Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Apr 19, 2015
  1. Add documentation for FCGI_CHDIR

  2. Don't free socket_url at exit

    While this generally is the right thing to do, we don't clean up
    the rest of the memory (we're exiting in a moment, anyway)
    and conditionally freeing a single variable seems wrong.
  3. Return the new fd directly from setup_socket()

    We either have a proper descriptor (>0) or an error (<0)
    so we don't strictly need the fd_out parameter
  4. Merge pull request #27 from justinclift/master

    Added pkg-config to the requirements
Commits on Apr 17, 2015
Commits on Mar 19, 2015
  1. @justinclift
Commits on Aug 15, 2014
  1. @stromnet

    Use-after-free fix

    stromnet committed
  2. @stromnet


    stromnet committed
  3. @stromnet

    Clean up unix socket on exit so we can start properly.

    stromnet committed
    If unix socket is not cleaned up, we will fail to bind on it the next
    startup round (Address already in use).
Commits on Mar 9, 2014
  1. @philpennock

    Let chdir be overriden with FCGI_CHDIR

    philpennock committed
    chdir to directory which holds scripts doesn't work well with some CGIs.
    Let the FastCGI invoker provide `FCGI_CHDIR` which can be `-` to inhibit
    chdir, or another place to chdir to.
Commits on Jan 9, 2014
  1. Merge pull request #20 from Lekensteyn/fix-bug-18

    prefork: Fix 100% CPU usage in parent process
  2. @Lekensteyn

    prefork: Fix 100% CPU usage in parent process

    Lekensteyn committed
    When a child process is terminated, the parent calls waitpid() to check
    for dead children. This returns -1 on error (e.g. there are no other
    children or a signal interrupted waitpid()), the pid (> 0) for dead
    children OR 0 if there are some children which are still alive.
    Fixes gnosek/fcgiwrap#18.
Commits on May 7, 2013
Commits on Apr 15, 2013
  1. Merge pull request #12 from Lekensteyn/restrict-program2

    Add `-p path` option to restrict scripts
Commits on Apr 13, 2013
  1. @Lekensteyn

    Add `-p path` option to restrict scripts

    Lekensteyn committed
    If the purpose of fcgiwrap is to wrap cgit, then I want to be sure that no other
    program can be executed under the privileges of the fcgiwrap user.
    When the option `-p path` is given, only the programs specified by `path` are
    allowed to execute (multiple occurrences of `-p` are merged to form a list of
    allowed programs).
    Note that this value will be matched literally, no attempt is done to
    canonicalize the path. This also implies that glob patterns or directories will
    never match.
Commits on Feb 3, 2013
  1. Update README

  2. Bump version number

  3. Add help for -f option

  4. Close FCGI socket before executing script

    We do it in a rather violent way to avoid FCGI shutdown (the parent
    must keep the socket alive and working)
  5. Unify CGI error handling

    Use the same error handler for 403s and 502s. This basically ports
    the required fixes from error_403 (previous commit) to the 502
    error on failed exec(). Two user-visible side effects:
     - error message now says "403 Forbidden" instead of "403"
     - failed exec() gets logged over stderr
    (also, use \r\n instead of \n as a line seprator but that has been
    fixed up by the parent process before).
  6. Fix 403 error handling

    Report 403 errors over normal stdout/stderr (after setting up the
    pipes). Properly reporting the error response over stdout requires:
     - flushing the I/O, which would otherwise get buffered
     - skipping atexit handlers (would otherwise close the FCGI connection
       cleanly, interfering with the parent process still trying to talk
       over it)
  7. Check file permissions even when we get full path over FastCGI

    It's not a security issue (executing the file would fail, anyway)
    but it's a sensible sanity check.
Commits on Sep 9, 2012
  1. Merge pull request #8 from falconindy/master

    Minor buildsys fixes
Commits on Sep 8, 2012
  1. @falconindy

    Correct invalid defintion in configuring systemd support

    falconindy committed
    This was an unfortunate copypasta error that slipped in with 9836d6d.
    The HAVE_SYSTEMD macro should only be defined based on the presence of
    the library, not the unit files, since the units are useless without the
    library support.
  2. @falconindy define dummy datarootdir variable

    falconindy committed
    This suppresses a warning on ./configure for a directory which fcgiwrap
    does not use:
      config.status: WARNING:  '' seems to ignore the --datarootdir
Commits on Aug 23, 2012
  1. @falconindy

    simplify build rule for fcgiwrap

    falconindy committed
    Add flags and libraries to the respective environment vars and let make
    figure out the order on its own. This provides support for unmentioned
    vars such as LDFLAGS implicitly, as the compilation rule isn't
    explicitly defined.
Commits on Aug 21, 2012
  1. Merge pull request #7 from falconindy/systemd

    add systemd unit files for installation
  2. @falconindy

    add systemd unit files for installation

    falconindy committed
    These are automatically installed iff systemd support is compiled into
  3. Merge pull request #6 from falconindy/systemd

    systemd socket activation support
Commits on Aug 20, 2012
  1. @falconindy
  2. @falconindy

    Add support for socket activation via systemd

    falconindy committed
    This prevents the need for starting fcgiwrap explicitly, or using a
    tool such as spawn-fcgi. The type of socket does not matter, we merely
    accept a single FD passed from pid 1 and listen on it.
  3. @falconindy
Something went wrong with that request. Please try again.