Ubuntu
php4 package

php4-cgi: No working #! able php binary to go under mass vhosting /cgi-bin

Bug #8449 reported by Debian Bug Importer
4
Affects Status Importance Assigned to Milestone
php4 (Debian)
Fix Released
Unknown
php4 (Ubuntu)
Fix Released
Medium
Thom May

Bug Description

Automatically imported from Debian bug report #273143 http://bugs.debian.org/273143

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #273143 http://bugs.debian.org/273143

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 23 Sep 2004 16:10:10 +1000
From: Jarne Cook <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: php4-cgi: No working #! able php binary to go under mass vhosting /cgi-bin

Package: php4-cgi
Version: 4:4.3.8-12
Severity: critical
Justification: breaks unrelated software

What a nasty night I have had. I have figured out that php4-cgi is not
what it appears.

Essentially, neither php4-cli or php4-cgi now provide a
#!/usr/bin/php<something> that can be executed by an executalble script
living in /cgi-bin.

This is because the cgi version (/usr/lib/cgi-bin/php4) has been
compiles with --enable-force-cgi-redirect which means apache has to be
(apprently) setup with
--
Action php-script /cgi-bin/php
AddHandler php-script .php
--

Unfortunately, that isn't going to work when doing complicated vhosts/mod_rewrite
setups.

php/cli on the other hand also can not help as it does not provide GPC
varaibles in a pre-processed way (you would have to manually parse
$_SERVER["QUERY_STRING"]).

So essentially for systems that cant use script alias in their vhost
config and want to use php/cgi in the conventional hash bang method
(aka. the 4th cgi method http://www.php.net/manual/en/security.cgi-bin.shell.php )
will have to have the php package recompiled, as one is not provided.

I see three options from here:
1) contuine to not provide a proper php/cgi binary
2) provide an extra binary in this package (eg /usr/bin/php-cgi)
3) create a new package again with the extra binary.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.6-1-386
Locale: LANG=C, LC_CTYPE=C

Versions of packages php4-cgi depends on:
ii debconf [debconf-2.0] 1.4.30.5 Debian configuration management sy
ii libbz2-1.0 1.0.2-1 A high-quality block-sorting file
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.6-8 XML parsing C library - runtime li
ii libmagic1 4.09-1 File type determination library us
ii libpcre3 4.5-1.1 Perl 5 Compatible Regular Expressi
ii libssl0.9.7 0.9.7d-4 SSL shared libraries
ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap
ii php4-cli 4:4.3.8-12 command-line interpreter for the p
ii php4-common 4:4.3.8-12 Common files for packages built fr
ii zlib1g 1:1.2.1.1-7 compression library - runtime

-- debconf information:
  php4/update_cgi_php_ini: true

Revision history for this message
In , Steve Langasek (vorlon) wrote : Another moron who doesn't know what 'unrelated' means

severity 273143 important
thanks

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sun, 26 Sep 2004 00:59:17 -0700
From: Steve Langasek <email address hidden>
To: <email address hidden>
Subject: Another moron who doesn't know what 'unrelated' means

severity 273143 important
thanks

Revision history for this message
In , MJ Ray (mjr-dsl) wrote : php4-cgi: this does look release critical

I suggest: severity 273143 grave

The reporter selected the wrong severity, but this does look like an
RC bug, unfortunately. I have just been asked to fix a system which
upgraded from stable and had many of their virtual-hosted scripts
break. It uses a #!-style of running CGI scripts. It is documented in
the PHP manual and seems a common situation for selecting php4-cgi
over the other flavours, so I think this makes the package unusable or
mostly so.

Because 4.1.2's config also included enable-force-cgi-redirect, I'm
not sure whether the reporter's diagnosis was correct. I have asked
them and I'm waiting for more information.

I have my afflicted system running through a wrapper as a workaround.
Please cc me on replies.

--
MJR/slef My Opinion Only and not of any group I know
  Creative copyleft computing - http://www.ttllp.co.uk/
LinuxExpo.org.uk village 6+7 Oct http://www.affs.org.uk

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Mon, 04 Oct 2004 09:49:49 +0100
From: MJ Ray <email address hidden>
To: <email address hidden>
Subject: php4-cgi: this does look release critical

I suggest: severity 273143 grave

The reporter selected the wrong severity, but this does look like an
RC bug, unfortunately. I have just been asked to fix a system which
upgraded from stable and had many of their virtual-hosted scripts
break. It uses a #!-style of running CGI scripts. It is documented in
the PHP manual and seems a common situation for selecting php4-cgi
over the other flavours, so I think this makes the package unusable or
mostly so.

Because 4.1.2's config also included enable-force-cgi-redirect, I'm
not sure whether the reporter's diagnosis was correct. I have asked
them and I'm waiting for more information.

I have my afflicted system running through a wrapper as a workaround.
Please cc me on replies.

--
MJR/slef My Opinion Only and not of any group I know
  Creative copyleft computing - http://www.ttllp.co.uk/
LinuxExpo.org.uk village 6+7 Oct http://www.affs.org.uk

Revision history for this message
In , Adam Conrad (adconrad) wrote : Bug#273143: fixed in php4 4:4.3.9-1
Download full text (9.3 KiB)

Source: php4
Source-Version: 4:4.3.9-1

We believe that the bug you reported is fixed in the latest version of
php4, which is due to be installed in the Debian FTP archive:

caudium-php4_4.3.9-1_powerpc.deb
  to pool/main/p/php4/caudium-php4_4.3.9-1_powerpc.deb
libapache-mod-php4_4.3.9-1_powerpc.deb
  to pool/main/p/php4/libapache-mod-php4_4.3.9-1_powerpc.deb
libapache2-mod-php4_4.3.9-1_powerpc.deb
  to pool/main/p/php4/libapache2-mod-php4_4.3.9-1_powerpc.deb
php4-cgi_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-cgi_4.3.9-1_powerpc.deb
php4-cli_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-cli_4.3.9-1_powerpc.deb
php4-common_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-common_4.3.9-1_powerpc.deb
php4-curl_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-curl_4.3.9-1_powerpc.deb
php4-dev_4.3.9-1_all.deb
  to pool/main/p/php4/php4-dev_4.3.9-1_all.deb
php4-domxml_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-domxml_4.3.9-1_powerpc.deb
php4-gd_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-gd_4.3.9-1_powerpc.deb
php4-imap_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-imap_4.3.9-1_powerpc.deb
php4-ldap_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-ldap_4.3.9-1_powerpc.deb
php4-mcal_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-mcal_4.3.9-1_powerpc.deb
php4-mhash_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-mhash_4.3.9-1_powerpc.deb
php4-mysql_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-mysql_4.3.9-1_powerpc.deb
php4-odbc_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-odbc_4.3.9-1_powerpc.deb
php4-pear_4.3.9-1_all.deb
  to pool/main/p/php4/php4-pear_4.3.9-1_all.deb
php4-recode_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-recode_4.3.9-1_powerpc.deb
php4-snmp_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-snmp_4.3.9-1_powerpc.deb
php4-sybase_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-sybase_4.3.9-1_powerpc.deb
php4-xslt_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-xslt_4.3.9-1_powerpc.deb
php4_4.3.9-1.diff.gz
  to pool/main/p/php4/php4_4.3.9-1.diff.gz
php4_4.3.9-1.dsc
  to pool/main/p/php4/php4_4.3.9-1.dsc
php4_4.3.9-1_all.deb
  to pool/main/p/php4/php4_4.3.9-1_all.deb
php4_4.3.9.orig.tar.gz
  to pool/main/p/php4/php4_4.3.9.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated php4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 4 Oct 2004 22:57:37 -0600
Source: php4
Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4-curl php4 php4-pear php4-mcal caudium-php4 php4-mhash
Architecture: source powerpc all
Version: 4:4.3.9-1
Distribution: unstable
...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (9.5 KiB)

Message-Id: <email address hidden>
Date: Tue, 05 Oct 2004 03:47:13 -0400
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#273143: fixed in php4 4:4.3.9-1

Source: php4
Source-Version: 4:4.3.9-1

We believe that the bug you reported is fixed in the latest version of
php4, which is due to be installed in the Debian FTP archive:

caudium-php4_4.3.9-1_powerpc.deb
  to pool/main/p/php4/caudium-php4_4.3.9-1_powerpc.deb
libapache-mod-php4_4.3.9-1_powerpc.deb
  to pool/main/p/php4/libapache-mod-php4_4.3.9-1_powerpc.deb
libapache2-mod-php4_4.3.9-1_powerpc.deb
  to pool/main/p/php4/libapache2-mod-php4_4.3.9-1_powerpc.deb
php4-cgi_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-cgi_4.3.9-1_powerpc.deb
php4-cli_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-cli_4.3.9-1_powerpc.deb
php4-common_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-common_4.3.9-1_powerpc.deb
php4-curl_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-curl_4.3.9-1_powerpc.deb
php4-dev_4.3.9-1_all.deb
  to pool/main/p/php4/php4-dev_4.3.9-1_all.deb
php4-domxml_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-domxml_4.3.9-1_powerpc.deb
php4-gd_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-gd_4.3.9-1_powerpc.deb
php4-imap_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-imap_4.3.9-1_powerpc.deb
php4-ldap_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-ldap_4.3.9-1_powerpc.deb
php4-mcal_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-mcal_4.3.9-1_powerpc.deb
php4-mhash_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-mhash_4.3.9-1_powerpc.deb
php4-mysql_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-mysql_4.3.9-1_powerpc.deb
php4-odbc_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-odbc_4.3.9-1_powerpc.deb
php4-pear_4.3.9-1_all.deb
  to pool/main/p/php4/php4-pear_4.3.9-1_all.deb
php4-recode_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-recode_4.3.9-1_powerpc.deb
php4-snmp_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-snmp_4.3.9-1_powerpc.deb
php4-sybase_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-sybase_4.3.9-1_powerpc.deb
php4-xslt_4.3.9-1_powerpc.deb
  to pool/main/p/php4/php4-xslt_4.3.9-1_powerpc.deb
php4_4.3.9-1.diff.gz
  to pool/main/p/php4/php4_4.3.9-1.diff.gz
php4_4.3.9-1.dsc
  to pool/main/p/php4/php4_4.3.9-1.dsc
php4_4.3.9-1_all.deb
  to pool/main/p/php4/php4_4.3.9-1_all.deb
php4_4.3.9.orig.tar.gz
  to pool/main/p/php4/php4_4.3.9.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated php4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 4 Oct 2004 22:57:37 -0600
Source: php4
Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc ph...

Read more...

Revision history for this message
Matt Zimmerman (mdz) wrote :

Fixed in Debian, just needs some merge love

Revision history for this message
Thom May (thombot) wrote :

 php4 (4:4.3.9-1ubuntu1) hoary; urgency=low
 .
   * Remove caudium-php and php4-imap packages

This brings us up to date with unstable

Bug Watch Updater (bug-watch-updater)
Changed in php4:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.