-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doug Dixon wrote: > Hi Guido > > I agree it would be nice to release a "trustworthy" Squid-3.0.PRE4. > > Three things however: > > 1) Our aim is not to produce a PRE4 of a known high quality, but to > produce a PRE4 that is as good as it can be by the deadline. > 2) I picked the bugs on the basis of their severity as described in > Bugzilla. If there are other bugs (it sounds like there are) that fall > into the severe and blocker categories, it's important that we go > through and make sure the severity field is set correctly. > 3) While I'm happy to swap bugs in and out of the todo list, I don't > want it to grow demoralisingly large for the deadline we have. It's > important to release something. > > Going through the bugs you have flagged up: > > 1089 (Possible instability on aborted POST/PUT requests) - patched in > 2.5 - is this an easy port? Also, is it related to 772 which is already > PRE4? > 1465 (assertion failed: mem_node.cc:65: "n->write_pending") - yeah > sounds bad > 1125 (memCopy: could not find start of [337,4433)) - yeah looks like a > much-reported bad one, and I *think* is already PRE4 in the guise of 1028 > 975 (Long document containing ESI includes crashes squid) - looks > pretty important to ESI > 1088 (Segmentation fault in string handling of ESI) - looks pretty > important to ESI > 801 (with netfilter - segfault) - pretty specific usage here? > 1468 (Crash on HttpHdrRange.cc line 568: assertion failed on "valid") > - yeah sounds bad > 1494 (asserts crash squid too often) - fair complaint, a bit vague, but > we should look at it > > 1200 (HTTP Response Splitting attack) - patched in 2.5 - is this an > easy port? > 1265 (httpReadReply: Excess data from ... can be silenced in many > cases) - patched in 2.5 - is this an easy port? > > > As I say, I am happy to manipulate the list, especially in the first > few days. So how about this: > > First, I think we should probably push the ESI bugs forward to PRE5. > Second, hopefully the bugs above that have 2.5 patches can be forward > ported quite easily - so I'll add them. > > Bugs to potentially add to the list: > * 1089 (PATCH25) > *1465 > * 1125 (although, is this really 1028 which is already in there?) > * 1468 > * 1200 (PATCH25) > * 1265 (PATCH25) > > Bugs to potentially remove from the list: > * 942 (squid-3.0-PRE3-20040309 uncached 304's broken) > * 897 (Extra CRLF Added After Headers) > * 951 (Assert failure in ESIInclude.cc:563: "parent.getRaw()") > > > Are we happy to defer ESI stuff (951, 975, 1088) to PRE5?
Both ESI issues look to be symptoms of the same bug, given the backtraces: - In #975: #4 0x080a0263 in ESICustomParser::parse (this=0x85787d8, \ dataToParse=0x0,lengthOfData=1396) at ESICustomParser.cc:97 - In # 1088: #6 0x0809ffef in ESICustomParser::parse(char const*, unsigned, bool)\ (this=0x859f0b8, dataToParse=0xb6f0d064 "on ...") \ at ESICustomParser.cc:97 Given that the module doesn't even *have* such a line any longer, we can probably back-burner the bugs (even mark as 'WORKSFORME' or something). We really need a testcase which includes the triggering data. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEX1XC+gerLs4ltQ4RAkTjAKCtVNNKU/u646zSZsMYIGf55/6g8wCgw5Ok S1c7IJqo0oaI0YihYYcNZXA= =VMAT -----END PGP SIGNATURE-----