summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom William Payne <twp@gentoo.org>2006-01-25 19:37:10 +0000
committerTom William Payne <twp@gentoo.org>2006-01-25 19:37:10 +0000
commit190bf5403b66134ce60d8e36e75573a2039fbfee (patch)
tree1a03ec220860980102e249a085538bb751903668 /www-apache
parentNew upstream release: MonetDB 4.10.0 "Earth" (diff)
downloadgentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.gz
gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.bz2
gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.zip
Improved default security and webapp support. Thanks webapp and apache herds.
(Portage version: 2.1_pre3-r1)
Diffstat (limited to 'www-apache')
-rw-r--r--www-apache/anyterm/ChangeLog10
-rw-r--r--www-apache/anyterm/Manifest11
-rw-r--r--www-apache/anyterm/anyterm-1.1.8-r1.ebuild116
-rw-r--r--www-apache/anyterm/anyterm-1.1.8-r2.ebuild105
-rw-r--r--www-apache/anyterm/files/50_anyterm.conf8
-rw-r--r--www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch71
-rw-r--r--www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt59
-rw-r--r--www-apache/anyterm/files/digest-anyterm-1.1.8-r2 (renamed from www-apache/anyterm/files/digest-anyterm-1.1.8-r1)0
8 files changed, 232 insertions, 148 deletions
diff --git a/www-apache/anyterm/ChangeLog b/www-apache/anyterm/ChangeLog
index 16b887a53ff0..dfb6a46d299f 100644
--- a/www-apache/anyterm/ChangeLog
+++ b/www-apache/anyterm/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for www-apache/anyterm
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/anyterm/ChangeLog,v 1.2 2006/01/24 00:03:28 twp Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apache/anyterm/ChangeLog,v 1.3 2006/01/25 19:37:10 twp Exp $
+
+*anyterm-1.1.8-r2 (25 Jan 2006)
+
+ 25 Jan 2006; Tom Payne <twp@gentoo.org>
+ +files/anyterm-1.1.8-postinst-en.txt, files/50_anyterm.conf,
+ files/anyterm-1.1.8-browser-gentoo.patch, -anyterm-1.1.8-r1.ebuild,
+ +anyterm-1.1.8-r2.ebuild:
+ Improved default security and webapp support. Thanks webapp and apache herds.
*anyterm-1.1.8-r1 (24 Jan 2006)
diff --git a/www-apache/anyterm/Manifest b/www-apache/anyterm/Manifest
index 698767d4f009..7e921a1d5019 100644
--- a/www-apache/anyterm/Manifest
+++ b/www-apache/anyterm/Manifest
@@ -1,9 +1,10 @@
-MD5 9e300f2c25878e05c66b33279c4c47a6 ChangeLog 782
-MD5 e38f2535fa61685394b86a8661d75fad anyterm-1.1.8-r1.ebuild 3178
-MD5 a14a3081dd3f5b6827bae63d13585320 files/50_anyterm.conf 199
+MD5 9dfed76c6f17c87f91527e39595aee31 ChangeLog 1099
+MD5 5e0da5e85b6a6e0c7b9a72eec3412bed anyterm-1.1.8-r2.ebuild 2843
+MD5 5d4c363d94576d82610a3b238da8b1e4 files/50_anyterm.conf 245
MD5 5a58f6af7f808560b821511c1e00261c files/anyterm-1.1.8-apachemod-Makefile.patch 891
-MD5 16d2edd9a6fe24882d8e5135400cac30 files/anyterm-1.1.8-browser-gentoo.patch 1249
+MD5 c9e7d1d08a12c4eccbff1002a3d5295f files/anyterm-1.1.8-browser-gentoo.patch 2086
MD5 edfc9bd9803d9fd760243cef69b00575 files/anyterm-1.1.8-common-extern.patch 655
MD5 a6069c73dec076f0f2c69ea2cb4b55b8 files/anyterm-1.1.8-libpbe-no-pg_config.patch 432
-MD5 1fafa77a32bc461f15aae771d3d2ea70 files/digest-anyterm-1.1.8-r1 62
+MD5 b3ff11277b2fe4d9712d2bf8ded7a6e0 files/anyterm-1.1.8-postinst-en.txt 1976
+MD5 1fafa77a32bc461f15aae771d3d2ea70 files/digest-anyterm-1.1.8-r2 62
MD5 d992d28bec4a3bfd72b441145091a58e metadata.xml 244
diff --git a/www-apache/anyterm/anyterm-1.1.8-r1.ebuild b/www-apache/anyterm/anyterm-1.1.8-r1.ebuild
deleted file mode 100644
index f7c523f39cec..000000000000
--- a/www-apache/anyterm/anyterm-1.1.8-r1.ebuild
+++ /dev/null
@@ -1,116 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/anyterm/anyterm-1.1.8-r1.ebuild,v 1.1 2006/01/24 00:03:28 twp Exp $
-
-inherit apache-module eutils toolchain-funcs webapp
-
-DESCRIPTION="A terminal anywhere"
-HOMEPAGE="http://anyterm.org/"
-SRC_URI="http://anyterm.org/download/${P}.tbz2"
-
-LICENSE="GPL-2"
-KEYWORDS="~x86"
-IUSE="pam ssl"
-DEPEND="
- dev-libs/boost
- >=dev-libs/rote-0.2.8
- >=sys-devel/gcc-3
- virtual/ssh
- pam? ( net-www/mod_auth_pam )
- "
-RDEPEND="${DEPEND}"
-
-APACHE2_MOD_CONF="50_${PN}"
-APACHE2_MOD_DEFINE="ANYTERM"
-useq ssl && APACHE2_MOD_DEFINE="${APACHE2_MOD_DEFINE} -D SSL"
-useq pam && APACHE2_MOD_DEFINE="${APACHE2_MOD_DEFINE} -D AUTH_PAM"
-APACHE2_MOD_FILE="${S}/apachemod/.libs/anyterm.so"
-DOCFILES="CHANGELOG README"
-
-need_apache2
-
-src_unpack() {
- unpack ${A}
- cp ${FILESDIR}/${APACHE2_MOD_CONF}.conf ${S} || die
- epatch ${FILESDIR}/${P}-apachemod-Makefile.patch
- epatch ${FILESDIR}/${P}-common-extern.patch
- epatch ${FILESDIR}/${P}-browser-gentoo.patch
-
- # The bundled libpbe causes lots of problems because it links to various
- # assorted packages, without any checks. These packages may or not be
- # installed. Here we disable all packages which are not required.
- epatch ${FILESDIR}/${P}-libpbe-no-pg_config.patch
- for f in Database Recoder jpegsize; do
- rm ${S}/libpbe/src/${f}.{cc,hh}
- done
-}
-
-src_compile() {
- ( cd apachemod && emake CC=$(tc-getCC) CXX=$(tc-getCXX) ) || die
-}
-
-src_install() {
- apache-module_src_install
-
- webapp_src_preinst
- cp browser/* browser/.htaccess ${D}/${MY_HTDOCSDIR}
- webapp_src_install
-}
-
-pkg_postinst() {
- webapp_pkg_postinst
-
- apache-module_pkg_postinst
-
- if ! built_with_use 'net-www/apache' ssl || ! use pam; then
-
- if ! built_with_use 'net-www/apache' ssl; then
- eerror "net-www/apache is missing SSL support."
- fi
-
- if ! use pam; then
- eerror "PAM support disabled."
- fi
-
- eerror
- eerror "For security reasons, the default Gentoo anyterm installation"
- eerror "requires SSL and PAM. You will need to edit anyterm's"
- eerror ".htaccess to suit your configuration."
- eerror
- eerror "For more information see:"
- eerror "\thttp://anyterm.org/security.html"
- eerror
-
- sleep 5
-
- else
-
- eerror
- eerror "The default Gentoo installation of Anyterm uses SSL and PAM for"
- eerror "security. However, you will have to disable logging yourself,"
- eerror "otherwise anyone who can read your log files (EVERYBODY by"
- eerror "default!) can observe all the characters you send, including"
- eerror "passwords!"
- eerror
- eerror "To do this, add"
- eerror "\tenv=!DONTLOG"
- eerror "to the CustomLog directive in"
- eerror "\t/etc/apache2/modules.d/41_mod_ssl.default-vhost.conf"
- eerror
- eerror "If you are using a custom SSL virtual host configuration"
- eerror "(i.e. you don't use -D SSL_DEFAULT_VHOST) then you will need"
- eerror "to modify CustomLog directives elsewhere."
- eerror
- eerror "For more information see:"
- eerror "\thttp://anyterm.org/security.html"
- eerror
-
- einfo
- einfo "Anyterm is now installed at:"
- einfo "\thttps://localhost/anyterm/anyterm.html"
- einfo
-
- sleep 5
-
- fi
-}
diff --git a/www-apache/anyterm/anyterm-1.1.8-r2.ebuild b/www-apache/anyterm/anyterm-1.1.8-r2.ebuild
new file mode 100644
index 000000000000..121d9f7bdbd2
--- /dev/null
+++ b/www-apache/anyterm/anyterm-1.1.8-r2.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/anyterm/anyterm-1.1.8-r2.ebuild,v 1.1 2006/01/25 19:37:10 twp Exp $
+
+inherit apache-module eutils toolchain-funcs webapp
+
+DESCRIPTION="A terminal anywhere"
+HOMEPAGE="http://anyterm.org/"
+SRC_URI="http://anyterm.org/download/${P}.tbz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE="pam ssl opera"
+DEPEND="
+ dev-libs/boost
+ >=dev-libs/rote-0.2.8
+ >=sys-devel/gcc-3
+ virtual/ssh
+ pam? ( net-www/mod_auth_pam )
+ "
+RDEPEND="${DEPEND}"
+
+APACHE2_MOD_CONF="50_${PN}"
+APACHE2_MOD_DEFINE="ANYTERM"
+useq ssl && APACHE2_MOD_DEFINE="${APACHE2_MOD_DEFINE} -D SSL"
+useq pam && APACHE2_MOD_DEFINE="${APACHE2_MOD_DEFINE} -D AUTH_PAM"
+APACHE2_MOD_FILE="${S}/apachemod/.libs/anyterm.so"
+DOCFILES="CHANGELOG README"
+
+WEBAPP_MANUAL_SLOT="yes"
+
+need_apache2
+
+pkg_setup() {
+ webapp_pkg_setup
+
+ apache-module_pkg_setup
+
+ use ssl && ! built_with_use net-www/apache ssl && \
+ eerror "Build net-www/apache with USE=ssl."
+ use pam && ! built_with_use net-www/mod_auth_pam apache2 && \
+ eerror "Build net-www/mod_auth_pam with USE=apache2."
+}
+
+src_unpack() {
+ unpack ${A}
+
+ epatch ${FILESDIR}/${P}-apachemod-Makefile.patch
+ epatch ${FILESDIR}/${P}-common-extern.patch
+ epatch ${FILESDIR}/${P}-browser-gentoo.patch
+
+ # The bundled libpbe causes lots of problems because it links to various
+ # assorted packages, without any checks. These packages may or not be
+ # installed. Here we disable all packages which are not required.
+ epatch ${FILESDIR}/${P}-libpbe-no-pg_config.patch
+ for f in Database Recoder jpegsize; do
+ rm ${S}/libpbe/src/${f}.{cc,hh}
+ done
+}
+
+src_compile() {
+ ( cd apachemod && emake CC=$(tc-getCC) CXX=$(tc-getCXX) ) || die
+
+ # Modify browser files to reflect USE flags.
+ for flag in ssl pam opera; do
+ if use ${flag}; then
+ sed -i -e "s/^#USE=${flag}#//" browser/{*,.htaccess}
+ sed -i -e "/^#USE=-${flag}#/D" browser/{*,.htaccess}
+ else
+ sed -i -e "s/^#USE=-${flag}#//" browser/{*,.htaccess}
+ sed -i -e "/^#USE=${flag}#/D" browser/{*,.htaccess}
+ fi
+ done
+}
+
+src_install() {
+ apache-module_src_install
+
+ webapp_src_preinst
+ cp browser/{*,.htaccess} ${D}/${MY_HTDOCSDIR}
+ webapp_postinst_txt en ${FILESDIR}/${P}-postinst-en.txt
+ webapp_src_install
+}
+
+pkg_postinst() {
+ webapp_pkg_postinst
+
+ apache-module_pkg_postinst
+
+ if ! use ssl; then
+ ewarn "USE=-ssl: Anyterm without SSL is very insecure!"
+ fi
+ if ! use pam; then
+ ewarn "USE=-pam: You will have to add your own authentication"
+ ewarn " mechanism."
+ fi
+ if use opera; then
+ ewarn "USE=opera: Be sure to disable some logging in your apache"
+ ewarn " configuration files!"
+ fi
+ if ! use ssl || ! use pam || use opera; then
+ ewarn "For more information see http://anyterm.org/security.html"
+ fi
+}
diff --git a/www-apache/anyterm/files/50_anyterm.conf b/www-apache/anyterm/files/50_anyterm.conf
index f84d7d89be55..24e04ce564ef 100644
--- a/www-apache/anyterm/files/50_anyterm.conf
+++ b/www-apache/anyterm/files/50_anyterm.conf
@@ -2,7 +2,9 @@
<IfModule !anyterm.c>
LoadModule anyterm modules/anyterm.so
</IfModule>
- <Directory "/var/www/localhost/htdocs/anyterm/">
- AllowOverride All
- </Directory>
+ <IfDefine DEFAULT_VHOST>
+ <Directory "/var/www/localhost/htdocs/anyterm">
+ AllowOverride All
+ </Directory>
+ </IfDefine>
</IfDefine>
diff --git a/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch b/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch
index b6f201f6bf05..d2f203d8ce71 100644
--- a/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch
+++ b/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch
@@ -1,46 +1,71 @@
+diff -Naur anyterm-1.1.8/browser/anyterm.js anyterm/browser/anyterm.js
+--- anyterm-1.1.8/browser/anyterm.js 2005-11-24 19:54:15.000000000 +0100
++++ anyterm/browser/anyterm.js 2006-01-25 16:52:46.000000000 +0100
+@@ -26,16 +26,21 @@
+ var open=false;
+ var session;
+
+-//var post_method="POST";
+-var post_method="GET";
++#USE=opera#//var post_method="POST";
++#USE=opera#var post_method="GET";
++#USE=-opera#var post_method="POST";
++#USE=-opera#//var post_method="GET";
+
+ // Random sequence numbers are needed to prevent Opera from caching
+ // replies
+
+ var is_opera = navigator.userAgent.toLowerCase().indexOf("opera") != -1;
+-if (is_opera) {
+- post_method="GET";
+-}
++#USE=opera#if (is_opera) {
++#USE=opera# post_method="GET";
++#USE=opera#}
++#USE=-opera#//if (is_opera) {
++#USE=-opera#// post_method="GET";
++#USE=-opera#//}
+
+ var seqnum_val=Math.round(Math.random()*100000);
+ function cachebust() {
diff -Naur anyterm-1.1.8/browser/.htaccess anyterm/browser/.htaccess
--- anyterm-1.1.8/browser/.htaccess 2005-09-05 00:49:44.000000000 +0200
-+++ anyterm/browser/.htaccess 2006-01-23 22:36:42.000000000 +0100
-@@ -7,6 +7,11 @@
++++ anyterm/browser/.htaccess 2006-01-25 17:03:29.000000000 +0100
+@@ -6,6 +6,8 @@
+ # will be ignored if the anyterm module has not been loaded.
<IfModule anyterm>
++#USE=ssl#<IfModule mod_ssl.c>
++#USE=pam#<IfModule mod_auth_pam.c>
-+# twp: To force Anyterm installations to be as secure as possible "out-of-the-
-+# twp: box", we also require that both mod_ssl and mod_auth_pam are present.
-+<IfModule mod_ssl.c>
-+<IfModule mod_auth_pam.c>
-+
# Use an anyterm_command directive to specify the command to run
# inside the terminal:
- #
-@@ -24,6 +29,18 @@
+@@ -24,6 +26,16 @@
# Example:
# anyterm_command '/path/to/anygetty --remotehost "Anyterm: %h" --autologin=%u'
+# twp: Use ssh to avoid problems with Gentoo's /bin/login.
+anyterm_command '/usr/bin/ssh %u@localhost'
+
-+# twp: Only provide Anyterm over SSL connections.
-+SSLRequireSSL
-+
-+# twp: Require a valid user using mod_auth_pam.
-+AuthPAM_Enabled on
-+AuthType Basic
-+AuthName "Anyterm"
-+Require valid-user
-+
++#USE=ssl#SSLRequireSSL
++#USE=ssl#
++#USE=pam#AuthPAM_Enabled on
++#USE=pam#AuthType Basic
++#USE=pam#AuthName "Anyterm"
++#USE=pam#Require valid-user
++#USE=pam#
<Files anyterm-module>
SetHandler anyterm
-@@ -34,7 +51,10 @@
+@@ -34,7 +46,10 @@
# CustomLog /path/to/logfile combined env=!DONTLOG
# See the Apache documentation for details. Note "=!" not "!=" !
- # SetEnv DONTLOG
-+ SetEnv DONTLOG
++#USE=opera# SetEnv DONTLOG
++#USE=-opera# # SetEnv DONTLOG
</Files>
++#USE=pam#</IfModule>
++#USE=ssl#</IfModule>
</IfModule>
-+</IfModule>
-+
-+</IfModule>
diff --git a/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt b/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt
new file mode 100644
index 000000000000..f96f0dcef3e9
--- /dev/null
+++ b/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt
@@ -0,0 +1,59 @@
+DEFAULT GENTOO INSTALLATION
+
+The default Gentoo installation is designed to work and be as secure as
+possible out-of-the box as long as you have USE="ssl pam -opera".
+
+
+USE FLAGS
+
++ssl forces anyterm to only run over secure (HTTPS) connections.
+-ssl disables secure connections, all data will pass over the network in
+ plain text, including passwords!
++pam enables PAM authentication, so anyone with an account on your computer
+ can use anyterm without any further configuration.
+-pam means that you will have to configure your own authentication
+ mechanism.
++opera Enables a workaround for a bug in the Opera browser, but you will have
+ to modify apache's logging behaviour to prevent snooping by local
+ users.
+-opera Disables the Opera bug workaround.
+
+
+INSTALLATION INSTRUCTIONS
+
+1. Add the following flags to APACHE2_OPTS in /etc/init.d/apache2:
+ -D ANYTERM
+ -D SSL # if USE=ssl
+ -D SSL_DEFAULT_VHOST # if USE="ssl -vhosts"
+ -D AUTH_PAM # if USE=pam
+
+2. If you have USE=vhosts then you need to add the following directives to
+ each virtual host's configuration file:
+ <Directory "${MY_INSTALLDIR}">
+ AllowOverride All
+ </Directory>
+
+3. If you have USE=opera then you should disable logging of some requests. In
+ each apache configuration file add env=!DONTLOG to each CustomLog
+ directive. For example:
+ USE="ssl -vhosts":
+ Edit /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf:
+ CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" \
+ env=!DONTLOG
+ USE="-ssl -vhosts":
+ Edit /etc/apache2/httpd.conf:
+ CustomLog logs/access_log common env=!DONTLOG
+
+4. Restart apache2:
+ /etc/init.d/apache2 restart
+
+5. Browse to:
+ https://${VHOST_HOSTNAME}${VHOST_APPDIR}/${PN}.html # if USE=ssl
+ http://${VHOST_HOSTNAME}${VHOST_APPDIR}/${PN}.html # if USE=-ssl
+
+
+MORE INFORMATION
+
+http://anyterm.org/
+http://anyterm.org/security.html
diff --git a/www-apache/anyterm/files/digest-anyterm-1.1.8-r1 b/www-apache/anyterm/files/digest-anyterm-1.1.8-r2
index 5aa11d832d47..5aa11d832d47 100644
--- a/www-apache/anyterm/files/digest-anyterm-1.1.8-r1
+++ b/www-apache/anyterm/files/digest-anyterm-1.1.8-r2