demus/mod_security_crs-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: demus:main
Branches Tags
demus:main
demus:copr-test
demus:copr
demus:f40
demus:rawhide
demus:f39
demus:f38
demus:f37
demus:f35
demus:f36
demus:f34
demus:f33
demus:f32
demus:f31
demus:f30
demus:f29
demus:f28
demus:f27
demus:f26
demus:f25
demus:f24
demus:f23
demus:f21
demus:f22
demus:f20
demus:f19
demus:f18
demus:el5
demus:el6
demus:f17
..
compare: demus:f30
Branches Tags
demus:copr-test
demus:copr
demus:main
demus:f40
demus:rawhide
demus:f39
demus:f38
demus:f37
demus:f35
demus:f36
demus:f34
demus:f33
demus:f32
demus:f31
demus:f30
demus:f29
demus:f28
demus:f27
demus:f26
demus:f25
demus:f24
demus:f23
demus:f21
demus:f22
demus:f20
demus:f19
demus:f18
demus:el5
demus:el6
demus:f17

No commits in common. "main" and "f30" have entirely different histories.
main ... f30

4 changed files with 1374 additions and 113 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -6,7 +6,3 @@
/SpiderLabs-owasp-modsecurity-crs-2.2.9-19-ga57031b.tar.gz
/owasp-modsecurity-crs-f16e0b1.tar.gz
/owasp-modsecurity-crs-3.0.0.tar.gz
/owasp-modsecurity-crs-3.2.0.tar.gz
/v3.3.0.tar.gz
/v3.3.4.tar.gz
/v4.2.0.tar.gz

1351
mod_security_crs-fix-incompatible-rules.patch Normal file
View File

File diff suppressed because it is too large Load Diff

130
mod_security_crs.spec
View File

@ -1,135 +1,49 @@
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
Summary: ModSecurity Core Ruleset
Summary: ModSecurity Rules
Name: mod_security_crs
Version: 4.2.0
Release: 2%{?dist}
License: Apache-2.0
URL: https://coreruleset.org/
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
Version: 3.0.0
Release: 8%{?dist}
License: ASL 2.0
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
Source: https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v%{version}/owasp-modsecurity-crs-%{version}.tar.gz
BuildArch: noarch
Requires: mod_security >= 2.9.6
Requires: mod_security >= 2.8.0
Obsoletes: mod_security_crs-extras < 3.0.0
# Patch0: mod_security_crs-XXX.patch
%description
This package provides the base rules for mod_security.
%prep
%autosetup -p1 -S gendiff -n coreruleset-%{version}
%setup -q -n owasp-modsecurity-crs-%{version}
%build
%install
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/plugins
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
# To exclude rules (pre/post)
%{__mv} rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
%{__mv} rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
%{__install} -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
%{__install} -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
%{__install} -m0644 plugins/* %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins/
%{__mv} crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
install -m0644 rules/* %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
%post
if [ $1 == 1 ]; then
# activate base_rules
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
%{__ln_s} %{_datarootdir}/mod_modsecurity_crs/rules/$f %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
done
%{__sed} -i '/IncludeOptional modsecurity\.d\/\*\.conf/ a\ IncludeOptional modsecurity.d\/plugins\/*-config.conf\n IncludeOptional modsecurity.d\/plugins\/*-before.conf' %{_httpd_confdir}/mod_security.conf
%{__sed} -i '/Include modsecurity\.d\/\*\.conf/a\ Include modsecurity.d/plugins/*-config.conf\n Include modsecurity.d/plugins/*-before.conf' %{_httpd_confdir}/mod_security.conf
%{__sed} -i '/IncludeOptional modsecurity\.d\/local_rules\/\*\.conf/a\ IncludeOptional modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
%{__sed} -i '/Include modsecurity\.d\/local_rules\/\*\.conf/a\ Include modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
fi
exit 0
# activate base_rules
for f in `ls %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/` ; do
ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
done
%preun
if [ $1 == 0 ]; then
%{__sed} -i -E '/Include(Optional)? modsecurity\.d\/plugins/d' %{_httpd_confdir}/mod_security.conf
for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do
%{__rm} %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
done
fi
exit 0
%files
%license LICENSE
%doc CHANGES.md README.md
%{_datarootdir}/mod_modsecurity_crs
%{_sysconfdir}/httpd/modsecurity.d/plugins
%doc CHANGES README.md
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/plugins/*
%{_datarootdir}/mod_modsecurity_crs
%changelog
* Tue Jul 9 2024 Daniel Demus <daniel-fedoauth@demus.dk> - 4.2.0-2
- Prepare for plugins (see https://coreruleset.org/20220112/crs-plugin-mechanism/)
* Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1
- new version 4.2.0
- switch to autosetup
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 06 2023 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-5
- SPDX migration
* Mon Mar 20 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 3.3.4-4
- Change URL to new official homepage
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-2
- Add Early blocking feature patch again
* Fri Sep 30 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
- new version 3.3.4
* Wed Sep 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.0-6
- Fix application of early blocking patch
* Wed Aug 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.0-5
- Backport early blocking feature
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Mar 05 2021 Lubos Uhliarik <luhliari@redhat.com> - 3.2.0-1
- new version 3.2.0
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (v4.2.0.tar.gz) = 041556b2071385c10a4b4a29ad4f926ee86f819f8b9c95f849e76b3d2724d5fc29c21a69f9eba6fd62e7f5709a109a95feca67a19d8c8d1f0410ee2987ac7a6b
SHA512 (owasp-modsecurity-crs-3.0.0.tar.gz) = 14a5a231d20dcfebe3e2d5344fe07db56d50ef87d22dd07f22cf2539b1988a5511a514503c9896e857e08f19b8b30f489c9f8b0b6c33b7013f94e36cfa719471