Date: Fri, 8 Jul 2005 07:04:38 -0700 (PDT) From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/83144: www/cgiwrap -- Maintainer update Message-ID: <20050708140438.4A4725F6C@mx1.parodius.com> Resent-Message-ID: <200507081410.j68EAG9M092817@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 83144
>Category: ports
>Synopsis: www/cgiwrap -- Maintainer update
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 08 14:10:15 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Jeremy Chadwick
>Release: FreeBSD 4.11-STABLE i386
>Organization:
Parodius Networking
>Environment:
System: FreeBSD pentarou.parodius.com 4.11-STABLE FreeBSD 4.11-STABLE #0: Thu May 12 04:37:52 PDT 2005 root@pentarou.parodius.com:/usr/obj/usr/src/sys/PENTAROU i386
>Description:
Maintainer update. Changes/adds the following:
* Make use of OPTIONS, for ease of use.
* Add WITH_NPH option (via OPTIONS); enable or disable
addition of nph-cgiwrap binaries.
* Add WITH_DEBUG option (via OPTIONS); enable or disable
debug builds.
* Rename some knobs:
WITH_MAIN_CGIDIR => INSTALL_DIR
WITH_USER_CGIDIR => USER_CGIDIR
WITH_ALLOWFILE => ALLOW_FILE
WITH_DENYFILE => DENY_FILE
WITH_LOGGING => LOG_FILE
* Remove WITH_EMAIL knob; I'll re-add it in the future if
anyone actually uses it...
* Add --with-wall to default configure flags. This
also conveniently pulls in CFLAGS from /etc/make.conf.
It's probably worth mentioning the knob changes in
ports/UPDATING, since people might wig out over breakage.
>How-To-Repeat:
n/a
>Fix:
Apply below patch:
diff -ruN cgiwrap.orig/Makefile cgiwrap/Makefile
--- cgiwrap.orig/Makefile Wed Sep 1 06:42:54 2004
+++ cgiwrap/Makefile Fri Jul 8 06:48:02 2005
@@ -7,98 +7,110 @@
PORTNAME= cgiwrap
PORTVERSION= 3.9
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= www security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
MAINTAINER= freebsd@jdc.parodius.com
-COMMENT= Securely execute ~user CGI scripts
-
-GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \
- --with-install-group=${WWWGRP} \
- --with-install-dir=${WITH_MAIN_CGIDIR} \
- --with-cgi-dir=${WITH_USER_CGIDIR} \
- --with-local-contact=${WITH_EMAIL} \
- --with-allow-file=${WITH_ALLOWFILE} \
- --with-deny-file=${WITH_DENYFILE}
+COMMENT= Securely execute Web CGI scripts
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
PKGMESSAGE= ${WRKDIR}/pkg-message
-## Available knobs:
+OPTIONS= CGI_OWNER "Check CGI file owner" on \
+ CGI_GROUP "Check CGI file group" on \
+ CGI_SETUID "Check CGI file setuid permissions" on \
+ CGI_SETGID "Check CGI file setgid permissions" on \
+ CGI_GROUP_WRITABLE "Check CGI g+w file permissions" on \
+ CGI_WORLD_WRITABLE "Check CGI o+w file permissions" on \
+ NPH "Enable nph binaries" off \
+ DEBUG "Enable cgiwrapd binaries" off
+
##
-## WITH_MAIN_CGIDIR: location of the cgiwrap binaries
+# INSTALL_DIR
#
-# This is the directory where the cgiwrap binaries (i.e. the setuid
-# root binaries) get installed to.
+# Specify the location of the cgiwrap binaries. This is the directory
+# where the cgiwrap binaries get installed in.
#
-WITH_MAIN_CGIDIR?= ${PREFIX}/www/cgi-bin
+INSTALL_DIR?= ${PREFIX}/www/cgi-bin
-## WITH_USER_CGIDIR: location of the CGI directory per user
-## account (i.e. public_html/cgi-bin)
-#
-# Set this to the directory (relative to each user's home) where CGI
-# scripts will be found. Common alternate values are "www/cgi-bin"
-# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
+##
+# USER_CGIDIR
#
-WITH_USER_CGIDIR?= public_html/cgi-bin
-
-## WITH_ALLOWFILE: location/name of the cgiwrap.allow ACL file
-## WITH_DENYFILE: location/name of the cgiwrap.deny ACL file
+# Specify the location of the CGI directory ~user accounts will store
+# CGIs in. This is "home directory relative". Alternatives include
+# "www/cgi-bin" and "cgi-bin".
#
-WITH_ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow
-WITH_DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny
+USER_CGIDIR?= public_html/cgi-bin
-## WITH_EMAIL: cgiwrap administrator's Email address
+##
+# ALLOW_FILE
+# DENY_FILE
#
-WITH_EMAIL?= webmaster@dummy-host.example.com
+# Full path to the allow and deny files for CGI access. These files
+# contain the username of the UNIX account who will be allowed/denied
+# using the cgiwrap binary.
+#
+ALLOW_FILE?= ${PREFIX}/etc/${PORTNAME}.allow
+DENY_FILE?= ${PREFIX}/etc/${PORTNAME}.deny
-## WITH_LOGGING: enables cgiwrap logging; specifies the
-## path and filename of the logfile
+##
+# LOG_FILE
#
-.if defined(WITH_LOGGING)
-CONFIGURE_ARGS+= --with-logging-file=${WITH_LOGGING}
-.endif
-
-## WITH_DEBUG: enables cgiwrap debugging support, via
-## the 'cgiwrapd' binary
+# Enables cgiwrap logging (when a user called cgiwrap, its arguments,
+# and who ran it). Specify the full path to the logfile.
#
-.if defined(WITH_DEBUG)
-PLIST_SUB+= CGIWRAPDFLAG=
+.if defined(LOG_FILE)
+CONFIGURE_ARGS+= --with-logging-file=${LOG_FILE}
.else
-PLIST_SUB+= CGIWRAPDFLAG="@comment "
+CONFIGURE_ARGS+= --without-logging-file
.endif
-## WITHOUT_CHECK_OWNER: disable CGI file ownership checks
-## WITHOUT_CHECK_GROUP: disable CGI file group checks
-## WITHOUT_CHECK_SETUID: disable CGI file setuid permissions check
-## WITHOUT_CHECK_SETGID: disable CGI file setgid permissions check
-## WITHOUT_CHECK_GROUP_WRITABLE:
-## disable CGI file group-writable permissions check
-## WITHOUT_CHECK_WORLD_WRITABLE:
-## disable CGI file world-writable permissions check
-#
-.if defined(WITHOUT_CHECK_OWNER)
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \
+ --with-install-group=${WWWGRP} \
+ --with-install-dir=${INSTALL_DIR} \
+ --with-cgi-dir=${USER_CGIDIR} \
+ --with-allow-file=${ALLOW_FILE} \
+ --with-deny-file=${DENY_FILE} \
+ --with-wall
+
+.include <bsd.port.pre.mk>
+
+.if !defined(WITH_CGI_OWNER)
CONFIGURE_ARGS+= --without-check-owner
.endif
-.if defined(WITHOUT_CHECK_GROUP)
+.if !defined(WITH_CGI_GROUP)
CONFIGURE_ARGS+= --without-check-group
.endif
-.if defined(WITHOUT_CHECK_SETUID)
+.if !defined(WITH_CGI_SETUID)
CONFIGURE_ARGS+= --without-check-setuid
.endif
-.if defined(WITHOUT_CHECK_SETGID)
+.if !defined(WITH_CGI_SETGID)
CONFIGURE_ARGS+= --without-check-setgid
.endif
-.if defined(WITHOUT_CHECK_GROUP_WRITABLE)
+.if !defined(WITH_CGI_GROUP_WRITABLE)
CONFIGURE_ARGS+= --without-check-group-writable
.endif
-.if defined(WITHOUT_CHECK_WORLD_WRITABLE)
+.if !defined(WITH_CGI_WORLD_WRITABLE)
CONFIGURE_ARGS+= --without-check-world-writable
.endif
+.if !defined(WITH_NPH)
+PLIST_SUB+= NPHFLAG="@comment "
+CONFIGURE_ARGS+= --without-nph
+.else
+PLIST_SUB+= NPHFLAG=
+.endif
+
+.if !defined(WITH_DEBUG)
+PLIST_SUB+= DEBUGFLAG="@comment "
+CONFIGURE_ARGS+= --without-cgiwrapd
+.else
+PLIST_SUB+= DEBUGFLAG=
+.endif
+
.if !defined(NOPORTDOCS)
PORTDOCS= accesscontrol.html afs.html changes.html \
chroot.html comments.html download.html faq.html \
@@ -107,18 +119,19 @@
thanks.html todo.html tricks.html y2k.html
.endif
-show-options:
- @${SED} -ne 's/^##//p' ${.CURDIR}/Makefile
-
pre-install:
- @${MKDIR} ${WITH_MAIN_CGIDIR}
+ @${MKDIR} ${INSTALL_DIR}
post-install:
- @${STRIP_CMD} ${WITH_MAIN_CGIDIR}/cgiwrap
- @${CHMOD} 4550 ${WITH_MAIN_CGIDIR}/cgiwrap
-.if !defined(WITH_DEBUG)
- @${RM} ${WITH_MAIN_CGIDIR}/cgiwrapd
- @${RM} ${WITH_MAIN_CGIDIR}/nph-cgiwrapd
+ @${STRIP_CMD} ${INSTALL_DIR}/cgiwrap
+ @${CHMOD} 4550 ${INSTALL_DIR}/cgiwrap
+.if defined(WITH_DEBUG)
+ @${STRIP_CMD} ${INSTALL_DIR}/cgiwrapd
+ @${CHMOD} 4550 ${INSTALL_DIR}/cgiwrapd
+.if defined(WITH_NPH)
+ @${STRIP_CMD} ${INSTALL_DIR}/nph-cgiwrapd
+ @${CHMOD} 4550 ${INSTALL_DIR}/nph-cgiwrapd
+.endif
.endif
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
@@ -126,10 +139,10 @@
@${INSTALL_DATA} ${WRKSRC}/htdocs/${f} ${DOCSDIR}
.endfor
.endif
- @${SED} -e's,%%MAIN_CGIDIR%%,${WITH_MAIN_CGIDIR},g' \
- -e's,%%ALLOWFILE%%,${WITH_ALLOWFILE},g' \
- -e's,%%DENYFILE%%,${WITH_DENYFILE},g' \
+ @${SED} -e's,%%INSTALL_DIR%%,${INSTALL_DIR},g' \
+ -e's,%%ALLOW_FILE%%,${ALLOW_FILE},g' \
+ -e's,%%DENY_FILE%%,${DENY_FILE},g' \
${MASTERDIR}/pkg-message > ${PKGMESSAGE}
@${CAT} ${PKGMESSAGE}
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
diff -ruN cgiwrap.orig/pkg-descr cgiwrap/pkg-descr
--- cgiwrap.orig/pkg-descr Wed Sep 1 06:42:54 2004
+++ cgiwrap/pkg-descr Fri Jul 8 05:03:23 2005
@@ -9,3 +9,4 @@
server software that supports CGI.
WWW: http://cgiwrap.sourceforge.net/
+WWW: http://cgiwrap.unixtools.org/
diff -ruN cgiwrap.orig/pkg-message cgiwrap/pkg-message
--- cgiwrap.orig/pkg-message Wed Sep 1 06:42:54 2004
+++ cgiwrap/pkg-message Fri Jul 8 05:33:37 2005
@@ -1,19 +1,12 @@
-----------------------------------------------------------------
-You have installed cgiwrap, a wrapper to securely execute user
-CGI programs. cgiwrap is reported to work with most Web servers
-that support CGI, so no one specific server has been included as
-a dependancy. If you are unsure of which Web server to use, it
-is recommended that you try the Apache HTTP server.
-
The cgiwrap binaries have been installed in the following
directory:
- %%MAIN_CGIDIR%%
+ %%INSTALL_DIR%%
-You should create/manage the following two files, otherwise
-cgiwrap will not function as expected. These ACL files define
-which users can and cannot run CGI binaries via cgiwrap:
+You should create the following two files, otherwise cgiwrap will
+not function as expected:
- %%ALLOWFILE%%
- %%DENYFILE%%
+ %%ALLOW_FILE%%
+ %%DENY_FILE%%
-----------------------------------------------------------------
diff -ruN cgiwrap.orig/pkg-plist cgiwrap/pkg-plist
--- cgiwrap.orig/pkg-plist Wed Sep 1 06:42:54 2004
+++ cgiwrap/pkg-plist Fri Jul 8 06:40:54 2005
@@ -1,5 +1,5 @@
www/cgi-bin/cgiwrap
-%%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
-www/cgi-bin/nph-cgiwrap
-%%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
+%%DEBUGFLAG%%www/cgi-bin/cgiwrapd
+%%NPHFLAG%%www/cgi-bin/nph-cgiwrap
+%%NPHFLAG%%%%DEBUGFLAG%%www/cgi-bin/nph-cgiwrapd
@unexec rmdir %D/www/cgi-bin 2>/dev/null || true
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050708140438.4A4725F6C>