Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: www-servers/apache/
Date: Fri, 08 Oct 2021 06:48:24
Message-Id: 1633675648.c2a21676c8017485107e53c6b15c9d12c5ac87b1.polynomial-c@gentoo
1 commit: c2a21676c8017485107e53c6b15c9d12c5ac87b1
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Fri Oct 8 06:47:28 2021 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Fri Oct 8 06:47:28 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2a21676
7
8 www-servers/apache: Security cleanup
9
10 Bug: https://bugs.gentoo.org/816864
11 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13 www-servers/apache/Manifest | 1 -
14 www-servers/apache/apache-2.4.50.ebuild | 262 --------------------------------
15 2 files changed, 263 deletions(-)
16
17 diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest
18 index 5d789d14468..92f48c54719 100644
19 --- a/www-servers/apache/Manifest
20 +++ b/www-servers/apache/Manifest
21 @@ -1,3 +1,2 @@
22 DIST gentoo-apache-2.4.46-r6-20210212.tar.bz2 25854 BLAKE2B 001f16c1beac8c90fd407bb2f77417f886296baf02acf0f6d81dc0f10c209270db7005f58d845d309dec8332773556da88db41a57c6ecc86f24b8a5141ba07d0 SHA512 976dde952277542efca70831b67da32b8bf636a346adeeb6e0bc5a65b3543a7ca4fb182bc01204f747b583dd753607d184d91ef46a93d5e2f3ab55ed787860a2
23 -DIST httpd-2.4.50.tar.bz2 7653174 BLAKE2B 6bdb26bc03347b9643e973d22726ef283b8d92b675f81e85f4e0470bedf8510bac60cd043fe966bc786d5ae47827ac1bb31da88a0e510f4bb6c665e2075c3beb SHA512 b1afbaf44e503b822ff2b443881dcb44a93aa55d496f88ae399a2e7def05f78590f266a16da1f2c0aac88e463b76fba20843b1e20a102e76c8269de6fae3e158
24 DIST httpd-2.4.51.tar.bz2 7653609 BLAKE2B a0743327f0411f5cb8b7d0426bf78db0f370e3d587f3a4c4bb7de0e4499effa3f44f5998e19e9ca3ed7b6fc9a8c0867cbe62134b5af7e6ed6c3bc29770b797df SHA512 9fb07c4b176f5c0485a143e2b1bb1085345ca9120b959974f68c37a8911a57894d2cb488b1b42fdf3102860b99e890204f5e9fa7ae3828b481119c563812cc66
25
26 diff --git a/www-servers/apache/apache-2.4.50.ebuild b/www-servers/apache/apache-2.4.50.ebuild
27 deleted file mode 100644
28 index 19d45aa6ddd..00000000000
29 --- a/www-servers/apache/apache-2.4.50.ebuild
30 +++ /dev/null
31 @@ -1,262 +0,0 @@
32 -# Copyright 1999-2021 Gentoo Authors
33 -# Distributed under the terms of the GNU General Public License v2
34 -
35 -EAPI=7
36 -
37 -# latest gentoo apache files
38 -GENTOO_PATCHSTAMP="20210212"
39 -GENTOO_DEVELOPER="polynomial-c"
40 -GENTOO_PATCHNAME="gentoo-apache-2.4.46-r6"
41 -
42 -# IUSE/USE_EXPAND magic
43 -IUSE_MPMS_FORK="prefork"
44 -IUSE_MPMS_THREAD="event worker"
45 -
46 -# << obsolete modules:
47 -# authn_default authz_default mem_cache
48 -# mem_cache is replaced by cache_disk
49 -# ?? buggy modules
50 -# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
51 -# >> added modules for reason:
52 -# compat: compatibility with 2.2 access control
53 -# authz_host: new module for access control
54 -# authn_core: functionality provided by authn_alias in previous versions
55 -# authz_core: new module, provides core authorization capabilities
56 -# cache_disk: replacement for mem_cache
57 -# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
58 -# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
59 -# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
60 -# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
61 -# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
62 -# socache_shmcb: shared object cache provider. Default config with ssl needs it
63 -# unixd: fixes startup error: Invalid command 'User'
64 -IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form
65 -authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core
66 -authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex
67 -brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock
68 -dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2
69 -ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness
70 -lbmethod_heartbeat log_config log_forensic logio lua macro md mime mime_magic negotiation
71 -proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi
72 -proxy_http2 proxy_fcgi proxy_uwsgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout
73 -session session_cookie session_crypto session_dbd setenvif slotmem_shm speling
74 -socache_memcache socache_shmcb status substitute unique_id userdir usertrack
75 -unixd version vhost_alias watchdog xml2enc"
76 -# The following are also in the source as of this version, but are not available
77 -# for user selection:
78 -# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
79 -# optional_fn_import optional_hook_export optional_hook_import
80 -
81 -# inter-module dependencies
82 -# TODO: this may still be incomplete
83 -MODULE_DEPENDS="
84 - auth_form:session
85 - brotli:filter
86 - dav_fs:dav
87 - dav_lock:dav
88 - deflate:filter
89 - cache_disk:cache
90 - ext_filter:filter
91 - file_cache:cache
92 - lbmethod_byrequests:proxy_balancer
93 - lbmethod_byrequests:slotmem_shm
94 - lbmethod_bytraffic:proxy_balancer
95 - lbmethod_bybusyness:proxy_balancer
96 - lbmethod_heartbeat:proxy_balancer
97 - log_forensic:log_config
98 - logio:log_config
99 - cache_disk:cache
100 - cache_socache:cache
101 - md:watchdog
102 - mime_magic:mime
103 - proxy_ajp:proxy
104 - proxy_balancer:proxy
105 - proxy_balancer:slotmem_shm
106 - proxy_connect:proxy
107 - proxy_ftp:proxy
108 - proxy_html:proxy
109 - proxy_html:xml2enc
110 - proxy_http:proxy
111 - proxy_http2:proxy
112 - proxy_scgi:proxy
113 - proxy_uwsgi:proxy
114 - proxy_fcgi:proxy
115 - proxy_wstunnel:proxy
116 - session_cookie:session
117 - session_dbd:dbd
118 - session_dbd:session
119 - socache_memcache:cache
120 - substitute:filter
121 -"
122 -
123 -# module<->define mappings
124 -MODULE_DEFINES="
125 - auth_digest:AUTH_DIGEST
126 - authnz_ldap:AUTHNZ_LDAP
127 - cache:CACHE
128 - cache_disk:CACHE
129 - cache_socache:CACHE
130 - dav:DAV
131 - dav_fs:DAV
132 - dav_lock:DAV
133 - file_cache:CACHE
134 - http2:HTTP2
135 - info:INFO
136 - ldap:LDAP
137 - lua:LUA
138 - md:SSL
139 - proxy:PROXY
140 - proxy_ajp:PROXY
141 - proxy_balancer:PROXY
142 - proxy_connect:PROXY
143 - proxy_ftp:PROXY
144 - proxy_html:PROXY
145 - proxy_http:PROXY
146 - proxy_fcgi:PROXY
147 - proxy_scgi:PROXY
148 - proxy_wstunnel:PROXY
149 - socache_shmcb:SSL
150 - socache_memcache:CACHE
151 - ssl:SSL
152 - status:STATUS
153 - suexec:SUEXEC
154 - userdir:USERDIR
155 -"
156 -
157 -# critical modules for the default config
158 -MODULE_CRITICAL="
159 - authn_core
160 - authz_core
161 - authz_host
162 - dir
163 - mime
164 - unixd
165 -"
166 -inherit apache-2 systemd tmpfiles toolchain-funcs
167 -
168 -DESCRIPTION="The Apache Web Server"
169 -HOMEPAGE="https://httpd.apache.org/"
170 -
171 -# some helper scripts are Apache-1.1, thus both are here
172 -LICENSE="Apache-2.0 Apache-1.1"
173 -SLOT="2"
174 -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x64-macos ~sparc64-solaris ~x64-solaris"
175 -
176 -# FIXME! Move this to eclass once all ebuilds are EAPI-7
177 -RDEPEND+=" apache2_modules_lua? ( ${LUA_DEPS} )"
178 -REQUIRED_USE+=" apache2_modules_lua? ( ${LUA_REQUIRED_USE} )"
179 -
180 -pkg_setup() {
181 - # dependend critical modules which are not allowed in global scope due
182 - # to USE flag conditionals (bug #499260)
183 - use ssl && MODULE_CRITICAL+=" socache_shmcb"
184 - use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
185 - apache-2_pkg_setup
186 -}
187 -
188 -src_configure() {
189 - # Brain dead check.
190 - tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no"
191 -
192 - apache-2_src_configure
193 -}
194 -
195 -src_compile() {
196 - if tc-is-cross-compiler ; then
197 - # This header is the same across targets, so use the build compiler.
198 - pushd server >/dev/null
199 - emake gen_test_char
200 - tc-export_build_env BUILD_CC
201 - ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \
202 - gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die
203 - popd >/dev/null
204 - fi
205 -
206 - default
207 -}
208 -
209 -src_install() {
210 - apache-2_src_install
211 - local i
212 - local apache_tools_prune_list=(
213 - /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}
214 - /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}
215 - /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}
216 - /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}
217 - )
218 - for i in ${apache_tools_prune_list[@]} ; do
219 - rm "${ED}"/${i} || die "Failed to prune apache-tools bits"
220 - done
221 -
222 - # install apxs in /usr/bin (bug #502384) and put a symlink into the
223 - # old location until all ebuilds and eclasses have been modified to
224 - # use the new location.
225 - dobin support/apxs
226 - use split-usr && dosym ../bin/apxs /usr/sbin/apxs
227 -
228 - # Note: wait for mod_systemd to be included in some forthcoming release,
229 - # Then apache2.4.service can be used and systemd support controlled
230 - # through --enable-systemd
231 - systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service"
232 - dotmpfiles "${FILESDIR}/apache.conf"
233 - #insinto /etc/apache2/modules.d
234 - #doins "${FILESDIR}/00_systemd.conf"
235 -
236 - # Install http2 module config
237 - insinto /etc/apache2/modules.d
238 - doins "${FILESDIR}"/41_mod_http2.conf
239 -
240 - # Fix path to apache libdir
241 - sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED}"/usr/sbin/apache2ctl || die
242 -}
243 -
244 -pkg_postinst() {
245 - echo
246 - ewarn "Downgrading to pre-GLEP 81 user for now."
247 - ewarn "See bug #802495 and bug #803500 for more information."
248 - ewarn ""
249 - ewarn "You will need to run the following command to unlock the user:"
250 - ewarn "usermod -e '' -U apache 2>/dev/null"
251 - echo
252 -
253 - apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
254 -
255 - tmpfiles_process apache.conf #662544
256 -
257 - # warnings that default config might not work out of the box
258 - local mod cmod
259 - for mod in ${MODULE_CRITICAL} ; do
260 - if ! use "apache2_modules_${mod}"; then
261 - echo
262 - ewarn "Warning: Critical module not installed!"
263 - ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
264 - ewarn "are highly recomended but might not be in the base profile yet."
265 - ewarn "Default config for ssl needs module 'socache_shmcb'."
266 - ewarn "Enabling the following flags is highly recommended:"
267 - for cmod in ${MODULE_CRITICAL} ; do
268 - use "apache2_modules_${cmod}" || \
269 - ewarn "+ apache2_modules_${cmod}"
270 - done
271 - echo
272 - break
273 - fi
274 - done
275 - # warning for proxy_balancer and missing load balancing scheduler
276 - if use apache2_modules_proxy_balancer; then
277 - local lbset=
278 - for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
279 - if use "apache2_modules_${mod}"; then
280 - lbset=1 && break
281 - fi
282 - done
283 - if [[ ! ${lbset} ]] ; then
284 - echo
285 - ewarn "Info: Missing load balancing scheduler algorithm module"
286 - ewarn "(They were split off from proxy_balancer in 2.3)"
287 - ewarn "In order to get the ability of load balancing, at least"
288 - ewarn "one of these modules has to be present:"
289 - ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
290 - echo
291 - fi
292 - fi
293 -}
Report Message
Find on MARC Find on Google Groups