Debian Bug report logs - #411487
libapache2-mod-python: md5 calculation conflicts with php5-mhash module

version graph

Package: libapache2-mod-python; Maintainer for libapache2-mod-python is Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>; Source for libapache2-mod-python is src:libapache2-mod-python.

Reported by: Jonathan Ballet <jon@multani.info>

Date: Mon, 19 Feb 2007 12:42:01 UTC

Severity: important

Found in version libapache2-mod-python/3.2.10-3

Done: Robert Edmonds <edmonds@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#411487; Package libapache2-mod-python. Full text and rfc822 format available.

Acknowledgement sent to Jonathan Ballet <jon@multani.info>:
New Bug report received and forwarded. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jonathan Ballet <jon@multani.info>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libapache2-mod-python: md5 calculation conflicts with php5-mhash module
Date: Mon, 19 Feb 2007 13:38:10 +0100
[Message part 1 (text/plain, inline)]
Package: libapache2-mod-python
Version: 3.2.10-3
Severity: important

Hello,

I wanted to deploy a new Django application today, but it didn't work :(
It failed with a SuspiciousOperation exception, which appears to be
related to sessions, which in turns use md5.

You can find some reference to this bug, already reported on the
mod_python mailing list in [1], and a workaround in [2].



I join the test case from [1] in this bug :
 - with php5-mhash installed and activated in Apache, all tests failed
 - after purging php5-mhash AND restarting Apache, all tests passed

So, it seems it's directly related to libmhash2 (as [2] suggests).

I can reproduce on sid-i386. On etch-x86_64, it seems that Apache2
segfault (without php5-mhash, everything is ok) :
================
[Mon Feb 19 13:31:10 2007] [notice] mod_python: (Re)importing module 'test'
[Mon Feb 19 13:31:10 2007] [notice] child pid 16238 exit signal Segmentation fault (11)
================



I think this bug is RC-critical for Etch. However, I'll let
libapache2-mod-python maintainers tag it as appropriate.
I report against libapache2-mod-python, since this is the package
which seems to be affected by the bug. However, feel free to reassign
to php5-mhash or libmhash2.


Thanks !
 - Jonathan


[1] : http://www.modpython.org/pipermail/mod_python/2006-June/021482.html
[2] : http://www.modpython.org/pipermail/mod_python/2006-July/021544.html


-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.2-rtsp-jon
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libapache2-mod-python depends on:
ii  apache2                     2.2.3-3.2    Next generation, scalable, extenda
ii  apache2-mpm-prefork [apache 2.2.3-3.2    Traditional model for Apache HTTPD
ii  apache2.2-common            2.2.3-3.2    Next generation, scalable, extenda
ii  debconf [debconf-2.0]       1.5.11       Debian configuration management sy
ii  libc6                       2.3.6.ds1-11 GNU C Library: Shared libraries
ii  python                      2.4.4-2      An interactive high-level object-o
ii  python-central              0.5.12       register and build utility for Pyt
ii  python2.4                   2.4.4-2      An interactive high-level object-o

libapache2-mod-python recommends no packages.

-- debconf information excluded
[test.py (text/x-java, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#411487; Package libapache2-mod-python. Full text and rfc822 format available.

Acknowledgement sent to Fabien <fabien.ubuntu@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 411487@bugs.debian.org (full text, mbox):

From: Fabien <fabien.ubuntu@gmail.com>
To: 411487@bugs.debian.org
Subject: mod_python + php5-mhash + trac give segmentation fault
Date: Wed, 15 Aug 2007 10:53:38 +0200
Hello,

After spending a couple of hours to understand why trac wasn't working 
on 2 similar configurations (debian etch amd64), I finally found that 
php5-mhash module was the problem.

So, I guess it's around the same issue that the 1st bug reported...


What I have : debian etch amd64 version fully up-to-date on AMD 64 bit 
processors

How to reproduce the problem :
1) Install libapache2-mod-python libapache2-mod-php5 php5-mhash and trac

2) Setup a minimal trac under www-data, eg :
$ trac-admin /var/trac/myproject initenv

(accept all defaults, just press enter)

3) Setup a minimal mod_python + trac configuration in apache2, edit 
httpd.conf and and the following :

<Location /projects/myproject>
   SetHandler mod_python
   PythonInterpreter main_interpreter
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnv /var/trac/myproject
   PythonOption TracUriRoot /projects/myproject
</Location>

4) Restart apache and try to go to http://localhost/projects/myproject
You shoud get a apache2 segfault

Note: if you already have a running trac, you'd better to use telnet 
localhost 80 because a running browser session may prevent you from 
seeing the problem...

Removing php5-mhash solves the issue.

--
Fabien



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#411487; Package libapache2-mod-python. Full text and rfc822 format available.

Acknowledgement sent to Robert Edmonds <edmonds@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 411487@bugs.debian.org (full text, mbox):

From: Robert Edmonds <edmonds@debian.org>
To: Graham Dumpleton <graham.dumpleton@gmail.com>
Cc: 433038@bugs.debian.org, 411487@bugs.debian.org, mod_python <mod_python@modpython.org>
Subject: Re: Debian bug#433038: mod_python collides with mod_php5
Date: Fri, 31 Aug 2007 02:53:36 -0400
Graham Dumpleton wrote:
> More information. In libmhash2 it has:
> 
> lib/.libs/libmhash.a(md5.o):
> 00000a60 T _MD5Final
> 00000000 T _MD5Init
> 00000040 T _MD5Transform
> 00000940 T _MD5Update
>          U _mutils_bzero
>          U _mutils_memcpy
>          U _mutils_word32nswap
>          U dyld_stub_binding_helper
> 
> In Python (<2.5), it has its own md5c.c file. If this is compiled
> correctly, it should end up with:
> 
> 00001288 T __Py_MD5Final
> 00001174 T __Py_MD5Init
> 000011b4 T __Py_MD5Update
> 
> Ie., Python should prefix the symbols so there is no clash.
> 
> You should check that this prefixing is actually occurring by doing an
> nm on md5.so in Python modules directory. If it isn't, that could be
> the problem.

It looks like this is not the case --

edmonds@chase{0}:~$ nm -D /usr/lib/python2.4/lib-dynload/md5.so | grep MD5
0000000000001b30 T MD5Final
0000000000001380 T MD5Init
00000000000013b0 T MD5Transform
0000000000001c10 T MD5Update

edmonds@chase{0}:~$ nm -D /usr/lib/libmhash.so.2 | grep MD5
00000000000069b0 T MD5Final
0000000000006200 T MD5Init
0000000000006230 T MD5Transform
0000000000006a80 T MD5Update

I guess this is the root cause of Debian bug #411487, but it looks like
the submitter of #433038 still experiences his problem even when
libmhash is not loaded into the apache process.

-- 
Robert Edmonds
edmonds@debian.org



Bug 411487 cloned as bug 440272. Request was from Robert Edmonds <edmonds@debian.org> to control@bugs.debian.org. (Fri, 31 Aug 2007 07:09:01 GMT) Full text and rfc822 format available.

Blocking bugs of 411487 added: 440272 Request was from Robert Edmonds <edmonds@debian.org> to control@bugs.debian.org. (Fri, 31 Aug 2007 07:09:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#411487; Package libapache2-mod-python. Full text and rfc822 format available.

Acknowledgement sent to "Graham Dumpleton" <graham.dumpleton@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #24 received at 411487@bugs.debian.org (full text, mbox):

From: "Graham Dumpleton" <graham.dumpleton@gmail.com>
To: "Robert Edmonds" <edmonds@debian.org>
Cc: 433038@bugs.debian.org, 411487@bugs.debian.org, mod_python <mod_python@modpython.org>
Subject: Re: Debian bug#433038: mod_python collides with mod_php5
Date: Fri, 31 Aug 2007 18:24:19 +1000
On 31/08/2007, Robert Edmonds <edmonds@debian.org> wrote:
> Graham Dumpleton wrote:
> > More information. In libmhash2 it has:
> >
> > lib/.libs/libmhash.a(md5.o):
> > 00000a60 T _MD5Final
> > 00000000 T _MD5Init
> > 00000040 T _MD5Transform
> > 00000940 T _MD5Update
> >          U _mutils_bzero
> >          U _mutils_memcpy
> >          U _mutils_word32nswap
> >          U dyld_stub_binding_helper
> >
> > In Python (<2.5), it has its own md5c.c file. If this is compiled
> > correctly, it should end up with:
> >
> > 00001288 T __Py_MD5Final
> > 00001174 T __Py_MD5Init
> > 000011b4 T __Py_MD5Update
> >
> > Ie., Python should prefix the symbols so there is no clash.
> >
> > You should check that this prefixing is actually occurring by doing an
> > nm on md5.so in Python modules directory. If it isn't, that could be
> > the problem.
>
> It looks like this is not the case --
>
> edmonds@chase{0}:~$ nm -D /usr/lib/python2.4/lib-dynload/md5.so | grep MD5
> 0000000000001b30 T MD5Final
> 0000000000001380 T MD5Init
> 00000000000013b0 T MD5Transform
> 0000000000001c10 T MD5Update
>
> edmonds@chase{0}:~$ nm -D /usr/lib/libmhash.so.2 | grep MD5
> 00000000000069b0 T MD5Final
> 0000000000006200 T MD5Init
> 0000000000006230 T MD5Transform
> 0000000000006a80 T MD5Update
>
> I guess this is the root cause of Debian bug #411487, but it looks like
> the submitter of #433038 still experiences his problem even when
> libmhash is not loaded into the apache process.

I think I know what may have gone wrong here.

In Python source code there is md5c.c and md5.h. In the md5.h file it has:

/* Rename all exported symbols to avoid conflicts with similarly named
   symbols in some systems' standard C libraries... */

#define MD5Init _Py_MD5Init
#define MD5Update _Py_MD5Update
#define MD5Final _Py_MD5Final

void MD5Init(MD5_CTX *);
void MD5Update(MD5_CTX *, unsigned char *, unsigned int);
void MD5Final(unsigned char [16], MD5_CTX *);

If when the Python package was Debianised, whoever did it added
additional -I flags at the start of the CPPFLAGS passed to the
compiler such that instead of picking up md5.h from the Python source
directory, it picked up one from some system include directory, or
from another package, then the symbols would not have been namespace
prefixed like they should have.

As a result, just for Debian package of Python, the symbols wouldn't
be namespaced and thus why this problem only appears on Linux systems
derived from Debian packages.

The only way therefore of fixing this may be to review the Debian
package build scripts around Python to see if they do do something
with -I as a described. Simple fix may then be to append the -I flags
rather than prepend them. Otherwise, would be necessary to patch
md5c.c in Python source code to move the #defines into it just before
"md5.h" is included. That way the namespace prefixing will occur even
if wrong "md5.h" is included. One would hope though in this case that
the "md5.h" file actually used is compatible with the md5c.c file in
Python.

Graham



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#411487; Package libapache2-mod-python. Full text and rfc822 format available.

Acknowledgement sent to Robert Edmonds <edmonds@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #29 received at 411487@bugs.debian.org (full text, mbox):

From: Robert Edmonds <edmonds@debian.org>
To: 411487@bugs.debian.org, 433038@bugs.debian.org
Subject: libapache2-mod-python issues perhaps fixed with python2.4 2.4.4-7
Date: Thu, 3 Jan 2008 11:09:01 -0500
[Message part 1 (text/plain, inline)]
Hi, submitters:

According to the changelog for python2.4,

 python2.4 (2.4.4-7) unstable; urgency=low
 [...]
   * Rename all exported symbols to avoid conflicts with similarly named
     symbols in other libraries (Robert Edmonds). Closes: #440272.
 [...]

Can you please try to replicate #411487 (md5 calculation conflicts with
php5-mhash module) or #433038 (mod_python collides with mod_php5,
rendering psp ususuable without proper error messages) to see if the
issues are still present with python2.4 2.4.4-7?

-- 
Robert Edmonds
edmonds@debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#411487; Package libapache2-mod-python. Full text and rfc822 format available.

Acknowledgement sent to Jonathan Ballet <jon@multani.info>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #34 received at 411487@bugs.debian.org (full text, mbox):

From: Jonathan Ballet <jon@multani.info>
To: 411487@bugs.debian.org
Subject: libapache2-mod-python issue seems to be fixed with python2.4 2.4.4-7
Date: Fri, 11 Jan 2008 17:39:52 +0100
Hi,

it seems that python2.4 2.4.4-7 fix the issue I got with Django and mod_python.

At least, with the php5-mhash installed and Apache restarted :

  * I can now login into my Django application, whereas I cannot before ;
  * the small test case I included in my first email reports successful operation,
    whereas it failed before.

So it seems everything is good on my side.


Thanks for fixing this annoying bug,

 - Jonathan




Reply sent to Robert Edmonds <edmonds@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Jonathan Ballet <jon@multani.info>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #39 received at 411487-done@bugs.debian.org (full text, mbox):

From: Robert Edmonds <edmonds@debian.org>
To: Jonathan Ballet <jon@multani.info>, 411487-done@bugs.debian.org
Subject: Re: Bug#411487: libapache2-mod-python issue seems to be fixed with python2.4 2.4.4-7
Date: Fri, 11 Jan 2008 12:30:00 -0500
[Message part 1 (text/plain, inline)]
Jonathan Ballet wrote:
> Hi,
> 
> it seems that python2.4 2.4.4-7 fix the issue I got with Django and 
> mod_python.
> 
> At least, with the php5-mhash installed and Apache restarted :
> 
>   * I can now login into my Django application, whereas I cannot before ;
>   * the small test case I included in my first email reports successful 
>   operation,
>     whereas it failed before.
> 
> So it seems everything is good on my side.

thanks for verifying.

-- 
Robert Edmonds
edmonds@debian.org
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 09 Feb 2008 07:31:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 00:02:21 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.