Hi,
HAProxy 2.9.14 was released on 2025/01/29. It added 35 new commits
after version 2.9.13.
Following bugs were fixed in this release:
* A bug was found in the way QUIC CRYPTO frames were stored internally to
handle unordered frames reception. There was no control on the relative
frame position that could lead to a crash when this position was too
high to be stored. Now, when this happens, the connection is closed with
CRYPTO_BUFFER_EXCEEDED error, as required by the QUIC specification.
* Another one about the logs and rings. Log messages were sent to all
servers sharing the same name but defined in distinct log backends,
because all these servers shared the same sink. To fix the issue, the
sink name used for a log server is now prefixed with the backend name,
making it truly unique.
* In the H2 multiplexer, when the reverse HTTP was used, invalid value
could be reported for the counters tracking the current and the total
numbers of HTTP/2 connections. First the increment was not performed on
the expected side. Then integer overflows could be experienced because
the decrement was also performed on the wrong side. To fix the issue,
the increment operations are now delayed on reverse HTTP. Both counters
are updated only after the reverse has completed.
* Most of remaining issues with the queues management were fixed. The
dequeuing process is now called when a stream is closed. This should
unsure no stream remains infinitely blocked in the queue and prevent any
infinite loop in some extreme cases. It was also possible to exceed the
configured maxconn when a server was brought back up. It appears that
only the proxy queue was evaluated at this stage while the server queue
must also be processed. Note that the issue it not totally fixed in
3.0. We can occasionally see a few more connections than maxconn, but
the max that have been observed is 4 more connections, we no longer get
multiple times maxconn. This was improved in the 3.2 to strictly respect
the maxconn value.
* A crash because of a BUG_ON() could be experienced because a stream task
could be queued in the past. Conditions to trigger the issue are quite
hard to meet. A buffer allocation must have failed while an analysis
timer is set. In that case, if an I/O event is received, the stream task
could be queued in past because an expired analysis timer is used. It
appeared that only I/O timers (read and write timeout) must be
considered when an I/O event is handled. Only the stream is responsible
to consider analysis timers.
* Some locks were missing on some stick-table converters. No issue was
reported about this bug but it could lead to inconsistent values being
reported by "table_*" converters.
* In H1, it was possible to have unusable client connections waiting for
the client timeout while they should be closed. This happened when a
connection error was immediately encountered after the connection
establishment, in same time of the connection closure. It was not a leak
because connections were finally closed but it was a waste of
ressources, especially with a high client timeout.
* Crashes could be encountered because of a use-after-free bug after two
QUIC packets were coalesced.
* QUIC NEW_TOKEN frames emitted by clients were not reject as expected. Now
when this happens, the connection is closed with PROTOCOL_VIOLATION error
code.
* The QUIC congestion window was increased each time a new acknowledge was
received without considering the window filling level. On a network
condition with negligible loss, this would cause the window to be
incremented until the maximum value, even though the application does not
have enough data to fill it. In most case, this issue was not
noticeable. However, it could lead to an excessive memory consumption when a
QUIC connection was suddenly interrupted, as in this case HAProxy would
fill the window with retransmission. It even caused OOM crash when thousands
of clients were interrupted at once on a local network benchmark.
* "on-marked-up shutdown-backup-sessions" action was no longer working. It was
broken when the shutdown of a stream was modified to be async-safe. When
this part was fixed, the active stream shutdowns, via the CLI for instance,
and "on-marked-down shutdown-sessions" action were properly handled. But not
the shutdown of backup sessions.
* An issue could be experienced on big-endian architecture in stick-table
sample fetch functions and converters because of conversions from 64-bit
integers and 32-bit ones.
* The HAPROXY_STARTUP_VERSION environment variable, defined during the init
stage, was set from a macro instead of being set from a variable. Depending
on how HAProxy is rebuilt, this could make debugging sessions confusing
because the version exposed in the environment was not necessarily the same
as the one presented in "haproxy -vv".
* The parsing of errorfile and errorloc was improved to properly alert
about unexpected extra arguments.
* H1 responses to HEAD requests with a "transfer-encoding" header are now
properly parsed. A regression was introduced in 2.9. the H1 parser was
waiting for a message body for such responses, because of the
"transfer-encoding" header, while it should instead consider the
response as fully received.
* An issue with the parsing of QUIC packets containing too many
out-of-order CRYPTO frames led to reject and unacknowledged the whole
packet. Indeed, these CRYPTO frames must be buffered to be handled
sequentially. But CRYPTO frames too heavily split with small fragments
could reach a limit and be rejected. Now, the packet parsing is repeated
to be able to reassemble the CRYPTO frames. In addition, the QUIC
multiplexer was fixed to properly implement the wait-for-handshake
action.
* There was an internal issue that could lead to unexpected behavior when
now_ms variable wrapped and was exactly equal to 0. We now always make
sure to apply an offsets to now_ms when an expiration data must be set.
Finally the documentation was improved: An exemple for server "track"
keyword was added, the "trask-sc0" action was missing from the action
keywords matrix, "tune.lua.*" keywords were not correctly ordered.
Thanks everyone for your help !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.9/src/
Git repository : https://git.haproxy.org/git/haproxy-2.9.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.9.git
Changelog : https://www.haproxy.org/download/2.9/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Amaury Denoyelle (12):
MINOR: quic: notify connection layer on handshake completion
BUG/MINOR: stream: unblock stream on wait-for-handshake completion
BUG/MEDIUM: quic: support wait-for-handshake
MINOR: quic: simplify qc_parse_pkt_frms() return path
MINOR: quic: use dynamically allocated frame on parsing
MINOR: quic: extend return value of CRYPTO parsing
BUG/MINOR: quic: repeat packet parsing to deal with fragmented CRYPTO
BUG/MEDIUM: quic: prevent crash due to CRYPTO parsing error
BUG/MINOR: h2/rhttp: fix HTTP2 conn counters on reverse
BUG/MINOR: quic: reject NEW_TOKEN frames from clients
BUG/MAJOR: quic: reject too large CRYPTO frames
BUG/MINOR: quic: do not increase congestion window if app limited
Aurelien DARRAGON (8):
BUG/MEDIUM: pattern: prevent uninitialized reads in pat_match_{str,beg}
DOC: config: add example for server "track" keyword
DOC: config: reorder "tune.lua.*" keywords by alphabetical order
DOC: config: add "tune.lua.burst-timeout" to the list of global parameters
DOC: config: add missing "track-sc0" in action keywords matrix
BUG/MINOR: stktable: fix big-endian compatiblity in smp_to_stkey()
BUG/MEDIUM: stktable: fix missing lock on some table converters
BUG/MAJOR: log/sink: possible sink collision in sink_new_from_srv()
Christopher Faulet (6):
BUG/MEDIUM: stconn: Don't forward shut for SC in connecting state
BUG/MEDIUM: stconn: Only consider I/O timers to update stream's
expiration date
MINOR: config: Alert about extra arguments for errorfile and errorloc
BUG/MEDIUM: h1-htx: Properly handle bodyless messages
BUG/MEDIUM: mux-h1: Properly close H1C if an error is reported before
sending data
BUG/MINOR: stream: Properly handle "on-marked-up shutdown-backup-sessions"
Frederic Lecaille (3):
BUG/MINOR: quic: ensure a detached coalesced packet can't access its
neighbours
MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount
BUILD: quic: Move an ASSUME_NONNULL() for variable which is not null
Olivier Houchard (3):
BUG/MEDIUM: queues: Make sure we call process_srv_queue() when leaving
BUG/MEDIUM: queues: Do not use pendconn_grab_from_px().
BUG/MEDIUM: queue: Make process_srv_queue return the number of streams
Valentine Krasnobaeva (1):
BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES
Willy Tarreau (2):
BUG/MEDIUM: clock: make sure now_ms cannot be TICK_ETERNITY
BUG/MINOR: init: set HAPROXY_STARTUP_VERSION from the variable, not the
macro
--
Christopher Faulet
