Hi,
HAProxy 2.5.5 was released on 2022/03/14. It added 39 new commits
after version 2.5.4.
The main issues fixed in this version are:
* An issue in the pass-through multiplexer leading to a connection leak on
the server side when timeout occurred during the connection
establishment. In this case, the server connection was detached from the
application stream but not closed. At this stage the connection could
only be closed by the server, if it was finally accepted, or by the
kernel, after all SYN retries. All versions as far as 2.3 are affected
by this bug.
* Two issues in the HTTP client applet. First it was possible to trigger
an infinite loop when the same HTTP client lua instance was used to send
several POST requests. A counter was not reset between the requests.
Then, the applet was unexpectedly able to consume the response before
its analysis by the application stream. To hit the bug, the applet's I/O
handler had to be scheduled before the stream one. The result was a
crash because of a NULL dereferenced pointer.
* An issue in the master CLI. When a command was sent to a worker, the
errors, especially write errors, during the response processing were not
properly handled. The session could remain stuck if a client quickly
closed the connection before the response was fully sent. The maxconn
value of the master CLI is set 10. Thus, it could quickly be
unresponsive if this happened several times.
* A possible null deref in the htx_xfer_blks() function, when headers or
trailers were partially transferred. Concretely, it was only possible
when H2 trailers were copied from the mux to the channel buffer.
* A crash with the FCGI health-checks. When the multi-level source and
destination addresses were introduced, a bug was also introduced. The
FCGI multiplexer was relying on the server stream-interface to set some
parameters (REMOTE_ADDR/REMOTE_PORT and SERVER_NAME/SERVER_PORT). But
there is no stream-interface with the health-check because there is no
stream. Now, the server connection is used instead of the
stream-interface when the origin is a health-check.
* A design issue for listener-less streams. When a stream was created from
a session without listener, the request analyzers were not properly
set. Concretely, it is only an issue for client applets, more
specifically the HTTP ones. Thus only the HTTP client was affected by
this bug. However, there was no visible effect.
* An issue with all HTX applets. The end of a message was only reported at
the HTX level. The channel's flags were not updated accordingly. The
only known visible effect of this bug was some server aborts erroneously
reported in the stats counters.
* A theoretical risk of memleak in session_accept_fd() because of a wrong
goto label on the error path.
* An alignment issue with pool_head structure.
* Some build issues were fixed. kFreeBSD is now a distinct target, the old
HA_ATOMIC_LOAD() macro now supports const pointers, few numeric
constants are explicitly marked as long long,
In addition, it adds some improvements:
* Proxy mode (tcp, http, cli...) is not properly reported when
displayed. Missing "syslog" and "peers" mode can now be reported.
* "no-memory-trimming" global option was added to disable call to
malloc_trim(). Some users with very large numbers of connections have
been facing extremely long malloc_trim() calls on reload that managed to
trigger the watchdog! That's a bit counter-productive. It's even
possible that some implementations are not perfectly reliable or that
their trimming time grows quadratically with the memory used. With this
option, it is possible to disable this mechanism.
* The dark mode support of the stat page was updated to be applied on
socket rows.
As usual, people using the 2.5 branch are encouraged to migrate to this
version. Thanks everyone for your help and your contributions!
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.5/src/
Git repository : http://git.haproxy.org/git/haproxy-2.5.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.5.git
Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
---
Complete changelog :
Christopher Faulet (16):
BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI
health-checks
BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
REGTESTS: fix the race conditions in normalize_uri.vtc
REGTESTS: fix the race conditions in secure_memcmp.vtc
BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of
request
BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
DEBUG: cache: Update underlying buffer when loading HTX message in cache
applet
BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse
processing
DEBUG: stream: Add the missing descriptions for stream trace events
DEBUG: stream: Fix stream trace message to print response buffer state
BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
REGTESTS: fix the race conditions in be2hex.vtc
David Carlier (2):
BUILD: fix kFreeBSD build.
BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
Ilya Shipitsin (3):
CI: github actions: use cache for OpenTracing
CI: refactor OpenTracing build script
CI: github actions: use cache for SSL libs
Marno Krahmer (1):
MINOR: stats: Add dark mode support for socket rows
Tim Duesterhus (1):
CI: Consistently use actions/checkout@v2
William Lallemand (8):
BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
BUG/MINOR: add missing modes in proxy_mode_str()
BUG/MINOR: cli: shows correct mode in "show sess"
BUG/MEDIUM: httpclient: don't consume data before it was analyzed
CLEANUP: htx: remove unused co_htx_remove_blk()
BUG/MINOR: httpclient: consume partly the blocks when necessary
BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
BUG/MEDIUM: httpclient: must manipulate head, not first
Willy Tarreau (8):
CI: github actions: add the output of $CC -dM -E-
BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
BUILD: tree-wide: mark a few numeric constants as explicitly long long
BUG/MINOR: pool: always align pool_heads to 64 bytes
BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
MINOR: pools: add a new global option "no-memory-trimming"
BUILD: pools: fix backport of no-memory-trimming on non-linux OS
BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
--
Christopher Faulet
