Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 94583 - mod_auth_ldap conflicts with php which crashes
Summary: mod_auth_ldap conflicts with php which crashes
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: x86 Linux
: High critical (vote)
Assignee: Apache Team - Bugzilla Reports
URL: http://forums.gentoo.org/viewtopic-t-...
Whiteboard:
Keywords:
: 97531 97576 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-05-30 23:57 UTC by Rémi Cardona
Modified: 2020-05-01 15:22 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rémi Cardona gentoo-dev 2005-05-30 23:57:40 UTC
apache-2.0.54-r4 with mod_php-4.3.11 does not work due to mod_ldap. When
mod_ldap is disabled in /etc/conf.d/apache2 everything works fine. However, when
it is loaded, php will crash on every call leaving this trail in the logs :

*** glibc detected *** double free or corruption (fasttop): 0x08267da0 ***
[Tue May 31 08:43:44 2005] [notice] child pid 7669 exit signal Aborted (6)
*** glibc detected *** double free or corruption (fasttop): 0x08267da0 ***
[Tue May 31 08:43:56 2005] [notice] child pid 7668 exit signal Aborted (6)


Reproducible: Always
Steps to Reproduce:
1. Compile apache with ldap support
2. compile php
3. enable mod_ldap in init conf

Actual Results:  
ALL php pages fail and crash

Expected Results:  
they should not crash ...

[ebuild   R   ] net-www/apache-2.0.54-r4  +berkdb -debug -doc +gdbm -ipv6 +ldap
+ssl -static -threads 0 kB
[ebuild   R   ] dev-php/mod_php-4.3.11  -X +apache2 +berkdb +crypt +curl -debug
-doc -fdftk -firebird -flash -freetds +gd -gd-external +gdbm -gmp -hardenedphp
+imap -informix -ipv6 -java +jpeg -kerberos +ldap -mcal -memlimit -mssql +mysql
+nls -oci8 -odbc +pam +pdflib +png +postgres -qt +snmp +spell +ssl +tiff
+truetype +xml2 -yaz 0 kB
Comment 1 Paul Querna 2005-05-31 08:38:44 UTC
Known bug upstream in 2.0.54:
http://issues.apache.org/bugzilla/show_bug.cgi?id=34618

Patch:
http://issues.apache.org/bugzilla/attachment.cgi?id=14873

It has been fixed for 2.0.55-dev.

-Paul
Comment 2 Paul Querna 2005-06-30 13:59:00 UTC
*** Bug 97531 has been marked as a duplicate of this bug. ***
Comment 3 Rémi Cardona gentoo-dev 2005-06-30 14:47:39 UTC
any chance this patch could land inside
http://dev.gentoo.org/~vericgar/dist/apache/old/apache-patches-${PATCH_LEVEL}.tar.bz2

If not, I'll do the ebuild myself but 2.0.55 is not yet released and I wouldn't
mind having my webserver moving away from 2.0.52. With the reporter from the dup
bug, that's the third person to be bothered by this bug :)

R
Comment 4 Rémi Cardona gentoo-dev 2005-06-30 14:47:39 UTC
any chance this patch could land inside
http://dev.gentoo.org/~vericgar/dist/apache/old/apache-patches-${PATCH_LEVEL}.tar.bz2

If not, I'll do the ebuild myself but 2.0.55 is not yet released and I wouldn't
mind having my webserver moving away from 2.0.52. With the reporter from the dup
bug, that's the third person to be bothered by this bug :)

Rémi
Comment 5 Julien Allanos (RETIRED) gentoo-dev 2005-06-30 23:37:12 UTC
I am experiencing this bug too, using apache + mod_auth_ldap + php (with
phpldapadmin).
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2005-07-01 12:48:40 UTC
*** Bug 97576 has been marked as a duplicate of this bug. ***
Comment 7 Julien Allanos (RETIRED) gentoo-dev 2005-08-22 00:12:46 UTC
any reason why this patch hasn't been included in 2.0.54 ebuilds yet? i've been
testing it for a month and a half, and i can see any issue so far.
Comment 8 Denis Sacchet 2005-08-29 02:53:21 UTC
Same problem here since I upgrade my apache, I try several version of glibc
and php and openldap and phpldapadmin, still same problem :

[Mon Aug 29 10:51:00 2005] [notice] caught SIGTERM, shutting down
[Mon Aug 29 10:51:02 2005] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec2)
[Mon Aug 29 10:51:04 2005] [notice] Digest: generating secret for digest
authentication ...
[Mon Aug 29 10:51:04 2005] [notice] Digest: done
[Mon Aug 29 10:51:05 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Mon Aug 29 10:51:05 2005] [notice] LDAP: SSL support available
[Mon Aug 29 10:51:05 2005] [notice] Apache configured -- resuming normal operations
*** glibc detected *** free(): invalid pointer: 0x08217bd0 ***
[Mon Aug 29 10:58:57 2005] [notice] child pid 11944 exit signal Aborted (6)
*** glibc detected *** free(): invalid pointer: 0x08217bd0 ***
[Mon Aug 29 10:59:08 2005] [notice] child pid 11942 exit signal Aborted (6)
*** glibc detected *** free(): invalid pointer: 0x08217bd0 ***
[Mon Aug 29 10:59:12 2005] [notice] child pid 12468 exit signal Aborted (6)
*** glibc detected *** free(): invalid pointer: 0x08217bd0 ***
[Mon Aug 29 10:59:13 2005] [notice] child pid 12477 exit signal Aborted (6)
*** glibc detected *** free(): invalid pointer: 0x08217bd0 ***
[Mon Aug 29 10:59:36 2005] [notice] child pid 12486 exit signal Aborted (6)

Do you plan to do something with the 2.0.54 build ?

Here is my installed package and the USE flags associated :

 emerge -pv apache mod_php openldap phpldapadmin glibc

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] net-www/apache-2.0.54-r14  +apache2 -debug -doc +ldap
-mpm-leader -mpm-peruser -mpm-prefork -mpm-threadpool +mpm-worker -no-suexec
(-selinux) +ssl -static-modules +threads 51 kB 
[ebuild   R   ] dev-php/mod_php-4.4.0-r1  -X +apache2 -berkdb +crypt +curl
-debug -doc -fdftk -firebird -flash -freetds +gd -gd-external -gdbm -gmp
-hardenedphp +imap -informix -ipv6 -java +jpeg -kerberos +ldap -mcal -memlimit
-mssql +mysql +nls -oci8 -odbc +pam +png -postgres +snmp +spell +ssl +tiff
+truetype +xml2 -yaz 0 kB 
[ebuild   R   ] net-nds/openldap-2.1.30-r5  +berkdb +crypt -debug -gdbm -ipv6
-odbc -perl -readline -samba -sasl -slp +ssl +tcpd 0 kB 
[ebuild   R   ] net-nds/phpldapadmin-0.9.5  +vhosts 0 kB 
[ebuild   R   ] sys-libs/glibc-2.3.5-r1  -build -erandom -glibc-compat20
-glibc-omitfp -hardened -linuxthreads-tls (-multilib) +nls -nptl -nptlonly -pic
-profile (-selinux) +userlocales 0 kB 

Total size of downloads: 51 kB

Thanks in advance, I'm free for doing more tests ...
Comment 9 Michael Stewart (vericgar) (RETIRED) gentoo-dev 2005-09-15 17:50:30 UTC
In general we don't add every bugfix patch to apache that comes along,
especially if it's already fixed in an upcoming version upstream. The exception
to this is if it's a security patch.

Also note, that mod_ldap and mod_auth_ldap are still experimental modules and as
such aren't expected to work 100% of the time.

I'm inclined to say wait until 2.0.55 comes out, which shouldn't be too much
longer. Apache herd: what is your opinion?
Comment 10 Rémi Cardona gentoo-dev 2005-09-15 21:51:04 UTC
I've been waiting for this patch to land in the ebuild for four months so I'm
not exactly expecting things to change overnight :)

However, I think it's a shame it wasn't fixed sooner because this patch doesn't
bother anyone not using mod_auth_ldap, as you pointed out it still is considered
experimental. But since this bug was confirmed and resolved really quickly, I'm
sure you understand my (and possibly others') dissapointment.

Most of us with this problem have two options :
- stick with an earlier version of apache, inducing security risks and bugs
- creating our own ebuilds, possibly (though quite unlikely) messing a few
things up on our systems as we're not gentoo devs with all the proper knowledge
and knowhow.

Personnaly, I'd rather stick to official gentoo ebuilds for packages as critical
as apache.

Thanks for taking the time to reply

R
Comment 11 Rémi Cardona gentoo-dev 2005-09-15 21:51:04 UTC
I've been waiting for this patch to land in the ebuild for four months so I'm
not exactly expecting things to change overnight :)

However, I think it's a shame it wasn't fixed sooner because this patch doesn't
bother anyone not using mod_auth_ldap, as you pointed out it still is considered
experimental. But since this bug was confirmed and resolved really quickly, I'm
sure you understand my (and possibly others') dissapointment.

Most of us with this problem have two options :
- stick with an earlier version of apache, inducing security risks and bugs
- creating our own ebuilds, possibly (though quite unlikely) messing a few
things up on our systems as we're not gentoo devs with all the proper knowledge
and knowhow.

Personnaly, I'd rather stick to official gentoo ebuilds for packages as critical
as apache.

Thanks for taking the time to reply

Rémi
Comment 12 Jakub Moc (RETIRED) gentoo-dev 2005-09-16 02:54:37 UTC
No idea what bug wranglers should do with this bug, assigning back and marking
UPSTREAM.
Comment 13 Jakub Moc (RETIRED) gentoo-dev 2005-09-16 02:54:58 UTC
UPSTREAM bug.