From: Elan Ruusamäe <glen@delfi.ee>
Date: Sat, 31 Oct 2015 00:08:04 +0000 (+0200)
Subject: secure access to vcs files
X-Git-Tag: auto/th/apache-2.4.17-2
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fapache.git;a=commitdiff_plain;h=2a2808190f27882f841068874e98291acf511432

secure access to vcs files
---

diff --git a/apache-common.conf b/apache-common.conf
index 8b1b751..6ffd634 100644
--- a/apache-common.conf
+++ b/apache-common.conf
@@ -24,8 +24,10 @@ DocumentRoot "/home/services/httpd/html"
 	</IfModule>
 </Directory>
 
-# Prevent .htaccess and .htpasswd files from being viewed by Web clients.
-<Files ".ht*">
+# Prevent access to:
+# - .htaccess and .htpasswd files
+# - backup files from being viewed
+<FilesMatch  "^(\.ht.*|.*~|.*,v)$">
 	<IfModule mod_authz_host.c>
 		Require all denied
 	</IfModule>
@@ -33,10 +35,11 @@ DocumentRoot "/home/services/httpd/html"
 		Order deny,allow
 		Deny from all
 	</IfModule>
-</Files>
+</FilesMatch>
 
-# Prevent backup files from being viewed, too.
-<Files "*~">
+# Prevent access to:
+# - version control directories
+<DirectoryMatch "/\.(svn|git|hg|bzr)|CVS)/?">
 	<IfModule mod_authz_host.c>
 		Require all denied
 	</IfModule>
@@ -44,7 +47,7 @@ DocumentRoot "/home/services/httpd/html"
 		Order deny,allow
 		Deny from all
 	</IfModule>
-</Files>
+</DirectoryMatch>
 
 #
 # This should be changed to whatever you set DocumentRoot to.
diff --git a/apache.spec b/apache.spec
index ae19545..eee8c96 100644
--- a/apache.spec
+++ b/apache.spec
@@ -35,7 +35,7 @@ Summary(ru.UTF-8):	Ð¡Ð°Ð¼ÑÐ¹ Ð¿Ð¾Ð¿ÑÐ»ÑÑÐ½ÑÐ¹ Ð²ÐµÐ±-ÑÐµÑÐ²ÐµÑ
 Summary(tr.UTF-8):	Lider WWW tarayÄ±cÄ±
 Name:		apache
 Version:	2.4.17
-Release:	1
+Release:	2
 License:	Apache v2.0
 Group:		Networking/Daemons/HTTP
 Source0:	http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
