Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
On Thu, May 28, 2020 at 12:41:44PM +0200, Tim Düsterhus wrote: > My Postfix + Dovecot still works as evidenced by the fact that I am able > read your email and send a reply. My HTTP services also work. Thanks very much, that's exactly what I needed to know! William proposed me to handle the 2.1.5 release. I know we still have a minor fix to do there about the log fix (or revert it if it causes any difficulty) but we can release very soon now. Cheers, Willy
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Willy, Am 28.05.20 um 09:23 schrieb Willy Tarreau: > Please do me a favor, just check that this pre-release is OK for you: > >http://git.haproxy.org/?p=haproxy-2.1.git;a=snapshot;h=HEAD;sf=tgz > > I'd really hate having to release it just to have to emit yet another > one to fix the same issue again :-/ > Okay, I've done what I really wanted to avoid and built my own HAProxy. I'm now running HAProxy 2.1.5-1~~~timwolla+1 and I hope that it will smoothly upgrade to Vincent's build once it is released. > [root@~]haproxy -vv > HA-Proxy version 2.1.5-1~~~timwolla+1 2020/05/28 - https://haproxy.org/ > Status: stable branch - will stop receiving fixes around Q1 2021. > Known bugs: http://www.haproxy.org/bugs/bugs-2.1.5.html > Running on: Linux 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1 (2020-01-20) x86_64 > Build options : > TARGET = linux-glibc > CPU = generic > CC = gcc > CFLAGS = -O2 -g -O2 -fdebug-prefix-map=/pwd/haproxy-2.1.5=. > -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time > -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement > -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered > -Wno-missing-field-initializers -Wtype-limits -Wshift-negative-value > -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference > OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 > USE_ZLIB=1 USE_SYSTEMD=1 > > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER -PCRE -PCRE_JIT > +PCRE2 +PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +REGPARM > -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT > +CRYPT_H -VSYSCALL +BACKTRACE +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 > -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES > -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS > > Default settings : > bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Built with multi-threading support (MAX_THREADS=64, default=8). > Built with OpenSSL version : OpenSSL 1.1.0l 10 Sep 2019 > Running on OpenSSL version : OpenSSL 1.1.0l 10 Sep 2019 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 > Built with Lua version : Lua 5.3.3 > Built with network namespace support. > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND > Built with PCRE2 version : 10.22 2016-07-29 > PCRE2 library supports JIT : yes > Encrypted password support via crypt(3): yes > Built with zlib version : 1.2.8 > Running on zlib version : 1.2.8 > Compression algorithms supported : identity("identity"), deflate("deflate"), > raw-deflate("deflate"), gzip("gzip") > Built with the Prometheus exporter as a service > > Available polling systems : > epoll : pref=300, test result OK >poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Available multiplexer protocols : > (protocols marked as cannot be specified using 'proto' keyword) > h2 : mode=HTTP side=FE|BE mux=H2 > fcgi : mode=HTTP side=BEmux=FCGI > : mode=HTTP side=FE|BE mux=H1 > : mode=TCPside=FE|BE mux=PASS > > Available services : > prometheus-exporter > > Available filters : > [SPOE] spoe > [CACHE] cache > [FCGI] fcgi-app > [TRACE] trace > [COMP] compression My Postfix + Dovecot still works as evidenced by the fact that I am able read your email and send a reply. My HTTP services also work. Best regards Tim Düsterhus
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Hi again Tim, On Thu, May 28, 2020 at 06:15:04AM +0200, Willy Tarreau wrote: > Hi Tim, > > On Wed, May 27, 2020 at 04:33:47PM +0200, Tim Düsterhus wrote: > > I already asked 2 weeks ago [1], but I'll ask again: > > > > > Is there any date planned for 2.1.5? I'm still running 2.1.3 on one > > > machine, because I use Dovecot. > > > > And I only just realize that 2.1.3 is affected by CVE-2020-11100 which > > makes the current situation especially ugly. Either I run a version with > > a critical bug without workaround, I break Dovecot or I compile my own > > HAProxy. > > Thanks for the ping. I'm trying :-/ I've been stuck doing only janitor > work for the last 3 months with zero development at all and am still > having a number of things to do before the release. I'll try to emit a > new one today or tomorrow. Please do me a favor, just check that this pre-release is OK for you: http://git.haproxy.org/?p=haproxy-2.1.git;a=snapshot;h=HEAD;sf=tgz I'd really hate having to release it just to have to emit yet another one to fix the same issue again :-/ Thanks! Willy
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Hi Tim, On Wed, May 27, 2020 at 04:33:47PM +0200, Tim Düsterhus wrote: > I already asked 2 weeks ago [1], but I'll ask again: > > > Is there any date planned for 2.1.5? I'm still running 2.1.3 on one > > machine, because I use Dovecot. > > And I only just realize that 2.1.3 is affected by CVE-2020-11100 which > makes the current situation especially ugly. Either I run a version with > a critical bug without workaround, I break Dovecot or I compile my own > HAProxy. Thanks for the ping. I'm trying :-/ I've been stuck doing only janitor work for the last 3 months with zero development at all and am still having a number of things to do before the release. I'll try to emit a new one today or tomorrow. Willy
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Hi List, Willy, Am 27.05.20 um 02:00 schrieb stable-...@haproxy.com: > Last release 2.1.4 was issued on 2020-04-02. There are currently 52 patches > in the queue cut down this way: > - 1 MAJOR, first one merged on 2020-05-20 > - 20 MEDIUM, first one merged on 2020-05-01 > - 31 MINOR, first one merged on 2020-04-02 > > Thus the computed ideal release date for 2.1.5 would be 2020-04-30, which was > four weeks ago. > > Last release 2.0.14 was issued on 2020-04-02. There are currently 45 patches > in the queue cut down this way: > - 1 MAJOR, first one merged on 2020-05-22 > - 18 MEDIUM, first one merged on 2020-05-07 > - 26 MINOR, first one merged on 2020-04-02 > > Thus the computed ideal release date for 2.0.15 would be 2020-04-30, which > was four weeks ago. I already asked 2 weeks ago [1], but I'll ask again: > Is there any date planned for 2.1.5? I'm still running 2.1.3 on one > machine, because I use Dovecot. And I only just realize that 2.1.3 is affected by CVE-2020-11100 which makes the current situation especially ugly. Either I run a version with a critical bug without workaround, I break Dovecot or I compile my own HAProxy. Best regards Tim Düsterhus [1] https://www.mail-archive.com/haproxy@formilux.org/msg37344.html