Date: Thu, 10 Oct 2013 20:10:01 GMT From: dfilter@FreeBSD.ORG (dfilter service) To: apache@FreeBSD.org Subject: Re: ports/182878: commit references a PR Message-ID: <201310102010.r9AKA1F5060305@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/182878; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/182878: commit references a PR Date: Thu, 10 Oct 2013 20:02:50 +0000 (UTC) Author: ohauer Date: Thu Oct 10 20:02:42 2013 New Revision: 330031 URL: http://svnweb.freebsd.org/changeset/ports/330031 Log: - update mod_fcgid to version 2.3.9 - add stage support - add vuxml entry PR: ports/182878 Submitted by: Fabiano Sidler <freebsd.ports@webstyle.ch> (maintainer) Security: CVE-2013-4365 Modified: head/security/vuxml/vuln.xml head/www/mod_fcgid/Makefile head/www/mod_fcgid/distinfo head/www/mod_fcgid/pkg-plist Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Oct 10 18:47:42 2013 (r330030) +++ head/security/vuxml/vuln.xml Thu Oct 10 20:02:42 2013 (r330031) @@ -51,6 +51,35 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="9003b500-31e3-11e3-b0d0-20cf30e32f6d"> + <topic>mod_fcgid -- possible heap buffer overwrite</topic> + <affects> + <package> + <name>ap22-mod_fcgid</name> + <range><lt>2.3.9</lt></range> + </package> + <package> + <name>ap24-mod_fcgid</name> + <range><lt>2.3.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Apache Project reports:</p> + <blockquote cite="https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%3C20130929174048.13B962388831@eris.apache.org%3E">; + <p>Fix possible heap buffer overwrite.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4365</cvename> + </references> + <dates> + <discovery>2013-09-29</discovery> + <entry>2013-10-10</entry> + </dates> + </vuln> + <vuln vid="749b5587-2da1-11e3-b1a9-b499baab0cbe"> <topic>gnupg -- possible infinite recursion in the compressed packet parser</topic> <affects> Modified: head/www/mod_fcgid/Makefile ============================================================================== --- head/www/mod_fcgid/Makefile Thu Oct 10 18:47:42 2013 (r330030) +++ head/www/mod_fcgid/Makefile Thu Oct 10 20:02:42 2013 (r330031) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= mod_fcgid -PORTVERSION= 2.3.7 +PORTVERSION= 2.3.9 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -28,15 +28,10 @@ MAKE_ARGS+= INCLUDES="-I${LOCALBASE}/inc INSTALL_TARGET= install-modules-yes DOCSDIR= ${PREFIX}/share/doc/apache${APACHE_VERSION}/mod -NO_STAGE= yes post-install: -.if !defined(NOPORTDOCS) - ${MKDIR} ${DOCSDIR} - ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${DOCSDIR} - ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${DOCSDIR} -.endif - ${MKDIR} -m 700 /var/run/fcgidsock - ${CHOWN} www:www /var/run/fcgidsock - @${CAT} ${PKGMESSAGE} + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${STAGEDIR}${DOCSDIR} + ${MKDIR} -m 700 ${STAGEDIR}/var/run/fcgidsock .include <bsd.port.mk> Modified: head/www/mod_fcgid/distinfo ============================================================================== --- head/www/mod_fcgid/distinfo Thu Oct 10 18:47:42 2013 (r330030) +++ head/www/mod_fcgid/distinfo Thu Oct 10 20:02:42 2013 (r330031) @@ -1,2 +1,2 @@ -SHA256 (apache2/mod_fcgid-2.3.7.tar.gz) = b72810cb34942945156f29ce60946da7dc941bb4cfca8b9d224573535bd8ef6d -SIZE (apache2/mod_fcgid-2.3.7.tar.gz) = 104818 +SHA256 (apache2/mod_fcgid-2.3.9.tar.gz) = 1cbad345e3376b5d7c8f9a62b471edd7fa892695b90b79502f326b4692a679cf +SIZE (apache2/mod_fcgid-2.3.9.tar.gz) = 107582 Modified: head/www/mod_fcgid/pkg-plist ============================================================================== --- head/www/mod_fcgid/pkg-plist Thu Oct 10 18:47:42 2013 (r330030) +++ head/www/mod_fcgid/pkg-plist Thu Oct 10 20:02:42 2013 (r330031) @@ -1,7 +1,6 @@ %%APACHEMODDIR%%/%%AP_MODULE%% %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html.en -%%PORTDOCS%%@unexec /bin/rmdir %D/%%DOCSDIR%% 2>/dev/null || true -@exec /bin/mkdir -p -m 700 /var/run/fcgidsock -@exec /usr/sbin/chown www:www /var/run/fcgidsock +%%PORTDOCS%%@dirrmtry %%DOCSDIR%% +@exec install -m 700 -o www -g www -d /var/run/fcgidsock @unexec /bin/rmdir /var/run/fcgidsock 2>/dev/null || true _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310102010.r9AKA1F5060305>