HAProxy 2.4.26 was released on 2024/04/05. It added 53 new commits
after version 2.4.25.

This maintenance version addresses a few issues discovered after previous

- an API issue with OpenSSL. The SSL_do_handshake() function returns
  SSL_ERROR_WANT_READ when it needs more data, but in certain obscure
  circumstances related to internal error handling, it was found that it
  may stop trying to read available data and continue to return that status!
  This results in wakeup loops that prevent the process from sleeping, hence
  it consumes 100% of the CPU (but it's still working fine). The code does
  what the doc suggests (but the doc is basically a one-liner), and neither
  aws-lc nor wolfSSL exhibit this problem.

- "option redispatch 0" is documented as disabling redispatch on server
  connection failure except that it caused it to redispatch at every retry.
  This was fixed. Note that "no option redispatch" would properly work

- lua: an issue related to Lua sockets is if the Lua script does not consume
  data that arrives on a socket because it's busy doing something else, this
  could waste CPU cycles in endless wakeups until the data is consumed. A
  subtle locking issue was addressed around exception handling, where the
  exception code is called with locks released so that code should not try
  to access stack information. And similarly some code locations were called
  without the lock when resuming using hlua_ctx_resume(), possibly accessing
  the stack without any protection. These locking issues could cause crashes
  as shown in GitHub issue #2467. An previous attempt at addressing mixed
  usage of "lua-load" and "lua-load-per-thread" from the same stream was not
  fully fixed. A different approach was taken this time and this fix was

- dynamic servers: The use of the "enabled" keyword when adding a server is
  currently forbidden but was silently ignored.

- server: the "interface" keyword was ignored from "default-server"
  directives since "source" was taken from there.

- fcgi: empty chunked messages on the request path were not properly
  handled, the stdin record was missing while an empty one ought to have
  been sent. This may happen when sending POST requests with no payload.

- h1: the HTTP/1 chunk and header parsers were strengthened a bit. Indeed,
  Ben Kallus kindly reminded us that we would still accept the NUL byte in
  header values and plain LF in chunks, while we were (wrongly) quite
  certain that these had long been rejected. Ben is currently not aware
  of situations where this could help convey an attack to any existing
  component, but given the surprises he certainly faces in his reviews,
  it's probably only a matter of time before one implementation shows to
  be too weak and we fail to properly protect it. So it was better to
  address both at once. In the extremely unlikely case that anyone would
  discover such an invalid byte on their network with an application that
  heavily relies on it, *option accept-invalid-http* will work as usual to
  bypass the check. We'll backport that to older versions as well, and I
  think it would be prudent for distros to take that as well.

- spoe: in some cases, the expiration date could be reset, leading to a
  non-expirable stream. There could also be a wakeup loop when receiving
  too small a frame because it was ignored but not consumed instead of
  raising an error. Also, upon reload, applets that were waiting for a
  response would stick to idle mode and postpone the release of the old
  process. Now it's tested again, as well as on any subsequent attempt to
  use the idle connection.

- listener: in some cases it would be possible to refrain from waking up a
  listener that was previously subject to a rate limit condition, and if
  that was the last session on the listener, nothing would later wake it
  up again, leaving a listener in a state where it no longer accepts any
  traffic, as reported in GitHub issue 2476.

- idle conns: a private backend connections could crash in H2 if a new
  list head cannot be allocated during session_add_conn() because that
  would leave a NULL owner that is used later on. In practice it should
  only be reproducible under extremely low memory condition.

- random algo: when "balance random" is used, each thread uses its own
  pseudo-random generator. But for historical (read: stupid) reasons,
  that PRNG used to be seeded only by the thread number. Given that at
  low loads, incoming connections are assigned to threads in round robin
  mode, it resulted in the first server of the farm always being used
  first after a reload. Usually that's not an issue, until users restart
  every second or so while running at low loads. The seeding was fixed
  so as to properly support this condition as well.

- a rare deadlock was found on the pools code, it can be triggered at
  stopping time and crash the old process. It's been there since 2.5,
  and is difficult to trigger, but a user faced it and that's how we
  learned about it (GH issue #2427, thanks to user @JB0925).

- there was a memroy leak when a proxy was freed if a use_backend rule was
  based on an expression.

- the status of agent checks is returned as-is in the stats CSV output,
  resulting in mangling the CLI's output if it contains line feeds. It
  has been there since 2.0.

- the previously backported aes_gcm_enc() converter could be subject to a
  small memory leak.

- when deleting a crt-list line from the CLI, a dangling pointer reference
  could be left, with the possible effect of causing a crash. Apparently
  it has been the case since 2.4 so it seems that not that many people
  use "del ssl crt-list" or that the occurrence is quite rare.

- Abhijeet Rastogi found that we still didn't recommend to the PCRE2 over
  PCRE that's no longer maintained. It was just an overlook and the doc
  was updated.

- and other lower importance fixes at various places, such as incorrect
  line location in certain error messages, etc.

- doc updates, namely about the ciphersuite usage, and the CI
  updates (support for cache API v4, thanks to Tim).

And that's about all.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.4/src/
   Git repository   : https://git.haproxy.org/git/haproxy-2.4.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-2.4.git
   Changelog        : https://www.haproxy.org/download/2.4/src/CHANGELOG
   Dataplane API    : 
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Complete changelog :
Abhijeet Rastogi (1):
      DOC: install: recommend pcre2

Amaury Denoyelle (3):
      BUG/MINOR: ist: allocate nul byte on istdup
      BUG/MINOR: session: ensure conn owner is set after insert into session
      BUG/MINOR: server: ignore 'enabled' for dynamic servers

Aurelien DARRAGON (11):
      DEV: makefile: fix POSIX compatibility for "range" target
      BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack
      BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts
      BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP()
      BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume()
      BUG/MINOR: cfgparse: report proper location for log-format-sd errors
      BUG/MINOR: server: 'source' interface ignored from 'default-server' 
      DEBUG: lua: precisely identify if stream is stuck inside lua or not
      MINOR: hlua: use accessors for stream hlua ctx
      BUG/MEDIUM: hlua: streams don't support mixing lua-load with 
lua-load-per-thread (2nd try)
      BUG/MINOR: proxy: fix logformat expression leak in use_backend rules

Christopher Faulet (15):
      BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is 
      DOC: config: Update documentation about local haproxy response
      BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is 
      BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up
      BUG/MINOR: h1: Don't support LF only at the end of chunks
      BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
      BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received 
      BUG/MINOR: hlua: Fix log level to the right value when set via 
      MINOR: hlua: Be able to disable logging from lua
      BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session 
      BUG/MINOR: listener: Don't schedule frontend without task in 
      BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing 
      BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on 
      BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
      BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX 

Dragan Dosen (1):
      BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm()

Emeric Brun (1):
      BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's 

Ilia Shipitsin (1):
      CI: temporarily adjust kernel entropy to work with ASAN/clang

Olivier Houchard (1):
      BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions

Remi Tricot-Le Breton (1):
      BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line

Thayne McCombs (1):
      DOC: configuration: clarify http-request wait-for-body

Tim Duesterhus (1):
      CI: Update to actions/cache@v4

William Lallemand (4):
      DOC: configuration: typo req.ssl_hello_type
      BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
      DOC: configuration: clarify ciphersuites usage
      DOC: configuration: clarify ciphersuites usage (V2)

Willy Tarreau (12):
      BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind 
      BUG/MEDIUM: connection: report connection errors even when no mux is 
      BUG/MINOR: vars/cli: fix missing LF after "get var" output
      BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
      BUG/MINOR: h1-htx: properly initialize the err_pos field
      BUG/MEDIUM: h1: always reject the NUL character in header values
      BUILD: address a few remaining calloc(size, n) cases
      DOC: internal: update missing data types in peers-v2.0.txt
      DEV: makefile: add a new "range" target to iteratively build all commits
      BUG/MINOR: tools: seed the statistical PRNG slightly better
      BUG/MINOR: backend: properly handle redispatch 0
      BUG/MINOR: ist: only store NUL byte on succeeded alloc

Christopher Faulet

Reply via email to