Control: tag -1 pending Dear maintainer,
I've prepared an NMU for mod-spamhaus (versioned as 0.7-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. My apologies for the relative rush on what I know is a fairly complex NMU; but this is blocking the Apache 2.4 transition and the release team would like to get that cleared out this weekend. I talked through the maintainer script changes on #debian-apache; Arno reviewed it and suggested a few tweaks but seemed generally happy with them. Regards, -- Colin Watson [cjwat...@debian.org]
diff -Nru mod-spamhaus-0.7/debian/apache2 mod-spamhaus-0.7/debian/apache2 --- mod-spamhaus-0.7/debian/apache2 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/apache2 2013-07-10 12:11:55.000000000 +0100 @@ -0,0 +1,3 @@ +mod src/.libs/mod_spamhaus.so +mod debian/conf/spamhaus.load +mod debian/conf/spamhaus.conf diff -Nru mod-spamhaus-0.7/debian/changelog mod-spamhaus-0.7/debian/changelog --- mod-spamhaus-0.7/debian/changelog 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/changelog 2013-07-11 11:00:13.000000000 +0100 @@ -1,3 +1,13 @@ +mod-spamhaus (0.7-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Port to Apache 2.4 (closes: #666847). + * Rename mod-spamhaus.conf and mod-spamhaus.load to the standard form of + spamhaus.conf and spamhaus.load, otherwise the prerm/postrm scripts + generated by dh_apache2 are unable to unload the module. + + -- Colin Watson <cjwat...@debian.org> Thu, 11 Jul 2013 11:00:10 +0100 + mod-spamhaus (0.7-1) unstable; urgency=low * Initial release (Closes: #503395) diff -Nru mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf --- mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/mod-spamhaus.conf 1970-01-01 01:00:00.000000000 +0100 @@ -1,47 +0,0 @@ -<IfModule mod_spamhaus.c> - -#MS_Methods -# Syntax: MS_Methods POST,PUT,OPTIONS -# Default: POST,PUT,OPTIONS -# -# The values admitted are the httpd's methods (GET,POST,etc) -# Module verify remote ip address if the method used by the user is present -# in the value passed to this variable. Methods must be comma-separated -MS_METHODS POST,PUT,OPTIONS,CONNECT - - -#MS_WhiteList -# Syntax: MS_WhiteList /etc/spamhaus.wl -# Default: no value -# Path of whitelist file. -# After you've edit it, you mustn't reload apache. This file will be read only -# when 'data modification time' change. You can add an individual IP address or -# subnets with CIDR. -#MS_WhiteList /etc/spamhaus.wl - - -#MS_DNS -# Syntax: MS_DNS sbl-xbl.spamhaus.org -# Default: sbl-xbl.spamhaus.org -# Name server to use for verify is an ip is blacklisted. -# Using a local rbldnsd instance of sbl-xbl, you can increase query performance -#MS_Dns local.rbldnsd.instance.of.sbl-xbl - - -#MS_CacheSize -# Syntax: MS_CacheSize 256 -# Default: 512 -# Max value: 8192 -# This directive can manage the number of cache entries. -#MS_CacheSize 512 - - -#MS_CustomError -# Syntax: MS_CustomError "My custom error message" -# Default: "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." -# A custom error message that allows you to replace default error message with one you create -#MS_CustomError "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." - - -</IfModule> - diff -Nru mod-spamhaus-0.7/debian/conf/mod-spamhaus.load mod-spamhaus-0.7/debian/conf/mod-spamhaus.load --- mod-spamhaus-0.7/debian/conf/mod-spamhaus.load 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/mod-spamhaus.load 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -LoadModule spamhaus_module /usr/lib/apache2/modules/mod_spamhaus.so diff -Nru mod-spamhaus-0.7/debian/conf/spamhaus.conf mod-spamhaus-0.7/debian/conf/spamhaus.conf --- mod-spamhaus-0.7/debian/conf/spamhaus.conf 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/spamhaus.conf 2013-07-10 11:38:48.000000000 +0100 @@ -0,0 +1,47 @@ +<IfModule mod_spamhaus.c> + +#MS_Methods +# Syntax: MS_Methods POST,PUT,OPTIONS +# Default: POST,PUT,OPTIONS +# +# The values admitted are the httpd's methods (GET,POST,etc) +# Module verify remote ip address if the method used by the user is present +# in the value passed to this variable. Methods must be comma-separated +MS_METHODS POST,PUT,OPTIONS,CONNECT + + +#MS_WhiteList +# Syntax: MS_WhiteList /etc/spamhaus.wl +# Default: no value +# Path of whitelist file. +# After you've edit it, you mustn't reload apache. This file will be read only +# when 'data modification time' change. You can add an individual IP address or +# subnets with CIDR. +#MS_WhiteList /etc/spamhaus.wl + + +#MS_DNS +# Syntax: MS_DNS sbl-xbl.spamhaus.org +# Default: sbl-xbl.spamhaus.org +# Name server to use for verify is an ip is blacklisted. +# Using a local rbldnsd instance of sbl-xbl, you can increase query performance +#MS_Dns local.rbldnsd.instance.of.sbl-xbl + + +#MS_CacheSize +# Syntax: MS_CacheSize 256 +# Default: 512 +# Max value: 8192 +# This directive can manage the number of cache entries. +#MS_CacheSize 512 + + +#MS_CustomError +# Syntax: MS_CustomError "My custom error message" +# Default: "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." +# A custom error message that allows you to replace default error message with one you create +#MS_CustomError "Access Denied! Your address is blacklisted. More information about this error may be available in the server error log." + + +</IfModule> + diff -Nru mod-spamhaus-0.7/debian/conf/spamhaus.load mod-spamhaus-0.7/debian/conf/spamhaus.load --- mod-spamhaus-0.7/debian/conf/spamhaus.load 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/conf/spamhaus.load 2013-07-10 11:38:48.000000000 +0100 @@ -0,0 +1 @@ +LoadModule spamhaus_module /usr/lib/apache2/modules/mod_spamhaus.so diff -Nru mod-spamhaus-0.7/debian/control mod-spamhaus-0.7/debian/control --- mod-spamhaus-0.7/debian/control 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/control 2013-07-10 11:39:18.000000000 +0100 @@ -2,13 +2,13 @@ Section: web Priority: extra Maintainer: Giuseppe Iuculano <giuse...@iuculano.it> -Build-Depends: debhelper (>= 5), apache2-prefork-dev | apache2-threaded-dev +Build-Depends: debhelper (>= 5), dh-apache2, apache2-dev Standards-Version: 3.8.0 Homepage: http://sourceforge.net/projects/mod-spamhaus/ Package: libapache2-mod-spamhaus Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, apache2.2-common +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Apache DNSBL module that blocks listed IP addresses mod_spamhaus is an Apache module for DNS Block Listing that protects web services by denying access to particular IP addresses. It can stop spam diff -Nru mod-spamhaus-0.7/debian/dirs mod-spamhaus-0.7/debian/dirs --- mod-spamhaus-0.7/debian/dirs 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/dirs 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -usr/lib/apache2/modules/ -etc/apache2/mods-available/ diff -Nru mod-spamhaus-0.7/debian/install mod-spamhaus-0.7/debian/install --- mod-spamhaus-0.7/debian/install 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/install 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -debian/conf/mod-spamhaus.load /etc/apache2/mods-available -debian/conf/mod-spamhaus.conf /etc/apache2/mods-available diff -Nru mod-spamhaus-0.7/debian/patches/aplog-use-module.patch mod-spamhaus-0.7/debian/patches/aplog-use-module.patch --- mod-spamhaus-0.7/debian/patches/aplog-use-module.patch 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/patches/aplog-use-module.patch 2013-07-10 11:48:56.000000000 +0100 @@ -0,0 +1,20 @@ +Description: Add APLOG_USE_MODULE for Apache 2.4 per-module loglevels +Author: Colin Watson <cjwat...@debian.org> +Forwarded: no +Last-Update: 2013-07-10 + +Index: b/src/mod_spamhaus.c +=================================================================== +--- a/src/mod_spamhaus.c ++++ b/src/mod_spamhaus.c +@@ -47,6 +47,10 @@ + #define WHITELIST_SIZE 2048 + #define MAX_CACHE_SIZE 8192 + ++#ifdef APLOG_USE_MODULE ++APLOG_USE_MODULE(spamhaus); ++#endif ++ + module AP_MODULE_DECLARE_DATA spamhaus_module; + + static void *spamhaus_create_config(apr_pool_t *p, server_rec *s); diff -Nru mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch --- mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/patches/conn-rec-remote-ip.patch 2013-07-10 11:49:08.000000000 +0100 @@ -0,0 +1,86 @@ +Description: Handle conn_rec->remote_ip split in Apache 2.4 +Author: Colin Watson <cjwat...@debian.org> +Forwarded: no +Last-Update: 2013-07-10 + +Index: b/src/mod_spamhaus.c +=================================================================== +--- a/src/mod_spamhaus.c ++++ b/src/mod_spamhaus.c +@@ -53,6 +53,13 @@ + + module AP_MODULE_DECLARE_DATA spamhaus_module; + ++#if AP_SERVER_MAJORVERSION_NUMBER > 2 || \ ++ (AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER >= 4) ++#define CLIENT_IP(conn) ((conn)->client_ip) ++#else ++#define CLIENT_IP(conn) ((conn)->remote_ip) ++#endif ++ + static void *spamhaus_create_config(apr_pool_t *p, server_rec *s); + static void *spamhaus_create_dir_config(apr_pool_t *p, char *path); + static int spamhaus_handler(request_rec *r); +@@ -184,7 +191,7 @@ + if ( brokenfeed ) *brokenfeed = '\0'; + + if ( (strchr(lista[count],'/') == NULL )){ +- if ( strcmp(lista[count],r->connection->remote_ip) == 0 ) return 1; ++ if ( strcmp(lista[count],CLIENT_IP(r->connection)) == 0 ) return 1; + } + else { + +@@ -206,7 +213,7 @@ + in.s_addr = last; + + sscanf(inet_ntoa(in), "%d.%d.%d.%d", &a_max, &b_max, &c_max, &d_max); +- sscanf(r->connection->remote_ip, "%d.%d.%d.%d", &a_daverificare, &b_daverificare, &c_daverificare, &d_daverificare); ++ sscanf(CLIENT_IP(r->connection), "%d.%d.%d.%d", &a_daverificare, &b_daverificare, &c_daverificare, &d_daverificare); + + if ( + +@@ -250,14 +257,14 @@ + if ( strstr(cfg->methods,r->method) != NULL ) + { + +- for (counter; counter < cfg->nip_incache; counter++) if (strcmp(cached_ip[counter],r->connection->remote_ip) == 0 ) return DECLINED; ++ for (counter; counter < cfg->nip_incache; counter++) if (strcmp(cached_ip[counter],CLIENT_IP(r->connection)) == 0 ) return DECLINED; + + + struct hostent *hp = 0; + + memset(lookup_this,'\0',512); + +- sscanf(r->connection->remote_ip, "%d.%d.%d.%d",&oct1, &oct2, &oct3, &oct4); ++ sscanf(CLIENT_IP(r->connection), "%d.%d.%d.%d",&oct1, &oct2, &oct3, &oct4); + + snprintf(lookup_this,512,"%d.%d.%d.%d.%s",oct4,oct3,oct2,oct1,cfg->dnshost); + +@@ -275,15 +282,15 @@ + if (oct1 != 127) + { + +- ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is blacklisted but it's not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address will not get filtered",r->connection->remote_ip); ++ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is blacklisted but it's not in the 127.0.0.0/8 range. POSSIBLE WILD-CARDING TYPOSQUATTERS ATTACK! IP address will not get filtered",CLIENT_IP(r->connection)); + return DECLINED; + } + + if ( (strcmp(cfg->whitelist,"no-white-list")!= 0) ) + { + if ( check_whitelist(cfg->whitelist,r) ) { +- ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is whitelisted. Allow connection to %s%s", r->connection->remote_ip,r->hostname,r->uri); +- add_cache(r->connection->remote_ip,cfg->nip_incache); ++ ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "mod_spamhaus: address %s is whitelisted. Allow connection to %s%s", CLIENT_IP(r->connection),r->hostname,r->uri); ++ add_cache(CLIENT_IP(r->connection),cfg->nip_incache); + return DECLINED; + + } +@@ -301,7 +308,7 @@ + } + + +- add_cache(r->connection->remote_ip,cfg->nip_incache); ++ add_cache(CLIENT_IP(r->connection),cfg->nip_incache); + + return DECLINED; + diff -Nru mod-spamhaus-0.7/debian/patches/series mod-spamhaus-0.7/debian/patches/series --- mod-spamhaus-0.7/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/patches/series 2013-07-10 11:48:18.000000000 +0100 @@ -0,0 +1,2 @@ +aplog-use-module.patch +conn-rec-remote-ip.patch diff -Nru mod-spamhaus-0.7/debian/postinst mod-spamhaus-0.7/debian/postinst --- mod-spamhaus-0.7/debian/postinst 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/postinst 2013-07-10 17:16:05.000000000 +0100 @@ -1,63 +1,27 @@ -#!/bin/sh -# postinst script for mod-spamhaus -# -# see: dh_installdeb(1) - +#! /bin/sh set -e -# summary of how this script can be called: -# * <postinst> `configure' <most-recently-configured-version> -# * <old-postinst> `abort-upgrade' <new version> -# * <conflictor's-postinst> `abort-remove' `in-favour' <package> -# <new-version> -# * <postinst> `abort-remove' -# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' -# <failed-install-package> <version> `removing' -# <conflicting-package> <version> -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -reload_apache() -{ - if apache2ctl configtest 2>/dev/null; then - invoke-rc.d apache2 force-reload || true - else - echo "Your apache2 configuration is broken, so we're not restarting it for you." - fi -} - - -case "$1" in - configure) - # Reload the module on upgrade if enabled - if [ -n "$2" ]; then - if [ -e /etc/apache2/mods-enabled/mod-spamhaus.load ]; then - reload_apache - fi - else - # Enable the module - if [ -e /etc/apache2/apache2.conf ]; then - a2enmod mod-spamhaus >/dev/null || true - reload_apache - fi - fi - - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. +# We cannot use dh_installdeb and debian/maintscript for this, because the +# conffile must be renamed before dh_apache2's generated postinst fragment +# tries to reload the server. +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" #DEBHELPER# -exit 0 - +if [ "$1" = configure ] && [ "$2" ] && \ + dpkg --compare-versions "$2" le-nl 0.7-1.1~ && \ + [ -e /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled ]; then + # We're upgrading, and the old name was disabled, so it must + # have been disabled by the site administrator. Preserve + # this. + rm -f /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled + if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then + echo "Disabling spamhaus again to reflect previous mod-spamhaus configuration." + . /usr/share/apache2/apache2-maintscript-helper + a2dismod -f -q spamhaus + apache2_reload restart + fi +fi +exit 0 diff -Nru mod-spamhaus-0.7/debian/postrm mod-spamhaus-0.7/debian/postrm --- mod-spamhaus-0.7/debian/postrm 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/postrm 2013-07-10 12:55:17.000000000 +0100 @@ -0,0 +1,9 @@ +#! /bin/sh +set -e + +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" + +#DEBHELPER# + +exit 0 diff -Nru mod-spamhaus-0.7/debian/preinst mod-spamhaus-0.7/debian/preinst --- mod-spamhaus-0.7/debian/preinst 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/preinst 2013-07-10 17:28:41.000000000 +0100 @@ -0,0 +1,17 @@ +#! /bin/sh +set -e + +# We have to tell a2dismod about the removal before moving the conffile. +if ([ "$1" = install ] || [ "$1" = "upgrade" ]) && [ "$2" ] && \ + dpkg --compare-versions "$2" le-nl 0.7-1.1~; then + if [ ! -h /etc/apache2/mods-enabled/mod-spamhaus.load ]; then + touch /etc/apache2/mods-enabled/mod-spamhaus.load.dpkg-was-disabled + fi + a2dismod -p -m -f -q mod-spamhaus +fi +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.conf /etc/apache2/mods-available/spamhaus.conf 0.7-1.1~ -- "$@" +dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-spamhaus.load /etc/apache2/mods-available/spamhaus.load 0.7-1.1~ -- "$@" + +#DEBHELPER# + +exit 0 diff -Nru mod-spamhaus-0.7/debian/prerm mod-spamhaus-0.7/debian/prerm --- mod-spamhaus-0.7/debian/prerm 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/prerm 1970-01-01 01:00:00.000000000 +0100 @@ -1,56 +0,0 @@ -#!/bin/sh -# prerm script for mod-spamhaus -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * <prerm> `remove' -# * <old-prerm> `upgrade' <new-version> -# * <new-prerm> `failed-upgrade' <old-version> -# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> -# * <deconfigured's-prerm> `deconfigure' `in-favour' -# <package-being-installed> <version> `removing' -# <conflicting-package> <version> -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -reload_apache() -{ - if apache2ctl configtest 2>/dev/null; then - invoke-rc.d apache2 force-reload || true - else - echo "Your apache2 configuration is broken, so we're not restarting it for you." - fi -} - - -case "$1" in - remove) - if [ -e /etc/apache2/mods-enabled/suphp.load ]; then - a2dismod suphp >/dev/null || true - reload_apache - fi - ;; - - upgrade|deconfigure) - ;; - - failed-upgrade) - ;; - - *) - echo "prerm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - - diff -Nru mod-spamhaus-0.7/debian/rules mod-spamhaus-0.7/debian/rules --- mod-spamhaus-0.7/debian/rules 2013-07-11 11:03:12.000000000 +0100 +++ mod-spamhaus-0.7/debian/rules 2013-07-10 11:41:12.000000000 +0100 @@ -25,7 +25,6 @@ dh_testroot dh_clean -k dh_installdirs - dh_install src/.libs/mod_spamhaus.so `apxs2 -q LIBEXECDIR` # Build architecture-independent files here. @@ -40,6 +39,7 @@ dh_installdocs dh_installexamples dh_install + dh_apache2 dh_link dh_strip dh_compress diff -Nru mod-spamhaus-0.7/debian/source/format mod-spamhaus-0.7/debian/source/format --- mod-spamhaus-0.7/debian/source/format 1970-01-01 01:00:00.000000000 +0100 +++ mod-spamhaus-0.7/debian/source/format 2013-07-10 11:45:49.000000000 +0100 @@ -0,0 +1 @@ +3.0 (quilt)