Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 544564 - dev-lang/php[apache2]: Uses insecure AddHandler directive (in unused file)
Summary: dev-lang/php[apache2]: Uses insecure AddHandler directive (in unused file)
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: PHP Bugs
Depends on:
Blocks: 544560
  Show dependency tree
Reported: 2015-03-26 15:50 UTC by Sebastian Pipping
Modified: 2015-04-05 22:18 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Pipping gentoo-dev 2015-03-26 15:50:32 UTC
I would rather not delete that file myself without review from your side.
To my understanding, it is unused and can be deleted.

# fgrep -Rl '70_mod_php5.conf-apache2' .

The reason why I would like to have it removed is the use of AddHandler:

# fgrep -R AddHandler .
./files/70_mod_php5.conf-apache2:               AddHandler application/x-httpd-php .php .php5 .phtml
./files/70_mod_php5.conf-apache2:               AddHandler application/x-httpd-php-source .phps

Please see bug #538822 for why that is a problem.

Thank you!
Comment 1 Sebastian Pipping gentoo-dev 2015-03-26 16:28:47 UTC

I just found that my call to grep was the problem.  The file is actually still used:

  # fgrep -Rl 70_mod_php5 . | fgrep ebuild | sort

So a fix is needed rather than removal.  Please see bug #538822 for a proposed fixed.

Thank you!
Comment 2 Sebastian Pipping gentoo-dev 2015-03-27 01:22:23 UTC
I intend to fix this myself with the same fix as used for eselect-php in bug #538822.

Please object now, if you would like to take over.  Thanks.
Comment 3 Sebastian Pipping gentoo-dev 2015-04-05 21:58:15 UTC
Update once again: File files/70_mod_php5.conf-apache2 is NOT used by the ebuilds.

The previous grep matches on "70_mod_php5" are all like

  # fgrep -A1 70_mod_php5 *.ebuild
  php-5.3.29.ebuild:              APACHE2_MOD_CONF="70_mod_php5"
  php-5.3.29.ebuild-              apache-module_pkg_postinst

and apache-module_pkg_postinst only prints information.


  # fgrep -Rl -- -apache2 .

and a look at the change log reveals that there was a -r1 of that file at some point

which fixed the AddHandler part, interestingly.
Comment 4 Sebastian Pipping gentoo-dev 2015-04-05 22:18:17 UTC
+  05 Apr 2015; Sebastian Pipping <> php-5.3.29.ebuild,
+  php-5.4.36.ebuild, php-5.4.37.ebuild, php-5.4.38.ebuild, php-5.4.39.ebuild,
+  php-5.5.20.ebuild, php-5.5.21.ebuild, php-5.5.22.ebuild, php-5.5.23.ebuild,
+  php-5.6.4.ebuild, php-5.6.5.ebuild, php-5.6.6.ebuild, php-5.6.7.ebuild,
+  -files/70_mod_php5.conf-apache2:
+  Resolve unused and misleading files/70_mod_php5.conf-apache2, add note about
+  /etc/apache2/modules.d/70_mod_php5.conf actually being provided by
+  app-eselect/eselect-php by now (bug #544564)