Am 25.04.2019 um 23:18 schrieb Christopher Faulet:
> Hi,
>
> HAProxy 1.9.7 was released on 2019/04/25. It added 100 new commits after
> version
> 1.9.6.
>
> After a month since the last release, a huge number of bugs were addressed
> into
> this release. The most significant are fixes of 100% CPU usage issues. Olivier
> and Willy worked hard on it. They fixed several bugs in the task scheduler and
> improved it. Another issue concerned the streams and the way aborts was
> handled. The flag reporting the abort on the stream-interface was cleared too
> early. So the stream was not properly released, looping infinitely on
> itself. Thanks to Maciej for helping Olivier investigating on this
> issue. Finally, two bugs leading to a loop were fixed in the H2 multiplexer.
> The
> first one occurred when an incomplete frame was received and no more data was
> available. The second one when the subscription to the send events was made
> twice, which should never happen. This last issue was also able to lead to
> random crashes.
>
> Willy, with the help of Maksim, fixed a locking problem in the round-robin LB
> causing occasional crashes of HAProxy because of a divide by zero when the
> next
> server's position was computed. Willy also fixed an AB/BA locking issue in the
> listener's accept code thanks to Olivier and his self-locked list. At the end,
> all this part was reworked. The lock on the listener queue disappeared and the
> accept code was significantly improved. As mentioned, Olivier implemented
> self-locked lists. It is now safe to manipulate such lists with multiple
> threads
> without having to worry about concurrency issues.
>
> A very old bug on how HTTP sample fetches work was fixed. All HTTP sample
> fetches were buggy because the channel used was chosen depending on the sample
> direction and not on the keyword really used. The request channel was used
> when
> called during the request analysis and the response one was used when called
> during the response analysis, regardless the sample really called. It could
> cause a whole bunch of bugs, from undefined behavior because the data were
> extracted from the wrong buffer to crash of HAProxy.
>
> Many bugs in the HTX part were fixed. The most significant was a problem of
> data
> corruption when an header was added while some data were already received. It
> was addressed by defragmenting the HTX message. It is a quick and dirty fix,
> waiting for a better solution. The TCP splicing was fixed in the H1
> multiplexer. The handling of the CONNECT method was refactored to work when h1
> and h2 are mixed (an h1 client sending requests to an h2 server or this
> opposite). And finally, the option "http-tunnel" was deprecated in HTX. It is
> still supported in legacy HTTP, but in HTX, this options is now ignored.
>
> Otherwise, as always, there was a bunch of bugfixes and changes here and
> there. The most noticeable are:
>
>- A memory leak was fixed in the map converter. And now when a map file is
> loaded, the default value is parsed only when it is present. This fixes
> segfaults at parsing time when no default value is provided.
>
>- Pattern IDs are now assigned after checking the config validity. It
> fixes a
> bug where some map identifiers were not assigned (appearing as -1 in show
> map). Thanks to Pavlos to report this bug.
>
>- Several bugs was fixed on the SPOE, mainly on the way fragmented frames
> was
> handled internally.
>
>- A bug was fixed in the peers. Peer sessions were not always cleanly reset
> on release, resulting in a bad state for new sessions. In addition, the
> CLI
> command "show peers" was added. It dumps info about the peers configured
> in
> "peers" sections.
>
>- Nenad fixed a security issue in the TLS ticket key rotation. Whenever
> HAProxy was reloaded with rotated keys, the resumption would be broken
> for
> previous encryption key. CVE-2019-11323 was assigned to this bug.
>
>- Build of HAProxy on AIX 5.1 was fixed.
>
>- Some small improvements were brought to the master-worker mode. The busy
> polling was disabled on the master process to not waste a dedicated
> processor on it. And an unambiguous status is now set on exit.
>
>- The global directive "set-dumpable" was added to enable core dumps. It's
> always a pain to get a core dump when enabling user/group setting (which
> disables the dumpable flag on Linux), when using a chroot and/or when
> HAProxy is started by a service management tool which requires complex
> operations to just raise the core dump limit. It becomes much easier to
> retrieve a core file by using this new directive. Temporarily moving the
> chroot to a user-writable place generally enough.
>
>- Missing locks was added in set-map and add-acl HTTP rules.
>
>- The multithreading mode is now enabled on wurlf. And it is now compatible
> with
