svn commit: r330031 - in head: security/vuxml www/mod_fcgid

Olli Hauer ohauer at FreeBSD.org
Thu Oct 10 20:02:43 UTC 2013 

Author: ohauer
Date: Thu Oct 10 20:02:42 2013
New Revision: 330031
URL: http://svnweb.freebsd.org/changeset/ports/330031

Log:
  - update mod_fcgid to version 2.3.9
  - add stage support
  - add vuxml entry
  
  PR:		ports/182878
  Submitted by:	Fabiano Sidler <freebsd.ports at webstyle.ch> (maintainer)
  Security:	CVE-2013-4365

Modified:
  head/security/vuxml/vuln.xml
  head/www/mod_fcgid/Makefile
  head/www/mod_fcgid/distinfo
  head/www/mod_fcgid/pkg-plist

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/security/vuxml/vuln.xml	Thu Oct 10 20:02:42 2013	(r330031)
@@ -51,6 +51,35 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="9003b500-31e3-11e3-b0d0-20cf30e32f6d">
+    <topic>mod_fcgid -- possible heap buffer overwrite</topic>
+    <affects>
+      <package>
+	<name>ap22-mod_fcgid</name>
+	<range><lt>2.3.9</lt></range>
+      </package>
+      <package>
+	<name>ap24-mod_fcgid</name>
+	<range><lt>2.3.9</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Apache Project reports:</p>
+	<blockquote cite="https://mail-archives.apache.org/mod_mbox/httpd-cvs/201309.mbox/%3C20130929174048.13B962388831@eris.apache.org%3E">
+	  <p>Fix possible heap buffer overwrite.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-4365</cvename>
+    </references>
+    <dates>
+      <discovery>2013-09-29</discovery>
+      <entry>2013-10-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="749b5587-2da1-11e3-b1a9-b499baab0cbe">
     <topic>gnupg -- possible infinite recursion in the compressed packet parser</topic>
     <affects>

Modified: head/www/mod_fcgid/Makefile
==============================================================================
--- head/www/mod_fcgid/Makefile	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/www/mod_fcgid/Makefile	Thu Oct 10 20:02:42 2013	(r330031)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	mod_fcgid
-PORTVERSION=	2.3.7
+PORTVERSION=	2.3.9
 CATEGORIES=	www
 MASTER_SITES=		${MASTER_SITE_APACHE_HTTPD}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -28,15 +28,10 @@ MAKE_ARGS+=	INCLUDES="-I${LOCALBASE}/inc
 INSTALL_TARGET=	install-modules-yes
 DOCSDIR=	${PREFIX}/share/doc/apache${APACHE_VERSION}/mod
 
-NO_STAGE=	yes
 post-install:
-.if !defined(NOPORTDOCS)
-	${MKDIR} ${DOCSDIR}
-	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${DOCSDIR}
-	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${DOCSDIR}
-.endif
-	${MKDIR} -m 700 /var/run/fcgidsock
-	${CHOWN} www:www /var/run/fcgidsock
-	@${CAT} ${PKGMESSAGE}
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/manual/mod/mod_fcgid.html.en ${STAGEDIR}${DOCSDIR}
+	${MKDIR} -m 700 ${STAGEDIR}/var/run/fcgidsock
 
 .include <bsd.port.mk>

Modified: head/www/mod_fcgid/distinfo
==============================================================================
--- head/www/mod_fcgid/distinfo	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/www/mod_fcgid/distinfo	Thu Oct 10 20:02:42 2013	(r330031)
@@ -1,2 +1,2 @@
-SHA256 (apache2/mod_fcgid-2.3.7.tar.gz) = b72810cb34942945156f29ce60946da7dc941bb4cfca8b9d224573535bd8ef6d
-SIZE (apache2/mod_fcgid-2.3.7.tar.gz) = 104818
+SHA256 (apache2/mod_fcgid-2.3.9.tar.gz) = 1cbad345e3376b5d7c8f9a62b471edd7fa892695b90b79502f326b4692a679cf
+SIZE (apache2/mod_fcgid-2.3.9.tar.gz) = 107582

Modified: head/www/mod_fcgid/pkg-plist
==============================================================================
--- head/www/mod_fcgid/pkg-plist	Thu Oct 10 18:47:42 2013	(r330030)
+++ head/www/mod_fcgid/pkg-plist	Thu Oct 10 20:02:42 2013	(r330031)
@@ -1,7 +1,6 @@
 %%APACHEMODDIR%%/%%AP_MODULE%%
 %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html
 %%PORTDOCS%%%%DOCSDIR%%/mod_fcgid.html.en
-%%PORTDOCS%%@unexec /bin/rmdir %D/%%DOCSDIR%% 2>/dev/null || true
- at exec /bin/mkdir -p -m 700 /var/run/fcgidsock
- at exec /usr/sbin/chown www:www /var/run/fcgidsock
+%%PORTDOCS%%@dirrmtry %%DOCSDIR%%
+ at exec install -m 700 -o www -g www -d /var/run/fcgidsock
 @unexec /bin/rmdir /var/run/fcgidsock 2>/dev/null || true

More information about the svn-ports-head mailing list