Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 187120 - dev-lang/php-5.2.3-r3 causes apache child processes to segfault on session_start()
Summary: dev-lang/php-5.2.3-r3 causes apache child processes to segfault on session_st...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: High major (vote)
Assignee: PHP Bugs
URL:
Whiteboard:
Keywords:
: 187130 187131 187513 (view as bug list)
Depends on:
Blocks: 180556
  Show dependency tree
 
Reported: 2007-07-30 12:17 UTC by Tony Vroon
Modified: 2007-08-10 19:35 UTC (History)
15 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tony Vroon gentoo-dev 2007-07-30 12:17:49 UTC
While php-5.2.3-r3 compiles without errors and merges to disk, and the apache daemon starts, no content is ever served. Instead, any child process that is to serve a PHP page encounters a segmentation fault. At the client end, the browser serves a completely empty page, but no error message.
Example apache run (wildcard certificate, warnings unrelated):
[Mon Jul 30 12:36:38 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2)
[Mon Jul 30 12:36:38 2007] [warn] RSA server certificate CommonName (CN) `*.linx.net' does NOT match server name!?
[Mon Jul 30 12:36:38 2007] [notice] Digest: generating secret for digest authentication ...
[Mon Jul 30 12:36:38 2007] [notice] Digest: done
[Mon Jul 30 12:36:38 2007] [warn] RSA server certificate CommonName (CN) `*.linx.net' does NOT match server name!?
[Mon Jul 30 12:36:38 2007] [notice] Apache configured -- resuming normal operations
[Mon Jul 30 12:36:43 2007] [notice] child pid 18812 exit signal Segmentation fault (11)
[Mon Jul 30 12:36:45 2007] [notice] child pid 18813 exit signal Segmentation fault (11)
[Mon Jul 30 12:38:50 2007] [notice] child pid 18814 exit signal Segmentation fault (11)
[Mon Jul 30 12:39:03 2007] [notice] child pid 18815 exit signal Segmentation fault (11)
[Mon Jul 30 12:39:07 2007] [notice] child pid 18816 exit signal Segmentation fault (11)
[Mon Jul 30 12:39:08 2007] [notice] child pid 18817 exit signal Segmentation fault (11)
[Mon Jul 30 12:39:11 2007] [notice] child pid 18818 exit signal Segmentation fault (11)
[Mon Jul 30 12:43:49 2007] [notice] child pid 18842 exit signal Segmentation fault (11)
[Mon Jul 30 12:46:00 2007] [notice] caught SIGTERM, shutting down

I recompiled apache to make sure it wasn't anything internal to apache 2.0.58-r2, but this did not resolve the issue. I then downgraded PHP to 5.2.2-r1 and it was served pages again.

Machine information:
Portage 2.1.2.9 (hardened/amd64, gcc-3.4.6, glibc-2.5-r4, 2.6.20-hardened-r5 x86_64)
=================================================================
System uname: 2.6.20-hardened-r5 x86_64 Dual-Core AMD Opteron(tm) Processor 2218
Gentoo Base System release 1.12.9
Timestamp of tree: Sun, 29 Jul 2007 23:20:01 +0000
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.23b
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=opteron -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=opteron -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_GB.UTF-8"
LC_ALL="en_GB.UTF-8"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/srv/gentoo/overlay /usr/local/portage"
SYNC="rsync://red.linx.net/gentoo-portage"
USE="amd64 apache2 bash-completion berkdb bzip2 calendar cli cracklib crypt elf expat gd hardened iconv imap innodb ipv6 jpeg justify lm_sensors mpm-prefork mysql ncurses nls no-old-linux nptl nptlonly pam pcre perl pic pie png posix postgres python readline sensord session sse sse2 ssl tokenizer truetype unicode urandom vhosts xml xml2 xmlrpc zlib" ELIBC="glibc" KERNEL="linux" USERLAND="GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Please consider dropping the keyword as this will trip people up something fierce. You don't see the failure until it is too late, and if 5.2.3-r3 is keyworded on all arches devs might burn the downgrade bridges and leave people stranded.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-07-30 13:49:13 UTC
*** Bug 187130 has been marked as a duplicate of this bug. ***
Comment 2 Tony Vroon gentoo-dev 2007-07-30 14:11:02 UTC
As requested by Jakub Moc, emerge -pv php output on the affected server:
[ebuild     U ] dev-lang/php-5.2.3-r3 [5.2.2-r1] USE="apache2 berkdb bzip2 calendar cli crypt gd iconv imap ipv6 mysql ncurses nls pcre pic posix postgres readline session ssl tokenizer truetype unicode xml xmlrpc zlib (-adabas) -bcmath (-birdstep) -cdb -cgi -cjk -concurrentmodphp -ctype -curl -curlwrappers -db2 -dbase (-dbmaker) -debug -discard-path -doc (-empress) (-empress-bcs) (-esoob) -exif -fastbuild (-fdftk) -filter (-firebird) -flatfile -force-cgi-redirect (-frontbase) -ftp -gd-external -gdbm -gmp -hash -inifile -interbase -iodbc -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -mhash -msql -mssql -mysqli -oci8 (-oci8-instant-client) -odbc -pcntl -pdo -pdo-external -qdbm -recode -reflection -sapdb -sharedext -sharedmem -simplexml -snmp -soap -sockets (-solid) -spell -spl -sqlite -suhosin (-sybase) (-sybase-ct) -sysvipc -threads -tidy -wddx -xmlreader -xmlwriter -xpm -xsl -yaz -zip -zip-external" 0 kB 
Comment 3 Carlos Silva (RETIRED) gentoo-dev 2007-07-30 14:42:07 UTC
this are my use flags for php. I'm running a x86 hardened box and everything is fine:
[ebuild   R   ] dev-lang/php-5.2.3-r3  USE="apache2 berkdb bzip2 cli crypt gd gmp mysql ncurses nls pcre pic readline session ssl threads unicode xml zlib -adabas -bcmath -birdstep -calendar -cdb -cgi -cjk -concurrentmodphp -ctype -curl -curlwrappers -db2 -dbase -dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob -exif -fastbuild -fdftk -filter -firebird -flatfile -force-cgi-redirect -frontbase -ftp -gd-external -gdbm -hash -iconv -imap -inifile -interbase -iodbc -ipv6 -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -mhash -msql -mssql -mysqli -oci8 (-oci8-instant-client) -odbc -pcntl -pdo -pdo-external -posix -postgres -qdbm -recode -reflection -sapdb -sharedext -sharedmem -simplexml -snmp -soap -sockets -solid -spell -spl -sqlite -suhosin -sybase -sybase-ct -sysvipc -tidy -tokenizer -truetype -wddx -xmlreader -xmlrpc -xmlwriter -xpm -xsl -yaz -zip -zip-external"
Comment 4 Bernhard Frauendienst 2007-07-30 14:58:31 UTC
I can confirm this bug, same thing, amd64 non-multilib hardened, also happens on apache-2.2.4-r10.

This problem doesn't occur with php-5.2.2-r1 btw, just for the record.

Adding mhash to the useflags (as someone suggested in #gentoo-php) doesn't help either.

I can paste my useflags if interested, I just don't have them handy since I masked this version of php :)
Comment 5 Benjamin Koren 2007-07-30 15:39:45 UTC
I can also confirm this with www-servers/lighttpd-1.4.15. Is it recommended that we rollback to a previous version of php for now?
Comment 6 Tony Vroon gentoo-dev 2007-07-30 15:52:56 UTC
(In reply to comment #5)
> I can also confirm this with www-servers/lighttpd-1.4.15. Is it recommended
> that we rollback to a previous version of php for now?

Benjamin, I can confirm that armin76 masked the problematic PHP version for uses of hardened Gentoo. So this is being handled. After a sync you should see PHP being downgraded again.
Hopefully a real fix is on the way.

Comment 7 Christian Heim (RETIRED) gentoo-dev 2007-07-30 16:26:04 UTC
Could anyone of you provide me with a simple way to make php go berserk (like tell me if a simple phpinfo(); makes php segfault) ?
Comment 8 Benjamin Koren 2007-07-30 17:53:06 UTC
I do not have simple way to replicate this problem. But I do know that Drupal (drupal.org) works fine, yet Serendipity weblog version 1.1.2 (http://www.s9y.org/) does not work as causes the segfault. Hope this helps.


(In reply to comment #7)
> Could anyone of you provide me with a simple way to make php go berserk (like
> tell me if a simple phpinfo(); makes php segfault) ?
> 

Comment 9 Carlos Silva (RETIRED) gentoo-dev 2007-07-30 18:52:14 UTC
(In reply to comment #8)
> I do not have simple way to replicate this problem. But I do know that Drupal
> (drupal.org) works fine, yet Serendipity weblog version 1.1.2
> (http://www.s9y.org/) does not work as causes the segfault. Hope this helps.
> 
> 
Well, then I can to comment too, to say that the test I made was with a drupal instalation.
Comment 10 Bernhard Frauendienst 2007-07-30 23:57:45 UTC
I had the problem with horde-imp and phpmyadmin, this should be sufficient for testing... however, phpBB for example worked fine so far ;)
Comment 11 Timo Gurr (RETIRED) gentoo-dev 2007-07-31 07:57:48 UTC
Same problems here with phpmyadmin. The box is a x86_64 running default-linux/amd64/2007.0 profile and apache-2.2.4-r10.

[ebuild   R   ] dev-lang/php-5.2.3-r3  USE="apache2 bzip2 cli crypt ctype gd gdbm iconv ipv6 mysql ncurses nls pcre readline reflection session spl ssl unicode xml zlib (-adabas) -bcmath -berkdb (-birdstep) -calendar -cdb -cgi -cjk -concurrentmodphp -curl -curlwrappers -db2 -dbase (-dbmaker) -debug -discard-path -doc (-empress) (-empress-bcs) (-esoob) -exif -fastbuild (-fdftk) -filter (-firebird) -flatfile -force-cgi-redirect (-frontbase) -ftp -gd-external -gmp -hash -imap -inifile -interbase -iodbc -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -mhash -msql -mssql -mysqli -oci8 (-oci8-instant-client) -odbc -pcntl -pdo -pdo-external -pic -posix -postgres -qdbm -recode -sapdb -sharedext -sharedmem -simplexml -snmp -soap -sockets (-solid) -spell -sqlite -suhosin (-sybase) (-sybase-ct) -sysvipc -threads -tidy -tokenizer -truetype -wddx -xmlreader -xmlrpc -xmlwriter -xpm -xsl -yaz -zip -zip-external" 0 kB [0]
Comment 12 Benjamin Koren 2007-07-31 15:33:24 UTC
If it helps any, I do not run a hardened toolchain - I only run a hardened kernel, with the following config. I am going to remove the config from the webserver after a few days or so, so if it is of use to you, you should download it. Thanks for all the hard work. Hope this helps: http://koren.us/bugs.gentoo.org-show_bug.cgi-id=187120.txt

Again, I am running lighttpd 1.4.15. Here are my lighttpd USE flags:

[ebuild   R   ] www-servers/lighttpd-1.4.15  USE="bzip2 fastcgi gdbm mysql pcre php ssl -doc -fam -ipv6 -ldap -lua -memcache -minimal -rrdtool -test -webdav -xattr"
Comment 13 Thomas Sachau gentoo-dev 2007-07-31 15:43:06 UTC
I have the same problem with lighttpd-1.4.15-r1, php-5.2.3-r3 and phpmyadmin on my hardened system (hardenend/athlon-xp). phpBB-3.0 RC4 and my own php Code work without any problem.

[ebuild   R   ] www-servers/lighttpd-1.4.15-r1  USE="bzip2 fastcgi lua mysql pcre php ssl -doc -fam -gdbm -ipv6 -ldap -memcache -minimal -rrdtool -test -webdav -xattr"

[ebuild   R   ] dev-lang/php-5.2.3-r3  USE="bzip2 cgi crypt ctype force-cgi-redirect gd imap mysql mysqli ncurses nls pcre pic readline session simplexml sockets ssl suhosin unicode zip zlib -adabas -apache2 -bcmath -berkdb -birdstep -calendar -cdb -cjk -cli -concurrentmodphp -curl -curlwrappers -db2 -dbase -dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob -exif -fastbuild -fdftk -filter -firebird -flatfile -frontbase -ftp -gd-external -gdbm -gmp -hash -iconv -inifile -interbase -iodbc -ipv6 -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -mhash -msql -mssql -oci8 (-oci8-instant-client) -odbc -pcntl -pdo -pdo-external -posix -postgres -qdbm -recode -reflection -sapdb -sharedext -sharedmem -snmp -soap -solid -spell -spl -sqlite -sybase -sybase-ct -sysvipc -threads -tidy -tokenizer -truetype -wddx -xml -xmlreader -xmlrpc -xmlwriter -xpm -xsl -yaz -zip-external" 0 kB
Comment 14 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2007-08-01 11:15:33 UTC
I also can configrm this bug on non-hardened, multilib, stable amd64 system.

Few interesting details:

* first, I was affected by bug 187131
* then, after switching to mod_php for it, it worked fine for a moment
* today it's broken, exactly same situation as in this bug

emerge '=php-5*' output with stripped out unused flags:

[ebuild   R   ] dev-lang/php-5.2.3-r3  USE="apache2 berkdb bzip2 cgi cli crypt ctype curl exif force-cgi-redirect ftp gd gdbm gmp iconv ipv6 mysql ncurses nls pcre pdo readline reflection session simplexml soap spell spl sqlite ssl suhosin tokenizer truetype unicode xml zip zlib"
Comment 15 Jorge Nerin 2007-08-01 12:12:10 UTC
I can't give much info, but I suspect that the problem could be within the php session management stuff, because here php serve some scripts with no problems, but ones with session_start and such did segfault immediately.

I have enabled only these flags:

apache2 berkdb bzip2 calendar cli crypt ctype curl curlwrappers ftp gd ipv6 mhash mysql mysqli ncurses nls pcntl pcre pdo pic posix postgres readline reflection session sharedext sharedmem simplexml sockets spell spl sqlite ssl sysvipc tidy truetype unicode xml xmlreader xmlrpc xpm xsl zlib

System is running profile hardened/amd64.
Comment 16 Bernhard Frauendienst 2007-08-01 12:21:40 UTC
(In reply to comment #15)
> I can't give much info, but I suspect that the problem could be within the php
> session management stuff, because here php serve some scripts with no problems,
> but ones with session_start and such did segfault immediately.
> 

This actually sounds interesting... I did a strace on apache when the segfaults first happened (but was too lazy to start gdb, so the info is not really of importance), and the last operations before the segfault had something to do with session stuff:

lstat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=28672, ...}) = 0
stat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=28672, ...}) = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
umask(077)                              = 022
umask(077)                              = 077
lstat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=28672, ...}) = 0
lstat("/tmp/sess_b95796e1a81ad027555da8e72439afbb", 0x4d00c1e0) = -1 ENOENT (No such file or directory)
open("/tmp/sess_b95796e1a81ad027555da8e72439afbb", O_RDWR|O_CREAT, 0600) = 35
flock(35, LOCK_EX)                      = 0
fcntl(35, F_SETFD, FD_CLOEXEC)          = 0
fstat(35, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
Comment 17 Bernhard Frauendienst 2007-08-01 13:02:21 UTC
Can someone who can afford to run a buggy setup for a few minutes try if something like  <? session_start() ?>  triggers the segmentation fault? :)

Might be related to bug 187374
Comment 18 Christian Heim (RETIRED) gentoo-dev 2007-08-01 13:25:02 UTC
Yup, something as simple as this:

<?php

        session_start();

        echo "Lets see if that thing is segfaulting!";

        session_stop();

?>

makes it segfault here.
Comment 19 Jorge Nerin 2007-08-01 13:31:55 UTC
(In reply to comment #17)
> Can someone who can afford to run a buggy setup for a few minutes try if
> something like  <? session_start() ?>  triggers the segmentation fault? :)
> 
> Might be related to bug 187374
> 

I remember the error about safe_mode=on and access to /tmp, but I solved it
creating a directory in /tmp only for apache with the apache UID and
configuring the php.ini to point to it. I forgot to comment it.

I detected the error in a custom page which uses session_start, but when I
thought that this was probably a bug I masked the 5.2.3 and rolled back the
previous one.
Comment 20 Bernhard Frauendienst 2007-08-01 14:13:54 UTC
I didn't mean "related" as in "could be the same error", but obviously the coded for session handling was changed, so this might have introduced this very bug that causes the segfaults (which is even more probable given the example by Christian Heim).
Comment 21 Scott Yang 2007-08-02 01:37:29 UTC
Seems to be affecting only x86_64 platform. I have PHP 5.2.3 compiled with the same USE flag on both x86 and x86_64, and the issue with session_start() only occurs in x86_64. It does not matter whether the target is cgi, fastcgi or mod_php.
Comment 22 Jakub Moc (RETIRED) gentoo-dev 2007-08-02 04:17:04 UTC
*** Bug 187131 has been marked as a duplicate of this bug. ***
Comment 23 solar (RETIRED) gentoo-dev 2007-08-02 06:45:39 UTC
Can we rule this out as not being limited to hardened users only? 
It appears that way.. It seems hardened users are seeing this bug first and 
hit a tad harder than standard Gentoo users.
Comment 24 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2007-08-02 07:31:47 UTC
(In reply to comment #23)
> Can we rule this out as not being limited to hardened users only? 

I think we can do that quite easily. I have nothing hardened. gentoo-sources, USE="-hardened". Yet this bug happens to me. Oh, wait - I have suhosin enabled... it could matter.
Comment 25 Stefan Kiesler 2007-08-02 07:46:25 UTC
As my bug report (#187130) has been marked a duplicate of this bug, I just want to note that I'm NOT running an AMD64 system.
My apache crashed on a hardened x86 install.

Sadly I didn't look for segfaults in the logs, but I can confirm that the hosted website uses session_start() on each and every page.
Comment 26 Jakub Moc (RETIRED) gentoo-dev 2007-08-02 15:07:34 UTC
*** Bug 187513 has been marked as a duplicate of this bug. ***
Comment 27 jc 2007-08-02 15:26:16 UTC
I'm the author of the Bug_187513, sorry for the duplicate, I didn't find this one...

Can't it be linked with http://www.php-security.org/MOPB/PMOPB-46-2007.html ?
(even if it segfault even without tuning the session_id)

Comment 28 Steven Hay 2007-08-04 23:01:57 UTC
I am running x86 and also have this problem.  I disabled and emerge -C php as well, with no results.

I'm also running an svn web client.

[ebuild   R   ] www-servers/apache-2.0.58-r2  USE="apache2 ssl -debug -doc -ldap -mpm-itk -mpm-leader -mpm-peruser -mpm-prefork -mpm-threadpool -mpm-worker (-selinux) -static-modules -threads" 0 kB

[ebuild  N    ] dev-lang/php-5.2.3-r3  USE="apache2 berkdb cli crypt curl gdbm iconv ipv6 mysql ncurses nls pcre readline reflection session spell spl ssl unicode xml xsl zlib -adabas -bcmath -birdstep -bzip2 -calendar -cdb -cgi -cjk -concurrentmodphp -ctype -curlwrappers -db2 -dbase -dbmaker -debug -discard-path -doc -empress -empress-bcs -esoob -exif -fastbuild -fdftk -filter -firebird -flatfile -force-cgi-redirect -frontbase -ftp -gd -gd-external -gmp -hash -imap -inifile -interbase -iodbc -java-external -json -kerberos -ldap -ldap-sasl -libedit -mcve -mhash -msql -mssql -mysqli -oci8 -oci8-instant-client -odbc -pcntl -pdo -pdo-external -pic -posix -postgres -qdbm -recode -sapdb -sharedext -sharedmem -simplexml -snmp -soap -sockets -solid -sqlite -suhosin -sybase -sybase-ct -sysvipc -threads -tidy -tokenizer -truetype -wddx -xmlreader -xmlrpc -xmlwriter -xpm -yaz -zip -zip-external"

[ebuild   R   ] dev-util/subversion-1.3.2-r4  USE="apache2 berkdb nls perl python zlib -bash-completion -emacs -java -nowebdav -ruby" 0 kB

Portage 2.1.2.11 (default-linux/x86/2006.1, gcc-4.1.2, glibc-2.5-r4, 2.6.20-ck1 i686)
=================================================================
System uname: 2.6.20-ck1 i686 AMD Duron(tm) processor
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 04 Aug 2007 08:00:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
dev-lang/python:     2.3.5-r3, 2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.23b
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon -pipe -fomit-frame-pointer -fweb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=athlon -pipe -fomit-frame-pointer -fweb"
DISTDIR="/usr/portage/distfiles"
FEATURES="distcc distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo http://mirrors.tds.net/gentoo http://pandemonium.tiscali.de/pub/gentoo/ http://212.219.56.152/sites/www.ibiblio.org/gentoo/"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow apache2 avi berkdb bitmap-fonts cdr cli cracklib crypt cups dri dvd dvdr fortran gdbm gif gpm iconv ipv6 isdnlog jpeg libg++ midi mmx mpeg mudflap ncurses nls nptl nptlonly oggvorbis openmp pam pcre pdflib perl php png ppds pppd python readline reflection samba session spell spl sse ssl tcpd theora truetype-fonts type1-fonts unicode x86 xml xorg xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 29 Christian Hoffmann (RETIRED) gentoo-dev 2007-08-05 22:19:45 UTC
This bug is apparently caused by our patch (from php-cvs) to fix the open_basedir/safe_mode bypass with session.save_path in .htaccess files. I'm not completely sure what systems are affected though -- all amd64 systems and x86/hardened seem to be affected at least, irrelevant of the used SAPI (cgi/cli/apache2).

I added php-5.2.4_pre200708051230-r1 to the php-testing overlay (available via layman) where the previous fix for above mentioned security issue was reverted and replaced by different code. This version should fix the segfault issue.

It would be nice if as many people as possible could test this version as it is probably the next candidate for being merged to the official tree. Please report back whether it fixed the segfault for you (in this bug), any other problems deserve an own bug report. :)

BTW, I'm sorry for not being able to respond earlier, I was on vacation.

(In reply to comment #15)
> I can't give much info, but I suspect that the problem could be within the php
> session management stuff, because here php serve some scripts with no problems,
> but ones with session_start and such did segfault immediately.
This information really helped a lot while tracking this down. Thank you!
Comment 30 Hanno Böck gentoo-dev 2007-08-05 22:28:45 UTC
5.2.4_pre working fine on my two amd64-servers (which had the segfault before). So I vote for merging into portage asap.
Comment 31 Christian Hoffmann (RETIRED) gentoo-dev 2007-08-07 13:44:04 UTC
Thanks hanno.

Dear arch teams (and any users wanting to help), could you please test php-5.2.4_pre200708051230-r1 from the php-testing overlay so we can get it merged into the tree as soon as possible without causing such a breakage again?
When testing, please make sure to emerge with USE="session cli". The most basic test for the crash bug is:
  echo '<?php session_start(); echo "Ok\n"; ?>' | php
This should print "Ok" and should not segfault... It would be even nicer if you could test some popular web apps like phpMyAdmin, MediaWiki, DokuWiki or anything else you currently have available and set up.

Thanks in advance!
Comment 32 Bernhard Frauendienst 2007-08-10 18:59:57 UTC
I just tested 5.2.4_pre200708051230-r2 which is in the main tree (currently unstable), and it fixed the issue for me. Guess soon we can close this bug ;)
Comment 33 Jakub Moc (RETIRED) gentoo-dev 2007-08-10 19:35:45 UTC
Thanks everyone for testing, 5.2.4_pre200708051230-r2 stabilization handled on Bug 180556. Closing this one.