diff options
author | Benedikt Boehm <hollow@gentoo.org> | 2006-06-05 18:16:40 +0000 |
---|---|---|
committer | Benedikt Boehm <hollow@gentoo.org> | 2006-06-05 18:16:40 +0000 |
commit | a80a48aa7d505e56b9c877e2508ce56f5d4e0c0a (patch) | |
tree | 071f5e0be1dbd87e2099b5bd8369348a1565ddeb /www-apache | |
parent | Mask 3dfx useflag. (diff) | |
download | gentoo-2-a80a48aa7d505e56b9c877e2508ce56f5d4e0c0a.tar.gz gentoo-2-a80a48aa7d505e56b9c877e2508ce56f5d4e0c0a.tar.bz2 gentoo-2-a80a48aa7d505e56b9c877e2508ce56f5d4e0c0a.zip |
fix #111081
(Portage version: 2.1_rc3-r1)
Diffstat (limited to 'www-apache')
-rw-r--r-- | www-apache/mod_suphp/ChangeLog | 8 | ||||
-rw-r--r-- | www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r2 | 3 | ||||
-rw-r--r-- | www-apache/mod_suphp/files/suphp-mod_userdir.patch | 224 | ||||
-rw-r--r-- | www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild | 123 |
4 files changed, 357 insertions, 1 deletions
diff --git a/www-apache/mod_suphp/ChangeLog b/www-apache/mod_suphp/ChangeLog index fd9575396e3b..61b6886adc5b 100644 --- a/www-apache/mod_suphp/ChangeLog +++ b/www-apache/mod_suphp/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-apache/mod_suphp # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_suphp/ChangeLog,v 1.8 2006/06/05 13:24:10 chtekk Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_suphp/ChangeLog,v 1.9 2006/06/05 18:16:40 hollow Exp $ + +*mod_suphp-0.6.1-r2 (05 Jun 2006) + + 05 Jun 2006; Benedikt Böhm <hollow@gentoo.org> + +files/suphp-mod_userdir.patch, +mod_suphp-0.6.1-r2.ebuild: + fix #111081 05 Jun 2006; Luca Longinotti <chtekk@gentoo.org> metadata.xml, -mod_suphp-0.6.0.ebuild, -mod_suphp-0.6.1.ebuild, diff --git a/www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r2 b/www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r2 new file mode 100644 index 000000000000..678c9c1d791b --- /dev/null +++ b/www-apache/mod_suphp/files/digest-mod_suphp-0.6.1-r2 @@ -0,0 +1,3 @@ +MD5 7eb8ae29404392d9eb07c69d5242d716 suphp-0.6.1.tar.gz 361372 +RMD160 c4a77b32ab8ca7f263800c6a745e22cb13959adb suphp-0.6.1.tar.gz 361372 +SHA256 fd838e3ec24846db2733ee54117c84348c21a2c41990b7a51eadf1b1df041443 suphp-0.6.1.tar.gz 361372 diff --git a/www-apache/mod_suphp/files/suphp-mod_userdir.patch b/www-apache/mod_suphp/files/suphp-mod_userdir.patch new file mode 100644 index 000000000000..b4f6f19e7e30 --- /dev/null +++ b/www-apache/mod_suphp/files/suphp-mod_userdir.patch @@ -0,0 +1,224 @@ +diff -ur suphp-0.6.1/doc/CONFIG suphp-0.6.1-userdir/doc/CONFIG +--- suphp-0.6.1/doc/CONFIG 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/doc/CONFIG 2005-12-02 15:07:41.000000000 -0500 +@@ -95,6 +95,11 @@ + Minimum GID allowed to execute scripts. + Defaults to compile-time value. + ++handle_userdir: ++ Handle sites created by mod_userdir. ++ Scripts on userdir sites will be executed with the permissions ++ of the owner of the site. This option only affects force and paranoid mode. ++ This option is enabled by default. + + 3. Handlers + +diff -ur suphp-0.6.1/doc/suphp.conf-example suphp-0.6.1-userdir/doc/suphp.conf-example +--- suphp-0.6.1/doc/suphp.conf-example 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/doc/suphp.conf-example 2005-12-02 15:07:41.000000000 -0500 +@@ -38,6 +38,8 @@ + ; Minimum GID + min_gid=100 + ++; Use correct permissions for mod_userdir sites ++handle_userdir=true + + [handlers] + ;Handler for php-scripts +diff -ur suphp-0.6.1/src/Application.cpp suphp-0.6.1-userdir/src/Application.cpp +--- suphp-0.6.1/src/Application.cpp 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/src/Application.cpp 2005-12-02 17:18:27.000000000 -0500 +@@ -19,6 +19,7 @@ + */ + + #include <iostream> ++#include <sstream> + + #include "config.h" + +@@ -300,29 +301,33 @@ + // Paranoid and force mode + + #if (defined(OPT_USERGROUP_PARANOID) || defined(OPT_USERGROUP_FORCE)) +- std::string targetUsername, targetGroupname; +- try { +- targetUsername = environment.getVar("SUPHP_USER"); +- targetGroupname = environment.getVar("SUPHP_GROUP"); +- } catch (KeyNotFoundException& e) { +- throw SecurityException( ++ if (config.getHandleUserdir() && checkUserDir(environment.getVar("SUPHP_URI"),targetUser)) { ++ targetGroup = targetUser.getGroupInfo(); ++ } else { ++ std::string targetUsername, targetGroupname; ++ try { ++ targetUsername = environment.getVar("SUPHP_USER"); ++ targetGroupname = environment.getVar("SUPHP_GROUP"); ++ } catch (KeyNotFoundException& e) { ++ throw SecurityException( + "Environment variable SUPHP_USER or SUPHP_GROUP not set", + __FILE__, __LINE__); +- } ++ } + +- if (targetUsername[0] == '#' && targetUsername.find_first_not_of( ++ if (targetUsername[0] == '#' && targetUsername.find_first_not_of( + "0123456789", 1) == std::string::npos) { +- targetUser = api.getUserInfo(Util::strToInt(targetUsername.substr(1))); +- } else { +- targetUser = api.getUserInfo(targetUsername); +- } ++ targetUser = api.getUserInfo(Util::strToInt(targetUsername.substr(1))); ++ } else { ++ targetUser = api.getUserInfo(targetUsername); ++ } + +- if (targetGroupname[0] == '#' && targetGroupname.find_first_not_of( ++ if (targetGroupname[0] == '#' && targetGroupname.find_first_not_of( + "0123456789", 1) == std::string::npos) { +- targetGroup = api.getGroupInfo( ++ targetGroup = api.getGroupInfo( + Util::strToInt(targetGroupname.substr(1))); +- } else { +- targetGroup = api.getGroupInfo(targetGroupname); ++ } else { ++ targetGroup = api.getGroupInfo(targetGroupname); ++ } + } + #endif // OPT_USERGROUP_PARANOID || OPT_USERGROUP_FORCE + +@@ -473,6 +478,28 @@ + } + } + ++bool suPHP::Application::checkUserDir(const std::string& url, UserInfo& user) const { ++ ++ if (url.length() <= 2 || url[1] != '~') ++ return false; ++ ++ API& api = API_Helper::getSystemAPI(); ++ std::string topDir; ++ std::istringstream strm(url); ++ ++ for (int i = 0; i < 2; i++) ++ if (!std::getline(strm, topDir, '/')) ++ return false; ++ ++ std::string userName = topDir.substr(1,topDir.length()); ++ ++ try { ++ user = api.getUserInfo(userName); ++ return true; ++ } catch (LookupException& e) { ++ return false; ++ } ++} + + int main(int argc, char **argv) { + try { +diff -ur suphp-0.6.1/src/Application.hpp suphp-0.6.1-userdir/src/Application.hpp +--- suphp-0.6.1/src/Application.hpp 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/src/Application.hpp 2005-12-02 15:07:41.000000000 -0500 +@@ -39,6 +39,7 @@ + #include "SystemException.hpp" + #include "SoftException.hpp" + #include "SecurityException.hpp" ++#include "UserInfo.hpp" + + namespace suPHP { + /** +@@ -107,6 +108,12 @@ + const Configuration& config) const + throw (SoftException); + ++ /** ++ * Checks if a given URL is a userdir ++ * associated user is assigned to the user parameter ++ */ ++ bool checkUserDir(const std::string& url, ++ UserInfo& user) const; + + public: + /** +diff -ur suphp-0.6.1/src/Configuration.cpp suphp-0.6.1-userdir/src/Configuration.cpp +--- suphp-0.6.1/src/Configuration.cpp 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/src/Configuration.cpp 2005-12-02 17:22:46.000000000 -0500 +@@ -112,6 +112,7 @@ + #endif + this->umask = 0077; + this->chroot_path = ""; ++ this->handle_userdir = true; + } + + void suPHP::Configuration::readFromFile(File& file) +@@ -157,6 +158,8 @@ + this->umask = Util::octalStrToInt(value); + else if (key == "chroot") + this->chroot_path = value; ++ else if (key == "handle_userdir") ++ this->handle_userdir = this->strToBool(value); + else + throw ParsingException("Unknown option \"" + key + + "\" in section [global]", +@@ -250,3 +253,7 @@ + std::string suPHP::Configuration::getChrootPath() const { + return this->chroot_path; + } ++ ++bool suPHP::Configuration::getHandleUserdir() const { ++ return this->handle_userdir; ++} +diff -ur suphp-0.6.1/src/Configuration.hpp suphp-0.6.1-userdir/src/Configuration.hpp +--- suphp-0.6.1/src/Configuration.hpp 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/src/Configuration.hpp 2005-12-02 15:07:41.000000000 -0500 +@@ -57,7 +57,8 @@ + int min_gid; + int umask; + std::string chroot_path; +- ++ bool handle_userdir; ++ + /** + * Converts string to bool + */ +@@ -165,6 +166,12 @@ + * Return chroot path + */ + std::string getChrootPath() const; ++ ++ /** ++ * Return whether to correctly handle mod_userdir sites ++ */ ++ bool getHandleUserdir() const; ++ + }; + }; + +diff -ur suphp-0.6.1/src/apache/mod_suphp.c suphp-0.6.1-userdir/src/apache/mod_suphp.c +--- suphp-0.6.1/src/apache/mod_suphp.c 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/src/apache/mod_suphp.c 2005-12-02 15:07:41.000000000 -0500 +@@ -444,7 +444,10 @@ + } + } + } +- ++ ++ /* for mod_userdir checking */ ++ apr_table_setn(r->subprocess_env, "SUPHP_URI", apr_pstrdup(p, r->uri)); ++ + if (auth_user && auth_pass) { + ap_table_setn(r->subprocess_env, "SUPHP_AUTH_USER", auth_user); + ap_table_setn(r->subprocess_env, "SUPHP_AUTH_PW", auth_pass); +diff -ur suphp-0.6.1/src/apache2/mod_suphp.c suphp-0.6.1-userdir/src/apache2/mod_suphp.c +--- suphp-0.6.1/src/apache2/mod_suphp.c 2005-11-26 14:45:49.000000000 -0500 ++++ suphp-0.6.1-userdir/src/apache2/mod_suphp.c 2005-12-02 15:07:41.000000000 -0500 +@@ -461,6 +461,10 @@ + } + } + ++ /* for mod_userdir checking */ ++ apr_table_setn(r->subprocess_env, "SUPHP_URI", ++ apr_pstrdup(r->pool, r->uri)); ++ + if (auth_user && auth_pass) + { + apr_table_setn(r->subprocess_env, "SUPHP_AUTH_USER", auth_user); diff --git a/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild b/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild new file mode 100644 index 000000000000..e42ae7cdce1d --- /dev/null +++ b/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild @@ -0,0 +1,123 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_suphp/mod_suphp-0.6.1-r2.ebuild,v 1.1 2006/06/05 18:16:40 hollow Exp $ + +inherit apache-module eutils + +MY_P=${P/mod_/} + +SETIDMODES="mode-force mode-owner mode-paranoid" + +DESCRIPTION="A PHP wrapper for Apache" +HOMEPAGE="http://www.suphp.org" +SRC_URI="http://www.suphp.org/download/${MY_P}.tar.gz" + +LICENSE="GPL-2" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="checkpath ${SETIDMODES}" +SLOT="0" + +S="${WORKDIR}/${MY_P}" + +APXS1_S="${S}/src/apache" +APACHE1_MOD_CONF="70_${PN}" +APACHE1_MOD_DEFINE="SUPHP" + +APXS2_S="${S}/src/apache2" +APACHE2_MOD_CONF="70_${PN}" +APACHE2_MOD_DEFINE="SUPHP" + +need_apache2 + +pkg_setup() { + modecnt=0 + for mode in ${SETIDMODES}; do + if use ${mode}; then + if [ ${modecnt} -eq 0 ]; then + SUPHP_SETIDMODE=${mode/mode-} + let modecnt++ + elif [ ${modecnt} -ge 1 ]; then + die "You can only select ONE mode in your USE flags!" + fi + fi + done + + if [ ${modecnt} -eq 0 ]; then + ewarn + ewarn "No mode selected, defaulting to paranoid!" + ewarn + ewarn "If you want to choose another mode, put mode-force OR mode-owner" + ewarn "into your USE flags and run emerge again." + ewarn + SUPHP_SETIDMODE=paranoid + fi + + einfo + einfo "Using ${SUPHP_SETIDMODE/mode-} mode" + einfo + einfo "You can manipulate several configure options of this" + einfo "ebuild through environment variables:" + einfo + einfo "SUPHP_MINUID: Minimum UID, which is allowed to run scripts (default: 1000)" + einfo "SUPHP_MINGID: Minimum GID, which is allowed to run scripts (default: 100)" + einfo "SUPHP_APACHEUSER: Name of the user Apache is running as (default: apache)" + einfo "SUPHP_LOGFILE: Path to suPHP logfile (default: /var/log/apache2/suphp_log)" + einfo + + : ${SUPHP_MINUID:=1000} + : ${SUPHP_MINGID:=100} + : ${SUPHP_APACHEUSER:="apache"} + : ${SUPHP_LOGFILE:="/var/log/apache2/suphp_log"} +} + +src_unpack() { + unpack ${A} + + cd "${S}" + + epatch "${FILESDIR}/suphp-mod_userdir.patch" + epatch "${FILESDIR}/suphp-apache22-compat.patch" + if has_version ">=dev-libs/apr-1.0.0" ; then + sed -e "s|apr-config|apr-1-config|g" -i configure + fi +} + +src_compile() { + local myargs= + use checkpath || myargs="${myargs} --disable-checkpath" + + myargs="${myargs} \ + --with-setid-mode=${SUPHP_SETIDMODE} \ + --with-min-uid=${SUPHP_MINUID} \ + --with-min-gid=${SUPHP_MINGID} \ + --with-apache-user=${SUPHP_APACHEUSER} \ + --with-logfile=${SUPHP_LOGFILE} \ + --with-apxs=${APXS2}" + if has_version ">=dev-libs/apr-1.0.0" ; then + CFLAGS="$(apr-1-config --includes) $(apu-1-config --includes)" \ + econf ${myargs} || die "econf failed" + else + CFLAGS="$(apr-config --includes) $(apu-config --includes)" \ + econf ${myargs} || die "econf failed" + fi + + emake || die "make failed" +} + +src_install() { + apache-module_src_install + dosbin src/suphp + + dodoc ChangeLog doc/CONFIG + + docinto apache + dodoc doc/apache/CONFIG doc/apache/INSTALL + + insinto /etc + doins ${FILESDIR}/suphp.conf +} + +pkg_postinst() { + # make suphp setuid + chmod 4755 /usr/sbin/suphp +} |