Re: [ANNOUNCE] haproxy-1.5.19

[Willy Tarreau]

On Wed, Dec 28, 2016 at 11:00:32AM +0100, Vincent Bernat wrote:
>  ??? 28 décembre 2016 10:56 +0100, Willy Tarreau  :
> 
> >> >> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits
> >> >> after version 1.5.18.
> >> >
> >> > Would it be possible to queue this patch as well for the next 1.5 (if
> >> > any)?
> >> >
> >> > commit c6ca1aa34dd0e343c9a8754f447730b7563d
> >> > Author: Willy Tarreau 
> >> > Date:   Thu Oct 8 11:32:32 2015 +0200
> >> >
> >> > MEDIUM: init: support more command line arguments after pid list
> >> >
> >> > Given that all command line arguments start with a '-' and that
> >> > no pid number can start with this character, there's no constraint
> >> > to make the pid list the last argument. Let's relax this rule.
> >> >
> >> > This would enable to use the same init scripts for both 1.5 and 1.6.
> >> 
> >> On the other hand, this is not really useful without a088d316. So, maybe
> >> don't introduce another bug because of me and leave 1.5 as is. :)
> >
> > Well, neither of them are hard to backport, so this is something we can
> > consider. However I'm making a difference between end-users requests and
> > maintainers' convenience. If you think it would really be useful to end
> > users one way or another, or if it solves some trouble you're facing
> > with the package maintenance, let's backport them. If it's just to keep
> > a single script to maintain, I think the benefit is low enough to avoid
> > a backport. Just let me know what you prefer, I'm fine with both
> > options.
> 
> I got caught by syncing SysV init script from 1.6 with 1.5. For my own
> convenience, only c6ca1aa is needed. But I think that I won't be caught
> again by this since the only diff is the argument order. I should be
> able to remember why this is like that! So, no need from me.

OK. Then if you get caught again or if you receive some complaints from
users getting caught as well, just ping me :-)

Willy

Re: [ANNOUNCE] haproxy-1.5.19

[Vincent Bernat]

 ❦ 28 décembre 2016 10:56 +0100, Willy Tarreau  :

>> >> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits
>> >> after version 1.5.18.
>> >
>> > Would it be possible to queue this patch as well for the next 1.5 (if
>> > any)?
>> >
>> > commit c6ca1aa34dd0e343c9a8754f447730b7563d
>> > Author: Willy Tarreau 
>> > Date:   Thu Oct 8 11:32:32 2015 +0200
>> >
>> > MEDIUM: init: support more command line arguments after pid list
>> >
>> > Given that all command line arguments start with a '-' and that
>> > no pid number can start with this character, there's no constraint
>> > to make the pid list the last argument. Let's relax this rule.
>> >
>> > This would enable to use the same init scripts for both 1.5 and 1.6.
>> 
>> On the other hand, this is not really useful without a088d316. So, maybe
>> don't introduce another bug because of me and leave 1.5 as is. :)
>
> Well, neither of them are hard to backport, so this is something we can
> consider. However I'm making a difference between end-users requests and
> maintainers' convenience. If you think it would really be useful to end
> users one way or another, or if it solves some trouble you're facing
> with the package maintenance, let's backport them. If it's just to keep
> a single script to maintain, I think the benefit is low enough to avoid
> a backport. Just let me know what you prefer, I'm fine with both
> options.

I got caught by syncing SysV init script from 1.6 with 1.5. For my own
convenience, only c6ca1aa is needed. But I think that I won't be caught
again by this since the only diff is the argument order. I should be
able to remember why this is like that! So, no need from me.
-- 
Many pages make a thick book.

Re: [ANNOUNCE] haproxy-1.5.19

[Willy Tarreau]

Hi Vincent,

On Wed, Dec 28, 2016 at 09:42:29AM +0100, Vincent Bernat wrote:
>  ??? 28 décembre 2016 09:31 +0100, Vincent Bernat  :
> 
> >> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits
> >> after version 1.5.18.
> >
> > Would it be possible to queue this patch as well for the next 1.5 (if
> > any)?
> >
> > commit c6ca1aa34dd0e343c9a8754f447730b7563d
> > Author: Willy Tarreau 
> > Date:   Thu Oct 8 11:32:32 2015 +0200
> >
> > MEDIUM: init: support more command line arguments after pid list
> >
> > Given that all command line arguments start with a '-' and that
> > no pid number can start with this character, there's no constraint
> > to make the pid list the last argument. Let's relax this rule.
> >
> > This would enable to use the same init scripts for both 1.5 and 1.6.
> 
> On the other hand, this is not really useful without a088d316. So, maybe
> don't introduce another bug because of me and leave 1.5 as is. :)

Well, neither of them are hard to backport, so this is something we can
consider. However I'm making a difference between end-users requests and
maintainers' convenience. If you think it would really be useful to end
users one way or another, or if it solves some trouble you're facing
with the package maintenance, let's backport them. If it's just to keep
a single script to maintain, I think the benefit is low enough to avoid
a backport. Just let me know what you prefer, I'm fine with both options.

Willy

[ANNOUNCE] haproxy-1.5.19

[Willy Tarreau]

Hi,

HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits
after version 1.5.18.

[ before I forget, I'm running low on battery so I'll update the web site later 
]

This version fixes a number of severe issues affecting 1.5. On of them is
causing certain connections to become frozen forever if another connection
experienced a redispatch using the same file descriptor during a certain
time frame.

Another one appears when building with gcc 6, the listening IP address may
be ignored, resulting in the process listening to all addresses instead of
a single one.

Another bug may cause a runtime crash, when using sc_trackers with a
wrong table, a NULL pointer can be dereferenced.

We got a few reports of crashes in zlib not happening with slz, and the
bug was (as we guessed) indeed in haproxy, some unused fields had to be
initialized during the flush though it was not clearly documented.

And we (hopefully) fixed all the remaining systemd-related issues of
zombie processes and incorrect return codes.

The remaining ones are less important (or at least avoidable in normal
conditions).

I know it's been a long time without a release (7 months), so if you're
running on a snapshot between 1.5.18 and 1.5.19, you may additionally be
exposed to some temporary regressions that happened while trying to fix
the redispatch issue above that have since been fixed, thus it's important
to upgrade.

Please find the usual URLs below :
   Site index   : http://www.haproxy.org/
   Discourse: http://discourse.haproxy.org/
   Sources  : http://www.haproxy.org/download/1.5/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.5.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.5.git
   Changelog: http://www.haproxy.org/download/1.5/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
  - BUG/MAJOR: fix listening IP address storage for frontends
  - CLEANUP: connection: fix double negation on memcmp()
  - BUG/MEDIUM: sticktables: segfault in some configuration error cases
  - BUG/MINOR: http: add-header: header name copied twice
  - BUG/MINOR: ssl: fix potential memory leak in ssl_sock_load_dh_params()
  - BUG/MINOR: http: url32+src should use the big endian version of url32
  - BUG/MINOR: http: url32+src should check cli_conn before using it
  - DOC: http: add documentation for url32 and url32+src
  - MINOR: systemd: Use variable for config and pidfile paths
  - MINOR: systemd: Perform sanity check on config before reload
  - BUG/MINOR: init: always ensure that global.rlimit_nofile matches actual 
limits
  - BUG/MINOR: init: ensure that FD limit is raised to the max allowed
  - Revert "BUG/MINOR: ssl: fix potential memory leak in 
ssl_sock_load_dh_params()"
  - BUG/MEDIUM: stream-int: completely detach connection on connect error
  - DOC: minor typo fixes to improve HTML parsing by haproxy-dconv
  - BUG/MAJOR: compression: initialize avail_in/next_in even during flush
  - BUG/MAJOR: stick-counters: possible crash when using sc_trackers with wrong 
table
  - BUG/MAJOR: stream: properly mark the server address as unset on connect 
retry
  - BUG/MINOR: payload: fix SSLv2 version parser
  - MINOR: cli: allow the semi-colon to be escaped on the CLI
  - BUG/MINOR: displayed PCRE version is running release
  - MINOR: show Built with PCRE version
  - MINOR: show Running on zlib version
  - BUG/MINOR: ssl: Check malloc return code
  - BUG/MINOR: ssl: prevent multiple entries for the same certificate
  - BUG/MINOR: systemd: make the wrapper return a non-null status code on error
  - BUILD/CLEANUP: systemd: avoid a warning due to mixed code and declaration
  - BUG/MINOR: systemd: always restore signals before execve()
  - BUG/MINOR: systemd: check return value of calloc()
  - MINOR: systemd: report it when execve() fails
  - BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or 
failed
  - BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang
  - DOC: Fix typo in description of `-st` parameter in man page
  - BUG/MEDIUM: peers: fix use after free in peer_session_create()
  - BUG/MEDIUM: systemd-wrapper: return correct exit codes
  - BUG/MINOR: stick-table: handle out-of-memory condition gracefully
  - BUG/MEDIUM: connection: check the control layer before stopping polling
  - BUG/MEDIUM: stick-table: fix regression caused by recent fix for 
out-of-memory
  - BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
  - BUG/MINOR: cli: fix pointer size when reporting data/transport layer name
  - BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
  - BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
  - BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
  - DOC: fix small typo in fe_id (backend instead of frontend)
  - BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
  - BUG/MINOR: backend: