svn commit: r350797 - in head: . www www/suphp www/suphp/files

Bryan Drewery bdrewery at FreeBSD.org
Thu Apr 10 11:43:15 UTC 2014 

Author: bdrewery
Date: Thu Apr 10 11:43:13 2014
New Revision: 350797
URL: http://svnweb.freebsd.org/changeset/ports/350797
QAT: https://qat.redports.org/buildarchive/r350797/

Log:
  Bring back SuPHP.
  
  Quite a few users still depend on this and are getting it from untrusted
  sources. Its security track record is actually pretty good still.
  
  SuPHP is still the simplest solution for shared hosting.
  
  Other vendors still provide this as well.
  
  - Add a pkg-message explaining the situation and advising users to move
    away from this if possible.
  - Stage
  - Take maintainership

Added:
  head/www/suphp/
     - copied from r340003, head/www/suphp/
  head/www/suphp/files/pkg-message.in   (contents, props changed)
Modified:
  head/MOVED
  head/www/Makefile
  head/www/suphp/Makefile

Modified: head/MOVED
==============================================================================
--- head/MOVED	Thu Apr 10 11:37:37 2014	(r350796)
+++ head/MOVED	Thu Apr 10 11:43:13 2014	(r350797)
@@ -5370,7 +5370,6 @@ sysutils/lavaps||2014-01-14|Abandonware,
 www/mod_authnz_external|www/mod_authnz_external22|2014-01-14|Port was renamed to reflect the supported Apache version
 games/deng|games/doomsday|2014-01-16|Renamed to follow upstream naming
 misc/sword17|misc/sword|2014-01-16|Has expired: use misc/sword
-www/suphp||2014-01-17|Has expired: Upstream dead, EOL: https://lists.marsching.com/pipermail/suphp/2013-May/002554.html
 databases/postgis||2014-01-17|Has expired: EOLed upstream
 textproc/redland-bindings-python||2014-01-19|Use textproc/redland-bindings directly instead
 emulators/seabios-devel||2014-01-19|Has expired: Outdated, no longer needed, broken on 10+

Modified: head/www/Makefile
==============================================================================
--- head/www/Makefile	Thu Apr 10 11:37:37 2014	(r350796)
+++ head/www/Makefile	Thu Apr 10 11:43:13 2014	(r350797)
@@ -1927,6 +1927,7 @@
     SUBDIR += squirm
     SUBDIR += srg
     SUBDIR += subsonic
+    SUBDIR += suphp
     SUBDIR += surf
     SUBDIR += surfraw
     SUBDIR += sventon

Modified: head/www/suphp/Makefile
==============================================================================
--- head/www/suphp/Makefile	Fri Jan 17 01:10:41 2014	(r340003)
+++ head/www/suphp/Makefile	Thu Apr 10 11:43:13 2014	(r350797)
@@ -3,28 +3,31 @@
 
 PORTNAME=	suphp
 PORTVERSION=	0.7.2
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://www.suphp.org/download/ \
-		${MASTER_SITE_LOCAL:S|%SUBDIR%|koitsu|}
+		LOCAL/bdrewery/${PORTNAME}/ \
+		http://mirror.shatow.net/freebsd/${PORTNAME}/
 
-MAINTAINER=	ports at FreeBSD.org
+MAINTAINER=	bdrewery at FreeBSD.org
 COMMENT=	Securely execute PHP scripts under Apache
 
-DEPRECATED=	Upstream dead, EOL: https://lists.marsching.com/pipermail/suphp/2013-May/002554.html
-EXPIRATION_DATE=2013-12-17
-
 GNU_CONFIGURE=	yes
 USE_AUTOTOOLS=	aclocal:env automake autoconf:env libtool:env
 AUTOMAKE_ARGS+=	--add-missing
+SUB_FILES=	pkg-message
 
-# Maintainer has not tested suPHP 0.6.x on Apache 1.3.
 USE_APACHE=	22
 CFLAGS+=	-I${LOCALBASE}/include
 USE_CSTD=	gnu89
 USE_PHP=	yes
 WANT_PHP_CGI=	yes
 
-MYPORTDOCS=	apache/CONFIG apache/INSTALL apache/README CONFIG LICENSE INSTALL README
+MYPORTDOCS=	apache/CONFIG \
+		apache/INSTALL \
+		apache/README \
+		CONFIG LICENSE \
+		INSTALL README
 
 CONFIGURE_ARGS=	CFLAGS="${CFLAGS}" --with-apxs=${APXS}
 
@@ -35,8 +38,7 @@ CONFIGURE_ARGS=	CFLAGS="${CFLAGS}" --wit
 WITH_SETID_MODE?=	owner
 CONFIGURE_ARGS+=	--with-setid-mode=${WITH_SETID_MODE}
 
-NO_STAGE=	yes
-.include <bsd.port.pre.mk>
+.include <bsd.port.options.mk>
 
 CONFIGURE_ARGS+=	--with-apr=${LOCALBASE}
 
@@ -48,18 +50,16 @@ post-patch:
 			  ${WRKSRC}/aclocal.m4
 
 post-install:
-.if !defined(NOPORTDOCS)
-	@${MKDIR} ${DOCSDIR}
-	@${MKDIR} ${DOCSDIR}/apache
+.if ${PORT_OPTIONS:MDOCS}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}/apache
 .for f in ${MYPORTDOCS}
-	@${INSTALL_DATA} ${WRKSRC}/doc/${f} ${DOCSDIR}/${f}
+	@${INSTALL_DATA} ${WRKSRC}/doc/${f} ${STAGEDIR}${DOCSDIR}/${f}
 .endfor
 .endif
 .if !defined(WITH_DEBUG)
-	@${STRIP_CMD} ${PREFIX}/sbin/suphp
+	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/suphp
 .endif
-	@${INSTALL_DATA} ${WRKSRC}/doc/suphp.conf-example ${PREFIX}/etc/suphp.conf-example
-	@${APXS} -e -a -n "${SHORTMODNAME}" "${APACHEMODDIR}/mod_${MODULENAME}.so"
-	@${CAT} ${PKGMESSAGE}
+	@${INSTALL_DATA} ${WRKSRC}/doc/suphp.conf-example \
+	    ${STAGEDIR}${PREFIX}/etc/suphp.conf-example
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>

Added: head/www/suphp/files/pkg-message.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/suphp/files/pkg-message.in	Thu Apr 10 11:43:13 2014	(r350797)
@@ -0,0 +1,16 @@
+SuPHP has no upstream maintainer and thus is not actively having
+bugs and security issues addressed.
+
+Its security track record is pretty good. The worst so far has been
+privilege escalation to the httpd user, which is no worse than not
+using SuPHP.
+
+It is advisable to convert your system to PHP-FPM if possible.
+
+The port maintainer's thoughts on sandboxing PHP are here:
+
+  http://blog.shatow.net/post/2013-07-17-sandboxing-php-part1.markdown
+
+An overview of using PHP-FPM for application sandboxing is here:
+
+  http://blog.shatow.net/post/2013-11-27-sandboxing-php-part2.markdown

More information about the svn-ports-all mailing list