On 20/04/17 05:40, Amos Jeffries wrote:
On 20/04/17 04:26, Alex Rousskov wrote:
On 03/26/2017 09:20 PM, Amos Jeffries wrote:
Below are the bugs which are currently preventing a "stable" release:
4505 - Memory hits shadow disk entries and vice versa
>>
Factory is working on this major bug. The fix was stuck in my review
queue, but I should be able to start the review within a few days. I
hope to see the final patch posted here soon after the PID file fixes
(discussed below).
4631 - security_file_certgen drops request due to a full queue
* seems to be an expected but undesirable consequence of being helper
API. The effects are major, but the fix is technically a feature
enhancement AFAICT.
>>
My understanding of that bug report is completely different: The current
working theory is that some kind of unusual input or condition (e.g., a
very large certificate or malformed helper request) results in more and
more helpers getting independently stuck waiting for more input from
Squid that never comes.
The bug will remain stuck until somebody volunteers to analyze the
latest logs from Dan (at least).
Any other issues that dont have bug reports I should wait for?
I recall several issues that might be worth waiting for (your call):
1. PID file management changes
We fixed some of the problems in trunk r13867 but the current code still
badly mishandles SMP race conditions. We see a stream of related problem
reports from SMP installations that cannot reliably start, restart, or
send signals. The fix went through several major rewrites and review
cycles already, so I hope we are within a week of the final solution.
The fix contains some Squid "interface" changes (exit codes, what
failures are considered fatal, level-1 messages, etc.) so it may be a
good idea to get it in before a lot of folks start upgrading to v4. It
is your call though.
Ouch. Okay, thanks.
AFAIK the changes here are all in. Is that correct Alex?
2. New transaction_initiator ACL
Based on squid-users and private requests, quite a few admins are likely
to need this ACL to better cope with regression-like problems related to
other recent improvements. Here is a quote from the being-reviewed patch
preamble:
This ACL is essential in several use cases, including:
* After fetching a missing intermediate certificate, Squid uses the
regular cache (and regular caching rules) to store the response.
Squid
deployments that do not want to cache regular traffic need to cache
fetched certificates and only them.
acl fetched_certificate transaction_initiator certificate-fetching
cache allow fetched_certificate
cache deny all
* Many traffic policies and tools assume the existence of an HTTP client
behind every transaction. Internal Squid requests violate that
assumption. Identifying internal requests protects external ACLs, log
analyzers, and other mechanisms from the transactions they mishandle.
acl skip_logging transaction_initiator internal
access_log ... !skip_logging
I do not know whether v4 port is practical but it would be nice to have
this ACL in v4.
If it is not too intrusive to record the state info that needs then I'm
okay backporting ACL types, though it is a new feature so v5 is
indicated by the RoadMap policy when there is any doubt about its impact
on stability.
This one is now just waiting in my backport queue.
Some new ones have appeared:
* Bug 4718 - ssl-bump parser crash
* Bug 4710 - crash with on_unsupported_protocol and eCAP
Amos
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
