diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2009-07-14 17:09:30 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2009-07-14 17:09:30 +0000 |
| commit | 6f5e6f61fb85248d2fd9e9507f3b6f7ee8a33ee6 (patch) | |
| tree | f1d1ad268fac8769c8e9a793b6a370b8db2f50cd /www-apache/mod_security | |
| parent | Version bump (diff) | |
| download | historical-6f5e6f61fb85248d2fd9e9507f3b6f7ee8a33ee6.tar.gz historical-6f5e6f61fb85248d2fd9e9507f3b6f7ee8a33ee6.tar.bz2 historical-6f5e6f61fb85248d2fd9e9507f3b6f7ee8a33ee6.zip | |
Add patch to properly build with --as-needed (thanks to Christian Ruppert in bug #276272 — this required an extra fix to the autotools); add a perl USE flag to disable the update script and add the libwww-perl dependency (thanks again to Christian in bug #275864), and add a notice about the draconic command injection rule (bug #223815 reported by David Sommerseth.
Package-Manager: portage-2.2_rc33/cvs/Linux x86_64
Diffstat (limited to 'www-apache/mod_security')
| -rw-r--r-- | www-apache/mod_security/ChangeLog | 14 | ||||
| -rw-r--r-- | www-apache/mod_security/Manifest | 12 | ||||
| -rw-r--r-- | www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch | 26 | ||||
| -rw-r--r-- | www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch | 13 | ||||
| -rw-r--r-- | www-apache/mod_security/mod_security-2.5.9-r1.ebuild | 112 |
5 files changed, 171 insertions, 6 deletions
diff --git a/www-apache/mod_security/ChangeLog b/www-apache/mod_security/ChangeLog index 3f540c917704..44c40181fbe1 100644 --- a/www-apache/mod_security/ChangeLog +++ b/www-apache/mod_security/ChangeLog @@ -1,6 +1,18 @@ # ChangeLog for www-apache/mod_security # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.22 2009/06/14 10:22:26 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.23 2009/07/14 17:09:29 flameeyes Exp $ + +*mod_security-2.5.9-r1 (14 Jul 2009) + + 14 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org> + +mod_security-2.5.9-r1.ebuild, +files/mod_security-2.5.9-as-needed.patch, + files/mod_security-2.5.9-broken-autotools.patch: + Add patch to properly build with --as-needed (thanks to Christian Ruppert + in bug #276272 — this required an extra fix to the autotools); add a + perl USE flag to disable the update script and add the libwww-perl + dependency (thanks again to Christian in bug #275864), and add a notice + about the draconic command injection rule (bug #223815 reported by David + Sommerseth. 14 Jun 2009; Diego E. Pettenò <flameeyes@gentoo.org> metadata.xml: Add myself as maintainer too since I haven't seen Luca in a while. diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest index a5914c83f322..a9d9d71bc4cf 100644 --- a/www-apache/mod_security/Manifest +++ b/www-apache/mod_security/Manifest @@ -2,7 +2,8 @@ Hash: SHA1 AUX 2.1.2/99_mod_security.conf 198 RMD160 cde9de9e21d3e31467737a87fe6af73e18827bc6 SHA1 f41792ed3de6955786d5b08da708c74e2be6d3bf SHA256 45ae219fca3eddadf47b9ebd1ebd44c668833b894a38672c481a828af97cdfcf -AUX mod_security-2.5.9-broken-autotools.patch 1477 RMD160 8e9f43df30c56efa700bd6b52643d61b0c05eadf SHA1 b5863384a9bfbdf9360ede60277ec8516e853df2 SHA256 5d928a541828aaa69d01fffd0956c6f945c9b5858ad2eed2999955ab9ad827e4 +AUX mod_security-2.5.9-as-needed.patch 1166 RMD160 e70d1e0ff9e8396d4447e25bb0664111a27a31ff SHA1 d2e35d9a823ec37fd11119644bff4c2373b31553 SHA256 4438e7cc1675ce23354cd6ba9c74b5b669f2f80629bdd4cc7532e48cda8ebfd5 +AUX mod_security-2.5.9-broken-autotools.patch 2103 RMD160 795e3fc59b881bf02fa5a65b6dae4f120de253f0 SHA1 773a56d9e177056be3de0b0c85747478fb5f3b2f SHA256 68df2416a6b464719fb41772472fd04b196b9fee7e102fc76f95c6827282a283 DIST modsecurity-apache_2.1.2.tar.gz 657803 RMD160 3d0d2a767133ab1ec1ef3848e2f85c3c1652cf1f SHA1 ee0f851308c0b0b87b620c83b3532d495528fa8d SHA256 88644e0a512534e394d434df3f0f233889d9e6a5a91ed2e893b5bb9a4d190c8a DIST modsecurity-apache_2.1.6.tar.gz 679366 RMD160 3133e67f415ba3273563e6f4e0a43c7ecc7812ae SHA1 08c2d18d555159fa7cab626c410f92a7bbfa57b3 SHA256 144e2c82a5b0f356e11148184d97634302c6c4281aef68d2700b970b84536273 DIST modsecurity-apache_2.5.5.tar.gz 1073723 RMD160 04b116c6a1d0d4af38ec100bb62302294bb7106c SHA1 41a08b9af902b67eabaabe2dd3c257d35aaf5d30 SHA256 626909c8408e2fd9e387f592f49e9d2c6501513b4cdc18dd89a8e9f3e124d959 @@ -14,13 +15,14 @@ EBUILD mod_security-2.1.6.ebuild 1424 RMD160 687f4e0692cb8443411d5df23ab9d301215 EBUILD mod_security-2.5.5.ebuild 1577 RMD160 2b281cbafc657bd9ea51f67ff52f6b2c4fa5b2af SHA1 d5435cee8c95bc7f0193d9e2f31a32bdcdee2c3e SHA256 f2421ccda41f7e0576054eccfa07c77b01324c7aca6f4647bf38674b23a24031 EBUILD mod_security-2.5.6.ebuild 1577 RMD160 af8265649bd7c8fed94019abd36ef3964237baed SHA1 f16baa6eefc63b6a56c34e526d3a3ffe36ed4af9 SHA256 1bf795f7bde942f683c0377e876b31eda4df7218fe3e88b1789c644c14a220b2 EBUILD mod_security-2.5.7.ebuild 1577 RMD160 ffebbe02c06231094c07638a9a5be832f355dc1e SHA1 b009ba5eba3475e9cb4535b6ae9a81d53d14abfc SHA256 6fe50278e9dbfad376ebd051c7a52cad7c0fba23cfa5a780b4ae5f8c214edc15 +EBUILD mod_security-2.5.9-r1.ebuild 2771 RMD160 fac65b6f93e65989e8ece989cad07c90ee9d5183 SHA1 2558878fefc64f2446befb2c8c15d83ab28bdd6c SHA256 0889a63a50ef8d3bb9af4091c072798ffb2844fa8d653c6a3302d09fc47c5ab8 EBUILD mod_security-2.5.9.ebuild 1944 RMD160 2007bd7cea81b0179a487ac2c96e1901791b02bb SHA1 0c3a515418374db4cd7e11d95bf6dac31fb5374b SHA256 aa0c4b31738d2c5da6e7ace0d766fceaf9fd5c8cccd8f8707ad9ef36a1912c88 -MISC ChangeLog 7311 RMD160 a639fb35663707651e564f611ffcaa987f187164 SHA1 9bee925e708b721a242ada2048b5daeb66be2929 SHA256 f566f08ffa44cb83b865155acbe62f18671877e34da5781165e92a9c471ad0c7 +MISC ChangeLog 7914 RMD160 c1ca686e4ee2b430c9e8cd47b325252f24bd7163 SHA1 485a96fa7ed08960a57ea0503340ba0c527e628b SHA256 8c7edad618412332a028f994f7dc1771252f13f51996aad78c8ff3b20a38705a MISC metadata.xml 355 RMD160 e410b8b84944364f7964a593beee5dcc44120715 SHA1 43dcb86ef95026473f5b7feedd9bdf9a5c10aa5d SHA256 a5c675cccf7a693a7c467e2e154a55ede60bb80663f10e282cc5dd8c906b7f22 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) -iEYEARECAAYFAko0z2gACgkQAiZjviIA2XgplwCg53b9QiKnN1fmpD1l10oCKdeV -lqQAn0sP9INiRjcFaLOB9K+Fvb1nZofM -=F47J +iEYEARECAAYFAkpcu88ACgkQAiZjviIA2XhFIQCfWOjmcJ0fGNkxiSb795vmRjis +30IAn1MAcviVCAfBGujkNw3tQ5FTkOlm +=DnXg -----END PGP SIGNATURE----- diff --git a/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch b/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch new file mode 100644 index 000000000000..77d093c140cc --- /dev/null +++ b/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch @@ -0,0 +1,26 @@ +diff -Naurp -Naurp modsecurity-apache_2.5.9.old/apache2/Makefile.in modsecurity-apache_2.5.9/apache2/Makefile.in +--- modsecurity-apache_2.5.9.old/apache2/Makefile.in 2009-07-02 19:18:31.000000000 +0200 ++++ modsecurity-apache_2.5.9/apache2/Makefile.in 2009-07-02 19:48:23.000000000 +0200 +@@ -52,11 +52,11 @@ APU_LIBS = @APU_LIBS@ + APU_LINK_LD = @APU_LINK_LD@ + + CPPFLAGS = @CPPFLAGS@ $(PCRE_CFLAGS) $(LIBXML_CFLAGS) $(LUA_CFLAGS) +-LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML_LIBS) $(LUA_LIBS) ++LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML_LIBS) $(LUA_LIBS) $(APXS_LIBS) $(APR_LIBS) $(APR_LINK_LD) $(APU_LIBS) $(APU_LINK_LD) + LDFLAGS = @LDFLAGS@ + CFLAGS = @CFLAGS@ + +-COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS) $(LIBS) ++COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS) + + INSTALL_MOD_SHARED = $(APXS_WRAPPER) -i + +@@ -93,7 +93,7 @@ mod_security2.la: $(MOD_SECURITY2_H) *.c + src="$$src $$f.c"; \ + done; \ + rm -f msc_test msc_test.o msc_test.lo msc_test.slo; \ +- $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src ++ $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src $(LIBS) + + ### MLogC + mlogc: diff --git a/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch b/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch index 75cbb4600f60..4ef1960d6535 100644 --- a/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch +++ b/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch @@ -32,3 +32,16 @@ Index: modsecurity-apache_2.5.9/apache2/build/find_apu.m4 fi dnl # Look for the config script +Index: modsecurity-apache_2.5.9/apache2/configure.in +=================================================================== +--- modsecurity-apache_2.5.9.orig/apache2/configure.in ++++ modsecurity-apache_2.5.9/apache2/configure.in +@@ -247,7 +247,7 @@ VERSION_OK + if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apxs LIBDIR: $APXS_LIBDIR); fi + # Make sure the lib dir is used + if test -n "$APXS_LIBDIR"; then +- APXS_LIBS="-L{$APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" ++ APXS_LIBS="-L${APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" + else + APXS_LIBS="`$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" + fi diff --git a/www-apache/mod_security/mod_security-2.5.9-r1.ebuild b/www-apache/mod_security/mod_security-2.5.9-r1.ebuild new file mode 100644 index 000000000000..065484a61cce --- /dev/null +++ b/www-apache/mod_security/mod_security-2.5.9-r1.ebuild @@ -0,0 +1,112 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.9-r1.ebuild,v 1.1 2009/07/14 17:09:29 flameeyes Exp $ + +inherit apache-module autotools + +MY_P=${P/mod_security-/modsecurity-apache_} +MY_P=${MY_P/_rc/-rc} + +DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." +HOMEPAGE="http://www.modsecurity.org/" +SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~mips ~ppc ~sparc ~x86" +IUSE="lua perl" + +DEPEND="dev-libs/libxml2 + perl? ( dev-perl/libwww-perl ) + lua? ( >=dev-lang/lua-5.1 )" +RDEPEND="${DEPEND}" + +S="${WORKDIR}/${MY_P}" + +APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" +APACHE2_MOD_CONF="2.1.2/99_mod_security" +APACHE2_MOD_DEFINE="SECURITY" + +need_apache2 + +src_unpack() { + unpack ${A} + + cd "${S}"/apache2 + + epatch "${FILESDIR}"/${P}-broken-autotools.patch + epatch "${FILESDIR}"/${P}-as-needed.patch + + eautoreconf +} + +src_compile() { + cd apache2 + + econf --with-apxs="${APXS}" \ + --without-curl \ + $(use_with lua) \ + || die "econf failed" + + APXS_FLAGS= + for flag in ${CFLAGS}; do + APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" + done + + # Yes we need to prefix it _twice_ + for flag in ${LDFLAGS}; do + APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" + done + + emake \ + APXS_CFLAGS="${CFLAGS}" \ + APXS_LDFLAGS="${LDFLAGS}" \ + APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ + || die "emake failed" +} + +src_test() { + cd apache2 + make test || die +} + +src_install() { + apache-module_src_install + + # install rules updater only if perl is enabled (optionally) + if use perl; then + newbin tools/rules-updater.pl modsec-rules-updater || die + fi + + # install documentation + dodoc CHANGES || die + newdoc rules/CHANGELOG CHANGES.crs || die + newdoc rules/README README.crs || die + dohtml -r doc/* || die + + # Prepare the core ruleset + cd "${S}"/rules/ + + sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die + + insinto ${APACHE_MODULES_CONFDIR}/mod_security/ + for i in *.conf; do + newins ${i} ${i/modsecurity_crs_/} || die + done +} + +pkg_postinst() { + elog "Please note that the core rule set distributed with mod_security is quite" + elog "draconic. If you're using this on a blog, a forum or another user-submitted" + elog "web application where you might talk about standard Unix paths (such as /etc" + elog "or /bin), you might want to disable at least rule 950005 (command injection)" + elog "if you're sure it might not be a security risk." + elog " " + elog "To do that on the most limited case you might want to use something like" + elog "the following code (this comes from a Typo weblog instance):" + elog " " + elog " <Location /comments>" + elog " SecRuleRemoveById 950005" + elog " </Location>" + elog " " +} |