From jdc@pentarou.parodius.com  Sat Aug  7 03:43:34 2004
Return-Path: <jdc@pentarou.parodius.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 31B6C16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  7 Aug 2004 03:43:34 +0000 (GMT)
Received: from mail.parodius.com (mail.parodius.com [64.62.145.229])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0978643D46
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  7 Aug 2004 03:43:34 +0000 (GMT)
	(envelope-from jdc@pentarou.parodius.com)
Received: from pentarou.parodius.com (jdc@localhost [127.0.0.1])
	by mail.parodius.com (8.12.11/8.12.11) with ESMTP id i773hXEF079173
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 6 Aug 2004 20:43:33 -0700 (PDT)
	(envelope-from jdc@pentarou.parodius.com)
Received: (from jdc@localhost)
	by pentarou.parodius.com (8.12.11/8.12.11/Submit) id i773hXt2079172;
	Fri, 6 Aug 2004 20:43:33 -0700 (PDT)
	(envelope-from jdc)
Message-Id: <200408070343.i773hXt2079172@pentarou.parodius.com>
Date: Fri, 6 Aug 2004 20:43:33 -0700 (PDT)
From: Jeremy Chadwick <freebsd@jdc.parodius.com>
Reply-To: Jeremy Chadwick <freebsd@jdc.parodius.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: cgiwrap port update
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         70106
>Category:       ports
>Synopsis:       cgiwrap port update
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 07 03:50:14 GMT 2004
>Closed-Date:    Tue Aug 17 05:29:30 GMT 2004
>Last-Modified:  Tue Aug 17 05:29:30 GMT 2004
>Originator:     Jeremy Chadwick
>Release:        FreeBSD 4.10-PRERELEASE i386
>Organization:
Parodius Networking
>Environment:
System: FreeBSD pentarou.parodius.com 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #0: Wed May 5 03:33:17 PDT 2004 root@pentarou.parodius.com:/usr/obj/usr/src/sys/PENTAROU i386
>Description:
	Update to the cgiwrap port.  This adds a slew of things:

	1.  Uses WWWOWN and WWWGRP, which is the standard for www-oriented ports.
	2.  Adds --with-local-contact (CGIWRAP_CONTACT).
	3.  Changes tweaks to CGIWRAP_ALLOWFILE and CGIWRAP_DENYFILE.
	4.  Removal of WITHOUTCHECK; moved into multiple CGIWRAP_WITHOUT_* tweaks.
	5.  Adds --with-logging-file (CGIWRAP_LOGGING) for those who need it (me :) ).
	6.  Adds CGIWRAP_DEBUG, which adds support for the cgiwrapd/nph-cgiwrapd binaries.
	7.  Adds --without-check-owner (CGIWRAP_WITHOUT_CHECK_OWNER).
	8.  Adds --without-check-group (CGIWRAP_WITHOUT_CHECK_GROUP).
	9.  Adds --without-check-setuid (CGIWRAP_WITHOUT_CHECK_SETUID).
	10. Adds --without-check-setgid (CGIWRAP_WITHOUT_CHECK_SETGID).
	11. Adds --without-check-group-writable (CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE).
	12. Adds --without-check-world-writable (CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE).
	13. Runs pkg-message through ${SED} so that %%PREFIX%% gets expanded.
	14. Proper/secure permissions on the binaries (4550).  Note that we can't set this
	as 4510 or 4110; mod_mime_magic in Apache needs read access to the binary when
	being called (otherwise warnings appear in the httpd_error log; might as well be
	nice to Apache...).  Global-read/execute is a Bad Idea(tm).
	15. Minor cosmetical update to pkg-descr.

	The port maintainer should DEFINITELY review this.  If the maintainer isn't
	available, I can take over maintenance of this port.

>How-To-Repeat:
	n/a
>Fix:
	Apply below patch to the ports/www/cgiwrap tree.


--- Makefile.orig	Tue Mar  2 14:42:24 2004
+++ Makefile	Fri Aug  6 20:20:28 2004
@@ -7,6 +7,7 @@
 
 PORTNAME=	cgiwrap
 PORTVERSION=	3.9
+PORTREVISION=	1
 CATEGORIES=	www security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -15,48 +16,90 @@
 COMMENT=	Securely execute ~user CGI scripts
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--with-httpd-user=${HTTPDUSER} \
+CONFIGURE_ARGS=	--with-httpd-user=${WWWOWN} \
+		--with-install-group=${WWWGRP} \
 		--with-install-dir=${MAINCGIDIR} \
-		--with-install-group=${BINGRP} \
-		--with-cgi-dir=${CGIDIR} \
-		--with-allow-file=${ALLOWFILE} \
-		--with-deny-file=${DENYFILE} \
-		${WITHOUTCHECK}
+		--with-cgi-dir=${CGIWRAP_CGIDIR} \
+		--with-local-contact=${CGIWRAP_CONTACT} \
+		--with-allow-file=${CGIWRAP_ALLOWFILE} \
+		--with-deny-file=${CGIWRAP_DENYFILE}
 
-###
+#
 # Set this to the directory (relative to each user's home) where CGI
-# scripts will be found.  (Another common value is "www/cgi-bin".)
-###
-CGIDIR?=		public_html/cgi-bin
-###
-# The default security settings are very tight; enable one or more
-# of these to loosen them.  Run "configure -help" for information on
-# these and other options.
-###
-#WITHOUTCHECK?=	--without-check-owner --without-check-setuid \
-#		--without-check-group --without-check-setgid \
-#		--without-check-group-writable \
-#		--without-check-world-writable
-###
-# Use these options for Apache:
-###
+# scripts will be found.  Common alternate values are "www/cgi-bin"
+# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
+#
+CGIWRAP_CGIDIR?=	public_html/cgi-bin
+
+#
+# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
+#
 MAINCGIDIR?=	${PREFIX}/www/cgi-bin
-HTTPDUSER?=	www
-###
+
+#
 # The allow and deny files control access to cgiwrap.
+#
+CGIWRAP_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
+CGIWRAP_DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny
+
+#
+# Set the contact Email address.
+#
+CGIWRAP_CONTACT?=	webmaster@dummy-host.example.com
+
+#
+# Define CGIWRAP_LOGGING and specify where you want the logfile.
+#
+.if defined(CGIWRAP_LOGGING)
+CONFIGURE_ARGS+=	--with-logging-file=${CGIWRAP_LOGGING}
+.endif
+
+#
+# Some users enjoy being able to debug their own CGI scripts, since
+# the standard "Internal server error" response doesn't help much.
+# Administrators may find this useful as well.  See the cgiwrap
+# documentation for details on how to use this.
+#
+.if defined(CGIWRAP_DEBUG)
+PLIST_SUB+=	CGIWRAPDFLAG=
+.else
+PLIST_SUB+=	CGIWRAPDFLAG="@comment "
+.endif
+
+#
+# A slew of --without-* configure flags exist for cgiwrap.  You
+# should refer to the cgiwrap documentation for details regarding
+# what these do, and when (if) they're necessary.
+#
 ###
-ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
-DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny
+.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
+CONFIGURE_ARGS+=	--without-check-owner
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
+CONFIGURE_ARGS+=	--without-check-group
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
+CONFIGURE_ARGS+=	--without-check-setuid
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
+CONFIGURE_ARGS+=	--without-check-setgid
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
+CONFIGURE_ARGS+=	--without-check-group-writable
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
+CONFIGURE_ARGS+=	--without-check-world-writable
+.endif
 
 pre-install:
 	@${MKDIR} ${MAINCGIDIR}
 
 post-install:
-	${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
-	${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
-	${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd
-	${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
-	${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd
+	@${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+	@${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
+.if !defined(CGIWRAP_WITH_DEBUG)
+	@${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+.endif
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 .for file in accesscontrol.html afs.html changes.html chroot.html	\
@@ -68,6 +111,6 @@
 .endfor
 	@${ECHO} "Documentation installed in ${DOCSDIR}"
 .endif
-	@${CAT} ${PKGMESSAGE}
+	@${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g'
 
 .include <bsd.port.mk>
--- pkg-descr.orig	Fri Nov 15 19:01:07 2002
+++ pkg-descr	Fri Aug  6 19:40:42 2004
@@ -9,6 +9,3 @@
 server software that supports CGI.
 
 WWW: http://cgiwrap.sourceforge.net/
-
-- Pete
-petef@databits.net
--- pkg-message.orig	Thu Aug  8 11:58:23 2002
+++ pkg-message	Fri Aug  6 19:37:28 2004
@@ -6,14 +6,10 @@
 recommended to try the Apache web server package.
 
 The cgiwrap scripts have been installed in:
-    ${PREFIX}/www/cgi-bin
+    %%PREFIX%%/www/cgi-bin
 ...the default location for Apache's cgi-bin directory.
 
-The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they
-may give away sensitive information about the CGI environment.  To
-enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd
-
-Access control enabled, you must create either
-${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
-cgiwrap will function.
+If cgiwrap's allow/deny control is enabled, you must create either
+%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
+before cgiwrap will function.
 -----------------------------------------------------------------
--- pkg-plist.orig	Tue Jun  8 23:16:03 2004
+++ pkg-plist	Fri Aug  6 20:12:37 2004
@@ -18,8 +18,8 @@
 %%PORTDOCS%%%%DOCSDIR%%/tricks.html
 %%PORTDOCS%%%%DOCSDIR%%/y2k.html
 www/cgi-bin/cgiwrap
-www/cgi-bin/cgiwrapd
+%%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
 www/cgi-bin/nph-cgiwrap
-www/cgi-bin/nph-cgiwrapd
+%%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
 @unexec rmdir %D/www/cgi-bin 2>/dev/null || true
 %%PORTDOCS%%@dirrm %%DOCSDIR%%
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: sem 
State-Changed-When: Sun Aug 15 20:15:50 GMT 2004 
State-Changed-Why:  
Wait for maintainer approval 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70106 

From: Sergey Matveychuk <sem@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, jre@vineyard.net
Cc:  
Subject: Re: ports/70106: cgiwrap port update
Date: Mon, 16 Aug 2004 00:15:56 +0400

 Dear maintainer, please approve or disprove the PR.
 
 ---
 Sem.

From: Josh Elsasser <jre@vineyard.net>
To: Sergey Matveychuk <sem@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: ports/70106: cgiwrap port update
Date: Mon, 16 Aug 2004 10:31:45 -0400

 That looks great to me.  The submitter is welcome to maintain this
 port himself if he would like.
 
  -jre

From: Sergey Matveychuk <sem@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, freebsd@jdc.parodius.com
Cc:  
Subject: Re: ports/70106: cgiwrap port update
Date: Mon, 16 Aug 2004 21:06:41 +0400

 Would you like to become a maintainer of the port?
 
 -- 
 Sem.

From: Jeremy Chadwick <freebsd@jdc.parodius.com>
To: Sergey Matveychuk <sem@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: ports/70106: cgiwrap port update
Date: Mon, 16 Aug 2004 12:58:46 -0700

 Absolutely -- works for me!
 
 -- 
 | Jeremy Chadwick                                 jdc at parodius.com |
 | Parodius Networking                        http://www.parodius.com/ |
 | UNIX Systems Administrator                   Mountain View, CA, USA |
 | Making life hard for others since 1977.                             |
 
 On Mon, Aug 16, 2004 at 09:06:41PM +0400, Sergey Matveychuk wrote:
 > Would you like to become a maintainer of the port?
 > 
 > -- 
 > Sem.
State-Changed-From-To: feedback->closed 
State-Changed-By: sem 
State-Changed-When: Tue Aug 17 05:29:23 GMT 2004 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70106 
>Unformatted:
