Bug#774965: unblock: mod-authz-securepass/0~20140715+0git93f271f5-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#774965: unblock: mod-authz-securepass/0~20140715+0git93f271f5-3
From: Alessio Treglia <alessio@debian.org>
Date: Fri, 09 Jan 2015 14:11:41 +0000
Message-id: <[🔎] 20150109141141.18389.75507.reportbug@hitter>
Reply-to: Alessio Treglia <alessio@debian.org>, 774965@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mod-authz-securepass.
It fixes the RC bug #773777 [1] which fixes an incompatibility with Apache 2.4
due to the use of the ap_requires function.
The package has built fine on all architectures too.

I'm attaching the debdiff, thanks for considering.

Cheers!

unblock mod-authz-securepass/0~20140715+0git93f271f5-3


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773777

-- System Information:
Debian Release: jessie/sid
  APT prefers utopic-updates
  APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic'), (100, 'utopic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-28-generic (SMP w/20 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog	2014-10-23 01:23:07.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog	2015-01-07 10:03:46.000000000 +0000
@@ -1,3 +1,11 @@
+mod-authz-securepass (0~20140715+0git93f271f5-3) unstable; urgency=medium
+
+  * Fix incompatibility with Apache 2.4 due to the use of
+    ap_requires. (Closes: #773777)
+  * Fix Vcs browser field.
+
+ -- Alessio Treglia <alessio@debian.org>  Wed, 07 Jan 2015 10:01:22 +0000
+
 mod-authz-securepass (0~20140715+0git93f271f5-2) unstable; urgency=medium
 
   * Set Maintainer to Debian SecurePass.
diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/control mod-authz-securepass-0~20140715+0git93f271f5/debian/control
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/control	2014-10-23 01:16:50.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/control	2015-01-07 10:01:13.000000000 +0000
@@ -11,7 +11,7 @@
 Standards-Version: 3.9.6
 Homepage: https://github.com/gplll/mod_authz_securepass
 Vcs-Git: git://anonscm.debian.org/pkg-securepass/mod-authz-securepass.git
-Vcs-Browser: https://alioth.debian.org/anonscm/git/pkg-securepass/mod-authz-securepass.git
+Vcs-Browser: http://anonscm.debian.org/cgit/pkg-securepass/mod-authz-securepass.git
 
 Package: libapache2-mod-authz-securepass
 Architecture: any
diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch	1970-01-01 01:00:00.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch	2015-01-07 09:59:41.000000000 +0000
@@ -0,0 +1,233 @@
+From 5de1382b159cc8e6648ace7cab52dd02c04ae3e7 Mon Sep 17 00:00:00 2001
+From: gplll <gplll1818@gmail.com>
+Date: Sun, 28 Dec 2014 07:33:23 +0100
+Subject: [PATCH] Added support for Apache 2.4 through introduction of authz
+ providers for sprealm and spgroups - see ap_register_auth_provider()
+
+---
+ INSTALL                |   11 +--
+ Makefile               |    2 
+ README.md              |    2 
+ mod_authz_securepass.c |  136 +++++++++++++++++++++++++++++++++++++++++++++++--
+ 4 files changed, 138 insertions(+), 13 deletions(-)
+
+--- mod-authz-securepass.orig/INSTALL
++++ mod-authz-securepass/INSTALL
+@@ -18,21 +18,16 @@ For RedHat distro install apxs with
+ 
+ 3)
+ Download the source from git from the stable branch:
+-	git clone https://github.com/gplll/mod_authz_securepass.git -b master
++	git clone https://github.com/garlsecurity/mod_authz_securepass.git -b master
+ 	cd mod_authz_securepass
+ 
+ 4)
+ Compile the module and install it:
+ 
+-debian distro:
+-	make install_debian
+-	a2enmod securepass
+-
+-redhat distro:
+-	make install_redhat
++make install
+ 
+ 5)
+-configure mod_auth_securepass using the following directives:
++configure mod_authz_securepass using the following directives:
+ 
+ Valid Server/VirtualHost Directives
+ -----------------------------------
+--- mod-authz-securepass.orig/README.md
++++ mod-authz-securepass/README.md
+@@ -1,7 +1,7 @@
+ Apache authorization module for SecurePass
+ ==========================================
+ 
+-This is an Apache (2.2) module for authorizing SecurePass users.
++This is an Apache (2.2 and 2.4) module for authorizing SecurePass users.
+ SecurePass provides web single sign-on through the CAS protocol.
+ 
+ This module enhances the Apache authorization features by introducing two rules to restrict access 
+--- mod-authz-securepass.orig/mod_authz_securepass.c
++++ mod-authz-securepass/mod_authz_securepass.c
+@@ -569,9 +569,9 @@ static void *create_authz_securepass_ser
+ 
+ static void *merge_authz_securepass_server_config (apr_pool_t *pool, void *BASE, void *ADD)
+ {
+-    sp_cfg *c = apr_pcalloc(pool, sizeof(sp_cfg));
+-    sp_cfg *base = BASE;
+-    sp_cfg *add = ADD;
++	sp_cfg *c = apr_pcalloc(pool, sizeof(sp_cfg));
++	sp_cfg *base = BASE;
++	sp_cfg *add = ADD;
+ 
+ 	c->check_group =(add->check_group != TRUE ? add->check_group : base->check_group);
+ 	c->debug =(add->debug != FALSE ? add->debug : base->debug);
+@@ -761,6 +761,109 @@ static const command_rec authz_securepas
+ 	{ NULL }
+ };
+ 
++#if APACHE_2_4
++static const char *sp_parse_config(cmd_parms *cmd, const char *require_line,
++									 const void **parsed_require_line) {
++	const char *expr_err = NULL;
++	ap_expr_info_t *expr;
++
++	ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
++			"SecurePass: entering sp_parse_config(), require_line=%s", require_line);
++	expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, &expr_err, NULL);
++	if (expr_err)
++		return (apr_pstrcat(cmd->temp_pool, "Cannot parse expression in require line: ", expr_err, NULL));
++	*parsed_require_line = expr;
++	return NULL;
++}
++
++static authz_status sprealm_check_authorization(request_rec *r,
++												 const char *require_args,
++												 const void *parsed_require_args) {
++
++	authz_securepass_dir_config_rec *dir= (authz_securepass_dir_config_rec *)
++				ap_get_module_config(r->per_dir_config, &authz_securepass_module);
++	sp_cfg *c = (sp_cfg *) ap_get_module_config(r->server->module_config, &authz_securepass_module);
++
++	const char *err = NULL;
++	const ap_expr_info_t *expr = parsed_require_args;
++	const char *require;
++
++#if MYDEBUG
++	/* this is only used during module development to simulate CAS user */
++	if (dir->forced_user) {
++		r->user = apr_pcalloc(r->pool, 100);
++		strcpy (r->user, dir->forced_user);
++	}
++#endif
++
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass checking user %s, required_sprealms=%s",
++				r->user, require_args);
++		dump_config (r, dir, c);
++	}
++	if (!r->user) {
++		return AUTHZ_DENIED_NO_USER;
++	}
++	require = ap_expr_str_exec(r, expr, &err);
++	if (err) {
++		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SecurePass: Can't evaluate expression: %s", err);
++		return AUTHZ_DENIED;
++	}
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass: require=%s", require);
++	}
++	if (check_securepass_realm (r, require)) {
++		/* a Realm has been found */
++		return AUTHZ_GRANTED;
++	} else {
++		return AUTHZ_DENIED;
++	}
++}
++
++static authz_status spgroup_check_authorization(request_rec *r,
++												 const char *require_args,
++												 const void *parsed_require_args) {
++
++	authz_securepass_dir_config_rec *dir= (authz_securepass_dir_config_rec *)
++				ap_get_module_config(r->per_dir_config, &authz_securepass_module);
++	sp_cfg *c = (sp_cfg *) ap_get_module_config(r->server->module_config, &authz_securepass_module);
++
++	const char *err = NULL;
++	const ap_expr_info_t *expr = parsed_require_args;
++	const char *require;
++
++#if MYDEBUG
++	/* this is only used during module development to simulate CAS user */
++	if (dir->forced_user) {
++		r->user = apr_pcalloc(r->pool, 100);
++		strcpy (r->user, dir->forced_user);
++	}
++#endif
++
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass checking user %s, required_spgroups=%s",
++				r->user, require_args);
++	}
++	if (!r->user) {
++		return AUTHZ_DENIED_NO_USER;
++	}
++	require = ap_expr_str_exec(r, expr, &err);
++	if (err) {
++		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SecurePass: Can't evaluate expression: %s", err);
++		return AUTHZ_DENIED;
++	}
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass: require=%s", require);
++	}
++	if (check_sp_group (r, require)) {
++		return AUTHZ_GRANTED;
++	} else {
++		return AUTHZ_DENIED;
++	}
++
++}
++
++#else /* APACHE_2_4 */
+ 
+ static int authz_securepass_check_user_access(request_rec *r) 
+ {
+@@ -846,6 +949,7 @@ static int authz_securepass_check_user_a
+ 	ap_note_basic_auth_failure(r);
+ 	return HTTP_UNAUTHORIZED;
+ }
++#endif
+ 
+ static int authz_sp_post_config(apr_pool_t *pool, apr_pool_t *p1, apr_pool_t *p2, server_rec *s)
+ {
+@@ -884,11 +988,37 @@ static int authz_sp_post_config(apr_pool
+ 	return status;
+ }
+ 
++#if APACHE_2_4
++static const authz_provider authz_sprealm_provider =
++{
++	&sprealm_check_authorization,
++	&sp_parse_config,
++};
++
++static const authz_provider authz_spgroup_provider =
++{
++	&spgroup_check_authorization,
++	&sp_parse_config,
++};
++#endif
++
+ static void authz_securepass_register_hooks(apr_pool_t *p)
+ {
+ 	ap_hook_post_config(authz_sp_post_config, NULL, NULL, APR_HOOK_LAST);
++#if APACHE_2_4
++	/* Register authz providers */
++	ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "sprealm",
++							AUTHZ_PROVIDER_VERSION,
++							&authz_sprealm_provider,
++							AP_AUTH_INTERNAL_PER_CONF);
++	ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "spgroup",
++							AUTHZ_PROVIDER_VERSION,
++							&authz_spgroup_provider,
++							AP_AUTH_INTERNAL_PER_CONF);
++#else
+ 	ap_hook_auth_checker(authz_securepass_check_user_access, NULL, NULL,
+ 		APR_HOOK_MIDDLE);
++#endif
+ }
+ 
+ module AP_MODULE_DECLARE_DATA authz_securepass_module = {
+--- mod-authz-securepass.orig/Makefile
++++ mod-authz-securepass/Makefile
+@@ -9,7 +9,7 @@ endif
+ 
+ # Note that gcc flags are passed through apxs, so preface with -Wc
+ MY_LDFLAGS=-lcurl
+-MY_CFLAGS=-Wc,-I. -Wc,-Wall
++MY_CFLAGS=-Wc,-I. -Wc,-Wall -DAPACHE_2_4=1
+ SRCS=mod_authz_securepass.c jsmn.c
+ HDRS=jsmn.h
+ BUILDDIR := build
diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series	2014-10-23 01:15:17.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series	2015-01-07 09:55:25.000000000 +0000
@@ -1 +1,2 @@
 0001-buildsystem.patch
+9001-ap_requires.patch

Reply to:

Follow-Ups:
- Bug#774965: marked as done (unblock: mod-authz-securepass/0~20140715+0git93f271f5-3)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#774964: unblock: xfce4-session/4.10.1-10 (pre-approval)
Next by Date: Bug#774850: wheezy-pu: package bley/0.1.5-2+deb7u1
Previous by thread: Bug#774964: marked as done (unblock: xfce4-session/4.10.1-10 (pre-approval))
Next by thread: Bug#774965: marked as done (unblock: mod-authz-securepass/0~20140715+0git93f271f5-3)
Index(es):
- Date
- Thread