subject:"\[Touch\-packages\] \[Bug 1626883\] Re\: libssl 1.0.2g\-1ubuntu4.4 and 1.0.1f\-1ubuntu2.20 cause PHP SSL cert validation to segfault"

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-26 Thread Marc Deslauriers

> This experience makes me wonder how patches for the -security suites
(default for unattended-upgrades) are tested and QA'ed. Can anything be
done to the Ubuntu process to prevent things like this happening again?

For OpenSSL, we run it through a test suite and also test it with
commonly run software such as Apache, Wget, etc. In this instance, the
issue was an off-by-one which means it only affected certain
certificates, and unfortunately not the certs that were used in our test
suite. We've now added a test to parse all certs in the ca-
certificates.crt file so this particular issue doesn't happen again.

> Debian seems to have got this one right in the first shot (DSA is here
https://www.debian.org/security/2016/dsa-3673).

Debian hit the very same regression. See https://lists.debian.org
/debian-security-announce/2016/msg00255.html

> BTW: the links to upstream patches on the Ubuntu CVE page
(http://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-2182.html) are invalid caused by a version
string being appended to the commit hash

Thanks, I'll get that fixed.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released
Status in openssl source package in Xenial:
  Fix Released

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-26 Thread Mikkel Kirkgaard Nielsen

Thanks for the fix.

I too can verify that our system doesn't segfault on Ubuntu 14.04
(trusty) using latest libssl1.0.0 (=1.0.1f-1ubuntu2.21);

# dpkg -l |grep libssl1.0.0
ii  libssl1.0.0:amd64  1.0.1f-1ubuntu2.21   
amd64Secure Sockets Layer toolkit - shared libraries

# php -r "echo 
gettype(openssl_x509_parse(file_get_contents('/etc/ssl/certs/ca-certificates.crt')));"
array


We'll definitely be reconsidering which systems will be applying security 
upgrades unattended in the future.

This experience makes me wonder how patches for the -security suites
(default for unattended-upgrades) are tested and QA'ed. Can anything be
done to the Ubuntu process to prevent things like this happening again?

I'm unfamiliar with how this is done currently so excuse my ignorance.
But I'm wondering why there seem to be no collaboration or correlation
between Ubuntu and Debian security updates. Debian seems to have got
this one right in the first shot (DSA is here
https://www.debian.org/security/2016/dsa-3673).

BTW: the links to upstream patches on the Ubuntu CVE page
(http://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-2182.html) are invalid caused by a version
string being appended to the commit hash (looks like borked wiki
syntax).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released
Status in openssl source package in Xenial:
  Fix Released

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-25 Thread Olli Salli

Thank you. I can verify libssl1.0.0 1.0.2g-1ubuntu4.5 no longer exhibits
the crash:

jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 apt-cache policy libssl1.0.0
libssl1.0.0:
  Installed: 1.0.2g-1ubuntu4.5
  Candidate: 1.0.2g-1ubuntu4.5
  Version table:
 *** 1.0.2g-1ubuntu4.5 500
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
Packages
100 /var/lib/dpkg/status
 1.0.2g-1ubuntu4.2 500
500 http://fi.archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
 1.0.2g-1ubuntu4 500
500 http://fi.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e wp plugin install --force --activate 
wp-cfm
Deprecated: Methods with the same name as their class will not be constructors 
in a future version of PHP; WP_Import has a deprecated constructor in 
/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php
 on line 38
Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
Installing WP-CFM (1.4.5)
Ladataan pakettia lähteestä https://downloads.wordpress.org/plugin/wp-cfm.zip...
Using cached file '/home/jenkins/.wp-cli/cache/plugin/wp-cfm-1.4.5.zip'...
Puretaan pakettia...
Asennetaan lisäosaa...
Poistetaan lisäosan vanhaa versiota...
Lisäosa päivitetty onnistuneesti.
Activating 'wp-cfm'...
Warning: Plugin 'wp-cfm' is already active.
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released
Status in openssl source package in Xenial:
  Fix Released

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-24 Thread Mathew Hodson

** No longer affects: openssl (Ubuntu Yakkety)

** Changed in: openssl (Ubuntu)
   Status: Invalid => Fix Released

** Tags added: regression-update

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released
Status in openssl source package in Xenial:
  Fix Released

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers

** Changed in: openssl (Ubuntu Yakkety)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Invalid
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released
Status in openssl source package in Xenial:
  Fix Released
Status in openssl source package in Yakkety:
  Invalid

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Launchpad Bug Tracker

This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.5

---
openssl (1.0.2g-1ubuntu4.5) xenial-security; urgency=medium

  * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
  check in crypto/bn/bn_print.c.

 -- Marc Deslauriers   Fri, 23 Sep 2016
08:00:13 -0400

** Changed in: openssl (Ubuntu Xenial)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released
Status in openssl source package in Xenial:
  Fix Released
Status in openssl source package in Yakkety:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Launchpad Bug Tracker

This bug was fixed in the package openssl - 1.0.1f-1ubuntu2.21

---
openssl (1.0.1f-1ubuntu2.21) trusty-security; urgency=medium

  * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
  check in crypto/bn/bn_print.c.

 -- Marc Deslauriers   Fri, 23 Sep 2016
07:57:00 -0400

** Changed in: openssl (Ubuntu Trusty)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released
Status in openssl source package in Xenial:
  Confirmed
Status in openssl source package in Yakkety:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Launchpad Bug Tracker

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.38

---
openssl (1.0.1-4ubuntu5.38) precise-security; urgency=medium

  * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
  check in crypto/bn/bn_print.c.

 -- Marc Deslauriers   Fri, 23 Sep 2016
07:59:32 -0400

** Changed in: openssl (Ubuntu Precise)
   Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2182

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Confirmed
Status in openssl source package in Xenial:
  Confirmed
Status in openssl source package in Yakkety:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers

Packages that fix this issue are currently being built in the security
team PPA:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

They will be published as soon as they finish building and have gone
through QA.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed
Status in openssl source package in Precise:
  Confirmed
Status in openssl source package in Trusty:
  Confirmed
Status in openssl source package in Xenial:
  Confirmed
Status in openssl source package in Yakkety:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers

** Also affects: openssl (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: openssl (Ubuntu Yakkety)
   Importance: Medium
 Assignee: Marc Deslauriers (mdeslaur)
   Status: Confirmed

** Also affects: openssl (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: openssl (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: openssl (Ubuntu Precise)
   Importance: Undecided => High

** Changed in: openssl (Ubuntu Precise)
   Status: New => Confirmed

** Changed in: openssl (Ubuntu Precise)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: openssl (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: openssl (Ubuntu Trusty)
   Status: New => Confirmed

** Changed in: openssl (Ubuntu Trusty)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: openssl (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: openssl (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: openssl (Ubuntu Xenial)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed
Status in openssl source package in Precise:
  Confirmed
Status in openssl source package in Trusty:
  Confirmed
Status in openssl source package in Xenial:
  Confirmed
Status in openssl source package in Yakkety:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread vdloo

Can confirm that this affects 1.0.1-4ubuntu5.37 on 12.04

Reproducible by trying to openssl_x509_parse the ssl cert for
sourceforge with PHP 5.5.30-1+deb.sury.org~precise+1

$ openssl s_client -connect sourceforge.net:443   cert.txt
$ echo " segfault.php
$ php segfault.php
Segmentation fault (core dumped)

The backtrace:
$ gdb php
GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/bin/php...(no debugging symbols found)...done.
(gdb) r segf.php
Starting program: /usr/bin/php segf.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x75c40f81 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x75c40f81 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x006e8e8d in add_assoc_string_ex ()
#2  0x004a67ba in zif_openssl_x509_parse ()
#3  0x006d4959 in dtrace_execute_internal ()
#4  0x007911de in ?? ()
#5  0x00754358 in execute_ex ()
#6  0x006d4846 in dtrace_execute_ex ()
#7  0x74f72ecc in ?? () from 
/usr/lib/php5/20121212/ioncube_loader_lin_5.5.so
#8  0x006e66b4 in zend_execute_scripts ()
#9  0x0068380d in php_execute_script ()
#10 0x007949c3 in ?? ()
#11 0x00465081 in main ()
(gdb)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed
Status in openssl source package in Precise:
  Confirmed
Status in openssl source package in Trusty:
  Confirmed
Status in openssl source package in Xenial:
  Confirmed
Status in openssl source package in Yakkety:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Andreas Rütten

Also affected 1.0.1-4ubuntu5.37 on 12.04

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers

I can reproduce this and will release an updated openssl package today.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers

** Changed in: openssl (Ubuntu)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Mikkel Kirkgaard Nielsen

Thanks @ollisa.

I had the same thoughts about 1.0.1f-1ubuntu2 so I found a downloadable
build at https://launchpad.net/ubuntu/+source/openssl/1.0.1f-
1ubuntu2.19. Installing just the ubuntu2.19 version of libssl1.0.0
solved the issue;

wget 
https://launchpad.net/~ubuntu-security/+archive/ubuntu/ppa/+build/9679884/+files/libssl1.0.0_1.0.1f-1ubuntu2.19_amd64.deb
dpkg -i libssl1.0.0_1.0.1f-1ubuntu2.19_amd64.deb

Now the certs can be parsed without segfault;
# php -r "echo 
gettype(openssl_x509_parse(file_get_contents('/etc/ssl/certs/ca-certificates.crt')));"
array

A good idea would be to put the package on hold to prevent further
automatic upgrades. Though you'd then need to manually verify and unhold
when a fix is out

# apt-mark hold libssl1.0.0
libssl1.0.0 set on hold.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Olli Salli

** Summary changed:

- libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault
+ libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation 
to segfault

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883

Title:
  libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
  validation to segfault

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  Last night unattended-upgrades upgraded the openssl packages
  (libssl1.0.0, libssl-dev, openssl) from version 1.0.2g-1ubuntu4.1 to
  version 1.0.2g-1ubuntu4.4 on a CI build server. Then everything that
  used PHP to connect to a HTTPS site started crashing when verifying
  the server cert.

  Like this:

  ```
  
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
 DATABASE_DATABASE=wordpressmastere2e catchsegv wp plugin install --force 
--activate wp-cfm
  Deprecated: Methods with the same name as their class will not be 
constructors in a future version of PHP; WP_Import has a deprecated constructor 
in /var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop
/vagrant/wordpress/wp-content/plugins/wordpress-importer/wordpress-importer.php 
on line 38
  Notice: Undefined offset: 4 in 
phar:///usr/local/bin/wp/php/WP_CLI/DocParser.php on line 124
  Segmentation fault (core dumped)
  *** Segmentation fault
  Register dump:

   RAX:    RBX: 0001   RCX: 
   RDX: 000c   RSI: 55665071af59   RDI: 
   RBP: 556650a49e4e   R8 : 556652364720   R9 : 
   R10:    R11: 7fdb3c081730   R12: 55665071af59
   R13: 000c   R14:    R15: 7fdb39418cf0
   RSP: 7ffc4bad7a08

   RIP: 7fdb3bf77d16   EFLAGS: 00010293

   CS: 0033   FS:    GS: 

   Trap: 000e   Error: 0004   OldMask:    CR2: 

   FPUCW: 027f   FPUSW:    TAG: 
   RIP:    RDP: 

   ST(0)     ST(1)  
   ST(2)     ST(3)  
   ST(4)     ST(5)  
   ST(6)     ST(7)  
   mxcsr: 1fa0
   XMM0:   XMM1:  

   XMM2:   XMM3:  

   XMM4:   XMM5:  

   XMM6:   XMM7:  

   XMM8:   XMM9:  

   XMM10:  XMM11: 

   XMM12:  XMM13: 

   XMM14:  XMM15: 


  Backtrace:
  /lib/x86_64-linux-gnu/libc.so.6(strlen+0x26)[0x7fdb3bf77d16]
  php(add_assoc_string_ex+0x32)[0x556650677b12]
  php(zif_openssl_x509_parse+0x17c)[0x5566505312ec]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(+0x2e391d)[0x5566506f991d]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]
  php(dtrace_execute_ex+0xb1)[0x5566506649d1]
  php(zend_call_function+0x749)[0x55665039]
  php(zif_call_user_func+0xb5)[0x5566505b39d5]
  php(dtrace_execute_internal+0x2a)[0x556650664b3a]
  php(+0x2e37e0)[0x5566506f97e0]
  php(execute_ex+0x1b)[0x5566506b4e2b]

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

[Touch-packages] [Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

16 matches

Site Navigation

Mail list logo

Footer information