[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#774965: marked as done (unblock: mod-authz-securepass/0~20140715+0git93f271f5-3)

Your message dated Sat, 10 Jan 2015 13:19:24 +0100
with message-id <54B118CC.6060200@thykier.net>
and subject line Re: Bug#774965: unblock: mod-authz-securepass/0~20140715+0git93f271f5-3
has caused the Debian Bug report #774965,
regarding unblock: mod-authz-securepass/0~20140715+0git93f271f5-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
774965: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774965
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mod-authz-securepass.
It fixes the RC bug #773777 [1] which fixes an incompatibility with Apache 2.4
due to the use of the ap_requires function.
The package has built fine on all architectures too.

I'm attaching the debdiff, thanks for considering.

Cheers!

unblock mod-authz-securepass/0~20140715+0git93f271f5-3


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773777

-- System Information:
Debian Release: jessie/sid
  APT prefers utopic-updates
  APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic'), (100, 'utopic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-28-generic (SMP w/20 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog	2014-10-23 01:23:07.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/changelog	2015-01-07 10:03:46.000000000 +0000
@@ -1,3 +1,11 @@
+mod-authz-securepass (0~20140715+0git93f271f5-3) unstable; urgency=medium
+
+  * Fix incompatibility with Apache 2.4 due to the use of
+    ap_requires. (Closes: #773777)
+  * Fix Vcs browser field.
+
+ -- Alessio Treglia <alessio@debian.org>  Wed, 07 Jan 2015 10:01:22 +0000
+
 mod-authz-securepass (0~20140715+0git93f271f5-2) unstable; urgency=medium
 
   * Set Maintainer to Debian SecurePass.
diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/control mod-authz-securepass-0~20140715+0git93f271f5/debian/control
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/control	2014-10-23 01:16:50.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/control	2015-01-07 10:01:13.000000000 +0000
@@ -11,7 +11,7 @@
 Standards-Version: 3.9.6
 Homepage: https://github.com/gplll/mod_authz_securepass
 Vcs-Git: git://anonscm.debian.org/pkg-securepass/mod-authz-securepass.git
-Vcs-Browser: https://alioth.debian.org/anonscm/git/pkg-securepass/mod-authz-securepass.git
+Vcs-Browser: http://anonscm.debian.org/cgit/pkg-securepass/mod-authz-securepass.git
 
 Package: libapache2-mod-authz-securepass
 Architecture: any
diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch	1970-01-01 01:00:00.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/9001-ap_requires.patch	2015-01-07 09:59:41.000000000 +0000
@@ -0,0 +1,233 @@
+From 5de1382b159cc8e6648ace7cab52dd02c04ae3e7 Mon Sep 17 00:00:00 2001
+From: gplll <gplll1818@gmail.com>
+Date: Sun, 28 Dec 2014 07:33:23 +0100
+Subject: [PATCH] Added support for Apache 2.4 through introduction of authz
+ providers for sprealm and spgroups - see ap_register_auth_provider()
+
+---
+ INSTALL                |   11 +--
+ Makefile               |    2 
+ README.md              |    2 
+ mod_authz_securepass.c |  136 +++++++++++++++++++++++++++++++++++++++++++++++--
+ 4 files changed, 138 insertions(+), 13 deletions(-)
+
+--- mod-authz-securepass.orig/INSTALL
++++ mod-authz-securepass/INSTALL
+@@ -18,21 +18,16 @@ For RedHat distro install apxs with
+ 
+ 3)
+ Download the source from git from the stable branch:
+-	git clone https://github.com/gplll/mod_authz_securepass.git -b master
++	git clone https://github.com/garlsecurity/mod_authz_securepass.git -b master
+ 	cd mod_authz_securepass
+ 
+ 4)
+ Compile the module and install it:
+ 
+-debian distro:
+-	make install_debian
+-	a2enmod securepass
+-
+-redhat distro:
+-	make install_redhat
++make install
+ 
+ 5)
+-configure mod_auth_securepass using the following directives:
++configure mod_authz_securepass using the following directives:
+ 
+ Valid Server/VirtualHost Directives
+ -----------------------------------
+--- mod-authz-securepass.orig/README.md
++++ mod-authz-securepass/README.md
+@@ -1,7 +1,7 @@
+ Apache authorization module for SecurePass
+ ==========================================
+ 
+-This is an Apache (2.2) module for authorizing SecurePass users.
++This is an Apache (2.2 and 2.4) module for authorizing SecurePass users.
+ SecurePass provides web single sign-on through the CAS protocol.
+ 
+ This module enhances the Apache authorization features by introducing two rules to restrict access 
+--- mod-authz-securepass.orig/mod_authz_securepass.c
++++ mod-authz-securepass/mod_authz_securepass.c
+@@ -569,9 +569,9 @@ static void *create_authz_securepass_ser
+ 
+ static void *merge_authz_securepass_server_config (apr_pool_t *pool, void *BASE, void *ADD)
+ {
+-    sp_cfg *c = apr_pcalloc(pool, sizeof(sp_cfg));
+-    sp_cfg *base = BASE;
+-    sp_cfg *add = ADD;
++	sp_cfg *c = apr_pcalloc(pool, sizeof(sp_cfg));
++	sp_cfg *base = BASE;
++	sp_cfg *add = ADD;
+ 
+ 	c->check_group =(add->check_group != TRUE ? add->check_group : base->check_group);
+ 	c->debug =(add->debug != FALSE ? add->debug : base->debug);
+@@ -761,6 +761,109 @@ static const command_rec authz_securepas
+ 	{ NULL }
+ };
+ 
++#if APACHE_2_4
++static const char *sp_parse_config(cmd_parms *cmd, const char *require_line,
++									 const void **parsed_require_line) {
++	const char *expr_err = NULL;
++	ap_expr_info_t *expr;
++
++	ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
++			"SecurePass: entering sp_parse_config(), require_line=%s", require_line);
++	expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, &expr_err, NULL);
++	if (expr_err)
++		return (apr_pstrcat(cmd->temp_pool, "Cannot parse expression in require line: ", expr_err, NULL));
++	*parsed_require_line = expr;
++	return NULL;
++}
++
++static authz_status sprealm_check_authorization(request_rec *r,
++												 const char *require_args,
++												 const void *parsed_require_args) {
++
++	authz_securepass_dir_config_rec *dir= (authz_securepass_dir_config_rec *)
++				ap_get_module_config(r->per_dir_config, &authz_securepass_module);
++	sp_cfg *c = (sp_cfg *) ap_get_module_config(r->server->module_config, &authz_securepass_module);
++
++	const char *err = NULL;
++	const ap_expr_info_t *expr = parsed_require_args;
++	const char *require;
++
++#if MYDEBUG
++	/* this is only used during module development to simulate CAS user */
++	if (dir->forced_user) {
++		r->user = apr_pcalloc(r->pool, 100);
++		strcpy (r->user, dir->forced_user);
++	}
++#endif
++
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass checking user %s, required_sprealms=%s",
++				r->user, require_args);
++		dump_config (r, dir, c);
++	}
++	if (!r->user) {
++		return AUTHZ_DENIED_NO_USER;
++	}
++	require = ap_expr_str_exec(r, expr, &err);
++	if (err) {
++		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SecurePass: Can't evaluate expression: %s", err);
++		return AUTHZ_DENIED;
++	}
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass: require=%s", require);
++	}
++	if (check_securepass_realm (r, require)) {
++		/* a Realm has been found */
++		return AUTHZ_GRANTED;
++	} else {
++		return AUTHZ_DENIED;
++	}
++}
++
++static authz_status spgroup_check_authorization(request_rec *r,
++												 const char *require_args,
++												 const void *parsed_require_args) {
++
++	authz_securepass_dir_config_rec *dir= (authz_securepass_dir_config_rec *)
++				ap_get_module_config(r->per_dir_config, &authz_securepass_module);
++	sp_cfg *c = (sp_cfg *) ap_get_module_config(r->server->module_config, &authz_securepass_module);
++
++	const char *err = NULL;
++	const ap_expr_info_t *expr = parsed_require_args;
++	const char *require;
++
++#if MYDEBUG
++	/* this is only used during module development to simulate CAS user */
++	if (dir->forced_user) {
++		r->user = apr_pcalloc(r->pool, 100);
++		strcpy (r->user, dir->forced_user);
++	}
++#endif
++
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass checking user %s, required_spgroups=%s",
++				r->user, require_args);
++	}
++	if (!r->user) {
++		return AUTHZ_DENIED_NO_USER;
++	}
++	require = ap_expr_str_exec(r, expr, &err);
++	if (err) {
++		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "SecurePass: Can't evaluate expression: %s", err);
++		return AUTHZ_DENIED;
++	}
++	if (c->debug) {
++		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "SecurePass: require=%s", require);
++	}
++	if (check_sp_group (r, require)) {
++		return AUTHZ_GRANTED;
++	} else {
++		return AUTHZ_DENIED;
++	}
++
++}
++
++#else /* APACHE_2_4 */
+ 
+ static int authz_securepass_check_user_access(request_rec *r) 
+ {
+@@ -846,6 +949,7 @@ static int authz_securepass_check_user_a
+ 	ap_note_basic_auth_failure(r);
+ 	return HTTP_UNAUTHORIZED;
+ }
++#endif
+ 
+ static int authz_sp_post_config(apr_pool_t *pool, apr_pool_t *p1, apr_pool_t *p2, server_rec *s)
+ {
+@@ -884,11 +988,37 @@ static int authz_sp_post_config(apr_pool
+ 	return status;
+ }
+ 
++#if APACHE_2_4
++static const authz_provider authz_sprealm_provider =
++{
++	&sprealm_check_authorization,
++	&sp_parse_config,
++};
++
++static const authz_provider authz_spgroup_provider =
++{
++	&spgroup_check_authorization,
++	&sp_parse_config,
++};
++#endif
++
+ static void authz_securepass_register_hooks(apr_pool_t *p)
+ {
+ 	ap_hook_post_config(authz_sp_post_config, NULL, NULL, APR_HOOK_LAST);
++#if APACHE_2_4
++	/* Register authz providers */
++	ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "sprealm",
++							AUTHZ_PROVIDER_VERSION,
++							&authz_sprealm_provider,
++							AP_AUTH_INTERNAL_PER_CONF);
++	ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "spgroup",
++							AUTHZ_PROVIDER_VERSION,
++							&authz_spgroup_provider,
++							AP_AUTH_INTERNAL_PER_CONF);
++#else
+ 	ap_hook_auth_checker(authz_securepass_check_user_access, NULL, NULL,
+ 		APR_HOOK_MIDDLE);
++#endif
+ }
+ 
+ module AP_MODULE_DECLARE_DATA authz_securepass_module = {
+--- mod-authz-securepass.orig/Makefile
++++ mod-authz-securepass/Makefile
+@@ -9,7 +9,7 @@ endif
+ 
+ # Note that gcc flags are passed through apxs, so preface with -Wc
+ MY_LDFLAGS=-lcurl
+-MY_CFLAGS=-Wc,-I. -Wc,-Wall
++MY_CFLAGS=-Wc,-I. -Wc,-Wall -DAPACHE_2_4=1
+ SRCS=mod_authz_securepass.c jsmn.c
+ HDRS=jsmn.h
+ BUILDDIR := build
diff -Nru mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series
--- mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series	2014-10-23 01:15:17.000000000 +0100
+++ mod-authz-securepass-0~20140715+0git93f271f5/debian/patches/series	2015-01-07 09:55:25.000000000 +0000
@@ -1 +1,2 @@
 0001-buildsystem.patch
+9001-ap_requires.patch

--- End Message ---
--- Begin Message --- 
On 2015-01-09 15:11, Alessio Treglia wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package mod-authz-securepass.
> It fixes the RC bug #773777 [1] which fixes an incompatibility with Apache 2.4
> due to the use of the ap_requires function.
> The package has built fine on all architectures too.
> 
> I'm attaching the debdiff, thanks for considering.
> 
> Cheers!
> 
> unblock mod-authz-securepass/0~20140715+0git93f271f5-3
> 
> 
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773777
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---
Reply to: