--- Makefile.orig Tue Mar 2 14:42:24 2004 +++ Makefile Fri Aug 6 20:20:28 2004 @@ -7,6 +7,7 @@ PORTNAME= cgiwrap PORTVERSION= 3.9 +PORTREVISION= 1 CATEGORIES= www security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -15,48 +16,90 @@ COMMENT= Securely execute ~user CGI scripts GNU_CONFIGURE= yes -CONFIGURE_ARGS= --with-httpd-user=${HTTPDUSER} \ +CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \ + --with-install-group=${WWWGRP} \ --with-install-dir=${MAINCGIDIR} \ - --with-install-group=${BINGRP} \ - --with-cgi-dir=${CGIDIR} \ - --with-allow-file=${ALLOWFILE} \ - --with-deny-file=${DENYFILE} \ - ${WITHOUTCHECK} + --with-cgi-dir=${CGIWRAP_CGIDIR} \ + --with-local-contact=${CGIWRAP_CONTACT} \ + --with-allow-file=${CGIWRAP_ALLOWFILE} \ + --with-deny-file=${CGIWRAP_DENYFILE} -### +# # Set this to the directory (relative to each user's home) where CGI -# scripts will be found. (Another common value is "www/cgi-bin".) -### -CGIDIR?= public_html/cgi-bin -### -# The default security settings are very tight; enable one or more -# of these to loosen them. Run "configure -help" for information on -# these and other options. -### -#WITHOUTCHECK?= --without-check-owner --without-check-setuid \ -# --without-check-group --without-check-setgid \ -# --without-check-group-writable \ -# --without-check-world-writable -### -# Use these options for Apache: -### +# scripts will be found. Common alternate values are "www/cgi-bin" +# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin) +# +CGIWRAP_CGIDIR?= public_html/cgi-bin + +# +# MAINCGIDIR is the directory the cgiwrap binaries get installed to. +# MAINCGIDIR?= ${PREFIX}/www/cgi-bin -HTTPDUSER?= www -### + +# # The allow and deny files control access to cgiwrap. +# +CGIWRAP_ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow +CGIWRAP_DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny + +# +# Set the contact Email address. +# +CGIWRAP_CONTACT?= webmaster@dummy-host.example.com + +# +# Define CGIWRAP_LOGGING and specify where you want the logfile. +# +.if defined(CGIWRAP_LOGGING) +CONFIGURE_ARGS+= --with-logging-file=${CGIWRAP_LOGGING} +.endif + +# +# Some users enjoy being able to debug their own CGI scripts, since +# the standard "Internal server error" response doesn't help much. +# Administrators may find this useful as well. See the cgiwrap +# documentation for details on how to use this. +# +.if defined(CGIWRAP_DEBUG) +PLIST_SUB+= CGIWRAPDFLAG= +.else +PLIST_SUB+= CGIWRAPDFLAG="@comment " +.endif + +# +# A slew of --without-* configure flags exist for cgiwrap. You +# should refer to the cgiwrap documentation for details regarding +# what these do, and when (if) they're necessary. +# ### -ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow -DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny +.if defined(CGIWRAP_WITHOUT_CHECK_OWNER) +CONFIGURE_ARGS+= --without-check-owner +.endif +.if defined(CGIWRAP_WITHOUT_CHECK_GROUP) +CONFIGURE_ARGS+= --without-check-group +.endif +.if defined(CGIWRAP_WITHOUT_CHECK_SETUID) +CONFIGURE_ARGS+= --without-check-setuid +.endif +.if defined(CGIWRAP_WITHOUT_CHECK_SETGID) +CONFIGURE_ARGS+= --without-check-setgid +.endif +.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE) +CONFIGURE_ARGS+= --without-check-group-writable +.endif +.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE) +CONFIGURE_ARGS+= --without-check-world-writable +.endif pre-install: @${MKDIR} ${MAINCGIDIR} post-install: - ${STRIP_CMD} ${MAINCGIDIR}/cgiwrap - ${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd - ${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd - ${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd - ${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd + @${STRIP_CMD} ${MAINCGIDIR}/cgiwrap + @${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap +.if !defined(CGIWRAP_WITH_DEBUG) + @${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd +.endif .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in accesscontrol.html afs.html changes.html chroot.html \ @@ -68,6 +111,6 @@ .endfor @${ECHO} "Documentation installed in ${DOCSDIR}" .endif - @${CAT} ${PKGMESSAGE} + @${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g' .include --- pkg-descr.orig Fri Nov 15 19:01:07 2002 +++ pkg-descr Fri Aug 6 19:40:42 2004 @@ -9,6 +9,3 @@ server software that supports CGI. WWW: http://cgiwrap.sourceforge.net/ - -- Pete -petef@databits.net --- pkg-message.orig Thu Aug 8 11:58:23 2002 +++ pkg-message Fri Aug 6 19:37:28 2004 @@ -6,14 +6,10 @@ recommended to try the Apache web server package. The cgiwrap scripts have been installed in: - ${PREFIX}/www/cgi-bin + %%PREFIX%%/www/cgi-bin ...the default location for Apache's cgi-bin directory. -The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they -may give away sensitive information about the CGI environment. To -enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd - -Access control enabled, you must create either -${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before -cgiwrap will function. +If cgiwrap's allow/deny control is enabled, you must create either +%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny +before cgiwrap will function. ----------------------------------------------------------------- --- pkg-plist.orig Tue Jun 8 23:16:03 2004 +++ pkg-plist Fri Aug 6 20:12:37 2004 @@ -18,8 +18,8 @@ %%PORTDOCS%%%%DOCSDIR%%/tricks.html %%PORTDOCS%%%%DOCSDIR%%/y2k.html www/cgi-bin/cgiwrap -www/cgi-bin/cgiwrapd +%%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd www/cgi-bin/nph-cgiwrap -www/cgi-bin/nph-cgiwrapd +%%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd @unexec rmdir %D/www/cgi-bin 2>/dev/null || true %%PORTDOCS%%@dirrm %%DOCSDIR%%