[packages/apache] secure access to vcs files

[glen]

commit 2a2808190f27882f841068874e98291acf511432
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sat Oct 31 02:08:04 2015 +0200

    secure access to vcs files

 apache-common.conf | 15 +++++++++------
 apache.spec        |  2 +-
 2 files changed, 10 insertions(+), 7 deletions(-)
---
diff --git a/apache.spec b/apache.spec
index ae19545..eee8c96 100644
--- a/apache.spec
+++ b/apache.spec
@@ -35,7 +35,7 @@ Summary(ru.UTF-8):	Самый популярный веб-сервер
 Summary(tr.UTF-8):	Lider WWW tarayıcı
 Name:		apache
 Version:	2.4.17
-Release:	1
+Release:	2
 License:	Apache v2.0
 Group:		Networking/Daemons/HTTP
 Source0:	http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
diff --git a/apache-common.conf b/apache-common.conf
index 8b1b751..6ffd634 100644
--- a/apache-common.conf
+++ b/apache-common.conf
@@ -24,8 +24,10 @@ DocumentRoot "/home/services/httpd/html"
 	</IfModule>
 </Directory>
 
-# Prevent .htaccess and .htpasswd files from being viewed by Web clients.
-<Files ".ht*">
+# Prevent access to:
+# - .htaccess and .htpasswd files
+# - backup files from being viewed
+<FilesMatch  "^(\.ht.*|.*~|.*,v)$">
 	<IfModule mod_authz_host.c>
 		Require all denied
 	</IfModule>
@@ -33,10 +35,11 @@ DocumentRoot "/home/services/httpd/html"
 		Order deny,allow
 		Deny from all
 	</IfModule>
-</Files>
+</FilesMatch>
 
-# Prevent backup files from being viewed, too.
-<Files "*~">
+# Prevent access to:
+# - version control directories
+<DirectoryMatch "/\.(svn|git|hg|bzr)|CVS)/?">
 	<IfModule mod_authz_host.c>
 		Require all denied
 	</IfModule>
@@ -44,7 +47,7 @@ DocumentRoot "/home/services/httpd/html"
 		Order deny,allow
 		Deny from all
 	</IfModule>
-</Files>
+</DirectoryMatch>
 
 #
 # This should be changed to whatever you set DocumentRoot to.
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/2a2808190f27882f841068874e98291acf511432