Bug#666846: libapache-mod-evasive: diff for NMU version 1.10.1-1.1

Wed, 10 Jul 2013 01:45:45 -0700 

Control: tag -1 pending

Dear maintainer,

I've prepared an NMU for libapache-mod-evasive (versioned as 1.10.1-1.1)
and uploaded it to DELAYED/2.  Please feel free to tell me if I should
delay it longer.

Regards,

-- 
Colin Watson                                       [cjwat...@debian.org]

diff -Nru libapache-mod-evasive-1.10.1/debian/changelog libapache-mod-evasive-1.10.1/debian/changelog
--- libapache-mod-evasive-1.10.1/debian/changelog	2013-07-10 09:40:54.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/changelog	2013-07-10 09:12:08.000000000 +0100
@@ -1,3 +1,10 @@
+libapache-mod-evasive (1.10.1-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Port to Apache 2.4 (closes: #666846).
+
+ -- Colin Watson <cjwat...@debian.org>  Wed, 10 Jul 2013 09:12:03 +0100
+
 libapache-mod-evasive (1.10.1-1) unstable; urgency=low
 
   * New upstream version. Changed package name. s/dos//
diff -Nru libapache-mod-evasive-1.10.1/debian/control libapache-mod-evasive-1.10.1/debian/control
--- libapache-mod-evasive-1.10.1/debian/control	2013-07-10 09:40:54.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/control	2013-07-08 15:40:07.000000000 +0100
@@ -2,12 +2,12 @@
 Section: web
 Priority: optional
 Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org>
-Build-Depends: debhelper (>> 4.0.0), apache2-threaded-dev
+Build-Depends: debhelper (>> 4.0.0), dh-apache2, apache2-dev
 Standards-Version: 3.7.2.2
 
 Package: libapache2-mod-evasive
 Architecture: any
-Depends: apache2.2-common, ${shlibs:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: evasive module to minimize HTTP DoS or brute force attacks
  mod_evasive is an evasive maneuvers module for Apache to provide some
  protection in the event of an HTTP DoS or DDoS attack or brute force attack.
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2 libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2	1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.apache2	2013-07-08 15:41:00.000000000 +0100
@@ -0,0 +1,2 @@
+mod .libs/mod_evasive20.so
+mod debian/mod-evasive.load
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs	2013-07-10 09:40:54.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.dirs	1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-usr/lib/apache2/modules
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install	2013-07-10 09:40:54.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.install	1970-01-01 01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-.libs/mod_evasive20.so usr/lib/apache2/modules
-debian/mod-evasive.load etc/apache2/mods-available
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst	2013-07-10 09:40:54.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.postinst	1970-01-01 01:00:00.000000000 +0100
@@ -1,26 +0,0 @@
-#!/bin/sh -e
-
-reload_apache()
-{
-        if apache2ctl configtest 2>/dev/null; then
-                invoke-rc.d apache2 force-reload || true
-        else
-                echo "Your apache2 configuration is broken, so we're not restarting it for you."
-        fi
-}
-
-if [ -n "$2" ]; then
-# we're upgrading. test if we're enabled, and if so, restart to reload the module.
-        if [ -e /etc/apache2/mods-enabled/mod-evasive.load ]; then
-                reload_apache
-        fi
-        exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
-# Enable the module, but hide a2enmod's misleading message about apachectl
-# and force-reload the thing ourselves.
-        a2enmod mod-evasive >/dev/null || true
-        reload_apache
-fi
-
diff -Nru libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm
--- libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm	2013-07-10 09:40:54.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/libapache2-mod-evasive.prerm	1970-01-01 01:00:00.000000000 +0100
@@ -1,12 +0,0 @@
-#!/bin/sh -e
-# copied from libapache2-mod-php4
-
-if [ "$1" != "remove" -a "$1" != "purge" ]; then
-        exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
-        a2dismod mod-evasive || true
-fi
-
-exit 0
diff -Nru libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch
--- libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch	1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/patches/aplog-use-module.patch	2013-07-08 15:48:46.000000000 +0100
@@ -0,0 +1,20 @@
+Description: Add APLOG_USE_MODULE for Apache 2.4 per-module loglevels
+Author: Colin Watson <cjwat...@debian.org>
+Forwarded: no
+Last-Update: 2013-07-08
+
+Index: b/mod_evasive20.c
+===================================================================
+--- a/mod_evasive20.c
++++ b/mod_evasive20.c
+@@ -38,6 +38,10 @@
+ #include "http_log.h"
+ #include "http_request.h"
+ 
++#ifdef APLOG_USE_MODULE
++APLOG_USE_MODULE(evasive20);
++#endif
++
+ module AP_MODULE_DECLARE_DATA evasive20_module;
+ 
+ /* BEGIN DoS Evasive Maneuvers Definitions */
diff -Nru libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch
--- libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch	1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/patches/conn-rec-remote-ip.patch	2013-07-08 16:03:10.000000000 +0100
@@ -0,0 +1,104 @@
+Description: Handle conn_rec->remote_ip split in Apache 2.4
+Author: Colin Watson <cjwat...@debian.org>
+Forwarded: no
+Last-Update: 2013-07-08
+
+Index: b/mod_evasive20.c
+===================================================================
+--- a/mod_evasive20.c
++++ b/mod_evasive20.c
+@@ -44,6 +44,13 @@
+ 
+ module AP_MODULE_DECLARE_DATA evasive20_module;
+ 
++#if AP_SERVER_MAJORVERSION_NUMBER > 2 || \
++    (AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER >= 4)
++#define CLIENT_IP(conn) ((conn)->client_ip)
++#else
++#define CLIENT_IP(conn) ((conn)->remote_ip)
++#endif
++
+ /* BEGIN DoS Evasive Maneuvers Definitions */
+ 
+ #define MAILER	"/bin/mail %s"
+@@ -143,11 +150,11 @@
+       time_t t = time(NULL);
+ 
+       /* Check whitelist */
+-      if (is_whitelisted(r->connection->remote_ip)) 
++      if (is_whitelisted(CLIENT_IP(r->connection))) 
+         return OK;
+ 
+       /* First see if the IP itself is on "hold" */
+-      n = ntt_find(hit_list, r->connection->remote_ip);
++      n = ntt_find(hit_list, CLIENT_IP(r->connection));
+ 
+       if (n != NULL && t-n->timestamp<blocking_period) {
+  
+@@ -159,14 +166,14 @@
+       } else {
+ 
+         /* Has URI been hit too much? */
+-        snprintf(hash_key, 2048, "%s_%s", r->connection->remote_ip, r->uri);
++        snprintf(hash_key, 2048, "%s_%s", CLIENT_IP(r->connection), r->uri);
+         n = ntt_find(hit_list, hash_key);
+         if (n != NULL) {
+ 
+           /* If URI is being hit too much, add to "hold" list and 403 */
+           if (t-n->timestamp<page_interval && n->count>=page_count) {
+             ret = HTTP_FORBIDDEN;
+-            ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
++            ntt_insert(hit_list, CLIENT_IP(r->connection), time(NULL));
+           } else {
+ 
+             /* Reset our hit count list as necessary */
+@@ -181,14 +188,14 @@
+         }
+ 
+         /* Has site been hit too much? */
+-        snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip);
++        snprintf(hash_key, 2048, "%s_SITE", CLIENT_IP(r->connection));
+         n = ntt_find(hit_list, hash_key);
+         if (n != NULL) {
+ 
+           /* If site is being hit too much, add to "hold" list and 403 */
+           if (t-n->timestamp<site_interval && n->count>=site_count) {
+             ret = HTTP_FORBIDDEN;
+-            ntt_insert(hit_list, r->connection->remote_ip, time(NULL));
++            ntt_insert(hit_list, CLIENT_IP(r->connection), time(NULL));
+           } else {
+ 
+             /* Reset our hit count list as necessary */
+@@ -209,27 +216,27 @@
+         struct stat s;
+         FILE *file;
+ 
+-        snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip);
++        snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, CLIENT_IP(r->connection));
+         if (stat(filename, &s)) {
+           file = fopen(filename, "w");
+           if (file != NULL) {
+             fprintf(file, "%ld\n", getpid());
+             fclose(file);
+ 
+-            LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip);
++            LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", CLIENT_IP(r->connection));
+             if (email_notify != NULL) {
+               snprintf(filename, sizeof(filename), MAILER, email_notify);
+               file = popen(filename, "w");
+               if (file != NULL) {
+                 fprintf(file, "To: %s\n", email_notify);
+-                fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip);
+-                fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip);
++                fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", CLIENT_IP(r->connection));
++                fprintf(file, "mod_evasive HTTP Blacklisted %s\n", CLIENT_IP(r->connection));
+                 pclose(file);
+               }
+             }
+ 
+             if (system_command != NULL) {
+-              snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip);
++              snprintf(filename, sizeof(filename), system_command, CLIENT_IP(r->connection));
+               system(filename);
+             }
+  
diff -Nru libapache-mod-evasive-1.10.1/debian/patches/series libapache-mod-evasive-1.10.1/debian/patches/series
--- libapache-mod-evasive-1.10.1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/patches/series	2013-07-08 15:49:11.000000000 +0100
@@ -0,0 +1,2 @@
+aplog-use-module.patch
+conn-rec-remote-ip.patch
diff -Nru libapache-mod-evasive-1.10.1/debian/rules libapache-mod-evasive-1.10.1/debian/rules
--- libapache-mod-evasive-1.10.1/debian/rules	2013-07-10 09:40:54.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/rules	2013-07-08 15:40:34.000000000 +0100
@@ -28,6 +28,7 @@
 	dh_clean -k
 	dh_installdirs
 	dh_install
+	dh_apache2
 
 
 # Build architecture-independent files here.
diff -Nru libapache-mod-evasive-1.10.1/debian/source/format libapache-mod-evasive-1.10.1/debian/source/format
--- libapache-mod-evasive-1.10.1/debian/source/format	1970-01-01 01:00:00.000000000 +0100
+++ libapache-mod-evasive-1.10.1/debian/source/format	2013-07-08 15:45:35.000000000 +0100
@@ -0,0 +1 @@
+3.0 (quilt)

Reply via email to