From 4323f1aa08096d1d9355f3f97b1c4e0b29a78904 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Oct 08 2013 11:14:24 +0000
Subject: Update to 2.3.9


- New upstream release 2.3.9
  - SECURITY: Fix possible heap buffer overwrite (CVE-2013-4365)
  - Add experimental cmake-based build system for Windows
  - Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA
    Authenticator/Authorizor/Access directives' command line argument, as
    currently documented (PR#51194)
  - Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
    assignments) (PR#51657)
  - Conform script response parsing with mod_cgid and ensure no response body
    is sent when ap_meets_conditions() determines that request conditions are
    met
  - Improve logging in access control hook functions
  - Avoid making internal sub-requests and processing Location headers when in
    FCGI_AUTHORIZER mode, as the auth hook functions already treat Location
    headers returned by scripts as an error since redirections are not
    meaningful in this mode
  - Revert fix for PR#53693, added in 2.3.8 but undocumented
  - Fix issues with a minor optimization added in 2.3.8

---

diff --git a/mod_fcgid.spec b/mod_fcgid.spec
index 1f5cc51..30a4ac8 100644
--- a/mod_fcgid.spec
+++ b/mod_fcgid.spec
@@ -33,8 +33,8 @@
 %endif
 
 Name:		mod_fcgid
-Version:	2.3.7
-Release:	7%{?dist}
+Version:	2.3.9
+Release:	1%{?dist}
 Summary:	FastCGI interface module for Apache 2
 Group:		System Environment/Daemons
 License:	ASL 2.0
@@ -82,19 +82,19 @@ the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon
 as possible.
 
 %if %{selinux_module}
-%global selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0)
-%global selinux_policynum %(echo %{selinux_policyver} | awk -F. '{ printf "%d%02d%02d", $1, $2, $3 }')
 %package selinux
 Summary:	  SELinux policy module supporting FastCGI applications with mod_fcgid
 Group:		  System Environment/Base
 BuildRequires:	  %{selinux_buildreqs}
 # selinux-policy is required for directory ownership of %%{_datadir}/selinux/*
-# Modules built against one version of a policy may not work with older policy
-# versions, as noted on fedora-selinux-list:
-# http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html
-# Hence the versioned dependency. The versioning will hopefully be replaced by
-# an ABI version requirement or something similar in the future
-Requires:	  selinux-policy >= %{selinux_policyver}
+#
+# version requirement is a hack to avoid problems mixing new modules with older policy,
+# e.g. http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html
+# _selinux_policy_version introduced in F-20 (#999584), but can be emulated by
+# pulling the policy version number from the policyhelp file on older distributions
+%{!?_selinux_policy_version: %global _selinux_policy_version %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp 2>/dev/null || echo 0.0.0)}
+%global selinux_policynum %(echo %{_selinux_policy_version} | awk -F. '{ printf "%d%02d%02d", $1, $2, $3 }')
+Requires:	  selinux-policy >= %{_selinux_policy_version}
 Requires:	  %{name} = %{version}-%{release}
 Requires(post):	  /usr/sbin/semodule, /sbin/restorecon
 Requires(postun): /usr/sbin/semodule, /sbin/restorecon
@@ -221,13 +221,33 @@ exit 0
 %endif
 
 %changelog
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.7-7
+* Tue Oct  8 2013 Paul Howarth <paul@city-fan.org> 2.3.9-1
+- Update to 2.3.9
+  - SECURITY: Fix possible heap buffer overwrite (CVE-2013-4365)
+  - Add experimental cmake-based build system for Windows
+  - Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA
+    Authenticator/Authorizor/Access directives' command line argument, as
+    currently documented (PR#51194)
+  - Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
+    assignments) (PR#51657)
+  - Conform script response parsing with mod_cgid and ensure no response body
+    is sent when ap_meets_conditions() determines that request conditions are
+    met
+  - Improve logging in access control hook functions
+  - Avoid making internal sub-requests and processing Location headers when in
+    FCGI_AUTHORIZER mode, as the auth hook functions already treat Location
+    headers returned by scripts as an error since redirections are not
+    meaningful in this mode
+  - Revert fix for PR#53693, added in 2.3.8 but undocumented
+  - Fix issues with a minor optimization added in 2.3.8
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 2.3.7-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
-* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.7-6
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 2.3.7-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
-* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.7-5
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 2.3.7-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 
 * Wed Jul  4 2012 Paul Howarth <paul@city-fan.org> 2.3.7-4
diff --git a/sources b/sources
index b7e10b5..9bfcf47 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-5952c93dc16b42264a4bf2a54757fc08  mod_fcgid-2.3.7.tar.bz2
+262a8c59bceee5fcb669dd92a85c637d  mod_fcgid-2.3.9.tar.bz2