Import rawhide changes to epel6

2012-08-24 16:03:36 +01:00 · 2012-08-24 16:03:36 +01:00 · d934a872f3
commit d934a872f3
parent 33b43334cf
3 changed files with 121 additions and 43 deletions
--- a/mod_security.conf
+++ b/mod_security.conf
@ -1,15 +1,13 @@
-# Example configuration file for the mod_security Apache module

 LoadModule security2_module modules/mod_security2.so
 LoadModule unique_id_module modules/mod_unique_id.so

 <IfModule mod_security2.c>
 	# This is the ModSecurity Core Rules Set.
-	
+
 	# Basic configuration goes in here
 	Include modsecurity.d/*.conf
-	Include modsecurity.d/base_rules/*.conf
-	Include modsecurity.d/modsecurity_localrules.conf
+	Include modsecurity.d/activated_rules/*.conf

 	# Additional items taken from new minimal modsecurity conf
 	# Basic configuration options
@ -17,10 +15,6 @@ LoadModule unique_id_module modules/mod_unique_id.so
 	SecRequestBodyAccess On
 	SecResponseBodyAccess Off
 	
-	# PCRE Tuning
-	SecPcreMatchLimit 1000
-	SecPcreMatchLimitRecursion 1000
-
 	# Handling of file uploads
 	# TODO Choose a folder private to Apache.
 	# SecUploadDir /opt/apache-frontend/tmp/
@ -28,18 +22,24 @@ LoadModule unique_id_module modules/mod_unique_id.so
 	SecUploadFileLimit 10

 	# Debug log
-	SecDebugLog logs/modsec_debug.log
+	SecDebugLog /var/log/httpd/modsec_debug.log
 	SecDebugLogLevel 0

-	# Serial audit log
+	# Audit log
 	SecAuditEngine RelevantOnly
 	SecAuditLogRelevantStatus ^5
-	SecAuditLogParts ABIFHZ
 	SecAuditLogType Serial
-	SecAuditLog logs/modsec_audit.log
+	SecAuditLogParts ABIFHZ
+	SecAuditLog /var/log/httpd/modsec_audit.log
+
+	# Alternative mlogc configuration
+	#SecAuditLogType Concurrent
+	#SecAuditLogParts ABIDEFGHZ
+	#SecAuditLogStorageDir /var/log/mlogc/data
+	#SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"

 	# Set Data Directory
-	SecDataDir logs/
+	SecDataDir /var/log/httpd/

 	# Maximum request body size we will
 	# accept for buffering
@ -89,5 +89,4 @@ LoadModule unique_id_module modules/mod_unique_id.so
 	#
 	SecRule TX:/^MSC_/ "!@streq 0" \
 	        "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
-
 </IfModule>
--- a/mod_security.spec
+++ b/mod_security.spec
@ -1,15 +1,20 @@
+%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
+%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}}
+# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
+%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
+%{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
+%{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}
+
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
-Version: 2.5.12
-Release: 2%{?dist}
-License: GPLv2
+Version: 2.6.6
+Release: 3%{?dist}
+License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.gz
 Source1: mod_security.conf
-Source2: modsecurity_localrules.conf
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
+Requires: httpd httpd-mmn = %{_httpd_mmn}
 BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel

 %description
@ -17,44 +22,118 @@ ModSecurity is an open source intrusion detection and prevention engine
 for web applications. It operates embedded into the web server, acting
 as a powerful umbrella - shielding web applications from attacks.

-%prep
+%if 0%{?fedora}
+%package -n     mlogc
+Summary:        ModSecurity Audit Log Collector
+Group:          System Environment/Daemons
+Requires:       mod_security

-%setup -n modsecurity-apache_%{version}
+%description -n mlogc
+This package contains the ModSecurity Audit Log Collector.
+%endif
+
+%prep
+%setup -q -n modsecurity-apache_%{version}

 %build
-cd apache2
-%configure
+%configure --enable-pcre-match-limit=1000000 \
+           --enable-pcre-match-limit-recursion=1000000 \
+           --with-apxs=%{_httpd_apxs}
+# remove rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
 make %{_smp_mflags}
-make %{_smp_mflags} mlogc

 %install
 rm -rf %{buildroot}
-install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so
-install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/mod_security.conf
-install -d %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-install -D -m644 rules/*.conf %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-cp -R rules/base_rules %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-cp -R rules/optional_rules %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/
-install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_localrules.conf
-install -Dp tools/mlogc %{buildroot}/%{_bindir}/mlogc
-install -D -m644 apache2/mlogc-src/mlogc-default.conf %{buildroot}/%{_sysconfdir}/mlogc.conf
+
+install -d %{buildroot}%{_sbindir}
+install -d %{buildroot}%{_bindir}
+install -d %{buildroot}%{_httpd_moddir}
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
+install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
+
+install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
+
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+# 2.4-style
+sed -n /^LoadModule/p %{SOURCE1} > 10-mod_security.conf
+sed    /LoadModule/d  %{SOURCE1} > mod_security.conf
+touch -r %{SOURCE1} *.conf
+install -Dp -m0644 mod_security.conf %{buildroot}%{_httpd_confdir}/mod_security.conf
+install -Dp -m0644 10-mod_security.conf %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
+%else
+# 2.2-style
+install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
+%endif
+
+%if 0%{?fedora}
+# mlogc
+install -d %{buildroot}%{_localstatedir}/log/mlogc
+install -d %{buildroot}%{_localstatedir}/log/mlogc/data
+install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
+install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
+install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
+%endif

 %clean
 rm -rf %{buildroot}

 %files
 %defattr (-,root,root)
-%doc rules/util CHANGES LICENSE README.* modsecurity* doc MODSECURITY_LICENSING_EXCEPTION
-%{_libdir}/httpd/modules/mod_security2.so
-%{_bindir}/mlogc
-%config(noreplace) %{_sysconfdir}/mlogc.conf
-%config(noreplace) %{_sysconfdir}/httpd/conf.d/mod_security.conf
+%doc CHANGES LICENSE README.TXT NOTICE
+%{_httpd_moddir}/mod_security2.so
+%config(noreplace) %{_httpd_confdir}/*.conf
+%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
+%config(noreplace) %{_httpd_modconfdir}/*.conf
+%endif
 %dir %{_sysconfdir}/httpd/modsecurity.d
-%{_sysconfdir}/httpd/modsecurity.d/optional_rules
-%{_sysconfdir}/httpd/modsecurity.d/base_rules
-%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/*.conf
+%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
+
+%if 0%{?fedora}
+%files -n mlogc
+%defattr (-,root,root)
+%doc mlogc/INSTALL
+%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
+%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
+%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
+%attr(0755,root,root) %{_bindir}/mlogc
+%attr(0755,root,root) %{_bindir}/mlogc-batch-load
+%endif

 %changelog
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jun 22 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-2
+- mlogc subpackage is not provided on RHEL
+ 
+* Thu Jun 21 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-1
+- upgrade
+
+* Mon May  7 2012 Joe Orton <jorton@redhat.com> - 2.6.5-3
+- packaging fixes
+
+* Fri Apr 27 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-2
+- fix license tag
+
+* Thu Apr 05 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-1
+- upgrade & move rules into new package mod_security_crs
+
+* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.5.13-3
+- Rebuild against PCRE 8.30
+- Do not install non-existing files
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Wed May 3 2011 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.13-1
+- Newer upstream version
+
+* Wed Jun 30 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-3
+- Fix log dirs and files ordering per bz#569360
+
 * Thu Apr 29 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-2
 - Fix SecDatadir and minimal config per bz #569360

--- a/2
+++ b/2
@ -1 +1 @@
-f7d14b97bbe54ecb953125b0f9b87a24  modsecurity-apache_2.5.12.tar.gz
+bc2ebcf326589c67fb6b53f630768c4e  modsecurity-apache_2.6.6.tar.gz