Re: UPDATE: hiawatha-5.7

[Antoine Jacoutot]

On Thu, 22 Mar 2007, Christian Weisgerber wrote:

Note that setuid would be u+s.  The above mode is just nonsensical.


Err, I must has been thinking owner... one of those days again.
Corrected, thanks.

--
Antoine

Re: UPDATE: hiawatha-5.7

[Antoine Jacoutot]

On Thu, 22 Mar 2007, Peter Valchev wrote:

why did that change to setuid?


That's because the cgi-wrapper can be used to run CGI programs as 
another user than the one Hiawatha runs at. This was forgotten in 
previous releases.


--
Antoine

Re: UPDATE: hiawatha-5.7

[Antoine Jacoutot]

Selon Antoine Jacoutot [EMAIL PROTECTED]:
 Comments/Ok?

I reiterate my demand... comments/ok?
http://www.obsd.fr/OpenBSD/wip/hiawatha.diff

-- 
Antoine

Re: UPDATE: hiawatha-5.7

[Peter Valchev]

 --- /usr/ports/www/hiawatha/pkg/PLIST Sun Dec 31 11:32:42 2006
 +++ hiawatha/pkg/PLISTSun Mar  4 13:02:22 2007
 @@ -1,14 +1,20 @@
  @comment $OpenBSD: PLIST,v 1.1.1.1 2006/12/31 10:32:42 ajacoutot Exp $
  @newgroup _hiawatha:579
  @newuser _hiawatha:579:579:daemon:Hiawatha HTTP 
 Server:/nonexistent:/sbin/nologin
 [EMAIL PROTECTED] man/man1/cgi_wrapper.1
 [EMAIL PROTECTED] man/man1/cgi-wrapper.1
  @man man/man1/hiawatha.1
 -sbin/cgi_wrapper
 [EMAIL PROTECTED] man/man1/php-fcgi.1
 [EMAIL PROTECTED] man/man1/wigwam.1
 [EMAIL PROTECTED] o+s
 +sbin/cgi-wrapper
 [EMAIL PROTECTED]

why did that change to setuid?

Re: UPDATE: hiawatha-5.7

[Christian Weisgerber]

Peter Valchev [EMAIL PROTECTED] wrote:

  [EMAIL PROTECTED] o+s
  +sbin/cgi-wrapper
 
 why did that change to setuid?

Note that setuid would be u+s.  The above mode is just nonsensical.

-- 
Christian naddy Weisgerber  [EMAIL PROTECTED]

UPDATE: hiawatha-5.7

[Antoine Jacoutot]

This diff updates www/hiawatha to the latest stable version.

Comments/Ok?

--
Antoinediff -ruN --exclude CVS /usr/ports/www/hiawatha/Makefile hiawatha/Makefile
--- /usr/ports/www/hiawatha/MakefileSun Dec 31 20:15:51 2006
+++ hiawatha/Makefile   Sun Mar  4 13:04:04 2007
@@ -2,8 +2,7 @@
 
 COMMENT=   secure webserver
 
-DISTNAME=  hiawatha-5.4
-PKGNAME=   ${DISTNAME}p0
+DISTNAME=  hiawatha-5.7
 CATEGORIES=www net
 
 HOMEPAGE=  http://hiawatha.leisink.org
@@ -30,8 +29,8 @@
perl -pi -e 's,!!LOCALBASE!!,${LOCALBASE},g;' \
-e 's,!!SYSCONFDIR!!,${SYSCONFDIR},g' \
${WRKSRC}/etc/hiawatha/httpd.conf.in \
-   ${WRKSRC}/etc/hiawatha/cgi_wrapper.conf \
-   ${WRKSRC}/doc/cgi_wrapper.1 \
+   ${WRKSRC}/etc/hiawatha/cgi-wrapper.conf \
+   ${WRKSRC}/doc/cgi-wrapper.1 \
${WRKSRC}/doc/hiawatha.1
 
 post-install:
diff -ruN --exclude CVS /usr/ports/www/hiawatha/distinfo hiawatha/distinfo
--- /usr/ports/www/hiawatha/distinfoSun Dec 31 11:32:42 2006
+++ hiawatha/distinfo   Sun Mar  4 13:04:23 2007
@@ -1,4 +1,5 @@
-MD5 (hiawatha-5.4.tar.gz) = afabfddfd7525e95dbe893eacb1ee325
-RMD160 (hiawatha-5.4.tar.gz) = 370f138e3678abdfd5e03617f57b439c9b91b7c5
-SHA1 (hiawatha-5.4.tar.gz) = c98d91dd3b8ab18abc514e9ebe8506a3b12b3cc8
-SIZE (hiawatha-5.4.tar.gz) = 184894
+MD5 (hiawatha-5.7.tar.gz) = 5cdf333d6f003367e28c5816b417d14d
+RMD160 (hiawatha-5.7.tar.gz) = 3ee950ab7c1a70d50858136e3343505174660e05
+SHA1 (hiawatha-5.7.tar.gz) = d0edd7ab4e9efda0ffdd5ec90b4886af92e838d7
+SHA256 (hiawatha-5.7.tar.gz) = 
ca2d6aff4fc287bdfbe0919ceaa9eb35ca21ea2d0ea30110f49a969f1d3f03e0
+SIZE (hiawatha-5.7.tar.gz) = 193206
diff -ruN --exclude CVS /usr/ports/www/hiawatha/patches/patch-Makefile_in 
hiawatha/patches/patch-Makefile_in
--- /usr/ports/www/hiawatha/patches/patch-Makefile_in   Sun Dec 31 11:32:42 2006
+++ hiawatha/patches/patch-Makefile_in  Sun Mar  4 13:02:22 2007
@@ -1,7 +1,7 @@
 $OpenBSD: patch-Makefile_in,v 1.1.1.1 2006/12/31 10:32:42 ajacoutot Exp $
 Makefile.in.orig   Sat Dec 16 14:37:10 2006
-+++ Makefile.inWed Dec 20 12:07:53 2006
-@@ -727,9 +727,8 @@ info: info-am
+--- Makefile.in.orig   Sat Feb 17 19:22:27 2007
 Makefile.inSat Feb 17 19:23:01 2007
+@@ -785,9 +785,8 @@ info: info-am
  
  info-am:
  
@@ -10,5 +10,5 @@
@$(NORMAL_INSTALL)
 -  $(MAKE) $(AM_MAKEFLAGS) install-data-hook
  
- install-exec-am: install-sbinPROGRAMS
- 
+ install-exec-am: install-sbinPROGRAMS install-sbinSCRIPTS
+   @$(NORMAL_INSTALL)
diff -ruN --exclude CVS /usr/ports/www/hiawatha/patches/patch-doc_cgi-wrapper_1 
hiawatha/patches/patch-doc_cgi-wrapper_1
--- /usr/ports/www/hiawatha/patches/patch-doc_cgi-wrapper_1 Thu Jan  1 
01:00:00 1970
+++ hiawatha/patches/patch-doc_cgi-wrapper_1Sun Mar  4 13:02:22 2007
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- doc/cgi-wrapper.1.orig Sat Feb 17 19:16:27 2007
 doc/cgi-wrapper.1  Sat Feb 17 19:17:10 2007
+@@ -11,7 +11,7 @@ cgi-wrapper
+ The CGI-wrapper can be used to run certain CGI programs with a different 
userid then the webserver's userid. To function properly, the CGI-wrapper 
binary needs the su-bit. To prevent abuse, it has the necessary security 
checks. As a result, the CGI-wrapper can only be executed by the Hiawatha 
webserver.
+ 
+ .SH CONFIGURATION
+-The CGI-wrapper can be configured via the configuration file 
/etc/hiawatha/cgi-wrapper.conf. The following options are available:
++The CGI-wrapper can be configured via the configuration file 
!!SYSCONFDIR!!/hiawatha/cgi-wrapper.conf. The following options are available:
+ .TP
+ .B CGIhandler = CGI handler[, CGI handler, ...]
+ Normally, only files inside the DocumentRoot will be executed. CGI-handlers 
are usually not inside this directory. Use this option to specify binaries that 
are outside the DocumentRoot and the CGI-wrapper is still allowed to execute.
diff -ruN --exclude CVS /usr/ports/www/hiawatha/patches/patch-doc_cgi_wrapper_1 
hiawatha/patches/patch-doc_cgi_wrapper_1
--- /usr/ports/www/hiawatha/patches/patch-doc_cgi_wrapper_1 Sun Dec 31 
11:32:42 2006
+++ hiawatha/patches/patch-doc_cgi_wrapper_1Thu Jan  1 01:00:00 1970
@@ -1,12 +0,0 @@
-$OpenBSD: patch-doc_cgi_wrapper_1,v 1.1.1.1 2006/12/31 10:32:42 ajacoutot Exp $
 doc/cgi_wrapper.1.orig Wed Dec 20 14:42:36 2006
-+++ doc/cgi_wrapper.1  Wed Dec 20 14:39:44 2006
-@@ -9,7 +9,7 @@ cgi_wrapper
- The CGI wrapper is part of the Hiawatha webserver. See hiawatha(1) for more 
information about Hiawatha.
- 
- .SH CGI WRAPPER
--The CGI wrapper can be used to run certain CGI programs with a different 
userid then Hiawatha's userid. It replaces the HostId option in previous 
versions. To function properly, the CGI wrapper binary needs the su-bit. To 
prevent abuse, it has the necessary security checks. As a result, the CGI 
wrapper can only be executed by Hiawatha. Via the configuration file 
(/etc/hiawatha/cgi_wrapper.conf), you can