apache2-mod_fcgid-2.3.9-2.2

- add mod_fcgid-2.3.9-CVE-2016-1000104.patch - don't allow setting
  the HTTP_PROXY environment variable from a http header
  [CVE-2016-1000104], [bsc#988492]
- run spec-cleaner to clean specfile

- test module with %apache_test_module_load

- Requries: %{apache_suse_maintenance_mmn}
  This will pull this module to the update (in released distribution)
  when apache maintainer thinks it is good (due api/abi changes).

- call spec-cleaner
- use apache rpm macros

- update to 2.3.9:
  + obsoletes apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff
    and fixes CVE-2013-4365 [bnc#844935] (heap overflow).
    The heap overflow discovery and fix was done by
    Robert Matthews <rob tigertech.com>.
  + quoting and spaces parsing correction for FcgidWrapper directive
    and commandline options.
  + logging improvements for access controls
  + remove redundant processing of Location headers when running in
    FCGI_AUTHORIZER mode

- Intermediate fix for openSUSE:Factory eg. openSUSE:13.1:
  apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff fixes a heap
  overflow identified by CVE-2013-4365 [bnc#844935].
  This patch will be obsoleted by the next version update (to
  2.3.9 or higher).

- Update to version 2.3.7:
  + Introduce FcgidWin32PreventOrphans directive on Windows to use
    OS Job Control Objects to terminate all running fcgi's when the
    worker process has been abruptly terminated.
  + Periodically clean out the brigades which are pulling in the
    request body for handoff to the fcgid child.
  + Resolve crash during graceful restarts.
  + Solve latency/cogestion of resolving effective user file access
    rights when no such info is desired, for config related
    filename stats.
  + Fix regression in 2.3.6 which broke process controls when using
    vhost-specific configuration.
  + Account for first process in class in the spawn score.
- Really fix build with apache 2.4: redefining apxs to %{_sbindir}
  after the branch-check is just wrong.

- Fix build with apache 2.4: apxs2 moved from %{_sbindir} to
  %{_bindir}.

- patch license to follow spdx.org standard

- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build

- update to 2.3.6
  * ) SECURITY: CVE-2010-3872 (cve.mitre.org)
    Fix possible stack buffer overwrite.
  * ) Change the default for FcgidMaxRequestLen from 1GB to 128K.
    Administrators should change this to an appropriate value based on
    site requirements.
  * ) Allow FastCGI apps more time to exit at shutdown before being
    forcefully killed.
  ...and more fixes, see
  http://svn.apache.org/viewvc/httpd/mod_fcgid/tags/2.3.6/CHANGES-FCGID?view=markup
- adjust the somewhat outdated example config file

- update to version 2.3.5
  mod_fcgid is now an official apache project. During the migration
  the name of the configuration directives has changed. Please see
  /usr/share/doc/packages/apache2-mod_fcgid/CHANGES-FCGID
  to update your config to the new version.
- adapted config to the new directives

- added directory for the sharedmemory path and the sockets
  (bnc#365113)

- update to version 2.2
  - Support configuration "PassHeader". Thank Hans Christian
    Saustrup for the suggestion.
  - Support apr_shm_remove() in httpd.2.0.X. Thank Hans Christian
    Saustrup for bug report.
  - Support configuration "TimeScore". Thank Tim Jensen for the
    patch.
  - Support new configurations "MaxRequestInMem" and
    "MaxRequestLen"
  - If the length of http request longer than "MaxRequestInMem",
    it will store in tmp file.
  - It the length of http request longer than "MaxRequestLen", it
    will return internal server error.
    Thank Gabriel Barazer(gabriel at oxeva.fr) for the bug report.
    Thank Steffen(info at apachelounge.com) for the help on this
    issue.
  - Fix miner Sanity check bug. Thank Yuya Tanaka for bug report
- added SharememPath to the config (#337566)

- remove "Provides: apache2-mod_fastcgi", since the package is
  revived

- don't package INSTALL.txt
- ran dos2unix on the documentation tarball to avoid warnings from
  rpmlint

- update to version 2.1
  - Add missing config.m4 and Makefile.in for static linking
    Thank Mark Drago for notice
  - FCGIWrapper disallowed in .htaccess
    Thank Balinares for patch
  - Bug fix. Authoritative flag reversed
    Thank Chris Darroch for the patch
  - Support arguments in FCGIWrapper
    Thank Andre Nathan for suggestion and great help on testing it.
  - Support new config "SharememPath", which specifies the location
    of share memory path.
  - Check running user is root or not, while suexec is enabled.
    Thank Chris Holleman for the bug report.
  - Bug fix. Should not pass respond to auth checkers.
    Thank Szabolcs Hock for bug report.
- rediffed patches:
  mod_fcgid.2.0-warnings.patch => mod_fcgid.2.1-warnings.patch
- synced docs from the website

- update to version 2.0
  o Support FastCGI Authorizer protocols now.
  o Add apxs compile instruction in INSTALL.txt.
    Thank Hans Christian Saustrup, hc at saustrup.net for the suggestion.
  o Bug fix. (Win32 only) PHP script can not create socket on Win32.
    Thank bbscool at zjip.com for the bug report and the help.
  o GREAT patchs from Robert L Mathews, rob at tigertech.com
    Fix compile warnings
    Adds a MaxRequestsPerProcess parameter that allows mod_fcgid
    to exit after handling a certain number of requests
    Close socket before fork
    avoid the 1-second sleep the first time a process is spawned
  o Print warning log while read data error from FastCGI process.
  o Apply patch from Scott Lamb, Fix mod_fcgid 1.10 warnings on x86_64
- removed mod_fcgid.1.07-printf_warnings.patch
- rediffed patches:
  mod_fcgid.1.10-warnings.patch => mod_fcgid.2.0-warnings.patch
  mod_fcgid.1.07-suse_paths.patch => mod_fcgid.2.0-suse_paths.patch

- fix missing return value of is_kill_allowed()

- build the module for all MPMs, not only for prefork