Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Dear Stable Release Team, I'v got a bold request: please let me update Kronosnet in buster from 1.8-2 to 1.13-something to fix #946222. During the buster freeze period, upstream released 1.9 and 1.10, but those didn't bring important fixes, so I didn't request freeze exceptions for them. However, when Proxmox VE 6.0 got released (based on Debian buster), their users reported lots of intertwined bugs, and the developers iterated through 1.11, 1.12 and 1.13 in quick succession to fix them, see the linked https://forum.proxmox.com/threads/pve-5-4-11-corosync-3-x-major-issues.56124. >From the announcements: 1.9, May 2019: (https://lists.kronosnet.org/pipermail/devel/2019-May/000077.html) 1.10, Jun 2019: (https://lists.kronosnet.org/pipermail/devel/2019-June/000078.html) 1.11, Aug 2019: Major bug fixes in the PMTUd code. MTU was not calculated correctly when using crypto and PMTUd would fail due to timeouts when using crypto and systems are overloaded. Thanks to the proxmox community for reporting the issues and testing pre-fixes. (https://lists.kronosnet.org/pipermail/devel/2019-August/000079.html) 1.12, Sep 2019: * IMPORTANT: any version prior to 1.12 has a memory corruption bug that could cause knet to crash or hung when the network is not stable for a long period of time. Please see https://github.com/kronosnet/kronosnet/issues/255 for details. If you are unable to upgrade to 1.12, please make sure to cherry pick https://github.com/kronosnet/kronosnet/commit/6a92361c7554c2aa7222d6f868e43704694683c7 (stable branch) into your distribution as soon as possible. 1.13, Oct 2019: * IMPORTANT/URGENT: fix defrag buffer reclaim logic that could lead knet to deliver corrupted data to the application (corosync or alike). * IMPORTANT/URGENT: fix MTU boundary check on links with very high packet loss and avoid delivering corrupted (short) data to the application. (https://lists.kronosnet.org/pipermail/devel/2019-October/000081.html) Since Proxmox upgraded Kronosnet to 1.13, things settled and seem to work reliably. But Debian stable users were left out in the cold, I had to recommend installing Kronosnet for bullseye, which worked for some time but isn't optimal, so eventually #946222 was filed. Backports would certainly be a possibility, but given that Kronosnet 1.8 in buster isn't really usable for anything serious, I decided to ask for a stable update first. Of course this would include some unnecessary (but good) changes as well; while it would be possible to cherry pick the relevant commits only, that involves quite some back-and-forth stuff muddying the waters and would result in a misleading version number as well. Since the only package depending on Kronosnet is Corosync, which is also under the HA Team umbrella, I find the risk acceptable (and the pieces would fall back on me after all). Some upstream communication about cherry-picking possibilities: https://github.com/kronosnet/kronosnet/pull/242 "the big fat PMTU patch is a very serious bug. [...] The previous patch set was less invasive but still wrong [...] The last patch, while invasive in the look, makes the code a lot simpler and functional" https://github.com/kronosnet/kronosnet/pull/257#issuecomment-533054215 "please make sure to cherry pick this fix ASAP, also for Debian stable. It's a bad crash and memory corrupter. [...] coverity scan fixes will hit stable release in 1.12, I would wait to push them into a stable update for Debian, they are super nice, but nothing critical enough to force it. For #242 I still strongly recommend to take the big patch. It's been tested a lot now" -- Looking forward to hearing your advice, Feri.
