[update] www/suphp: update to 0.3 and fix a security leak introduced with previous patch

- update to 0.3 - add a workaround to don't use getpwuid to performs check for apache user (since 4.x doesn't support getpwuid_r). - use %%DOCSDIR%% PR: ports/55952 Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
svn path=/head/; revision=87663
2003-08-25 12:13:36 +00:00 · 2003-08-25 12:13:36 +00:00 · ba63502f38 · 2021-03-31 03:12:20 +00:00
commit ba63502f38
parent 9875aa93b6
8 changed files with 78 additions and 151 deletions
--- a/www/suphp/Makefile
+++ b/www/suphp/Makefile
@ -6,85 +6,62 @@
 #
 PORTNAME=	suphp
-PORTVERSION=	0.2.3
+PORTVERSION=	0.3
 PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://www.suphp.org/download/
 MAINTAINER=	sheepkiller@cultdeadsheep.org
-COMMENT=	suPHP is a combination which provides a wrapper for PHP
+COMMENT=	A combination which provides a wrapper for PHP
 BUILD_DEPENDS=	${LOCALBASE}/sbin/apxs:${PORTSDIR}/www/apache13
 RUN_DEPENDS=	${LOCALBASE}/bin/php:${PORTSDIR}/www/php4-cgi
-USE_REINPLACE=	yes
+HAS_CONFIGURE=	yes
 USE_GMAKE=	yes
 CONFLICTS=	mod_php4-4*
 MAKE_ARGS+=	APXS="${APXS}"
 APXS?=		${LOCALBASE}/sbin/apxs
 WWW_USER?=	www
 WWW_GROUP?=	www
 LOG_PATH?=	/var/log
 PHP_PATH?=	${LOCALBASE}/bin/php
 APACHE_USER?=	www
 CONFIGURE_ARGS+=	--with-php=${PHP_PATH} \
 			--with-logfile=${LOG_PATH}/suphp.log \
 			--with-apache-user=${APACHE_USER} \
 			--with-min-gid=80 \
 			--with-min-uid=80 \
 			--with-apxs=${APXS}
 ## Available knobs:
 ##   WITHOUT_CHECKPATH: disable check if script resides in DOCUMENT_ROOT
 .if defined(WITHOUT_CHECKPATH)
 CONFIGURE_ARGS+=	--disable-checkpath
 .endif
 ##   WITHOUT_CHECKUID: accept UIDs that are not listed in /etc/passwd
 .if defined(WITHOUT_CHECKUID)
 CONFIGURE_ARGS+=	--disable-checkuid
 .endif
 ##   WITHOUT_CHECKGID: accept GIDs that are not listed in /etc/group
 .if defined(WITHOUT_CHECKGID)
 CONFIGURE_ARGS+=	--disable-checkgid
 .endif
 .include <bsd.port.pre.mk>
-.if exists(${LOCALBASE}/libexec/apache/libphp4.so)
+.if exists(${LOCALBASE}/include/apache2/apr.h)
-IGNORE="suPHP conflicts with mod_php4. It works only with php4-cgi"
+BROKEN=                "Doesn't work with Apache 2"
 .endif
-pre-configure:
+show-options:
-	@${ECHO}
+	@${EGREP} '^##' ${.CURDIR}/Makefile | ${SED} 's/##//'
 	@${ECHO} "*-------------------------------------------------------------*"
 	@${ECHO} " Options :"
 	@${ECHO} "     - WWW_USER = Apache's User (default www)"
 	@${ECHO} "     - Define CHECK_PATH, to enable suExec-like path checking"
 	@${ECHO} "       (based on DocumentRoot directive)."
 	@${ECHO} "     - LOG_PATH=/path/to/your/logs. Default /var/log/."
 	@${ECHO} "     - PHP_PATH=/path/to/bin/php. Default ${LOCALBASE}/bin/php."
 	@${ECHO} "*-------------------------------------------------------------*"
 	@${ECHO}
-do-configure:
+pre-everything::
-	@${ECHO} "Setting User to : ${WWW_USER}"
+	@${MAKE} show-options
 	@${REINPLACE_CMD} -e 's!OPT_APACHE_USER "wwwrun"!OPT_APACHE_USER "${WWW_USER}"!' \
 		${WRKSRC}/config.h
 	@${ECHO} "Setting Group to : ${WWW_GROUP}"
 	@${REINPLACE_CMD} -e 's!OPT_APACHE_GROUP "wwwrun"!OPT_APACHE_GROUP "${WWW_USER}"!' \
 		${WRKSRC}/config.h
 	@${ECHO} "Setting checkpath. (if enabled)"
 .if !defined(CHECK_PATH)
 	@${REINPLACE_CMD} -e 's!#define OPT_CHECKPATH!/*#define OPT_CHECKPATH*/!' \
 		${WRKSRC}/config.h
 .endif
 	@${ECHO} "Setting logs path"
 	@${REINPLACE_CMD} -e 's,OPT_LOGFILE "/opt/apache/var/logs/suphp_log",OPT_LOGFILE "${LOG_PATH}/suphp_log",' \
 		${WRKSRC}/config.h
 	 @${ECHO} "Setting php path"
 	@${REINPLACE_CMD} -e 's,OPT_PATH_TO_PHP "/usr/bin/php",OPT_PATH_TO_PHP "${PHP_PATH}",' \
 		${WRKSRC}/config.h
 	@${ECHO} "Setting suphp path in mod_suphp"
 	@${REINPLACE_CMD} -e "s,/usr/sbin/suphp,${PREFIX}/sbin/suphp," ${WRKSRC}/apache/mod_suphp.c
 post-build:
 	@(cd ${WRKSRC}/apache && ${APXS} -c mod_suphp.c) 
 post-install:
 	@(cd ${WRKSRC}/apache && ${APXS} -i -a -n suphp ${WRKSRC}/apache/mod_suphp.so)
 .if !defined(NOPORTDOCS)
-	@${MKDIR} ${DOCSDIR} ${DOCSDIR}/apache ${DOCSDIR}/de-doc ${DOCSDIR}/de-doc/apache
+	@${MKDIR} ${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
+	@${CP} -Rfp ${WRKSRC}/doc/* ${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/INSTALL ${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/apache/CONFIG ${DOCSDIR}/apache
 	${INSTALL_DATA} ${WRKSRC}/apache/README ${DOCSDIR}/apache
 	${INSTALL_DATA} ${WRKSRC}/apache/INSTALL ${DOCSDIR}/apache
 	${INSTALL_DATA} ${WRKSRC}/apache/LICENSE ${DOCSDIR}/apache
 	${INSTALL_DATA} -d ${WRKSRC}/de-doc/ ${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/de-doc/README.de ${DOCSDIR}/de-doc/
 	${INSTALL_DATA} ${WRKSRC}/de-doc/INSTALL.de ${DOCSDIR}/de-doc/
 	${INSTALL_DATA} ${WRKSRC}/de-doc/apache/README.de ${DOCSDIR}/de-doc/apache
 	${INSTALL_DATA} ${WRKSRC}/de-doc/apache/INSTALL.de ${DOCSDIR}/de-doc/apache
 	${INSTALL_DATA} ${WRKSRC}/de-doc/apache/CONFIG.de ${DOCSDIR}/de-doc/apache
 .endif
 	@${CAT} ${PKGMESSAGE}
--- a/www/suphp/distinfo
+++ b/www/suphp/distinfo
@ -1 +1 @@
-MD5 (suphp-0.2.3.tar.gz) = a540fa3ac0af43a46afc33cf8401ee89
+MD5 (suphp-0.3.tar.gz) = f80d54de6aff5db4ab76670f1c5b3c6d
--- a/www/suphp/files/patch-Makefile
+++ b/www/suphp/files/patch-Makefile
@ -1,33 +0,0 @@
 --- Makefile.orig	Wed Oct 23 22:16:50 2002
 +++ Makefile	Tue Nov 12 12:10:58 2002
@@ -2,9 +2,9 @@
 ## Makefile for suPHP                       ##
 ##############################################
 -SUPHP_INSTALL = /usr/sbin/suphp
 +SUPHP_INSTALL = $(PREFIX)/sbin/suphp
 -CC = gcc
 +#CC = gcc
 CFLAGS = -c -Wall
 LD = gcc
 LDFLAGS = -o
@@ -31,11 +31,7 @@
 	touch suphp.h
 install: suphp
 -	if [ $$UID = 0 ]; then \
 -	 cp suphp ${SUPHP_INSTALL}; \
 -	else \
 -	 echo -e "You need to be root to install suPHP."; \
 -	fi
 +	$(INSTALL) -o root -g wheel -m 4755 suphp ${SUPHP_INSTALL}
 clean:
 	rm *.o
@@ -43,3 +39,5 @@
 rmbackups:
 	rm *~
 +
 +all: suphp
--- a/www/suphp/files/patch-config.h
+++ b/www/suphp/files/patch-config.h
@ -1,9 +0,0 @@
 --- config.h.orig	Wed Oct 23 22:16:50 2002
 +++ config.h	Wed Nov 13 16:30:35 2002
@@ -24,5 +24,6 @@
 #define OPT_MIN_UID 100
 #define OPT_MIN_GID 100
 #define OPT_APACHE_USER "wwwrun"
 +#define OPT_APACHE_GROUP "wwwrun"
 #define OPT_PATH_TO_PHP "/usr/bin/php"
 #define OPT_LOGFILE "/opt/apache/var/logs/suphp_log"
--- a/www/suphp/files/patch-src::Makefile.in
+++ b/www/suphp/files/patch-src::Makefile.in
@ -0,0 +1,10 @@
 --- src/Makefile.in.orig	Mon Aug 25 11:50:48 2003
 +++ src/Makefile.in	Mon Aug 25 11:50:55 2003
@@ -39,7 +39,6 @@
 	fi
 install: suphp suphp.mod
 -	$(INSTALL_PROGRAM) -d $(DESTDIR)$(sbindir)
 	$(INSTALL_PROGRAM) -m 4755 suphp $(DESTDIR)$(sbindir)/suphp
 	@$(MAKE) $(MAKEDEFS) -C apache install
--- a/www/suphp/files/patch-src::apache::Makefile.in
+++ b/www/suphp/files/patch-src::apache::Makefile.in
@ -0,0 +1,13 @@
 --- src/apache/Makefile.in.orig	Mon Aug 25 11:40:47 2003
 +++ src/apache/Makefile.in	Mon Aug 25 11:41:02 2003
@@ -29,7 +29,9 @@
 all: suphp.mod
 suphp.mod: mod_suphp.c
 -	$(APXS) -c $(DEFS) $(EXTRADEFS) $(INCLUDES) -Wc,"$(CFLAGS)" mod_suphp.c
 +	@if [ ! -f mod_suphp.o ]; then \
 +	$(APXS) -c $(DEFS) $(EXTRADEFS) $(INCLUDES) -Wc,"$(CFLAGS)" mod_suphp.c ;\
 +	fi;
 install: suphp.mod
 	$(APXS) -i -a mod_suphp.so
--- a/www/suphp/files/patch-suphp.c
+++ b/www/suphp/files/patch-suphp.c
@ -1,34 +0,0 @@
 --- suphp.c.orig	Wed Dec 25 14:21:27 2002
 +++ suphp.c	Sat Jun 28 12:02:12 2003
@@ -68,6 +68,7 @@
 {
  // Check, if program has been started by Apache
  struct passwd *apacheuser;
 + struct group *apachegroup;
  struct passwd *calluser;
  struct passwd *targetuser;
  struct group *targetgroup;
@@ -76,6 +77,7 @@
  path_translated = getenv("SCRIPT_FILENAME");
  apacheuser = getpwnam(OPT_APACHE_USER);
 + apachegroup = getgrnam(OPT_APACHE_GROUP);
  calluser = getpwuid(getuid());
  if (calluser->pw_uid!=apacheuser->pw_uid)
@@ -105,13 +107,13 @@
  // Get gid and uid of the file and check it
  targetuser = getpwuid(file_get_uid(path_translated));
 - if (targetuser->pw_uid < OPT_MIN_UID)
 + if (targetuser->pw_uid < OPT_MIN_UID && targetuser->pw_uid != apacheuser->pw_uid )
  {
   log_error ("UID of %s or its target (%d / %s) < %d", path_translated, targetuser->pw_uid, targetuser->pw_name, OPT_MIN_UID);
   error_exit(ERRCODE_LOW_UID);
  }
  targetgroup = getgrgid(file_get_gid(path_translated));
 - if (targetgroup->gr_gid < OPT_MIN_GID)
 + if (targetgroup->gr_gid < OPT_MIN_GID && targetgroup->gr_gid != apachegroup->gr_gid )
  {
   log_error ("GID of %s or its target (%d / %s) < %d", path_translated, targetgroup->gr_gid, targetgroup->gr_name, OPT_MIN_GID);
   error_exit(ERRCODE_LOW_GID);
--- a/www/suphp/pkg-plist
+++ b/www/suphp/pkg-plist
@ -2,19 +2,22 @@ sbin/suphp
 libexec/apache/mod_suphp.so
@exec %D/sbin/apxs -e -a -n suphp %D/%f
@unexec echo "===>  If you do not plan on reinstalling suphp, you must manually remove"; echo "===>  references to it in httpd.conf."
-%%PORTDOCS%%share/doc/suphp/apache/CONFIG
+%%PORTDOCS%%%%DOCSDIR%%/en/INSTALL
-%%PORTDOCS%%share/doc/suphp/apache/README
+%%PORTDOCS%%%%DOCSDIR%%/en/LICENSE
-%%PORTDOCS%%share/doc/suphp/apache/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/en/README
-%%PORTDOCS%%share/doc/suphp/apache/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/CONFIG
-%%PORTDOCS%%share/doc/suphp/de-doc/apache/README.de
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/INSTALL
-%%PORTDOCS%%share/doc/suphp/de-doc/apache/INSTALL.de
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/LICENSE
-%%PORTDOCS%%share/doc/suphp/de-doc/apache/CONFIG.de
+%%PORTDOCS%%%%DOCSDIR%%/en/apache/README
-%%PORTDOCS%%share/doc/suphp/de-doc/README.de
+%%PORTDOCS%%%%DOCSDIR%%/de/INSTALL
-%%PORTDOCS%%share/doc/suphp/de-doc/INSTALL.de
+%%PORTDOCS%%%%DOCSDIR%%/de/LICENSE
-%%PORTDOCS%%share/doc/suphp/README
+%%PORTDOCS%%%%DOCSDIR%%/de/README
-%%PORTDOCS%%share/doc/suphp/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/CONFIG
-%%PORTDOCS%%share/doc/suphp/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/INSTALL
-%%PORTDOCS%%@dirrm share/doc/suphp/de-doc/apache
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/LICENSE
-%%PORTDOCS%%@dirrm share/doc/suphp/de-doc
+%%PORTDOCS%%%%DOCSDIR%%/de/apache/README
-%%PORTDOCS%%@dirrm share/doc/suphp/apache
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/de/apache
-%%PORTDOCS%%@dirrm share/doc/suphp/
+%%PORTDOCS%%@dirrm %%DOCSDIR%%/en/apache
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/de
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/en
 %%PORTDOCS%%@dirrm %%DOCSDIR%%
`@ -1 +1 @@`
	`MD5 (suphp-0.2.3.tar.gz) = a540fa3ac0af43a46afc33cf8401ee89`	`MD5 (suphp-0.3.tar.gz) = f80d54de6aff5db4ab76670f1c5b3c6d`