FreeBSD Bugzilla – Attachment 46351 Details for
Bug 71188
cgiwrap port update/cleanup
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 9.44 KB, created by
Jeremy Chadwick
on 2004-08-31 12:10:15 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Jeremy Chadwick
Created:
2004-08-31 12:10:15 UTC
Size:
9.44 KB
patch
obsolete
>diff -ruN cgiwrap.orig/Makefile cgiwrap/Makefile >--- cgiwrap.orig/Makefile Tue Aug 17 22:13:50 2004 >+++ cgiwrap/Makefile Tue Aug 31 04:03:49 2004 >@@ -7,7 +7,7 @@ > > PORTNAME= cgiwrap > PORTVERSION= 3.9 >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= www security > MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} > MASTER_SITE_SUBDIR= ${PORTNAME} >@@ -18,99 +18,118 @@ > GNU_CONFIGURE= yes > CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \ > --with-install-group=${WWWGRP} \ >- --with-install-dir=${MAINCGIDIR} \ >- --with-cgi-dir=${CGIWRAP_CGIDIR} \ >- --with-local-contact=${CGIWRAP_CONTACT} \ >- --with-allow-file=${CGIWRAP_ALLOWFILE} \ >- --with-deny-file=${CGIWRAP_DENYFILE} >+ --with-install-dir=${WITH_MAIN_CGIDIR} \ >+ --with-cgi-dir=${WITH_USER_CGIDIR} \ >+ --with-local-contact=${WITH_EMAIL} \ >+ --with-allow-file=${WITH_ALLOWFILE} \ >+ --with-deny-file=${WITH_DENYFILE} >+ >+WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} >+PKGMESSAGE= ${WRKDIR}/pkg-message >+ >+## Available knobs: >+## >+## WITH_MAIN_CGIDIR: location of the cgiwrap binaries >+# >+# This is the directory where the cgiwrap binaries (i.e. the setuid >+# root binaries) get installed to. >+# >+WITH_MAIN_CGIDIR?= ${PREFIX}/www/cgi-bin > >+## WITH_USER_CGIDIR: location of the CGI directory per user >+## account (i.e. public_html/cgi-bin) > # > # Set this to the directory (relative to each user's home) where CGI > # scripts will be found. Common alternate values are "www/cgi-bin" > # (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin) > # >-CGIWRAP_CGIDIR?= public_html/cgi-bin >+WITH_USER_CGIDIR?= public_html/cgi-bin > >+## WITH_ALLOWFILE: location/name of the cgiwrap.allow ACL file >+## WITH_DENYFILE: location/name of the cgiwrap.deny ACL file > # >-# MAINCGIDIR is the directory the cgiwrap binaries get installed to. >-# >-MAINCGIDIR?= ${PREFIX}/www/cgi-bin >+WITH_ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow >+WITH_DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny > >+## WITH_EMAIL: cgiwrap administrator's Email address > # >-# The allow and deny files control access to cgiwrap. >-# >-CGIWRAP_ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow >-CGIWRAP_DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny >- >-# >-# Set the contact Email address. >-# >-CGIWRAP_CONTACT?= webmaster@dummy-host.example.com >+WITH_EMAIL?= webmaster@dummy-host.example.com > >+## WITH_LOGGING: enables cgiwrap logging; specifies the >+## path and filename of the logfile > # >-# Define CGIWRAP_LOGGING and specify where you want the logfile. >-# >-.if defined(CGIWRAP_LOGGING) >-CONFIGURE_ARGS+= --with-logging-file=${CGIWRAP_LOGGING} >+.if defined(WITH_LOGGING) >+CONFIGURE_ARGS+= --with-logging-file=${WITH_LOGGING} > .endif > >+## WITH_DEBUG: enables cgiwrap debugging support, via >+## the 'cgiwrapd' binary > # >-# Some users enjoy being able to debug their own CGI scripts, since >-# the standard "Internal server error" response doesn't help much. >-# Administrators may find this useful as well. See the cgiwrap >-# documentation for details on how to use this. >-# >-.if defined(CGIWRAP_DEBUG) >+.if defined(WITH_DEBUG) > PLIST_SUB+= CGIWRAPDFLAG= > .else > PLIST_SUB+= CGIWRAPDFLAG="@comment " > .endif > >+## WITHOUT_CHECK_OWNER: disable CGI file ownership checks >+## WITHOUT_CHECK_GROUP: disable CGI file group checks >+## WITHOUT_CHECK_SETUID: disable CGI file setuid permissions check >+## WITHOUT_CHECK_SETGID: disable CGI file setgid permissions check >+## WITHOUT_CHECK_GROUP_WRITABLE: >+## disable CGI file group-writable permissions check >+## WITHOUT_CHECK_WORLD_WRITABLE: >+## disable CGI file world-writable permissions check > # >-# A slew of --without-* configure flags exist for cgiwrap. You >-# should refer to the cgiwrap documentation for details regarding >-# what these do, and when (if) they're necessary. >-# >-### >-.if defined(CGIWRAP_WITHOUT_CHECK_OWNER) >+.if defined(WITHOUT_CHECK_OWNER) > CONFIGURE_ARGS+= --without-check-owner > .endif >-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP) >+.if defined(WITHOUT_CHECK_GROUP) > CONFIGURE_ARGS+= --without-check-group > .endif >-.if defined(CGIWRAP_WITHOUT_CHECK_SETUID) >+.if defined(WITHOUT_CHECK_SETUID) > CONFIGURE_ARGS+= --without-check-setuid > .endif >-.if defined(CGIWRAP_WITHOUT_CHECK_SETGID) >+.if defined(WITHOUT_CHECK_SETGID) > CONFIGURE_ARGS+= --without-check-setgid > .endif >-.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE) >+.if defined(WITHOUT_CHECK_GROUP_WRITABLE) > CONFIGURE_ARGS+= --without-check-group-writable > .endif >-.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE) >+.if defined(WITHOUT_CHECK_WORLD_WRITABLE) > CONFIGURE_ARGS+= --without-check-world-writable > .endif > >+.if !defined(NOPORTDOCS) >+PORTDOCS= accesscontrol.html afs.html changes.html \ >+ chroot.html comments.html download.html faq.html \ >+ index.html install.html intro.html maillist.html \ >+ notes.html pubs.html quickref.html setup.html \ >+ thanks.html todo.html tricks.html y2k.html >+.endif >+ >+show-options: >+ @${SED} -ne 's/^##//p' ${.CURDIR}/Makefile >+ > pre-install: >- @${MKDIR} ${MAINCGIDIR} >+ @${MKDIR} ${WITH_MAIN_CGIDIR} > > post-install: >- @${STRIP_CMD} ${MAINCGIDIR}/cgiwrap >- @${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap >-.if !defined(CGIWRAP_WITH_DEBUG) >- @${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd >+ @${STRIP_CMD} ${WITH_MAIN_CGIDIR}/cgiwrap >+ @${CHMOD} 4550 ${WITH_MAIN_CGIDIR}/cgiwrap >+.if !defined(WITH_DEBUG) >+ @${RM} ${WITH_MAIN_CGIDIR}/cgiwrapd >+ @${RM} ${WITH_MAIN_CGIDIR}/nph-cgiwrapd > .endif > .if !defined(NOPORTDOCS) > @${MKDIR} ${DOCSDIR} >-.for file in accesscontrol.html afs.html changes.html chroot.html \ >- comments.html download.html faq.html index.html \ >- install.html intro.html maillist.html notes.html \ >- pubs.html quickref.html setup.html thanks.html \ >- todo.html tricks.html y2k.html >- @${INSTALL_DATA} ${WRKSRC}/htdocs/${file} ${DOCSDIR} >+.for f in ${PORTDOCS} >+ @${INSTALL_DATA} ${WRKSRC}/htdocs/${f} ${DOCSDIR} > .endfor >- @${ECHO} "Documentation installed in ${DOCSDIR}" > .endif >- @${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g' >+ @${SED} -e's,%%MAIN_CGIDIR%%,${WITH_MAIN_CGIDIR},g' \ >+ -e's,%%ALLOWFILE%%,${WITH_ALLOWFILE},g' \ >+ -e's,%%DENYFILE%%,${WITH_DENYFILE},g' \ >+ ${MASTERDIR}/pkg-message > ${PKGMESSAGE} >+ @${CAT} ${PKGMESSAGE} > > .include <bsd.port.mk> >diff -ruN cgiwrap.orig/pkg-descr cgiwrap/pkg-descr >--- cgiwrap.orig/pkg-descr Tue Aug 17 22:13:50 2004 >+++ cgiwrap/pkg-descr Tue Aug 31 03:52:17 2004 >@@ -1,11 +1,11 @@ > This is CGIWrap - a gateway that allows more secure user access to >-CGI programs on an HTTPd server than is provided by the http server >+CGI programs on an HTTPd server than is provided by the Web server > itself. The primary function of CGIWrap is to make certain that > any CGI script runs with the permissions of the user who installed >-it, and not those of the server. >+it, and not those of the Web server. > > CGIWrap works with NCSA httpd, Apache, CERN httpd, NetSite Commerce >-and Communications servers, and probably any other Unix based web >+and Communications servers, and probably any other Unix-based Web > server software that supports CGI. > > WWW: http://cgiwrap.sourceforge.net/ >diff -ruN cgiwrap.orig/pkg-message cgiwrap/pkg-message >--- cgiwrap.orig/pkg-message Tue Aug 17 22:13:50 2004 >+++ cgiwrap/pkg-message Tue Aug 31 04:04:41 2004 >@@ -1,15 +1,19 @@ > ----------------------------------------------------------------- > You have installed cgiwrap, a wrapper to securely execute user >-CGI programs. cgiwrap is reported to work with most web servers >+CGI programs. cgiwrap is reported to work with most Web servers > that support CGI, so no one specific server has been included as >-a depend. If you are unsure of which webserver to use, it is >-recommended to try the Apache web server package. >+a dependancy. If you are unsure of which Web server to use, it >+is recommended that you try the Apache HTTP server. > >-The cgiwrap scripts have been installed in: >- %%PREFIX%%/www/cgi-bin >-...the default location for Apache's cgi-bin directory. >+The cgiwrap binaries have been installed in the following >+directory: > >-If cgiwrap's allow/deny control is enabled, you must create either >-%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny >-before cgiwrap will function. >+ %%MAIN_CGIDIR%% >+ >+You should create/manage the following two files, otherwise >+cgiwrap will not function as expected. These ACL files define >+which users can and cannot run CGI binaries via cgiwrap: >+ >+ %%ALLOWFILE%% >+ %%DENYFILE%% > ----------------------------------------------------------------- >diff -ruN cgiwrap.orig/pkg-plist cgiwrap/pkg-plist >--- cgiwrap.orig/pkg-plist Tue Aug 17 22:13:50 2004 >+++ cgiwrap/pkg-plist Tue Aug 31 03:48:30 2004 >@@ -1,25 +1,5 @@ >-%%PORTDOCS%%%%DOCSDIR%%/accesscontrol.html >-%%PORTDOCS%%%%DOCSDIR%%/afs.html >-%%PORTDOCS%%%%DOCSDIR%%/changes.html >-%%PORTDOCS%%%%DOCSDIR%%/chroot.html >-%%PORTDOCS%%%%DOCSDIR%%/comments.html >-%%PORTDOCS%%%%DOCSDIR%%/download.html >-%%PORTDOCS%%%%DOCSDIR%%/faq.html >-%%PORTDOCS%%%%DOCSDIR%%/index.html >-%%PORTDOCS%%%%DOCSDIR%%/install.html >-%%PORTDOCS%%%%DOCSDIR%%/intro.html >-%%PORTDOCS%%%%DOCSDIR%%/maillist.html >-%%PORTDOCS%%%%DOCSDIR%%/notes.html >-%%PORTDOCS%%%%DOCSDIR%%/pubs.html >-%%PORTDOCS%%%%DOCSDIR%%/quickref.html >-%%PORTDOCS%%%%DOCSDIR%%/setup.html >-%%PORTDOCS%%%%DOCSDIR%%/thanks.html >-%%PORTDOCS%%%%DOCSDIR%%/todo.html >-%%PORTDOCS%%%%DOCSDIR%%/tricks.html >-%%PORTDOCS%%%%DOCSDIR%%/y2k.html > www/cgi-bin/cgiwrap > %%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd > www/cgi-bin/nph-cgiwrap > %%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd > @unexec rmdir %D/www/cgi-bin 2>/dev/null || true >-%%PORTDOCS%%@dirrm %%DOCSDIR%%
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 71188
: 46351