[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault
Thank you. I can verify libssl1.0.0 1.0.2g-1ubuntu4.5 no longer exhibits the crash: jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ apt-cache policy libssl1.0.0 libssl1.0.0: Installed: 1.0.2g-1ubuntu4.5 Candidate: 1.0.2g-1ubuntu4.5 Version table: *** 1.0.2g-1ubuntu4.5 500 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 100 /var/lib/dpkg/status 1.0.2g-1ubuntu4.2 500 500 http://fi.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 1.0.2g-1ubuntu4 500 500 http://fi.archive.ubuntu.com/ubuntu xenial/main amd64 Packages jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ DATABASE_DATABASE=wordpressmastere2e wp plugin install --force --activate wp-cfm Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; WP_Import has a deprecated constructor in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php on line 38 Notice: Undefined offset: 4 in phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124 Installing WP-CFM (1.4.5) Ladataan pakettia lähteestä https://downloads.wordpress.org/plugin/wp-cfm.zip... Using cached file '/home/jenkins/.wp-cli/cache/plugin/wp-cfm-1.4.5.zip'... Puretaan pakettia... Asennetaan lisäosaa... Poistetaan lisäosan vanhaa versiota... Lisäosa päivitetty onnistuneesti. Activating 'wp-cfm'... Warning: Plugin 'wp-cfm' is already active. jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Precise: Fix Released Status in openssl source package in Trusty: Fix Released Status in openssl source package in Xenial: Fix Released Bug description: Last night unattended-upgrades upgraded the openssl packages (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that used PHP to connect to a HTTPS site started crashing when verifying the server cert. Like this: ``` jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force --activate wp-cfm Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; WP_Import has a deprecated constructor in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop /vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php on line 38 Notice: Undefined offset: 4 in phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124 Segmentation fault (core dumped) *** Segmentation fault Register dump: RAX: RBX: 0001 RCX: RDX: 000c RSI: 55665071af59 RDI: RBP: 556650a49e4e R8 : 556652364720 R9 : R10: R11: 7fdb3c081730 R12: 55665071af59 R13: 000c R14: R15: 7fdb39418cf0 RSP: 7ffc4bad7a08 RIP: 7fdb3bf77d16 EFLAGS: 00010293 CS: 0033 FS: GS: Trap: 000e Error: 0004 OldMask: CR2: FPUCW: 027f FPUSW: TAG: RIP: RDP: ST(0) ST(1) ST(2) ST(3) ST(4) ST(5) ST(6) ST(7) mxcsr: 1fa0 XMM0: XMM1: XMM2: XMM3: XMM4: XMM5: XMM6: XMM7: XMM8: XMM9: XMM10: XMM11: XMM12: XMM13: XMM14: XMM15: Backtrace: /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16] php(add_assoc_string_ex+0x32)[0x556650677b12] php(zif_openssl_x509_parse+0x17c)[0x5566505312ec] php(dtrace_execute_internal+0x2a)[0x556650664
[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault
** Summary changed: - libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault + libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault Status in openssl package in Ubuntu: Confirmed Bug description: Last night unattended-upgrades upgraded the openssl packages (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that used PHP to connect to a HTTPS site started crashing when verifying the server cert. Like this: ``` jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force --activate wp-cfm Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; WP_Import has a deprecated constructor in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop /vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php on line 38 Notice: Undefined offset: 4 in phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124 Segmentation fault (core dumped) *** Segmentation fault Register dump: RAX: RBX: 0001 RCX: RDX: 000c RSI: 55665071af59 RDI: RBP: 556650a49e4e R8 : 556652364720 R9 : R10: R11: 7fdb3c081730 R12: 55665071af59 R13: 000c R14: R15: 7fdb39418cf0 RSP: 7ffc4bad7a08 RIP: 7fdb3bf77d16 EFLAGS: 00010293 CS: 0033 FS: GS: Trap: 000e Error: 0004 OldMask: CR2: FPUCW: 027f FPUSW: TAG: RIP: RDP: ST(0) ST(1) ST(2) ST(3) ST(4) ST(5) ST(6) ST(7) mxcsr: 1fa0 XMM0: XMM1: XMM2: XMM3: XMM4: XMM5: XMM6: XMM7: XMM8: XMM9: XMM10: XMM11: XMM12: XMM13: XMM14: XMM15: Backtrace: /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16] php(add_assoc_string_ex+0x32)[0x556650677b12] php(zif_openssl_x509_parse+0x17c)[0x5566505312ec] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(zend_call_function+0x749)[0x55665039] php(zif_call_user_func+0xb5)[0x5566505b39d5] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(zend_call_function+0x749)[0x55665039] php(zif_call_user_func+0xb5)[0x5566505b39d5] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrac
[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault
@mikini, I actually had a similar situation with apt-get wanting to remove npm. That's due to npm depending on node-gyp, which depends on nodejs-dev, which depends on libssl-dev. You need to install an old version of that package as well, you can't have a new libssl-dev package and an old libssl package installed together. So something like: apt-get install libssl1.0.0=1.0.1f-1ubuntu2 libssl-dev=1.0.1f-1ubuntu2 npm node-gyp nodejs-dev should ensure you'll get compatible older versions installed, and still have the Node.js stuff. However, that 1.0.1f-1ubuntu2 version seems quite old and could contain lots of vulnerabilities... I'd be wary of using it unless your server won't be doing SSL termination for clients from untrusted sources. Either because you SSL terminate at a load balancer, a reverse proxy or the like, or because your server is only accessible from a private network, like mine. A better option would be to try and source the libssl and libssl-dev binaries for the immediately preceding 1.0.1f-1ubuntu2.19 version from somewhere else. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault Status in openssl package in Ubuntu: Confirmed Bug description: Last night unattended-upgrades upgraded the openssl packages (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that used PHP to connect to a HTTPS site started crashing when verifying the server cert. Like this: ``` jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force --activate wp-cfm Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; WP_Import has a deprecated constructor in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop /vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php on line 38 Notice: Undefined offset: 4 in phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124 Segmentation fault (core dumped) *** Segmentation fault Register dump: RAX: RBX: 0001 RCX: RDX: 000c RSI: 55665071af59 RDI: RBP: 556650a49e4e R8 : 556652364720 R9 : R10: R11: 7fdb3c081730 R12: 55665071af59 R13: 000c R14: R15: 7fdb39418cf0 RSP: 7ffc4bad7a08 RIP: 7fdb3bf77d16 EFLAGS: 00010293 CS: 0033 FS: GS: Trap: 000e Error: 0004 OldMask: CR2: FPUCW: 027f FPUSW: TAG: RIP: RDP: ST(0) ST(1) ST(2) ST(3) ST(4) ST(5) ST(6) ST(7) mxcsr: 1fa0 XMM0: XMM1: XMM2: XMM3: XMM4: XMM5: XMM6: XMM7: XMM8: XMM9: XMM10: XMM11: XMM12: XMM13: XMM14: XMM15: Backtrace: /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16] php(add_assoc_string_ex+0x32)[0x556650677b12] php(zif_openssl_x509_parse+0x17c)[0x5566505312ec] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506
[Touch-packages] [Bug 1626886] Re: libssl 1.0.2g-1ubuntu4.4 may cause Apache2 with libapache2-mod-php7.0 to crash
Yeah judging from the stack trace, this is indeed the same thing as https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1626883. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1626886 Title: libssl 1.0.2g-1ubuntu4.4 may cause Apache2 with libapache2-mod-php7.0 to crash Status in apache2 package in Ubuntu: New Status in openssl package in Ubuntu: New Status in php7.0 package in Ubuntu: New Bug description: I started getting apache2 crashes at the same time as I started getting PHP 7.0 CLI crashes, after my openssl packages were updated to the latest xenial-security version by unattended-upgrades. I traced the PHP CLI crashes to server cert validation starting to crash after updating to libssl1.0.0 1.0.2g-1ubuntu4.4 here https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1626883 Not sure if this crash is the exact same thing or something else, but the web server starting to crash after an automatic security update is very troublesome in any case... ProblemType: Crash DistroRelease: Ubuntu 16.04 Package: apache2-bin 2.4.18-2ubuntu3.1 ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16 Uname: Linux 4.4.0-36-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 Date: Fri Sep 23 06:47:30 2016 ExecutablePath: /usr/sbin/apache2 InstallationDate: Installed on 2016-05-18 (127 days ago) InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.3) ProcCmdline: /usr/sbin/apache2 -k start ProcEnviron: PATH=(custom, no user) LANG=C SegvAnalysis: Skipped: missing required field "Disassembly" Signal: 11 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1626886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault
The stacktrace would seem to indicate that libssl indeed returned a null string here, from i2s_ASN1_INTEGER(NULL, X509_get_serialNumber(cert)) Relevant php7.0 code here: https://github.com/php/php- src/blob/f13fd9e72a13e80512f6c8b2302e42d4f252c479/ext/openssl/openssl.c#L2295 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault Status in openssl package in Ubuntu: New Bug description: Last night unattended-upgrades upgraded the openssl packages (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that used PHP to connect to a HTTPS site started crashing when verifying the server cert. Like this: ``` jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force --activate wp-cfm Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; WP_Import has a deprecated constructor in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop /vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php on line 38 Notice: Undefined offset: 4 in phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124 Segmentation fault (core dumped) *** Segmentation fault Register dump: RAX: RBX: 0001 RCX: RDX: 000c RSI: 55665071af59 RDI: RBP: 556650a49e4e R8 : 556652364720 R9 : R10: R11: 7fdb3c081730 R12: 55665071af59 R13: 000c R14: R15: 7fdb39418cf0 RSP: 7ffc4bad7a08 RIP: 7fdb3bf77d16 EFLAGS: 00010293 CS: 0033 FS: GS: Trap: 000e Error: 0004 OldMask: CR2: FPUCW: 027f FPUSW: TAG: RIP: RDP: ST(0) ST(1) ST(2) ST(3) ST(4) ST(5) ST(6) ST(7) mxcsr: 1fa0 XMM0: XMM1: XMM2: XMM3: XMM4: XMM5: XMM6: XMM7: XMM8: XMM9: XMM10: XMM11: XMM12: XMM13: XMM14: XMM15: Backtrace: /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16] php(add_assoc_string_ex+0x32)[0x556650677b12] php(zif_openssl_x509_parse+0x17c)[0x5566505312ec] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(zend_call_function+0x749)[0x55665039] php(zif_call_user_func+0xb5)[0x5566505b39d5] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(zend_call_function+0x749)[0x55665039] php(zif_call_user_func+0xb5)[0x5566505b39d5] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x
[Touch-packages] [Bug 1626886] [NEW] libssl 1.0.2g-1ubuntu4.4 may cause Apache2 with libapache2-mod-php7.0 to crash
Public bug reported: I started getting apache2 crashes at the same time as I started getting PHP 7.0 CLI crashes, after my openssl packages were updated to the latest xenial-security version by unattended-upgrades. I traced the PHP CLI crashes to server cert validation starting to crash after updating to libssl1.0.0 1.0.2g-1ubuntu4.4 here https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1626883 Not sure if this crash is the exact same thing or something else, but the web server starting to crash after an automatic security update is very troublesome in any case... ProblemType: Crash DistroRelease: Ubuntu 16.04 Package: apache2-bin 2.4.18-2ubuntu3.1 ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16 Uname: Linux 4.4.0-36-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 Date: Fri Sep 23 06:47:30 2016 ExecutablePath: /usr/sbin/apache2 InstallationDate: Installed on 2016-05-18 (127 days ago) InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.3) ProcCmdline: /usr/sbin/apache2 -k start ProcEnviron: PATH=(custom, no user) LANG=C SegvAnalysis: Skipped: missing required field "Disassembly" Signal: 11 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Affects: php7.0 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-crash need-amd64-retrace xenial ** Information type changed from Private to Public ** Also affects: openssl (Ubuntu) Importance: Undecided Status: New ** Also affects: php7.0 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1626886 Title: libssl 1.0.2g-1ubuntu4.4 may cause Apache2 with libapache2-mod-php7.0 to crash Status in apache2 package in Ubuntu: New Status in openssl package in Ubuntu: New Status in php7.0 package in Ubuntu: New Bug description: I started getting apache2 crashes at the same time as I started getting PHP 7.0 CLI crashes, after my openssl packages were updated to the latest xenial-security version by unattended-upgrades. I traced the PHP CLI crashes to server cert validation starting to crash after updating to libssl1.0.0 1.0.2g-1ubuntu4.4 here https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1626883 Not sure if this crash is the exact same thing or something else, but the web server starting to crash after an automatic security update is very troublesome in any case... ProblemType: Crash DistroRelease: Ubuntu 16.04 Package: apache2-bin 2.4.18-2ubuntu3.1 ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16 Uname: Linux 4.4.0-36-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 Date: Fri Sep 23 06:47:30 2016 ExecutablePath: /usr/sbin/apache2 InstallationDate: Installed on 2016-05-18 (127 days ago) InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.3) ProcCmdline: /usr/sbin/apache2 -k start ProcEnviron: PATH=(custom, no user) LANG=C SegvAnalysis: Skipped: missing required field "Disassembly" Signal: 11 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1626886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault
The primary issue is some patch in the latest openssl, which breaks current php7.0. Not any change in the PHP package. ** Package changed: php7.0 (Ubuntu) => openssl (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault Status in openssl package in Ubuntu: New Bug description: Last night unattended-upgrades upgraded the openssl packages (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that used PHP to connect to a HTTPS site started crashing when verifying the server cert. Like this: ``` jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force --activate wp-cfm Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; WP_Import has a deprecated constructor in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop /vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php on line 38 Notice: Undefined offset: 4 in phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124 Segmentation fault (core dumped) *** Segmentation fault Register dump: RAX: RBX: 0001 RCX: RDX: 000c RSI: 55665071af59 RDI: RBP: 556650a49e4e R8 : 556652364720 R9 : R10: R11: 7fdb3c081730 R12: 55665071af59 R13: 000c R14: R15: 7fdb39418cf0 RSP: 7ffc4bad7a08 RIP: 7fdb3bf77d16 EFLAGS: 00010293 CS: 0033 FS: GS: Trap: 000e Error: 0004 OldMask: CR2: FPUCW: 027f FPUSW: TAG: RIP: RDP: ST(0) ST(1) ST(2) ST(3) ST(4) ST(5) ST(6) ST(7) mxcsr: 1fa0 XMM0: XMM1: XMM2: XMM3: XMM4: XMM5: XMM6: XMM7: XMM8: XMM9: XMM10: XMM11: XMM12: XMM13: XMM14: XMM15: Backtrace: /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16] php(add_assoc_string_ex+0x32)[0x556650677b12] php(zif_openssl_x509_parse+0x17c)[0x5566505312ec] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(+0x2e391d)[0x5566506f991d] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(zend_call_function+0x749)[0x55665039] php(zif_call_user_func+0xb5)[0x5566505b39d5] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] php(zend_call_function+0x749)[0x55665039] php(zif_call_user_func+0xb5)[0x5566505b39d5] php(dtrace_execute_internal+0x2a)[0x556650664b3a] php(+0x2e37e0)[0x5566506f97e0] php(execute_ex+0x1b)[0x5566506b4e2b] php(dtrace_execute_ex+0xb1)[0x5566506649d1] p