Hi, HAProxy 3.1-dev2 was released on 2024/06/29. It added 45 new commits after version 3.1-dev1.
Several fixes related to the recent 3.0 release are present in this version, as well as a few older ones. Most visible are three QUIC crashes, a possible double free on stick-tables, issues affecting aws-lc with ECDSA, a risk of server flapping when DNS resolution times out, and the usual amount of small fixes all over the place. In addition we've been notified by Yuki Mogi of FFRI Security that some of our pseudo-headers in H3 were not sanitized enough and that these could theoretically be abused with some severely non-compliant backend servers, so this was fixed as well. This will be backported to the next stable versions as it's not dramatic enough to warrant a release on its own. The "show dev" command was improved to report command-line args as well as boot & current capabilities. Linux capabilities switched to v3 instead of v1 in order to avoid a deprecation warning on recent kernels. We've checked the impacts and apparently there are none, beyond the lack of support of kernels prior to 2.6.26, so we'll soon backport it to 3.0 so as to silence the annoying warning users are facing. A date converter was added to take an HTTP date on input and produce a UNIX timestamp on output. This will help calculate expiration delays for example. The sigalg feature was added for aws-lc, which, I think, should now match 1:1 the features level of openssl (unless I'm missing something). Some hints were added to crash outputs to suggest how to decode the core file and what to report. And the rest is a start of files reorganization, cleanups and doc updates. Really nothing truly exciting but it's only dev2, be patient :-) Regarding the MPTCP and CONNECT patches that have been floating around, I just couldn't assign a single minute to them since my return from vacation. Maybe I'll have an eye on one of them next week, may be the week after. Don't worry, they're not forgotten. I'd also like that we revive Tristan's abns change proposal for 3.1, now that we're no longer at the end of a cycle. I'll also try better next time to advance the release to the middle of the week but this time it didn't work. Please find the usual URLs below : Site index : https://www.haproxy.org/ Documentation : https://docs.haproxy.org/ Wiki : https://github.com/haproxy/wiki/wiki Discourse : https://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Sources : https://www.haproxy.org/download/3.1/src/ Git repository : https://git.haproxy.org/git/haproxy.git/ Git Web browsing : https://git.haproxy.org/?p=haproxy.git Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG Dataplane API : https://github.com/haproxytech/dataplaneapi/releases/latest Pending bugs : https://www.haproxy.org/l/pending-bugs Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs Code reports : https://www.haproxy.org/l/code-reports Latest builds : https://www.haproxy.org/l/dev-packages Willy --- Complete changelog : Amaury Denoyelle (12): BUG/MAJOR: quic: fix padding with short packets BUG/MAJOR: quic: do not loop on emission on closing/draining state SCRIPTS: git-show-backports: do not truncate git-show output BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() BUG/MINOR: quic: fix race condition in qc_check_dcid() BUG/MINOR: quic: fix race-condition on trace for CID retrieval Aurelien DARRAGON (11): BUG/MINOR: log: fix broken '+bin' logformat node option DEBUG: hlua: distinguish burst timeout errors from exec timeout errors BUG/MEDIUM: proxy: fix email-alert invalid free REORG: mailers: move free_email_alert() to mailers.c BUG/MINOR: proxy: fix email-alert leak on deinit() (2nd try) DOC: management: document ptr lookup for table commands DOC: api/event_hdl: small updates, fix an example and add some precisions BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() MINOR: cfgparse/log: remove leftover dead code BUG/MINOR: server: fix first server template name lookup UAF BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error Christopher Faulet (2): BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session MINOR: stick-table: Always decrement ref count before killing a session Frederic Lecaille (1): BUILD: Missing inclusion header for ssize_t type Valentine Krasnobaeva (9): MINOR: capabilities: export capget and __user_cap_header_struct MINOR: capabilities: prepare support for version 3 MINOR: capabilities: use _LINUX_CAPABILITY_VERSION_3 MINOR: cli/debug: show dev: add cmdline and version MINOR: cli/debug: show dev: show capabilities REORG: init: do MODE_CHECK_CONDITION logic first REORG: init: encapsulate CHECK_CONDITION logic in a func REORG: init: encapsulate 'reload' sockpair and master CLI listeners creation REORG: init: encapsulate code that reads cfg files William Lallemand (6): REGTESTS: ssl: fix some regtests 'feature cmd' start condition BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configuration MINOR: ssl: activate sigalgs feature for AWS-LC REGTESTS: ssl: activate new SSL reg-tests with AWS-LC DOC: configuration: fix alphabetical order of bind options MINOR: sample: date converter takes HTTP date and output an UNIX timestamp Willy Tarreau (4): DEV: flags/show-fd-to-flags: adapt to recent versions MINOR: debug: print gdb hints when crashing BUILD: debug: also declare strlen() in __ABORT_NOW() MINOR: activity: make the memory profiling hash size configurable at build time ---