wok annotate apache/receipt @ rev 25659

expat (2.6.0) CVE-2023-52426
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sat Feb 17 10:09:12 2024 +0000 (9 months ago)
parents 8bbdfd03ccf3
children 096ad9edc98b
rev   line source
pascal@1313 1 # SliTaz package receipt.
pascal@1313 2
pascal@1313 3 PACKAGE="apache"
pascal@25122 4 VERSION="2.4.54"
pascal@1313 5 CATEGORY="network"
Hans-G?nter@22484 6 TAGS="webserver http server"
pascal@1313 7 SHORT_DESC="Secure, efficient and extensible HTTP server."
pascal@1313 8 MAINTAINER="pascal.bellard@slitaz.org"
pascal@15361 9 LICENSE="Apache"
Hans-G?nter@22484 10 WEB_SITE="https://www.apache.org/"
Hans-G?nter@22484 11
pascal@1313 12 SOURCE="httpd"
pascal@1313 13 TARBALL="$SOURCE-$VERSION.tar.bz2"
pascal@25659 14 WGET_URL="https://archive.apache.org/dist/$SOURCE/$TARBALL"
Hans-G?nter@22484 15
Hans-G?nter@22484 16 PROVIDE="lighttpd"
Hans-G?nter@22484 17 DEPENDS="apr apr-util expat openssl pcre util-linux-uuid zlib"
Hans-G?nter@22484 18 BUILD_DEPENDS="apr-dev apr-util-dev bash expat-dev lua5.1-dev
Hans-G?nter@22484 19 openldap-dev openssl-dev sed util-linux-uuid-dev zlib-dev"
Hans-G?nter@22484 20
pascal@1906 21 CONFIG_FILES="/etc/apache /var/www /etc/ssl/apache"
pascal@14772 22 TAZPANEL_DAEMON="edit::/etc/apache/httpd.conf|web::$WEB_SITE"
pascal@15361 23
pascal@24126 24 # What is the latest version available today?
pascal@24126 25 current_version()
pascal@24126 26 {
pascal@24126 27 wget -O - https://downloads.apache.org/httpd/ 2>/dev/null | \
pascal@24126 28 sed "/$SOURCE-/!d;/tar/!d;s|.*$SOURCE-\\(.*\\).tar.*|\\1|" | sort -Vr | sed q
pascal@24126 29 }
pascal@24126 30
pascal@1313 31 # Rules to configure and make the package.
pascal@1313 32 compile_rules()
pascal@1313 33 {
pascal@1313 34 grep -q Slitaz config.layout || \
slaxemulator@9698 35 cat $stuff/slitaz.layout >> config.layout
Hans-G?nter@22484 36
Hans-G?nter@22484 37 ./configure \
Hans-G?nter@22484 38 --mandir=/usr/share/man \
Hans-G?nter@22484 39 --enable-mods-shared=all \
Hans-G?nter@22484 40 --enable-proxy \
Hans-G?nter@22484 41 --enable-ssl \
Hans-G?nter@22484 42 --enable-layout=Slitaz \
Hans-G?nter@22484 43 $CONFIGURE_ARGS &&
Hans-G?nter@22484 44 make $MAKEFLAGS &&
pascal@23885 45 make -j 1 DESTDIR=$DESTDIR install
pascal@1313 46 }
pascal@1313 47
pascal@1313 48 # Rules to gen a SliTaz package suitable for Tazpkg.
pascal@1313 49 genpkg_rules()
pascal@1313 50 {
Hans-G?nter@22484 51 mkdir -p $fs/usr/share/apache
Hans-G?nter@22484 52 mkdir -p $fs/etc/init.d
Hans-G?nter@22484 53 mkdir -p $fs/etc/apache/conf.d
Hans-G?nter@22484 54 mkdir -p $fs/etc/apache/extra
pascal@18960 55 mkdir -p $fs/etc/ssl/apache
Hans-G?nter@22484 56
Hans-G?nter@22484 57 cp -a $install/usr/share/apache/icons $fs/usr/share/apache
Hans-G?nter@22484 58 cp -a $install/usr/share/apache/error $fs/usr/share/apache
Hans-G?nter@22484 59 cp -a $install/usr/share/apache/modules $fs/usr/share/apache
Hans-G?nter@22484 60 cp -a $install/usr/bin $fs/usr
Hans-G?nter@22484 61 rm -r $fs/usr/bin/apxs
Hans-G?nter@22484 62 cp -a $install/etc $fs
Hans-G?nter@22484 63 rm -rf $fs/etc/apache/original
Hans-G?nter@22484 64 cp -a $install/var $fs
erjo@4105 65
Hans-G?nter@22484 66 cp -a $stuff/apache $fs/etc/init.d
pascal@10931 67 cp -a $stuff/fix-range-CVE-2011-3192.conf $fs/etc/apache/extra
erjo@4647 68
Hans-G?nter@22484 69 sed -i -e 's|User daemon|User www|' \
Hans-G?nter@22484 70 -e 's|Group daemon|Group www|' \
pascal@1313 71 -e 's|ServerAdmin you@example.com|ServerAdmin root@localhost|' \
pascal@1794 72 -e 's|#Include /etc/apache/extra/httpd-ssl.conf|Include /etc/apache/extra/httpd-ssl.conf|' \
pascal@1794 73 -e 's|/etc/apache/server.crt|/etc/ssl/apache/apache.pem|' \
pascal@1794 74 -e 's|/etc/apache/server.key|/etc/ssl/apache/apache.pem|' \
pascal@15371 75 -e 's|#LoadModule ssl_module|LoadModule ssl_module|' \
Hans-G?nter@22484 76 $fs/etc/apache/httpd.conf \
Hans-G?nter@22484 77 $fs/etc/apache/extra/httpd-ssl.conf
Hans-G?nter@22484 78
pascal@15364 79 echo "Include /etc/apache/conf.d" >> $fs/etc/apache/httpd.conf
pascal@18584 80 sed -i 's/^SSLSessionCache /#&/' $fs/etc/apache/extra/httpd-ssl.conf
Hans-G?nter@22484 81
pascal@17237 82 cat >> $fs/etc/apache/extra/httpd-ssl.conf <<EOT
pascal@17237 83
pascal@17237 84 # Unsafe, see CVE-2014-3566 POODLE
pascal@17237 85 SSLProtocol All -SSLv2 -SSLv3
pascal@17237 86 EOT
pascal@1313 87 }
pascal@1313 88
pascal@1313 89 # Pre and post install commands for Tazpkg.
Hans-G?nter@22484 90 # We stop the server by default in case of upgrade.
pascal@1313 91 pre_install()
pascal@1313 92 {
Hans-G?nter@22484 93 [ -z "$1" ] &&
Hans-G?nter@22484 94 for i in httpd lighttpd ngnix cherokee $PACKAGE
Hans-G?nter@22484 95 do
pascal@19147 96 [ -f /etc/init.d/$i ] && /etc/init.d/$i stop
Hans-G?nter@22484 97 done
pascal@1313 98 }
pascal@1313 99
pascal@1313 100 post_install()
pascal@1313 101 {
pascal@18893 102 local lang=$(. $1/etc/locale.conf 2>/dev/null; echo ${LANG#*_})
pascal@18893 103 local tz=$(cat $1/etc/TZ 2>/dev/null)
pascal@18893 104 local hostname=$(cat $1/etc/hostname 2>/dev/null)
al@18667 105
pascal@1313 106 # Just in case.
pascal@18730 107 chown www.www "$1/var/log/$PACKAGE"
pascal@1658 108 ping -c 2 $(hostname) > /dev/null 2>&1 ||
pascal@18730 109 sed -i "s/localhost/$(hostname) localhost/" "$1/etc/hosts"
pascal@18893 110 sed -i -e "s/^#\(LoadModule.*slotmem_shm.*\)$/\1/" \
pascal@18893 111 -e "s/.*ServerName www.example.*/ServerName ${hostname:-slitaz}/" \
pascal@18960 112 $1/etc/apache/httpd.conf $1/etc/apache/extra/httpd-ssl.conf
pascal@18893 113 grep -qs Apache $1/var/www/index.html &&
pascal@18893 114 sed -i 's|^LighTTPD.*|&\nApache configs : /etc/apache|' \
pascal@18893 115 $1/var/www/index.html
pascal@18730 116 [ -s "$1/etc/ssl/apache/apache.pem" ] ||
pascal@18730 117 openssl req -new -x509 -keyout "$1/etc/ssl/apache/apache.pem" \
pascal@18730 118 -out "$1/etc/ssl/apache/apache.pem" -days 3650 -nodes <<EOT
pascal@18893 119 ${lang:-US}
pascal@18893 120 ${tz:-Somewhere}
pascal@18893 121
pascal@18893 122
pascal@1794 123
pascal@12197 124 ${hostname:-slitaz}
pascal@1794 125
pascal@1794 126 EOT
al@18667 127 [ -z "$quiet" ] && echo # Start new line
pascal@18730 128 ( cd "$1/$INSTALLED/" ; grep -l /etc/apache/conf.d/ */receipt ) | \
Hans-G?nter@22484 129 while read file
Hans-G?nter@22484 130 do
pascal@1922 131 pkg=$(dirname $file)
pascal@1922 132 [ "$pkg" = "$PACKAGE" ] && continue
al@18667 133 [ -z "$quiet" ] && echo "Reconfiguring $pkg for $PACKAGE..."
pascal@1922 134 tazpkg reconfigure $pkg
Hans-G?nter@22484 135 done
pascal@18730 136 [ -f "$1/etc/php.ini" ] && tazpkg get-install php-apache --root="$1"
pascal@18715 137 [ "$1" ] || netstat -ltn 2> /dev/null | grep -q :80 ||
pascal@18715 138 /etc/init.d/$PACKAGE start
pascal@1313 139 }
pascal@1313 140
pascal@1313 141 # Rules to clean extras dirs or files
pascal@1313 142 clean_wok()
pascal@1313 143 {
pascal@1313 144 rm -rf $WOK/$PACKAGE/${PACKAGE}.${VERSION}
pascal@1313 145 }