** Description changed: This bug tracks an update for the HAProxy package in the following Ubuntu releases to the versions below: * plucky (25.04): HAProxy 3.0.10 (See entries from 3.0.9 to 3.0.10). * noble (24.04): HAProxy 2.8.15 (See entries from 2.8.6 to 2.8.15). * jammy (22.04): HAProxy 2.4.29 (See entries from 2.4.15 to 2.4.29). These updates include bugfixes only following the SRU policy exception defined at https://documentation.ubuntu.com/sru/en/latest/reference/exception-HAProxy-Updates DISCLAIMER: For these updates, we are not upgrading to the latest patch version possible. Instead, we are sticking to the versions which include the fixes up to the version we currently ship in questing to avoid upgrade path regressions. [Upstream changes] HAProxy 3.0.10: https://www.haproxy.org/download/3.0/src/CHANGELOG HAProxy 2.8.15: https://www.haproxy.org/download/2.8/src/CHANGELOG HAProxy 2.4.29: https://www.haproxy.org/download/2.4/src/CHANGELOG Important bug fixes include: * noble (24.04) - HAProxy 2.8.15: - - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions - - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - - BUG/MAJOR: server: fix stream crash due to deleted server - - BUG/MAJOR: promex: fix crash on deleted server - - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe - - BUG/MAJOR: server: do not delete srv referenced by session - - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state - - BUG/MAJOR: quic: reject too large CRYPTO frames - - BUG/MAJOR: ocsp: Separate refcount per instance and per store - - BUG/MAJOR: quic: fix wrong packet building due to already acked frames + - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions + - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() + - BUG/MAJOR: server: fix stream crash due to deleted server + - BUG/MAJOR: promex: fix crash on deleted server + - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe + - BUG/MAJOR: server: do not delete srv referenced by session + - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state + - BUG/MAJOR: quic: reject too large CRYPTO frames + - BUG/MAJOR: ocsp: Separate refcount per instance and per store + - BUG/MAJOR: quic: fix wrong packet building due to already acked frames * jammy (22.04) - HAProxy 2.4.29: - - BUG/MAJOR: server: do not delete srv referenced by session - - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe + - BUG/MAJOR: server: do not delete srv referenced by session + - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() + - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers + - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach + - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe [Test Plan] TODO: link to the upstream CI pipelines demonstrating all tests are passing TODO: if there are any non passing tests - explain why that is ok in this case A test build set is available at https://launchpad.net/~athos/+archive/ubuntu/haproxy/+packages. We ran the haproxy DEP8 test suite for the packages built in that PPA. Here are the results: * Results: - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [amd64] + ✅ haproxy on jammy for amd64 @ 11.10.25 01:21:25 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [arm64] + ✅ haproxy on jammy for arm64 @ 11.10.25 01:21:38 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [armhf] + ✅ haproxy on jammy for armhf @ 11.10.25 01:24:48 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [i386] - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [ppc64el] + ✅ haproxy on jammy for ppc64el @ 11.10.25 01:21:58 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [s390x] + ✅ haproxy on jammy for s390x @ 11.10.25 01:20:56 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [amd64] + ✅ haproxy on noble for amd64 @ 11.10.25 01:20:32 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [arm64] + ✅ haproxy on noble for arm64 @ 11.10.25 01:21:27 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [armhf] + ✅ haproxy on noble for armhf @ 11.10.25 01:23:59 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [i386] - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [ppc64el] + ✅ haproxy on noble for ppc64el @ 11.10.25 01:21:23 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [s390x] + ✅ haproxy on noble for s390x @ 11.10.25 01:20:38 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [amd64] + ✅ haproxy on plucky for amd64 @ 11.10.25 01:20:26 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [arm64] + ✅ haproxy on plucky for arm64 @ 11.10.25 01:22:09 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [armhf] + ✅ haproxy on plucky for armhf @ 11.10.25 01:23:55 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [i386] - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [ppc64el] + ✅ haproxy on plucky for ppc64el @ 11.10.25 01:21:43 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [s390x] + ✅ haproxy on plucky for s390x @ 11.10.25 01:20:36 Log️ 🗒️ [Regression Potential] HAProxy itself does not have many reverse dependencies, however, any upgrade is a risk to introduce some breakage to other packages. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. - TODO: consider any other regression potential specific to the version being - updated and list if any. + [Regression Potential - Changes Analysis (CA)] + + There is a significant number of low regression risk (as per upstream + classification) functional changes. + + Moreover, some (fewer) bug fixes have a possible medium regression risk + (again, as per upstream classification). + + The functional changes mentioned above were included because they are, + in majority, needed by other entries which are bug fixes, i.e., these + are functional changes needed to fix specific bugs. + + [Regression Potential - CA - Upstream changes classification criteria] + + https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING#L632 + describes the upstream guidelines for tagging the entries in the upstream changelog based + on their purpose, importance, severity, etc. + + Below, I summarize the relevant bits of such guidelines. + + Patches "fixing a bug must have the 'BUG' tag", e.g., "BUG/MAJOR: + description" + + "When the patch cannot be categorized, [...] only use a risk or complexity + information [...]. This is commonly the case for new features". For + instance, "MINOR: description" + + For MINOR tags, the patch "is safe enough to be backported to stable + branches". + + Patches tagged MEDIUM "may cause unexpected regressions of low importance + [...], the patch is safe but touches working areas". + + Patches tagged MAJOR carry a "major risk of hidden regression". No + changes are tagged MAJOR without a bug classifier, i.e., all of the + patches classified as MAJOR are BUG/MAJOR and will be discussed below. + + There is also a CRITICAL tag but no changes are tagged with it in the new + candidate versions. + + [Regression Potential - CA - Impact] + + For the next Jammy update, we would upgrade HAPRoxy from 2.4.14 to 2.4.29. Among + the changes, there are 5 bug fixes tagged as BUG/MAJOR and 15 uncategorized changes (potentially functional), where 13 are tagged as MINOR and 2 are tagged as MEDIUM. + + For the next Noble update, we would upgrade HAPRoxy from 2.8.5 to + 2.8.15. This has the largest impactful change set for these proposed + HAProxy upgrades. Among the changes, there are 12 bug fixes tagged as + BUG/MAJOR and 80 uncategorized changes (potentially functional), where + 74 are tagged as MINOR and 6 are tagged as MEDIUM. + + For the next Plucky update, we would upgrade HAPRoxy from 3.0.8 to + 3.0.10. Among the changes, there are 21 uncategorized changes + (potentially functional), where 20 are tagged as MINOR and 1 are tagged + as MEDIUM. [Previous updates] - LP: #2012557 - LP: #2028418
** Description changed: This bug tracks an update for the HAProxy package in the following Ubuntu releases to the versions below: * plucky (25.04): HAProxy 3.0.10 (See entries from 3.0.9 to 3.0.10). * noble (24.04): HAProxy 2.8.15 (See entries from 2.8.6 to 2.8.15). * jammy (22.04): HAProxy 2.4.29 (See entries from 2.4.15 to 2.4.29). These updates include bugfixes only following the SRU policy exception defined at https://documentation.ubuntu.com/sru/en/latest/reference/exception-HAProxy-Updates DISCLAIMER: For these updates, we are not upgrading to the latest patch version possible. Instead, we are sticking to the versions which include the fixes up to the version we currently ship in questing to avoid upgrade path regressions. [Upstream changes] HAProxy 3.0.10: https://www.haproxy.org/download/3.0/src/CHANGELOG HAProxy 2.8.15: https://www.haproxy.org/download/2.8/src/CHANGELOG HAProxy 2.4.29: https://www.haproxy.org/download/2.4/src/CHANGELOG Important bug fixes include: * noble (24.04) - HAProxy 2.8.15: - BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - BUG/MAJOR: server: fix stream crash due to deleted server - BUG/MAJOR: promex: fix crash on deleted server - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe - BUG/MAJOR: server: do not delete srv referenced by session - BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state - BUG/MAJOR: quic: reject too large CRYPTO frames - BUG/MAJOR: ocsp: Separate refcount per instance and per store - BUG/MAJOR: quic: fix wrong packet building due to already acked frames * jammy (22.04) - HAProxy 2.4.29: - BUG/MAJOR: server: do not delete srv referenced by session - BUG/MAJOR: hlua: improper lock usage with hlua_ctx_resume() - BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers - BUG/MAJOR: mux-pt: Always destroy the backend connection on detach - BUG/MAJOR: connection: fix server used_conns with H2 + reuse safe [Test Plan] TODO: link to the upstream CI pipelines demonstrating all tests are passing TODO: if there are any non passing tests - explain why that is ok in this case A test build set is available at https://launchpad.net/~athos/+archive/ubuntu/haproxy/+packages. We ran the haproxy DEP8 test suite for the packages built in that PPA. Here are the results: * Results: - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [amd64] + ✅ haproxy on jammy for amd64 @ 11.10.25 01:21:25 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [arm64] + ✅ haproxy on jammy for arm64 @ 11.10.25 01:21:38 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [armhf] + ✅ haproxy on jammy for armhf @ 11.10.25 01:24:48 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [i386] - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [ppc64el] + ✅ haproxy on jammy for ppc64el @ 11.10.25 01:21:58 Log️ 🗒️ - haproxy: jammy/haproxy/2.4.29-0ubuntu0.22.04.1~ppa1 [s390x] + ✅ haproxy on jammy for s390x @ 11.10.25 01:20:56 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [amd64] + ✅ haproxy on noble for amd64 @ 11.10.25 01:20:32 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [arm64] + ✅ haproxy on noble for arm64 @ 11.10.25 01:21:27 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [armhf] + ✅ haproxy on noble for armhf @ 11.10.25 01:23:59 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [i386] - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [ppc64el] + ✅ haproxy on noble for ppc64el @ 11.10.25 01:21:23 Log️ 🗒️ - haproxy: noble/haproxy/2.8.15-0ubuntu0.24.04.1~ppa1 [s390x] + ✅ haproxy on noble for s390x @ 11.10.25 01:20:38 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [amd64] + ✅ haproxy on plucky for amd64 @ 11.10.25 01:20:26 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [arm64] + ✅ haproxy on plucky for arm64 @ 11.10.25 01:22:09 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [armhf] + ✅ haproxy on plucky for armhf @ 11.10.25 01:23:55 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [i386] - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [ppc64el] + ✅ haproxy on plucky for ppc64el @ 11.10.25 01:21:43 Log️ 🗒️ - haproxy: plucky/haproxy/3.0.10-0ubuntu0.25.04.1~ppa1 [s390x] + ✅ haproxy on plucky for s390x @ 11.10.25 01:20:36 Log️ 🗒️ [Regression Potential] HAProxy itself does not have many reverse dependencies, however, any upgrade is a risk to introduce some breakage to other packages. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [Regression Potential - Changes Analysis (CA)] There is a significant number of low regression risk (as per upstream classification) functional changes. Moreover, some (fewer) bug fixes have a possible medium regression risk (again, as per upstream classification). The functional changes mentioned above were included because they are, in majority, needed by other entries which are bug fixes, i.e., these are functional changes needed to fix specific bugs. [Regression Potential - CA - Upstream changes classification criteria] https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING#L632 describes the upstream guidelines for tagging the entries in the upstream changelog based on their purpose, importance, severity, etc. Below, I summarize the relevant bits of such guidelines. Patches "fixing a bug must have the 'BUG' tag", e.g., "BUG/MAJOR: description" "When the patch cannot be categorized, [...] only use a risk or complexity information [...]. This is commonly the case for new features". For instance, "MINOR: description" For MINOR tags, the patch "is safe enough to be backported to stable branches". Patches tagged MEDIUM "may cause unexpected regressions of low importance [...], the patch is safe but touches working areas". Patches tagged MAJOR carry a "major risk of hidden regression". No changes are tagged MAJOR without a bug classifier, i.e., all of the patches classified as MAJOR are BUG/MAJOR and will be discussed below. There is also a CRITICAL tag but no changes are tagged with it in the new candidate versions. [Regression Potential - CA - Impact] For the next Jammy update, we would upgrade HAPRoxy from 2.4.14 to 2.4.29. Among the changes, there are 5 bug fixes tagged as BUG/MAJOR and 15 uncategorized changes (potentially functional), where 13 are tagged as MINOR and 2 are tagged as MEDIUM. For the next Noble update, we would upgrade HAPRoxy from 2.8.5 to 2.8.15. This has the largest impactful change set for these proposed HAProxy upgrades. Among the changes, there are 12 bug fixes tagged as BUG/MAJOR and 80 uncategorized changes (potentially functional), where 74 are tagged as MINOR and 6 are tagged as MEDIUM. For the next Plucky update, we would upgrade HAPRoxy from 3.0.8 to 3.0.10. Among the changes, there are 21 uncategorized changes - (potentially functional), where 20 are tagged as MINOR and 1 are tagged + (potentially functional), where 20 are tagged as MINOR and 1 is tagged as MEDIUM. [Previous updates] - LP: #2012557 - LP: #2028418 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112526 Title: Micro release updates for jammy, noble, and plucky To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/2112526/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
