Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package mod-authz-securepass. It fixes the RC bug #773777 [1] which fixes an incompatibility with Apache 2.4 due to the use of the ap_requires function. The package has built fine on all architectures too. I'm attaching the debdiff, thanks for considering. Cheers! unblock mod-authz-securepass/0~20140715+0git93f271f5-3 [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773777 -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-28-generic (SMP w/20 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog --- mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog 2014-10-23 01:23:07.000000000 +0100 +++ mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog 2015-01-07 10:03:46.000000000 +0000 @@ -1,3 +1,11 @@ +mod-authz-securepass (0~20140715+0git93f271f5-3) unstable; urgency=medium + + * Fix incompatibility with Apache 2.4 due to the use of + ap_requires. (Closes: #773777) + * Fix Vcs browser field. + + -- Alessio Treglia <ales...@debian.org> Wed, 07 Jan 2015 10:01:22 +0000 + mod-authz-securepass (0~20140715+0git93f271f5-2) unstable; urgency=medium * Set Maintainer to Debian SecurePass. diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/control mod-authz-securepass-0~20140715+0git93f271f5/debian/control --- mod-authz-securepass-0~20140715+0git93f271f5/debian/control 2014-10-23 01:16:50.000000000 +0100 +++ mod-authz-securepass-0~20140715+0git93f271f5/debian/control 2015-01-07 10:01:13.000000000 +0000 @@ -11,7 +11,7 @@ Standards-Version: 3.9.6 Homepage: https://github.com/gplll/mod_authz_securepass Vcs-Git: git://anonscm.debian.org/pkg-securepass/mod-authz-securepass.git -Vcs-Browser: https://alioth.debian.org/anonscm/git/pkg-securepass/mod-authz-securepass.git +Vcs-Browser: http://anonscm.debian.org/cgit/pkg-securepass/mod-authz-securepass.git Package: libapache2-mod-authz-securepass Architecture: any diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch --- mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch 1970-01-01 01:00:00.000000000 +0100 +++ mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch 2015-01-07 09:59:41.000000000 +0000 @@ -0,0 +1,233 @@ +From 5de1382b159cc8e6648ace7cab52dd02c04ae3e7 Mon Sep 17 00:00:00 2001 +From: gplll <gplll1...@gmail.com> +Date: Sun, 28 Dec 2014 07:33:23 +0100 +Subject: [PATCH] Added support for Apache 2.4 through introduction of authz + providers for sprealm and spgroups - see ap_register_auth_provider() + +--- + INSTALL | 11 +-- + Makefile | 2 + README.md | 2 + mod_authz_securepass.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++-- + 4 files changed, 138 insertions(+), 13 deletions(-) + +--- mod-authz-securepass.orig/INSTALL ++++ mod-authz-securepass/INSTALL +@@ -18,21 +18,16 @@ For RedHat distro install apxs with + + 3) + Download the source from git from the stable branch: +- git clone https://github.com/gplll/mod_authz_securepass.git -b master ++ git clone https://github.com/garlsecurity/mod_authz_securepass.git -b master + cd mod_authz_securepass + + 4) + Compile the module and install it: + +-debian distro: +- make install_debian +- a2enmod securepass +- +-redhat distro: +- make install_redhat ++make install + + 5) +-configure mod_auth_securepass using the following directives: ++configure mod_authz_securepass using the following directives: + + Valid Server/VirtualHost Directives + ----------------------------------- +--- mod-authz-securepass.orig/README.md ++++ mod-authz-securepass/README.md +@@ -1,7 +1,7 @@ + Apache authorization module for SecurePass + ========================================== + +-This is an Apache (2.2) module for authorizing SecurePass users. ++This is an Apache (2.2 and 2.4) module for authorizing SecurePass users. + SecurePass provides web single sign-on through the CAS protocol. + + This module enhances the Apache authorization features by introducing two rules to restrict access +--- mod-authz-securepass.orig/mod_authz_securepass.c ++++ mod-authz-securepass/mod_authz_securepass.c +@@ -569,9 +569,9 @@ static void *create_authz_securepass_ser + + static void *merge_authz_securepass_server_config (apr_pool_t *pool, void *BASE, void *ADD) + { +- sp_cfg *c = apr_pcalloc(pool, sizeof(sp_cfg)); +- sp_cfg *base = BASE; +- sp_cfg *add = ADD; ++ sp_cfg *c = apr_pcalloc(pool, sizeof(sp_cfg)); ++ sp_cfg *base = BASE; ++ sp_cfg *add = ADD; + + c->check_group =(add->check_group != TRUE ? add->check_group : base->check_group); + c->debug =(add->debug != FALSE ? add->debug : base->debug); +@@ -761,6 +761,109 @@ static const command_rec authz_securepas + { NULL } + }; + ++#if APACHE_2_4 ++static const char *sp_parse_config(cmd_parms *cmd, const char *require_line, ++ const void **parsed_require_line) { ++ const char *expr_err = NULL; ++ ap_expr_info_t *expr; ++ ++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, ++ "SecurePass: entering sp_parse_config(), require_line=%s", require_line); ++ expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, &expr_err, NULL); ++ if (expr_err) ++ return (apr_pstrcat(cmd->temp_pool, "Cannot parse expression in require line: ", expr_err, NULL)); ++ *parsed_require_line = expr; ++ return NULL; ++} ++ ++static authz_status sprealm_check_authorization(request_rec *r, ++ const char *require_args, ++ const void *parsed_require_args) { ++ ++ authz_securepass_dir_config_rec *dir= (authz_securepass_dir_config_rec *) ++ ap_get_module_config(r->per_dir_config, &authz_securepass_module); ++ sp_cfg *c = (sp_cfg *) ap_get_module_config(r->server->module_config, &authz_securepass_module); ++ ++ const char *err = NULL; ++ const ap_expr_info_t *expr = parsed_require_args; ++ const char *require; ++ ++#if MYDEBUG ++ /* this is only used during module development to simulate CAS user */ ++ if (dir->forced_user) { ++ r->user = apr_pcalloc(r->pool, 100); ++ strcpy (r->user, dir->forced_user); ++ } ++#endif ++ ++ if (c->debug) { ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass checking user %s, required_sprealms=%s", ++ r->user, require_args); ++ dump_config (r, dir, c); ++ } ++ if (!r->user) { ++ return AUTHZ_DENIED_NO_USER; ++ } ++ require = ap_expr_str_exec(r, expr, &err); ++ if (err) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SecurePass: Can't evaluate expression: %s", err); ++ return AUTHZ_DENIED; ++ } ++ if (c->debug) { ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass: require=%s", require); ++ } ++ if (check_securepass_realm (r, require)) { ++ /* a Realm has been found */ ++ return AUTHZ_GRANTED; ++ } else { ++ return AUTHZ_DENIED; ++ } ++} ++ ++static authz_status spgroup_check_authorization(request_rec *r, ++ const char *require_args, ++ const void *parsed_require_args) { ++ ++ authz_securepass_dir_config_rec *dir= (authz_securepass_dir_config_rec *) ++ ap_get_module_config(r->per_dir_config, &authz_securepass_module); ++ sp_cfg *c = (sp_cfg *) ap_get_module_config(r->server->module_config, &authz_securepass_module); ++ ++ const char *err = NULL; ++ const ap_expr_info_t *expr = parsed_require_args; ++ const char *require; ++ ++#if MYDEBUG ++ /* this is only used during module development to simulate CAS user */ ++ if (dir->forced_user) { ++ r->user = apr_pcalloc(r->pool, 100); ++ strcpy (r->user, dir->forced_user); ++ } ++#endif ++ ++ if (c->debug) { ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass checking user %s, required_spgroups=%s", ++ r->user, require_args); ++ } ++ if (!r->user) { ++ return AUTHZ_DENIED_NO_USER; ++ } ++ require = ap_expr_str_exec(r, expr, &err); ++ if (err) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SecurePass: Can't evaluate expression: %s", err); ++ return AUTHZ_DENIED; ++ } ++ if (c->debug) { ++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass: require=%s", require); ++ } ++ if (check_sp_group (r, require)) { ++ return AUTHZ_GRANTED; ++ } else { ++ return AUTHZ_DENIED; ++ } ++ ++} ++ ++#else /* APACHE_2_4 */ + + static int authz_securepass_check_user_access(request_rec *r) + { +@@ -846,6 +949,7 @@ static int authz_securepass_check_user_a + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } ++#endif + + static int authz_sp_post_config(apr_pool_t *pool, apr_pool_t *p1, apr_pool_t *p2, server_rec *s) + { +@@ -884,11 +988,37 @@ static int authz_sp_post_config(apr_pool + return status; + } + ++#if APACHE_2_4 ++static const authz_provider authz_sprealm_provider = ++{ ++ &sprealm_check_authorization, ++ &sp_parse_config, ++}; ++ ++static const authz_provider authz_spgroup_provider = ++{ ++ &spgroup_check_authorization, ++ &sp_parse_config, ++}; ++#endif ++ + static void authz_securepass_register_hooks(apr_pool_t *p) + { + ap_hook_post_config(authz_sp_post_config, NULL, NULL, APR_HOOK_LAST); ++#if APACHE_2_4 ++ /* Register authz providers */ ++ ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "sprealm", ++ AUTHZ_PROVIDER_VERSION, ++ &authz_sprealm_provider, ++ AP_AUTH_INTERNAL_PER_CONF); ++ ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "spgroup", ++ AUTHZ_PROVIDER_VERSION, ++ &authz_spgroup_provider, ++ AP_AUTH_INTERNAL_PER_CONF); ++#else + ap_hook_auth_checker(authz_securepass_check_user_access, NULL, NULL, + APR_HOOK_MIDDLE); ++#endif + } + + module AP_MODULE_DECLARE_DATA authz_securepass_module = { +--- mod-authz-securepass.orig/Makefile ++++ mod-authz-securepass/Makefile +@@ -9,7 +9,7 @@ endif + + # Note that gcc flags are passed through apxs, so preface with -Wc + MY_LDFLAGS=-lcurl +-MY_CFLAGS=-Wc,-I. -Wc,-Wall ++MY_CFLAGS=-Wc,-I. -Wc,-Wall -DAPACHE_2_4=1 + SRCS=mod_authz_securepass.c jsmn.c + HDRS=jsmn.h + BUILDDIR := build diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series --- mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series 2014-10-23 01:15:17.000000000 +0100 +++ mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series 2015-01-07 09:55:25.000000000 +0000 @@ -1 +1,2 @@ 0001-buildsystem.patch +9001-ap_requires.patch
