rpms/mod_fcgid/EL-4 fastcgi-2.5.te, NONE, 1.1 mod_fcgid-2.1-README.RPM, NONE, 1.1 .cvsignore, 1.4, 1.5 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.1, 1.2 fcgid.conf, 1.2, 1.3 mod_fcgid-2.1-README.SELinux, 1.1, 1.2 mod_fcgid.spec, 1.4, 1.5 sources, 1.4, 1.5 mod_fcgid-2.1-README.Fedora, 1.1, NONE

Sun Apr 27 22:58:03 UTC 2008

Author: pghmcfc

Update of /cvs/pkgs/rpms/mod_fcgid/EL-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17358

Modified Files:
	.cvsignore fastcgi.fc fastcgi.te fcgid.conf 
	mod_fcgid-2.1-README.SELinux mod_fcgid.spec sources 
Added Files:
	fastcgi-2.5.te mod_fcgid-2.1-README.RPM 
Removed Files:
	mod_fcgid-2.1-README.Fedora 
Log Message:
Update to 2.2, resync with Fedora

--- NEW FILE fastcgi-2.5.te ---
policy_module(fastcgi, 0.2.2)

type httpd_fastcgi_var_run_t;
files_type(httpd_fastcgi_var_run_t)

require {
	type devpts_t;
	type httpd_t;
	type httpd_config_t;
	type httpd_log_t;
	type httpd_sys_script_exec_t;
	type httpd_sys_content_t;
	type httpd_tmp_t;
};

# ==========================================================
# Create and use httpd_fastcgi_script_t for mod_fcgid apps
# ==========================================================

apache_content_template(fastcgi)
kernel_read_kernel_sysctls(httpd_fastcgi_script_t)

## <desc>
## <p>
## Allow FastCGI applications to write to public content 
## </p>
## </desc>
gen_tunable(allow_httpd_fastcgi_script_anon_write,false)

## <desc>
## <p>
## Allow FastCGI applications to make outbound SMTP connections
## </p>
## </desc>
gen_tunable(httpd_fastcgi_can_sendmail,false)

tunable_policy(`allow_httpd_fastcgi_script_anon_write',`
	miscfiles_manage_public_files(httpd_fastcgi_script_t)
')

tunable_policy(`httpd_fastcgi_can_sendmail',`
	corenet_tcp_connect_smtp_port(httpd_fastcgi_script_t)
	corenet_tcp_sendrecv_smtp_port(httpd_fastcgi_script_t)
')

# Allow FastCGI applications to do DNS lookups
sysnet_dns_name_resolve(httpd_fastcgi_script_t)

# Allow FastCGI applications to live alongside regular CGI apps
allow httpd_fastcgi_script_t httpd_sys_script_exec_t:dir { search_dir_perms };
allow httpd_fastcgi_script_t httpd_sys_content_t:dir { search_dir_perms };

# Allow FastCGI applications to read the routing table
allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };

# Allow httpd to create and use files and sockets for communicating with mod_fcgid
manage_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
manage_sock_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
setattr_dirs_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)

# Allow httpd to read httpd_fastcgi_content_t
allow httpd_t httpd_fastcgi_content_t:dir list_dir_perms;
read_files_pattern(httpd_t,httpd_fastcgi_content_t,httpd_fastcgi_content_t)
read_lnk_files_pattern(httpd_t,httpd_fastcgi_content_t,httpd_fastcgi_content_t)

# Allow FastCGI applications to listen for FastCGI requests on their
# sockets and respond to them
allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };

# These are probably leaked file descriptors
dontaudit httpd_t devpts_t:chr_file ioctl;
dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;

# ======================================================
# Equivalent policy cribbed from httpd_sys_script_t
# ======================================================

dontaudit httpd_fastcgi_script_t httpd_config_t:dir search;

fs_search_auto_mountpoints(httpd_fastcgi_script_t)

# PHP uploads a file to /tmp and then execs programs to action them
manage_dirs_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
manage_files_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })

files_search_var_lib(httpd_fastcgi_script_t)
files_search_spool(httpd_fastcgi_script_t)

# Should we add a boolean?
apache_domtrans_rotatelogs(httpd_fastcgi_script_t)

ifdef(`distro_redhat',`
	allow httpd_fastcgi_script_t httpd_log_t:file { getattr append };
')

ifdef(`targeted_policy',`
	tunable_policy(`httpd_enable_homedirs',`
		userdom_search_generic_user_home_dirs(httpd_fastcgi_script_t)
	')
')

tunable_policy(`httpd_use_nfs', `
	fs_read_nfs_files(httpd_fastcgi_script_t)
	fs_read_nfs_symlinks(httpd_fastcgi_script_t)
')

tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
	fs_read_nfs_files(httpd_fastcgi_script_t)
	fs_read_nfs_symlinks(httpd_fastcgi_script_t)
')

tunable_policy(`httpd_use_cifs', `
	fs_read_cifs_files(httpd_fastcgi_script_t)
	fs_read_cifs_symlinks(httpd_fastcgi_script_t)
')

tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
	fs_read_cifs_files(httpd_fastcgi_script_t)
	fs_read_cifs_symlinks(httpd_fastcgi_script_t)
')

optional_policy(`
	mysql_stream_connect(httpd_fastcgi_script_t)
	mysql_rw_db_sockets(httpd_fastcgi_script_t)
')

optional_policy(`
	clamav_domtrans_clamscan(httpd_fastcgi_script_t)
')



--- NEW FILE mod_fcgid-2.1-README.RPM ---
Using the mod_fcgid RPM Package
===============================

This mod_fcgid package includes a configuration file
/etc/httpd/conf.d/fcgid.conf that ensures that the module is loaded and
added as the handler for .fcg, .fcgi, and .fpl applications (provided
mod_fastcgi in not already loaded, in which case you will need to decide which
module should handle which types of application).

So far the module package has only been tested in conjunction with the "moin"
wiki application. Further feedback regarding other applications is welcome.

Setting up moin with mod_fcgid
==============================

Setting up moin with mod_fcgid is very similar to setting it up as a regular
CGI application.

 * Create a directory for your wiki instance:

    DESTDIR=/var/www/mywiki
    mkdir -p $DESTDIR/cgi-bin

 * Copy in the wiki template data and the application itself:

    cp -a /usr/share/moin/{data,underlay} $DESTDIR
    cp -a /usr/share/moin/server/moin.fcg $DESTDIR/cgi-bin
    cp -a /usr/share/moin/config/wikiconfig.py $DESTDIR/cgi-bin

 * Fix the directory ownership

    chown -R apache:apache $DESTDIR/{data,underlay}

 * Edit $DESTDIR/cgi-bin/wikiconfig.py to suit your needs

 * Create a httpd configuration file for the wiki, e.g.
   /etc/httpd/conf.d/mywiki.conf

    # Wiki application data common to all wiki instances
    Alias /wiki/ "/usr/share/moin/htdocs/"
    <Directory "/usr/share/moin/htdocs/">
      Options Indexes FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
    </Directory>

    # Wiki instance with mod_fcgid
    <IfModule mod_fcgid.c>
      ScriptAlias /mywiki "/var/www/mywiki/cgi-bin/moin.fcg"
      <Directory "/var/www/mywiki/cgi-bin/">
        Options Indexes FollowSymLinks ExecCGI
        AllowOverride None
        Order allow,deny
        Allow from all
      </Directory>
    </IfModule>

 * If you are using SELinux with Fedora Core 5 or later, or Red Hat Enterprise
   Linux 5 or later, install the mod_fcgid-selinux package and see the
   README.SELinux file in that package for details of the file contexts to use

 * Restart the web server to load the new configuration:

   service httpd restart

That should do it!


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-4/.cvsignore,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- .cvsignore	16 Feb 2007 14:20:03 -0000	1.4
+++ .cvsignore	27 Apr 2008 22:57:27 -0000	1.5
@@ -1 +1 @@
-mod_fcgid.2.1.tar.gz
+mod_fcgid.2.2.tar.gz


Index: fastcgi.fc
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-4/fastcgi.fc,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fastcgi.fc	6 Sep 2006 13:08:59 -0000	1.1
+++ fastcgi.fc	27 Apr 2008 22:57:27 -0000	1.2
@@ -1 +1 @@
-/var/run/mod_fcgid(/.*)?		 gen_context(system_u:object_r:httpd_fastcgi_sock_t,s0)
+/var/run/mod_fcgid(/.*)?		 gen_context(system_u:object_r:httpd_fastcgi_var_run_t,s0)


Index: fastcgi.te
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-4/fastcgi.te,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fastcgi.te	6 Sep 2006 13:08:59 -0000	1.1
+++ fastcgi.te	27 Apr 2008 22:57:27 -0000	1.2
@@ -1,7 +1,7 @@
-policy_module(fastcgi, 0.1.6)
+policy_module(fastcgi, 0.1.9)
 
-type httpd_fastcgi_sock_t;
-files_type(httpd_fastcgi_sock_t)
+type httpd_fastcgi_var_run_t;
+files_type(httpd_fastcgi_var_run_t)
 
 require {
 	type devpts_t;
@@ -10,6 +10,7 @@
 	type httpd_log_t;
 	type httpd_sys_script_exec_t;
 	type httpd_sys_content_t;
+	type httpd_tmp_t;
 };
 
 # ==========================================================
@@ -19,6 +20,18 @@
 apache_content_template(fastcgi)
 kernel_read_kernel_sysctls(httpd_fastcgi_script_t)
 
+## <desc>
+## <p>
+## Allow FastCGI applications to make outbound SMTP connections
+## </p>
+## </desc>
+gen_tunable(httpd_fastcgi_can_sendmail,false)
+
+tunable_policy(`httpd_fastcgi_can_sendmail',`
+	corenet_tcp_connect_smtp_port(httpd_fastcgi_script_t)
+	corenet_tcp_sendrecv_smtp_port(httpd_fastcgi_script_t)
+')
+
 # Allow FastCGI applications to do DNS lookups
 sysnet_dns_name_resolve(httpd_fastcgi_script_t)
 
@@ -29,9 +42,10 @@
 # Allow FastCGI applications to read the routing table
 allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
 
-# Allow httpd to create and use sockets for communicating with mod_fcgid
-allow httpd_t httpd_fastcgi_sock_t:dir { rw_dir_perms setattr };
-allow httpd_t httpd_fastcgi_sock_t:sock_file { create_file_perms };
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+allow httpd_t httpd_fastcgi_var_run_t:dir { rw_dir_perms setattr };
+allow httpd_t httpd_fastcgi_var_run_t:file { create_file_perms };
+allow httpd_t httpd_fastcgi_var_run_t:sock_file { create_file_perms };
 
 # Allow httpd to read httpd_fastcgi_content_t
 # (shouldn't this be in the content template?)
@@ -43,11 +57,9 @@
 # sockets and respond to them
 allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
 
-# FastCGI application doing something to the httpd error log
-dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
-
-# Not sure what this is doing (happens when fastcgi scripts start)
+# These are probably leaked file descriptors
 dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
 
 # ======================================================
 # Equivalent policy cribbed from httpd_sys_script_t
@@ -55,9 +67,19 @@
 
 dontaudit httpd_fastcgi_script_t httpd_config_t:dir search;
 
+fs_search_auto_mountpoints(httpd_fastcgi_script_t)
+
+# PHP uploads a file to /tmp and then execs programs to action them
+allow httpd_fastcgi_script_t httpd_tmp_t:dir manage_dir_perms;
+allow httpd_fastcgi_script_t httpd_tmp_t:file manage_file_perms;
+files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
 files_search_var_lib(httpd_fastcgi_script_t)
 files_search_spool(httpd_fastcgi_script_t)
 
+# Should we add a boolean?
+apache_domtrans_rotatelogs(httpd_fastcgi_script_t)
+
 ifdef(`distro_redhat',`
 	allow httpd_fastcgi_script_t httpd_log_t:file { getattr append };
 ')
@@ -68,8 +90,22 @@
 	')
 ')
 
+tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
+	fs_read_nfs_files(httpd_fastcgi_script_t)
+	fs_read_nfs_symlinks(httpd_fastcgi_script_t)
+')
+
+tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
+	fs_read_cifs_files(httpd_fastcgi_script_t)
+	fs_read_cifs_symlinks(httpd_fastcgi_script_t)
+')
+
 optional_policy(`
 	mysql_stream_connect(httpd_fastcgi_script_t)
 	mysql_rw_db_sockets(httpd_fastcgi_script_t)
 ')
 
+optional_policy(`
+	clamav_domtrans_clamscan(httpd_fastcgi_script_t)
+')
+


Index: fcgid.conf
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-4/fcgid.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fcgid.conf	16 Feb 2007 14:20:03 -0000	1.2
+++ fcgid.conf	27 Apr 2008 22:57:27 -0000	1.3
@@ -13,4 +13,4 @@
 
 # Sane place to put sockets and shared memory file
 SocketPath run/mod_fcgid
-SharememPath run/fcgid_shm
+SharememPath run/mod_fcgid/fcgid_shm


Index: mod_fcgid-2.1-README.SELinux
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-4/mod_fcgid-2.1-README.SELinux,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_fcgid-2.1-README.SELinux	16 Feb 2007 14:20:03 -0000	1.1
+++ mod_fcgid-2.1-README.SELinux	27 Apr 2008 22:57:27 -0000	1.2
@@ -1,10 +1,11 @@
-Using mod_fcgid with SELinux in Fedora Core 5 onwards
-=====================================================
+Using mod_fcgid with SELinux in Fedora Core 5 / RHEL 5 onwards
+==============================================================
 
-Versions of this package built for Fedora Core 5 or later include an SELinux
-policy module to support FastCGI applications. This has only been tested so far
-with moin, so feedback from other applications is welcome. The intention is for
-this module to be included in the SELinux reference policy eventually.
+Versions of this package built for Fedora Core 5 / Red Hat Enterprise Linux 5
+or later include an SELinux policy module to support FastCGI applications.
+This has only been tested so far with moin, so feedback from other applications
+is welcome. The intention is for this module to be included in the SELinux
+reference policy eventually.
 
 The module source (fastcgi.{fc,te}) is included for reference as documentation
 in the package.
@@ -36,7 +37,7 @@
    httpd_fastcgi_script_exec_t scripts to read/append to the file, and
    disallow other non-fastcgi scripts from access.
 
-So for the moin wiki layout described in README.Fedora of the main mod_fcgid
+So for the moin wiki layout described in README.RPM of the main mod_fcgid
 package, the contexts would be set as follows:
 
     cd /var/www/mywiki
@@ -56,6 +57,16 @@
 useful if you have a mixture of CGI and FastCGI applications accessing the
 same data.
 
+The httpd_fastcgi_can_sendmail boolean is used to specify whether any of your
+FastCGI applications can make outbound SMTP connections (e.g. moin sending
+notifications). By default it is off, but can be enabled as follows:
+
+    setsebool -P httpd_fastcgi_can_sendmail 1
+
+Only enable this functionality if you actually need it, since it increases the
+chances that any vulnerability in any of your FastCGI applications could be
+exploited by a spammer.
+
 If you have any questions or issues regarding FastCGI and SELinux, please don't
 hesitate to bring them up on fedora-selinux-list.
 


Index: mod_fcgid.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-4/mod_fcgid.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- mod_fcgid.spec	16 Feb 2007 14:20:03 -0000	1.4
+++ mod_fcgid.spec	27 Apr 2008 22:57:27 -0000	1.5
@@ -1,5 +1,5 @@
-# FC5 and later include SELinux policy module packages
-%if 0%{?fedora} < 5
+# FC5, RHEL5 and later include SELinux policy module packages
+%if 0%{?fedora}%{?rhel} < 5
 %define selinux_module 0
 %define selinux_variants %{nil}
 %define selinux_buildreqs %{nil}
@@ -9,25 +9,26 @@
 %define selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink
 %endif
 
-Name:           mod_fcgid
-Version:        2.1
-Release:        1%{?dist}
-Summary:        Apache2 module for high-performance server-side scripting 
-Group:          System Environment/Daemons
-License:        GPL
-URL:            http://fastcgi.coremail.cn/
-Source0:        http://dl.sf.net/mod-fcgid/mod_fcgid.%{version}.tar.gz
-Source1:        fcgid.conf
-Source2:        fastcgi.te
-Source3:        fastcgi.fc
-Source4:        mod_fcgid-2.1-README.Fedora
-Source5:        http://fastcgi.coremail.cn/doc.htm
-Source6:        http://fastcgi.coremail.cn/configuration.htm
-Source7:        mod_fcgid-2.1-README.SELinux
-Patch0:         mod_fcgid.2.1-docurls.patch
-BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires:  httpd-devel >= 2.0
-Requires:       httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
+Name:		mod_fcgid
+Version:	2.2
+Release:	4%{?dist}
+Summary:	Apache2 module for high-performance server-side scripting 
+Group:		System Environment/Daemons
+License:	GPL+
+URL:		http://fastcgi.coremail.cn/
+Source0:	http://downloads.sf.net/mod-fcgid/mod_fcgid.%{version}.tar.gz
+Source1:	fcgid.conf
+Source2:	fastcgi.te
+Source3:	fastcgi.fc
+Source4:	mod_fcgid-2.1-README.RPM
+Source5:	http://fastcgi.coremail.cn/doc.htm
+Source6:	http://fastcgi.coremail.cn/configuration.htm
+Source7:	mod_fcgid-2.1-README.SELinux
+Source8:	fastcgi-2.5.te
+Patch0:		mod_fcgid.2.1-docurls.patch
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires:	gawk, httpd-devel >= 2.0, pkgconfig
+Requires:	httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && %{__cat} %{_includedir}/httpd/.mmn || echo missing)
 
 %description
 mod_fcgid is a binary-compatible alternative to the Apache module mod_fastcgi.
@@ -36,11 +37,12 @@
 as possible.
 
 %if %{selinux_module}
-%define selinux_policyver %(sed -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
+%define selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp)
+%define selinux_policynum %(echo %{selinux_policyver} | %{__awk} -F. '{ printf "%d%02d%02d", $1, $2, $3 }')
 %package selinux
-Summary:          SELinux policy module supporting FastCGI applications with mod_fcgid
-Group:            System Environment/Base
-BuildRequires:    %{selinux_buildreqs}
+Summary:	  SELinux policy module supporting FastCGI applications with mod_fcgid
+Group:		  System Environment/Base
+BuildRequires:	  %{selinux_buildreqs}
 # selinux-policy is required for directory ownership of %{_datadir}/selinux/*
 # Modules built against one version of a policy may not work with older policy
 # versions, as noted on fedora-selinux-list:
@@ -48,10 +50,10 @@
 # Hence the versioned dependency. The versioning will hopefully be replaced by
 # an ABI version requirement or something similar in the future
 %if "%{selinux_policyver}" != ""
-Requires:         selinux-policy >= %{selinux_policyver}
+Requires:	  selinux-policy >= %{selinux_policyver}
 %endif
-Requires:         %{name} = %{version}-%{release}
-Requires(post):   /usr/sbin/semodule, /sbin/restorecon
+Requires:	  %{name} = %{version}-%{release}
+Requires(post):	  /usr/sbin/semodule, /sbin/restorecon
 Requires(postun): /usr/sbin/semodule, /sbin/restorecon
 
 %description selinux
@@ -61,14 +63,20 @@
 %prep
 %setup -q -n mod_fcgid.%{version}
 %{__cp} -p %{SOURCE1} fcgid.conf
+%if 0%{?selinux_policynum} < 20501
 %{__cp} -p %{SOURCE2} fastcgi.te
+%else
+%{__cp} -p %{SOURCE8} fastcgi.te
+%endif
 %{__cp} -p %{SOURCE3} fastcgi.fc
-%{__cp} -p %{SOURCE4} README.Fedora
+%{__cp} -p %{SOURCE4} README.RPM
 %{__cp} -p %{SOURCE5} directives.htm
 %{__cp} -p %{SOURCE6} configuration.htm
 %{__cp} -p %{SOURCE7} README.SELinux
 %patch0 -p1
 %{__sed} -i -e 's/\r$//' directives.htm configuration.htm
+/usr/bin/iconv -f gb2312 -t utf8 < configuration.htm > configuration.htm.utf8
+%{__mv} -f configuration.htm.utf8 configuration.htm
 
 %build
 topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
@@ -76,9 +84,9 @@
 %if %{selinux_module}
 for selinuxvariant in %{selinux_variants}
 do
-  %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
-  %{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant}
-  %{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+	%{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+	%{__mv} fastcgi.pp fastcgi.pp.${selinuxvariant}
+	%{__make} NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
 done
 %endif
 
@@ -86,10 +94,10 @@
 %{__rm} -rf %{buildroot}
 topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
 %{__make} \
-  top_dir=${topdir} \
-  DESTDIR=%{buildroot} \
-  MKINSTALLDIRS="%{__mkdir_p}" \
-  install
+	top_dir=${topdir} \
+	DESTDIR=%{buildroot} \
+	MKINSTALLDIRS="%{__mkdir_p}" \
+	install
 %{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf
 %{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid
 
@@ -97,9 +105,9 @@
 %if %{selinux_module}
 for selinuxvariant in %{selinux_variants}
 do
-  %{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
-  %{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \
-    %{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
+	%{__install} -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+	%{__install} -p -m 644 fastcgi.pp.${selinuxvariant} \
+		%{buildroot}%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp
 done
 # Hardlink identical policy module packages together
 /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
@@ -113,33 +121,33 @@
 # Install SELinux policy modules
 for selinuxvariant in %{selinux_variants}
 do
-  /usr/sbin/semodule -s ${selinuxvariant} -i \
-    %{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
+	/usr/sbin/semodule -s ${selinuxvariant} -i \
+		%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
 done
 # Fix up non-standard directory context
-/sbin/restorecon %{_localstatedir}/run/mod_fcgid || :
+/sbin/restorecon -R %{_localstatedir}/run/mod_fcgid || :
 
 %postun selinux
 # Clean up after package removal
 if [ $1 -eq 0 ]; then
-  # Remove SELinux policy modules
-  for selinuxvariant in %{selinux_variants}
-  do
-    /usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
-  done
-  # Clean up any remaining file contexts (shouldn't be any really)
-  [ -d %{_localstatedir}/run/mod_fcgid ] && \
-    /sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || :
+	# Remove SELinux policy modules
+	for selinuxvariant in %{selinux_variants}; do
+		/usr/sbin/semodule -s ${selinuxvariant} -r fastcgi &> /dev/null || :
+	done
+	# Clean up any remaining file contexts (shouldn't be any really)
+	[ -d %{_localstatedir}/run/mod_fcgid ] && \
+		/sbin/restorecon -R %{_localstatedir}/run/mod_fcgid &> /dev/null || :
 fi
+exit 0
 %endif
 
 %files
 %defattr(-,root,root,-)
 %doc ChangeLog AUTHOR COPYING configuration.htm directives.htm
-%doc README.Fedora
+%doc README.RPM
 %{_libdir}/httpd/modules/mod_fcgid.so
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/fcgid.conf
-%dir %attr(0755,apache,apache) %{_localstatedir}/run/mod_fcgid
+%dir %attr(0755,apache,apache) %{_localstatedir}/run/mod_fcgid/
 
 %if %{selinux_module}
 %files selinux
@@ -149,6 +157,48 @@
 %endif
 
 %changelog
+* Thu Feb 14 2008 Paul Howarth <paul at city-fan.org> 2.2-4
+- Rebuild with gcc 4.3.0 for Fedora 9
+
+* Mon Jan 14 2008 Paul Howarth <paul at city-fan.org> 2.2-3
+- Update SELinux policy to fix occasional failures on restarts
+  (move shared memory file into /var/run/mod_fcgid directory)
+
+* Thu Jan  3 2008 Paul Howarth <paul at city-fan.org> 2.2-2
+- Update SELinux policy to support file transition to httpd_tmp_t for
+  temporary files
+
+* Fri Sep 14 2007 Paul Howarth <paul at city-fan.org> 2.2-1
+- Update to version 2.2
+- Make sure docs are encoded as UTF-8
+
+* Mon Sep  3 2007 Joe Orton <jorton at redhat.com> 2.1-6
+- rebuild for fixed 32-bit APR (#254241)
+
+* Thu Aug 23 2007 Paul Howarth <paul at city-fan.org> 2.1-5
+- Update source URL to point to downloads.sf.net rather than dl.sf.net
+- Upstream released new tarball without changing version number, though the
+  only change was in arch/win32/fcgid_pm_win.c, which is not used to build the
+  RPM package
+- Clarify license as GPL (unspecified/any version)
+- Unexpand tabs in spec
+- Add buildreq of gawk
+
+* Fri Aug  3 2007 Paul Howarth <paul at city-fan.org> 2.1-4
+- Add buildreq of pkgconfig, a missing dependency of both apr-devel and
+  apr-util-devel on FC5
+
+* Fri Jun 15 2007 Paul Howarth <paul at city-fan.org> 2.1-3
+- Major update of SELinux policy, supporting accessing data on NFS/CIFS shares
+  and a new boolean, httpd_fastcgi_can_sendmail, to allow connections to SMTP
+  servers
+- Fix for SELinux policy on Fedora 7, which didn't work due to changes in the
+  permissions macros in the underlying selinux-policy package
+
+* Wed Mar 21 2007 Paul Howarth <paul at city-fan.org> 2.1-2
+- Add RHEL5 with SELinux support
+- Rename README.Fedora to README.RPM
+
 * Fri Feb 16 2007 Paul Howarth <paul at city-fan.org> 2.1-1
 - Update to 2.1
 - Update documentation and patches
@@ -191,9 +241,9 @@
 * Tue Jul  4 2006 Paul Howarth <paul at city-fan.org> 1.09-10
 - SELinux policy update:
   * allow httpd to read httpd_fastcgi_content_t without having the
-    httpd_builtin_scripting boolean set
+  | httpd_builtin_scripting boolean set
   * allow httpd_fastcgi_script_t to read /etc/resolv.conf without
-    having the httpd_can_network_connect boolean set
+  | having the httpd_can_network_connect boolean set
 
 * Sun Jun 18 2006 Paul Howarth <paul at city-fan.org> 1.09-9
 - Discard output of semodule in %%postun


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/EL-4/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sources	16 Feb 2007 14:20:03 -0000	1.4
+++ sources	27 Apr 2008 22:57:27 -0000	1.5
@@ -1 +1 @@
-68a6479e398a20577334f16a8b06c418  mod_fcgid.2.1.tar.gz
+ce7d7b16e69643dbd549d43d85025983  mod_fcgid.2.2.tar.gz


--- mod_fcgid-2.1-README.Fedora DELETED ---


