--- - branch: pkgsrc-2010Q3 date: Tue Nov 23 17:07:05 UTC 2010 files: - new: 1.6.2.1 old: '1.6' path: pkgsrc/www/ap2-fcgid/Makefile pathrev: pkgsrc/www/ap2-fcgid/Makefile@1.6.2.1 type: modified - new: 1.3.6.1 old: '1.3' path: pkgsrc/www/ap2-fcgid/distinfo pathrev: pkgsrc/www/ap2-fcgid/distinfo@1.3.6.1 type: modified id: 20101123T170705Z.815a951bdd35f9fdcc49966b7d2c7f7d135c8760 log: "Pullup ticket #3282 - requested by obache\nwww/ap2-fcgid: security update\n\nRevisions pulled up:\n- www/ap2-fcgid/Makefile\t\t1.7\n- www/ap2-fcgid/distinfo\t\t1.4\n---\nModule Name:\tpkgsrc\nCommitted By:\tobache\nDate:\t\tTue Nov 23 11:55:16 UTC 2010\n\nModified Files:\n\tpkgsrc/www/ap2-fcgid: Makefile distinfo\n\nLog Message:\nUpdate ap2-fcgid to 2.3.6.\n\nChanges with mod_fcgid 2.3.6\n\n *) SECURITY: CVE-2010-3872 (cve.mitre.org)\n \ Fix possible stack buffer overwrite. Diagnosed by the reporter.\n P R 49406. [Edgar Frank ]\n\n *) Change the default for FcgidMaxRequestLen from 1GB to 128K.\n Administrators should change this to an appropriate value based on\n site requirements. [Jeff Trawick]\n\n *) Allow FastCGI apps more time to exit at shutdown before being\n forcefully killed. [Jeff Trawick]\n\n \ *) Correct a problem that resulted in FcgidMaxProcesses being ignored\n in some situations. P R 48981. []\n\n *) Fix the search for processes with the proper vhost config when\n ServerName isn't set in every vhost or a module updates\n r->server->server_hostname dynamically (e.g., mod_vhost_cdb)\n or a module updates r->server dynamically (e.g., mod_vhost_ldap).\n [Jeff Trawick]\n\n *) FcgidPassHeader now maps header names to environment variable names\n in the usual manner: The header name is converted to upper case and\n is prefixed with HTTP_. An additional environment variable is\n created with the legacy name. P R 48964. [Jeff Trawick]\n\n \ *) Allow processes to be reused within multiple phases of a request\n by releasing them into the free list as soon as possible.\n [Chris Darroch]\n\n \ *) Fix lookup of process command lines when using FcgidWrapper or\n access control directives, including within .htaccess files.\n [Chris Darroch]\n\n \ *) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;\n \ ownership of mutex files was incorrect, resulting in a startup failure.\n \ P R 48651. [Jeff Trawick, ]\n\n *) Return 500 instead of segfaulting when the application returns no output.\n [Tatsuki Sugiura , Jeff Trawick]\n\n *) In FCGI_AUTHORIZER role, avoid spawning a new process for every\n different HTTP request. [Chris Darroch]\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2010Q3] pkgsrc/www/ap2-fcgid' unixtime: '1290532025' user: tron