rpm/apache2-mod_security2
SHA256
1
0
Fork 0
forked from pool/apache2-mod_security2
Code Pull Requests Activity
fdf6dd2bf3
apache2-mod_security2/apache2-mod_security2.spec
Roman Drahtmueller fdf6dd2bf3 Accepting request 206042 from home:draht:branches:Apache:Modules 
- complete overhaul of this package, with update to 2.7.5.
- ruleset update to 2.2.8-0-g0f07cbb.
- new configuration framework private to mod_security2:
  /etc/apache2/conf.d/mod_security2.conf loads
  /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf,
  then /etc/apache2/mod_security2.d/*.conf , as set up based on
  advice in /etc/apache2/conf.d/mod_security2.conf
  Your configuration starting point is
  /etc/apache2/conf.d/mod_security2.conf
- !!! Please note that mod_unique_id is needed for mod_security2 to run!
- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
  linker parameter, preventing rpath in shared object.
- fixes contained for the following bugs:
  * CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
  * [bnc#768293] multi-part bypass, minor threat
  * CVE-2013-1915 [bnc#813190] XML external entity vulnerability
  * CVE-2012-4528 [bnc#789393] rule bypass
  * CVE-2013-2765 [bnc#822664] null pointer dereference crash
- new from 2.5.9 to 2.7.5, only major changes:
  * GPLv2 replaced by Apache License v2
  * rules are not part of the source tarball any longer, but
    maintaned upstream externally, and included in this package.
  * documentation was externalized to a wiki. Package contains
    the FAQ and the reference manual in html form.
  * renamed the term "Encryption" in directives that actually refer
    to hashes. See CHANGES file for more details.
  * new directive SecXmlExternalEntity, default off
  * byte conversion issues on s390x when logging fixed.
  * many small issues fixed that were discovered by a Coverity scanner
  * updated reference manual

OBS-URL: https://build.opensuse.org/request/show/206042
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=42
2013-11-06 23:16:14 +00:00

141 lines
5.4 KiB
RPMSpec
Raw Blame History

#
# spec file for package apache2-mod_security2
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: apache2-mod_security2
Version: 2.7.5
Release: 0
%define aversion 2.7.5
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: apache2-devel
BuildRequires: apache2-prefork
BuildRequires: c++_compiler
BuildRequires: curl-devel
BuildRequires: libxml2-devel
BuildRequires: pcre-devel
%define apache apache2
%define modname mod_security2
%define tarballname modsecurity-apache_%{aversion}
%define refman Reference-Manual.html
%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html
%define usrsharedir %{_prefix}/share/%{name}
%{!?apxs: %global apxs /usr/sbin/apxs2}
%{!?apache_libexecdir: %global apache_libexecdir %(%{apxs} -q LIBEXECDIR)}
%{!?apache_sysconfdir: %global apache_sysconfdir %(%{apxs} -q SYSCONFDIR)}
%{!?apache_includedir: %global apache_includedir %(%{apxs} -q INCLUDEDIR)}
%{!?apache_serveroot: %global apache_serverroot %(%{apxs} -q PREFIX)}
%{!?apache_localstatedir: %global apache_localstatedir %(%{apxs} -q LOCALSTATEDIR)}
%{!?apache_mmn: %global apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)}
Requires: %{apache_mmn}
Requires: apache2
#
Url: http://www.modsecurity.org/
Source: http://www.modsecurity.org/download/%{tarballname}.tar.gz
Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz
Source2: mod_security2.conf
Source3: %{refman}.bz2
Source4: %{faq}.bz2
Source5: modsecurity_diagram_apache_request_cycle.jpg
Source6: README-SUSE-mod_security2.txt
#
Patch0: modsecurity-apache_2.7.5-build_fix_pcre.diff
Summary: ModSecurity Open Source Web Application Firewall
License: Apache-2.0
Group: Productivity/Networking/Web/Servers
%description
ModSecurity(TM) is an open source intrusion detection and prevention
engine for web applications (or a web application firewall). Operating
as an Apache Web server module or standalone, the purpose of
ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks.
The modsecurity team also offer a commercial version of their excellent
ruleset. Please have a look at http://www.modsecurity.org/ for more details.
%prep
%setup -n %{tarballname}
#tar -xvjpf %{S:2}
%setup -D -T -a 1 -n %{tarballname}
mv -v SpiderLabs* rules
bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3} %{_sourcedir}/%{refman}
bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4} %{_sourcedir}/%{faq}
%patch0
#%patch1
#%patch2
%build
%configure --with-apxs=%{apxs} --enable-request-early --enable-htaccess-config
make %{?_smp_mflags}
%install
pushd %{apache}
install -d -m 0755 %{buildroot}%{apache_libexecdir}
install -m 0755 .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so
popd
install -D -m 0644 %{SOURCE2} %{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf
install -d -m 0755 %{buildroot}%{apache_sysconfdir}/mod_security2.d
install -D -m 0644 %{SOURCE6} %{buildroot}%{apache_sysconfdir}/mod_security2.d
cp -a %{SOURCE6} doc
install -m 0644 %{_sourcedir}/%{faq} %{_sourcedir}/%{refman} doc
install -m 0644 %{SOURCE5} doc
install -d -m 0755 %{buildroot}/%{usrsharedir}
install -d -m 0755 %{buildroot}/%{usrsharedir}/tools
install -d -m 0755 %{buildroot}/%{usrsharedir}
rm -f rules/.gitignore rules/LICENSE
cp -a rules/util/README %{buildroot}/%{usrsharedir}/tools/README-rules-updater.txt
cp -a tools/rules-updater.pl tools/rules-updater-example.conf %{buildroot}/%{usrsharedir}/tools
find rules -type f -print0 | \
xargs -0 chmod 644
cp -a rules %{buildroot}/%{usrsharedir}
rm -rf %{buildroot}/%{usrsharedir}/rules/util
rm -rf %{buildroot}/%{usrsharedir}/rules/lua
rm -f %{buildroot}/%{usrsharedir}/rules/READM*
rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rules/CHANGELOG
mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
%{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf
%clean
%{__rm} -rf %{buildroot};
%{__rm} -f %{_sourcedir}/%{faq} %{_sourcedir}/%{refman}
%files
%defattr(-, root, root, 0755)
%{apache_libexecdir}/%{modname}.so
%config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf
%dir %{apache_sysconfdir}/mod_security2.d
%{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt
%dir %{usrsharedir}
#%dir %{usrsharedir}/tools
#%dir %{usrsharedir}/rules
%doc README.TXT CHANGES LICENSE NOTICE authors.txt
%{usrsharedir}
#%{usrsharedir}/rules/activated_rules
#%{usrsharedir}/rules/base_rules
#%{usrsharedir}/rules/experimental_rules
#%{usrsharedir}/rules/optional_rules
#%{usrsharedir}/rules/slr_rules
%doc doc/*
#rules/util/regression_tests
%changelog
View Git Blame Copy Permalink