|
|
|
@ -5,30 +5,26 @@
|
|
|
|
|
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
|
|
|
|
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
|
|
|
|
|
|
|
|
|
|
%bcond_without mlogc
|
|
|
|
|
%global with_mlogc 1
|
|
|
|
|
|
|
|
|
|
Summary: Security module for the Apache HTTP Server
|
|
|
|
|
Name: mod_security
|
|
|
|
|
Name: mod_security
|
|
|
|
|
Version: 2.9.6
|
|
|
|
|
Release: 1%{?dist}
|
|
|
|
|
License: ASL 2.0
|
|
|
|
|
URL: http://www.modsecurity.org/
|
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
|
|
|
|
|
Source1: mod_security.conf
|
|
|
|
|
Source2: 10-mod_security.conf
|
|
|
|
|
Source3: modsecurity_localrules.conf
|
|
|
|
|
Patch0: modsecurity-2.9.3-lua-54.patch
|
|
|
|
|
Patch1: modsecurity-2.9.3-apulibs.patch
|
|
|
|
|
Patch2: mod_security-2.9.3-remote-rules-timeout.patch
|
|
|
|
|
|
|
|
|
|
Patch1: mod_security-2.9.2-remote-rules-timeout.patch
|
|
|
|
|
Requires: httpd httpd-mmn = %{_httpd_mmn}
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} > 7
|
|
|
|
|
# Ensure apache user exists for file ownership
|
|
|
|
|
# To ensure correct file ownership
|
|
|
|
|
Requires(pre): httpd-filesystem
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
BuildRequires: gcc, make, autoconf, automake, libtool
|
|
|
|
|
BuildRequires: gcc
|
|
|
|
|
BuildRequires: httpd-devel
|
|
|
|
|
BuildRequires: make
|
|
|
|
|
BuildRequires: perl-generators
|
|
|
|
|
BuildRequires: pkgconfig(libcurl)
|
|
|
|
|
BuildRequires: pkgconfig(libpcre)
|
|
|
|
@ -39,7 +35,7 @@ BuildRequires: pkgconfig(lua)
|
|
|
|
|
%if 0%{?el6}
|
|
|
|
|
BuildRequires: yajl-devel
|
|
|
|
|
%else
|
|
|
|
|
BuildRequires: pkgconfig(yajl)
|
|
|
|
|
BuildRequires: pkgconfig(yajl)
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -48,30 +44,27 @@ ModSecurity is an open source intrusion detection and prevention engine
|
|
|
|
|
for web applications. It operates embedded into the web server, acting
|
|
|
|
|
as a powerful umbrella - shielding web applications from attacks.
|
|
|
|
|
|
|
|
|
|
%if %{with mlogc}
|
|
|
|
|
%if %with_mlogc
|
|
|
|
|
%package mlogc
|
|
|
|
|
Summary: ModSecurity Audit Log Collector
|
|
|
|
|
Requires: mod_security
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} > 7
|
|
|
|
|
# Ensure apache user exists for file ownership
|
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
Requires: mod_security%{?_isa} = %{version}-%{release}
|
|
|
|
|
Requires(pre): httpd-filesystem
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%description mlogc
|
|
|
|
|
%description mlogc
|
|
|
|
|
This package contains the ModSecurity Audit Log Collector.
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%autosetup -p1 -n modsecurity-%{version}
|
|
|
|
|
%setup -q -n modsecurity-%{version}
|
|
|
|
|
%patch1 -p1 -b .remote-rules-timeout
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
./autogen.sh
|
|
|
|
|
%configure --enable-pcre-match-limit=1000000 \
|
|
|
|
|
--enable-pcre-match-limit-recursion=1000000 \
|
|
|
|
|
--with-apxs=%{_httpd_apxs} \
|
|
|
|
|
--with-yajl \
|
|
|
|
|
--disable-static
|
|
|
|
|
|
|
|
|
|
--enable-collection-global-lock
|
|
|
|
|
# remove rpath
|
|
|
|
|
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
|
|
|
|
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
|
|
|
@ -110,7 +103,7 @@ install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
|
|
|
|
|
install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
|
|
|
|
|
|
|
|
|
|
# mlogc
|
|
|
|
|
%if %{with mlogc}
|
|
|
|
|
%if %with_mlogc
|
|
|
|
|
install -d %{buildroot}%{_localstatedir}/log/mlogc
|
|
|
|
|
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
|
|
|
|
|
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
|
|
|
|
@ -132,7 +125,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
|
|
|
|
|
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
|
|
|
|
|
|
|
|
|
|
%if %{with mlogc}
|
|
|
|
|
%if %with_mlogc
|
|
|
|
|
%files mlogc
|
|
|
|
|
%doc mlogc/INSTALL
|
|
|
|
|
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
|
|
|
|
@ -143,53 +136,26 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Wed Nov 16 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
|
|
|
|
|
- new version 2.9.6
|
|
|
|
|
- Resolves: #2143211 - [RFE] upgrade mod_security to 2.9.6
|
|
|
|
|
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.9.6-1
|
|
|
|
|
- Rebuilt for MSVSphere 8.8
|
|
|
|
|
|
|
|
|
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-12
|
|
|
|
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
|
|
Related: rhbz#1991688
|
|
|
|
|
|
|
|
|
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-11
|
|
|
|
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
|
|
* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
|
|
|
|
|
- new version 2.9.6
|
|
|
|
|
- Resolves: #2143207 - [RFE] upgrade mod_security to 2.9.6
|
|
|
|
|
|
|
|
|
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10
|
|
|
|
|
- Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
|
|
|
|
|
* Sun Nov 15 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-9
|
|
|
|
|
- Resolves: #1824859 - RFE: Add a feature that can set a mod_security/libcurl
|
|
|
|
|
timeout for retrieving the rules
|
|
|
|
|
- rename mlogc to mod_security-mlogc
|
|
|
|
|
|
|
|
|
|
* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
|
|
|
|
|
- don't link against redundant apr-util dependent libraries
|
|
|
|
|
|
|
|
|
|
* Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
|
|
|
|
|
- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
|
|
|
|
|
|
|
|
|
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
|
|
|
|
|
- Second attempt - Rebuilt for
|
|
|
|
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Sun Dec 09 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.3-1
|
|
|
|
|
- Update to 2.9.3
|
|
|
|
|
* Mon Dec 17 2018 Joe Orton <jorton@redhat.com> - 2.9.2-8
|
|
|
|
|
- enable collection global lock (#1650268)
|
|
|
|
|
|
|
|
|
|
* Fri Nov 16 2018 Joe Orton <jorton@redhat.com> - 2.9.2-7
|
|
|
|
|
- Requires(pre): httpd-filesystem to ensure apache user exists
|
|
|
|
|
- enable mlogc everywhere, use buildcond to disable
|
|
|
|
|
* Wed Nov 28 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-7
|
|
|
|
|
- Related: #1650242 - mod_security-mlogc dropped
|
|
|
|
|
|
|
|
|
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-6
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
|
|
* Thu Nov 15 2018 Joe Orton <jorton@redhat.com> - 2.9.2-6
|
|
|
|
|
- build -mlogc subpackage (#1650242)
|
|
|
|
|
- add httpd-filesystem as Requires(pre)
|
|
|
|
|
|
|
|
|
|
* Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5
|
|
|
|
|
- Add gcc and make as BR (minimal buildroot change)
|
|
|
|
|