commit: 04d8c60e97d7fcbd225b060c244a4709cd2f73ab Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Tue Jul 17 07:08:50 2018 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Tue Jul 17 07:10:03 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04d8c60e
www-servers/apache: Revbump to add new suexec related USE flags. Also fixed a parallel install issue with suexec binary. Closes: https://bugs.gentoo.org/661358 Package-Manager: Portage-2.3.43, Repoman-2.3.10 .../{apache-2.4.34.ebuild => apache-2.4.34-r1.ebuild} | 12 ++++++++++-- .../files/apache-2.4.34-suexec_parallel_install.patch | 19 +++++++++++++++++++ www-servers/apache/metadata.xml | 2 ++ 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/www-servers/apache/apache-2.4.34.ebuild b/www-servers/apache/apache-2.4.34-r1.ebuild similarity index 96% rename from www-servers/apache/apache-2.4.34.ebuild rename to www-servers/apache/apache-2.4.34-r1.ebuild index eee96296f45..cf545f229ee 100644 --- a/www-servers/apache/apache-2.4.34.ebuild +++ b/www-servers/apache/apache-2.4.34-r1.ebuild @@ -130,21 +130,29 @@ HOMEPAGE="https://httpd.apache.org/"; # some helper scripts are Apache-1.1, thus both are here LICENSE="Apache-2.0 Apache-1.1" SLOT="2" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" + # Enable http2 by default (bug #563452) # FIXME: Move to apache-2.eclass once this has reached stable. IUSE="${IUSE/apache2_modules_http2/+apache2_modules_http2}" +# New suexec options (since 2.4.34) +IUSE="${IUSE} +suexec-caps suexec-syslog" CDEPEND="apache2_modules_brotli? ( >=app-arch/brotli-0.6.0:= ) apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 ) apache2_modules_md? ( >=dev-libs/jansson-2.10 )" -DEPEND+="${CDEPEND}" +DEPEND+="${CDEPEND} + suexec? ( suexec-caps? ( sys-libs/libcap ) )" RDEPEND+="${CDEPEND}" REQUIRED_USE="apache2_modules_http2? ( ssl ) apache2_modules_md? ( ssl )" +PATCHES=( + "${FILESDIR}/${PN}-2.4.34-suexec_parallel_install.patch" #661358 +) + pkg_setup() { # dependend critical modules which are not allowed in global scope due # to USE flag conditionals (bug #499260) diff --git a/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch new file mode 100644 index 00000000000..d5543f7004b --- /dev/null +++ b/www-servers/apache/files/apache-2.4.34-suexec_parallel_install.patch @@ -0,0 +1,19 @@ +https://bugs.gentoo.org/661358 + +--- httpd-2.4.34/Makefile.in ++++ httpd-2.4.34/Makefile.in +@@ -277,12 +277,12 @@ + $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \ + fi + +-install-suexec-setuid: ++install-suexec-setuid: install-suexec-binary + @if test -f $(builddir)/support/suexec; then \ + chmod 4755 $(DESTDIR)$(sbindir)/suexec; \ + fi + +-install-suexec-caps: ++install-suexec-caps: install-suexec-binary + @if test -f $(builddir)/support/suexec; then \ + setcap 'cap_setuid,cap_setgid+pe' $(DESTDIR)$(sbindir)/suexec; \ + fi diff --git a/www-servers/apache/metadata.xml b/www-servers/apache/metadata.xml index 293e43d3f29..af77bdc266c 100644 --- a/www-servers/apache/metadata.xml +++ b/www-servers/apache/metadata.xml @@ -13,6 +13,8 @@ </longdescription> <use> <flag name="suexec">Install suexec with apache</flag> + <flag name="suexec-caps">Install suexec with capabilities instead of SUID</flag> + <flag name="suexec-syslog">Log suexec to syslog instead of to a separate file</flag> <flag name="static">Link in apache2 modules statically rather then plugins</flag> <flag name="apache2_modules_access_compat">Group authorizations based on host (name or IP address). Available as a compatibility module with previous versions.</flag> <flag name="apache2_modules_authn_core">Provides core authentication capabilities common to all authentication providers (functionality provided by authn_alias in previous versions).</flag>
