# Fedora 5, 6, and 7 versions includes SELinux policy module package # Fedora 8 and 9 versions include policy in errata selinux-policy releases # Fedora 10 onwards include policy in standard selinux-policy releases # RHEL 5.5 onwards include policy in standard selinux-policy releases %if 0%{?fedora} < 5 || 0%{?fedora} > 7 || 0%{?rhel} %global selinux_module 0 %global selinux_types %{nil} %global selinux_variants %{nil} %global selinux_buildreqs %{nil} %else %global selinux_module 1 %global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null) %global selinux_variants %([ -z "%{selinux_types}" ] && echo mls strict targeted || echo %{selinux_types}) %global selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink %endif Name: mod_fcgid Version: 2.3.6 Release: 3%{?dist}.art Summary: FastCGI interface module for Apache 2 Group: System Environment/Daemons License: ASL 2.0 URL: http://httpd.apache.org/mod_fcgid/ Source0: http://www.apache.org/dist/httpd/mod_fcgid/mod_fcgid-%{version}.tar.bz2 Source1: fcgid.conf Source2: mod_fcgid-2.1-README.RPM Source3: mod_fcgid-2.1-README.SELinux Source4: mod_fcgid-tmpfs.conf Source10: fastcgi.te Source11: fastcgi-2.5.te Source12: fastcgi.fc Patch0: mod_fcgid-2.3.4-fixconf-shellbang.patch Patch1: mod_fcgid-2.3.6-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: httpd-devel >= 2.0, pkgconfig Requires: httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing) # sed required for fixconf script Requires: /bin/sed # systemd-units needed for ownership of /etc/tmpfiles.d directory %if 0%{?fedora} > 14 Requires: systemd-units %endif # Make sure that selinux-policy is sufficiently up-to-date if it's installed # FastCGI policy properly incorporated into EL 5.5 %if "%{?rhel}" == "5" Conflicts: selinux-policy < 2.4.6-279.el5 # No provide here because selinux-policy >= 2.4.6-279.el5 does the providing Obsoletes: mod_fcgid-selinux <= %{version}-%{release} %endif %if "%{?fedora}" == "8" Conflicts: selinux-policy < 3.0.8-123.fc8 %endif %if "%{?fedora}" == "9" Conflicts: selinux-policy < 3.3.1-107.fc9 %endif %if "%{?fedora}" == "10" Conflicts: selinux-policy < 3.5.13-8.fc10 %endif %description mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi. mod_fcgid has a new process management strategy, which concentrates on reducing the number of fastcgi servers, and kicking out corrupt fastcgi servers as soon as possible. %if %{selinux_module} %global selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0) %global selinux_policynum %(echo %{selinux_policyver} | %{__awk} -F. '{ printf "%d%02d%02d", $1, $2, $3 }') %package selinux Summary: SELinux policy module supporting FastCGI applications with mod_fcgid Group: System Environment/Base BuildRequires: %{selinux_buildreqs} # selinux-policy is required for directory ownership of %%{_datadir}/selinux/* # Modules built against one version of a policy may not work with older policy # versions, as noted on fedora-selinux-list: # http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00102.html # Hence the versioned dependency. The versioning will hopefully be replaced by # an ABI version requirement or something similar in the future Requires: selinux-policy >= %{selinux_policyver} Requires: %{name} = %{version}-%{release} Requires(post): /usr/sbin/semodule, /sbin/restorecon Requires(postun): /usr/sbin/semodule, /sbin/restorecon %description selinux SELinux policy module supporting FastCGI applications with mod_fcgid. %endif %prep %setup -q %{__cp} -p %{SOURCE1} fcgid.conf %{__cp} -p %{SOURCE2} README.RPM %{__cp} -p %{SOURCE3} README.SELinux %if 0%{?selinux_policynum} < 20501 %{__cp} -p %{SOURCE10} fastcgi.te %else %{__cp} -p %{SOURCE11} fastcgi.te %endif %{__cp} -p %{SOURCE12} fastcgi.fc # Fix shellbang in fixconf script for our location of sed %patch0 -p1 %patch1 -p1 %build APXS=/usr/sbin/apxs ./configure.apxs %{__make} %if %{selinux_module} for selinuxvariant in %{selinux_variants} do %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile %{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant} %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean done %endif %install %{__rm} -rf %{buildroot} %{__make} DESTDIR=%{buildroot} MKINSTALLDIRS="%{__mkdir_p}" install %{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf %{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid # Include the manual as %%doc, don't need it elsewhere %{__rm} -rf %{buildroot}%{_var}/www/manual # Make sure /var/run/mod_fcgid exists at boot time for systems # with /var/run on tmpfs (#656625) %if 0%{?fedora} > 14 %{__install} -d -m 755 %{buildroot}%{_sysconfdir}/tmpfiles.d %{__install} -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/tmpfiles.d/mod_fcgid.conf %endif # Install SELinux policy modules %if %{selinux_module} for selinuxvariant in %{selinux_variants} do %{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} %{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \ %{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp done # Hardlink identical policy module packages together /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux %endif %clean %{__rm} -rf %{buildroot} %if %{selinux_module} %post selinux # Install SELinux policy modules for selinuxvariant in %{selinux_variants} do /usr/sbin/semodule -s ${selinuxvariant} -i \ %{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || : done # Fix up non-standard directory context from earlier packages /sbin/restorecon -R %{_localstatedir}/run/mod_fcgid || : %postun selinux # Clean up after package removal if [ $1 -eq 0 ]; then # Remove SELinux policy modules for selinuxvariant in %{selinux_variants}; do /usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || : done # Clean up any remaining file contexts (shouldn't be any really) [ -d %{_localstatedir}/run/mod_fcgid ] && \ /sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || : fi exit 0 %endif %files %defattr(-,root,root,-) # mod_fcgid.html.en is explicitly encoded as ISO-8859-1 %doc CHANGES-FCGID LICENSE-FCGID NOTICE-FCGID README-FCGID STATUS-FCGID %doc docs/manual/mod/mod_fcgid.html.en modules/fcgid/ChangeLog %doc build/fixconf.sed %{_libdir}/httpd/modules/mod_fcgid.so %config(noreplace) %{_sysconfdir}/httpd/conf.d/fcgid.conf %if 0%{?fedora} > 14 %{_sysconfdir}/tmpfiles.d/mod_fcgid.conf %endif %dir %attr(0755,apache,apache) %{_localstatedir}/run/mod_fcgid/ %if %{selinux_module} %files selinux %defattr(-,root,root,-) %doc fastcgi.fc fastcgi.te README.SELinux %{_datadir}/selinux/*/fastcgi.pp %endif %changelog * Tue Dec 20 2011 Support - 2.3.6-4 - Bugfix #XXX, Cloudlinux provided patch to fix a fork condition with memory limits enabled * Tue Feb 08 2011 Fedora Release Engineering - 2.3.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Dec 1 2010 Paul Howarth 2.3.6-2 - Add /etc/tmpfiles.d/mod_fcgid.conf for builds on Fedora 15 onwards to support running with /var/run on tmpfs (#656625) * Thu Nov 4 2010 Paul Howarth 2.3.6-1 - Update to 2.3.6 (see CHANGES-FCGID for full details) - Fix possible stack buffer overwrite (CVE-2010-3872) - Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators should change this to an appropriate value based on site requirements - Correct a problem that resulted in FcgidMaxProcesses being ignored in some situations - Return 500 instead of segfaulting when the application returns no output - Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it - Explicitly require /bin/sed for fixconf script * Tue Jun 8 2010 Paul Howarth 2.3.5-2 - SELinux policy module not needed for RHEL-6 onwards * Wed Jan 27 2010 Paul Howarth 2.3.5-1 - Update to 2.3.5 (see CHANGES-FCGID for details) - Drop upstream svn patch * Wed Oct 21 2009 Paul Howarth 2.3.4-2 - Add fixes from upstream svn for a number of issues, most notably that the fixconf script had an error in the regexp, which resulted in a prefix of "FcgidFcgid" on the updated directives * Mon Oct 12 2009 Paul Howarth 2.3.4-1 - Update to 2.3.4 (configuration directives changed again) - Add fixconf.sed script for config file directives update * Fri Sep 25 2009 Paul Howarth 2.3.1-2.20090925svn818270 - Update to svn revision 818270 - DESTDIR and header detection patches upstreamed - Build SELinux policy module for EL-5; support in EL-5.3 is incomplete and will be fixed in EL-5.5 (#519369) - Drop aliases httpd_sys_content_r{a,o,w}_t -> httpd_fastcgi_content_r{a,o,w}_t from pre-2.5 SElinux policy module as these types aren't defined there * Wed Sep 23 2009 Paul Howarth 2.3.1-1.20090923svn817978 - Update to post-2.3.1 svn snapshot - Upstream moved to apache.org - License changed to ASL 2.0 - Use FCGID-prefixed config file options (old ones deprecated) - Lots of documentation changes - Renumber sources - Don't defer to mod_fastcgi if both are present - Drop gawk buildreq - Add patches fixing RPM build issues (DESTDIR support, header detection) * Sat Jul 25 2009 Fedora Release Engineering - 2.2-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue May 26 2009 Paul Howarth 2.2-12 - Don't use /etc/httpd/run as basis of "run" directory as its DAC permissions are not permissive enough in F-11 onwards; instead, revert to /var/run/mod_fcgid and tweak default config accordingly (#502273) * Sun May 17 2009 Paul Howarth 2.2-11 - Follow link /etc/httpd/run and make our "run" directory a subdir of wherever that leads (#501123) * Mon Apr 6 2009 Paul Howarth 2.2-10 - EL 5.3 now has SELinux support in the main selinux-policy package so handle that release as per Fedora >= 8, except that the RHEL selinux-policy package doesn't Obsolete/Provide mod_fcgid-selinux like the Fedora version, so do the obsoletion here instead * Thu Feb 26 2009 Paul Howarth 2.2-9 - Update documentation for MoinMoin, Rails (#476658), and SELinux * Wed Feb 25 2009 Fedora Release Engineering - 2.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Wed Nov 12 2008 Paul Howarth 2.2-7 - SELinux policy module no longer built for Fedora 8 onwards as it is obsoleted by the main selinux-policy package - Conflicts for selinux-policy packages older than the releases where mod_fcgid policy was incorporated have been added for Fedora 8, 9, and 10 versions, to ensure that SELinux support will work if installed * Tue Oct 21 2008 Paul Howarth 2.2-6 - SELinux policy module rewritten to merge fastcgi and system script domains in preparation for merge into main selinux-policy package (#462318) - Try to determine supported SELinux policy types by reading /etc/selinux/config * Thu Jul 24 2008 Paul Howarth 2.2-5 - Tweak selinux-policy version detection macro to work with current Rawhide * Thu Feb 14 2008 Paul Howarth 2.2-4 - Rebuild with gcc 4.3.0 for Fedora 9 * Mon Jan 14 2008 Paul Howarth 2.2-3 - Update SELinux policy to fix occasional failures on restarts (move shared memory file into /var/run/mod_fcgid directory) * Thu Jan 3 2008 Paul Howarth 2.2-2 - Update SELinux policy to support file transition to httpd_tmp_t for temporary files * Fri Sep 14 2007 Paul Howarth 2.2-1 - Update to version 2.2 - Make sure docs are encoded as UTF-8 * Mon Sep 3 2007 Joe Orton 2.1-6 - rebuild for fixed 32-bit APR (#254241) * Thu Aug 23 2007 Paul Howarth 2.1-5 - Update source URL to point to downloads.sf.net rather than dl.sf.net - Upstream released new tarball without changing version number, though the only change was in arch/win32/fcgid_pm_win.c, which is not used to build the RPM package - Clarify license as GPL (unspecified/any version) - Unexpand tabs in spec - Add buildreq of gawk * Fri Aug 3 2007 Paul Howarth 2.1-4 - Add buildreq of pkgconfig, a missing dependency of both apr-devel and apr-util-devel on FC5 * Fri Jun 15 2007 Paul Howarth 2.1-3 - Major update of SELinux policy, supporting accessing data on NFS/CIFS shares and a new boolean, httpd_fastcgi_can_sendmail, to allow connections to SMTP servers - Fix for SELinux policy on Fedora 7, which didn't work due to changes in the permissions macros in the underlying selinux-policy package * Wed Mar 21 2007 Paul Howarth 2.1-2 - Add RHEL5 with SELinux support - Rename README.Fedora to README.RPM * Fri Feb 16 2007 Paul Howarth 2.1-1 - Update to 2.1 - Update documentation and patches - Rename some source files to reduce chances of conflicting names - Include SharememPath directive in conf file to avoid unfortunate upstream default location * Mon Oct 30 2006 Paul Howarth 2.0-1 - Update to 2.0 - Source is now hosted at sourceforge.net - Update docs * Wed Sep 6 2006 Paul Howarth 1.10-7 - Include the right README* files * Tue Aug 29 2006 Paul Howarth 1.10-6 - Buildreqs for FC5 now identical to buildreqs for FC6 onwards * Fri Jul 28 2006 Paul Howarth 1.10-5 - Split off SELinux module into separate subpackage to avoid dependency on the selinux-policy package for the main package * Fri Jul 28 2006 Paul Howarth 1.10-4 - SELinux policy packages moved from %%{_datadir}/selinux/packages/POLICYNAME to %%{_datadir}/selinux/POLICYNAME - hardlink identical policy module packages together to avoid duplicate files * Thu Jul 20 2006 Paul Howarth 1.10-3 - Adjust buildreqs for FC6 onwards - Figure out where top_dir is dynamically since the /etc/httpd/build symlink is gone in FC6 * Wed Jul 5 2006 Paul Howarth 1.10-2 - SELinux policy update: allow FastCGI apps to do DNS lookups * Tue Jul 4 2006 Paul Howarth 1.10-1 - Update to 1.10 - Expand tabs to shut rpmlint up * Tue Jul 4 2006 Paul Howarth 1.09-10 - SELinux policy update: * allow httpd to read httpd_fastcgi_content_t without having the | httpd_builtin_scripting boolean set * allow httpd_fastcgi_script_t to read /etc/resolv.conf without | having the httpd_can_network_connect boolean set * Sun Jun 18 2006 Paul Howarth 1.09-9 - Discard output of semodule in %%postun - Include some documentation from upstream * Fri Jun 9 2006 Paul Howarth 1.09-8 - Change default context type for socket directory from var_run_t to httpd_fastcgi_sock_t for better separation * Thu Jun 8 2006 Paul Howarth 1.09-7 - Add SELinux policy module and README.Fedora - Conflict with selinux-policy versions older than what we're built on * Mon May 15 2006 Paul Howarth 1.09-6 - Instead of conflicting with mod_fastcgi, don't add the handler for .fcg etc. if mod_fastcgi is present * Fri May 12 2006 Paul Howarth 1.09-5 - Use correct handler name in fcgid.conf - Conflict with mod_fastcgi - Create directory %%{_localstatedir}/run/mod_fcgid for sockets * Thu May 11 2006 Paul Howarth 1.09-4 - Cosmetic tweaks (personal preferences) - Don't include INSTALL.TXT, nothing of use to end users * Wed May 10 2006 Thomas Antony 1.09-3 - Initial release