pool/apache2-mod_security2
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 561619 from Apache:Modules

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/561619
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_security2?expand=0&rev=25
This commit is contained in:
Dominique Leuenberger 2018-01-09 13:52:25 +00:00 committed by Git OBS Bridge
commit 9dd6e62366
11 changed files with 101 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitattributes vendored
View File

@ -21,5 +21,3 @@
*.xz filter=lfs diff=lfs merge=lfs -text *.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text *.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text *.zst filter=lfs diff=lfs merge=lfs -text
## Specific LFS patterns
modsecurity_diagram_apache_request_cycle.jpg filter=lfs diff=lfs merge=lfs -text

3
ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bab5e208e8c2aa4beeb799a4d05bceb3eb44846e75565b32b483fb5fb32023a7
size 11838

3
Reference-Manual.html.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:160af986e97bafad2cdbd58469115102068eff3b2f2f246f559adf7256d0dcf8
size 60381

26
apache2-mod_security2-lua-5.3.patch
View File

@ -1,26 +0,0 @@
From 422e22141b9f6cdd0496919093fcf51b02732b84 Mon Sep 17 00:00:00 2001
From: Athmane Madjoudj <athmane@fedoraproject.org>
Date: Fri, 13 Feb 2015 13:24:50 +0100
Subject: [PATCH] Fix build issue with Lua >= 5.3
---
apache2/msc_lua.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/apache2/msc_lua.c b/apache2/msc_lua.c
index f4482ae..58206a7 100644
--- a/apache2/msc_lua.c
+++ b/apache2/msc_lua.c
@@ -111,8 +111,11 @@ char *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool) {
dump.pool = pool;
dump.parts = apr_array_make(pool, 128, sizeof(msc_script_part *));
+#if LUA_VERSION_NUM >= 503
+ lua_dump(L, dump_writer, &dump, 1);
+#else
lua_dump(L, dump_writer, &dump);
-
+#endif
(*script) = apr_pcalloc(pool, sizeof(msc_script));
(*script)->name = filename;
(*script)->parts = dump.parts;

317
apache2-mod_security2-no_rpath.diff
View File

@ -1,33 +1,8 @@
--- ../modsecurity-2.9.0-o/apache2/Makefile.am 2015-02-12 20:08:30.000000000 +0100 Index: apache2/Makefile.am
+++ ./apache2/Makefile.am 2015-02-14 18:55:11.762837073 +0100 ===================================================================
@@ -91,61 +91,61 @@ --- apache2/Makefile.am.orig
+++ apache2/Makefile.am
if MACOSX @@ -118,7 +118,7 @@ mod_security2_la_LDFLAGS = -module -avoi
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
if SOLARIS
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif endif
if LINUX if LINUX
@ -36,63 +11,11 @@
@APR_LDFLAGS@ \ @APR_LDFLAGS@ \
@APU_LDFLAGS@ \ @APU_LDFLAGS@ \
@APXS_LDFLAGS@ \ @APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \ Index: apache2/Makefile.in
@LIBXML2_CFLAGS@ \ ===================================================================
@LIBXML2_LDFLAGS@ \ --- apache2/Makefile.in.orig
@LUA_LDFLAGS@ \ +++ apache2/Makefile.in
@PCRE_LDFLAGS@ \ @@ -691,7 +691,7 @@ libinjection/mod_security2_la-libinjecti
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
if FREEBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@CURL_LDFLAGS@ \
@LIBXML2_CFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@ \
@SSDEEP_LDFLAGS@
endif
if OPENBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
--- ../modsecurity-2.9.0-o/apache2/Makefile.in 2015-02-12 20:08:45.000000000 +0100
+++ ./apache2/Makefile.in 2015-02-14 18:54:58.781828724 +0100
@@ -651,61 +651,61 @@
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \
done
clean-pkglibLTLIBRARIES:
-test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
@list='$(pkglib_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
libinjection/$(am__dirstamp):
@$(MKDIR_P) libinjection
@: > libinjection/$(am__dirstamp)
libinjection/$(DEPDIR)/$(am__dirstamp):
@$(MKDIR_P) libinjection/$(DEPDIR)
@: > libinjection/$(DEPDIR)/$(am__dirstamp)
libinjection/mod_security2_la-libinjection_html5.lo: \
libinjection/$(am__dirstamp) \
libinjection/$(DEPDIR)/$(am__dirstamp)
libinjection/mod_security2_la-libinjection_sqli.lo: \
libinjection/$(am__dirstamp) \
libinjection/$(DEPDIR)/$(am__dirstamp)
libinjection/mod_security2_la-libinjection_xss.lo: \
libinjection/$(am__dirstamp) \
libinjection/$(DEPDIR)/$(am__dirstamp) libinjection/$(DEPDIR)/$(am__dirstamp)
mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES) $(EXTRA_mod_security2_la_DEPENDENCIES) mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES) $(EXTRA_mod_security2_la_DEPENDENCIES)
@ -101,222 +24,34 @@
mostlyclean-compile: mostlyclean-compile:
-rm -f *.$(OBJEXT) -rm -f *.$(OBJEXT)
-rm -f libinjection/*.$(OBJEXT) Index: build/libtool.m4
-rm -f libinjection/*.lo ===================================================================
--- build/libtool.m4.orig
distclean-compile: +++ build/libtool.m4
-rm -f *.tab.c @@ -5053,7 +5053,7 @@ dnl Note also adjust exclude_expsyms for
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-acmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_config.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_io.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_util.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-mod_security2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-modsecurity.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_crypt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_geo.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_gsb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_json.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_logging.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_lua.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_multipart.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_parsers.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_pcre.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_release.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_remote_rules.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_reqbody.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_status_engine.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_tree.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_unicode.Plo@am__quote@
diff -rNU 30 ../modsecurity-2.8.0-o/build/libtool.m4 ./build/libtool.m4
--- ../modsecurity-2.8.0-o/build/libtool.m4 2014-04-15 14:44:04.000000000 +0200
+++ ./build/libtool.m4 2014-06-16 16:16:39.000000000 +0200
@@ -4661,61 +4661,61 @@
if test "$with_gnu_ld" = yes; then
case $host_os in
aix*)
# The AIX port of GNU ld has always aspired to compatibility
# with the native linker. However, as the warning in the GNU ld
# block says, versions before 2.19.5* couldn't really create working
# shared libraries, regardless of the interface used.
case `$LD -v 2>&1` in
*\ \(GNU\ Binutils\)\ 2.19.5*) ;;
*\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
*\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
fi
if test "$lt_use_gnu_ld_interface" = yes; then
# If archive_cmds runs LD, not CC, wlarc should be empty
wlarc='${wl}'
# Set some defaults for GNU ld with shared library support. These
# are reset later if shared libraries are not supported. Putting them # are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary. # here allows them to be overridden if necessary.
runpath_var=LD_RUN_PATH runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
# ancient GNU ld didn't support --whole-archive et. al. # ancient GNU ld didn't support --whole-archive et. al.
if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' @@ -5322,7 +5322,7 @@ _LT_EOF
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
supports_anon_versioning=no
case `$LD -v 2>&1` in
*GNU\ gold*) supports_anon_versioning=yes ;;
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
*\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
*\ 2.11.*) ;; # other 2.11 versions
*) supports_anon_versioning=yes ;;
esac
# See if GNU ld supports shared libraries.
case $host_os in
aix[[3-9]]*)
# On AIX/PPC, the GNU linker is very broken
if test "$host_cpu" != ia64; then
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: the GNU linker, at least up to release 2.19, is reported
*** to be unable to reliably create shared libraries on AIX.
*** Therefore, libtool is disabling shared libraries support. If you
*** really care for shared libraries, you may want to install binutils
*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
@@ -4897,61 +4897,61 @@
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
case `$LD -v 2>&1` in
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
*** reliably create shared libraries on SCO systems. Therefore, libtool
*** is disabling shared libraries support. We urge you to upgrade GNU
*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
*** your PATH or compiler configuration so that the native linker is
*** used, and then restart.
_LT_EOF
;;
*)
# For security reasons, it is highly recommended that you always
# use absolute paths for naming shared libraries, and exclude the
# DT_RUNPATH tag from executables and libraries. But doing so # DT_RUNPATH tag from executables and libraries. But doing so
# requires that you compile everything twice, which is a pain. # requires that you compile everything twice, which is a pain.
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
else else
_LT_TAGVAR(ld_shlibs, $1)=no @@ -6409,7 +6409,7 @@ if test yes != "$_lt_caught_CXX_error";
fi _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
;; _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
esac
;;
sunos4*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
wlarc=
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
;;
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
runpath_var=
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(export_dynamic_flag_spec, $1)=
@@ -5907,61 +5907,61 @@
else
$as_unset lt_cv_path_LD
fi
test -z "${LDCXX+set}" || LD=$LDCXX
CC=${CXX-"c++"}
CFLAGS=$CXXFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_CC_BASENAME([$compiler])
if test -n "$compiler"; then
# We don't want -fno-exception when compiling C++ code, so set the
# no_builtin_flag separately
if test "$GXX" = yes; then
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
else
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
fi
if test "$GXX" = yes; then
# Set up default GNU C++ configuration
LT_PATH_LD
# Check if GNU C++ uses GNU ld as the underlying linker, since the
# archiving commands below assume that GNU ld is being used.
if test "$with_gnu_ld" = yes; then
_LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
# If archive_cmds runs LD, not CC, wlarc should be empty # If archive_cmds runs LD, not CC, wlarc should be empty
# XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
# investigate it a little bit more. (MM)
wlarc='${wl}'
# ancient GNU ld didn't support --whole-archive et. al.
if eval "`$CC -print-prog-name=ld` --help 2>&1" |
$GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
else
with_gnu_ld=no
wlarc=
# A generic and very simple default shared library creation
# command for GNU C++ for the case where it uses the native
# linker, instead of GNU ld. If possible, this setting should
# overridden to take advantage of the native linker features on
# the platform it is being used on.
_LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
fi
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'

35
apache2-mod_security2.changes
View File

@ -1,3 +1,38 @@
-------------------------------------------------------------------
Fri Dec 29 00:09:38 UTC 2017 - jengelh@inai.de
- Trim advertisement and filler wording from descriptions.
-------------------------------------------------------------------
Wed Dec 20 09:13:49 UTC 2017 - pgajdos@suse.com
- fix build for SLE_11_SP4: BuildRoot and %deffattr have to be
present
-------------------------------------------------------------------
Mon Oct 2 11:02:58 UTC 2017 - kstreitova@suse.com
- update to 2.9.2
* release notes
https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2
* refresh apache2-mod_security2-no_rpath.diff
* remove apache2-mod_security2-lua-5.3.patch that was applied
upstream
- remove outdated html pages and diagram (they can be accessed
online at https://github.com/SpiderLabs/ModSecurity/wiki)
* Reference-Manual.html.bz2
* ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
* modsecurity_diagram_apache_request_cycle.jpg
- don't pack the whole doc directory as it contains also Makefiles
or doxygen configuration files
- disable mlogc as we don't pack it and it also can't be built for
curl <=7.34
- add basic and regression test suite (but disabled for now)
* add apache2-mod_security2_tests_conf.patch for apache2
configuration file used for tests that was trying to load
mpm_worker_module (it's static for our apache2 package)
* add "BuildRequires: perl-libwww-perl" needed for the test suite
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 21 10:16:28 UTC 2017 - dimstar@opensuse.org Wed Jun 21 10:16:28 UTC 2017 - dimstar@opensuse.org

51
apache2-mod_security2.spec
View File

@ -19,27 +19,21 @@
%define modname mod_security2 %define modname mod_security2
%define tarballname modsecurity-%{version} %define tarballname modsecurity-%{version}
%define usrsharedir %{_datadir}/%{name} %define usrsharedir %{_datadir}/%{name}
%define refman Reference-Manual.html
%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html
Name: apache2-mod_security2 Name: apache2-mod_security2
Version: 2.9.0 Version: 2.9.2
Release: 0 Release: 0
Summary: ModSecurity Open Source Web Application Firewall Summary: Web Application Firewall for apache httpd
License: Apache-2.0 License: Apache-2.0
Group: Productivity/Networking/Web/Servers Group: Productivity/Networking/Web/Servers
Url: http://www.modsecurity.org/ Url: http://www.modsecurity.org/
Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz
Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
Source2: mod_security2.conf Source2: mod_security2.conf
Source3: %{refman}.bz2
Source4: %{faq}.bz2
Source5: modsecurity_diagram_apache_request_cycle.jpg
Source6: README-SUSE-mod_security2.txt Source6: README-SUSE-mod_security2.txt
Source7: empty.conf Source7: empty.conf
Patch0: apache2-mod_security2-no_rpath.diff Patch0: apache2-mod_security2-no_rpath.diff
Patch1: modsecurity-fixes.patch Patch1: modsecurity-fixes.patch
# https://github.com/SpiderLabs/ModSecurity/pull/837 Patch2: apache2-mod_security2_tests_conf.patch
Patch2: apache2-mod_security2-lua-5.3.patch
BuildRequires: apache-rpm-macros BuildRequires: apache-rpm-macros
BuildRequires: apache2-devel BuildRequires: apache2-devel
BuildRequires: apache2-prefork BuildRequires: apache2-prefork
@ -51,42 +45,40 @@ BuildRequires: libtool
BuildRequires: libxml2-devel BuildRequires: libxml2-devel
BuildRequires: lua-devel BuildRequires: lua-devel
BuildRequires: pcre-devel BuildRequires: pcre-devel
BuildRequires: perl-libwww-perl
BuildRequires: pkgconfig BuildRequires: pkgconfig
Requires: %{apache_mmn} Requires: %{apache_mmn}
Requires: %{apache_suse_maintenance_mmn} Requires: %{apache_suse_maintenance_mmn}
Requires: apache2 Requires: apache2
%if 0%{suse_version} == 1110
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%endif
%description %description
ModSecurity(TM) is an open source intrusion detection and prevention ModSecurity is an intrusion detection and prevention
engine for web applications (or a web application firewall). Operating engine for web applications (or a web application firewall). Operating
as an Apache Web server module or standalone, the purpose of as an Apache Web server module or standalone, the purpose of
ModSecurity is to increase web application security, protecting web ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks. applications from known and unknown attacks.
The modsecurity team also offer a commercial version of their excellent
ruleset. Please have a look at http://www.modsecurity.org/ for more details.
%prep %prep
%setup -q -n %{tarballname} %setup -q -n %{tarballname}
%setup -q -D -T -a 1 -n %{tarballname} %setup -q -D -T -a 1 -n %{tarballname}
mv -v SpiderLabs* rules mv -v SpiderLabs* rules
bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3} %{_sourcedir}/%{refman}
bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4} %{_sourcedir}/%{faq}
%patch0 %patch0
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%build %build
# aclocal only works with never distributions, # aclocal only works with newer distributions
%if 0%{?suse_version} >= 1310 %if 0%{?suse_version} >= 1310
aclocal aclocal
# on older versions only autoconf is called. # on older versions only autoconf is called
%else %else
autoreconf -fi autoreconf -fi
%endif %endif
automake automake
%configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config %configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config --disable-mlogc
CFLAGS="%{optflags}" make %{?_smp_mflags} CFLAGS="%{optflags}" make %{?_smp_mflags}
%install %install
@ -99,16 +91,12 @@ install -d -m 0755 %{buildroot}%{apache_sysconfdir}/mod_security2.d
install -D -m 0644 %{SOURCE6} %{buildroot}%{apache_sysconfdir}/mod_security2.d install -D -m 0644 %{SOURCE6} %{buildroot}%{apache_sysconfdir}/mod_security2.d
install -D -m 0644 %{SOURCE7} %{buildroot}%{apache_sysconfdir}/mod_security2.d install -D -m 0644 %{SOURCE7} %{buildroot}%{apache_sysconfdir}/mod_security2.d
cp -a %{SOURCE6} doc cp -a %{SOURCE6} doc
install -m 0644 %{_sourcedir}/%{faq} %{_sourcedir}/%{refman} doc
install -m 0644 %{SOURCE5} doc
install -d -m 0755 %{buildroot}/%{usrsharedir} install -d -m 0755 %{buildroot}/%{usrsharedir}
install -d -m 0755 %{buildroot}/%{usrsharedir}/tools install -d -m 0755 %{buildroot}/%{usrsharedir}/tools
install -d -m 0755 %{buildroot}/%{usrsharedir}
rm -f rules/.gitignore rules/LICENSE rm -f rules/.gitignore rules/LICENSE
cp -a rules/util/README %{buildroot}/%{usrsharedir}/tools/README-rules-updater.txt cp -a rules/util/README %{buildroot}/%{usrsharedir}/tools/README-rules-updater.txt
cp -a tools/rules-updater.pl tools/rules-updater-example.conf %{buildroot}/%{usrsharedir}/tools cp -a tools/rules-updater.pl tools/rules-updater-example.conf %{buildroot}/%{usrsharedir}/tools
find rules -type f -print0 | \ find rules -type f -exec chmod 644 {} +
xargs -0 chmod 644
cp -a rules %{buildroot}/%{usrsharedir} cp -a rules %{buildroot}/%{usrsharedir}
rm -rf %{buildroot}/%{usrsharedir}/rules/util rm -rf %{buildroot}/%{usrsharedir}/rules/util
rm -rf %{buildroot}/%{usrsharedir}/rules/lua rm -rf %{buildroot}/%{usrsharedir}/rules/lua
@ -117,7 +105,11 @@ rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rule
mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \ mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
%{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf
%check # Temporarily disable test suite as there are some failures that need to be solved
#%check
#make test
#make test-regression
set +x set +x
mkdir -p %{apache_test_module_dir} mkdir -p %{apache_test_module_dir}
cp %{SOURCE2} %{apache_test_module_dir}/%{modname}-test.conf cp %{SOURCE2} %{apache_test_module_dir}/%{modname}-test.conf
@ -128,15 +120,18 @@ sed -i 's:%{_sysconfdir}/apache2:%{buildroot}%{_sysconfdir}/apache2:' %{apache_t
set -x set -x
%files %files
%defattr(-, root, root, 0755) %if %{suse_version} == 1110
%defattr (-,root,root)
%endif
%{apache_libexecdir}/%{modname}.so %{apache_libexecdir}/%{modname}.so
%config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf %config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf
%dir %{apache_sysconfdir}/mod_security2.d %dir %{apache_sysconfdir}/mod_security2.d
%{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt %{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt
%{apache_sysconfdir}/mod_security2.d/empty.conf %{apache_sysconfdir}/mod_security2.d/empty.conf
%dir %{usrsharedir}
%doc README.TXT CHANGES LICENSE NOTICE authors.txt
%{usrsharedir} %{usrsharedir}
%doc doc/* rules/util/regression-tests %doc README.TXT CHANGES LICENSE NOTICE authors.txt
%doc doc/README.txt
%doc doc/README-SUSE-mod_security2.txt
%doc rules/util/regression-tests
%changelog %changelog

14
apache2-mod_security2_tests_conf.patch Normal file
View File

@ -0,0 +1,14 @@
Index: modsecurity-2.9.2/tests/regression/server_root/conf/httpd.conf.in
===================================================================
--- modsecurity-2.9.2.orig/tests/regression/server_root/conf/httpd.conf.in
+++ modsecurity-2.9.2/tests/regression/server_root/conf/httpd.conf.in
@@ -14,9 +14,6 @@ LoadModule security2_module @MSC_BASE_DI
<IfModule !mod_unixd.c>
LoadModule unixd_module @APXS_LIBEXECDIR@/mod_unixd.so
</IfModule>
- <IfModule !mpm_worker_module>
- LoadModule mpm_worker_module @APXS_LIBEXECDIR@/mod_mpm_worker.so
- </IfModule>
LoadModule access_compat_module @APXS_LIBEXECDIR@/mod_access_compat.so
LoadModule authn_core_module @APXS_LIBEXECDIR@/mod_authn_core.so
LoadModule authz_core_module @APXS_LIBEXECDIR@/mod_authz_core.so

3
modsecurity-2.9.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434
size 4246467

3
modsecurity-2.9.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5
size 4298993

3
modsecurity_diagram_apache_request_cycle.jpg
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4366e727c511bccbf56ec646dd0961c65c8054fdc235ab26e06e3faf08052f6d
size 46799