Debian Bug report logs -
#838657
/usr/bin/php5: segfault in add_assoc_string_ex reading x509 certificate with composer
Reported by: Arno Peters <info@figment-it.com>
Date: Fri, 23 Sep 2016 11:00:04 UTC
Severity: normal
Found in version openssl/1.0.1t-1+deb8u4
Fixed in version openssl/1.0.1t-1+deb8u5
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#838657; Package php5-cli.
(Fri, 23 Sep 2016 11:00:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Arno Peters <info@figment-it.com>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Fri, 23 Sep 2016 11:00:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php5-cli
Version: 5.6.24+dfsg-0+deb8u1
Severity: normal
File: /usr/bin/php5
Dear Maintainer,
This is on Debian Jessie fully updated.
This problem surfaced in using composer after installing yesterday's security
release of OpenSSL.
libssl1.0.0/stable,now 1.0.1t-1+deb8u4 amd64 [geïnstalleerd,automatisch]
Transcript to show the problem:
$ wget https://getcomposer.org/composer.phar
--2016-09-23 12:34:45-- https://getcomposer.org/composer.phar
[...]
$ gdb /usr/bin/php
(gdb) r composer.phar self-update
Starting program: /usr/bin/php composer.phar self-update
[...]
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 ../sysdeps/x86_64/strlen.S: Bestand of map bestaat niet.
(gdb) where
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00000000006f7cc8 in add_assoc_string_ex ()
#2 0x00000000004a1f58 in zif_openssl_x509_parse ()
[...]
TL;DR: composer is unusable at the moment.
-- Package-specific info:
==== Additional PHP 5 information ====
++++ PHP 5 SAPI (php5query -S): ++++
apache2
cli
++++ PHP 5 Extensions (php5query -M -v): ++++
mssql (Enabled for apache2 by maintainer script)
mssql (Enabled for cli by maintainer script)
zmq (Enabled for apache2 by maintainer script)
zmq (Enabled for cli by maintainer script)
opcache (Enabled for apache2 by maintainer script)
opcache (Enabled for cli by maintainer script)
pdo (Enabled for apache2 by maintainer script)
pdo (Enabled for cli by maintainer script)
pdo_mysql (Enabled for apache2 by maintainer script)
pdo_mysql (Enabled for cli by maintainer script)
pgsql (Enabled for apache2 by maintainer script)
pgsql (Enabled for cli by maintainer script)
curl (Enabled for apache2 by maintainer script)
curl (Enabled for cli by maintainer script)
mysqli (Enabled for apache2 by maintainer script)
mysqli (Enabled for cli by maintainer script)
imap (Enabled for apache2 by maintainer script)
imap (Enabled for cli by maintainer script)
gd (Enabled for apache2 by maintainer script)
gd (Enabled for cli by maintainer script)
readline (Enabled for apache2 by maintainer script)
readline (Enabled for cli by maintainer script)
ldap (Enabled for apache2 by maintainer script)
ldap (Enabled for cli by maintainer script)
pdo_pgsql (Enabled for apache2 by maintainer script)
pdo_pgsql (Enabled for cli by maintainer script)
pdo_dblib (Enabled for apache2 by maintainer script)
pdo_dblib (Enabled for cli by maintainer script)
mcrypt (Enabled for apache2 by maintainer script)
mcrypt (Enabled for cli by maintainer script)
mysql (Enabled for apache2 by maintainer script)
mysql (Enabled for cli by maintainer script)
json (Enabled for apache2 by maintainer script)
json (Enabled for cli by maintainer script)
mediawiki (Enabled for apache2 by local administrator)
mediawiki (Enabled for cli by local administrator)
imagick (Enabled for apache2 by maintainer script)
imagick (Enabled for cli by maintainer script)
apc-rfc1867 (Enabled for apache2 by local administrator)
apc-rfc1867 (Enabled for cli by local administrator)
apcu (Enabled for apache2 by maintainer script)
apcu (Enabled for cli by maintainer script)
++++ Configuration files: ++++
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = -1
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]
**** /etc/php5/cli/conf.d/20-mediawiki.ini ****
[Session]
session.gc_maxlifetime = 7200
**** /etc/php5/cli/conf.d/20-mssql.ini ****
extension=mssql.so
**** /etc/php5/cli/conf.d/20-mysql.ini ****
extension=mysql.so
**** /etc/php5/cli/conf.d/20-mcrypt.ini ****
extension=mcrypt.so
**** /etc/php5/cli/conf.d/20-zmq.ini ****
extension=zmq.so
**** /etc/php5/cli/conf.d/20-pdo_dblib.ini ****
extension=pdo_dblib.so
**** /etc/php5/cli/conf.d/20-ldap.ini ****
extension=ldap.so
**** /etc/php5/cli/conf.d/20-pdo_mysql.ini ****
extension=pdo_mysql.so
**** /etc/php5/cli/conf.d/20-imap.ini ****
extension=imap.so
**** /etc/php5/cli/conf.d/20-apc-rfc1867.ini ****
apc.rfc1867=on
apc.rfc1867=on
**** /etc/php5/cli/conf.d/20-json.ini ****
extension=json.so
**** /etc/php5/cli/conf.d/20-curl.ini ****
extension=curl.so
**** /etc/php5/cli/conf.d/10-pdo.ini ****
extension=pdo.so
**** /etc/php5/cli/conf.d/20-pgsql.ini ****
extension=pgsql.so
**** /etc/php5/cli/conf.d/20-apcu.ini ****
extension=apcu.so
**** /etc/php5/cli/conf.d/20-mysqli.ini ****
extension=mysqli.so
**** /etc/php5/cli/conf.d/20-imagick.ini ****
extension=imagick.so
**** /etc/php5/cli/conf.d/20-pdo_pgsql.ini ****
extension=pdo_pgsql.so
**** /etc/php5/cli/conf.d/05-opcache.ini ****
zend_extension=opcache.so
**** /etc/php5/cli/conf.d/20-readline.ini ****
extension=readline.so
**** /etc/php5/cli/conf.d/20-gd.ini ****
extension=gd.so
-- System Information:
Debian Release: 8.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/3 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages php5-cli depends on:
ii libbz2-1.0 1.0.6-7+b3
ii libc6 2.19-18+deb8u6
ii libcomerr2 1.42.12-2
ii libdb5.3 5.3.28-9
ii libedit2 3.1-20140620-2
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
ii libk5crypto3 1.12.1+dfsg-19+deb8u2
ii libkrb5-3 1.12.1+dfsg-19+deb8u2
ii libmagic1 1:5.22+15-2+deb8u2
ii libonig2 5.9.5-3.2
ii libpcre3 2:8.35-3.3+deb8u4
ii libqdbm14 1.8.78-5+b1
ii libssl1.0.0 1.0.1t-1+deb8u4
ii libxml2 2.9.1+dfsg1-5+deb8u3
ii mime-support 3.58
ii php5-common 5.6.24+dfsg-0+deb8u1
ii php5-json 1.3.6-1
ii tzdata 2016f-0+deb8u1
ii ucf 3.0030
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages php5-cli recommends:
ii php5-readline 5.6.24+dfsg-0+deb8u1
Versions of packages php5-cli suggests:
ii php-pear 5.6.24+dfsg-0+deb8u1
Versions of packages php5-common depends on:
ii libc6 2.19-18+deb8u6
ii lsof 4.86+dfsg-1
ii psmisc 22.21-2
ii sed 4.2.2-4+b1
ii ucf 3.0030
Versions of packages php5-common suggests:
ii php5-apcu [php5-user-cache] 4.0.7-1
-- no debconf information
Bug reassigned from package 'php5-cli' to 'openssl'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 23 Sep 2016 20:27:03 GMT) (full text, mbox, link).
No longer marked as found in versions php5/5.6.24+dfsg-0+deb8u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 23 Sep 2016 20:27:04 GMT) (full text, mbox, link).
Marked as found in versions openssl/1.0.1t-1+deb8u4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 23 Sep 2016 20:27:05 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Fri, 23 Sep 2016 20:27:15 GMT) (full text, mbox, link).
Notification sent
to Arno Peters <info@figment-it.com>:
Bug acknowledged by developer.
(Fri, 23 Sep 2016 20:27:15 GMT) (full text, mbox, link).
Message #16 received at 838657-done@bugs.debian.org (full text, mbox, reply):
Source: openssl
Source-Version: 1.0.1t-1+deb8u5
Hi
On Fri, Sep 23, 2016 at 12:39:55PM +0200, Arno Peters wrote:
> Package: php5-cli
> Version: 5.6.24+dfsg-0+deb8u1
> Severity: normal
> File: /usr/bin/php5
>
> Dear Maintainer,
>
> This is on Debian Jessie fully updated.
>
> This problem surfaced in using composer after installing yesterday's security
> release of OpenSSL.
>
> libssl1.0.0/stable,now 1.0.1t-1+deb8u4 amd64 [geïnstalleerd,automatisch]
Thanks a lot for your report, I did reassign to openssl.
This is a bug/regression in the recent openssl DSA. The followupg
regression update DSA-3673-2 fixes this issue.
Regards,
Salvatore
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 22 Oct 2016 07:27:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 02:45:13 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.