ports/140399: Update port: security/webfwlog Add needed patch and other changes

Mon Nov 9 01:40:02 UTC 2009

>Number:         140399
>Category:       ports
>Synopsis:       Update port: security/webfwlog Add needed patch and other changes
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 09 01:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Bob Hockney
>Release:        FreeBSD 6.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD notebook 6.4-STABLE FreeBSD 6.4-STABLE #0: Fri Nov 6 21:00:06 PST 2009 root at notebook:/usr/obj/usr/src/sys/GENERIC i386

This is a patch for security/webfwlog which does several things:

- Adds a needed patch

- Include bsd.port.options.mk to give option knobs effect (was inadvertantly
    deleted last commit)

- Set BINMODE to 4550 and BINGRP to WWWGRP.  This installs the executable
    suid root, which generates an install-time message about elevated
    permissions.  This was the case prior to do-install being added at
    revision 1.4.  This is a log analyzer and needs to be able to read the
    logs, and since it is running under the web server it won't usually be
    able to do so unless installed suid root.  I understand the security
    concerns here and wanted to explain why I did this.

- Reset permissions on directory after COPYTREE_SHARE to 555.  I'm not sure
    what's happening here, buy my cpio sets permissions on the current
    directory to 700 during this operation, so the webserver doesn't have
    access to the files.  The package downloaded from ftp.FreeBSD.org does
    not appear to have this issue.  I'm running 6-stable rebuilt from
    recently synced sources and also have a recent ports tree.

- Ask for required php extensions

- Other minor stuff

-Bob

diff -ru security/webfwlog-orig/Makefile security/webfwlog/Makefile

--- security/webfwlog-orig/Makefile	2009-10-17 18:13:19.000000000 -0700
+++ security/webfwlog/Makefile	2009-11-08 12:16:40.000000000 -0800
@@ -7,45 +7,55 @@
 
 PORTNAME=	webfwlog
 PORTVERSION=	0.94
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
 
+PATCHFILES=	webfwlog-0.94-tcpflags.patch
+PATCH_SITES=	http://devel.webfwlog.net/download/patches/
+
 MAINTAINER=	zeus at ix.netcom.com
 COMMENT=	A web-based firewall log analyzer
 
 OPTIONS=	MYSQL "Include MySQL Support" on \
-		POSTGRESQL "Include PostgreSQL Support" off
+		PGSQL "Include PostgreSQL Support" off
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS+=--with-html-doc-root=${PREFIX}/${HTML_DOC_ROOT}
-CONFIGURE_ARGS+=--enable-syslog
+CONFIGURE_ARGS+=	--with-html-doc-root=${PREFIX}
+CONFIGURE_ARGS+=	--enable-syslog
 
-USE_PHP=	yes
+USE_PHP=	session pcre
 WANT_PHP_WEB=	yes
 
-# Set HTML_DOC_ROOT to your webserver's Document Root where you
-# want to install webfwlog, relative to ${PREFIX}.
-
 SUB_FILES=	pkg-message
+SUB_LIST+=	VERSION=${PORTVERSION}
 
 PORTDOCS=	AUTHORS COPYING CREDITS ChangeLog INSTALL \
 		README ReleaseNotes
 PORTEXAMPLES=	*
 
+.include <bsd.port.options.mk>
+
 .if defined(WITH_MYSQL)
+USE_PHP+=	mysql
 USE_MYSQL=	yes
-CONFIGURE_ARGS+=--with-mysql
+CONFIGURE_ARGS+=	--with-mysql
 .endif
 
-.if defined(WITH_POSTGRESQL)
-USE_PGSQL=
-CONFIGURE_ARGS+=--with-pgsql
+.if defined(WITH_PGSQL)
+USE_PHP+=	pgsql
+USE_PGSQL=	yes
+CONFIGURE_ARGS+=	--with-pgsql
 .endif
 
+BINMODE=	4550
+BINGRP=	${WWWGRP}
+
 do-install:
 	@${MKDIR} ${WWWDIR}
 	@${MKDIR} ${WWWDIR}/include/
-	@(cd ${WRKSRC}/webfwlog/include/ && ${COPYTREE_SHARE} \* ${WWWDIR}/include/)
+	@(cd ${WRKSRC}/webfwlog/include/ && ${COPYTREE_SHARE} \*.php ${WWWDIR}/include/)
+	${CHMOD} 555 ${WWWDIR}/include
 	${INSTALL_PROGRAM} ${WRKSRC}/syslog/wfwl_syslog ${PREFIX}/bin/
 	${INSTALL_DATA} ${WRKSRC}/webfwlog/style.css ${WWWDIR}
 	${INSTALL_DATA} ${WRKSRC}/webfwlog/index.php ${WWWDIR}
Only in security/webfwlog: diffs
diff -ru security/webfwlog-orig/distinfo security/webfwlog/distinfo
--- security/webfwlog-orig/distinfo	2009-10-17 18:13:19.000000000 -0700
+++ security/webfwlog/distinfo	2009-11-07 19:05:18.000000000 -0800
@@ -1,3 +1,6 @@
 MD5 (webfwlog-0.94.tar.gz) = 5af2fbbd36b039c004592e9dbf10ccc1
 SHA256 (webfwlog-0.94.tar.gz) = c1b84dd4036aa9f81fc4fbd527eda202e51c3767659b8f1eef12bfb3381c5b36
 SIZE (webfwlog-0.94.tar.gz) = 288138
+MD5 (webfwlog-0.94-tcpflags.patch) = 4d8a8e5f926832e504b196582b0fc85d
+SHA256 (webfwlog-0.94-tcpflags.patch) = b29df0df2b62ec99f121e50033b852e1a5177f0db1b31ecf12a8c535a16812dd
+SIZE (webfwlog-0.94-tcpflags.patch) = 455
diff -ru security/webfwlog-orig/files/pkg-message.in security/webfwlog/files/pkg-message.in
--- security/webfwlog-orig/files/pkg-message.in	2005-10-12 19:16:48.000000000 -0700
+++ security/webfwlog/files/pkg-message.in	2009-11-08 07:37:53.000000000 -0800
@@ -1,4 +1,4 @@
-Webfwlog-0.91 has been installed.  You should read the README in the mysql or
+Webfwlog-%%VERSION%% has been installed.  You should read the README in the mysql or
 pgsql directoy in %%DOCSDIR%% for information
 on setting up your MySQL or PostgreSQL server for use with webfwlog, and also
 copy the webfwlog.conf.sample file in %%PREFIX%%/etc to webfwlog.conf and
diff -ru security/webfwlog-orig/pkg-plist security/webfwlog/pkg-plist
--- security/webfwlog-orig/pkg-plist	2009-10-17 18:13:19.000000000 -0700
+++ security/webfwlog/pkg-plist	2009-11-08 07:18:25.000000000 -0800
@@ -45,7 +45,6 @@
 %%WWWDIR%%/include/static.php
 %%WWWDIR%%/include/syslog.php
 %%WWWDIR%%/include/update_cache.php
-%%WWWDIR%%/include/config.php.in
 %%WWWDIR%%/style.css
 %%WWWDIR%%/index.php
 %%PORTDOCS%%@dirrm %%DOCSDIR%%/pgsql/scripts
>Description:
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

