Changelog for apache2-mod_fcgid-2.3.9-51.1.x86_64.rpm :
Fri May 12 14:00:00 2017
- amend example in %check to see how output to stderr get
logged in error_log

Mon Mar 13 13:00:00 2017
- add a true example to %check

Wed Jul 27 14:00:00 2016
- add mod_fcgid-2.3.9-CVE-2016-1000104.patch - don\'t allow setting
the HTTP_PROXY environment variable from a http header
[CVE-2016-1000104], [bsc#988492]
- run spec-cleaner to clean specfile

Thu Sep 3 14:00:00 2015
- test module with %apache_test_module_load

Thu Jul 16 14:00:00 2015
- Requries: %{apache_suse_maintenance_mmn}
This will pull this module to the update (in released distribution)
when apache maintainer thinks it is good (due api/abi changes).

Fri Oct 31 13:00:00 2014
- call spec-cleaner
- use apache rpm macros

Wed Nov 6 13:00:00 2013
- update to 2.3.9:
+ obsoletes apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff
and fixes CVE-2013-4365 [bnc#844935] (heap overflow).
The heap overflow discovery and fix was done by
Robert Matthews .
+ quoting and spaces parsing correction for FcgidWrapper directive
and commandline options.
+ logging improvements for access controls
+ remove redundant processing of Location headers when running in

Mon Oct 21 14:00:00 2013
- Intermediate fix for openSUSE:Factory eg. openSUSE:13.1:
apache2-mod_fcgid-CVE-2013-4365-bnc844935.diff fixes a heap
overflow identified by CVE-2013-4365 [bnc#844935].
This patch will be obsoleted by the next version update (to
2.3.9 or higher).

Tue Mar 12 13:00:00 2013
- Update to version 2.3.7:
+ Introduce FcgidWin32PreventOrphans directive on Windows to use
OS Job Control Objects to terminate all running fcgi\'s when the
worker process has been abruptly terminated.
+ Periodically clean out the brigades which are pulling in the
request body for handoff to the fcgid child.
+ Resolve crash during graceful restarts.
+ Solve latency/cogestion of resolving effective user file access
rights when no such info is desired, for config related
filename stats.
+ Fix regression in 2.3.6 which broke process controls when using
vhost-specific configuration.
+ Account for first process in class in the spawn score.
- Really fix build with apache 2.4: redefining apxs to %{_sbindir}
after the branch-check is just wrong.

Mon Jan 28 13:00:00 2013
- Fix build with apache 2.4: apxs2 moved from %{_sbindir} to

Mon Feb 13 13:00:00 2012
- patch license to follow standard

Sat Sep 17 14:00:00 2011
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build

Sat Dec 4 13:00:00 2010
- update to 2.3.6

* ) SECURITY: CVE-2010-3872 (
Fix possible stack buffer overwrite.

* ) Change the default for FcgidMaxRequestLen from 1GB to 128K.
Administrators should change this to an appropriate value based on
site requirements.

* ) Allow FastCGI apps more time to exit at shutdown before being
forcefully killed.
...and more fixes, see
- adjust the somewhat outdated example config file

Thu Aug 5 14:00:00 2010
- update to version 2.3.5
mod_fcgid is now an official apache project. During the migration
the name of the configuration directives has changed. Please see
to update your config to the new version.
- adapted config to the new directives