ports/139840: php5-mhash is not working with apache compiled as worker

Lukasz Wasikowski lukasz at wasikowski.net
Thu Oct 22 13:10:02 UTC 2009


>Number:         139840
>Category:       ports
>Synopsis:       php5-mhash is not working with apache compiled as worker
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 22 13:10:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Lukasz Wasikowski
>Release:        7.2-RELEASE-p3
>Organization:
>Environment:
FreeBSD bijou.wasikowski.net 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #0: Wed Jul 29 16:51:48 CEST 2009     root at bijou.wasikowski.net:/usr/obj/usr/src/sys/bijou  i386
>Description:
PHP5 is not working when compiled as apache module (and apache is compiled as worker), and php5-mhash is loaded.

mhash is obsoleted (in favour of hash), as stated here:

http://www.php.net/manual/en/intro.mhash.php

but still some ports use it:

cd /usr/ports && make search rdeps=php5-mhash display=path

results (among many others):

/usr/ports/mail/squirrelmail
/usr/ports/sysutils/gosa
/usr/ports/www/phpwebgallery

>How-To-Repeat:
echo "WITH_MPM=worker" >> /etc/make.conf

cd /usr/ports/www/apache22 && make install clean
cd /usr/ports/lang/php5 && make rmconfig && make install clean (turn on apache module)
cd /usr/ports/security/php5-mhash && make install clean

Run: 
php-config
Usage: /usr/local/bin/php-config [OPTION]
Options:
--prefix            [/usr/local]
--includes          [-I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib]
--ldflags           [ -L/usr/local/lib]
--libs              [-lcrypt   -lcrypt -lm  -lxml2 -lz -liconv -lm -lcrypt -lcrypt ]
--extension-dir     [/usr/local/lib/php/20060613-zts]
--include-dir       [/usr/local/include/php]
--php-binary        [/usr/local/bin/php]

php -v
ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown')

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list