[php-maint] Bug#687418: Updating php5 to 5.4.4-5 broke FastCGI setup on my machine

Matthias Urlichs matthias at urlichs.de
Mon Sep 17 18:48:27 UTC 2012


Hi,

Christoph Anton Mitterer:
> 
> 2) Ondrej, I've already planned to suggest you... to change the
> _handler_ name "application/x-httpd-php" that we now use throughout the
> packages to someting like "php-script"...
> It easily confuses people that this would be a MIME type,... while it is
> actually a handler.
> 
Ah. Thank you, that was in fcat one of the problems I struggled with.
> 
> In principle we tried to explain in the NEWS file what has happened,...
> obviously we cannot cover _any_ possible setup where this could occur
> somehow; there are simply way too much possible and complex
> configurations
> 
There are also a couple of simple configurations which get broken. They
should not be.

Conceptually, setting up a mod_fastcgi server with separate users is rather
simple:

* install mod_fastcgi (duh)
* disable php5_cgi, i.e. remove mods_enabled/php5_cgi.conf
* add a line 
  ScriptAlias /php-fastcgi/ /var/www/drupal/bin/php5-cgi/
  to the user's virtual hosts
* and (of course) create a script /var/www/drupal/bin/php5-cgi, where
  local PHP variables like individual memory limits etc. may be set before
  exec()ing /usr/lib/cgi-bin/php5 (which automagically uses fastcgi mode
  when you do all that).

Thus an upgrade to wheezy which kills that setup by undoing the second
step, i.e. re-enabling php5_cgi, is contrary to expectations, NEWS file or
no NEWS file.

In fact, this should not happen regardless of whether such re-enabling
breaks anything. It might even introduce a security hole; imagine
re-enabling mod_dirindex.  :-(

Therefore I recommend that, at minimum, an upgrade MAY NOT re-enable
an Apache module which the administrator has specifically disabled.

> Has anyone an idea whether mod_fastcgi (!= mod_fcgid) is also affected?
> 
Yes, it is. In fact, that prompted my initial bug report.

-- 
-- Matthias Urlichs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120917/d020688b/attachment-0003.pgp>


More information about the pkg-php-maint mailing list