Bug#666848: modsecurity-apache: sourceful transition towards Apache 2.4

2013-05-07 Thread Ondřej Surý 
Package: modsecurity-apache
Followup-For: Bug #666848

Slightly updated patch which removes custom postinst and prerm, since
the module load and removal is now automatically added by dh_apache2.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 9dc3531..e281708 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+modsecurity-apache (2.6.6-7) unstable; urgency=low
+
+  * Add support for Apache 2.4 (Closes: #666848)
+
+ -- Ondřej Surý   Tue, 07 May 2013 09:27:11 +0200
+
 modsecurity-apache (2.6.6-6) unstable; urgency=high
 
   * Applied upstream patch to fix XXE attacks. CVE-2013-1915
diff --git a/debian/control b/debian/control
index 43d8347..61fdc60 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: modsecurity-apache
 Section: httpd
 Priority: optional
 Maintainer: Alberto Gonzalez Iniesta 
-Build-Depends: debhelper (>> 7.0.0), apache2-threaded-dev|apache2-prefork-dev, libxml2-dev (>= 2.0.50-10), liblua5.1-0-dev, libcurl4-gnutls-dev
+Build-Depends: debhelper (>> 7.0.0), apache2-dev, libxml2-dev (>= 2.0.50-10), liblua5.1-0-dev, libcurl4-gnutls-dev
 Standards-Version: 3.9.3
 Homepage: http://www.modsecurity.org/
 
@@ -11,7 +11,7 @@ Architecture: any
 Replaces: libapache-mod-security (<< 2.5.13-1), mod-security-common (<< 2.5.13-1)
 Conflicts: libapache-mod-security (<< 2.5.13-1), mod-security-common (<< 2.5.13-1)
 Recommends: modsecurity-crs
-Depends: apache2.2-common, libxml2, ${shlibs:Depends}, ${misc:Depends}
+Depends: libxml2, ${shlibs:Depends}, ${misc:Depends}
 Description: Tighten web applications security for Apache
  Modsecurity is an Apache module whose purpose is to tighten the Web
  application security. Effectively, it is an intrusion detection and prevention
diff --git a/debian/libapache2-modsecurity.apache2 b/debian/libapache2-modsecurity.apache2
new file mode 100644
index 000..f82a4cd
--- /dev/null
+++ b/debian/libapache2-modsecurity.apache2
@@ -0,0 +1,3 @@
+mod apache2/.libs/mod_security2.so
+mod debian/mod-security.load
+mod debian/mod-security.conf
diff --git a/debian/libapache2-modsecurity.install b/debian/libapache2-modsecurity.install
index 3874b11..165e276 100644
--- a/debian/libapache2-modsecurity.install
+++ b/debian/libapache2-modsecurity.install
@@ -1,6 +1,3 @@
-apache2/.libs/mod_security2.so usr/lib/apache2/modules
-debian/mod-security.load etc/apache2/mods-available
-debian/mod-security.conf etc/apache2/mods-available
 mlogc/mlogc	usr/bin
 mlogc/README.mlogc usr/share/doc/libapache2-modsecurity
 mlogc/mlogc-default.conf usr/share/doc/libapache2-modsecurity
diff --git a/debian/libapache2-modsecurity.postinst b/debian/libapache2-modsecurity.postinst
deleted file mode 100644
index f9ea05c..000
--- a/debian/libapache2-modsecurity.postinst
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-set -e
-# copied from libapache2-mod-php4
-
-reload_apache()
-{
-if apache2ctl configtest 2>/dev/null; then
-invoke-rc.d apache2 restart || true
-else
-echo "Your apache2 configuration is broken, so we're not restarting it for you."
-fi
-}
-
-if [ -n "$2" ]; then
-# we're upgrading. test if we're enabled, and if so, restart to reload the module.
-if [ -e /etc/apache2/mods-enabled/mod-security.load ]; then
-reload_apache
-fi
-exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
-# Enable the module, but hide a2enmod's misleading message about apachectl
-# and force-reload the thing ourselves.
-a2enmod mod-security >/dev/null || true
-a2enmod unique_id >/dev/null || true
-reload_apache
-fi
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/libapache2-modsecurity.prerm b/debian/libapache2-modsecurity.prerm
deleted file mode 100644
index 95b7282..000
--- a/debian/libapache2-modsecurity.prerm
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh 
-set -e
-# copied from libapache2-mod-php4
-
-if [ "$1" != "remove" -a "$1" != "purge" ]; then
-exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
-a2dismod mod-security || true
-fi
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/mod-security.load b/debian/mod-security.load
index a20b4d1..1afae8f 100644
--- a/debian/mod-security.load
+++ b/debian/mod-security.load
@@ -1,2 +1,3 @@
+# Depends: unique_id
 LoadFile libxml2.so.2
 LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
diff --git a/debian/rules b/debian/rules
index f5440aa..55e85e8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -38,6 +38,7 @@ install: build
 	dh_prep
 	dh_installdirs
 	dh_install
+	dh_apache2
 
 binary-indep: build install
 	dh_testdir -i

Bug#666848: modsecurity-apache: sourceful transition towards Apache 2.4

2013-05-07 Thread Ondřej Surý 
Package: modsecurity-apache
Followup-For: Bug #666848

Attached patch adds preliminary (aka it builds) support for Apache 2.4.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 9dc3531..e281708 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+modsecurity-apache (2.6.6-7) unstable; urgency=low
+
+  * Add support for Apache 2.4 (Closes: #666848)
+
+ -- Ondřej Surý   Tue, 07 May 2013 09:27:11 +0200
+
 modsecurity-apache (2.6.6-6) unstable; urgency=high
 
   * Applied upstream patch to fix XXE attacks. CVE-2013-1915
diff --git a/debian/control b/debian/control
index 43d8347..61fdc60 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: modsecurity-apache
 Section: httpd
 Priority: optional
 Maintainer: Alberto Gonzalez Iniesta 
-Build-Depends: debhelper (>> 7.0.0), apache2-threaded-dev|apache2-prefork-dev, libxml2-dev (>= 2.0.50-10), liblua5.1-0-dev, libcurl4-gnutls-dev
+Build-Depends: debhelper (>> 7.0.0), apache2-dev, libxml2-dev (>= 2.0.50-10), liblua5.1-0-dev, libcurl4-gnutls-dev
 Standards-Version: 3.9.3
 Homepage: http://www.modsecurity.org/
 
@@ -11,7 +11,7 @@ Architecture: any
 Replaces: libapache-mod-security (<< 2.5.13-1), mod-security-common (<< 2.5.13-1)
 Conflicts: libapache-mod-security (<< 2.5.13-1), mod-security-common (<< 2.5.13-1)
 Recommends: modsecurity-crs
-Depends: apache2.2-common, libxml2, ${shlibs:Depends}, ${misc:Depends}
+Depends: libxml2, ${shlibs:Depends}, ${misc:Depends}
 Description: Tighten web applications security for Apache
  Modsecurity is an Apache module whose purpose is to tighten the Web
  application security. Effectively, it is an intrusion detection and prevention
diff --git a/debian/libapache2-modsecurity.apache2 b/debian/libapache2-modsecurity.apache2
new file mode 100644
index 000..f82a4cd
--- /dev/null
+++ b/debian/libapache2-modsecurity.apache2
@@ -0,0 +1,3 @@
+mod apache2/.libs/mod_security2.so
+mod debian/mod-security.load
+mod debian/mod-security.conf
diff --git a/debian/libapache2-modsecurity.install b/debian/libapache2-modsecurity.install
index 3874b11..165e276 100644
--- a/debian/libapache2-modsecurity.install
+++ b/debian/libapache2-modsecurity.install
@@ -1,6 +1,3 @@
-apache2/.libs/mod_security2.so usr/lib/apache2/modules
-debian/mod-security.load etc/apache2/mods-available
-debian/mod-security.conf etc/apache2/mods-available
 mlogc/mlogc	usr/bin
 mlogc/README.mlogc usr/share/doc/libapache2-modsecurity
 mlogc/mlogc-default.conf usr/share/doc/libapache2-modsecurity
diff --git a/debian/libapache2-modsecurity.postinst b/debian/libapache2-modsecurity.postinst
index f9ea05c..4781b29 100644
--- a/debian/libapache2-modsecurity.postinst
+++ b/debian/libapache2-modsecurity.postinst
@@ -1,32 +1,18 @@
 #!/bin/sh
 set -e
-# copied from libapache2-mod-php4
 
-reload_apache()
-{
-if apache2ctl configtest 2>/dev/null; then
-invoke-rc.d apache2 restart || true
-else
-echo "Your apache2 configuration is broken, so we're not restarting it for you."
-fi
-}
-
-if [ -n "$2" ]; then
-# we're upgrading. test if we're enabled, and if so, restart to reload the module.
-if [ -e /etc/apache2/mods-enabled/mod-security.load ]; then
-reload_apache
-fi
-exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
-# Enable the module, but hide a2enmod's misleading message about apachectl
-# and force-reload the thing ourselves.
-a2enmod mod-security >/dev/null || true
-a2enmod unique_id >/dev/null || true
-reload_apache
+if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
+. /usr/share/apache2/apache2-maintscript-helper
+	if [ -n "$2" ]; then
+	if a2query -s -m mod-security; then
+		apache2_reload restart
+	fi
+	else
+	apache2_invoke enmod mod-security
+	fi
 fi
 
 #DEBHELPER#
 
+
 exit 0
diff --git a/debian/libapache2-modsecurity.prerm b/debian/libapache2-modsecurity.prerm
index 95b7282..d0fad68 100644
--- a/debian/libapache2-modsecurity.prerm
+++ b/debian/libapache2-modsecurity.prerm
@@ -1,13 +1,13 @@
 #!/bin/sh 
 set -e
-# copied from libapache2-mod-php4
 
 if [ "$1" != "remove" -a "$1" != "purge" ]; then
-exit 0
+exit 0
 fi
 
-if [ -e /etc/apache2/apache2.conf ]; then
-a2dismod mod-security || true
+if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
+. /usr/share/apache2/apache2-maintscript-helper
+apache2_invoke dismod mod-security
 fi
 
 #DEBHELPER#
diff --git a/debian/mod-security.load b/debian/mod-security.load
index a20b4d1..1afae8f 100644
--- a/debian/mod-security.load
+++ b/debian/mod-security.load
@@ -1,2 +1,3 @@
+# Depends: unique_id
 LoadFile libxml2.so.2
 LoadModule securit