From 7963a078c6ae65f468289bbd113bd2f78fc603f6 Mon Sep 17 00:00:00 2001
From: clement <clement@FreeBSD.org>
Date: Fri, 30 Jul 2004 17:04:47 +0000
Subject: apache2 NG patch 1/5.

o Changes in httpd.conf
  - mod_userdir:
        . set Userdir if mod_userdir is loaded [1]
        . Userdir is denied for users from /etc/ftpusers
  - set more "secure" permissions.
    By default, policy is to deny access to filesystem.
    You HAVE to _ENABLE_ access to your filesystem in httpd.conf.
  - Add an "Includes" directory to ${PREFIX}/etc/apache2/
    to make configuration more flexible
    ${PREFIX}/etc/apache2/*.conf files are now automatically loaded.

o apache.sh
  - be closer to apachectl, apache.sh need envvars [2]
    It should restore subversion behavior.

Partially submitted by:
                kuriyama [1],
                Gregory (Grisha) Trubetskoy <grisha at apache dot org> [2]

Future changes are mostly written, they should be committed during the
week-end.
If you're interrested in changes, feel free contact me.
---
 www/apache2/Makefile                               | 12 +++--
 www/apache2/files/apache.sh                        | 17 ++++++-
 .../files/patch-docs:conf:httpd-std.conf.in        | 53 +++++++++++++++++++---
 www/apache2/pkg-plist                              |  1 +
 www/apache20/Makefile                              | 12 +++--
 www/apache20/files/apache.sh                       | 17 ++++++-
 .../files/patch-docs:conf:httpd-std.conf.in        | 53 +++++++++++++++++++---
 www/apache20/pkg-plist                             |  1 +
 8 files changed, 144 insertions(+), 22 deletions(-)

(limited to 'www')

diff --git a/www/apache2/Makefile b/www/apache2/Makefile
index 3e06a63..0b856bf 100644
--- a/www/apache2/Makefile
+++ b/www/apache2/Makefile
@@ -172,9 +172,6 @@ pre-everything::
 post-extract:
 	@${INSTALL_DATA} ${DISTDIR}/${DIST_SUBDIR}/powerlogo.gif ${WRKSRC}/docs/icons/freebsd.gif
 
-pre-configure:
-	@cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf
-
 post-patch:
 	@cd ${WRKSRC}/docs/docroot && \
 	 for f in index.html.*; do (\
@@ -190,10 +187,19 @@ post-patch:
 			${WRKSRC}/server/core.c
 	@${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual
 
+pre-configure:
+	@cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf
+
+post-configure:
+	@FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\
+	${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$$FTPUSERS," \
+			${WRKSRC}/docs/conf/httpd-std.conf
+
 pre-install:
 	@PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
 
 post-install:
+	@${MKDIR} ${PREFIX}/etc/apache2/Includes
 	@if [ ! -f ${PREFIX}/etc/rc.d/apache2.sh ]; then \
 		${ECHO} "Installing ${PREFIX}/etc/rc.d/apache2.sh startup file."; \
 		${INSTALL_SCRIPT} -m 751 ${WRKDIR}/apache2.sh ${PREFIX}/etc/rc.d/apache2.sh; \
diff --git a/www/apache2/files/apache.sh b/www/apache2/files/apache.sh
index 15f20ae..1fbc67d 100644
--- a/www/apache2/files/apache.sh
+++ b/www/apache2/files/apache.sh
@@ -28,6 +28,7 @@
 name="apache2"
 rcvar=`set_rcvar`
 
+start_precmd="apache2_precmd"
 command="%%PREFIX%%/sbin/httpd"
 pidfile="/var/run/httpd.pid"
 required_files=%%PREFIX%%/etc/apache2/httpd.conf
@@ -43,8 +44,20 @@ load_rc_config $name
 checkyesno apache2ssl_enable && \
 			apache2_flags="-DSSL $apache2_flags"
 
-checkyesno apache2limits_enable && \
-			start_precmd="eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null"
+apache2_precmd() 
+{
+	if test -f %%PREFIX%%/sbin/envvars
+	then
+		. %%PREFIX%%/sbin/envvars
+	fi
+	if checkyesno apache2limits_enable
+	then
+		eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null
+	else
+		return 0
+        fi
+
+}
 
 sig_reload=SIGUSR1
 
diff --git a/www/apache2/files/patch-docs:conf:httpd-std.conf.in b/www/apache2/files/patch-docs:conf:httpd-std.conf.in
index d87b8bd..31c157a 100644
--- a/www/apache2/files/patch-docs:conf:httpd-std.conf.in
+++ b/www/apache2/files/patch-docs:conf:httpd-std.conf.in
@@ -1,5 +1,5 @@
---- docs/conf/httpd-std.conf.in.orig	Wed Apr 24 07:24:35 2002
-+++ docs/conf/httpd-std.conf.in	Tue May  7 19:29:28 2002
+--- docs/conf/httpd-std.conf.in.orig	Sat Apr 24 20:13:43 2004
++++ docs/conf/httpd-std.conf.in	Sun Jul 25 11:37:58 2004
 @@ -68,7 +68,7 @@
  #
  <IfModule !mpm_netware.c>
@@ -9,7 +9,7 @@
  </IfModule>
  </IfModule>
  
-@@ -263,8 +263,8 @@
+@@ -265,8 +265,8 @@
  #  when the value of (unsigned)Group is above 60000; 
  #  don't use Group #-1 on these systems!
  #
@@ -20,7 +20,42 @@
  </IfModule>
  </IfModule>
  
-@@ -450,7 +450,7 @@
+@@ -314,10 +314,11 @@
+ #
+ # First, we configure the "default" to be a very restrictive set of 
+ # features.  
+-#
++# 
+ <Directory />
+-    Options FollowSymLinks
+     AllowOverride None
++    Order Deny,Allow
++    Deny from all 
+ </Directory>
+ 
+ #
+@@ -365,8 +366,11 @@
+ # UserDir: The name of the directory that is appended onto a user's home
+ # directory if a ~user request is received.
+ #
++<IfModule mod_userdir.c>
+ UserDir public_html
+ 
++UserDir disabled %%FTPUSERS%%
++
+ #
+ # Control access to UserDir directories.  The following is an example
+ # for a site where these directories are restricted to read-only.
+@@ -384,6 +388,8 @@
+ #    </LimitExcept>
+ #</Directory>
+ 
++</IfModule>
++
+ #
+ # DirectoryIndex: sets the file that Apache will serve if a directory
+ # is requested.
+@@ -472,7 +478,7 @@
  # logged here.  If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  #
@@ -29,7 +64,7 @@
  
  #
  # LogLevel: Control the number of messages logged to the error_log.
-@@ -475,20 +475,20 @@
+@@ -500,20 +506,20 @@
  # define per-<VirtualHost> access logfiles, transactions will be
  # logged therein and *not* in this file.
  #
@@ -53,4 +88,10 @@
 +CustomLog @rel_logfiledir@/httpd-access.log combined
  
  #
- # Optionally add a line containing the server version and virtual host
+ # ServerTokens
+@@ -1049,3 +1055,5 @@
+ #    ErrorLog @rel_logfiledir@/dummy-host.example.com-error_log
+ #    CustomLog @rel_logfiledir@/dummy-host.example.com-access_log common
+ #</VirtualHost>
++
++Include @rel_sysconfdir@/Includes/*.conf
diff --git a/www/apache2/pkg-plist b/www/apache2/pkg-plist
index ee57ac1..230a8ea 100644
--- a/www/apache2/pkg-plist
+++ b/www/apache2/pkg-plist
@@ -1681,4 +1681,5 @@ share/apache2/build/special.mk
 @unexec rmdir %D/libexec/apache2 2> /dev/null || true
 %%PORTS_APR%%@dirrm lib/apache2
 @dirrm include/apache2
+@unexec rmdir %D/etc/apache2/Includes 2> /dev/null || true
 @unexec rmdir %D/etc/apache2 2> /dev/null || echo "===> If you plan to do not reinstall apache2, you can safely remove %D/etc/apache2."
diff --git a/www/apache20/Makefile b/www/apache20/Makefile
index 3e06a63..0b856bf 100644
--- a/www/apache20/Makefile
+++ b/www/apache20/Makefile
@@ -172,9 +172,6 @@ pre-everything::
 post-extract:
 	@${INSTALL_DATA} ${DISTDIR}/${DIST_SUBDIR}/powerlogo.gif ${WRKSRC}/docs/icons/freebsd.gif
 
-pre-configure:
-	@cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf
-
 post-patch:
 	@cd ${WRKSRC}/docs/docroot && \
 	 for f in index.html.*; do (\
@@ -190,10 +187,19 @@ post-patch:
 			${WRKSRC}/server/core.c
 	@${INSTALL_DATA} ${WRKSRC}/NOTICE ${WRKSRC}/docs/manual
 
+pre-configure:
+	@cd ${WRKSRC}; ${SETENV} ${SCRIPTS_ENV} ./buildconf
+
+post-configure:
+	@FTPUSERS=`${EGREP} -v '^#' /etc/ftpusers| ${TR} -s "\n" " "` ;\
+	${REINPLACE_CMD} -e "s,%%FTPUSERS%%,$$FTPUSERS," \
+			${WRKSRC}/docs/conf/httpd-std.conf
+
 pre-install:
 	@PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
 
 post-install:
+	@${MKDIR} ${PREFIX}/etc/apache2/Includes
 	@if [ ! -f ${PREFIX}/etc/rc.d/apache2.sh ]; then \
 		${ECHO} "Installing ${PREFIX}/etc/rc.d/apache2.sh startup file."; \
 		${INSTALL_SCRIPT} -m 751 ${WRKDIR}/apache2.sh ${PREFIX}/etc/rc.d/apache2.sh; \
diff --git a/www/apache20/files/apache.sh b/www/apache20/files/apache.sh
index 15f20ae..1fbc67d 100644
--- a/www/apache20/files/apache.sh
+++ b/www/apache20/files/apache.sh
@@ -28,6 +28,7 @@
 name="apache2"
 rcvar=`set_rcvar`
 
+start_precmd="apache2_precmd"
 command="%%PREFIX%%/sbin/httpd"
 pidfile="/var/run/httpd.pid"
 required_files=%%PREFIX%%/etc/apache2/httpd.conf
@@ -43,8 +44,20 @@ load_rc_config $name
 checkyesno apache2ssl_enable && \
 			apache2_flags="-DSSL $apache2_flags"
 
-checkyesno apache2limits_enable && \
-			start_precmd="eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null"
+apache2_precmd() 
+{
+	if test -f %%PREFIX%%/sbin/envvars
+	then
+		. %%PREFIX%%/sbin/envvars
+	fi
+	if checkyesno apache2limits_enable
+	then
+		eval `/usr/bin/limits ${apache2limits_args}` 2>/dev/null
+	else
+		return 0
+        fi
+
+}
 
 sig_reload=SIGUSR1
 
diff --git a/www/apache20/files/patch-docs:conf:httpd-std.conf.in b/www/apache20/files/patch-docs:conf:httpd-std.conf.in
index d87b8bd..31c157a 100644
--- a/www/apache20/files/patch-docs:conf:httpd-std.conf.in
+++ b/www/apache20/files/patch-docs:conf:httpd-std.conf.in
@@ -1,5 +1,5 @@
---- docs/conf/httpd-std.conf.in.orig	Wed Apr 24 07:24:35 2002
-+++ docs/conf/httpd-std.conf.in	Tue May  7 19:29:28 2002
+--- docs/conf/httpd-std.conf.in.orig	Sat Apr 24 20:13:43 2004
++++ docs/conf/httpd-std.conf.in	Sun Jul 25 11:37:58 2004
 @@ -68,7 +68,7 @@
  #
  <IfModule !mpm_netware.c>
@@ -9,7 +9,7 @@
  </IfModule>
  </IfModule>
  
-@@ -263,8 +263,8 @@
+@@ -265,8 +265,8 @@
  #  when the value of (unsigned)Group is above 60000; 
  #  don't use Group #-1 on these systems!
  #
@@ -20,7 +20,42 @@
  </IfModule>
  </IfModule>
  
-@@ -450,7 +450,7 @@
+@@ -314,10 +314,11 @@
+ #
+ # First, we configure the "default" to be a very restrictive set of 
+ # features.  
+-#
++# 
+ <Directory />
+-    Options FollowSymLinks
+     AllowOverride None
++    Order Deny,Allow
++    Deny from all 
+ </Directory>
+ 
+ #
+@@ -365,8 +366,11 @@
+ # UserDir: The name of the directory that is appended onto a user's home
+ # directory if a ~user request is received.
+ #
++<IfModule mod_userdir.c>
+ UserDir public_html
+ 
++UserDir disabled %%FTPUSERS%%
++
+ #
+ # Control access to UserDir directories.  The following is an example
+ # for a site where these directories are restricted to read-only.
+@@ -384,6 +388,8 @@
+ #    </LimitExcept>
+ #</Directory>
+ 
++</IfModule>
++
+ #
+ # DirectoryIndex: sets the file that Apache will serve if a directory
+ # is requested.
+@@ -472,7 +478,7 @@
  # logged here.  If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  #
@@ -29,7 +64,7 @@
  
  #
  # LogLevel: Control the number of messages logged to the error_log.
-@@ -475,20 +475,20 @@
+@@ -500,20 +506,20 @@
  # define per-<VirtualHost> access logfiles, transactions will be
  # logged therein and *not* in this file.
  #
@@ -53,4 +88,10 @@
 +CustomLog @rel_logfiledir@/httpd-access.log combined
  
  #
- # Optionally add a line containing the server version and virtual host
+ # ServerTokens
+@@ -1049,3 +1055,5 @@
+ #    ErrorLog @rel_logfiledir@/dummy-host.example.com-error_log
+ #    CustomLog @rel_logfiledir@/dummy-host.example.com-access_log common
+ #</VirtualHost>
++
++Include @rel_sysconfdir@/Includes/*.conf
diff --git a/www/apache20/pkg-plist b/www/apache20/pkg-plist
index ee57ac1..230a8ea 100644
--- a/www/apache20/pkg-plist
+++ b/www/apache20/pkg-plist
@@ -1681,4 +1681,5 @@ share/apache2/build/special.mk
 @unexec rmdir %D/libexec/apache2 2> /dev/null || true
 %%PORTS_APR%%@dirrm lib/apache2
 @dirrm include/apache2
+@unexec rmdir %D/etc/apache2/Includes 2> /dev/null || true
 @unexec rmdir %D/etc/apache2 2> /dev/null || echo "===> If you plan to do not reinstall apache2, you can safely remove %D/etc/apache2."
-- 
cgit v1.1