Attachment 46351 Details for Bug 71188 – file.diff

[patch] file.diff

file.diff (text/plain), 9.44 KB, created by Jeremy Chadwick on 2004-08-31 12:10:15 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Chadwick

Created: 2004-08-31 12:10:15 UTC

Size: 9.44 KB

patch

obsolete

>diff -ruN cgiwrap.orig/Makefile cgiwrap/Makefile
>--- cgiwrap.orig/Makefile	Tue Aug 17 22:13:50 2004
>+++ cgiwrap/Makefile	Tue Aug 31 04:03:49 2004
>@@ -7,7 +7,7 @@
> 
> PORTNAME=	cgiwrap
> PORTVERSION=	3.9
>-PORTREVISION=	1
>+PORTREVISION=	2
> CATEGORIES=	www security
> MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
> MASTER_SITE_SUBDIR=	${PORTNAME}
>@@ -18,99 +18,118 @@
> GNU_CONFIGURE=	yes
> CONFIGURE_ARGS=	--with-httpd-user=${WWWOWN} \
> 		--with-install-group=${WWWGRP} \
>-		--with-install-dir=${MAINCGIDIR} \
>-		--with-cgi-dir=${CGIWRAP_CGIDIR} \
>-		--with-local-contact=${CGIWRAP_CONTACT} \
>-		--with-allow-file=${CGIWRAP_ALLOWFILE} \
>-		--with-deny-file=${CGIWRAP_DENYFILE}
>+		--with-install-dir=${WITH_MAIN_CGIDIR} \
>+		--with-cgi-dir=${WITH_USER_CGIDIR} \
>+		--with-local-contact=${WITH_EMAIL} \
>+		--with-allow-file=${WITH_ALLOWFILE} \
>+		--with-deny-file=${WITH_DENYFILE}
>+
>+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
>+PKGMESSAGE=	${WRKDIR}/pkg-message
>+
>+## Available knobs:
>+##
>+##   WITH_MAIN_CGIDIR:     location of the cgiwrap binaries
>+#
>+# This is the directory where the cgiwrap binaries (i.e. the setuid
>+# root binaries) get installed to.
>+#
>+WITH_MAIN_CGIDIR?=	${PREFIX}/www/cgi-bin
> 
>+##   WITH_USER_CGIDIR:     location of the CGI directory per user
>+##                         account (i.e. public_html/cgi-bin)
> #
> # Set this to the directory (relative to each user's home) where CGI
> # scripts will be found.  Common alternate values are "www/cgi-bin"
> # (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
> #
>-CGIWRAP_CGIDIR?=	public_html/cgi-bin
>+WITH_USER_CGIDIR?=	public_html/cgi-bin
> 
>+##   WITH_ALLOWFILE:       location/name of the cgiwrap.allow ACL file
>+##   WITH_DENYFILE:        location/name of the cgiwrap.deny ACL file
> #
>-# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
>-#
>-MAINCGIDIR?=	${PREFIX}/www/cgi-bin
>+WITH_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
>+WITH_DENYFILE?=		${PREFIX}/etc/${PORTNAME}.deny
> 
>+##   WITH_EMAIL:           cgiwrap administrator's Email address
> #
>-# The allow and deny files control access to cgiwrap.
>-#
>-CGIWRAP_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
>-CGIWRAP_DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny
>-
>-#
>-# Set the contact Email address.
>-#
>-CGIWRAP_CONTACT?=	webmaster@dummy-host.example.com
>+WITH_EMAIL?=		webmaster@dummy-host.example.com
> 
>+##   WITH_LOGGING:         enables cgiwrap logging; specifies the
>+##                         path and filename of the logfile
> #
>-# Define CGIWRAP_LOGGING and specify where you want the logfile.
>-#
>-.if defined(CGIWRAP_LOGGING)
>-CONFIGURE_ARGS+=	--with-logging-file=${CGIWRAP_LOGGING}
>+.if defined(WITH_LOGGING)
>+CONFIGURE_ARGS+=	--with-logging-file=${WITH_LOGGING}
> .endif
> 
>+##   WITH_DEBUG:           enables cgiwrap debugging support, via
>+##                         the 'cgiwrapd' binary
> #
>-# Some users enjoy being able to debug their own CGI scripts, since
>-# the standard "Internal server error" response doesn't help much.
>-# Administrators may find this useful as well.  See the cgiwrap
>-# documentation for details on how to use this.
>-#
>-.if defined(CGIWRAP_DEBUG)
>+.if defined(WITH_DEBUG)
> PLIST_SUB+=	CGIWRAPDFLAG=
> .else
> PLIST_SUB+=	CGIWRAPDFLAG="@comment "
> .endif
> 
>+##   WITHOUT_CHECK_OWNER:  disable CGI file ownership checks
>+##   WITHOUT_CHECK_GROUP:  disable CGI file group checks
>+##   WITHOUT_CHECK_SETUID: disable CGI file setuid permissions check
>+##   WITHOUT_CHECK_SETGID: disable CGI file setgid permissions check
>+##   WITHOUT_CHECK_GROUP_WRITABLE:
>+##          disable CGI file group-writable permissions check
>+##   WITHOUT_CHECK_WORLD_WRITABLE:
>+##          disable CGI file world-writable permissions check
> #
>-# A slew of --without-* configure flags exist for cgiwrap.  You
>-# should refer to the cgiwrap documentation for details regarding
>-# what these do, and when (if) they're necessary.
>-#
>-###
>-.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
>+.if defined(WITHOUT_CHECK_OWNER)
> CONFIGURE_ARGS+=	--without-check-owner
> .endif
>-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
>+.if defined(WITHOUT_CHECK_GROUP)
> CONFIGURE_ARGS+=	--without-check-group
> .endif
>-.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
>+.if defined(WITHOUT_CHECK_SETUID)
> CONFIGURE_ARGS+=	--without-check-setuid
> .endif
>-.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
>+.if defined(WITHOUT_CHECK_SETGID)
> CONFIGURE_ARGS+=	--without-check-setgid
> .endif
>-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
>+.if defined(WITHOUT_CHECK_GROUP_WRITABLE)
> CONFIGURE_ARGS+=	--without-check-group-writable
> .endif
>-.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
>+.if defined(WITHOUT_CHECK_WORLD_WRITABLE)
> CONFIGURE_ARGS+=	--without-check-world-writable
> .endif
> 
>+.if !defined(NOPORTDOCS)
>+PORTDOCS=	accesscontrol.html afs.html changes.html \
>+		chroot.html comments.html download.html faq.html \
>+		index.html install.html intro.html maillist.html \
>+		notes.html pubs.html quickref.html setup.html \
>+		thanks.html todo.html tricks.html y2k.html
>+.endif
>+
>+show-options:
>+	@${SED} -ne 's/^##//p' ${.CURDIR}/Makefile
>+
> pre-install:
>-	@${MKDIR} ${MAINCGIDIR}
>+	@${MKDIR} ${WITH_MAIN_CGIDIR}
> 
> post-install:
>-	@${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
>-	@${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
>-.if !defined(CGIWRAP_WITH_DEBUG)
>-	@${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
>+	@${STRIP_CMD} ${WITH_MAIN_CGIDIR}/cgiwrap
>+	@${CHMOD} 4550 ${WITH_MAIN_CGIDIR}/cgiwrap
>+.if !defined(WITH_DEBUG)
>+	@${RM} ${WITH_MAIN_CGIDIR}/cgiwrapd
>+	@${RM} ${WITH_MAIN_CGIDIR}/nph-cgiwrapd
> .endif
> .if !defined(NOPORTDOCS)
> 	@${MKDIR} ${DOCSDIR}
>-.for file in accesscontrol.html afs.html changes.html chroot.html	\
>-		comments.html download.html faq.html index.html		\
>-		install.html intro.html maillist.html notes.html	\
>-		pubs.html quickref.html setup.html thanks.html		\
>-		todo.html tricks.html y2k.html
>-	@${INSTALL_DATA} ${WRKSRC}/htdocs/${file} ${DOCSDIR}
>+.for f in ${PORTDOCS}
>+	@${INSTALL_DATA} ${WRKSRC}/htdocs/${f} ${DOCSDIR}
> .endfor
>-	@${ECHO} "Documentation installed in ${DOCSDIR}"
> .endif
>-	@${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g'
>+	@${SED}	-e's,%%MAIN_CGIDIR%%,${WITH_MAIN_CGIDIR},g' \
>+		-e's,%%ALLOWFILE%%,${WITH_ALLOWFILE},g' \
>+		-e's,%%DENYFILE%%,${WITH_DENYFILE},g' \
>+		${MASTERDIR}/pkg-message > ${PKGMESSAGE}
>+	@${CAT} ${PKGMESSAGE}
> 
> .include <bsd.port.mk>
>diff -ruN cgiwrap.orig/pkg-descr cgiwrap/pkg-descr
>--- cgiwrap.orig/pkg-descr	Tue Aug 17 22:13:50 2004
>+++ cgiwrap/pkg-descr	Tue Aug 31 03:52:17 2004
>@@ -1,11 +1,11 @@
> This is CGIWrap - a gateway that allows more secure user access to
>-CGI programs on an HTTPd server than is provided by the http server
>+CGI programs on an HTTPd server than is provided by the Web server
> itself. The primary function of CGIWrap is to make certain that
> any CGI script runs with the permissions of the user who installed
>-it, and not those of the server.
>+it, and not those of the Web server.
> 
> CGIWrap works with NCSA httpd, Apache, CERN httpd, NetSite Commerce
>-and Communications servers, and probably any other Unix based web
>+and Communications servers, and probably any other Unix-based Web
> server software that supports CGI.
> 
> WWW: http://cgiwrap.sourceforge.net/
>diff -ruN cgiwrap.orig/pkg-message cgiwrap/pkg-message
>--- cgiwrap.orig/pkg-message	Tue Aug 17 22:13:50 2004
>+++ cgiwrap/pkg-message	Tue Aug 31 04:04:41 2004
>@@ -1,15 +1,19 @@
> -----------------------------------------------------------------
> You have installed cgiwrap, a wrapper to securely execute user
>-CGI programs.  cgiwrap is reported to work with most web servers
>+CGI programs.  cgiwrap is reported to work with most Web servers
> that support CGI, so no one specific server has been included as
>-a depend.  If you are unsure of which webserver to use, it is
>-recommended to try the Apache web server package.
>+a dependancy.  If you are unsure of which Web server to use, it
>+is recommended that you try the Apache HTTP server.
> 
>-The cgiwrap scripts have been installed in:
>-    %%PREFIX%%/www/cgi-bin
>-...the default location for Apache's cgi-bin directory.
>+The cgiwrap binaries have been installed in the following
>+directory:
> 
>-If cgiwrap's allow/deny control is enabled, you must create either
>-%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
>-before cgiwrap will function.
>+  %%MAIN_CGIDIR%%
>+
>+You should create/manage the following two files, otherwise
>+cgiwrap will not function as expected.  These ACL files define
>+which users can and cannot run CGI binaries via cgiwrap:
>+
>+  %%ALLOWFILE%%
>+  %%DENYFILE%%
> -----------------------------------------------------------------
>diff -ruN cgiwrap.orig/pkg-plist cgiwrap/pkg-plist
>--- cgiwrap.orig/pkg-plist	Tue Aug 17 22:13:50 2004
>+++ cgiwrap/pkg-plist	Tue Aug 31 03:48:30 2004
>@@ -1,25 +1,5 @@
>-%%PORTDOCS%%%%DOCSDIR%%/accesscontrol.html
>-%%PORTDOCS%%%%DOCSDIR%%/afs.html
>-%%PORTDOCS%%%%DOCSDIR%%/changes.html
>-%%PORTDOCS%%%%DOCSDIR%%/chroot.html
>-%%PORTDOCS%%%%DOCSDIR%%/comments.html
>-%%PORTDOCS%%%%DOCSDIR%%/download.html
>-%%PORTDOCS%%%%DOCSDIR%%/faq.html
>-%%PORTDOCS%%%%DOCSDIR%%/index.html
>-%%PORTDOCS%%%%DOCSDIR%%/install.html
>-%%PORTDOCS%%%%DOCSDIR%%/intro.html
>-%%PORTDOCS%%%%DOCSDIR%%/maillist.html
>-%%PORTDOCS%%%%DOCSDIR%%/notes.html
>-%%PORTDOCS%%%%DOCSDIR%%/pubs.html
>-%%PORTDOCS%%%%DOCSDIR%%/quickref.html
>-%%PORTDOCS%%%%DOCSDIR%%/setup.html
>-%%PORTDOCS%%%%DOCSDIR%%/thanks.html
>-%%PORTDOCS%%%%DOCSDIR%%/todo.html
>-%%PORTDOCS%%%%DOCSDIR%%/tricks.html
>-%%PORTDOCS%%%%DOCSDIR%%/y2k.html
> www/cgi-bin/cgiwrap
> %%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
> www/cgi-bin/nph-cgiwrap
> %%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
> @unexec rmdir %D/www/cgi-bin 2>/dev/null || true
>-%%PORTDOCS%%@dirrm %%DOCSDIR%%

Actions: View | Diff

Attachments on bug 71188: 46351