Improved default security and webapp support. Thanks webapp and apache herds.

(Portage version: 2.1_pre3-r1)
author: Tom William Payne <twp@gentoo.org> 2006-01-25 19:37:10 +0000
committer: Tom William Payne <twp@gentoo.org> 2006-01-25 19:37:10 +0000
commit: 190bf5403b66134ce60d8e36e75573a2039fbfee (patch)
tree: 1a03ec220860980102e249a085538bb751903668 /www-apache/anyterm/files
parent: New upstream release: MonetDB 4.10.0 "Earth" (diff)
download: gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.gz
gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.bz2
gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.zip
4 files changed, 112 insertions, 26 deletions
diff --git a/www-apache/anyterm/files/50_anyterm.conf b/www-apache/anyterm/files/50_anyterm.conf
index f84d7d89be55..24e04ce564ef 100644
--- a/www-apache/anyterm/files/50_anyterm.conf
+++ b/www-apache/anyterm/files/50_anyterm.conf
@@ -2,7 +2,9 @@
   <IfModule !anyterm.c>
     LoadModule anyterm modules/anyterm.so
   </IfModule>
-  <Directory "/var/www/localhost/htdocs/anyterm/">
-    AllowOverride All
-  </Directory>
+  <IfDefine DEFAULT_VHOST>
+    <Directory "/var/www/localhost/htdocs/anyterm">
+      AllowOverride All
+    </Directory>
+  </IfDefine>
 </IfDefine>
diff --git a/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch b/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch
index b6f201f6bf05..d2f203d8ce71 100644
--- a/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch
+++ b/www-apache/anyterm/files/anyterm-1.1.8-browser-gentoo.patch
@@ -1,46 +1,71 @@
+diff -Naur anyterm-1.1.8/browser/anyterm.js anyterm/browser/anyterm.js
+--- anyterm-1.1.8/browser/anyterm.js	2005-11-24 19:54:15.000000000 +0100
++++ anyterm/browser/anyterm.js	2006-01-25 16:52:46.000000000 +0100
+@@ -26,16 +26,21 @@
+ var open=false;
+ var session;
+ 
+-//var post_method="POST";
+-var post_method="GET";
++#USE=opera#//var post_method="POST";
++#USE=opera#var post_method="GET";
++#USE=-opera#var post_method="POST";
++#USE=-opera#//var post_method="GET";
+ 
+ // Random sequence numbers are needed to prevent Opera from caching
+ // replies
+ 
+ var is_opera = navigator.userAgent.toLowerCase().indexOf("opera") != -1;
+-if (is_opera) {
+-  post_method="GET";
+-}
++#USE=opera#if (is_opera) {
++#USE=opera#  post_method="GET";
++#USE=opera#}
++#USE=-opera#//if (is_opera) {
++#USE=-opera#//  post_method="GET";
++#USE=-opera#//}
+ 
+ var seqnum_val=Math.round(Math.random()*100000);
+ function cachebust() {
 diff -Naur anyterm-1.1.8/browser/.htaccess anyterm/browser/.htaccess
 --- anyterm-1.1.8/browser/.htaccess	2005-09-05 00:49:44.000000000 +0200
-+++ anyterm/browser/.htaccess	2006-01-23 22:36:42.000000000 +0100
-@@ -7,6 +7,11 @@
++++ anyterm/browser/.htaccess	2006-01-25 17:03:29.000000000 +0100
+@@ -6,6 +6,8 @@
+ # will be ignored if the anyterm module has not been loaded.
  
  <IfModule anyterm>
++#USE=ssl#<IfModule mod_ssl.c>
++#USE=pam#<IfModule mod_auth_pam.c>
  
-+# twp: To force Anyterm installations to be as secure as possible "out-of-the-
-+# twp: box", we also require that both mod_ssl and mod_auth_pam are present.
-+<IfModule mod_ssl.c>
-+<IfModule mod_auth_pam.c>
-+
  # Use an anyterm_command directive to specify the command to run
  # inside the terminal:
- #
-@@ -24,6 +29,18 @@
+@@ -24,6 +26,16 @@
  # Example:
  # anyterm_command '/path/to/anygetty --remotehost "Anyterm: %h" --autologin=%u'
  
 +# twp: Use ssh to avoid problems with Gentoo's /bin/login.
 +anyterm_command '/usr/bin/ssh %u@localhost'
 +
-+# twp: Only provide Anyterm over SSL connections.
-+SSLRequireSSL
-+
-+# twp: Require a valid user using mod_auth_pam.
-+AuthPAM_Enabled on
-+AuthType Basic
-+AuthName "Anyterm"
-+Require valid-user
-+
++#USE=ssl#SSLRequireSSL
++#USE=ssl#
++#USE=pam#AuthPAM_Enabled on
++#USE=pam#AuthType Basic
++#USE=pam#AuthName "Anyterm"
++#USE=pam#Require valid-user
++#USE=pam#
  <Files anyterm-module>
    SetHandler anyterm
  
-@@ -34,7 +51,10 @@
+@@ -34,7 +46,10 @@
    # CustomLog /path/to/logfile combined env=!DONTLOG
    # See the Apache documentation for details.  Note "=!" not "!=" !
  
 -  # SetEnv DONTLOG
-+  SetEnv DONTLOG
++#USE=opera#  SetEnv DONTLOG
++#USE=-opera#  # SetEnv DONTLOG
  </Files>
  
++#USE=pam#</IfModule>
++#USE=ssl#</IfModule>
  </IfModule>
-+</IfModule>
-+
-+</IfModule>
diff --git a/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt b/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt
new file mode 100644
index 000000000000..f96f0dcef3e9
--- /dev/null
+++ b/www-apache/anyterm/files/anyterm-1.1.8-postinst-en.txt
@@ -0,0 +1,59 @@
+DEFAULT GENTOO INSTALLATION
+
+The default Gentoo installation is designed to work and be as secure as
+possible out-of-the box as long as you have USE="ssl pam -opera".
+
+
+USE FLAGS
+
++ssl	forces anyterm to only run over secure (HTTPS) connections.
+-ssl    disables secure connections, all data will pass over the network in
+        plain text, including passwords!
++pam    enables PAM authentication, so anyone with an account on your computer
+        can use anyterm without any further configuration.
+-pam    means that you will have to configure your own authentication
+        mechanism.
++opera  Enables a workaround for a bug in the Opera browser, but you will have
+        to modify apache's logging behaviour to prevent snooping by local
+	users.
+-opera  Disables the Opera bug workaround.
+
+
+INSTALLATION INSTRUCTIONS
+
+1. Add the following flags to APACHE2_OPTS in /etc/init.d/apache2:
+	-D ANYTERM
+	-D SSL                # if USE=ssl
+	-D SSL_DEFAULT_VHOST  # if USE="ssl -vhosts"
+	-D AUTH_PAM           # if USE=pam
+
+2. If you have USE=vhosts then you need to add the following directives to
+   each virtual host's configuration file:
+   	<Directory "${MY_INSTALLDIR}">
+	  AllowOverride All
+	</Directory>
+
+3. If you have USE=opera then you should disable logging of some requests. In
+   each apache configuration file add env=!DONTLOG to each CustomLog
+   directive. For example:
+   USE="ssl -vhosts":
+   	Edit /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf:
+	    CustomLog logs/ssl_request_log \
+	              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" \
+		      env=!DONTLOG
+   USE="-ssl -vhosts":
+   	Edit /etc/apache2/httpd.conf:
+	     CustomLog logs/access_log common env=!DONTLOG
+
+4. Restart apache2:
+	/etc/init.d/apache2 restart
+
+5. Browse to:
+	https://${VHOST_HOSTNAME}${VHOST_APPDIR}/${PN}.html  # if USE=ssl
+	http://${VHOST_HOSTNAME}${VHOST_APPDIR}/${PN}.html   # if USE=-ssl
+
+
+MORE INFORMATION
+
+http://anyterm.org/
+http://anyterm.org/security.html
diff --git a/www-apache/anyterm/files/digest-anyterm-1.1.8-r1 b/www-apache/anyterm/files/digest-anyterm-1.1.8-r2
index 5aa11d832d47..5aa11d832d47 100644
--- a/www-apache/anyterm/files/digest-anyterm-1.1.8-r1
+++ b/www-apache/anyterm/files/digest-anyterm-1.1.8-r2
author	Tom William Payne <twp@gentoo.org>	2006-01-25 19:37:10 +0000
committer	Tom William Payne <twp@gentoo.org>	2006-01-25 19:37:10 +0000
commit	190bf5403b66134ce60d8e36e75573a2039fbfee (patch)
tree	1a03ec220860980102e249a085538bb751903668 /www-apache/anyterm/files
parent	New upstream release: MonetDB 4.10.0 "Earth" (diff)
download	gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.gz gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.tar.bz2 gentoo-2-190bf5403b66134ce60d8e36e75573a2039fbfee.zip