[update] www/suphp: update to 0.3 and fix a security leak introduced with previous patch

- update to 0.3 - add a workaround to don't use getpwuid to performs check for apache user (since 4.x doesn't support getpwuid_r). - use %%DOCSDIR%% PR: ports/55952 Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
svn path=/head/; revision=87663
2003-08-25 12:13:36 +00:00 · 2003-08-25 12:13:36 +00:00 · ba63502f38 · 2021-03-31 03:12:20 +00:00
commit ba63502f38
parent 9875aa93b6
8 changed files with 78 additions and 151 deletions
--- a/www/suphp/Makefile
+++ b/www/suphp/Makefile
@ -6,85 +6,62 @@
 #

 PORTNAME=	suphp
-PORTVERSION=	0.2.3
-PORTREVISION=	1
+PORTVERSION=	0.3
 CATEGORIES=	www
 MASTER_SITES=	http://www.suphp.org/download/

 MAINTAINER=	sheepkiller@cultdeadsheep.org
-COMMENT=	suPHP is a combination which provides a wrapper for PHP
+COMMENT=	A combination which provides a wrapper for PHP

 BUILD_DEPENDS=	${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/apache13
 RUN_DEPENDS=	${LOCALBASE}/bin/php:${PORTSDIR}/www/php4-cgi

-USE_REINPLACE=	yes
+HAS_CONFIGURE=	yes
+USE_GMAKE=	yes
+CONFLICTS=	mod_php4-4*

-MAKE_ARGS+=	APXS="${APXS}"
 APXS?=		${LOCALBASE}/sbin/apxs
-WWW_USER?=	www
-WWW_GROUP?=	www
 LOG_PATH?=	/var/log
 PHP_PATH?=	${LOCALBASE}/bin/php
+APACHE_USER?=	www
+
+CONFIGURE_ARGS+=	--with-php=${PHP_PATH} \
+			--with-logfile=${LOG_PATH}/suphp.log \
+			--with-apache-user=${APACHE_USER} \
+			--with-min-gid=80 \
+			--with-min-uid=80 \
+			--with-apxs=${APXS}
+
+## Available knobs:
+##   WITHOUT_CHECKPATH: disable check if script resides in DOCUMENT_ROOT
+.if defined(WITHOUT_CHECKPATH)
+CONFIGURE_ARGS+=	--disable-checkpath
+.endif
+##   WITHOUT_CHECKUID: accept UIDs that are not listed in /etc/passwd
+.if defined(WITHOUT_CHECKUID)
+CONFIGURE_ARGS+=	--disable-checkuid
+.endif
+##   WITHOUT_CHECKGID: accept GIDs that are not listed in /etc/group
+.if defined(WITHOUT_CHECKGID)
+CONFIGURE_ARGS+=	--disable-checkgid
+.endif

 .include <bsd.port.pre.mk>

-.if exists(${LOCALBASE}/libexec/apache/libphp4.so)
-IGNORE="suPHP conflicts with mod_php4. It works only with php4-cgi"
+.if exists(${LOCALBASE}/include/apache2/apr.h)
+BROKEN=                "Doesn't work with Apache 2"
 .endif

-pre-configure:
-	@${ECHO}
-	@${ECHO} "*-------------------------------------------------------------*"
-	@${ECHO} " Options :"
-	@${ECHO} "     - WWW_USER = Apache's User (default www)"
-	@${ECHO} "     - Define CHECK_PATH, to enable suExec-like path checking"
-	@${ECHO} "       (based on DocumentRoot directive)."
-	@${ECHO} "     - LOG_PATH=/path/to/your/logs. Default /var/log/."
-	@${ECHO} "     - PHP_PATH=/path/to/bin/php. Default ${LOCALBASE}/bin/php."
-	@${ECHO} "*-------------------------------------------------------------*"
-	@${ECHO}
+show-options:
+	@${EGREP} '^##' ${.CURDIR}/Makefile | ${SED} 's/##//'

-do-configure:
-	@${ECHO} "Setting User to : ${WWW_USER}"
-	@${REINPLACE_CMD} -e 's!OPT_APACHE_USER "wwwrun"!OPT_APACHE_USER "${WWW_USER}"!' \
-		${WRKSRC}/config.h
-	@${ECHO} "Setting Group to : ${WWW_GROUP}"
-	@${REINPLACE_CMD} -e 's!OPT_APACHE_GROUP "wwwrun"!OPT_APACHE_GROUP "${WWW_USER}"!' \
-		${WRKSRC}/config.h
-	@${ECHO} "Setting checkpath. (if enabled)"
-.if !defined(CHECK_PATH)
-	@${REINPLACE_CMD} -e 's!#define OPT_CHECKPATH!/*#define OPT_CHECKPATH*/!' \
-		${WRKSRC}/config.h
-.endif
-	@${ECHO} "Setting logs path"
-	@${REINPLACE_CMD} -e 's,OPT_LOGFILE "/opt/apache/var/logs/suphp_log",OPT_LOGFILE "${LOG_PATH}/suphp_log",' \
-		${WRKSRC}/config.h
-	 @${ECHO} "Setting php path"
-	@${REINPLACE_CMD} -e 's,OPT_PATH_TO_PHP "/usr/bin/php",OPT_PATH_TO_PHP "${PHP_PATH}",' \
-		${WRKSRC}/config.h
-	@${ECHO} "Setting suphp path in mod_suphp"
-	@${REINPLACE_CMD} -e "s,/usr/sbin/suphp,${PREFIX}/sbin/suphp," ${WRKSRC}/apache/mod_suphp.c
-
-post-build:
-	@(cd ${WRKSRC}/apache && ${APXS} -c mod_suphp.c) 
+pre-everything::
+	@${MAKE} show-options

 post-install:
-	@(cd ${WRKSRC}/apache && ${APXS} -i -a -n suphp ${WRKSRC}/apache/mod_suphp.so)
 .if !defined(NOPORTDOCS)
-	@${MKDIR} ${DOCSDIR} ${DOCSDIR}/apache ${DOCSDIR}/de-doc ${DOCSDIR}/de-doc/apache
-	${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/INSTALL ${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/apache/CONFIG ${DOCSDIR}/apache
-	${INSTALL_DATA} ${WRKSRC}/apache/README ${DOCSDIR}/apache
-	${INSTALL_DATA} ${WRKSRC}/apache/INSTALL ${DOCSDIR}/apache
-	${INSTALL_DATA} ${WRKSRC}/apache/LICENSE ${DOCSDIR}/apache
-	${INSTALL_DATA} -d ${WRKSRC}/de-doc/ ${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/de-doc/README.de ${DOCSDIR}/de-doc/
-	${INSTALL_DATA} ${WRKSRC}/de-doc/INSTALL.de ${DOCSDIR}/de-doc/
-	${INSTALL_DATA} ${WRKSRC}/de-doc/apache/README.de ${DOCSDIR}/de-doc/apache
-	${INSTALL_DATA} ${WRKSRC}/de-doc/apache/INSTALL.de ${DOCSDIR}/de-doc/apache
-	${INSTALL_DATA} ${WRKSRC}/de-doc/apache/CONFIG.de ${DOCSDIR}/de-doc/apache
+	@${MKDIR} ${DOCSDIR}
+	@${CP} -Rfp ${WRKSRC}/doc/* ${DOCSDIR}
 .endif
 	@${CAT} ${PKGMESSAGE}

--- a/www/suphp/distinfo
+++ b/www/suphp/distinfo
@ -1 +1 @@
-MD5 (suphp-0.2.3.tar.gz) = a540fa3ac0af43a46afc33cf8401ee89
+MD5 (suphp-0.3.tar.gz) = f80d54de6aff5db4ab76670f1c5b3c6d
--- a/www/suphp/files/patch-Makefile
+++ b/www/suphp/files/patch-Makefile
@ -1,33 +0,0 @@
--- Makefile.orig	Wed Oct 23 22:16:50 2002
-+++ Makefile	Tue Nov 12 12:10:58 2002
-@@ -2,9 +2,9 @@
- ## Makefile for suPHP                       ##
- ##############################################
- 
-SUPHP_INSTALL = /usr/sbin/suphp
-+SUPHP_INSTALL = $(PREFIX)/sbin/suphp
- 
-CC = gcc
-+#CC = gcc
- CFLAGS = -c -Wall
- LD = gcc
- LDFLAGS = -o
-@@ -31,11 +31,7 @@
- 	touch suphp.h
- 
- install: suphp
-	if [ $$UID = 0 ]; then \
-	 cp suphp ${SUPHP_INSTALL}; \
-	else \
-	 echo -e "You need to be root to install suPHP."; \
-	fi
-+	$(INSTALL) -o root -g wheel -m 4755 suphp ${SUPHP_INSTALL}
- 
- clean:
- 	rm *.o
-@@ -43,3 +39,5 @@
- 
- rmbackups:
- 	rm *~
-+
-+all: suphp
--- a/www/suphp/files/patch-config.h
+++ b/www/suphp/files/patch-config.h
@ -1,9 +0,0 @@
--- config.h.orig	Wed Oct 23 22:16:50 2002
-+++ config.h	Wed Nov 13 16:30:35 2002
-@@ -24,5 +24,6 @@
- #define OPT_MIN_UID 100
- #define OPT_MIN_GID 100
- #define OPT_APACHE_USER "wwwrun"
-+#define OPT_APACHE_GROUP "wwwrun"
- #define OPT_PATH_TO_PHP "/usr/bin/php"
- #define OPT_LOGFILE "/opt/apache/var/logs/suphp_log"
--- a/www/suphp/files/patch-src::Makefile.in
+++ b/www/suphp/files/patch-src::Makefile.in
@ -0,0 +1,10 @@
+--- src/Makefile.in.orig	Mon Aug 25 11:50:48 2003
+++ src/Makefile.in	Mon Aug 25 11:50:55 2003
+@@ -39,7 +39,6 @@
+ 	fi
+ 
+ install: suphp suphp.mod
+-	$(INSTALL_PROGRAM) -d $(DESTDIR)$(sbindir)
+ 	$(INSTALL_PROGRAM) -m 4755 suphp $(DESTDIR)$(sbindir)/suphp
+ 	@$(MAKE) $(MAKEDEFS) -C apache install
+ 
--- a/www/suphp/files/patch-src::apache::Makefile.in
+++ b/www/suphp/files/patch-src::apache::Makefile.in
@ -0,0 +1,13 @@
+--- src/apache/Makefile.in.orig	Mon Aug 25 11:40:47 2003
+++ src/apache/Makefile.in	Mon Aug 25 11:41:02 2003
+@@ -29,7 +29,9 @@
+ all: suphp.mod
+ 
+ suphp.mod: mod_suphp.c
+-	$(APXS) -c $(DEFS) $(EXTRADEFS) $(INCLUDES) -Wc,"$(CFLAGS)" mod_suphp.c
+	@if [ ! -f mod_suphp.o ]; then \
+	$(APXS) -c $(DEFS) $(EXTRADEFS) $(INCLUDES) -Wc,"$(CFLAGS)" mod_suphp.c ;\
+	fi;
+ 
+ install: suphp.mod
+ 	$(APXS) -i -a mod_suphp.so
--- a/www/suphp/files/patch-suphp.c
+++ b/www/suphp/files/patch-suphp.c
@ -1,34 +0,0 @@
--- suphp.c.orig	Wed Dec 25 14:21:27 2002
-+++ suphp.c	Sat Jun 28 12:02:12 2003
-@@ -68,6 +68,7 @@
- {
-  // Check, if program has been started by Apache
-  struct passwd *apacheuser;
-+ struct group *apachegroup;
-  struct passwd *calluser;
-  struct passwd *targetuser;
-  struct group *targetgroup;
-@@ -76,6 +77,7 @@
-  path_translated = getenv("SCRIPT_FILENAME");
-   
-  apacheuser = getpwnam(OPT_APACHE_USER);
-+ apachegroup = getgrnam(OPT_APACHE_GROUP);
-  calluser = getpwuid(getuid());
-  
-  if (calluser->pw_uid!=apacheuser->pw_uid)
-@@ -105,13 +107,13 @@
-  
-  // Get gid and uid of the file and check it
-  targetuser = getpwuid(file_get_uid(path_translated));
- if (targetuser->pw_uid < OPT_MIN_UID)
-+ if (targetuser->pw_uid < OPT_MIN_UID && targetuser->pw_uid != apacheuser->pw_uid )
-  {
-   log_error ("UID of %s or its target (%d / %s) < %d", path_translated, targetuser->pw_uid, targetuser->pw_name, OPT_MIN_UID);
-   error_exit(ERRCODE_LOW_UID);
-  }
-  targetgroup = getgrgid(file_get_gid(path_translated));
- if (targetgroup->gr_gid < OPT_MIN_GID)
-+ if (targetgroup->gr_gid < OPT_MIN_GID && targetgroup->gr_gid != apachegroup->gr_gid )
-  {
-   log_error ("GID of %s or its target (%d / %s) < %d", path_translated, targetgroup->gr_gid, targetgroup->gr_name, OPT_MIN_GID);
-   error_exit(ERRCODE_LOW_GID);
--- a/www/suphp/pkg-plist
+++ b/www/suphp/pkg-plist
@ -2,19 +2,22 @@ sbin/suphp
 libexec/apache/mod_suphp.so
@exec %D/sbin/apxs -e -a -n suphp %D/%f
@unexec echo "===>  If you do not plan on reinstalling suphp, you must manually remove"; echo "===>  references to it in httpd.conf."
-%%PORTDOCS%%share/doc/suphp/apache/CONFIG
-%%PORTDOCS%%share/doc/suphp/apache/README
-%%PORTDOCS%%share/doc/suphp/apache/INSTALL
-%%PORTDOCS%%share/doc/suphp/apache/LICENSE
-%%PORTDOCS%%share/doc/suphp/de-doc/apache/README.de
-%%PORTDOCS%%share/doc/suphp/de-doc/apache/INSTALL.de
-%%PORTDOCS%%share/doc/suphp/de-doc/apache/CONFIG.de
-%%PORTDOCS%%share/doc/suphp/de-doc/README.de
-%%PORTDOCS%%share/doc/suphp/de-doc/INSTALL.de
-%%PORTDOCS%%share/doc/suphp/README
-%%PORTDOCS%%share/doc/suphp/INSTALL
-%%PORTDOCS%%share/doc/suphp/LICENSE
-%%PORTDOCS%%@dirrm share/doc/suphp/de-doc/apache
-%%PORTDOCS%%@dirrm share/doc/suphp/de-doc
-%%PORTDOCS%%@dirrm share/doc/suphp/apache
-%%PORTDOCS%%@dirrm share/doc/suphp/
+%%PORTDOCS%%%%DOCSDIR%%/en/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/en/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/en/README
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/CONFIG
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/README
+%%PORTDOCS%%%%DOCSDIR%%/de/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/de/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/de/README
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/CONFIG
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/README
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/de/apache
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/apache
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/de
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/en
+%%PORTDOCS%%@dirrm %%DOCSDIR%%