In sight of upcoming update, merge a few things to get cleaner diffs:

- Add a patch for CVE-2005-3124 (courtesy of Red Hat?)
- By default thttpd doesn't respect (or pass on) the X-Forwarded-For
  header; use a patch [1] that puts X-Forwarded-For into Remote-Addr,
  but not enable it just yet
- Amend COMMENT, improve pkg-message, sort the knobs in Makefile, and
  reformat port description text for better readability while here

[1] http://wiki.nginx.org/ThttpdRealIP

5 files changed, 52 insertions, 17 deletions

diff --git a/www/thttpd/Makefile b/www/thttpd/Makefile
index a7d6f92..441f7ff 100644
--- a/www/thttpd/Makefile
+++ b/www/thttpd/Makefile
@@ -9,19 +9,21 @@ MASTER_SITES=	http://www.acme.com/software/thttpd/ \
 		http://atreides.freenix.no/~anders/
 
 MAINTAINER=	danfe@FreeBSD.org
-COMMENT=	Tiny/turbo/throttling HTTP server
+COMMENT=	Tiny/turbo/throttling HTTP server with CGI support
 
-GNU_CONFIGURE=	yes
 USES=		gmake	# parallel builds (-jX) are broken with BSD make(1)
-USE_RC_SUBR=	thttpd
+GNU_CONFIGURE=	yes
+USE_RC_SUBR=	${PORTNAME}
 SUB_FILES=	pkg-message thttpd.conf.sample
-SUB_LIST=	WWWOWN=${WWWOWN}
+SUB_LIST=	WWWOWN=${WWWOWN} WWWGRP=${WWWGRP}
 
-OPTIONS_DEFINE=	SENDFILE
+OPTIONS_DEFINE=	SENDFILE IPREAL
 OPTIONS_DEFAULT=	SENDFILE
 SENDFILE_DESC=	Use sendfile(2) to serve files
+IPREAL_DESC=	Respect (pass on) "X-Forwarded-For" header
 
 SENDFILE_EXTRA_PATCHES=	${FILESDIR}/extra-patch-config.h
+IPREAL_EXTRA_PATCHES=	${FILESDIR}/extra-patch-ip_real
 
 post-patch:
 .for f in extras/htpasswd.1 extras/htpasswd.c thttpd.8 extras/Makefile.in
diff --git a/www/thttpd/files/extra-patch-ip_real b/www/thttpd/files/extra-patch-ip_real
new file mode 100644
index 0000000..d743d3c
--- /dev/null
+++ b/www/thttpd/files/extra-patch-ip_real
@@ -0,0 +1,15 @@
+--- libhttpd.c.orig	2003-12-25 20:06:05.000000000 +0100
++++ libhttpd.c	2005-01-09 00:26:04.867255248 +0100
+@@ -2207,6 +2207,12 @@
+ 		if ( strcasecmp( cp, "keep-alive" ) == 0 )
+ 		    hc->keep_alive = 1;
+ 		}
++	    else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 )
++		{ // Use real IP if available 
++		cp = &buf[16];
++		cp += strspn( cp, " \t" );
++		inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) );
++	        }
+ #ifdef LOG_UNKNOWN_HEADERS
+ 	    else if ( strncasecmp( buf, "Accept-Charset:", 15 ) == 0 ||
+ 		      strncasecmp( buf, "Accept-Language:", 16 ) == 0 ||
diff --git a/www/thttpd/files/patch-CVE-2005-3124 b/www/thttpd/files/patch-CVE-2005-3124
new file mode 100644
index 0000000..6034c3c
--- /dev/null
+++ b/www/thttpd/files/patch-CVE-2005-3124
@@ -0,0 +1,18 @@
+--- extras/syslogtocern.orig	2005-06-29 19:50:23.000000000 +0200
++++ extras/syslogtocern	2008-09-25 10:42:27.000000000 +0200
+@@ -31,8 +31,8 @@ if [ $# -lt 1 ] ; then
+     exit 1
+ fi
+ 
+-tmp1=/tmp/stc1.$$
+-rm -f $tmp1
++tmp1=`mktemp -t stc1.XXXXXX` || { echo "$0: Cannot create temporary file" >&2; exit 1;  }
++trap "[ -f \"$tmp1\" ] && /bin/rm -f -- \"$tmp1\"" 0 1 2 3 13 15
+ 
+ # Gather up all the thttpd entries.
+ egrep -h ' thttpd\[' "$@" > $tmp1
+@@ -65,4 +65,3 @@ awk < $tmp1 '{if ( ! ( NF >= 15 && $7 ==
+   sed -e "s,\([A-Z][a-z][a-z] [0-9 ][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) [^ ]* thttpd\[[0-9]*\]: \(.*\),[\1 ${year}] \2," > error_log
+ 
+ # Done.
+-rm -f $tmp1
diff --git a/www/thttpd/files/pkg-message.in b/www/thttpd/files/pkg-message.in
index ef371ea..b006e17 100644
--- a/www/thttpd/files/pkg-message.in
+++ b/www/thttpd/files/pkg-message.in
@@ -2,10 +2,10 @@
 If you want users to be able to create their own Web
 subdirectories off of the main web directory, you need to:
 
-  1. Add a group for www admins
-  2. chgrp yourgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www
+  1. Add a group for www admins (e.g., "%%WWWGRP%%")
+  2. chgrp thatgroup %%PREFIX%%/bin/makeweb %%PREFIX%%/www
   3. chmod 2755 %%PREFIX%%/bin/makeweb
-  4. Tell them about makeweb(1)
+  4. Tell users about makeweb(1)
 
 See http://www.acme.com/software/thttpd/notes.html for more
 detailed instructions.
diff --git a/www/thttpd/pkg-descr b/www/thttpd/pkg-descr
index e1682a4..283b8f2c 100644
--- a/www/thttpd/pkg-descr
+++ b/www/thttpd/pkg-descr
@@ -1,18 +1,18 @@
 thttpd is a simple, small, portable, fast, and secure HTTP server.
 
-Simple: It handles only the minimum necessary to implement HTTP/1.1.
+  - Simple: It handles only the minimum necessary to implement HTTP/1.1.
 
-Small: It also has a very small run-time size, since it does not fork and
-is very careful about memory allocation.
+  - Small: It also has a very small run-time size, since it does not fork
+    and is very careful about memory allocation.
 
-Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x,
-Linux 1.2.x, and OSF/1 (on a 64-bit Alpha).
+  - Portable: It compiles cleanly on SunOS 4.1.x, Solaris 2.x, BSD/OS 2.x,
+    Linux 1.2.x, and OSF/1 (on a 64-bit Alpha).
 
-Fast: In typical use it's about as fast as the best full-featured servers
-(Apache, NCSA, Netscape).  Under extreme load it's much faster.
+  - Fast: In typical use it's about as fast as the best full-featured
+    servers (Apache, NCSA, Netscape).  Under extreme load it's much faster.
 
-Secure: It goes to great lengths to protect the web server machine
-against attacks and breakins from other sites.
+  - Secure: It goes to great lengths to protect the web server machine
+    against attacks and breakins from other sites.
 
 It also has one extremely useful feature (URL-traffic-based throttling) that
 no other server currently has.