From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Dec 5 03:30:12 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C767106566C for ; Sun, 5 Dec 2010 03:30:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DBB588FC0A for ; Sun, 5 Dec 2010 03:30:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oB53UBRA079894 for ; Sun, 5 Dec 2010 03:30:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oB53UB5g079885; Sun, 5 Dec 2010 03:30:11 GMT (envelope-from gnats) Resent-Date: Sun, 5 Dec 2010 03:30:11 GMT Resent-Message-Id: <201012050330.oB53UB5g079885@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Marko Njezic Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 158CB106566B for ; Sun, 5 Dec 2010 03:20:56 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id B281D8FC0A for ; Sun, 5 Dec 2010 03:20:55 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oB53KtkX018729 for ; Sun, 5 Dec 2010 03:20:55 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id oB53KtOc018728; Sun, 5 Dec 2010 03:20:55 GMT (envelope-from nobody) Message-Id: <201012050320.oB53KtOc018728@red.freebsd.org> Date: Sun, 5 Dec 2010 03:20:55 GMT From: Marko Njezic To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/152846: [PATCH] www/mod_fcgid - update to the new version with security fix X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Dec 2010 03:30:12 -0000 >Number: 152846 >Category: ports >Synopsis: [PATCH] www/mod_fcgid - update to the new version with security fix >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Dec 05 03:30:11 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Marko Njezic >Release: 8.1-RELEASE >Organization: MAX Interactive corp. >Environment: FreeBSD vmbsd 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Update mod_fcgid Apache module to the recently released version 2.3.6, with various improvements and a fix for potential security vulnerability, which can affect sites with untrusted FastCGI applications ( CVE-2010-3872 ). Patch file "patch-modules-fcgid-fcgid_mutex_unix.c" that was included with previous version of port is no longer necessary and can be removed, since the fix is now included. However, a new patch file "patch-modules-fcgid-fcgid_spawn_ctl.c" has been added, which fixes one regression introduced in version 2.3.6. This fix has been obtained from download page of mod_fcgid module and can also be seen in mod_fcgid's SVN repository. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -Naur mod_fcgid.original/Makefile mod_fcgid/Makefile --- mod_fcgid.original/Makefile 2010-12-05 04:01:24.000000000 +0100 +++ mod_fcgid/Makefile 2010-12-05 03:40:37.000000000 +0100 @@ -6,7 +6,7 @@ # PORTNAME= mod_fcgid -PORTVERSION= 2.3.5 +PORTVERSION= 2.3.6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} MASTER_SITE_SUBDIR= ${PORTNAME} diff -Naur mod_fcgid.original/distinfo mod_fcgid/distinfo --- mod_fcgid.original/distinfo 2010-12-05 04:01:24.000000000 +0100 +++ mod_fcgid/distinfo 2010-12-05 03:40:55.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (mod_fcgid-2.3.5.tar.gz) = 82b5bec1ed1c0fc106d5271075641ef9 -SHA256 (mod_fcgid-2.3.5.tar.gz) = 3280fd287659539d577fc3c77a975739c06bb9d0a9cef48275d4beb13c64ef39 -SIZE (mod_fcgid-2.3.5.tar.gz) = 97784 +MD5 (mod_fcgid-2.3.6.tar.gz) = fbfc115eb47cd9bda91269743aba5e83 +SHA256 (mod_fcgid-2.3.6.tar.gz) = e831795498d91cf27a519ea1332c2a92a2a9920b0844d817b2ea7f079056d12b +SIZE (mod_fcgid-2.3.6.tar.gz) = 101883 diff -Naur mod_fcgid.original/files/patch-modules-fcgid-fcgid_mutex_unix.c mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c --- mod_fcgid.original/files/patch-modules-fcgid-fcgid_mutex_unix.c 2010-12-05 04:01:24.000000000 +0100 +++ mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,17 +0,0 @@ -Index: modules/fcgid/fcgid_mutex_unix.c -=================================================================== ---- modules/fcgid/fcgid_mutex_unix.c (revision 904780) -+++ modules/fcgid/fcgid_mutex_unix.c (working copy) -@@ -56,6 +56,10 @@ - - #include "ap_mpm.h" - -+#if MODULE_MAGIC_NUMBER_MAJOR < 20051115 -+#define AP_NEED_SET_MUTEX_PERMS 1 -+#endif -+ - #if AP_NEED_SET_MUTEX_PERMS - #include "unixd.h" - #endif - - diff -Naur mod_fcgid.original/files/patch-modules-fcgid-fcgid_spawn_ctl.c mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c --- mod_fcgid.original/files/patch-modules-fcgid-fcgid_spawn_ctl.c 1970-01-01 01:00:00.000000000 +0100 +++ mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c 2010-11-23 03:09:20.000000000 +0100 @@ -0,0 +1,17 @@ +# +# Fix regression in 2.3.6 which broke process controls when using vhost- +# specific configuration. +# +Index: modules/fcgid/fcgid_spawn_ctl.c +=================================================================== +--- modules/fcgid/fcgid_spawn_ctl.c (revision 1037726) ++++ modules/fcgid/fcgid_spawn_ctl.c (revision 1037727) +@@ -178,7 +178,7 @@ + if (current_node->inode == command->inode + && current_node->deviceid == command->deviceid + && !strcmp(current_node->cmdline, command->cmdline) +- && current_node->vhost_id == sconf->vhost_id ++ && current_node->vhost_id == command->vhost_id + && current_node->uid == command->uid + && current_node->gid == command->gid) + break; >Release-Note: >Audit-Trail: >Unformatted: