From owner-freebsd-apache@FreeBSD.ORG Mon Feb 27 11:06:21 2012 Return-Path: Delivered-To: apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1949D1065674 for ; Mon, 27 Feb 2012 11:06:21 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EC6908FC0A for ; Mon, 27 Feb 2012 11:06:20 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q1RB6KAG089484 for ; Mon, 27 Feb 2012 11:06:20 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q1RB6JmA089481 for apache@FreeBSD.org; Mon, 27 Feb 2012 11:06:19 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 27 Feb 2012 11:06:19 GMT Message-Id: <201202271106.q1RB6JmA089481@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: apache@FreeBSD.org Cc: Subject: Current problem reports assigned to apache@FreeBSD.org X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2012 11:06:21 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/159608 apache www/apache22: apache WITH_BDB_BASE settings described o ports/158565 apache www/apache22: Add rlimits based on login class for mpm o ports/157554 apache www/apache22: Apache RLimitNPROC does not work as inte o ports/156787 apache www/mod_auth_kerb2 fails on undefined symbol with base o ports/153406 apache www/apache22's SUEXEC_RSRCLIMIT option does not take e o ports/147282 apache errors when starting www/apache22 after installation o o ports/137729 apache www/mod_auth_kerb2 port broken on 8.0-BETA2 due to sec o ports/130479 apache www/apache22 configure_args busted o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT o ports/124375 apache security/heimdal: www/mod_auth_kerb doesn't compile ag 10 problems total. From owner-freebsd-apache@FreeBSD.ORG Wed Feb 29 21:40:35 2012 Return-Path: Delivered-To: apache@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA0BC1065672; Wed, 29 Feb 2012 21:40:35 +0000 (UTC) (envelope-from edwin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 811618FC16; Wed, 29 Feb 2012 21:40:35 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q1TLeZZs028781; Wed, 29 Feb 2012 21:40:35 GMT (envelope-from edwin@freefall.freebsd.org) Received: (from edwin@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q1TLeZKl028772; Wed, 29 Feb 2012 21:40:35 GMT (envelope-from edwin) Date: Wed, 29 Feb 2012 21:40:35 GMT Message-Id: <201202292140.q1TLeZKl028772@freefall.freebsd.org> To: edwin@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org, apache@FreeBSD.org From: edwin@FreeBSD.org Cc: Subject: Re: ports/165565: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 21:40:35 -0000 Synopsis: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD Responsible-Changed-From-To: freebsd-ports-bugs->apache Responsible-Changed-By: edwin Responsible-Changed-When: Wed Feb 29 21:40:35 UTC 2012 Responsible-Changed-Why: apache@ wants this port PRs (via the GNATS Auto Assign Tool) http://www.freebsd.org/cgi/query-pr.cgi?pr=165565 From owner-freebsd-apache@FreeBSD.ORG Wed Feb 29 22:10:13 2012 Return-Path: Delivered-To: apache@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28DC71065672 for ; Wed, 29 Feb 2012 22:10:13 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 16B0D8FC0C for ; Wed, 29 Feb 2012 22:10:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q1TMAC57054586 for ; Wed, 29 Feb 2012 22:10:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q1TMACuY054585; Wed, 29 Feb 2012 22:10:12 GMT (envelope-from gnats) Date: Wed, 29 Feb 2012 22:10:12 GMT Message-Id: <201202292210.q1TMACuY054585@freefall.freebsd.org> To: apache@FreeBSD.org From: Filip Valder Cc: Subject: Re: ports/165565: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Filip Valder List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 22:10:13 -0000 The following reply was made to PR ports/165565; it has been noted by GNATS. From: Filip Valder To: bug-followup@FreeBSD.org, filip@valder.cz Cc: Subject: Re: ports/165565: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD Date: Wed, 29 Feb 2012 23:10:00 +0100 This is a multi-part message in MIME format. --------------020109090804050307090101 Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Hi. I've got some problem with my public PTR record (maintained by my ISP). FreeBSD.org MXs don't accept mail from me, so I re-sent it using another mailbox, but the message was corrupted (as I expected :-)). I've attached the original message to his mail. It has got the right headers, consistent shar file etc... Sorry for the inconvenience... My first porting... Cheers, Filip --------------020109090804050307090101 Content-Type: message/rfc822; name="mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD.eml" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="mod_auth_token Token-based authentication similar to mod_sec"; filename*1="download in LIGHTTPD.eml" Received: from postak.ulice (postak.ulice [192.168.1.252]) by smtp.svetdoma.cz (Postfix) with ESMTP id D18D5427DDD; Wed, 29 Feb 2012 22:21:43 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=valder.cz; h= reply-to:from:from:subject:subject:message-id:date:date:received :received:received:received; s=dkim; t=1330550497; x=1332364898; bh=f4lCZ3DyUYs4Us0dcUkba9qvnplo7UrY78hvd5yv7is=; b=bzhlDJeBmvYI JrT7C9DnDlQkxoMq0sZetM5Q1Zre5Wxapi2jFggxKi3srybdZ0BDcIAmq/gbdWy9 gqf0ICh5Rsut2W+w9UeG2U6lWioguGRXhd1ZIZxaGXqhok7VUTL8vctI5HzGEWrM us+Nz32T3O4crEQrPs/lNeiEu1ika/Q= Received: from smtp.svetdoma.cz ([192.168.1.252]) by postak.ulice (smtp.svetdoma.cz [192.168.1.252]) (amavisd-new, port 10026) with ESMTP id Rj-eZQlkXKlA; Wed, 29 Feb 2012 22:21:37 +0100 (CET) Received: from ulicnik.ulice (ulicnik.ulice [192.168.1.253]) by smtp.svetdoma.cz (Postfix) with ESMTPS id C62D8427D54; Wed, 29 Feb 2012 22:21:37 +0100 (CET) Received: from ulicnik.ulice (ulicnik.ulice [192.168.1.253]) by ulicnik.ulice (8.14.3/8.14.3) with ESMTP id q1TLLbw1023075; Wed, 29 Feb 2012 22:21:37 +0100 (CET) (envelope-from root@ulicnik.ulice) Received: (from root@localhost) by ulicnik.ulice (8.14.3/8.14.3/Submit) id q1TLLbHc023074; Wed, 29 Feb 2012 22:21:37 +0100 (CET) (envelope-from root) Date: Wed, 29 Feb 2012 22:21:37 +0100 (CET) Message-Id: <201202292121.q1TLLbHc023074@ulicnik.ulice> To: FreeBSD-gnats-submit@freebsd.org Subject: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD From: Filip Valder Reply-To: Filip Valder Cc: Filip Valder X-send-pr-version: 3.113 X-GNATS-Notify: >Submitter-Id: fv >Originator: Filip Valder >Organization: ULICE.SvetDoma.cz >Confidential: no >Synopsis: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD >Severity: non-critical >Priority: medium >Category: ports >Class: change-request >Release: FreeBSD 8.2-RELEASE i386 >Environment: System: FreeBSD ulicnik.ulice 8.2-RELEASE FreeBSD 8.2-RELEASE #1: Sat Dec 3 23:35:47 CET 2011 root@hlidac-ha-2.ulice:/usr/obj/usr/src/sys/MYKERNEL i386 >Description: Token-based authentication similar to mod_secdownload in LIGHTTPD. Have your script generate a token and let Apache handle the file transfer without having to pipe it through a script for security. >How-To-Repeat: >Fix: --- mod_auth_token.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # mod_auth_token # mod_auth_token/Makefile # mod_auth_token/pkg-descr # mod_auth_token/distinfo # mod_auth_token/pkg-deinstall # mod_auth_token/pkg-message # echo c - mod_auth_token mkdir -p mod_auth_token > /dev/null 2>&1 echo x - mod_auth_token/Makefile sed 's/^X//' >mod_auth_token/Makefile << '9f12235b8a9ec0e6dd5b3158e829e2fc' X# New ports collection makefile for: mod_auth_token X# Date created: 29 February 2012 X# Whom: fv X# X# $FreeBSD$ X# X XPORTNAME= mod_auth_token XPORTVERSION= 1.0.5 XCATEGORIES= www XMASTER_SITES= http://mod-auth-token.googlecode.com/files/ XMASTER_SITES+= http://ports.valder.cz/${PORTNAME:L}/ X XMAINTAINER= filip@valder.cz XCOMMENT= Token-based authentication similar to mod_secdownload in LIGHTTPD X XBUILD_DEPENDS= automake>=1.10:${PORTSDIR}/devel/automake X XUSE_APACHE= 22+ XAP_GENPLIST= yes XPLIST_FILES+= %%APACHEMODDIR%%/mod_auth_token.so X XUSE_AUTOTOOLS= aclocal:env automake:env libtool X Xpost-patch: X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/COPYING ${WRKSRC}/COPYING X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.guess ${WRKSRC}/config.guess X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.sub ${WRKSRC}/config.sub X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/install-sh ${WRKSRC}/install-sh X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/missing ${WRKSRC}/missing X Xpost-install: X @${CAT} ${WRKSRC}/README X X.include 9f12235b8a9ec0e6dd5b3158e829e2fc echo x - mod_auth_token/pkg-descr sed 's/^X//' >mod_auth_token/pkg-descr << '91039b76901d21b2a9e74a3142652e82' XToken-based authentication similar to mod_secdownload in LIGHTTPD. XHave your script generate a token and let Apache handle the file Xtransfer without having to pipe it through a script for security. X XWWW: http://code.google.com/p/mod-auth-token/ 91039b76901d21b2a9e74a3142652e82 echo x - mod_auth_token/distinfo sed 's/^X//' >mod_auth_token/distinfo << '4f40ad080ecb2bad0a7130d84dcd78d7' XSHA256 (mod_auth_token-1.0.5.tar.gz) = 85af5d3d9bf5fb01d1ba04c814de3b43660cb0bb54122517429113cdb2b198fe XSIZE (mod_auth_token-1.0.5.tar.gz) = 340355 4f40ad080ecb2bad0a7130d84dcd78d7 echo x - mod_auth_token/pkg-deinstall sed 's/^X//' >mod_auth_token/pkg-deinstall << 'cfd8bb91d9a91d905ba285ce084053e0' X#!/bin/sh X# X# $FreeBSD$ X# X Xsed -i.bak '/LoadModule.*mod_auth_token.so/d' /usr/local/etc/apache[0-9]*/httpd.conf cfd8bb91d9a91d905ba285ce084053e0 echo x - mod_auth_token/pkg-message sed 's/^X//' >mod_auth_token/pkg-message << '887de36e5961a0b4aa13e29fd511a720' X X This module uses token based authentication to secure downloads X and prevent deep-linking. X X Have your script or servlet generate a token to authenticate the X download and let Apache handle the file transfer without having X to pipe it through a script for security. X X You can find downloads, daily snapshots and support information at X http://www.synd.info/ X XUSAGE X X The token is an hex-encoded MD5 hash of the X secret password, relative file path and the timestamp. It is X encoded onto the URI as: X X / X X For example X X /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt X X where the token is generated as X X md5("secret" + "/path/to/file.txt" + dechex(time_now())) X X with the following configuration in httpd.conf X X X AuthTokenSecret "secret" X AuthTokenPrefix /protected/ X AuthTokenTimeout 60 X