diff -ruN cgiwrap.orig/Makefile cgiwrap/Makefile --- cgiwrap.orig/Makefile Wed Sep 1 06:42:54 2004 +++ cgiwrap/Makefile Fri Jul 8 06:48:02 2005 @@ -7,98 +7,110 @@ PORTNAME= cgiwrap PORTVERSION= 3.9 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} MAINTAINER= freebsd@jdc.parodius.com -COMMENT= Securely execute ~user CGI scripts - -GNU_CONFIGURE= yes -CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \ - --with-install-group=${WWWGRP} \ - --with-install-dir=${WITH_MAIN_CGIDIR} \ - --with-cgi-dir=${WITH_USER_CGIDIR} \ - --with-local-contact=${WITH_EMAIL} \ - --with-allow-file=${WITH_ALLOWFILE} \ - --with-deny-file=${WITH_DENYFILE} +COMMENT= Securely execute Web CGI scripts WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} PKGMESSAGE= ${WRKDIR}/pkg-message -## Available knobs: +OPTIONS= CGI_OWNER "Check CGI file owner" on \ + CGI_GROUP "Check CGI file group" on \ + CGI_SETUID "Check CGI file setuid permissions" on \ + CGI_SETGID "Check CGI file setgid permissions" on \ + CGI_GROUP_WRITABLE "Check CGI g+w file permissions" on \ + CGI_WORLD_WRITABLE "Check CGI o+w file permissions" on \ + NPH "Enable nph binaries" off \ + DEBUG "Enable cgiwrapd binaries" off + ## -## WITH_MAIN_CGIDIR: location of the cgiwrap binaries +# INSTALL_DIR # -# This is the directory where the cgiwrap binaries (i.e. the setuid -# root binaries) get installed to. +# Specify the location of the cgiwrap binaries. This is the directory +# where the cgiwrap binaries get installed in. # -WITH_MAIN_CGIDIR?= ${PREFIX}/www/cgi-bin +INSTALL_DIR?= ${PREFIX}/www/cgi-bin -## WITH_USER_CGIDIR: location of the CGI directory per user -## account (i.e. public_html/cgi-bin) -# -# Set this to the directory (relative to each user's home) where CGI -# scripts will be found. Common alternate values are "www/cgi-bin" -# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin) +## +# USER_CGIDIR # -WITH_USER_CGIDIR?= public_html/cgi-bin - -## WITH_ALLOWFILE: location/name of the cgiwrap.allow ACL file -## WITH_DENYFILE: location/name of the cgiwrap.deny ACL file +# Specify the location of the CGI directory ~user accounts will store +# CGIs in. This is "home directory relative". Alternatives include +# "www/cgi-bin" and "cgi-bin". # -WITH_ALLOWFILE?= ${PREFIX}/etc/${PORTNAME}.allow -WITH_DENYFILE?= ${PREFIX}/etc/${PORTNAME}.deny +USER_CGIDIR?= public_html/cgi-bin -## WITH_EMAIL: cgiwrap administrator's Email address +## +# ALLOW_FILE +# DENY_FILE # -WITH_EMAIL?= webmaster@dummy-host.example.com +# Full path to the allow and deny files for CGI access. These files +# contain the username of the UNIX account who will be allowed/denied +# using the cgiwrap binary. +# +ALLOW_FILE?= ${PREFIX}/etc/${PORTNAME}.allow +DENY_FILE?= ${PREFIX}/etc/${PORTNAME}.deny -## WITH_LOGGING: enables cgiwrap logging; specifies the -## path and filename of the logfile +## +# LOG_FILE # -.if defined(WITH_LOGGING) -CONFIGURE_ARGS+= --with-logging-file=${WITH_LOGGING} -.endif - -## WITH_DEBUG: enables cgiwrap debugging support, via -## the 'cgiwrapd' binary +# Enables cgiwrap logging (when a user called cgiwrap, its arguments, +# and who ran it). Specify the full path to the logfile. # -.if defined(WITH_DEBUG) -PLIST_SUB+= CGIWRAPDFLAG= +.if defined(LOG_FILE) +CONFIGURE_ARGS+= --with-logging-file=${LOG_FILE} .else -PLIST_SUB+= CGIWRAPDFLAG="@comment " +CONFIGURE_ARGS+= --without-logging-file .endif -## WITHOUT_CHECK_OWNER: disable CGI file ownership checks -## WITHOUT_CHECK_GROUP: disable CGI file group checks -## WITHOUT_CHECK_SETUID: disable CGI file setuid permissions check -## WITHOUT_CHECK_SETGID: disable CGI file setgid permissions check -## WITHOUT_CHECK_GROUP_WRITABLE: -## disable CGI file group-writable permissions check -## WITHOUT_CHECK_WORLD_WRITABLE: -## disable CGI file world-writable permissions check -# -.if defined(WITHOUT_CHECK_OWNER) +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --with-httpd-user=${WWWOWN} \ + --with-install-group=${WWWGRP} \ + --with-install-dir=${INSTALL_DIR} \ + --with-cgi-dir=${USER_CGIDIR} \ + --with-allow-file=${ALLOW_FILE} \ + --with-deny-file=${DENY_FILE} \ + --with-wall + +.include + +.if !defined(WITH_CGI_OWNER) CONFIGURE_ARGS+= --without-check-owner .endif -.if defined(WITHOUT_CHECK_GROUP) +.if !defined(WITH_CGI_GROUP) CONFIGURE_ARGS+= --without-check-group .endif -.if defined(WITHOUT_CHECK_SETUID) +.if !defined(WITH_CGI_SETUID) CONFIGURE_ARGS+= --without-check-setuid .endif -.if defined(WITHOUT_CHECK_SETGID) +.if !defined(WITH_CGI_SETGID) CONFIGURE_ARGS+= --without-check-setgid .endif -.if defined(WITHOUT_CHECK_GROUP_WRITABLE) +.if !defined(WITH_CGI_GROUP_WRITABLE) CONFIGURE_ARGS+= --without-check-group-writable .endif -.if defined(WITHOUT_CHECK_WORLD_WRITABLE) +.if !defined(WITH_CGI_WORLD_WRITABLE) CONFIGURE_ARGS+= --without-check-world-writable .endif +.if !defined(WITH_NPH) +PLIST_SUB+= NPHFLAG="@comment " +CONFIGURE_ARGS+= --without-nph +.else +PLIST_SUB+= NPHFLAG= +.endif + +.if !defined(WITH_DEBUG) +PLIST_SUB+= DEBUGFLAG="@comment " +CONFIGURE_ARGS+= --without-cgiwrapd +.else +PLIST_SUB+= DEBUGFLAG= +.endif + .if !defined(NOPORTDOCS) PORTDOCS= accesscontrol.html afs.html changes.html \ chroot.html comments.html download.html faq.html \ @@ -107,18 +119,19 @@ thanks.html todo.html tricks.html y2k.html .endif -show-options: - @${SED} -ne 's/^##//p' ${.CURDIR}/Makefile - pre-install: - @${MKDIR} ${WITH_MAIN_CGIDIR} + @${MKDIR} ${INSTALL_DIR} post-install: - @${STRIP_CMD} ${WITH_MAIN_CGIDIR}/cgiwrap - @${CHMOD} 4550 ${WITH_MAIN_CGIDIR}/cgiwrap -.if !defined(WITH_DEBUG) - @${RM} ${WITH_MAIN_CGIDIR}/cgiwrapd - @${RM} ${WITH_MAIN_CGIDIR}/nph-cgiwrapd + @${STRIP_CMD} ${INSTALL_DIR}/cgiwrap + @${CHMOD} 4550 ${INSTALL_DIR}/cgiwrap +.if defined(WITH_DEBUG) + @${STRIP_CMD} ${INSTALL_DIR}/cgiwrapd + @${CHMOD} 4550 ${INSTALL_DIR}/cgiwrapd +.if defined(WITH_NPH) + @${STRIP_CMD} ${INSTALL_DIR}/nph-cgiwrapd + @${CHMOD} 4550 ${INSTALL_DIR}/nph-cgiwrapd +.endif .endif .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} @@ -126,10 +139,10 @@ @${INSTALL_DATA} ${WRKSRC}/htdocs/${f} ${DOCSDIR} .endfor .endif - @${SED} -e's,%%MAIN_CGIDIR%%,${WITH_MAIN_CGIDIR},g' \ - -e's,%%ALLOWFILE%%,${WITH_ALLOWFILE},g' \ - -e's,%%DENYFILE%%,${WITH_DENYFILE},g' \ + @${SED} -e's,%%INSTALL_DIR%%,${INSTALL_DIR},g' \ + -e's,%%ALLOW_FILE%%,${ALLOW_FILE},g' \ + -e's,%%DENY_FILE%%,${DENY_FILE},g' \ ${MASTERDIR}/pkg-message > ${PKGMESSAGE} @${CAT} ${PKGMESSAGE} -.include +.include diff -ruN cgiwrap.orig/pkg-descr cgiwrap/pkg-descr --- cgiwrap.orig/pkg-descr Wed Sep 1 06:42:54 2004 +++ cgiwrap/pkg-descr Fri Jul 8 05:03:23 2005 @@ -9,3 +9,4 @@ server software that supports CGI. WWW: http://cgiwrap.sourceforge.net/ +WWW: http://cgiwrap.unixtools.org/ diff -ruN cgiwrap.orig/pkg-message cgiwrap/pkg-message --- cgiwrap.orig/pkg-message Wed Sep 1 06:42:54 2004 +++ cgiwrap/pkg-message Fri Jul 8 05:33:37 2005 @@ -1,19 +1,12 @@ ----------------------------------------------------------------- -You have installed cgiwrap, a wrapper to securely execute user -CGI programs. cgiwrap is reported to work with most Web servers -that support CGI, so no one specific server has been included as -a dependancy. If you are unsure of which Web server to use, it -is recommended that you try the Apache HTTP server. - The cgiwrap binaries have been installed in the following directory: - %%MAIN_CGIDIR%% + %%INSTALL_DIR%% -You should create/manage the following two files, otherwise -cgiwrap will not function as expected. These ACL files define -which users can and cannot run CGI binaries via cgiwrap: +You should create the following two files, otherwise cgiwrap will +not function as expected: - %%ALLOWFILE%% - %%DENYFILE%% + %%ALLOW_FILE%% + %%DENY_FILE%% ----------------------------------------------------------------- diff -ruN cgiwrap.orig/pkg-plist cgiwrap/pkg-plist --- cgiwrap.orig/pkg-plist Wed Sep 1 06:42:54 2004 +++ cgiwrap/pkg-plist Fri Jul 8 06:40:54 2005 @@ -1,5 +1,5 @@ www/cgi-bin/cgiwrap -%%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd -www/cgi-bin/nph-cgiwrap -%%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd +%%DEBUGFLAG%%www/cgi-bin/cgiwrapd +%%NPHFLAG%%www/cgi-bin/nph-cgiwrap +%%NPHFLAG%%%%DEBUGFLAG%%www/cgi-bin/nph-cgiwrapd @unexec rmdir %D/www/cgi-bin 2>/dev/null || true