Date: Sun, 5 Dec 2010 03:20:55 GMT From: Marko Njezic <mrmax063@maxempire.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/152846: [PATCH] www/mod_fcgid - update to the new version with security fix Message-ID: <201012050320.oB53KtOc018728@red.freebsd.org> Resent-Message-ID: <201012050330.oB53UB5g079885@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 152846 >Category: ports >Synopsis: [PATCH] www/mod_fcgid - update to the new version with security fix >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Dec 05 03:30:11 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Marko Njezic >Release: 8.1-RELEASE >Organization: MAX Interactive corp. >Environment: FreeBSD vmbsd 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Update mod_fcgid Apache module to the recently released version 2.3.6, with various improvements and a fix for potential security vulnerability, which can affect sites with untrusted FastCGI applications ( CVE-2010-3872 ). Patch file "patch-modules-fcgid-fcgid_mutex_unix.c" that was included with previous version of port is no longer necessary and can be removed, since the fix is now included. However, a new patch file "patch-modules-fcgid-fcgid_spawn_ctl.c" has been added, which fixes one regression introduced in version 2.3.6. This fix has been obtained from download page of mod_fcgid module and can also be seen in mod_fcgid's SVN repository. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -Naur mod_fcgid.original/Makefile mod_fcgid/Makefile --- mod_fcgid.original/Makefile 2010-12-05 04:01:24.000000000 +0100 +++ mod_fcgid/Makefile 2010-12-05 03:40:37.000000000 +0100 @@ -6,7 +6,7 @@ # PORTNAME= mod_fcgid -PORTVERSION= 2.3.5 +PORTVERSION= 2.3.6 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} MASTER_SITE_SUBDIR= ${PORTNAME} diff -Naur mod_fcgid.original/distinfo mod_fcgid/distinfo --- mod_fcgid.original/distinfo 2010-12-05 04:01:24.000000000 +0100 +++ mod_fcgid/distinfo 2010-12-05 03:40:55.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (mod_fcgid-2.3.5.tar.gz) = 82b5bec1ed1c0fc106d5271075641ef9 -SHA256 (mod_fcgid-2.3.5.tar.gz) = 3280fd287659539d577fc3c77a975739c06bb9d0a9cef48275d4beb13c64ef39 -SIZE (mod_fcgid-2.3.5.tar.gz) = 97784 +MD5 (mod_fcgid-2.3.6.tar.gz) = fbfc115eb47cd9bda91269743aba5e83 +SHA256 (mod_fcgid-2.3.6.tar.gz) = e831795498d91cf27a519ea1332c2a92a2a9920b0844d817b2ea7f079056d12b +SIZE (mod_fcgid-2.3.6.tar.gz) = 101883 diff -Naur mod_fcgid.original/files/patch-modules-fcgid-fcgid_mutex_unix.c mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c --- mod_fcgid.original/files/patch-modules-fcgid-fcgid_mutex_unix.c 2010-12-05 04:01:24.000000000 +0100 +++ mod_fcgid/files/patch-modules-fcgid-fcgid_mutex_unix.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,17 +0,0 @@ -Index: modules/fcgid/fcgid_mutex_unix.c -=================================================================== ---- modules/fcgid/fcgid_mutex_unix.c (revision 904780) -+++ modules/fcgid/fcgid_mutex_unix.c (working copy) -@@ -56,6 +56,10 @@ - - #include "ap_mpm.h" - -+#if MODULE_MAGIC_NUMBER_MAJOR < 20051115 -+#define AP_NEED_SET_MUTEX_PERMS 1 -+#endif -+ - #if AP_NEED_SET_MUTEX_PERMS - #include "unixd.h" - #endif - - diff -Naur mod_fcgid.original/files/patch-modules-fcgid-fcgid_spawn_ctl.c mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c --- mod_fcgid.original/files/patch-modules-fcgid-fcgid_spawn_ctl.c 1970-01-01 01:00:00.000000000 +0100 +++ mod_fcgid/files/patch-modules-fcgid-fcgid_spawn_ctl.c 2010-11-23 03:09:20.000000000 +0100 @@ -0,0 +1,17 @@ +# +# Fix regression in 2.3.6 which broke process controls when using vhost- +# specific configuration. +# +Index: modules/fcgid/fcgid_spawn_ctl.c +=================================================================== +--- modules/fcgid/fcgid_spawn_ctl.c (revision 1037726) ++++ modules/fcgid/fcgid_spawn_ctl.c (revision 1037727) +@@ -178,7 +178,7 @@ + if (current_node->inode == command->inode + && current_node->deviceid == command->deviceid + && !strcmp(current_node->cmdline, command->cmdline) +- && current_node->vhost_id == sconf->vhost_id ++ && current_node->vhost_id == command->vhost_id + && current_node->uid == command->uid + && current_node->gid == command->gid) + break; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012050320.oB53KtOc018728>