[Bug 1385050] Re: segfault and apparent memory corruption in tsrm_virtual_cwd.c
It's beginning to look like a stack overflow segfault caused by recursion or infinite loop. I'll turn off the security switch for now. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1385050 Title: segfault and apparent memory corruption in tsrm_virtual_cwd.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1385050/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1385050] Re: segfault and apparent memory corruption in tsrm_virtual_cwd.c
Steps to reproduce would depend on a private (Drupal-based) codebase and database. I'll go upstream, and report back. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1385050 Title: segfault and apparent memory corruption in tsrm_virtual_cwd.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1385050/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1385050] Re: segfault and apparent memory corruption in tsrm_virtual_cwd.c
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1385050 Title: segfault and apparent memory corruption in tsrm_virtual_cwd.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1385050/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1385050] Re: segfault and apparent memory corruption in tsrm_virtual_cwd.c
I have a test system on which I can reproduce the issue and do additional investigation. Given the memory corruption, this may well be a security issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1385050 Title: segfault and apparent memory corruption in tsrm_virtual_cwd.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1385050/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1385050] Re: segfault and apparent memory corruption in tsrm_virtual_cwd.c
This is the core dump. ** Attachment added: "core-php5-fpm.16825.bz2" https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1385050/+attachment/4243073/+files/core-php5-fpm.16825.bz2 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1385050 Title: segfault and apparent memory corruption in tsrm_virtual_cwd.c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1385050/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1385050] [NEW] segfault and apparent memory corruption in tsrm_virtual_cwd.c
Public bug reported:
I have an utterly reproducible segfault with php5-fpm 5.5.9+dfsg-
1ubuntu4.4.
Here are the top 4 backtrace frames. It looks to these relatively naive
eyes like there's memory corruption in cwd, resolved_path, trypath, and
actual_path.
This trace was generated with realpath cache disabled, opcache disabled,
etc. I've attached a full gdb bt, and will attach a core file next.
#0 virtual_file_ex (state=state@entry=0x7fffe6661630,
path=path@entry=0x774d240
"/home/deploy/jep/app/sites/all/modules/contrib/dfp/dfp.adtest.inc",
verify_path=verify_path@entry=0x0, use_realpath=use_realpath@entry=2) at
/build/buildd/php5-5.5.9+dfsg/TSRM/tsrm_virtual_cwd.c:1153
path_length =
resolved_path =
start =
ll =
t =
ret =
add_slash =
tmp =
#1 0x0068b3a4 in tsrm_realpath (path=path@entry=0x774d240
"/home/deploy/jep/app/sites/all/modules/contrib/dfp/dfp.adtest.inc",
real_path=real_path@entry=0x7fffe6662750 "") at
/build/buildd/php5-5.5.9+dfsg/TSRM/tsrm_virtual_cwd.c:1954
new_state = {cwd = 0x356fed0 "", cwd_length = 0}
cwd = '\000' ,
"p\334IT\000\000\000\000/home/deploy/jep/app/sites/all/modules/contrib/dfp/dfp.adtest.inc",
'\000' ...
#2 0x00692e50 in php_resolve_path (filename=0x774d240
"/home/deploy/jep/app/sites/all/modules/contrib/dfp/dfp.adtest.inc",
filename_length=65, path=0xb65a20 ".:/usr/share/php:/usr/share/pear") at
/build/buildd/php5-5.5.9+dfsg/main/fopen_wrappers.c:503
resolved_path = '\000' ...
trypath = "\260\375V\003\000\000\000\000A", '\000' ,
"p\334IT\000\000\000\000/home/deploy/jep/app/sites/all/modules/contrib/dfp/dfp.adtest.inc",
'\000' ,
"/home/deploy/jep/app/sites/all/modules/contrib/dfp/dfp.a"...
ptr =
end =
p =
actual_path = 0x68b3e9 "H\211\330H\213\214$\030\020"
wrapper =
#3 0x0054c6e5 in phar_find_in_include_path (filename=0x774d240
"/home/deploy/jep/app/sites/all/modules/contrib/dfp/dfp.adtest.inc",
filename_len=65, pphar=) at
/build/buildd/php5-5.5.9+dfsg/ext/phar/util.c:290
try_len = 13289150
path = 0xcac6be ""
fname =
arch = 0x7f77c6f5dc48 " \334y"
entry = 0xcac6ba ""
ret = 0x0
test =
arch_len = 0
entry_len = 0
fname_len =
ret_len =
phar = 0xcac6bc
#4 0x0079bb96 in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER
(execute_data=0x779e378) at
/build/buildd/php5-5.5.9+dfsg/Zend/zend_vm_execute.h:30889
file_handle = {type = 25021472, filename = 0xcc91a0
"", opened_path = 0x779e1f8 "", handle = {fd = 7984485, fp = 0x79d565
, stream = {handle = 0x79d565
, isatty = 125428784, mmap = {len =
140152415837928, pos = 125428280, map = 0x779e430, buf = 0x775a000 "P\240u\a",
old_handle = 0x775a000, old_closer = 0x779e378}, reader = 0x7f77c6f5df78,
fsizer = 0x1, closer = 0x724aa9 }},
free_filename = 120 'x'}
resolved_path =
opline = 0x7f77c6f5dfa8
new_op_array = 0x0
inc_filename = 0x7759fa0
tmp_inc_filename = 0x0
failure_retval = 0 '\000'
** Affects: php5 (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "core-php5-fpm.16825.gdb.bz2"
https://bugs.launchpad.net/bugs/1385050/+attachment/4243071/+files/core-php5-fpm.16825.gdb.bz2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1385050
Title:
segfault and apparent memory corruption in tsrm_virtual_cwd.c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1385050/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319595] Re: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script.
The init script bails out if the system is using upstart, so anything that expects sysvinit compatibility won't work. # Don't run if we are running upstart if init_is_upstart; then exit 1 fi -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1319595 Title: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1319595/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319595] Re: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script.
Looks like we've conflated two problems here -- ignoring options and the init script not working. Would it be inappropriate for me to rename this to focus on the init script issue? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1319595 Title: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1319595/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319595] Re: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script.
This is quite a serious regression because it badly impacts integration with other systems that depend on sysvinit compatibility. My use case: AWS::CloudFormation::Init (cfn-init) understands sysvinit services, but not upstream services. On Trusty, I can't restart php5-fpm with the init script due to this bug, therefore cfn-init won't restart it in response to file changes. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1319595 Title: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1319595/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319595] Re: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script.
Bug is specific to php5-fpm. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1319595 Title: upstart script ignores some php-fpm.conf parameters, cannot be bypassed in preference of SystemV init script. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1319595/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1334337] Re: Regression: php5-fpm's socket should be accessible by www-data by default
Thanks for picking this up! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1334337 Title: Regression: php5-fpm's socket should be accessible by www-data by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1334337/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
Yep, reproduced it on another system. Temporary fix: sudo chown :www-data /var/run/php5-fpm.sock Configuration fix: Uncomment "listen.group = www-data" in /etc/php5/fpm/pool.d/www.conf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
I'm worried this fix might be broken: I upgraded php5-fpm on my 14.04 system, and the socket was changed to root:root rather than root:www- data, so nginx could no longer connect to it. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 831886] Re: Dovecot regression: Evolution quick sync (QRESYNC) not working anymore
It is a bug in both dovecot and Evolution. Remember, dovecot shouldn't fail even if the client does something silly. This patch should totally go in updates for Ubuntu 10.04 LTS and supported releases beyond. The fix was shipped in Fedora 12 and 13. http://comments.gmane.org/gmane.mail.imap.dovecot/50841 https://bugzilla.redhat.com/show_bug.cgi?id=625207 ** Bug watch added: Red Hat Bugzilla #625207 https://bugzilla.redhat.com/show_bug.cgi?id=625207 ** Changed in: dovecot (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in Ubuntu. https://bugs.launchpad.net/bugs/831886 Title: Dovecot regression: Evolution quick sync (QRESYNC) not working anymore To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/831886/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 671065] Re: deliver broken because dovecot.conf uses !include_try
This bug has been described well, and I have confirmed it on lucid. It's a serious bug for anyone intending to use the dovecot local delivery agent (which is very useful in virtual mail configurations, and provides an easy way to use sieve filtering). ** Changed in: dovecot (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in Ubuntu. https://bugs.launchpad.net/bugs/671065 Title: deliver broken because dovecot.conf uses !include_try To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/671065/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 279980] Re: php5 using bundled tzdata in hardy?
Confirming that the hardy-proposed build works as advertised, and does not appear to have caused other problems (running it on a production server). -- php5 using bundled tzdata in hardy? https://bugs.launchpad.net/bugs/279980 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 279980] Re: php5 using bundled tzdata in hardy?
"Nailed it!" :-) [EMAIL PROTECTED]:~$ php5 --version PHP 5.2.4-2ubuntu5.4 with Suhosin-Patch 0.9.6.2 (cli) (built: Nov 22 2008 15:51:10) [EMAIL PROTECTED]:~$ php5 php5-timezone.php time(): 1210669875 change: 1223136000 October 5, 2008 @ 3:00 am EST Thanks heaps, Chuck! -- php5 using bundled tzdata in hardy? https://bugs.launchpad.net/bugs/279980 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 279980] Re: php5 using bundled tzdata in hardy?
Looks like you added the patch, but didn't add --with-system-tzdata to rules. :-) -- php5 using bundled tzdata in hardy? https://bugs.launchpad.net/bugs/279980 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 279980] Re: php5 using bundled tzdata in hardy?
Hi Chuck, Just tried with php5-cli from your PPA, and it doesn't seem to work: [EMAIL PROTECTED]:~$ php5 php5-timezone.php time(): 1210669875 change: 1224950400 October 26, 2008 @ 3:00 am EST (Should say October 5.) Thanks! -- php5 using bundled tzdata in hardy? https://bugs.launchpad.net/bugs/279980 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 279980] Re: php5 using bundled tzdata in hardy?
I blogged a quick workaround for people suffering this bug: http://bethesignal.org/blog/2008/10/08/php5-daylight-saving-dst- timezone-tzdata-ubuntu-hardy-lts/ (php5-timezonedb was synced and then removed from intrepid, largely because it seems that intrepid's php5 includes a patch to support using the system tzdata... would be awesome to get that patch into hardy!) -- php5 using bundled tzdata in hardy? https://bugs.launchpad.net/bugs/279980 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 279980] Re: php5 using bundled tzdata in hardy?
** Attachment added: "script that demonstrates incorrect timezone data" http://launchpadlibrarian.net/18310408/php5-timezone.php -- php5 using bundled tzdata in hardy? https://bugs.launchpad.net/bugs/279980 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 279980] [NEW] php5 using bundled tzdata in hardy?
Public bug reported: Binary package hint: php5 Seems like php5 in hardy has bundled, and now out-of-date, tzdata. Sydney just hit DST this weekend (October 5), but php5 seems to think it will happen on the old date of October 26. I have attached a script that provides this output. ** Affects: php5 (Ubuntu) Importance: Undecided Status: New -- php5 using bundled tzdata in hardy? https://bugs.launchpad.net/bugs/279980 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
