svn commit: r382102 - in head/net-mgmt: unifi2 unifi3 unifi4
Mark Felder
feld at FreeBSD.org
Tue Mar 24 14:15:47 UTC 2015
Author: feld
Date: Tue Mar 24 14:15:43 2015
New Revision: 382102
URL: https://svnweb.freebsd.org/changeset/ports/382102
QAT: https://qat.redports.org/buildarchive/r382102/
Log:
Improve default file permissions
Ensure unifi cannot write to itself in the event of an exploit
Unifi only needs write access to: data, log, run, and work directories
Modified:
head/net-mgmt/unifi2/Makefile
head/net-mgmt/unifi2/pkg-plist
head/net-mgmt/unifi3/Makefile
head/net-mgmt/unifi3/pkg-plist
head/net-mgmt/unifi4/Makefile
head/net-mgmt/unifi4/pkg-plist
Modified: head/net-mgmt/unifi2/Makefile
==============================================================================
--- head/net-mgmt/unifi2/Makefile Tue Mar 24 14:08:21 2015 (r382101)
+++ head/net-mgmt/unifi2/Makefile Tue Mar 24 14:15:43 2015 (r382102)
@@ -3,7 +3,7 @@
PORTNAME= unifi2
PORTVERSION= 2.4.6
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= net-mgmt java
MASTER_SITES= http://dl.ubnt.com/unifi/${PORTVERSION}/
DISTNAME= UniFi.unix
@@ -45,5 +45,9 @@ do-install:
${MKDIR} ${STAGEDIR}${JAVASHAREDIR}/unifi
(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
+# Create directories that will be writable by unifi
+.for i in data logs run work
+ ${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
+.endfor
.include <bsd.port.mk>
Modified: head/net-mgmt/unifi2/pkg-plist
==============================================================================
--- head/net-mgmt/unifi2/pkg-plist Tue Mar 24 14:08:21 2015 (r382101)
+++ head/net-mgmt/unifi2/pkg-plist Tue Mar 24 14:15:43 2015 (r382102)
@@ -220,52 +220,8 @@
%%JAVASHAREDIR%%/unifi/webapps/ROOT/upnp.jsp
%%JAVASHAREDIR%%/unifi/webapps/ROOT/waiting.jsp
%%JAVASHAREDIR%%/unifi/webapps/ROOT/wizard.jsp
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/temp
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/pages
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/wizard
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/settings
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/global
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/p2N
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7P
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7O
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7E
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U5O
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2S48
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2O
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2M
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2L48
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2HSR
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/data-table
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/alerts
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/swf
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/js/flex
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/js
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/css
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/tabs
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/settings
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/panels
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/dialogs
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/WEB-INF
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/META-INF
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT
- at dirrmtry %%JAVASHAREDIR%%/unifi/webapps
- at dirrmtry %%JAVASHAREDIR%%/unifi/lib
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7P/2.4.6.2178
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7P
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7E/2.4.6.2178
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7E
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U2S48/2.4.6.2178
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U2S48
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/BZ2/2.4.6.2178
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/BZ2
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware
- at dirrmtry %%JAVASHAREDIR%%/unifi/dl
- at dirrmtry %%JAVASHAREDIR%%/unifi/data
- at dirrmtry %%JAVASHAREDIR%%/unifi/conf
- at dirrmtry %%JAVASHAREDIR%%/unifi/bin
- at dirrmtry %%JAVASHAREDIR%%/unifi
- at exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
+ at dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work
Modified: head/net-mgmt/unifi3/Makefile
==============================================================================
--- head/net-mgmt/unifi3/Makefile Tue Mar 24 14:08:21 2015 (r382101)
+++ head/net-mgmt/unifi3/Makefile Tue Mar 24 14:15:43 2015 (r382102)
@@ -3,6 +3,7 @@
PORTNAME= unifi3
PORTVERSION= 3.2.10
+PORTREVISION= 1
CATEGORIES= net-mgmt java
MASTER_SITES= http://dl.ubnt.com/unifi/${PORTVERSION}/
DISTNAME= UniFi.unix
@@ -45,4 +46,9 @@ do-install:
(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
+# Create directories that will be writable by unifi
+.for i in data logs run work
+ ${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
+.endfor
+
.include <bsd.port.mk>
Modified: head/net-mgmt/unifi3/pkg-plist
==============================================================================
--- head/net-mgmt/unifi3/pkg-plist Tue Mar 24 14:08:21 2015 (r382101)
+++ head/net-mgmt/unifi3/pkg-plist Tue Mar 24 14:15:43 2015 (r382102)
@@ -243,4 +243,8 @@
%%JAVASHAREDIR%%/unifi/webapps/ROOT/waiting.jsp
%%JAVASHAREDIR%%/unifi/webapps/ROOT/wizard.jsp
@dir %%JAVASHAREDIR%%/unifi/conf
- at exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
+ at dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work
Modified: head/net-mgmt/unifi4/Makefile
==============================================================================
--- head/net-mgmt/unifi4/Makefile Tue Mar 24 14:08:21 2015 (r382101)
+++ head/net-mgmt/unifi4/Makefile Tue Mar 24 14:15:43 2015 (r382102)
@@ -3,6 +3,7 @@
PORTNAME= unifi4
PORTVERSION= 4.6.0
+PORTREVISION= 1
CATEGORIES= net-mgmt java
MASTER_SITES= http://dl.ubnt.com/unifi/${PORTVERSION}/
DISTNAME= UniFi.unix
@@ -40,5 +41,9 @@ do-install:
${MKDIR} ${STAGEDIR}${JAVASHAREDIR}/unifi
(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
+# Create directories that will be writable by unifi
+.for i in data logs run work
+ ${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
+.endfor
.include <bsd.port.mk>
Modified: head/net-mgmt/unifi4/pkg-plist
==============================================================================
--- head/net-mgmt/unifi4/pkg-plist Tue Mar 24 14:08:21 2015 (r382101)
+++ head/net-mgmt/unifi4/pkg-plist Tue Mar 24 14:15:43 2015 (r382102)
@@ -431,4 +431,8 @@
@dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/retina.js
@dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/string_score
@dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/underscore
- at exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
+ at dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
+ at dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work
More information about the svn-ports-all
mailing list