Bug 1543405
Summary: | Much newer versions of memcached available | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | John Horne <john.horne> |
Component: | memcached | Assignee: | Miroslav Lichvar <mlichvar> |
Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 7.4 | CC: | bpowers, john.horne, mkolaja, thozza, unixi |
Target Milestone: | rc | Keywords: | Rebase |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-12-12 14:00:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1471970, 1630905 |
Description
John Horne
2018-02-08 12:10:57 UTC
Rebasing a package needs to be weighted against possible regressions and backporting fixes may be preferred over rebasing. Are there any specific bugs that are causing a problem for you or features that you need? Contacting the Red Hat support would help with prioritizing the request. We have only just started to look at using memcached on some servers. As such we have hit no bugs at the moment, but would obviously like to avoid doing so! The concern was the number of releases, and bug fixes (shown in the release notes), and the time (5 years) from the 1.4.15 version to the present. Whilst we wouldn't expect all bug fixes to be backported - no point since providing a new release would do the same - it was felt that the released version (1.4.15) was perhaps just a bit too old. If there are few bugs reported to RedHat by users, then I guess upgrading for upgrades sake may not be worthwhile. Perhaps we too will be lucky enough not to hit any bugs. Close this call if you wish, as we have no bug as such to report. (In reply to Miroslav Lichvar from comment #2) > Rebasing a package needs to be weighted against possible regressions and > backporting fixes may be preferred over rebasing. > > Are there any specific bugs that are causing a problem for you... Well we've just had our third crash of memcached on a CentOS7 server. Basic details are: ===== reason: memcached killed by SIGSEGV ... exploitable: :Likely crash reason: Jump to an invalid address :Exploitable rating (0-9 scale): 6 ... :[System Logs]: :Mar 13 09:19:42 cent-4-021 kernel: memcached[26809]: segfault at 0 ip 000055a8c828f1a0 sp 00007f41f6c7da90 error 4 in memcached[55a8c8281000+19000] ===== Do you have a reproducer for the crash? Or a coredump that could be used to make a backtrace? The output from 'abrt-cli list --since 1520592029' shows: =========== reason: memcached killed by SIGSEGV time: Tue 13 Mar 2018 09:19:42 GMT cmdline: /usr/bin/memcached -u memcached -p 0 -m 1024 -c 1024 -s /run/ memcached/memcached.sock -a 0666 -v package: memcached-1.4.15-10.el7_3.1 uid: 990 (memcached) count: 1 Directory: /var/spool/abrt/ccpp-2018-03-13-09:19:42-26806 =========== The directory mentioned does contain a coredump. It is 103MB in size though. If you want me to use gdb on it then you'll need to run through how. (It has been a long time since I used gdb.) There is a short howto for generating backtraces: https://wiki.centos.org/TipsAndTricks/ABRT#head-6ec8c2ca60fa7a4f2e8167a19299ea6d61217df2 Could you please file a new bug for memcached and attach the backtrace there? As requested, new bug report filed for the segfault (#1554837). Backtrace and other info attached to it. *** Bug 1594877 has been marked as a duplicate of this bug. *** Are there any suggestions to which version we should consider rebasing the memcached package? Some options had their defaults changed in 1.5.0 and also the UDP port was disabled in 1.5.6. I suspect this might cause regressions. We could revert the defaults back to the pre-1.5.0 values, but I'm not sure if it wouldn't be confusing for users expecting a 1.5.* package to behave like the upstream memcached. Perhaps rebase to 1.4.39 for RHEL7 as that version is not affected by CVE-2017-9951, then upgrade to memcached 1.5.x for RHEL8? Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. |