Bug 201023 - [patch] www/mod_wsgi3 => www/mod_wsgi4
Summary: [patch] www/mod_wsgi3 => www/mod_wsgi4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Douglas Thrift
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2015-06-21 18:39 UTC by Olli Hauer
Modified: 2015-07-12 10:21 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (douglas)


Attachments
patch-mod_wsgi4 (6.58 KB, patch)
2015-06-21 18:39 UTC, Olli Hauer
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Olli Hauer freebsd_committer freebsd_triage 2015-06-21 18:39:51 UTC
Created attachment 157949 [details]
patch-mod_wsgi4

After seeing errors in apache log like:

Exception TypeError: "'NoneType' object is not callable" in <bound method apr_pool_t.__del__ of <libsvn.core.apr_pool_t; proxy of <Swig Object of type 'apr_pool_t *' at 0x812e38f30> >> ignored

I looked which module is the culprit, and it was mod_wsgi3 (used by viewvc).

There is an interesting note in mod_wsgi-4.4.6 [1]

=============
Version 4.4.6
=============

Version 4.4.6 of mod_wsgi can be obtained from:

  https://codeload.github.com/GrahamDumpleton/mod_wsgi/tar.gz/4.4.6

For details on the availability of Windows binaries see:

  https://github.com/GrahamDumpleton/mod_wsgi/tree/master/win32

Bugs Fixed
----------

1. Apache 2.2.29 and 2.4.11 introduce additional fields to the request
structure ``request_rec`` due to CVE-2013-5704. The addition of these
fields will cause versions of mod_wsgi from 4.4.0-4.4.5 to crash when used
in mod_wsgi daemon mode and mod_wsgi isn't initialising the new structure
members.

If you are upgrading your Apache installation to those versions or later
versions, you must also update to mod_wsgi version 4.4.6. The mod_wsgi
4.4.6 source code must have also been compiled against the newer Apache
version.


[1] https://github.com/GrahamDumpleton/mod_wsgi/blob/develop/docs/release-notes/version-4.4.6.rst

Since we have apache 2.2.29 and 2.4.12 in the tree I suggest to copy mod_wsgi3 => mod_wsgi4 and bump PORTREVISION for security/py-crits and devel/viewvc.

Patch shaped with "svn --show-copies-as-adds"
http://people.freebsd.org/~ohauer/diffs/mod_wsgi4.diff
Comment 1 Douglas Thrift 2015-07-08 03:08:46 UTC
Sounds good to me.
Comment 2 commit-hook freebsd_committer freebsd_triage 2015-07-12 10:04:34 UTC
A commit references this bug:

Author: ohauer
Date: Sun Jul 12 10:04:31 UTC 2015
New revision: 391772
URL: https://svnweb.freebsd.org/changeset/ports/391772

Log:
  - rename mod_wsgi3 => mod_wsgi4 to reflect new version

  PR:		201023
  Submitted by:	ohauer
  Approved by:	douglas_at_douglasthrift.net (maintainer)

Changes:
  head/MOVED
  head/www/mod_wsgi3/
  head/www/mod_wsgi4/
Comment 3 commit-hook freebsd_committer freebsd_triage 2015-07-12 10:10:36 UTC
A commit references this bug:

Author: ohauer
Date: Sun Jul 12 10:09:39 UTC 2015
New revision: 391773
URL: https://svnweb.freebsd.org/changeset/ports/391773

Log:
  - update to 4.4.13
  - use dedicated module file

  Bugs Fixed (since 4.4.6):
  -------------------------
  1. Apache 2.2.29 and 2.4.11 introduce additional fields to the request
  structure ``request_rec`` due to CVE-2013-5704. The addition of these
  fields will cause versions of mod_wsgi from 4.4.0-4.4.5 to crash when used
  in mod_wsgi daemon mode and mod_wsgi isn't initialising the new structure
  members.

  If you are upgrading your Apache installation to those versions or later
  versions, you must also update to mod_wsgi version 4.4.6. The mod_wsgi
  4.4.6 source code must have also been compiled against the newer Apache
  version.

  PR:		201023
  Submitted by:	ohauer
  Approved by:	douglas_at_douglasthrift.net (maintainer)

Changes:
  head/www/mod_wsgi4/Makefile
  head/www/mod_wsgi4/distinfo
  head/www/mod_wsgi4/files/270_mod_wsgi.conf.sample.in
  head/www/mod_wsgi4/pkg-descr
  head/www/mod_wsgi4/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2015-07-12 10:11:37 UTC
A commit references this bug:

Author: ohauer
Date: Sun Jul 12 10:11:34 UTC 2015
New revision: 391774
URL: https://svnweb.freebsd.org/changeset/ports/391774

Log:
  - refelct mod_wsgi3 => mod_wsgi3 update
  - bump PORTREVISION

  PR:		201023
  Submitted by:	ohauer

Changes:
  head/devel/viewvc/Makefile
  head/security/py-crits/Makefile
Comment 5 Olli Hauer freebsd_committer freebsd_triage 2015-07-12 10:21:04 UTC
Update committed