FreeBSD Bugzilla – Bug 152846
[PATCH] www/mod_fcgid - update to the new version with security fix
Last modified: 2010-12-27 20:00:31 UTC
Update mod_fcgid Apache module to the recently released version 2.3.6, with various improvements and a fix for potential security vulnerability, which can affect sites with untrusted FastCGI applications ( CVE-2010-3872 ).
Patch file "patch-modules-fcgid-fcgid_mutex_unix.c" that was included with previous version of port is no longer necessary and can be removed, since the fix is now included.
However, a new patch file "patch-modules-fcgid-fcgid_spawn_ctl.c" has been added, which fixes one regression introduced in version 2.3.6. This fix has been obtained from download page of mod_fcgid module and can also be seen in mod_fcgid's SVN repository.
Fix: Patch attached with submission follows:
apache@ wants this port PRs (via the GNATS Auto Assign Tool)
Maintainer of www/mod_fcgid,
Please note that PR ports/152846 has just been submitted.
If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.
The full text of the PR can be found at:
Edwin Groothuis via the GNATS Auto Assign Tool
Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
I will take it.
maintainer timeout (firstname.lastname@example.org ; 17 days)
pgollucci 2010-12-27 19:56:06 UTC
FreeBSD ports repository
www/mod_fcgid Makefile distinfo
- Update to 2.3.6
- Remove MD5
Submitted by: Marko Njezic <email@example.com>
Approved by: maintainer timeout (firstname.lastname@example.org ; 17 days)
Revision Changes Path
1.21 +1 -1 ports/www/mod_fcgid/Makefile
1.11 +3 -3 ports/www/mod_fcgid/distinfo
1.2 +0 -17 ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c (dead)
1.1 +17 -0 ports/www/mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c (new)
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"