Hi,
HAProxy 1.9.5 was released on 2019/03/19. It added 81 new commits
after version 1.9.4. I'm sorry it took longer than initially expected
but the complexity of certain bugs creates some reluctance to issue an
intermediary release when you don't fully trust the pending fixes yet.
Only well trusted fixes were merged in this version, others are still
under observation.
Several of them were rather important bugs that are now fixed in 1.9.5 :
- a double free on the unique-id header which can crash the process
when this feature is used. This was added as a fix for a memory leak
on the same feature.
- a bug in the SPOP health check handler which may make haproxy try
to use features the agent advertises but which are not implementer,
making it crash.
- the SPOE per-thread initialization would rely on a wrong agent
pointer derivated from the last one known when parsing the
configuration, making it fail if more than one agent is declared.
- upon exit of the old process, it could happen that a thread quits
while a single other one hold a lock and never releases it, causing
it to fail acquiring it again later and not being able to quit.
Issue reported and fixed by Richard Russo.
- a crash may happen upon exit if a thread closes a listener FD at
the exact same moment antoher thread tries to accept() a pending
connection on it. Issue reported and fixed by Richard Russo.
- a crash could happen with an H2 frontend triggering an error in
the cache because the error response didn't contain a start line
and no analyser was set anymore to add it while the H2 mux used
to expect it.
- there was a small but serious race condition in H2 by which if both
the connection and the upper layer stream close at the exact same
instant, the mux might try to dereference a just closed stream and
crash the process. It was not witnessed though, only found in the
code.
- in case a task is migrated to another thread while being moved out
of the run queue on another one, the scheduler could leave the run
queue spinlock in an inconsistent state. Not observed either but the
possibility looks real (e.g. in checks).
- a bug affects the stats code from 1.5 and above when POST requests are
supported (when admin mode is enabled) : some large POST requests may
end up in a situation where the applet waits for more body and the
analyser cannot send it because the buffer is considered full. This
ultimately freezes the session. Now it is verified that the body length
doesn't exceed what can fit in a request buffer.
There were a number of less important issues related to per-thread
initialization and ordering of initialization depending on the configuration
(e.g. some elements which need to know the thread count which were initialized
too early). Some sample fetch functions would fail in HTX (body_len, base,
and a few others). The MacOS build should be OK now. Interim HTTP 1xx
responses were failing in H2+HTX. There was an issue in H2+HTX+chunked
H1 messages sometimes causing the END_STREAM flag to be lost and the
client or server to time out. Some regex-based HTTP actions would not
work well in HTX mode. There was a race in the remote thread wakeup code
which could sometimes miss a wakeup, randomly causing excessive delays
in certain inter-thread operations like dequeueing pending connections.
The rest is less important or doesn't have an immediately visible effect.
As usual, everyone is encouraged to upgrade.
We still have some difficult changes to do around the abortonclose option
and related stuff which depends on the distinction between the end of a
request and its abortion. Some of this stuff will eventually have to be
backported to 1.9 but don't wait for this to arrive before upgrading as
it's not even done for 2.0-dev and once done, it will require some long
observation first!
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : http://www.haproxy.org/download/1.9/src/
Git repository : http://git.haproxy.org/git/haproxy-1.9.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
Changelog : http://www.haproxy.org/download/1.9/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Ben51Degrees (1):
BUG: 51d: In Hash Trie, multi header matching was affected by the header
names stored globaly.
Bertrand Jacquin (2):
DOC: ssl: Clarify when pre TLSv1.3 cipher can be used
DOC: ssl: Stop documenting ciphers example to use
Christopher Faulet (32):
BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
BUG/MINOR: config: Reinforce validity check when a process number is
parsed
BUG/MEDIUM: proto_htx: Fix data size update if end of the cookie is
removed
BUG/MEDIUM: mux-h2/htx: Always set CS flags before exiting h2_rcv_buf()
MINOR: h2/htx: Set the flag HTX_SL_F_BODYLESS for messages without body
BUG/MINOR: mux-h1: Add "transfer-encoding" header on outgoing requests if
needed
BUG/MINOR: mux-h2: Don't add ":status" pseudo-header on trailers
BUG/MINOR: proto-htx: Consider a XFER_LEN message as chunked by default
BUG/MEDIUM: h2/htx: Correctly handle interim responses when HTX is enabled
MINOR: mux-h2: Set HTX extra value when possible
BUG/MEDIUM: mux-h1: Report the right amount of data xferred in
h1_rcv_buf()
BUG/MINOR: channel: Set CF_WROTE_DATA when outgoing data are skipped
MINOR: htx: Add function to drain data from an HTX message
MINOR: channel/htx: Add function to skips output bytes from an HTX channel
BUG/MAJOR: cache/htx: Set the start-line offset when a cached object is
served
BUG/MEDIUM: cache: Get objects from the cache only for GET and HEAD
requests
BUG/MINOR: cache/htx: Return only the headers of cached objects to HEAD
requests
BUG/MINOR: mux-h1: Always initilize h1m variable in h1_process_input()
BUG/MEDIUM: proto_htx: Fix functions applying regex filters on HTX
messages
BUG/MINOR: mux-h1: Don't report an error on EOS if no message was received
BUG/MINOR: stats/htx: Call channel_add_input() when response headers are
sent
BUG/MINOR: lua/htx: Use channel_add_input() when response data are added
BUG/MINOR: lua/htx: Don't forget to call htx_to_buf() when appropriate
MINOR: stats: Add the status code STAT_STATUS_IVAL to handle invalid
requests
MINOR: stats: Move stuff about the stats status codes in stats files
BUG/MINOR: stats: Be more strict on what is a valid request to the stats
applet
BUG/MAJOR: spoe: Fix initialization of thread-dependent fields
BUG/MAJOR: stats: Fix how huge POST data are read from the channel
BUG/MEDIUM: mux-h2: Always wakeup streams with no id to avoid frozen
streams
MINOR: mux-h2: Set REFUSED_STREAM error to reset a stream if no data was
never sent
MINOR: muxes: Report the Last read with a dedicated flag
MINOR: proto-http/proto-htx: Make error handling clearer during data
forwarding
Dragan Dosen (3):
BUG/MEDIUM: http_fetch: fix the "base" and "base32" fetch methods in HTX
mode
BUG/MEDIUM: http_fetch: fix "req.body_len" and "req.body_size" fetch
methods in HTX mode
BUG/MEDIUM: 51d: fix possible segfault on deinit_51degrees()
Frédéric Lécaille (1):
DOC: Remove tabs and fixed punctuation.
Lukas Tribus (1):
BUG/MINOR: ssl: fix warning about ssl-min/max-ver support
Olivier Houchard (11):
BUILD/MEDIUM: initcall: Fix build on MacOS.
BUG/MEDIUM: servers: Use atomic operations when handling curr_idle_conns.
BUG/MEDIUM: servers: Add a per-thread counter of idle connections.
BUG/MAJOR: listener: Make sure the listener exist before using it.
BUG/MEDIUM: logs: Only attempt to free startup_logs once.
MINOR: fd: Remove debugging code.
BUG/MEDIUM: listeners: Don't call fd_stop_recv() if fd_updt is NULL.
MEDIUM: threads: Use __ATOMIC_SEQ_CST when using the newer atomic API.
BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the global
rq.
BUG/MEDIUM: tasks: Make sure we wake sleeping threads if needed.
MINOR: cfgparse: Add a cast to make gcc happier.
Richard Russo (1):
BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked
Willy Tarreau (29):
BUG/MINOR: spoe: do not assume agent->rt is valid on exit
BUG/MINOR: lua: initialize the correct idle conn lists for the SSL sockets
BUG/MEDIUM: spoe: initialization depending on nbthread must be done last
BUG/MEDIUM: server: initialize the idle conns list after parsing the
config
CLEANUP: server: fix indentation mess on idle connections
BUG/MEDIUM: server: initialize the orphaned conns lists and tasks at the
end
BUG/MINOR: mux-h1: verify the request's version before dropping
connection: keep-alive
BUG/MAJOR: stream: avoid double free on unique_id
BUILD/MINOR: stream: avoid a build warning with threads disabled
BUILD/MINOR: tools: fix build warning in the date conversion functions
BUILD/MINOR: peers: remove an impossible null test in intencode()
BUILD/MINOR: htx: fix some potential null-deref warnings with
http_find_stline
BUG/MEDIUM: htx: count the amount of copied data towards the final count
BUG/MEDIUM: mux-h2/htx: send an empty DATA frame on empty HTX trailers
BUG/MEDIUM: h2: advertise to servers that we don't support push
BUG/MINOR: listener: keep accept rate counters accurate under saturation
MINOR: global: keep a copy of the initial rlim_fd_cur and rlim_fd_max
values
BUG/MINOR: init: never lower rlim_fd_max
BUG/MINOR: checks: make external-checks restore the original
rlim_fd_cur/max
BUG/MINOR: mworker: be careful to restore the original rlim_fd_cur/max on
reload
BUG/MAJOR: mux-h2: fix race condition between close on both ends
MINOR: htx: unconditionally handle parsing errors in requests or responses
MINOR: mux-h2: always pass HTX_FL_PARSING_ERROR between h2s and buf on RX
BUG/MEDIUM: h2/htx: verify that :path doesn't contain invalid chars
BUG/MEDIUM: threads/fd: do not forget to take into account epoll_fd/pipes
REGTEST: fix a spurious "nbthread 4" in the connection test
BUILD: Makefile: allow the reg-tests target to be verbose
BUILD: Makefile: resolve LEVEL before calling run-regtests
BUG/MINOR: http/counters: fix missing increment of fe->srv_aborts
---
