Hi,
HAProxy 2.4.2 was released on 2021/07/07. It added 35 new commits
after version 2.4.1.
The main purpose of this release is to fix a possible deadlock introduced
into the previous release when the maxconn of a server was changed via an
agent-check. In this case, the server lock was held twice leading to a
deadlock, the first time in the agent-check itself, the second time in the
agent response parsing when the maxconn setting was changed. Note the 2.3.10
is also affected by this bug and a new release will be emitted with the fix
very soon.
Some bugs in the resolvers were also fixed. First one was a possible ABBA
deadlock when the server's FQDN was set from the CLI socket. In this case,
the server lock was held before the resolver lock while the opposite is done
when a resolution is performed. It is a quite old bug only discovered
recently by chance. In addition, to avoid any ambiguities, it is now
forbidden to set server's FQDN on the CLI if SRV resolution is enabled for
the server. Second bug is about the SRV resolution when the server state was
loaded from a file. In this case, it was possible to never renew the server
information loaded during startup if the DNS server no longer announced the
corresponding SRV record. To work around this bug, a task is attached to
servers relying on SRV resolution to purge outdated information, if any. Two
regressions of the 2.4.1 were also fixed. First, the first server of a
template based on a SRV resolution was not resolved anymore. The same bug
existed for single servers relying on SRV resolution. Second, a server might
be ignored during resolution if its IP was set by the libc during
startup. Finally, information about SRV resolution found in a server state
file are now ignored if the corresponding server is no longer configured to
rely on the same SRV resolution.
Willy fixed a bug in the sock part leading to high CPU usage because some
early connection failures might be missed if a connect() reported an error
directly via the poller without ever reporting send readiness. It is an old
bug revealed by recent changes.
Amaury implemented the scheme-based URI normalization as described in
rfc3986 6.3.2. It means the port of an URI is removed if it is a default
port according to the URI scheme (80/http and 443/https). On HTTP/1, the
normalization is only performed on requests using an absolute-form target
URI. On HTTP/2, It is performed on requests with a scheme and an
authority. It is the most common case, except CONNECT. This change will be
notably useful to not confuse users who are accustomed to use the host for
routing without specifying default ports. This problem was recently
encountered with Firefox which specify the 443 default port for HTTP/2
WebSocket Extended CONNECT.
Some may have noticed the support of "set-src" adn "set-sr-port" actions for
"tcp-request content" rules was first added then reverted. While this
support must be added, it should be delayed to fix a design problem by
setting client source address from the L7 layer. This problem already exists
because these actions are supported by "http-request" rules (See #90 on
github for details). So instead of adding more confusion, we have chosen to
wait a bit and delayed the feature.
Other commits are regular bug fixes and cleanups, mainly:
* The MQTT parser was fixed to properly handle large client ID or empty
one in CONNECT message.
* Tim fixed a bug in the cache to properly handle empty 'accept-encoding'
header.
* The "show fd" command output was fixed to displayed the server name as
<proxy>/<server> instead of the reverse.
* The configuration manual was fixed to add missing documentation of some
keywords and to refresh "mysql-check" description.
As said at the beginning of this announce, a new 2.3 release will be emitted
very soon. We are really annoyed to have delayed so much this release. The
same is true for the last 2.2 and 2.0 releases. For these versions, we will
try to emit new releases the next week.
Thanks everyone for your help and your contributions!
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.4/src/
Git repository : http://git.haproxy.org/git/haproxy-2.4.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git
Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
---
Complete changelog :
Amaury Denoyelle (7):
BUG/MAJOR: server: fix deadlock when changing maxconn via agent-check
REGTESTS: fix maxconn update with agent-check
MINOR: http: implement http_get_scheme
MEDIUM: http: implement scheme-based normalization
MEDIUM: h1-htx: apply scheme-based normalization on h1 requests
MEDIUM: h2: apply scheme-based normalization on h2 requests
REGTESTS: add http scheme-based normalization test
Christopher Faulet (19):
BUG/MINOR: server-state: load SRV resolution only if params match the
config
BUG/MINOR: server: Forbid to set fqdn on the CLI if SRV resolution is
enabled
BUG/MEDIUM: server/cli: Fix ABBA deadlock when fqdn is set from the CLI
MINOR: resolvers: Clean server in a dedicated function when removing a
SRV item
MINOR: resolvers: Remove server from named_servers tree when removing a
SRV item
BUG/MEDIUM: resolvers: Add a task on servers to check SRV resolution
status
BUG/MINOR: resolvers: Use resolver's lock in resolv_srvrq_expire_task()
BUG/MINOR: server/cli: Fix locking in function processing "set server"
command
MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules
DOC: config: Add missing actions in "tcp-request session" documentation
CLEANUP: dns: Remove a forgotten debug message
BUG/MINOR: resolvers: Always attach server on matching record on
resolution
BUG/MINOR: resolvers: Reset server IP when no ip is found in the response
MINOR: resolvers: Reset server IP on error in
resolv_get_ip_from_response()
BUG/MINOR: tcpcheck: Fix numbering of implicit HTTP send/expect rules
BUG/MINOR: mqtt: Fix parser for string with more than 127 characters
BUG/MINOR: mqtt: Support empty client ID in CONNECT message
BUG/MEDIUM: resolvers: Make 1st server of a template take part to SRV
resolution
Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content"
rules"
Daniel Black (1):
DOC: config: use CREATE USER for mysql-check
David Carlier (1):
BUILD: Makefile: fix linkage for Haiku.
Dirkjan Bussink (1):
BUG/MINOR: checks: return correct error code for srv_parse_agent_check
Emeric Brun (3):
BUG/MINOR: stick-table: fix several printf sign errors dumping tables
BUG/MINOR: peers: fix data_type bit computation more than 32 data_types
DOC: stick-table: add missing documentation about gpt0 stored type
Tim Duesterhus (1):
BUG/MINOR: cache: Correctly handle existing-but-empty 'accept-encoding'
header
Willy Tarreau (2):
BUG/MEDIUM: sock: make sure to never miss early connection failures
BUG/MINOR: cli: fix server name output in "show fd"
--
Christopher Faulet
