From leeym@utopia.leeym.com  Wed Aug  4 00:46:59 2004
Return-Path: <leeym@utopia.leeym.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 14B1816A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  4 Aug 2004 00:46:59 +0000 (GMT)
Received: from utopia.leeym.com (utopia.leeym.com [211.21.137.52])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA85643D5A
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  4 Aug 2004 00:46:58 +0000 (GMT)
	(envelope-from leeym@utopia.leeym.com)
Received: from localhost (localhost [127.0.0.1])
	by utopia.leeym.com (Postfix) with ESMTP id 70FB73E9B1A
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  4 Aug 2004 08:46:57 +0800 (CST)
Received: from utopia.leeym.com ([127.0.0.1])
 by localhost (utopia.leeym.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 26852-03 for <FreeBSD-gnats-submit@freebsd.org>;
 Wed,  4 Aug 2004 08:46:54 +0800 (CST)
Received: by utopia.leeym.com (Postfix, from userid 1000)
	id 33C2D3E9B19; Wed,  4 Aug 2004 08:46:54 +0800 (CST)
Message-Id: <20040804004654.33C2D3E9B19@utopia.leeym.com>
Date: Wed,  4 Aug 2004 08:46:54 +0800 (CST)
From: Yen-Ming Lee <leeym@utopia.leeym.com>
Reply-To: Yen-Ming Lee <leeym@utopia.leeym.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: update port: www/p5-CGI-SpeedyCGI
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         69970
>Category:       ports
>Synopsis:       update port: www/p5-CGI-SpeedyCGI
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lth
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 04 00:50:20 GMT 2004
>Closed-Date:    Fri Aug 06 17:37:08 GMT 2004
>Last-Modified:  Fri Aug 06 17:37:08 GMT 2004
>Originator:     Yen-Ming Lee
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
>Environment:
System: FreeBSD utopia.leeym.com 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #167: Tue Jul 27 05:17:58 CST 2004 root@utopia.leeym.com:/usr/obj/usr/src/sys/UTOPIA i386


	
>Description:

Perl 5.8.4 and above add several security check when doing setuid.
One of these checks is that the interpreter must have string "perl" with it.

http://sourceforge.net/mailarchive/forum.php?thread_id=4823748&forum_id=7581

- rename speedy_suid to speedy_suidperl (or speedyperl_suid will be fine, too)
- utilize ECHO
- replace all /usr/local with PREFIX will cause some problems when PREFIX
  isn't /usr/local (missing PERL5 libraries and modules... blah blah...)
- bump PORTREVISION

>How-To-Repeat:

Run a setuid script under perl 5.8.4 or above, says openwebmail.

>Fix:

--- p5-CGI-SpeedyCGI.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/www/p5-CGI-SpeedyCGI/Makefile,v
retrieving revision 1.8
diff -u -r1.8 Makefile
--- Makefile	1 Jun 2004 12:32:32 -0000	1.8
+++ Makefile	4 Aug 2004 00:35:23 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=	CGI-SpeedyCGI
 PORTVERSION=	2.22
+PORTREVISION=	1
 CATEGORIES=	www perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN}
 MASTER_SITE_SUBDIR=	CGI
@@ -29,7 +30,7 @@
 .else
 PLIST_SUB+=	APACHE=""
 .if exists(${APXS})
-APXS_WORKS!=	${APXS} -q TARGET 2>/dev/null || echo no
+APXS_WORKS!=	${APXS} -q TARGET 2>/dev/null || ${ECHO} no
 .endif
 .if exists(${APXS}) && ${APXS_WORKS} != no
 AP_LIBEXEC!=	${APXS} -q LIBEXECDIR
@@ -41,11 +42,10 @@
 
 post-configure:
 	@${PERL} -pi -e 's,^PREFIX = /usr$$,PREFIX = ${PREFIX},g;' \
-		     -e 's,/usr/local,${PREFIX},g;' \
 		${WRKSRC}/Makefile ${WRKSRC}/*/Makefile
 
 post-install:
-	@${INSTALL_PROGRAM} ${WRKSRC}/speedy/speedy ${PREFIX}/bin/speedy_suid
-	@${CHMOD} 4755 ${PREFIX}/bin/speedy_suid
+	@${INSTALL_PROGRAM} ${WRKSRC}/speedy/speedy ${PREFIX}/bin/speedy_suidperl
+	@${CHMOD} 4755 ${PREFIX}/bin/speedy_suidperl
 
 .include <bsd.port.post.mk>
Index: pkg-plist
===================================================================
RCS file: /home/pcvs/ports/www/p5-CGI-SpeedyCGI/pkg-plist,v
retrieving revision 1.4
diff -u -r1.4 pkg-plist
--- pkg-plist	25 Dec 2003 12:51:45 -0000	1.4
+++ pkg-plist	4 Aug 2004 00:35:23 -0000
@@ -3,7 +3,7 @@
 %%SITE_PERL%%/CGI/SpeedyCGI.pm
 bin/speedy
 bin/speedy_backend
-bin/speedy_suid
+bin/speedy_suidperl
 @dirrm %%SITE_PERL%%/%%PERL_ARCH%%/auto/CGI/SpeedyCGI
 @unexec rmdir %D/%%SITE_PERL%%/%%PERL_ARCH%%/auto/CGI 2>/dev/null || true
 @unexec rmdir %D/%%SITE_PERL%%/CGI 2>/dev/null || true
--- p5-CGI-SpeedyCGI.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->lth 
Responsible-Changed-By: tobez 
Responsible-Changed-When: Wed Aug 4 09:25:45 CEST 2004 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69970 
State-Changed-From-To: open->closed 
State-Changed-By: leeym 
State-Changed-When: Fri Aug 6 17:37:06 GMT 2004 
State-Changed-Why:  
Committed, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69970 
>Unformatted:
