app-eselect/eselect-php: Move from AddHandler to FilesMatch/SetHandler for security (bug #538822)

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0x401A1600)

3 files changed, 73 insertions, 1 deletions

diff --git a/app-eselect/eselect-php/ChangeLog b/app-eselect/eselect-php/ChangeLog
index de4ab8fcbcf5..bbb19bdf2ff4 100644
--- a/app-eselect/eselect-php/ChangeLog
+++ b/app-eselect/eselect-php/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-eselect/eselect-php
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-eselect/eselect-php/ChangeLog,v 1.1 2015/03/31 16:53:51 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-eselect/eselect-php/ChangeLog,v 1.2 2015/04/05 23:12:19 sping Exp $
+
+*eselect-php-0.7.1-r4 (05 Apr 2015)
+
+  05 Apr 2015; Sebastian Pipping <sping@gentoo.org>
+  +eselect-php-0.7.1-r4.ebuild, +files/70_mod_php5.conf-apache2-r1:
+  Move from AddHandler to FilesMatch/SetHandler for security (bug #538822)
 
 *eselect-php-0.7.1-r1 (31 Mar 2015)
 
diff --git a/app-eselect/eselect-php/eselect-php-0.7.1-r4.ebuild b/app-eselect/eselect-php/eselect-php-0.7.1-r4.ebuild
new file mode 100644
index 000000000000..dc0ebd353013
--- /dev/null
+++ b/app-eselect/eselect-php/eselect-php-0.7.1-r4.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-eselect/eselect-php/eselect-php-0.7.1-r4.ebuild,v 1.1 2015/04/05 23:12:19 sping Exp $
+
+EAPI=5
+
+inherit depend.apache systemd
+
+DESCRIPTION="PHP eselect module"
+HOMEPAGE="http://www.gentoo.org"
+SRC_URI="http://dev.gentoo.org/~olemarkus/eselect-php/eselect-php-${PV}.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos"
+IUSE="fpm apache2"
+
+DEPEND=">=app-admin/eselect-1.2.4
+		!<dev-lang/php-5.3.23-r1:5.3
+		!<dev-lang/php-5.4.13-r1:5.4
+		!<dev-lang/php-5.5.0_beta1-r2:5.5
+		"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}"
+
+want_apache
+
+src_install() {
+	mv eselect-php-${PV} php.eselect
+	insinto /usr/share/eselect/modules/
+	doins php.eselect
+
+	if use apache2 ; then
+		insinto "${APACHE_MODULES_CONFDIR#${EPREFIX}}"
+		newins "${FILESDIR}/70_mod_php5.conf-apache2-r1" \
+			"70_mod_php5.conf"
+	fi
+
+	if use fpm ; then
+		dodir "/etc/init.d"
+		insinto "/etc/init.d"
+		newinitd "${FILESDIR}/php-fpm-r1.init" "php-fpm"
+		systemd_dotmpfilesd "${FILESDIR}/php-fpm.conf"
+		exeinto /usr/libexec
+		doexe "${FILESDIR}/php-fpm-launcher"
+	fi
+}
diff --git a/app-eselect/eselect-php/files/70_mod_php5.conf-apache2-r1 b/app-eselect/eselect-php/files/70_mod_php5.conf-apache2-r1
new file mode 100644
index 000000000000..05deeb6e80f6
--- /dev/null
+++ b/app-eselect/eselect-php/files/70_mod_php5.conf-apache2-r1
@@ -0,0 +1,18 @@
+<IfDefine PHP5>
+	# Load the module first
+	<IfModule !mod_php5.c>
+		LoadModule php5_module    modules/libphp5.so
+	</IfModule>
+
+	# Set it to handle the files
+	# NOTE: Avoiding AddHandler/AddType for security (bug #538822)
+	# NOTE: Please read the related news item!
+	<FilesMatch "\.(php|php5|phtml)$">
+		SetHandler application/x-httpd-php
+	</FilesMatch>
+	<FilesMatch "\.phps$">
+		SetHandler application/x-httpd-php-source
+	</FilesMatch>
+
+	DirectoryIndex index.php index.phtml
+</IfDefine>