From 713661ddaabbdb3537703aa46a480d199b230871 Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Mon, 19 Nov 2012 22:00:45 +0100 Subject: [PATCH 1/5] mlogc subpackage is not provided on RHEL7 --- mod_security.spec | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/mod_security.spec b/mod_security.spec index 7491f54..e988638 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -5,10 +5,12 @@ %{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}} %{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}} +%global with_mlogc 0%{?fedora} || 0%{?rhel} <= 6 + Summary: Security module for the Apache HTTP Server Name: mod_security Version: 2.7.1 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 URL: http://www.modsecurity.org/ Group: System Environment/Daemons @@ -22,6 +24,7 @@ ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding web applications from attacks. +%if %with_mlogc %package -n mlogc Summary: ModSecurity Audit Log Collector Group: System Environment/Daemons @@ -29,6 +32,7 @@ Requires: mod_security %description -n mlogc This package contains the ModSecurity Audit Log Collector. +%endif %prep %setup -q -n modsecurity-apache_%{version} @@ -68,12 +72,13 @@ install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name} # mlogc +%if %with_mlogc install -d %{buildroot}%{_localstatedir}/log/mlogc install -d %{buildroot}%{_localstatedir}/log/mlogc/data install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf - +%endif %clean rm -rf %{buildroot} @@ -90,6 +95,7 @@ rm -rf %{buildroot} %dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name} +%if %with_mlogc %files -n mlogc %defattr (-,root,root) %doc mlogc/INSTALL @@ -98,8 +104,12 @@ rm -rf %{buildroot} %attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data %attr(0755,root,root) %{_bindir}/mlogc %attr(0755,root,root) %{_bindir}/mlogc-batch-load +%endif %changelog +* Mon Nov 19 2012 Peter Vrabec 2.7.1-4 +- mlogc subpackage is not provided on RHEL7 + * Thu Nov 15 2012 Athmane Madjoudj 2.7.1-3 - Add some missing directives RHBZ #569360 - Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528) From 712810bae0dac57648f176c8c7e717911c3fccbc Mon Sep 17 00:00:00 2001 From: Athmane Madjoudj Date: Thu, 22 Nov 2012 16:19:21 +0100 Subject: [PATCH 2/5] - Use conditional for loading mod_unique_id (rhbz #879264) - Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz --- 10-mod_security.conf | 5 +++++ mod_security.conf | 3 --- mod_security.spec | 18 +++++++++++------- 3 files changed, 16 insertions(+), 10 deletions(-) create mode 100644 10-mod_security.conf diff --git a/10-mod_security.conf b/10-mod_security.conf new file mode 100644 index 0000000..dfe0955 --- /dev/null +++ b/10-mod_security.conf @@ -0,0 +1,5 @@ +LoadModule security2_module modules/mod_security2.so + + + LoadModule unique_id_module modules/mod_unique_id.so + diff --git a/mod_security.conf b/mod_security.conf index 607e169..809549e 100644 --- a/mod_security.conf +++ b/mod_security.conf @@ -1,6 +1,3 @@ -LoadModule security2_module modules/mod_security2.so -LoadModule unique_id_module modules/mod_unique_id.so - # ModSecurity Core Rules Set configuration Include modsecurity.d/*.conf diff --git a/mod_security.spec b/mod_security.spec index e988638..0b986f7 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -10,12 +10,13 @@ Summary: Security module for the Apache HTTP Server Name: mod_security Version: 2.7.1 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 URL: http://www.modsecurity.org/ Group: System Environment/Daemons Source: https://github.com/downloads/SpiderLabs/ModSecurity/modsecurity-apache_%{version}.tar.gz Source1: mod_security.conf +Source2: 10-mod_security.conf Requires: httpd httpd-mmn = %{_httpd_mmn} BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel @@ -60,14 +61,13 @@ install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_s %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}" # 2.4-style -sed -n /^LoadModule/p %{SOURCE1} > 10-mod_security.conf -sed /LoadModule/d %{SOURCE1} > mod_security.conf -touch -r %{SOURCE1} *.conf -install -Dp -m0644 mod_security.conf %{buildroot}%{_httpd_confdir}/mod_security.conf -install -Dp -m0644 10-mod_security.conf %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf +install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf +install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf +sed -i 's/Include/IncludeOptional/' %{buildroot}%{_httpd_confdir}/mod_security.conf %else # 2.2-style -install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf +install -d -m0755 %{buildroot}%{_httpd_confdir} +cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf %endif install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name} @@ -107,6 +107,10 @@ rm -rf %{buildroot} %endif %changelog +* Thu Nov 22 2012 Athmane Madjoudj 2.7.1-5 +- Use conditional for loading mod_unique_id (rhbz #879264) +- Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2) + * Mon Nov 19 2012 Peter Vrabec 2.7.1-4 - mlogc subpackage is not provided on RHEL7 From 4740edb64156161bd23a88f3f01799ebcc9eee5b Mon Sep 17 00:00:00 2001 From: Athmane Madjoudj Date: Fri, 25 Jan 2013 22:47:37 +0100 Subject: [PATCH 3/5] Update to 2.7.2. Update source in specfile. --- .gitignore | 1 + mod_security.spec | 10 +++++++--- sources | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 1eab4d5..2e1aef3 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ modsecurity-apache_2.5.12.tar.gz /modsecurity-apache_2.6.8.tar.gz /modsecurity-apache_2.7.0.tar.gz /modsecurity-apache_2.7.1.tar.gz +/modsecurity-apache_2.7.2.tar.gz diff --git a/mod_security.spec b/mod_security.spec index 0b986f7..e322c30 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -9,12 +9,12 @@ Summary: Security module for the Apache HTTP Server Name: mod_security -Version: 2.7.1 -Release: 5%{?dist} +Version: 2.7.2 +Release: 1%{?dist} License: ASL 2.0 URL: http://www.modsecurity.org/ Group: System Environment/Daemons -Source: https://github.com/downloads/SpiderLabs/ModSecurity/modsecurity-apache_%{version}.tar.gz +Source: http://www.modsecurity.org/tarball/2.7.2/modsecurity-apache_%{version}.tar.gz Source1: mod_security.conf Source2: 10-mod_security.conf Requires: httpd httpd-mmn = %{_httpd_mmn} @@ -107,6 +107,10 @@ rm -rf %{buildroot} %endif %changelog +* Fri Jan 25 2013 Athmane Madjoudj 2.7.2-1 +- Update to 2.7.2 +- Update source url in the spec. + * Thu Nov 22 2012 Athmane Madjoudj 2.7.1-5 - Use conditional for loading mod_unique_id (rhbz #879264) - Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2) diff --git a/sources b/sources index d778a9e..b6ceafc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -dbd30b714abe831098993213f30c1b96 modsecurity-apache_2.7.1.tar.gz +7112f9e4050277774ccaf4e126cb4517 modsecurity-apache_2.7.2.tar.gz From 1fa7f22d8194540e29be169dab2281ca12ea391b Mon Sep 17 00:00:00 2001 From: Athmane Madjoudj Date: Fri, 25 Jan 2013 22:50:34 +0100 Subject: [PATCH 4/5] Fix typo in source --- mod_security.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod_security.spec b/mod_security.spec index e322c30..f71e20f 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -14,7 +14,7 @@ Release: 1%{?dist} License: ASL 2.0 URL: http://www.modsecurity.org/ Group: System Environment/Daemons -Source: http://www.modsecurity.org/tarball/2.7.2/modsecurity-apache_%{version}.tar.gz +Source: http://www.modsecurity.org/tarball/%{version}/modsecurity-apache_%{version}.tar.gz Source1: mod_security.conf Source2: 10-mod_security.conf Requires: httpd httpd-mmn = %{_httpd_mmn} From cef50fc727b059db5af34ba8157a56d47533f4fb Mon Sep 17 00:00:00 2001 From: Athmane Madjoudj Date: Sat, 30 Mar 2013 17:09:07 +0100 Subject: [PATCH 5/5] - Update to 2.7.3 --- .gitignore | 1 + mod_security.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2e1aef3..616f027 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ modsecurity-apache_2.5.12.tar.gz /modsecurity-apache_2.7.0.tar.gz /modsecurity-apache_2.7.1.tar.gz /modsecurity-apache_2.7.2.tar.gz +/modsecurity-apache_2.7.3.tar.gz diff --git a/mod_security.spec b/mod_security.spec index f71e20f..d467494 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -9,7 +9,7 @@ Summary: Security module for the Apache HTTP Server Name: mod_security -Version: 2.7.2 +Version: 2.7.3 Release: 1%{?dist} License: ASL 2.0 URL: http://www.modsecurity.org/ @@ -107,6 +107,9 @@ rm -rf %{buildroot} %endif %changelog +* Sat Mar 30 2013 Athmane Madjoudj 2.7.3-1 +- Update to 2.7.3 + * Fri Jan 25 2013 Athmane Madjoudj 2.7.2-1 - Update to 2.7.2 - Update source url in the spec. diff --git a/sources b/sources index b6ceafc..1889f7f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7112f9e4050277774ccaf4e126cb4517 modsecurity-apache_2.7.2.tar.gz +4a220bf4b954ed1760462e5956f65b21 modsecurity-apache_2.7.3.tar.gz