Hi, HAProxy 2.5.5 was released on 2022/03/14. It added 39 new commits after version 2.5.4.
The main issues fixed in this version are: * An issue in the pass-through multiplexer leading to a connection leak on the server side when timeout occurred during the connection establishment. In this case, the server connection was detached from the application stream but not closed. At this stage the connection could only be closed by the server, if it was finally accepted, or by the kernel, after all SYN retries. All versions as far as 2.3 are affected by this bug. * Two issues in the HTTP client applet. First it was possible to trigger an infinite loop when the same HTTP client lua instance was used to send several POST requests. A counter was not reset between the requests. Then, the applet was unexpectedly able to consume the response before its analysis by the application stream. To hit the bug, the applet's I/O handler had to be scheduled before the stream one. The result was a crash because of a NULL dereferenced pointer. * An issue in the master CLI. When a command was sent to a worker, the errors, especially write errors, during the response processing were not properly handled. The session could remain stuck if a client quickly closed the connection before the response was fully sent. The maxconn value of the master CLI is set 10. Thus, it could quickly be unresponsive if this happened several times. * A possible null deref in the htx_xfer_blks() function, when headers or trailers were partially transferred. Concretely, it was only possible when H2 trailers were copied from the mux to the channel buffer. * A crash with the FCGI health-checks. When the multi-level source and destination addresses were introduced, a bug was also introduced. The FCGI multiplexer was relying on the server stream-interface to set some parameters (REMOTE_ADDR/REMOTE_PORT and SERVER_NAME/SERVER_PORT). But there is no stream-interface with the health-check because there is no stream. Now, the server connection is used instead of the stream-interface when the origin is a health-check. * A design issue for listener-less streams. When a stream was created from a session without listener, the request analyzers were not properly set. Concretely, it is only an issue for client applets, more specifically the HTTP ones. Thus only the HTTP client was affected by this bug. However, there was no visible effect. * An issue with all HTX applets. The end of a message was only reported at the HTX level. The channel's flags were not updated accordingly. The only known visible effect of this bug was some server aborts erroneously reported in the stats counters. * A theoretical risk of memleak in session_accept_fd() because of a wrong goto label on the error path. * An alignment issue with pool_head structure. * Some build issues were fixed. kFreeBSD is now a distinct target, the old HA_ATOMIC_LOAD() macro now supports const pointers, few numeric constants are explicitly marked as long long, In addition, it adds some improvements: * Proxy mode (tcp, http, cli...) is not properly reported when displayed. Missing "syslog" and "peers" mode can now be reported. * "no-memory-trimming" global option was added to disable call to malloc_trim(). Some users with very large numbers of connections have been facing extremely long malloc_trim() calls on reload that managed to trigger the watchdog! That's a bit counter-productive. It's even possible that some implementations are not perfectly reliable or that their trimming time grows quadratically with the memory used. With this option, it is possible to disable this mechanism. * The dark mode support of the stat page was updated to be applied on socket rows. As usual, people using the 2.5 branch are encouraged to migrate to this version. Thanks everyone for your help and your contributions! Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse : http://discourse.haproxy.org/ Slack channel : https://slack.haproxy.org/ Issue tracker : https://github.com/haproxy/haproxy/issues Wiki : https://github.com/haproxy/wiki/wiki Sources : http://www.haproxy.org/download/2.5/src/ Git repository : http://git.haproxy.org/git/haproxy-2.5.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-2.5.git Changelog : http://www.haproxy.org/download/2.5/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ --- Complete changelog : Christopher Faulet (16): BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() REGTESTS: fix the race conditions in normalize_uri.vtc REGTESTS: fix the race conditions in secure_memcmp.vtc BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams DEBUG: cache: Update underlying buffer when loading HTX message in cache applet BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing DEBUG: stream: Add the missing descriptions for stream trace events DEBUG: stream: Fix stream trace message to print response buffer state BUG/MAJOR: mux-pt: Always destroy the backend connection on detach REGTESTS: fix the race conditions in be2hex.vtc David Carlier (2): BUILD: fix kFreeBSD build. BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix Ilya Shipitsin (3): CI: github actions: use cache for OpenTracing CI: refactor OpenTracing build script CI: github actions: use cache for SSL libs Marno Krahmer (1): MINOR: stats: Add dark mode support for socket rows Tim Duesterhus (1): CI: Consistently use actions/checkout@v2 William Lallemand (8): BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST BUG/MINOR: add missing modes in proxy_mode_str() BUG/MINOR: cli: shows correct mode in "show sess" BUG/MEDIUM: httpclient: don't consume data before it was analyzed CLEANUP: htx: remove unused co_htx_remove_blk() BUG/MINOR: httpclient: consume partly the blocks when necessary BUG/MINOR: httpclient: remove the UNUSED block when parsing headers BUG/MEDIUM: httpclient: must manipulate head, not first Willy Tarreau (8): CI: github actions: add the output of $CC -dM -E- BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers BUILD: tree-wide: mark a few numeric constants as explicitly long long BUG/MINOR: pool: always align pool_heads to 64 bytes BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed MINOR: pools: add a new global option "no-memory-trimming" BUILD: pools: fix backport of no-memory-trimming on non-linux OS BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() -- Christopher Faulet