Control: tag -1 pending On Sun, Apr 01, 2012 at 09:15:52PM +0000, a...@debian.org wrote: > your package mod-spamhaus is provding an Apache2 web server module. > We're upgrading Apache to the new upstream version 2.4 [1] (tracked > as transition bug #661958). This requires all modules to be rebuilt > due to ABI changes.
Here's a patch. Please note the considerable caution involved with /etc/apache2/mods-*/; I had to rename these files because otherwise removing the new packages left dangling symlinks in /etc/apache2/mods-enabled/ (since 'a2query -m mod-spamhaus' fails), and this is the smallest amount of code I could think of that would handle the rename absolutely reliably. I've tested this in the default upgrade situation as well as the situation where the module had previously been disabled by the admin, and in both cases it is properly transitioned to the new name. diff -Nru mod-spamhaus-0.7/debian/apache2 mod-spamhaus-0.7/debian/apache2 --- mod-spamhaus-0.7/debian/apache2 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/apache2 2013-07-10 12:11:55.000000000 +0100 @@ -0,0 +1,3 @@ +mod src/.libs/mod_spamhaus.so +mod debian/conf/spamhaus.load +mod debian/conf/spamhaus.conf diff -Nru mod-spamhaus-0.7/debian/changelog mod-spamhaus-0.7/debian/changelog --- mod-spamhaus-0.7/debian/changelog 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/changelog 2013-07-10 17:29:57.000000000 +0100 @@ -1,3 +1,13 @@ +mod-spamhaus (0.7-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Port to Apache 2.4 (closes: #666847). + * Rename mod-spamhaus.conf and mod-spamhaus.load to the standard form of + spamhaus.conf and spamhaus.load, otherwise the prerm/postrm scripts + generated by dh_apache2 are unable to unload the module. + + -- Colin Watson <cjwat...@debian.org> Wed, 10 Jul 2013 17:29:56 +0100 + mod-spamhaus (0.7-1) unstable; urgency=low * Initial release (Closes: #503395) diff -Nru mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf --- mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf 1970-01-01 01:00:00.000000000 +0100 @@ -1,47 +0,0 @@ -<IfModule mod_spamhaus.c> - -#MS_Methods -# Syntax: MS_Methods POST,PUT,OPTIONS -# Default: POST,PUT,OPTIONS -# -# The values admitted are the httpd's methods (GET,POST,etc) -# Module verify remote ip address if the method used by the user is present -# in the value passed to this variable. Methods must be comma-separated -MS_METHODS POST,PUT,OPTIONS,CONNECT - - -#MS_WhiteList -# Syntax: MS_WhiteList /etc/spamhaus.wl -# Default: no value -# Path of whitelist file. -# After you've edit it, you mustn't reload apache. This file will be read only -# when 'data modification time' change. You can add an individual IP address or -# subnets with CIDR. -#MS_WhiteList /etc/spamhaus.wl - - -#MS_DNS -# Syntax: MS_DNS sbl-xbl.spamhaus.org -# Default: sbl-xbl.spamhaus.org -# Name server to use for verify is an ip is blacklisted. -# Using a local rbldnsd instance of sbl-xbl, you can increase query performance -#MS_Dns local.rbldnsd.instance.of.sbl-xbl - - -#MS_CacheSize -# Syntax: MS_CacheSize 256 -# Default: 512 -# Max value: 8192 -# This directive can manage the number of cache entries. -#MS_CacheSize 512 - - -#MS_CustomError -# Syntax: MS_CustomError "My custom error message" -# Default: "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." -# A custom error message that allows you to replace default error message with one you create -#MS_CustomError "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." - - -</IfModule> - diff -Nru mod-spamhaus-0.7/debian/conf/mod-spamhaus.load mod-spamhaus-0.7/debian/conf/mod-spamhaus.load --- mod-spamhaus-0.7/debian/conf/mod-spamhaus.load 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/mod-spamhaus.load 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -LoadModule spamhaus_module /usr/lib/apache2/modules/mod_spamhaus.so diff -Nru mod-spamhaus-0.7/debian/conf/spamhaus.conf mod-spamhaus-0.7/debian/conf/spamhaus.conf --- mod-spamhaus-0.7/debian/conf/spamhaus.conf 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/spamhaus.conf 2013-07-10 11:38:48.000000000 +0100 @@ -0,0 +1,47 @@ +<IfModule mod_spamhaus.c> + +#MS_Methods +# Syntax: MS_Methods POST,PUT,OPTIONS +# Default: POST,PUT,OPTIONS +# +# The values admitted are the httpd's methods (GET,POST,etc) +# Module verify remote ip address if the method used by the user is present +# in the value passed to this variable. Methods must be comma-separated +MS_METHODS POST,PUT,OPTIONS,CONNECT + + +#MS_WhiteList +# Syntax: MS_WhiteList /etc/spamhaus.wl +# Default: no value +# Path of whitelist file. +# After you've edit it, you mustn't reload apache. This file will be read only +# when 'data modification time' change. You can add an individual IP address or +# subnets with CIDR. +#MS_WhiteList /etc/spamhaus.wl + + +#MS_DNS +# Syntax: MS_DNS sbl-xbl.spamhaus.org +# Default: sbl-xbl.spamhaus.org +# Name server to use for verify is an ip is blacklisted. +# Using a local rbldnsd instance of sbl-xbl, you can increase query performance +#MS_Dns local.rbldnsd.instance.of.sbl-xbl + + +#MS_CacheSize +# Syntax: MS_CacheSize 256 +# Default: 512 +# Max value: 8192 +# This directive can manage the number of cache entries. +#MS_CacheSize 512 + + +#MS_CustomError +# Syntax: MS_CustomError "My custom error message" +# Default: "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." +# A custom error message that allows you to replace default error message with one you create +#MS_CustomError "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." + + +</IfModule> + diff -Nru mod-spamhaus-0.7/debian/conf/spamhaus.load mod-spamhaus-0.7/debian/conf/spamhaus.load --- mod-spamhaus-0.7/debian/conf/spamhaus.load 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/spamhaus.load 2013-07-10 11:38:48.000000000 +0100 @@ -0,0 +1 @@ +LoadModule spamhaus_module /usr/lib/apache2/modules/mod_spamhaus.so diff -Nru mod-spamhaus-0.7/debian/control mod-spamhaus-0.7/debian/control --- mod-spamhaus-0.7/debian/control 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/control 2013-07-10 11:39:18.000000000 +0100 @@ -2,13 +2,13 @@ Section: web Priority: extra Maintainer: Giuseppe Iuculano <giuse...@iuculano.it> -Build-Depends: debhelper (>= 5), apache2-prefork-dev | apache2-threaded-dev +Build-Depends: debhelper (>= 5), dh-apache2, apache2-dev Standards-Version: 3.8.0 Homepage: http://sourceforge.net/projects/mod-spamhaus/ Package: libapache2-mod-spamhaus Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, apache2.2-common +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Apache DNSBL module that blocks listed IP addresses mod_spamhaus is an Apache module for DNS Block Listing that protects web services by denying access to particular IP addresses. It can stop spam diff -Nru mod-spamhaus-0.7/debian/dirs mod-spamhaus-0.7/debian/dirs --- mod-spamhaus-0.7/debian/dirs 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/dirs 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -usr/lib/apache2/modules/ -etc/apache2/mods-available/ diff -Nru mod-spamhaus-0.7/debian/install mod-spamhaus-0.7/debian/install --- mod-spamhaus-0.7/debian/install 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/install 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -debian/conf/mod-spamhaus.load /etc/apache2/mods-available -debian/conf/mod-spamhaus.conf /etc/apache2/mods-available diff -Nru mod-spamhaus-0.7/debian/patches/aplog-use-module.patch mod-spamhaus-0.7/debian/patches/aplog-use-module.patch --- mod-spamhaus-0.7/debian/patches/aplog-use-module.patch 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/patches/aplog-use-module.patch 2013-07-10 11:48:56.000000000 +0100 @@ -0,0 +1,20 @@ +Description: Add APLOG_USE_MODULE for Apache 2.4 per-module loglevels +Author: Colin Watson <cjwat...@debian.org> +Forwarded: no +Last-Update: 2013-07-10 + +Index: b/src/mod_spamhaus.c +=================================================================== +--- a/src/mod_spamhaus.c ++++ b/src/mod_spamhaus.c +@@ -47,6 +47,10 @@ + #define WHITELIST_SIZE 2048 + #define MAX_CACHE_SIZE 8192 + ++#ifdef APLOG_USE_MODULE ++APLOG_USE_MODULE(spamhaus); ++#endif ++ + module AP_MODULE_DECLARE_DATA spamhaus_module; + + static void *spamhaus_create_config(apr_pool_t *p, server_rec *s); diff -Nru mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch --- mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch 2013-07-10 11:49:08.000000000 +0100 @@ -0,0 +1,86 @@ +Description: Handle conn_rec->remote_ip split in Apache 2.4 +Author: Colin Watson <cjwat...@debian.org> +Forwarded: no +Last-Update: 2013-07-10 + +Index: b/src/mod_spamhaus.c +=================================================================== +--- a/src/mod_spamhaus.c ++++ b/src/mod_spamhaus.c +@@ -53,6 +53,13 @@ + + module AP_MODULE_DECLARE_DATA spamhaus_module; + ++#if AP_SERVER_MAJORVERSION_NUMBER > 2 || \ ++ (AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER >= 4) ++#define CLIENT_IP(conn) ((conn)->client_ip) ++#else ++#define CLIENT_IP(conn) ((conn)->remote_ip) ++#endif ++ + static void *spamhaus_create_config(apr_pool_t *p, server_rec *s); + static void *spamhaus_create_dir_config(apr_pool_t *p, char *path); + static int spamhaus_handler(request_rec *r); +@@ -184,7 +191,7 @@ + if ( brokenfeed ) *brokenfeed = '\0'; + + if ( (strchr(lista[count],'/') == NULL )){ +- if ( strcmp(lista[count],r->connection->remote_ip) == 0 ) return 1; ++ if ( strcmp(lista[count],CLIENT_IP(r->connection)) == 0 ) return 1; + } + else { + +@@ -206,7 +213,7 @@ + in.s_addr = last; + + sscanf(inet_ntoa(in), "%d.%d.%d.%d", &a_max, &b_max, &c_max, &d_max); +- sscanf(r->connection->remote_ip, "%d.%d.%d.%d", &a_daverificare, &b_daverificare, &c_daverificare, &d_daverificare); ++ sscanf(CLIENT_IP(r->connection), "%d.%d.%d.%d", &a_daverificare, &b_daverificare, &c_daverificare, &d_daverificare); + + if ( + +@@ -250,14 +257,14 @@ + if ( strstr(cfg->methods,r->method) != NULL ) + { + +- for (counter; counter < cfg->nip_incache; counter++) if (strcmp(cached_ip[counter],r->connection->remote_ip) == 0 ) return DECLINED; ++ for (counter; counter < cfg->nip_incache; counter++) if (strcmp(cached_ip[counter],CLIENT_IP(r->connection)) == 0 ) return DECLINED; + + + struct hostent *hp = 0; + + memset(lookup_this,'\0',512); + +- sscanf(r->connection->remote_ip, "%d.%d.%d.%d",&oct1, &oct2, &oct3, &oct4); ++ sscanf(CLIENT_IP(r->connection), "%d.%d.%d.%d",&oct1, &oct2, &oct3, &oct4); + + snprintf(lookup_this,512,"%d.%d.%d.%d.%s",oct4,oct3,oct2,oct1,cfg->dnshost); + +@@ -275,15 +282,15 @@ + if (oct1 != 127) + { + +- ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is blacklisted but it's not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address will not get filtered",r->connection->remote_ip); ++ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is blacklisted but it's not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address will not get filtered",CLIENT_IP(r->connection)); + return DECLINED; + } + + if ( (strcmp(cfg->whitelist,"no-white-list")!= 0) ) + { + if ( check_whitelist(cfg->whitelist,r) ) { +- ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is whitelisted. Allow connection to %s%s", r->connection->remote_ip,r->hostname,r->uri); +- add_cache(r->connection->remote_ip,cfg->nip_incache); ++ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is whitelisted. Allow connection to %s%s", CLIENT_IP(r->connection),r->hostname,r->uri); ++ add_cache(CLIENT_IP(r->connection),cfg->nip_incache); + return DECLINED; + + } +@@ -301,7 +308,7 @@ + } + + +- add_cache(r->connection->remote_ip,cfg->nip_incache); ++ add_cache(CLIENT_IP(r->connection),cfg->nip_incache); + + return DECLINED; + diff -Nru mod-spamhaus-0.7/debian/patches/series mod-spamhaus-0.7/debian/patches/series --- mod-spamhaus-0.7/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/patches/series 2013-07-10 11:48:18.000000000 +0100 @@ -0,0 +1,2 @@ +aplog-use-module.patch +conn-rec-remote-ip.patch diff -Nru mod-spamhaus-0.7/debian/postinst mod-spamhaus-0.7/debian/postinst --- mod-spamhaus-0.7/debian/postinst 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/postinst 2013-07-10 17:16:05.000000000 +0100 @@ -1,63 +1,27 @@ -#!/bin/sh -# postinst script for mod-spamhaus -# -# see: dh_installdeb(1) - +#! /bin/sh set -e -# summary of how this script can be called: -# * <postinst> `configure' <most-recently-configured-version> -# * <old-postinst> `abort-upgrade' <new version> -# * <conflictor's-postinst> `abort-remove' `in-favour' <package> -# <new-version> -# * <postinst> `abort-remove' -# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' -# <failed-install-package> <version> `removing' -# <conflicting-package> <version> -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -reload_apache() -{ - if apache2ctl configtest 2>/dev/null; then - invoke-rc.d apache2 force-reload || true - else - echo "Your apache2 configuration is broken, so we're not restarting it for you." - fi -} - - -case "$1" in - configure) - # Reload the module on upgrade if enabled - if [ -n "$2" ]; then - if [ -e /etc/apache2/mods-enabled/mod-spamhaus.load ]; then - reload_apache - fi - else - # Enable the module - if [ -e /etc/apache2/apache2.conf ]; then - a2enmod mod-spamhaus >/dev/null || true - reload_apache - fi - fi - - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. +# We cannot use dh_installdeb and debian/maintscript for this, because the +# conffile must be renamed before dh_apache2's generated postinst fragment +# tries to reload the server. +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" #DEBHELPER# -exit 0 - +if [ "$1" = configure ] && [ "$2" ] && \ + dpkg --compare-versions "$2" le-nl 0.7-1.1~ && \ + [ -e /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled ]; then + # We're upgrading, and the old name was disabled, so it must + # have been disabled by the site administrator. Preserve + # this. + rm -f /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled + if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then + echo "Disabling spamhaus again to reflect previous mod-spamhaus configuration." + . /usr/share/apache2/apache2-maintscript-helper + a2dismod -f -q spamhaus + apache2_reload restart + fi +fi +exit 0 diff -Nru mod-spamhaus-0.7/debian/postrm mod-spamhaus-0.7/debian/postrm --- mod-spamhaus-0.7/debian/postrm 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/postrm 2013-07-10 12:55:17.000000000 +0100 @@ -0,0 +1,9 @@ +#! /bin/sh +set -e + +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" + +#DEBHELPER# + +exit 0 diff -Nru mod-spamhaus-0.7/debian/preinst mod-spamhaus-0.7/debian/preinst --- mod-spamhaus-0.7/debian/preinst 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/preinst 2013-07-10 17:28:41.000000000 +0100 @@ -0,0 +1,17 @@ +#! /bin/sh +set -e + +# We have to tell a2dismod about the removal before moving the conffile. +if ([ "$1" = install ] || [ "$1" = "upgrade" ]) && [ "$2" ] && \ + dpkg --compare-versions "$2" le-nl 0.7-1.1~; then + if [ ! -h /etc/apache2/mods-enabled/mod-spamhaus.load ]; then + touch /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled + fi + a2dismod -p -m -f -q mod-spamhaus +fi +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" + +#DEBHELPER# + +exit 0 diff -Nru mod-spamhaus-0.7/debian/prerm mod-spamhaus-0.7/debian/prerm --- mod-spamhaus-0.7/debian/prerm 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/prerm 1970-01-01 01:00:00.000000000 +0100 @@ -1,56 +0,0 @@ -#!/bin/sh -# prerm script for mod-spamhaus -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * <prerm> `remove' -# * <old-prerm> `upgrade' <new-version> -# * <new-prerm> `failed-upgrade' <old-version> -# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> -# * <deconfigured's-prerm> `deconfigure' `in-favour' -# <package-being-installed> <version> `removing' -# <conflicting-package> <version> -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -reload_apache() -{ - if apache2ctl configtest 2>/dev/null; then - invoke-rc.d apache2 force-reload || true - else - echo "Your apache2 configuration is broken, so we're not restarting it for you." - fi -} - - -case "$1" in - remove) - if [ -e /etc/apache2/mods-enabled/suphp.load ]; then - a2dismod suphp >/dev/null || true - reload_apache - fi - ;; - - upgrade|deconfigure) - ;; - - failed-upgrade) - ;; - - *) - echo "prerm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - - diff -Nru mod-spamhaus-0.7/debian/rules mod-spamhaus-0.7/debian/rules --- mod-spamhaus-0.7/debian/rules 2013-07-10 17:37:13.000000000 +0100 +++ mod-spamhaus-0.7/debian/rules 2013-07-10 11:41:12.000000000 +0100 @@ -25,7 +25,6 @@ dh_testroot dh_clean -k dh_installdirs - dh_install src/.libs/mod_spamhaus.so `apxs2 -q LIBEXECDIR` # Build architecture-independent files here. @@ -40,6 +39,7 @@ dh_installdocs dh_installexamples dh_install + dh_apache2 dh_link dh_strip dh_compress diff -Nru mod-spamhaus-0.7/debian/source/format mod-spamhaus-0.7/debian/source/format --- mod-spamhaus-0.7/debian/source/format 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/source/format 2013-07-10 11:45:49.000000000 +0100 @@ -0,0 +1 @@ +3.0 (quilt) Thanks, -- Colin Watson [cjwat...@ubuntu.com] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
