[mod_security/el6] Import rawhide changes to epel6

Athmane Madjoudj athmane at fedoraproject.org
Sat Aug 25 15:05:28 UTC 2012 

commit d934a872f3e31e0a129feb6a92481e3ff7f2c657
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date:   Fri Aug 24 16:03:36 2012 +0100

    Import rawhide changes to epel6

 mod_security.conf |   27 +++++------
 mod_security.spec |  135 ++++++++++++++++++++++++++++++++++++++++++-----------
 sources           |    2 +-
 3 files changed, 121 insertions(+), 43 deletions(-)
---
diff --git a/mod_security.conf b/mod_security.conf
index ad67068..7468a05 100644
--- a/mod_security.conf
+++ b/mod_security.conf
@@ -1,15 +1,13 @@
-# Example configuration file for the mod_security Apache module
 
 LoadModule security2_module modules/mod_security2.so
 LoadModule unique_id_module modules/mod_unique_id.so
 
 <IfModule mod_security2.c>
 	# This is the ModSecurity Core Rules Set.
-	
+
 	# Basic configuration goes in here
 	Include modsecurity.d/*.conf
-	Include modsecurity.d/base_rules/*.conf
-	Include modsecurity.d/modsecurity_localrules.conf
+	Include modsecurity.d/activated_rules/*.conf
 
 	# Additional items taken from new minimal modsecurity conf
 	# Basic configuration options
@@ -17,10 +15,6 @@ LoadModule unique_id_module modules/mod_unique_id.so
 	SecRequestBodyAccess On
 	SecResponseBodyAccess Off
 	
-	# PCRE Tuning
-	SecPcreMatchLimit 1000
-	SecPcreMatchLimitRecursion 1000
-
 	# Handling of file uploads
 	# TODO Choose a folder private to Apache.
 	# SecUploadDir /opt/apache-frontend/tmp/
@@ -28,18 +22,24 @@ LoadModule unique_id_module modules/mod_unique_id.so
 	SecUploadFileLimit 10
 
 	# Debug log
-	SecDebugLog logs/modsec_debug.log
+	SecDebugLog /var/log/httpd/modsec_debug.log
 	SecDebugLogLevel 0
 
-	# Serial audit log
+	# Audit log
 	SecAuditEngine RelevantOnly
 	SecAuditLogRelevantStatus ^5
-	SecAuditLogParts ABIFHZ
 	SecAuditLogType Serial
-	SecAuditLog logs/modsec_audit.log
+	SecAuditLogParts ABIFHZ
+	SecAuditLog /var/log/httpd/modsec_audit.log
+
+	# Alternative mlogc configuration
+	#SecAuditLogType Concurrent
+	#SecAuditLogParts ABIDEFGHZ
+	#SecAuditLogStorageDir /var/log/mlogc/data
+	#SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"
 
 	# Set Data Directory
-	SecDataDir logs/
+	SecDataDir /var/log/httpd/
 
 	# Maximum request body size we will
 	# accept for buffering
@@ -89,5 +89,4 @@ LoadModule unique_id_module modules/mod_unique_id.so
 	#
 	SecRule TX:/^MSC_/ "!@streq 0" \
 	        "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
-
 </IfModule>
diff --git a/mod_security.spec b/mod_security.spec
index b4f9365..c9f60ad 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -1,15 +1,20 @@
+%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
+%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}}
+# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
+%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
+%{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
+%{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}
+
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
-Version: 2.5.12
-Release: 2%{?dist}
-License: GPLv2
+Version: 2.6.6
+Release: 3%{?dist}
+License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
 Source1: mod_security.conf
-Source2: modsecurity_localrules.conf
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
+Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
 
 %description
@@ -17,44 +22,118 @@ ModSecurity is an open source intrusion detection and prevention engine
 for web applications. It operates embedded into the web server, acting
 as a powerful umbrella - shielding web applications from attacks.
 
-%prep
+%if 0%{?fedora}
+%package -n     mlogc
+Summary:        ModSecurity Audit Log Collector
+Group:          System Environment/Daemons
+Requires:       mod_security
 
-%setup -n modsecurity-apache_%{version}
+%description -n mlogc
+This package contains the ModSecurity Audit Log Collector.
+%endif
+
+%prep
+%setup -q -n modsecurity-apache_%{version}
 
 %build
-cd apache2
-%configure
+%configure --enable-pcre-match-limit=1000000 \
+           --enable-pcre-match-limit-recursion=1000000 \
+           --with-apxs=%{_httpd_apxs}
+# remove rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
 make %{_smp_mflags}
-make %{_smp_mflags} mlogc
 
 %install
 rm -rf %{buildroot}
-install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so
-install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/mod_security.conf
-install -d %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-install -D -m644 rules/*.conf %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-cp -R rules/base_rules %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-cp -R rules/optional_rules %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_localrules.conf
-install -Dp tools/mlogc %{buildroot}/%{_bindir}/mlogc
-install -D -m644 apache2/mlogc-src/mlogc-default.conf %{buildroot}/%{_sysconfdir}/mlogc.conf
+
+install -d %{buildroot}%{_sbindir}
+install -d %{buildroot}%{_bindir}
+install -d %{buildroot}%{_httpd_moddir}
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
+
+install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
+
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+# 2.4-style
+sed -n /^LoadModule/p %{SOURCE1} > 10-mod_security.conf
+sed    /LoadModule/d  %{SOURCE1} > mod_security.conf
+touch -r %{SOURCE1} *.conf
+install -Dp -m0644 mod_security.conf %{buildroot}%{_httpd_confdir}/mod_security.conf
+install -Dp -m0644 10-mod_security.conf %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
+%else
+# 2.2-style
+install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
+%endif
+
+%if 0%{?fedora}
+# mlogc
+install -d %{buildroot}%{_localstatedir}/log/mlogc
+install -d %{buildroot}%{_localstatedir}/log/mlogc/data
+install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
+install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
+install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
+%endif
 
 %clean
 rm -rf %{buildroot}
 
 %files
 %defattr (-,root,root)
-%doc rules/util CHANGES LICENSE README.* modsecurity* doc MODSECURITY_LICENSING_EXCEPTION
-%{_libdir}/httpd/modules/mod_security2.so
-%{_bindir}/mlogc
-%config(noreplace) %{_sysconfdir}/mlogc.conf
-%config(noreplace) %{_sysconfdir}/httpd/conf.d/mod_security.conf
+%doc CHANGES LICENSE README.TXT NOTICE
+%{_httpd_moddir}/mod_security2.so
+%config(noreplace) %{_httpd_confdir}/*.conf
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+%config(noreplace) %{_httpd_modconfdir}/*.conf
+%endif
 %dir %{_sysconfdir}/httpd/modsecurity.d
-%{_sysconfdir}/httpd/modsecurity.d/optional_rules
-%{_sysconfdir}/httpd/modsecurity.d/base_rules
-%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/*.conf
+%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
+
+%if 0%{?fedora}
+%files -n mlogc
+%defattr (-,root,root)
+%doc mlogc/INSTALL
+%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
+%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
+%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
+%attr(0755,root,root) %{_bindir}/mlogc
+%attr(0755,root,root) %{_bindir}/mlogc-batch-load
+%endif
 
 %changelog
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.6.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jun 22 2012 Peter Vrabec <pvrabec at redhat.com> - 2.6.6-2
+- mlogc subpackage is not provided on RHEL
+ 
+* Thu Jun 21 2012 Peter Vrabec <pvrabec at redhat.com> - 2.6.6-1
+- upgrade
+
+* Mon May  7 2012 Joe Orton <jorton at redhat.com> - 2.6.5-3
+- packaging fixes
+
+* Fri Apr 27 2012 Peter Vrabec <pvrabec at redhat.com> 2.6.5-2
+- fix license tag
+
+* Thu Apr 05 2012 Peter Vrabec <pvrabec at redhat.com> 2.6.5-1
+- upgrade & move rules into new package mod_security_crs
+
+* Fri Feb 10 2012 Petr Pisar <ppisar at redhat.com> - 2.5.13-3
+- Rebuild against PCRE 8.30
+- Do not install non-existing files
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.5.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Wed May 3 2011 Michael Fleming <mfleming+rpm at thatfleminggent.com> - 2.5.13-1
+- Newer upstream version
+
+* Wed Jun 30 2010 Michael Fleming <mfleming+rpm at thatfleminggent.com> - 2.5.12-3
+- Fix log dirs and files ordering per bz#569360
+
 * Thu Apr 29 2010 Michael Fleming <mfleming+rpm at thatfleminggent.com> - 2.5.12-2
 - Fix SecDatadir and minimal config per bz #569360
 
diff --git a/sources b/sources
index 5745ecc..a905892 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f7d14b97bbe54ecb953125b0f9b87a24  modsecurity-apache_2.5.12.tar.gz
+bc2ebcf326589c67fb6b53f630768c4e  modsecurity-apache_2.6.6.tar.gz

More information about the scm-commits mailing list