www-servers/apache: Revbump to add new suexec related USE flags.

Also fixed a parallel install issue with suexec binary.

Closes: https://bugs.gentoo.org/661358
Package-Manager: Portage-2.3.43, Repoman-2.3.10

3 files changed, 31 insertions, 2 deletions

diff --git a/www-servers/apache/apache-2.4.34.ebuild b/www-servers/apache/apache-2.4.34-r1.ebuild
index eee96296f454..cf545f229ee8 100644
--- a/www-servers/apache/apache-2.4.34.ebuild
+++ b/www-servers/apache/apache-2.4.34-r1.ebuild
@@ -130,21 +130,29 @@ HOMEPAGE="https://httpd.apache.org/"
 # some helper scripts are Apache-1.1, thus both are here
 LICENSE="Apache-2.0 Apache-1.1"
 SLOT="2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris"
+
 # Enable http2 by default (bug #563452)
 # FIXME: Move to apache-2.eclass once this has reached stable.
 IUSE="${IUSE/apache2_modules_http2/+apache2_modules_http2}"
+# New suexec options (since 2.4.34)
+IUSE="${IUSE} +suexec-caps suexec-syslog"
 
 CDEPEND="apache2_modules_brotli? ( >=app-arch/brotli-0.6.0:= )
 	apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 )
 	apache2_modules_md? ( >=dev-libs/jansson-2.10 )"
 
-DEPEND+="${CDEPEND}"
+DEPEND+="${CDEPEND}
+	suexec? ( suexec-caps? ( sys-libs/libcap ) )"
 RDEPEND+="${CDEPEND}"
 
 REQUIRED_USE="apache2_modules_http2? ( ssl )
 	apache2_modules_md? ( ssl )"
 
+PATCHES=(
+	"${FILESDIR}/${PN}-2.4.34-suexec_parallel_install.patch" #661358
+)
+
 pkg_setup() {
 	# dependend critical modules which are not allowed in global scope due
 	# to USE flag conditionals (bug #499260)
diff --git a/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch
new file mode 100644
index 000000000000..d5543f7004be
--- /dev/null
+++ b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/661358
+
+--- httpd-2.4.34/Makefile.in
++++ httpd-2.4.34/Makefile.in
+@@ -277,12 +277,12 @@
+             $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \
+ 	fi
+ 
+-install-suexec-setuid:
++install-suexec-setuid: install-suexec-binary
+ 	@if test -f $(builddir)/support/suexec; then \
+ 	    chmod 4755 $(DESTDIR)$(sbindir)/suexec; \
+ 	fi
+ 
+-install-suexec-caps:
++install-suexec-caps: install-suexec-binary
+ 	@if test -f $(builddir)/support/suexec; then \
+             setcap 'cap_setuid,cap_setgid+pe' $(DESTDIR)$(sbindir)/suexec; \
+ 	fi
diff --git a/www-servers/apache/metadata.xml b/www-servers/apache/metadata.xml
index 293e43d3f29a..af77bdc266ca 100644
--- a/www-servers/apache/metadata.xml
+++ b/www-servers/apache/metadata.xml
@@ -13,6 +13,8 @@
 	</longdescription>
 	<use>
 		<flag name="suexec">Install suexec with apache</flag>
+		<flag name="suexec-caps">Install suexec with capabilities instead of SUID</flag>
+		<flag name="suexec-syslog">Log suexec to syslog instead of to a separate file</flag>
 		<flag name="static">Link in apache2 modules statically rather then plugins</flag>
 		<flag name="apache2_modules_access_compat">Group authorizations based on host (name or IP address). Available as a compatibility module with previous versions.</flag>
 		<flag name="apache2_modules_authn_core">Provides core authentication capabilities common to all authentication providers (functionality provided by authn_alias in previous versions).</flag>