[mod_fcgid] Update to 2.3.6

Paul Howarth pghmcfc at fedoraproject.org
Fri Nov 5 14:25:42 UTC 2010 

commit b969a4171458bf73bd5799da858393e984accff2
Author: Paul Howarth <paul at city-fan.org>
Date:   Fri Nov 5 14:23:42 2010 +0000

    Update to 2.3.6
    
    - New upstream release 2.3.6 (see CHANGES-FCGID for full details)
      - Fix possible stack buffer overwrite (CVE-2010-3872)
      - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators
        should change this to an appropriate value based on site requirements
      - Correct a problem that resulted in FcgidMaxProcesses being ignored in some
        situations
      - Return 500 instead of segfaulting when the application returns no output
    - Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it
    - Explicitly require /bin/sed for fixconf script

 .gitignore     |    2 +-
 mod_fcgid.spec |   37 +++++++++++++++++++++++++------------
 sources        |    2 +-
 3 files changed, 27 insertions(+), 14 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index c661092..e665cfd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-mod_fcgid-2.3.5.tar.bz2
+/mod_fcgid-2.3.6.tar.bz2
diff --git a/mod_fcgid.spec b/mod_fcgid.spec
index ab69b5d..fe64693 100644
--- a/mod_fcgid.spec
+++ b/mod_fcgid.spec
@@ -1,8 +1,8 @@
 # Fedora 5, 6, and 7 versions includes SELinux policy module package
 # Fedora 8 and 9 versions include policy in errata selinux-policy releases
 # Fedora 10 onwards include policy in standard selinux-policy releases
-# RHEL 5.5 onwards will include policy in standard selinux-policy releases
-%if 0%{?fedora}%{?rhel} < 5 || 0%{?fedora} > 7 || 0%{?rhel} > 5
+# RHEL 5.5 onwards include policy in standard selinux-policy releases
+%if 0%{?fedora} < 5 || 0%{?fedora} > 7 || 0%{?rhel}
 %global selinux_module 0
 %global selinux_types %{nil}
 %global selinux_variants %{nil}
@@ -15,8 +15,8 @@
 %endif
 
 Name:		mod_fcgid
-Version:	2.3.5
-Release:	2%{?dist}
+Version:	2.3.6
+Release:	1%{?dist}
 Summary:	FastCGI interface module for Apache 2
 Group:		System Environment/Daemons
 License:	ASL 2.0
@@ -32,13 +32,15 @@ Patch0:		mod_fcgid-2.3.4-fixconf-shellbang.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	httpd-devel >= 2.0, pkgconfig
 Requires:	httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
+# sed required for fixconf script
+Requires:	/bin/sed
 # Make sure that selinux-policy is sufficiently up-to-date if it's installed
-## FastCGI policy properly incorporated into EL 5.5 (not yet available)
-#%if "%{?rhel}" == "5"
-#Conflicts:	selinux-policy < 2.4.6-257.el5
-## No provide here because selinux-policy >= 2.4.6-203.el5 does the providing
-#Obsoletes:	mod_fcgid-selinux <= %{version}-%{release}
-#%endif
+# FastCGI policy properly incorporated into EL 5.5
+%if "%{?rhel}" == "5"
+Conflicts:	selinux-policy < 2.4.6-279.el5
+# No provide here because selinux-policy >= 2.4.6-279.el5 does the providing
+Obsoletes:	mod_fcgid-selinux <= %{version}-%{release}
+%endif
 %if "%{?fedora}" == "8"
 Conflicts:	selinux-policy < 3.0.8-123.fc8
 %endif
@@ -62,7 +64,7 @@ as possible.
 Summary:	  SELinux policy module supporting FastCGI applications with mod_fcgid
 Group:		  System Environment/Base
 BuildRequires:	  %{selinux_buildreqs}
-# selinux-policy is required for directory ownership of %{_datadir}/selinux/*
+# selinux-policy is required for directory ownership of %%{_datadir}/selinux/*
 # Modules built against one version of a policy may not work with older policy
 # versions, as noted on fedora-selinux-list:
 # http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html
@@ -110,7 +112,7 @@ done
 %{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf
 %{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid
 
-# Include the manual as %doc, don't need it elsewhere
+# Include the manual as %%doc, don't need it elsewhere
 %{__rm} -rf %{buildroot}%{_var}/www/manual
 
 # Install SELinux policy modules
@@ -171,6 +173,17 @@ exit 0
 %endif
 
 %changelog
+* Thu Nov  4 2010 Paul Howarth <paul at city-fan.org> 2.3.6-1
+- Update to 2.3.6 (see CHANGES-FCGID for full details)
+  - Fix possible stack buffer overwrite (CVE-2010-3872)
+  - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators
+    should change this to an appropriate value based on site requirements
+  - Correct a problem that resulted in FcgidMaxProcesses being ignored in some
+    situations
+  - Return 500 instead of segfaulting when the application returns no output
+- Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it
+- Explicitly require /bin/sed for fixconf script
+
 * Tue Jun  8 2010 Paul Howarth <paul at city-fan.org> 2.3.5-2
 - SELinux policy module not needed for RHEL-6 onwards
 
diff --git a/sources b/sources
index b5c65e1..37d7d45 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-640a49c9ddf8596bd913835118b4a6aa  mod_fcgid-2.3.5.tar.bz2
+30ee138f3f0eb1c55303400748f128a2  mod_fcgid-2.3.6.tar.bz2

More information about the scm-commits mailing list