Re: [ANNOUNCE] haproxy-1.9.8

[Aleksandar Lazic]

Am 13.05.2019 um 16:57 schrieb Willy Tarreau:
> Hi,
> 
> HAProxy 1.9.8 was released on 2019/05/13. It added 53 new commits
> after version 1.9.7.
> 
> The most important bugs fall into 3 main categories here :
>   - a possible crash in multi-threads when issuing "show map" or
> "show acl" on the CLI in parallel to "clear map" or "clear acl" on
> another CLI session ;
> 
>   - an incorrect handling in H2 of the HTX end-of-message mark after
> the response trailers which can lead to an endless loop between
> the caller seeing there's still something to send and the callee
> seeing it cannot send this block alone. This one gave a few of us
> some difficulties and helped us see how we can improve HTX for
> future versions by making certain cases more straightforward.
> Thanks to Patrick Hemmer for providing backtraces exhibiting the
> issue.
> 
>   - multiple incorrect list handling in the H2 mux resulting in endless
> loops for some users with large objects. The assumptions that once
> were granted in this code evolved several times during 1.9-dev and
> have led to situations where the presence of an element in the send
> list was not guarded anymore by some previous conditions. Multiple
> iterations of fixes were only pushing the problem forward to the
> next point. Now that these issues were addressed, we've figured how
> certain parts can be simplified to significantly reduce the
> probability that similar issues appear in the future. We owe a big
> thanks to Maciej Zdeb for testing countless patches and reporting
> detailed traces, and even core dumps.
> 
> There were some other annoying issues among which :
>   - occasionally a 100% CPU condition (but traffic not interrupted) on
> certain fragmented H2 HEADER frames. Thanks go to Yves Lafon for
> providing cores and traces.
> 
>   - missing locks on source port ranges occasionally causing connections
> running on different threads to pick the same outgoing source port,
> resulting in connection failures.
> 
>   - a missing lock on the server slowstart code causing deadlocks on the
> roundrobin algorithm when using threads and slowstart.
> 
> The rest is either a bit less important or became confuse to me after
> having dealt with the ones above, to be honest.
> 
> I'm quite confident this one works way better than previous ones, and at
> the same time that someone will soon raise their hand saying "I think I
> have a problem". Having said that, with 305 bugs fixed since 1.9.0 was
> released, you have no valid reason for still using an earlier release
> now that this one is available.
> 
> I would generally like to thank all the early adopters who are running
> on 1.9, because they are the ones going through all the problems above
> and taking the risks for others, and thanks to them we can expect a much
> calmer 2.0. So please continue to report any issue you'll meet!
> 
> Please find the usual URLs below :
>Site index   : http://www.haproxy.org/
>Discourse: http://discourse.haproxy.org/
>Slack channel: https://slack.haproxy.org/
>Issue tracker: https://github.com/haproxy/haproxy/issues
>Sources  : http://www.haproxy.org/download/1.9/src/
>Git repository   : http://git.haproxy.org/git/haproxy-1.9.git/
>Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
>Changelog: http://www.haproxy.org/download/1.9/src/CHANGELOG
>Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Docker Images:

OSSL: https://hub.docker.com/r/me2digital/haproxy19
BSSL: https://hub.docker.com/r/me2digital/haproxy-19-boringssl

Openssl build log:

## Starting vtest ##
Testing with haproxy version: 1.9.8
#top  TEST ./reg-tests/http-capture/h0.vtc FAILED (0.123) exit=2
#top  TEST ./reg-tests/http-messaging/h0.vtc FAILED (0.124) exit=2
2 tests failed, 0 tests skipped, 33 tests passed

https://gitlab.com/aleks001/haproxy19-centos/-/jobs/213200457

Boringssl build log:

## Starting vtest ##
Testing with haproxy version: 1.9.8
#top  TEST ./reg-tests/http-capture/h0.vtc FAILED (0.118) exit=2
#top  TEST ./reg-tests/connection/b0.vtc FAILED (8.184) exit=2
#top  TEST ./reg-tests/http-messaging/h0.vtc FAILED (0.113) exit=2
3 tests failed, 0 tests skipped, 31 tests passed

https://gitlab.com/aleks001/haproxy-19-boringssl/-/jobs/213200704

> Willy
> ---
> Complete changelog :
[snipp]


Regards
Aleks

[ANNOUNCE] haproxy-1.9.8

[Willy Tarreau]

Hi,

HAProxy 1.9.8 was released on 2019/05/13. It added 53 new commits
after version 1.9.7.

The most important bugs fall into 3 main categories here :
  - a possible crash in multi-threads when issuing "show map" or
"show acl" on the CLI in parallel to "clear map" or "clear acl" on
another CLI session ;

  - an incorrect handling in H2 of the HTX end-of-message mark after
the response trailers which can lead to an endless loop between
the caller seeing there's still something to send and the callee
seeing it cannot send this block alone. This one gave a few of us
some difficulties and helped us see how we can improve HTX for
future versions by making certain cases more straightforward.
Thanks to Patrick Hemmer for providing backtraces exhibiting the
issue.

  - multiple incorrect list handling in the H2 mux resulting in endless
loops for some users with large objects. The assumptions that once
were granted in this code evolved several times during 1.9-dev and
have led to situations where the presence of an element in the send
list was not guarded anymore by some previous conditions. Multiple
iterations of fixes were only pushing the problem forward to the
next point. Now that these issues were addressed, we've figured how
certain parts can be simplified to significantly reduce the
probability that similar issues appear in the future. We owe a big
thanks to Maciej Zdeb for testing countless patches and reporting
detailed traces, and even core dumps.

There were some other annoying issues among which :
  - occasionally a 100% CPU condition (but traffic not interrupted) on
certain fragmented H2 HEADER frames. Thanks go to Yves Lafon for
providing cores and traces.

  - missing locks on source port ranges occasionally causing connections
running on different threads to pick the same outgoing source port,
resulting in connection failures.

  - a missing lock on the server slowstart code causing deadlocks on the
roundrobin algorithm when using threads and slowstart.

The rest is either a bit less important or became confuse to me after
having dealt with the ones above, to be honest.

I'm quite confident this one works way better than previous ones, and at
the same time that someone will soon raise their hand saying "I think I
have a problem". Having said that, with 305 bugs fixed since 1.9.0 was
released, you have no valid reason for still using an earlier release
now that this one is available.

I would generally like to thank all the early adopters who are running
on 1.9, because they are the ones going through all the problems above
and taking the risks for others, and thanks to them we can expect a much
calmer 2.0. So please continue to report any issue you'll meet!

Please find the usual URLs below :
   Site index   : http://www.haproxy.org/
   Discourse: http://discourse.haproxy.org/
   Slack channel: https://slack.haproxy.org/
   Issue tracker: https://github.com/haproxy/haproxy/issues
   Sources  : http://www.haproxy.org/download/1.9/src/
   Git repository   : http://git.haproxy.org/git/haproxy-1.9.git/
   Git Web browsing : http://git.haproxy.org/?p=haproxy-1.9.git
   Changelog: http://www.haproxy.org/download/1.9/src/CHANGELOG
   Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
Chris Packham (1):
  BUILD: threads: Add __ha_cas_dw fallback for single threaded builds

Christopher Faulet (13):
  BUG/MINOR: http: Call stream_inc_be_http_req_ctr() only one time per 
request
  MINOR: spoe: Use the sample context to pass frag_ctx info during encoding
  MINOR: examples: Use right locale for the last changelog date in 
haproxy.spec
  BUG/MEDIUM: listener: Fix how unlimited number of consecutive accepts is 
handled
  MINOR: config: Test validity of tune.maxaccept during the config parsing
  CLEANUP: config: Don't alter listener->maxaccept when nbproc is set to 1
  BUG/MEDIUM: spoe: Be sure the sample is found before setting its context
  BUG/MINOR: mux-h1: Fix the parsing of trailers
  BUG/MINOR: htx: Never transfer more than expected in htx_xfer_blks()
  MINOR: htx: Split on DATA blocks only when blocks are moved to an HTX 
message
  BUG/MINOR: stream: Attach the read side on the response as soon as 
possible
  BUG/MEDIUM: http: Use pointer to the begining of input to parse message 
headers
  MINOR: spoe: Set the argument chunk size to 0 when SPOE variables are 
checked

Dragan Dosen (4):
  BUG/MINOR: haproxy: fix rule->file memory leak
  BUG/MINOR: log: properly free memory on logformat parse error and deinit()
  BUG/MINOR: checks: free memory allocated for tasklets
  BUG/MEDIUM: pattern: fix memory leak in regex pattern functions

Ilya Shipitsin (1):
  BUG/MEDIUM: servers: fix typo "src" instead of "srv"

Kevin Zhu (1):
  BUG/MEDIUM: spoe: arg len encoded in