#acl PaulHowarth:read,write,admin,revert,delete All:read === Friday 5th November 2010 === ==== Fedora Project ==== * Updated `mod_fcgid` to 2.3.6 in Rawhide, EPEL-6, F-13, and F-12: * Fix possible stack buffer overwrite ([[CVE:2010-3872|CVE-2010-3872]]) * Change the default for `FcgidMaxRequestLen` from 1GB to 128K; administrators should change this to an appropriate value based on site requirements * Allow FastCGI apps more time to exit at shutdown before being forcefully killed * Correct a problem that resulted in `FcgidMaxProcesses` being ignored in some situations * Fix the search for processes with the proper `vhost` config when `ServerName` isn't set in every `vhost` or a module updates `r->server->server_hostname` dynamically (e.g., `mod_vhost_cdb`) or a module updates `r->server` dynamically (e.g., `mod_vhost_ldap`) * `FcgidPassHeader` now maps header names to environment variable names in the usual manner: the header name is converted to upper case and is prefixed with `HTTP_` (an additional environment variable is created with the legacy name) * Allow processes to be reused within multiple phases of a request by releasing them into the free list as soon as possible * Fix lookup of process command lines when using `FcgidWrapper` or access control directives, including within `.htaccess` files * Resolve a regression in 2.3.5 with `httpd` 2.0.x on some Unix platforms; ownership of mutex files was incorrect, resulting in a startup failure * Return 500 instead of segfaulting when the application returns no output * In `FCGI_AUTHORIZER` rĂ´le, avoid spawning a new process for every different `HTTP` request * Updated `mod_fcgid` 2.2 in EPEL-4 and EPEL-5 to include backported patches from 2.3.6 for the possible stack buffer overwrite and segfaulting when the application returns no output issues * Built `perl-Test-Fatal` (0.003) in Rawhide (first Fedora release of this package) * Rebuilt `perl-XML-LibXML` for `libxml2` 2.7.8 in Rawhide; many maintainers have have been rebuilding their `libxml2`-dependent packages today, presumably because of a broken deps report that went out with today's Rawhide compose but that was a side-effect of a shared-library versioning problem in `libxml2` that was fixed in 2.7.8-4.fc15, which means that all of the broken deps will be OK again tomorrow anyway. The `perl-XML-LibXML` package __does__ need to be rebuilt though, because it embeds the version of `libxml2` that it was built against into the module, and this is checked in one of the tests in the `perl-XML-LibXSLT` test suite (built-against version must match run-against version) and hence a rebuild of `perl-XML-LibXML` is necessary to avoid a FTBFS issue with `perl-XML-LibXSLT`. ==== Local Packages ==== * Updated `mod_fcgid` to 2.3.6 as per the Fedora version, dropping the SELinux policy module for the RHEL-5 build as RHEL-5.5 now contains working policy * Rebuilt `perl-XML-LibXML` for `libxml2` 2.7.8 ----