Upgraded Apache 2.0 to 2.2 devel tree, and existing suPHP stopped working as intentended. Tried recompiling both PHP & suPHP against newer Apache 2.2, and recompiled again and again with same results. When using "-D SUPHP" in /etc/conf.d/apache2, Apache child processes die when a webpage is accessed: [Fri Sep 07 16:14:29 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Sep 07 16:14:31 2007] [notice] Apache/2.2.4 (Unix) configured -- resuming normal operations [Fri Sep 07 16:14:48 2007] [notice] child pid 7834 exit signal Segmentation fault (11) [Fri Sep 07 16:14:48 2007] [notice] child pid 7835 exit signal Segmentation fault (11) [Fri Sep 07 16:14:48 2007] [notice] child pid 7836 exit signal Segmentation fault (11) Reproducible: Always Steps to Reproduce: 1. Compile Apache, PHP with CGI/fastcgi support, not DSO module (use flags mentioned in Additional Info section) 2. Compile suPHP 3. Setup /etc/suphp.conf file (file content in Additional Info section) 4. Configure apache (I have mine setup with VirtualHost configuration) 5. start apache Actual Results: No data is displayed to the web browser or screen. /var/log/apache2/error_log displays: [Fri Sep 07 16:14:29 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Sep 07 16:14:31 2007] [notice] Apache/2.2.4 (Unix) configured -- resuming normal operations [Fri Sep 07 16:14:48 2007] [notice] child pid 7834 exit signal Segmentation fault (11) [Fri Sep 07 16:14:48 2007] [notice] child pid 7835 exit signal Segmentation fault (11) [Fri Sep 07 16:14:48 2007] [notice] child pid 7836 exit signal Segmentation fault (11) [Fri Sep 07 16:15:08 2007] [notice] child pid 7837 exit signal Segmentation fault (11) /var/log/apache2/suphp.log & /var/log/apache2/suexec.log do not contain any errors. No other logs show any pertinent information or errors. Expected Results: Webpage should be displayed after being parsed via PHP CGI. Example of working existing Apache 2.0 server with PHP CGI & suPHP: http://www.runs-with-scissors.com/ ... Personal system running Apache 2.2 w/ PHP CGI & suPHP, all using identical USE flags: http://68.2.193.22:36460/ No compile time errors of special note. 'emerge --info' output below. -- Associated & installed programs: app-admin/apache-tools-2.2.4-r4 dev-libs/apr-0.9.12 dev-libs/apr-1.2.8 dev-libs/apr-util-0.9.12-r1 dev-libs/apr-util-1.2.8-r1 www-apache/libapreq2-2.08-r2 dev-lang/php-5.2.4_pre200708051230-r2 USE="cli cgi discard-path force-cgi-redirect bcmath berkdb bzip2 calendar cjk crypt ctype curl exif filter flatfile ftp gd gdbm gmp hash iconv imap inifile ipv6 mhash mysql mysqli ncurses nls pcntl pcre pdo readline reflection session sharedext sharedmem simplexml snmp sockets spell spl sqlite ssl suhosin -sysvipc tidy tokenizer truetype unicode wddx xml xmlreader xmlwriter xsl zip zlib -concurrentmodphp -threads -fastbuild -apache -apache2 -adabas -birdstep -cdb -curlwrappers -db2 -dbase -dbmaker -debug -doc -empress -empress-bcs -esoob -frontbase -fdftk -firebird -gd-external -interbase -iodbc -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -msql -mssql -oci8 -oci8-instant-client -odbc -pdo-external -postgres -qdbm -recode -sapdb -soap -solid -sybase -sybase-ct -xmlrpc -xpm -yaz -zip-external" www-servers/apache-2.2.4-r12 USE="mpm-prefork ssl -threads -mpm-worker -mpm-itk -mpm-peruser -mpm-event -selinux -debug -doc -ldap -no-suexec -static-modules" www-apache/mod_suphp-0.6.2-r1 USE="checkpath mode-owner -mode-force -mode-paranoid" -- /etc/suPHP.conf file: [global] ;Path to logfile logfile=/var/log/apache2/suphp_log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in ;(all my content is on a separate partition, /usr2) docroot=/usr2 ; Security options allow_file_group_writeable=false allow_file_others_writeable=false allow_directory_group_writeable=false allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=true ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=1000 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-php=php:/usr/lib/php5/bin/php-cgi x-httpd-php3=php:/usr/lib/php5/bin/php-cgi x-httpd-php4=php:/usr/lib/php5/bin/php-cgi x-httpd-php5=php:/usr/lib/php5/bin/php-cgi x-httpd-phtml=php:/usr/lib/php5/bin/php-cgi ;Handler for CGI-scripts x-suphp-cgi=execute:!self -- /etc/apache2/modules.d/70_mod_suphp.conf: only change made was to comment out the following: # if you're using owner mode comment the following line #SuPHP_UserGroup apache apache -- # emerge --info Portage 2.1.3.7 (default-linux/x86/2007.0, gcc-4.2.0, glibc-2.6.1-r0, 2.6.22-gentoo-r5 i686) ================================================================= System uname: 2.6.22-gentoo-r5 i686 Pentium III (Katmai) Gentoo Base System release 1.12.10 Timestamp of tree: Fri, 07 Sep 2007 09:20:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.31-r7 dev-lang/python: 2.4.4-r4, 2.5.1-r2 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.10-r4 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18 sys-devel/gcc-config: 1.4.0-r2 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y " FEATURES="ccache distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://gentoo.mirrors.easynews.com/linux/gentoo/ http://mirror.espri.arizona.edu/gentoo/ ftp://gentoo.cites.uiuc.edu/pub/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" USE="acl apache2 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm iconv imap ipv6 isdnlog libwww maildir mailwrapper midi mudflap mysql ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection sasl session snmp spl ssl tcpd threads truetype truetype-fonts type1-fonts unicode x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
i've just added mod_backtrace to the tree, please sync, emerge apache-2.2.6 with USE="debug", emerge mod_backtrace and enable it via -DBACKTRACE in /etc/conf.d/apache2. You should get a backtrace in /var/log/apache2/backtrace_log
Fix: In file src/apache2/mod_suphp.c: AP_INIT_ITERATE("suPHP_AddHandler", suphp_handle_cmd_add_handler, NULL, ACCESS_CONF, "Tells mod_suphp to handle these MIME-types"), changing to: AP_INIT_ITERATE("suPHP_AddHandler", suphp_handle_cmd_add_handler, NULL, RSRC_CONF | ACCESS_CONF, "Tells mod_suphp to handle these MIME-types"),
As requested, I ran 'emerge --sync', and since I run pretty much pure ~x86, it updated portage, apache to 2.2.6, PHP to 5.2.4, APR to 1.2.11 & apr-util to 1.2.10. I also ran 'emerge -1 mod_suphp' to ensure it was compiled for the latest apache, et al. For the record, I did set Apache's USE=debug flag. When all was said and done, I went to install mod_backtrace, and this is what I got: >>> Compiling source in /var/tmp/portage/www-apache/mod_backtrace-0.0.1/work/mod_backtrace-0.0.1 ... /usr/bin/libtool --silent --mode=compile i686-pc-linux-gnu-gcc -prefer-pic -march=pentium3 -O2 -pipe -fomit-frame-pointer -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DAP_DEBUG -pthread -I/usr/include/apache2 -I/usr/include/apr-1 -I/usr/include/apr-1 -I/usr/include/db4.6 -I/usr/include/mysql -c -o mod_backtrace.lo mod_backtrace.c && touch mod_backtrace.slo mod_backtrace.c:82: error: expected ')' before '*' token mod_backtrace.c: In function 'bt_register_hooks': mod_backtrace.c:159: error: 'bt_exception_hook' undeclared (first use in this function) mod_backtrace.c:159: error: (Each undeclared identifier is reported only once mod_backtrace.c:159: error: for each function it appears in.) apxs:Error: Command failed with rc=65536 . * * ERROR: www-apache/mod_backtrace-0.0.1 failed. * Call stack: * ebuild.sh, line 1654: Called dyn_compile * ebuild.sh, line 990: Called qa_call 'src_compile' * ebuild.sh, line 44: Called src_compile * ebuild.sh, line 1334: Called apache-module_src_compile * apache-module.eclass, line 364: Called apache2_src_compile * apache-module.eclass, line 257: Called die * * /usr/sbin/apxs2 -c mod_backtrace.c failed * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/tmp/portage/www-apache/mod_backtrace-0.0.1/temp/build.log'. * I'm kind of wondering if I hosed my system somehow. Odd though, I have ran 'emerge -NDua world' and 'revdep-rebuild' and nothing appears askew. If you want me to post an updated 'emerge --info' let me know. I'm hoping the last comment prior to this one helps where my crashed compile does not.
fixed in 0.6.2-r2 (In reply to comment #3) > When all was said and done, I went to install mod_backtrace, and this is what I > got: You probably synced too early, i have added the exception hook option to 2.2.6 after it was first added to the tree
This doesn't seem to have been fixed :-\ I did manage to get mod_backtrace installed, and I set my /etc/conf.d/apache2 options to include '-D DEBUG -D BACKTRACE'. Upon starting Apache, it hangs... as if it is not going into the background. The error_log shows it starting up, a bit slowly, but starting... Upon accessing a webpage, the startup script that is hanging, dies: # /etc/init.d/apache2 start * Starting apache2 ... /lib/rcscripts/sh/rc-daemon.sh: line 231: 32051 Segmentation fault /sbin/start-stop-daemon '--start' '--exec' '/usr/sbin/apache2' '--' '-D' 'DEFAULT_VHOST' '-D' 'ERRORDOCS' '-D' 'INFO' '-D' 'LANGUAGE' '-D' 'DEBUG' '-D' 'BACKTRACE' '-D' 'SUEXEX' '-D' 'PERL' '-D' 'AUTH_MYSQL' '-D' 'LIMITIPCONN' '-D' 'SUPHP' '-d' '/usr/lib/apache2' '-f' '/etc/apache2/httpd.conf' '-k' 'start' [ !! ] Nothing else in error_log, and no backtrace.log file. I removed '-D DEBUG' from /etc/conf.d/apache2 and left '-D BACKTRACE' in place. Apache started up without any issues, and no errors. Attempted to access a webpage, and I received the following in the error_log: [Sun Sep 09 16:58:06 2007] [notice] child pid 32220 exit signal Segmentation fault (11) The content of the 'backtrace_log' file contained the following: [Sun Sep 9 16:58:05 2007] pid 32220 mod_backtrace backtrace for sig 11 (thread "pid" 32220) [Sun Sep 9 16:58:05 2007] pid 32220 mod_backtrace main() is at 80660f0 /usr/lib/apache2/modules/mod_backtrace.so[0xb7799a43] [0x70655320] [Sun Sep 9 16:58:05 2007] pid 32220 mod_backtrace end of backtrace Currently used programs: app-admin/apache-tools-2.2.6 www-servers/apache-2.2.6 app-admin/php-toolkit-1.0-r2 dev-lang/php-5.2.4 www-apache/mod_suphp-0.6.2-r2 www-apache/mod_auth_mysql-3.0.0-r2 www-apache/mod_backtrace-0.0.1 www-apache/mod_limitipconn-0.22-r1 www-apache/mod_perl-2.0.3-r1 www-apache/mod_security-2.1.2 www-apache/mod_suphp-0.6.2-r2 Since I modified my system a small bit, here's an updated 'emerge --info': Portage 2.1.3.9 (default-linux/x86/2007.0, gcc-4.2.0, glibc-2.6.1-r0, 2.6.22-gentoo-r5 i686) ================================================================= System uname: 2.6.22-gentoo-r5 i686 Pentium III (Katmai) Timestamp of tree: Sun, 09 Sep 2007 18:20:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.0.31-r7 dev-lang/python: 2.4.4-r4, 2.5.1-r2 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.10-r4 sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18.50.0.1 sys-devel/gcc-config: 1.4.0-r2 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y " FEATURES="ccache distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://gentoo.mirrors.easynews.com/linux/gentoo/ http://mirror.espri.arizona.edu/gentoo/ ftp://gentoo.cites.uiuc.edu/pub/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" USE="acl apache2 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm iconv imap ipv6 isdnlog libwww maildir mailwrapper midi mudflap mysql ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection sasl session snmp spl ssl tcpd threads truetype truetype-fonts type1-fonts unicode x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
FYI, I tried to upgrade my production server (stable x86 with few ~x86 packages), thinking that my test box that has all packages set to the ~x86 mask, might be broken. As I figured, suphp/apache stopped working as my test box. I received the same signal 11 errors, and also an error in trying to install mod_backtrace into Apache 2.2.4-r12. I am guessing this might be due to you requesting Apache 2.2.6 be used, though, as a production server, I couldn't afford to have further downtime, and I am currently downgrading back to Apache 2.0.59. Below is my production server's 'emerge --info': Portage 2.1.2.12 (default-linux/x86/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r2 i686) ================================================================= System uname: 2.6.22-gentoo-r2 i686 AMD Athlon(tm) processor Gentoo Base System release 1.12.9 Timestamp of tree: Sun, 09 Sep 2007 09:50:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=athlon -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y " FEATURES="ccache distlocks metadata-transfer sandbox sfperms strict userpriv" GENTOO_MIRRORS="http://gentoo.mirrors.easynews.com/linux/gentoo/ http://mirror.espri.arizona.edu/gentoo/ ftp://gentoo.cites.uiuc.edu/pub/gentoo/ http://gentoo.cites.uiuc.edu/pub/gentoo/" LANG="en_US" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="acl apache2 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm iconv imap ipv6 isdnlog libwww maildir mailwrapper midi mudflap mysql ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection sasl session snmp spl ssl tcpd threads truetype truetype-fonts type1-fonts unicode vhosts x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Hi, I have the same issue, [ebuild R ] dev-lang/php-5.2.4_pre200708051230-r2 USE="berkdb bzip2 cgi cli crypt ctype curl ftp gd gdbm hash iconv imap mhash mysql ncurses nls pcntl pcre readline reflection session sockets spl sqlite ssl suhosin unicode xml zip zlib -adabas -apache2 -bcmath -birdstep -calendar -cdb -cjk -concurrentmodphp -curlwrappers -db2 -dbase -dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob -exif -fastbuild -fdftk -filter -firebird -flatfile -force-cgi-redirect -frontbase -gd-external -gmp -inifile -interbase -iodbc -ipv6 -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -msql -mssql -mysqli -oci8 -oci8-instant-client -odbc -pdo -pdo-external -pic -posix -postgres -qdbm -recode -sapdb -sharedext -sharedmem -simplexml -snmp -soap -solid -spell -sybase -sybase-ct -sysvipc -threads -tidy -tokenizer -truetype -wddx -xmlreader -xmlrpc -xmlwriter -xpm -xsl -yaz -zip-external" 6,981 kB [ebuild R ] www-apache/mod_suphp-0.6.2-r2 USE="mode-paranoid -checkpath -mode-force -mode-owner" 0 kB I tried using mod_backtrace with apache 2.2.6 but it segfaults when trying to start apache.
same things here... In the backtrace log file is see this: /usr/lib/apache2/modules/mod_backtrace.so[0xb794bb26] [Tue Sep 11 13:46:02 2007] pid 7750 mod_backtrace end of backtrace [Tue Sep 11 13:46:02 2007] pid 7763 mod_backtrace backtrace for sig 11 (thread "pid" 7763) [Tue Sep 11 13:46:02 2007] pid 7763 mod_backtrace main() is at 8061b88 /usr/lib/apache2/modules/mod_backtrace.so[0xb794bb26] [Tue Sep 11 13:46:02 2007] pid 7763 mod_backtrace end of backtrace [Tue Sep 11 13:46:03 2007] pid 7767 mod_backtrace backtrace for sig 11 (thread "pid" 7767) [Tue Sep 11 13:46:03 2007] pid 7767 mod_backtrace main() is at 8061b88 /usr/lib/apache2/modules/mod_backtrace.so[0xb794bb26] [Tue Sep 11 13:46:03 2007] pid 7767 mod_backtrace end of backtrace If you want more infos as already in this bug report I can provide them.
Alexander, Did you recompile apache with USE="debug" and enable -D DEBUG in /etc/conf.d/apache2? Because I got the same output as you without doing those steps, and as far a debugging info goes it looks pretty meaningless =) at least to me anyway. When trying to run mod_backtrace with debugging compiled into apache and enabled, I got a segfault trying to start apache.. is that the same for you? Mark
(In reply to comment #9) Mark, no I did not used the -D DEBUG option. With it my apache hangs while starting. But hollow has not said that it has to be enabled... Or have i overread that?
(In reply to comment #10) > Mark, > no I did not used the -D DEBUG option. With it my apache hangs while starting. > But hollow has not said that it has to be enabled... Or have i overread that? > Without -D DEBUG it will not log any debug information. Regards, Mark
at least the default configuration does not include any DEBUG defines ... although this is the debian patch which was reported as working to me it still is broken, i'll have to setup a suphp setup first to investigate ..
i tried to setup mod_suphp, but it does neither segfault nor work after two hours of playing around ... so, if anyone has a fix, i will add it, but no time to play with this crap anymore now
I'd provide a fix if I could... but I'm not a coder. I will retry enabling DEBUG with BACKTRACE and recompiling forever, to try and get a good backtrace log. So far, Apache never fully starts up, and segfaults if I enable both *and* try to connect to a webpage before it fully starts up (it never states "Apache/2.2.6 configured -- resuming normal operations" or the like when trying to enable DEBUG & BACKTRACE). Using SuPHP is fairly important to me, as it is a far better alternative than SuEXEC at providing security options with PHP, moreso than installing as a DSO module. Just my own needs though. I already have it running without any issues whatsoever on Slackware & CentOS, so it seems to be something with the way the Gentoo packaging :-\
have you considered to use the general (and IMO much saner) approach of mpm-itk or mpm-peruser for executing things under the right UID/GID?
I used to use SuEXEC, but then PHP scripts need to be chmod 755 to be used, and I dislike things being chmod 755 on a filesystem if they don't have to be executable. Using SuEXEC, I'd also have to pull off tricks like: echo ':PHP:E::php::/usr/local/bin/php:' > /proc/sys/fs/binfmt_misc/register echo ':PHP3:E::php3::/usr/local/bin/php:' > /proc/sys/fs/binfmt_misc/register echo ':PHP4:E::php4::/usr/local/bin/php:' > /proc/sys/fs/binfmt_misc/register Secondly, while I have been criticized for using Gentoo on a production server, it has served my needs, very, VERY well, and for production servers, I don't want software that is still not widely tested. SuPHP somewhat falls into this category, but has tested out perfectly in many environments, from CentOS (RHES) to Slackware. mod_itk & mod_peruser both admit to not being fully tested/usable, and possibly not completely ready for stable environments. Case in point, mod_peruser has experimental support fro SSL (http://www.telana.com/peruser.php), which I require to be stable and usable. mod_itk's warnings & quirks (http://mpm-itk.sesse.net/) also set me slightly on edge. What I need, is something that executes PHP using the UID/GID of the owner of the script, and locks the user inside of their directory. I don't want them to access /etc/passwd or anything outide of their home directory. I'd like hosting customers to come to my system, and not have to learn to set PHP scripts to chmod 755 or require them to put everything in a php/ subdirectory or any weird stuff. SuPHP is everything SuEXEC is, but better, and made for PHP. mod_itk seems to run scripts as the user, but doesn't mention jailing the user within directories, or ensuring only chmod 640 scripts are parsed/executed... mod_peruser seems to say they do, but again, SSL support is experimental. On another note, I did remove mod_suphp from my Gentoo systems, and installed it manually from source, without using emerge. It installed and apache didn't complain, except I still received the segfault (11) error on Apache child processes. This leads me to believe it is something in Gentoo's Apache build. While I wish I could unmerge Apache and install from source, then emerge suPHP, it'd break everything that requires apache in my ebuilds. I do know however, that Apache2.2 & suPHP work together... as I have it running fine on two systems, one CentOS5, and the other Slackware 12.0. The frustrating part is, when I enable the debug module (via '-D DEBUG' in /etc/conf.d/apache2) and run "/etc/init.d/apache2 start" it never fully starts, just hangs. Connecting to a webpage, then crashes it: # /etc/init.d/apache2 start * Starting apache2 ... /lib/rcscripts/sh/rc-daemon.sh: line 231: 27823 Segmentation fault /sbin/start-stop-daemon '--start' '--exec' '/usr/sbin/apache2' '--' '-D' 'DEFAULT_VHOST' '-D' 'ERRORDOCS' '-D' 'INFO' '-D' 'LANGUAGE' '-D' 'DEBUG' '-D' 'SUPHP' '-d' '/usr/lib/apache2' '-f' '/etc/apache2/httpd.conf' '-k' 'start' Thanks for your continued testing... if I can help in any way whatsoever to further diagnose and troubleshoot these issues, let me know.
I can confirm that Apache 2.2.3/SuPHP works on the latest debian-testing, so yeah it must be the Gentoo Apach ebuild. I have tried to use mpm-peruser but for some reason the latest php ebuild on gentoo doesn't seem to emerge properly with USE="apache2". I emerged'd it, it compiles and then gets to the point where the source is built and just starts recompiling again! Very odd. Really wish this bug could be fixed soon, but i can't complain as I'm not doing much to help :P
i'm still not sure what -D DEBUG does for you, because it does not exist in our configuration: apache22t / # grep DEBUG -r /etc/apache2/ apache22t / #
and regarding suphp: i don't get segfaults, but i seem to be too dumb to set it up, the suphp_log says 'Executing "/var/www/localhost/htdocs/info.php" as UID 81, GID 81' but i get a "500 Internal Server" error back with nothing in the logs. the strange thing is: if i try to strace apache with suphp, i get "SecurityException in Application.cpp:168: Do not have root privileges. Executable not set-uid root?" in the logs, but suphp is setuid root. so either i'm too dumb, or i hit another problem ...
Benedikt, (In reply to comment #19) > and regarding suphp: i don't get segfaults, but i seem to be too dumb to set it > up, the suphp_log says 'Executing "/var/www/localhost/htdocs/info.php" as UID > 81, GID 81' but i get a "500 Internal Server" error back with nothing in the > logs. the strange thing is: if i try to strace apache with suphp, i get > "SecurityException in Application.cpp:168: Do not have root privileges. > Executable not set-uid root?" in the logs, but suphp is setuid root. so either > i'm too dumb, or i hit another problem ... > That sounds like its configured wrong. 81 is the uid and gid of the Apache user, SuPHP is meant to execute PHP scripts as other users. I think the user has to be above uid 1000 too. Try creating a new user and group, and specify them in the apache <VirtualHost> block: suPHP_UserGroup <username> <groupname> Also check that all the code in the htdocs directory for that website is chown'd to that user and group, and ensure you have -D SUPHP set in /etc/conf.d/apache2 and that -D PHP5 is _NOT_ set as this will activate the DSO module and break suphp. Also check that the path to the php5-cgi binary is correct in /etc/suphp.conf. If you still have problems please post your /etc/suphp.conf & btw -D DEBUG won't exist in your apache config unless you compile apache with USE="debug" Regards, Mark
(In reply to comment #20) > Also check that the path to the php5-cgi binary is > correct in /etc/suphp.conf. I feel so dumb. Of course i need USE=cgi for php! So ... it works pretty well here, no segfaults, right UID etc ... *shrug* Did you recompile all modules after upgrading to 2.2? To find all your module packages use sth like "qfile -qC /usr/lib/apache2/modules/*.so|sort -u" > & btw -D DEBUG won't exist in your apache config unless you compile apache with > USE="debug" not with our default config... we just enable maintainer-mode in ./configure with USE=debug, there are no configuration changes we make
> Did you recompile all modules after upgrading to 2.2? To find all your module > packages use sth like "qfile -qC /usr/lib/apache2/modules/*.so|sort -u" I don't have the 'qfile' command, and google wasn't very helpful. What package is this in? I am setting up a test system in vmware to see if I can get this working with a fresh install of apache/php etc. Will post back here with results. Mark
(In reply to comment #21) > Did you recompile all modules after upgrading to 2.2? To find all your module > packages use sth like "qfile -qC /usr/lib/apache2/modules/*.so|sort -u" # qfile -qC /usr/lib/apache2/modules/*.so|sort -u www-apache/mod_cband www-apache/mod_suphp www-servers/apache The only module not recompiled was mod_cband but this was never enabled anyway. I think there is something else at fault here.. im still setting up my test system, if that still segfaults maybe I can give you access to it Benedikt, if you're willing to have a look? It's vmware so won't contain any critical data. Mark
yeah, we can debug that, but since debugging apache is rather hard i'd suggest you stop by in irc.freenode.net #gentoo-apache and we can go through it ... currently at railsconf, will be availabe at about 6pm CEST ..
(In reply to comment #24) > yeah, we can debug that, but since debugging apache is rather hard i'd suggest > you stop by in irc.freenode.net #gentoo-apache and we can go through it ... > currently at railsconf, will be availabe at about 6pm CEST .. I think that's about 5pm BST which is when I finish work and start my 2-hour journey home :/ Are you around after 7pm BST? (i think this would be 8pm CEST but not sure). Failing that I can just email you with ssh details for my vmware test environment.. with a brand new installation of apache/suphp it is still segfaulting. Mark
I have recompiled everything I could find that was apache related, including APR & APR-util. In regards to your suphp config, it should use the UID/GID of the owner of the file you're trying to run, and it must be above the min UID/GID specified in suphp's config file. Which is one thing Gentoo doesn't seem to do, is setup a default config for suphp in /etc/. If you want to try seeing what I'm getting, try these config/use flags that I have setup for Apache, PHP & suPHP: =dev-lang/php-5* cli cgi discard-path force-cgi-redirect bcmath berkdb bzip2 calendar cjk crypt ctype curl exif filter flatfile ftp gd gdbm gmp hash iconv imap inifile ipv6 mhash mysql mysqli ncurses nls pcntl pcre pdo readline reflection session sharedext sharedmem simplexml snmp sockets spell spl sqlite ssl suhosin -sysvipc tidy tokenizer truetype unicode wddx xml xmlreader xmlwriter xsl zip zlib -concurrentmodphp -threads -fastbuild -apache -apache2 -adabas -birdstep -cdb -curlwrappers -db2 -dbase -dbmaker -debug -doc -empress -empress-bcs -esoob -frontbase -fdftk -firebird -gd-external -interbase -iodbc -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -msql -mssql -oci8 -oci8-instant-client -odbc -pdo-external -postgres -qdbm -recode -sapdb -soap -solid -sybase -sybase-ct -xmlrpc -xpm -yaz -zip-external www-apache/mod_suphp checkpath mode-owner -mode-force -mode-paranoid =www-servers/apache-2* mpm-prefork ssl -threads -mpm-worker -mpm-itk -mpm-peruser -mpm-event -selinux debug -doc -ldap -no-suexec /etc/conf.d/apache2 options: APACHE2_OPTS="-D DEFAULT_VHOST -D ERRORDOCS -D INFO -D LANGUAGE -D SUEXEC -D PERL -D AUTH_MYSQL -D LIMITIPCONN -D SUPHP" For suPHP, you need a config file, and the following is what I have in /etc/suphp.conf: [global] ;Path to logfile logfile=/var/log/apache2/suphp_log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path to chroot() to before executing script ;chroot=/mychroot ;Path all scripts have to be in docroot=/usr2 ; Security options allow_file_group_writeable=false allow_file_others_writeable=false allow_directory_group_writeable=false allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=true ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=1000 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-php=php:/usr/lib/php5/bin/php-cgi x-httpd-php3=php:/usr/lib/php5/bin/php-cgi x-httpd-php4=php:/usr/lib/php5/bin/php-cgi x-httpd-php5=php:/usr/lib/php5/bin/php-cgi x-httpd-phtml=php:/usr/lib/php5/bin/php-cgi ;Handler for CGI-scripts x-suphp-cgi=execute:!self and finally, /etc/apache2/modules.d/70_mod_suphp.conf: <IfDefine SUPHP> <IfModule !mod_suphp.c> LoadModule suphp_module modules/mod_suphp.so </IfModule> <IfModule mod_mime.c> AddType application/x-httpd-php .php AddType application/x-httpd-php5 .php5 AddType application/x-httpd-php4 .php4 AddType application/x-httpd-phtml .phtml AddType application/x-suphp-cgi .cgi .pl </IfModule> AddHandler x-httpd-php .php AddHandler x-httpd-php5 .php5 AddHandler x-httpd-php4 .php4 AddHandler x-httpd-phtml .phtml AddHandler x-suphp-cgi .cgi .pl suPHP_Engine on <Location /> SuPHP_AddHandler x-httpd-php SuPHP_AddHandler x-httpd-php5 SuPHP_AddHandler x-httpd-php4 SuPHP_AddHandler x-httpd-phtml SuPHP_AddHandler x-suphp-cgi </Location> # if you're using owner mode comment the following line #SuPHP_UserGroup apache apache AddDirectoryIndex index.php index.php5 index.php4 index.php3 index.phtml </IfDefine> As I've stated, I've tried this on two different Gentoo machines... one running pretty much all stable (non ~x86 mask) releases, and the other a goodly sum are ~x86/non-stable packages. They're also completely different hardware. However, I do use the same flags for both in /etc/portage/package.use & /etc/make.conf USE="..." Hope that helps...
I just found a working solution in the suphp mailinglist: http://article.gmane.org/gmane.comp.php.suphp.general/223 I did what was said in the post (changed --with-apr=/usr to --with-apr=/usr/bin/apr-1-config in the ebuild), and till now I did not recieved any segfault. Perhaps anyone else has also luck with this.
Work for me :) nice one!
Yes, Alexander seems to have found the solution. apache-2.0.* requires apr-0*, but apache-2.2.* requires apr-1*. Since they're both installed in parallel, and since apr-0* seems to be only required by mod_auth_nufw, which I don't use, I solved this problem by unmerging apr-0* and apr-util-0* and then reemerging apache, php and suphp. I don't know if it's necessary to reemerge all of them, but I did it anyway, and after that it worked fine.
Well I'll be ... !! Thank you folks! I too, unmerged apr-0* & apr-util-0*, re-emerged apache, php & mod_suphp, and it works! I feel like a dolt for not trying, though the last time I tried removing apr-0*, it was required by something else and a new 'emerge -NDua world' or 'revdep-rebuild' ended up re-emerging that package.
do not resolve bugs if they're not fixed
0.6.2-r3 now in cvs
This breaks mod_suphp with 2.0.61 - segfaults on almost every access.
ok, will look at it tomorrow ..
What's the status of this one? I also have problems with the default ebuild of mod_suphp-0.6.2-r3 under apache-2.0.59-r5. However, if I change --with-apr=/usr/bin/$(apr_config)" to --with-apr=/usr/bin/" it seemed to work fine. I would just move up to apache-2.2.6, but I have to sort out that configuration on our test server before I load it onto our production server.
Do you have two versions of APR installed? "equery l apr" should tell you if you have gentoolkit installed. Apache-2.0 utilizes APR-0*, and Apache-2.2 utilizes APR-1*. If you have both installed it will not work, and you will get segfaults.
(In reply to comment #36) > Do you have two versions of APR installed? "equery l apr" should tell you if > you have gentoolkit installed. Apache-2.0 utilizes APR-0*, and Apache-2.2 > utilizes APR-1*. If you have both installed it will not work, and you will get > segfaults. > # equery l apr [ Searching for package 'apr' in all categories among: ] * installed packages [I--] [ ] dev-libs/apr-0.9.12 (0) [I--] [ ] dev-libs/apr-1.2.8 (1) [I--] [ ] dev-libs/apr-util-0.9.12-r1 (0) [I--] [ ] dev-libs/apr-util-1.2.8 (1) [I--] [ ] x11-proto/xf86dgaproto-2.0.2 (0) [I--] [ ] x11-proto/xineramaproto-1.1.2 (0) So I do have both installed however I also get this: # equery depends '=dev-libs/apr-1.2.8' [ Searching for packages depending on =dev-libs/apr-1.2.8... ] dev-libs/apr-util-1.2.8 (~dev-libs/apr-1.2.8) # equery depends '=dev-libs/apr-util-1.2.8' [ Searching for packages depending on =dev-libs/apr-util-1.2.8... ] dev-util/subversion-1.3.2-r4 (>=dev-libs/apr-util-1.2.8) Unfortuneately, it would seem that *both* versions are dependancies for seperate installed ebuilds. Given this, the ebuild for mod_suphp would be better off checking on the installed version of apache and set the config value based on *that* rather then using the "apr_config" variable to get basically what the latest version is on the system which, like in this case, may not be the only one that is used.
apr-0 is now masked, i fixed mod_suphp to depend on apache-2.2 and use apr-1 only.