Date: Sun, 8 Nov 2009 13:31:50 -0800 (PST) From: Bob Hockney <zeus@ix.netcom.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/140399: Update port: security/webfwlog Add needed patch and other changes Message-ID: <200911082131.nA8LVoHU096648@smtp.ford-prefect.net> Resent-Message-ID: <200911090140.nA91e1Gf053854@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 140399
>Category: ports
>Synopsis: Update port: security/webfwlog Add needed patch and other changes
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 09 01:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Bob Hockney
>Release: FreeBSD 6.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD notebook 6.4-STABLE FreeBSD 6.4-STABLE #0: Fri Nov 6 21:00:06 PST 2009 root@notebook:/usr/obj/usr/src/sys/GENERIC i386
This is a patch for security/webfwlog which does several things:
- Adds a needed patch
- Include bsd.port.options.mk to give option knobs effect (was inadvertantly
deleted last commit)
- Set BINMODE to 4550 and BINGRP to WWWGRP. This installs the executable
suid root, which generates an install-time message about elevated
permissions. This was the case prior to do-install being added at
revision 1.4. This is a log analyzer and needs to be able to read the
logs, and since it is running under the web server it won't usually be
able to do so unless installed suid root. I understand the security
concerns here and wanted to explain why I did this.
- Reset permissions on directory after COPYTREE_SHARE to 555. I'm not sure
what's happening here, buy my cpio sets permissions on the current
directory to 700 during this operation, so the webserver doesn't have
access to the files. The package downloaded from ftp.FreeBSD.org does
not appear to have this issue. I'm running 6-stable rebuilt from
recently synced sources and also have a recent ports tree.
- Ask for required php extensions
- Other minor stuff
-Bob
diff -ru security/webfwlog-orig/Makefile security/webfwlog/Makefile
--- security/webfwlog-orig/Makefile 2009-10-17 18:13:19.000000000 -0700
+++ security/webfwlog/Makefile 2009-11-08 12:16:40.000000000 -0800
@@ -7,45 +7,55 @@
PORTNAME= webfwlog
PORTVERSION= 0.94
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
+PATCHFILES= webfwlog-0.94-tcpflags.patch
+PATCH_SITES= http://devel.webfwlog.net/download/patches/
+
MAINTAINER= zeus@ix.netcom.com
COMMENT= A web-based firewall log analyzer
OPTIONS= MYSQL "Include MySQL Support" on \
- POSTGRESQL "Include PostgreSQL Support" off
+ PGSQL "Include PostgreSQL Support" off
GNU_CONFIGURE= yes
-CONFIGURE_ARGS+=--with-html-doc-root=${PREFIX}/${HTML_DOC_ROOT}
-CONFIGURE_ARGS+=--enable-syslog
+CONFIGURE_ARGS+= --with-html-doc-root=${PREFIX}
+CONFIGURE_ARGS+= --enable-syslog
-USE_PHP= yes
+USE_PHP= session pcre
WANT_PHP_WEB= yes
-# Set HTML_DOC_ROOT to your webserver's Document Root where you
-# want to install webfwlog, relative to ${PREFIX}.
-
SUB_FILES= pkg-message
+SUB_LIST+= VERSION=${PORTVERSION}
PORTDOCS= AUTHORS COPYING CREDITS ChangeLog INSTALL \
README ReleaseNotes
PORTEXAMPLES= *
+.include <bsd.port.options.mk>
+
.if defined(WITH_MYSQL)
+USE_PHP+= mysql
USE_MYSQL= yes
-CONFIGURE_ARGS+=--with-mysql
+CONFIGURE_ARGS+= --with-mysql
.endif
-.if defined(WITH_POSTGRESQL)
-USE_PGSQL=
-CONFIGURE_ARGS+=--with-pgsql
+.if defined(WITH_PGSQL)
+USE_PHP+= pgsql
+USE_PGSQL= yes
+CONFIGURE_ARGS+= --with-pgsql
.endif
+BINMODE= 4550
+BINGRP= ${WWWGRP}
+
do-install:
@${MKDIR} ${WWWDIR}
@${MKDIR} ${WWWDIR}/include/
- @(cd ${WRKSRC}/webfwlog/include/ && ${COPYTREE_SHARE} \* ${WWWDIR}/include/)
+ @(cd ${WRKSRC}/webfwlog/include/ && ${COPYTREE_SHARE} \*.php ${WWWDIR}/include/)
+ ${CHMOD} 555 ${WWWDIR}/include
${INSTALL_PROGRAM} ${WRKSRC}/syslog/wfwl_syslog ${PREFIX}/bin/
${INSTALL_DATA} ${WRKSRC}/webfwlog/style.css ${WWWDIR}
${INSTALL_DATA} ${WRKSRC}/webfwlog/index.php ${WWWDIR}
Only in security/webfwlog: diffs
diff -ru security/webfwlog-orig/distinfo security/webfwlog/distinfo
--- security/webfwlog-orig/distinfo 2009-10-17 18:13:19.000000000 -0700
+++ security/webfwlog/distinfo 2009-11-07 19:05:18.000000000 -0800
@@ -1,3 +1,6 @@
MD5 (webfwlog-0.94.tar.gz) = 5af2fbbd36b039c004592e9dbf10ccc1
SHA256 (webfwlog-0.94.tar.gz) = c1b84dd4036aa9f81fc4fbd527eda202e51c3767659b8f1eef12bfb3381c5b36
SIZE (webfwlog-0.94.tar.gz) = 288138
+MD5 (webfwlog-0.94-tcpflags.patch) = 4d8a8e5f926832e504b196582b0fc85d
+SHA256 (webfwlog-0.94-tcpflags.patch) = b29df0df2b62ec99f121e50033b852e1a5177f0db1b31ecf12a8c535a16812dd
+SIZE (webfwlog-0.94-tcpflags.patch) = 455
diff -ru security/webfwlog-orig/files/pkg-message.in security/webfwlog/files/pkg-message.in
--- security/webfwlog-orig/files/pkg-message.in 2005-10-12 19:16:48.000000000 -0700
+++ security/webfwlog/files/pkg-message.in 2009-11-08 07:37:53.000000000 -0800
@@ -1,4 +1,4 @@
-Webfwlog-0.91 has been installed. You should read the README in the mysql or
+Webfwlog-%%VERSION%% has been installed. You should read the README in the mysql or
pgsql directoy in %%DOCSDIR%% for information
on setting up your MySQL or PostgreSQL server for use with webfwlog, and also
copy the webfwlog.conf.sample file in %%PREFIX%%/etc to webfwlog.conf and
diff -ru security/webfwlog-orig/pkg-plist security/webfwlog/pkg-plist
--- security/webfwlog-orig/pkg-plist 2009-10-17 18:13:19.000000000 -0700
+++ security/webfwlog/pkg-plist 2009-11-08 07:18:25.000000000 -0800
@@ -45,7 +45,6 @@
%%WWWDIR%%/include/static.php
%%WWWDIR%%/include/syslog.php
%%WWWDIR%%/include/update_cache.php
-%%WWWDIR%%/include/config.php.in
%%WWWDIR%%/style.css
%%WWWDIR%%/index.php
%%PORTDOCS%%@dirrm %%DOCSDIR%%/pgsql/scripts
>Description:
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911082131.nA8LVoHU096648>