- New upstream release 2.3.9
- SECURITY: Fix possible heap buffer overwrite (CVE-2013-4365)
- Add experimental cmake-based build system for Windows
- Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA
Authenticator/Authorizor/Access directives' command line argument, as
currently documented (PR#51194)
- Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
assignments) (PR#51657)
- Conform script response parsing with mod_cgid and ensure no response body
is sent when ap_meets_conditions() determines that request conditions are
met
- Improve logging in access control hook functions
- Avoid making internal sub-requests and processing Location headers when in
FCGI_AUTHORIZER mode, as the auth hook functions already treat Location
headers returned by scripts as an error since redirections are not
meaningful in this mode
- Revert fix for PR#53693, added in 2.3.8 but undocumented
- Fix issues with a minor optimization added in 2.3.8
- New upstream release 2.3.7
- Introduce FcgidWin32PreventOrphans directive on Windows to use OS Job
Control Objects to terminate all running fcgi's when the worker process
has been abruptly terminated (PR: 51078)
- Periodically clean out the brigades that are pulling in the request body
for handoff to the fcgid child (PR: 51749)
- Resolve crash during graceful restarts (PR: 50309)
- Solve latency/congestion of resolving effective user file access rights
when no such info is desired, for config-related filename stats (PR: 51020)
- Fix regression in 2.3.6 that broke process controls when using
vhost-specific configuration
- Account for first process in class in the spawn score
- Drop patch for CVE-2012-1181, now included in upstream release
- New upstream release 2.3.6 (see CHANGES-FCGID for full details)
- Fix possible stack buffer overwrite (CVE-2010-3872)
- Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators
should change this to an appropriate value based on site requirements
- Correct a problem that resulted in FcgidMaxProcesses being ignored in some
situations
- Return 500 instead of segfaulting when the application returns no output
- Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it
- Explicitly require /bin/sed for fixconf script
- Upstream moved to apache.org
- License changed to ASL 2.0
- Configuration directives have all been renamed - use fixconf.sed script
to fix if necessary
- Lots of documentation changes
- Renumber sources
- Don't defer to mod_fastcgi if both are present
- Build SELinux policy module for EL-5; support in EL-5.3 is incomplete and
will be fixed in EL-5.5 (#519369)
- Drop aliases httpd_sys_content_r{a,o,w}_t ->
httpd_fastcgi_content_r{a,o,w}_t from pre-2.5 SElinux policy module as
these types aren't defined there
- Drop gawk buildreq
- Upstream moved to apache.org
- License changed to ASL 2.0
- Configuration directives have all been renamed - use fixconf.sed script
to fix if necessary
- Lots of documentation changes
- Renumber sources
- Don't defer to mod_fastcgi if both are present
- Build SELinux policy module for EL-5; support in EL-5.3 is incomplete and
will be fixed in EL-5.5 (#519369)
- Drop aliases httpd_sys_content_r{a,o,w}_t ->
httpd_fastcgi_content_r{a,o,w}_t from pre-2.5 SElinux policy module as
these types aren't defined there
- Drop gawk buildreq
obsoleted by the main selinux-policy package
- Conflicts for selinux-policy packages older than the releases where
mod_fcgid policy was incorporated have been added for Fedora 8, 9, and
10 versions, to ensure that SELinux support will work if installed
