[php-maint] Bug#838657: /usr/bin/php5: segfault in add_assoc_string_ex reading x509 certificate with composer
Arno Peters
info at figment-it.com
Fri Sep 23 10:39:55 UTC 2016
Package: php5-cli
Version: 5.6.24+dfsg-0+deb8u1
Severity: normal
File: /usr/bin/php5
Dear Maintainer,
This is on Debian Jessie fully updated.
This problem surfaced in using composer after installing yesterday's security
release of OpenSSL.
libssl1.0.0/stable,now 1.0.1t-1+deb8u4 amd64 [geïnstalleerd,automatisch]
Transcript to show the problem:
$ wget https://getcomposer.org/composer.phar
--2016-09-23 12:34:45-- https://getcomposer.org/composer.phar
[...]
$ gdb /usr/bin/php
(gdb) r composer.phar self-update
Starting program: /usr/bin/php composer.phar self-update
[...]
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 ../sysdeps/x86_64/strlen.S: Bestand of map bestaat niet.
(gdb) where
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00000000006f7cc8 in add_assoc_string_ex ()
#2 0x00000000004a1f58 in zif_openssl_x509_parse ()
[...]
TL;DR: composer is unusable at the moment.
-- Package-specific info:
==== Additional PHP 5 information ====
++++ PHP 5 SAPI (php5query -S): ++++
apache2
cli
++++ PHP 5 Extensions (php5query -M -v): ++++
mssql (Enabled for apache2 by maintainer script)
mssql (Enabled for cli by maintainer script)
zmq (Enabled for apache2 by maintainer script)
zmq (Enabled for cli by maintainer script)
opcache (Enabled for apache2 by maintainer script)
opcache (Enabled for cli by maintainer script)
pdo (Enabled for apache2 by maintainer script)
pdo (Enabled for cli by maintainer script)
pdo_mysql (Enabled for apache2 by maintainer script)
pdo_mysql (Enabled for cli by maintainer script)
pgsql (Enabled for apache2 by maintainer script)
pgsql (Enabled for cli by maintainer script)
curl (Enabled for apache2 by maintainer script)
curl (Enabled for cli by maintainer script)
mysqli (Enabled for apache2 by maintainer script)
mysqli (Enabled for cli by maintainer script)
imap (Enabled for apache2 by maintainer script)
imap (Enabled for cli by maintainer script)
gd (Enabled for apache2 by maintainer script)
gd (Enabled for cli by maintainer script)
readline (Enabled for apache2 by maintainer script)
readline (Enabled for cli by maintainer script)
ldap (Enabled for apache2 by maintainer script)
ldap (Enabled for cli by maintainer script)
pdo_pgsql (Enabled for apache2 by maintainer script)
pdo_pgsql (Enabled for cli by maintainer script)
pdo_dblib (Enabled for apache2 by maintainer script)
pdo_dblib (Enabled for cli by maintainer script)
mcrypt (Enabled for apache2 by maintainer script)
mcrypt (Enabled for cli by maintainer script)
mysql (Enabled for apache2 by maintainer script)
mysql (Enabled for cli by maintainer script)
json (Enabled for apache2 by maintainer script)
json (Enabled for cli by maintainer script)
mediawiki (Enabled for apache2 by local administrator)
mediawiki (Enabled for cli by local administrator)
imagick (Enabled for apache2 by maintainer script)
imagick (Enabled for cli by maintainer script)
apc-rfc1867 (Enabled for apache2 by local administrator)
apc-rfc1867 (Enabled for cli by local administrator)
apcu (Enabled for apache2 by maintainer script)
apcu (Enabled for cli by maintainer script)
++++ Configuration files: ++++
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = -1
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]
**** /etc/php5/cli/conf.d/20-mediawiki.ini ****
[Session]
session.gc_maxlifetime = 7200
**** /etc/php5/cli/conf.d/20-mssql.ini ****
extension=mssql.so
**** /etc/php5/cli/conf.d/20-mysql.ini ****
extension=mysql.so
**** /etc/php5/cli/conf.d/20-mcrypt.ini ****
extension=mcrypt.so
**** /etc/php5/cli/conf.d/20-zmq.ini ****
extension=zmq.so
**** /etc/php5/cli/conf.d/20-pdo_dblib.ini ****
extension=pdo_dblib.so
**** /etc/php5/cli/conf.d/20-ldap.ini ****
extension=ldap.so
**** /etc/php5/cli/conf.d/20-pdo_mysql.ini ****
extension=pdo_mysql.so
**** /etc/php5/cli/conf.d/20-imap.ini ****
extension=imap.so
**** /etc/php5/cli/conf.d/20-apc-rfc1867.ini ****
apc.rfc1867=on
apc.rfc1867=on
**** /etc/php5/cli/conf.d/20-json.ini ****
extension=json.so
**** /etc/php5/cli/conf.d/20-curl.ini ****
extension=curl.so
**** /etc/php5/cli/conf.d/10-pdo.ini ****
extension=pdo.so
**** /etc/php5/cli/conf.d/20-pgsql.ini ****
extension=pgsql.so
**** /etc/php5/cli/conf.d/20-apcu.ini ****
extension=apcu.so
**** /etc/php5/cli/conf.d/20-mysqli.ini ****
extension=mysqli.so
**** /etc/php5/cli/conf.d/20-imagick.ini ****
extension=imagick.so
**** /etc/php5/cli/conf.d/20-pdo_pgsql.ini ****
extension=pdo_pgsql.so
**** /etc/php5/cli/conf.d/05-opcache.ini ****
zend_extension=opcache.so
**** /etc/php5/cli/conf.d/20-readline.ini ****
extension=readline.so
**** /etc/php5/cli/conf.d/20-gd.ini ****
extension=gd.so
-- System Information:
Debian Release: 8.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/3 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages php5-cli depends on:
ii libbz2-1.0 1.0.6-7+b3
ii libc6 2.19-18+deb8u6
ii libcomerr2 1.42.12-2
ii libdb5.3 5.3.28-9
ii libedit2 3.1-20140620-2
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
ii libk5crypto3 1.12.1+dfsg-19+deb8u2
ii libkrb5-3 1.12.1+dfsg-19+deb8u2
ii libmagic1 1:5.22+15-2+deb8u2
ii libonig2 5.9.5-3.2
ii libpcre3 2:8.35-3.3+deb8u4
ii libqdbm14 1.8.78-5+b1
ii libssl1.0.0 1.0.1t-1+deb8u4
ii libxml2 2.9.1+dfsg1-5+deb8u3
ii mime-support 3.58
ii php5-common 5.6.24+dfsg-0+deb8u1
ii php5-json 1.3.6-1
ii tzdata 2016f-0+deb8u1
ii ucf 3.0030
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages php5-cli recommends:
ii php5-readline 5.6.24+dfsg-0+deb8u1
Versions of packages php5-cli suggests:
ii php-pear 5.6.24+dfsg-0+deb8u1
Versions of packages php5-common depends on:
ii libc6 2.19-18+deb8u6
ii lsof 4.86+dfsg-1
ii psmisc 22.21-2
ii sed 4.2.2-4+b1
ii ucf 3.0030
Versions of packages php5-common suggests:
ii php5-apcu [php5-user-cache] 4.0.7-1
-- no debconf information
More information about the pkg-php-maint
mailing list