Update ap2-fcgid to 2.3.6.

Changes with mod_fcgid 2.3.6

  *) SECURITY: CVE-2010-3872 (cve.mitre.org)
    Fix possible stack buffer overwrite.  Diagnosed by the reporter.
    P R 49406.  [Edgar Frank <ef-lists email.de>]

  *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
    Administrators should change this to an appropriate value based on
    site requirements.  [Jeff Trawick]

  *) Allow FastCGI apps more time to exit at shutdown before being
    forcefully killed.  [Jeff Trawick]

  *) Correct a problem that resulted in FcgidMaxProcesses being ignored
    in some situations.  P R 48981.  [<rkosolapov gmail.com>]

  *) Fix the search for processes with the proper vhost config when
    ServerName isn't set in every vhost or a module updates
    r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
    or a module updates r->server dynamically (e.g., mod_vhost_ldap).
    [Jeff Trawick]

  *) FcgidPassHeader now maps header names to environment variable names
    in the usual manner: The header name is converted to upper case and
    is prefixed with HTTP_.  An additional environment variable is
    created with the legacy name.  P R 48964.  [Jeff Trawick]

  *) Allow processes to be reused within multiple phases of a request
    by releasing them into the free list as soon as possible.
    [Chris Darroch]

  *) Fix lookup of process command lines when using FcgidWrapper or
    access control directives, including within .htaccess files.
    [Chris Darroch]

  *) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
    ownership of mutex files was incorrect, resulting in a startup failure.
    P R 48651.  [Jeff Trawick, <pservit gmail.com>]

  *) Return 500 instead of segfaulting when the application returns no output.
    [Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]

  *) In FCGI_AUTHORIZER role, avoid spawning a new process for every
    different HTTP request.  [Chris Darroch]

(obache)