Hi,
Ondřej Surý:
> On Mon, Sep 17, 2012 at 8:48 PM, Matthias Urlichs wrote:
> > Thus an upgrade to wheezy which kills that setup by undoing the second
> > step, i.e. re-enabling php5_cgi, is contrary to expectations, NEWS file or
> > no NEWS file.
>
> JFTR there was NO php5_cgi in squeeze, so th
On Mon, Sep 17, 2012 at 8:48 PM, Matthias Urlichs wrote:
> Thus an upgrade to wheezy which kills that setup by undoing the second
> step, i.e. re-enabling php5_cgi, is contrary to expectations, NEWS file or
> no NEWS file.
JFTR there was NO php5_cgi in squeeze, so the update does not
re-enable an
On Mon, Sep 17, 2012 at 11:30:46PM +0200, Christoph Anton Mitterer wrote:
[...]
> Questions for those who are affected by this bug:
> 1) So you have both, php5-cgi AND libapache2-mod-fcgid installed, right?
Yes.
> 2) Then what happens is, the Handler from php5_cgi.conf overrides the
> way (whatev
On Tue, 2012-09-18 at 00:00 +0200, Matthias Urlichs wrote:
> fastcgi, but yes.
Well... we have to expect both causing troubles...
> > Big problem though is, are the files then served as normal files by
> > Apache?
> Yes. The file gets served as-is, with a mimetype of
> application/x-whatever-php.
Hi,
Christoph Anton Mitterer:
> 1) So you have both, php5-cgi AND libapache2-mod-fcgid installed, right?
fastcgi, but yes.
> 2) Then what happens is, the Handler from php5_cgi.conf overrides the
> way (whatever you did) to get .php files interpreted, right?
Right.
> 3) Obviously, .php files a
On Mon, 2012-09-17 at 22:50 +0200, Matthias Urlichs wrote:
> > AFAIU, it doesn't really enable anything... it just sets a different
> > handler, which may take away handling from what you've set up.
> Your understanding is incomplete.
> The postinst script specifically calls a2enable.
It does,... b
Hi,
Christoph Anton Mitterer:
> > In fact, this should not happen regardless of whether such re-enabling
> > breaks anything. It might even introduce a security hole; imagine
> > re-enabling mod_dirindex. :-(
> AFAIU, it doesn't really enable anything... it just sets a different
> handler, which
On Mon, 2012-09-17 at 20:48 +0200, Matthias Urlichs wrote:
> > 2) Ondrej, I've already planned to suggest you... to change the
> > _handler_ name "application/x-httpd-php" that we now use throughout the
> > packages to someting like "php-script"...
> > It easily confuses people that this would be a
Hi,
Christoph Anton Mitterer:
>
> 2) Ondrej, I've already planned to suggest you... to change the
> _handler_ name "application/x-httpd-php" that we now use throughout the
> packages to someting like "php-script"...
> It easily confuses people that this would be a MIME type,... while it is
> actu
On Mon, 2012-09-17 at 22:11 +0400, Konstantin Khomoutov wrote:
>
> SetHandler fcgid-script
> FcgidWrapper /usr/bin/php-cgi
>
>
> snippet, all works sensibly: test.php.jpeg is sent as-is and is not
> tried to be interpreted.
Yeah,... perhaps someone could report a bug against that packag
On Mon, 17 Sep 2012 18:53:50 +0200
Christoph Anton Mitterer wrote:
[...]
Sorry for skipping the rest -- will come back to it later.
> btw:
> This:
> FCGIWrapper /usr/bin/php-cgi .php
> may (I haven't checked) be vulnerable to the foo.php.jpeg issue.
Yes, seems vulnerable: I've created a foo.p
On Mon, 17 Sep 2012 17:28:44 +0200
Ondřej Surý wrote:
> > I'm by no means an expert in setting up this sort of complicated
> > stuff in Apache, so I can't really tell if this new change in php5
> > packaging introduces a regression or it's just a misconfiguration
> > on my part. In the latter cas
On Mon, 17 Sep 2012 19:57:57 +0400
Konstantin Khomoutov wrote:
[...]
> Or is the correct thing for me is to just change
>
>
> SetHandler application/x-httpd-php
>
>
> to
>
>
> SetHandler fcgid-script
>
>
> ?
Answering to myself:
SetHandler fcgid-script
FcgidWrapper /usr
13 matches
Mail list logo
