summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio Pettenò <flameeyes@gentoo.org>2010-09-24 13:06:56 +0000
committerDiego Elio Pettenò <flameeyes@gentoo.org>2010-09-24 13:06:56 +0000
commit0dba49f67ad62558f83ee58ce2dedba1040ed74a (patch)
tree0540f9df0ca8f9171f21a9234953696913e0ef0a /www-apache/mod_security
parentAdd a new revision that doesn't install the Core Rule Set and rather rely on ... (diff)
downloadgentoo-2-0dba49f67ad62558f83ee58ce2dedba1040ed74a.tar.gz
gentoo-2-0dba49f67ad62558f83ee58ce2dedba1040ed74a.tar.bz2
gentoo-2-0dba49f67ad62558f83ee58ce2dedba1040ed74a.zip
Cleanup old versions and unused files.
(Portage version: 2.2_rc86/cvs/Linux x86_64)
Diffstat (limited to 'www-apache/mod_security')
-rw-r--r--www-apache/mod_security/ChangeLog11
-rw-r--r--www-apache/mod_security/files/2.1.2/99_mod_security.conf8
-rw-r--r--www-apache/mod_security/files/mod_security-2.5.10-broken-autotools.patch13
-rw-r--r--www-apache/mod_security/files/mod_security-2.5.11-disable-http-pollution.patch18
-rw-r--r--www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch26
-rw-r--r--www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch47
-rw-r--r--www-apache/mod_security/mod_security-2.5.11-r2.ebuild147
-rw-r--r--www-apache/mod_security/mod_security-2.5.9-r1.ebuild112
8 files changed, 10 insertions, 372 deletions
diff --git a/www-apache/mod_security/ChangeLog b/www-apache/mod_security/ChangeLog
index 2c0002d69657..5abf51689356 100644
--- a/www-apache/mod_security/ChangeLog
+++ b/www-apache/mod_security/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for www-apache/mod_security
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.43 2010/09/24 13:02:45 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.44 2010/09/24 13:06:56 flameeyes Exp $
+
+ 24 Sep 2010; Diego E. Pettenò <flameeyes@gentoo.org>
+ -files/mod_security-2.5.9-as-needed.patch,
+ -files/2.1.2/99_mod_security.conf, -mod_security-2.5.9-r1.ebuild,
+ -files/mod_security-2.5.9-broken-autotools.patch,
+ -files/mod_security-2.5.10-broken-autotools.patch,
+ -mod_security-2.5.11-r2.ebuild,
+ -files/mod_security-2.5.11-disable-http-pollution.patch:
+ Cleanup old versions and unused files.
*mod_security-2.5.12-r1 (24 Sep 2010)
diff --git a/www-apache/mod_security/files/2.1.2/99_mod_security.conf b/www-apache/mod_security/files/2.1.2/99_mod_security.conf
deleted file mode 100644
index 819e52fd2538..000000000000
--- a/www-apache/mod_security/files/2.1.2/99_mod_security.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-<IfDefine SECURITY>
-LoadModule security2_module modules/mod_security2.so
-
-# use Core Rule Set by default:
-Include /etc/apache2/modules.d/mod_security/*.conf
-</IfDefine>
-
-# vim: ts=4 filetype=apache
diff --git a/www-apache/mod_security/files/mod_security-2.5.10-broken-autotools.patch b/www-apache/mod_security/files/mod_security-2.5.10-broken-autotools.patch
deleted file mode 100644
index 6992aa3f1ac3..000000000000
--- a/www-apache/mod_security/files/mod_security-2.5.10-broken-autotools.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: modsecurity-apache_2.5.9/apache2/configure.in
-===================================================================
---- modsecurity-apache_2.5.9.orig/apache2/configure.in
-+++ modsecurity-apache_2.5.9/apache2/configure.in
-@@ -247,7 +247,7 @@ VERSION_OK
- if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apxs LIBDIR: $APXS_LIBDIR); fi
- # Make sure the lib dir is used
- if test -n "$APXS_LIBDIR"; then
-- APXS_LIBS="-L{$APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`"
-+ APXS_LIBS="-L${APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`"
- else
- APXS_LIBS="`$APXS -q LIBS` `$APXS -q EXTRA_LIBS`"
- fi
diff --git a/www-apache/mod_security/files/mod_security-2.5.11-disable-http-pollution.patch b/www-apache/mod_security/files/mod_security-2.5.11-disable-http-pollution.patch
deleted file mode 100644
index 0508d835c7e3..000000000000
--- a/www-apache/mod_security/files/mod_security-2.5.11-disable-http-pollution.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Index: modsecurity-apache_2.5.11/rules/base_rules/modsecurity_crs_40_generic_attacks.conf
-===================================================================
---- modsecurity-apache_2.5.11.orig/rules/base_rules/modsecurity_crs_40_generic_attacks.conf
-+++ modsecurity-apache_2.5.11/rules/base_rules/modsecurity_crs_40_generic_attacks.conf
-@@ -21,13 +21,6 @@
- # Begin RegEx Checks for rules that could not use @pm prequalifications
- #
-
--#
--# HTTP Parameter Pollution
--#
--SecRule ARGS_NAMES ".*" \
-- "chain,phase:2,t:none,nolog,auditlog,pass,capture,setvar:'tx.arg_name_%{tx.0}=+1',msg:'Possible HTTP Parameter Pollution Attack: Multiple Parameters with the same Name.'"
-- SecRule TX:/ARG_NAME_*/ "@gt 1" "t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+20,setvar:tx.web_attack_score=+1,setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%{matched_var}"
--
- SecRule ARGS "(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\'\"\|\;\`\-\s]|$))" \
- "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,block,nolog,auditlog,status:501,msg:'System Command Injection',id:'950907',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+20,setvar:tx.web_attack_score=+1,setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%{matched_var}"
- SecRule "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs|User-Agent)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES" \
diff --git a/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch b/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch
deleted file mode 100644
index 77d093c140cc..000000000000
--- a/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp -Naurp modsecurity-apache_2.5.9.old/apache2/Makefile.in modsecurity-apache_2.5.9/apache2/Makefile.in
---- modsecurity-apache_2.5.9.old/apache2/Makefile.in 2009-07-02 19:18:31.000000000 +0200
-+++ modsecurity-apache_2.5.9/apache2/Makefile.in 2009-07-02 19:48:23.000000000 +0200
-@@ -52,11 +52,11 @@ APU_LIBS = @APU_LIBS@
- APU_LINK_LD = @APU_LINK_LD@
-
- CPPFLAGS = @CPPFLAGS@ $(PCRE_CFLAGS) $(LIBXML_CFLAGS) $(LUA_CFLAGS)
--LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML_LIBS) $(LUA_LIBS)
-+LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML_LIBS) $(LUA_LIBS) $(APXS_LIBS) $(APR_LIBS) $(APR_LINK_LD) $(APU_LIBS) $(APU_LINK_LD)
- LDFLAGS = @LDFLAGS@
- CFLAGS = @CFLAGS@
-
--COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS) $(LIBS)
-+COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS)
-
- INSTALL_MOD_SHARED = $(APXS_WRAPPER) -i
-
-@@ -93,7 +93,7 @@ mod_security2.la: $(MOD_SECURITY2_H) *.c
- src="$$src $$f.c"; \
- done; \
- rm -f msc_test msc_test.o msc_test.lo msc_test.slo; \
-- $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src
-+ $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src $(LIBS)
-
- ### MLogC
- mlogc:
diff --git a/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch b/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch
deleted file mode 100644
index 4ef1960d6535..000000000000
--- a/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Index: modsecurity-apache_2.5.9/apache2/build/find_apr.m4
-===================================================================
---- modsecurity-apache_2.5.9.orig/apache2/build/find_apr.m4
-+++ modsecurity-apache_2.5.9/apache2/build/find_apr.m4
-@@ -24,9 +24,9 @@ AC_ARG_WITH(
- AC_MSG_CHECKING([for libapr config script])
-
- dnl # Determine if the script was specified and use it directly
--if test ! -d "${withval}" -a -e "${withval}"; then
-- APR_CONFIG="`basename $withval`"
-- with_apr=`echo ${withval} | sed "s/\/\?${APR_CONFIG}\$//"`
-+if test ! -d "${apr_path}" -a -e "${apr_path}"; then
-+ APR_CONFIG="`basename $apr_path`"
-+ with_apr=`echo ${apr_path} | sed "s/\/\?${APR_CONFIG}\$//"`
- fi
-
- dnl # Look for the config script
-Index: modsecurity-apache_2.5.9/apache2/build/find_apu.m4
-===================================================================
---- modsecurity-apache_2.5.9.orig/apache2/build/find_apu.m4
-+++ modsecurity-apache_2.5.9/apache2/build/find_apu.m4
-@@ -24,9 +24,9 @@ AC_ARG_WITH(
- AC_MSG_CHECKING([for libapr-util config script])
-
- dnl # Determine if the script was specified and use it directly
--if test ! -d "${withval}" -a -e "${withval}"; then
-- APU_CONFIG="`basename $withval`"
-- with_apu=`echo ${withval} | sed "s/\/\?${APU_CONFIG}\$//"`
-+if test ! -d "${apu_path}" -a -e "${apu_path}"; then
-+ APU_CONFIG="`basename $apu_path`"
-+ with_apu=`echo ${apu_path} | sed "s/\/\?${APU_CONFIG}\$//"`
- fi
-
- dnl # Look for the config script
-Index: modsecurity-apache_2.5.9/apache2/configure.in
-===================================================================
---- modsecurity-apache_2.5.9.orig/apache2/configure.in
-+++ modsecurity-apache_2.5.9/apache2/configure.in
-@@ -247,7 +247,7 @@ VERSION_OK
- if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apxs LIBDIR: $APXS_LIBDIR); fi
- # Make sure the lib dir is used
- if test -n "$APXS_LIBDIR"; then
-- APXS_LIBS="-L{$APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`"
-+ APXS_LIBS="-L${APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`"
- else
- APXS_LIBS="`$APXS -q LIBS` `$APXS -q EXTRA_LIBS`"
- fi
diff --git a/www-apache/mod_security/mod_security-2.5.11-r2.ebuild b/www-apache/mod_security/mod_security-2.5.11-r2.ebuild
deleted file mode 100644
index abcaa02e0f18..000000000000
--- a/www-apache/mod_security/mod_security-2.5.11-r2.ebuild
+++ /dev/null
@@ -1,147 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.11-r2.ebuild,v 1.1 2009/11/26 09:48:42 flameeyes Exp $
-
-EAPI=2
-
-inherit apache-module autotools
-
-MY_P=${P/mod_security-/modsecurity-apache_}
-MY_P=${MY_P/_rc/-rc}
-
-DESCRIPTION="Web application firewall and Intrusion Detection System for Apache."
-HOMEPAGE="http://www.modsecurity.org/"
-SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~mips ~ppc ~sparc ~x86"
-IUSE="lua perl vanilla"
-
-DEPEND="dev-libs/libxml2
- perl? ( dev-perl/libwww-perl )
- lua? ( >=dev-lang/lua-5.1 )
- www-servers/apache[apache2_modules_unique_id]"
-RDEPEND="${DEPEND}"
-
-S="${WORKDIR}/${MY_P}"
-
-APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
-APACHE2_MOD_CONF="2.5.10/99_mod_security"
-APACHE2_MOD_DEFINE="SECURITY"
-
-need_apache2
-
-src_prepare() {
- if ! use vanilla; then
- # Disabling rules here
- epatch "${FILESDIR}"/${PN}-2.5.11-disable-http-pollution.patch
- sed -i -e 's:^SecServerSignature:#\0:' \
- rules/modsecurity_crs_10_global_config.conf || die
- fi
-
- sed -i -e '/^SecDataDir/s: .*: /var/cache/mod_security:' \
- rules/modsecurity_crs_10_global_config.conf || die
-
- epatch "${FILESDIR}"/${PN}-2.5.10-broken-autotools.patch
- epatch "${FILESDIR}"/${PN}-2.5.10-as-needed.patch
-
- cd apache2
- eautoreconf
-}
-
-src_configure() {
- cd apache2
-
- econf --with-apxs="${APXS}" \
- --without-curl \
- $(use_with lua) \
- || die "econf failed"
-}
-
-src_compile() {
- cd apache2
-
- APXS_FLAGS=
- for flag in ${CFLAGS}; do
- APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}"
- done
-
- # Yes we need to prefix it _twice_
- for flag in ${LDFLAGS}; do
- APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}"
- done
-
- emake \
- APXS_CFLAGS="${CFLAGS}" \
- APXS_LDFLAGS="${LDFLAGS}" \
- APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \
- || die "emake failed"
-}
-
-src_test() {
- cd apache2
- emake test || die
-}
-
-src_install() {
- apache-module_src_install
-
- # install rules updater only if perl is enabled (optionally)
- if use perl; then
- newsbin tools/rules-updater.pl modsec-rules-updater || die
- fi
-
- # install documentation
- dodoc CHANGES || die
- newdoc rules/CHANGELOG CHANGES.crs || die
- newdoc rules/README README.crs || die
- dohtml -r doc/* || die
-
- # Prepare the core ruleset
- cd "${S}"/rules/
-
- sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die
-
- insinto ${APACHE_MODULES_CONFDIR}/mod_security/
- doins *.conf base_rules/* || die
-
- insinto ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules
- doins optional_rules/* || die
-
- if ! use vanilla; then
- mv "${D}"${APACHE_MODULES_CONFDIR}/mod_security/modsecurity_*{41_phpids,50_outbound}* \
- "${D}"${APACHE_MODULES_CONFDIR}/mod_security/optional_rules || die
- fi
-
- keepdir /var/cache/mod_security || die
- fowners apache:apache /var/cache/mod_security || die
- fperms 0770 /var/cache/mod_security || die
-}
-
-pkg_postinst() {
- if ! use vanilla; then
- elog "Please note that the core rule set distributed with mod_security is quite"
- elog "draconic; to make it more usable, the Gentoo distribution disables a few"
- elog "rule set files, that are relevant for PHP-only websites or that would make it"
- elog "kill a website that discussed of source code."
- elog
- elog "Furthermore we disable the 'HTTP Parameter Pollution' tests that disallow"
- elog "multiple parameters with the same name, because that's common practice both"
- elog "for Rails-based web-applications and Bugzilla."
- if use perl; then
- elog
- elog "You want to install the Perl-based updater script for the Core Rule Set."
- elog "Be warned that the script will update the rules iwth the original, draconic"
- elog "rules, so you might end up with unusable web applications."
- fi
- else
- elog "You decided to enable the original Core Rule Set from ModSecurity."
- elog "Be warned that the original Core Rule Set is draconic and most likely will"
- elog "render your web application unusable if you don't disable at leat some of"
- elog "the rules."
- fi
- elog
- elog "If you want to enable further rules, check the following directory:"
- elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules"
-}
diff --git a/www-apache/mod_security/mod_security-2.5.9-r1.ebuild b/www-apache/mod_security/mod_security-2.5.9-r1.ebuild
deleted file mode 100644
index ada59e529f9b..000000000000
--- a/www-apache/mod_security/mod_security-2.5.9-r1.ebuild
+++ /dev/null
@@ -1,112 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.9-r1.ebuild,v 1.6 2009/12/28 18:18:13 armin76 Exp $
-
-inherit apache-module autotools
-
-MY_P=${P/mod_security-/modsecurity-apache_}
-MY_P=${MY_P/_rc/-rc}
-
-DESCRIPTION="Web application firewall and Intrusion Detection System for Apache."
-HOMEPAGE="http://www.modsecurity.org/"
-SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~mips ppc sparc x86"
-IUSE="lua perl"
-
-DEPEND="dev-libs/libxml2
- perl? ( dev-perl/libwww-perl )
- lua? ( >=dev-lang/lua-5.1 )"
-RDEPEND="${DEPEND}"
-
-S="${WORKDIR}/${MY_P}"
-
-APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
-APACHE2_MOD_CONF="2.1.2/99_mod_security"
-APACHE2_MOD_DEFINE="SECURITY"
-
-need_apache2
-
-src_unpack() {
- unpack ${A}
-
- cd "${S}"/apache2
-
- epatch "${FILESDIR}"/${P}-broken-autotools.patch
- epatch "${FILESDIR}"/${P}-as-needed.patch
-
- eautoreconf
-}
-
-src_compile() {
- cd apache2
-
- econf --with-apxs="${APXS}" \
- --without-curl \
- $(use_with lua) \
- || die "econf failed"
-
- APXS_FLAGS=
- for flag in ${CFLAGS}; do
- APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}"
- done
-
- # Yes we need to prefix it _twice_
- for flag in ${LDFLAGS}; do
- APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}"
- done
-
- emake \
- APXS_CFLAGS="${CFLAGS}" \
- APXS_LDFLAGS="${LDFLAGS}" \
- APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \
- || die "emake failed"
-}
-
-src_test() {
- cd apache2
- make test || die
-}
-
-src_install() {
- apache-module_src_install
-
- # install rules updater only if perl is enabled (optionally)
- if use perl; then
- newsbin tools/rules-updater.pl modsec-rules-updater || die
- fi
-
- # install documentation
- dodoc CHANGES || die
- newdoc rules/CHANGELOG CHANGES.crs || die
- newdoc rules/README README.crs || die
- dohtml -r doc/* || die
-
- # Prepare the core ruleset
- cd "${S}"/rules/
-
- sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die
-
- insinto ${APACHE_MODULES_CONFDIR}/mod_security/
- for i in *.conf; do
- newins ${i} ${i/modsecurity_crs_/} || die
- done
-}
-
-pkg_postinst() {
- elog "Please note that the core rule set distributed with mod_security is quite"
- elog "draconic. If you're using this on a blog, a forum or another user-submitted"
- elog "web application where you might talk about standard Unix paths (such as /etc"
- elog "or /bin), you might want to disable at least rules 950005 and 950907"
- elog "(command injection) if you're sure it might not be a security risk."
- elog " "
- elog "To do that on the most limited case you might want to use something like"
- elog "the following code (this comes from a Typo weblog instance):"
- elog " "
- elog " <Location /comments>"
- elog " SecRuleRemoveById 950005 950907"
- elog " </Location>"
- elog " "
-}