Hi,

HAProxy 2.9-dev12 was released on 2023/11/30. It added 106 new commits
after version 2.9-dev11.

It looks like we're getting good for the release. That's a last -dev to
help testers rebase and get all the fixes but quite frankly we could very
well have released this one. 

Let's first get rid of the fixes:
- there was an issue when running in master-worker mode with more than
  one thread group that was fixed

- a bug in the zero-copy fast-forwarding code for QUIC that could corrupt
  responses (oops!)

- a case where fast-forward with H2 could seldom block if other streams
  were also blocked waiting for a condition to start emitting again

- an issue where H1 could crash trying to emit trailers received from H2
  while not in chunk mode

- a theoretically possible race between code setting a server's address
  and the code using it

- some cases where zero-copy fast-forward would wake the other side up
  when it's blocked, causing excessive CPU usage

- a case where an aborted transfer from a cache miss could leave the
  truncated object unusable in the cache until it expired

- the acme.sh script was updated to reflect the pending pull-request
 (fixes empty lines, now can use the master socket)

- and a few minor h3/quic fixes.

Most of these (aside zero-copy stuff) were pre-2.9 in fact.

Now let's have a look at the small improvements that were still waiting
for some developers time to be completed, essentially supposed to make
users' lives easier (and developers' as well during debugging):

- support for a custom end pattern on the CLI to send payload to ease
  emission of payloads containing empty lines (this saves you from having
  to trim empty lines from certificates)

- a few remaining sample fetch functions to explicitly retrieve the
  server's status code vs the one returned to the user (e.g. during
  redirects or errors they can differ), as well as the termination
  codes and retries counts. This makes it possible for example to
  adjust the returned code based on certain abnormal termination codes.

- the frontend and backend stream IDs can be retrieved, that will ease
  debugging when these are added in logs, particularly when comparing
  with traces.

- servers in log backends apparnetly did not properly support FQDN,
  that's now done.

- the SSL cert selection callback to choose between RSA/ECDSA is now
  operational with WolfSSL.

- the master CLI now features a "hard-reload" command that does the
  same as "-st", i.e. it reloads without preserving old connections.

- the reverse-http stuff now depends on "expose-experimental-directives"
  (we forgot to do it previously while it's definitely experimental at
  least until the similar draft is adopted). The error at boot mentions
  it if it's missing.

- the command line now supports "-dt" to enable traces to stderr without
  having to modify the configuration; by default all traces are enabled
  at the error level but this is customizable.

- the memory usage of H2 connections was bounded to the number of streams
  for zero-copy as well, it was forgotten previously.

- the pattern reference lookup was improved to save 32 bytes per loaded
  pattern (store the string in-place, not via strdup) so that the tree
  based lookup code is now about as efficient as the older list code.

- some rare build warnings were addressed

- some doc was updated, with a notable change which is the move of the
  action keywords to their own section, as well as the introduction of
  summary tables to ease lookups of sample fetch methods and converters.
  Despite the new tables the doc lost around 500 lines in deduplication.

- some QUIC functions were moved between files to be easier to find (and
  thanks to the QUIC team for doing that before the release not after, to
  limit backporting efforts).

I've seen a few parts in the doc that could deserve a bit of polishing,
such as speaking about streams instead of sessions at certain old places,
etc. I do expect a few such small changes to appear in the next few days,
but that should not change what's running. So I'm deploying this and as
usual I anticipate that this last -dev will be running for a while on
haproxy.org since it will essentially be the same as the final one. In
other words, you can deploy it now as if it were the final 2.9.

Given that there's nothing left in sight, we can stick to next Tuesday
for the final release. The week-end will be sufficient to possibly spot
a few last-minute glitches and possibly test it on other less common
platforms.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.9/src/
   Git repository   : https://git.haproxy.org/git/haproxy.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy.git
   Changelog        : https://www.haproxy.org/download/2.9/src/CHANGELOG
   Dataplane API    : 
https://github.com/haproxytech/dataplaneapi/releases/latest
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Willy
---
Complete changelog :
Amaury Denoyelle (13):
      BUILD: map: fix build warning
      MINOR: trace: define simple -dt argument
      MINOR: trace: parse level in a function
      MINOR: trace: parse verbosity in a function
      MINOR: trace: support -dt optional format
      BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding
      BUG/MINOR: h3: fix TRAILERS encoding
      BUG/MINOR: h3: always reject PUSH_PROMISE
      MINOR: h3: use correct error code for missing SETTINGS
      MINOR: rhttp: mark reverse HTTP as experimental
      CLEANUP: quic_cid: remove unused listener arg
      BUG/MINOR: quic_tp: fix preferred_address decoding
      MINOR: quic_tp: use in_addr/in6_addr for preferred_address

Aurelien DARRAGON (21):
      DOC: config: removing "log-balance" references
      MINOR: server/event_hdl: add SERVER_INETADDR event
      MINOR: tools: use const for read only pointers in ip{cmp,cpy}
      MINOR: server/ip: centralize server ip updates
      MINOR: backend: remove invalid mode test for "hash-balance-factor"
      Revert "MINOR: cfgparse-listen: warn when use-server rules is used in 
wrong mode"
      MINOR: proxy: add free_logformat_list() helper function
      MINOR: proxy: add free_server_rules() helper function
      MINOR: log/backend: prevent "use-server" rules use with LOG mode
      MINOR: log/balance: set lbprm tot_weight on server on queue/dequeue
      DOC: config: specify supported sections for "max-session-srv-conns"
      DOC: config: fix timeout check inheritance restrictions
      REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY
      DOC: lua: add sticktable class reference from Proxy.stktable
      DOC: lua: fix Proxy.get_mode() output
      DOC: lua: add "syslog" to Proxy.get_mode() output
      BUG/MEDIUM: server/event_hdl: memory overrun in 
_srv_event_hdl_prepare_inetaddr()
      MINOR: event_hdl: add global tunables
      BUG/MAJOR: server/addr: fix a race during server addr:svc_port updates
      MEDIUM: log/balance: support FQDN for UDP log servers
      BUG/MINOR: compression: possible NULL dereferences in 
comp_prepare_compress_request()

Christopher Faulet (19):
      BUG/MINOR: global: Fix tune.disable-(fast-forward/zero-copy-forwarding) 
options
      BUG/MEDIUM: mux-h1: Properly ignore trailers when a content-length is 
announced
      BUG/MEDIUM: stconn: Don't perform zero-copy FF if opposite SC is blocked
      BUG/MEDIUM: mux-h2: Remove H2_SF_NOTIFIED flag for H2S blocked on 
fast-forward
      BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1
      BUG/MEDIUM: mux-quic: Stop zero-copy FF during nego if input is not empty
      CLEANUP: log: Fix %rc comment in sess_build_logline()
      MINOR: http-fetch: Add a sample to retrieve the server status code
      DOC: config: Improve 'status' sample documentation
      MINOR: http-fetch: Add a sample to get the transaction status code
      MEDIUM: http-ana: Set termination state before returning haproxy response
      MINOR: stream: Expose session terminate state via a new sample fetch
      MINOR: stream: add a sample fetch to get the number of connection retries
      MINOR: stream: Expose the stream's uniq_id via a new sample fetch
      MINOR: muxes: Rename mux_ctl_type values to use MUX_CTL_ prefix
      MINOR: muxes: Add a callback function to send commands to mux streams
      MINOR: muxes: Implement ->sctl() callback for muxes and return the stream 
id
      MINOR: Add sample fetches to get the frontend and backend stream ID
      BUG/MEDIUM: cli: Don't look for payload pattern on empty commands

Frédéric Lécaille (26):
      CLEANUP: quic: Remove dead definitions/declarations
      REORG: quic: Move some QUIC CLI code to its C file
      REORG: quic: Add a new module to handle QUIC connection IDs
      REORG: quic: QUIC connection types header cleaning
      BUILD: quic: Missing RX header inclusions
      REORG: quic: Move CRYPTO data buffer defintions to QUIC TLS module
      REORG: quic: Move QUIC CRYPTO stream definitions/declarations to QUIC TLS
      REORG: quic: Move several inlined functions from quic_conn.h
      REORG: quic: Move QUIC SSL BIO method related functions to quic_ssl.c
      REORG: quic: Move the QUIC DCID parser to quic_sock.c
      REORG: quic: Rename some functions used upon ACK receipt
      REORG: quic: Move QUIC path definitions/declarations to quic_cc module
      REORG: quic: Move qc_handle_conn_migration() to quic_conn.c
      REORG: quic: Move quic_build_post_handshake_frames() to quic_conn module
      REORG: quic: Move qc_may_probe_ipktns() to quic_tls.h
      REORG: quic: Move qc_pkt_long() to quic_rx.h
      REORG: quic: Rename some (quic|qc)_conn* objects to quic_conn_closed
      REORG: quic: Move NEW_CONNECTION_ID frame builder to quic_cid
      REORG: quic: Move ncbuf related function from quic_rx to quic_conn
      REORG: quic: Add a new module for QUIC retry
      BUILD: quic: Several compiler warns fixes after retry module creation
      REORG: quic: Move qc_notify_send() to quic_conn
      REORG: quic: Add a new module for retransmissions
      REORG: quic: Remove qc_pkt_insert() implementation
      REORG: quic: Move quic_increment_curr_handshake() to quic_sock
      BUG/MINOR: config: Stopped parsing upon unmatched environment variables

Olivier Duclos (1):
      DOC: config: Add argument for tune.lua.maxmem

Remi Tricot-Le Breton (1):
      BUG/MINOR: cache: Remove incomplete entries from the cache when stream is 
closed

William Lallemand (11):
      MEDIUM: ssl: implement rsa/ecdsa selection with WolfSSL
      MINOR: ssl: replace 'trash.area' by 'servername' in 
ssl_sock_switchctx_cbk()
      MINOR: ssl: move certificate selection in a dedicate function
      MEDIUM: ssl: use ssl_sock_chose_sni_ctx() in the clienthello callback
      MINOR: mworker/cli: implement hard-reload over the master CLI
      MEDIUM: cli: allow custom pattern for payload
      CLEANUP: mworker/cli: use a label to return errors
      MINOR: mworker/cli: implements the customized payload pattern for master 
CLI
      DOC: management: add documentation about customized payload pattern
      BUG/MINOR: acme.sh: update the deploy script
      MINOR: acme.sh: use the master CLI for hot update

Willy Tarreau (14):
      MINOR: task/profiling: do not record task_drop_running() as a caller
      OPTIM: pattern: save memory and time using ebst instead of ebis
      OPTIM: mux-h2/zero-copy: don't allocate more buffers per connections than 
streams
      DOC: config: fix mention of request slot in http-response capture
      DOC: config: fix remaining mention of @reverse for attach-srv action
      DOC: config: fix missing characters in set-spoe-group action
      DOC: config: reorganize actions into their own section
      DOC: config: move the cache-use and cache-store actions to the proper 
section
      DOC: config: fix alphabetical ordering of converter keywords
      DOC: config: add missing colon to "bytes_out" sample fetch keyword
      DOC: config: add an index of converter keywords
      DOC: config: add an index of sample fetch keywords
      DEBUG: unstatify a few functions that are often present in backtraces
      BUILD: server: shut a bogus gcc warning on certain ubuntu

---

Reply via email to