HAProxy 2.9.7 was released on 2024/04/05. It added 86 new commits
after version 2.9.6.

This maintenance version addresses a few issues discovered after previous

- stick-tables: a bug in the stick-tables' expiration task has been fixed,
  where the task could be running on another thread which would destroy
  its expiration timer while one had just recalculated it and prepares to
  queue it, causing a bug due to the attempt to queue an expired task. The
  fix consists in enclosing the change into the stick-table's lock.

- peers: since 2.9 when the stick-tables lock was split in two between the
  lock itself and the updates lock, some paths in the peers code were not
  spotted and continued to use the old lock, thus leading to unprotected
  accesses to updated data. This might possibly have been causing crashes
  in peers, and/or other effects.

- applets: incompletely initialized client applets (due to setup error for
  example) could cause a crash due to calling the regular release code that's
  not meant to be used on such entities. Better deal with stricter low-level
  freeing code instead.

- "option redispatch 0" is documented as disabling redispatch on server
  connection failure except that it caused it to redispatch at every retry.
  This was fixed. Note that "no option redispatch" would properly work

- cli: since 2.6 due to a fix on the parser when dealing with semi-colons,
  line feeds became more or less accepted as a delimiter for pipelined
  commands, while not documented. By "more or less" I mean that all those
  arriving inthe same packet and same buffer were handled, but that any
  timing hiccup in the middle of the command would stop the evaluation. In
  practise very short commands will usually work and long ones almost never.
  This had to be fixed in 3.0 but in order not to break possibly existing
  scripts relying on this, when this is detected in 2.9 and older, a
  warning will be emitted once per process so as to help detect any such
  unreliable script and fix it in time.

- lua: preparing a socket without ever connecting it would lead to that
  socket not being garbage-collected when the task leaves, possibly waking
  it up in a partially initialized state resulting in a leak or a crash.
  Now the GC takes care of releasing uninitialized applets in this case.
  This was part of GitHub issue #2451. Another issue related to Lua sockets
  is if the Lua script does not consume data that arrives on a socket
  because it's busy doing something else, this could waste CPU cycles in
  endless wakeups until the data is consumed. A subtle locking issue was
  addressed around exception handling, where the exception code is called
  with locks released so that code should not try to access stack
  information. And similarly some code locations were called without the
  lock when resuming using hlua_ctx_resume(), possibly accessing the stack
  without any protection. These locking issues could cause crashes as shown
  in GitHub issue #2467. An previous attempt at addressing mixed usage of
  "lua-load" and "lua-load-per-thread" from the same stream overlooked the
  case of Lua filters which were still not covered. A different approach was
  taken this time and this fix was revisited. A few other cases of possible
  crashes in Lua filters were addressed.

- dynamic servers: despite the various checks in srv_check_for_deletion(),
  there remained cases where "del server" could delete a server still
  referenced in streams (e.g. private connections) thus causing a crash
  when that stream is released. If the stats applet was aborted while
  interrupted on a dynamic server, that server's refcount wasn't decremented
  and the server could no longer be removed. The use of the "enabled"
  keyword when adding a server is currently forbidden but was silently
  ignored. A warning is added so that users do not engage into that
  direction when writing new scripts. Dynamic cookies were supported
  but not properly initialized, requiring a few extra hacks on the CLI,
  so these were fixed now to work as expected. In addition, support for
  cookies was also unlocked after validation that nothing prevents it
  from working.

- server: the "interface" keyword was ignored from "default-server"
  directives since "source" was taken from there.

- fcgi: empty chunked messages on the request path were not properly
  handled, the stdin record was missing while an empty one ought to have
  been sent. This may happen when sending POST requests with no payload.

- quic: handshakes could occasionally freeze under high traffic if the
  quic_conn task is constantly submerged with packets to process (which is
  more likely to happen in listener socket mode than in connection socket
  mode). Transient send errors in listener socket mode could theoretically
  result in a crash (though this was only produced under fault injection).
  Some harmless but latent issues were also fixed (e.g. proxy protocol
  configuration, connection possibly being closed before streams, some
  invalid QPACK instructions being silently ignored, rejection of some
  server-only frames received by the server, or unknown frame types). If
  multiple bind addresses are set on a listener with no IP_PKTINFO support
  on the operating system, a warning will be emitted because this setup
  cannot reliably work (e.g. if reaching the machine via multiple

- splicing: some messages could occasionally be truncated if the output
  socket buffers were still full after the server closed, because in this
  case the pending data in the pipe was not properly considered when
  checking if the output was empty and willing to be sent a shutdown.

- ocsp-update: the ocsp-update mechanism logs weren't reliable because
  their use of sess_log() relied on an unsafe session that might already
  have been terminated when the log is emitted. More config compatibility
  issues are detected and reported between instances of the cert enabling
  it and those disabling it.

- spoe: in some cases, the expiration date could be reset, leading to a
  non-expirable stream. There could also be a wakeup loop when receiving
  too small a frame because it was ignored but not consumed instead of
  raising an error. Also, upon reload, applets that were waiting for a
  response would stick to idle mode and postpone the release of the old
  process. Now it's tested again, as well as on any subsequent attempt to
  use the idle connection.

- listener: in some cases it would be possible to refrain from waking up a
  listener that was previously subject to a rate limit condition, and if
  that was the last session on the listener, nothing would later wake it
  up again, leaving a listener in a state where it no longer accepts any
  traffic, as reported in GitHub issue 2476.

- log: when using log load-balancing, unsupported algorithms are not
  always detected and could result in logs being silently dropped. The
  TCP log forwarding code relies on some code duplication whose original
  was subject to a race condition that was fixed in 2.4-2.7, but not this
  copy. The same fix was applied. The issue is not dramatic though, it
  may just postpone the sending of pending messages until another one

- idle conns: a private backend connections could crash in H2 if a new
  list head cannot be allocated during session_add_conn() because that
  would leave a NULL owner that is used later on. In practice it should
  only be reproducible under extremely low memory condition.

- random algo: when "balance random" is used, each thread uses its own
  pseudo-random generator. But for historical (read: stupid) reasons,
  that PRNG used to be seeded only by the thread number. Given that at
  low loads, incoming connections are assigned to threads in round robin
  mode, it resulted in the first server of the farm always being used
  first after a reload. Usually that's not an issue, until users restart
  every second or so while running at low loads. The seeding was fixed
  so as to properly support this condition as well.

- h2: the H2 glitches counter that allows to detect protocol abuses and to
  automatically kill a connection was backported after having been reported
  as effective in field by some users. This should even help get rid faster
  of annoying script kiddies playing with CONTINUATION frames to try to see
  if we do funny things with them (response: no we don't). This also adds
  the new sample fetch functions "fc_glitches" and "bc_glitches". Note,
  however that the dynamic tracking with stick-tables was not backported,
  3.0 will be preferred for this.

- h1: In some cases, if transfers are blocked during negociation stage of
  the zero-copy forwarding, the producer was not notified that it should
  wait, leading to extra calls for nothing.

- there was a memroy leak when a proxy was freed if a use_backend rule was
  based on an expression.

- Linux capabilities support and ability to preserve it for running process
  after switching to a global.uid was added recently. This new feature hasn't
  yet been taken into account by last config checks, which are performed at
  initialization stage.

- the previously backported aes_gcm_enc() converter could be subject to a
  small memory leak.

- and other lower importance fixes at various places, such as incorrect
  line location in certain error messages, etc.

- doc updates, namely about the ciphersuite usage, quic tuning.

- build fixes for Solaris and for older compilers under OpenSSL 3.2.

And that's about all.

Please find the usual URLs below :
   Site index       : https://www.haproxy.org/
   Documentation    : https://docs.haproxy.org/
   Wiki             : https://github.com/haproxy/wiki/wiki
   Discourse        : https://discourse.haproxy.org/
   Slack channel    : https://slack.haproxy.org/
   Issue tracker    : https://github.com/haproxy/haproxy/issues
   Sources          : https://www.haproxy.org/download/2.9/src/
   Git repository   : https://git.haproxy.org/git/haproxy-2.9.git/
   Git Web browsing : https://git.haproxy.org/?p=haproxy-2.9.git
   Changelog        : https://www.haproxy.org/download/2.9/src/CHANGELOG
   Dataplane API    : 
   Pending bugs     : https://www.haproxy.org/l/pending-bugs
   Reviewed bugs    : https://www.haproxy.org/l/reviewed-bugs
   Code reports     : https://www.haproxy.org/l/code-reports
   Latest builds    : https://www.haproxy.org/l/dev-packages

Complete changelog :
Amaury Denoyelle (17):
      BUG/MINOR: quic: reject unknown frame type
      BUG/MINOR: quic: reject HANDSHAKE_DONE as server
      BUG/MINOR: qpack: reject invalid increment count decoding
      BUG/MINOR: qpack: reject invalid dynamic table capacity
      BUG/MEDIUM: quic: fix transient send error with listener socket
      DOC: quic: fix recommandation for bind on multiple address
      MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support
      BUG/MINOR: ist: allocate nul byte on istdup
      BUG/MINOR: stats: drop srv refcount on early release
      BUG/MAJOR: server: fix stream crash due to deleted server
      BUG/MINOR: quic: fix output of show quic
      BUG/MEDIUM: quic: fix handshake freeze under high traffic
      MINOR: quic: always use ncbuf for rx CRYPTO
      BUG/MINOR: session: ensure conn owner is set after insert into session
      BUG/MINOR: mux-quic: close all QCS before freeing QCC tasklet
      MINOR: server: allow cookie for dynamic servers
      BUG/MINOR: server: ignore 'enabled' for dynamic servers

Aurelien DARRAGON (22):
      LICENSE: event_hdl: fix GPL license version
      LICENSE: http_ext: fix GPL license version
      BUG/MINOR: hlua: fix unsafe lua_tostring() usage with empty stack
      BUG/MINOR: hlua: don't use lua_tostring() from unprotected contexts
      BUG/MINOR: hlua: fix possible crash in hlua_filter_new() under load
      BUG/MINOR: hlua: improper lock usage in hlua_filter_callback()
      BUG/MINOR: hlua: improper lock usage in hlua_filter_new()
      BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP()
      BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume()
      BUG/MINOR: hlua: don't call ha_alert() in hlua_event_subscribe()
      BUG/MINOR: cfgparse: report proper location for log-format-sd errors
      BUG/MINOR: hlua: segfault when loading the same filter from different 
      BUG/MINOR: hlua: missing lock in hlua_filter_new()
      BUG/MINOR: hlua: fix missing lock in hlua_filter_delete()
      DEBUG: lua: precisely identify if stream is stuck inside lua or not
      MINOR: hlua: use accessors for stream hlua ctx
      BUG/MEDIUM: hlua: streams don't support mixing lua-load with 
lua-load-per-thread (2nd try)
      OPTIM: http_ext: avoid useless copy in http_7239_extract_{ipv4,ipv6}
      BUG/MINOR: server: 'source' interface ignored from 'default-server' 
      DOC: config: balance 'first' not usable in LOG mode
      BUG/MINOR: log/balance: detect if user tries to use unsupported algo
      BUG/MINOR: proxy: fix logformat expression leak in use_backend rules

Christopher Faulet (16):
      BUG/MEDIUM: applet: Immediately free appctx on early error
      BUG/MEDIUM: hlua: Be able to garbage collect uninitialized lua sockets
      BUG/MEDIUM: hlua: Don't loop if a lua socket does not consume received 
      MINOR: cli: Remove useless loop on commands to find unescaped semi-colon
      BUG/MEDIUM: cli: Warn if pipelined commands are delimited by a \n
      BUG/MINOR: mux-h1: Properly report when mux is blocked during a nego
      BUG/MINOR: config/quic: Alert about PROXY protocol use on a QUIC listener
      BUG/MINOR: hlua: Fix log level to the right value when set via 
      MINOR: hlua: Be able to disable logging from lua
      BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session 
      BUG/MINOR: listener: Don't schedule frontend without task in 
      BUG/MEDIUM: spoe: Don't rely on stream's expiration to detect processing 
      BUG/MINOR: spoe: Be sure to be able to quickly close IDLE applets on 
      BUG/MEDIUM: spoe: Return an invalid frame on recv if size is too small
      BUG/MEDIUM: mux-fcgi: Properly handle EOM flag on end-of-trailers HTX 
      BUG/MEDIUM: stconn: Don't forward shutdown to SE if iobuf is not empty

Damien Claisse (1):
      BUG/MINOR: server: fix persistence cookie for dynamic servers

Dragan Dosen (1):
      BUG/MINOR: ssl: fix possible ctx memory leak in sample_conv_aes_gcm()

Frederic Lecaille (1):
      DOC: quic: Missing tuning setting in "Global parameters"

Ilia Shipitsin (1):
      CI: temporarily adjust kernel entropy to work with ASAN/clang

Ilya Shipitsin (1):
      CI: skip scheduled builds on forks

Remi Tricot-Le Breton (3):
      BUG/MEDIUM: ssl: Fix crash in ocsp-update log function
      BUG/MINOR: ssl: Wrong ocsp-update "incompatibility" error message
      BUG/MINOR: ssl: Detect more 'ocsp-update' incompatibilities

Valentine Krasnobaeva (1):
      BUG/MINOR: init: relax LSTCHK_NETADM checks for non root

William Lallemand (5):
      BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
      DOC: configuration: clarify ciphersuites usage
      BUG/MINOR: ssl/cli: typo in new ssl crl-file CLI description
      DOC: configuration: clarify ciphersuites usage (V2)
      CI: github: add -DDEBUG_LIST to the default builds

Willy Tarreau (16):
      MINOR: mux-h2: add a counter of "glitches" on a connection
      BUG/MINOR: mux-h2: count rejected DATA frames against the connection's 
flow control
      MINOR: mux-h2: count excess of CONTINUATION frames as a glitch
      MINOR: mux-h2: count late reduction of INITIAL_WINDOW_SIZE as a glitch
      MINOR: mux-h2: always use h2c_report_glitch()
      MEDIUM: mux-h2: allow to set the glitches threshold to kill a connection
      MINOR: connection: add a new mux_ctl to report number of connection 
      MINOR: mux-h2: implement MUX_CTL_GET_GLITCHES
      MINOR: connection: add sample fetches to report per-connection glitches
      BUG/MINOR: ist: only store NUL byte on succeeded alloc
      BUG/MINOR: tools: seed the statistical PRNG slightly better
      BUG/MINOR: sink: fix a race condition in the TCP log forwarding code
      BUILD: ssl: fix build error on older compilers with openssl-3.2
      BUG/MEDIUM: stick-tables: fix a small remaining race in expiration task
      BUG/MINOR: backend: properly handle redispatch 0
      BUG/MEDIUM: stick-table: use the update lock when reading tables from 

matthias sweertvaegher (1):
      BUILD: solaris: fix compilation errors

Christopher Faulet

Reply via email to