[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#864019: unblock: dacs/1.4.38a-2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package dacs. Testing by Jonas Smedegaard revealed that
the apache module is not loadable anymore because it tries to access a
private openssl symbol. We had been patching out that code part in
earlier package versions, but the patch got dropped recently because
it seemed not necessary anymore; unfortunately that was wrong, so this
upload reverts to the code that has been in wheezy and jessie.

We also switch back to libssl1.0 because it seems safer to use the SSL
version that apache2 itself is using.

Sorry for not catching this earlier via automated tests; a basic one
is added now.

Control files: lines which differ (wdiff format)
------------------------------------------------
 apache2-dev, [-libssl-dev,-] {+apache2-ssl-dev,+} libexpat1-dev, chrpath,
 groff-base, xsltproc, docbook-xsl, [-libxmlsec1-dev,-] libpam0g-dev

diff -Nru dacs-1.4.38a/debian/changelog dacs-1.4.38a/debian/changelog
--- dacs-1.4.38a/debian/changelog	2017-01-12 16:22:08.000000000 +0100
+++ dacs-1.4.38a/debian/changelog	2017-05-28 20:42:21.000000000 +0200
@@ -1,3 +1,21 @@
+dacs (1.4.38a-2) unstable; urgency=medium
+
+  * Reintroduce debian/patches/ssl_hook_Fixup. Otherwise, the module tries to
+    access the non-public ssl_hook_Fixup() function which is not resolvable
+    anymore in recent openssl versions. Practical history in Debian (the patch
+    had been there since the package was first uploaded in 2012, and even
+    earlier in private packages), and code comments indicate the function call
+    is not necessary, so remove it. Thanks to Jonas Smedegaard for spotting!
+    (Closes: #863395)
+  * Build-Depend on apache2-ssl-dev instead of libssl-dev to match the openssl
+    version apache2 is using.
+  * Add test case using a2enmod/apache2ctl configtest.
+  * Remove Build-Depends on libxmlsec1-dev which was only needed for the
+    already disabled infocard support. (Additionally, libxmlsec1-dev depends
+    on libssl-dev, so it was not co-installable with libssl1.0-dev anyway.)
+
+ -- Christoph Berg <myon@debian.org>  Sun, 28 May 2017 20:42:21 +0200
+
 dacs (1.4.38a-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru dacs-1.4.38a/debian/control dacs-1.4.38a/debian/control
--- dacs-1.4.38a/debian/control	2016-11-19 12:36:26.000000000 +0100
+++ dacs-1.4.38a/debian/control	2017-05-28 20:42:21.000000000 +0200
@@ -4,9 +4,9 @@
 Maintainer: Christoph Berg <christoph.berg@credativ.de>
 Uploaders: Martin Zobel-Helas <zobel@debian.org>
 Build-Depends: debhelper (>= 9),
- apache2-dev, libssl-dev, libexpat1-dev, chrpath,
+ apache2-dev, apache2-ssl-dev, libexpat1-dev, chrpath,
  libsasl2-dev, libperl-dev, libldap2-dev, autotools-dev,
- groff-base, xsltproc, docbook-xsl, libxmlsec1-dev, libpam0g-dev
+ groff-base, xsltproc, docbook-xsl, libpam0g-dev
 Standards-Version: 3.9.8
 Homepage: https://dacs.dss.ca/
 Vcs-Git: https://alioth.debian.org/anonscm/git/collab-maint/dacs.git
diff -Nru dacs-1.4.38a/debian/patches/series dacs-1.4.38a/debian/patches/series
--- dacs-1.4.38a/debian/patches/series	2016-11-19 12:36:26.000000000 +0100
+++ dacs-1.4.38a/debian/patches/series	2017-05-28 20:42:21.000000000 +0200
@@ -1,3 +1,4 @@
+ssl_hook_Fixup
 libtool-shell
 shared-library-linkage
 reproducible-build
diff -Nru dacs-1.4.38a/debian/patches/ssl_hook_Fixup dacs-1.4.38a/debian/patches/ssl_hook_Fixup
--- dacs-1.4.38a/debian/patches/ssl_hook_Fixup	1970-01-01 01:00:00.000000000 +0100
+++ dacs-1.4.38a/debian/patches/ssl_hook_Fixup	2017-05-28 20:42:21.000000000 +0200
@@ -0,0 +1,22 @@
+--- a/apache/mod_auth_dacs.c
++++ b/apache/mod_auth_dacs.c
+@@ -195,9 +195,6 @@ static int is_apache_2_2_build = 1;
+ /* For getpid() */
+ #include <unistd.h>
+ 
+-/* In modules/ssl/ssl_engine_kernel.c */
+-extern int ssl_hook_Fixup(request_rec *);
+-
+ #if defined(__DATE__) && defined(__TIME__)
+ static const char module_built[] = __DATE__ " " __TIME__;
+ #else
+@@ -1572,9 +1569,6 @@ exec_dacs_acs(request_rec *r, const char
+   ap_add_common_vars(r);
+   dacs_add_cgi_vars(r);			/* -bjb 21-Jan-2015 */
+ 
+-  if (ssl_is_ssl_request(r))
+-	ssl_hook_Fixup(r);		/* XXX This probably wasn't intended usage */
+-
+   /*
+    * DACS cookies are always removed from the environment before invoking
+    * dacs_acs so that they are not visible and easily copied.
diff -Nru dacs-1.4.38a/debian/tests/a2enmod dacs-1.4.38a/debian/tests/a2enmod
--- dacs-1.4.38a/debian/tests/a2enmod	1970-01-01 01:00:00.000000000 +0100
+++ dacs-1.4.38a/debian/tests/a2enmod	2017-05-28 20:42:21.000000000 +0200
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+
+a2enmod auth_dacs
+apache2ctl configtest
diff -Nru dacs-1.4.38a/debian/tests/control dacs-1.4.38a/debian/tests/control
--- dacs-1.4.38a/debian/tests/control	1970-01-01 01:00:00.000000000 +0100
+++ dacs-1.4.38a/debian/tests/control	2017-05-28 20:42:21.000000000 +0200
@@ -0,0 +1,3 @@
+Depends: @, apache2
+Tests: a2enmod
+Restrictions: needs-root


unblock dacs/1.4.38a-2


Thanks,
Christoph
Reply to: