--- www-sql-0.5.7.orig/Makefile.in
+++ www-sql-0.5.7/Makefile.in
@@ -3,7 +3,7 @@
VER = @VERSION@
# Set the default username and password for www-sql to use
-SQL_USER = nobody
+SQL_USER = www-data
SQL_PASS =
SQL_DEFS = -DSQL_USER=\"$(SQL_USER)\" -DSQL_PASS=\"$(SQL_PASS)\"
--- www-sql-0.5.7.orig/www-sql.c
+++ www-sql-0.5.7/www-sql.c
@@ -64,7 +64,7 @@
* an action handler, you open up secured areas to those who know how to
* exploit a certain bug in previous versions of www-sql.
*/
- tmp = getenv("SERVER_NAME");
+ tmp = getenv("SERVER_SOFTWARE");
if (tmp && !strncmp(tmp, "Apache", 6) &&
(tmp = getenv("REDIRECT_STATUS")) == NULL) {
printf("WWW-Sql\n");
--- www-sql-0.5.7.orig/debian/www-mysql.dirs
+++ www-sql-0.5.7/debian/www-mysql.dirs
@@ -0,0 +1,2 @@
+usr/lib/cgi-bin
+usr/share/doc/www-mysql/examples
--- www-sql-0.5.7.orig/debian/compat
+++ www-sql-0.5.7/debian/compat
@@ -0,0 +1 @@
+4
--- www-sql-0.5.7.orig/debian/changelog
+++ www-sql-0.5.7/debian/changelog
@@ -0,0 +1,244 @@
+www-sql (0.5.7-17) unstable; urgency=low
+
+ * Changed build-dep to libmysqlclient10-dev (closes: #198837)
+ * Upgrade to debhelper 4
+
+ -- Hamish Moffatt Sat, 23 Aug 2003 17:08:43 +1000
+
+www-sql (0.5.7-16) unstable; urgency=low
+
+ * Recompile for new postgresql (closes: #176821)
+
+ -- Hamish Moffatt Fri, 21 Feb 2003 00:17:14 +1100
+
+www-sql (0.5.7-15) unstable; urgency=low
+
+ * Move to main from non-US, since postgresql has also moved
+
+ -- Hamish Moffatt Tue, 22 Oct 2002 23:34:46 +1000
+
+www-sql (0.5.7-14) unstable; urgency=low
+
+ * Added Apache2 to allowed web server list (closes: #162597)
+
+ -- Hamish Moffatt Tue, 22 Oct 2002 23:30:17 +1000
+
+www-sql (0.5.7-13) unstable; urgency=low
+
+ * Recompiled with libpgsql2 rather than libpgsql2.1
+
+ -- Hamish Moffatt Sat, 9 Mar 2002 00:41:11 +1100
+
+www-sql (0.5.7-12) unstable; urgency=low
+
+ * Added support for the WN web server: changed dependencies,
+ and added note to README.Debian (closes: #92750)
+
+ -- Hamish Moffatt Sun, 25 Nov 2001 13:29:24 +1100
+
+www-sql (0.5.7-11) unstable; urgency=low
+
+ * Recompiled with libpgsql2.1 in non-US (closes: #97128)
+
+ -- Hamish Moffatt Tue, 22 May 2001 00:01:53 +1000
+
+www-sql (0.5.7-10) unstable; urgency=low
+
+ * Changed build-dep from libmysqlclient9-dev to libmysqlclient-dev
+ (closes: #83898)
+ * Depends on Apache as it is currently insecure with other web servers
+
+ -- Hamish Moffatt Mon, 29 Jan 2001 08:07:49 +1100
+
+www-sql (0.5.7-9) unstable; urgency=low
+
+ * Fixed incorrect environment variable check for Apache (closes: #82529)
+
+ -- Hamish Moffatt Thu, 18 Jan 2001 21:29:32 +1100
+
+www-sql (0.5.7-8) unstable; urgency=low
+
+ * Recompiled with libmysqlclient10
+
+ -- Hamish Moffatt Tue, 7 Nov 2000 15:28:15 +1100
+
+www-sql (0.5.7-7) unstable; urgency=low
+
+ * Added missing build-dependencies (closes: #68455, #68752)
+
+ -- Hamish Moffatt Sat, 26 Aug 2000 12:43:11 +1000
+
+www-sql (0.5.7-6) unstable; urgency=low
+
+ * Recompiled for libmysqlclient9
+
+ -- Hamish Moffatt Mon, 7 Aug 2000 19:44:02 +1000
+
+www-sql (0.5.7-5) unstable; urgency=low
+
+ * Added note to README.Debian about "www-data" username and Postgres
+ * Updated GPL location
+ * Added build-deps
+
+ -- Hamish Moffatt Tue, 1 Aug 2000 22:27:48 +1000
+
+www-sql (0.5.7-4) unstable; urgency=low
+
+ * FHS compliant
+ * Recompile against latest mysql and pgsql packages
+
+ -- Hamish Moffatt Tue, 5 Oct 1999 19:54:15 +1000
+
+www-sql (0.5.7-3) unstable; urgency=low
+
+ * Recompile against latest mysql and pgsql packages
+
+ -- Hamish Moffatt Sat, 14 Aug 1999 14:59:00 +1000
+
+www-sql (0.5.7-2) unstable; urgency=low
+
+ * Changed section to "web" instead of "contrib/web" for www-mysql
+
+ -- Hamish Moffatt Sun, 13 Dec 1998 14:24:00 +1100
+
+www-sql (0.5.7-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Hamish Moffatt Sat, 21 Nov 1998 16:47:00 +1100
+
+www-sql (0.5.5-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Hamish Moffatt Fri, 04 Sep 1998 19:44:00 +1000
+
+www-sql (0.5.1-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Hamish Moffatt Tue, 19 May 1998 19:23:00 +1000
+
+www-sql (0.5.0-5) frozen unstable; urgency=medium
+
+ * Rebuilt for mysql 3.21.25gamma-4; previous versions would segfault.
+ Built with libpgsql 6.3-2. Built with --enable-recursive set too.
+
+ -- Hamish Moffatt Fri, 01 May 1998 01:01:00 +1000
+
+www-sql (0.5.0-4) frozen unstable; urgency=low
+
+ * Re-included missing www-sql.html in /usr/doc (bug #21242)
+
+ -- Hamish Moffatt Fri, 17 Apr 1998 15:10:00 +1000
+
+www-sql (0.5.0-3) frozen unstable; urgency=low
+
+ * Changed the default database username to www-data from nobody
+ (fixes #20788)
+
+ -- Hamish Moffatt Tue, 07 Apr 1998 22:42:00 +1000
+
+www-sql (0.5.0-2) frozen unstable; urgency=low
+
+ * Recompiled with postgresql 6.3
+
+ -- Hamish Moffatt Sun, 05 Apr 1998 12:21:00 +1000
+
+www-sql (0.5.0-1) frozen unstable; urgency=medium
+
+ * New upstream release, with PostgreSQL support
+
+ * New binary package: www-pgsql for PostgreSQL, in Debian's main section
+ * Source package moved to main for www-pgsql, www-mysql remains in contrib
+ * Important note: the www-sql binary in previous versions of www-mysql
+ is now known /usr/lib/cgi-bin/www-mysql, not ..../www-sql, to allow
+ co-existence with www-pgsql
+
+ * Important Note: previous versions of www-sql could allow access
+ to files protected by .htaccess and other mechanisms. If you are using
+ Apache, you MUST use the action handling if using Apache
+ (see /usr/doc/www-{my,pg}sql/examples/srm.conf) to prevent this.
+
+ -- Hamish Moffatt Sat, 14 Mar 1998 12:48:28 +1100
+
+www-sql (0.4.4-3) unstable; urgency=low
+
+ * Fixed missing copyright file and cleaned up some mistakes
+ from the package name change
+
+ -- Hamish Moffatt Wed, 11 Mar 1998 01:41:00 +1100
+
+www-sql (0.4.4-2) unstable; urgency=low
+
+ * Renamed binary package www-sql to www-mysql to prevent confusion
+ about which SQL server it is for
+
+ -- Hamish Moffatt Fri, 20 Jan 1998 01:27:00 +1100
+
+www-sql (0.4.4-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- Hamish Moffatt Thu, 19 Jan 1998 14:42:00 +1100
+
+www-sql (0.4.1-5) unstable; urgency=low
+
+ * Applied upstream patch to correct some parser problems;
+ in particular, the unary not (!) operator was missing
+ and some string comparisons did not work
+
+ -- Hamish Moffatt Sat, 10 Jan 1998 17:23:00 +1100
+
+www-sql (0.4.1-4) unstable; urgency=low
+
+ * Removed postinst and postrm commands to configure Apache
+ to use www-sql automatically, as www-sql should not edit
+ Apache's configuration files directly under policy
+ Updated README.Debian to suit.
+
+ -- Hamish Moffatt Wed, 7 Jan 1998 12:25:35 +1100
+
+www-sql (0.4.1-3) unstable; urgency=low
+
+ * Fixed bug in postinst; Apache would never be configured for www-sql
+ * Recompiled with mysql 3.21.17a.beta-2
+ * Compiled with the old expression handler for now
+
+ -- Hamish Moffatt Sat, 3 Jan 1998 14:05:35 +1100
+
+www-sql (0.4.1-2) unstable; urgency=low
+
+ * Fixed bug in postinst where it would fail unless apache was installed
+ (fixes #16313)
+
+ -- Hamish Moffatt Sun, 28 Dec 1997 12:15:35 +1100
+
+www-sql (0.4.1-1) unstable; urgency=medium
+
+ * New upstream release; fixes some omissions in the new
+ expression parser introduced in 0.4.0
+ * Corrected duplicated Password field in example SQL commands
+ given in README and README.debian (fixes #16018)
+
+ -- Hamish Moffatt Sat, 27 Dec 1997 23:32:35 +1100
+
+www-sql (0.4.0-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Hamish Moffatt Tue, 16 Dec 1997 20:23:25 +1100
+
+www-sql (0.3.4-2) unstable; urgency=low
+
+ * Changed postinst/postrm to inform user about Apache configuration
+ changes if made.
+
+ -- Hamish Moffatt Wed, 12 Nov 1997 01:25:48 +1100
+
+www-sql (0.3.4-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Hamish Moffatt Wed, 12 Nov 1997 01:00:48 +1100
+
--- www-sql-0.5.7.orig/debian/control
+++ www-sql-0.5.7/debian/control
@@ -0,0 +1,33 @@
+Source: www-sql
+Section: web
+Priority: extra
+Maintainer: Hamish Moffatt
+Standards-Version: 3.5.8
+Build-Depends: postgresql-dev, libmysqlclient10-dev, debhelper (>= 4)
+
+Package: www-mysql
+Architecture: any
+Depends: ${shlibs:Depends}, apache | apache-ssl | wn | apache2-common
+Conflicts: www-sql
+Replaces: www-sql
+Section: web
+Description: a WWW interface for the TCX mySQL database
+ www-mysql is a web interface for the mySQL database.
+ SQL commands can be embedded into web pages; these are executed
+ on the server by www-mysql and the resulting web page sent to
+ the browser. All SQL commands and queries supported by
+ mySQL can be used via www-mysql.
+
+Package: www-pgsql
+Architecture: any
+Depends: ${shlibs:Depends}, apache | apache-ssl | wn | apache2-common
+Conflicts: www-sql
+Replaces: www-sql
+Section: web
+Description: a WWW interface for the PostgreSQL database
+ www-pgsql is a web interface for the PostgreSQL database.
+ SQL commands can be embedded into web pages; these are executed
+ on the server by www-pgsql and the resulting web page sent to
+ the browser. All SQL commands and queries supported by
+ PostgreSQL can be used via www-pgsql.
+
--- www-sql-0.5.7.orig/debian/rules
+++ www-sql-0.5.7/debian/rules
@@ -0,0 +1,63 @@
+#!/usr/bin/make -f
+# Made with the aid of debmake, by Christoph Lameter,
+# based on the sample debian/rules file for GNU hello by Ian Jackson.
+
+package=www-sql
+
+build:
+ dh_testdir
+ ./configure --prefix=/usr --with-pgsql-libs=/usr/lib/postgresql/lib --with-pgsql-headers=/usr/include/postgresql --enable-apache-action-check --enable-recursive
+ make CFLAGS="-O2 -g -Wall" www-mysql
+ make CFLAGS="-O2 -g -Wall" www-pgsql
+ touch build
+
+clean:
+ dh_testdir
+ -rm -f config.h
+ -rm -f build
+ -make distclean
+ -rm -f `find . -name "*~"`
+ dh_clean
+
+binary-indep: checkroot build
+ $(checkdir)
+# There are no architecture-independent files to be uploaded
+# generated by this package. If there were any they would be
+# made here.
+
+binary-arch: binary
+
+binary: build
+ dh_clean
+ dh_installdirs
+
+ # set up www-mysql package
+ install www-mysql `pwd`/debian/www-mysql/usr/lib/cgi-bin
+ cp example.sql `pwd`/debian/www-mysql/usr/share/doc/www-mysql/examples
+ cp debian/examples/srm.conf `pwd`/debian/www-mysql/usr/share/doc/www-mysql/examples
+
+ # set up www-pgsql package
+ install www-pgsql `pwd`/debian/www-pgsql/usr/lib/cgi-bin
+ cp example.pgsql `pwd`/debian/www-pgsql/usr/share/doc/www-pgsql/examples
+ cp debian/examples/srm.conf `pwd`/debian/www-pgsql/usr/share/doc/www-pgsql/examples
+
+ dh_installdocs -A www-sql.html README debian/README.Debian
+ dh_installchangelogs Changelog
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Below here is fairly generic really
+
+binary: binary-indep binary-arch
+
+checkroot:
+ dh_testdir
+ dh_testroot
+
+.PHONY: binary binary-arch binary-indep clean checkroot
--- www-sql-0.5.7.orig/debian/copyright
+++ www-sql-0.5.7/debian/copyright
@@ -0,0 +1,21 @@
+This is the Debian GNU/Linux package of www-sql.
+This package was put together from sources obtained at:
+ ftp.daa.com.au:/pub/james/www-sql
+by Hamish Moffatt
+
+This program is free software; you may redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+This is distributed in the hope that it will be useful, but without
+any warranty; without even the implied warranty of merchantability or
+fitness for a particular purpose. See the GNU General Public License
+for more details.
+
+A copy of the GNU General Public License is available as
+/usr/share/common-licenses/GPL in the Debian GNU/Linux distribution or on the
+World Wide Web at http://www.gnu.org/copyleft/gpl.html. You can also
+obtain it by writing to the Free Software Foundation, Inc., 59 Temple
+Place - Suite 330, Boston, MA 02111-1307, USA.
+
--- www-sql-0.5.7.orig/debian/examples/srm.conf
+++ www-sql-0.5.7/debian/examples/srm.conf
@@ -0,0 +1,11 @@
+#-- www-sql begin
+# The following configures Apache to treat .sql files as
+# to be interpreted by www-sql. This means that you can retrieve
+# these directly as http://server/file.sql, instead of as
+# http://server/cgi-bin/www-sql/file.sql.
+# Change www-mysql to www-pgsql as appropriate.
+
+AddHandler www-sql sql
+Action www-sql /cgi-bin/www-mysql
+
+#-- www-sql end
--- www-sql-0.5.7.orig/debian/README.Debian
+++ www-sql-0.5.7/debian/README.Debian
@@ -0,0 +1,84 @@
+README for the Debian package of www-sql (www-mysql & www-pgsql)
+Hamish Moffatt
+
+The /usr/doc/www-sql/README contains the full README for www-sql.
+Most of the README is concerned with compilation and installation,
+which is not relevant for the packaged version of www-sql. However
+some useful extracts are included below.
+
+Sections in this document:
+
+1. Securing www-sql
+
+2. Creating the www-sql database user
+2.1 With MySQL
+2.2 With PostgreSQL
+2.3 Problems with the user 'www-data' and Postgres
+
+=========================================================================
+1. Securing www-sql
+
+You can access scripts written for www-sql as
+ http://server/cgi-bin/www-sql/pathname/filename.sql
+
+However, www-sql will serve any file it can read and interpret it,
+so users can read any file in your WWW document root. eg
+ http://server/cgi-bin/www-sql/cgi-bin/my-shell-script
+
+You must use www-sql as an action handler (in Apache) or
+filter (in WN) and not directly as a CGI program.
+
+See /usr/share/doc/www-sql/examples/srm.conf for the necessary commands
+to add for Apache, or /usr/share/doc/wn/filter.html for WN.
+
+=========================================================================
+2. Create the www-sql database user
+
+www-sql needs to connect to your database server. By default, it
+uses the username 'www-sql'. You can override this in your www-sql
+pages.
+
+
+2.1 Creating the www-sql user in MySQL:
+
+ mysql -uroot -ppass mysql << EOF
+ insert into user (Host, User, Password, Select_priv)
+ values ("localhost", "www-data", "", "Y");
+ EOF
+ mysqladmin -uroot -ppass reload
+
+(substituting the correct root password). This will give www-sql access to
+all your databases. If you want to be more secure, change the "Y" to a
+"N" and add records to the db table, to grant access to individual
+databases.
+
+
+2.2 Creating the www-sql user in Postgresql:
+
+createuser "www-data"
+
+Now grant permissions to www-data with commands like this:
+
+psql dbname << EOF
+grant SELECT -- or INSERT, UPDATE, DELETE, RULE, or ALL
+ on tablename
+ to "www-data";
+EOF
+
+2.3 Problems with the user 'www-data' and Postgres:
+
+In Postgres 6.5.3 and later there is no restriction on using "www-data".
+However, a name which is not an SQL identifier (i.e. "[a-z][a-z0-9_]*")
+must be enclosed in double quotes wherever it is used. Not doing this
+may be the cause of your problems.
+
+So you have to say:
+
+ CREATE USER "www-data"
+
+not
+
+ CREATE USER www-data
+
+
+For extra information, see the file www-sql.html.
--- www-sql-0.5.7.orig/debian/www-pgsql.dirs
+++ www-sql-0.5.7/debian/www-pgsql.dirs
@@ -0,0 +1,2 @@
+usr/lib/cgi-bin
+usr/share/doc/www-pgsql/examples