Hi,
HAProxy 1.9.1 was released on 2019/01/08. It added 90 new commits
after version 1.9.0.
One of them fixes a security issue discovered by Tim Düsterhus
(CVE-2018-20615) :
BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
An incorrect frame length check is performed on HEADERS frame having the
PRIORITY flag, possibly resulting in a read-past-bound which can cause a
crash depending how the frame is crafted. All 1.9 and 1.8 versions are
affected. As a result, all HTTP/2 users must either upgrade or temporarily
disable HTTP/2 by commenting the "npn h2" and "alpn h2" statements on their
related "bind" lines.
This version also collects a number of significant bug fixes that were
reported since the release, among which :
- risk of crashes when using HTTP reuse with more than 5 servers for
a given session ;
- occasional zombie connections when objects retrieved from the cache
were compressed during delivery ;
- some chunked-encoding inconsistencies between H1 on one side and H2
on the other one in HTX mode ;
- a few other HTX issues I honestly don't remember in details
- a small number of lost event issues affecting the H1 and H2 muxes,
possibly resulting in occasional timeouts and/or zombie connections
Lukas' update to redispatch connection failures when using consistent
hash was merged as well as eventhough it was not really a bug, it was at
least a counter-intuitive behaviour.
An annoying limitation was also reported and addressed : health checks
currently cannot use the H2 mux to send HTTP requests to H2 servers, but
since the ALPN string is set per server, it wasn't possible to force
these checks to at least rely on HTTPS instead. A new "check-alpn"
directive was added to allow to specify the ALPN string to advertise for
checks to address this.
A number of updates were merged to the regression testing suite since it
helps us a lot to reproduce bugs and improve reliability.
What's nice is that www.haproxy.org has been running on this code since
the release with only very minor glitches (a few tens of zombie connections
a week due to the compression+cache issue etc) and doesn't show any sign of
trouble anymore after these fixes.
I intend to issue 1.9.2 soon (possibly next week) with a small bunch of
additional minor fixes that I didn't want to mix with this version. In
addition I managed to implement the long-missing support for H2
CONTINUATION frames and trailers which are sufficiently low risk to be
backported. Thanks to these, h2spec now reports zero error, and gRPC
works out of the box through HAProxy :-) Thus unless someone steps up
with a good objection to these being backported into 1.9, we'll do it.
Anyway, please don't forget to update!
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Sources : http://www.haproxy.org/download/1.9/src/
Git repository : http://git.haproxy.org/git/haproxy-1.9.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
Changelog : http://www.haproxy.org/download/1.9/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
Willy
---
Complete changelog :
Alex Zorin (1):
MINOR: payload: add sample fetch for TLS ALPN
Christopher Faulet (36):
BUG/MAJOR: stream-int: Update the stream expiration date in
stream_int_notify()
BUG/MINOR: compression/htx: Don't compress responses with unknown body
length
BUG/MINOR: compression/htx: Don't add the last block of data if it is
empty
MINOR: channel: Add the function channel_add_input
MINOR: stats/htx: Call channel_add_input instead of updating channel
state by hand
BUG/MEDIUM: cache: Be sure to end the forwarding when XFER length is
unknown
BUG/MAJOR: htx: Return the good block address after a defrag
BUG/MEDIUM: mux-h1: Add a task to handle connection timeouts
BUG/MEDIUM: proto-htx: Set SI_FL_NOHALF on server side when request is
done
REGTEST: Require the option LUA to run lua tests
REGTEST: script: Process script arguments before everything else
REGTEST: script: Evaluate the varnishtest command to allow quoted
parameters
REGTEST: script: Add the option --clean to remove previous log direcotries
REGTEST: script: Add the option --debug to show logs on standard ouput
REGTEST: script: Add the option --keep-logs to keep all log directories
REGTEST: script: Add the option --use-htx to enable the HTX in regtests
REGTEST: script: Print only errors in the results report
REGTEST: Add option to use HTX prefixed by the macro 'no-htx'
REGTEST: script: Add support of alternatives in requited options list
REGTEST: Add a basic test for the compression
BUG/MINOR: cache/htx: Be sure to count partial trailers
MINOR: stream/htx: Add info about the HTX structs in "show sess all"
command
MINOR: stream: Add the subscription events of SIs in "show sess all"
command
MINOR: mux-h1: Add the subscription events in "show fd" command
MINOR: htx: Add an helper function to get the max space usable for a block
MINOR: channel/htx: Add HTX version for some helper functions
BUG/MEDIUM: cache/htx: Respect the reserve when cached objects are served
BUG/MINOR: stats/htx: Respect the reserve when the stats page is dumped
BUG/MINOR: mux-h1: Close connection on shutr only when shutw was really
done
MEDIUM: mux-h1: Clarify how shutr/shutw are handled
BUG/MINOR: compression: Disable it if another one is already in progress
BUG/MINOR: filters: Detect cache+compression config on legacy HTTP streams
BUG/MINOR: cache: Disable the cache if any compression filter precedes it
MINOR: htx: Add a function to truncate all blocks after a specific offset
MINOR: channel/htx: Add the HTX version of channel_truncate/erase
BUG/MINOR: proto_htx: Use HTX versions to truncate or erase a buffer
Frédéric Lécaille (8):
REGTEST: A basic test for "http-buffer-request"
REGTEST: Add a reg test for health-checks over SSL/TLS.
REGTEST: Make reg-tests target support argument.
REGTEST: Fix a typo about barrier type.
REGTEST: Be less Linux specific with a syslog regex.
REGTEST: Missing enclosing quotes for ${tmpdir} macro.
REGTEST: Exclude freebsd target for some reg tests.
REGTEST: Add some informatoin to test results.
Jarno Huuskonen (2):
DOC: Fix typo in req.ssl_alpn example (commit 4afdd138424ab...)
DOC: http-request cache-use / http-response cache-store expects cache name
Jérôme Magnin (2):
BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in
dns_validate_response()
BUG/MINOR: htx: send the proper authenticate header when using
http-request auth
Nikhil Agrawal (1):
BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns
error
Olivier Houchard (17):
BUG/MEDIUM: tasks: Decrement tasks_run_queue in tasklet_free().
BUG/MAJOR: connections: Close the connection before freeing it.
BUG/MEDIUM: h2: Don't forget to quit the sending_list if
SUB_CALL_UNSUBSCRIBE.
BUG/MEDIUM: mux_h2: Don't add to the idle list if we're full.
BUG/MEDIUM: server: Also copy "check-sni" for server templates.
BUG/MEDIUM: servers: Don't try to reuse connection if we switched server.
BUG/MEDIUM: servers: Fail if we fail to allocate a conn_stream.
BUG/MAJOR: servers: Use the list api correctly to avoid crashes.
BUG/MAJOR: servers: Correctly use LIST_ELEM().
BUG/MAJOR: sessions: Use an unlimited number of servers for the conn list.
BUG/MEDIUM: servers: Flag the stream_interface on handshake error.
MEDIUM: servers: Be smarter when switching connections.
MINOR: ssl: Add ssl_sock_set_alpn().
MEDIUM: checks: Add check-alpn.
MEDIUM: mux_h1: Implement h1_show_fd.
BUG/MEDIUM: h1: In h1_init(), wake the tasklet instead of calling
h1_recv().
BUG/MEDIUM: server: Defer the mux init until after xprt has been
initialized.
PiBa-NL (1):
REGTEST: mailers: add new test for 'mailers' section
Thierry FOURNIER (2):
BUG/MINOR: lua: bad args are returned for Lua actions
BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
Willy Tarreau (20):
BUG/MEDIUM: log: don't mark log FDs as non-blocking on terminals
BUG/MEDIUM: mux-h2: Don't forget to quit the send list on error reports
BUG/MEDIUM: mux-h2: don't needlessly wake up the demux on short frames
MINOR: mux-h2: only increase the connection window with the first update
REGTESTS: remove the expected window updates from H2 handshakes
BUG/MINOR: mux-h2: make empty HEADERS frame return a connection error
BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than
the max
BUG/MEDIUM: mux-h2: always restart reading if data are available
BUG/MINOR: mux-h2: don't check the CS count in h2c_bck_handle_headers()
BUG/MEDIUM: mux-h1: use per-direction flags to indicate transitions
BUG/MEDIUM: mux-h1: make HTX chunking consistent with H2
MINOR: mux-h1: parse the content-length header on output and set
H1_MF_CLEN
BUG/MEDIUM: mux-h1: don't enforce chunked encoding on requests
MINOR: lb: allow redispatch when using consistent hash
MINOR: stream/htx: add the HTX flags output in "show sess all"
MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
MINOR: stream/cli: report more info about the HTTP messages on "show sess
all"
BUG/MEDIUM: cli: make "show sess" really thread-safe
DOC: regtest: make it clearer what the purpose of the "broken" series is
BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
---
