debian/0000755000000000000000000000000012150666370007174 5ustar debian/patches/0000755000000000000000000000000012150666050010616 5ustar debian/patches/openssl1.patch0000644000000000000000000000176212150666050013411 0ustar Description: fix OpenSSL library function names Origin: upstream, https://github.com/pames/mod_auth_cas/commit/41dbc4279c9f10b4e8281d0172298d9b68005d94 Bug: https://issues.jasig.org/browse/MAS-47 Bug-Debian: http://bugs.debian.org/688577 Last-Update: 2013-03-08 diff --git a/src/mod_auth_cas.c b/src/mod_auth_cas.c index 73d1579..53861eb 100644 --- a/src/mod_auth_cas.c +++ b/src/mod_auth_cas.c @@ -2151,9 +2151,9 @@ int cas_post_config(apr_pool_t *pool, apr_pool_t *p1, apr_pool_t *p2, server_rec CRYPTO_set_id_callback(cas_ssl_id_callback); } #else - if(CRYPTO_get_locking_callback() == NULL && CRYPTO_THREADID_get_id_callback() == NULL) { + if(CRYPTO_get_locking_callback() == NULL && CRYPTO_THREADID_get_callback() == NULL) { CRYPTO_set_locking_callback(cas_ssl_locking_callback); - CRYPTO_THREADID_set_id_callback(cas_ssl_id_callback); + CRYPTO_THREADID_set_callback(cas_ssl_id_callback); } #endif /* OPENSSL_NO_THREADID */ #endif /* defined(OPENSSL_THREADS) && APR_HAS_THREADS */ debian/patches/curl_error_memleak.patch0000755000000000000000000000267312150666050015523 0ustar Description: Fix memory leak upon curl error condition Forwarded: https://github.com/Jasig/mod_auth_cas/pull/39 Author: Wessel Dankers Applied-Upstream: https://github.com/Jasig/mod_auth_cas/commit/b60b95a Last-Update: 2012-06-22 diff -Nur libapache2-mod-auth-cas-1.0.9.1.bak/src/mod_auth_cas.c libapache2-mod-auth-cas-1.0.9.1/src/mod_auth_cas.c --- libapache2-mod-auth-cas-1.0.9.1.bak/src/mod_auth_cas.c 2010-12-10 07:57:11.000000000 +0100 +++ libapache2-mod-auth-cas-1.0.9.1/src/mod_auth_cas.c 2012-06-21 18:58:29.709888360 +0200 @@ -1588,6 +1588,11 @@ return CURLE_OK; } +static apr_status_t cas_curl_easy_cleanup(void *curl) { + curl_easy_cleanup(curl); + return APR_SUCCESS; +} + static char *getResponseFromServer (request_rec *r, cas_cfg *c, char *ticket) { char curlError[CURL_ERROR_SIZE]; @@ -1600,6 +1605,9 @@ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "entering getResponseFromServer()"); CURL *curl = curl_easy_init(); + if(!curl) + return NULL; + apr_pool_cleanup_register(r->pool, curl, cas_curl_easy_cleanup, apr_pool_cleanup_null); curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L); curl_easy_setopt(curl, CURLOPT_HEADER, 0L); @@ -1673,7 +1681,7 @@ if(c->CASDebug) ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Validation response: %s", curlBuffer.buf); - curl_easy_cleanup(curl); + apr_pool_cleanup_run(r->pool, curl, cas_curl_easy_cleanup); return (apr_pstrndup(r->pool, curlBuffer.buf, strlen(curlBuffer.buf))); } debian/patches/series0000644000000000000000000000005012150666050012026 0ustar curl_error_memleak.patch openssl1.patch debian/libapache2-mod-auth-cas.install0000644000000000000000000000014012150666050015024 0ustar debian/auth_cas.load etc/apache2/mods-available debian/auth_cas.conf etc/apache2/mods-available debian/control0000644000000000000000000000170012150666050010570 0ustar Source: libapache2-mod-auth-cas Section: httpd Priority: extra Maintainer: CAS packaging team Uploaders: Michele Baldessari , Thijs Kinkhorst Build-Depends: debhelper (>= 9), dh-apache2, apache2-dev, libssl-dev, libcurl4-openssl-dev, dpkg-dev (>= 1.16.1) Standards-Version: 3.9.4 Vcs-Svn: svn://svn.debian.org/svn/pkg-cas/libapache2-mod-auth-cas/svn-buildpackage/trunk/ Vcs-Browser: http://svn.debian.org/viewsvn/pkg-cas/libapache2-mod-auth-cas/svn-buildpackage/trunk/ Homepage: http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas Package: libapache2-mod-auth-cas Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: CAS authentication module for Apache2 mod_auth_cas is an authentication module for Apache2, that allows the webserver to interact with an authentication server that conforms to the CAS (v1 or v2) protocol defined by Yale/JA-SIG. debian/compat0000644000000000000000000000000212150666050010365 0ustar 9 debian/changelog0000644000000000000000000001352212150666370011051 0ustar libapache2-mod-auth-cas (1.0.9.1-4) unstable; urgency=low * Upload to unstable. -- Thijs Kinkhorst Mon, 27 May 2013 16:22:46 +0200 libapache2-mod-auth-cas (1.0.9.1-3) experimental; urgency=low * Build for Apache 2.4 (closes: #666856). * Update for policy 3.9.4, no changes. -- Thijs Kinkhorst Mon, 06 May 2013 16:52:28 +0200 libapache2-mod-auth-cas (1.0.9.1-2) unstable; urgency=high * Fix changed function names in OpenSSL 1.0 (closes: #688577). -- Thijs Kinkhorst Fri, 08 Mar 2013 14:35:48 +0100 libapache2-mod-auth-cas (1.0.9.1-1) unstable; urgency=low [ Michele Baldessari ] * New upstream 1.0.8.1 (fixes MAS-35) * Update to 3.8.4 policy (added ${misc:Depends}) * Switch to dpkg-source 3.0 (quilt) format (closes: #664436) * Fix override disparity (new httpd section) * Add a note about CASCookiePath and apache with multiple UIDs (suggestion from Florent Daignière) [ Thijs Kinkhorst ] * New upstream release 1.0.9.1 (closes: #659230). Now build-depends on libcurl, and now Apache 2.0 licenced. * Add patch by Wessel Dankers to fix memory leak upon curl error. * Remove postinst. We already ship the cache dir with the same permissions and setting them again in postinst prevents the local admin from overriding them. * Checked for policy 3.9.3, switch to debhelper 9 and enable hardening build flags. -- Thijs Kinkhorst Thu, 21 Jun 2012 08:05:39 +0200 libapache2-mod-auth-cas (1.0.8-3) unstable; urgency=low * Fix dpatch-missing-description for 10_ssl_libs (note to self: lintian -I) -- Michele Baldessari Thu, 02 Apr 2009 22:21:14 +0200 libapache2-mod-auth-cas (1.0.8-2) unstable; urgency=low * Removed the debian/patches dir. No patches are needed currently * Removed the statoverride call in postinst, and used dh_fixperms -X to have /var/cache/apache2/mod_auth_cas owned by www-data:www:data (750) Suggestion by Luk Claes * Updates to 3.8.1 policy (no changes required) * Link to -lssl & -lcrypto, module will speak ssl to the CAS server and no undefined symbols will be ever triggered * Readded dpatch dependency for the ssl_lib patch * Lintian overrides for non-standard-dir-perm : it's the path where CAS session cookies are stored and it should not be readable by everyone -- Michele Baldessari Thu, 02 Apr 2009 22:07:00 +0200 libapache2-mod-auth-cas (1.0.8-1) unstable; urgency=low [ Michele Baldessari ] * Initial upload (closes: #470365) * New upstream release. * Information on slow performance on entropy-deprived systems added * License cleared (GPL3+ + OpenSSL Exception) * No more patching of Makefile.in needed * Removed unneeded 01_apxs_makefile.dpatch * Fixed Vcs-Svn, Vcs-Browser to point to the packages' repo * statoverride permissions of /var/cache/apache2/mod_auth_cas [ Olivier Berger ] * Fix encoding issue with introduction of second redirect (integrating upstream rev. 44329 into 02_redirect_encoding_44329.dpatch) -- Michele Baldessari Thu, 20 Nov 2008 22:30:37 +0200 libapache2-mod-auth-cas (1.0.7-8) unstable; urgency=low * Added license conflict disclaimer to README.Debian. * Remove unnecessary library installation directive in libapache2-mod-auth-cas.install now that apxs2 '-S' option is used. * Fix debian/rules so that configure+build is done only once. * Adding README.source. * Fixed lintian warnings. -- Olivier Berger Wed, 20 Aug 2008 10:52:01 +0200 libapache2-mod-auth-cas (1.0.7-7) unstable; urgency=low * Integrate contributions by Olivier Berger in 1.0.7-6.1. * Integrate apxs2 -i as an external patch * Remove Makefile and config.h in clean target -- Michele Baldessari Sat, 09 Aug 2008 00:09:55 +0200 libapache2-mod-auth-cas (1.0.7-6.1) unstable; urgency=low * NMU * Fix use of make install, using apxs2's LIBEXECDIR setting * fix setting of perms with chown, after dh_fixperms (still need postinst for upgrades, though) -- Olivier Berger Fri, 08 Aug 2008 00:00:00 +0200 libapache2-mod-auth-cas (1.0.7-6) unstable; urgency=low * Use apxs2 -i option to install the libs in the right place (Olivier Berger ) * Cleaned up the README.Debian to reflect that package's contents (Olivier Berger ) * Chowned cookies dir into a postinst (Olivier Berger olivier.berger@it-sudparis.eu>) * Removed old copyright file -- Michele Baldessari Thu, 07 Aug 2008 20:33:07 +0200 libapache2-mod-auth-cas (1.0.7-5) unstable; urgency=low * Fixed Homepage * Added Vcs-Svn field -- Michele Baldessari Sat, 17 May 2008 14:38:05 +0200 libapache2-mod-auth-cas (1.0.7-4) unstable; urgency=low * Switched to parseable copyright format * Packages is lintian clean now -- Michele Baldessari Sun, 27 Apr 2008 12:30:45 +0200 libapache2-mod-auth-cas (1.0.7-3) unstable; urgency=low * Fixed README.Debian * Fixed two wrong paths in debian/rules -- Michele Baldessari Tue, 01 Apr 2008 22:11:03 +0200 libapache2-mod-auth-cas (1.0.7-2) unstable; urgency=low * Removed apache2-mpm-worker from Build-Depends * Fixed erroneous debian/copyright, code is under GPLv3 -- Michele Baldessari Tue, 11 Mar 2008 08:52:04 +0100 libapache2-mod-auth-cas (1.0.7-1) unstable; urgency=low * New upstream * Fix typo in auth_cas.load (Thanks Craig Mon, 10 Mar 2008 22:21:48 +0100 libapache2-mod-auth-cas (1.0.6-1) unstable; urgency=low * Initial packaging -- Michele Baldessari Sun, 20 Jan 2008 12:56:19 +0100 debian/source/0000755000000000000000000000000012150666050010467 5ustar debian/source/format0000644000000000000000000000001412150666050011675 0ustar 3.0 (quilt) debian/rules0000755000000000000000000000376412150666050010261 0ustar #!/usr/bin/make -f # debian rules file for mod_auth_cas export DEB_BUILD_MAINT_OPTIONS = hardening=+all # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) configure: configure-stamp configure-stamp: dh_testdir ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info $(shell dpkg-buildflags --export=configure) touch $@ build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: configure-stamp dh_testdir $(MAKE) touch $@ clean: dh_testdir dh_testroot [ ! -f Makefile ] || $(MAKE) distclean dh_clean build-stamp configure-stamp install: build dh_testdir dh_testroot dh_prep dh_installdirs dh_install $(MAKE) DESTDIR="$(CURDIR)/debian/libapache2-mod-auth-cas/" APXS_LIBEXECDIR="usr/lib/apache2/modules/" all dh_apache2 install -m644 $(CURDIR)/debian/libapache2-mod-auth-cas.lintian-overrides $(CURDIR)/debian/libapache2-mod-auth-cas/usr/share/lintian/overrides/libapache2-mod-auth-cas # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installdocs dh_installchangelogs dh_link dh_strip dh_compress # www-data is present on every debian system chown -R www-data:www-data debian/libapache2-mod-auth-cas/var/cache/apache2/mod_auth_cas chmod 750 debian/libapache2-mod-auth-cas/var/cache/apache2/mod_auth_cas dh_fixperms -Xdebian/libapache2-mod-auth-cas/var/cache/apache2/mod_auth_cas dh_installdeb dh_shlibdeps -a -L libapache2-mod-auth-cas -l debian/libapache2-mod-auth-cas/usr/lib/apache2/modules dh_gencontrol dh_md5sums dh_builddeb # Build architecture-independent files here. binary-indep: build install binary: binary-arch .PHONY: build clean binary-indep binary-arch binary install configure debian/libapache2-mod-auth-cas.docs0000644000000000000000000000003412150666050014310 0ustar README debian/README.Debian debian/auth_cas.load0000644000000000000000000000010412150666050011612 0ustar LoadModule auth_cas_module /usr/lib/apache2/modules/mod_auth_cas.so debian/watch0000644000000000000000000000011212150666050010212 0ustar version=3 https://github.com/Jasig/mod_auth_cas/tags .*tarball/v([\d\.]*) debian/libapache2-mod-auth-cas.lintian-overrides0000644000000000000000000000020212150666050017013 0ustar # The path where CAS session cookies are stored should not be readable by everyone libapache2-mod-auth-cas: non-standard-dir-perm debian/copyright0000644000000000000000000000123612150666050011124 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: mod_auth_cas Source: http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas Files: * Copyright: © 2007,2008 Phil Ames © 2007,2008 Matt Smith License: Apache-2.0 On Debian machines the full text of the license can be found in /usr/share/common-licenses/Apache-2.0 Files: debian/* Copyright: © 2008 Michele Baldessari © 2008 Olivier Berger License: GPL-3+ On Debian machines the full text of the license can be found in /usr/share/common-licenses/GPL-3 debian/libapache2-mod-auth-cas.dirs0000644000000000000000000000012312150666050014320 0ustar usr/share/lintian/overrides usr/lib/apache2/modules var/cache/apache2/mod_auth_cas debian/auth_cas.conf0000644000000000000000000000005712150666050011627 0ustar CASCookiePath /var/cache/apache2/mod_auth_cas/ debian/libapache2-mod-auth-cas.apache20000644000000000000000000000012012150666050014657 0ustar mod src/.libs/mod_auth_cas.so mod debian/auth_cas.load mod debian/auth_cas.conf debian/README.Debian0000644000000000000000000000174012150666050011232 0ustar libapache2-mod-auth-cas for Debian ---------------------------------- You can enable this module in a classical way using a2enmod: # a2enmod auth_cas Then, you will need to configure it by adding parameters to /etc/apache2/mods-enabled/auth_cas.conf or in other apache configuration files. The list of parameters of the mod-auth-cas Apache module is documented in the README file under "CONFIGURING THE SOFTWARE". More instructions may be available from : http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas Note that in the default configuration mod-auth-cas stores the cookie expiration information and the tickets in /var/cache/apache2/mod_auth_cas which is owned by www-data. If your apache setup runs multiple instances running under different uid/gid tuples, you will need to either change the CASCookiePath option to a more permissive directory, or relax the permissions on the default directory. -- Michele Baldessari , Mon Sep 28 22:31:50 CEST 2009