Re: [ANNOUNCE] haproxy-2.0.1
after compiling the new 2.0.1, it seems the HTTP2 issue *we were seeing* on 2.0 but not on 1.9.8 are fixed. Thank you. On Thu, Jun 27, 2019 at 7:19 AM Aleksandar Lazic wrote: > Am 26.06.2019 um 19:28 schrieb Christopher Faulet: > > Hi, > > > > HAProxy 2.0.1 was released on 2019/06/26. It added 27 new commits > > after version 2.0.0. > > > > This new version fixes several annoying bugs with various visible > effects. Among > > others, two majors bugs have been fixed. The first one is a regression on > > stick-tables. HAProxy was unable to start when a stick-table was used in > > "if/unless" ACL condition. An error claimed the stick-table name was > > missing. The second major bug is in the H1 multiplexer. The area of a > trash > > chunk was easily able to be released by error when an outgoing HTTP > message was > > formatted. So it is a pretty old bug and it is strange we never spotted > it > > before. But it led to a memory corruption and thus to a wide variety of > bugs. > > > > Several bugs in the HTX was fixed. One of them concerned the H2. When > cookie > > headers were grouped during the conversion of an H2 request into an HTX > message, > > the HTX message was not fully updated. When it happened, most of time the > > connection hung. Another bug concerned the way 1xx informational > messages was > > emitted by HAProxy. An EOM was mistakenly added in these HTX messages. > It was > > totally valid on HAProxy-1.9. But in 2.0, these messages are part of the > > response and must never have EOM block. This unexpected error was not > correctly > > caught, blocking the connection. Now, when HAProxy generates such > transitional > > responses, it does not emit EOM block. And if an unexpected error > happens during > > H1 output formatting, a fatal error is triggered and the connection is > closed. > > > > On the H1 multiplexer, parsing errors when a too big message was > received were > > not correctly caught, blocking connections. It was due to an > optimization to > > allow zero copy transfers. In the H2 multiplexer, the frame padding was > not > > correctly handled in two ways, leading in both cases to protocol errors. > > > > Olivier fixed a bug on the connection's layer when the PROXY protocol was > > used. The xprt handshake was not always present to send the PROXY > protocol > > header, leading to an infinite loop. He also fixed a bug in the SSL that > was > > able to crash HAProxy. In the function ssl_subscribe(), before doing > anything, > > we must be sure to have an xprt context. Finally he fixed a bug on > > stream-interfaces. The flag SI_FL_ERR was unconditionally set when an > error was > > detected on the connection or on the conn-stream. But it must only be > set when > > the stream-interface is connected or is attempting a connection. > > > > A segfault was fixed in the leastconn LB algorithm because of an unsafe > test > > outside the LB lock. Thanks to Tim Duesterhus, HAProxy now set the > header "Vary" > > in compressed responses. William fixed two bugs in the master-worker. > The first > > was a segfault when the master switched to wait mode because the thread > and > > the fdtab deinit functions were called. The second was about the master > cli that > > was unable to send commands to several workers. > > > > Finally, as always, some small other bugs were fixed here and there. > Thanks to > > everyone to report and/or fixed bugs, or just for testing this new major > > release. Of course, we encourage everyone to upgrade. Several bugs > considered as > > fixed are a bit hard or a bit long to reproduce. So we hope this release > is > > better than the last one. But please continue to report any issue you'll > meet! > > > > > > Please find the usual URLs below : > >Site index : http://www.haproxy.org/ > >Discourse: http://discourse.haproxy.org/ > >Slack channel: https://slack.haproxy.org/ > >Issue tracker: https://github.com/haproxy/haproxy/issues > >Sources : http://www.haproxy.org/download/2.0/src/ > >Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ > >Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git > >Changelog: http://www.haproxy.org/download/2.0/src/CHANGELOG > >Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ > > TLS 1.3 Image ready: https://hub.docker.com/r/me2digital/haproxy20-centos > > ``` > HA-Proxy version 2.0.1 2019/06/26 - https://haproxy.org/ > Build options : > TARGET = linux-glibc > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement > -fwrapv > -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered > -Wno-missing-field-initializers -Wtype-limits > OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1 > USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 > > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE >
Re: [ANNOUNCE] haproxy-2.0.1
Am 26.06.2019 um 19:28 schrieb Christopher Faulet: > Hi, > > HAProxy 2.0.1 was released on 2019/06/26. It added 27 new commits > after version 2.0.0. > > This new version fixes several annoying bugs with various visible effects. > Among > others, two majors bugs have been fixed. The first one is a regression on > stick-tables. HAProxy was unable to start when a stick-table was used in > "if/unless" ACL condition. An error claimed the stick-table name was > missing. The second major bug is in the H1 multiplexer. The area of a trash > chunk was easily able to be released by error when an outgoing HTTP message > was > formatted. So it is a pretty old bug and it is strange we never spotted it > before. But it led to a memory corruption and thus to a wide variety of bugs. > > Several bugs in the HTX was fixed. One of them concerned the H2. When cookie > headers were grouped during the conversion of an H2 request into an HTX > message, > the HTX message was not fully updated. When it happened, most of time the > connection hung. Another bug concerned the way 1xx informational messages was > emitted by HAProxy. An EOM was mistakenly added in these HTX messages. It was > totally valid on HAProxy-1.9. But in 2.0, these messages are part of the > response and must never have EOM block. This unexpected error was not > correctly > caught, blocking the connection. Now, when HAProxy generates such transitional > responses, it does not emit EOM block. And if an unexpected error happens > during > H1 output formatting, a fatal error is triggered and the connection is closed. > > On the H1 multiplexer, parsing errors when a too big message was received were > not correctly caught, blocking connections. It was due to an optimization to > allow zero copy transfers. In the H2 multiplexer, the frame padding was not > correctly handled in two ways, leading in both cases to protocol errors. > > Olivier fixed a bug on the connection's layer when the PROXY protocol was > used. The xprt handshake was not always present to send the PROXY protocol > header, leading to an infinite loop. He also fixed a bug in the SSL that was > able to crash HAProxy. In the function ssl_subscribe(), before doing anything, > we must be sure to have an xprt context. Finally he fixed a bug on > stream-interfaces. The flag SI_FL_ERR was unconditionally set when an error > was > detected on the connection or on the conn-stream. But it must only be set when > the stream-interface is connected or is attempting a connection. > > A segfault was fixed in the leastconn LB algorithm because of an unsafe test > outside the LB lock. Thanks to Tim Duesterhus, HAProxy now set the header > "Vary" > in compressed responses. William fixed two bugs in the master-worker. The > first > was a segfault when the master switched to wait mode because the thread and > the fdtab deinit functions were called. The second was about the master cli > that > was unable to send commands to several workers. > > Finally, as always, some small other bugs were fixed here and there. Thanks to > everyone to report and/or fixed bugs, or just for testing this new major > release. Of course, we encourage everyone to upgrade. Several bugs considered > as > fixed are a bit hard or a bit long to reproduce. So we hope this release is > better than the last one. But please continue to report any issue you'll meet! > > > Please find the usual URLs below : >Site index : http://www.haproxy.org/ >Discourse: http://discourse.haproxy.org/ >Slack channel: https://slack.haproxy.org/ >Issue tracker: https://github.com/haproxy/haproxy/issues >Sources : http://www.haproxy.org/download/2.0/src/ >Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ >Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git >Changelog: http://www.haproxy.org/download/2.0/src/CHANGELOG >Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ TLS 1.3 Image ready: https://hub.docker.com/r/me2digital/haproxy20-centos ``` HA-Proxy version 2.0.1 2019/06/26 - https://haproxy.org/ Build options : TARGET = linux-glibc CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE +PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD +PTHREAD_PSHARED +REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 -ZLIB +SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS
[ANNOUNCE] haproxy-2.0.1
Hi, HAProxy 2.0.1 was released on 2019/06/26. It added 27 new commits after version 2.0.0. This new version fixes several annoying bugs with various visible effects. Among others, two majors bugs have been fixed. The first one is a regression on stick-tables. HAProxy was unable to start when a stick-table was used in "if/unless" ACL condition. An error claimed the stick-table name was missing. The second major bug is in the H1 multiplexer. The area of a trash chunk was easily able to be released by error when an outgoing HTTP message was formatted. So it is a pretty old bug and it is strange we never spotted it before. But it led to a memory corruption and thus to a wide variety of bugs. Several bugs in the HTX was fixed. One of them concerned the H2. When cookie headers were grouped during the conversion of an H2 request into an HTX message, the HTX message was not fully updated. When it happened, most of time the connection hung. Another bug concerned the way 1xx informational messages was emitted by HAProxy. An EOM was mistakenly added in these HTX messages. It was totally valid on HAProxy-1.9. But in 2.0, these messages are part of the response and must never have EOM block. This unexpected error was not correctly caught, blocking the connection. Now, when HAProxy generates such transitional responses, it does not emit EOM block. And if an unexpected error happens during H1 output formatting, a fatal error is triggered and the connection is closed. On the H1 multiplexer, parsing errors when a too big message was received were not correctly caught, blocking connections. It was due to an optimization to allow zero copy transfers. In the H2 multiplexer, the frame padding was not correctly handled in two ways, leading in both cases to protocol errors. Olivier fixed a bug on the connection's layer when the PROXY protocol was used. The xprt handshake was not always present to send the PROXY protocol header, leading to an infinite loop. He also fixed a bug in the SSL that was able to crash HAProxy. In the function ssl_subscribe(), before doing anything, we must be sure to have an xprt context. Finally he fixed a bug on stream-interfaces. The flag SI_FL_ERR was unconditionally set when an error was detected on the connection or on the conn-stream. But it must only be set when the stream-interface is connected or is attempting a connection. A segfault was fixed in the leastconn LB algorithm because of an unsafe test outside the LB lock. Thanks to Tim Duesterhus, HAProxy now set the header "Vary" in compressed responses. William fixed two bugs in the master-worker. The first was a segfault when the master switched to wait mode because the thread and the fdtab deinit functions were called. The second was about the master cli that was unable to send commands to several workers. Finally, as always, some small other bugs were fixed here and there. Thanks to everyone to report and/or fixed bugs, or just for testing this new major release. Of course, we encourage everyone to upgrade. Several bugs considered as fixed are a bit hard or a bit long to reproduce. So we hope this release is better than the last one. But please continue to report any issue you'll meet! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse: http://discourse.haproxy.org/ Slack channel: https://slack.haproxy.org/ Issue tracker: https://github.com/haproxy/haproxy/issues Sources : http://www.haproxy.org/download/2.0/src/ Git repository : http://git.haproxy.org/git/haproxy-2.0.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.0.git Changelog: http://www.haproxy.org/download/2.0/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Christopher Faulet (14): BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages MINOR: htx: Add the function htx_change_blk_value_len() BUG/MEDIUM: htx: Fully update HTX message when the block value is changed BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock BUG/MINOR: htx: Save hdrs_bytes when the HTX start-line is replaced BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is formatted BUG/MINOR: memory: Set objects size for pools in the per-thread cache BUG/MEDIUM: proto_htx: Don't add EOM on 1xx informational messages BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages BUG/MINOR: mux-h1: Make format errors during output formatting fatal Frédéric Lécaille (1): BUG/MAJOR: sample: Wrong
