summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenedikt Boehm <hollow@gentoo.org>2006-06-05 18:16:40 +0000
committerBenedikt Boehm <hollow@gentoo.org>2006-06-05 18:16:40 +0000
commita80a48aa7d505e56b9c877e2508ce56f5d4e0c0a (patch)
tree071f5e0be1dbd87e2099b5bd8369348a1565ddeb /www-apache
parentMask 3dfx useflag. (diff)
downloadgentoo-2-a80a48aa7d505e56b9c877e2508ce56f5d4e0c0a.tar.gz
gentoo-2-a80a48aa7d505e56b9c877e2508ce56f5d4e0c0a.tar.bz2
gentoo-2-a80a48aa7d505e56b9c877e2508ce56f5d4e0c0a.zip
fix #111081
(Portage version: 2.1_rc3-r1)
Diffstat (limited to 'www-apache')
-rw-r--r--www-apache/mod_suphp/ChangeLog8
-rw-r--r--www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r23
-rw-r--r--www-apache/mod_suphp/files/suphp-mod_userdir.patch224
-rw-r--r--www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild123
4 files changed, 357 insertions, 1 deletions
diff --git a/www-apache/mod_suphp/ChangeLog b/www-apache/mod_suphp/ChangeLog
index fd9575396e3b..61b6886adc5b 100644
--- a/www-apache/mod_suphp/ChangeLog
+++ b/www-apache/mod_suphp/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for www-apache/mod_suphp
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_suphp/ChangeLog,v 1.8 2006/06/05 13:24:10 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_suphp/ChangeLog,v 1.9 2006/06/05 18:16:40 hollow Exp $
+
+*mod_suphp-0.6.1-r2 (05 Jun 2006)
+
+ 05 Jun 2006; Benedikt Böhm <hollow@gentoo.org>
+ +files/suphp-mod_userdir.patch, +mod_suphp-0.6.1-r2.ebuild:
+ fix #111081
05 Jun 2006; Luca Longinotti <chtekk@gentoo.org> metadata.xml,
-mod_suphp-0.6.0.ebuild, -mod_suphp-0.6.1.ebuild,
diff --git a/www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r2 b/www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r2
new file mode 100644
index 000000000000..678c9c1d791b
--- /dev/null
+++ b/www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r2
@@ -0,0 +1,3 @@
+MD5 7eb8ae29404392d9eb07c69d5242d716 suphp-0.6.1.tar.gz 361372
+RMD160 c4a77b32ab8ca7f263800c6a745e22cb13959adb suphp-0.6.1.tar.gz 361372
+SHA256 fd838e3ec24846db2733ee54117c84348c21a2c41990b7a51eadf1b1df041443 suphp-0.6.1.tar.gz 361372
diff --git a/www-apache/mod_suphp/files/suphp-mod_userdir.patch b/www-apache/mod_suphp/files/suphp-mod_userdir.patch
new file mode 100644
index 000000000000..b4f6f19e7e30
--- /dev/null
+++ b/www-apache/mod_suphp/files/suphp-mod_userdir.patch
@@ -0,0 +1,224 @@
+diff -ur suphp-0.6.1/doc/CONFIG suphp-0.6.1-userdir/doc/CONFIG
+--- suphp-0.6.1/doc/CONFIG 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/doc/CONFIG 2005-12-02 15:07:41.000000000 -0500
+@@ -95,6 +95,11 @@
+ Minimum GID allowed to execute scripts.
+ Defaults to compile-time value.
+
++handle_userdir:
++ Handle sites created by mod_userdir.
++ Scripts on userdir sites will be executed with the permissions
++ of the owner of the site. This option only affects force and paranoid mode.
++ This option is enabled by default.
+
+ 3. Handlers
+
+diff -ur suphp-0.6.1/doc/suphp.conf-example suphp-0.6.1-userdir/doc/suphp.conf-example
+--- suphp-0.6.1/doc/suphp.conf-example 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/doc/suphp.conf-example 2005-12-02 15:07:41.000000000 -0500
+@@ -38,6 +38,8 @@
+ ; Minimum GID
+ min_gid=100
+
++; Use correct permissions for mod_userdir sites
++handle_userdir=true
+
+ [handlers]
+ ;Handler for php-scripts
+diff -ur suphp-0.6.1/src/Application.cpp suphp-0.6.1-userdir/src/Application.cpp
+--- suphp-0.6.1/src/Application.cpp 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/src/Application.cpp 2005-12-02 17:18:27.000000000 -0500
+@@ -19,6 +19,7 @@
+ */
+
+ #include <iostream>
++#include <sstream>
+
+ #include "config.h"
+
+@@ -300,29 +301,33 @@
+ // Paranoid and force mode
+
+ #if (defined(OPT_USERGROUP_PARANOID) || defined(OPT_USERGROUP_FORCE))
+- std::string targetUsername, targetGroupname;
+- try {
+- targetUsername = environment.getVar("SUPHP_USER");
+- targetGroupname = environment.getVar("SUPHP_GROUP");
+- } catch (KeyNotFoundException& e) {
+- throw SecurityException(
++ if (config.getHandleUserdir() && checkUserDir(environment.getVar("SUPHP_URI"),targetUser)) {
++ targetGroup = targetUser.getGroupInfo();
++ } else {
++ std::string targetUsername, targetGroupname;
++ try {
++ targetUsername = environment.getVar("SUPHP_USER");
++ targetGroupname = environment.getVar("SUPHP_GROUP");
++ } catch (KeyNotFoundException& e) {
++ throw SecurityException(
+ "Environment variable SUPHP_USER or SUPHP_GROUP not set",
+ __FILE__, __LINE__);
+- }
++ }
+
+- if (targetUsername[0] == '#' && targetUsername.find_first_not_of(
++ if (targetUsername[0] == '#' && targetUsername.find_first_not_of(
+ "0123456789", 1) == std::string::npos) {
+- targetUser = api.getUserInfo(Util::strToInt(targetUsername.substr(1)));
+- } else {
+- targetUser = api.getUserInfo(targetUsername);
+- }
++ targetUser = api.getUserInfo(Util::strToInt(targetUsername.substr(1)));
++ } else {
++ targetUser = api.getUserInfo(targetUsername);
++ }
+
+- if (targetGroupname[0] == '#' && targetGroupname.find_first_not_of(
++ if (targetGroupname[0] == '#' && targetGroupname.find_first_not_of(
+ "0123456789", 1) == std::string::npos) {
+- targetGroup = api.getGroupInfo(
++ targetGroup = api.getGroupInfo(
+ Util::strToInt(targetGroupname.substr(1)));
+- } else {
+- targetGroup = api.getGroupInfo(targetGroupname);
++ } else {
++ targetGroup = api.getGroupInfo(targetGroupname);
++ }
+ }
+ #endif // OPT_USERGROUP_PARANOID || OPT_USERGROUP_FORCE
+
+@@ -473,6 +478,28 @@
+ }
+ }
+
++bool suPHP::Application::checkUserDir(const std::string& url, UserInfo& user) const {
++
++ if (url.length() <= 2 || url[1] != '~')
++ return false;
++
++ API& api = API_Helper::getSystemAPI();
++ std::string topDir;
++ std::istringstream strm(url);
++
++ for (int i = 0; i < 2; i++)
++ if (!std::getline(strm, topDir, '/'))
++ return false;
++
++ std::string userName = topDir.substr(1,topDir.length());
++
++ try {
++ user = api.getUserInfo(userName);
++ return true;
++ } catch (LookupException& e) {
++ return false;
++ }
++}
+
+ int main(int argc, char **argv) {
+ try {
+diff -ur suphp-0.6.1/src/Application.hpp suphp-0.6.1-userdir/src/Application.hpp
+--- suphp-0.6.1/src/Application.hpp 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/src/Application.hpp 2005-12-02 15:07:41.000000000 -0500
+@@ -39,6 +39,7 @@
+ #include "SystemException.hpp"
+ #include "SoftException.hpp"
+ #include "SecurityException.hpp"
++#include "UserInfo.hpp"
+
+ namespace suPHP {
+ /**
+@@ -107,6 +108,12 @@
+ const Configuration& config) const
+ throw (SoftException);
+
++ /**
++ * Checks if a given URL is a userdir
++ * associated user is assigned to the user parameter
++ */
++ bool checkUserDir(const std::string& url,
++ UserInfo& user) const;
+
+ public:
+ /**
+diff -ur suphp-0.6.1/src/Configuration.cpp suphp-0.6.1-userdir/src/Configuration.cpp
+--- suphp-0.6.1/src/Configuration.cpp 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/src/Configuration.cpp 2005-12-02 17:22:46.000000000 -0500
+@@ -112,6 +112,7 @@
+ #endif
+ this->umask = 0077;
+ this->chroot_path = "";
++ this->handle_userdir = true;
+ }
+
+ void suPHP::Configuration::readFromFile(File& file)
+@@ -157,6 +158,8 @@
+ this->umask = Util::octalStrToInt(value);
+ else if (key == "chroot")
+ this->chroot_path = value;
++ else if (key == "handle_userdir")
++ this->handle_userdir = this->strToBool(value);
+ else
+ throw ParsingException("Unknown option \"" + key +
+ "\" in section [global]",
+@@ -250,3 +253,7 @@
+ std::string suPHP::Configuration::getChrootPath() const {
+ return this->chroot_path;
+ }
++
++bool suPHP::Configuration::getHandleUserdir() const {
++ return this->handle_userdir;
++}
+diff -ur suphp-0.6.1/src/Configuration.hpp suphp-0.6.1-userdir/src/Configuration.hpp
+--- suphp-0.6.1/src/Configuration.hpp 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/src/Configuration.hpp 2005-12-02 15:07:41.000000000 -0500
+@@ -57,7 +57,8 @@
+ int min_gid;
+ int umask;
+ std::string chroot_path;
+-
++ bool handle_userdir;
++
+ /**
+ * Converts string to bool
+ */
+@@ -165,6 +166,12 @@
+ * Return chroot path
+ */
+ std::string getChrootPath() const;
++
++ /**
++ * Return whether to correctly handle mod_userdir sites
++ */
++ bool getHandleUserdir() const;
++
+ };
+ };
+
+diff -ur suphp-0.6.1/src/apache/mod_suphp.c suphp-0.6.1-userdir/src/apache/mod_suphp.c
+--- suphp-0.6.1/src/apache/mod_suphp.c 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/src/apache/mod_suphp.c 2005-12-02 15:07:41.000000000 -0500
+@@ -444,7 +444,10 @@
+ }
+ }
+ }
+-
++
++ /* for mod_userdir checking */
++ apr_table_setn(r->subprocess_env, "SUPHP_URI", apr_pstrdup(p, r->uri));
++
+ if (auth_user && auth_pass) {
+ ap_table_setn(r->subprocess_env, "SUPHP_AUTH_USER", auth_user);
+ ap_table_setn(r->subprocess_env, "SUPHP_AUTH_PW", auth_pass);
+diff -ur suphp-0.6.1/src/apache2/mod_suphp.c suphp-0.6.1-userdir/src/apache2/mod_suphp.c
+--- suphp-0.6.1/src/apache2/mod_suphp.c 2005-11-26 14:45:49.000000000 -0500
++++ suphp-0.6.1-userdir/src/apache2/mod_suphp.c 2005-12-02 15:07:41.000000000 -0500
+@@ -461,6 +461,10 @@
+ }
+ }
+
++ /* for mod_userdir checking */
++ apr_table_setn(r->subprocess_env, "SUPHP_URI",
++ apr_pstrdup(r->pool, r->uri));
++
+ if (auth_user && auth_pass)
+ {
+ apr_table_setn(r->subprocess_env, "SUPHP_AUTH_USER", auth_user);
diff --git a/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild b/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild
new file mode 100644
index 000000000000..e42ae7cdce1d
--- /dev/null
+++ b/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild,v 1.1 2006/06/05 18:16:40 hollow Exp $
+
+inherit apache-module eutils
+
+MY_P=${P/mod_/}
+
+SETIDMODES="mode-force mode-owner mode-paranoid"
+
+DESCRIPTION="A PHP wrapper for Apache"
+HOMEPAGE="http://www.suphp.org"
+SRC_URI="http://www.suphp.org/download/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="checkpath ${SETIDMODES}"
+SLOT="0"
+
+S="${WORKDIR}/${MY_P}"
+
+APXS1_S="${S}/src/apache"
+APACHE1_MOD_CONF="70_${PN}"
+APACHE1_MOD_DEFINE="SUPHP"
+
+APXS2_S="${S}/src/apache2"
+APACHE2_MOD_CONF="70_${PN}"
+APACHE2_MOD_DEFINE="SUPHP"
+
+need_apache2
+
+pkg_setup() {
+ modecnt=0
+ for mode in ${SETIDMODES}; do
+ if use ${mode}; then
+ if [ ${modecnt} -eq 0 ]; then
+ SUPHP_SETIDMODE=${mode/mode-}
+ let modecnt++
+ elif [ ${modecnt} -ge 1 ]; then
+ die "You can only select ONE mode in your USE flags!"
+ fi
+ fi
+ done
+
+ if [ ${modecnt} -eq 0 ]; then
+ ewarn
+ ewarn "No mode selected, defaulting to paranoid!"
+ ewarn
+ ewarn "If you want to choose another mode, put mode-force OR mode-owner"
+ ewarn "into your USE flags and run emerge again."
+ ewarn
+ SUPHP_SETIDMODE=paranoid
+ fi
+
+ einfo
+ einfo "Using ${SUPHP_SETIDMODE/mode-} mode"
+ einfo
+ einfo "You can manipulate several configure options of this"
+ einfo "ebuild through environment variables:"
+ einfo
+ einfo "SUPHP_MINUID: Minimum UID, which is allowed to run scripts (default: 1000)"
+ einfo "SUPHP_MINGID: Minimum GID, which is allowed to run scripts (default: 100)"
+ einfo "SUPHP_APACHEUSER: Name of the user Apache is running as (default: apache)"
+ einfo "SUPHP_LOGFILE: Path to suPHP logfile (default: /var/log/apache2/suphp_log)"
+ einfo
+
+ : ${SUPHP_MINUID:=1000}
+ : ${SUPHP_MINGID:=100}
+ : ${SUPHP_APACHEUSER:="apache"}
+ : ${SUPHP_LOGFILE:="/var/log/apache2/suphp_log"}
+}
+
+src_unpack() {
+ unpack ${A}
+
+ cd "${S}"
+
+ epatch "${FILESDIR}/suphp-mod_userdir.patch"
+ epatch "${FILESDIR}/suphp-apache22-compat.patch"
+ if has_version ">=dev-libs/apr-1.0.0" ; then
+ sed -e "s|apr-config|apr-1-config|g" -i configure
+ fi
+}
+
+src_compile() {
+ local myargs=
+ use checkpath || myargs="${myargs} --disable-checkpath"
+
+ myargs="${myargs} \
+ --with-setid-mode=${SUPHP_SETIDMODE} \
+ --with-min-uid=${SUPHP_MINUID} \
+ --with-min-gid=${SUPHP_MINGID} \
+ --with-apache-user=${SUPHP_APACHEUSER} \
+ --with-logfile=${SUPHP_LOGFILE} \
+ --with-apxs=${APXS2}"
+ if has_version ">=dev-libs/apr-1.0.0" ; then
+ CFLAGS="$(apr-1-config --includes) $(apu-1-config --includes)" \
+ econf ${myargs} || die "econf failed"
+ else
+ CFLAGS="$(apr-config --includes) $(apu-config --includes)" \
+ econf ${myargs} || die "econf failed"
+ fi
+
+ emake || die "make failed"
+}
+
+src_install() {
+ apache-module_src_install
+ dosbin src/suphp
+
+ dodoc ChangeLog doc/CONFIG
+
+ docinto apache
+ dodoc doc/apache/CONFIG doc/apache/INSTALL
+
+ insinto /etc
+ doins ${FILESDIR}/suphp.conf
+}
+
+pkg_postinst() {
+ # make suphp setuid
+ chmod 4755 /usr/sbin/suphp
+}