Package Release Info


Update Info: Base Release
Available in Package Hub : 15





Change Logs

Version: 2.3.9-2.2
* Wed Jul 27 2016
- add mod_fcgid-2.3.9-CVE-2016-1000104.patch - don't allow setting
  the HTTP_PROXY environment variable from a http header
  [CVE-2016-1000104], [bsc#988492]
- run spec-cleaner to clean specfile
* Thu Sep 03 2015
- test module with %apache_test_module_load
* Thu Jul 16 2015
- Requries: %{apache_suse_maintenance_mmn}
  This will pull this module to the update (in released distribution)
  when apache maintainer thinks it is good (due api/abi changes).
* Fri Oct 31 2014
- call spec-cleaner
- use apache rpm macros
* Wed Nov 06 2013
- update to 2.3.9:
  + obsoletes apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff
    and fixes CVE-2013-4365 [bnc#844935] (heap overflow).
    The heap overflow discovery and fix was done by
    Robert Matthews <rob>.
  + quoting and spaces parsing correction for FcgidWrapper directive
    and commandline options.
  + logging improvements for access controls
  + remove redundant processing of Location headers when running in
* Mon Oct 21 2013
- Intermediate fix for openSUSE:Factory eg. openSUSE:13.1:
  apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff fixes a heap
  overflow identified by CVE-2013-4365 [bnc#844935].
  This patch will be obsoleted by the next version update (to
  2.3.9 or higher).
* Tue Mar 12 2013
- Update to version 2.3.7:
  + Introduce FcgidWin32PreventOrphans directive on Windows to use
    OS Job Control Objects to terminate all running fcgi's when the
    worker process has been abruptly terminated.
  + Periodically clean out the brigades which are pulling in the
    request body for handoff to the fcgid child.
  + Resolve crash during graceful restarts.
  + Solve latency/cogestion of resolving effective user file access
    rights when no such info is desired, for config related
    filename stats.
  + Fix regression in 2.3.6 which broke process controls when using
    vhost-specific configuration.
  + Account for first process in class in the spawn score.
- Really fix build with apache 2.4: redefining apxs to %{_sbindir}
  after the branch-check is just wrong.
* Mon Jan 28 2013
- Fix build with apache 2.4: apxs2 moved from %{_sbindir} to
* Mon Feb 13 2012
- patch license to follow standard
* Sat Sep 17 2011
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
* Sat Dec 04 2010
- update to 2.3.6
  * ) SECURITY: CVE-2010-3872 (
    Fix possible stack buffer overwrite.
  * ) Change the default for FcgidMaxRequestLen from 1GB to 128K.
    Administrators should change this to an appropriate value based on
    site requirements.
  * ) Allow FastCGI apps more time to exit at shutdown before being
    forcefully killed.
  ...and more fixes, see
- adjust the somewhat outdated example config file
* Thu Aug 05 2010
- update to version 2.3.5
  mod_fcgid is now an official apache project. During the migration
  the name of the configuration directives has changed. Please see
  to update your config to the new version.
- adapted config to the new directives
* Fri Mar 07 2008
- added directory for the sharedmemory path and the sockets
* Tue Oct 30 2007
- update to version 2.2
  - Support configuration "PassHeader". Thank Hans Christian
    Saustrup for the suggestion.
  - Support apr_shm_remove() in httpd.2.0.X. Thank Hans Christian
    Saustrup for bug report.
  - Support configuration "TimeScore". Thank Tim Jensen for the
  - Support new configurations "MaxRequestInMem" and
  - If the length of http request longer than "MaxRequestInMem",
    it will store in tmp file.
  - It the length of http request longer than "MaxRequestLen", it
    will return internal server error.
    Thank Gabriel Barazer(gabriel at for the bug report.
    Thank Steffen(info at for the help on this
  - Fix miner Sanity check bug. Thank Yuya Tanaka for bug report
- added SharememPath to the config (#337566)
* Tue Aug 07 2007
- remove "Provides: apache2-mod_fastcgi", since the package is
* Tue Jul 31 2007
- don't package INSTALL.txt
- ran dos2unix on the documentation tarball to avoid warnings from
* Mon Apr 16 2007
- update to version 2.1
  - Add missing config.m4 and for static linking
    Thank Mark Drago for notice
  - FCGIWrapper disallowed in .htaccess
    Thank Balinares for patch
  - Bug fix. Authoritative flag reversed
    Thank Chris Darroch for the patch
  - Support arguments in FCGIWrapper
    Thank Andre Nathan for suggestion and great help on testing it.
  - Support new config "SharememPath", which specifies the location
    of share memory path.
  - Check running user is root or not, while suexec is enabled.
    Thank Chris Holleman for the bug report.
  - Bug fix. Should not pass respond to auth checkers.
    Thank Szabolcs Hock for bug report.
- rediffed patches:
  mod_fcgid.2.0-warnings.patch => mod_fcgid.2.1-warnings.patch
- synced docs from the website
* Wed Nov 29 2006
- update to version 2.0
  o Support FastCGI Authorizer protocols now.
  o Add apxs compile instruction in INSTALL.txt.
    Thank Hans Christian Saustrup, hc at for the suggestion.
  o Bug fix. (Win32 only) PHP script can not create socket on Win32.
    Thank bbscool at for the bug report and the help.
  o GREAT patchs from Robert L Mathews, rob at
    Fix compile warnings
    Adds a MaxRequestsPerProcess parameter that allows mod_fcgid
    to exit after handling a certain number of requests
    Close socket before fork
    avoid the 1-second sleep the first time a process is spawned
  o Print warning log while read data error from FastCGI process.
  o Apply patch from Scott Lamb, Fix mod_fcgid 1.10 warnings on x86_64
- removed mod_fcgid.1.07-printf_warnings.patch
- rediffed patches:
  mod_fcgid.1.10-warnings.patch => mod_fcgid.2.0-warnings.patch
  mod_fcgid.1.07-suse_paths.patch => mod_fcgid.2.0-suse_paths.patch
* Thu Oct 19 2006
- fix missing return value of is_kill_allowed()
* Tue Oct 17 2006
- build the module for all MPMs, not only for prefork
Version: 2.3.9-bp150.2.2
* Fri May 12 2017
- amend example in %check to see how output to stderr get
  logged in error_log
* Mon Mar 13 2017
- add a true example to %check