smeserver-git/contribs10/smeserver-git-1.2.0-bz12048-httpd24.patch

diff -Nur --no-dereference smeserver-git-1.2.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories smeserver-git-1.2.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories
--- smeserver-git-1.2.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories 2022-07-22 02:56:15.846000000 -0400
+++ smeserver-git-1.2.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories     2022-07-22 03:07:22.029000000 -0400
@@ -98,13 +98,13 @@
   #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   #~~~ Gitweb default access permissions for viewing
 
-  my $gitweb_allow = '127.0.0.1'; # Catch incorrect values, including empty ones
+  my $gitweb_allow = 'ip 127.0.0.1'; # Catch incorrect values, including empty ones
   # Setup the rules from which address range we allow access
   if( $git{'gitweb_access_from'} ) {
     if ($git{'gitweb_access_from'} eq 'internet') {
-      $gitweb_allow = 'All';
+      $gitweb_allow = 'all granted';
     } elsif ($git{'gitweb_access_from'} eq 'local') {
-      $gitweb_allow = $localAccess;
+      $gitweb_allow = "ip $localAccess";
     }
   }
 
@@ -262,16 +262,14 @@
     $OUT .= "    # Access permissions for the git root directory\n";
     $OUT .= "    <Directory \"$GitRepositoryRoot\">\n";
     $OUT .= "      Options        +ExecCGI\n";
-    $OUT .= "      Order          Allow,Deny\n";
-    $OUT .= "      Allow from     All\n";
+    $OUT .= "      Require all granted\n";
     $OUT .= "    </Directory>\n";
     $OUT .= "\n";
 
     $OUT .= "    # Access permissions for git backend scripts\n";
     $OUT .= "    <Directory \"$GitHttpBackendPath\">\n";
     $OUT .= "      Options        +ExecCGI +Indexes\n";
-    $OUT .= "      Order          Allow,Deny\n";
-    $OUT .= "      Allow from     All\n";
+    $OUT .= "      Require all granted\n";
     $OUT .= "    </Directory>\n";
     $OUT .= "\n";
 
@@ -338,16 +336,14 @@
       $OUT .= "      AllowOverride  None\n";
       $OUT .= "      AddHandler     cgi-script .cgi\n";
       $OUT .= "      DirectoryIndex gitweb.cgi\n";
-      $OUT .= "      Order          Allow,Deny\n";
-      $OUT .= "      Allow from     $gitweb_allow\n";
+      $OUT .= "      Require $gitweb_allow\n";
       $OUT .= "    </Directory>\n\n";
 
       if( $gitweb_theme eq 'enabled' ) {
         $OUT .= "    # Access permissions for additional gitweb theme files\n";
         $OUT .= "    <Directory \"/etc/e-smith/web/common/gitweb\">\n";
         $OUT .= "      AllowOverride  None\n";
-        $OUT .= "      Order          Allow,Deny\n";
-        $OUT .= "      Allow from     $gitweb_allow\n";
+        $OUT .= "      Require $gitweb_allow\n";
         $OUT .= "    </Directory>\n\n";
       }
     } else {
@@ -367,12 +363,12 @@
 
       # Retrieve the network access rules for the repository
       my $satisfy                 = 'All';
-      my $allow_from_network = '127.0.0.1'; # Catch incorrect values, including empty ones
+      my $allow_from_network = 'ip 127.0.0.1'; # Catch incorrect values, including empty ones
       if( $properties{'allow_access_from'} ) {
         if( $properties{'allow_access_from'} eq 'internet' ) {
-          $allow_from_network = 'All';
+          $allow_from_network = 'all granted';
         } elsif ($properties{'allow_access_from'} eq 'local') {
-          $allow_from_network = $localAccess;
+          $allow_from_network = "ip $localAccess";
         }
       }
 
@@ -403,6 +399,8 @@
 
       $OUT .= "    <LocationMatch \"^$gitpath/(gitweb.cgi/|)$git_repository.git\"> # PULL access to $gitpath/$git_repository.git\n";
 
+      $OUT .= "        <RequireAll>\n";
+
       if( $effective_pull_users ) {
         $OUT .= "        # PULL Access Control\n";
         $OUT .= "        AuthName          \"Git repository: $git_repository\.git (" . ($properties{'description'} || "ERROR - DESCRIPTION NOT CONFIGURED!"). ")\"\n";
@@ -414,15 +412,13 @@
       } else {
         $OUT .= "        # Anonymous PULL Access\n";
       }
-      if( $allow_from_network ne 'All' ) {
+      if( $allow_from_network ne 'all granted' ) {
         $OUT .= "        # Restricted network access\n";
-        $OUT .= "        Order         Deny,Allow\n";
-        $OUT .= "        Deny          from All\n";
-        $OUT .= "        Allow         from $allow_from_network\n";
+        $OUT .= "        Require $allow_from_network\n";
       } else {
-        $OUT .= "        # Internet access enabled\n";
+        $OUT .= "        Require all granted # Internet access enabled\n";
       }
-      $OUT .= "        Satisfy       All\n";
+      $OUT .= "        </RequireAll>\n";
     
       $OUT .= "    </LocationMatch> # $gitpath/$git_repository.git\n\n";
 
@@ -433,6 +429,7 @@
 
       $OUT .= "    <Location \"/push$gitpath/$git_repository.git\">  # PUSH access to $gitpath/$git_repository.git\n";
 
+      $OUT .= "        <RequireAll>\n";
       if( $effective_push_users ) {
         $OUT .= "        # PUSH Access Control\n";
         $OUT .= "        AuthName          \"Git repository: $git_repository\.git (" . ($properties{'description'} || "ERROR - DESCRIPTION NOT CONFIGURED!"). ")\"\n";
@@ -444,15 +441,13 @@
       } else {
         $OUT .= "        # Anonymous PUSH Access\n";
       }
-      if( $allow_from_network ne 'All' ) {
+      if( $allow_from_network ne 'all granted' ) {
         $OUT .= "        # Restricted network access\n";
-        $OUT .= "        Order         Deny,Allow\n";
-        $OUT .= "        Deny          from All\n";
-        $OUT .= "        Allow         from $allow_from_network\n";
+        $OUT .= "        Require $allow_from_network\n";
       } else {
-        $OUT .= "        # Internet access enabled\n";
+        $OUT .= "        Require all granted # Internet access enabled\n";
       }
-      $OUT .= "        Satisfy       All\n";
+      $OUT .= "        </RequireAll>\n";
     
       $OUT .= "    </Location> # /push$gitpath/$git_repository.git\n\n";
     }
1	diff -Nur --no-dereference smeserver-git-1.2.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories smeserver-git-1.2.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories
2	--- smeserver-git-1.2.0.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories 2022-07-22 02:56:15.846000000 -0400
3	+++ smeserver-git-1.2.0/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/29GitRepositories 2022-07-22 03:07:22.029000000 -0400
4	@@ -98,13 +98,13 @@
5	#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6	#~~~ Gitweb default access permissions for viewing
7
8	- my $gitweb_allow = '127.0.0.1'; # Catch incorrect values, including empty ones
9	+ my $gitweb_allow = 'ip 127.0.0.1'; # Catch incorrect values, including empty ones
10	# Setup the rules from which address range we allow access
11	if( $git{'gitweb_access_from'} ) {
12	if ($git{'gitweb_access_from'} eq 'internet') {
13	- $gitweb_allow = 'All';
14	+ $gitweb_allow = 'all granted';
15	} elsif ($git{'gitweb_access_from'} eq 'local') {
16	- $gitweb_allow = $localAccess;
17	+ $gitweb_allow = "ip $localAccess";
18	}
19	}
20
21	@@ -262,16 +262,14 @@
22	$OUT .= " # Access permissions for the git root directory\n";
23	$OUT .= " <Directory \"$GitRepositoryRoot\">\n";
24	$OUT .= " Options +ExecCGI\n";
25	- $OUT .= " Order Allow,Deny\n";
26	- $OUT .= " Allow from All\n";
27	+ $OUT .= " Require all granted\n";
28	$OUT .= " </Directory>\n";
29	$OUT .= "\n";
30
31	$OUT .= " # Access permissions for git backend scripts\n";
32	$OUT .= " <Directory \"$GitHttpBackendPath\">\n";
33	$OUT .= " Options +ExecCGI +Indexes\n";
34	- $OUT .= " Order Allow,Deny\n";
35	- $OUT .= " Allow from All\n";
36	+ $OUT .= " Require all granted\n";
37	$OUT .= " </Directory>\n";
38	$OUT .= "\n";
39
40	@@ -338,16 +336,14 @@
41	$OUT .= " AllowOverride None\n";
42	$OUT .= " AddHandler cgi-script .cgi\n";
43	$OUT .= " DirectoryIndex gitweb.cgi\n";
44	- $OUT .= " Order Allow,Deny\n";
45	- $OUT .= " Allow from $gitweb_allow\n";
46	+ $OUT .= " Require $gitweb_allow\n";
47	$OUT .= " </Directory>\n\n";
48
49	if( $gitweb_theme eq 'enabled' ) {
50	$OUT .= " # Access permissions for additional gitweb theme files\n";
51	$OUT .= " <Directory \"/etc/e-smith/web/common/gitweb\">\n";
52	$OUT .= " AllowOverride None\n";
53	- $OUT .= " Order Allow,Deny\n";
54	- $OUT .= " Allow from $gitweb_allow\n";
55	+ $OUT .= " Require $gitweb_allow\n";
56	$OUT .= " </Directory>\n\n";
57	}
58	} else {
59	@@ -367,12 +363,12 @@
60
61	# Retrieve the network access rules for the repository
62	my $satisfy = 'All';
63	- my $allow_from_network = '127.0.0.1'; # Catch incorrect values, including empty ones
64	+ my $allow_from_network = 'ip 127.0.0.1'; # Catch incorrect values, including empty ones
65	if( $properties{'allow_access_from'} ) {
66	if( $properties{'allow_access_from'} eq 'internet' ) {
67	- $allow_from_network = 'All';
68	+ $allow_from_network = 'all granted';
69	} elsif ($properties{'allow_access_from'} eq 'local') {
70	- $allow_from_network = $localAccess;
71	+ $allow_from_network = "ip $localAccess";
72	}
73	}
74
75	@@ -403,6 +399,8 @@
76
77	$OUT .= " <LocationMatch \"^$gitpath/(gitweb.cgi/\|)$git_repository.git\"> # PULL access to $gitpath/$git_repository.git\n";
78
79	+ $OUT .= " <RequireAll>\n";
80	+
81	if( $effective_pull_users ) {
82	$OUT .= " # PULL Access Control\n";
83	$OUT .= " AuthName \"Git repository: $git_repository\.git (" . ($properties{'description'} \|\| "ERROR - DESCRIPTION NOT CONFIGURED!"). ")\"\n";
84	@@ -414,15 +412,13 @@
85	} else {
86	$OUT .= " # Anonymous PULL Access\n";
87	}
88	- if( $allow_from_network ne 'All' ) {
89	+ if( $allow_from_network ne 'all granted' ) {
90	$OUT .= " # Restricted network access\n";
91	- $OUT .= " Order Deny,Allow\n";
92	- $OUT .= " Deny from All\n";
93	- $OUT .= " Allow from $allow_from_network\n";
94	+ $OUT .= " Require $allow_from_network\n";
95	} else {
96	- $OUT .= " # Internet access enabled\n";
97	+ $OUT .= " Require all granted # Internet access enabled\n";
98	}
99	- $OUT .= " Satisfy All\n";
100	+ $OUT .= " </RequireAll>\n";
101
102	$OUT .= " </LocationMatch> # $gitpath/$git_repository.git\n\n";
103
104	@@ -433,6 +429,7 @@
105
106	$OUT .= " <Location \"/push$gitpath/$git_repository.git\"> # PUSH access to $gitpath/$git_repository.git\n";
107
108	+ $OUT .= " <RequireAll>\n";
109	if( $effective_push_users ) {
110	$OUT .= " # PUSH Access Control\n";
111	$OUT .= " AuthName \"Git repository: $git_repository\.git (" . ($properties{'description'} \|\| "ERROR - DESCRIPTION NOT CONFIGURED!"). ")\"\n";
112	@@ -444,15 +441,13 @@
113	} else {
114	$OUT .= " # Anonymous PUSH Access\n";
115	}
116	- if( $allow_from_network ne 'All' ) {
117	+ if( $allow_from_network ne 'all granted' ) {
118	$OUT .= " # Restricted network access\n";
119	- $OUT .= " Order Deny,Allow\n";
120	- $OUT .= " Deny from All\n";
121	- $OUT .= " Allow from $allow_from_network\n";
122	+ $OUT .= " Require $allow_from_network\n";
123	} else {
124	- $OUT .= " # Internet access enabled\n";
125	+ $OUT .= " Require all granted # Internet access enabled\n";
126	}
127	- $OUT .= " Satisfy All\n";
128	+ $OUT .= " </RequireAll>\n";
129
130	$OUT .= " </Location> # /push$gitpath/$git_repository.git\n\n";
131	}