pkgsrc.se | The NetBSD package collection

./www/ap2-fcgid, High performance alternative to mod_cgi or mod_cgid

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2010Q3, Version: 2.3.6, Package name: ap22-fcgid-2.3.6, Maintainer: pkgsrc-users

High performance alternative to mod_cgi or mod_cgid, which starts a sufficient
number instances of the CGI program to handle concurrent requests, and these
programs remain running to handle further incoming requests. It is favored by
the PHP developers, for example, as a preferred alternative to running mod_php
in-process, delivering very similar performance.

Required to run:
[www/apache22]

Required to build:
[lang/perl5] [devel/libtool-base]

Master sites: (Expand)

SHA1: 018245896f331909e896685ab3ca86b163846e4d
RMD160: 962edaee41d502fcfbcb9d18028a43c72b54933f
Filesize: 99.495 KB

Version history: (Expand)

(2010-11-24) Updated to version: ap22-fcgid-2.3.6
(2010-10-17) Package added to pkgsrc.se, version ap22-fcgid-2.3.5 (created)

CVS history: (Expand)

2010-11-23 18:07:05 by Matthias Scheler | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #3282 - requested by obache
www/ap2-fcgid: security update

Revisions pulled up:
- www/ap2-fcgid/Makefile		1.7
- www/ap2-fcgid/distinfo		1.4
---
Module Name:	pkgsrc
Committed By:	obache
Date:		Tue Nov 23 11:55:16 UTC 2010

Modified Files:
	pkgsrc/www/ap2-fcgid: Makefile distinfo

Log message:
Update ap2-fcgid to 2.3.6.

Changes with mod_fcgid 2.3.6

   *) SECURITY: CVE-2010-3872 (cve.mitre.org)
      Fix possible stack buffer overwrite.  Diagnosed by the reporter.
      P R 49406.  [Edgar Frank <ef-lists email.de>]

   *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
      Administrators should change this to an appropriate value based on
      site requirements.  [Jeff Trawick]

   *) Allow FastCGI apps more time to exit at shutdown before being
      forcefully killed.  [Jeff Trawick]

   *) Correct a problem that resulted in FcgidMaxProcesses being ignored
      in some situations.  P R 48981.  [<rkosolapov gmail.com>]

   *) Fix the search for processes with the proper vhost config when
      ServerName isn't set in every vhost or a module updates
      r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
      or a module updates r->server dynamically (e.g., mod_vhost_ldap).
      [Jeff Trawick]

   *) FcgidPassHeader now maps header names to environment variable names
      in the usual manner: The header name is converted to upper case and
      is prefixed with HTTP_.  An additional environment variable is
      created with the legacy name.  P R 48964.  [Jeff Trawick]

   *) Allow processes to be reused within multiple phases of a request
      by releasing them into the free list as soon as possible.
      [Chris Darroch]

   *) Fix lookup of process command lines when using FcgidWrapper or
      access control directives, including within .htaccess files.
      [Chris Darroch]

   *) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
      ownership of mutex files was incorrect, resulting in a startup failure.
      P R 48651.  [Jeff Trawick, <pservit gmail.com>]

   *) Return 500 instead of segfaulting when the application returns no output.
      [Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]

   *) In FCGI_AUTHORIZER role, avoid spawning a new process for every
      different HTTP request.  [Chris Darroch]