Fixing SUEXEC_SAFEPATH (erroneous quotes for SUEXEC SAFEPATH - #182451, thanks to Martin von Gagern <Martin.vGagern at gmx.net>). Making SUEXEC_SAFEPATH configureable too.

Package-Manager: portage-2.1.3_rc6

4 files changed, 503 insertions, 5 deletions

diff --git a/net-www/apache/ChangeLog b/net-www/apache/ChangeLog
index d5f0e5f71625..b4b246d858f7 100644
--- a/net-www/apache/ChangeLog
+++ b/net-www/apache/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-www/apache
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-www/apache/ChangeLog,v 1.536 2007/06/15 19:05:48 hollow Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-www/apache/ChangeLog,v 1.537 2007/07/08 20:31:18 phreak Exp $
+
+*apache-2.2.4-r8 (08 Jul 2007)
+
+  08 Jul 2007; Christian Heim <phreak@gentoo.org> +apache-2.2.4-r8.ebuild:
+  Fixing SUEXEC_SAFEPATH (erroneous quotes for SUEXEC SAFEPATH - #182451,
+  thanks to Martin von Gagern <Martin.vGagern at gmx.net>). Making
+  SUEXEC_SAFEPATH configureable too.
 
 *apache-2.2.4-r7 (15 Jun 2007)
 
diff --git a/net-www/apache/Manifest b/net-www/apache/Manifest
index c6a694464e66..24b43437e30f 100644
--- a/net-www/apache/Manifest
+++ b/net-www/apache/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 DIST gentoo-apache-2.0.58-r2-20060726.tar.bz2 58758 RMD160 46c6da577db444a6553b60d3ae30c61ae3b741fa SHA1 5399c6076fbccc36b1d8a5ed783f77918c3398eb SHA256 b8e0356e87fdd7b55fcecbee804c9a41525b3e6fe8309f87f2509abd161c8e6b
 DIST gentoo-apache-2.0.59-r2-20061102.tar.bz2 58768 RMD160 d20d39e66e3cb52befeb697133172c8d494e2c78 SHA1 1f8543ecdba7cef911456757a0d12e9c15abe355 SHA256 c8de97abe4077e2f6d827726a5fb0b03f6e8bd9514d8f9b9ca2a35a1c9698518
 DIST gentoo-apache-2.2.4-r5-20070605.tar.bz2 57317 RMD160 d5ef8bddc1a470d0a5ef41b1d7d3423054c90626 SHA1 7ff6af17fe342fab96718b7b2fcd4db1c5af1d25 SHA256 507327d1a0029b7583c842b5f9d15a2be54226befe4fe1c32969d267de138363
@@ -21,10 +24,14 @@ EBUILD apache-2.2.4-r7.ebuild 15230 RMD160 f55d70cb2dc318a19908d4780d10bd5bba167
 MD5 067f363f9db9ff7d3005aa3d7ac96a46 apache-2.2.4-r7.ebuild 15230
 RMD160 f55d70cb2dc318a19908d4780d10bd5bba167c7e apache-2.2.4-r7.ebuild 15230
 SHA256 9717d7bd1a6c68ba7f0bea5dfe8336094d514c8becd25cae5524a09fa624ac98 apache-2.2.4-r7.ebuild 15230
-MISC ChangeLog 92396 RMD160 b60c9f7c46b1a2ffeab6dfd2ab51faa4f551fc79 SHA1 3e87f07b33a47ba5bd8890fe30da63ca2be7d58d SHA256 9c93fd23e98c8c5e39da25ff3b1cdface614b0335a1624bb166b4b50aae3e8b1
-MD5 93deb8f3cd152285c82128631149830d ChangeLog 92396
-RMD160 b60c9f7c46b1a2ffeab6dfd2ab51faa4f551fc79 ChangeLog 92396
-SHA256 9c93fd23e98c8c5e39da25ff3b1cdface614b0335a1624bb166b4b50aae3e8b1 ChangeLog 92396
+EBUILD apache-2.2.4-r8.ebuild 15341 RMD160 9f25cba7d1633e2f0cd1e93b213da6198d4ef9d5 SHA1 ff6fede16b6ea1e4b4811a2cc0df9d931410735f SHA256 3d7e0dbed6e260ca2a0785b9cb955756374d36ea9fb62bbe8c833f344b477e45
+MD5 881a196037159638d524e95d88e9eb07 apache-2.2.4-r8.ebuild 15341
+RMD160 9f25cba7d1633e2f0cd1e93b213da6198d4ef9d5 apache-2.2.4-r8.ebuild 15341
+SHA256 3d7e0dbed6e260ca2a0785b9cb955756374d36ea9fb62bbe8c833f344b477e45 apache-2.2.4-r8.ebuild 15341
+MISC ChangeLog 92682 RMD160 41447591d873eced2ba32714840f7564441ca3f8 SHA1 18dc1c9871f47be90e9ce3dcdb2d892865e5bcbf SHA256 bdb7c3f68f5e28243a768da7dfe3a7ef5ef47c99c56ec3991b567e65a6c24fa0
+MD5 937834607f9b6f1523f4c5e4e8e734da ChangeLog 92682
+RMD160 41447591d873eced2ba32714840f7564441ca3f8 ChangeLog 92682
+SHA256 bdb7c3f68f5e28243a768da7dfe3a7ef5ef47c99c56ec3991b567e65a6c24fa0 ChangeLog 92682
 MISC metadata.xml 551 RMD160 1b31261c043e57cabc9bd8582f9b34c09d92d108 SHA1 68bb286a67452c3dae7525195c60b8637cca9b81 SHA256 646729a42ddffcbde3426dd6aa9a77fab923bc348c5b34c9d24083d86fbb15eb
 MD5 0f28752ee3545b3fd8e28ee656e62f4b metadata.xml 551
 RMD160 1b31261c043e57cabc9bd8582f9b34c09d92d108 metadata.xml 551
@@ -41,3 +48,13 @@ SHA256 1c6148391d382b0c388801c54fd831c9172e4063d03dd0c4c9a5c8b2dff6d027 files/di
 MD5 dabadb92943b5af0cda4248c84f45869 files/digest-apache-2.2.4-r7 536
 RMD160 143b01d363ab92a5676dc52599a4959886c1481e files/digest-apache-2.2.4-r7 536
 SHA256 7d24e0c773a201961123b6e407ac1d2b56edc0917dca464e44e79ce74475a4c7 files/digest-apache-2.2.4-r7 536
+MD5 dabadb92943b5af0cda4248c84f45869 files/digest-apache-2.2.4-r8 536
+RMD160 143b01d363ab92a5676dc52599a4959886c1481e files/digest-apache-2.2.4-r8 536
+SHA256 7d24e0c773a201961123b6e407ac1d2b56edc0917dca464e44e79ce74475a4c7 files/digest-apache-2.2.4-r8 536
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.4 (GNU/Linux)
+
+iD8DBQFGkUmfyuNVb5qfaOYRArJzAJ9yMoMOwKnFoywu45/Q5eGlgape/ACeORiV
+pAGK8zVVolGgVQ2ot9NTplE=
+=twVK
+-----END PGP SIGNATURE-----
diff --git a/net-www/apache/apache-2.2.4-r8.ebuild b/net-www/apache/apache-2.2.4-r8.ebuild
new file mode 100644
index 000000000000..446726bc7420
--- /dev/null
+++ b/net-www/apache/apache-2.2.4-r8.ebuild
@@ -0,0 +1,468 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-www/apache/apache-2.2.4-r8.ebuild,v 1.1 2007/07/08 20:31:18 phreak Exp $
+
+inherit eutils flag-o-matic gnuconfig multilib autotools
+
+# latest gentoo apache files
+GENTOO_PATCHNAME="gentoo-${P}-r7"
+GENTOO_PATCHSTAMP="20070615"
+GENTOO_DEVSPACE="hollow"
+GENTOO_PATCHDIR="${WORKDIR}/${GENTOO_PATCHNAME}"
+
+DESCRIPTION="The Apache Web Server."
+HOMEPAGE="http://httpd.apache.org/"
+SRC_URI="mirror://apache/httpd/httpd-${PV}.tar.bz2
+		http://dev.gentoo.org/~${GENTOO_DEVSPACE}/dist/apache/${GENTOO_PATCHNAME}-${GENTOO_PATCHSTAMP}.tar.bz2"
+
+# some helper scripts are apache-1.1, thus both are here
+LICENSE="Apache-2.0 Apache-1.1"
+
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="debug doc ldap mpm-event mpm-itk mpm-peruser mpm-prefork mpm-worker no-suexec selinux ssl static-modules threads"
+
+DEPEND="dev-lang/perl
+	=dev-libs/apr-1*
+	=dev-libs/apr-util-1*
+	dev-libs/expat
+	dev-libs/libpcre
+	sys-libs/zlib
+	ldap? ( =net-nds/openldap-2* )
+	selinux? ( sec-policy/selinux-apache )
+	ssl? ( dev-libs/openssl )
+	!=net-www/apache-1*
+	!=app-admin/apache-tools-2.2.4-r2"
+
+RDEPEND="${DEPEND}
+	app-misc/mime-types"
+
+PDEPEND="~app-admin/apache-tools-${PV}"
+
+S="${WORKDIR}/httpd-${PV}"
+
+pkg_setup() {
+	if use ldap && ! built_with_use 'dev-libs/apr-util' ldap ; then
+		eerror "dev-libs/apr-util is missing LDAP support. For apache to have"
+		eerror "ldap support, apr-util must be built with the ldap USE-flag"
+		eerror "enabled."
+		die "ldap USE-flag enabled while not supported in apr-util"
+	fi
+
+	# Select the default MPM module
+	MPM_LIST="event itk peruser prefork worker"
+	for x in ${MPM_LIST} ; do
+		if use mpm-${x} ; then
+			if [[ "x${mpm}" == "x" ]] ; then
+				mpm=${x}
+				elog
+				elog "Selected MPM: ${mpm}"
+				elog
+			else
+				eerror "You have selected more then one mpm USE-flag."
+				eerror "Only one MPM is supported."
+				die "more then one mpm was specified"
+			fi
+		fi
+	done
+
+	if [[ "x${mpm}" == "x" ]] ; then
+		if use threads ; then
+			mpm=worker
+			elog
+			elog "Selected default threaded MPM: ${mpm}";
+			elog
+		else
+			mpm=prefork
+			elog
+			elog "Selected default MPM: ${mpm}";
+			elog
+		fi
+	fi
+
+	# setup apache user and group
+	enewgroup apache 81
+	enewuser apache 81 -1 /var/www apache
+
+	if ! use no-suexec ; then
+		elog
+		elog "You can manipulate several configure options of suexec"
+		elog "through the following environment variables:"
+		elog
+		elog " SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)"
+		elog "  SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)"
+		elog "   SUEXEC_CALLER: Name of the user Apache is running as (default: apache)"
+		elog "  SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)"
+		elog "   SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)"
+		elog "   SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)"
+		elog "  SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)"
+		elog "    SUEXEC_UMASK: Umask for the suexec process (default: 077)"
+		elog
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# Use correct multilib libdir in gentoo patches
+	sed -i -e "s:/usr/lib:/usr/$(get_libdir):g" \
+		"${GENTOO_PATCHDIR}"/{conf/httpd.conf,init/*,patches/config.layout} \
+		|| die "libdir sed failed"
+
+	#### Patch Organization
+	# 00-19 Gentoo specific  (00_all_some-title.patch)
+	# 20-39 Additional MPMs  (20_all_${MPM}_some-title.patch)
+	# 40-59 USE-flag based   (40_all_${USE}_some-title.patch)
+	# 60-79 Version specific (60_all_${PV}_some-title.patch)
+	# 80-99 Security patches (80_all_${PV}_cve-####-####.patch)
+
+	EPATCH_SUFFIX="patch"
+	epatch "${GENTOO_PATCHDIR}"/patches/[0-1]*
+	if $(ls "${GENTOO_PATCHDIR}"/patches/[2-3]?_*_${mpm}_* &>/dev/null) ; then
+		epatch "${GENTOO_PATCHDIR}"/patches/[2-3]?_*_${mpm}_*
+	fi
+	for uf in ${IUSE} ; do
+		if use ${uf} && $(ls "${GENTOO_PATCHDIR}"/patches/[4-5]?_*_${uf}_* &>/dev/null) ; then
+			epatch "${GENTOO_PATCHDIR}"/patches/[4-5]?_*_${uf}_*
+		fi
+	done
+	if $(ls "${GENTOO_PATCHDIR}"/patches/[6-9]?_*_${PV}_* &>/dev/null) ; then
+		epatch "${GENTOO_PATCHDIR}"/patches/[6-9]?_*_${PV}_*
+	fi
+
+	# setup the filesystem layout config
+	cat "${GENTOO_PATCHDIR}"/patches/config.layout >> "${S}"/config.layout || \
+		die "Failed preparing config.layout!"
+	sed -i -e "s:version:${PF}:g" "${S}"/config.layout
+
+	# patched-in MPMs need the build environment rebuilt
+	sed -i -e '/sinclude/d' configure.in
+	AT_GNUCONF_UPDATE=yes AT_M4DIR=build eautoreconf
+}
+
+src_compile() {
+	local modtype="shared" myconf=""
+	cd "${S}"
+
+	# Instead of filtering --as-needed (bug #128505), append --no-as-needed
+	# Thanks to Harald van Dijk
+	append-ldflags -Wl,--no-as-needed
+
+	use static-modules && modtype="static"
+	select_modules_config || die "determining modules failed"
+
+	if use ldap ; then
+		mods="${mods} ldap authnz_ldap"
+		myconf="${myconf} --enable-authnz-ldap=${modtype} --enable-ldap=${modtype}"
+	fi
+
+	if use ssl; then
+		mods="${mods} ssl"
+		myconf="${myconf} --with-ssl=/usr --enable-ssl=${modtype}"
+	fi
+
+	# Only build suexec with USE=-no-suexec
+	if use no-suexec ; then
+		myconf="${myconf} --disable-suexec"
+	else
+		myconf="${myconf} --with-suexec-safepath=${SUEXEC_SAFEPATH:-/usr/local/bin:/usr/bin:/bin}"
+		myconf="${myconf} --with-suexec-logfile=${SUEXEC_LOGFILE:-/var/log/apache2/suexec_log}"
+		myconf="${myconf} --with-suexec-bin=/usr/sbin/suexec"
+		myconf="${myconf} --with-suexec-userdir=${SUEXEC_USERDIR:-public_html}"
+		myconf="${myconf} --with-suexec-caller=${SUEXEC_CALLER:-apache}"
+		myconf="${myconf} --with-suexec-docroot=${SUEXEC_DOCROOT:-/var/www}"
+		myconf="${myconf} --with-suexec-uidmin=${SUEXEC_MINUID:-1000}"
+		myconf="${myconf} --with-suexec-gidmin=${SUEXEC_MINGID:-100}"
+		myconf="${myconf} --with-suexec-umask=${SUEXEC_UMASK:-077}"
+		myconf="${myconf} --enable-suexec=${modtype}"
+		mods="${mods} suexec"
+	fi
+
+	# econf overwrites the stuff from config.layout, so we have to put them into
+	# our myconf line too
+
+	econf \
+		--includedir=/usr/include/apache2 \
+		--libexecdir=/usr/$(get_libdir)/apache2/modules \
+		--datadir=/var/www/localhost \
+		--sysconfdir=/etc/apache2 \
+		--localstatedir=/var \
+		--with-mpm=${mpm} \
+		--with-perl=/usr/bin/perl \
+		--with-expat=/usr \
+		--with-z=/usr \
+		--with-apr=/usr \
+		--with-apr-util=/usr \
+		--with-pcre=/usr \
+		--with-port=80 \
+		--with-program-name=apache2 \
+		--enable-layout=Gentoo \
+		$( use_enable debug maintainer-mode ) \
+		${myconf} ${MY_BUILTINS} || die "econf failed!"
+
+	sed -i -e 's:apache2\.conf:httpd.conf:' include/ap_config_auto.h
+
+	emake || die "emake failed"
+}
+
+src_install () {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	# This is a mapping of module names to the -D options in APACHE2_OPTS
+	# Used for creating optional LoadModule lines
+	mod_defines="info:INFO status:INFO
+				ldap:LDAP authnz_ldap:AUTH_LDAP
+				proxy:PROXY proxy_connect:PROXY proxy_http:PROXY
+				proxy_ajp:PROXY proxy_balancer:PROXY
+				ssl:SSL
+				suexec:SUEXEC
+				userdir:USERDIR"
+
+	# create our LoadModule lines
+	if ! use static-modules ; then
+		load_module=""
+		moddir="${D}/usr/$(get_libdir)/apache2/modules"
+		for m in ${mods} ; do
+			endid="no"
+
+			if [[ -e "${moddir}/mod_${m}.so" ]] ; then
+				for def in ${mod_defines} ; do
+					if [[ "${m}" == "${def%:*}" ]] ; then
+						load_module="${load_module}\n<IfDefine ${def#*:}>"
+						endid="yes"
+					fi
+				done
+				load_module="${load_module}\nLoadModule ${m}_module modules/mod_${m}.so"
+				if [[ "${endid}" == "yes" ]] ; then
+					load_module="${load_module}\n</IfDefine>"
+				fi
+			fi
+		done
+	fi
+	sed -i -e "s:%%LOAD_MODULE%%:${load_module}:" \
+		"${GENTOO_PATCHDIR}"/conf/httpd.conf || die "sed failed"
+
+	# Install our configuration files
+	insinto /etc/apache2
+	doins docs/conf/magic
+	doins -r "${GENTOO_PATCHDIR}"/conf/*
+	insinto /etc/logrotate.d
+	newins "${GENTOO_PATCHDIR}"/scripts/apache2-logrotate apache2
+
+	# generate a sane default APACHE2_OPTS
+	APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE"
+	use doc && APACHE2_OPTS="${APACHE2_OPTS} -D MANUAL"
+	use ssl && APACHE2_OPTS="${APACHE2_OPTS} -D SSL -D SSL_DEFAULT_VHOST"
+	use no-suexec || APACHE2_OPTS="${APACHE2_OPTS} -D SUEXEC"
+
+	sed -i -e "s:APACHE2_OPTS=\".*\":APACHE2_OPTS=\"${APACHE2_OPTS}\":" \
+		"${GENTOO_PATCHDIR}"/init/apache2.confd || die "sed failed"
+
+	newconfd "${GENTOO_PATCHDIR}"/init/apache2.confd apache2
+	newinitd "${GENTOO_PATCHDIR}"/init/apache2.initd apache2
+
+	# Link apache2ctl to the init script
+	dosym /etc/init.d/apache2 /usr/sbin/apache2ctl
+
+	# provide symlinks for all the stuff we no longer rename, bug 177697
+	for i in suexec apxs; do
+		dosym /usr/sbin/${i} /usr/sbin/${i}2
+	done
+
+	# Install some thirdparty scripts
+	exeinto /usr/sbin
+	for i in apache2logserverstatus apache2splitlogfile ; do
+		doexe "${GENTOO_PATCHDIR}"/scripts/${i}
+	done
+	use ssl && doexe "${GENTOO_PATCHDIR}"/scripts/gentestcrt.sh
+
+	# Install some documentation
+	dodoc ABOUT_APACHE CHANGES LAYOUT README README.platforms VERSIONING
+
+	# drop in a convenient link to the manual
+	if use doc ; then
+		sed -i -e "s:VERSION:${PVR}:" "${D}/etc/apache2/modules.d/00_apache_manual.conf"
+	else
+		rm -f "${D}/etc/apache2/modules.d/00_apache_manual.conf"
+		rm -Rf "${D}/usr/share/doc/${PF}/manual"
+	fi
+
+	# the default webroot gets stored in /usr/share/doc
+	ebegin "Installing default webroot to /usr/share/doc/${PF}"
+	mv -f "${D}/var/www/localhost" "${D}/usr/share/doc/${PF}/webroot"
+	eend $?
+
+	if ! use no-suexec ; then
+		# Set some sane permissions for suexec
+		fowners 0:apache /usr/sbin/suexec
+		fperms 4710 /usr/sbin/suexec
+	fi
+
+	keepdir /etc/apache2/vhosts.d
+	keepdir /etc/apache2/modules.d
+
+	# empty dirs
+	for i in /var/lib/dav /var/log/apache2 /var/cache/apache2 ; do
+		keepdir ${i}
+		fowners apache:apache ${i}
+		fperms 0755 ${i}
+	done
+
+	# We'll be needing /etc/apache2/ssl if USE=ssl
+	use ssl && keepdir /etc/apache2/ssl
+}
+
+pkg_postinst() {
+	# Automatically generate test certificates if ssl USE flag is being set
+	if use ssl && [[ ! -e "${ROOT}/etc/apache2/ssl/server.crt" ]] ; then
+		cd "${ROOT}"/etc/apache2/ssl
+		einfo
+		einfo "Generating self-signed test certificate in ${ROOT}/etc/apache2/ssl ..."
+		yes "" 2>/dev/null | \
+			"${ROOT}"/usr/sbin/gentestcrt.sh >/dev/null 2>&1 || \
+			die "gentestcrt.sh failed"
+		einfo
+	fi
+
+	# we do this here because the default webroot is a copy of the files
+	# that exist elsewhere and we don't want them managed/removed by portage
+	# when apache is upgraded.
+
+	if [[ -e "${ROOT}/var/www/localhost" ]] ; then
+		elog "The default webroot has not been installed into"
+		elog "${ROOT}/var/www/localhost because the directory already exists"
+		elog "and we do not want to overwrite any files you have put there."
+		elog
+		elog "If you would like to install the latest webroot, please run"
+		elog "emerge --config =${PF}"
+	else
+		einfo "Installing default webroot to ${ROOT}/var/www/localhost"
+		mkdir -p "${ROOT}"/var/www/localhost
+		cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost
+		chown -R apache:0 "${ROOT}"/var/www/localhost
+	fi
+
+	# Previous installations of apache-2.2 installed the upstream configuration
+	# files, which shouldn't even have been installed!
+	if has_version '>=net-www/apache-2.2.4' ; then
+		[ -f "${ROOT}"/etc/apache2/apache2.conf ] && \
+			rm -f "${ROOT}"/etc/apache2/apache2.conf >/dev/null 2>&1
+
+		for i in extra original ; do
+			[ -d "${ROOT}"/etc/apache2/$i ] && \
+				rm -rf "${ROOT}"/etc/apache2/$i >/dev/null 2>&1
+		done
+	fi
+
+	# Note for new location of Listen
+	if has_version '<net-www/apache-2.2.4-r7' ; then
+		elog
+		elog "Listen directives have been moved into the default virtual host"
+		elog "configuation. Therefore you have to enabled at least one of"
+		elog "DEFAULT_VHOST or SSL_DEFAULT_VHOST, otherwise no listening"
+		elog "sockets would be available."
+		elog
+	fi
+
+	# Note the user of the config changes
+	if has_version '<net-www/apache-2.2.4-r5' ; then
+		elog
+		elog "Please make sure that you update your /etc directory."
+		elog "Between the versions, we had to changes some config files"
+		elog "and move some stuff out of the main httpd.conf file to a seperate"
+		elog "modules.d entry."
+		elog
+		elog "Thus please update your /etc directory either via etc-update,"
+		elog "dispatch-conf or conf-update !"
+		elog
+	fi
+
+	# Check for dual/upgrade install
+	if has_version '<net-www/apache-2.2.0' ; then
+		elog
+		elog "When upgrading from versions below 2.2.0 to this version, you"
+		elog "need to rebuild all your modules. Please do so for your modules"
+		elog "to continue working correctly."
+		elog
+		elog "Also note that some configuration directives have been"
+		elog "split into their own files under ${ROOT}/etc/apache2/modules.d/"
+		elog "and that some modules, foremost the authentication related ones,"
+		elog "have been renamed."
+		elog
+		elog "Some examples:"
+		elog "  - USERDIR is now configureable in ${ROOT}etc/apache2/modules.d/00_mod_userdir.conf."
+		elog
+		elog "For more information on what you may need to change, please"
+		elog "see the overview of changes at:"
+		elog "http://httpd.apache.org/docs/2.2/new_features_2_2.html"
+		elog "and the upgrading guide at:"
+		elog "http://httpd.apache.org/docs/2.2/upgrading.html"
+		elog
+		elog "Some modules do not yet work with Apache 2.2."
+		elog "To keep from accidentally downgrading to Apache 2.0, you should"
+		elog "add the following to ${ROOT}/etc/portage/package.mask:"
+		elog
+		elog "    <net-www/apache-2.2.0"
+		elog
+	fi
+}
+
+pkg_config() {
+	einfo "Installing default webroot to ${ROOT}/var/www/localhost"
+	mkdir -p "${ROOT}"/var/www/localhost
+	cp -R "${ROOT}"/usr/share/doc/${PF}/webroot/* "${ROOT}"/var/www/localhost
+	chown -R apache:0 "${ROOT}"/var/www/localhost
+}
+
+parse_modules_config() {
+	local name=""
+	local disable=""
+	local version="undef"
+	MY_BUILTINS=""
+	mods=""
+	[[ -f "${1}" ]] || return 1
+
+	for i in $(sed 's/#.*//' < $1) ; do
+		if [[ "$i" == "VERSION:" ]] ; then
+			version="select"
+		elif [[ "${version}" == "select" ]] ; then
+			version="$i"
+		# start with - option for backwards compatibility only
+		elif [[ "$i" == "-" ]] ; then
+			disable="true"
+		elif [[ -z "${name}" ]] && [[ "$i" != "${i/mod_/}" ]] ; then
+			name="${i/mod_/}"
+		elif [[ -n "${disable}" ]] || [[ "$i" == "disabled" ]] ; then
+			MY_BUILTINS="${MY_BUILTINS} --disable-${name}"
+			name="" ; disable=""
+		elif [[ "$i" == "static" ]] || use static-modules ; then
+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=static"
+			name="" ; disable=""
+		elif [[ "$i" == "shared" ]] ; then
+			MY_BUILTINS="${MY_BUILTINS} --enable-${name}=shared"
+			mods="${mods} ${name}"
+			name="" ; disable=""
+		else
+			ewarn "Parse error in ${1} - unknown option: $i"
+		fi
+	done
+
+	# reject the file if it's unversioned or doesn't match our
+	# package major.minor. This is to make upgrading work smoothly.
+	if [[ "${version}" != "${PV%.*}" ]] ; then
+		mods=""
+		MY_BUILTINS=""
+		return 1
+	fi
+
+	einfo "Using ${1}"
+	einfo "options: ${MY_BUILTINS}"
+	einfo "LoadModules: ${mods}"
+}
+
+select_modules_config() {
+	parse_modules_config "${ROOT}"/etc/apache2/apache2-builtin-mods || \
+	parse_modules_config "${GENTOO_PATCHDIR}"/conf/apache2-builtin-mods || \
+	return 1
+}
diff --git a/net-www/apache/files/digest-apache-2.2.4-r8 b/net-www/apache/files/digest-apache-2.2.4-r8
new file mode 100644
index 000000000000..5987b78a7209
--- /dev/null
+++ b/net-www/apache/files/digest-apache-2.2.4-r8
@@ -0,0 +1,6 @@
+MD5 0be9d5c1475bb0631da7016651c17f23 gentoo-apache-2.2.4-r7-20070615.tar.bz2 57925
+RMD160 973faaa7d64b6b8fc72218082ffdec408efe5e7a gentoo-apache-2.2.4-r7-20070615.tar.bz2 57925
+SHA256 307d499a6493cbd63ed85c6af3e79c380628dc7c34655ac2a0f0108851f1e13e gentoo-apache-2.2.4-r7-20070615.tar.bz2 57925
+MD5 536c86c7041515a25dd8bad3611da9a3 httpd-2.2.4.tar.bz2 4930375
+RMD160 bb6e8a7447fa8e8f629010f30b548068de518523 httpd-2.2.4.tar.bz2 4930375
+SHA256 08ab82eae6418e265d361730e7eadc7d6966dffdb66ee07bd4d9af3f2b28dfc8 httpd-2.2.4.tar.bz2 4930375