MRE updates of haproxy for focal, jammy and lunar
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
haproxy (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Athos Ribeiro | ||
Jammy |
Fix Released
|
Undecided
|
Athos Ribeiro | ||
Lunar |
Won't Fix
|
Undecided
|
Athos Ribeiro |
Bug Description
This bug tracks an update for the HAProxy package in the following Ubuntu
releases to the versions below:
* Focal (20.04): HAProxy 2.0.33
* Jammy (22.04): HAProxy 2.4.24
These updates are a best effort to follow the SRU policy exception defined
at https:/
[Upstream changes]
* Focal (20.04): https:/
* Jammy (22.04): https:/
Important bug fixes include:
- Fix a buffering issue when performing multiple large-header replacements at once, which could overwrite parts of the contents of the headers.
- Fix for CVE-2023-40225. Empty content-length headers in requests/responses are now rejected (This is already applied in Ubuntu).
- Several lower severity fixes.
[Test Plan]
Since the upstream CI piplines do not run (publicly) for HAProxy 2.4 and 2.0, we triggered those using the upstream project github workflows:
HAproxy 2.0.33 (focal): https:/
HAproxy 2.4.24 (jammy): https:/
The only errors in the workflows are related to gcc on Windows, and spelling related issues, which should not be blockers here.
There is also an error in the spec compliance run for the 2.4 actions. However, we can see in the actions matrix that upstream did add a "-Wno-deprecate
We ran autopkgtest for the new versions in the following PPA:
https:/
Here are the results:
* Results:
- haproxy/
+ ✅ haproxy on focal for amd64 @ 31.10.23 23:06:37 https:/
+ ✅ haproxy on focal for arm64 @ 31.10.23 23:03:26 https:/
+ ✅ haproxy on focal for armhf @ 31.10.23 23:02:18 https:/
+ ✅ haproxy on focal for ppc64el @ 31.10.23 22:59:11 https:/
+ ✅ haproxy on focal for s390x @ 31.10.23 23:00:08 https:/
- haproxy/
+ ✅ haproxy on jammy for amd64 @ 31.10.23 23:06:26 https:/
+ ✅ haproxy on jammy for arm64 @ 31.10.23 23:28:44 https:/
+ ✅ haproxy on jammy for armhf @ 31.10.23 22:56:34 https:/
+ ✅ haproxy on jammy for ppc64el @ 31.10.23 23:00:08 https:/
+ ✅ haproxy on jammy for s390x @ 31.10.23 22:55:01 https:/
[Regression Potential]
HAProxy itself does not have many reverse dependencies, however, any upgrade is
a risk to introduce some breakage to other packages. Whenever a test failure is
detected, we will be on top of it and make sure it doesn't affect existing
users.
[Regression Potential - Changes Analysis (CA)]
There is a significant number of low regression risk (as per upstream classification) functional changes.
Moreover, some (fewer) bug fixes have a possible major regression risk (again, as per upstream classification).
The functional changes mentioned above were included because they are, in majority, needed by other entries which are bug fixes, i.e., these are functional changes needed to fix specific bugs.
[Regression Potential - CA - Upstream changes classification criteria]
https:/
describes the upstream guidelines for tagging the entries in the upstream changelog based
on their purpose, importance, severity, etc.
Below, I summarize the relevant bits of such guidelines.
Patches "fixing a bug must have the 'BUG' tag", e.g., "BUG/MAJOR: description"
"When the patch cannot be categorized, [...] only use a risk or complexity
information [...]. This is commonly the case for new features". For
instance, "MINOR: description"
For MINOR tags, the patch "is safe enough to be backported to stable
branches".
Patches tagged MEDIUM "may cause unexpected regressions of low importance
[...], the patch is safe but touches working areas".
Patches tagged MAJOR carry a "major risk of hidden regression".
There is also a CRITICAL tag but no changes are tagged with it in the new
candidate versions.
[Regression Potential - CA - Impact]
For the next Focal MRE, we would upgrade HAPRoxy from 2.0.31 to 2.0.33. Among
the changes, there are 2 bug fixes tagged as BUG/MAJOR and 9 uncategorized changes
(potentially functional) tagged as MINOR.
For the next Jammy MRE, we would upgrade HAPRoxy from 2.4.22 to 2.4.24. Among
the changes, there are 2 bug fixes tagged as BUG/MAJOR (the same ones being fixed
in Focal), and 1 MEDIUM and 22 MINOR uncategorized changes (potentially functional).
For the next Lunar MRE, we would upgrade HAPRoxy from 2.6.9 to 2.6.15. This is
the largest change set for all the possible HAProxy MREs we may want to
propose. Among the changes, there are 8 bug fixes tagged as BUG/MAJOR, 3 MAJOR, 8
MEDIUM and 65 MINOR uncategorized changes (potentially functional).
[Regression Potential - CA - Assessment]
Below we discuss the changes with the greater regression potential (and the most relevant uncategorized ones, which may contain functional changes)
Focal 20.04:
- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
- BUG/MAJOR: http: reject any empty content-length header value
It seems that, for both of them, the MAJOR tag was chosen due to the severity
of the bugs and not due to the regression potential. The first, changes the way
replace-header operations are buffered. The latter changes the content-length
header parser to reject requests/responses with empty values for that header.
The remaining uncategorized Focal changes are all MINOR, and are either adding
new internal functions used by other bug fixes, other internal changes where
regressions are not expected, or are discussed below.
- MINOR: h2: pass accept-
While this change is only forwarding a new parameter, it is used for a bug fix
which makes HAProxy stop accepting some invalid characters as part of the URI
component. According to upstream, "such requests appear at a rate of roughly 1
per million and only come from attacks or poorly written web crawlers
incorrectly following links found on various pages". After this change set, the
former behavior can still be turned on with the accept-
option.
- MINOR: checks: make sure spread-checks is used also at boot time
Make randomly spread health check timings to also be used at boot time.
This seems to be a small enhancement and not a bug fix.
Jammy 22.04:
It carries the same changes listed for Focal, and:
- MEDIUM: proto_ux: properly suspend named UNIX listeners
Before this patch, suspending a listener using named UNIX sockets would
result in a no-op and recv events on the socket could still be processed.
This changes the behavior to stop listening on those sockets when the
listener is suspended.
- MINOR: startup: HAPROXY_
This is also an improvement instead of a fix. This sets the
HAPROXY_
to start the master in a master-worker mode.
Lunar 23.04:
For Lunar, there are too many changes classified in the categories mentioned above, which drastically increases the regression risk.
Since Mantic is already on 2.6.15, Lunar being an interim series, and given we
are approaching the Mantic release date, we are proposing to skip the Lunar MRE entirely.
While no version comparison issues would arise due to skipping Lunar, a non-LTS
upgrade path (Jammy->Lunar) would introduce regressions in the package, which
would be fixed with another upgrade (Lunar->Mantic). As per the item 1 at https:/
[Appendix A - Upstream potentially breaking changes list]
Below you will find the list of changes I extracted from the full changelogs of
the candidate MRE versions. I filtered the changelogs with the following command:
$ cat 2.0_changelog 2.4_changelog 2.6_changelog | grep -E '^[^ ]|(- )?(MAJOR|CRIT)|- (MINOR|MEDIUM)'
This selected only the unclassified (not bug fixing) changes and the bug fixing
changes classified as BUG/MAJOR and BUG/CRITICAL.
Focal - potentially upgrading from 2.0.31 to 2.0.33
ChangeLog :
===========
2023/08/19 : 2.0.33
- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
- BUG/MAJOR: http: reject any empty content-length header value
- MINOR: ist: add new function ist_find_range() to find a character range
- MINOR: ist: Add istend() function to return a pointer to the end of the string
- MINOR: http: add new function http_path_
- MINOR: h2: pass accept-
2023/06/12 : 2.0.32
- MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
- MINOR: checks: make sure spread-checks is used also at boot time
- MINOR: clock: measure the total boot time
- MINOR: spoe: Don't stop disabled proxies
- MINOR: server: explicitly commit state change in srv_update_status()
Jammy - potentially upgrading from 2.4.22 to 2.4.24
ChangeLog :
===========
2023/08/19 : 2.4.24
- MINOR: proto_uxst: add resume method
- MINOR: listener/api: add lli hint to listener functions
- MINOR: listener: add relax_listener() function
- MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping
- MINOR: listener: make sure we don't pause/resume bypassed listeners
- MINOR: listener: pause_listener() becomes suspend_listener()
- MEDIUM: proto_ux: properly suspend named UNIX listeners
- MINOR: proto_ux: ability to dump ABNS names in error messages
- MINOR: lua: Add a function to get a reference on a table in the stack
- MINOR: hlua: add simple hlua reference handling API
- MINOR: hlua: simplify lua locking
- MINOR: sink/api: pass explicit maxlen parameter to sink_write()
- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
- BUG/MAJOR: http: reject any empty content-length header value
- MINOR: ist: add new function ist_find_range() to find a character range
- MINOR: http: add new function http_path_
- MINOR: h2: pass accept-
2023/06/09 : 2.4.23
- MINOR: startup: HAPROXY_
- MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
- MINOR: proxy: check if p is NULL in free_proxy()
- MINOR: checks: make sure spread-checks is used also at boot time
- MINOR: clock: measure the total boot time
- MINOR: spoe: Don't stop disabled proxies
- MINOR: server: explicitly commit state change in srv_update_status()
- MINOR: proxy: add http_free_
Lunar - potentially upgrading from 2.6.9 to 2.6.15
ChangeLog :
===========
2023/08/09 : 2.6.15
- MINOR: compression/slz: add support for a pure flush of pending bytes
- MINOR: quic: Move QUIC encryption level structure definition
- MINOR: quic: Move packet number space related functions
- MINOR: quic: Reduce the maximum length of TLS secrets
- MINOR: sink/api: pass explicit maxlen parameter to sink_write()
- MINOR: quic: Make ->set_encryptio
- MINOR: quic: Useless call to SSL_CTX_
- BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value replacement
- BUG/MAJOR: h3: reject header values containing invalid chars
- BUG/MAJOR: http: reject any empty content-length header value
- MINOR: ist: add new function ist_find_range() to find a character range
- MINOR: http: add new function http_path_
- MINOR: h2: pass accept-
2023/06/09 : 2.6.14
- MINOR: ssl: ssl_sock_
- MINOR: quic: use real sending rate measurement
- MINOR: spoe: Don't stop disabled proxies
- MINOR: http-rules: Add missing actions in http-after-response ruleset
- MINOR: proxy: add http_free_
- MINOR: htx: add function to set EOM reliably
- MINOR: checks: make sure spread-checks is used also at boot time
- MINOR: clock: measure the total boot time
- MINOR: mux-quic: uninline qc_attach_sc()
2023/05/02 : 2.6.13
- MINOR: proxy/pool: prevent unnecessary calls to pool_gc()
- MINOR: quic: Add missing traces in cubic algorithm implementation
- BUG/MAJOR: quic: Congestion algorithms states shared between the connection
- MINOR: server: add SRV_F_DELETED flag
- MINOR: http-ana: Add a HTTP_MSGF flag to state the Expect header was checked
- MINOR: quic: Trace fix in quic_pto_pktns() (handshaske status)
- MINOR: quic: Modify qc_try_rm_hp() traces
- MINOR: quic: Dump more information at proto level when building packets
- MINOR: quic: Add a trace for packet with an ACK frame
- MINOR: quic: Add connection flags to traces
- MINOR: quic: Remove a useless test about probing in qc_prep_pkts()
- MINOR: quic: Do not allocate too much ack ranges
- MINOR: proto_uxst: add resume method
- MINOR: listener/api: add lli hint to listener functions
- MINOR: listener: add relax_listener() function
- MINOR: listener: workaround for closing a tiny race between resume_listener() and stopping
- MINOR: listener: make sure we don't pause/resume bypassed listeners
- MINOR: listener: pause_listener() becomes suspend_listener()
- MEDIUM: proto_ux: properly suspend named UNIX listeners
- MINOR: proto_ux: ability to dump ABNS names in error messages
- MINOR: hlua: add simple hlua reference handling API
- MINOR: hlua: simplify lua locking
- MINOR: quic: Add traces to qc_kill_conn()
- MINOR: quic: Add trace to debug idle timer task issues
- MINOR: quic: Add <pto_count> to the traces
- MINOR: quic: Display the packet number space flags in traces
- MINOR: server: explicitly commit state change in srv_update_status()
- MINOR: quic: Move traces at proto level
- MINOR: mux-quic: do not set buffer for empty STREAM frame
- MINOR: mux-quic: do not allocate Tx buf for empty STREAM frame
2023/03/28 : 2.6.12
- BUG/MAJOR: poller: drop FD's tgid when masks don't match
2023/03/17 : 2.6.11
- MINOR: buffer: add br_single() to check if a buffer ring has more than one buf
- MINOR: h2: add h2_phdr_to_ist() to make ISTs from pseudo headers
- MEDIUM: mux-h2/trace: add tracing support for headers
- MINOR: trace: add a TRACE_ENABLED() macro to determine if a trace is active
- MINOR: trace: add a trace_no_cb() dummy callback for when to use no callback
- MINOR: trace: add the long awaited TRACE_PRINTF()
- BUG/MAJOR: qpack: fix possible read out of bounds in static table
2023/03/10 : 2.6.10
- MINOR: startup: HAPROXY_
- MINOR: fd/cli: report the polling mask in "show fd"
- MINOR: mux-h2/traces: do not log h2s pointer for dummy streams
- MINOR: mux-h2/traces: add a missing TRACE_LEAVE() in h2s_frt_
- MINOR: ssl: rename confusing ssl_bind_kws
- MEDIUM: epoll: don't synchronously delete migrated FDs
- MEDIUM: poller: program the update in fd_update_events() for a migrated FD
- MAJOR: fd: remove pending updates upon real close
- MINOR: fd: delete unused updates on close()
- MEDIUM: fd: add the tgid to the fd and pass it to fd_insert()
- MINOR: cli/fd: show fd's tgid and refcount in "show fd"
- MINOR: fd: add functions to manipulate the FD's tgid
- MINOR: fd: add fd_get_running() to atomically return the running mask
- MAJOR: fd: grab the tgid before manipulating running
- MINOR: fd: make fd_clr_running() return the previous value instead
- MEDIUM: fd: make fd_insert/fd_delete atomically update fd.tgid
- MEDIUM: fd: quit fd_update_events() when FD is closed
- MAJOR: poller: only touch/inspect the update_mask under tgid protection
- MEDIUM: fd: support broadcasting updates for foreign groups in updt_fd_polling
- BUG/MAJOR: fd/thread: fix race between updates and closing FD
- BUG/MAJOR: fd/threads: close a race on closing connections after takeover
- MINOR: h3/hq-interop: handle no data in decode_qcs() with FIN set
- MINOR: quic: adjust request reject when MUX is already freed
- MINOR: quic: Move code to wakeup the timer task to avoid anti-amplication deadlock
Related branches
- git-ubuntu bot: Approve
- Sergio Durigan Junior (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 2349 lines (+636/-305)45 files modified.github/workflows/cross-zoo.yml (+1/-1)
.github/workflows/vtest.yml (+1/-0)
.gitignore (+1/-0)
CHANGELOG (+61/-0)
SUBVERS (+1/-1)
VERDATE (+2/-2)
VERSION (+1/-1)
debian/changelog (+19/-0)
debian/patches/series (+0/-2)
dev/null (+0/-150)
doc/configuration.txt (+37/-14)
include/common/h2.h (+2/-2)
include/common/ist.h (+53/-0)
include/common/time.h (+2/-1)
include/types/spoe.h (+1/-0)
reg-tests/http-messaging/h1_to_h1.vtc (+26/-0)
reg-tests/http-messaging/h2_to_h1.vtc (+60/-0)
reg-tests/http-rules/fragment_in_uri.vtc (+35/-0)
reg-tests/http-rules/h1or2_to_h1c.vtc (+12/-4)
scripts/publish-release (+3/-0)
src/checks.c (+10/-1)
src/chunk.c (+7/-3)
src/debug.c (+3/-2)
src/filters.c (+2/-3)
src/flt_spoe.c (+21/-9)
src/h1.c (+36/-7)
src/h2.c (+76/-13)
src/haproxy.c (+18/-1)
src/hlua.c (+17/-3)
src/http.c (+1/-1)
src/http_msg.c (+10/-3)
src/log.c (+4/-0)
src/mux_h1.c (+15/-3)
src/mux_h2.c (+15/-5)
src/mworker.c (+21/-5)
src/namespace.c (+1/-0)
src/proto_htx.c (+2/-1)
src/proto_tcp.c (+3/-1)
src/proxy.c (+2/-2)
src/sample.c (+2/-2)
src/server.c (+31/-58)
src/ssl_sock.c (+1/-1)
src/stream_interface.c (+16/-0)
src/tcp_rules.c (+2/-2)
src/time.c (+2/-1)
- git-ubuntu bot: Approve
- Sergio Durigan Junior (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 5461 lines (+1673/-653)92 files modified.cirrus.yml (+1/-1)
.github/matrix.py (+3/-1)
.github/workflows/cross-zoo.yml (+1/-1)
.github/workflows/vtest.yml (+1/-0)
.gitignore (+1/-0)
CHANGELOG (+149/-0)
Makefile (+1/-1)
SUBVERS (+1/-1)
VERDATE (+2/-2)
VERSION (+1/-1)
debian/changelog (+19/-0)
debian/patches/series (+0/-2)
dev/hpack/decode.c (+1/-1)
dev/null (+0/-143)
doc/configuration.txt (+172/-95)
doc/design-thoughts/config-language.txt (+2/-2)
doc/internals/http-parsing.txt (+2/-2)
doc/management.txt (+1/-1)
include/haproxy/connection.h (+11/-1)
include/haproxy/h2.h (+1/-1)
include/haproxy/hlua.h (+1/-0)
include/haproxy/http.h (+19/-0)
include/haproxy/http_ana-t.h (+1/-1)
include/haproxy/http_rules.h (+1/-0)
include/haproxy/listener-t.h (+5/-0)
include/haproxy/listener.h (+27/-11)
include/haproxy/proxy-t.h (+1/-0)
include/haproxy/server.h (+1/-0)
include/haproxy/sink.h (+5/-3)
include/haproxy/spoe-t.h (+1/-0)
include/haproxy/stick_table.h (+1/-1)
include/haproxy/time.h (+2/-1)
include/import/ist.h (+47/-0)
reg-tests/cache/caching_rules.vtc (+96/-0)
reg-tests/http-messaging/h1_to_h1.vtc (+26/-0)
reg-tests/http-messaging/h2_to_h1.vtc (+60/-0)
reg-tests/http-rules/h1or2_to_h1c.vtc (+12/-4)
reg-tests/http-rules/normalize_uri.vtc (+13/-0)
reg-tests/log/log_uri.vtc (+1/-1)
scripts/build-ssl.sh (+1/-1)
scripts/publish-release (+3/-0)
src/backend.c (+0/-2)
src/cache.c (+10/-6)
src/cfgparse-tcp.c (+1/-0)
src/cfgparse.c (+7/-3)
src/channel.c (+1/-1)
src/check.c (+10/-1)
src/chunk.c (+7/-3)
src/debug.c (+24/-3)
src/dns.c (+24/-12)
src/filters.c (+2/-3)
src/flt_spoe.c (+21/-9)
src/h1.c (+36/-7)
src/h1_htx.c (+1/-1)
src/h2.c (+41/-8)
src/haproxy.c (+30/-1)
src/hlua.c (+166/-50)
src/http.c (+1/-1)
src/http_ana.c (+30/-5)
src/http_rules.c (+47/-11)
src/listener.c (+139/-53)
src/log.c (+20/-9)
src/mjson.c (+2/-2)
src/mux_fcgi.c (+1/-1)
src/mux_h1.c (+8/-2)
src/mux_h2.c (+10/-4)
src/mworker.c (+39/-11)
src/namespace.c (+1/-0)
src/proto_uxdg.c (+15/-7)
src/proto_uxst.c (+15/-7)
src/protocol.c (+9/-7)
src/proxy.c (+42/-19)
src/resolvers.c (+5/-2)
src/ring.c (+0/-1)
src/sample.c (+3/-3)
src/server.c (+30/-57)
src/server_state.c (+1/-1)
src/sink.c (+30/-20)
src/sock_inet.c (+18/-0)
src/sock_unix.c (+39/-2)
src/ssl_crtlist.c (+9/-0)
src/ssl_sock.c (+2/-2)
src/stick_table.c (+10/-7)
src/stream_interface.c (+16/-0)
src/task.c (+21/-5)
src/tcp_rules.c (+2/-2)
src/tcp_sample.c (+2/-2)
src/tcpcheck.c (+10/-4)
src/thread.c (+4/-2)
src/time.c (+3/-1)
src/tools.c (+13/-13)
src/trace.c (+1/-1)
CVE References
Changed in haproxy (Ubuntu): | |
milestone: | none → ubuntu-23.08 |
Changed in haproxy (Ubuntu): | |
milestone: | ubuntu-23.08 → ubuntu-23.09 |
Changed in haproxy (Ubuntu Focal): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in haproxy (Ubuntu Jammy): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in haproxy (Ubuntu Lunar): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in haproxy (Ubuntu Focal): | |
assignee: | Lucas Kanashiro (lucaskanashiro) → Athos Ribeiro (athos-ribeiro) |
Changed in haproxy (Ubuntu Jammy): | |
assignee: | Lucas Kanashiro (lucaskanashiro) → Athos Ribeiro (athos-ribeiro) |
Changed in haproxy (Ubuntu Lunar): | |
assignee: | Lucas Kanashiro (lucaskanashiro) → Athos Ribeiro (athos-ribeiro) |
Changed in haproxy (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in haproxy (Ubuntu Focal): | |
status: | Confirmed → In Progress |
Changed in haproxy (Ubuntu Jammy): | |
status: | Confirmed → In Progress |
description: | updated |
Changed in haproxy (Ubuntu Lunar): | |
status: | Confirmed → Won't Fix |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Status changed to 'Confirmed' because the bug affects multiple users.