Hi all,
at Exosec we discovered a rather amazing bug on 1.4. Content-length values
larger than 2^32 (4 GB) did not properly work on 32-bit machines, despite
everything being processed in 64-bits everywhere. We tracked that down to
an incorrect use (and implementation) of buffer_forward() which expects to
update all of the content-length value at once and works on longs...
So I made a fix. This one was not easy because I did not want to play with
64-bit values in the critical path on 32-bit machines. In the end, 64-bit
machines will slightly benefit from it because their buffers now contain
an int instead of a long, so that's 8 less bytes per session.
I'd say that if you're running on 64-bit or if you're not uploading files
larger than 4G, there's no emergency to upgrade. This bug has been present
in all 1.4 versions (since the processing of the content-length), and it
does not appear to strike that often ! Another incompletely fixed bug in
previous releases was fixed once for all this time, so at least it can be
a valid reason to upgrade.
However for new installs, better get the fixed version !
site index : http://haproxy.1wt.eu/
sources : http://haproxy.1wt.eu/download/1.4/src/
changelog : http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
binaries : http://haproxy.1wt.eu/download/1.4/bin/
Willy
