-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Doug Dixon wrote:
> Hi Guido
>
> I agree it would be nice to release a "trustworthy" Squid-3.0.PRE4.
>
> Three things however:
>
> 1) Our aim is not to produce a PRE4 of a known high quality, but to
> produce a PRE4 that is as good as it can be by the deadline.
> 2) I picked the bugs on the basis of their severity as described in
> Bugzilla. If there are other bugs (it sounds like there are) that fall
> into the severe and blocker categories, it's important that we go
> through and make sure the severity field is set correctly.
> 3) While I'm happy to swap bugs in and out of the todo list, I don't
> want it to grow demoralisingly large for the deadline we have. It's
> important to release something.
>
> Going through the bugs you have flagged up:
>
> 1089 (Possible instability on aborted POST/PUT requests) - patched in
> 2.5 - is this an easy port? Also, is it related to 772 which is already
> PRE4?
> 1465 (assertion failed: mem_node.cc:65: "n->write_pending") - yeah
> sounds bad
> 1125 (memCopy: could not find start of [337,4433)) - yeah looks like a
> much-reported bad one, and I *think* is already PRE4 in the guise of 1028
> 975 (Long document containing ESI includes crashes squid) - looks
> pretty important to ESI
> 1088 (Segmentation fault in string handling of ESI) - looks pretty
> important to ESI
> 801 (with netfilter - segfault) - pretty specific usage here?
> 1468 (Crash on HttpHdrRange.cc line 568: assertion failed on "valid")
> - yeah sounds bad
> 1494 (asserts crash squid too often) - fair complaint, a bit vague, but
> we should look at it
>
> 1200 (HTTP Response Splitting attack) - patched in 2.5 - is this an
> easy port?
> 1265 (httpReadReply: Excess data from ... can be silenced in many
> cases) - patched in 2.5 - is this an easy port?
>
>
> As I say, I am happy to manipulate the list, especially in the first
> few days. So how about this:
>
> First, I think we should probably push the ESI bugs forward to PRE5.
> Second, hopefully the bugs above that have 2.5 patches can be forward
> ported quite easily - so I'll add them.
>
> Bugs to potentially add to the list:
> * 1089 (PATCH25)
> *1465
> * 1125 (although, is this really 1028 which is already in there?)
> * 1468
> * 1200 (PATCH25)
> * 1265 (PATCH25)
>
> Bugs to potentially remove from the list:
> * 942 (squid-3.0-PRE3-20040309 uncached 304's broken)
> * 897 (Extra CRLF Added After Headers)
> * 951 (Assert failure in ESIInclude.cc:563: "parent.getRaw()")
>
>
> Are we happy to defer ESI stuff (951, 975, 1088) to PRE5?
Both ESI issues look to be symptoms of the same bug, given the backtraces:
- In #975:
#4 0x080a0263 in ESICustomParser::parse (this=0x85787d8, \
dataToParse=0x0,lengthOfData=1396) at ESICustomParser.cc:97
- In # 1088:
#6 0x0809ffef in ESICustomParser::parse(char const*, unsigned, bool)\
(this=0x859f0b8, dataToParse=0xb6f0d064 "on ...") \
at ESICustomParser.cc:97
Given that the module doesn't even *have* such a line any longer, we can
probably back-burner the bugs (even mark as 'WORKSFORME' or something).
We really need a testcase which includes the triggering data.
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEX1XC+gerLs4ltQ4RAkTjAKCtVNNKU/u646zSZsMYIGf55/6g8wCgw5Ok
S1c7IJqo0oaI0YihYYcNZXA=
=VMAT
-----END PGP SIGNATURE-----
