OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 25-Dec-2006 15:46:21 Branch: HEAD Handle: 2006122514462000 Modified files: openpkg-src/phpbb phpbb.spec Log: introduce runtime directory to fix security issue Summary: Revision Changes Path 1.2 +28 -25 openpkg-src/phpbb/phpbb.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/phpbb/phpbb.spec ============================================================================ $ cvs diff -u -r1.1 -r1.2 phpbb.spec --- openpkg-src/phpbb/phpbb.spec 25 Dec 2006 10:16:23 -0000 1.1 +++ openpkg-src/phpbb/phpbb.spec 25 Dec 2006 14:46:20 -0000 1.2 @@ -85,7 +85,7 @@ %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ $RPM_BUILD_ROOT%{l_prefix}/etc/phpbb \ - $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb \ + $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime \ $RPM_BUILD_ROOT%{l_prefix}/var/phpbb/db \ $RPM_BUILD_ROOT%{l_prefix}/var/phpbb/log \ $RPM_BUILD_ROOT%{l_prefix}/var/phpbb/run @@ -94,29 +94,34 @@ %{l_shtool} subst %{l_value -s -a} \ install/install_install.php find . -name ".#*" -print | xargs rm -f - cp -rp * $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/ - mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/install \ - $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/install.d - mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/cache \ + cp -rp * $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/ + + # post-adjustment: move risky install area out of runtime area + # (will be dynmically linked in again later) + mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/install \ + $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/install + + # post-adjustment: move writable areas out of runtime area + mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/cache \ $RPM_BUILD_ROOT%{l_prefix}/var/phpbb/db/cache - ln -s ../../var/phpbb/db/cache \ - $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/cache - mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/files \ + ln -s ../../../var/phpbb/db/cache \ + $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/cache + mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/files \ $RPM_BUILD_ROOT%{l_prefix}/var/phpbb/db/files - ln -s ../../var/phpbb/db/files \ - $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/files - mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/store \ + ln -s ../../../var/phpbb/db/files \ + $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/files + mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/store \ $RPM_BUILD_ROOT%{l_prefix}/var/phpbb/db/store - ln -s ../../var/phpbb/db/store \ - $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/store - mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/images/avatars/upload \ + ln -s ../../../var/phpbb/db/store \ + $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/store + mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/images/avatars/upload \ $RPM_BUILD_ROOT%{l_prefix}/var/phpbb/db/upload - ln -s ../../../../var/phpbb/db/store \ - $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/images/avatars/upload - mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/config.php \ + ln -s ../../../../../var/phpbb/db/store \ + $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/images/avatars/upload + mv $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/config.php \ $RPM_BUILD_ROOT%{l_prefix}/etc/phpbb/config.php - ln -s ../../etc/phpbb/config.php \ - $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/config.php + ln -s ../../../etc/phpbb/config.php \ + $RPM_BUILD_ROOT%{l_prefix}/lib/phpbb/runtime/config.php # install run-command script %{l_shtool} install -c -m 755 %{l_value -s -a} \ @@ -137,10 +142,11 @@ %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ %{l_files_std} \ '%config %{l_prefix}/etc/phpbb/*' \ - '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/etc/phpbb/config.php' \ + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/etc/phpbb/*' \ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/lib/phpbb' \ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/lib/phpbb/*' \ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/lib/phpbb/*/*' \ + '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/lib/phpbb/*/*/*' \ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/phpbb' \ '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/phpbb/*' @@ -152,7 +158,7 @@ %post if [ $1 -eq 1 ]; then # display final hints on initial installation - ln -s install.d $RPM_INSTALL_PREFIX/lib/phpbb/install + ln -s ../install $RPM_INSTALL_PREFIX/lib/phpbb/runtime/install ( echo "To complete the phpBB installation:" echo "1. start the phpBB Apache:" echo " \$ $RPM_INSTALL_PREFIX/etc/rc phpbb start" @@ -160,7 +166,7 @@ echo " following URL and proceeding through its menus:" echo " http://localhost:8080/phpbb/install/" echo "3. cleanup after installation to enable run-time:" - echo " \$ rm -f $RPM_INSTALL_PREFIX/lib/phpbb/install" + echo " \$ rm -f $RPM_INSTALL_PREFIX/lib/phpbb/runtime/install" ) | %{l_rpmtool} msg -b -t notice elif [ $1 -eq 2 ]; then # after upgrade, restart service @@ -175,9 +181,6 @@ # before erase, stop service %{l_rc} phpbb stop 2>/dev/null - # uninstall - $RPM_INSTALL_PREFIX/sbin/phpbb-setup uninstall - # remove run-time files rm -f $RPM_INSTALL_PREFIX/var/phpbb/db/* >/dev/null 2>&1 || true rm -f $RPM_INSTALL_PREFIX/var/phpbb/db/*/* >/dev/null 2>&1 || true @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org