Changelog for
apache2-mod_fcgid-2.3.9-1.11.i586.rpm :
Fri Oct 31 13:00:00 2014 pgajdosAATTsuse.com
- call spec-cleaner
- use apache rpm macros
Wed Nov 6 13:00:00 2013 drahtAATTsuse.de
- update to 2.3.9:
+ obsoletes apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff
and fixes CVE-2013-4365 [bnc#844935] (heap overflow).
The heap overflow discovery and fix was done by
Robert Matthews
.
+ quoting and spaces parsing correction for FcgidWrapper directive
and commandline options.
+ logging improvements for access controls
+ remove redundant processing of Location headers when running in
FCGI_AUTHORIZER mode
Mon Oct 21 14:00:00 2013 drahtAATTsuse.de
- Intermediate fix for openSUSE:Factory eg. openSUSE:13.1:
apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff fixes a heap
overflow identified by CVE-2013-4365 [bnc#844935].
This patch will be obsoleted by the next version update (to
2.3.9 or higher).
Tue Mar 12 13:00:00 2013 dimstarAATTopensuse.org
- Update to version 2.3.7:
+ Introduce FcgidWin32PreventOrphans directive on Windows to use
OS Job Control Objects to terminate all running fcgi\'s when the
worker process has been abruptly terminated.
+ Periodically clean out the brigades which are pulling in the
request body for handoff to the fcgid child.
+ Resolve crash during graceful restarts.
+ Solve latency/cogestion of resolving effective user file access
rights when no such info is desired, for config related
filename stats.
+ Fix regression in 2.3.6 which broke process controls when using
vhost-specific configuration.
+ Account for first process in class in the spawn score.
- Really fix build with apache 2.4: redefining apxs to %{_sbindir}
after the branch-check is just wrong.
Mon Jan 28 13:00:00 2013 dimstarAATTopensuse.org
- Fix build with apache 2.4: apxs2 moved from %{_sbindir} to
%{_bindir}.
Mon Feb 13 13:00:00 2012 cooloAATTsuse.com
- patch license to follow spdx.org standard
Sat Sep 17 14:00:00 2011 jengelhAATTmedozas.de
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
Sat Dec 4 13:00:00 2010 poemlAATTcmdline.net
- update to 2.3.6
* ) SECURITY: CVE-2010-3872 (cve.mitre.org)
Fix possible stack buffer overwrite.
* ) Change the default for FcgidMaxRequestLen from 1GB to 128K.
Administrators should change this to an appropriate value based on
site requirements.
* ) Allow FastCGI apps more time to exit at shutdown before being
forcefully killed.
...and more fixes, see
http://svn.apache.org/viewvc/httpd/mod_fcgid/tags/2.3.6/CHANGES-FCGID?view=markup
- adjust the somewhat outdated example config file
Thu Aug 5 14:00:00 2010 mrueckertAATTsuse.de
- update to version 2.3.5
mod_fcgid is now an official apache project. During the migration
the name of the configuration directives has changed. Please see
/usr/share/doc/packages/apache2-mod_fcgid/CHANGES-FCGID
to update your config to the new version.
- adapted config to the new directives
Fri Mar 7 13:00:00 2008 mrueckertAATTsuse.de
- added directory for the sharedmemory path and the sockets
(bnc#365113)