Date: Thu, 10 Apr 2014 11:43:14 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r350797 - in head: . www www/suphp www/suphp/files Message-ID: <201404101143.s3ABhE1r004115@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Thu Apr 10 11:43:13 2014 New Revision: 350797 URL: http://svnweb.freebsd.org/changeset/ports/350797 QAT: https://qat.redports.org/buildarchive/r350797/ Log: Bring back SuPHP. Quite a few users still depend on this and are getting it from untrusted sources. Its security track record is actually pretty good still. SuPHP is still the simplest solution for shared hosting. Other vendors still provide this as well. - Add a pkg-message explaining the situation and advising users to move away from this if possible. - Stage - Take maintainership Added: head/www/suphp/ - copied from r340003, head/www/suphp/ head/www/suphp/files/pkg-message.in (contents, props changed) Modified: head/MOVED head/www/Makefile head/www/suphp/Makefile Modified: head/MOVED ============================================================================== --- head/MOVED Thu Apr 10 11:37:37 2014 (r350796) +++ head/MOVED Thu Apr 10 11:43:13 2014 (r350797) @@ -5370,7 +5370,6 @@ sysutils/lavaps||2014-01-14|Abandonware, www/mod_authnz_external|www/mod_authnz_external22|2014-01-14|Port was renamed to reflect the supported Apache version games/deng|games/doomsday|2014-01-16|Renamed to follow upstream naming misc/sword17|misc/sword|2014-01-16|Has expired: use misc/sword -www/suphp||2014-01-17|Has expired: Upstream dead, EOL: https://lists.marsching.com/pipermail/suphp/2013-May/002554.html databases/postgis||2014-01-17|Has expired: EOLed upstream textproc/redland-bindings-python||2014-01-19|Use textproc/redland-bindings directly instead emulators/seabios-devel||2014-01-19|Has expired: Outdated, no longer needed, broken on 10+ Modified: head/www/Makefile ============================================================================== --- head/www/Makefile Thu Apr 10 11:37:37 2014 (r350796) +++ head/www/Makefile Thu Apr 10 11:43:13 2014 (r350797) @@ -1927,6 +1927,7 @@ SUBDIR += squirm SUBDIR += srg SUBDIR += subsonic + SUBDIR += suphp SUBDIR += surf SUBDIR += surfraw SUBDIR += sventon Modified: head/www/suphp/Makefile ============================================================================== --- head/www/suphp/Makefile Fri Jan 17 01:10:41 2014 (r340003) +++ head/www/suphp/Makefile Thu Apr 10 11:43:13 2014 (r350797) @@ -3,28 +3,31 @@ PORTNAME= suphp PORTVERSION= 0.7.2 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.suphp.org/download/ \ - ${MASTER_SITE_LOCAL:S|%SUBDIR%|koitsu|} + LOCAL/bdrewery/${PORTNAME}/ \ + http://mirror.shatow.net/freebsd/${PORTNAME}/ -MAINTAINER= ports@FreeBSD.org +MAINTAINER= bdrewery@FreeBSD.org COMMENT= Securely execute PHP scripts under Apache -DEPRECATED= Upstream dead, EOL: https://lists.marsching.com/pipermail/suphp/2013-May/002554.html -EXPIRATION_DATE=2013-12-17 - GNU_CONFIGURE= yes USE_AUTOTOOLS= aclocal:env automake autoconf:env libtool:env AUTOMAKE_ARGS+= --add-missing +SUB_FILES= pkg-message -# Maintainer has not tested suPHP 0.6.x on Apache 1.3. USE_APACHE= 22 CFLAGS+= -I${LOCALBASE}/include USE_CSTD= gnu89 USE_PHP= yes WANT_PHP_CGI= yes -MYPORTDOCS= apache/CONFIG apache/INSTALL apache/README CONFIG LICENSE INSTALL README +MYPORTDOCS= apache/CONFIG \ + apache/INSTALL \ + apache/README \ + CONFIG LICENSE \ + INSTALL README CONFIGURE_ARGS= CFLAGS="${CFLAGS}" --with-apxs=${APXS} @@ -35,8 +38,7 @@ CONFIGURE_ARGS= CFLAGS="${CFLAGS}" --wit WITH_SETID_MODE?= owner CONFIGURE_ARGS+= --with-setid-mode=${WITH_SETID_MODE} -NO_STAGE= yes -.include <bsd.port.pre.mk> +.include <bsd.port.options.mk> CONFIGURE_ARGS+= --with-apr=${LOCALBASE} @@ -48,18 +50,16 @@ post-patch: ${WRKSRC}/aclocal.m4 post-install: -.if !defined(NOPORTDOCS) - @${MKDIR} ${DOCSDIR} - @${MKDIR} ${DOCSDIR}/apache +.if ${PORT_OPTIONS:MDOCS} + @${MKDIR} ${STAGEDIR}${DOCSDIR}/apache .for f in ${MYPORTDOCS} - @${INSTALL_DATA} ${WRKSRC}/doc/${f} ${DOCSDIR}/${f} + @${INSTALL_DATA} ${WRKSRC}/doc/${f} ${STAGEDIR}${DOCSDIR}/${f} .endfor .endif .if !defined(WITH_DEBUG) - @${STRIP_CMD} ${PREFIX}/sbin/suphp + @${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/suphp .endif - @${INSTALL_DATA} ${WRKSRC}/doc/suphp.conf-example ${PREFIX}/etc/suphp.conf-example - @${APXS} -e -a -n "${SHORTMODNAME}" "${APACHEMODDIR}/mod_${MODULENAME}.so" - @${CAT} ${PKGMESSAGE} + @${INSTALL_DATA} ${WRKSRC}/doc/suphp.conf-example \ + ${STAGEDIR}${PREFIX}/etc/suphp.conf-example -.include <bsd.port.post.mk> +.include <bsd.port.mk> Added: head/www/suphp/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/suphp/files/pkg-message.in Thu Apr 10 11:43:13 2014 (r350797) @@ -0,0 +1,16 @@ +SuPHP has no upstream maintainer and thus is not actively having +bugs and security issues addressed. + +Its security track record is pretty good. The worst so far has been +privilege escalation to the httpd user, which is no worse than not +using SuPHP. + +It is advisable to convert your system to PHP-FPM if possible. + +The port maintainer's thoughts on sandboxing PHP are here: + + http://blog.shatow.net/post/2013-07-17-sandboxing-php-part1.markdown + +An overview of using PHP-FPM for application sandboxing is here: + + http://blog.shatow.net/post/2013-11-27-sandboxing-php-part2.markdown
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404101143.s3ABhE1r004115>