Page MenuHomeFreeBSD

Update pkg message for apache's latest security model
ClosedPublic

Authored by ler on Mar 16 2017, 7:10 PM.

Details

Summary

Update pkg message for apache 2.4 users for Apache 2.4's new security model.
PR: 217850
Submitted By: dirkx@webweaving.org
Approved By: (adamw|rene) (Mentor)

Test Plan

poudriere
portlint

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

ler created this revision.Mar 16 2017, 7:10 PM
ler edited the summary of this revision. (Show Details)Mar 16 2017, 7:11 PM
ler added a comment.Mar 16 2017, 7:33 PM

Hold off on this, I'm not sure I want to do it. See my comments in #217850

mat added a comment.Mar 17 2017, 8:47 AM

Saying that you should add the AddHandler is a bad idea. It is not always true, many people use php through the fpm mechanism, this is why only the mod_php* ports tell you to add them.

ler updated this revision to Diff 26380.Mar 18 2017, 1:47 AM

loose the handler, and add apache 2.4 lines

adamw added inline comments.Mar 18 2017, 1:53 AM
www/joomla3/files/pkg-message.in
14 ↗(On Diff #26380)

IIRC, that's not quite right. apache24 doesn't just add that line, it needs to replace at least the Allow from all line (possibly the Order line too?).

ler added inline comments.Mar 18 2017, 2:00 AM
www/joomla3/files/pkg-message.in
14 ↗(On Diff #26380)

that's how I have it for my installation at https://joomla.lerctr.org/

so, I'm not inclined to change that.

adamw added inline comments.Mar 18 2017, 2:14 AM
www/joomla3/files/pkg-message.in
14 ↗(On Diff #26380)

You have

Allow from all
Require all granted

in your apache 2.4 setup?

ler added inline comments.Mar 18 2017, 2:37 AM
www/joomla3/files/pkg-message.in
14 ↗(On Diff #26380)

yes.

<VirtualHost 192.147.25.65:443>

ServerName joomla.lerctr.org
DocumentRoot /usr/local/www/joomla3
ErrorLog "/var/log/httpd/joomla-ssl-error_log"
CustomLog "/var/log/httpd/joomla-ssl-access_log" common

 <Location />
  Order deny,allow
  allow from all
  require all granted
 </Location>
adamw accepted this revision.Mar 18 2017, 3:06 AM

TIL!

Go for it, but with 3 changes:

  1. Capitalize the R in Required to fit the other lines.
  2. Improve your commit message. Right now it's confusing and doesn't really say what the commit is about. Really it's about showing Apache 2.4 users what to do, not about a changing security model.
  3. You need more fields than just PR. This change was submitted by someone who deserves credit, and it needs an Approved by: field.
This revision is now accepted and ready to land.Mar 18 2017, 3:06 AM
ler edited the summary of this revision. (Show Details)Mar 18 2017, 3:09 AM
This revision was automatically updated to reflect the committed changes.