Hi,
HAProxy 2.7-dev10 was released on 2022/11/24. It added 53 new commits
after version 2.7-dev9.
Tests were productive, we got a few last-minute bug reports that led
to important fixes:
- two possible crashes in QUIC were found and now confirmed to be
fixed thanks to Gabriel and Tristan's tests and feedback.
- the scheduler's wait queue was not being properly locked when
dealing with tasks able to run on multiple thread groups (e.g.
stick-table updates).
- a possible crash could happen on H1 during reloads with some
idle front connections, and on some complex error path conditions.
- a few other regular issues that were not specific to 2.7 were addressed.
Other than that, the minimal support for building with the WolfSSL
library was added (mostly one extra USE_ makefile rule to specify the
slightly different lib names and a few ifdefs to isolate non-implemented
features). We don't consider this reasonably usable yet, and some regtests
are still failing, but the main purpose is to make it much easier for the
WolfSSL team to run their tests with HAProxy, instead of relying on the
constantly rebased patch. Note for Ilya and Tim, I don't think it's worth
thinking about adding this to the CI until we reach a situation where
regtests stop failing.
The "rst-ttl" argument to the "silent-drop" action is now supported, to
always rely on TCP RST instead of connection repair and help also protect
a part of the infrastructure. Thanks to Mathias Weiersmueller for doing
this quickly and cleanly after discussing it at the HAProxyConf!
Some minor debugging stuff was added (sorting + filtering in "show pools",
displaying the name of failed CLI commands, and a few build fixes and
cleanups with older compilers as well as minor doc updates were applied.
Those closely following QUIC might have noticed that a small patch set
from Amaury was under review and testing over the last few weeks, to
improve CPU usage and connection reloads. However thanks to Gabriel's
tests, some late glitches were found in it and we preferred not to rush
quick fixes at the last minute on top of it. Better let the pressure go
down for now, fix it and merge it later. I have no problem with backporting
it into 2.7.1 for example after it has undergone a bit more testing in
production.
So far I think we're good for a release next week, unless some last-minute
disaster is discovered, of course. There were some old issues suggesting
to improve certain parts of the doc, I think we should find them and try
to handle the relevant ones till the release. Then with a bit of hope, on
Wednesday or Thursday we'll do it.
I think I'm forgetting something but I'm reaching the end of this message,
so if it comes back it will be in another message now :-)
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.7/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/2.7/src/CHANGELOG
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Abhijeet Rastogi (1):
MINOR: cli: print parsed command when not found
Amaury Denoyelle (5):
DOC: configuration: fix quic prefix typo
MINOR: quic: report error if force-retry without cluster-secret
MINOR: global: generate random cluster.secret if not defined
DOC: quic: add note on performance issue with listener contention
BUG/MEDIUM: quic: fix datagram dropping on queueing failed
Aurelien DARRAGON (7):
BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on
proxy "from" inheritance
BUG/MINOR: log: fix parse_log_message rfc5424 size check
CLEANUP: arg: remove extra check in make_arg_list arg escaping
CLEANUP: tools: extra check in utoa_pad
DOC: configuration.txt: add default_value for table_idle signature
DOC: configuration.txt: fix typo in table_idle signature
MINOR: auth: silence null dereference warning in check_user()
Christopher Faulet (14):
MINOR: h1: Consider empty port as invalid in authority for CONNECT
MINOR: http: Considere empty ports as valid default ports
BUG/MINOR: http-htx: Normalized absolute URIs with an empty port
BUG/MINOR: h1: Replace authority validation to conform RFC3986
REG-TESTS: http: Add more tests about authority/host matching
BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri
action
BUG/MEDIUM: mux-h1: Don't release H1C on timeout if there is a SC attached
BUG/MEDIUM: mux-h1: Subscribe for reads on error on sending path
BUILD: http-htx: Silent build error about a possible NULL start-line
BUILD: ssl-sock: Silent error about NULL deref in
ssl_sock_bind_verifycbk()
BUG/MEDIUM: mux-h1: Remove H1C_F_WAIT_NEXT_REQ flag on a next request
BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out
MINOR: mux-h1: Remove H1C_F_WAIT_NEXT_REQ in functions handling errors
MINOR: mux-h1: Avoid useless call to h1_send() if no error is sent
Frédéric Lécaille (2):
BUG/MAJOR: quic: Crash upon retransmission of dgrams with several packets
BUG/MAJOR: quic: Crash after discarding packet number spaces
Ilya Shipitsin (1):
CLEANUP: quic: replace "choosen" with "chosen" all over the code
Mathias Weiersmueller (1):
MEDIUM: tcp-act: add parameter rst-ttl to silent-drop
Uriah Pollock (2):
BUILD: quic: use openssl-compat.h instead of openssl/ssl.h
MEDIUM: ssl: add minimal WolfSSL support with OpenSSL compatibility mode
Willy Tarreau (20):
MINOR: cli/pools: store "show pools" results into a temporary array
MINOR: cli/pools: add sorting capabilities to "show pools"
MINOR: cli/pools: add pool name filtering capability to "show pools"
BUG/MINOR: resolvers: do not run the timeout task when there's no
resolution
BUG/MINOR: server/idle: at least use atomic stores when updating
max_used_conns
MINOR: server/idle: make the next_takeover index per-tgroup
BUILD: listener: fix build warning on global_listener_rwlock without
threads
BUG/MAJOR: sched: protect task during removal from wait queue
BUILD: sched: fix build with DEBUG_THREAD with the previous commit
BUILD: stick-tables: fix build breakage in xxhash on older compilers
BUILD: compiler: include compiler's definitions before ours
BUILD: quic: global.h is needed in cfgparse-quic
CLEANUP: tools: do not needlessly include xxhash nor cli from tools.h
BUILD: flags: really restrict the cases where flags are exposed
BUILD: makefile: minor reordering of objects by build time
BUILD: quic: silence two invalid build warnings at -O1 with gcc-6.5
MINOR: sample: make the rand() sample fetch function use the
statistical_prng
CLEANUP: peers: fix format string for status messages (int signedness)
CLEANUP: qpack: fix format string in debugging code (int signedness)
CLEANUP: qpack: properly use the QPACK macros not HPACK ones in debug code
---
