Bug 152846 - [PATCH] www/mod_fcgid - update to the new version with security fix
Summary: [PATCH] www/mod_fcgid - update to the new version with security fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Philip M. Gollucci
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-05 03:30 UTC by Marko Njezic
Modified: 2010-12-27 20:00 UTC (History)
0 users

See Also:

Attachments
file.diff (2.79 KB, patch)
2010-12-05 03:30 UTC, Marko Njezic 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marko Njezic 2010-12-05 03:30:11 UTC 
Update mod_fcgid Apache module to the recently released version 2.3.6, with various improvements and a fix for potential security vulnerability, which can affect sites with untrusted FastCGI applications ( CVE-2010-3872 ).

Patch file "patch-modules-fcgid-fcgid_mutex_unix.c" that was included with previous version of port is no longer necessary and can be removed, since the fix is now included.

However, a new patch file "patch-modules-fcgid-fcgid_spawn_ctl.c" has been added, which fixes one regression introduced in version 2.3.6. This fix has been obtained from download page of mod_fcgid module and can also be seen in mod_fcgid's SVN repository.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-12-05 03:30:19 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->apache

apache@ wants this port PRs (via the GNATS Auto Assign Tool)
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2010-12-05 03:30:23 UTC 
Maintainer of www/mod_fcgid,

Please note that PR ports/152846 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/152846

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 3 Edwin Groothuis freebsd_committer freebsd_triage 2010-12-05 03:30:27 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 4 Philip M. Gollucci freebsd_committer freebsd_triage 2010-12-07 04:16:09 UTC 
Responsible Changed
From-To: apache->pgollucci

I will take it.
Comment 5 Philip M. Gollucci freebsd_committer freebsd_triage 2010-12-24 07:34:15 UTC 
State Changed
From-To: feedback->open

maintainer timeout (hemi@puresimplicity.net ; 17 days)
Comment 6 dfilter service freebsd_committer freebsd_triage 2010-12-27 19:56:10 UTC 
pgollucci    2010-12-27 19:56:06 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_fcgid        Makefile distinfo 
  Added files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_spawn_ctl.c 
  Removed files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_mutex_unix.c 
  Log:
  - Update to 2.3.6
  - Remove MD5
  
  PR:             ports/152846
  Submitted by:   Marko Njezic <mrmax063@maxempire.com>
  Approved by:    maintainer timeout (hemi@puresimplicity.net ; 17 days)
  
  Revision  Changes    Path
  1.21      +1 -1      ports/www/mod_fcgid/Makefile
  1.11      +3 -3      ports/www/mod_fcgid/distinfo
  1.2       +0 -17     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c (dead)
  1.1       +17 -0     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 Philip M. Gollucci freebsd_committer freebsd_triage 2010-12-27 19:56:11 UTC 
State Changed
From-To: open->closed

Committed, Thanks!