rpms/mod_fcgid/EL-5 .cvsignore, 1.4, 1.5 fastcgi-2.5.te, 1.1, 1.2 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.2, 1.3 fcgid.conf, 1.2, 1.3 mod_fcgid.spec, 1.5, 1.6 sources, 1.4, 1.5

Sun Apr 27 22:53:38 UTC 2008

Author: pghmcfc

Update of /cvs/pkgs/rpms/mod_fcgid/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17154

Modified Files:
	.cvsignore fastcgi-2.5.te fastcgi.fc fastcgi.te fcgid.conf 
	mod_fcgid.spec sources 
Log Message:
Update to 2.2, resync with Fedora


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/.cvsignore,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5

--- .cvsignore	16 Feb 2007 14:20:03 -0000	1.4
+++ .cvsignore	27 Apr 2008 22:52:57 -0000	1.5
@@ -1 +1 @@
-mod_fcgid.2.1.tar.gz
+mod_fcgid.2.2.tar.gz


Index: fastcgi-2.5.te
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fastcgi-2.5.te,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fastcgi-2.5.te	15 Jul 2007 14:17:25 -0000	1.1
+++ fastcgi-2.5.te	27 Apr 2008 22:52:57 -0000	1.2
@@ -1,7 +1,7 @@
-policy_module(fastcgi, 0.2.0)
+policy_module(fastcgi, 0.2.2)
 
-type httpd_fastcgi_sock_t;
-files_type(httpd_fastcgi_sock_t)
+type httpd_fastcgi_var_run_t;
+files_type(httpd_fastcgi_var_run_t)
 
 require {
 	type devpts_t;
@@ -10,6 +10,7 @@
 	type httpd_log_t;
 	type httpd_sys_script_exec_t;
 	type httpd_sys_content_t;
+	type httpd_tmp_t;
 };
 
 # ==========================================================
@@ -52,9 +53,10 @@
 # Allow FastCGI applications to read the routing table
 allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
 
-# Allow httpd to create and use sockets for communicating with mod_fcgid
-manage_sock_files_pattern(httpd_t,httpd_fastcgi_sock_t,httpd_fastcgi_sock_t)
-allow httpd_t httpd_fastcgi_sock_t:dir { setattr };
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+manage_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
+manage_sock_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
+setattr_dirs_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
 
 # Allow httpd to read httpd_fastcgi_content_t
 allow httpd_t httpd_fastcgi_content_t:dir list_dir_perms;
@@ -65,11 +67,9 @@
 # sockets and respond to them
 allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
 
-# FastCGI application doing something to the httpd error log
-dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
-
-# Not sure what this is doing (happens when fastcgi scripts start)
+# These are probably leaked file descriptors
 dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
 
 # ======================================================
 # Equivalent policy cribbed from httpd_sys_script_t
@@ -79,6 +79,11 @@
 
 fs_search_auto_mountpoints(httpd_fastcgi_script_t)
 
+# PHP uploads a file to /tmp and then execs programs to action them
+manage_dirs_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
+manage_files_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
+files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
 files_search_var_lib(httpd_fastcgi_script_t)
 files_search_spool(httpd_fastcgi_script_t)
 


Index: fastcgi.fc
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fastcgi.fc,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fastcgi.fc	6 Sep 2006 13:08:59 -0000	1.1
+++ fastcgi.fc	27 Apr 2008 22:52:57 -0000	1.2
@@ -1 +1 @@
-/var/run/mod_fcgid(/.*)?		 gen_context(system_u:object_r:httpd_fastcgi_sock_t,s0)
+/var/run/mod_fcgid(/.*)?		 gen_context(system_u:object_r:httpd_fastcgi_var_run_t,s0)


Index: fastcgi.te
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fastcgi.te,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fastcgi.te	15 Jul 2007 14:17:25 -0000	1.2
+++ fastcgi.te	27 Apr 2008 22:52:57 -0000	1.3
@@ -1,7 +1,7 @@
-policy_module(fastcgi, 0.1.7)
+policy_module(fastcgi, 0.1.9)
 
-type httpd_fastcgi_sock_t;
-files_type(httpd_fastcgi_sock_t)
+type httpd_fastcgi_var_run_t;
+files_type(httpd_fastcgi_var_run_t)
 
 require {
 	type devpts_t;
@@ -10,6 +10,7 @@
 	type httpd_log_t;
 	type httpd_sys_script_exec_t;
 	type httpd_sys_content_t;
+	type httpd_tmp_t;
 };
 
 # ==========================================================
@@ -41,9 +42,10 @@
 # Allow FastCGI applications to read the routing table
 allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
 
-# Allow httpd to create and use sockets for communicating with mod_fcgid
-allow httpd_t httpd_fastcgi_sock_t:dir { rw_dir_perms setattr };
-allow httpd_t httpd_fastcgi_sock_t:sock_file { create_file_perms };
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+allow httpd_t httpd_fastcgi_var_run_t:dir { rw_dir_perms setattr };
+allow httpd_t httpd_fastcgi_var_run_t:file { create_file_perms };
+allow httpd_t httpd_fastcgi_var_run_t:sock_file { create_file_perms };
 
 # Allow httpd to read httpd_fastcgi_content_t
 # (shouldn't this be in the content template?)
@@ -55,11 +57,9 @@
 # sockets and respond to them
 allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
 
-# FastCGI application doing something to the httpd error log
-dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
-
-# Not sure what this is doing (happens when fastcgi scripts start)
+# These are probably leaked file descriptors
 dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
 
 # ======================================================
 # Equivalent policy cribbed from httpd_sys_script_t
@@ -69,6 +69,11 @@
 
 fs_search_auto_mountpoints(httpd_fastcgi_script_t)
 
+# PHP uploads a file to /tmp and then execs programs to action them
+allow httpd_fastcgi_script_t httpd_tmp_t:dir manage_dir_perms;
+allow httpd_fastcgi_script_t httpd_tmp_t:file manage_file_perms;
+files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
 files_search_var_lib(httpd_fastcgi_script_t)
 files_search_spool(httpd_fastcgi_script_t)
 


Index: fcgid.conf
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fcgid.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fcgid.conf	16 Feb 2007 14:20:03 -0000	1.2
+++ fcgid.conf	27 Apr 2008 22:52:57 -0000	1.3
@@ -13,4 +13,4 @@
 
 # Sane place to put sockets and shared memory file
 SocketPath run/mod_fcgid
-SharememPath run/fcgid_shm
+SharememPath run/mod_fcgid/fcgid_shm


Index: mod_fcgid.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/mod_fcgid.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_fcgid.spec	15 Jul 2007 14:17:25 -0000	1.5
+++ mod_fcgid.spec	27 Apr 2008 22:52:57 -0000	1.6
@@ -9,26 +9,26 @@
 %define selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink
 %endif
 
-Name:           mod_fcgid
-Version:        2.1
-Release:        3%{?dist}
-Summary:        Apache2 module for high-performance server-side scripting 
-Group:          System Environment/Daemons
-License:        GPL
-URL:            http://fastcgi.coremail.cn/
-Source0:        http://dl.sf.net/mod-fcgid/mod_fcgid.%{version}.tar.gz
-Source1:        fcgid.conf
-Source2:        fastcgi.te
-Source3:        fastcgi.fc
-Source4:        mod_fcgid-2.1-README.RPM
-Source5:        http://fastcgi.coremail.cn/doc.htm
-Source6:        http://fastcgi.coremail.cn/configuration.htm
-Source7:        mod_fcgid-2.1-README.SELinux
-Source8:        fastcgi-2.5.te
-Patch0:         mod_fcgid.2.1-docurls.patch
-BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires:  httpd-devel >= 2.0
-Requires:       httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
+Name:		mod_fcgid
+Version:	2.2
+Release:	4%{?dist}
+Summary:	Apache2 module for high-performance server-side scripting 
+Group:		System Environment/Daemons
+License:	GPL+
+URL:		http://fastcgi.coremail.cn/
+Source0:	http://downloads.sf.net/mod-fcgid/mod_fcgid.%{version}.tar.gz
+Source1:	fcgid.conf
+Source2:	fastcgi.te
+Source3:	fastcgi.fc
+Source4:	mod_fcgid-2.1-README.RPM
+Source5:	http://fastcgi.coremail.cn/doc.htm
+Source6:	http://fastcgi.coremail.cn/configuration.htm
+Source7:	mod_fcgid-2.1-README.SELinux
+Source8:	fastcgi-2.5.te
+Patch0:		mod_fcgid.2.1-docurls.patch
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires:	gawk, httpd-devel >= 2.0, pkgconfig
+Requires:	httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
 
 %description
 mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi.
@@ -40,9 +40,9 @@
 %define selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
 %define selinux_policynum %(echo %{selinux_policyver} | %{__awk} -F. '{ printf "%d%02d%02d", $1, $2, $3 }')
 %package selinux
-Summary:          SELinux policy module supporting FastCGI applications with mod_fcgid
-Group:            System Environment/Base
-BuildRequires:    %{selinux_buildreqs}
+Summary:	  SELinux policy module supporting FastCGI applications with mod_fcgid
+Group:		  System Environment/Base
+BuildRequires:	  %{selinux_buildreqs}
 # selinux-policy is required for directory ownership of %{_datadir}/selinux/*
 # Modules built against one version of a policy may not work with older policy
 # versions, as noted on fedora-selinux-list:
@@ -50,10 +50,10 @@
 # Hence the versioned dependency. The versioning will hopefully be replaced by
 # an ABI version requirement or something similar in the future
 %if "%{selinux_policyver}" != ""
-Requires:         selinux-policy >= %{selinux_policyver}
+Requires:	  selinux-policy >= %{selinux_policyver}
 %endif
-Requires:         %{name} = %{version}-%{release}
-Requires(post):   /usr/sbin/semodule, /sbin/restorecon
+Requires:	  %{name} = %{version}-%{release}
+Requires(post):	  /usr/sbin/semodule, /sbin/restorecon
 Requires(postun): /usr/sbin/semodule, /sbin/restorecon
 
 %description selinux
@@ -75,6 +75,8 @@
 %{__cp} -p %{SOURCE7} README.SELinux
 %patch0 -p1
 %{__sed} -i -e 's/\r$//' directives.htm configuration.htm
+/usr/bin/iconv -f gb2312 -t utf8 < configuration.htm > configuration.htm.utf8
+%{__mv} -f configuration.htm.utf8 configuration.htm
 
 %build
 topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
@@ -82,9 +84,9 @@
 %if %{selinux_module}
 for selinuxvariant in %{selinux_variants}
 do
-  %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
-  %{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant}
-  %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+	%{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+	%{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant}
+	%{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
 done
 %endif
 
@@ -92,10 +94,10 @@
 %{__rm} -rf %{buildroot}
 topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
 %{__make} \
-  top_dir=${topdir} \
-  DESTDIR=%{buildroot} \
-  MKINSTALLDIRS="%{__mkdir_p}" \
-  install
+	top_dir=${topdir} \
+	DESTDIR=%{buildroot} \
+	MKINSTALLDIRS="%{__mkdir_p}" \
+	install
 %{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf
 %{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid
 
@@ -103,9 +105,9 @@
 %if %{selinux_module}
 for selinuxvariant in %{selinux_variants}
 do
-  %{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
-  %{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \
-    %{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
+	%{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+	%{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \
+		%{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
 done
 # Hardlink identical policy module packages together
 /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
@@ -119,24 +121,24 @@
 # Install SELinux policy modules
 for selinuxvariant in %{selinux_variants}
 do
-  /usr/sbin/semodule -s ${selinuxvariant} -i \
-    %{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
+	/usr/sbin/semodule -s ${selinuxvariant} -i \
+		%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
 done
 # Fix up non-standard directory context
-/sbin/restorecon %{_localstatedir}/run/mod_fcgid || :
+/sbin/restorecon -R %{_localstatedir}/run/mod_fcgid || :
 
 %postun selinux
 # Clean up after package removal
 if [ $1 -eq 0 ]; then
-  # Remove SELinux policy modules
-  for selinuxvariant in %{selinux_variants}
-  do
-    /usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
-  done
-  # Clean up any remaining file contexts (shouldn't be any really)
-  [ -d %{_localstatedir}/run/mod_fcgid ] && \
-    /sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || :
+	# Remove SELinux policy modules
+	for selinuxvariant in %{selinux_variants}; do
+		/usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
+	done
+	# Clean up any remaining file contexts (shouldn't be any really)
+	[ -d %{_localstatedir}/run/mod_fcgid ] && \
+		/sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || :
 fi
+exit 0
 %endif
 
 %files
@@ -155,6 +157,37 @@
 %endif
 
 %changelog
+* Thu Feb 14 2008 Paul Howarth <paul at city-fan.org> 2.2-4
+- Rebuild with gcc 4.3.0 for Fedora 9
+
+* Mon Jan 14 2008 Paul Howarth <paul at city-fan.org> 2.2-3
+- Update SELinux policy to fix occasional failures on restarts
+  (move shared memory file into /var/run/mod_fcgid directory)
+
+* Thu Jan  3 2008 Paul Howarth <paul at city-fan.org> 2.2-2
+- Update SELinux policy to support file transition to httpd_tmp_t for
+  temporary files
+
+* Fri Sep 14 2007 Paul Howarth <paul at city-fan.org> 2.2-1
+- Update to version 2.2
+- Make sure docs are encoded as UTF-8
+
+* Mon Sep  3 2007 Joe Orton <jorton at redhat.com> 2.1-6
+- rebuild for fixed 32-bit APR (#254241)
+
+* Thu Aug 23 2007 Paul Howarth <paul at city-fan.org> 2.1-5
+- Update source URL to point to downloads.sf.net rather than dl.sf.net
+- Upstream released new tarball without changing version number, though the
+  only change was in arch/win32/fcgid_pm_win.c, which is not used to build the
+  RPM package
+- Clarify license as GPL (unspecified/any version)
+- Unexpand tabs in spec
+- Add buildreq of gawk
+
+* Fri Aug  3 2007 Paul Howarth <paul at city-fan.org> 2.1-4
+- Add buildreq of pkgconfig, a missing dependency of both apr-devel and
+  apr-util-devel on FC5
+
 * Fri Jun 15 2007 Paul Howarth <paul at city-fan.org> 2.1-3
 - Major update of SELinux policy, supporting accessing data on NFS/CIFS shares
   and a new boolean, httpd_fastcgi_can_sendmail, to allow connections to SMTP
@@ -208,9 +241,9 @@
 * Tue Jul  4 2006 Paul Howarth <paul at city-fan.org> 1.09-10
 - SELinux policy update:
   * allow httpd to read httpd_fastcgi_content_t without having the
-    httpd_builtin_scripting boolean set
+  | httpd_builtin_scripting boolean set
   * allow httpd_fastcgi_script_t to read /etc/resolv.conf without
-    having the httpd_can_network_connect boolean set
+  | having the httpd_can_network_connect boolean set
 
 * Sun Jun 18 2006 Paul Howarth <paul at city-fan.org> 1.09-9
 - Discard output of semodule in %%postun


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sources	16 Feb 2007 14:20:03 -0000	1.4
+++ sources	27 Apr 2008 22:52:57 -0000	1.5
@@ -1 +1 @@
-68a6479e398a20577334f16a8b06c418  mod_fcgid.2.1.tar.gz
+ce7d7b16e69643dbd549d43d85025983  mod_fcgid.2.2.tar.gz


