❦ 26 janvier 2020 13:00 +01, Vincent Bernat <bernat@debian.org>:
>>> The logrotate configuration file for HAProxy doesn't signal rsyslog
>>> correctly. Therefore, logs are not really rotated and on a moderately
>>> busy site, this can fill up a log partition. When running with
>>> systemd, rsyslog doesn't write a PID file and there fore, the SysV
>>> init script invoked to rotate logs does not work. Instead, rsyslog
>>> package provides an helper for this purpose.
>>>
>>> The change has been applied to 2.0.12-1 currently in unstable and
>>> testing. I would like to push it for the next point release next week.
>>
>> If we're doing a Buster update anyway, could we also piggyback the fix
>> for https://nathandavison.com/blog/haproxy-http-request-smuggling (CVE-2019-18277),
>> https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
>> ?
>
> Ack! I have pulled the patch from the 1.8 branch. Here is the updated
> debdiff. It compiles and simple tests pass too. I'll be checking with
> upstream if they have an opinion around this.
Upstream is OK to apply the patch on top of 1.8.19.
--
Don't use conditional branches as a substitute for a logical expression.
- The Elements of Programming Style (Kernighan & Plauger)
Attachment:
signature.asc
Description: PGP signature