Fix security bug 477462 with a fix backported in redhat bug 985633.

Package-Manager: portage-2.2.1/cvs/Linux x86_64
Manifest-Sign-Key: 0x8883FA56A308A8D7!

4 files changed, 253 insertions, 5 deletions

diff --git a/www-apache/passenger/ChangeLog b/www-apache/passenger/ChangeLog
index 3748e1f5cef4..1f9c72eb0a1e 100644
--- a/www-apache/passenger/ChangeLog
+++ b/www-apache/passenger/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apache/passenger
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/ChangeLog,v 1.70 2013/10/05 13:29:23 graaff Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/ChangeLog,v 1.71 2013/10/05 14:17:38 graaff Exp $
+
+*passenger-3.0.21-r1 (05 Oct 2013)
+
+  05 Oct 2013; Hans de Graaff <graaff@gentoo.org> +passenger-3.0.21-r1.ebuild,
+  +files/passenger-3.0.21-temp-file-usage.patch:
+  Fix security bug 477462 with a fix backported in redhat bug 985633.
 
 *passenger-4.0.18 (05 Oct 2013)
 
diff --git a/www-apache/passenger/Manifest b/www-apache/passenger/Manifest
index cefded8cdfc0..f4e5596ddad8 100644
--- a/www-apache/passenger/Manifest
+++ b/www-apache/passenger/Manifest
@@ -8,6 +8,7 @@ AUX 30_mod_passenger-4.0.0.conf 2737 SHA256 c5cd9c6b0a6616c9934a1c1fc9952036a6b4
 AUX passenger-3.0.0-gentoo.patch 1689 SHA256 81d38f638499b4b3020614165e54647ad1c11630edf43c11f98911b740b15849 SHA512 32426df199d597c26da657a45dfa7cd98b8abfebd687e8d25fbeb96a403288983443606c83a40594b4e82e3bdcb43b4c662f7bc3679d797ba90827fe60fd9b1d WHIRLPOOL 9b53a33d30de0699ce3f1895eb251e565622af334e879774de0a18f451df30ad1d915799cd07e02ac8a3b0f08a2d0966b90d98d873394daab50529bb86d75c51
 AUX passenger-3.0.0-ldflags.patch 572 SHA256 22b7c85b2c3e0fb2c0275e0a63308cf65aa0ab2a1398c64b95ab149b8cb58392 SHA512 48c06072bbf3db19cd92078c37307703ae4d0cb7f5054563b82b2c73fb9e099188825489f2b774495419e325ba830b212f3321d1cc0c6e89416ffa27a0b91c1d WHIRLPOOL 458f044df7bc2798f6cf8d6290f1f67ff5e7d98a1a0335516b9f6ebdcd2d94941e01971ea467269e55c314b7e88f337fa74b40c8a65552b6c72ddd921b73e7ac
 AUX passenger-3.0.12-ldflags.patch 414 SHA256 b17694c0a148980e39e60d5582b3e6ee313b63858d4aa827afe71ba1e7c7790e SHA512 b23014f7fcc708f266a1460fc93565a449e0493ab546b4bb4e457a53dcdc1fb91abd29e8825a0f65c30d2dca57cb9ce455b66e3386559f1c490c48cedd586e7b WHIRLPOOL b06595f84feb1dfce5aaaa1f190681004eb3925dabe60aa1cd1a5895e20a9b6325b82a258ad0c3019a0d612f6448803b0ddd6a89ffa636c186b046be0bf2871c
+AUX passenger-3.0.21-temp-file-usage.patch 5751 SHA256 29ebec7129a0c39ca53c1ddac2bc0c629c3c74cbe4d9d601a01428c160399b4d SHA512 90f22bf40488d88fe0d7c754a1c2cc4936539353522d1b8c2b1cccc5da7254d99a1af3fcaf1c8ab11e21b2b8d516e6694a8aff29fff303d0f8ca8172cbc294cb WHIRLPOOL 7895bc08b7e3f47b975e6faaa32800135c5083826310c62452a4e506bf4dfbb0c20f3570177d01832f75fb27c01434981692e82c40d45ca59ab0c7311439405e
 AUX passenger-3.0.8-gentoo.patch 1746 SHA256 d639c675c7d2c3c23001f33513d0758a33e7cdb88406a311608be2f47f746f2e SHA512 bef5911e4f574cd96e67f008517d082ca3dea3e59c3586aaf170fb472f406b4f73a1c583ace527f0f5ab2d0de4cb50c8e9aa4b995eeec4066ea26da93f4a8bc6 WHIRLPOOL 6ca98d8caa9e5ad40edad2c8198c1d1f7c5174c4017bed2bdfe6abdaf8c4f11736b9707f9b11d753e243150458c79bf2915ae4adc46d6dbe7ab6564d99ba7629
 AUX passenger-4.0.10-gentoo.patch 2131 SHA256 113e75b58164f05f901430ed4f426b73028143d1bdab632eab40ded620cbe4db SHA512 c9795cc79f80092828ffc9a53e417fccc11de8e2245de1e502df87302609a2769c1aa14940258484f886441a21857311f0ddf10f601fd3cc914a55bb4553dee4 WHIRLPOOL 6ae2fcd36128daf3af75add417161ae533f1048513939ef768577373eb591f5ba9a402654a852521a3edd151a15a4f4aaa4a5f48fea66146ac217797eb633974
 AUX passenger-4.0.18-gentoo.patch 1682 SHA256 1331a98ed68ed60fb0d49ccbfafc22a755c7d8fa0fcb8aeeec2d52d3d036ed93 SHA512 0e33ff52262976a282800359b5790a4109664f5cc081df893b2f4fb9687aeb97e1419c36d21a89f497faa354fcacbf7336492e8d1cac7ddf7b58234b8f4fa15f WHIRLPOOL f5a00b3d67a5280c43ad9fbad0eeb81df873650a2d794d820043b2f46dbed6a8392924009d713d43d9100c2aa5f9f2398afaa83738f93e79f27c6bd9952d4a14
@@ -16,15 +17,16 @@ DIST passenger-3.0.21.tar.gz 2657475 SHA256 82a79a2ff6803e1669ebf806ab320180990d
 DIST passenger-4.0.10.tar.gz 3623488 SHA256 e83248bb54769fff87ad4778277240153f9972d9d5fb8fcda2eec45feb51dcc6 SHA512 5466f614f4037b03b46dfcf83cf79058771a1ca4c896b66c752aa05c0b9dafe8625e20c713b4b459e20af23200aaba461272c893084b84fe5e7faf5bd1acaab6 WHIRLPOOL 5e9291079d6d663531935e4341f0ffd5584c43782763e18975f22a3e05afaf39ea749cce1313f6ef6f5f67d5720ebb0410fba782576e1d5a162dd1efd4fcee22
 DIST passenger-4.0.18.tar.gz 3905329 SHA256 cd2907c7fa17a82fb88f63892f2d39cb328e01321648f140a00e7980c4e1df32 SHA512 e4c29d2ceb8f5069d8a22c47259935954109033b90569791eeb1978aa585ed1d943b245b7b5042584a20ee814cfca05fac11601eabd785efcfe9eea4c8ebaeb3 WHIRLPOOL 910f7ebe68d4f6c4b859e2a14d54dc1614c54b11b83c28d95e769b7928cc9a1f86fdb937ce1256448e0547eb6183d4df77300d5987ddf274f0e3841af246ce8e
 EBUILD passenger-3.0.17.ebuild 3025 SHA256 af7a3fee5eb186cdc763e60d8eeb5a73a9dcf3e7ff72d4c019974257cbf046af SHA512 c4c398465fdccd78453d84916baa600e98141f4ff31bed6e1784c8f621e5657d5c71f4fe02c711640b069d2006afa7fb26bf4188971ec98f28f88924a8b3f892 WHIRLPOOL d9dda4ba8b783667ea3c5b1edea5c95b444c435d6305be5b2b59a08fa50c4bf4958a67fe6e280b5607be5c5c622273acaab7558ba4ddd7d1e7d145f8023e8554
+EBUILD passenger-3.0.21-r1.ebuild 3258 SHA256 13cb49c83fd410f315391bc14f2f81821c051ccd0d6a4519af9ad9a8ea31402d SHA512 222a35ed04df7dfffecadbd5757eebf99f91dedb7ba0934c90c99d622facf0316b47f3ca80f56c1c37846358b5539157a6a52381705d3bac7716bd7cd3f7ac74 WHIRLPOOL 0d56ef8cf418f2f05eb95128572a455d1eeb0855c710731a3f3620789853fc69e806e832acd0ae05afa0a2fecfbc6aeaf6dfd70966d6c12cafee51528dc9d132
 EBUILD passenger-3.0.21.ebuild 3019 SHA256 f198094111a2b47de8e1f17404c3d2daba1d72f131604e2fd92f3405f3cf0d2a SHA512 5b3342d72d3432451547cc51e1476c60820747bf2fa66a31b9bcd37fbe8dd365eed6d609c519f2541a5ba00795c4c9c32d6f4d7ea04a955bca3317060a12f351 WHIRLPOOL dc6e7f0e2ff9ad20b0b38050449cfb23cd8b01b5f427ce286d24c04620af5c7f5ed7c1bfc0d39659f5f9978987a19a25c33ed200f30dfc9790ee291de6fa3889
 EBUILD passenger-4.0.10.ebuild 3363 SHA256 1d6a750abaf02b6cbe92d3fcad92b41c7efa4c58b807b7ec0a5d2f591b290c33 SHA512 02e0bc3910712f6017b5167fff931829646fd49f2d65658e4650978e359d5844013af65fd290c71942cc4f19be6beb3e00f87b209362b39d6911f252f7e44273 WHIRLPOOL 4257d6cb49be09f8fab23a7d81ce3a9d9bbbb279b380fc8224e75d1087e02416a89808857ebb0ee6c11d1280ad7096338109e32fa0080290b8a80a744ed910a1
 EBUILD passenger-4.0.18.ebuild 3389 SHA256 aa353a4ef62ac207cadbcc16f1b70ba80d900d5491c669d880d541c5723c924e SHA512 b4b6a60e9d1e011a475a5d5e780ed256e9fd289dc1cf203cfd99fae31814ae42bc839cc3bf004f63b1e47ba9f89512966ec2270e1b7e4a9b9cd786931a594331 WHIRLPOOL 056d3e536539dbe25406b6d776530df2e0f8dc33b522da3cdda87ceb4e3f30b50291fddac4c14e85eef2c4116954f5f65a0d4c4e04cf5f7316d5eba3151d9ef5
-MISC ChangeLog 11128 SHA256 10562d757d9fd9b10b083fa2bf01d5095cac9c039c3f6bea6a70ff930d63349d SHA512 7187c4e929c31f9e7647d3eb2873dad54d6ed32d865dbf249b13d5577636b7454f8873f9e5fe1545e19cbd8ea72848768be893a6f2f7c4745cdffe2b62e0b396 WHIRLPOOL a412ec6a421f1e18a3c61a8814de85d57346eb4ab1c0a757f2c5fd4a80a8e9acb6a23cf2caf79b18445418ac9c8be48e23a254070d431dababdbc8a2c0d0a077
+MISC ChangeLog 11363 SHA256 65ca7ae3b914f985d6b033e4762553b1253a5c3bf0b29485c631b9792d50ec9c SHA512 827475ce399b8aecd77602a82bcf08d0e9a1d8d9d2b7c79cdafcccb5c43cf5bf870ccc0b52a13ec9a56ab87a49db40bca7a5c2cc22375be713a2e6b64fe152f6 WHIRLPOOL bb20fe74a1a9ea452cefd5db95b17dbe910758ac4914406882280a1fe735915e80c38fcb5365ff58d89bec3b2a8707d7972b66229840c3a40d179e0f7033d02d
 MISC metadata.xml 301 SHA256 867721645f57dbb8f265285065ec9f1dd6c2a22eedcf9ff39da9723b3e24dd88 SHA512 d5b721477a7b5b69ba5d26bd6d1a42f2acd7007ce511e6d9e4e6512721e80718758eea318a4f4af2cec6ae4a6fef6a323f163825fd73f470d9b9754012038b8f WHIRLPOOL 264e4bf232aafe04b68854c1a3252895cc54707ff3ab117bc7416eadf437358781ae058709ca5d40e72f1cf28238d36e7a19eddbe55f053ebeac2279ea7b296a
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.20 (GNU/Linux)
 
-iF4EAREIAAYFAlJQFDoACgkQiIP6VqMIqNfVUwEAgyLV9422qZIG45F8bXfqY6Df
-NJgZ+EFrgh3dbeiYsHkBAIsxm5HnB8QN/TGO+z+d3/AoGh8psDQ8F1ZMMty4U070
-=u8Zu
+iF4EAREIAAYFAlJQH4MACgkQiIP6VqMIqNccqQEAj3QgOEdQaBvZ4uJKuxrlRlVr
+vPz8zdykFGh3/iJ2z0oA/jRkeUVBnOnuTjPChroZzi1CDrSwxxX07acFx+GgPKAx
+=ck/S
 -----END PGP SIGNATURE-----
diff --git a/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch b/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch
new file mode 100644
index 000000000000..54f227f78c6b
--- /dev/null
+++ b/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch
@@ -0,0 +1,140 @@
+--- passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp	2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp	2013-07-18 09:35:47.514433743 -0500
+@@ -265,11 +265,6 @@ main(int argc, char *argv[]) {
+ 		ev::sig sigtermWatcher(eventLoop);
+ 		ev::sig sigquitWatcher(eventLoop);
+ 		
+-		if (feedbackFdAvailable()) {
+-			feedbackFdWatcher.set<&feedbackFdBecameReadable>();
+-			feedbackFdWatcher.start(FEEDBACK_FD, ev::READ);
+-			writeArrayMessage(FEEDBACK_FD, "initialized", NULL);
+-		}
+ 		sigintWatcher.set<&caughtExitSignal>();
+ 		sigintWatcher.start(SIGINT);
+ 		sigtermWatcher.set<&caughtExitSignal>();
+@@ -281,6 +276,11 @@ main(int argc, char *argv[]) {
+ 		/********** Initialized! Enter main loop... **********/
+ 		
+ 		P_DEBUG("Logging agent online, listening at " << socketAddress);
++		if (feedbackFdAvailable()) {
++			feedbackFdWatcher.set<&feedbackFdBecameReadable>();
++			feedbackFdWatcher.start(FEEDBACK_FD, ev::READ);
++			writeArrayMessage(FEEDBACK_FD, "initialized", NULL);
++		}
+ 		ev_loop(eventLoop, 0);
+ 		return exitCode;
+ 	} catch (const tracable_exception &e) {
+--- passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h	2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h	2013-07-18 09:38:54.431808622 -0500
+@@ -30,6 +30,7 @@ 
+ #include <oxt/backtrace.hpp>
+ 
+ #include <sys/types.h>
++#include <sys/stat.h>
+ #include <dirent.h>
+ #include <unistd.h>
+ #include <pwd.h>
+@@ -38,6 +39,7 @@ 
+ #include <cstring>
+ #include <string>
+ 
++#include <Logging.h> 
+ #include "Exceptions.h"
+ #include "Utils.h"
+ #include "Utils/StrIntUtils.h"
+@@ -217,7 +219,69 @@ private:
+ 		 * rights though, because we want admin tools to be able to list the available
+ 		 * generations no matter what user they're running as.
+ 		 */
+-		makeDirTree(path, "u=rwxs,g=rx,o=rx");
++		if (owner) {
++			switch (getFileType(path)) {
++			case FT_NONEXISTANT:
++				createDirectory(path);
++				break;
++			case FT_DIRECTORY:
++				verifyDirectoryPermissions(path);
++				break;
++			default:
++				throw RuntimeException("'" + path + "' already exists, and is not a directory");
++			}
++		} else if (getFileType(path) != FT_DIRECTORY) {
++			throw RuntimeException("Server instance directory '" + path +
++				"' does not exist");
++		}
++	}
++
++	void createDirectory(const string &path) const {
++		// We do not use makeDirTree() here. If an attacker creates a directory
++		// just before we do, then we want to abort because we want the directory
++		// to have specific permissions.
++		if (mkdir(path.c_str(), parseModeString("u=rwx,g=rx,o=rx")) == -1) {
++			int e = errno;
++			throw FileSystemException("Cannot create server instance directory '" +
++				path + "'", e, path);
++		}
++		// verifyDirectoryPermissions() checks for the owner/group so we must make
++		// sure the server instance directory has that owner/group, even when the
++		// parent directory has setgid on.
++		if (chown(path.c_str(), geteuid(), getegid()) == -1) {
++			int e = errno;
++			throw FileSystemException("Cannot change the permissions of the server "
++				"instance directory '" + path + "'", e, path);
++		}
++	}
++
++	/**
++	 * When reusing an existing server instance directory, check permissions
++	 * so that an attacker cannot pre-create a directory with too liberal
++	 * permissions.
++	 */
++	void verifyDirectoryPermissions(const string &path) {
++		TRACE_POINT();
++		struct stat buf;
++
++		if (stat(path.c_str(), &buf) == -1) {
++			int e = errno;
++			throw FileSystemException("Cannot stat() " + path, e, path);
++		} else if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
++			throw RuntimeException("Tried to reuse existing server instance directory " +
++				path + ", but it has wrong permissions");
++		} else if (buf.st_uid != geteuid() || buf.st_gid != getegid()) {
++			/* The server instance directory is always created by the Watchdog. Its UID/GID never
++			 * changes because:
++			 * 1. Disabling user switching only lowers the privilege of the HelperAgent.
++			 * 2. For the UID/GID to change, the web server must be completely restarted
++			 *    (not just graceful reload) so that the control process can change its UID/GID.
++			 *    This causes the PID to change, so that an entirely new server instance
++			 *    directory is created.
++			 */
++			throw RuntimeException("Tried to reuse existing server instance directory " +
++				path + ", but it has wrong owner and group");
++		}
+ 	}
+ 	
+ 	bool isDirectory(const string &dir, struct dirent *entry) const {
+--- passenger-release-3.0.21.orig/NEWS	2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/NEWS	2013-07-18 08:58:30.943558375 -0500
+@@ -8,6 +8,7 @@ Release 3.0.21
+  * Catch exceptions raised by Rack application objects.
+  * Fix for CVE-2013-2119. Details can be found in the announcement for version 4.0.5.
+  * Version 3.0.20 was pulled because its fixes were incomplete.
++ * Fix for CVE-2013-4136. Details can be found in the announcement for version 4.0.8.
+ 
+ 
+ Release 3.0.19
+--- passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp	2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp	2013-07-18 09:09:50.898433782 -0500
+@@ -73,9 +73,11 @@ namespace tut {
+ 	}
+ 	
+ 	TEST_METHOD(5) {
+-		// The destructor doesnn't remove the server instance directory if it
++		// The destructor doesn't remove the server instance directory if it
+ 		// wasn't created with the ownership flag or if it's been detached.
+ 		string path, path2;
++		makeDirTree(parentDir + "/passenger-test.1234");
++		makeDirTree(parentDir + "/passenger-test.5678");
+ 		{
+ 			ServerInstanceDir dir(1234, parentDir, false);
+ 			ServerInstanceDir dir2(5678, parentDir);
diff --git a/www-apache/passenger/passenger-3.0.21-r1.ebuild b/www-apache/passenger/passenger-3.0.21-r1.ebuild
new file mode 100644
index 000000000000..95872631a5a2
--- /dev/null
+++ b/www-apache/passenger/passenger-3.0.21-r1.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/passenger-3.0.21-r1.ebuild,v 1.1 2013/10/05 14:17:38 graaff Exp $
+
+EAPI=5
+USE_RUBY="ruby18 ruby19"
+
+inherit apache-module flag-o-matic ruby-ng toolchain-funcs
+
+DESCRIPTION="Passenger (a.k.a. mod_rails) makes deployment of Ruby on Rails applications a breeze"
+HOMEPAGE="http://modrails.com/"
+SRC_URI="mirror://rubyforge/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc"
+
+ruby_add_bdepend "dev-ruby/rake"
+
+ruby_add_rdepend "
+	>=dev-ruby/daemon_controller-1.0.0
+	>=dev-ruby/rack-1.0.0"
+
+USE_RUBY="ruby18" ruby_add_rdepend ">=dev-ruby/fastthread-1.0.1"
+
+CDEPEND=">=dev-libs/libev-3.90 net-misc/curl[ssl]"
+
+RDEPEND="${RDEPEND} ${CDEPEND}"
+DEPEND="${DEPEND} ${CDEPEND}
+	doc? ( >=app-text/asciidoc-8.6.5[highlight] )"
+
+APACHE2_MOD_CONF="30_mod_${PN}-2.0.1 30_mod_${PN}"
+APACHE2_MOD_DEFINE="PASSENGER"
+
+REQUIRED_USE+=" ruby_targets_ruby18? ( !ruby_targets_ruby19 )
+	ruby_targets_ruby19? ( !ruby_targets_ruby18 )"
+
+need_apache2
+
+pkg_setup() {
+	use debug && append-flags -DPASSENGER_DEBUG
+}
+
+all_ruby_prepare() {
+	epatch "${FILESDIR}"/${PN}-3.0.8-gentoo.patch
+	epatch "${FILESDIR}"/${PN}-3.0.12-ldflags.patch
+	epatch "${FILESDIR}"/${P}-temp-file-usage.patch
+
+	# Change these with sed instead of a patch so that we can easily use
+	# the toolchain-funcs methods.
+	sed -i -e "s/gcc/$(tc-getCC)/" -e "s/g++/$(tc-getCXX)/" build/config.rb || die
+
+	# Use sed here so that we can dynamically set the documentation directory.
+	sed -i -e "s:/usr/share/doc/phusion-passenger:/usr/share/doc/${P}:" \
+		-e "s:/usr/lib/apache2/modules/mod_passenger.so:${APACHE_MODULESDIR}/mod_passenger.so:" \
+		-e "s:/usr/lib/phusion-passenger/agents:/usr/libexec/phusion-passenger/agents:" \
+		lib/phusion_passenger.rb || die
+	sed -i -e "s:/usr/lib/phusion-passenger/agents:/usr/libexec/phusion-passenger/agents:" ext/common/ResourceLocator.h || die
+
+	# Don't install a tool that won't work in our setup.
+	sed -i -e '/passenger-install-apache2-module/d' lib/phusion_passenger/packaging.rb || die
+	rm -f bin/passenger-install-apache2-module || die "Unable to remove unneeded install script."
+
+	# Make sure we use the system-provided version.
+	rm -rf ext/libev || die "Unable to remove vendored libev."
+
+	# fix automagic use of asciidoc, bug 413469
+	sed -i -e '/fakeroot/ s/+ Packaging::ASCII_DOCS//' build/packaging.rb || die
+
+	# The gempackagetask does not work with rubygems 2.0, but we don't
+	# need it the changed builder component.
+	sed -i -e '/rubygems\/builder/ s:^:#:' build/gempackagetask.rb || die
+}
+
+each_ruby_compile() {
+	append-flags -fno-strict-aliasing
+
+	APXS2="${APXS}" \
+	HTTPD="${APACHE_BIN}" \
+	USE_VENDORED_LIBEV="no" LIBEV_LIBS="-lev" \
+	rake apache2 native_support || die "rake failed"
+
+	if use doc; then
+		rake doc || die "rake doc failed"
+	fi
+}
+
+each_ruby_install() {
+	DISTDIR="${D}" \
+	APXS2="${APXS}" \
+	HTTPD="${APACHE_BIN}" \
+	USE_VENDORED_LIBEV="no" LIBEV_LIBS="-lev" \
+	rake fakeroot || die "rake failed"
+
+	# TODO: this will create a mess when multiple RUBY_TARGETS have been
+	# selected.
+	APACHE2_MOD_FILE="${S}/ext/apache2/mod_${PN}.so"
+	apache-module_src_install
+}