pool/apache2-mod_security2
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 561619 from Apache:Modules

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/561619
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_security2?expand=0&rev=25
This commit is contained in:
Dominique Leuenberger 2018-01-09 13:52:25 +00:00 committed by Git OBS Bridge
commit 9dd6e62366
11 changed files with 101 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitattributes vendored
View File

@ -21,5 +21,3 @@
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
## Specific LFS patterns
modsecurity_diagram_apache_request_cycle.jpg filter=lfs diff=lfs merge=lfs -text

3
ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bab5e208e8c2aa4beeb799a4d05bceb3eb44846e75565b32b483fb5fb32023a7
size 11838

3
Reference-Manual.html.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:160af986e97bafad2cdbd58469115102068eff3b2f2f246f559adf7256d0dcf8
size 60381

26
apache2-mod_security2-lua-5.3.patch
View File

@ -1,26 +0,0 @@
From 422e22141b9f6cdd0496919093fcf51b02732b84 Mon Sep 17 00:00:00 2001
From: Athmane Madjoudj <athmane@fedoraproject.org>
Date: Fri, 13 Feb 2015 13:24:50 +0100
Subject: [PATCH] Fix build issue with Lua >= 5.3
---
apache2/msc_lua.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/apache2/msc_lua.c b/apache2/msc_lua.c
index f4482ae..58206a7 100644
--- a/apache2/msc_lua.c
+++ b/apache2/msc_lua.c
@@ -111,8 +111,11 @@ char *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool) {
dump.pool = pool;
dump.parts = apr_array_make(pool, 128, sizeof(msc_script_part *));
+#if LUA_VERSION_NUM >= 503
+ lua_dump(L, dump_writer, &dump, 1);
+#else
lua_dump(L, dump_writer, &dump);
-
+#endif
(*script) = apr_pcalloc(pool, sizeof(msc_script));
(*script)->name = filename;
(*script)->parts = dump.parts;

317
apache2-mod_security2-no_rpath.diff
View File

@ -1,33 +1,8 @@
--- ../modsecurity-2.9.0-o/apache2/Makefile.am 2015-02-12 20:08:30.000000000 +0100
+++ ./apache2/Makefile.am 2015-02-14 18:55:11.762837073 +0100
@@ -91,61 +91,61 @@
if MACOSX
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
if SOLARIS
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
Index: apache2/Makefile.am
===================================================================
--- apache2/Makefile.am.orig
+++ apache2/Makefile.am
@@ -118,7 +118,7 @@ mod_security2_la_LDFLAGS = -module -avoi
endif
if LINUX
@ -36,63 +11,11 @@
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
if FREEBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
if OPENBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
--- ../modsecurity-2.9.0-o/apache2/Makefile.in 2015-02-12 20:08:45.000000000 +0100
+++ ./apache2/Makefile.in 2015-02-14 18:54:58.781828724 +0100
@@ -651,61 +651,61 @@
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \
done
clean-pkglibLTLIBRARIES:
-test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
@list='$(pkglib_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
libinjection/$(am__dirstamp):
@$(MKDIR_P) libinjection
@: > libinjection/$(am__dirstamp)
libinjection/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) libinjection/$(DEPDIR)
@: > libinjection/$(DEPDIR)/$(am__dirstamp)
libinjection/mod_security2_la-libinjection_html5.lo: \
libinjection/$(am__dirstamp) \
libinjection/$(DEPDIR)/$(am__dirstamp)
libinjection/mod_security2_la-libinjection_sqli.lo: \
libinjection/$(am__dirstamp) \
libinjection/$(DEPDIR)/$(am__dirstamp)
libinjection/mod_security2_la-libinjection_xss.lo: \
libinjection/$(am__dirstamp) \
Index: apache2/Makefile.in
===================================================================
--- apache2/Makefile.in.orig
+++ apache2/Makefile.in
@@ -691,7 +691,7 @@ libinjection/mod_security2_la-libinjecti
libinjection/$(DEPDIR)/$(am__dirstamp)
mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES) $(EXTRA_mod_security2_la_DEPENDENCIES)
@ -101,222 +24,34 @@
mostlyclean-compile:
-rm -f *.$(OBJEXT)
-rm -f libinjection/*.$(OBJEXT)
-rm -f libinjection/*.lo
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-acmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_config.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_io.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_util.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-mod_security2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-modsecurity.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_crypt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_geo.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_gsb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_json.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_logging.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_lua.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_multipart.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_parsers.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_pcre.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_release.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_remote_rules.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_reqbody.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_status_engine.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_tree.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_unicode.Plo@am__quote@
diff -rNU 30 ../modsecurity-2.8.0-o/build/libtool.m4 ./build/libtool.m4
--- ../modsecurity-2.8.0-o/build/libtool.m4 2014-04-15 14:44:04.000000000 +0200
+++ ./build/libtool.m4 2014-06-16 16:16:39.000000000 +0200
@@ -4661,61 +4661,61 @@
if test "$with_gnu_ld" = yes; then
case $host_os in
aix*)
# The AIX port of GNU ld has always aspired to compatibility
# with the native linker. However, as the warning in the GNU ld
# block says, versions before 2.19.5* couldn't really create working
# shared libraries, regardless of the interface used.
case `$LD -v 2>&1` in
*\ \(GNU\ Binutils\)\ 2.19.5*) ;;
*\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
*\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
fi
if test "$lt_use_gnu_ld_interface" = yes; then
# If archive_cmds runs LD, not CC, wlarc should be empty
wlarc='${wl}'
# Set some defaults for GNU ld with shared library support. These
Index: build/libtool.m4
===================================================================
--- build/libtool.m4.orig
+++ build/libtool.m4
@@ -5053,7 +5053,7 @@ dnl Note also adjust exclude_expsyms for
# are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary.
runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
# ancient GNU ld didn't support --whole-archive et. al.
if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
supports_anon_versioning=no
case `$LD -v 2>&1` in
*GNU\ gold*) supports_anon_versioning=yes ;;
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
*\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
*\ 2.11.*) ;; # other 2.11 versions
*) supports_anon_versioning=yes ;;
esac
# See if GNU ld supports shared libraries.
case $host_os in
aix[[3-9]]*)
# On AIX/PPC, the GNU linker is very broken
if test "$host_cpu" != ia64; then
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: the GNU linker, at least up to release 2.19, is reported
*** to be unable to reliably create shared libraries on AIX.
*** Therefore, libtool is disabling shared libraries support. If you
*** really care for shared libraries, you may want to install binutils
*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
@@ -4897,61 +4897,61 @@
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
case `$LD -v 2>&1` in
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
*** reliably create shared libraries on SCO systems. Therefore, libtool
*** is disabling shared libraries support. We urge you to upgrade GNU
*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
*** your PATH or compiler configuration so that the native linker is
*** used, and then restart.
_LT_EOF
;;
*)
# For security reasons, it is highly recommended that you always
# use absolute paths for naming shared libraries, and exclude the
@@ -5322,7 +5322,7 @@ _LT_EOF
# DT_RUNPATH tag from executables and libraries. But doing so
# requires that you compile everything twice, which is a pain.
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
;;
@@ -6409,7 +6409,7 @@ if test yes != "$_lt_caught_CXX_error";
_LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
sunos4*)
_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
wlarc=
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
;;
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
runpath_var=
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(export_dynamic_flag_spec, $1)=
@@ -5907,61 +5907,61 @@
else
$as_unset lt_cv_path_LD
fi
test -z "${LDCXX+set}" || LD=$LDCXX
CC=${CXX-"c++"}
CFLAGS=$CXXFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_CC_BASENAME([$compiler])
if test -n "$compiler"; then
# We don't want -fno-exception when compiling C++ code, so set the
# no_builtin_flag separately
if test "$GXX" = yes; then
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
else
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
fi
if test "$GXX" = yes; then
# Set up default GNU C++ configuration
LT_PATH_LD
# Check if GNU C++ uses GNU ld as the underlying linker, since the
# archiving commands below assume that GNU ld is being used.
if test "$with_gnu_ld" = yes; then
_LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
# If archive_cmds runs LD, not CC, wlarc should be empty
# XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
# investigate it a little bit more. (MM)
wlarc='${wl}'
# ancient GNU ld didn't support --whole-archive et. al.
if eval "`$CC -print-prog-name=ld` --help 2>&1" |
$GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
else
with_gnu_ld=no
wlarc=
# A generic and very simple default shared library creation
# command for GNU C++ for the case where it uses the native
# linker, instead of GNU ld. If possible, this setting should
# overridden to take advantage of the native linker features on
# the platform it is being used on.
_LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
fi
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'

35
apache2-mod_security2.changes
View File

@ -1,3 +1,38 @@
-------------------------------------------------------------------
Fri Dec 29 00:09:38 UTC 2017 - jengelh@inai.de
- Trim advertisement and filler wording from descriptions.
-------------------------------------------------------------------
Wed Dec 20 09:13:49 UTC 2017 - pgajdos@suse.com
- fix build for SLE_11_SP4: BuildRoot and %deffattr have to be
present
-------------------------------------------------------------------
Mon Oct 2 11:02:58 UTC 2017 - kstreitova@suse.com
- update to 2.9.2
* release notes
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2
* refresh apache2-mod_security2-no_rpath.diff
* remove apache2-mod_security2-lua-5.3.patch that was applied
upstream
- remove outdated html pages and diagram (they can be accessed
online at https://github.com/SpiderLabs/ModSecurity/wiki)
* Reference-Manual.html.bz2
* ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
* modsecurity_diagram_apache_request_cycle.jpg
- don't pack the whole doc directory as it contains also Makefiles
or doxygen configuration files
- disable mlogc as we don't pack it and it also can't be built for
curl <=7.34
- add basic and regression test suite (but disabled for now)
* add apache2-mod_security2_tests_conf.patch for apache2
configuration file used for tests that was trying to load
mpm_worker_module (it's static for our apache2 package)
* add "BuildRequires: perl-libwww-perl" needed for the test suite
-------------------------------------------------------------------
Wed Jun 21 10:16:28 UTC 2017 - dimstar@opensuse.org

51
apache2-mod_security2.spec
View File

@ -19,27 +19,21 @@
%define modname mod_security2
%define tarballname modsecurity-%{version}
%define usrsharedir %{_datadir}/%{name}
%define refman Reference-Manual.html
%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html
Name: apache2-mod_security2
Version: 2.9.0
Version: 2.9.2
Release: 0
Summary: ModSecurity Open Source Web Application Firewall
Summary: Web Application Firewall for apache httpd
License: Apache-2.0
Group: Productivity/Networking/Web/Servers
Url: http://www.modsecurity.org/
Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz
Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
Source2: mod_security2.conf
Source3: %{refman}.bz2
Source4: %{faq}.bz2
Source5: modsecurity_diagram_apache_request_cycle.jpg
Source6: README-SUSE-mod_security2.txt
Source7: empty.conf
Patch0: apache2-mod_security2-no_rpath.diff
Patch1: modsecurity-fixes.patch
# https://github.com/SpiderLabs/ModSecurity/pull/837
Patch2: apache2-mod_security2-lua-5.3.patch
Patch2: apache2-mod_security2_tests_conf.patch
BuildRequires: apache-rpm-macros
BuildRequires: apache2-devel
BuildRequires: apache2-prefork
@ -51,42 +45,40 @@ BuildRequires: libtool
BuildRequires: libxml2-devel
BuildRequires: lua-devel
BuildRequires: pcre-devel
BuildRequires: perl-libwww-perl
BuildRequires: pkgconfig
Requires: %{apache_mmn}
Requires: %{apache_suse_maintenance_mmn}
Requires: apache2
%if 0%{suse_version} == 1110
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%endif
%description
ModSecurity(TM) is an open source intrusion detection and prevention
ModSecurity is an intrusion detection and prevention
engine for web applications (or a web application firewall). Operating
as an Apache Web server module or standalone, the purpose of
ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks.
The modsecurity team also offer a commercial version of their excellent
ruleset. Please have a look at http://www.modsecurity.org/ for more details.
%prep
%setup -q -n %{tarballname}
%setup -q -D -T -a 1 -n %{tarballname}
mv -v SpiderLabs* rules
bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3} %{_sourcedir}/%{refman}
bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4} %{_sourcedir}/%{faq}
%patch0
%patch1 -p1
%patch2 -p1
%build
# aclocal only works with never distributions,
# aclocal only works with newer distributions
%if 0%{?suse_version} >= 1310
aclocal
# on older versions only autoconf is called.
# on older versions only autoconf is called
%else
autoreconf -fi
%endif
automake
%configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config
%configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config --disable-mlogc
CFLAGS="%{optflags}" make %{?_smp_mflags}
%install
@ -99,16 +91,12 @@ install -d -m 0755 %{buildroot}%{apache_sysconfdir}/mod_security2.d
install -D -m 0644 %{SOURCE6} %{buildroot}%{apache_sysconfdir}/mod_security2.d
install -D -m 0644 %{SOURCE7} %{buildroot}%{apache_sysconfdir}/mod_security2.d
cp -a %{SOURCE6} doc
install -m 0644 %{_sourcedir}/%{faq} %{_sourcedir}/%{refman} doc
install -m 0644 %{SOURCE5} doc
install -d -m 0755 %{buildroot}/%{usrsharedir}
install -d -m 0755 %{buildroot}/%{usrsharedir}/tools
install -d -m 0755 %{buildroot}/%{usrsharedir}
rm -f rules/.gitignore rules/LICENSE
cp -a rules/util/README %{buildroot}/%{usrsharedir}/tools/README-rules-updater.txt
cp -a tools/rules-updater.pl tools/rules-updater-example.conf %{buildroot}/%{usrsharedir}/tools
find rules -type f -print0 | \
xargs -0 chmod 644
find rules -type f -exec chmod 644 {} +
cp -a rules %{buildroot}/%{usrsharedir}
rm -rf %{buildroot}/%{usrsharedir}/rules/util
rm -rf %{buildroot}/%{usrsharedir}/rules/lua
@ -117,7 +105,11 @@ rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rule
mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
%{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf
%check
# Temporarily disable test suite as there are some failures that need to be solved
#%check
#make test
#make test-regression
set +x
mkdir -p %{apache_test_module_dir}
cp %{SOURCE2} %{apache_test_module_dir}/%{modname}-test.conf
@ -128,15 +120,18 @@ sed -i 's:%{_sysconfdir}/apache2:%{buildroot}%{_sysconfdir}/apache2:' %{apache_t
set -x
%files
%defattr(-, root, root, 0755)
%if %{suse_version} == 1110
%defattr (-,root,root)
%endif
%{apache_libexecdir}/%{modname}.so
%config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf
%dir %{apache_sysconfdir}/mod_security2.d
%{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt
%{apache_sysconfdir}/mod_security2.d/empty.conf
%dir %{usrsharedir}
%doc README.TXT CHANGES LICENSE NOTICE authors.txt
%{usrsharedir}
%doc doc/* rules/util/regression-tests
%doc README.TXT CHANGES LICENSE NOTICE authors.txt
%doc doc/README.txt
%doc doc/README-SUSE-mod_security2.txt
%doc rules/util/regression-tests
%changelog

14
apache2-mod_security2_tests_conf.patch Normal file
View File

@ -0,0 +1,14 @@
Index: modsecurity-2.9.2/tests/regression/server_root/conf/httpd.conf.in
===================================================================
--- modsecurity-2.9.2.orig/tests/regression/server_root/conf/httpd.conf.in
+++ modsecurity-2.9.2/tests/regression/server_root/conf/httpd.conf.in
@@ -14,9 +14,6 @@ LoadModule security2_module @MSC_BASE_DI
<IfModule !mod_unixd.c>
LoadModule unixd_module @APXS_LIBEXECDIR@/mod_unixd.so
</IfModule>
- <IfModule !mpm_worker_module>
- LoadModule mpm_worker_module @APXS_LIBEXECDIR@/mod_mpm_worker.so
- </IfModule>
LoadModule access_compat_module @APXS_LIBEXECDIR@/mod_access_compat.so
LoadModule authn_core_module @APXS_LIBEXECDIR@/mod_authn_core.so
LoadModule authz_core_module @APXS_LIBEXECDIR@/mod_authz_core.so

3
modsecurity-2.9.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434
size 4246467

3
modsecurity-2.9.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5
size 4298993

3
modsecurity_diagram_apache_request_cycle.jpg
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4366e727c511bccbf56ec646dd0961c65c8054fdc235ab26e06e3faf08052f6d
size 46799