Bug#914340: [DAViCal-devel] Bug#914340: system details

2018-12-10 Thread Daniel Pocock 



On 04/12/2018 08:41, Florian Schlichting wrote:

> Do you want to try with openssl 1.1.0j-1~deb9u1 (make sure to restart
> apache2 so all the children use the new libraries) and see if those
> segfaults disappear?
>


Thanks for looking into that

I installed the updated openssl

Previously Apache / DAViCal would get into this state approximately
once a week, so if it runs smoothly for 2-3 weeks then hopefully that is
the fix for it.

That said, even if a segfault appears in openssl and there is a fix for
that, there are sometimes cases where another library mentioned in the
stack has used the openssl API incorrectly or passed a bad argument and
ideally that code would be examined too.  I haven't personally had time
to look closely enough at the openssl fix to see if it is such a case.

Regards,

Daniel

Bug#914340: [DAViCal-devel] Bug#914340: system details

2018-12-03 Thread Florian Schlichting 
Hi,

> Here are some of the package versions that are installed:

> ii  openssl1.1.0f-3+deb9u2
> 
> ii  libssl1.1:amd641.1.0f-3+deb9u2

...

> Then I tried guessing which child process would crash next and connected
> to it with gdb, looks like an issue in pdo_pgsql.so with PHP 7, stack is
> below.
> 
> Should the bug be reassigned to the php-pgsql package?  As we have a
> reproducible stack trace I feel it is now an RC issue too.

well with the webserver process segfaulting it's certainly not a davical
issue...

> Is there any other data I should gather before restarting the Apache
> process again?  I can leave it like this for a couple of hours maximum.
> 
> 
> Thread 1 "apache2" received signal SIGSEGV, Segmentation fault.
> 0x7fa662662ed4 in ERR_clear_error () from
> target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
> (gdb) bt
> #0  0x7fa662662ed4 in ERR_clear_error () from
> target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
> #1  0x7fa66267dfe9 in ?? () from
> target:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1

...and while I wasn't sure if it should rather be apache2, php7.0 or
openssl, I found
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903566 which seems to
segfault in the same place and happens to have a fix on the way to
stable-security since last night.

Do you want to try with openssl 1.1.0j-1~deb9u1 (make sure to restart
apache2 so all the children use the new libraries) and see if those
segfaults disappear?

Florian