Bug#814078: eglibc 2.11.3-4+deb6u9 crashes php on reload
On 2016-02-09 13:18, Aurelien Jarno wrote:
> On 2016-02-08 10:07, Matus UHLAR - fantomas wrote:
> > Package: eglibc
> > Version: 2.11.3-4+deb6u9
> >
> > Hello,
> >
> > after updating libc6 to 2.11.3-4+deb6u9 we have notices all apache servers
> > with mod_php loaded to crash after reload, with message:
> >
> > apache2: Syntax error on line 203 of /etc/apache2/apache2.conf: Syntax error
> > on line 1 of /etc/apache2/mods-enabled/php5.load: Cannot load
> > /usr/lib/apache2/modules/libphp5.so into server: /lib/i686/cmov/libm.so.6:
> > symbol __strtod_nan, version GLIBC_2.0 not defined in file libc.so.6 with
> > link time reference
> >
> > (wrapped for better readability).
> >
> > apparently caused by fix of bug #813187
>
> Indeed, it looks like the fix has been wrongly backported. The new
> symbols are supposed to be private symbols (versioned with
> GLIBC_PRIVATE). Otherwise the ABI is changed and this can cause
> compatibility issues with other version of the libc on wheezy, jessie,
> etc. or other distributions.
The patch below should fixes the ABI breakage introduced by the security
fix. I am not sure it fixes the reported bug though.
--- eglibc-2.11.3/debian/patches/any/cvs-CVE-2014-9761-2-squeeze.patch
+++ eglibc-2.11.3/debian/patches/any/cvs-CVE-2014-9761-2-squeeze.patch
@@ -329,11 +329,10 @@
===================================================================
--- eglibc-2.11.3.orig/stdlib/Versions
+++ eglibc-2.11.3/stdlib/Versions
-@@ -8,6 +8,7 @@ libc {
-
- # functions used in other libraries
- __secure_getenv;
+@@ -106,5 +106,6 @@
+ __libc_system;
+ # Variable which needs a dynamic symbol table entry.
+ __abort_msg;
+ __strtof_nan; __strtod_nan; __strtold_nan;
-
- # a*
- a64l; abort; abs; atexit; atof; atoi; atol; atoll;
+ }
+ }
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Reply to: