Update to 2.3.6

- New upstream release 2.3.6 (see CHANGES-FCGID for full details) - Fix possible stack buffer overwrite (CVE-2010-3872) - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements - Correct a problem that resulted in FcgidMaxProcesses being ignored in some situations - Return 500 instead of segfaulting when the application returns no output - Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it - Explicitly require /bin/sed for fixconf script
2010-11-05 14:23:42 +00:00 · 2010-11-05 14:23:42 +00:00 · b969a41714
commit b969a41714
parent cd61a5161f
3 changed files with 27 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-mod_fcgid-2.3.5.tar.bz2
+/mod_fcgid-2.3.6.tar.bz2
--- a/mod_fcgid.spec
+++ b/mod_fcgid.spec
@ -1,8 +1,8 @@
 # Fedora 5, 6, and 7 versions includes SELinux policy module package
 # Fedora 8 and 9 versions include policy in errata selinux-policy releases
 # Fedora 10 onwards include policy in standard selinux-policy releases
-# RHEL 5.5 onwards will include policy in standard selinux-policy releases
-%if 0%{?fedora}%{?rhel} < 5 || 0%{?fedora} > 7 || 0%{?rhel} > 5
+# RHEL 5.5 onwards include policy in standard selinux-policy releases
+%if 0%{?fedora} < 5 || 0%{?fedora} > 7 || 0%{?rhel}
 %global selinux_module 0
 %global selinux_types %{nil}
 %global selinux_variants %{nil}
@ -15,8 +15,8 @@
 %endif

 Name:		mod_fcgid
-Version:	2.3.5
-Release:	2%{?dist}
+Version:	2.3.6
+Release:	1%{?dist}
 Summary:	FastCGI interface module for Apache 2
 Group:		System Environment/Daemons
 License:	ASL 2.0
@ -32,13 +32,15 @@ Patch0:		mod_fcgid-2.3.4-fixconf-shellbang.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	httpd-devel >= 2.0, pkgconfig
 Requires:	httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
+# sed required for fixconf script
+Requires:	/bin/sed
 # Make sure that selinux-policy is sufficiently up-to-date if it's installed
-## FastCGI policy properly incorporated into EL 5.5 (not yet available)
-#%if "%{?rhel}" == "5"
-#Conflicts:	selinux-policy < 2.4.6-257.el5
-## No provide here because selinux-policy >= 2.4.6-203.el5 does the providing
-#Obsoletes:	mod_fcgid-selinux <= %{version}-%{release}
-#%endif
+# FastCGI policy properly incorporated into EL 5.5
+%if "%{?rhel}" == "5"
+Conflicts:	selinux-policy < 2.4.6-279.el5
+# No provide here because selinux-policy >= 2.4.6-279.el5 does the providing
+Obsoletes:	mod_fcgid-selinux <= %{version}-%{release}
+%endif
 %if "%{?fedora}" == "8"
 Conflicts:	selinux-policy < 3.0.8-123.fc8
 %endif
@ -62,7 +64,7 @@ as possible.
 Summary:	  SELinux policy module supporting FastCGI applications with mod_fcgid
 Group:		  System Environment/Base
 BuildRequires:	  %{selinux_buildreqs}
-# selinux-policy is required for directory ownership of %{_datadir}/selinux/*
+# selinux-policy is required for directory ownership of %%{_datadir}/selinux/*
 # Modules built against one version of a policy may not work with older policy
 # versions, as noted on fedora-selinux-list:
 # http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html
@ -110,7 +112,7 @@ done
 %{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf
 %{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid

-# Include the manual as %doc, don't need it elsewhere
+# Include the manual as %%doc, don't need it elsewhere
 %{__rm} -rf %{buildroot}%{_var}/www/manual

 # Install SELinux policy modules
@ -171,6 +173,17 @@ exit 0
 %endif

 %changelog
+* Thu Nov  4 2010 Paul Howarth <paul@city-fan.org> 2.3.6-1
+- Update to 2.3.6 (see CHANGES-FCGID for full details)
+  - Fix possible stack buffer overwrite (CVE-2010-3872)
+  - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators
+    should change this to an appropriate value based on site requirements
+  - Correct a problem that resulted in FcgidMaxProcesses being ignored in some
+    situations
+  - Return 500 instead of segfaulting when the application returns no output
+- Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it
+- Explicitly require /bin/sed for fixconf script
+
 * Tue Jun  8 2010 Paul Howarth <paul@city-fan.org> 2.3.5-2
 - SELinux policy module not needed for RHEL-6 onwards

--- a/2
+++ b/2
@ -1 +1 @@
-640a49c9ddf8596bd913835118b4a6aa  mod_fcgid-2.3.5.tar.bz2
+30ee138f3f0eb1c55303400748f128a2  mod_fcgid-2.3.6.tar.bz2