CVS commit: [pkgsrc-2010Q3] pkgsrc/www/ap2-fcgid

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2010Q3] pkgsrc/www/ap2-fcgid
From: "Matthias Scheler" <tron%netbsd.org@localhost>
Date: Tue, 23 Nov 2010 17:07:05 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Nov 23 17:07:05 UTC 2010

Modified Files:
        pkgsrc/www/ap2-fcgid [pkgsrc-2010Q3]: Makefile distinfo

Log Message:
Pullup ticket #3282 - requested by obache
www/ap2-fcgid: security update

Revisions pulled up:
- www/ap2-fcgid/Makefile                1.7
- www/ap2-fcgid/distinfo                1.4
---
Module Name:    pkgsrc
Committed By:   obache
Date:           Tue Nov 23 11:55:16 UTC 2010

Modified Files:
        pkgsrc/www/ap2-fcgid: Makefile distinfo

Log Message:
Update ap2-fcgid to 2.3.6.

Changes with mod_fcgid 2.3.6

   *) SECURITY: CVE-2010-3872 (cve.mitre.org)
      Fix possible stack buffer overwrite.  Diagnosed by the reporter.
      P R 49406.  [Edgar Frank <ef-lists email.de>]

   *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
      Administrators should change this to an appropriate value based on
      site requirements.  [Jeff Trawick]

   *) Allow FastCGI apps more time to exit at shutdown before being
      forcefully killed.  [Jeff Trawick]

   *) Correct a problem that resulted in FcgidMaxProcesses being ignored
      in some situations.  P R 48981.  [<rkosolapov gmail.com>]

   *) Fix the search for processes with the proper vhost config when
      ServerName isn't set in every vhost or a module updates
      r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
      or a module updates r->server dynamically (e.g., mod_vhost_ldap).
      [Jeff Trawick]

   *) FcgidPassHeader now maps header names to environment variable names
      in the usual manner: The header name is converted to upper case and
      is prefixed with HTTP_.  An additional environment variable is
      created with the legacy name.  P R 48964.  [Jeff Trawick]

   *) Allow processes to be reused within multiple phases of a request
      by releasing them into the free list as soon as possible.
      [Chris Darroch]

   *) Fix lookup of process command lines when using FcgidWrapper or
      access control directives, including within .htaccess files.
      [Chris Darroch]

   *) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
      ownership of mutex files was incorrect, resulting in a startup failure.
      P R 48651.  [Jeff Trawick, <pservit gmail.com>]

   *) Return 500 instead of segfaulting when the application returns no output.
      [Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]

   *) In FCGI_AUTHORIZER role, avoid spawning a new process for every
      different HTTP request.  [Chris Darroch]


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/www/ap2-fcgid/Makefile
cvs rdiff -u -r1.3 -r1.3.6.1 pkgsrc/www/ap2-fcgid/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/lang/mono
Next by Date: CVS commit: [pkgsrc-2010Q3] pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang/mono
Next by Thread: CVS commit: [pkgsrc-2010Q3] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index