ports/99304: Upgrade rwhois port to fix recursion flaw ; fix startup script, etc.

Thu Jun 22 15:50:21 UTC 2006

>Number:         99304
>Category:       ports
>Synopsis:       Upgrade rwhois port to fix recursion flaw ; fix startup script, etc.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 22 15:50:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Jo Rhett
>Release:        6.0
>Organization:
svcolo
>Environment:
FreeBSD arran 6.0-RELEASE FreeBSD 6.0-RELEASE #4: Fri Nov 11 13:29:33 PST 2005     root at barrel.svcolo.com:/usr/obj/usr/src/sys/MEERMINIMAL  i386
>Description:
First, upgrade 1.5.9.5 to 1.5.9.6.  1.5.9.5 has a serious bug that causes rwhois referral loops.

--- distinfo_orig       Thu Jun 22 07:31:22 2006
+++ distinfo    Thu Jun 22 07:40:06 2006
@@ -1,3 +1,3 @@
-MD5 (rwhoisd-1.5.9.5.tar.gz) = 08ab91152726f00c0e3bbccd54703f71
-SHA256 (rwhoisd-1.5.9.5.tar.gz) = 832da8faff58070fcc8685c67375dcced3b6bb225ffbe3542dd6052add61cf92
-SIZE (rwhoisd-1.5.9.5.tar.gz) = 491600
+MD5 (rwhoisd-1.5.9.6.tar.gz) = f18350b71603e9fefa76fc875e3f7544
+SHA256 (rwhoisd-1.5.9.6.tar.gz) = 318eb37c2a742407ec2bc163fdbbc65721e5890a6bce7ee8925885bae240baa4
+SIZE (rwhoisd-1.5.9.6.tar.gz) = 528488

--- Makefile_orig       Thu Jun 22 08:30:37 2006
+++ Makefile    Thu Jun 22 08:30:24 2006
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      rwhois
-PORTVERSION=   1.5.9.5
+PORTVERSION=   1.5.9.6
 CATEGORIES=    net ipv6
 MASTER_SITES=  http://www.rwhois.net/ftp/ \
                http://www.rwhois.net/ftp/older_releases/

There is also a missing single quote in the rwhoisd.sh script.

--- files/rwhoisd.sh_orig       Thu Jun 22 08:32:33 2006
+++ files/rwhoisd.sh    Thu Jun 22 08:32:54 2006
@@ -13,7 +13,7 @@
        #if [ -x ${PREFIX}/lib/rwhois/sbin/rwhoisd ]; then (${PREFIX}/lib/rwhois/sbin/rwhoisd -c ${PREFIX}/lib/rwhois/rwhoisd.conf &); echo -n ' rwhoisd'; fi
        ;;
 stop)
-       # killall rwhoisd && echo -n ' rwhoisd
+       killall rwhoisd && echo -n ' rwhoisd'
        ;;
 *)
        echo "Usage: `basename $0` {start|stop}" >&2

And finally, distributing a startup script that requires editing is somewhat silly.  A full rewrite would be better, but a quick fix would be:

--- files/rwhoisd.sh    Thu Jun 22 08:32:54 2006
+++ files/rwhoisd.improved      Thu Jun 22 08:34:34 2006
@@ -7,10 +7,14 @@
 
 case "$1" in
 start)
-       # remove or comment the following line and uncomment the one below it once you have
-       # configured your server's data
-       echo "rwhoisd not started; sample data still in place.   See ${PREFIX}/share/doc/rwhois for details."
-       #if [ -x ${PREFIX}/lib/rwhois/sbin/rwhoisd ]; then (${PREFIX}/lib/rwhois/sbin/rwhoisd -c ${PREFIX}/lib/rwhois/rwhoisd.conf &); echo -n ' rwhoisd'; fi
+       if [ -f ${PREFIX}/lib/rwhois/a.com ]; then
+               echo "rwhoisd not started; sample data still in place.   See ${PREFIX}/share/doc/rwhois for details."
+       else
+               if [ -x ${PREFIX}/lib/rwhois/sbin/rwhoisd ]; then
+                       (${PREFIX}/lib/rwhois/sbin/rwhoisd -c ${PREFIX}/lib/rwhois/rwhoisd.conf &)
+                       echo -n ' rwhoisd'
+               fi
+       fi
        ;;
 stop)
        killall rwhoisd && echo -n ' rwhoisd'

And finally, "make package" fails after getting the root password because it can't read the rwhoisd.sh file that is installed.

In the long term, the following things need to be done:

1. Edit the package to mark the example files as temporary, and not complain if they are missing when removed.  Given that the instructions provided recommend to rename the directories.

2. Properly read the rwhoisd.sh script as root while building the package

3. Check for rwhoisd_enable parameter in rc.conf

4. Get flags from rc.conf

5. Add a patch to handle the lack of an IPv6 interface correctly.  Right now you have to cd work/rwhois-1.5.9.6 ; vi config.h "/* undef HAVE_IPV6 */"; make clean ; make or it won't execute on machines with only ipv4 interfaces.

6. Have it install the configuration files as examples and only overwrite the main configuration files if they don't exist.  Right now it's an all or nothing affair.

I'm willing to provide the patches for #1-6 if you're willing to examine and commit them if they work for you.

>How-To-Repeat:
rwhois against IPs in the original class A or B space and you'll get both an answer and a referall, which is improper.  1.5.9.6 fixes this bug.
>Fix:
Apply the patches supplied.
>Release-Note:
>Audit-Trail:
>Unformatted:

