From owner-freebsd-apache@FreeBSD.ORG Thu Oct 10 20:10:01 2013 Return-Path: Delivered-To: apache@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8FB6EF92 for ; Thu, 10 Oct 2013 20:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6DC202978 for ; Thu, 10 Oct 2013 20:10:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r9AKA1He060306 for ; Thu, 10 Oct 2013 20:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r9AKA1F5060305; Thu, 10 Oct 2013 20:10:01 GMT (envelope-from gnats) Date: Thu, 10 Oct 2013 20:10:01 GMT Message-Id: <201310102010.r9AKA1F5060305@freefall.freebsd.org> To: apache@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Subject: Re: ports/182878: commit references a PR X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: dfilter service List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Oct 2013 20:10:01 -0000 The following reply was made to PR ports/182878; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: ports/182878: commit references a PR Date: Thu, 10 Oct 2013 20:02:50 +0000 (UTC) Author: ohauer Date: Thu Oct 10 20:02:42 2013 New Revision: 330031 URL: http://svnweb.freebsd.org/changeset/ports/330031 Log: - update mod_fcgid to version 2.3.9 - add stage support - add vuxml entry PR: ports/182878 Submitted by: Fabiano Sidler (maintainer) Security: CVE-2013-4365 Modified: head/security/vuxml/vuln.xml head/www/mod_fcgid/Makefile head/www/mod_fcgid/distinfo head/www/mod_fcgid/pkg-plist Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Oct 10 18:47:42 2013 (r330030) +++ head/security/vuxml/vuln.xml Thu Oct 10 20:02:42 2013 (r330031) @@ -51,6 +51,35 @@ Note: Please add new entries to the beg --> + + mod_fcgid -- possible heap buffer overwrite + + + ap22-mod_fcgid + 2.3.9 + + + ap24-mod_fcgid + 2.3.9 + + + + +

Apache Project reports:

+
+

Fix possible heap buffer overwrite.

+
+ +
+ + CVE-2013-4365 + + + 2013-09-29 + 2013-10-10 + +
+ gnupg -- possible infinite recursion in the compressed packet parser Modified: head/www/mod_fcgid/Makefile ============================================================================== --- head/www/mod_fcgid/Makefile Thu Oct 10 18:47:42 2013 (r330030) +++ head/www/mod_fcgid/Makefile Thu Oct 10 20:02:42 2013 (r330031) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= mod_fcgid -PORTVERSION= 2.3.7 +PORTVERSION= 2.3.9 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -28,15 +28,10 @@ MAKE_ARGS+= INCLUDES="-I${LOCALBASE}/inc INSTALL_TARGET= install-modules-yes DOCSDIR= ${PREFIX}/share/doc/apache${APACHE_VERSION}/mod -NO_STAGE= yes post-install: -.if !defined(NOPORTDOCS) - ${MKDIR} ${DOCSDIR} - ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${DOCSDIR} - ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${DOCSDIR} -.endif - ${MKDIR} -m 700 /var/run/fcgidsock - ${CHOWN} www:www /var/run/fcgidsock - @${CAT} ${PKGMESSAGE} + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${STAGEDIR}${DOCSDIR} + ${MKDIR} -m 700 ${STAGEDIR}/var/run/fcgidsock .include Modified: head/www/mod_fcgid/distinfo ============================================================================== --- head/www/mod_fcgid/distinfo Thu Oct 10 18:47:42 2013 (r330030) +++ head/www/mod_fcgid/distinfo Thu Oct 10 20:02:42 2013 (r330031) @@ -1,2 +1,2 @@ -SHA256 (apache2/mod_fcgid-2.3.7.tar.gz) = b72810cb34942945156f29ce60946da7dc941bb4cfca8b9d224573535bd8ef6d -SIZE (apache2/mod_fcgid-2.3.7.tar.gz) = 104818 +SHA256 (apache2/mod_fcgid-2.3.9.tar.gz) = 1cbad345e3376b5d7c8f9a62b471edd7fa892695b90b79502f326b4692a679cf +SIZE (apache2/mod_fcgid-2.3.9.tar.gz) = 107582 Modified: head/www/mod_fcgid/pkg-plist ============================================================================== --- head/www/mod_fcgid/pkg-plist Thu Oct 10 18:47:42 2013 (r330030) +++ head/www/mod_fcgid/pkg-plist Thu Oct 10 20:02:42 2013 (r330031) @@ -1,7 +1,6 @@ %%APACHEMODDIR%%/%%AP_MODULE%% %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html.en -%%PORTDOCS%%@unexec /bin/rmdir %D/%%DOCSDIR%% 2>/dev/null || true -@exec /bin/mkdir -p -m 700 /var/run/fcgidsock -@exec /usr/sbin/chown www:www /var/run/fcgidsock +%%PORTDOCS%%@dirrmtry %%DOCSDIR%% +@exec install -m 700 -o www -g www -d /var/run/fcgidsock @unexec /bin/rmdir /var/run/fcgidsock 2>/dev/null || true _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"