Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
On Thu, May 28, 2020 at 12:41:44PM +0200, Tim Düsterhus wrote: > My Postfix + Dovecot still works as evidenced by the fact that I am able > read your email and send a reply. My HTTP services also work. Thanks very much, that's exactly what I needed to know! William proposed me to handle the 2.1.5 release. I know we still have a minor fix to do there about the log fix (or revert it if it causes any difficulty) but we can release very soon now. Cheers, Willy
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Willy,
Am 28.05.20 um 09:23 schrieb Willy Tarreau:
> Please do me a favor, just check that this pre-release is OK for you:
>
>http://git.haproxy.org/?p=haproxy-2.1.git;a=snapshot;h=HEAD;sf=tgz
>
> I'd really hate having to release it just to have to emit yet another
> one to fix the same issue again :-/
>
Okay, I've done what I really wanted to avoid and built my own HAProxy.
I'm now running HAProxy 2.1.5-1~~~timwolla+1 and I hope that it will
smoothly upgrade to Vincent's build once it is released.
> [root@~]haproxy -vv
> HA-Proxy version 2.1.5-1~~~timwolla+1 2020/05/28 - https://haproxy.org/
> Status: stable branch - will stop receiving fixes around Q1 2021.
> Known bugs: http://www.haproxy.org/bugs/bugs-2.1.5.html
> Running on: Linux 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1 (2020-01-20) x86_64
> Build options :
> TARGET = linux-glibc
> CPU = generic
> CC = gcc
> CFLAGS = -O2 -g -O2 -fdebug-prefix-map=/pwd/haproxy-2.1.5=.
> -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
> -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement
> -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
> -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
> -Wno-missing-field-initializers -Wtype-limits -Wshift-negative-value
> -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
> OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1
> USE_ZLIB=1 USE_SYSTEMD=1
>
> Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER -PCRE -PCRE_JIT
> +PCRE2 +PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +REGPARM
> -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT
> +CRYPT_H -VSYSCALL +BACKTRACE +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4
> -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES
> -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS
>
> Default settings :
> bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
>
> Built with multi-threading support (MAX_THREADS=64, default=8).
> Built with OpenSSL version : OpenSSL 1.1.0l 10 Sep 2019
> Running on OpenSSL version : OpenSSL 1.1.0l 10 Sep 2019
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
> Built with Lua version : Lua 5.3.3
> Built with network namespace support.
> Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
> IP_FREEBIND
> Built with PCRE2 version : 10.22 2016-07-29
> PCRE2 library supports JIT : yes
> Encrypted password support via crypt(3): yes
> Built with zlib version : 1.2.8
> Running on zlib version : 1.2.8
> Compression algorithms supported : identity("identity"), deflate("deflate"),
> raw-deflate("deflate"), gzip("gzip")
> Built with the Prometheus exporter as a service
>
> Available polling systems :
> epoll : pref=300, test result OK
>poll : pref=200, test result OK
> select : pref=150, test result OK
> Total: 3 (3 usable), will use epoll.
>
> Available multiplexer protocols :
> (protocols marked as cannot be specified using 'proto' keyword)
> h2 : mode=HTTP side=FE|BE mux=H2
> fcgi : mode=HTTP side=BEmux=FCGI
> : mode=HTTP side=FE|BE mux=H1
> : mode=TCPside=FE|BE mux=PASS
>
> Available services :
> prometheus-exporter
>
> Available filters :
> [SPOE] spoe
> [CACHE] cache
> [FCGI] fcgi-app
> [TRACE] trace
> [COMP] compression
My Postfix + Dovecot still works as evidenced by the fact that I am able
read your email and send a reply. My HTTP services also work.
Best regards
Tim Düsterhus
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Hi again Tim, On Thu, May 28, 2020 at 06:15:04AM +0200, Willy Tarreau wrote: > Hi Tim, > > On Wed, May 27, 2020 at 04:33:47PM +0200, Tim Düsterhus wrote: > > I already asked 2 weeks ago [1], but I'll ask again: > > > > > Is there any date planned for 2.1.5? I'm still running 2.1.3 on one > > > machine, because I use Dovecot. > > > > And I only just realize that 2.1.3 is affected by CVE-2020-11100 which > > makes the current situation especially ugly. Either I run a version with > > a critical bug without workaround, I break Dovecot or I compile my own > > HAProxy. > > Thanks for the ping. I'm trying :-/ I've been stuck doing only janitor > work for the last 3 months with zero development at all and am still > having a number of things to do before the release. I'll try to emit a > new one today or tomorrow. Please do me a favor, just check that this pre-release is OK for you: http://git.haproxy.org/?p=haproxy-2.1.git;a=snapshot;h=HEAD;sf=tgz I'd really hate having to release it just to have to emit yet another one to fix the same issue again :-/ Thanks! Willy
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Hi Tim, On Wed, May 27, 2020 at 04:33:47PM +0200, Tim Düsterhus wrote: > I already asked 2 weeks ago [1], but I'll ask again: > > > Is there any date planned for 2.1.5? I'm still running 2.1.3 on one > > machine, because I use Dovecot. > > And I only just realize that 2.1.3 is affected by CVE-2020-11100 which > makes the current situation especially ugly. Either I run a version with > a critical bug without workaround, I break Dovecot or I compile my own > HAProxy. Thanks for the ping. I'm trying :-/ I've been stuck doing only janitor work for the last 3 months with zero development at all and am still having a number of things to do before the release. I'll try to emit a new one today or tomorrow. Willy
Re: stable-bot: Bugfixes waiting for a release 2.1 (52), 2.0 (45)
Hi List, Willy, Am 27.05.20 um 02:00 schrieb stable-...@haproxy.com: > Last release 2.1.4 was issued on 2020-04-02. There are currently 52 patches > in the queue cut down this way: > - 1 MAJOR, first one merged on 2020-05-20 > - 20 MEDIUM, first one merged on 2020-05-01 > - 31 MINOR, first one merged on 2020-04-02 > > Thus the computed ideal release date for 2.1.5 would be 2020-04-30, which was > four weeks ago. > > Last release 2.0.14 was issued on 2020-04-02. There are currently 45 patches > in the queue cut down this way: > - 1 MAJOR, first one merged on 2020-05-22 > - 18 MEDIUM, first one merged on 2020-05-07 > - 26 MINOR, first one merged on 2020-04-02 > > Thus the computed ideal release date for 2.0.15 would be 2020-04-30, which > was four weeks ago. I already asked 2 weeks ago [1], but I'll ask again: > Is there any date planned for 2.1.5? I'm still running 2.1.3 on one > machine, because I use Dovecot. And I only just realize that 2.1.3 is affected by CVE-2020-11100 which makes the current situation especially ugly. Either I run a version with a critical bug without workaround, I break Dovecot or I compile my own HAProxy. Best regards Tim Düsterhus [1] https://www.mail-archive.com/haproxy@formilux.org/msg37344.html
