Welcome! Log In Create A New Profile

Advanced

[ANNOUNCE] haproxy-1.8-rc2

Posted by Willy Tarreau 
Willy Tarreau
[ANNOUNCE] haproxy-1.8-rc2
November 04, 2017 12:20AM
Hi,

1.8-rc1 had quite a few painful issues that we managed to sort out, so
in order to facilitate testing by most users, here comes 1.8-rc2. Here's
an overview of the main changes :
- fixed the deadlock that prevented us from using checks and threads at
the same time
- fixed the bug with the lock on the freq counters causing a CPU loop
when retrieving some table entries over peers.
- fixed an ugly memory corruption on H2 due to a bug on a buffer
manipulation function
- fixed a use-after-free bug in the passthrough mux causing random
crashes
- fixed another loop when the cache is used over H2
- and fixed another cache issue related to filters (I don't
remember which one, I'm sorry).
- a bunch of missing locks in the DNS code, checks and Lua
were addressed during a code review.

There are still some issues we're working on but they require a bit
less efforts to work around :

- the cache currently must only used in a frontend and with logs
enabled (to inherit txn->uri), but it's currently being addressed.
Since it's not a big deal, we preferred to make it testable anyway.
Please don't use cache rules in the backend and frontend at the
same time for now, the behaviour will likely be undefined.

- I've been running this version on www.haproxy.org (explaining the
short outages a few of you might have noticed while trying to spot
the passthrough mux bug). And yes, haproxy.org was delivered in H2
this afternoon :-) But I faced an infinite loop once and unfortunately
the core I managed to trigger was unexploitable so I'm trying again
without success for now (I'll stop it for the night here, as I want
to be in front when it happens to debug it but not to prevent anyone
from downloading or accessing the site). Thus, please don't leave it
unattended for too long if you don't have an automatic switch-over,
even if you think it looks pretty at first glance.

- we know that there are some build issues on Solaris which can be
worked around, though I think threads will not work due to naming
conflicts between macros.

Threads are expected to be usable now. I'm going to re-enable them on
haproxy.org as soon as I spot the bug causing the rare loop (don't want
to mix the two for now).

Feel free to test. Coredumps (and their associated executable) are
welcome, but only if built with -g (the default). And gdb backtraces
(bt full) are very helpful as well, especially if you attach to a
stuck or looping process.

Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.8/src/
Git repository : http://git.haproxy.org/git/haproxy-1.8.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/

Willy
---
Complete changelog :
David Carlier (2):
BUG/MINOR: stdarg.h inclusion
BUILD: enable USE_THREAD for OpenBSD build.

Emeric Brun (4):
BUG/MAJOR: fix deadlock on healthchecks.
BUG/MINOR: freq: fix infinite loop on freq_ctr_period.
BUG/MINOR: dns: fix missing lock protection on server.
BUG/MINOR: lua: fix missing lock protection on server.

Emmanuel Hocdet (2):
BUG/MINOR: send-proxy-v2: fix dest_len in make_tlv call
BUG/MINOR: send-proxy-v2: string size must include ('\0')

Olivier Houchard (3):
MINOR: mux: Only define pipe functions on linux.
MINOR: cache: Remove useless test for nonzero.
MINOR: cache: Don't confuse act_return and act_parse_ret.

William Lallemand (2):
BUILD: shctx: allow to be built without openssl
BUG/MEDIUM: cache: don't try to resolve wrong filters

Willy Tarreau (6):
BUG/MEDIUM: h2: don't try to parse incomplete H1 responses
BUG/MEDIUM: checks/mux: always enable send-polling after connecting
BUG/MINOR: thread: fix a typo in the debug code
BUG/MAJOR: buffers: fix get_buffer_nc() for data at end of buffer
BUG/MAJOR: mux_pt: don't dereference a connstream after ->wake()
MINOR: thread: report multi-thread support in haproxy -vv

---
Aleksandar Lazic
Re: [ANNOUNCE] haproxy-1.8-rc2
November 04, 2017 01:00AM
The new version is on docker hub

https://hub.docker.com/r/me2digital/haproxy18/

###
HA-Proxy version 1.8-rc2-a8d8d6e 2017/11/03
Copyright 2000-2017 Willy Tarreau <[email protected]>

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
-fwrapv -Wno-unused-label
OPTIONS = USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_ZLIB=1
USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1
USE_TFO=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents =
200

Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Built with network namespace support.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Built with multi-threading support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
###

regards
Aleks

------ Originalnachricht ------
Von: "Willy Tarreau" <[email protected]>
An: haproxy@formilux.org
Gesendet: 04.11.2017 00:15:49
Betreff: [ANNOUNCE] haproxy-1.8-rc2

>Hi,
>
>1.8-rc1 had quite a few painful issues that we managed to sort out, so
>in order to facilitate testing by most users, here comes 1.8-rc2.
>Here's
>an overview of the main changes :
> - fixed the deadlock that prevented us from using checks and threads
>at
> the same time
> - fixed the bug with the lock on the freq counters causing a CPU loop
> when retrieving some table entries over peers.
> - fixed an ugly memory corruption on H2 due to a bug on a buffer
> manipulation function
> - fixed a use-after-free bug in the passthrough mux causing random
> crashes
> - fixed another loop when the cache is used over H2
> - and fixed another cache issue related to filters (I don't
> remember which one, I'm sorry).
> - a bunch of missing locks in the DNS code, checks and Lua
> were addressed during a code review.
>
>There are still some issues we're working on but they require a bit
>less efforts to work around :
>
>- the cache currently must only used in a frontend and with logs
> enabled (to inherit txn->uri), but it's currently being addressed.
> Since it's not a big deal, we preferred to make it testable anyway.
> Please don't use cache rules in the backend and frontend at the
> same time for now, the behaviour will likely be undefined.
>
>- I've been running this version on www.haproxy.org (explaining the
> short outages a few of you might have noticed while trying to spot
> the passthrough mux bug). And yes, haproxy.org was delivered in H2
> this afternoon :-) But I faced an infinite loop once and
>unfortunately
> the core I managed to trigger was unexploitable so I'm trying again
> without success for now (I'll stop it for the night here, as I want
> to be in front when it happens to debug it but not to prevent anyone
> from downloading or accessing the site). Thus, please don't leave it
> unattended for too long if you don't have an automatic switch-over,
> even if you think it looks pretty at first glance.
>
>- we know that there are some build issues on Solaris which can be
> worked around, though I think threads will not work due to naming
> conflicts between macros.
>
>Threads are expected to be usable now. I'm going to re-enable them on
>haproxy.org as soon as I spot the bug causing the rare loop (don't want
>to mix the two for now).
>
>Feel free to test. Coredumps (and their associated executable) are
>welcome, but only if built with -g (the default). And gdb backtraces
>(bt full) are very helpful as well, especially if you attach to a
>stuck or looping process.
>
>Please find the usual URLs below :
> Site index : http://www.haproxy.org/
> Discourse : http://discourse.haproxy.org/
> Sources : http://www.haproxy.org/download/1.8/src/
> Git repository : http://git.haproxy.org/git/haproxy-1.8.git/
> Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
> Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG
> Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
>
>Willy
>---
>Complete changelog :
>David Carlier (2):
> BUG/MINOR: stdarg.h inclusion
> BUILD: enable USE_THREAD for OpenBSD build.
>
>Emeric Brun (4):
> BUG/MAJOR: fix deadlock on healthchecks.
> BUG/MINOR: freq: fix infinite loop on freq_ctr_period.
> BUG/MINOR: dns: fix missing lock protection on server.
> BUG/MINOR: lua: fix missing lock protection on server.
>
>Emmanuel Hocdet (2):
> BUG/MINOR: send-proxy-v2: fix dest_len in make_tlv call
> BUG/MINOR: send-proxy-v2: string size must include ('\0')
>
>Olivier Houchard (3):
> MINOR: mux: Only define pipe functions on linux.
> MINOR: cache: Remove useless test for nonzero.
> MINOR: cache: Don't confuse act_return and act_parse_ret.
>
>William Lallemand (2):
> BUILD: shctx: allow to be built without openssl
> BUG/MEDIUM: cache: don't try to resolve wrong filters
>
>Willy Tarreau (6):
> BUG/MEDIUM: h2: don't try to parse incomplete H1 responses
> BUG/MEDIUM: checks/mux: always enable send-polling after
>connecting
> BUG/MINOR: thread: fix a typo in the debug code
> BUG/MAJOR: buffers: fix get_buffer_nc() for data at end of buffer
> BUG/MAJOR: mux_pt: don't dereference a connstream after ->wake()
> MINOR: thread: report multi-thread support in haproxy -vv
>
>---
>
Willy Tarreau
Re: [ANNOUNCE] haproxy-1.8-rc2
November 04, 2017 07:20AM
On Fri, Nov 03, 2017 at 11:54:09PM +0000, Aleksandar Lazic wrote:
> The new version is on docker hub

Thanks Aleks!

By the way, I've added this line to report whether threads are
enabled or not, it will help during bug reports :

> haproxy -vv
> (...)
> Built with PCRE version : 8.32 2012-11-30
> Running on PCRE version : 8.32 2012-11-30
> PCRE library supports JIT : yes
> Built with multi-threading support.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

(it may happen anywhere like other lines here as it depends on the
link order).

Willy
Sorry, only registered users may post in this forum.

Click here to login