rpms/mod_fcgid/EL-5 .cvsignore, 1.4, 1.5 fastcgi-2.5.te, 1.1, 1.2 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.2, 1.3 fcgid.conf, 1.2, 1.3 mod_fcgid.spec, 1.5, 1.6 sources, 1.4, 1.5
Paul Howarth (pghmcfc)
fedora-extras-commits at redhat.com
Sun Apr 27 22:53:38 UTC 2008
- Previous message (by thread): [pkgdb] python-zope-interface: pghmcfc has requested commit
- Next message (by thread): rpms/mod_fcgid/EL-4 fastcgi-2.5.te, NONE, 1.1 mod_fcgid-2.1-README.RPM, NONE, 1.1 .cvsignore, 1.4, 1.5 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.1, 1.2 fcgid.conf, 1.2, 1.3 mod_fcgid-2.1-README.SELinux, 1.1, 1.2 mod_fcgid.spec, 1.4, 1.5 sources, 1.4, 1.5 mod_fcgid-2.1-README.Fedora, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pghmcfc
Update of /cvs/pkgs/rpms/mod_fcgid/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17154
Modified Files:
.cvsignore fastcgi-2.5.te fastcgi.fc fastcgi.te fcgid.conf
mod_fcgid.spec sources
Log Message:
Update to 2.2, resync with Fedora
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/.cvsignore,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- .cvsignore 16 Feb 2007 14:20:03 -0000 1.4
+++ .cvsignore 27 Apr 2008 22:52:57 -0000 1.5
@@ -1 +1 @@
-mod_fcgid.2.1.tar.gz
+mod_fcgid.2.2.tar.gz
Index: fastcgi-2.5.te
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fastcgi-2.5.te,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fastcgi-2.5.te 15 Jul 2007 14:17:25 -0000 1.1
+++ fastcgi-2.5.te 27 Apr 2008 22:52:57 -0000 1.2
@@ -1,7 +1,7 @@
-policy_module(fastcgi, 0.2.0)
+policy_module(fastcgi, 0.2.2)
-type httpd_fastcgi_sock_t;
-files_type(httpd_fastcgi_sock_t)
+type httpd_fastcgi_var_run_t;
+files_type(httpd_fastcgi_var_run_t)
require {
type devpts_t;
@@ -10,6 +10,7 @@
type httpd_log_t;
type httpd_sys_script_exec_t;
type httpd_sys_content_t;
+ type httpd_tmp_t;
};
# ==========================================================
@@ -52,9 +53,10 @@
# Allow FastCGI applications to read the routing table
allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
-# Allow httpd to create and use sockets for communicating with mod_fcgid
-manage_sock_files_pattern(httpd_t,httpd_fastcgi_sock_t,httpd_fastcgi_sock_t)
-allow httpd_t httpd_fastcgi_sock_t:dir { setattr };
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+manage_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
+manage_sock_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
+setattr_dirs_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
# Allow httpd to read httpd_fastcgi_content_t
allow httpd_t httpd_fastcgi_content_t:dir list_dir_perms;
@@ -65,11 +67,9 @@
# sockets and respond to them
allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
-# FastCGI application doing something to the httpd error log
-dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
-
-# Not sure what this is doing (happens when fastcgi scripts start)
+# These are probably leaked file descriptors
dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
# ======================================================
# Equivalent policy cribbed from httpd_sys_script_t
@@ -79,6 +79,11 @@
fs_search_auto_mountpoints(httpd_fastcgi_script_t)
+# PHP uploads a file to /tmp and then execs programs to action them
+manage_dirs_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
+manage_files_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
+files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
files_search_var_lib(httpd_fastcgi_script_t)
files_search_spool(httpd_fastcgi_script_t)
Index: fastcgi.fc
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fastcgi.fc,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fastcgi.fc 6 Sep 2006 13:08:59 -0000 1.1
+++ fastcgi.fc 27 Apr 2008 22:52:57 -0000 1.2
@@ -1 +1 @@
-/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_fastcgi_sock_t,s0)
+/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_fastcgi_var_run_t,s0)
Index: fastcgi.te
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fastcgi.te,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fastcgi.te 15 Jul 2007 14:17:25 -0000 1.2
+++ fastcgi.te 27 Apr 2008 22:52:57 -0000 1.3
@@ -1,7 +1,7 @@
-policy_module(fastcgi, 0.1.7)
+policy_module(fastcgi, 0.1.9)
-type httpd_fastcgi_sock_t;
-files_type(httpd_fastcgi_sock_t)
+type httpd_fastcgi_var_run_t;
+files_type(httpd_fastcgi_var_run_t)
require {
type devpts_t;
@@ -10,6 +10,7 @@
type httpd_log_t;
type httpd_sys_script_exec_t;
type httpd_sys_content_t;
+ type httpd_tmp_t;
};
# ==========================================================
@@ -41,9 +42,10 @@
# Allow FastCGI applications to read the routing table
allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
-# Allow httpd to create and use sockets for communicating with mod_fcgid
-allow httpd_t httpd_fastcgi_sock_t:dir { rw_dir_perms setattr };
-allow httpd_t httpd_fastcgi_sock_t:sock_file { create_file_perms };
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+allow httpd_t httpd_fastcgi_var_run_t:dir { rw_dir_perms setattr };
+allow httpd_t httpd_fastcgi_var_run_t:file { create_file_perms };
+allow httpd_t httpd_fastcgi_var_run_t:sock_file { create_file_perms };
# Allow httpd to read httpd_fastcgi_content_t
# (shouldn't this be in the content template?)
@@ -55,11 +57,9 @@
# sockets and respond to them
allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
-# FastCGI application doing something to the httpd error log
-dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
-
-# Not sure what this is doing (happens when fastcgi scripts start)
+# These are probably leaked file descriptors
dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
# ======================================================
# Equivalent policy cribbed from httpd_sys_script_t
@@ -69,6 +69,11 @@
fs_search_auto_mountpoints(httpd_fastcgi_script_t)
+# PHP uploads a file to /tmp and then execs programs to action them
+allow httpd_fastcgi_script_t httpd_tmp_t:dir manage_dir_perms;
+allow httpd_fastcgi_script_t httpd_tmp_t:file manage_file_perms;
+files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
files_search_var_lib(httpd_fastcgi_script_t)
files_search_spool(httpd_fastcgi_script_t)
Index: fcgid.conf
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/fcgid.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fcgid.conf 16 Feb 2007 14:20:03 -0000 1.2
+++ fcgid.conf 27 Apr 2008 22:52:57 -0000 1.3
@@ -13,4 +13,4 @@
# Sane place to put sockets and shared memory file
SocketPath run/mod_fcgid
-SharememPath run/fcgid_shm
+SharememPath run/mod_fcgid/fcgid_shm
Index: mod_fcgid.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/mod_fcgid.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_fcgid.spec 15 Jul 2007 14:17:25 -0000 1.5
+++ mod_fcgid.spec 27 Apr 2008 22:52:57 -0000 1.6
@@ -9,26 +9,26 @@
%define selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink
%endif
-Name: mod_fcgid
-Version: 2.1
-Release: 3%{?dist}
-Summary: Apache2 module for high-performance server-side scripting
-Group: System Environment/Daemons
-License: GPL
-URL: http://fastcgi.coremail.cn/
-Source0: http://dl.sf.net/mod-fcgid/mod_fcgid.%{version}.tar.gz
-Source1: fcgid.conf
-Source2: fastcgi.te
-Source3: fastcgi.fc
-Source4: mod_fcgid-2.1-README.RPM
-Source5: http://fastcgi.coremail.cn/doc.htm
-Source6: http://fastcgi.coremail.cn/configuration.htm
-Source7: mod_fcgid-2.1-README.SELinux
-Source8: fastcgi-2.5.te
-Patch0: mod_fcgid.2.1-docurls.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: httpd-devel >= 2.0
-Requires: httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
+Name: mod_fcgid
+Version: 2.2
+Release: 4%{?dist}
+Summary: Apache2 module for high-performance server-side scripting
+Group: System Environment/Daemons
+License: GPL+
+URL: http://fastcgi.coremail.cn/
+Source0: http://downloads.sf.net/mod-fcgid/mod_fcgid.%{version}.tar.gz
+Source1: fcgid.conf
+Source2: fastcgi.te
+Source3: fastcgi.fc
+Source4: mod_fcgid-2.1-README.RPM
+Source5: http://fastcgi.coremail.cn/doc.htm
+Source6: http://fastcgi.coremail.cn/configuration.htm
+Source7: mod_fcgid-2.1-README.SELinux
+Source8: fastcgi-2.5.te
+Patch0: mod_fcgid.2.1-docurls.patch
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: gawk, httpd-devel >= 2.0, pkgconfig
+Requires: httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
%description
mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi.
@@ -40,9 +40,9 @@
%define selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
%define selinux_policynum %(echo %{selinux_policyver} | %{__awk} -F. '{ printf "%d%02d%02d", $1, $2, $3 }')
%package selinux
-Summary: SELinux policy module supporting FastCGI applications with mod_fcgid
-Group: System Environment/Base
-BuildRequires: %{selinux_buildreqs}
+Summary: SELinux policy module supporting FastCGI applications with mod_fcgid
+Group: System Environment/Base
+BuildRequires: %{selinux_buildreqs}
# selinux-policy is required for directory ownership of %{_datadir}/selinux/*
# Modules built against one version of a policy may not work with older policy
# versions, as noted on fedora-selinux-list:
@@ -50,10 +50,10 @@
# Hence the versioned dependency. The versioning will hopefully be replaced by
# an ABI version requirement or something similar in the future
%if "%{selinux_policyver}" != ""
-Requires: selinux-policy >= %{selinux_policyver}
+Requires: selinux-policy >= %{selinux_policyver}
%endif
-Requires: %{name} = %{version}-%{release}
-Requires(post): /usr/sbin/semodule, /sbin/restorecon
+Requires: %{name} = %{version}-%{release}
+Requires(post): /usr/sbin/semodule, /sbin/restorecon
Requires(postun): /usr/sbin/semodule, /sbin/restorecon
%description selinux
@@ -75,6 +75,8 @@
%{__cp} -p %{SOURCE7} README.SELinux
%patch0 -p1
%{__sed} -i -e 's/\r$//' directives.htm configuration.htm
+/usr/bin/iconv -f gb2312 -t utf8 < configuration.htm > configuration.htm.utf8
+%{__mv} -f configuration.htm.utf8 configuration.htm
%build
topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
@@ -82,9 +84,9 @@
%if %{selinux_module}
for selinuxvariant in %{selinux_variants}
do
- %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
- %{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant}
- %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+ %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+ %{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant}
+ %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
done
%endif
@@ -92,10 +94,10 @@
%{__rm} -rf %{buildroot}
topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
%{__make} \
- top_dir=${topdir} \
- DESTDIR=%{buildroot} \
- MKINSTALLDIRS="%{__mkdir_p}" \
- install
+ top_dir=${topdir} \
+ DESTDIR=%{buildroot} \
+ MKINSTALLDIRS="%{__mkdir_p}" \
+ install
%{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf
%{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid
@@ -103,9 +105,9 @@
%if %{selinux_module}
for selinuxvariant in %{selinux_variants}
do
- %{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
- %{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \
- %{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
+ %{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+ %{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \
+ %{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
done
# Hardlink identical policy module packages together
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
@@ -119,24 +121,24 @@
# Install SELinux policy modules
for selinuxvariant in %{selinux_variants}
do
- /usr/sbin/semodule -s ${selinuxvariant} -i \
- %{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
+ /usr/sbin/semodule -s ${selinuxvariant} -i \
+ %{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
done
# Fix up non-standard directory context
-/sbin/restorecon %{_localstatedir}/run/mod_fcgid || :
+/sbin/restorecon -R %{_localstatedir}/run/mod_fcgid || :
%postun selinux
# Clean up after package removal
if [ $1 -eq 0 ]; then
- # Remove SELinux policy modules
- for selinuxvariant in %{selinux_variants}
- do
- /usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
- done
- # Clean up any remaining file contexts (shouldn't be any really)
- [ -d %{_localstatedir}/run/mod_fcgid ] && \
- /sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || :
+ # Remove SELinux policy modules
+ for selinuxvariant in %{selinux_variants}; do
+ /usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
+ done
+ # Clean up any remaining file contexts (shouldn't be any really)
+ [ -d %{_localstatedir}/run/mod_fcgid ] && \
+ /sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || :
fi
+exit 0
%endif
%files
@@ -155,6 +157,37 @@
%endif
%changelog
+* Thu Feb 14 2008 Paul Howarth <paul at city-fan.org> 2.2-4
+- Rebuild with gcc 4.3.0 for Fedora 9
+
+* Mon Jan 14 2008 Paul Howarth <paul at city-fan.org> 2.2-3
+- Update SELinux policy to fix occasional failures on restarts
+ (move shared memory file into /var/run/mod_fcgid directory)
+
+* Thu Jan 3 2008 Paul Howarth <paul at city-fan.org> 2.2-2
+- Update SELinux policy to support file transition to httpd_tmp_t for
+ temporary files
+
+* Fri Sep 14 2007 Paul Howarth <paul at city-fan.org> 2.2-1
+- Update to version 2.2
+- Make sure docs are encoded as UTF-8
+
+* Mon Sep 3 2007 Joe Orton <jorton at redhat.com> 2.1-6
+- rebuild for fixed 32-bit APR (#254241)
+
+* Thu Aug 23 2007 Paul Howarth <paul at city-fan.org> 2.1-5
+- Update source URL to point to downloads.sf.net rather than dl.sf.net
+- Upstream released new tarball without changing version number, though the
+ only change was in arch/win32/fcgid_pm_win.c, which is not used to build the
+ RPM package
+- Clarify license as GPL (unspecified/any version)
+- Unexpand tabs in spec
+- Add buildreq of gawk
+
+* Fri Aug 3 2007 Paul Howarth <paul at city-fan.org> 2.1-4
+- Add buildreq of pkgconfig, a missing dependency of both apr-devel and
+ apr-util-devel on FC5
+
* Fri Jun 15 2007 Paul Howarth <paul at city-fan.org> 2.1-3
- Major update of SELinux policy, supporting accessing data on NFS/CIFS shares
and a new boolean, httpd_fastcgi_can_sendmail, to allow connections to SMTP
@@ -208,9 +241,9 @@
* Tue Jul 4 2006 Paul Howarth <paul at city-fan.org> 1.09-10
- SELinux policy update:
* allow httpd to read httpd_fastcgi_content_t without having the
- httpd_builtin_scripting boolean set
+ | httpd_builtin_scripting boolean set
* allow httpd_fastcgi_script_t to read /etc/resolv.conf without
- having the httpd_can_network_connect boolean set
+ | having the httpd_can_network_connect boolean set
* Sun Jun 18 2006 Paul Howarth <paul at city-fan.org> 1.09-9
- Discard output of semodule in %%postun
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-5/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sources 16 Feb 2007 14:20:03 -0000 1.4
+++ sources 27 Apr 2008 22:52:57 -0000 1.5
@@ -1 +1 @@
-68a6479e398a20577334f16a8b06c418 mod_fcgid.2.1.tar.gz
+ce7d7b16e69643dbd549d43d85025983 mod_fcgid.2.2.tar.gz
- Previous message (by thread): [pkgdb] python-zope-interface: pghmcfc has requested commit
- Next message (by thread): rpms/mod_fcgid/EL-4 fastcgi-2.5.te, NONE, 1.1 mod_fcgid-2.1-README.RPM, NONE, 1.1 .cvsignore, 1.4, 1.5 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.1, 1.2 fcgid.conf, 1.2, 1.3 mod_fcgid-2.1-README.SELinux, 1.1, 1.2 mod_fcgid.spec, 1.4, 1.5 sources, 1.4, 1.5 mod_fcgid-2.1-README.Fedora, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list