From owner-freebsd-apache@FreeBSD.ORG  Thu Oct 10 20:10:01 2013
Return-Path: <owner-freebsd-apache@FreeBSD.ORG>
Delivered-To: apache@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 8FB6EF92
 for <apache@smarthost.ysv.freebsd.org>; Thu, 10 Oct 2013 20:10:01 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6DC202978
 for <apache@smarthost.ysv.freebsd.org>; Thu, 10 Oct 2013 20:10:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r9AKA1He060306
 for <apache@freefall.freebsd.org>; Thu, 10 Oct 2013 20:10:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r9AKA1F5060305;
 Thu, 10 Oct 2013 20:10:01 GMT (envelope-from gnats)
Date: Thu, 10 Oct 2013 20:10:01 GMT
Message-Id: <201310102010.r9AKA1F5060305@freefall.freebsd.org>
To: apache@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Subject: Re: ports/182878: commit references a PR
X-BeenThere: freebsd-apache@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: Support of apache-related ports  <freebsd-apache.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-apache>,
 <mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-apache>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
 <mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2013 20:10:01 -0000

The following reply was made to PR ports/182878; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/182878: commit references a PR
Date: Thu, 10 Oct 2013 20:02:50 +0000 (UTC)

 Author: ohauer
 Date: Thu Oct 10 20:02:42 2013
 New Revision: 330031
 URL: http://svnweb.freebsd.org/changeset/ports/330031
 
 Log:
   - update mod_fcgid to version 2.3.9
   - add stage support
   - add vuxml entry
   
   PR:		ports/182878
   Submitted by:	Fabiano Sidler <freebsd.ports@webstyle.ch> (maintainer)
   Security:	CVE-2013-4365
 
 Modified:
   head/security/vuxml/vuln.xml
   head/www/mod_fcgid/Makefile
   head/www/mod_fcgid/distinfo
   head/www/mod_fcgid/pkg-plist
 
 Modified: head/security/vuxml/vuln.xml
 ==============================================================================
 --- head/security/vuxml/vuln.xml	Thu Oct 10 18:47:42 2013	(r330030)
 +++ head/security/vuxml/vuln.xml	Thu Oct 10 20:02:42 2013	(r330031)
 @@ -51,6 +51,35 @@ Note:  Please add new entries to the beg
  
  -->
  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
 +  <vuln vid="9003b500-31e3-11e3-b0d0-20cf30e32f6d">
 +    <topic>mod_fcgid -- possible heap buffer overwrite</topic>
 +    <affects>
 +      <package>
 +	<name>ap22-mod_fcgid</name>
 +	<range><lt>2.3.9</lt></range>
 +      </package>
 +      <package>
 +	<name>ap24-mod_fcgid</name>
 +	<range><lt>2.3.9</lt></range>
 +      </package>
 +    </affects>
 +    <description>
 +      <body xmlns="http://www.w3.org/1999/xhtml">
 +	<p>Apache Project reports:</p>
 +	<blockquote cite="https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%3C20130929174048.13B962388831@eris.apache.org%3E">
 +	  <p>Fix possible heap buffer overwrite.</p>
 +	</blockquote>
 +      </body>
 +    </description>
 +    <references>
 +      <cvename>CVE-2013-4365</cvename>
 +    </references>
 +    <dates>
 +      <discovery>2013-09-29</discovery>
 +      <entry>2013-10-10</entry>
 +    </dates>
 +  </vuln>
 +
    <vuln vid="749b5587-2da1-11e3-b1a9-b499baab0cbe">
      <topic>gnupg -- possible infinite recursion in the compressed packet parser</topic>
      <affects>
 
 Modified: head/www/mod_fcgid/Makefile
 ==============================================================================
 --- head/www/mod_fcgid/Makefile	Thu Oct 10 18:47:42 2013	(r330030)
 +++ head/www/mod_fcgid/Makefile	Thu Oct 10 20:02:42 2013	(r330031)
 @@ -2,7 +2,7 @@
  # $FreeBSD$
  
  PORTNAME=	mod_fcgid
 -PORTVERSION=	2.3.7
 +PORTVERSION=	2.3.9
  CATEGORIES=	www
  MASTER_SITES=		${MASTER_SITE_APACHE_HTTPD}
  MASTER_SITE_SUBDIR=	${PORTNAME}
 @@ -28,15 +28,10 @@ MAKE_ARGS+=	INCLUDES="-I${LOCALBASE}/inc
  INSTALL_TARGET=	install-modules-yes
  DOCSDIR=	${PREFIX}/share/doc/apache${APACHE_VERSION}/mod
  
 -NO_STAGE=	yes
  post-install:
 -.if !defined(NOPORTDOCS)
 -	${MKDIR} ${DOCSDIR}
 -	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${DOCSDIR}
 -	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${DOCSDIR}
 -.endif
 -	${MKDIR} -m 700 /var/run/fcgidsock
 -	${CHOWN} www:www /var/run/fcgidsock
 -	@${CAT} ${PKGMESSAGE}
 +	${MKDIR} ${STAGEDIR}${DOCSDIR}
 +	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${STAGEDIR}${DOCSDIR}
 +	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${STAGEDIR}${DOCSDIR}
 +	${MKDIR} -m 700 ${STAGEDIR}/var/run/fcgidsock
  
  .include <bsd.port.mk>
 
 Modified: head/www/mod_fcgid/distinfo
 ==============================================================================
 --- head/www/mod_fcgid/distinfo	Thu Oct 10 18:47:42 2013	(r330030)
 +++ head/www/mod_fcgid/distinfo	Thu Oct 10 20:02:42 2013	(r330031)
 @@ -1,2 +1,2 @@
 -SHA256 (apache2/mod_fcgid-2.3.7.tar.gz) = b72810cb34942945156f29ce60946da7dc941bb4cfca8b9d224573535bd8ef6d
 -SIZE (apache2/mod_fcgid-2.3.7.tar.gz) = 104818
 +SHA256 (apache2/mod_fcgid-2.3.9.tar.gz) = 1cbad345e3376b5d7c8f9a62b471edd7fa892695b90b79502f326b4692a679cf
 +SIZE (apache2/mod_fcgid-2.3.9.tar.gz) = 107582
 
 Modified: head/www/mod_fcgid/pkg-plist
 ==============================================================================
 --- head/www/mod_fcgid/pkg-plist	Thu Oct 10 18:47:42 2013	(r330030)
 +++ head/www/mod_fcgid/pkg-plist	Thu Oct 10 20:02:42 2013	(r330031)
 @@ -1,7 +1,6 @@
  %%APACHEMODDIR%%/%%AP_MODULE%%
  %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html
  %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html.en
 -%%PORTDOCS%%@unexec /bin/rmdir %D/%%DOCSDIR%% 2>/dev/null || true
 -@exec /bin/mkdir -p -m 700 /var/run/fcgidsock
 -@exec /usr/sbin/chown www:www /var/run/fcgidsock
 +%%PORTDOCS%%@dirrmtry %%DOCSDIR%%
 +@exec install -m 700 -o www -g www -d /var/run/fcgidsock
  @unexec /bin/rmdir /var/run/fcgidsock 2>/dev/null || true
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"