pkg/49333: libgpg-error 1.15 may cause apache and php to segfault

[he%NetBSD.org@localhost]

>Number:         49333
>Category:       pkg
>Synopsis:       libgpg-error 1.15 may cause apache and php to segfault
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 29 10:30:00 +0000 2014
>Originator:     Havard Eidnes
>Release:        NetBSD 6.1_STABLE
>Organization:
	None
>Environment:
System: NetBSD smistad.uninett.no 6.1_STABLE NetBSD 6.1_STABLE (MAANEN) #0: Mon Sep 1 14:42:18 CEST 2014 root%smistad.uninett.no@localhost:/usr/obj/sys/arch/i386/compile/MAANEN i386
Architecture: i386
Machine: i386
>Description:
	libgpg-error at least in version 1.15 makes use of atexit() to
	flush its error stream (it seems).

	However, libgpg-error ends up being used as a dynamically
	loaded library in several circumstances, two examples I've
	come across are php and apache.  These programs tend to do
	dlclose() on its libraries before they do exit(), cauisng the
	latter's atexit handling to try to call into now invalidated
	address space, causing a segfault.

>How-To-Repeat:
	Make use of modules which cause libgpg-error to be loaded in
	php and/or apache, and see php segfault on exit, or get
	occasional segfaults from apache processes when they exit.

>Fix:
	This is probably the wrong fix (is there a right one?), but to
	stop the segfaults from happening, I've added this local patch:

$NetBSD$

Avoid this library causing segfaults in apache and php,
since these can unload the libgpg-error library before doing exit().

--- src/estream.c.orig  2014-09-11 09:38:21.000000000 +0000
+++ src/estream.c
@@ -503,7 +503,9 @@ _gpgrt_es_init (void)
   if (!initialized)
     {
       initialized = 1;
+#if 0  /* May be unloaded as a library before exit() is called... */
       atexit (do_deinit);
+#endif
     }
   return 0;
 }