Ebuild of wwwoffle-2.8b is bad: ..... .... .... # keep spool keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime1,lastout,local} <-------- This is error !!! ..... ...... ...... correct is: # keep spool keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9]lastout,lastout,local} Reproducible: Always Steps to Reproduce: 1. 2. 3.
Sorry, this is real correct: ..... .... .... # keep spool keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime1,lastout,local} <-------- This is error !!! ..... ...... ...... chown -R wwwoffle:wwwoffle \ ${D}/var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9]lastout,local} \ ........ ....... .... correct is: # keep spool keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9],lastout,local} ...... ...... ..... chown -R wwwoffle:wwwoffle \ ${D}/var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9],lastout,local} \ ........ .......... ........
Fixed - thanks for the bug report.
I reopen the Bug for this: The line: ...... ..... ..... einfo "wwwoffled should run as an ordinary user now. Please change run-u id and run-gid to wwwoffle in" einfo "your /etc/wwwoffle/wwwoffle.conf" 1) But the wwwoffle.conf is located in /etc and not in /etc/wwwoffle. This is correct or not ? 2) The run-uid and run-gid is obligatorily to change ?
1. - Your correct - fixed. 2.I'm going to make the ebuild change the install to use the group/user wwwoffled. This is for your own security. With wwwoffle running as root and the amount of parsing of user and web page data that is undertaken, a parse error could result in arbituary execution of code by a local user or a malicious web site. You best protection for this is to reduce the privledges under with wwwoffled is run. If you want to change this after installation fine however I'm going to make this ebuild offer the a reasonable level of security to the default users. Also changed in this version I use a convert config script provided by the author to update the configuration files from the previous versions. If you don't want this to happen be careful about automergeing in etc-update. Thankyou for the help in fixing these errors.