Date: Wed, 4 Aug 2004 08:46:54 +0800 (CST) From: Yen-Ming Lee <leeym@utopia.leeym.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/69970: update port: www/p5-CGI-SpeedyCGI Message-ID: <20040804004654.33C2D3E9B19@utopia.leeym.com> Resent-Message-ID: <200408040050.i740oKiS056250@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 69970 >Category: ports >Synopsis: update port: www/p5-CGI-SpeedyCGI >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 04 00:50:20 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Yen-Ming Lee >Release: FreeBSD 5.2.1-RELEASE-p9 i386 >Organization: >Environment: System: FreeBSD utopia.leeym.com 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #167: Tue Jul 27 05:17:58 CST 2004 root@utopia.leeym.com:/usr/obj/usr/src/sys/UTOPIA i386 >Description: Perl 5.8.4 and above add several security check when doing setuid. One of these checks is that the interpreter must have string "perl" with it. http://sourceforge.net/mailarchive/forum.php?thread_id=4823748&forum_id=7581 - rename speedy_suid to speedy_suidperl (or speedyperl_suid will be fine, too) - utilize ECHO - replace all /usr/local with PREFIX will cause some problems when PREFIX isn't /usr/local (missing PERL5 libraries and modules... blah blah...) - bump PORTREVISION >How-To-Repeat: Run a setuid script under perl 5.8.4 or above, says openwebmail. >Fix: --- p5-CGI-SpeedyCGI.diff begins here --- Index: Makefile =================================================================== RCS file: /home/pcvs/ports/www/p5-CGI-SpeedyCGI/Makefile,v retrieving revision 1.8 diff -u -r1.8 Makefile --- Makefile 1 Jun 2004 12:32:32 -0000 1.8 +++ Makefile 4 Aug 2004 00:35:23 -0000 @@ -7,6 +7,7 @@ PORTNAME= CGI-SpeedyCGI PORTVERSION= 2.22 +PORTREVISION= 1 CATEGORIES= www perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN} MASTER_SITE_SUBDIR= CGI @@ -29,7 +30,7 @@ .else PLIST_SUB+= APACHE="" .if exists(${APXS}) -APXS_WORKS!= ${APXS} -q TARGET 2>/dev/null || echo no +APXS_WORKS!= ${APXS} -q TARGET 2>/dev/null || ${ECHO} no .endif .if exists(${APXS}) && ${APXS_WORKS} != no AP_LIBEXEC!= ${APXS} -q LIBEXECDIR @@ -41,11 +42,10 @@ post-configure: @${PERL} -pi -e 's,^PREFIX = /usr$$,PREFIX = ${PREFIX},g;' \ - -e 's,/usr/local,${PREFIX},g;' \ ${WRKSRC}/Makefile ${WRKSRC}/*/Makefile post-install: - @${INSTALL_PROGRAM} ${WRKSRC}/speedy/speedy ${PREFIX}/bin/speedy_suid - @${CHMOD} 4755 ${PREFIX}/bin/speedy_suid + @${INSTALL_PROGRAM} ${WRKSRC}/speedy/speedy ${PREFIX}/bin/speedy_suidperl + @${CHMOD} 4755 ${PREFIX}/bin/speedy_suidperl .include <bsd.port.post.mk> Index: pkg-plist =================================================================== RCS file: /home/pcvs/ports/www/p5-CGI-SpeedyCGI/pkg-plist,v retrieving revision 1.4 diff -u -r1.4 pkg-plist --- pkg-plist 25 Dec 2003 12:51:45 -0000 1.4 +++ pkg-plist 4 Aug 2004 00:35:23 -0000 @@ -3,7 +3,7 @@ %%SITE_PERL%%/CGI/SpeedyCGI.pm bin/speedy bin/speedy_backend -bin/speedy_suid +bin/speedy_suidperl @dirrm %%SITE_PERL%%/%%PERL_ARCH%%/auto/CGI/SpeedyCGI @unexec rmdir %D/%%SITE_PERL%%/%%PERL_ARCH%%/auto/CGI 2>/dev/null || true @unexec rmdir %D/%%SITE_PERL%%/CGI 2>/dev/null || true --- p5-CGI-SpeedyCGI.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040804004654.33C2D3E9B19>