diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f4d8233
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/mod_fcgid-2.3.9.tar.bz2
diff --git a/EMPTY b/EMPTY
deleted file mode 100644
index 0519ecb..0000000
--- a/EMPTY
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/fastcgi-2.5.te b/fastcgi-2.5.te
new file mode 100644
index 0000000..c691308
--- /dev/null
+++ b/fastcgi-2.5.te
@@ -0,0 +1,63 @@
+# This policy module provides support for mod_fcgid using the httpd system script domain.
+# It provides "allow" rules that will overlap to varying degrees with selinux-policy
+# packages for Fedora 5 onwards, and is a stepping stone to the merged policy included
+# as updates for selinux-policy in Fedora 8, 9, and 10.
+#
+# Rules existing in selinux-policy 2.6.4 (F7) have been stripped from this policy
+#
+# Previous versions of this policy module used a separate domain, httpd_fastcgi_script_t,
+# which is now an alias for httpd_sys_script_t.
+
+policy_module(fastcgi, 0.2.6)
+
+require {
+ type devpts_t;
+ type httpd_t;
+ type httpd_log_t;
+ type httpd_sys_content_t;
+ type httpd_sys_content_ra_t;
+ type httpd_sys_content_ro_t;
+ type httpd_sys_content_rw_t;
+ type httpd_sys_script_exec_t;
+ type httpd_sys_script_ra_t;
+ type httpd_sys_script_ro_t;
+ type httpd_sys_script_rw_t;
+ type httpd_sys_script_t;
+ type httpd_tmp_t;
+ type httpd_var_run_t;
+};
+
+# Type aliases for contexts used with older policy modules
+typealias httpd_sys_content_t alias httpd_fastcgi_content_t;
+typealias httpd_sys_content_ra_t alias httpd_fastcgi_content_ra_t;
+typealias httpd_sys_content_ro_t alias httpd_fastcgi_content_ro_t;
+typealias httpd_sys_content_rw_t alias httpd_fastcgi_content_rw_t;
+typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
+typealias httpd_sys_script_ra_t alias httpd_fastcgi_script_ra_t;
+typealias httpd_sys_script_ro_t alias httpd_fastcgi_script_ro_t;
+typealias httpd_sys_script_rw_t alias httpd_fastcgi_script_rw_t;
+typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
+
+# ==========================================================
+# Re-use httpd_sys_script_t for mod_fcgid apps
+# ==========================================================
+
+# Allow web applications to call getpw* functions
+auth_use_nsswitch(httpd_sys_script_t)
+
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+# Rules to do this are already in selinux-policy apart from dir setattr
+setattr_dirs_pattern(httpd_t,httpd_var_run_t,httpd_var_run_t)
+
+# Allow FastCGI applications to listen for FastCGI requests on their
+# sockets and respond to them
+allow httpd_sys_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
+
+# These are probably leaked file descriptors
+dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_sys_script_t httpd_log_t:file ioctl;
+
+# PHP uploads a file to /tmp and then execs programs to action them
+# Rules to do this are already in selinux-policy 2.6.4 (F7) apart from filetrans
+files_tmp_filetrans(httpd_sys_script_t,httpd_sys_script_rw_t,{ dir file lnk_file sock_file fifo_file })
diff --git a/fastcgi.fc b/fastcgi.fc
new file mode 100644
index 0000000..2006d97
--- /dev/null
+++ b/fastcgi.fc
@@ -0,0 +1 @@
+/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
diff --git a/fastcgi.te b/fastcgi.te
new file mode 100644
index 0000000..373d920
--- /dev/null
+++ b/fastcgi.te
@@ -0,0 +1,71 @@
+# This policy module provides support for mod_fcgid using the httpd system script domain.
+# It provides "allow" rules that will overlap to varying degrees with selinux-policy
+# packages for Fedora 5 onwards, and is a stepping stone to the merged policy included
+# as updates for selinux-policy in Fedora 8, 9, and 10.
+#
+# Rules existing in selinux-policy 2.3.7 (FC5) have been stripped from this policy
+#
+# Previous versions of this policy module used a separate domain, httpd_fastcgi_script_t,
+# which is now an alias for httpd_sys_script_t.
+
+policy_module(fastcgi, 0.1.11)
+
+require {
+ type devpts_t;
+ type httpd_t;
+ type httpd_log_t;
+ type httpd_sys_content_t;
+ type httpd_sys_script_exec_t;
+ type httpd_sys_script_ra_t;
+ type httpd_sys_script_ro_t;
+ type httpd_sys_script_rw_t;
+ type httpd_sys_script_t;
+ type httpd_tmp_t;
+ type httpd_var_run_t;
+};
+
+# Type aliases for contexts used with older policy modules
+typealias httpd_sys_content_t alias httpd_fastcgi_content_t;
+typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
+typealias httpd_sys_script_ra_t alias httpd_fastcgi_script_ra_t;
+typealias httpd_sys_script_ro_t alias httpd_fastcgi_script_ro_t;
+typealias httpd_sys_script_rw_t alias httpd_fastcgi_script_rw_t;
+typealias httpd_sys_script_t alias httpd_fastcgi_script_t;
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
+
+# ==========================================================
+# Re-use httpd_sys_script_t for mod_fcgid apps
+# ==========================================================
+
+# Allow web applications to call getpw* functions
+auth_use_nsswitch(httpd_sys_script_t)
+
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+# Rules to do this are already in selinux-policy apart from dir setattr
+allow httpd_t httpd_var_run_t:dir setattr;
+
+# Allow FastCGI applications to listen for FastCGI requests on their
+# sockets and respond to them
+allow httpd_sys_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
+
+# These are probably leaked file descriptors
+dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_sys_script_t httpd_log_t:file ioctl;
+
+# Search automount filesystem to use automatically mounted filesystems
+fs_search_auto_mountpoints(httpd_sys_script_t)
+
+# PHP uploads a file to /tmp and then execs programs to action them
+allow httpd_sys_script_t httpd_tmp_t:dir manage_dir_perms;
+allow httpd_sys_script_t httpd_tmp_t:file manage_file_perms;
+files_tmp_filetrans(httpd_sys_script_t,httpd_sys_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
+# Support network home directories
+tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
+ fs_read_nfs_files(httpd_sys_script_t)
+ fs_read_nfs_symlinks(httpd_sys_script_t)
+')
+tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
+ fs_read_cifs_files(httpd_sys_script_t)
+ fs_read_cifs_symlinks(httpd_sys_script_t)
+')
diff --git a/fcgid.conf b/fcgid.conf
new file mode 100644
index 0000000..90f208e
--- /dev/null
+++ b/fcgid.conf
@@ -0,0 +1,14 @@
+# This is the Apache server configuration file for providing FastCGI support
+# through mod_fcgid
+#
+# Documentation is available at
+# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
+
+LoadModule fcgid_module modules/mod_fcgid.so
+
+# Use FastCGI to process .fcg .fcgi & .fpl scripts
+AddHandler fcgid-script fcg fcgi fpl
+
+# Sane place to put sockets and shared memory file
+FcgidIPCDir /var/run/mod_fcgid
+FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm
diff --git a/fcgid24.conf b/fcgid24.conf
new file mode 100644
index 0000000..2e7d486
--- /dev/null
+++ b/fcgid24.conf
@@ -0,0 +1,12 @@
+# This is the Apache server configuration file for providing FastCGI support
+# through mod_fcgid
+#
+# Documentation is available at
+# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
+
+# Use FastCGI to process .fcg .fcgi & .fpl scripts
+AddHandler fcgid-script fcg fcgi fpl
+
+# Sane place to put sockets and shared memory file
+FcgidIPCDir /run/mod_fcgid
+FcgidProcessTableFile /run/mod_fcgid/fcgid_shm
diff --git a/mod_fcgid-2.1-README.RPM b/mod_fcgid-2.1-README.RPM
new file mode 100644
index 0000000..89165c5
--- /dev/null
+++ b/mod_fcgid-2.1-README.RPM
@@ -0,0 +1,75 @@
+Using the mod_fcgid RPM Package
+===============================
+
+This mod_fcgid package includes a configuration file
+/etc/httpd/conf.d/fcgid.conf that ensures that the module is loaded and
+added as the handler for .fcg, .fcgi, and .fpl applications.
+
+Example: setting up moin with mod_fcgid
+=======================================
+
+Setting up moin with mod_fcgid is very similar to setting it up as a regular
+CGI application.
+
+ * Create a directory for your wiki instance:
+
+ DESTDIR=/var/www/mywiki
+ mkdir -p $DESTDIR/cgi-bin
+
+ * Copy in the wiki template data and the application itself:
+
+ cp -a /usr/share/moin/{data,underlay} $DESTDIR
+ cp -a /usr/share/moin/server/moin.fcg $DESTDIR/cgi-bin
+ cp -a /usr/share/moin/config/wikiconfig.py $DESTDIR/cgi-bin
+
+ * Fix the directory ownership
+
+ chown -R apache:apache $DESTDIR/{data,underlay}
+
+ * Edit $DESTDIR/cgi-bin/wikiconfig.py to suit your needs
+
+ * Create a httpd configuration file for the wiki, e.g.
+ /etc/httpd/conf.d/mywiki.conf
+
+ # Wiki application data common to all wiki instances
+ Alias /moin_static185 "/usr/share/moin/htdocs/"
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+ ExpiresActive On
+ ExpiresDefault "access plus 1 year"
+
+
+
+ # Wiki instance with mod_fcgid
+
+ ScriptAlias /mywiki "/var/www/mywiki/cgi-bin/moin.fcg"
+
+ Options Indexes FollowSymLinks ExecCGI
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+
+ * Restart the web server to load the new configuration:
+
+ service httpd restart
+
+That should do it!
+
+Ruby on Rails with mod_fcgid
+============================
+
+One of the differences between mod_fastcgi and mod_fcgid is that the former
+sets the SCRIPT_NAME environment variable whilst the latter does not, and it's
+reported (http://bugzilla.redhat.com/476658) that Ruby on Rails expects this
+environment variable to be present. A workaround for this is to add:
+
+ActionController::AbstractRequest.relative_url_root = ""
+
+to the Rails::Initializer.run segment of config/environment.rb
+
diff --git a/mod_fcgid-2.1-README.SELinux b/mod_fcgid-2.1-README.SELinux
new file mode 100644
index 0000000..981cf59
--- /dev/null
+++ b/mod_fcgid-2.1-README.SELinux
@@ -0,0 +1,63 @@
+Using mod_fcgid with SELinux in Fedora Core 5 / RHEL 5 onwards
+==============================================================
+
+Versions of this package built for Fedora Core 5, 6, or 7 include an SELinux
+policy module to support FastCGI applications. Later Fedora releases and Red
+Hat Enterprise Linux 5.3 onwards include the policy in the main selinux-policy
+package and do not require the separate module.
+
+The module source (fastcgi.{fc,te}) is included for reference as documentation
+in the package.
+
+The module uses the same set of SELinux types for FastCGI applications as for
+regular CGI scripts (or "system scripts" as they are known in SELinux), as
+described in "man httpd_selinux".
+
+ * httpd_sys_content_t
+ - Set files with httpd_sys_content_t for content that is available
+ from all FastCGI scripts and the daemon.
+
+ * httpd_sys_script_exec_t
+ - Set FastCGI scripts with httpd_sys_script_exec_t to allow them to run
+ with access to all system script types.
+
+ * httpd_sys_script_ro_t
+ - Set files with httpd_sys_script_ro_t if you want httpd_sys_script_exec_t
+ scripts to read but not write the data, and disallow other processes from
+ access.
+
+ * httpd_sys_script_rw_t
+ - Set files with httpd_sys_script_rw_t if you want httpd_sys_script_exec_t
+ scripts to read/write the data, and disallow other processes from access.
+
+ * httpd_sys_script_ra_t
+ - Set files with httpd_sys_script_ra_t if you want httpd_sys_script_exec_t
+ scripts to read/append to the file, and disallow other processes from
+ access.
+
+So for the moin wiki layout described in README.RPM of the main mod_fcgid
+package, the contexts would be set as follows:
+
+ cd /var/www/mywiki
+ chcon -t httpd_sys_content_t .
+ chcon -R -t httpd_sys_script_exec_t cgi-bin
+ chcon -R -t httpd_sys_script_rw_t data underlay
+
+It is necessary to turn on the httpd_enable_cgi boolean to run either regular
+or FastCGI scripts:
+
+ setsebool -P httpd_enable_cgi 1
+
+The httpd_can_sendmail boolean is used to specify whether any of your
+web applications can make outbound SMTP connections (e.g. moin sending
+notifications). By default it is off, but can be enabled as follows:
+
+ setsebool -P httpd_can_sendmail 1
+
+Only enable this functionality if you actually need it, since it increases the
+chances that any vulnerability in any of your web applications could be
+exploited by a spammer.
+
+If you have any questions or issues regarding FastCGI and SELinux, please don't
+hesitate to bring them up on fedora-selinux-list.
+
diff --git a/mod_fcgid-2.3.4-fixconf-shellbang.patch b/mod_fcgid-2.3.4-fixconf-shellbang.patch
new file mode 100644
index 0000000..ea5fb50
--- /dev/null
+++ b/mod_fcgid-2.3.4-fixconf-shellbang.patch
@@ -0,0 +1,8 @@
+--- mod_fcgid-2.3.4/build/fixconf.sed 2009-10-07 04:16:08.000000000 +0100
++++ mod_fcgid-2.3.4/build/fixconf.sed 2009-10-12 09:50:14.570448865 +0100
+@@ -1,4 +1,4 @@
+-#!/usr/bin/sed -f
++#!/bin/sed -f
+ #
+ # Licensed to the Apache Software Foundation (ASF) under one or more
+ # contributor license agreements. See the NOTICE file distributed with
diff --git a/mod_fcgid-2.3.9-1024-env-vars.patch b/mod_fcgid-2.3.9-1024-env-vars.patch
new file mode 100644
index 0000000..41b9998
--- /dev/null
+++ b/mod_fcgid-2.3.9-1024-env-vars.patch
@@ -0,0 +1,13 @@
+diff --git a/modules/fcgid/fcgid_conf.h b/modules/fcgid/fcgid_conf.h
+index 47d68bb..44da00e 100644
+--- a/modules/fcgid/fcgid_conf.h
++++ b/modules/fcgid/fcgid_conf.h
+@@ -139,7 +139,7 @@ typedef struct {
+ */
+ #define INITENV_KEY_LEN 64
+ #define INITENV_VAL_LEN 256
+-#define INITENV_CNT 64
++#define INITENV_CNT 1024
+ typedef struct {
+ char initenv_key[INITENV_CNT][INITENV_KEY_LEN];
+ char initenv_val[INITENV_CNT][INITENV_VAL_LEN];
diff --git a/mod_fcgid-2.3.9-r1847623.patch b/mod_fcgid-2.3.9-r1847623.patch
new file mode 100644
index 0000000..bcb59b1
--- /dev/null
+++ b/mod_fcgid-2.3.9-r1847623.patch
@@ -0,0 +1,16 @@
+# ./pullrev.sh 1847623
+http://svn.apache.org/viewvc?view=revision&revision=1847623
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1651310
+
+--- mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h
++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_conf.h
+@@ -138,7 +138,7 @@
+ * to limit shared memory use
+ */
+ #define INITENV_KEY_LEN 64
+-#define INITENV_VAL_LEN 128
++#define INITENV_VAL_LEN 256
+ #define INITENV_CNT 64
+ typedef struct {
+ char initenv_key[INITENV_CNT][INITENV_KEY_LEN];
diff --git a/mod_fcgid-2.3.9-r1847624.patch b/mod_fcgid-2.3.9-r1847624.patch
new file mode 100644
index 0000000..a25f0de
--- /dev/null
+++ b/mod_fcgid-2.3.9-r1847624.patch
@@ -0,0 +1,119 @@
+# ./pullrev.sh 1847624
+http://svn.apache.org/viewvc?view=revision&revision=1847624
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1654200
+
+--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c
++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_unix.c
+@@ -762,14 +762,18 @@
+ struct iovec vec[FCGID_VEC_COUNT];
+ int nvec = 0;
+ apr_bucket *e;
++ apr_bucket_brigade *tmpbb = apr_brigade_create(output_brigade->p,
++ output_brigade->bucket_alloc);
+
+- for (e = APR_BRIGADE_FIRST(output_brigade);
+- e != APR_BRIGADE_SENTINEL(output_brigade);
+- e = APR_BUCKET_NEXT(e)) {
++ while (!APR_BRIGADE_EMPTY(output_brigade))
++ {
++ e = APR_BRIGADE_FIRST(output_brigade);
++
+ apr_size_t len;
+ const char* base;
+
+ if (APR_BUCKET_IS_METADATA(e)) {
++ apr_bucket_delete(e);
+ continue;
+ }
+
+@@ -780,6 +784,9 @@
+ return rv;
+ }
+
++ APR_BUCKET_REMOVE(e);
++ APR_BRIGADE_INSERT_TAIL(tmpbb, e);
++
+ vec[nvec].iov_len = len;
+ vec[nvec].iov_base = (char*) base;
+ if (nvec == (FCGID_VEC_COUNT - 1)) {
+@@ -789,6 +796,7 @@
+ FCGID_VEC_COUNT)) != APR_SUCCESS)
+ return rv;
+ nvec = 0;
++ apr_brigade_cleanup(tmpbb);
+ }
+ else
+ nvec++;
+@@ -800,6 +808,7 @@
+ return rv;
+ }
+
++ apr_brigade_destroy(tmpbb);
+ return APR_SUCCESS;
+ }
+
+--- mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c
++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_proc_win.c
+@@ -380,19 +380,22 @@
+ apr_bucket *bucket_request;
+ apr_status_t rv;
+ DWORD transferred;
++ apr_bucket_brigade *tmpbb = apr_brigade_create(birgade_send->p,
++ birgade_send->bucket_alloc);
+
+ handle_info = (fcgid_namedpipe_handle *) ipc_handle->ipc_handle_info;
+
+- for (bucket_request = APR_BRIGADE_FIRST(birgade_send);
+- bucket_request != APR_BRIGADE_SENTINEL(birgade_send);
+- bucket_request = APR_BUCKET_NEXT(bucket_request))
+- {
++ while (!APR_BRIGADE_EMPTY(birgade_send)) {
+ const char *write_buf;
+ apr_size_t write_buf_len;
+ apr_size_t has_write;
+
+- if (APR_BUCKET_IS_METADATA(bucket_request))
++ bucket_request = APR_BRIGADE_FIRST(birgade_send);
++
++ if (APR_BUCKET_IS_METADATA(bucket_request)) {
++ apr_bucket_delete(bucket_request);
+ continue;
++ }
+
+ if ((rv = apr_bucket_read(bucket_request, &write_buf, &write_buf_len,
+ APR_BLOCK_READ)) != APR_SUCCESS) {
+@@ -401,6 +404,9 @@
+ return rv;
+ }
+
++ APR_BUCKET_REMOVE(bucket_request);
++ APR_BRIGADE_INSERT_TAIL(tmpbb, bucket_request);
++
+ /* Write the buffer to fastcgi server */
+ has_write = 0;
+ while (has_write < write_buf_len) {
+@@ -411,6 +417,7 @@
+ write_buf_len - has_write,
+ &byteswrite, &handle_info->overlap_write)) {
+ has_write += byteswrite;
++ apr_brigade_cleanup(tmpbb);
+ continue;
+ } else if ((rv = GetLastError()) != ERROR_IO_PENDING) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING,
+@@ -437,6 +444,7 @@
+ return APR_ESPIPE;
+ }
+ has_write += transferred;
++ apr_brigade_cleanup(tmpbb);
+ continue;
+ } else {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
+@@ -448,6 +456,7 @@
+ }
+ }
+
++ apr_brigade_destroy(tmpbb);
+ return APR_SUCCESS;
+ }
+
diff --git a/mod_fcgid-2.3.9-r1848298.patch b/mod_fcgid-2.3.9-r1848298.patch
new file mode 100644
index 0000000..3f5dd93
--- /dev/null
+++ b/mod_fcgid-2.3.9-r1848298.patch
@@ -0,0 +1,87 @@
+# ./pullrev.sh 1848298
+
+http://svn.apache.org/viewvc?view=revision&revision=1848298
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1652493
+
+--- mod_fcgid-2.3.9/modules/fcgid/fcgid_bridge.c
++++ mod_fcgid-2.3.9/modules/fcgid/fcgid_bridge.c
+@@ -526,7 +526,8 @@
+ }
+
+ static int add_request_body(request_rec *r, apr_pool_t *request_pool,
+- apr_bucket_brigade *output_brigade)
++ apr_bucket_brigade *output_brigade,
++ apr_off_t *body_length)
+ {
+ apr_bucket *bucket_input, *bucket_header;
+ apr_file_t *fd = NULL;
+@@ -729,22 +730,49 @@
+ }
+ APR_BRIGADE_INSERT_TAIL(output_brigade, bucket_header);
+
++ *body_length = request_size;
++
+ return 0;
+ }
+
+ int bridge_request(request_rec * r, int role, fcgid_cmd_conf *cmd_conf)
+ {
+- apr_bucket_brigade *output_brigade;
++ apr_bucket_brigade *output_brigade, *body_brigade;
+ apr_bucket *bucket_eos;
+- char **envp = ap_create_environment(r->pool,
+- r->subprocess_env);
++ char **envp;
+ int rc;
+
+ /* Create brigade for the request to fastcgi server */
++ body_brigade
++ = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+ output_brigade =
+ apr_brigade_create(r->pool, r->connection->bucket_alloc);
+
+- /* Build the begin request and environ request, append them to output_brigade */
++ /* In responder mode, handle the request body up front to ensure
++ * the content-length is known (even if the request body is
++ * chunked) and sent in the header. */
++ if (role == FCGI_RESPONDER) {
++ apr_off_t body_length;
++
++ rc = add_request_body(r, r->pool, body_brigade, &body_length);
++ if (rc) {
++ return rc;
++ }
++
++ if (body_length && !apr_table_get(r->headers_in, "Content-Length")) {
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
++ "mod_fcgid: dechunked request body length %" APR_OFF_T_FMT,
++ body_length);
++
++ apr_table_set(r->subprocess_env, "CONTENT_LENGTH",
++ apr_off_t_toa(r->pool, body_length));
++ apr_table_unset(r->subprocess_env, "HTTP_TRANSFER_ENCODING");
++ }
++ }
++
++ envp = ap_create_environment(r->pool, r->subprocess_env);
++
++ /* Build the begin request and environ request, add them to output_brigade */
+ if (!build_begin_block
+ (role, r, r->connection->bucket_alloc, output_brigade)
+ || !build_env_block(r, envp, r->connection->bucket_alloc,
+@@ -754,12 +782,8 @@
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+- if (role == FCGI_RESPONDER) {
+- rc = add_request_body(r, r->pool, output_brigade);
+- if (rc) {
+- return rc;
+- }
+- }
++ /* Append the body output. */
++ APR_BRIGADE_CONCAT(output_brigade, body_brigade);
+
+ /* The eos bucket now */
+ bucket_eos = apr_bucket_eos_create(r->connection->bucket_alloc);
diff --git a/mod_fcgid-2.3.9-r1848311.patch b/mod_fcgid-2.3.9-r1848311.patch
new file mode 100644
index 0000000..181fad3
--- /dev/null
+++ b/mod_fcgid-2.3.9-r1848311.patch
@@ -0,0 +1,40 @@
+# ./pullrev.sh 1848311
+http://svn.apache.org/viewvc?view=revision&revision=1848311
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1655035
+
+--- mod_fcgid-2.3.9/modules/fcgid/config.m4
++++ mod_fcgid-2.3.9/modules/fcgid/config.m4
+@@ -43,6 +43,11 @@
+ AC_CHECK_HEADERS(sys/mman.h)
+ AC_CHECK_HEADERS(sys/mutex.h)
+ AC_CHECK_HEADERS(sys/shm.h)
++ if test "x$enable_fcgid" = "xshared"; then
++ # The only symbol which needs to be exported is the module
++ # structure, so ask libtool to hide everything else:
++ APR_ADDTO(MOD_FCGID_LDADD, [-export-symbols-regex fcgid_module])
++ fi
+ ])
+
+ dnl # end of module specific part
+--- mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs
++++ mod_fcgid-2.3.9/modules/fcgid/Makefile.apxs
+@@ -16,6 +16,7 @@
+ builddir=.
+ srcdir=.
+
++MOD_FCGID_LDADD = -export-symbols-regex fcgid_module
+ CLEAN_TARGETS = *.loT
+ include $(exp_installbuilddir)/special.mk
+
+--- mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs
++++ mod_fcgid-2.3.9/modules/fcgid/modules.mk.apxs
+@@ -17,7 +17,7 @@
+ # this is used/needed by the APACHE2 build system
+ #
+ mod_fcgid.la: mod_fcgid.slo fcgid_bridge.slo fcgid_conf.slo fcgid_pm_main.slo fcgid_protocol.slo fcgid_spawn_ctl.slo fcgid_proctbl_unix.slo fcgid_pm_unix.slo fcgid_proc_unix.slo fcgid_bucket.slo fcgid_filter.slo fcgid_mutex_unix.slo
+- $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo
++ $(SH_LINK) -rpath $(libexecdir) -module -avoid-version mod_fcgid.lo fcgid_bridge.lo fcgid_conf.lo fcgid_pm_main.lo fcgid_protocol.lo fcgid_spawn_ctl.lo fcgid_proctbl_unix.lo fcgid_pm_unix.lo fcgid_proc_unix.lo fcgid_bucket.lo fcgid_filter.lo fcgid_mutex_unix.lo $(MOD_FCGID_LDADD)
+ DISTCLEAN_TARGETS = modules.mk
+ static =
+ shared = mod_fcgid.la
diff --git a/mod_fcgid-tmpfs.conf b/mod_fcgid-tmpfs.conf
new file mode 100644
index 0000000..d7103ba
--- /dev/null
+++ b/mod_fcgid-tmpfs.conf
@@ -0,0 +1 @@
+d /run/mod_fcgid 0775 root apache
diff --git a/mod_fcgid.spec b/mod_fcgid.spec
new file mode 100644
index 0000000..a4da2d7
--- /dev/null
+++ b/mod_fcgid.spec
@@ -0,0 +1,561 @@
+# Fedora 5, 6, and 7 versions includes SELinux policy module package
+# Fedora 8 and 9 versions include policy in errata selinux-policy releases
+# Fedora 10 onwards include policy in standard selinux-policy releases
+# RHEL 5.5 onwards include policy in standard selinux-policy releases
+%if 0%{?fedora} < 5 || 0%{?fedora} > 7 || 0%{?rhel}
+%global selinux_module 0
+%global selinux_types %{nil}
+%global selinux_variants %{nil}
+%global selinux_buildreqs %{nil}
+%else
+%global selinux_module 1
+%global selinux_types %(awk '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null)
+%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls strict targeted || echo %{selinux_types})
+%global selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink
+%endif
+
+# apxs script location
+%{!?_httpd_apxs: %global _httpd_apxs %{_sbindir}/apxs}
+
+# Module Magic Number
+%{!?_httpd_mmn: %global _httpd_mmn %(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)}
+
+# Configuration directory
+%{!?_httpd_confdir: %global _httpd_confdir %{_sysconfdir}/httpd/conf.d}
+
+# For httpd ≥ 2.4 we have a different filesystem layout
+%if 0%{?fedora} > 17 || 0%{?rhel} > 6
+%global httpd24 1
+%global rundir /run
+%else
+%global httpd24 0
+%global rundir %{_localstatedir}/run
+%endif
+
+Name: mod_fcgid
+Version: 2.3.9
+Release: 17%{?dist}
+Summary: FastCGI interface module for Apache 2
+Group: System Environment/Daemons
+License: ASL 2.0
+URL: http://httpd.apache.org/mod_fcgid/
+Source0: http://www.apache.org/dist/httpd/mod_fcgid/mod_fcgid-%{version}.tar.bz2
+Source1: fcgid.conf
+Source2: mod_fcgid-2.1-README.RPM
+Source3: mod_fcgid-2.1-README.SELinux
+Source4: mod_fcgid-tmpfs.conf
+Source5: fcgid24.conf
+Source10: fastcgi.te
+Source11: fastcgi-2.5.te
+Source12: fastcgi.fc
+Patch0: mod_fcgid-2.3.4-fixconf-shellbang.patch
+Patch1: mod_fcgid-2.3.9-r1847623.patch
+Patch2: mod_fcgid-2.3.9-r1848298.patch
+Patch3: mod_fcgid-2.3.9-r1847624.patch
+Patch4: mod_fcgid-2.3.9-r1848311.patch
+Patch5: mod_fcgid-2.3.9-1024-env-vars.patch
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
+BuildRequires: httpd-devel >= 2.0, pkgconfig
+Requires: httpd-mmn = %{_httpd_mmn}
+# systemd-units needed for ownership of /usr/lib/tmpfiles.d directory
+%if 0%{?fedora} > 14 || 0%{?rhel} > 6
+Requires: systemd-units
+%endif
+# Make sure that selinux-policy is sufficiently up-to-date if it's installed
+# FastCGI policy properly incorporated into EL 5.5
+%if "%{?rhel}" == "5"
+Conflicts: selinux-policy < 2.4.6-279.el5
+# No provide here because selinux-policy >= 2.4.6-279.el5 does the providing
+Obsoletes: mod_fcgid-selinux <= %{version}-%{release}
+%endif
+%if "%{?fedora}" == "8"
+Conflicts: selinux-policy < 3.0.8-123.fc8
+%endif
+%if "%{?fedora}" == "9"
+Conflicts: selinux-policy < 3.3.1-107.fc9
+%endif
+%if "%{?fedora}" == "10"
+Conflicts: selinux-policy < 3.5.13-8.fc10
+%endif
+
+%description
+mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi.
+mod_fcgid has a new process management strategy, which concentrates on reducing
+the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon
+as possible.
+
+%if %{selinux_module}
+%package selinux
+Summary: SELinux policy module supporting FastCGI applications with mod_fcgid
+Group: System Environment/Base
+BuildRequires: %{selinux_buildreqs}
+# selinux-policy is required for directory ownership of %%{_datadir}/selinux/*
+#
+# version requirement is a hack to avoid problems mixing new modules with older policy,
+# e.g. http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html
+# _selinux_policy_version introduced in F-20 (#999584), but can be emulated by
+# pulling the policy version number from the policyhelp file on older distributions
+%{!?_selinux_policy_version: %global _selinux_policy_version %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp 2>/dev/null || echo 0.0.0)}
+%global selinux_policynum %(echo %{_selinux_policy_version} | awk -F. '{ printf "%d%02d%02d", $1, $2, $3 }')
+Requires: selinux-policy >= %{_selinux_policy_version}
+Requires: %{name} = %{version}-%{release}
+Requires(post): /usr/sbin/semodule, /sbin/restorecon
+Requires(postun): /usr/sbin/semodule, /sbin/restorecon
+
+%description selinux
+SELinux policy module supporting FastCGI applications with mod_fcgid.
+%endif
+
+%prep
+%setup -q
+cp -p %{SOURCE1} fcgid.conf
+cp -p %{SOURCE2} README.RPM
+cp -p %{SOURCE3} README.SELinux
+cp -p %{SOURCE5} fcgid24.conf
+%if 0%{?selinux_policynum} < 20501
+cp -p %{SOURCE10} fastcgi.te
+%else
+cp -p %{SOURCE11} fastcgi.te
+%endif
+cp -p %{SOURCE12} fastcgi.fc
+
+# Fix shellbang in fixconf script for our location of sed
+%if 0%{?fedora} < 24 && 0%{?rhel} < 8
+%patch0 -p1
+%endif
+%patch1 -p1 -b .r1847623
+%patch2 -p1 -b .r1848298
+%patch3 -p1 -b .r1847624
+%patch4 -p1 -b .r1848311
+%patch5 -p1 -b .1024_env_vars
+
+%build
+APXS=%{_httpd_apxs} ./configure.apxs
+make
+%if %{selinux_module}
+for selinuxvariant in %{selinux_variants}
+do
+ make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+ mv fastcgi.pp fastcgi.pp.${selinuxvariant}
+ make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+done
+%endif
+
+%install
+rm -rf %{buildroot}
+make DESTDIR=%{buildroot} MKINSTALLDIRS="mkdir -p" install
+%if %{httpd24}
+mkdir -p %{buildroot}{%{_httpd_confdir},%{_httpd_modconfdir}}
+echo "LoadModule fcgid_module modules/mod_fcgid.so" > %{buildroot}%{_httpd_modconfdir}/10-fcgid.conf
+install -D -m 644 fcgid24.conf %{buildroot}%{_httpd_confdir}/fcgid.conf
+%else
+install -D -m 644 fcgid.conf %{buildroot}%{_httpd_confdir}/fcgid.conf
+%endif
+install -d -m 755 %{buildroot}%{rundir}/mod_fcgid
+
+# Include the manual as %%doc, don't need it elsewhere
+%if %{httpd24}
+rm -rf %{buildroot}%{_httpd_contentdir}/manual
+%else
+rm -rf %{buildroot}%{_var}/www/manual
+%endif
+
+# Make sure %%{rundir}/mod_fcgid exists at boot time for systems
+# with %%{rundir} on tmpfs (#656625)
+%if 0%{?fedora} > 14 || 0%{?rhel} > 6
+install -d -m 755 %{buildroot}%{_prefix}/lib/tmpfiles.d
+install -p -m 644 %{SOURCE4} %{buildroot}%{_prefix}/lib/tmpfiles.d/mod_fcgid.conf
+%endif
+
+# Install SELinux policy modules
+%if %{selinux_module}
+for selinuxvariant in %{selinux_variants}
+do
+ install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+ install -p -m 644 fastcgi.pp.${selinuxvariant} \
+ %{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
+done
+# Hardlink identical policy module packages together
+hardlink -cv %{buildroot}%{_datadir}/selinux
+%endif
+
+%clean
+rm -rf %{buildroot}
+
+%if %{selinux_module}
+%post selinux
+# Install SELinux policy modules
+for selinuxvariant in %{selinux_variants}
+do
+ /usr/sbin/semodule -s ${selinuxvariant} -i \
+ %{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
+done
+# Fix up non-standard directory context from earlier packages
+/sbin/restorecon -R %{rundir}/mod_fcgid || :
+
+%postun selinux
+# Clean up after package removal
+if [ $1 -eq 0 ]; then
+ # Remove SELinux policy modules
+ for selinuxvariant in %{selinux_variants}; do
+ /usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
+ done
+ # Clean up any remaining file contexts (shouldn't be any really)
+ [ -d %{rundir}/mod_fcgid ] && \
+ /sbin/restorecon -R %{rundir}/mod_fcgid &> /dev/null || :
+fi
+exit 0
+%endif
+
+%files
+%if 0%{?_licensedir:1}
+%license LICENSE-FCGID
+%else
+%doc LICENSE-FCGID
+%endif
+# mod_fcgid.html.en is explicitly encoded as ISO-8859-1
+%doc CHANGES-FCGID NOTICE-FCGID README-FCGID STATUS-FCGID
+%doc docs/manual/mod/mod_fcgid.html.en modules/fcgid/ChangeLog
+%doc build/fixconf.sed
+%{_libdir}/httpd/modules/mod_fcgid.so
+%if %{httpd24}
+%config(noreplace) %{_httpd_modconfdir}/10-fcgid.conf
+%endif
+%config(noreplace) %{_httpd_confdir}/fcgid.conf
+%if 0%{?fedora} > 14 || 0%{?rhel} > 6
+%{_prefix}/lib/tmpfiles.d/mod_fcgid.conf
+%endif
+%dir %attr(0775,root,apache) %{rundir}/mod_fcgid/
+
+%if %{selinux_module}
+%files selinux
+%doc fastcgi.fc fastcgi.te README.SELinux
+%{_datadir}/selinux/*/fastcgi.pp
+%endif
+
+%changelog
+* Mon Dec 07 2020 Lubos Uhliarik - 2.3.9-17
+- Resolves: #1876525 - mod_fcgid does not pass more than 64 variables to an FCGI
+ server process environment
+
+* Thu Dec 13 2018 Joe Orton - 2.3.9-16
+- restrict symbol exports in mod_fcgid.so (#1655035)
+
+* Mon Dec 10 2018 Joe Orton - 2.3.9-15
+- fix memory consumption for large request bodies (#1654200)
+
+* Fri Dec 7 2018 Joe Orton - 2.3.9-14
+- fix handling of chunked request bodies (#1656851)
+
+* Fri Nov 30 2018 Joe Orton - 2.3.9-13
+- increase maximum FcgidInitialEnv to 256 chars (#1651310)
+
+* Thu May 03 2018 Luboš Uhliarik - 2.3.9-12
+- Related: #1564219 - SELinux prevents httpd from starting when mod_fcgid
+ is installed
+
+* Tue Apr 24 2018 Luboš Uhliarik - 2.3.9-11
+- Resolves: #1564219 - SELinux prevents httpd from starting when mod_fcgid
+ is installed
+
+* Thu Aug 03 2017 Fedora Release Engineering - 2.3.9-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering - 2.3.9-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering - 2.3.9-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Mar 4 2016 Paul Howarth - 2.3.9-7
+- Use /usr/bin/sed rather than /bin/sed for fixconf script on modern releases
+- Drop %%defattr, redundant since rpm 4.4
+- Use %%license where possible
+
+* Thu Feb 04 2016 Fedora Release Engineering - 2.3.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering - 2.3.9-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering - 2.3.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering - 2.3.9-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Jan 23 2014 Joe Orton 2.3.9-2
+- Fix _httpd_mmn expansion in absence of httpd-devel
+
+* Tue Oct 8 2013 Paul Howarth 2.3.9-1
+- Update to 2.3.9
+ - SECURITY: Fix possible heap buffer overwrite (CVE-2013-4365)
+ - Add experimental cmake-based build system for Windows
+ - Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA
+ Authenticator/Authorizor/Access directives' command line argument, as
+ currently documented (PR#51194)
+ - Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
+ assignments) (PR#51657)
+ - Conform script response parsing with mod_cgid and ensure no response body
+ is sent when ap_meets_conditions() determines that request conditions are
+ met
+ - Improve logging in access control hook functions
+ - Avoid making internal sub-requests and processing Location headers when in
+ FCGI_AUTHORIZER mode, as the auth hook functions already treat Location
+ headers returned by scripts as an error since redirections are not
+ meaningful in this mode
+ - Revert fix for PR#53693, added in 2.3.8 but undocumented
+ - Fix issues with a minor optimization added in 2.3.8
+
+* Sat Aug 03 2013 Fedora Release Engineering 2.3.7-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Thu Feb 14 2013 Fedora Release Engineering 2.3.7-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Jul 20 2012 Fedora Release Engineering 2.3.7-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Jul 4 2012 Paul Howarth 2.3.7-4
+- Move tmpfiles.d config from %%{_sysconfdir} to %%{_prefix}/lib
+
+* Wed May 2 2012 Paul Howarth 2.3.7-3
+- Make %%files list more explicit
+
+* Wed May 2 2012 Joe Orton 2.3.7-2
+- Use 10- prefix for conf file in conf.modules.d with httpd ≥ 2.4
+- Use _httpd_confdir throughout
+
+* Mon Apr 23 2012 Paul Howarth 2.3.7-1
+- Update to 2.3.7
+ - Introduce FcgidWin32PreventOrphans directive on Windows to use OS Job
+ Control Objects to terminate all running fcgi's when the worker process
+ has been abruptly terminated (PR: 51078)
+ - Periodically clean out the brigades that are pulling in the request body
+ for handoff to the fcgid child (PR: 51749)
+ - Resolve crash during graceful restarts (PR: 50309)
+ - Solve latency/congestion of resolving effective user file access rights
+ when no such info is desired, for config-related filename stats (PR: 51020)
+ - Fix regression in 2.3.6 that broke process controls when using
+ vhost-specific configuration
+ - Account for first process in class in the spawn score
+- Drop patch for CVE-2012-1181, now included in upstream release
+
+* Tue Mar 27 2012 Paul Howarth 2.3.6-6
+- Fix compatibility with httpd 2.4 in F-18/RHEL-7 onwards
+- Use /run rather than /var/run from F-15/RHEL-7 onwards
+
+* Sun Jan 22 2012 Paul Howarth 2.3.6-5
+- Fix regression in 2.3.6 that broke process controls when using vhost-specific
+ configuration (upstream issue 49902, #783742, CVE-2012-1181)
+
+* Fri Jan 6 2012 Paul Howarth 2.3.6-4
+- Nobody else likes macros for commands
+
+* Tue Feb 8 2011 Fedora Release Engineering 2.3.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Wed Dec 1 2010 Paul Howarth 2.3.6-2
+- Add /etc/tmpfiles.d/mod_fcgid.conf for builds on Fedora 15 onwards to
+ support running with /var/run on tmpfs (#656625)
+
+* Thu Nov 4 2010 Paul Howarth 2.3.6-1
+- Update to 2.3.6 (see CHANGES-FCGID for full details)
+ - Fix possible stack buffer overwrite (CVE-2010-3872)
+ - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators
+ should change this to an appropriate value based on site requirements
+ - Correct a problem that resulted in FcgidMaxProcesses being ignored in some
+ situations
+ - Return 500 instead of segfaulting when the application returns no output
+- Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it
+- Explicitly require /bin/sed for fixconf script
+
+* Tue Jun 8 2010 Paul Howarth 2.3.5-2
+- SELinux policy module not needed for RHEL-6 onwards
+
+* Wed Jan 27 2010 Paul Howarth 2.3.5-1
+- Update to 2.3.5 (see CHANGES-FCGID for details)
+- Drop upstream svn patch
+
+* Wed Oct 21 2009 Paul Howarth 2.3.4-2
+- Add fixes from upstream svn for a number of issues, most notably that the
+ fixconf script had an error in the regexp, which resulted in a prefix of
+ "FcgidFcgid" on the updated directives
+
+* Mon Oct 12 2009 Paul Howarth 2.3.4-1
+- Update to 2.3.4 (configuration directives changed again)
+- Add fixconf.sed script for config file directives update
+
+* Fri Sep 25 2009 Paul Howarth 2.3.1-2.20090925svn818270
+- Update to svn revision 818270
+- DESTDIR and header detection patches upstreamed
+- Build SELinux policy module for EL-5; support in EL-5.3 is incomplete and
+ will be fixed in EL-5.5 (#519369)
+- Drop aliases httpd_sys_content_r{a,o,w}_t -> httpd_fastcgi_content_r{a,o,w}_t
+ from pre-2.5 SElinux policy module as these types aren't defined there
+
+* Wed Sep 23 2009 Paul Howarth 2.3.1-1.20090923svn817978
+- Update to post-2.3.1 svn snapshot
+- Upstream moved to apache.org
+- License changed to ASL 2.0
+- Use FCGID-prefixed config file options (old ones deprecated)
+- Lots of documentation changes
+- Renumber sources
+- Don't defer to mod_fastcgi if both are present
+- Drop gawk buildreq
+- Add patches fixing RPM build issues (DESTDIR support, header detection)
+
+* Sat Jul 25 2009 Fedora Release Engineering - 2.2-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue May 26 2009 Paul Howarth 2.2-12
+- Don't use /etc/httpd/run as basis of "run" directory as its DAC permissions
+ are not permissive enough in F-11 onwards; instead, revert to
+ /var/run/mod_fcgid and tweak default config accordingly (#502273)
+
+* Sun May 17 2009 Paul Howarth 2.2-11
+- Follow link /etc/httpd/run and make our "run" directory a subdir of wherever
+ that leads (#501123)
+
+* Mon Apr 6 2009 Paul Howarth 2.2-10
+- EL 5.3 now has SELinux support in the main selinux-policy package so handle
+ that release as per Fedora >= 8, except that the RHEL selinux-policy package
+ doesn't Obsolete/Provide mod_fcgid-selinux like the Fedora version, so do
+ the obsoletion here instead
+
+* Thu Feb 26 2009 Paul Howarth 2.2-9
+- Update documentation for MoinMoin, Rails (#476658), and SELinux
+
+* Wed Feb 25 2009 Fedora Release Engineering - 2.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Wed Nov 12 2008 Paul Howarth 2.2-7
+- SELinux policy module no longer built for Fedora 8 onwards as it is
+ obsoleted by the main selinux-policy package
+- Conflicts for selinux-policy packages older than the releases where mod_fcgid
+ policy was incorporated have been added for Fedora 8, 9, and 10 versions, to
+ ensure that SELinux support will work if installed
+
+* Tue Oct 21 2008 Paul Howarth 2.2-6
+- SELinux policy module rewritten to merge fastcgi and system script domains
+ in preparation for merge into main selinux-policy package (#462318)
+- Try to determine supported SELinux policy types by reading /etc/selinux/config
+
+* Thu Jul 24 2008 Paul Howarth 2.2-5
+- Tweak selinux-policy version detection macro to work with current Rawhide
+
+* Thu Feb 14 2008 Paul Howarth 2.2-4
+- Rebuild with gcc 4.3.0 for Fedora 9
+
+* Mon Jan 14 2008 Paul Howarth 2.2-3
+- Update SELinux policy to fix occasional failures on restarts
+ (move shared memory file into /var/run/mod_fcgid directory)
+
+* Thu Jan 3 2008 Paul Howarth 2.2-2
+- Update SELinux policy to support file transition to httpd_tmp_t for
+ temporary files
+
+* Fri Sep 14 2007 Paul Howarth 2.2-1
+- Update to version 2.2
+- Make sure docs are encoded as UTF-8
+
+* Mon Sep 3 2007 Joe Orton 2.1-6
+- rebuild for fixed 32-bit APR (#254241)
+
+* Thu Aug 23 2007 Paul Howarth 2.1-5
+- Update source URL to point to downloads.sf.net rather than dl.sf.net
+- Upstream released new tarball without changing version number, though the
+ only change was in arch/win32/fcgid_pm_win.c, which is not used to build the
+ RPM package
+- Clarify license as GPL (unspecified/any version)
+- Unexpand tabs in spec
+- Add buildreq of gawk
+
+* Fri Aug 3 2007 Paul Howarth 2.1-4
+- Add buildreq of pkgconfig, a missing dependency of both apr-devel and
+ apr-util-devel on FC5
+
+* Fri Jun 15 2007 Paul Howarth 2.1-3
+- Major update of SELinux policy, supporting accessing data on NFS/CIFS shares
+ and a new boolean, httpd_fastcgi_can_sendmail, to allow connections to SMTP
+ servers
+- Fix for SELinux policy on Fedora 7, which didn't work due to changes in the
+ permissions macros in the underlying selinux-policy package
+
+* Wed Mar 21 2007 Paul Howarth 2.1-2
+- Add RHEL5 with SELinux support
+- Rename README.Fedora to README.RPM
+
+* Fri Feb 16 2007 Paul Howarth 2.1-1
+- Update to 2.1
+- Update documentation and patches
+- Rename some source files to reduce chances of conflicting names
+- Include SharememPath directive in conf file to avoid unfortunate upstream
+ default location
+
+* Mon Oct 30 2006 Paul Howarth 2.0-1
+- Update to 2.0
+- Source is now hosted at sourceforge.net
+- Update docs
+
+* Wed Sep 6 2006 Paul Howarth 1.10-7
+- Include the right README* files
+
+* Tue Aug 29 2006 Paul Howarth 1.10-6
+- Buildreqs for FC5 now identical to buildreqs for FC6 onwards
+
+* Fri Jul 28 2006 Paul Howarth 1.10-5
+- Split off SELinux module into separate subpackage to avoid dependency on
+ the selinux-policy package for the main package
+
+* Fri Jul 28 2006 Paul Howarth 1.10-4
+- SELinux policy packages moved from %%{_datadir}/selinux/packages/POLICYNAME
+ to %%{_datadir}/selinux/POLICYNAME
+- hardlink identical policy module packages together to avoid duplicate files
+
+* Thu Jul 20 2006 Paul Howarth 1.10-3
+- Adjust buildreqs for FC6 onwards
+- Figure out where top_dir is dynamically since the /etc/httpd/build
+ symlink is gone in FC6
+
+* Wed Jul 5 2006 Paul Howarth 1.10-2
+- SELinux policy update: allow FastCGI apps to do DNS lookups
+
+* Tue Jul 4 2006 Paul Howarth 1.10-1
+- Update to 1.10
+- Expand tabs to shut rpmlint up
+
+* Tue Jul 4 2006 Paul Howarth 1.09-10
+- SELinux policy update:
+ * allow httpd to read httpd_fastcgi_content_t without having the
+ | httpd_builtin_scripting boolean set
+ * allow httpd_fastcgi_script_t to read /etc/resolv.conf without
+ | having the httpd_can_network_connect boolean set
+
+* Sun Jun 18 2006 Paul Howarth 1.09-9
+- Discard output of semodule in %%postun
+- Include some documentation from upstream
+
+* Fri Jun 9 2006 Paul Howarth 1.09-8
+- Change default context type for socket directory from var_run_t to
+ httpd_fastcgi_sock_t for better separation
+
+* Thu Jun 8 2006 Paul Howarth 1.09-7
+- Add SELinux policy module and README.Fedora
+- Conflict with selinux-policy versions older than what we're built on
+
+* Mon May 15 2006 Paul Howarth 1.09-6
+- Instead of conflicting with mod_fastcgi, don't add the handler for .fcg etc.
+ if mod_fastcgi is present
+
+* Fri May 12 2006 Paul Howarth 1.09-5
+- Use correct handler name in fcgid.conf
+- Conflict with mod_fastcgi
+- Create directory %%{_localstatedir}/run/mod_fcgid for sockets
+
+* Thu May 11 2006 Paul Howarth 1.09-4
+- Cosmetic tweaks (personal preferences)
+- Don't include INSTALL.TXT, nothing of use to end users
+
+* Wed May 10 2006 Thomas Antony 1.09-3
+- Initial release
diff --git a/sources b/sources
new file mode 100644
index 0000000..ee71316
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+SHA512 (mod_fcgid-2.3.9.tar.bz2) = c429c14990cc8b492e88db1aa00fc2593bfb1b129b9001be21670d42c8f3e5038acd3f4556b48f3ac7dfc03c8d3656f0d4402122932e5bdc2c2aab1c7c235121