* Uses WWWOWN and WWWGRP.

* Changes tweaks to CGIWRAP_ALLOWFILE and CGIWRAP_DENYFILE.
* Add optional ability to build without some features.
* Adds CGIWRAP_DEBUG, which adds support for the cgiwrapd/nph-cgiwrapd binaries.
* Proper/secure permissions on the binaries.
* Another cosmetic changes.

* Pass maintainership to submitter.

PR:		ports/70106
Submitted by:	Jeremy Chadwick <freebsd@jdc.parodius.com>

www/cgiwrap/Makefile

@@ -7,56 +7,99 @@
 
 PORTNAME=	cgiwrap
 PORTVERSION=	3.9
+PORTREVISION=	1
 CATEGORIES=	www security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 
-MAINTAINER=	jre@vineyard.net
+MAINTAINER=	freebsd@jdc.parodius.com
 COMMENT=	Securely execute ~user CGI scripts
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--with-httpd-user=${HTTPDUSER} \
+CONFIGURE_ARGS=	--with-httpd-user=${WWWOWN} \
+		--with-install-group=${WWWGRP} \
 		--with-install-dir=${MAINCGIDIR} \
-		--with-install-group=${BINGRP} \
+		--with-cgi-dir=${CGIWRAP_CGIDIR} \
-		--with-cgi-dir=${CGIDIR} \
+		--with-local-contact=${CGIWRAP_CONTACT} \
-		--with-allow-file=${ALLOWFILE} \
+		--with-allow-file=${CGIWRAP_ALLOWFILE} \
-		--with-deny-file=${DENYFILE} \
+		--with-deny-file=${CGIWRAP_DENYFILE}
-		${WITHOUTCHECK}
 
-###
+#
 # Set this to the directory (relative to each user's home) where CGI
-# scripts will be found.  (Another common value is "www/cgi-bin".)
+# scripts will be found.  Common alternate values are "www/cgi-bin"
-###
+# (a.k.a. ~user/www/cgi-bin) and "cgi-bin" (a.k.a. ~user/cgi-bin)
-CGIDIR?=		public_html/cgi-bin
+#
-###
+CGIWRAP_CGIDIR?=	public_html/cgi-bin
-# The default security settings are very tight; enable one or more
+
-# of these to loosen them.  Run "configure -help" for information on
+#
-# these and other options.
+# MAINCGIDIR is the directory the cgiwrap binaries get installed to.
-###
+#
-#WITHOUTCHECK?=	--without-check-owner --without-check-setuid \
-#		--without-check-group --without-check-setgid \
-#		--without-check-group-writable \
-#		--without-check-world-writable
-###
-# Use these options for Apache:
-###
 MAINCGIDIR?=	${PREFIX}/www/cgi-bin
-HTTPDUSER?=	www
+
-###
+#
 # The allow and deny files control access to cgiwrap.
+#
+CGIWRAP_ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
+CGIWRAP_DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny
+
+#
+# Set the contact Email address.
+#
+CGIWRAP_CONTACT?=	webmaster@dummy-host.example.com
+
+#
+# Define CGIWRAP_LOGGING and specify where you want the logfile.
+#
+.if defined(CGIWRAP_LOGGING)
+CONFIGURE_ARGS+=	--with-logging-file=${CGIWRAP_LOGGING}
+.endif
+
+#
+# Some users enjoy being able to debug their own CGI scripts, since
+# the standard "Internal server error" response doesn't help much.
+# Administrators may find this useful as well.  See the cgiwrap
+# documentation for details on how to use this.
+#
+.if defined(CGIWRAP_DEBUG)
+PLIST_SUB+=	CGIWRAPDFLAG=
+.else
+PLIST_SUB+=	CGIWRAPDFLAG="@comment "
+.endif
+
+#
+# A slew of --without-* configure flags exist for cgiwrap.  You
+# should refer to the cgiwrap documentation for details regarding
+# what these do, and when (if) they're necessary.
+#
 ###
-ALLOWFILE?=	${PREFIX}/etc/${PORTNAME}.allow
+.if defined(CGIWRAP_WITHOUT_CHECK_OWNER)
-DENYFILE?=	${PREFIX}/etc/${PORTNAME}.deny
+CONFIGURE_ARGS+=	--without-check-owner
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_GROUP)
+CONFIGURE_ARGS+=	--without-check-group
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_SETUID)
+CONFIGURE_ARGS+=	--without-check-setuid
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_SETGID)
+CONFIGURE_ARGS+=	--without-check-setgid
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_GROUP_WRITABLE)
+CONFIGURE_ARGS+=	--without-check-group-writable
+.endif
+.if defined(CGIWRAP_WITHOUT_CHECK_WORLD_WRITABLE)
+CONFIGURE_ARGS+=	--without-check-world-writable
+.endif
 
 pre-install:
 	@${MKDIR} ${MAINCGIDIR}
 
 post-install:
-	${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+	@${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
-	${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	@${CHMOD} 4550 ${MAINCGIDIR}/cgiwrap
-	${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd
+.if !defined(CGIWRAP_WITH_DEBUG)
-	${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	@${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
-	${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd
+.endif
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 .for file in accesscontrol.html afs.html changes.html chroot.html	\
@@ -68,6 +111,6 @@ post-install:
 .endfor
 	@${ECHO} "Documentation installed in ${DOCSDIR}"
 .endif
-	@${CAT} ${PKGMESSAGE}
+	@${CAT} ${PKGMESSAGE} | ${SED} -e's#%%PREFIX%%#${PREFIX}#g'
 
 .include <bsd.port.mk>

www/cgiwrap/pkg-descr

@@ -9,6 +9,3 @@ and Communications servers, and probably any other Unix based web
 server software that supports CGI.
 
 WWW: http://cgiwrap.sourceforge.net/
-
-- Pete
-petef@databits.net

www/cgiwrap/pkg-message

@@ -6,14 +6,10 @@ a depend.  If you are unsure of which webserver to use, it is
 recommended to try the Apache web server package.
 
 The cgiwrap scripts have been installed in:
-    ${PREFIX}/www/cgi-bin
+    %%PREFIX%%/www/cgi-bin
 ...the default location for Apache's cgi-bin directory.
 
-The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they
+If cgiwrap's allow/deny control is enabled, you must create either
-may give away sensitive information about the CGI environment.  To
+%%PREFIX%%/etc/cgiwrap.allow and/or %%PREFIX%%/etc/cgiwrap.deny
-enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd
+before cgiwrap will function.
-
-Access control enabled, you must create either
-${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
-cgiwrap will function.
 -----------------------------------------------------------------

www/cgiwrap/pkg-plist

@@ -18,8 +18,8 @@
 %%PORTDOCS%%%%DOCSDIR%%/tricks.html
 %%PORTDOCS%%%%DOCSDIR%%/y2k.html
 www/cgi-bin/cgiwrap
-www/cgi-bin/cgiwrapd
+%%CGIWRAPDFLAG%%www/cgi-bin/cgiwrapd
 www/cgi-bin/nph-cgiwrap
-www/cgi-bin/nph-cgiwrapd
+%%CGIWRAPDFLAG%%www/cgi-bin/nph-cgiwrapd
 @unexec rmdir %D/www/cgi-bin 2>/dev/null || true
 %%PORTDOCS%%@dirrm %%DOCSDIR%%