diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8fab515 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/mod_fcgid-2.1-README.RPM +SOURCES/mod_fcgid-2.3.9.tar.bz2 diff --git a/.mod_fcgid.metadata b/.mod_fcgid.metadata new file mode 100644 index 0000000..bef2275 --- /dev/null +++ b/.mod_fcgid.metadata @@ -0,0 +1,2 @@ +5a512f8879313c94e3ee86d664683277506d74a9 SOURCES/mod_fcgid-2.1-README.RPM +f0b6d87dfcfe18b318905a3f91274051f3f17945 SOURCES/mod_fcgid-2.3.9.tar.bz2 diff --git a/SOURCES/fcgid24.conf b/SOURCES/fcgid24.conf new file mode 100644 index 0000000..2e7d486 --- /dev/null +++ b/SOURCES/fcgid24.conf @@ -0,0 +1,12 @@ +# This is the Apache server configuration file for providing FastCGI support +# through mod_fcgid +# +# Documentation is available at +# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html + +# Use FastCGI to process .fcg .fcgi & .fpl scripts +AddHandler fcgid-script fcg fcgi fpl + +# Sane place to put sockets and shared memory file +FcgidIPCDir /run/mod_fcgid +FcgidProcessTableFile /run/mod_fcgid/fcgid_shm diff --git a/SOURCES/mod_fcgid-2.1-README.SELinux b/SOURCES/mod_fcgid-2.1-README.SELinux new file mode 100644 index 0000000..bfcbadc --- /dev/null +++ b/SOURCES/mod_fcgid-2.1-README.SELinux @@ -0,0 +1,45 @@ +Using mod_fcgid with SELinux in Fedora Core 5 / RHEL 5 onwards +============================================================== + +The module uses the same set of SELinux types for FastCGI applications as for +regular CGI scripts (or "system scripts" as they are known in SELinux), as +described in "man httpd_selinux". + + * httpd_sys_content_t + - Set files with httpd_sys_content_t for content that is available to read + from all FastCGI scripts and the daemon. + + * httpd_sys_rw_content_t + - Set files with httpd_sys_rw_content_t if you want httpd_sys_script_exec_t + scripts to read/write the data, and disallow other processes from access. + + * httpd_sys_script_exec_t + - Set FastCGI scripts with httpd_sys_script_exec_t to allow them to run + with access to all system script types. + +So for the moin wiki layout described in README.RPM of the main mod_fcgid +package, the contexts would be set as follows: + + cd /var/www/mywiki + chcon -t httpd_sys_content_t . + chcon -R -t httpd_sys_script_exec_t cgi-bin + chcon -R -t httpd_sys_rw_content_t data underlay + +It is necessary to turn on the httpd_enable_cgi boolean to run either regular +or FastCGI scripts: + + setsebool -P httpd_enable_cgi 1 + +The httpd_can_sendmail boolean is used to specify whether any of your +web applications can make outbound SMTP connections (e.g. moin sending +notifications). By default it is off, but can be enabled as follows: + + setsebool -P httpd_can_sendmail 1 + +Only enable this functionality if you actually need it, since it increases the +chances that any vulnerability in any of your web applications could be +exploited by a spammer. + +If you have any questions or issues regarding FastCGI and SELinux, please don't +hesitate to bring them up on Fedora's selinux-list. + diff --git a/SOURCES/mod_fcgid-2.3.4-fixconf-shellbang.patch b/SOURCES/mod_fcgid-2.3.4-fixconf-shellbang.patch new file mode 100644 index 0000000..ea5fb50 --- /dev/null +++ b/SOURCES/mod_fcgid-2.3.4-fixconf-shellbang.patch @@ -0,0 +1,8 @@ +--- mod_fcgid-2.3.4/build/fixconf.sed 2009-10-07 04:16:08.000000000 +0100 ++++ mod_fcgid-2.3.4/build/fixconf.sed 2009-10-12 09:50:14.570448865 +0100 +@@ -1,4 +1,4 @@ +-#!/usr/bin/sed -f ++#!/bin/sed -f + # + # Licensed to the Apache Software Foundation (ASF) under one or more + # contributor license agreements. See the NOTICE file distributed with diff --git a/SOURCES/mod_fcgid-2.3.9-1024-env-vars.patch b/SOURCES/mod_fcgid-2.3.9-1024-env-vars.patch new file mode 100644 index 0000000..41b9998 --- /dev/null +++ b/SOURCES/mod_fcgid-2.3.9-1024-env-vars.patch @@ -0,0 +1,13 @@ +diff --git a/modules/fcgid/fcgid_conf.h b/modules/fcgid/fcgid_conf.h +index 47d68bb..44da00e 100644 +--- a/modules/fcgid/fcgid_conf.h ++++ b/modules/fcgid/fcgid_conf.h +@@ -139,7 +139,7 @@ typedef struct { + */ + #define INITENV_KEY_LEN 64 + #define INITENV_VAL_LEN 256 +-#define INITENV_CNT 64 ++#define INITENV_CNT 1024 + typedef struct { + char initenv_key[INITENV_CNT][INITENV_KEY_LEN]; + char initenv_val[INITENV_CNT][INITENV_VAL_LEN]; diff --git a/SOURCES/mod_fcgid-2.3.9-r1847623.patch b/SOURCES/mod_fcgid-2.3.9-r1847623.patch new file mode 100644 index 0000000..bcb59b1 --- /dev/null +++ b/SOURCES/mod_fcgid-2.3.9-r1847623.patch @@ -0,0 +1,16 @@ +# ./pullrev.sh 1847623 +http://svn.apache.org/viewvc?view=revision&revision=1847623 + +https://bugzilla.redhat.com/show_bug.cgi?id=1651310 + +--- mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h ++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h +@@ -138,7 +138,7 @@ + * to limit shared memory use + */ + #define INITENV_KEY_LEN 64 +-#define INITENV_VAL_LEN 128 ++#define INITENV_VAL_LEN 256 + #define INITENV_CNT 64 + typedef struct { + char initenv_key[INITENV_CNT][INITENV_KEY_LEN]; diff --git a/SOURCES/mod_fcgid-2.3.9-r1847624.patch b/SOURCES/mod_fcgid-2.3.9-r1847624.patch new file mode 100644 index 0000000..a25f0de --- /dev/null +++ b/SOURCES/mod_fcgid-2.3.9-r1847624.patch @@ -0,0 +1,119 @@ +# ./pullrev.sh 1847624 +http://svn.apache.org/viewvc?view=revision&revision=1847624 + +https://bugzilla.redhat.com/show_bug.cgi?id=1654200 + +--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c ++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c +@@ -762,14 +762,18 @@ + struct iovec vec[FCGID_VEC_COUNT]; + int nvec = 0; + apr_bucket *e; ++ apr_bucket_brigade *tmpbb = apr_brigade_create(output_brigade->p, ++ output_brigade->bucket_alloc); + +- for (e = APR_BRIGADE_FIRST(output_brigade); +- e != APR_BRIGADE_SENTINEL(output_brigade); +- e = APR_BUCKET_NEXT(e)) { ++ while (!APR_BRIGADE_EMPTY(output_brigade)) ++ { ++ e = APR_BRIGADE_FIRST(output_brigade); ++ + apr_size_t len; + const char* base; + + if (APR_BUCKET_IS_METADATA(e)) { ++ apr_bucket_delete(e); + continue; + } + +@@ -780,6 +784,9 @@ + return rv; + } + ++ APR_BUCKET_REMOVE(e); ++ APR_BRIGADE_INSERT_TAIL(tmpbb, e); ++ + vec[nvec].iov_len = len; + vec[nvec].iov_base = (char*) base; + if (nvec == (FCGID_VEC_COUNT - 1)) { +@@ -789,6 +796,7 @@ + FCGID_VEC_COUNT)) != APR_SUCCESS) + return rv; + nvec = 0; ++ apr_brigade_cleanup(tmpbb); + } + else + nvec++; +@@ -800,6 +808,7 @@ + return rv; + } + ++ apr_brigade_destroy(tmpbb); + return APR_SUCCESS; + } + +--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c ++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c +@@ -380,19 +380,22 @@ + apr_bucket *bucket_request; + apr_status_t rv; + DWORD transferred; ++ apr_bucket_brigade *tmpbb = apr_brigade_create(birgade_send->p, ++ birgade_send->bucket_alloc); + + handle_info = (fcgid_namedpipe_handle *) ipc_handle->ipc_handle_info; + +- for (bucket_request = APR_BRIGADE_FIRST(birgade_send); +- bucket_request != APR_BRIGADE_SENTINEL(birgade_send); +- bucket_request = APR_BUCKET_NEXT(bucket_request)) +- { ++ while (!APR_BRIGADE_EMPTY(birgade_send)) { + const char *write_buf; + apr_size_t write_buf_len; + apr_size_t has_write; + +- if (APR_BUCKET_IS_METADATA(bucket_request)) ++ bucket_request = APR_BRIGADE_FIRST(birgade_send); ++ ++ if (APR_BUCKET_IS_METADATA(bucket_request)) { ++ apr_bucket_delete(bucket_request); + continue; ++ } + + if ((rv = apr_bucket_read(bucket_request, &write_buf, &write_buf_len, + APR_BLOCK_READ)) != APR_SUCCESS) { +@@ -401,6 +404,9 @@ + return rv; + } + ++ APR_BUCKET_REMOVE(bucket_request); ++ APR_BRIGADE_INSERT_TAIL(tmpbb, bucket_request); ++ + /* Write the buffer to fastcgi server */ + has_write = 0; + while (has_write < write_buf_len) { +@@ -411,6 +417,7 @@ + write_buf_len - has_write, + &byteswrite, &handle_info->overlap_write)) { + has_write += byteswrite; ++ apr_brigade_cleanup(tmpbb); + continue; + } else if ((rv = GetLastError()) != ERROR_IO_PENDING) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, +@@ -437,6 +444,7 @@ + return APR_ESPIPE; + } + has_write += transferred; ++ apr_brigade_cleanup(tmpbb); + continue; + } else { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, +@@ -448,6 +456,7 @@ + } + } + ++ apr_brigade_destroy(tmpbb); + return APR_SUCCESS; + } + diff --git a/SOURCES/mod_fcgid-2.3.9-r1848298.patch b/SOURCES/mod_fcgid-2.3.9-r1848298.patch new file mode 100644 index 0000000..3f5dd93 --- /dev/null +++ b/SOURCES/mod_fcgid-2.3.9-r1848298.patch @@ -0,0 +1,87 @@ +# ./pullrev.sh 1848298 + +http://svn.apache.org/viewvc?view=revision&revision=1848298 + +https://bugzilla.redhat.com/show_bug.cgi?id=1652493 + +--- mod_fcgid-2.3.9/modules/fcgid/fcgid_bridge.c ++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_bridge.c +@@ -526,7 +526,8 @@ + } + + static int add_request_body(request_rec *r, apr_pool_t *request_pool, +- apr_bucket_brigade *output_brigade) ++ apr_bucket_brigade *output_brigade, ++ apr_off_t *body_length) + { + apr_bucket *bucket_input, *bucket_header; + apr_file_t *fd = NULL; +@@ -729,22 +730,49 @@ + } + APR_BRIGADE_INSERT_TAIL(output_brigade, bucket_header); + ++ *body_length = request_size; ++ + return 0; + } + + int bridge_request(request_rec * r, int role, fcgid_cmd_conf *cmd_conf) + { +- apr_bucket_brigade *output_brigade; ++ apr_bucket_brigade *output_brigade, *body_brigade; + apr_bucket *bucket_eos; +- char **envp = ap_create_environment(r->pool, +- r->subprocess_env); ++ char **envp; + int rc; + + /* Create brigade for the request to fastcgi server */ ++ body_brigade ++ = apr_brigade_create(r->pool, r->connection->bucket_alloc); + output_brigade = + apr_brigade_create(r->pool, r->connection->bucket_alloc); + +- /* Build the begin request and environ request, append them to output_brigade */ ++ /* In responder mode, handle the request body up front to ensure ++ * the content-length is known (even if the request body is ++ * chunked) and sent in the header. */ ++ if (role == FCGI_RESPONDER) { ++ apr_off_t body_length; ++ ++ rc = add_request_body(r, r->pool, body_brigade, &body_length); ++ if (rc) { ++ return rc; ++ } ++ ++ if (body_length && !apr_table_get(r->headers_in, "Content-Length")) { ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ++ "mod_fcgid: dechunked request body length %" APR_OFF_T_FMT, ++ body_length); ++ ++ apr_table_set(r->subprocess_env, "CONTENT_LENGTH", ++ apr_off_t_toa(r->pool, body_length)); ++ apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING"); ++ } ++ } ++ ++ envp = ap_create_environment(r->pool, r->subprocess_env); ++ ++ /* Build the begin request and environ request, add them to output_brigade */ + if (!build_begin_block + (role, r, r->connection->bucket_alloc, output_brigade) + || !build_env_block(r, envp, r->connection->bucket_alloc, +@@ -754,12 +782,8 @@ + return HTTP_INTERNAL_SERVER_ERROR; + } + +- if (role == FCGI_RESPONDER) { +- rc = add_request_body(r, r->pool, output_brigade); +- if (rc) { +- return rc; +- } +- } ++ /* Append the body output. */ ++ APR_BRIGADE_CONCAT(output_brigade, body_brigade); + + /* The eos bucket now */ + bucket_eos = apr_bucket_eos_create(r->connection->bucket_alloc); diff --git a/SOURCES/mod_fcgid-2.3.9-r1848311.patch b/SOURCES/mod_fcgid-2.3.9-r1848311.patch new file mode 100644 index 0000000..181fad3 --- /dev/null +++ b/SOURCES/mod_fcgid-2.3.9-r1848311.patch @@ -0,0 +1,40 @@ +# ./pullrev.sh 1848311 +http://svn.apache.org/viewvc?view=revision&revision=1848311 + +https://bugzilla.redhat.com/show_bug.cgi?id=1655035 + +--- mod_fcgid-2.3.9/modules/fcgid/config.m4 ++++ mod_fcgid-2.3.9/modules/fcgid/config.m4 +@@ -43,6 +43,11 @@ + AC_CHECK_HEADERS(sys/mman.h) + AC_CHECK_HEADERS(sys/mutex.h) + AC_CHECK_HEADERS(sys/shm.h) ++ if test "x$enable_fcgid" = "xshared"; then ++ # The only symbol which needs to be exported is the module ++ # structure, so ask libtool to hide everything else: ++ APR_ADDTO(MOD_FCGID_LDADD, [-export-symbols-regex fcgid_module]) ++ fi + ]) + + dnl # end of module specific part +--- mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs ++++ mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs +@@ -16,6 +16,7 @@ + builddir=. + srcdir=. + ++MOD_FCGID_LDADD = -export-symbols-regex fcgid_module + CLEAN_TARGETS = *.loT + include $(exp_installbuilddir)/special.mk + +--- mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs ++++ mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs +@@ -17,7 +17,7 @@ + # this is used/needed by the APACHE2 build system + # + mod_fcgid.la: mod_fcgid.slo fcgid_bridge.slo fcgid_conf.slo fcgid_pm_main.slo fcgid_protocol.slo fcgid_spawn_ctl.slo fcgid_proctbl_unix.slo fcgid_pm_unix.slo fcgid_proc_unix.slo fcgid_bucket.slo fcgid_filter.slo fcgid_mutex_unix.slo +- $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo ++ $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo $(MOD_FCGID_LDADD) + DISTCLEAN_TARGETS = modules.mk + static = + shared = mod_fcgid.la diff --git a/SOURCES/mod_fcgid-tmpfs.conf b/SOURCES/mod_fcgid-tmpfs.conf new file mode 100644 index 0000000..d7103ba --- /dev/null +++ b/SOURCES/mod_fcgid-tmpfs.conf @@ -0,0 +1 @@ +d /run/mod_fcgid 0775 root apache diff --git a/SPECS/mod_fcgid.spec b/SPECS/mod_fcgid.spec new file mode 100644 index 0000000..c954cff --- /dev/null +++ b/SPECS/mod_fcgid.spec @@ -0,0 +1,450 @@ +Name: mod_fcgid +Version: 2.3.9 +Release: 28%{?dist} +Summary: FastCGI interface module for Apache 2 +License: ASL 2.0 +URL: http://httpd.apache.org/mod_fcgid/ +Source0: http://www.apache.org/dist/httpd/mod_fcgid/mod_fcgid-%{version}.tar.bz2 +Source2: mod_fcgid-2.1-README.RPM +Source3: mod_fcgid-2.1-README.SELinux +Source4: mod_fcgid-tmpfs.conf +Source5: fcgid24.conf +Patch0: mod_fcgid-2.3.4-fixconf-shellbang.patch +Patch1: mod_fcgid-2.3.9-r1847623.patch +Patch2: mod_fcgid-2.3.9-1024-env-vars.patch +Patch3: mod_fcgid-2.3.9-r1847624.patch +Patch4: mod_fcgid-2.3.9-r1848298.patch +Patch5: mod_fcgid-2.3.9-r1848311.patch +BuildRequires: coreutils +BuildRequires: gcc +BuildRequires: httpd-devel >= 2.4 +BuildRequires: make +BuildRequires: pkgconfig +BuildRequires: sed +Requires: httpd-mmn = %{_httpd_mmn} +# systemd needed for ownership of %%{_tmpfilesdir} +Requires: systemd + +%description +mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi. +mod_fcgid has a new process management strategy, which concentrates on reducing +the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon +as possible. + +%prep +%setup -q +cp -p %{SOURCE2} README.RPM +cp -p %{SOURCE3} README.SELinux +cp -p %{SOURCE5} fcgid24.conf + +# Fix shellbang in fixconf script for our location of sed +%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 23) +%patch0 -p1 +%endif + +%patch1 -p1 -b .r1847623 +%patch2 -p1 -b .1024_env_vars +%patch3 -p1 -b .r1847624 +%patch4 -p1 -b .r1848298 +%patch5 -p1 -b .r1848311 +%build +APXS=%{_httpd_apxs} ./configure.apxs +make + +%install +%make_install MKINSTALLDIRS="mkdir -p" +mkdir -p %{buildroot}{%{_httpd_confdir},%{_httpd_modconfdir}} +echo "LoadModule fcgid_module modules/mod_fcgid.so" > %{buildroot}%{_httpd_modconfdir}/10-fcgid.conf +install -D -m 644 fcgid24.conf %{buildroot}%{_httpd_confdir}/fcgid.conf +install -d -m 755 %{buildroot}/run/mod_fcgid + +# Include the manual as %%doc, don't need it elsewhere +rm -rf %{buildroot}%{_httpd_contentdir}/manual + +# Make sure /run/mod_fcgid exists at boot time (#656625) +install -d -m 755 %{buildroot}%{_tmpfilesdir} +install -p -m 644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/mod_fcgid.conf + +%files +%license LICENSE-FCGID +%doc README.RPM README.SELinux +# mod_fcgid.html.en is explicitly encoded as ISO-8859-1 +%doc CHANGES-FCGID NOTICE-FCGID README-FCGID STATUS-FCGID +%doc docs/manual/mod/mod_fcgid.html.en modules/fcgid/ChangeLog +%doc build/fixconf.sed +%{_libdir}/httpd/modules/mod_fcgid.so +%config(noreplace) %{_httpd_modconfdir}/10-fcgid.conf +%config(noreplace) %{_httpd_confdir}/fcgid.conf +%{_tmpfilesdir}/mod_fcgid.conf +%dir %attr(0775,root,apache) /run/mod_fcgid/ + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 2.3.9-28 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Jul 1 2021 Joe Orton - 2.3.9-27 +- fix env var truncation to 127 bytes (#1961948) +- suppress symbol exports (#1961947) + +* Tue May 18 2021 Lubos Uhliarik - 2.3.9-26 +- Resolves: #1958882 - mod_fcgid does not pass more than 64 variables to an FCGI + server process environment + +* Fri Apr 16 2021 Mohan Boddu - 2.3.9-25 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Paul Howarth - 2.3.9-24 +- Drop EL-6 support + - Use %%license unconditionally + - _httpd_* macros always available + - Run directory is always /run on tmpfs + - Assume httpd ≥ 2.4 filesystem layout + - systemd-units always provided by systemd + +* Tue Jan 26 2021 Fedora Release Engineering - 2.3.9-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Aug 27 2020 Joe Orton - 2.3.9-22 +- merge fixes from RHEL (r1848298, etc) + +* Tue Jul 28 2020 Fedora Release Engineering - 2.3.9-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 2.3.9-20 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed Jan 29 2020 Fedora Release Engineering - 2.3.9-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 2.3.9-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 2.3.9-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 2.3.9-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu May 3 2018 Paul Howarth - 2.3.9-15 +- Correct mode of %%{rundir}/mod_fcgid in %%{_tmpfilesdir}/mod_fcgid.conf + +* Wed May 02 2018 Luboš Uhliarik - 2.3.9-14 +- Resolves: #1564219 - SELinux prevents httpd from starting when mod_fcgid + is installed (also #1574390) + +* Tue Feb 20 2018 Paul Howarth - 2.3.9-13 +- BR: gcc + +* Thu Feb 08 2018 Fedora Release Engineering - 2.3.9-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 26 2018 Paul Howarth - 2.3.9-11 +- Drop SELinux policy module: all supported targets have it in base policy now +- Update README.SELinux to current types and ship it +- Use forward-looking conditionals +- One build requirement per line +- Drop legacy Group: tag + +* Thu Aug 03 2017 Fedora Release Engineering - 2.3.9-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.3.9-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 2.3.9-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Mar 4 2016 Paul Howarth - 2.3.9-7 +- Use /usr/bin/sed rather than /bin/sed for fixconf script on modern releases +- Drop %%defattr, redundant since rpm 4.4 +- Use %%license where possible + +* Thu Feb 04 2016 Fedora Release Engineering - 2.3.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 2.3.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 2.3.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.3.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Jan 23 2014 Joe Orton 2.3.9-2 +- Fix _httpd_mmn expansion in absence of httpd-devel + +* Tue Oct 8 2013 Paul Howarth 2.3.9-1 +- Update to 2.3.9 + - SECURITY: Fix possible heap buffer overwrite (CVE-2013-4365) + - Add experimental cmake-based build system for Windows + - Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA + Authenticator/Authorizor/Access directives' command line argument, as + currently documented (PR#51194) + - Honor quoted FcgidCmdOptions arguments (notably for InitialEnv + assignments) (PR#51657) + - Conform script response parsing with mod_cgid and ensure no response body + is sent when ap_meets_conditions() determines that request conditions are + met + - Improve logging in access control hook functions + - Avoid making internal sub-requests and processing Location headers when in + FCGI_AUTHORIZER mode, as the auth hook functions already treat Location + headers returned by scripts as an error since redirections are not + meaningful in this mode + - Revert fix for PR#53693, added in 2.3.8 but undocumented + - Fix issues with a minor optimization added in 2.3.8 + +* Sat Aug 03 2013 Fedora Release Engineering 2.3.7-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering 2.3.7-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jul 20 2012 Fedora Release Engineering 2.3.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 4 2012 Paul Howarth 2.3.7-4 +- Move tmpfiles.d config from %%{_sysconfdir} to %%{_prefix}/lib + +* Wed May 2 2012 Paul Howarth 2.3.7-3 +- Make %%files list more explicit + +* Wed May 2 2012 Joe Orton 2.3.7-2 +- Use 10- prefix for conf file in conf.modules.d with httpd ≥ 2.4 +- Use _httpd_confdir throughout + +* Mon Apr 23 2012 Paul Howarth 2.3.7-1 +- Update to 2.3.7 + - Introduce FcgidWin32PreventOrphans directive on Windows to use OS Job + Control Objects to terminate all running fcgi's when the worker process + has been abruptly terminated (PR: 51078) + - Periodically clean out the brigades that are pulling in the request body + for handoff to the fcgid child (PR: 51749) + - Resolve crash during graceful restarts (PR: 50309) + - Solve latency/congestion of resolving effective user file access rights + when no such info is desired, for config-related filename stats (PR: 51020) + - Fix regression in 2.3.6 that broke process controls when using + vhost-specific configuration + - Account for first process in class in the spawn score +- Drop patch for CVE-2012-1181, now included in upstream release + +* Tue Mar 27 2012 Paul Howarth 2.3.6-6 +- Fix compatibility with httpd 2.4 in F-18/RHEL-7 onwards +- Use /run rather than /var/run from F-15/RHEL-7 onwards + +* Sun Jan 22 2012 Paul Howarth 2.3.6-5 +- Fix regression in 2.3.6 that broke process controls when using vhost-specific + configuration (upstream issue 49902, #783742, CVE-2012-1181) + +* Fri Jan 6 2012 Paul Howarth 2.3.6-4 +- Nobody else likes macros for commands + +* Tue Feb 8 2011 Fedora Release Engineering 2.3.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Dec 1 2010 Paul Howarth 2.3.6-2 +- Add /etc/tmpfiles.d/mod_fcgid.conf for builds on Fedora 15 onwards to + support running with /var/run on tmpfs (#656625) + +* Thu Nov 4 2010 Paul Howarth 2.3.6-1 +- Update to 2.3.6 (see CHANGES-FCGID for full details) + - Fix possible stack buffer overwrite (CVE-2010-3872) + - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators + should change this to an appropriate value based on site requirements + - Correct a problem that resulted in FcgidMaxProcesses being ignored in some + situations + - Return 500 instead of segfaulting when the application returns no output +- Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it +- Explicitly require /bin/sed for fixconf script + +* Tue Jun 8 2010 Paul Howarth 2.3.5-2 +- SELinux policy module not needed for RHEL-6 onwards + +* Wed Jan 27 2010 Paul Howarth 2.3.5-1 +- Update to 2.3.5 (see CHANGES-FCGID for details) +- Drop upstream svn patch + +* Wed Oct 21 2009 Paul Howarth 2.3.4-2 +- Add fixes from upstream svn for a number of issues, most notably that the + fixconf script had an error in the regexp, which resulted in a prefix of + "FcgidFcgid" on the updated directives + +* Mon Oct 12 2009 Paul Howarth 2.3.4-1 +- Update to 2.3.4 (configuration directives changed again) +- Add fixconf.sed script for config file directives update + +* Fri Sep 25 2009 Paul Howarth 2.3.1-2.20090925svn818270 +- Update to svn revision 818270 +- DESTDIR and header detection patches upstreamed +- Build SELinux policy module for EL-5; support in EL-5.3 is incomplete and + will be fixed in EL-5.5 (#519369) +- Drop aliases httpd_sys_content_r{a,o,w}_t -> httpd_fastcgi_content_r{a,o,w}_t + from pre-2.5 SElinux policy module as these types aren't defined there + +* Wed Sep 23 2009 Paul Howarth 2.3.1-1.20090923svn817978 +- Update to post-2.3.1 svn snapshot +- Upstream moved to apache.org +- License changed to ASL 2.0 +- Use FCGID-prefixed config file options (old ones deprecated) +- Lots of documentation changes +- Renumber sources +- Don't defer to mod_fastcgi if both are present +- Drop gawk buildreq +- Add patches fixing RPM build issues (DESTDIR support, header detection) + +* Sat Jul 25 2009 Fedora Release Engineering - 2.2-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue May 26 2009 Paul Howarth 2.2-12 +- Don't use /etc/httpd/run as basis of "run" directory as its DAC permissions + are not permissive enough in F-11 onwards; instead, revert to + /var/run/mod_fcgid and tweak default config accordingly (#502273) + +* Sun May 17 2009 Paul Howarth 2.2-11 +- Follow link /etc/httpd/run and make our "run" directory a subdir of wherever + that leads (#501123) + +* Mon Apr 6 2009 Paul Howarth 2.2-10 +- EL 5.3 now has SELinux support in the main selinux-policy package so handle + that release as per Fedora >= 8, except that the RHEL selinux-policy package + doesn't Obsolete/Provide mod_fcgid-selinux like the Fedora version, so do + the obsoletion here instead + +* Thu Feb 26 2009 Paul Howarth 2.2-9 +- Update documentation for MoinMoin, Rails (#476658), and SELinux + +* Wed Feb 25 2009 Fedora Release Engineering - 2.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Nov 12 2008 Paul Howarth 2.2-7 +- SELinux policy module no longer built for Fedora 8 onwards as it is + obsoleted by the main selinux-policy package +- Conflicts for selinux-policy packages older than the releases where mod_fcgid + policy was incorporated have been added for Fedora 8, 9, and 10 versions, to + ensure that SELinux support will work if installed + +* Tue Oct 21 2008 Paul Howarth 2.2-6 +- SELinux policy module rewritten to merge fastcgi and system script domains + in preparation for merge into main selinux-policy package (#462318) +- Try to determine supported SELinux policy types by reading /etc/selinux/config + +* Thu Jul 24 2008 Paul Howarth 2.2-5 +- Tweak selinux-policy version detection macro to work with current Rawhide + +* Thu Feb 14 2008 Paul Howarth 2.2-4 +- Rebuild with gcc 4.3.0 for Fedora 9 + +* Mon Jan 14 2008 Paul Howarth 2.2-3 +- Update SELinux policy to fix occasional failures on restarts + (move shared memory file into /var/run/mod_fcgid directory) + +* Thu Jan 3 2008 Paul Howarth 2.2-2 +- Update SELinux policy to support file transition to httpd_tmp_t for + temporary files + +* Fri Sep 14 2007 Paul Howarth 2.2-1 +- Update to version 2.2 +- Make sure docs are encoded as UTF-8 + +* Mon Sep 3 2007 Joe Orton 2.1-6 +- rebuild for fixed 32-bit APR (#254241) + +* Thu Aug 23 2007 Paul Howarth 2.1-5 +- Update source URL to point to downloads.sf.net rather than dl.sf.net +- Upstream released new tarball without changing version number, though the + only change was in arch/win32/fcgid_pm_win.c, which is not used to build the + RPM package +- Clarify license as GPL (unspecified/any version) +- Unexpand tabs in spec +- Add buildreq of gawk + +* Fri Aug 3 2007 Paul Howarth 2.1-4 +- Add buildreq of pkgconfig, a missing dependency of both apr-devel and + apr-util-devel on FC5 + +* Fri Jun 15 2007 Paul Howarth 2.1-3 +- Major update of SELinux policy, supporting accessing data on NFS/CIFS shares + and a new boolean, httpd_fastcgi_can_sendmail, to allow connections to SMTP + servers +- Fix for SELinux policy on Fedora 7, which didn't work due to changes in the + permissions macros in the underlying selinux-policy package + +* Wed Mar 21 2007 Paul Howarth 2.1-2 +- Add RHEL5 with SELinux support +- Rename README.Fedora to README.RPM + +* Fri Feb 16 2007 Paul Howarth 2.1-1 +- Update to 2.1 +- Update documentation and patches +- Rename some source files to reduce chances of conflicting names +- Include SharememPath directive in conf file to avoid unfortunate upstream + default location + +* Mon Oct 30 2006 Paul Howarth 2.0-1 +- Update to 2.0 +- Source is now hosted at sourceforge.net +- Update docs + +* Wed Sep 6 2006 Paul Howarth 1.10-7 +- Include the right README* files + +* Tue Aug 29 2006 Paul Howarth 1.10-6 +- Buildreqs for FC5 now identical to buildreqs for FC6 onwards + +* Fri Jul 28 2006 Paul Howarth 1.10-5 +- Split off SELinux module into separate subpackage to avoid dependency on + the selinux-policy package for the main package + +* Fri Jul 28 2006 Paul Howarth 1.10-4 +- SELinux policy packages moved from %%{_datadir}/selinux/packages/POLICYNAME + to %%{_datadir}/selinux/POLICYNAME +- hardlink identical policy module packages together to avoid duplicate files + +* Thu Jul 20 2006 Paul Howarth 1.10-3 +- Adjust buildreqs for FC6 onwards +- Figure out where top_dir is dynamically since the /etc/httpd/build + symlink is gone in FC6 + +* Wed Jul 5 2006 Paul Howarth 1.10-2 +- SELinux policy update: allow FastCGI apps to do DNS lookups + +* Tue Jul 4 2006 Paul Howarth 1.10-1 +- Update to 1.10 +- Expand tabs to shut rpmlint up + +* Tue Jul 4 2006 Paul Howarth 1.09-10 +- SELinux policy update: + * allow httpd to read httpd_fastcgi_content_t without having the + | httpd_builtin_scripting boolean set + * allow httpd_fastcgi_script_t to read /etc/resolv.conf without + | having the httpd_can_network_connect boolean set + +* Sun Jun 18 2006 Paul Howarth 1.09-9 +- Discard output of semodule in %%postun +- Include some documentation from upstream + +* Fri Jun 9 2006 Paul Howarth 1.09-8 +- Change default context type for socket directory from var_run_t to + httpd_fastcgi_sock_t for better separation + +* Thu Jun 8 2006 Paul Howarth 1.09-7 +- Add SELinux policy module and README.Fedora +- Conflict with selinux-policy versions older than what we're built on + +* Mon May 15 2006 Paul Howarth 1.09-6 +- Instead of conflicting with mod_fastcgi, don't add the handler for .fcg etc. + if mod_fastcgi is present + +* Fri May 12 2006 Paul Howarth 1.09-5 +- Use correct handler name in fcgid.conf +- Conflict with mod_fastcgi +- Create directory %%{_localstatedir}/run/mod_fcgid for sockets + +* Thu May 11 2006 Paul Howarth 1.09-4 +- Cosmetic tweaks (personal preferences) +- Don't include INSTALL.TXT, nothing of use to end users + +* Wed May 10 2006 Thomas Antony 1.09-3 +- Initial release