Bug#891224: Just enabling the module makes apache children segfault
Hi Enrico, we know of a bunch of installations where libapache2-mod-auth-openidc is working without a problem in jessie and stretch. So it must be something special with your setup. From your ldd analysis it does not show a problem with libssl versions. But do you have both libssl-1.1 and libssl-1.0 installed? If yes, which packages depend on them? Can you provide a stack-trace? Christoph -- Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber/XMPP: mar...@jabber.uni-mainz.de <> signature.asc Description: OpenPGP digital signature
Bug#891224: Just enabling the module makes apache children segfault
On Fri, Feb 23, 2018 at 05:55:31PM +0100, Christoph Martin wrote: > Do you happen to have mod_php enabled? mod_php is not enabled, but it could be that some other module is enabled that has the same issue with openssl. > We have seen problems together with mod_php which is falsely linked with > openssl 1.1 while apache itself and all other modules are linked with > openssl 1.0 which was the policy for stretch release. Then it depends on > the load order of the modules if apache crashes or not. > > Can you verify this? Here is a list of modules that are enabled: $ ls /etc/apache2/mods-enabled/ access_compat.load authn_file.load authz_user.load deflate.conf filter.load ldap.loadmpm_worker.load reqtimeout.load ssl.load alias.conf authnz_ldap.load autoindex.conf deflate.load headers.load macro.load negotiation.conf setenvif.conf status.conf alias.load authz_core.load autoindex.load dir.conf info.conf mime.confnegotiation.load setenvif.load status.load auth_basic.load authz_groupfile.load cgid.confdir.load info.load mime.loadperl.load socache_shmcb.load wsgi.conf authn_core.load authz_host.load cgid.loadenv.load ldap.conf mpm_worker.conf reqtimeout.conf ssl.confwsgi.load I ran: for mod in $(ls /etc/apache2/mods-enabled/*.load); do SO=$(sed -nre 's/.+ ([^ ]+.so)$/\1/p' $mod); echo $SO; ldd $SO; done And found this: /usr/lib/apache2/modules/mod_ssl.so linux-vdso.so.1 (0x7ffdd7be9000) libssl.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2 (0x7ff3b6ead000) libcrypto.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 (0x7ff3b6a49000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x7ff3b682c000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7ff3b648d000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7ff3b6289000) /lib64/ld-linux-x86-64.so.2 (0x7ff3b734f000) Could it be relevant? Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature
Bug#891224: Just enabling the module makes apache children segfault
Hi Enrico, Am 23.02.2018 um 15:25 schrieb Enrico Zini: > Package: libapache2-mod-auth-openidc > Version: 2.1.6-1 > Severity: serious > > Hello, > > this has just been witnessed on diabelli.debian.org: > > apt install libapache2-mod-auth-openidc > a2enmod auth_openidc > systemctl restart apache2 > > at this point, just visiting sso.debian.org causes an internal server > error, with segfaults in the error log: > > [Fri Feb 23 14:22:56.038768 2018] [core:notice] [pid 19113:tid > 140156425577664] AH00052: child pid 19116 exit signal Segmentation fault (11) > Do you happen to have mod_php enabled? We have seen problems together with mod_php which is falsely linked with openssl 1.1 while apache itself and all other modules are linked with openssl 1.0 which was the policy for stretch release. Then it depends on the load order of the modules if apache crashes or not. Can you verify this? Christoph -- Christoph Martin, Leiter Unix-Systeme Zentrum für Datenverarbeitung, Uni-Mainz, Germany Anselm Franz von Bentzel-Weg 12, 55128 Mainz Telefon: +49(6131)3926337 Instant-Messaging: Jabber/XMPP: mar...@jabber.uni-mainz.de <> signature.asc Description: OpenPGP digital signature
Bug#891224: Just enabling the module makes apache children segfault
Package: libapache2-mod-auth-openidc Version: 2.1.6-1 Severity: serious Hello, this has just been witnessed on diabelli.debian.org: apt install libapache2-mod-auth-openidc a2enmod auth_openidc systemctl restart apache2 at this point, just visiting sso.debian.org causes an internal server error, with segfaults in the error log: [Fri Feb 23 14:22:56.038768 2018] [core:notice] [pid 19113:tid 140156425577664] AH00052: child pid 19116 exit signal Segmentation fault (11) Enrico -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_IE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mod-auth-openidc depends on: ii apache2-bin [apache2-api-20120211] 2.4.29-2 ii libc6 2.26-6 pn libcjose0 ii libcurl37.58.0-2 pn libhiredis0.13 ii libjansson4 2.11-1 ii libpcre32:8.39-9 ii libssl1.1 1.1.0g-2 libapache2-mod-auth-openidc recommends no packages. libapache2-mod-auth-openidc suggests no packages.