Mailinglist Archive: opensuse (924 mails)

< Previous Next >
Re: [opensuse] heads up: apache2 conf.d/php5 in 12.2
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Mon, 08 Oct 2012 08:12:36 +0200
  • Message-id: <k4tqsk$akv$1@saturn.local.net>
Marcus Meissner wrote:

On Sat, Oct 06, 2012 at 01:12:46PM +0200, Per Jessen wrote:
Depending on which features of apache2 you rely on, this updated file
could be causing you problems in openSUSE 12.2.

https://bugzilla.novell.com/show_bug.cgi?id=783843

Because I stupidly neglected to check that a webserver actually
worked after upgrading to 12.2, the webserver served straight,
un-interpreted php code and html for about a week :-(

Our security fix for
https://bugzilla.novell.com/show_bug.cgi?id=775852 does apparently not
cover your multi-language usecase.

Just fyi, it's content negotiation in general, although language
negotiation is worst hit.

If anyone else trips over this, the work-around is to revert to the
previous php5.conf or to remove the '$'. Alternatively one could
rename all files and edit all the type-maps of a website to work with
this security fix, but that would incur a lot of testing for almost no
reason.


--
Per Jessen, Zürich (9.1°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >