Attachment 153202 Details for Bug 197844 – update fcgi to 2.4.0_5 + CVE patch

[patch] update fcgi to 2.4.0_5 + CVE patch

fcgi.diff (text/plain), 3.43 KB, created by Rodrigo Osorio on 2015-02-20 10:29:38 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Rodrigo Osorio

Created: 2015-02-20 10:29:38 UTC

Size: 3.43 KB

patch

obsolete

>Index: www/fcgi/Makefile
>===================================================================
>--- www/fcgi/Makefile	(revision 378450)
>+++ www/fcgi/Makefile	(working copy)
>@@ -3,7 +3,7 @@
> 
> PORTNAME=	fcgi
> PORTVERSION=	2.4.0
>-PORTREVISION=	4
>+PORTREVISION=	5
> CATEGORIES=	www
> MASTER_SITES=	http://www.fastcgi.com/dist/ \
> 		http://www.skysmurf.nl/comp/FreeBSD/distfiles/
>Index: www/fcgi/files/patch-CVE-2012-6687-pool
>===================================================================
>--- www/fcgi/files/patch-CVE-2012-6687-pool	(revision 0)
>+++ www/fcgi/files/patch-CVE-2012-6687-pool	(working copy)
>@@ -0,0 +1,81 @@
>+diff --git a/libfcgi/os_unix.c b/libfcgi/os_unix.c
>+index 73e6a7f..af35aee 100755
>+--- libfcgi/os_unix.c
>++++ libfcgi/os_unix.c
>+@@ -42,6 +42,7 @@ static const char rcsid[] = "$Id: os_unix.c,v 1.37 2002/03/05 19:14:49 robs Exp
>+ #include <sys/time.h>
>+ #include <sys/un.h>
>+ #include <signal.h>
>++#include <poll.h>
>+ 
>+ #ifdef HAVE_NETDB_H
>+ #include <netdb.h>
>+@@ -103,6 +104,9 @@ static int volatile maxFd = -1;
>+ static int shutdownPending = FALSE;
>+ static int shutdownNow = FALSE;
>+ 
>++static int libfcgiOsClosePollTimeout = 2000;
>++static int libfcgiIsAfUnixKeeperPollTimeout = 2000;
>++
>+ void OS_ShutdownPending()
>+ {
>+     shutdownPending = TRUE;
>+@@ -168,6 +172,16 @@ int OS_LibInit(int stdioFds[3])
>+     if(libInitialized)
>+         return 0;
>+ 
>++    char *libfcgiOsClosePollTimeoutStr = getenv( "LIBFCGI_OS_CLOSE_POLL_TIMEOUT" );
>++    if(libfcgiOsClosePollTimeoutStr) {
>++        libfcgiOsClosePollTimeout = atoi(libfcgiOsClosePollTimeoutStr);
>++    }
>++
>++    char *libfcgiIsAfUnixKeeperPollTimeoutStr = getenv( "LIBFCGI_IS_AF_UNIX_KEEPER_POLL_TIMEOUT" );
>++    if(libfcgiIsAfUnixKeeperPollTimeoutStr) {
>++        libfcgiIsAfUnixKeeperPollTimeout = atoi(libfcgiIsAfUnixKeeperPollTimeoutStr);
>++    }
>++
>+     asyncIoTable = (AioInfo *)malloc(asyncIoTableSize * sizeof(AioInfo));
>+     if(asyncIoTable == NULL) {
>+         errno = ENOMEM;
>+@@ -755,19 +769,16 @@ int OS_Close(int fd)
>+ 
>+     if (shutdown(fd, 1) == 0)
>+     {
>+-        struct timeval tv;
>+-        fd_set rfds;
>++        struct pollfd pfd;
>+         int rv;
>+         char trash[1024];
>+ 
>+-        FD_ZERO(&rfds);
>++        pfd.fd = fd;
>++        pfd.events = POLLIN;
>+ 
>+         do 
>+         {
>+-            FD_SET(fd, &rfds);
>+-            tv.tv_sec = 2;
>+-            tv.tv_usec = 0;
>+-            rv = select(fd + 1, &rfds, NULL, NULL, &tv);
>++            rv = poll(&pfd, 1, libfcgiOsClosePollTimeout);
>+         }
>+         while (rv > 0 && read(fd, trash, sizeof(trash)) > 0);
>+     }
>+@@ -1116,13 +1127,11 @@ static int is_reasonable_accept_errno (const int error)
>+  */
>+ static int is_af_unix_keeper(const int fd)
>+ {
>+-    struct timeval tval = { READABLE_UNIX_FD_DROP_DEAD_TIMEVAL };
>+-    fd_set read_fds;
>+-
>+-    FD_ZERO(&read_fds);
>+-    FD_SET(fd, &read_fds);
>++    struct pollfd pfd;
>++    pfd.fd = fd;
>++    pfd.events = POLLIN;
>+ 
>+-    return select(fd + 1, &read_fds, NULL, NULL, &tval) >= 0 && FD_ISSET(fd, &read_fds);
>++    return poll(&pfd, 1, libfcgiIsAfUnixKeeperPollTimeout) >= 0 && (pfd.revents & POLLIN);
>+ }
>+ 
>+ /*
>
>Property changes on: www/fcgi/files/patch-CVE-2012-6687-pool
>___________________________________________________________________
>Added: fbsd:nokeywords
>## -0,0 +1 ##
>+yes
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property

Actions: View | Diff

Attachments on bug 197844: 153202 | 153215