diff options
author | Tom William Payne <twp@gentoo.org> | 2006-01-25 19:37:10 +0000 |
---|---|---|
committer | Tom William Payne <twp@gentoo.org> | 2006-01-25 19:37:10 +0000 |
commit | 190bf5403b66134ce60d8e36e75573a2039fbfee (patch) | |
tree | 1a03ec220860980102e249a085538bb751903668 /www-apache/anyterm/files | |
parent | New upstream release: MonetDB 4.10.0 "Earth" (diff) | |
download | gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.gz gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.bz2 gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.zip |
Improved default security and webapp support. Thanks webapp and apache herds.
(Portage version: 2.1_pre3-r1)
Diffstat (limited to 'www-apache/anyterm/files')
-rw-r--r-- | www-apache/anyterm/files/50_anyterm.conf | 8 | ||||
-rw-r--r-- | www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch | 71 | ||||
-rw-r--r-- | www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt | 59 | ||||
-rw-r--r-- | www-apache/anyterm/files/digest-anyterm-1.1.8-r2 (renamed from www-apache/anyterm/files/digest-anyterm-1.1.8-r1) | 0 |
4 files changed, 112 insertions, 26 deletions
diff --git a/www-apache/anyterm/files/50_anyterm.conf b/www-apache/anyterm/files/50_anyterm.conf index f84d7d89be55..24e04ce564ef 100644 --- a/www-apache/anyterm/files/50_anyterm.conf +++ b/www-apache/anyterm/files/50_anyterm.conf @@ -2,7 +2,9 @@ <IfModule !anyterm.c> LoadModule anyterm modules/anyterm.so </IfModule> - <Directory "/var/www/localhost/htdocs/anyterm/"> - AllowOverride All - </Directory> + <IfDefine DEFAULT_VHOST> + <Directory "/var/www/localhost/htdocs/anyterm"> + AllowOverride All + </Directory> + </IfDefine> </IfDefine> diff --git a/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch b/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch index b6f201f6bf05..d2f203d8ce71 100644 --- a/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch +++ b/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch @@ -1,46 +1,71 @@ +diff -Naur anyterm-1.1.8/browser/anyterm.js anyterm/browser/anyterm.js +--- anyterm-1.1.8/browser/anyterm.js 2005-11-24 19:54:15.000000000 +0100 ++++ anyterm/browser/anyterm.js 2006-01-25 16:52:46.000000000 +0100 +@@ -26,16 +26,21 @@ + var open=false; + var session; + +-//var post_method="POST"; +-var post_method="GET"; ++#USE=opera#//var post_method="POST"; ++#USE=opera#var post_method="GET"; ++#USE=-opera#var post_method="POST"; ++#USE=-opera#//var post_method="GET"; + + // Random sequence numbers are needed to prevent Opera from caching + // replies + + var is_opera = navigator.userAgent.toLowerCase().indexOf("opera") != -1; +-if (is_opera) { +- post_method="GET"; +-} ++#USE=opera#if (is_opera) { ++#USE=opera# post_method="GET"; ++#USE=opera#} ++#USE=-opera#//if (is_opera) { ++#USE=-opera#// post_method="GET"; ++#USE=-opera#//} + + var seqnum_val=Math.round(Math.random()*100000); + function cachebust() { diff -Naur anyterm-1.1.8/browser/.htaccess anyterm/browser/.htaccess --- anyterm-1.1.8/browser/.htaccess 2005-09-05 00:49:44.000000000 +0200 -+++ anyterm/browser/.htaccess 2006-01-23 22:36:42.000000000 +0100 -@@ -7,6 +7,11 @@ ++++ anyterm/browser/.htaccess 2006-01-25 17:03:29.000000000 +0100 +@@ -6,6 +6,8 @@ + # will be ignored if the anyterm module has not been loaded. <IfModule anyterm> ++#USE=ssl#<IfModule mod_ssl.c> ++#USE=pam#<IfModule mod_auth_pam.c> -+# twp: To force Anyterm installations to be as secure as possible "out-of-the- -+# twp: box", we also require that both mod_ssl and mod_auth_pam are present. -+<IfModule mod_ssl.c> -+<IfModule mod_auth_pam.c> -+ # Use an anyterm_command directive to specify the command to run # inside the terminal: - # -@@ -24,6 +29,18 @@ +@@ -24,6 +26,16 @@ # Example: # anyterm_command '/path/to/anygetty --remotehost "Anyterm: %h" --autologin=%u' +# twp: Use ssh to avoid problems with Gentoo's /bin/login. +anyterm_command '/usr/bin/ssh %u@localhost' + -+# twp: Only provide Anyterm over SSL connections. -+SSLRequireSSL -+ -+# twp: Require a valid user using mod_auth_pam. -+AuthPAM_Enabled on -+AuthType Basic -+AuthName "Anyterm" -+Require valid-user -+ ++#USE=ssl#SSLRequireSSL ++#USE=ssl# ++#USE=pam#AuthPAM_Enabled on ++#USE=pam#AuthType Basic ++#USE=pam#AuthName "Anyterm" ++#USE=pam#Require valid-user ++#USE=pam# <Files anyterm-module> SetHandler anyterm -@@ -34,7 +51,10 @@ +@@ -34,7 +46,10 @@ # CustomLog /path/to/logfile combined env=!DONTLOG # See the Apache documentation for details. Note "=!" not "!=" ! - # SetEnv DONTLOG -+ SetEnv DONTLOG ++#USE=opera# SetEnv DONTLOG ++#USE=-opera# # SetEnv DONTLOG </Files> ++#USE=pam#</IfModule> ++#USE=ssl#</IfModule> </IfModule> -+</IfModule> -+ -+</IfModule> diff --git a/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt b/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt new file mode 100644 index 000000000000..f96f0dcef3e9 --- /dev/null +++ b/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt @@ -0,0 +1,59 @@ +DEFAULT GENTOO INSTALLATION + +The default Gentoo installation is designed to work and be as secure as +possible out-of-the box as long as you have USE="ssl pam -opera". + + +USE FLAGS + ++ssl forces anyterm to only run over secure (HTTPS) connections. +-ssl disables secure connections, all data will pass over the network in + plain text, including passwords! ++pam enables PAM authentication, so anyone with an account on your computer + can use anyterm without any further configuration. +-pam means that you will have to configure your own authentication + mechanism. ++opera Enables a workaround for a bug in the Opera browser, but you will have + to modify apache's logging behaviour to prevent snooping by local + users. +-opera Disables the Opera bug workaround. + + +INSTALLATION INSTRUCTIONS + +1. Add the following flags to APACHE2_OPTS in /etc/init.d/apache2: + -D ANYTERM + -D SSL # if USE=ssl + -D SSL_DEFAULT_VHOST # if USE="ssl -vhosts" + -D AUTH_PAM # if USE=pam + +2. If you have USE=vhosts then you need to add the following directives to + each virtual host's configuration file: + <Directory "${MY_INSTALLDIR}"> + AllowOverride All + </Directory> + +3. If you have USE=opera then you should disable logging of some requests. In + each apache configuration file add env=!DONTLOG to each CustomLog + directive. For example: + USE="ssl -vhosts": + Edit /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf: + CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" \ + env=!DONTLOG + USE="-ssl -vhosts": + Edit /etc/apache2/httpd.conf: + CustomLog logs/access_log common env=!DONTLOG + +4. Restart apache2: + /etc/init.d/apache2 restart + +5. Browse to: + https://${VHOST_HOSTNAME}${VHOST_APPDIR}/${PN}.html # if USE=ssl + http://${VHOST_HOSTNAME}${VHOST_APPDIR}/${PN}.html # if USE=-ssl + + +MORE INFORMATION + +http://anyterm.org/ +http://anyterm.org/security.html diff --git a/www-apache/anyterm/files/digest-anyterm-1.1.8-r1 b/www-apache/anyterm/files/digest-anyterm-1.1.8-r2 index 5aa11d832d47..5aa11d832d47 100644 --- a/www-apache/anyterm/files/digest-anyterm-1.1.8-r1 +++ b/www-apache/anyterm/files/digest-anyterm-1.1.8-r2 |