Bug 152846 - [PATCH] www/mod_fcgid - update to the new version with security fix
[PATCH] www/mod_fcgid - update to the new version with security fix
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: pgollucci
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-12-05 03:30 UTC by mrmax063
Modified: 2010-12-27 20:00 UTC (History)
0 users

See Also:


Attachments
file.diff (2.79 KB, patch)
2010-12-05 03:30 UTC, mrmax063
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mrmax063 2010-12-05 03:30:11 UTC
Update mod_fcgid Apache module to the recently released version 2.3.6, with various improvements and a fix for potential security vulnerability, which can affect sites with untrusted FastCGI applications ( CVE-2010-3872 ).

Patch file "patch-modules-fcgid-fcgid_mutex_unix.c" that was included with previous version of port is no longer necessary and can be removed, since the fix is now included.

However, a new patch file "patch-modules-fcgid-fcgid_spawn_ctl.c" has been added, which fixes one regression introduced in version 2.3.6. This fix has been obtained from download page of mod_fcgid module and can also be seen in mod_fcgid's SVN repository.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer 2010-12-05 03:30:19 UTC
Responsible Changed
From-To: freebsd-ports-bugs->apache

apache@ wants this port PRs (via the GNATS Auto Assign Tool)
Comment 2 Edwin Groothuis freebsd_committer 2010-12-05 03:30:23 UTC
Maintainer of www/mod_fcgid,

Please note that PR ports/152846 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/152846

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 3 Edwin Groothuis freebsd_committer 2010-12-05 03:30:27 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 4 pgollucci freebsd_committer 2010-12-07 04:16:09 UTC
Responsible Changed
From-To: apache->pgollucci

I will take it.
Comment 5 pgollucci freebsd_committer 2010-12-24 07:34:15 UTC
State Changed
From-To: feedback->open

maintainer timeout (hemi@puresimplicity.net ; 17 days)
Comment 6 dfilter freebsd_committer 2010-12-27 19:56:10 UTC
pgollucci    2010-12-27 19:56:06 UTC

  FreeBSD ports repository

  Modified files:
    www/mod_fcgid        Makefile distinfo 
  Added files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_spawn_ctl.c 
  Removed files:
    www/mod_fcgid/files  patch-modules-fcgid-fcgid_mutex_unix.c 
  Log:
  - Update to 2.3.6
  - Remove MD5
  
  PR:             ports/152846
  Submitted by:   Marko Njezic <mrmax063@maxempire.com>
  Approved by:    maintainer timeout (hemi@puresimplicity.net ; 17 days)
  
  Revision  Changes    Path
  1.21      +1 -1      ports/www/mod_fcgid/Makefile
  1.11      +3 -3      ports/www/mod_fcgid/distinfo
  1.2       +0 -17     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c (dead)
  1.1       +17 -0     ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 pgollucci freebsd_committer 2010-12-27 19:56:11 UTC
State Changed
From-To: open->closed

Committed, Thanks!