Control: tag -1 patch
On Sun, Apr 01, 2012 at 09:15:51PM +0000, a...@debian.org wrote:
> your package libapache-mod-evasive is provding an Apache2 web server module.
> We're upgrading Apache to the new upstream version 2.4 [1] (tracked
> as transition bug #661958). This requires all modules to be rebuilt
> due to ABI changes. Thus, you need to rebuild and reupload your
> Apache2 module package in a version compatible to our new package
> available in experimental [2]. Please note it is not enough to
> simply rebuild the module - it needs some adaptions in the module
> package metadata. We have written packaging guidelines for our
> reverse dependencies [3]. Please read it carefully, it should be able
> to answer most of your questions. Do also look at dh_apache2
> (available through the dh-apache2 package) which can simplify
> packaging Apache2 modules. In short, we want to highlight these
> changes you need to be aware of.
Here's a patch. I'd appreciate review. I've tried to keep it minimal,
and not e.g. fix the dubious .load file name (#437807).
diff -Nru libapache-mod-evasive-1.10.1/debian/changelog
libapache-mod-evasive-1.10.1/debian/changelog
--- libapache-mod-evasive-1.10.1/debian/changelog 2013-07-08
16:08:11.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/changelog 2013-07-08
15:44:31.000000000 +0100
@@ -1,3 +1,10 @@
+libapache-mod-evasive (1.10.1-1.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Port to Apache 2.4 (closes: #666846).
+
+ -- Colin Watson <cjwat...@debian.org> Mon, 08 Jul 2013 15:44:14 +0100
+
libapache-mod-evasive (1.10.1-1) unstable; urgency=low
* New upstream version. Changed package name. s/dos//
diff -Nru libapache-mod-evasive-1.10.1/debian/control
libapache-mod-evasive-1.10.1/debian/control
--- libapache-mod-evasive-1.10.1/debian/control 2013-07-08 16:08:11.000000000
+0100
+++ libapache-mod-evasive-1.10.1/debian/control 2013-07-08 15:40:07.000000000
+0100
@@ -2,12 +2,12 @@
Section: web
Priority: optional
Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org>
-Build-Depends: debhelper (>> 4.0.0), apache2-threaded-dev
+Build-Depends: debhelper (>> 4.0.0), dh-apache2, apache2-dev
Standards-Version: 3.7.2.2
Package: libapache2-mod-evasive
Architecture: any
-Depends: apache2.2-common, ${shlibs:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: evasive module to minimize HTTP DoS or brute force attacks
mod_evasive is an evasive maneuvers module for Apache to provide some
protection in the event of an HTTP DoS or DDoS attack or brute force attack.
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2
libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2
1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2
2013-07-08 15:41:00.000000000 +0100
@@ -0,0 +1,2 @@
+mod .libs/mod_evasive20.so
+mod debian/mod-evasive.load
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs
libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs
2013-07-08 16:08:11.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs
1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-usr/lib/apache2/modules
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install
libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install
2013-07-08 16:08:11.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install
1970-01-01 01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-.libs/mod_evasive20.so usr/lib/apache2/modules
-debian/mod-evasive.load etc/apache2/mods-available
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst
libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst
2013-07-08 16:08:11.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst
1970-01-01 01:00:00.000000000 +0100
@@ -1,26 +0,0 @@
-#!/bin/sh -e
-
-reload_apache()
-{
- if apache2ctl configtest 2>/dev/null; then
- invoke-rc.d apache2 force-reload || true
- else
- echo "Your apache2 configuration is broken, so we're not
restarting it for you."
- fi
-}
-
-if [ -n "$2" ]; then
-# we're upgrading. test if we're enabled, and if so, restart to reload the
module.
- if [ -e /etc/apache2/mods-enabled/mod-evasive.load ]; then
- reload_apache
- fi
- exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
-# Enable the module, but hide a2enmod's misleading message about apachectl
-# and force-reload the thing ourselves.
- a2enmod mod-evasive >/dev/null || true
- reload_apache
-fi
-
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm
libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm
2013-07-08 16:08:11.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm
1970-01-01 01:00:00.000000000 +0100
@@ -1,12 +0,0 @@
-#!/bin/sh -e
-# copied from libapache2-mod-php4
-
-if [ "$1" != "remove" -a "$1" != "purge" ]; then
- exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
- a2dismod mod-evasive || true
-fi
-
-exit 0
diff -Nru libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch
libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch
--- libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch
1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch
2013-07-08 15:48:46.000000000 +0100
@@ -0,0 +1,20 @@
+Description: Add APLOG_USE_MODULE for Apache 2.4 per-module loglevels
+Author: Colin Watson <cjwat...@debian.org>
+Forwarded: no
+Last-Update: 2013-07-08
+
+Index: b/mod_evasive20.c
+===================================================================
+--- a/mod_evasive20.c
++++ b/mod_evasive20.c
+@@ -38,6 +38,10 @@
+ #include "http_log.h"
+ #include "http_request.h"
+
++#ifdef APLOG_USE_MODULE
++APLOG_USE_MODULE(evasive20);
++#endif
++
+ module AP_MODULE_DECLARE_DATA evasive20_module;
+
+ /* BEGIN DoS Evasive Maneuvers Definitions */
diff -Nru libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch
libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch
--- libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch
1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch
2013-07-08 16:03:10.000000000 +0100
@@ -0,0 +1,104 @@
+Description: Handle conn_rec->remote_ip split in Apache 2.4
+Author: Colin Watson <cjwat...@debian.org>
+Forwarded: no
+Last-Update: 2013-07-08
+
+Index: b/mod_evasive20.c
+===================================================================
+--- a/mod_evasive20.c
++++ b/mod_evasive20.c
+@@ -44,6 +44,13 @@
+
+ module AP_MODULE_DECLARE_DATA evasive20_module;
+
++#if AP_SERVER_MAJORVERSION_NUMBER > 2 || \
++ (AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER >= 4)
++#define CLIENT_IP(conn) ((conn)->client_ip)
++#else
++#define CLIENT_IP(conn) ((conn)->remote_ip)
++#endif
++
+ /* BEGIN DoS Evasive Maneuvers Definitions */
+
+ #define MAILER "/bin/mail %s"
+@@ -143,11 +150,11 @@
+ time_t t = time(NULL);
+
+ /* Check whitelist */
+- if (is_whitelisted(r->connection->remote_ip))
++ if (is_whitelisted(CLIENT_IP(r->connection)))
+ return OK;
+
+ /* First see if the IP itself is on "hold" */
+- n = ntt_find(hit_list, r->connection->remote_ip);
++ n = ntt_find(hit_list, CLIENT_IP(r->connection));
+
+ if (n != NULL && t-n->timestamp<blocking_period) {
+
+@@ -159,14 +166,14 @@
+ } else {
+
+ /* Has URI been hit too much? */
+- snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri);
++ snprintf(hash_key, 2048, "%s_%s", CLIENT_IP(r->connection), r->uri);
+ n = ntt_find(hit_list, hash_key);
+ if (n != NULL) {
+
+ /* If URI is being hit too much, add to "hold" list and 403 */
+ if (t-n->timestamp<page_interval && n->count>=page_count) {
+ ret = HTTP_FORBIDDEN;
+- ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
++ ntt_insert(hit_list, CLIENT_IP(r->connection), time(NULL));
+ } else {
+
+ /* Reset our hit count list as necessary */
+@@ -181,14 +188,14 @@
+ }
+
+ /* Has site been hit too much? */
+- snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip);
++ snprintf(hash_key, 2048, "%s_SITE", CLIENT_IP(r->connection));
+ n = ntt_find(hit_list, hash_key);
+ if (n != NULL) {
+
+ /* If site is being hit too much, add to "hold" list and 403 */
+ if (t-n->timestamp<site_interval && n->count>=site_count) {
+ ret = HTTP_FORBIDDEN;
+- ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
++ ntt_insert(hit_list, CLIENT_IP(r->connection), time(NULL));
+ } else {
+
+ /* Reset our hit count list as necessary */
+@@ -209,27 +216,27 @@
+ struct stat s;
+ FILE *file;
+
+- snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ?
log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip);
++ snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ?
log_dir : DEFAULT_LOG_DIR, CLIENT_IP(r->connection));
+ if (stat(filename, &s)) {
+ file = fopen(filename, "w");
+ if (file != NULL) {
+ fprintf(file, "%ld\n", getpid());
+ fclose(file);
+
+- LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.",
r->connection->remote_ip);
++ LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.",
CLIENT_IP(r->connection));
+ if (email_notify != NULL) {
+ snprintf(filename, sizeof(filename), MAILER, email_notify);
+ file = popen(filename, "w");
+ if (file != NULL) {
+ fprintf(file, "To: %s\n", email_notify);
+- fprintf(file, "Subject: HTTP BLACKLIST %s\n\n",
r->connection->remote_ip);
+- fprintf(file, "mod_evasive HTTP Blacklisted %s\n",
r->connection->remote_ip);
++ fprintf(file, "Subject: HTTP BLACKLIST %s\n\n",
CLIENT_IP(r->connection));
++ fprintf(file, "mod_evasive HTTP Blacklisted %s\n",
CLIENT_IP(r->connection));
+ pclose(file);
+ }
+ }
+
+ if (system_command != NULL) {
+- snprintf(filename, sizeof(filename), system_command,
r->connection->remote_ip);
++ snprintf(filename, sizeof(filename), system_command,
CLIENT_IP(r->connection));
+ system(filename);
+ }
+
diff -Nru libapache-mod-evasive-1.10.1/debian/patches/series
libapache-mod-evasive-1.10.1/debian/patches/series
--- libapache-mod-evasive-1.10.1/debian/patches/series 1970-01-01
01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/patches/series 2013-07-08
15:49:11.000000000 +0100
@@ -0,0 +1,2 @@
+aplog-use-module.patch
+conn-rec-remote-ip.patch
diff -Nru libapache-mod-evasive-1.10.1/debian/rules
libapache-mod-evasive-1.10.1/debian/rules
--- libapache-mod-evasive-1.10.1/debian/rules 2013-07-08 16:08:11.000000000
+0100
+++ libapache-mod-evasive-1.10.1/debian/rules 2013-07-08 15:40:34.000000000
+0100
@@ -28,6 +28,7 @@
dh_clean -k
dh_installdirs
dh_install
+ dh_apache2
# Build architecture-independent files here.
diff -Nru libapache-mod-evasive-1.10.1/debian/source/format
libapache-mod-evasive-1.10.1/debian/source/format
--- libapache-mod-evasive-1.10.1/debian/source/format 1970-01-01
01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/source/format 2013-07-08
15:45:35.000000000 +0100
@@ -0,0 +1 @@
+3.0 (quilt)
Thanks,
--
Colin Watson [cjwat...@ubuntu.com]
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
