Debian Bug report logs -
#727143
libapache2-mod-php5: max_execution_time + SSL causes data transfer corruption
Reported by: Michael Lass <lass@mail.upb.de>
Date: Tue, 22 Oct 2013 16:21:06 UTC
Severity: important
Found in versions php5/5.3.3-7+squeeze17, php5/5.4.4-14+deb7u5
Fixed in version 5.6.26+dfsg-1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#727143; Package libapache2-mod-php5.
(Tue, 22 Oct 2013 16:21:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Lass <lass@mail.upb.de>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Tue, 22 Oct 2013 16:21:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libapache2-mod-php5
Version: 5.3.3-7+squeeze17
Severity: important
When using libapache2-mod-php5 and max_execution_time long lasting data transfers
via SSL/TLS get corrupted.
Steps to reproduce:
1. Install apache2 and libapache2-mod-php5
2. a2enmod ssl
3. insert "php_admin_value max_execution_time 30" into default-ssl.conf
4. a2ensite default-ssl
5. create a large file (at least 2GB) in /var/www
6. try to download this file using
wget https://localhost/test -O /dev/null --no-check-certificate
Result:
The transfer aborts after some time because of one of the following reasons:
- partial content
- wrong TLS packet size
- connection closed
For us it happens mostly after having downloaded between 1.4 and 2.0 GB.
In the apache error.log you can see the following message:
[notice] child pid 3658 exit signal Profiling timer expired (27)
The value of max_execution_time does not matter. Setting it to 5 and 5000
results in the same behavior. The problem also does not occur after a specific
time or a specific data amount.
We noticed this behavior at the end of september so it may be caused by one
of the latest updates.
-- System Information:
Debian Release: 6.0.8
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF8, LC_CTYPE=de_DE.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libapache2-mod-php5 depends on:
ii apache2-mpm-prefor 2.2.16-6+squeeze11 Apache HTTP Server - traditional n
ii apache2.2-common 2.2.16-6+squeeze11 Apache HTTP Server common files
ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-4stable1 common error description library
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze7 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4squeeze7 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4squeeze7 MIT Kerberos runtime libraries
ii libmagic1 5.04-5+squeeze2 File type determination library us
ii libonig2 5.9.1-1 Oniguruma regular expressions libr
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libqdbm14 1.8.77-4 QDBM Database Libraries [runtime]
ii libssl0.9.8 0.9.8o-4squeeze14 SSL shared libraries
ii libxml2 2.7.8.dfsg-2+squeeze8 GNOME XML library
ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
ii php5-common 5.3.3-7+squeeze17 Common files for packages built fr
ii tzdata 2013d-0squeeze1 time zone and daylight-saving time
ii ucf 3.0025+nmu1 Update Configuration File: preserv
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages libapache2-mod-php5 recommends:
ii php5-cli 5.3.3-7+squeeze17 command-line interpreter for the p
Versions of packages libapache2-mod-php5 suggests:
pn php-pear <none> (no description available)
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#727143; Package libapache2-mod-php5.
(Tue, 22 Oct 2013 21:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Laß <lass@mail.upb.de>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Tue, 22 Oct 2013 21:09:05 GMT) (full text, mbox, link).
Message #10 received at 727143@bugs.debian.org (full text, mbox, reply):
Package: libapache2-mod-php5
Version: 5.4.4-14+deb7u5
Severity: important
The problem is also reproducable on a current wheezy system.
-- System Information:
Debian Release: 7.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libapache2-mod-php5 depends on:
ii apache2-mpm-prefork 2.2.22-13
ii apache2.2-common 2.2.22-13
ii libbz2-1.0 1.0.6-4
ii libc6 2.13-38
ii libcomerr2 1.42.5-1.1
ii libdb5.1 5.1.29-5
ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1
ii libk5crypto3 1.10.1+dfsg-5+deb7u1
ii libkrb5-3 1.10.1+dfsg-5+deb7u1
ii libmagic1 5.11-2
ii libonig2 5.9.1-1
ii libpcre3 1:8.30-5
ii libqdbm14 1.8.78-2
ii libssl1.0.0 1.0.1e-2
ii libstdc++6 4.7.2-5
ii libxml2 2.8.0+dfsg1-7+nmu2
ii mime-support 3.52-1
ii php5-common 5.4.4-14+deb7u5
ii tzdata 2013d-0wheezy1
ii ucf 3.0025+nmu3
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages libapache2-mod-php5 recommends:
ii php5-cli 5.4.4-14+deb7u5
Versions of packages libapache2-mod-php5 suggests:
pn php-pear <none>
-- no debconf information
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Fri, 13 Jan 2017 13:06:41 GMT) (full text, mbox, link).
Notification sent
to Michael Lass <lass@mail.upb.de>:
Bug acknowledged by developer.
(Fri, 13 Jan 2017 13:06:41 GMT) (full text, mbox, link).
Message #15 received at 727143-done@bugs.debian.org (full text, mbox, reply):
Version: 5.6.26+dfsg-1+rm
Dear submitter,
as the package php5 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/841781
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 11 Feb 2017 07:31:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 02:21:27 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.