Bug 152846 - [PATCH] www/mod_fcgid - update to the new version with security fix
Summary: [PATCH] www/mod_fcgid - update to the new version with security fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Philip M. Gollucci
Depends on:
Reported: 2010-12-05 03:30 UTC by Marko Njezic
Modified: 2010-12-27 20:00 UTC (History)
0 users

See Also:

file.diff (2.79 KB, patch)
2010-12-05 03:30 UTC, Marko Njezic
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marko Njezic 2010-12-05 03:30:11 UTC
Update mod_fcgid Apache module to the recently released version 2.3.6, with various improvements and a fix for potential security vulnerability, which can affect sites with untrusted FastCGI applications ( CVE-2010-3872 ).

Patch file "patch-modules-fcgid-fcgid_mutex_unix.c" that was included with previous version of port is no longer necessary and can be removed, since the fix is now included.

However, a new patch file "patch-modules-fcgid-fcgid_spawn_ctl.c" has been added, which fixes one regression introduced in version 2.3.6. This fix has been obtained from download page of mod_fcgid module and can also be seen in mod_fcgid's SVN repository.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer 2010-12-05 03:30:19 UTC
Responsible Changed
From-To: freebsd-ports-bugs->apache

apache@ wants this port PRs (via the GNATS Auto Assign Tool)
Comment 2 Edwin Groothuis freebsd_committer 2010-12-05 03:30:23 UTC
Maintainer of www/mod_fcgid,

Please note that PR ports/152846 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:

Edwin Groothuis via the GNATS Auto Assign Tool
Comment 3 Edwin Groothuis freebsd_committer 2010-12-05 03:30:27 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 4 Philip M. Gollucci freebsd_committer 2010-12-07 04:16:09 UTC
Responsible Changed
From-To: apache->pgollucci

I will take it.
Comment 5 Philip M. Gollucci freebsd_committer 2010-12-24 07:34:15 UTC
State Changed
From-To: feedback->open

maintainer timeout (hemi@puresimplicity.net ; 17 days)
Comment 6 dfilter service freebsd_committer 2010-12-27 19:56:10 UTC
pgollucci    2010-12-27 19:56:06 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_fcgid        Makefile distinfo 
  Added files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_spawn_ctl.c 
  Removed files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_mutex_unix.c 
  - Update to 2.3.6
  - Remove MD5
  PR:             ports/152846
  Submitted by:   Marko Njezic <mrmax063@maxempire.com>
  Approved by:    maintainer timeout (hemi@puresimplicity.net ; 17 days)
  Revision  Changes    Path
  1.21      +1 -1      ports/www/mod_fcgid/Makefile
  1.11      +3 -3      ports/www/mod_fcgid/distinfo
  1.2       +0 -17     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c (dead)
  1.1       +17 -0     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c (new)
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 Philip M. Gollucci freebsd_committer 2010-12-27 19:56:11 UTC
State Changed
From-To: open->closed

Committed, Thanks!