under failures while I was not, so now by default, setting it like this will automatically preset the failure rate to 1%. This was sufficient to raise 8-10 bugs on error paths! More info were made available in "show ssl ocsp-response" such as the certificate path, and the OCSP update log format was improved. Some minor QUIC updates and fixes were made, more debugging info was added to "show fd". Some doc fixes for set-var() rendering in dconv. The DeviceAtlas build command line was extended to support building in a way that is also compatible with the v3 of the API that will become the default version in by the end of this year. Overall, nothing extraordinary, and the issue rate still remains a bit high for my taste. As such, I think we'll continue to be careful about changes to come in the near future and spend quite some time making what we have more reliable. Among the upcoming changes I'm still having in mind for the short term are: - Aurélien's updates on event handlers to notify Lua about servers going up and down (the final batch is just waiting for review at the moment) - Christopher's improvements on error propagation and handling. The short-term ones are mostly cosmetic but will continue to improve the mid-term debuggability of the code so the more of it we get done the better we'll be able to debug in the future. - I'm almost done with finally supporting "bind" lines that span multiple thread groups so that starting with many threads will not throw an error anymore and will not require to manually duplicate the line, so I'm finishing this. - I'm also aware of a few QUIC changes to come (though I don't exactly remember which ones) - I also remember that there are a few other things that don't immediately come to my mind, and as usual all the doc/cleanup/etc stuff that's suitable for a cool down period where we're debugging and stabilizing. So basically I'm positive that we should get a clean 2.8 release, but we should make sure not to try to push too late stuff if we want to finish cleaning leftovers from previous versions. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/2.8/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/2.8/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (13): BUG/MINOR: quic: wake up MUX on probing only for 01RTT BUG/MINOR: quic: ignore congestion window on probing for MUX wakeup BUG/MINOR: trace: fix hardcoded level for TRACE_PRINTF BUG/MEDIUM: mux-quic: release data from conn flow-control on qcs reset MINOR: mux-quic: complete traces for qcs emission MINOR: mux-quic: adjust trace level for MAX_DATA/MAX_STREAM_DATA recv MINOR: mux-quic: add flow-control info to minimal trace level BUG/MINOR: h3: properly handle incomplete remote uni stream type BUG/MINOR: mux-quic: prevent CC status to be erased by shutdown MINOR: mux-quic: interrupt qcc_recv*() operations if CC scheduled MINOR: mux-quic: ensure CONNECTION_CLOSE is scheduled once per conn MINOR: mux-quic: close on qcs allocation failure MINOR: mux-quic: close on frame alloc failure Aurelien DARRAGON (5): BUG/MINOR: tcp_sample: fix a bug in fc_dst_port and fc_dst_is_local sample fetches MINOR: stick-table: add sc-add-gpc() to http-after-response MINOR: doc: missing entries for sc-add-gpc() DOC: config: set-var() dconv rendering issues BUG/MINOR: applet/new: fix sedesc freeing logic Christopher Faulet (10): BUG/MEDIUM: mux-pt: Set EOS on error on sending path if read0 was received BUG/MEDIUM: proxy: properly stop backends on soft-stop BUG/MEDIUM: resolvers: Properly stop server resolutions on soft-stop DEBUG: cli/show_fd: Display connection error code DEBUG: ssl-sock/show_fd: Display SSL error code BUG/MEDIUM: mux-h1: Don't block SE_FL_ERROR if EOS is not reported on H1C BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list BUG/MINOR: syslog: Request for more data if message was not fully received BUG/MEDIUM: stats: Consume the request except when parsing the POST payload BUG/MEDIUM: mux-h1: Wakeup H1C on shutw if there is no I/O subscription David Carlier (1): BUILD: da: extends CFLAGS to support API v3 from 3.1.7 and onwards. Frédéric Lécaille (5): BUG/MINOR: quic: Missing STREAM frame length updates BUG/MINOR: quic: Missing STREAM frame data pointer updates MINOR: quic: Stop stressing the acknowledgments process (RX ACK frames) BUG/MINOR: quic: Dysfunctional 01RTT packet number space probing BUG/MINOR: quic: Missing STREAM frame type updated Miroslav Zagorac (1): BUG/MINOR: illegal use of the malloc_trim() function if jemalloc is used Remi Tricot-Le Breton (5): MINOR: ssl: Change the ocsp update log-format MINOR: ssl: Use ocsp update task for "update ssl ocsp-response" command BUG/MINOR: ssl: Fix double free in ocsp update deinit MINOR: ssl: Accept certpath as param in "show ssl ocsp-response" CLI command MINOR: ssl: Add certificate path to 'show ssl ocsp-response' output Tim Duesterhus (1): BUG/MINOR: ssl: Stop leaking `err` in ssl_sock_load_ocsp() Willy Tarreau (30): BUG/MINOR: mux-h2: make sure the h2c task exists before refreshing it MINOR: buffer: add br_count() to return the number of allocated bufs MINOR: buffer: add br_single() to check if a buffer ring has more than one buf BUG/MEDIUM: mux-h2: only restart sending when mux buffer is decongested BUG/MINOR: mux-h2: set CO_SFL_STREAMER when sending lots of data BUG/MAJOR: qpack: fix possible read out of bounds in static table OPTIM: mux-h1: limit first read size to avoid wrapping MINOR: mux-h2: set CO_SFL_MSG_MORE when sending multiple buffers MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack BUG/MEDIUM: stream: do not try to free a failed stream-conn BUG/MEDIUM: mux-h2: do not try to free an unallocated h2s->sd BUG/MEDIUM: mux-h2: erase h2c->wait_event.tasklet on error path BUG/MEDIUM: stconn: don't set the type before allocation succeeds BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure MINOR: dynbuf: set POOL_F_NO_FAIL on buffer allocation MINOR: pools: preset the allocation failure rate to 1% with -dMfail BUG/MEDIUM: mux-h1: properly destroy a partially allocated h1s BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation BUILD: thread: implement thread_harmless_end_sig() for threadless builds BUILD: thread: silence a build warning when threads are disabled MINOR: debug: support dumping the libs addresses when running in verbose mode MINOR: pools: make sure 'no-memory-trimming' is always used MINOR: pools: intercept malloc_trim() instead of trying to plug holes MEDIUM: pools: move the compat code from trim_all_pools() to malloc_trim() MINOR: pools: export trim_all_pools() MINOR: pattern: use trim_all_pools() instead of a conditional malloc_trim() MINOR: tools: relax dlopen() on malloc/free checks MEDIUM: tools: further relax dlopen() checks too consider grouped symbols BUG/MINOR: pools: restore detection of built-in allocator MINOR: pools: report a replaced memory allocator instead of just malloc_trim() ---