Hi,
HAProxy 2.0.30 was released on 2022/12/09. It added 72 new commits
after version 2.0.29.
This release flushes the pipe of all pending fixes:
* A major issue on sitck-tables were fixed about a possible crash if server
name indexing is used to perform stickiness when the server is an applet.
This is typically what happens when a "stick-store" rule is present in a
backend featuring a "stats" directive. And at the end, to fix the bug,
such rules must simply be ignored when the server is an applet.
* A race condition on some global tasks was fixed. The stick-table
expiration task and the listeners management task were concerned. These
tasks may run on any thread. Both set their expiration date to
TICK_ETERNITY. On the other hand, these task may be queued or scheduled
from anywhere. The race was when the both happened at same time. Indeed
it is forbidden to queue a task with no expiration date. To prevent any
issue, a locking mechanism is now used.
* It was possible to trigger the watchdog because of an extreme contention
on the proxy's lock while the libc was in malloc()/free(). It was mainly
due to the errors capture. A call to free() was under the lock with no
special reason. The object is now released outside of the proxy's lock.
* The protocol matching for HTTP/1.X is now strict. Non-HTTP/1.X protocols
are now rejected by default. This can be relaxed by adding
"accept-invalid-http-request" option.
* An issue during the argument parsing when sample fetches or converters
are called from lua was fixed to avoid crashes on failure.
* An old bug in the H2 mux may cause spurious stream resets when uploading
and downloading at the same time from the same stream, due to the window
update frames having to be delayed when the output is full, and sent
later after the stream ID was reset. Those using POST to servers might
have experienced such occasional issues and might want to check for any
improvement there. This was reported in issue #1830 and diagnosed by
David le Blanc.
* Reloading peers could compete on the local one and slow down or block the
replication.
* Reloading peers could interrupt a resync in progress if the retry timer
triggered before the end.
* In peers, messages about unkown table was not properly ignored. Those
messages are now silently ignored and the upper layer continue the
processing as it is done for any valid messages
* It was possible to crash HAProxy by defining multiple bind lines in a
peers section. An error is now reported during configuration parsing.
* Pause or resume a proxy from lua code could lead to some race because
these operations were performed outside the proxy's lock. To fix the
issue and prevent any trouble, the proxy's API was slightly refactored to
be sure the proxy's lock is always acquired by low-level functions.
* There was an undesired sharing of data between default-servers that could
lead to double-frees concretized by crashes when checking the config.
This was reported in issue #1804 by Fabiano Nunes.
* There was a bug in the SPOE. In sync or pipelining modes, an unhealthy
SPOA could led HAProxy to create a huge number of applets to process
queued messages, slowing down all processing.
* An internal error was reported when loadbalancing on source IP address
was impossible. It could happens with SPOE applets or with clients
connected to HAProxy via a unix socket. Now, when this happens, a
fallback to round-robin is performed.
* Headers case adjustment in H1 is now available for TCP proxies. It was
an issue for HTTP health-checks on backend side or for TCP connections
upgraded to HTTP on frontend side.
* A bug in the "method" sample fetch could lead to a crash if it was used
in logs for errors triggered at the mux level. This sample requires a
stream, witch does not yet exist when an early error is reported by a
mux. Now, a non-matching is returned in this case.
* A memory leak was fixed when some TXN variables were defined from a
tcp-request ruleset for an HTTP session. Indeed, in this case, these
variables were lost because of an extra list initialization during the
HTTP transaction creation.
* Characters escaping process in log messages was not correctly processing
strings coming from sample fetches truncating the output string.
* The DNS resolution is now ignored for disabled proxies preventing some
crashes.
* A 60s delay could be experienced after stopping HAProxy. This was
happening when a signal was received before entering the poller and
without any activity on the process. In mworker mode, if a worker exited
and the SIGCHLD signal was delivered at the right time to the master,
this one could be stuck for 60s. The timeout is now set to 0 in this
specific case.
Thanks everyone for your help and your contributions.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.0/src/
Git repository : https://git.haproxy.org/git/haproxy-2.0.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.0.git
Changelog : https://www.haproxy.org/download/2.0/src/CHANGELOG
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Aurelien DARRAGON (4):
BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK
BUG/MINOR: log: improper behavior when escaping log data
DOC: configuration: missing 'if' in tcp-request content example
BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists
Christopher Faulet (24):
REGTESTS: abortonclose: Fix some race conditions
REGTESTS: abortonclose: Add a barrier to not mix up log messages
REGTESTS: http_request_buffer: Increase client timeout to wait "slow"
clients
BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is
created
BUG/MINOR: http-fetch: Use integer value when possible in "method" sample
fetch
BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible
MINOR: peers: Use a dedicated reconnect timeout when stopping the local
peer
BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload
BUG/MINOR: peers: Use right channel flag to consider the peer as connected
MINOR: server: Constify source server to copy its settings
REORG: server: Export srv_settings_cpy() function
BUG/MEDIUM: proxy: Perform a custom copy for default server settings
BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode
BUG/MEDIUM: peers: Add connect and server timeut to peers proxy
BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress
BUG/MEDIUM: peers: Don't start resync on reload if local peer is not
up-to-date
REGTESTS: http_request_buffer: Add a barrier to not mix up log messages
BUG/MINOR: h1: Support headers case adjustment for TCP proxies
BUILD: cfgparse: Fix GCC warning about a variable used after realloc
BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth()
BUG/MAJOR: stick-table: don't process store-response rules for applets
BUG/MEDIUM: listener: Fix race condition when updating the global mngmt
task
BUILD: peers: Remove unused variables
Revert "CI: determine actual LibreSSL version dynamically"
David Carlier (1):
BUILD: fix build warning on solaris based systems with __maybe_unused.
Emeric Brun (5):
BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections
BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section
DOC: peers: clarify when entry expiration date is renewed.
DOC: peers: fix port number and addresses on new peers section format
BUG/MEDIUM: peers: messages about unkown tables not correctly ignored
Ilya Shipitsin (2):
CI: determine actual LibreSSL version dynamically
CI: add monthly gcc cross compile jobs
Matthias Wirth (1):
BUG/MINOR: signals/poller: ensure wakeup from signals
Olivier Houchard (1):
BUG/MEDIUM: lua: handle stick table implicit arguments right.
Thayne McCombs (1):
BUG/MEDIUM: sample: Fix adjusting size in word converter
Tim Duesterhus (3):
BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols
CI: Replace the deprecated `::set-output` command by writing to
$GITHUB_OUTPUT in matrix.py
CI: Replace the deprecated `::set-output` command by writing to
$GITHUB_OUTPUT in workflow definition
William Lallemand (8):
BUG/MINOR: peers: fix possible NULL dereferences at config parsing
BUG/MINOR: sockpair: wrong return value for fd_send_uxst()
BUG/MINOR: ssl: free the fields in srv->ssl_ctx
BUG/MINOR: resolvers: return the correct value in
resolvers_finalize_config()
DOC: configuration: do-resolve doesn't work with a port in the string
BUG/MINOR: signals/poller: set the poller timeout to 0 when there are
signals
BUILD: fix compilation for OpenSSL-3.0.0-alpha17
DOC: management: add forgotten "show startup-logs"
Willy Tarreau (22):
BUG/MINOR: peers: fix error reporting of "bind" lines
SCRIPTS: add make-releases-json to recreate a releases.json file in
download dirs
SCRIPTS: make publish-release try to launch make-releases-json
DOC: peers: indicate that some server settings are not usable
BUG/MINOR: conn_stream: do not confirm a connection from the frontend path
BUILD: compiler: implement unreachable for older compilers too
BUG/MINOR: server: do not enable DNS resolution on disabled proxies
BUG/MINOR: peers/config: always fill the bind_conf's argument
BUILD: http: silence an uninitialized warning affecting gcc-5
BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle
BUG/MEDIUM: captures: free() an error capture out of the proxy lock
SCRIPTS: announce-release: update some URLs to https
BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os
BUG/MAJOR: stick-tables: do not try to index a server name for applets
BUG/MEDIUM: stick-table: fix a race condition when updating the
expiration task
CI: emit the compiler's version in the build reports
BUILD: listener: fix build warning on global_listener_rwlock without
threads
DOC: config: provide some configuration hints for "http-reuse"
DOC: config: clarify the fact that SNI should not be used in HTTP
scenarios
DOC: config: explain how default matching method for ACL works
DOC: config: clarify the fact that "retries" is not just for connections
DOC: config: clarify the -m dir and -m dom pattern matching methods
--
Christopher Faulet
