Bug#501354: Regression in FastCGI path handling in 1.4.13-4etch11 security upload

2008-11-15 Thread Chris Lamb 
(Please ensure you CC the submitter next time; your response has been
sitting on the BTS for over a month now as I had not been notified there
was any update. :/)

Olaf wrote:

  For example, visiting /foo would result in the application (NB. not 
  the webserver) reporting a 404 at /mytab.fcgi/foo.
 
 What path do you expect the FastCGI app to get?

/foo, I think.

  (Tagging as 'security' to alert the uploader, feel free to drop it.)
 
 That's not how that tag is supposed to be used.

Right - I thought as much, hence being open about dropping it..


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  [EMAIL PROTECTED]
   `-


signature.asc
Description: PGP signature

Bug#501354: Regression in FastCGI path handling in 1.4.13-4etch11 security upload

2008-11-15 Thread Olaf van der Spek 

Chris Lamb wrote:

(Please ensure you CC the submitter next time; your response has been
sitting on the BTS for over a month now as I had not been notified there
was any update. :/)


The BTS should be fixed to do that automatically. ;)


Olaf wrote:

For example, visiting /foo would result in the application (NB. not 
the webserver) reporting a 404 at /mytab.fcgi/foo.

What path do you expect the FastCGI app to get?


/foo, I think.


What 'path' are you referring to?
REQUEST_URI?




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#501354: Regression in FastCGI path handling in 1.4.13-4etch11 security upload

2008-10-06 Thread Chris Lamb 
Package: lighttpd
Version: 1.4.13-4etch11
Tags: security

Hi,

When upgrading from 1.4.13-4etch10 to 1.4.13-4etch11, I noticed that my
FastCGI applications were not being passed the correct path. For example,
visiting /foo would result in the application (NB. not the webserver)
reporting a 404 at /mytab.fcgi/foo.

My lighttpd setup is quite simple and mostly copied from the the Django
documentation:

  $SERVER[socket] == 89.16.166.30:443 {
ssl.engine  = enable
ssl.pemfile = /etc/lighttpd/mytab.pem
  
$HTTP[host] =~ ^(www\.)?mytab\.co\.uk$ {
 server.document-root = /srv/mytab.co.uk/htdocs/app/mytab/
   
 url.rewrite-once = (
  ^(/site_media/.*)$ = $1,
  ^(/media/.*)$ = $1, 
  ^(/.*)$ = mytab.fcgi$1,
 )
}
  }
  
  fastcgi.server = (
/mytab.fcgi = (
 (   
  socket = /srv/mytab.co.uk/htdocs/mysite.sock,
  check-local = disable,
 )   
),  
  )

Re-installing lighttpd 1.4.13-4etch10 fixes this issue. Am I misconfiguring
FastCGI incorrectly with respect to those changes in this upload? 

(Tagging as 'security' to alert the uploader, feel free to drop it.)


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  [EMAIL PROTECTED]
   `-


signature.asc
Description: PGP signature