Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2010-11-23 18:07:05 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #3282 - requested by obache
www/ap2-fcgid: security update

Revisions pulled up:
- www/ap2-fcgid/Makefile		1.7
- www/ap2-fcgid/distinfo		1.4
---
Module Name:	pkgsrc
Committed By:	obache
Date:		Tue Nov 23 11:55:16 UTC 2010

Modified Files:
	pkgsrc/www/ap2-fcgid: Makefile distinfo

Log message:
Update ap2-fcgid to 2.3.6.

Changes with mod_fcgid 2.3.6

   *) SECURITY: CVE-2010-3872 (cve.mitre.org)
      Fix possible stack buffer overwrite.  Diagnosed by the reporter.
      P R 49406.  [Edgar Frank <ef-lists email.de>]

   *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
      Administrators should change this to an appropriate value based on
      site requirements.  [Jeff Trawick]

   *) Allow FastCGI apps more time to exit at shutdown before being
      forcefully killed.  [Jeff Trawick]

   *) Correct a problem that resulted in FcgidMaxProcesses being ignored
      in some situations.  P R 48981.  [<rkosolapov gmail.com>]

   *) Fix the search for processes with the proper vhost config when
      ServerName isn't set in every vhost or a module updates
      r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
      or a module updates r->server dynamically (e.g., mod_vhost_ldap).
      [Jeff Trawick]

   *) FcgidPassHeader now maps header names to environment variable names
      in the usual manner: The header name is converted to upper case and
      is prefixed with HTTP_.  An additional environment variable is
      created with the legacy name.  P R 48964.  [Jeff Trawick]

   *) Allow processes to be reused within multiple phases of a request
      by releasing them into the free list as soon as possible.
      [Chris Darroch]

   *) Fix lookup of process command lines when using FcgidWrapper or
      access control directives, including within .htaccess files.
      [Chris Darroch]

   *) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
      ownership of mutex files was incorrect, resulting in a startup failure.
      P R 48651.  [Jeff Trawick, <pservit gmail.com>]

   *) Return 500 instead of segfaulting when the application returns no output.
      [Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]

   *) In FCGI_AUTHORIZER role, avoid spawning a new process for every
      different HTTP request.  [Chris Darroch]

Next | Query returned 1 messages, browsing 1 to 10 | previous