fix CVE-2007-5000 (#202327)

Package-Manager: portage-2.1.4_rc8
author: Benedikt Boehm <hollow@gentoo.org> 2007-12-14 22:34:02 +0000
committer: Benedikt Boehm <hollow@gentoo.org> 2007-12-14 22:34:02 +0000
commit: d780118ab22b45bfe3d37cb17e9e45fa7db8c322 (patch)
tree: 79382ca82449f3438e81fc8c13687e6010973f54 /www-servers
parent: whitespace (diff)
download: historical-d780118ab22b45bfe3d37cb17e9e45fa7db8c322.tar.gz
historical-d780118ab22b45bfe3d37cb17e9e45fa7db8c322.tar.bz2
historical-d780118ab22b45bfe3d37cb17e9e45fa7db8c322.zip
5 files changed, 552 insertions, 8 deletions
diff --git a/www-servers/apache/ChangeLog b/www-servers/apache/ChangeLog
index 4b41cbe61aef..0e2c7f764519 100644
--- a/www-servers/apache/ChangeLog
+++ b/www-servers/apache/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-servers/apache
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.37 2007/11/29 18:45:39 hollow Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.38 2007/12/14 22:34:02 hollow Exp $
+
+*apache-2.2.6-r5 (14 Dec 2007)
+
+  14 Dec 2007; Benedikt Böhm <hollow@gentoo.org>
+  +files/apache-2.2.6_CVE-2007-5000.patch, +apache-2.2.6-r5.ebuild:
+  fix CVE-2007-5000 (#202327)
 
   29 Nov 2007; Benedikt Böhm <hollow@gentoo.org> apache-2.2.6-r4.ebuild:
   fix order of variables/inherit
diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest
index 2ab71af3bc15..e412960c8fa0 100644
--- a/www-servers/apache/Manifest
+++ b/www-servers/apache/Manifest
@@ -1,6 +1,10 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
+AUX apache-2.2.6_CVE-2007-5000.patch 1011 RMD160 19d1376d938d9475979e923dc2dbaab1baad7bee SHA1 7c56470b25bffd5fa25679a80d9a3615e094db12 SHA256 8c53efb36eaaf11520b9bcc780b79361dbbf10caae05ed38a2ffb7ae8cd8a8a9
+MD5 6aad259a025870b036020a43b14642b7 files/apache-2.2.6_CVE-2007-5000.patch 1011
+RMD160 19d1376d938d9475979e923dc2dbaab1baad7bee files/apache-2.2.6_CVE-2007-5000.patch 1011
+SHA256 8c53efb36eaaf11520b9bcc780b79361dbbf10caae05ed38a2ffb7ae8cd8a8a9 files/apache-2.2.6_CVE-2007-5000.patch 1011
 DIST gentoo-apache-2.0.58-r2-20060726.tar.bz2 58758 RMD160 46c6da577db444a6553b60d3ae30c61ae3b741fa SHA1 5399c6076fbccc36b1d8a5ed783f77918c3398eb SHA256 b8e0356e87fdd7b55fcecbee804c9a41525b3e6fe8309f87f2509abd161c8e6b
 DIST gentoo-apache-2.0.59-r5-20070828.tar.bz2 63913 RMD160 c0cfc72d0316b0a977296a08932bebe6a7547c7b SHA1 e7e7ae28b0427c9b61895f3356307df5d6bcc324 SHA256 fa188f4f7e26b7277a8a1858c449766bc997c1f9cf1ee2a5f9fdbfda5dabcccb
 DIST gentoo-apache-2.0.61-20070907.tar.bz2 58543 RMD160 3d40fd2e793bfedbca0410e6aa31ec7cabd404ef SHA1 060eea0df3dc6674cb35e5c873469d20c7955a21 SHA256 f981b2627edace251a12a58fb22dacd98e6beb764b092db518ee3dac0045420e
@@ -31,14 +35,18 @@ EBUILD apache-2.2.6-r4.ebuild 5001 RMD160 bbaf0d8773d73f115a187f13b5bd8d94b6e2c6
 MD5 1cdf3ce84e9d4222cf0ead077156167e apache-2.2.6-r4.ebuild 5001
 RMD160 bbaf0d8773d73f115a187f13b5bd8d94b6e2c627 apache-2.2.6-r4.ebuild 5001
 SHA256 fd4a9957734526829166929dbd9feae11e9a344c0ab25c073eea1b66760e5188 apache-2.2.6-r4.ebuild 5001
+EBUILD apache-2.2.6-r5.ebuild 15841 RMD160 676b8d2ac2342f506d3b0c2d7efd40c684c9c076 SHA1 fee25cefe6102825e5e54e878cf7a7148a7cf8ba SHA256 a6b5d14c116b2c12569e27666305afbf8e7feb2d30f27109c4be584a8a84eaa5
+MD5 9be68997201ce171bf08c805f69597ee apache-2.2.6-r5.ebuild 15841
+RMD160 676b8d2ac2342f506d3b0c2d7efd40c684c9c076 apache-2.2.6-r5.ebuild 15841
+SHA256 a6b5d14c116b2c12569e27666305afbf8e7feb2d30f27109c4be584a8a84eaa5 apache-2.2.6-r5.ebuild 15841
 EBUILD apache-2.2.6.ebuild 15370 RMD160 6317292a5ab3c80979ad91c781ecb473738a33a6 SHA1 8aa8d0f4dd44d9c285924ccaf983c4acc6ab83e8 SHA256 ef0e00f4ab52a4ce5a2b62010e4b568d95fc942668219a251b4b049a00a23b23
 MD5 f12d48c7c70eb8a2d9f2ed0d016a1645 apache-2.2.6.ebuild 15370
 RMD160 6317292a5ab3c80979ad91c781ecb473738a33a6 apache-2.2.6.ebuild 15370
 SHA256 ef0e00f4ab52a4ce5a2b62010e4b568d95fc942668219a251b4b049a00a23b23 apache-2.2.6.ebuild 15370
-MISC ChangeLog 98389 RMD160 4208c961be86b058e11430c1d96b5d0cc6a345eb SHA1 db4d49b21388b3977661b0846262efd2a607fcbd SHA256 8ee2e7aea2b490759d196393c3a6cde592f1c0c8d158629e9b6d6146f44d43db
-MD5 a498dd312b4aa5f53d3b638019ec9115 ChangeLog 98389
-RMD160 4208c961be86b058e11430c1d96b5d0cc6a345eb ChangeLog 98389
-SHA256 8ee2e7aea2b490759d196393c3a6cde592f1c0c8d158629e9b6d6146f44d43db ChangeLog 98389
+MISC ChangeLog 98570 RMD160 f82e81be82c8b931a0114039f9694c5b1923d8e5 SHA1 43ec9891352fef04df53a2881e6f675b84d7540f SHA256 5d45675dc21cbc4dacff2b44eaabc0a35b46d187223dd106d685b68ecae504ae
+MD5 3be372d8f1d466cbb3d92db57d88c5a4 ChangeLog 98570
+RMD160 f82e81be82c8b931a0114039f9694c5b1923d8e5 ChangeLog 98570
+SHA256 5d45675dc21cbc4dacff2b44eaabc0a35b46d187223dd106d685b68ecae504ae ChangeLog 98570
 MISC metadata.xml 551 RMD160 1b31261c043e57cabc9bd8582f9b34c09d92d108 SHA1 68bb286a67452c3dae7525195c60b8637cca9b81 SHA256 646729a42ddffcbde3426dd6aa9a77fab923bc348c5b34c9d24083d86fbb15eb
 MD5 0f28752ee3545b3fd8e28ee656e62f4b metadata.xml 551
 RMD160 1b31261c043e57cabc9bd8582f9b34c09d92d108 metadata.xml 551
@@ -61,10 +69,13 @@ SHA256 c8df8e510c87a64c990b66893443b97796d8cdbfa7da48218244cf95d20659c1 files/di
 MD5 d22b771236a4ce4f2e72893691f04467 files/digest-apache-2.2.6-r4 536
 RMD160 a3b451ec48e4637156f06c30f783159c1270c85b files/digest-apache-2.2.6-r4 536
 SHA256 9e0fca60a2fa52c18bfe9a888a29b9c2b02f2e5558b00cd9e0d3de901d347adf files/digest-apache-2.2.6-r4 536
+MD5 f055984d26898f84b9a767c5e052ae83 files/digest-apache-2.2.6-r5 536
+RMD160 f824d5e2e706c1d5654ae80a1c3806c94782fcdc files/digest-apache-2.2.6-r5 536
+SHA256 c8df8e510c87a64c990b66893443b97796d8cdbfa7da48218244cf95d20659c1 files/digest-apache-2.2.6-r5 536
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.7 (GNU/Linux)
 
-iD8DBQFHTwjfmPFBzbX68WERAuHFAKCYz+owHdWVnhVlgcFnulw1fmVf5QCggk2Y
-mLaHKqHXCyQ61eCUhVqc/5w=
-=1pvR
+iD8DBQFHYwTimPFBzbX68WERAsYRAJwOR7y1isYvPVnw8tnGgzbUJ10cngCfWGS+
+F5AXhhUIA+wZQtGQkpUTlV4=
+=KPp2
 -----END PGP SIGNATURE-----
diff --git a/www-servers/apache/apache-2.2.6-r5.ebuild b/www-servers/apache/apache-2.2.6-r5.ebuild
new file mode 100644
index 000000000000..04532e5c496f
--- /dev/null
+++ b/www-servers/apache/apache-2.2.6-r5.ebuild
@@ -0,0 +1,496 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.6-r5.ebuild,v 1.1 2007/12/14 22:34:02 hollow Exp $
+
+inherit eutils flag-o-matic multilib autotools
+
+# latest gentoo apache files
+GENTOO_PATCHNAME="gentoo-${PF/-r5/-r2}"
+GENTOO_PATCHSTAMP="20071020"
+GENTOO_DEVSPACE="hollow"
+GENTOO_PATCHDIR="${WORKDIR}/${GENTOO_PATCHNAME}"
+
+DESCRIPTION="The Apache Web Server."
+HOMEPAGE="http://httpd.apache.org/"
+SRC_URI="mirror://apache/httpd/httpd-${PV}.tar.bz2
+		http://dev.gentoo.org/~${GENTOO_DEVSPACE}/dist/apache/${GENTOO_PATCHNAME}-${GENTOO_PATCHSTAMP}.tar.bz2"
+
+# some helper scripts are apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="debug doc ldap mpm-event mpm-itk mpm-peruser mpm-prefork mpm-worker no-suexec selinux ssl static-modules threads"
+
+DEPEND="dev-lang/perl
+	=dev-libs/apr-1*
+	=dev-libs/apr-util-1*
+	dev-libs/expat
+	dev-libs/libpcre
+	sys-libs/zlib
+	ldap? ( =net-nds/openldap-2* )
+	selinux? ( sec-policy/selinux-apache )
+	ssl? ( dev-libs/openssl )
+	!=www-servers/apache-1*
+	!=app-admin/apache-tools-2.2.4-r2"
+
+RDEPEND="${DEPEND}
+	app-misc/mime-types"
+
+PDEPEND="~app-admin/apache-tools-${PV}"
+
+S="${WORKDIR}/httpd-${PV}"
+
+pkg_setup() {
+	if use ldap && ! built_with_use 'dev-libs/apr-util' ldap ; then
+		eerror "dev-libs/apr-util is missing LDAP support. For apache to have"
+		eerror "ldap support, apr-util must be built with the ldap USE-flag"
+		eerror "enabled."
+		die "ldap USE-flag enabled while not supported in apr-util"
+	fi
+
+	# Select the default MPM module
+	MPM_LIST="event itk peruser prefork worker"
+	for x in ${MPM_LIST} ; do
+		if use mpm-${x} ; then
+			if [[ "x${mpm}" == "x" ]] ; then
+				mpm=${x}
+				elog
+				elog "Selected MPM: ${mpm}"
+				elog
+			else
+				eerror "You have selected more then one mpm USE-flag."
+				eerror "Only one MPM is supported."
+				die "more then one mpm was specified"
+			fi
+		fi
+	done
+
+	if [[ "x${mpm}" == "x" ]] ; then
+		if use threads ; then
+			mpm=worker
+			elog
+			elog "Selected default threaded MPM: ${mpm}";
+			elog
+		else
+			mpm=prefork
+			elog
+			elog "Selected default MPM: ${mpm}";
+			elog
+		fi
+	fi
+
+	# setup apache user and group
+	enewgroup apache 81
+	enewuser apache 81 -1 /var/www apache
+
+	if ! use no-suexec ; then
+		elog
+		elog "You can manipulate several configure options of suexec"
+		elog "through the following environment variables:"
+		elog
+		elog " SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)"
+		elog "  SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)"
+		elog "   SUEXEC_CALLER: Name of the user Apache is running as (default: apache)"
+		elog "  SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)"
+		elog "   SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)"
+		elog "   SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)"
+		elog "  SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)"
+		elog "    SUEXEC_UMASK: Umask for the suexec process (default: 077)"
+		elog
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# Use correct multilib libdir in gentoo patches
+	sed -i -e "s:/usr/lib:/usr/$(get_libdir):g" \
+		"${GENTOO_PATCHDIR}"/{conf/httpd.conf,init/*,patches/config.layout} \
+		|| die "libdir sed failed"
+
+	#### Patch Organization
+	# 00-19 Gentoo specific  (00_all_some-title.patch)
+	# 20-39 Additional MPMs  (20_all_${MPM}_some-title.patch)
+	# 40-59 USE-flag based   (40_all_${USE}_some-title.patch)
+	# 60-79 Version specific (60_all_${PV}_some-title.patch)
+	# 80-99 Security patches (80_all_${PV}_cve-####-####.patch)
+
+	epatch "${GENTOO_PATCHDIR}"/patches/*.patch
+	epatch "${FILESDIR}"/${P}_CVE-2007-5000.patch
+
+	# setup the filesystem layout config
+	cat "${GENTOO_PATCHDIR}"/patches/config.layout >> "${S}"/config.layout || \
+		die "Failed preparing config.layout!"
+	sed -i -e "s:version:${PF}:g" "${S}"/config.layout
+
+	# patched-in MPMs need the build environment rebuilt
+	sed -i -e '/sinclude/d' configure.in
+	AT_GNUCONF_UPDATE=yes AT_M4DIR=build eautoreconf
+
+	# apache2.8 instead of httpd.8 (bug #194828)
+	mv docs/man/{httpd,apache2}.8
+}
+
+src_compile() {
+	local modtype="shared" myconf=""
+	cd "${S}"
+
+	# Instead of filtering --as-needed (bug #128505), append --no-as-needed
+	# Thanks to Harald van Dijk
+	append-ldflags -Wl,--no-as-needed
+
+	# peruser MPM debugging with -X is nearly impossible
+	use mpm-peruser && use debug && append-flags -DMPM_PERUSER_DEBUG
+
+	use static-modules && modtype="static"
+	select_modules_config || die "determining modules failed"
+
+	if use ldap ; then
+		mods="${mods} ldap authnz_ldap"
+		myconf="${myconf} --enable-authnz-ldap=${modtype} --enable-ldap=${modtype}"
+	fi
+
+	if use threads || use mpm-worker || use mpm-event; then
+		mods="${mods} cgid"
+		myconf="${myconf} --enable-cgid=${modtype}"
+	else
+		mods="${mods} cgi"
+		myconf="${myconf} --enable-cgi=${modtype}"
+	fi
+
+	if use ssl; then
+		mods="${mods} ssl"
+		myconf="${myconf} --with-ssl=/usr --enable-ssl=${modtype}"
+	fi
+
+	if use debug; then
+		myconf="${myconf} --enable-maintainer-mode --enable-exception-hook"
+	fi
+
+	# Only build suexec with USE=-no-suexec
+	if use no-suexec ; then
+		myconf="${myconf} --disable-suexec"
+	else
+		myconf="${myconf} --with-suexec-safepath=${SUEXEC_SAFEPATH:-/usr/local/bin:/usr/bin:/bin}"
+		myconf="${myconf} --with-suexec-logfile=${SUEXEC_LOGFILE:-/var/log/apache2/suexec_log}"
+		myconf="${myconf} --with-suexec-bin=/usr/sbin/suexec"
+		myconf="${myconf} --with-suexec-userdir=${SUEXEC_USERDIR:-public_html}"
+		myconf="${myconf} --with-suexec-caller=${SUEXEC_CALLER:-apache}"
+		myconf="${myconf} --with-suexec-docroot=${SUEXEC_DOCROOT:-/var/www}"
+		myconf="${myconf} --with-suexec-uidmin=${SUEXEC_MINUID:-1000}"
+		myconf="${myconf} --with-suexec-gidmin=${SUEXEC_MINGID:-100}"
+		myconf="${myconf} --with-suexec-umask=${SUEXEC_UMASK:-077}"
+		myconf="${myconf} --enable-suexec=${modtype}"
+		mods="${mods} suexec"
+	fi
+
+	# econf overwrites the stuff from config.layout, so we have to put them into
+	# our myconf line too
+
+	econf \
+		--includedir=/usr/include/apache2 \
+		--libexecdir=/usr/$(get_libdir)/apache2/modules \
+		--datadir=/var/www/localhost \
+		--sysconfdir=/etc/apache2 \
+		--localstatedir=/var \
+		--with-mpm=${mpm} \
+		--with-perl=/usr/bin/perl \
+		--with-expat=/usr \
+		--with-z=/usr \
+		--with-apr=/usr \
+		--with-apr-util=/usr \
+		--with-pcre=/usr \
+		--with-port=80 \
+		--with-program-name=apache2 \
+		--enable-layout=Gentoo \
+		${myconf} ${MY_BUILTINS} || die "econf failed!"
+
+	sed -i -e 's:apache2\.conf:httpd.conf:' include/ap_config_auto.h
+
+	emake || die "emake failed"
+}
+
+src_install () {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	# This is a mapping of module names to the -D options in APACHE2_OPTS
+	# Used for creating optional LoadModule lines
+	mod_defines="
+		auth_digest:AUTH_DIGEST
+		authnz_ldap:AUTHNZ_LDAP
+		cache:CACHE
+		dav:DAV
+		dav_fs:DAV
+		dav_lock:DAV
+		disk_cache:CACHE
+		file_cache:CACHE
+		info:INFO
+		ldap:LDAP
+		mem_cache:CACHE
+		proxy:PROXY
+		proxy_ajp:PROXY
+		proxy_balancer:PROXY
+		proxy_connect:PROXY
+		proxy_http:PROXY
+		ssl:SSL
+		status:INFO
+		suexec:SUEXEC
+		userdir:USERDIR
+	"
+
+	# create our LoadModule lines
+	if ! use static-modules ; then
+		load_module=""
+		moddir="${D}/usr/$(get_libdir)/apache2/modules"
+		for m in $(echo ${mods}|tr ' ' '\n'|sort -u) ; do
+			endid="no"
+
+			if [[ -e "${moddir}/mod_${m}.so" ]] ; then
+				for def in ${mod_defines} ; do
+					if [[ "${m}" == "${def%:*}" ]] ; then
+						load_module="${load_module}\n<IfDefine ${def#*:}>"
+						endid="yes"
+					fi
+				done
+				load_module="${load_module}\nLoadModule ${m}_module modules/mod_${m}.so"
+				if [[ "${endid}" == "yes" ]] ; then
+					load_module="${load_module}\n</IfDefine>"
+				fi
+			fi
+		done
+	fi
+	sed -i -e "s:%%LOAD_MODULE%%:${load_module}:" \
+		"${GENTOO_PATCHDIR}"/conf/httpd.conf || die "sed failed"
+
+	# Install our configuration files
+	insinto /etc/apache2
+	doins docs/conf/magic
+	doins -r "${GENTOO_PATCHDIR}"/conf/*
+	insinto /etc/logrotate.d
+	newins "${GENTOO_PATCHDIR}"/scripts/apache2-logrotate apache2
+
+	# generate a sane default APACHE2_OPTS
+	APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE"
+	use doc && APACHE2_OPTS="${APACHE2_OPTS} -D MANUAL"
+	use ssl && APACHE2_OPTS="${APACHE2_OPTS} -D SSL -D SSL_DEFAULT_VHOST"
+	use no-suexec || APACHE2_OPTS="${APACHE2_OPTS} -D SUEXEC"
+
+	sed -i -e "s:APACHE2_OPTS=\".*\":APACHE2_OPTS=\"${APACHE2_OPTS}\":" \
+		"${GENTOO_PATCHDIR}"/init/apache2.confd || die "sed failed"
+
+	newconfd "${GENTOO_PATCHDIR}"/init/apache2.confd apache2
+	newinitd "${GENTOO_PATCHDIR}"/init/apache2.initd apache2
+
+	# Link apache2ctl to the init script
+	dosym /etc/init.d/apache2 /usr/sbin/apache2ctl
+
+	# provide symlinks for all the stuff we no longer rename, bug 177697
+	for i in suexec apxs; do
+		dosym /usr/sbin/${i} /usr/sbin/${i}2
+	done
+
+	# Install some thirdparty scripts
+	exeinto /usr/sbin
+	use ssl && doexe "${GENTOO_PATCHDIR}"/scripts/gentestcrt.sh
+
+	# Install some documentation
+	dodoc ABOUT_APACHE CHANGES LAYOUT README README.platforms VERSIONING
+	dodoc "${GENTOO_PATCHDIR}"/docs/*
+
+	# drop in a convenient link to the manual
+	if use doc ; then
+		sed -i -e "s:VERSION:${PVR}:" "${D}/etc/apache2/modules.d/00_apache_manual.conf"
+	else
+		rm -f "${D}/etc/apache2/modules.d/00_apache_manual.conf"
+		rm -Rf "${D}/usr/share/doc/${PF}/manual"
+	fi
+
+	# the default webroot gets stored in /usr/share/doc
+	ebegin "Installing default webroot to /usr/share/doc/${PF}"
+	mv -f "${D}/var/www/localhost" "${D}/usr/share/doc/${PF}/webroot"
+	eend $?
+	keepdir /var/www/localhost/htdocs
+
+	if ! use no-suexec ; then
+		# Set some sane permissions for suexec
+		fowners 0:apache /usr/sbin/suexec
+		fperms 4710 /usr/sbin/suexec
+	fi
+
+	keepdir /etc/apache2/vhosts.d
+	keepdir /etc/apache2/modules.d
+
+	# empty dirs
+	for i in /var/lib/dav /var/log/apache2 /var/cache/apache2 ; do
+		keepdir ${i}
+		fowners apache:apache ${i}
+		fperms 0755 ${i}
+	done
+
+	# We'll be needing /etc/apache2/ssl if USE=ssl
+	use ssl && keepdir /etc/apache2/ssl
+}
+
+pkg_postinst() {
+	# Automatically generate test certificates if ssl USE flag is being set
+	if use ssl && [[ ! -e "${ROOT}/etc/apache2/ssl/server.crt" ]] ; then
+		cd "${ROOT}"/etc/apache2/ssl
+		einfo
+		einfo "Generating self-signed test certificate in ${ROOT}etc/apache2/ssl ..."
+		yes "" 2>/dev/null | \
+			"${ROOT}"/usr/sbin/gentestcrt.sh >/dev/null 2>&1 || \
+			die "gentestcrt.sh failed"
+		einfo
+	fi
+
+	# we do this here because the default webroot is a copy of the files
+	# that exist elsewhere and we don't want them managed/removed by portage
+	# when apache is upgraded.
+
+	if [[ -e "${ROOT}/var/www/localhost" ]] ; then
+		elog "The default webroot has not been installed into"
+		elog "${ROOT}var/www/localhost because the directory already exists"
+		elog "and we do not want to overwrite any files you have put there."
+		elog
+		elog "If you would like to install the latest webroot, please run"
+		elog "emerge --config =${PF}"
+	else
+		einfo "Installing default webroot to ${ROOT}var/www/localhost"
+		mkdir -p "${ROOT}"/var/www/localhost
+		cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost
+		chown -R apache:0 "${ROOT}"/var/www/localhost
+	fi
+
+	# Previous installations of apache-2.2 installed the upstream configuration
+	# files, which shouldn't even have been installed!
+	if has_version '>=www-servers/apache-2.2.4' ; then
+		[ -f "${ROOT}"/etc/apache2/apache2.conf ] && \
+			rm -f "${ROOT}"/etc/apache2/apache2.conf >/dev/null 2>&1
+
+		for i in extra original ; do
+			[ -d "${ROOT}"/etc/apache2/$i ] && \
+				rm -rf "${ROOT}"/etc/apache2/$i >/dev/null 2>&1
+		done
+	fi
+
+	# Note regarding IfDefine changes
+	if has_version '<www-servers/apache-2.2.6-r1' ; then
+		elog
+		elog "When upgrading from versions 2.2.6 or earlier, please be aware"
+		elog "that the define for mod_authnz_ldap has changed from AUTH_LDAP"
+		elog "to AUTHNZ_LDAP. Additionally mod_auth_digest needs to be enabled"
+		elog "with AUTH_DIGEST now."
+		elog
+	fi
+
+	# Note the changes regarding DEFAULT_VHOST and SSL_DEFAULT_VHOST
+	if has_version '<www-servers/apache-2.2.4-r7' ; then
+		elog
+		elog "Listen directives have been moved into the default virtual host"
+		elog "configuation. At least DEFAULT_VHOST has been enabled for you"
+		elog "(depending on your USE-flags."
+		elog
+		elog "If you disable DEFAULT_VHOST or SSL_DEFAULT_VHOST, there would"
+		elog "be no listening sockets available."
+		elog
+	fi
+
+	# Note the user of the config changes
+	if has_version '<www-servers/apache-2.2.4-r5' ; then
+		elog
+		elog "Please make sure that you update your /etc directory."
+		elog "Between the versions, we had to changes some config files"
+		elog "and move some stuff out of the main httpd.conf file to a seperate"
+		elog "modules.d entry."
+		elog
+		elog "Thus please update your /etc directory either via etc-update,"
+		elog "dispatch-conf or conf-update !"
+		elog
+	fi
+
+	# Check for dual/upgrade install
+	if has_version '<www-servers/apache-2.2.0' ; then
+		elog
+		elog "When upgrading from versions below 2.2.0 to this version, you"
+		elog "need to rebuild all your modules. Please do so for your modules"
+		elog "to continue working correctly."
+		elog
+		elog "Also note that some configuration directives have been"
+		elog "split into their own files under ${ROOT}etc/apache2/modules.d/"
+		elog "and that some modules, foremost the authentication related ones,"
+		elog "have been renamed."
+		elog
+		elog "Some examples:"
+		elog "  - USERDIR is now configureable in ${ROOT}etc/apache2/modules.d/00_mod_userdir.conf."
+		elog
+		elog "For more information on what you may need to change, please"
+		elog "see the overview of changes at:"
+		elog "http://httpd.apache.org/docs/2.2/new_features_2_2.html"
+		elog "and the upgrading guide at:"
+		elog "http://httpd.apache.org/docs/2.2/upgrading.html"
+		elog
+	fi
+
+	# Cleanup the vim backup files, placed in /etc/apache2 by the last
+	# patchtarball (gentoo-apache-2.2.4-r7-20070615)
+	rm -f "${ROOT}/etc/apache2/modules.d/*.conf~"
+}
+
+pkg_config() {
+	einfo "Installing default webroot to ${ROOT}var/www/localhost"
+	mkdir "${ROOT}"var{,/www{,/localhost}}
+	cp -R "${ROOT}"usr/share/doc/${PF}/webroot/* "${ROOT}"var/www/localhost/
+}
+
+parse_modules_config() {
+	local name=""
+	local disable=""
+	local version="undef"
+	MY_BUILTINS=""
+	mods=""
+	[[ -f "${1}" ]] || return 1
+
+	for i in $(sed 's/#.*//' < $1) ; do
+		if [[ "$i" == "VERSION:" ]] ; then
+			version="select"
+		elif [[ "${version}" == "select" ]] ; then
+			version="$i"
+		# start with - option for backwards compatibility only
+		elif [[ "$i" == "-" ]] ; then
+			disable="true"
+		elif [[ -z "${name}" ]] && [[ "$i" != "${i/mod_/}" ]] ; then
+			name="${i/mod_/}"
+		elif [[ -n "${disable}" ]] || [[ "$i" == "disabled" ]] ; then
+			MY_BUILTINS="${MY_BUILTINS} --disable-${name}"
+			name="" ; disable=""
+		elif [[ "$i" == "static" ]] || use static-modules ; then
+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=static"
+			name="" ; disable=""
+		elif [[ "$i" == "shared" ]] ; then
+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=shared"
+			mods="${mods} ${name}"
+			name="" ; disable=""
+		else
+			ewarn "Parse error in ${1} - unknown option: $i"
+		fi
+	done
+
+	# reject the file if it's unversioned or doesn't match our
+	# package major.minor. This is to make upgrading work smoothly.
+	if [[ "${version}" != "${PV%.*}" ]] ; then
+		mods=""
+		MY_BUILTINS=""
+		return 1
+	fi
+
+	einfo "Using ${1}"
+	einfo "options: ${MY_BUILTINS}"
+	einfo "LoadModules: ${mods}"
+}
+
+select_modules_config() {
+	parse_modules_config "${ROOT}"/etc/apache2/apache2-builtin-mods || \
+	parse_modules_config "${GENTOO_PATCHDIR}"/conf/apache2-builtin-mods || \
+	return 1
+}
diff --git a/www-servers/apache/files/apache-2.2.6_CVE-2007-5000.patch b/www-servers/apache/files/apache-2.2.6_CVE-2007-5000.patch
new file mode 100644
index 000000000000..b329bb58d3ff
--- /dev/null
+++ b/www-servers/apache/files/apache-2.2.6_CVE-2007-5000.patch
@@ -0,0 +1,25 @@
+Index: httpd-2.2.x/modules/mappers/mod_imagemap.c
+===================================================================
+--- httpd-2.2.x/modules/mappers/mod_imagemap.c	(revision 603710)
++++ httpd-2.2.x/modules/mappers/mod_imagemap.c	(revision 604312)
+@@ -479,13 +479,16 @@
+ 
+ static void menu_header(request_rec *r, char *menu)
+ {
+-    ap_set_content_type(r, "text/html");
++    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+ 
+-    ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", r->uri,
+-           "</title>\n</head><body>\n", NULL);
++    ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", 
++              ap_escape_html(r->pool, r->uri),
++              "</title>\n</head><body>\n", NULL);
+ 
+     if (!strcasecmp(menu, "formatted")) {
+-        ap_rvputs(r, "<h1>Menu for ", r->uri, "</h1>\n<hr />\n\n", NULL);
++        ap_rvputs(r, "<h1>Menu for ", 
++                  ap_escape_html(r->pool, r->uri),
++                  "</h1>\n<hr />\n\n", NULL);
+     }
+ 
+     return;
diff --git a/www-servers/apache/files/digest-apache-2.2.6-r5 b/www-servers/apache/files/digest-apache-2.2.6-r5
new file mode 100644
index 000000000000..e8ea02262028
--- /dev/null
+++ b/www-servers/apache/files/digest-apache-2.2.6-r5
@@ -0,0 +1,6 @@
+MD5 24317b89d2b7a3a581648d26f2342de0 gentoo-apache-2.2.6-r2-20071020.tar.bz2 58805
+RMD160 0471593be243a4ecb6f7386b76411e9f1b2e9048 gentoo-apache-2.2.6-r2-20071020.tar.bz2 58805
+SHA256 3711e6f3c63b931b80f6db2602ad66e5303c7779f6a0571fe14156b7ec7ab3f5 gentoo-apache-2.2.6-r2-20071020.tar.bz2 58805
+MD5 203bea91715064f0c787f6499d33a377 httpd-2.2.6.tar.bz2 4717066
+RMD160 5ae895c6898213e1e3b7e7b02cdfcbe5b36a108f httpd-2.2.6.tar.bz2 4717066
+SHA256 f27cd9df50a2acd9df8f37520f62f6ce51758689d425ead5883e75ff5ed6548c httpd-2.2.6.tar.bz2 4717066
author	Benedikt Boehm <hollow@gentoo.org>	2007-12-14 22:34:02 +0000
committer	Benedikt Boehm <hollow@gentoo.org>	2007-12-14 22:34:02 +0000
commit	d780118ab22b45bfe3d37cb17e9e45fa7db8c322 (patch)
tree	79382ca82449f3438e81fc8c13687e6010973f54 /www-servers
parent	whitespace (diff)
download	historical-d780118ab22b45bfe3d37cb17e9e45fa7db8c322.tar.gz historical-d780118ab22b45bfe3d37cb17e9e45fa7db8c322.tar.bz2 historical-d780118ab22b45bfe3d37cb17e9e45fa7db8c322.zip