diff --git a/.gitattributes b/.gitattributes index 73d0e79..9b03811 100644 --- a/.gitattributes +++ b/.gitattributes @@ -21,5 +21,3 @@ *.xz filter=lfs diff=lfs merge=lfs -text *.zip filter=lfs diff=lfs merge=lfs -text *.zst filter=lfs diff=lfs merge=lfs -text -## Specific LFS patterns -modsecurity_diagram_apache_request_cycle.jpg filter=lfs diff=lfs merge=lfs -text diff --git a/ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 b/ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 deleted file mode 100644 index 6deb6f5..0000000 --- a/ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bab5e208e8c2aa4beeb799a4d05bceb3eb44846e75565b32b483fb5fb32023a7 -size 11838 diff --git a/Reference-Manual.html.bz2 b/Reference-Manual.html.bz2 deleted file mode 100644 index b86cb92..0000000 --- a/Reference-Manual.html.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:160af986e97bafad2cdbd58469115102068eff3b2f2f246f559adf7256d0dcf8 -size 60381 diff --git a/apache2-mod_security2-lua-5.3.patch b/apache2-mod_security2-lua-5.3.patch deleted file mode 100644 index 7951453..0000000 --- a/apache2-mod_security2-lua-5.3.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 422e22141b9f6cdd0496919093fcf51b02732b84 Mon Sep 17 00:00:00 2001 -From: Athmane Madjoudj -Date: Fri, 13 Feb 2015 13:24:50 +0100 -Subject: [PATCH] Fix build issue with Lua >= 5.3 - ---- - apache2/msc_lua.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/apache2/msc_lua.c b/apache2/msc_lua.c -index f4482ae..58206a7 100644 ---- a/apache2/msc_lua.c -+++ b/apache2/msc_lua.c -@@ -111,8 +111,11 @@ char *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool) { - dump.pool = pool; - dump.parts = apr_array_make(pool, 128, sizeof(msc_script_part *)); - -+#if LUA_VERSION_NUM >= 503 -+ lua_dump(L, dump_writer, &dump, 1); -+#else - lua_dump(L, dump_writer, &dump); -- -+#endif - (*script) = apr_pcalloc(pool, sizeof(msc_script)); - (*script)->name = filename; - (*script)->parts = dump.parts; diff --git a/apache2-mod_security2-no_rpath.diff b/apache2-mod_security2-no_rpath.diff index faf9808..4ed88ff 100644 --- a/apache2-mod_security2-no_rpath.diff +++ b/apache2-mod_security2-no_rpath.diff @@ -1,33 +1,8 @@ ---- ../modsecurity-2.9.0-o/apache2/Makefile.am 2015-02-12 20:08:30.000000000 +0100 -+++ ./apache2/Makefile.am 2015-02-14 18:55:11.762837073 +0100 -@@ -91,61 +91,61 @@ - - if MACOSX - mod_security2_la_LDFLAGS = -module -avoid-version \ - @APR_LDFLAGS@ \ - @APU_LDFLAGS@ \ - @APXS_LDFLAGS@ \ - @CURL_LDFLAGS@ \ - @LIBXML2_CFLAGS@ \ - @LIBXML2_LDFLAGS@ \ - @LUA_LDFLAGS@ \ - @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ \ - @SSDEEP_LDFLAGS@ - endif - - if SOLARIS - mod_security2_la_LDFLAGS = -module -avoid-version \ - @APR_LDFLAGS@ \ - @APU_LDFLAGS@ \ - @APXS_LDFLAGS@ \ - @CURL_LDFLAGS@ \ - @LIBXML2_CFLAGS@ \ - @LIBXML2_LDFLAGS@ \ - @LUA_LDFLAGS@ \ - @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ \ - @SSDEEP_LDFLAGS@ +Index: apache2/Makefile.am +=================================================================== +--- apache2/Makefile.am.orig ++++ apache2/Makefile.am +@@ -118,7 +118,7 @@ mod_security2_la_LDFLAGS = -module -avoi endif if LINUX @@ -36,63 +11,11 @@ @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ @APXS_LDFLAGS@ \ - @CURL_LDFLAGS@ \ - @LIBXML2_CFLAGS@ \ - @LIBXML2_LDFLAGS@ \ - @LUA_LDFLAGS@ \ - @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ \ - @SSDEEP_LDFLAGS@ - endif - - if FREEBSD - mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ - @APR_LDFLAGS@ \ - @APU_LDFLAGS@ \ - @APXS_LDFLAGS@ \ - @CURL_LDFLAGS@ \ - @LIBXML2_CFLAGS@ \ - @LIBXML2_LDFLAGS@ \ - @LUA_LDFLAGS@ \ - @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ \ - @SSDEEP_LDFLAGS@ - endif - - if OPENBSD - mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ - @APR_LDFLAGS@ \ - @APU_LDFLAGS@ \ ---- ../modsecurity-2.9.0-o/apache2/Makefile.in 2015-02-12 20:08:45.000000000 +0100 -+++ ./apache2/Makefile.in 2015-02-14 18:54:58.781828724 +0100 -@@ -651,61 +651,61 @@ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \ - done - - clean-pkglibLTLIBRARIES: - -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES) - @list='$(pkglib_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - libinjection/$(am__dirstamp): - @$(MKDIR_P) libinjection - @: > libinjection/$(am__dirstamp) - libinjection/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) libinjection/$(DEPDIR) - @: > libinjection/$(DEPDIR)/$(am__dirstamp) - libinjection/mod_security2_la-libinjection_html5.lo: \ - libinjection/$(am__dirstamp) \ - libinjection/$(DEPDIR)/$(am__dirstamp) - libinjection/mod_security2_la-libinjection_sqli.lo: \ - libinjection/$(am__dirstamp) \ - libinjection/$(DEPDIR)/$(am__dirstamp) - libinjection/mod_security2_la-libinjection_xss.lo: \ - libinjection/$(am__dirstamp) \ +Index: apache2/Makefile.in +=================================================================== +--- apache2/Makefile.in.orig ++++ apache2/Makefile.in +@@ -691,7 +691,7 @@ libinjection/mod_security2_la-libinjecti libinjection/$(DEPDIR)/$(am__dirstamp) mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES) $(EXTRA_mod_security2_la_DEPENDENCIES) @@ -101,222 +24,34 @@ mostlyclean-compile: -rm -f *.$(OBJEXT) - -rm -f libinjection/*.$(OBJEXT) - -rm -f libinjection/*.lo - - distclean-compile: - -rm -f *.tab.c - - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-acmp.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_config.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_io.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_util.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-mod_security2.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-modsecurity.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_crypt.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_geo.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_gsb.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_json.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_logging.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_lua.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_multipart.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_parsers.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_pcre.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_release.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_remote_rules.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_reqbody.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_status_engine.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_tree.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_unicode.Plo@am__quote@ -diff -rNU 30 ../modsecurity-2.8.0-o/build/libtool.m4 ./build/libtool.m4 ---- ../modsecurity-2.8.0-o/build/libtool.m4 2014-04-15 14:44:04.000000000 +0200 -+++ ./build/libtool.m4 2014-06-16 16:16:39.000000000 +0200 -@@ -4661,61 +4661,61 @@ - if test "$with_gnu_ld" = yes; then - case $host_os in - aix*) - # The AIX port of GNU ld has always aspired to compatibility - # with the native linker. However, as the warning in the GNU ld - # block says, versions before 2.19.5* couldn't really create working - # shared libraries, regardless of the interface used. - case `$LD -v 2>&1` in - *\ \(GNU\ Binutils\)\ 2.19.5*) ;; - *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; - *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; - *) - lt_use_gnu_ld_interface=yes - ;; - esac - ;; - *) - lt_use_gnu_ld_interface=yes - ;; - esac - fi - - if test "$lt_use_gnu_ld_interface" = yes; then - # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' - - # Set some defaults for GNU ld with shared library support. These +Index: build/libtool.m4 +=================================================================== +--- build/libtool.m4.orig ++++ build/libtool.m4 +@@ -5053,7 +5053,7 @@ dnl Note also adjust exclude_expsyms for # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH -- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' +- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - supports_anon_versioning=no - case `$LD -v 2>&1` in - *GNU\ gold*) supports_anon_versioning=yes ;; - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 - *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... - *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... - *\ 2.11.*) ;; # other 2.11 versions - *) supports_anon_versioning=yes ;; - esac - - # See if GNU ld supports shared libraries. - case $host_os in - aix[[3-9]]*) - # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - - *** Warning: the GNU linker, at least up to release 2.19, is reported - *** to be unable to reliably create shared libraries on AIX. - *** Therefore, libtool is disabling shared libraries support. If you - *** really care for shared libraries, you may want to install binutils - *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. -@@ -4897,61 +4897,61 @@ - _LT_EOF - elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - - *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not - *** reliably create shared libraries on SCO systems. Therefore, libtool - *** is disabling shared libraries support. We urge you to upgrade GNU - *** binutils to release 2.16.91.0.3 or newer. Another option is to modify - *** your PATH or compiler configuration so that the native linker is - *** used, and then restart. - - _LT_EOF - ;; - *) - # For security reasons, it is highly recommended that you always - # use absolute paths for naming shared libraries, and exclude the +@@ -5322,7 +5322,7 @@ _LT_EOF # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then -- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' +- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; +@@ -6409,7 +6409,7 @@ if test yes != "$_lt_caught_CXX_error"; + _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' - sunos4*) - _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' - wlarc= - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - - if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then - runpath_var= - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(export_dynamic_flag_spec, $1)= -@@ -5907,61 +5907,61 @@ - else - $as_unset lt_cv_path_LD - fi - test -z "${LDCXX+set}" || LD=$LDCXX - CC=${CXX-"c++"} - CFLAGS=$CXXFLAGS - compiler=$CC - _LT_TAGVAR(compiler, $1)=$CC - _LT_CC_BASENAME([$compiler]) - - if test -n "$compiler"; then - # We don't want -fno-exception when compiling C++ code, so set the - # no_builtin_flag separately - if test "$GXX" = yes; then - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' - else - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= - fi - - if test "$GXX" = yes; then - # Set up default GNU C++ configuration - - LT_PATH_LD - - # Check if GNU C++ uses GNU ld as the underlying linker, since the - # archiving commands below assume that GNU ld is being used. - if test "$with_gnu_ld" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - -- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' +- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty - # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to - # investigate it a little bit more. (MM) - wlarc='${wl}' - - # ancient GNU ld didn't support --whole-archive et. al. - if eval "`$CC -print-prog-name=ld` --help 2>&1" | - $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - else - with_gnu_ld=no - wlarc= - - # A generic and very simple default shared library creation - # command for GNU C++ for the case where it uses the native - # linker, instead of GNU ld. If possible, this setting should - # overridden to take advantage of the native linker features on - # the platform it is being used on. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - fi - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' diff --git a/apache2-mod_security2.changes b/apache2-mod_security2.changes index 765b6d3..85d4b45 100644 --- a/apache2-mod_security2.changes +++ b/apache2-mod_security2.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Fri Dec 29 00:09:38 UTC 2017 - jengelh@inai.de + +- Trim advertisement and filler wording from descriptions. + +------------------------------------------------------------------- +Wed Dec 20 09:13:49 UTC 2017 - pgajdos@suse.com + +- fix build for SLE_11_SP4: BuildRoot and %deffattr have to be + present + +------------------------------------------------------------------- +Mon Oct 2 11:02:58 UTC 2017 - kstreitova@suse.com + +- update to 2.9.2 + * release notes + https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2 + * refresh apache2-mod_security2-no_rpath.diff + * remove apache2-mod_security2-lua-5.3.patch that was applied + upstream +- remove outdated html pages and diagram (they can be accessed + online at https://github.com/SpiderLabs/ModSecurity/wiki) + * Reference-Manual.html.bz2 + * ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 + * modsecurity_diagram_apache_request_cycle.jpg +- don't pack the whole doc directory as it contains also Makefiles + or doxygen configuration files +- disable mlogc as we don't pack it and it also can't be built for + curl <=7.34 +- add basic and regression test suite (but disabled for now) + * add apache2-mod_security2_tests_conf.patch for apache2 + configuration file used for tests that was trying to load + mpm_worker_module (it's static for our apache2 package) + * add "BuildRequires: perl-libwww-perl" needed for the test suite + ------------------------------------------------------------------- Wed Jun 21 10:16:28 UTC 2017 - dimstar@opensuse.org diff --git a/apache2-mod_security2.spec b/apache2-mod_security2.spec index 285b4fe..16cc487 100644 --- a/apache2-mod_security2.spec +++ b/apache2-mod_security2.spec @@ -19,27 +19,21 @@ %define modname mod_security2 %define tarballname modsecurity-%{version} %define usrsharedir %{_datadir}/%{name} -%define refman Reference-Manual.html -%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html Name: apache2-mod_security2 -Version: 2.9.0 +Version: 2.9.2 Release: 0 -Summary: ModSecurity Open Source Web Application Firewall +Summary: Web Application Firewall for apache httpd License: Apache-2.0 Group: Productivity/Networking/Web/Servers Url: http://www.modsecurity.org/ Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz Source2: mod_security2.conf -Source3: %{refman}.bz2 -Source4: %{faq}.bz2 -Source5: modsecurity_diagram_apache_request_cycle.jpg Source6: README-SUSE-mod_security2.txt Source7: empty.conf Patch0: apache2-mod_security2-no_rpath.diff Patch1: modsecurity-fixes.patch -# https://github.com/SpiderLabs/ModSecurity/pull/837 -Patch2: apache2-mod_security2-lua-5.3.patch +Patch2: apache2-mod_security2_tests_conf.patch BuildRequires: apache-rpm-macros BuildRequires: apache2-devel BuildRequires: apache2-prefork @@ -51,42 +45,40 @@ BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: lua-devel BuildRequires: pcre-devel +BuildRequires: perl-libwww-perl BuildRequires: pkgconfig Requires: %{apache_mmn} Requires: %{apache_suse_maintenance_mmn} Requires: apache2 +%if 0%{suse_version} == 1110 BuildRoot: %{_tmppath}/%{name}-%{version}-build +%endif %description -ModSecurity(TM) is an open source intrusion detection and prevention +ModSecurity is an intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. -The modsecurity team also offer a commercial version of their excellent -ruleset. Please have a look at http://www.modsecurity.org/ for more details. - %prep %setup -q -n %{tarballname} %setup -q -D -T -a 1 -n %{tarballname} mv -v SpiderLabs* rules -bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3} %{_sourcedir}/%{refman} -bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4} %{_sourcedir}/%{faq} %patch0 %patch1 -p1 %patch2 -p1 %build -# aclocal only works with never distributions, +# aclocal only works with newer distributions %if 0%{?suse_version} >= 1310 aclocal -# on older versions only autoconf is called. +# on older versions only autoconf is called %else autoreconf -fi %endif automake -%configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config +%configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config --disable-mlogc CFLAGS="%{optflags}" make %{?_smp_mflags} %install @@ -99,16 +91,12 @@ install -d -m 0755 %{buildroot}%{apache_sysconfdir}/mod_security2.d install -D -m 0644 %{SOURCE6} %{buildroot}%{apache_sysconfdir}/mod_security2.d install -D -m 0644 %{SOURCE7} %{buildroot}%{apache_sysconfdir}/mod_security2.d cp -a %{SOURCE6} doc -install -m 0644 %{_sourcedir}/%{faq} %{_sourcedir}/%{refman} doc -install -m 0644 %{SOURCE5} doc install -d -m 0755 %{buildroot}/%{usrsharedir} install -d -m 0755 %{buildroot}/%{usrsharedir}/tools -install -d -m 0755 %{buildroot}/%{usrsharedir} rm -f rules/.gitignore rules/LICENSE cp -a rules/util/README %{buildroot}/%{usrsharedir}/tools/README-rules-updater.txt cp -a tools/rules-updater.pl tools/rules-updater-example.conf %{buildroot}/%{usrsharedir}/tools -find rules -type f -print0 | \ - xargs -0 chmod 644 +find rules -type f -exec chmod 644 {} + cp -a rules %{buildroot}/%{usrsharedir} rm -rf %{buildroot}/%{usrsharedir}/rules/util rm -rf %{buildroot}/%{usrsharedir}/rules/lua @@ -117,7 +105,11 @@ rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rule mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \ %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf -%check +# Temporarily disable test suite as there are some failures that need to be solved +#%check +#make test +#make test-regression + set +x mkdir -p %{apache_test_module_dir} cp %{SOURCE2} %{apache_test_module_dir}/%{modname}-test.conf @@ -128,15 +120,18 @@ sed -i 's:%{_sysconfdir}/apache2:%{buildroot}%{_sysconfdir}/apache2:' %{apache_t set -x %files -%defattr(-, root, root, 0755) +%if %{suse_version} == 1110 +%defattr (-,root,root) +%endif %{apache_libexecdir}/%{modname}.so %config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf %dir %{apache_sysconfdir}/mod_security2.d %{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt %{apache_sysconfdir}/mod_security2.d/empty.conf -%dir %{usrsharedir} -%doc README.TXT CHANGES LICENSE NOTICE authors.txt %{usrsharedir} -%doc doc/* rules/util/regression-tests +%doc README.TXT CHANGES LICENSE NOTICE authors.txt +%doc doc/README.txt +%doc doc/README-SUSE-mod_security2.txt +%doc rules/util/regression-tests %changelog diff --git a/apache2-mod_security2_tests_conf.patch b/apache2-mod_security2_tests_conf.patch new file mode 100644 index 0000000..f726c71 --- /dev/null +++ b/apache2-mod_security2_tests_conf.patch @@ -0,0 +1,14 @@ +Index: modsecurity-2.9.2/tests/regression/server_root/conf/httpd.conf.in +=================================================================== +--- modsecurity-2.9.2.orig/tests/regression/server_root/conf/httpd.conf.in ++++ modsecurity-2.9.2/tests/regression/server_root/conf/httpd.conf.in +@@ -14,9 +14,6 @@ LoadModule security2_module @MSC_BASE_DI + + LoadModule unixd_module @APXS_LIBEXECDIR@/mod_unixd.so + +- +- LoadModule mpm_worker_module @APXS_LIBEXECDIR@/mod_mpm_worker.so +- + LoadModule access_compat_module @APXS_LIBEXECDIR@/mod_access_compat.so + LoadModule authn_core_module @APXS_LIBEXECDIR@/mod_authn_core.so + LoadModule authz_core_module @APXS_LIBEXECDIR@/mod_authz_core.so diff --git a/modsecurity-2.9.0.tar.gz b/modsecurity-2.9.0.tar.gz deleted file mode 100644 index 293db19..0000000 --- a/modsecurity-2.9.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434 -size 4246467 diff --git a/modsecurity-2.9.2.tar.gz b/modsecurity-2.9.2.tar.gz new file mode 100644 index 0000000..5ebb417 --- /dev/null +++ b/modsecurity-2.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5 +size 4298993 diff --git a/modsecurity_diagram_apache_request_cycle.jpg b/modsecurity_diagram_apache_request_cycle.jpg deleted file mode 100644 index b31317a..0000000 --- a/modsecurity_diagram_apache_request_cycle.jpg +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4366e727c511bccbf56ec646dd0961c65c8054fdc235ab26e06e3faf08052f6d -size 46799