Bug#610455: marked as done (libapache2-mod-auth-pam: Apache threads die with pam_ldap)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 06 Jun 2013 06:45:42 +0000
with message-id <[🔎] E1UkTx8-0002rJ-6m@franck.debian.org>
and subject line Bug#710770: Removed package(s) from unstable
has caused the Debian Bug report #610455,
regarding libapache2-mod-auth-pam: Apache threads die with pam_ldap
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
610455: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610455
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: libapache2-mod-auth-pam: Apache threads die with pam_ldap
• From: Eric Reischer <emr@bw.psu.edu>
• Date: Tue, 18 Jan 2011 13:18:52 -0500
• Message-id: <4D35D98C.6060208@bw.psu.edu>

Package: libapache2-mod-auth-pam
Version: 1.1.1-6.1
Severity: important

When running with the apache2-mpm-worker engine, and with /etc/pam.d/apache2 using pam_ldap.so for auth and account, server threads frequently die with double-free errors in the apache error log. Usually only happens when the server is getting hit with heavier loads. Errors disappear when switching over to apache2-mpm-prefork.

Recommend stopgap resolution is to force a conflict between libapache2-mod-auth-pam and apache2-mpm-worker, thus requiring the user to use the prefork engine.

I expect this issue is actually a bug in pam_ldap or the LDAP libraries, which may not be thread-safe, but I'm submitting it here because this is the only location I see the problem manifesting itself.

Backtrace printed (from apache error.log):

*** glibc detected *** /usr/sbin/apache2: double free or corruption (fasttop): 0x00007f2f8800d050 ***

======= Backtrace: =========
/lib/libc.so.6[0x7f2f954179a8]
/lib/libc.so.6(cfree+0x76)[0x7f2f95419ab6]
/usr/lib/libldap_r-2.4.so.2(ldap_pvt_tls_set_option+0x240)[0x7f2f95190d40]
/usr/lib/libldap_r-2.4.so.2(ldap_set_option+0x20d)[0x7f2f95186dbd]
/lib/security/pam_ldap.so[0x7f2f8d4d48fd]
/lib/security/pam_ldap.so[0x7f2f8d4d4ef3]
/lib/security/pam_ldap.so[0x7f2f8d4d52de]
/lib/security/pam_ldap.so[0x7f2f8d4d6b43]
/lib/security/pam_ldap.so(pam_sm_authenticate+0x26c)[0x7f2f8d4d6dbc]
/lib/libpam.so.0[0x7f2f90ce3c42]
/lib/libpam.so.0(pam_authenticate+0x43)[0x7f2f90ce3523]
/usr/lib/apache2/modules/mod_auth_pam.so[0x7f2f90eecff0]
/usr/sbin/apache2(ap_run_check_user_id+0x83)[0x434123]
/usr/sbin/apache2(ap_process_request_internal+0x2c4)[0x4363a4]
/usr/sbin/apache2(ap_sub_req_method_uri+0x108)[0x436bd8]
/usr/lib/apache2/modules/mod_dav_svn.so[0x7f2f8fa972f9]
/usr/lib/apache2/modules/mod_dav_svn.so[0x7f2f8fa9747d]
/usr/lib/libsvn_repos-1.so.1[0x7f2f8f8781ac]
/usr/lib/libsvn_repos-1.so.1[0x7f2f8f87934d]
/usr/lib/libsvn_repos-1.so.1(svn_repos_get_logs4+0x2b5)[0x7f2f8f87a135]
/usr/lib/apache2/modules/mod_dav_svn.so(dav_svn__log_report+0x233)[0x7f2f8fa9d443]
/usr/lib/apache2/modules/mod_dav.so[0x7f2f8fcbbdca]
/usr/sbin/apache2(ap_run_handler+0x83)[0x439153]
/usr/sbin/apache2(ap_invoke_handler+0x9f)[0x43c71f]
/usr/sbin/apache2(ap_process_request+0x18e)[0x44963e]
/usr/sbin/apache2[0x446768]
/usr/sbin/apache2(ap_run_process_connection+0x83)[0x440673]
/usr/sbin/apache2[0x44e521]
/usr/lib/libapr-1.so.0[0x7f2f9593aa5d]
/lib/libpthread.so.0[0x7f2f956fdfc7]
/lib/libc.so.6(clone+0x6d)[0x7f2f9547364d]

-- System Information:
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.35 (SMP w/16 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libapache2-mod-auth-pam depends on:
ii  apache2.2-common         2.2.9-10+lenny8 Apache HTTP Server common files
ii  libc6                    2.7-18lenny6    GNU C Library: Shared libraries

ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l

--- End Message ---

--- Begin Message ---

• To: 246222-done@bugs.debian.org,284863-done@bugs.debian.org,291558-done@bugs.debian.org,366401-done@bugs.debian.org,366411-done@bugs.debian.org,382382-done@bugs.debian.org,393342-done@bugs.debian.org,394097-done@bugs.debian.org,400984-done@bugs.debian.org,422651-done@bugs.debian.org,450387-done@bugs.debian.org,482397-done@bugs.debian.org,509197-done@bugs.debian.org,515995-done@bugs.debian.org,575009-done@bugs.debian.org,610455-done@bugs.debian.org,666809-done@bugs.debian.org,660221-done@bugs.debian.org,
• Cc: libapache2-mod-auth-pam@packages.debian.org, libapache2-mod-auth-pam@packages.qa.debian.org
• Subject: Bug#710770: Removed package(s) from unstable
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 06 Jun 2013 06:45:42 +0000
• Message-id: <[🔎] E1UkTx8-0002rJ-6m@franck.debian.org>

Version: 1.1.1-9+rm

Dear submitter,

as the package libapache2-mod-auth-pam has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/710770

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Ansgar Burchardt (the ftpmaster behind the curtain)

--- End Message ---