From 5879c56a69ef5e81291533bf396a9a6f59ce5596 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Wed, 13 Jun 2012 18:48:47 +0200
Subject: mod_nss: sync with rawhdie

---
 Makefile              |   2 +-
 mod_nss-httpd24.patch | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++
 mod_nss.spec          |  12 ++++-
 3 files changed, 147 insertions(+), 2 deletions(-)
 create mode 100644 mod_nss-httpd24.patch

diff --git a/Makefile b/Makefile
index 1e65467..91b0fd5 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
 SRCDIR := $(shell pwd)
 NAME := $(shell basename $(SRCDIR))
-include ../common/Makefile
+include ../../common/Makefile
 
diff --git a/mod_nss-httpd24.patch b/mod_nss-httpd24.patch
new file mode 100644
index 0000000..4863140
--- /dev/null
+++ b/mod_nss-httpd24.patch
@@ -0,0 +1,135 @@
+diff -ru mod_nss/mod_nss.c mod_nss-1.0.8/mod_nss.c
+--- mod_nss/mod_nss.c	2012-06-12 12:23:29.961000000 -0700
++++ mod_nss-1.0.8/mod_nss.c	2012-06-12 12:00:35.957002099 -0700
+@@ -349,7 +349,7 @@
+     ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+                  "Connection to child %ld established "
+                  "(server %s, client %s)", c->id, sc->vhost_id, 
+-                 c->remote_ip ? c->remote_ip : "unknown");
++                 c->client_ip ? c->client_ip : "unknown");
+ 
+     mctx = sslconn->is_proxy ? sc->proxy : sc->server;
+ 
+diff -ru mod_nss/mod_nss.h mod_nss-1.0.8/mod_nss.h
+--- mod_nss/mod_nss.h	2012-06-12 12:23:29.962000000 -0700
++++ mod_nss-1.0.8/mod_nss.h	2012-06-12 12:00:35.955002240 -0700
+@@ -27,7 +27,6 @@
+ #include "http_protocol.h"
+ #include "util_script.h"
+ #include "util_filter.h"
+-#include "mpm.h"
+ #include "apr.h"
+ #include "apr_strings.h"
+ #define APR_WANT_STRFUNC
+@@ -490,7 +489,7 @@
+ SECStatus nss_Init_Tokens(server_rec *s);
+ 
+ /* Logging */
+-void nss_log_nss_error(const char *file, int line, int level, server_rec *s);
++void nss_log_nss_error(const char *file, int line, int module_index, int level, server_rec *s);
+ void nss_die(void);
+ 
+ /* NSS callback */
+diff -ru mod_nss/nss_engine_init.c mod_nss-1.0.8/nss_engine_init.c
+--- mod_nss/nss_engine_init.c	2012-06-12 12:23:29.962000000 -0700
++++ mod_nss-1.0.8/nss_engine_init.c	2012-06-12 12:00:35.955002240 -0700
+@@ -15,7 +15,7 @@
+ 
+ #include "mod_nss.h"
+ #include "apr_thread_proc.h"
+-#include "ap_mpm.h"
++#include "mpm_common.h"
+ #include "secmod.h"
+ #include "sslerr.h"
+ #include "pk11func.h"
+diff -ru mod_nss/nss_engine_io.c mod_nss-1.0.8/nss_engine_io.c
+--- mod_nss/nss_engine_io.c	2012-06-12 12:23:29.963000000 -0700
++++ mod_nss-1.0.8/nss_engine_io.c	2012-06-12 12:00:35.956002167 -0700
+@@ -621,13 +621,13 @@
+     PR_Close(ssl);
+ 
+     /* log the fact that we've closed the connection */
+-    if (c->base_server->loglevel >= APLOG_INFO) {
++    if (c->base_server->log.level >= APLOG_INFO) {
+         ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+                      "Connection to child %ld closed "
+                      "(server %s, client %s)",
+                      c->id,
+                      nss_util_vhostid(c->pool, c->base_server),
+-                     c->remote_ip ? c->remote_ip : "unknown");
++                     c->client_ip ? c->client_ip : "unknown");
+     }
+ 
+     /* deallocate the SSL connection */
+@@ -1165,7 +1165,7 @@
+     filter_ctx = (nss_filter_ctx_t *)(fd->secret);
+     c = filter_ctx->c;
+ 
+-    return PR_StringToNetAddr(c->remote_ip, addr);
++    return PR_StringToNetAddr(c->client_ip, addr);
+ }
+ 
+ /* 
+diff -ru mod_nss/nss_engine_kernel.c mod_nss-1.0.8/nss_engine_kernel.c
+--- mod_nss/nss_engine_kernel.c	2012-06-12 12:23:29.963000000 -0700
++++ mod_nss-1.0.8/nss_engine_kernel.c	2012-06-12 12:00:35.954002314 -0700
+@@ -73,7 +73,7 @@
+     /*
+      * Log information about incoming HTTPS requests
+      */
+-    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
++    if (r->server->log.level >= APLOG_INFO && ap_is_initial_req(r)) {
+         ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+                      "%s HTTPS request received for child %ld (server %s)",
+                      (r->connection->keepalives <= 0 ?
+@@ -530,7 +530,7 @@
+             ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+                          "Access to %s denied for %s "
+                          "(requirement expression not fulfilled)",
+-                         r->filename, r->connection->remote_ip);
++                         r->filename, r->connection->client_ip);
+ 
+             ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+                          "Failed expression: %s", req->cpExpr);
+diff -ru mod_nss/nss_engine_log.c mod_nss-1.0.8/nss_engine_log.c
+--- mod_nss/nss_engine_log.c	2012-06-12 12:23:29.964000000 -0700
++++ mod_nss-1.0.8/nss_engine_log.c	2012-06-12 12:00:35.955002240 -0700
+@@ -321,7 +321,7 @@
+     exit(1); 
+ }
+ 
+-void nss_log_nss_error(const char *file, int line, int level, server_rec *s)
++void nss_log_nss_error(const char *file, int line, int module_index, int level, server_rec *s)
+ {
+     const char *err;
+     PRInt32 error;
+@@ -340,7 +340,7 @@
+          err = "Unknown";
+     }
+ 
+-    ap_log_error(file, line, level, 0, s,
++    ap_log_error(file, line, module_index, level, 0, s,
+                  "SSL Library Error: %d %s",
+                  error, err);
+ }
+diff -ru mod_nss/nss_engine_vars.c mod_nss-1.0.8/nss_engine_vars.c
+--- mod_nss/nss_engine_vars.c	2012-06-12 12:23:29.965000000 -0700
++++ mod_nss-1.0.8/nss_engine_vars.c	2012-06-12 12:00:35.948002812 -0700
+@@ -178,7 +178,7 @@
+                  && sslconn && sslconn->ssl)
+             result = nss_var_lookup_ssl(p, c, var+4);
+         else if (strcEQ(var, "REMOTE_ADDR"))
+-            result = c->remote_ip;
++            result = c->client_ip;
+         else if (strcEQ(var, "HTTPS")) {
+             if (sslconn && sslconn->ssl)
+                 result = "on";
+@@ -194,7 +194,7 @@
+         if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
+             result = nss_var_lookup_nss_version(p, var+12);
+         else if (strcEQ(var, "SERVER_SOFTWARE"))
+-            result = (char *)ap_get_server_version();
++            result = (char *)ap_get_server_banner();
+         else if (strcEQ(var, "API_VERSION")) {
+             result = apr_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
+             resdup = FALSE;
diff --git a/mod_nss.spec b/mod_nss.spec
index 35ec708..83544a3 100644
--- a/mod_nss.spec
+++ b/mod_nss.spec
@@ -7,7 +7,7 @@
 
 Name: mod_nss
 Version: 1.0.8
-Release: 16%{?dist}
+Release: 17%{?dist}
 Summary: SSL/TLS module for the Apache HTTP server
 Group: System Environment/Daemons
 License: ASL 2.0
@@ -29,6 +29,7 @@ Patch5: mod_nss-reverseproxy.patch
 Patch6: mod_nss-pcachesignal.h
 Patch7: mod_nss-reseterror.patch
 Patch8: mod_nss-lockpcache.patch
+Patch9: mod_nss-httpd24.patch
 
 %description
 The mod_nss module provides strong cryptography for the Apache Web
@@ -46,6 +47,9 @@ security library.
 %patch6 -p1 -b .pcachesignal.h
 %patch7 -p1 -b .reseterror
 %patch8 -p1 -b .lockpcache
+#if 0%{?fedora} >= 18
+%patch9 -p1 -b .httpd24
+#endif
 
 # Touch expression parser sources to prevent regenerating it
 touch nss_expr_*.[chyl]
@@ -144,6 +148,12 @@ fi
 %{_sbindir}/gencert
 
 %changelog
+* Wed Jun 12 2012 Remi Collet <RPMS@FamilleCollet.com> 1.0.8-17
+- rebuild for remi repo and http 2.4
+
+* Tue Jun 12 2012 Nathan Kinder <nkinder@redhat.com> - 1.0.8-17
+- Port mod_nss to work with httpd 2.4
+
 * Tue Apr 24 2012 Remi Collet <RPMS@FamilleCollet.com> 1.0.8-16
 - rebuild for remi repo and http 2.4
 
-- 
cgit