# # spec file for package apache2-mod_security2 (Version 2.5.9) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: apache2-mod_security2 Version: 2.5.9 Release: 1 # License: GPL v2 only; GPLv2 with some FLOSS linking exceptions Group: Productivity/Networking/Web/Servers # BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: apache2-devel apache2-prefork c++_compiler curl-devel libxml2-devel pcre-devel %define apache apache2 %define modname mod_security2 %define tarballname modsecurity-apache_%{version} # %define apxs %{_sbindir}/apxs2 %define apache_libexecdir %(%{apxs} -q LIBEXECDIR) %define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) %define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN && $MMN) Requires: apache2 %{apache_mmn} # Url: http://www.modsecurity.org/ Source: http://www.modsecurity.org/download/%{tarballname}.tar.gz Source1: mod_security2.conf # Summary: ModSecurity Open Source Web Application Firewall %description ModSecurity(TM) is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. %prep %setup -n %{tarballname} %build pushd %{apache} ./configure make make -C mlogc-src/ popd %install pushd %{apache} install -D -m 0755 .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so install -D -m 0755 mlogc-src/mlogc %{buildroot}%{_sbindir}/mlogc install -D -m 0755 mlogc-src/mlogc-batch-load.pl %{buildroot}%{_sbindir}/mlogc-batch-load.pl install -D -m 0640 mlogc-src/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf cp mlogc-src/INSTALL mlogc-src/INSTALL.mlogc popd install -D -m 0644 %{SOURCE1} %{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf %clean %{__rm} -rf %{buildroot}; %files %defattr(-, root, root, 0755) %{apache_libexecdir}/%{modname}.so %config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf %doc doc/html-multipage/ doc/*.pdf %doc README.TXT CHANGES LICENSE MODSECURITY_LICENSING_EXCEPTION modsecurity.conf-minimal %doc apache2/mlogc-src/INSTALL.mlogc apache2/mlogc-src/mlogc-default.conf %doc tools/ rules/ apache2/api/ %{_sbindir}/mlogc %{_sbindir}/mlogc-batch-load.pl %config(noreplace) %{_sysconfdir}/mlogc.conf %changelog * Thu May 14 2009 mrueckert@suse.de - update to version 2.5.9 - Fixed parsing multipart content with a missing part header name which would crash Apache. Discovered by "Internet Security Auditors" (isecauditors.com). - Added ability to specify the config script directly using --with-apr and --with-apu. - Added macro expansion for append/prepend action. - Fixed race condition in concurrent updates of persistent counters. Updates are now atomic. - Cleaned up build, adding an option for verbose configure output and making the mlogc build more portable. - additional changes from 2.5.8 - Fixed PDF XSS issue where a non-GET request for a PDF file would crash the Apache httpd process. Discovered by Steve Grubb at Red Hat. - Removed an invalid "Internal error: Issuing "%%s" for unspecified error." message that was logged when denying with nolog/noauditlog set and causing the request to be audited. - additional changes from 2.5.7 - Fixed XML DTD/Schema validation which will now fail after request body processing errors, even if the XML parser returns a document tree. - Added ctl:forceRequestBodyVariable=on|off which, when enabled, will force the REQUEST_BODY variable to be set when a request body processor is not set. Previously the REQUEST_BODY target was only populated by the URLENCODED request body processor. - Integrated mlogc source. - Fixed logging the hostname in the error_log which was logging the request hostname instead of the Apache resolved hostname. - Allow for disabling request body limit checks in phase:1. - Added transformations for processing parity for legacy protocols ported to HTTP(S): t:parityEven7bit, t:parityOdd7bit, t:parityZero7bit - Added t:cssDecode transformation to decode CSS escapes. - Now log XML parsing/validation warnings and errors to be in the debug log at levels 3 and 4, respectivly. - build and package mlogc - remove --with-apxs from the configure args as it breaks the build configure now finds our apxs2 * Fri Jan 23 2009 skh@suse.de - fix broken config [bnc#457200] * Mon Sep 15 2008 skh@suse.de - update to version 2.5.6 - initial submit to FACTORY * Mon May 12 2008 jg@internetx.de -update to 2.1.7 * Sun Feb 03 2008 jg@internetx.de -update to 2.1.6 * Wed Aug 08 2007 mrueckert@suse.de - update to 2.1.2 * Mon Apr 16 2007 mrueckert@suse.de - update to 2.1.1 - switched to perl based patching instead of cmdline params for make * Fri Sep 22 2006 poeml@suse.de - fix build (./install was vanished)