Bug#841078: libfcgi-perl: use libfcgi-dev instead of the bundled version

[Damyan Ivanov]

-=| Florian Schlichting, 17.10.2016 15:31:55 +0200 |=-
> I closed #815840 with the upload that fixed CVE-2012-6687, but 
> Tianon
> rightly suggests that the best solution would be to use libfcgi-dev and
> ignore the bundled version of libfcgi.
> 
> This doesn't seem to be so simple, though; he is running into undefined
> symbols, and I noticed that the RCS version header for os_unix.c is
> _newer_ in libfcgi-perl than what's in libfcgi-dev. Plus libfgi upstream
> seems dead as in "after many quiet years, the mailing list address
> boundes"...

libfcgi-perl seems to be pretty heavily used (popcon 121595; 4129 
vote; 11826 recent), so removing it (as was my first reaction after 
reading this bug report) does not seem feasible.

However, I managed to make it compile with the system-wide libfcgi 
after removing the two routines that are not present in Debian's 
libfcgi API: Attach and Detach.

Their description is:

  =item $req->Detach()
  
  Temporarily detaches filehandles on an accepted connection.
  
  =item $req->Attach()
  
  Re-attaches filehandles on an accepted connection.
  

What do others think, is this, together with documenting the removal 
in a Debian.NEWS entry, a feasible approach?