Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
On Mon, 11 Oct 2021 17:28:51 +0200 Jean Weisbuch wrote: > I also have the issue on a custom compiled HTTPD and ITK, it's not a > Debian specific bug ; it appeared between 2.4.48 and 2.4.49. > > > Here is a basic patch for 2.4.51 that comments the line that provokes > the segfaults but it might break other things : > > --- server/connection.c2021-09-26 16:11:22.0 +0200 > +++ server/connection.c2021-10-11 17:00:17.868463811 +0200 > @@ -156,7 +156,7 @@ > apr_socket_t *csd = ap_get_conn_socket(c); > > if (ap_start_lingering_close(c)) { > -apr_socket_close(csd); > +//apr_socket_close(csd); > return; > } > > A "cleaner" patch, also for 2.4.51, that reverts the changes between > 2.4.48 and 2.4.49 on connection.c but keep the other changes ; i don't > know what those changes could imply so i advise against using it on a > production platform : > > --- ./server/connection.c2021-09-26 16:11:22.0 +0200 > +++ ./server/connection.c2021-10-11 17:15:04.232960328 +0200 > @@ -139,12 +139,18 @@ > ap_flush_conn(c); > > #ifdef NO_LINGCLOSE > +apr_socket_close(csd); > return 1; > #else > /* Shut down the socket for write, which will send a FIN >* to the peer. >*/ > -return (c->aborted || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE)); > +if (c->aborted > +|| apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) != > APR_SUCCESS) { > +apr_socket_close(csd); > +return 1; > +} > +return 0; > #endif > } > > @@ -156,7 +162,6 @@ > apr_socket_t *csd = ap_get_conn_socket(c); > > if (ap_start_lingering_close(c)) { > -apr_socket_close(csd); > return; > } > > >
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
reassign 995961 apache2 found 995961 2.4.51-1~deb11u1 found 995961 2.4.51-1 thanks On Tue, Oct 12, 2021 at 11:56:20AM +0200, Jean Weisbuch wrote: > It has also been reported on the HTTPD bugtracker : > https://bz.apache.org/bugzilla/show_bug.cgi?id=65627 Given the analysis there, it doesn't really look like there's anything mpm-itk can do, so I'm reassigning this to apache2. /* Steinar */ -- Homepage: https://www.sesse.net/
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
On 10/11/21 8:54 PM, Steinar H. Gunderson wrote: On Mon, Oct 11, 2021 at 06:06:04PM +0200, Jean Weisbuch wrote: Seems like re-compiling mpm-itk (using the exact same sourcecode as the previous time i compiled it) and even without any patch applied to HTTPD 2.4.51 did also fix the issue for me. It seems to me that this is only in bullseye-proposed-updates, not actually a security update yet? If it breaks mpm-itk and nobody really knows why, I would say that's a good reason to stop the proposal process of the package. /* Steinar */ Sorry, it seems like i made a mistake (did not make clean after putting back the original older connection.c or did not fully restart httpd), i re-checked today and re-compiling mpm-itk does not fix the issue. It has also been reported on the HTTPD bugtracker : https://bz.apache.org/bugzilla/show_bug.cgi?id=65627
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
On Mon, 11 Oct 2021 20:54:38 +0200 "Steinar H. Gunderson" wrote: > It seems to me that this is only in bullseye-proposed-updates, not actually a > security update yet? If it breaks mpm-itk and nobody really knows why, > I would say that's a good reason to stop the proposal process of the package. It is already a security update: https://www.debian.org/security/2021/dsa-4982 For some reason it's not showing up in the listing on packages.debian.org, but that might be expected behavior. I don't know the packages site well enough to say for sure. Just to double-confirm I'm getting it from stable-security repos: $ apt list --upgradable Listing... Done apache2-bin/stable-security 2.4.51-1~deb11u1 amd64 [upgradable from: 2.4.48-3.1] apache2-data/stable-security 2.4.51-1~deb11u1 all [upgradable from: 2.4.48-3.1] apache2-utils/stable-security 2.4.51-1~deb11u1 amd64 [upgradable from: 2.4.48-3.1] apache2/stable-security 2.4.51-1~deb11u1 amd64 [upgradable from: 2.4.48-3.1]
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
Seems like re-compiling mpm-itk (using the exact same sourcecode as the previous time i compiled it) and even without any patch applied to HTTPD 2.4.51 did also fix the issue for me.
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
I also have the issue on a custom compiled HTTPD and ITK, it's not a Debian specific bug ; it appeared between 2.4.48 and 2.4.49. Here is a basic patch for 2.4.51 that comments the line that provokes the segfaults but it might break other things : --- server/connection.c 2021-09-26 16:11:22.0 +0200 +++ server/connection.c 2021-10-11 17:00:17.868463811 +0200 @@ -156,7 +156,7 @@ apr_socket_t *csd = ap_get_conn_socket(c); if (ap_start_lingering_close(c)) { - apr_socket_close(csd); +// apr_socket_close(csd); return; } A "cleaner" patch, also for 2.4.51, that reverts the changes between 2.4.48 and 2.4.49 on connection.c but keep the other changes ; i don't know what those changes could imply so i advise against using it on a production platform : --- ./server/connection.c 2021-09-26 16:11:22.0 +0200 +++ ./server/connection.c 2021-10-11 17:15:04.232960328 +0200 @@ -139,12 +139,18 @@ ap_flush_conn(c); #ifdef NO_LINGCLOSE + apr_socket_close(csd); return 1; #else /* Shut down the socket for write, which will send a FIN * to the peer. */ - return (c->aborted || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE)); + if (c->aborted + || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) != APR_SUCCESS) { + apr_socket_close(csd); + return 1; + } + return 0; #endif } @@ -156,7 +162,6 @@ apr_socket_t *csd = ap_get_conn_socket(c); if (ap_start_lingering_close(c)) { - apr_socket_close(csd); return; }
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
On Mon, Oct 11, 2021 at 06:06:04PM +0200, Jean Weisbuch wrote: > Seems like re-compiling mpm-itk (using the exact same sourcecode as the > previous time i compiled it) and even without any patch applied to HTTPD > 2.4.51 did also fix the issue for me. It seems to me that this is only in bullseye-proposed-updates, not actually a security update yet? If it breaks mpm-itk and nobody really knows why, I would say that's a good reason to stop the proposal process of the package. /* Steinar */ -- Homepage: https://www.sesse.net/
Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
Package: libapache2-mpm-itk Version: 2.4.7-04-1+b1 Severity: important Dear Maintainer, After installing the 2.4.51-1~deb11u1 security update the error log starts to get flilled with lines like: [core:notice] [pid 3115298] AH00052: child pid 3133160 exit signal Segmentation fault (11) Downgrading back to 2.4.48-3.1 made the errors disappear again. Disabling mpm_itk on 2.4.51-1~deb11u1 also stops the errors. The issue normally does not prevent pages from being loaded and they are still assigned the correct uid/gid. The problematic part lies in that it seems to cause issues with properly closing the connections. This lead to mod_qos limits being hit in my case, but I suspect it may also lead to hitting worker or thread pool limits in other cases. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/24 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mpm-itk depends on: ii apache2-bin [apache2-api-20120211] 2.4.48-3.1 ii libc6 2.31-13 ii libcap2 1:2.44-1 libapache2-mpm-itk recommends no packages. libapache2-mpm-itk suggests no packages. -- no debconf information