summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2012-06-13 18:48:47 +0200
committerRemi Collet <fedora@famillecollet.com>2012-06-13 18:48:47 +0200
commit5879c56a69ef5e81291533bf396a9a6f59ce5596 (patch)
treeaccc29a0f442d2e6be715db9abd23f4ba76c9811
parentdf36bf3f7525e3d29d7e9ea8fb4d0cc33f1075c2 (diff)
mod_nss: sync with rawhdie
-rw-r--r--Makefile2
-rw-r--r--mod_nss-httpd24.patch135
-rw-r--r--mod_nss.spec12
3 files changed, 147 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index 1e65467..91b0fd5 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
SRCDIR := $(shell pwd)
NAME := $(shell basename $(SRCDIR))
-include ../common/Makefile
+include ../../common/Makefile
diff --git a/mod_nss-httpd24.patch b/mod_nss-httpd24.patch
new file mode 100644
index 0000000..4863140
--- /dev/null
+++ b/mod_nss-httpd24.patch
@@ -0,0 +1,135 @@
+diff -ru mod_nss/mod_nss.c mod_nss-1.0.8/mod_nss.c
+--- mod_nss/mod_nss.c 2012-06-12 12:23:29.961000000 -0700
++++ mod_nss-1.0.8/mod_nss.c 2012-06-12 12:00:35.957002099 -0700
+@@ -349,7 +349,7 @@
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+ "Connection to child %ld established "
+ "(server %s, client %s)", c->id, sc->vhost_id,
+- c->remote_ip ? c->remote_ip : "unknown");
++ c->client_ip ? c->client_ip : "unknown");
+
+ mctx = sslconn->is_proxy ? sc->proxy : sc->server;
+
+diff -ru mod_nss/mod_nss.h mod_nss-1.0.8/mod_nss.h
+--- mod_nss/mod_nss.h 2012-06-12 12:23:29.962000000 -0700
++++ mod_nss-1.0.8/mod_nss.h 2012-06-12 12:00:35.955002240 -0700
+@@ -27,7 +27,6 @@
+ #include "http_protocol.h"
+ #include "util_script.h"
+ #include "util_filter.h"
+-#include "mpm.h"
+ #include "apr.h"
+ #include "apr_strings.h"
+ #define APR_WANT_STRFUNC
+@@ -490,7 +489,7 @@
+ SECStatus nss_Init_Tokens(server_rec *s);
+
+ /* Logging */
+-void nss_log_nss_error(const char *file, int line, int level, server_rec *s);
++void nss_log_nss_error(const char *file, int line, int module_index, int level, server_rec *s);
+ void nss_die(void);
+
+ /* NSS callback */
+diff -ru mod_nss/nss_engine_init.c mod_nss-1.0.8/nss_engine_init.c
+--- mod_nss/nss_engine_init.c 2012-06-12 12:23:29.962000000 -0700
++++ mod_nss-1.0.8/nss_engine_init.c 2012-06-12 12:00:35.955002240 -0700
+@@ -15,7 +15,7 @@
+
+ #include "mod_nss.h"
+ #include "apr_thread_proc.h"
+-#include "ap_mpm.h"
++#include "mpm_common.h"
+ #include "secmod.h"
+ #include "sslerr.h"
+ #include "pk11func.h"
+diff -ru mod_nss/nss_engine_io.c mod_nss-1.0.8/nss_engine_io.c
+--- mod_nss/nss_engine_io.c 2012-06-12 12:23:29.963000000 -0700
++++ mod_nss-1.0.8/nss_engine_io.c 2012-06-12 12:00:35.956002167 -0700
+@@ -621,13 +621,13 @@
+ PR_Close(ssl);
+
+ /* log the fact that we've closed the connection */
+- if (c->base_server->loglevel >= APLOG_INFO) {
++ if (c->base_server->log.level >= APLOG_INFO) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+ "Connection to child %ld closed "
+ "(server %s, client %s)",
+ c->id,
+ nss_util_vhostid(c->pool, c->base_server),
+- c->remote_ip ? c->remote_ip : "unknown");
++ c->client_ip ? c->client_ip : "unknown");
+ }
+
+ /* deallocate the SSL connection */
+@@ -1165,7 +1165,7 @@
+ filter_ctx = (nss_filter_ctx_t *)(fd->secret);
+ c = filter_ctx->c;
+
+- return PR_StringToNetAddr(c->remote_ip, addr);
++ return PR_StringToNetAddr(c->client_ip, addr);
+ }
+
+ /*
+diff -ru mod_nss/nss_engine_kernel.c mod_nss-1.0.8/nss_engine_kernel.c
+--- mod_nss/nss_engine_kernel.c 2012-06-12 12:23:29.963000000 -0700
++++ mod_nss-1.0.8/nss_engine_kernel.c 2012-06-12 12:00:35.954002314 -0700
+@@ -73,7 +73,7 @@
+ /*
+ * Log information about incoming HTTPS requests
+ */
+- if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
++ if (r->server->log.level >= APLOG_INFO && ap_is_initial_req(r)) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ "%s HTTPS request received for child %ld (server %s)",
+ (r->connection->keepalives <= 0 ?
+@@ -530,7 +530,7 @@
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ "Access to %s denied for %s "
+ "(requirement expression not fulfilled)",
+- r->filename, r->connection->remote_ip);
++ r->filename, r->connection->client_ip);
+
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ "Failed expression: %s", req->cpExpr);
+diff -ru mod_nss/nss_engine_log.c mod_nss-1.0.8/nss_engine_log.c
+--- mod_nss/nss_engine_log.c 2012-06-12 12:23:29.964000000 -0700
++++ mod_nss-1.0.8/nss_engine_log.c 2012-06-12 12:00:35.955002240 -0700
+@@ -321,7 +321,7 @@
+ exit(1);
+ }
+
+-void nss_log_nss_error(const char *file, int line, int level, server_rec *s)
++void nss_log_nss_error(const char *file, int line, int module_index, int level, server_rec *s)
+ {
+ const char *err;
+ PRInt32 error;
+@@ -340,7 +340,7 @@
+ err = "Unknown";
+ }
+
+- ap_log_error(file, line, level, 0, s,
++ ap_log_error(file, line, module_index, level, 0, s,
+ "SSL Library Error: %d %s",
+ error, err);
+ }
+diff -ru mod_nss/nss_engine_vars.c mod_nss-1.0.8/nss_engine_vars.c
+--- mod_nss/nss_engine_vars.c 2012-06-12 12:23:29.965000000 -0700
++++ mod_nss-1.0.8/nss_engine_vars.c 2012-06-12 12:00:35.948002812 -0700
+@@ -178,7 +178,7 @@
+ && sslconn && sslconn->ssl)
+ result = nss_var_lookup_ssl(p, c, var+4);
+ else if (strcEQ(var, "REMOTE_ADDR"))
+- result = c->remote_ip;
++ result = c->client_ip;
+ else if (strcEQ(var, "HTTPS")) {
+ if (sslconn && sslconn->ssl)
+ result = "on";
+@@ -194,7 +194,7 @@
+ if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
+ result = nss_var_lookup_nss_version(p, var+12);
+ else if (strcEQ(var, "SERVER_SOFTWARE"))
+- result = (char *)ap_get_server_version();
++ result = (char *)ap_get_server_banner();
+ else if (strcEQ(var, "API_VERSION")) {
+ result = apr_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
+ resdup = FALSE;
diff --git a/mod_nss.spec b/mod_nss.spec
index 35ec708..83544a3 100644
--- a/mod_nss.spec
+++ b/mod_nss.spec
@@ -7,7 +7,7 @@
Name: mod_nss
Version: 1.0.8
-Release: 16%{?dist}
+Release: 17%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: ASL 2.0
@@ -29,6 +29,7 @@ Patch5: mod_nss-reverseproxy.patch
Patch6: mod_nss-pcachesignal.h
Patch7: mod_nss-reseterror.patch
Patch8: mod_nss-lockpcache.patch
+Patch9: mod_nss-httpd24.patch
%description
The mod_nss module provides strong cryptography for the Apache Web
@@ -46,6 +47,9 @@ security library.
%patch6 -p1 -b .pcachesignal.h
%patch7 -p1 -b .reseterror
%patch8 -p1 -b .lockpcache
+#if 0%{?fedora} >= 18
+%patch9 -p1 -b .httpd24
+#endif
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
@@ -144,6 +148,12 @@ fi
%{_sbindir}/gencert
%changelog
+* Wed Jun 12 2012 Remi Collet <RPMS@FamilleCollet.com> 1.0.8-17
+- rebuild for remi repo and http 2.4
+
+* Tue Jun 12 2012 Nathan Kinder <nkinder@redhat.com> - 1.0.8-17
+- Port mod_nss to work with httpd 2.4
+
* Tue Apr 24 2012 Remi Collet <RPMS@FamilleCollet.com> 1.0.8-16
- rebuild for remi repo and http 2.4