summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2018-07-17 09:08:50 +0200
committerLars Wendler <polynomial-c@gentoo.org>2018-07-17 09:10:03 +0200
commit04d8c60e97d7fcbd225b060c244a4709cd2f73ab (patch)
treec79e6c7987c2ffec8a6e82a5f218d67e5ef9af60 /www-servers/apache
parentapache-2.eclass: New suexec options. (diff)
downloadgentoo-04d8c60e97d7fcbd225b060c244a4709cd2f73ab.tar.gz
gentoo-04d8c60e97d7fcbd225b060c244a4709cd2f73ab.tar.bz2
gentoo-04d8c60e97d7fcbd225b060c244a4709cd2f73ab.zip
www-servers/apache: Revbump to add new suexec related USE flags.
Also fixed a parallel install issue with suexec binary. Closes: https://bugs.gentoo.org/661358 Package-Manager: Portage-2.3.43, Repoman-2.3.10
Diffstat (limited to 'www-servers/apache')
-rw-r--r--www-servers/apache/apache-2.4.34-r1.ebuild (renamed from www-servers/apache/apache-2.4.34.ebuild)12
-rw-r--r--www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch19
-rw-r--r--www-servers/apache/metadata.xml2
3 files changed, 31 insertions, 2 deletions
diff --git a/www-servers/apache/apache-2.4.34.ebuild b/www-servers/apache/apache-2.4.34-r1.ebuild
index eee96296f45..cf545f229ee 100644
--- a/www-servers/apache/apache-2.4.34.ebuild
+++ b/www-servers/apache/apache-2.4.34-r1.ebuild
@@ -130,21 +130,29 @@ HOMEPAGE="https://httpd.apache.org/"
# some helper scripts are Apache-1.1, thus both are here
LICENSE="Apache-2.0 Apache-1.1"
SLOT="2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+
# Enable http2 by default (bug #563452)
# FIXME: Move to apache-2.eclass once this has reached stable.
IUSE="${IUSE/apache2_modules_http2/+apache2_modules_http2}"
+# New suexec options (since 2.4.34)
+IUSE="${IUSE} +suexec-caps suexec-syslog"
CDEPEND="apache2_modules_brotli? ( >=app-arch/brotli-0.6.0:= )
apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )
apache2_modules_md? ( >=dev-libs/jansson-2.10 )"
-DEPEND+="${CDEPEND}"
+DEPEND+="${CDEPEND}
+ suexec? ( suexec-caps? ( sys-libs/libcap ) )"
RDEPEND+="${CDEPEND}"
REQUIRED_USE="apache2_modules_http2? ( ssl )
apache2_modules_md? ( ssl )"
+PATCHES=(
+ "${FILESDIR}/${PN}-2.4.34-suexec_parallel_install.patch" #661358
+)
+
pkg_setup() {
# dependend critical modules which are not allowed in global scope due
# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch
new file mode 100644
index 00000000000..d5543f7004b
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/661358
+
+--- httpd-2.4.34/Makefile.in
++++ httpd-2.4.34/Makefile.in
+@@ -277,12 +277,12 @@
+ $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \
+ fi
+
+-install-suexec-setuid:
++install-suexec-setuid: install-suexec-binary
+ @if test -f $(builddir)/support/suexec; then \
+ chmod 4755 $(DESTDIR)$(sbindir)/suexec; \
+ fi
+
+-install-suexec-caps:
++install-suexec-caps: install-suexec-binary
+ @if test -f $(builddir)/support/suexec; then \
+ setcap 'cap_setuid,cap_setgid+pe' $(DESTDIR)$(sbindir)/suexec; \
+ fi
diff --git a/www-servers/apache/metadata.xml b/www-servers/apache/metadata.xml
index 293e43d3f29..af77bdc266c 100644
--- a/www-servers/apache/metadata.xml
+++ b/www-servers/apache/metadata.xml
@@ -13,6 +13,8 @@
</longdescription>
<use>
<flag name="suexec">Install suexec with apache</flag>
+ <flag name="suexec-caps">Install suexec with capabilities instead of SUID</flag>
+ <flag name="suexec-syslog">Log suexec to syslog instead of to a separate file</flag>
<flag name="static">Link in apache2 modules statically rather then plugins</flag>
<flag name="apache2_modules_access_compat">Group authorizations based on host (name or IP address). Available as a compatibility module with previous versions.</flag>
<flag name="apache2_modules_authn_core">Provides core authentication capabilities common to all authentication providers (functionality provided by authn_alias in previous versions).</flag>