Summary: | dev-lang/php[apache2]: Uses insecure AddHandler directive (in unused file) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sebastian Pipping <sping> |
Component: | Current packages | Assignee: | PHP Bugs <php-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 544560 |
Description
Sebastian Pipping
2015-03-26 15:50:32 UTC
Update: I just found that my call to grep was the problem. The file is actually still used: # fgrep -Rl 70_mod_php5 . | fgrep ebuild | sort ./php-5.3.29.ebuild ./php-5.4.36.ebuild ./php-5.4.37.ebuild ./php-5.4.38.ebuild ./php-5.4.39.ebuild ./php-5.5.20.ebuild ./php-5.5.21.ebuild ./php-5.5.22.ebuild ./php-5.5.23.ebuild ./php-5.6.4.ebuild ./php-5.6.5.ebuild ./php-5.6.6.ebuild ./php-5.6.7.ebuild So a fix is needed rather than removal. Please see bug #538822 for a proposed fixed. Thank you! I intend to fix this myself with the same fix as used for eselect-php in bug #538822. Please object now, if you would like to take over. Thanks. Update once again: File files/70_mod_php5.conf-apache2 is NOT used by the ebuilds. The previous grep matches on "70_mod_php5" are all like # fgrep -A1 70_mod_php5 *.ebuild php-5.3.29.ebuild: APACHE2_MOD_CONF="70_mod_php5" php-5.3.29.ebuild- apache-module_pkg_postinst [..] and apache-module_pkg_postinst only prints information. Furthermore, # fgrep -Rl -- -apache2 . ./Manifest ./ChangeLog-2012 and a look at the change log reveals that there was a -r1 of that file at some point https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-lang/php/files/70_mod_php5.conf-apache2?revision=1.7 https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-lang/php/files/70_mod_php5.conf-apache2-r1?revision=1.2 which fixed the AddHandler part, interestingly. + + 05 Apr 2015; Sebastian Pipping <sping@gentoo.org> php-5.3.29.ebuild, + php-5.4.36.ebuild, php-5.4.37.ebuild, php-5.4.38.ebuild, php-5.4.39.ebuild, + php-5.5.20.ebuild, php-5.5.21.ebuild, php-5.5.22.ebuild, php-5.5.23.ebuild, + php-5.6.4.ebuild, php-5.6.5.ebuild, php-5.6.6.ebuild, php-5.6.7.ebuild, + -files/70_mod_php5.conf-apache2: + Resolve unused and misleading files/70_mod_php5.conf-apache2, add note about + /etc/apache2/modules.d/70_mod_php5.conf actually being provided by + app-eselect/eselect-php by now (bug #544564) |