[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#950488: marked as done (buster-pu: package kronosnet/1.8-2)

Your message dated Fri, 05 Aug 2022 19:51:45 +0100
with message-id <d097e0186a71fb841e2e334d7352189cebde90ad.camel@adam-barratt.org.uk>
and subject line Re: Bug#950488: buster-pu: package kronosnet/1.8-2
has caused the Debian Bug report #950488,
regarding buster-pu: package kronosnet/1.8-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
950488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950488
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Dear Stable Release Team,

I'v got a bold request: please let me update Kronosnet in buster from
1.8-2 to 1.13-something to fix #946222.  During the buster freeze
period, upstream released 1.9 and 1.10, but those didn't bring important
fixes, so I didn't request freeze exceptions for them.  However, when
Proxmox VE 6.0 got released (based on Debian buster), their users
reported lots of intertwined bugs, and the developers iterated through
1.11, 1.12 and 1.13 in quick succession to fix them, see the linked
https://forum.proxmox.com/threads/pve-5-4-11-corosync-3-x-major-issues.56124.
>From the announcements:

1.9, May 2019:
(https://lists.kronosnet.org/pipermail/devel/2019-May/000077.html)
1.10, Jun 2019:
(https://lists.kronosnet.org/pipermail/devel/2019-June/000078.html)

1.11, Aug 2019:
  Major bug fixes in the PMTUd code. MTU was not calculated correctly
  when using crypto and PMTUd would fail due to timeouts when using
  crypto and systems are overloaded. Thanks to the proxmox community for
  reporting the issues and testing pre-fixes.
  (https://lists.kronosnet.org/pipermail/devel/2019-August/000079.html)

1.12, Sep 2019:
* IMPORTANT: any version prior to 1.12 has a memory corruption bug that
  could cause knet to crash or hung when the network is not stable for a
  long period of time. Please see
  https://github.com/kronosnet/kronosnet/issues/255 for details.
  If you are unable to upgrade to 1.12, please make sure to cherry pick
  https://github.com/kronosnet/kronosnet/commit/6a92361c7554c2aa7222d6f868e43704694683c7
  (stable branch) into your distribution as soon as possible.

1.13, Oct 2019:
* IMPORTANT/URGENT: fix defrag buffer reclaim logic that could lead knet
   to deliver corrupted data to the application (corosync or alike).
* IMPORTANT/URGENT: fix MTU boundary check on links with very high
   packet loss and avoid delivering corrupted (short) data to the
   application.
(https://lists.kronosnet.org/pipermail/devel/2019-October/000081.html)

Since Proxmox upgraded Kronosnet to 1.13, things settled and seem to
work reliably.  But Debian stable users were left out in the cold, I had
to recommend installing Kronosnet for bullseye, which worked for some
time but isn't optimal, so eventually #946222 was filed.  Backports
would certainly be a possibility, but given that Kronosnet 1.8 in buster
isn't really usable for anything serious, I decided to ask for a stable
update first.  Of course this would include some unnecessary (but good)
changes as well; while it would be possible to cherry pick the relevant
commits only, that involves quite some back-and-forth stuff muddying the
waters and would result in a misleading version number as well.  Since
the only package depending on Kronosnet is Corosync, which is also under
the HA Team umbrella, I find the risk acceptable (and the pieces would
fall back on me after all).

Some upstream communication about cherry-picking possibilities:

https://github.com/kronosnet/kronosnet/pull/242
"the big fat PMTU patch is a very serious bug. [...] The previous patch
set was less invasive but still wrong [...] The last patch, while
invasive in the look, makes the code a lot simpler and functional"

https://github.com/kronosnet/kronosnet/pull/257#issuecomment-533054215
"please make sure to cherry pick this fix ASAP, also for Debian stable.
It's a bad crash and memory corrupter. [...] coverity scan fixes will
hit stable release in 1.12, I would wait to push them into a stable
update for Debian, they are super nice, but nothing critical enough to
force it.  For #242 I still strongly recommend to take the big patch.
It's been tested a lot now"
-- 
Looking forward to hearing your advice,
Feri.

--- End Message ---
--- Begin Message --- 
On Tue, 2020-04-28 at 13:12 +0200, wferi@debian.org wrote:
> Control: tags -1 - moreinfo
> 
> "Adam D. Barratt" <adam@adam-barratt.org.uk> writes:
> 
> > Apologies for not replying sooner.
> 
> No problem.  I was starting to accept that my request was so
> outlandish
> that it didn't even warrant a reply. :)
> 

Apologies for letting this fester for so long. :-(

We're now in the process of planning the final point release for buster
as support for it transitions to the LTS team, so I'm afraid it's now
too late to do this in buster (at least via pu).

Regards,

Adam

--- End Message ---
Reply to: