23.7.8 - Squid 6.4 unusable due to repeated crashes

Started by xavx, November 10, 2023, 10:38:02 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 10, 2023, 10:38:02 AM
Squid6.4 keeps crashing and dumping core. This wasn't happening with the previous version.
Always the same fatal error in cache log :
kid1| FATAL: assertion failed: stmem.cc:98: "lowestOffset () <= target_offset"   

This isn't an isolated occurrence - see https://www.mail-archive.com/squid-users@lists.squid-cache.org/msg25028.html. Crashes were apparently not happening in 6.3
November 10, 2023, 10:44:40 AM #1
Yeah, people asked for Squid to be updated due to security updates. 6.5 is out but FreeBSD ports only has 6.4 and it's not 100% clear 6.5 will fix it. Also see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274825
November 10, 2023, 11:15:24 AM #2
I guess almost constant crashing is a good way to prevent security risks.
More seriously, I think it would have been better to keep the previous version or go for 6.3 and highlight the risks rather than providing an updated version that doesn't work and will trigger people to ask for help.

November 10, 2023, 11:19:01 AM #3
Yeah, hindsight is always 20/20, but I'm not going to touch subject again before Monday.


Cheers,
Franco
November 10, 2023, 11:20:08 AM #4
FYI: Same error here.
November 10, 2023, 12:46:13 PM #5 Last Edit: November 10, 2023, 02:34:46 PM by skar_cgn
Same error here.

Is there any workarround for this ?
- Downgrade manually ?
- other webproxy
- ...

My users are complaining, they do not have direct internet access.

Regards
Skar
November 10, 2023, 01:09:26 PM #6
FreeBSD ports just updated to 6.5 so here is a test package:

# opnsense-revert -z squid


Cheers,
Franco
November 10, 2023, 02:34:18 PM #7
Thanks, works fine for me.
November 10, 2023, 02:54:38 PM #8
ok, hotfixed it
November 10, 2023, 05:41:55 PM #9
6.5 seems fine. No crash so far.
Please improve the QA. Are updates not pushed first to development branch and test gear before deployment to production branch ? This issue and the others would have been quickly spotted. Guess it's better to wait a week before deploying updates
November 10, 2023, 07:47:43 PM #10
Today I updated the version and I had the same problem, I updated to version 6.5, the problem was corrected, it is working fine.

Thank you so much

Quote from: franco on November 10, 2023, 01:09:26 PM
FreeBSD ports just updated to 6.5 so here is a test package:

# opnsense-revert -z squid


Cheers,
Franco
November 10, 2023, 09:04:33 PM #11
Quote from: xavx on November 10, 2023, 05:41:55 PM
Please improve the QA. Are updates not pushed first to development branch and test gear before deployment to production branch ? This issue and the others would have been quickly spotted. Guess it's better to wait a week before deploying updates

You want us to spot an issue that neither FreeBSD ports nor Squid itself found in 6.4? I'm not sure how that works, but I can say for a free software with a BSD license a hotfix within 24 hours is a responsible procedure.

To be frank I did not see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274825 before 23.7.8 was out. Then people actually started reporting the issue with Squid. I've spent much time migrating and testing 5.9 to 6.4 this week to make sure it builds and runs and the language pack is still in place.

The safest bet would have been to keep Squid at 5.9 for the whole 23.7.x progression, but the security issues made this more or less an impossible choice: migrate to next stable version and receive regression complaints or not update it at all and receive missing security update complains. I'd rather choose the regression complaints also because forward is the only viable direction eventually.


Cheers,
Franco
November 11, 2023, 07:46:12 AM #12
So, frankly - how many of those endless exploits and 0days have been fixed in upstream and/or in FreeBSD ports? I'd say the future is not exactly bright for Squid.

Quote
The Squid Team have been helpful and supportive during the process of reporting these issues. However, they are effectively understaffed, and simply do not have the resources to fix the discovered issues.

For everyone here, instead of complaining about QA, I'd seriously reconsider your use case for Squid proxy.
November 11, 2023, 09:15:53 PM #13
Quote from: doktornotor on November 11, 2023, 07:46:12 AM
So, frankly - how many of those endless exploits and 0days have been fixed in upstream and/or in FreeBSD ports? I'd say the future is not exactly bright for Squid.

Quote
The Squid Team have been helpful and supportive during the process of reporting these issues. However, they are effectively understaffed, and simply do not have the resources to fix the discovered issues.

For everyone here, instead of complaining about QA, I'd seriously reconsider your use case for Squid proxy.

Hi,
i can only agree 100%!

cheers
till
November 12, 2023, 07:01:30 AM #14
AFAIK "The other side" will pull squid support from next release(s) , due to the increasing security issues.
If my posts helped you remember to applaud

Experienced Newbie
Print
Go Up Pages1 2
User actions