diff options
| author | clement <clement@FreeBSD.org> | 2004-07-30 17:04:47 +0000 |
|---|---|---|
| committer | clement <clement@FreeBSD.org> | 2004-07-30 17:04:47 +0000 |
| commit | 7963a078c6ae65f468289bbd113bd2f78fc603f6 (patch) | |
| tree | eee5429c073d6626473dccf7ad207b450103a4a0 /www | |
| parent | 36f639036c59b2771c3beacbe6286e98a18bc1a3 (diff) | |
| download | FreeBSD-ports-7963a078c6ae65f468289bbd113bd2f78fc603f6.zip FreeBSD-ports-7963a078c6ae65f468289bbd113bd2f78fc603f6.tar.gz | |
apache2 NG patch 1/5.
o Changes in httpd.conf
- mod_userdir:
. set Userdir if mod_userdir is loaded [1]
. Userdir is denied for users from /etc/ftpusers
- set more "secure" permissions.
By default, policy is to deny access to filesystem.
You HAVE to _ENABLE_ access to your filesystem in httpd.conf.
- Add an "Includes" directory to ${PREFIX}/etc/apache2/
to make configuration more flexible
${PREFIX}/etc/apache2/*.conf files are now automatically loaded.
o apache.sh
- be closer to apachectl, apache.sh need envvars [2]
It should restore subversion behavior.
Partially submitted by:
kuriyama [1],
Gregory (Grisha) Trubetskoy <grisha at apache dot org> [2]
Future changes are mostly written, they should be committed during the
week-end.
If you're interrested in changes, feel free contact me.
Diffstat (limited to 'www')
| -rw-r--r-- | www/apache2/Makefile | 12 | ||||
| -rw-r--r-- | www/apache2/files/apache.sh | 17 | ||||
| -rw-r--r-- | www/apache2/files/patch-docs:conf:httpd-std.conf.in | 53 | ||||
| -rw-r--r-- | www/apache2/pkg-plist | 1 | ||||
| -rw-r--r-- | www/apache20/Makefile | 12 | ||||
| -rw-r--r-- | www/apache20/files/apache.sh | 17 | ||||
| -rw-r--r-- | www/apache20/files/patch-docs:conf:httpd-std.conf.in | 53 | ||||
| -rw-r--r-- | www/apache20/pkg-plist | 1 |
8 files changed, 144 insertions, 22 deletions
diff --git a/www/apache2/Makefile b/www/apache2/Makefile index 3e06a63..0b856bf 100644 --- a/www/apache2/Makefile +++ b/www/apache2/Makefile @@ -172,9 +172,6 @@ pre-everything:: post-extract: @${INSTALL_DATA} ${DISTDIR}/${DIST_SUBDIR}/powerlogo.gif ${WRKSRC}/docs/icons/freebsd.gif -pre-configure: - @cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf - post-patch: @cd ${WRKSRC}/docs/docroot && \ for f in index.html.*; do (\ @@ -190,10 +187,19 @@ post-patch: ${WRKSRC}/server/core.c @${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual +pre-configure: + @cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf + +post-configure: + @FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\ + ${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$$FTPUSERS," \ + ${WRKSRC}/docs/conf/httpd-std.conf + pre-install: @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL post-install: + @${MKDIR} ${PREFIX}/etc/apache2/Includes @if [ ! -f ${PREFIX}/etc/rc.d/apache2.sh ]; then \ ${ECHO} "Installing ${PREFIX}/etc/rc.d/apache2.sh startup file."; \ ${INSTALL_SCRIPT} -m 751 ${WRKDIR}/apache2.sh ${PREFIX}/etc/rc.d/apache2.sh; \ diff --git a/www/apache2/files/apache.sh b/www/apache2/files/apache.sh index 15f20ae..1fbc67d 100644 --- a/www/apache2/files/apache.sh +++ b/www/apache2/files/apache.sh @@ -28,6 +28,7 @@ name="apache2" rcvar=`set_rcvar` +start_precmd="apache2_precmd" command="%%PREFIX%%/sbin/httpd" pidfile="/var/run/httpd.pid" required_files=%%PREFIX%%/etc/apache2/httpd.conf @@ -43,8 +44,20 @@ load_rc_config $name checkyesno apache2ssl_enable && \ apache2_flags="-DSSL $apache2_flags" -checkyesno apache2limits_enable && \ - start_precmd="eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null" +apache2_precmd() +{ + if test -f %%PREFIX%%/sbin/envvars + then + . %%PREFIX%%/sbin/envvars + fi + if checkyesno apache2limits_enable + then + eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null + else + return 0 + fi + +} sig_reload=SIGUSR1 diff --git a/www/apache2/files/patch-docs:conf:httpd-std.conf.in b/www/apache2/files/patch-docs:conf:httpd-std.conf.in index d87b8bd..31c157a 100644 --- a/www/apache2/files/patch-docs:conf:httpd-std.conf.in +++ b/www/apache2/files/patch-docs:conf:httpd-std.conf.in @@ -1,5 +1,5 @@ ---- docs/conf/httpd-std.conf.in.orig Wed Apr 24 07:24:35 2002 -+++ docs/conf/httpd-std.conf.in Tue May 7 19:29:28 2002 +--- docs/conf/httpd-std.conf.in.orig Sat Apr 24 20:13:43 2004 ++++ docs/conf/httpd-std.conf.in Sun Jul 25 11:37:58 2004 @@ -68,7 +68,7 @@ # <IfModule !mpm_netware.c> @@ -9,7 +9,7 @@ </IfModule> </IfModule> -@@ -263,8 +263,8 @@ +@@ -265,8 +265,8 @@ # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # @@ -20,7 +20,42 @@ </IfModule> </IfModule> -@@ -450,7 +450,7 @@ +@@ -314,10 +314,11 @@ + # + # First, we configure the "default" to be a very restrictive set of + # features. +-# ++# + <Directory /> +- Options FollowSymLinks + AllowOverride None ++ Order Deny,Allow ++ Deny from all + </Directory> + + # +@@ -365,8 +366,11 @@ + # UserDir: The name of the directory that is appended onto a user's home + # directory if a ~user request is received. + # ++<IfModule mod_userdir.c> + UserDir public_html + ++UserDir disabled %%FTPUSERS%% ++ + # + # Control access to UserDir directories. The following is an example + # for a site where these directories are restricted to read-only. +@@ -384,6 +388,8 @@ + # </LimitExcept> + #</Directory> + ++</IfModule> ++ + # + # DirectoryIndex: sets the file that Apache will serve if a directory + # is requested. +@@ -472,7 +478,7 @@ # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # @@ -29,7 +64,7 @@ # # LogLevel: Control the number of messages logged to the error_log. -@@ -475,20 +475,20 @@ +@@ -500,20 +506,20 @@ # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # @@ -53,4 +88,10 @@ +CustomLog @rel_logfiledir@/httpd-access.log combined # - # Optionally add a line containing the server version and virtual host + # ServerTokens +@@ -1049,3 +1055,5 @@ + # ErrorLog @rel_logfiledir@/dummy-host.example.com-error_log + # CustomLog @rel_logfiledir@/dummy-host.example.com-access_log common + #</VirtualHost> ++ ++Include @rel_sysconfdir@/Includes/*.conf diff --git a/www/apache2/pkg-plist b/www/apache2/pkg-plist index ee57ac1..230a8ea 100644 --- a/www/apache2/pkg-plist +++ b/www/apache2/pkg-plist @@ -1681,4 +1681,5 @@ share/apache2/build/special.mk @unexec rmdir %D/libexec/apache2 2> /dev/null || true %%PORTS_APR%%@dirrm lib/apache2 @dirrm include/apache2 +@unexec rmdir %D/etc/apache2/Includes 2> /dev/null || true @unexec rmdir %D/etc/apache2 2> /dev/null || echo "===> If you plan to do not reinstall apache2, you can safely remove %D/etc/apache2." diff --git a/www/apache20/Makefile b/www/apache20/Makefile index 3e06a63..0b856bf 100644 --- a/www/apache20/Makefile +++ b/www/apache20/Makefile @@ -172,9 +172,6 @@ pre-everything:: post-extract: @${INSTALL_DATA} ${DISTDIR}/${DIST_SUBDIR}/powerlogo.gif ${WRKSRC}/docs/icons/freebsd.gif -pre-configure: - @cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf - post-patch: @cd ${WRKSRC}/docs/docroot && \ for f in index.html.*; do (\ @@ -190,10 +187,19 @@ post-patch: ${WRKSRC}/server/core.c @${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual +pre-configure: + @cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf + +post-configure: + @FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\ + ${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$$FTPUSERS," \ + ${WRKSRC}/docs/conf/httpd-std.conf + pre-install: @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL post-install: + @${MKDIR} ${PREFIX}/etc/apache2/Includes @if [ ! -f ${PREFIX}/etc/rc.d/apache2.sh ]; then \ ${ECHO} "Installing ${PREFIX}/etc/rc.d/apache2.sh startup file."; \ ${INSTALL_SCRIPT} -m 751 ${WRKDIR}/apache2.sh ${PREFIX}/etc/rc.d/apache2.sh; \ diff --git a/www/apache20/files/apache.sh b/www/apache20/files/apache.sh index 15f20ae..1fbc67d 100644 --- a/www/apache20/files/apache.sh +++ b/www/apache20/files/apache.sh @@ -28,6 +28,7 @@ name="apache2" rcvar=`set_rcvar` +start_precmd="apache2_precmd" command="%%PREFIX%%/sbin/httpd" pidfile="/var/run/httpd.pid" required_files=%%PREFIX%%/etc/apache2/httpd.conf @@ -43,8 +44,20 @@ load_rc_config $name checkyesno apache2ssl_enable && \ apache2_flags="-DSSL $apache2_flags" -checkyesno apache2limits_enable && \ - start_precmd="eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null" +apache2_precmd() +{ + if test -f %%PREFIX%%/sbin/envvars + then + . %%PREFIX%%/sbin/envvars + fi + if checkyesno apache2limits_enable + then + eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null + else + return 0 + fi + +} sig_reload=SIGUSR1 diff --git a/www/apache20/files/patch-docs:conf:httpd-std.conf.in b/www/apache20/files/patch-docs:conf:httpd-std.conf.in index d87b8bd..31c157a 100644 --- a/www/apache20/files/patch-docs:conf:httpd-std.conf.in +++ b/www/apache20/files/patch-docs:conf:httpd-std.conf.in @@ -1,5 +1,5 @@ ---- docs/conf/httpd-std.conf.in.orig Wed Apr 24 07:24:35 2002 -+++ docs/conf/httpd-std.conf.in Tue May 7 19:29:28 2002 +--- docs/conf/httpd-std.conf.in.orig Sat Apr 24 20:13:43 2004 ++++ docs/conf/httpd-std.conf.in Sun Jul 25 11:37:58 2004 @@ -68,7 +68,7 @@ # <IfModule !mpm_netware.c> @@ -9,7 +9,7 @@ </IfModule> </IfModule> -@@ -263,8 +263,8 @@ +@@ -265,8 +265,8 @@ # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # @@ -20,7 +20,42 @@ </IfModule> </IfModule> -@@ -450,7 +450,7 @@ +@@ -314,10 +314,11 @@ + # + # First, we configure the "default" to be a very restrictive set of + # features. +-# ++# + <Directory /> +- Options FollowSymLinks + AllowOverride None ++ Order Deny,Allow ++ Deny from all + </Directory> + + # +@@ -365,8 +366,11 @@ + # UserDir: The name of the directory that is appended onto a user's home + # directory if a ~user request is received. + # ++<IfModule mod_userdir.c> + UserDir public_html + ++UserDir disabled %%FTPUSERS%% ++ + # + # Control access to UserDir directories. The following is an example + # for a site where these directories are restricted to read-only. +@@ -384,6 +388,8 @@ + # </LimitExcept> + #</Directory> + ++</IfModule> ++ + # + # DirectoryIndex: sets the file that Apache will serve if a directory + # is requested. +@@ -472,7 +478,7 @@ # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # @@ -29,7 +64,7 @@ # # LogLevel: Control the number of messages logged to the error_log. -@@ -475,20 +475,20 @@ +@@ -500,20 +506,20 @@ # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # @@ -53,4 +88,10 @@ +CustomLog @rel_logfiledir@/httpd-access.log combined # - # Optionally add a line containing the server version and virtual host + # ServerTokens +@@ -1049,3 +1055,5 @@ + # ErrorLog @rel_logfiledir@/dummy-host.example.com-error_log + # CustomLog @rel_logfiledir@/dummy-host.example.com-access_log common + #</VirtualHost> ++ ++Include @rel_sysconfdir@/Includes/*.conf diff --git a/www/apache20/pkg-plist b/www/apache20/pkg-plist index ee57ac1..230a8ea 100644 --- a/www/apache20/pkg-plist +++ b/www/apache20/pkg-plist @@ -1681,4 +1681,5 @@ share/apache2/build/special.mk @unexec rmdir %D/libexec/apache2 2> /dev/null || true %%PORTS_APR%%@dirrm lib/apache2 @dirrm include/apache2 +@unexec rmdir %D/etc/apache2/Includes 2> /dev/null || true @unexec rmdir %D/etc/apache2 2> /dev/null || echo "===> If you plan to do not reinstall apache2, you can safely remove %D/etc/apache2." |
