[56574] trunk/dports/www/apache2

ryandesign at macports.org ryandesign at macports.org
Sun Aug 30 04:29:52 PDT 2009 

Revision: 56574
          http://trac.macports.org/changeset/56574
Author:   ryandesign at macports.org
Date:     2009-08-30 04:29:47 -0700 (Sun, 30 Aug 2009)
Log Message:
-----------
apache2: fix default case-insensitive .htaccess, .htpasswd, .DS_Store and namedfork protection to match Apple's recommendations; see #7277

Modified Paths:
--------------
    trunk/dports/www/apache2/Portfile
    trunk/dports/www/apache2/files/patch-httpd.conf.in-sensitive-files.diff

Modified: trunk/dports/www/apache2/Portfile
===================================================================
--- trunk/dports/www/apache2/Portfile	2009-08-30 10:54:20 UTC (rev 56573)
+++ trunk/dports/www/apache2/Portfile	2009-08-30 11:29:47 UTC (rev 56574)
@@ -4,7 +4,7 @@
 
 name             apache2
 version          2.2.13
-revision         1
+revision         2
 categories       www
 maintainers      imajes
 description      The extremely popular second version of the Apache http server 

Modified: trunk/dports/www/apache2/files/patch-httpd.conf.in-sensitive-files.diff
===================================================================
--- trunk/dports/www/apache2/files/patch-httpd.conf.in-sensitive-files.diff	2009-08-30 10:54:20 UTC (rev 56573)
+++ trunk/dports/www/apache2/files/patch-httpd.conf.in-sensitive-files.diff	2009-08-30 11:29:47 UTC (rev 56574)
@@ -1,43 +1,31 @@
---- docs/conf/httpd.conf.in.orig	2008-11-03 13:50:25.000000000 +0100
-+++ docs/conf/httpd.conf.in	2008-11-03 13:52:00.000000000 +0100
-@@ -168,14 +168,36 @@
+--- docs/conf/httpd.conf.in	2007-12-21 05:43:00.000000000 -0600
++++ docs/conf/httpd.conf.in	2008-02-06 14:10:15.000000000 -0600
+@@ -168,14 +168,24 @@
  </IfModule>
  
  #
 -# The following lines prevent .htaccess and .htpasswd files from being 
 -# viewed by Web clients. 
-+# The following lines prevent .htaccess files from being viewed by
-+# Web clients.  Since .htaccess files often contain authorization
-+# information, access is disallowed for security reasons.  Comment
-+# these lines out if you want Web visitors to see the contents of
-+# .htaccess files.
++# The following lines prevent .htaccess, .htpasswd and .DS_Store files and
++# Mac resource forks and named forks from being viewed by Web clients.
  #
 -<FilesMatch "^\.ht">
-+# Also, folks tend to use names such as .htpasswd for password
-+# files, so this will protect those as well.
-+#
 +<Files ~ "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
+     Order allow,deny
+     Deny from all
+     Satisfy All
+-</FilesMatch>
++</Files>
++<Files "rsrc">
 +    Order allow,deny
 +    Deny from all
 +    Satisfy All
 +</Files>
-+
-+#
-+# Apple specific filesystem protection.
-+# 
-+
-+<Files "rsrc">
++<DirectoryMatch ".*\.\.namedfork">
 +    Order allow,deny
 +    Deny from all
 +    Satisfy All
-+</Files>
-+
-+<Directory  ~ ".\.\.namedfork">
-     Order allow,deny
-     Deny from all
-     Satisfy All
--</FilesMatch>
-+</Directory>
++</DirectoryMatch>
  
  #
  # ErrorLog: The location of the error log file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20090830/1bb5b2e9/attachment.html>

More information about the macports-changes mailing list