Since the last security update, on our production Squid server at work, which is serving ~25 users currently, squid has been crashing, sometimes frequently, when under heavy load, with this in the journal: Squid Parent: (squid-1) process 2308 exited due to signal 6 with status 0 corresponding to one of these two assertions in /var/log/squid/cache.log: assertion failed: FwdState.cc:434: "serverConnection() == conn" assertion failed: store.cc:1876: "isEmpty()" The first is discussed here: http://bugs.squid-cache.org/show_bug.cgi?id=4447 and is fixed in commits 13998 and 13999 here: http://www.squid-cache.org/Versions/v3/3.5/changesets/ The other assertion is here: http://bugs.squid-cache.org/show_bug.cgi?id=4432 It is hopefully fixed by those changes as well. Unfortunately, they appear to be too difficult to backport to Squid 3.4. I have updated us to Squid 3.5, which should also help with future security updates. Updating squid required updating the ecap library and the other two packages using it as well. Advisory: ---------------------------------------- The last security update for Squid, MGASA-2016-0095, introduced bugs that cause crashes under high load due to assertion failures. Due to the fact that it has become exceedingly difficult to backport security patches, as well as the upstream bug fixes for these assertion failures, the squid package has been updated to the 3.5.x branch, which is the current stable branch upstream. As a result, the ecap library had to be updated to version 1.0.1, resulting in ecap-samples being updated to 1.0.0 and ecap-clamav being updated to 2.0.0. Also, the default squid-version parameter in ufdbguard's /etc/ufdb/ufdbguard.conf has been changed to 3.5. If you are using ufdbguard, make sure you update this parameter accordingly. References: http://bugs.squid-cache.org/show_bug.cgi?id=4447 http://bugs.squid-cache.org/show_bug.cgi?id=4432 http://wiki.squid-cache.org/Squid-3.5 http://www.measurement-factory.com/tmp/ecap/libecap_change.log http://www.measurement-factory.com/tmp/ecap/ecap_adapter_sample_change.log http://www.measurement-factory.com/tmp/ecap/ecap_clamav_adapter_change.log http://advisories.mageia.org/MGASA-2016-0095.html ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- libecap3-1.0.1-1.mga5 libecap-devel-1.0.1-1.mga5 ecap-samples-1.0.0-1.mga5 ecap-clamav-2.0.0-1.mga5 squid-3.5.15-1.mga5 squid-cachemgr-3.5.15-1.mga5 ufdbguard-1.31-5.3.mga5 ufdbguard-cgi-1.31-5.3.mga5 from SRPMS: ecap-1.0.1-1.mga5.src.rpm ecap-samples-1.0.0-1.mga5.src.rpm ecap-clamav-2.0.0-1.mga5.src.rpm squid-3.5.15-1.mga5.src.rpm ufdbguard-1.31-5.3.mga5.src.rpm
Found an error in the %pretrans scriplet that didn't allow the updated Squid package to be installed. Fixed in squid-3.5.15-1.1.mga5 and squid-3.5.15-4.mga6. I've got these running on our server. I'll report back at the end of the week as to whether the crashes have stopped. Updated packages in core/updates_testing: ---------------------------------------- libecap3-1.0.1-1.mga5 libecap-devel-1.0.1-1.mga5 ecap-samples-1.0.0-1.mga5 ecap-clamav-2.0.0-1.mga5 squid-3.5.15-1.1.mga5 squid-cachemgr-3.5.15-1.mga5 ufdbguard-1.31-5.3.mga5 ufdbguard-cgi-1.31-5.3.mga5 from SRPMS: ecap-1.0.1-1.mga5.src.rpm ecap-samples-1.0.0-1.mga5.src.rpm ecap-clamav-2.0.0-1.mga5.src.rpm squid-3.5.15-1.1.mga5.src.rpm ufdbguard-1.31-5.3.mga5.src.rpm
Problem solved David?
Yes indeed. The squid server has been perfectly stable since installing this update. I stress tested it on Tuesday, and I was able to do things that were just totally not doable on Friday with the previous version. OK'ing this now.
Whiteboard: (none) => MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGAA-2016-0048.html
Status: NEW => RESOLVEDResolution: (none) => FIXED