Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 544576 - www-apache/mod_fastcgi: Uses insecure AddHandler directive
Summary: www-apache/mod_fastcgi: Uses insecure AddHandler directive
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: No maintainer - Look at if you want to take care of it
Depends on:
Blocks: 544560
  Show dependency tree
Reported: 2015-03-26 16:12 UTC by Sebastian Pipping
Modified: 2016-10-01 07:56 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Pipping gentoo-dev 2015-03-26 16:12:59 UTC
# fgrep -R AddHandler .
./files/20_mod_fastcgi.conf:AddHandler fastcgi-script fcg fcgi fpl

Please see bug #538822 for why that is a problem and for a proposed fixed.

Thank you!
Comment 1 Sebastian Pipping gentoo-dev 2016-08-10 18:59:56 UTC
I see these potential alternatives in Gentoo:

 * www-apache/mod_fcgid

 * APACHE2_MODULES=proxy_fcgi  or   www-apache/mod_proxy_fcgi

 * www-apache/mod_fastcgi_handler

As the fix is tricky, we may well just tree-clean this package?  It's not free software as I read the license, anyway.
Comment 2 Pacho Ramos gentoo-dev 2016-08-10 19:17:57 UTC
Yeah, treecleaners are already CCed in another bug related with this package, but I still didn't have time to treeclean it :| (of course, you are free to go ahead either masking this one for removal or, even better, joining treecleaners to help us)

Comment 3 Pacho Ramos gentoo-dev 2016-10-01 07:56:05 UTC