From 5db87c509b4072d0c81b6653d6666e557fd6a26f Mon Sep 17 00:00:00 2001
From: Emmanuel Lacour <elacour@home-dn.net>
Date: Wed, 4 Jun 2008 08:36:46 +0000
Subject: [PATCH]  r9185@datura:  manu | 2008-06-04 10:30:58 +0200  *
 debian/conf/suphp.conf: by default, deactivate suPHP for applications in   
 /usr/share (owned by uid 0) (closes: #472352, closes: #420007)  *
 debian/control: bump standard-version

---
 debian/changelog       |  8 ++++++++
 debian/conf/suphp.conf | 12 +++++++++++-
 debian/control         |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 35bd0c0..35daf4d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+suphp (0.6.2-3) unstable; urgency=low
+
+  * debian/conf/suphp.conf: by default, deactivate suPHP for applications in
+    /usr/share (owned by uid 0) (closes: #472352, closes: #420007)
+  * debian/control: bump standard-version
+
+ -- Emmanuel Lacour <elacour@home-dn.net>  Wed, 04 Jun 2008 10:04:08 +0200
+
 suphp (0.6.2-2.1) unstable; urgency=high
 
   * Non-maintainer upload by the security team
diff --git a/debian/conf/suphp.conf b/debian/conf/suphp.conf
index 9639f54..edc5a27 100644
--- a/debian/conf/suphp.conf
+++ b/debian/conf/suphp.conf
@@ -1,7 +1,17 @@
 <IfModule mod_suphp.c>
 	AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
 	suPHP_AddHandler application/x-httpd-php
-	suPHP_Engine on
+
+    <Directory />
+        suPHP_Engine on
+    </Directory>
+
+    # By default, disable suPHP for debian packaged web applications as files
+    # are owned by root and cannot be executed by suPHP because of min_uid.
+    <Directory /usr/share>
+        suPHP_Engine off
+    </Directory>
+
 # # Use a specific php config file (a dir which contains a php.ini file)
 #	suPHP_ConfigPath /etc/php4/cgi/suphp/
 # # Tells mod_suphp NOT to handle requests with the type <mime-type>.
diff --git a/debian/control b/debian/control
index 782728e..fa450dd 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: web
 Priority: optional
 Maintainer: Emmanuel Lacour <elacour@home-dn.net>
 Build-Depends: debhelper (>> 4.1.16), apache2-prefork-dev (>= 2.2.0), apache2-mpm-prefork (>= 2.2.0) | apache2-mpm-worker (>= 2.2.0), libapr1-dev, docbook-to-man, pkg-config, dpatch
-Standards-Version: 3.7.2
+Standards-Version: 3.7.3
 
 Package: suphp-common
 Architecture: any
-- 
2.11.0