Bug 182878 - [patch] Updating www/mod_fcgid form 2.3.7 to 2.3.9
Summary: [patch] Updating www/mod_fcgid form 2.3.7 to 2.3.9
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-apache (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-10 16:40 UTC by Fabiano Sidler
Modified: 2013-10-10 21:10 UTC (History)
0 users

See Also:


Attachments
file.diff (799 bytes, patch)
2013-10-10 16:40 UTC, Fabiano Sidler
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Fabiano Sidler 2013-10-10 16:40:00 UTC

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-10-10 16:40:09 UTC
Class Changed
From-To: maintainer-update->change-request

Fix category (submitter is not maintainer) (via the GNATS Auto Assign 
Tool)
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2013-10-10 16:40:10 UTC
Responsible Changed
From-To: freebsd-ports-bugs->apache

apache@ wants this port PRs (via the GNATS Auto Assign Tool)
Comment 3 Edwin Groothuis freebsd_committer freebsd_triage 2013-10-10 16:40:11 UTC
Maintainer of www/mod_fcgid,

Please note that PR ports/182878 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/182878

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 4 Edwin Groothuis freebsd_committer freebsd_triage 2013-10-10 16:40:12 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 5 freebsd.ports 2013-10-10 16:50:41 UTC
Thus spake Edwin Groothuis:
> Maintainer of www/mod_fcgid,
> 
> Please note that PR ports/182878 has just been submitted.
> 
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.

Yes, I approve it. I actually submitted this myself...;)
Comment 6 dfilter service freebsd_committer freebsd_triage 2013-10-10 21:02:50 UTC
Author: ohauer
Date: Thu Oct 10 20:02:42 2013
New Revision: 330031
URL: http://svnweb.freebsd.org/changeset/ports/330031

Log:
  - update mod_fcgid to version 2.3.9
  - add stage support
  - add vuxml entry
  
  PR:		ports/182878
  Submitted by:	Fabiano Sidler <freebsd.ports@webstyle.ch> (maintainer)
  Security:	CVE-2013-4365

Modified:
  head/security/vuxml/vuln.xml
  head/www/mod_fcgid/Makefile
  head/www/mod_fcgid/distinfo
  head/www/mod_fcgid/pkg-plist

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/security/vuxml/vuln.xml	Thu Oct 10 20:02:42 2013	(r330031)
@@ -51,6 +51,35 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="9003b500-31e3-11e3-b0d0-20cf30e32f6d">
+    <topic>mod_fcgid -- possible heap buffer overwrite</topic>
+    <affects>
+      <package>
+	<name>ap22-mod_fcgid</name>
+	<range><lt>2.3.9</lt></range>
+      </package>
+      <package>
+	<name>ap24-mod_fcgid</name>
+	<range><lt>2.3.9</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Apache Project reports:</p>
+	<blockquote cite="https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%3C20130929174048.13B962388831@eris.apache.org%3E">
+	  <p>Fix possible heap buffer overwrite.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-4365</cvename>
+    </references>
+    <dates>
+      <discovery>2013-09-29</discovery>
+      <entry>2013-10-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="749b5587-2da1-11e3-b1a9-b499baab0cbe">
     <topic>gnupg -- possible infinite recursion in the compressed packet parser</topic>
     <affects>

Modified: head/www/mod_fcgid/Makefile
==============================================================================
--- head/www/mod_fcgid/Makefile	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/www/mod_fcgid/Makefile	Thu Oct 10 20:02:42 2013	(r330031)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	mod_fcgid
-PORTVERSION=	2.3.7
+PORTVERSION=	2.3.9
 CATEGORIES=	www
 MASTER_SITES=		${MASTER_SITE_APACHE_HTTPD}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -28,15 +28,10 @@ MAKE_ARGS+=	INCLUDES="-I${LOCALBASE}/inc
 INSTALL_TARGET=	install-modules-yes
 DOCSDIR=	${PREFIX}/share/doc/apache${APACHE_VERSION}/mod
 
-NO_STAGE=	yes
 post-install:
-.if !defined(NOPORTDOCS)
-	${MKDIR} ${DOCSDIR}
-	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${DOCSDIR}
-	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${DOCSDIR}
-.endif
-	${MKDIR} -m 700 /var/run/fcgidsock
-	${CHOWN} www:www /var/run/fcgidsock
-	@${CAT} ${PKGMESSAGE}
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${STAGEDIR}${DOCSDIR}
+	${MKDIR} -m 700 ${STAGEDIR}/var/run/fcgidsock
 
 .include <bsd.port.mk>

Modified: head/www/mod_fcgid/distinfo
==============================================================================
--- head/www/mod_fcgid/distinfo	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/www/mod_fcgid/distinfo	Thu Oct 10 20:02:42 2013	(r330031)
@@ -1,2 +1,2 @@
-SHA256 (apache2/mod_fcgid-2.3.7.tar.gz) = b72810cb34942945156f29ce60946da7dc941bb4cfca8b9d224573535bd8ef6d
-SIZE (apache2/mod_fcgid-2.3.7.tar.gz) = 104818
+SHA256 (apache2/mod_fcgid-2.3.9.tar.gz) = 1cbad345e3376b5d7c8f9a62b471edd7fa892695b90b79502f326b4692a679cf
+SIZE (apache2/mod_fcgid-2.3.9.tar.gz) = 107582

Modified: head/www/mod_fcgid/pkg-plist
==============================================================================
--- head/www/mod_fcgid/pkg-plist	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/www/mod_fcgid/pkg-plist	Thu Oct 10 20:02:42 2013	(r330031)
@@ -1,7 +1,6 @@
 %%APACHEMODDIR%%/%%AP_MODULE%%
 %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html
 %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html.en
-%%PORTDOCS%%@unexec /bin/rmdir %D/%%DOCSDIR%% 2>/dev/null || true
-@exec /bin/mkdir -p -m 700 /var/run/fcgidsock
-@exec /usr/sbin/chown www:www /var/run/fcgidsock
+%%PORTDOCS%%@dirrmtry %%DOCSDIR%%
+@exec install -m 700 -o www -g www -d /var/run/fcgidsock
 @unexec /bin/rmdir /var/run/fcgidsock 2>/dev/null || true
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 7 Olli Hauer freebsd_committer freebsd_triage 2013-10-10 21:03:08 UTC
State Changed
From-To: feedback->closed

Committed, also add vuxml entry for CVE-2013-4365