[php-maint] Bug#787638: php5-curl: php segfaults immediately with php5-curl installed

Nick Black nick.black at sprezzatech.com
Wed Jun 3 16:41:35 UTC 2015 

Package: php5-curl
Version: 5.6.9+dfsg-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

This morning, I upgraded my unstable i386-on-x86_64 installation. This
pulled in new gnutls 3.3.15-5, and also gcc-5-base 5.1.1-9 and python3.4
(i doubt these last two are relevant). Full aptitude logs are below.
Following this upgrade, I started receiving notifications that php jobs
run from cron were failing. Indeed, running the "php" binary (linked
through alternatives to /usr/bin/php5) segfaulted. I ran an ltrace on
the binary, and determined it was segfaulting while dlopen()ing curl.so
from /usr/lib/php5/20131226/. I removed php5-curl, and the issue went away.

Reinstalling php5-curl reproduces the behavior immediately:

[vps](0) $ php
Segmentation fault
[vps](139) $ ltrace php 2>&1 | tail
strlen("/usr/lib/php5/20131226")                 = 22
memcpy(0xf505813c, "/usr/lib/php5/20131226", 22) = 0xf505813c
__ctype_b_loc()                                  = 0xf50946ac
memcpy(0xf5058152, "/", 1)                       = 0xf5058152
__ctype_b_loc()                                  = 0xf50946ac
strlen("curl.so")                                = 7
memcpy(0xf5058153, "curl.so", 7)                 = 0xf5058153
dlopen("/usr/lib/php5/20131226/curl.so", 266 <no return ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
[vps](0) $ 

Again, this started following an update that directly affected no php
packages. Here's the aptitude logs:

==============================================
Aptitude 0.6.11: log report
Wed, Jun  3 2015 08:41:06 -0700

IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.

Will install 36 packages, and remove 0 packages.
5,082 kB of disk space will be used
===============================================================================
[INSTALL, DEPENDENCIES] libhogweed4:i386
[UPGRADE] gcc-5-base:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] gnupg-agent:i386 2.0.27-2 -> 2.0.28-1
[UPGRADE] gnupg2:i386 2.0.27-2 -> 2.0.28-1
[UPGRADE] gnutls-bin:i386 3.3.15-2 -> 3.3.15-5
[UPGRADE] lib64atomic1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] lib64cilkrts5:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] lib64gcc1:i386 1:5.1.1-8 -> 1:5.1.1-9
[UPGRADE] lib64gomp1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] lib64itm1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] lib64quadmath0:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] lib64stdc++6:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] lib64ubsan0:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libatomic1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libcilkrts5:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libgcc1:i386 1:5.1.1-8 -> 1:5.1.1-9
[UPGRADE] libgfortran3:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libgnutls-deb0-28:i386 3.3.15-2 -> 3.3.15-5
[UPGRADE] libgomp1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libitm1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libpython3.4-minimal:i386 3.4.3-6 -> 3.4.3-7
[UPGRADE] libpython3.4-stdlib:i386 3.4.3-6 -> 3.4.3-7
[UPGRADE] libquadmath0:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libstdc++6:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libubsan0:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libx32atomic1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libx32cilkrts5:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libx32gcc1:i386 1:5.1.1-8 -> 1:5.1.1-9
[UPGRADE] libx32gomp1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libx32itm1:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libx32quadmath0:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libx32stdc++6:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] libx32ubsan0:i386 5.1.1-8 -> 5.1.1-9
[UPGRADE] python3.4:i386 3.4.3-6 -> 3.4.3-7
[UPGRADE] python3.4-minimal:i386 3.4.3-6 -> 3.4.3-7
[UPGRADE] ufraw-batch:i386 0.20-2 -> 0.20-3
===============================================================================

Log complete.
==============================================

Note the upgrade of various core libraries, though not libc6. I am using
libcurl3-gnutls (as opposed to libcurl3-openssl), and figure the
libgnutls update might have broken things here.


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 3.18.5-x86_64-linode52 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages php5-curl depends on:
ii  dpkg                           1.18.1
ii  libc6                          2.19-18
ii  libcurl3                       7.42.1-2
ii  php5-common [phpapi-20131226]  5.6.9+dfsg-1
ii  ucf                            3.0030

php5-curl recommends no packages.

php5-curl suggests no packages.

More information about the pkg-php-maint mailing list