Hi,
HAProxy 2.6.19 was released on 2024/09/19. It added 64 new commits
after version 2.6.18.
Following the 2.8.11 release, it is now the turn to the 2.6. This release covers
the same period. So, fixed bugs are more or less the same, excluding those not
concerning the 2.6:
* The SSL stack is now always completely initialized. Due to a change of
API in 3.x the old call was deprecated and used to emit a warning, but
it was later found to still be required in some cases. This has been
cooking in 2.9 for 6 months now and is considered OK.
* HTTP applets (stats, cache and promex) were starting to process the
request and reply without worrying about whether the request analysis
was finished or not. In the vast majority of cases, it is not an issue
because the request analysis is indeed finished in the same time the
applet on server side is created. But if a filter delayed the request
analysis, it might happens. In that case, some undefined and hardly
predictible behaviors were able to be experienced, like responses sent
too early or even crashes. Among others, the compression filter was
pretty sensitive in this case because it is mandatory to filter the
request before the response. To fix the issue, there is now a check in
backend HTTP applets to wait for the end of the request analysis.
* The hard limit on the number of file descriptors now defaults to about 1
million, in order to match what has been done for a very long time on
many distros, and that recently changed to 1 billion on some of them,
causing a huge startup time (or even a watchdog at boot) and a massive
memory usage.
* The SSL library functions used to validate a JWT token would leave an
error in the SSL stack, that will later be mistaken for an error on
another connection and cause it to be closed. "jwt_verify" converter was
fixed when called with a HMAC algorithm (HS256, HS384, HS512). In that
case, the converter must not try to load a file because the key should
hold a secret. It is especially important for runtime uses, like lua for
instance. But note, for dynamic calls, this remains an issue for other
algorithms because there is nothing to prevent I/O disk.
* A time-of-check/time-of-use (TOCTOU) issue in the queue processing makes
it rare but possible to leave a server with no connection yet not take
any traffic. It's more likely to happen with maxconn 1, very hard at 2
and almost impossible at 3 or above. In addition, A flag is now used to
be sure only one thread is dequeuing session at once instead of relying
on a trylock to do so. No 2.6 release was affected, but 2.9/3.0 versions
were buggy because of TOCTOU fix.
* Empty transfer-encoding headers in H1 are now properly blocked since
they may be used to try to build an attack against vulnerable
implementations.
* An issue in SPOE that can cause a thread to refrain from creating an
applet to connect outside, causing failures on requests processed on
this thread.
* It was possible to crash the process when performing an implicit
protocol upgrade (TCP to HTTP due to a transition from a TCP front to an
HTTP back) if an error happened on the connection just before the
transition.
* Unhandled aborts were fixed in the H2 multiplexer. The end of
message could be reported twice for tunneled streams, leaving the second
one blocked at the channel level because of the first one.
* Several bugs were fixed on QUIC:
- An incorrect computation was performed when encoding a STREAM frame in
a single packet leading to datagrams smaller than expected, resulting
in suboptimal for bandwidth.
- A few assorted minor fixes (possible crash on resource allocation
error, slight loss of precision in Cubic parameters calculations etc).
- It was possible to freeze a connection because of 0-RTT undeciphered
content.
- The MAX_STREAM ID value was not properly checked and it was possible
to send too big value. It is now fixed. Thanks to this patch, this
also ensure that the peer cannot open a stream with an invalid ID as
this would cause a flow-control violation instead.
- Some issues with the QUIC traces were fixed.
* On H3, when a response is formatted to be sent to the client, the
handling of responses with a too long header list was fixed to no longer
abort the process but to return proper error. In addition, the syntax
checks on :method and :scheme H3 headers were insufficient. This was
fixed too.
* Some bugs related to pattern expressions handling loaded from file were
fixed.
* When a listen() failed for TCP and Unix sockets, the file descriptor was
not removed from the fdtab[] array, leading to a possible crash because
of a BUG_ON() when this FD was reused. The FD is now properly removed
from fdtab[] in that case.
* Description of the command line options -dR and -dV were missing in the
management documentation. It is now fixed. Documentation about "show
stat" CLI command was also updated to reflect the renaming of "dns"
counters to "resolvers". More details about the master-worker was added
in the configuration manual and the "maxconn" description was improved,
as well as info about http-keep-alive timeout and other timeouts.
Thanks everyone for your help !
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/2.6/src/
Git repository : https://git.haproxy.org/git/haproxy-2.6.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-2.6.git
Changelog : https://www.haproxy.org/download/2.6/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
---
Complete changelog :
Amaury Denoyelle (10):
BUG/MINOR: quic: fix computed length of emitted STREAM frames
SCRIPTS: git-show-backports: do not truncate git-show output
BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure
BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure
BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid
BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid
BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content
BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID
BUG/MINOR: h3: properly reject too long header responses
Aurelien DARRAGON (7):
BUG/MEDIUM: cli: fix cli_output_msg() regression
DOC: management: rename show stats domain cli "dns" to "resolvers"
BUG/MINOR: hlua: report proper context upon error in
hlua_cli_io_handler_fct()
REGTESTS: add a test to ensure map-ordering is preserved
BUG/MINOR: pattern: prevent const sample from being tampered in
pat_match_beg()
BUG/MEDIUM: pattern: prevent UAF on reused pattern expr
BUG/MINOR: cfgparse-listen: fix option httpslog override warning message
Christopher Faulet (12):
BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the
signature
BUG/MINOR: h1: Fail to parse empty transfer coding names
BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value
BUG/MEDIUM: h1: Reject empty Transfer-encoding header
BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current
thread
BUG/MINOR: server: Don't warn fallback IP is used during init-addr
resolution
BUG/MINOR: cli: Atomically inc the global request counter between CLI
commands
BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no
longer ready
BUG/MEDIUM: cli: Always release back endpoint between two commands on the
mcli
BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams
BUG/MEDIUM: cache/stats: Wait to have the request before sending the
response
BUG/MEDIUM: promex: Wait to have the request before sending the response
Frederic Lecaille (2):
MINOR: quic: Add a counter for reordered packets
BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)
Frédéric Lécaille (1):
MINOR: quic: Add packet loss and maximum cc window to "show quic"
Ilia Shipitsin (1):
BUG/MINOR: fcgi-app: handle a possible strdup() failure
Nathan Wehrman (1):
DOC: config: correct the table for option tcplog
Valentine Krasnobaeva (9):
DOC/MINOR: management: add missed -dR and -dv options
MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2)
BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn
DOC: configuration: update maxconn description
BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
BUG/MINOR: proto_tcp: keep error msg if listen() fails
BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
William Lallemand (7):
DOC: configuration: fix alphabetical order of bind options
DOC: configuration: more details about the master-worker mode
MEDIUM: ssl: initialize the SSL stack explicitely
BUG/MINOR: jwt: don't try to load files with HMAC algorithm
BUG/MINOR: jwt: fix variable initialisation
DOC: configuration: issuers-chain-path not compatible with OCSP
REGTESTS: mcli: test the pipelined commands on master CLI
Willy Tarreau (14):
MINOR: mux-h2/traces: explicitly show the error/refused stream states
MINOR: queue: add a function to check for TOCTOU after queueing
BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue()
DOC: config: improve the http-keep-alive section
BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn
CLEANUP: trace: remove the QUIC-specific ifdefs
BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc
BUG/MINOR: trace: automatically start in waiting mode with "start <evt>"
BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion
BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE
BUG/MINOR: pattern: do not leave a leading comma on "set" error messages
REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load
BUG/MINOR: polling: fix time reporting when using busy polling
BUG/MEDIUM: queue: implement a flag to check for the dequeuing
--
Christopher Faulet
