Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Commits on Jan 9, 2014
  1. Merge pull request #20 from Lekensteyn/fix-bug-18

    prefork: Fix 100% CPU usage in parent process
  2. Peter Wu

    prefork: Fix 100% CPU usage in parent process

    Lekensteyn authored
    When a child process is terminated, the parent calls waitpid() to check
    for dead children. This returns -1 on error (e.g. there are no other
    children or a signal interrupted waitpid()), the pid (> 0) for dead
    children OR 0 if there are some children which are still alive.
    Fixes gnosek/fcgiwrap#18.
Commits on May 7, 2013
Commits on Apr 15, 2013
  1. Merge pull request #12 from Lekensteyn/restrict-program2

    Add `-p path` option to restrict scripts
Commits on Apr 13, 2013
  1. Peter Wu

    Add `-p path` option to restrict scripts

    Lekensteyn authored
    If the purpose of fcgiwrap is to wrap cgit, then I want to be sure that no other
    program can be executed under the privileges of the fcgiwrap user.
    When the option `-p path` is given, only the programs specified by `path` are
    allowed to execute (multiple occurrences of `-p` are merged to form a list of
    allowed programs).
    Note that this value will be matched literally, no attempt is done to
    canonicalize the path. This also implies that glob patterns or directories will
    never match.
Commits on Feb 3, 2013
  1. Update README

  2. Bump version number

  3. Add help for -f option

  4. Close FCGI socket before executing script

    We do it in a rather violent way to avoid FCGI shutdown (the parent
    must keep the socket alive and working)
  5. Unify CGI error handling

    Use the same error handler for 403s and 502s. This basically ports
    the required fixes from error_403 (previous commit) to the 502
    error on failed exec(). Two user-visible side effects:
     - error message now says "403 Forbidden" instead of "403"
     - failed exec() gets logged over stderr
    (also, use \r\n instead of \n as a line seprator but that has been
    fixed up by the parent process before).
  6. Fix 403 error handling

    Report 403 errors over normal stdout/stderr (after setting up the
    pipes). Properly reporting the error response over stdout requires:
     - flushing the I/O, which would otherwise get buffered
     - skipping atexit handlers (would otherwise close the FCGI connection
       cleanly, interfering with the parent process still trying to talk
       over it)
  7. Check file permissions even when we get full path over FastCGI

    It's not a security issue (executing the file would fail, anyway)
    but it's a sensible sanity check.
Commits on Sep 9, 2012
  1. Merge pull request #8 from falconindy/master

    Minor buildsys fixes
Commits on Sep 8, 2012
  1. Dave Reisner

    Correct invalid defintion in configuring systemd support

    falconindy authored
    This was an unfortunate copypasta error that slipped in with 9836d6d.
    The HAVE_SYSTEMD macro should only be defined based on the presence of
    the library, not the unit files, since the units are useless without the
    library support.
  2. Dave Reisner define dummy datarootdir variable

    falconindy authored
    This suppresses a warning on ./configure for a directory which fcgiwrap
    does not use:
      config.status: WARNING:  '' seems to ignore the --datarootdir
Commits on Aug 23, 2012
  1. Dave Reisner

    simplify build rule for fcgiwrap

    falconindy authored
    Add flags and libraries to the respective environment vars and let make
    figure out the order on its own. This provides support for unmentioned
    vars such as LDFLAGS implicitly, as the compilation rule isn't
    explicitly defined.
Commits on Aug 21, 2012
  1. Merge pull request #7 from falconindy/systemd

    add systemd unit files for installation
  2. Dave Reisner

    add systemd unit files for installation

    falconindy authored
    These are automatically installed iff systemd support is compiled into
  3. Merge pull request #6 from falconindy/systemd

    systemd socket activation support
Commits on Aug 20, 2012
  1. Dave Reisner
  2. Dave Reisner

    Add support for socket activation via systemd

    falconindy authored
    This prevents the need for starting fcgiwrap explicitly, or using a
    tool such as spawn-fcgi. The type of socket does not matter, we merely
    accept a single FD passed from pid 1 and listen on it.
  3. Dave Reisner
Commits on Dec 8, 2011
  1. Merge pull request #5 from goochjj/master

    STDERR redirection back through the FCGI socket
  2. Joe Gooch

    fix manpage - add -f option

    goochjj authored
  3. Joe Gooch
Commits on Sep 14, 2010
  1. Nikoli

    support LDFLAGS

    Nikoli authored committed
Commits on Sep 8, 2010
  1. jmallach

    Add missing escaping to minus signs.

    jmallach authored committed
    "-" must be escaped ("\-") to be interpreted as minus.
    Signed-off-by: Jordi Mallach <>
Commits on Aug 23, 2010
Commits on Aug 16, 2010
  1. Quentin Stievenart

    fixing compilation under FreeBSD

    acieroid authored committed
Commits on Jun 11, 2010
  1. Ron Huang
Commits on Jun 3, 2010
  1. Add `-s' option to enable binding by fcgiwrap itself

    This should ease testing and deployment in simpler cases
  2. Use SCRIPT_FILENAME environment variable when available

    If present, it overrides DOCUMENT_ROOT and SCRIPT_NAME and prevents
    mangling of PATH_INFO. Should allow cleaner configs when script names
    don't come from request URIs directly.
Commits on Jun 2, 2010
  1. W. Mark Kubacki

    Jordi Mallach's email has been corrected as requested by him.

    wmark authored
    He's been added to the contributors in README.rst.
Commits on May 25, 2010
  1. W. Mark Kubacki
  2. W. Mark Kubacki

    adjusted option _-c_ help text

    wmark authored
Something went wrong with that request. Please try again.