diff options
| author |   Benedikt Boehm <hollow@gentoo.org> | 2007-06-15 18:21:47 +0000 |
|---|---|---|
| committer | Benedikt Boehm <hollow@gentoo.org> | 2007-06-15 18:21:47 +0000 |
| commit | 4185cc58816a3fa4da815e87774bacd3ac0eebb2 (patch) | |
| tree | fbb7d885167312d6bf416f17751af4c7dc515136 /net-www | |
| parent | version bump (diff) | |
| download | gentoo-2-4185cc58816a3fa4da815e87774bacd3ac0eebb2.tar.gz gentoo-2-4185cc58816a3fa4da815e87774bacd3ac0eebb2.tar.bz2 gentoo-2-4185cc58816a3fa4da815e87774bacd3ac0eebb2.zip | |
remove apache-1 version; fix #180150
(Portage version: 2.1.2.9)
Diffstat (limited to 'net-www')
| -rw-r--r-- | net-www/mod_security/ChangeLog | 10 | ||||
| -rw-r--r-- | net-www/mod_security/files/99_mod_security.conf | 123 | ||||
| -rw-r--r-- | net-www/mod_security/files/digest-mod_security-1.8.7 | 3 | ||||
| -rw-r--r-- | net-www/mod_security/files/digest-mod_security-1.9.4 | 3 | ||||
| -rw-r--r-- | net-www/mod_security/files/digest-mod_security-2.1.1-r1 | 3 | ||||
| -rw-r--r-- | net-www/mod_security/files/mod_security-2.1.1-request_interception.patch | 15 | ||||
| -rw-r--r-- | net-www/mod_security/mod_security-1.8.7.ebuild | 31 | ||||
| -rw-r--r-- | net-www/mod_security/mod_security-1.9.4.ebuild | 31 | ||||
| -rw-r--r-- | net-www/mod_security/mod_security-2.1.1-r1.ebuild | 56 |
9 files changed, 83 insertions, 192 deletions
diff --git a/net-www/mod_security/ChangeLog b/net-www/mod_security/ChangeLog index 7632130eb202..f5c14fcc3a92 100644 --- a/net-www/mod_security/ChangeLog +++ b/net-www/mod_security/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-www/mod_security # Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/ChangeLog,v 1.25 2007/05/11 14:53:17 beandog Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/ChangeLog,v 1.26 2007/06/15 18:21:47 hollow Exp $ + +*mod_security-2.1.1-r1 (15 Jun 2007) + + 15 Jun 2007; Benedikt Böhm <hollow@gentoo.org> + +files/mod_security-2.1.1-request_interception.patch, + -files/99_mod_security.conf, -mod_security-1.8.7.ebuild, + -mod_security-1.9.4.ebuild, +mod_security-2.1.1-r1.ebuild: + remove apache-1 version; fix #180150 11 May 2007; Steve Dibb <beandog@gentoo.org> mod_security-2.1.1.ebuild: amd64 stable, security bug 169778 diff --git a/net-www/mod_security/files/99_mod_security.conf b/net-www/mod_security/files/99_mod_security.conf deleted file mode 100644 index 1269365021b4..000000000000 --- a/net-www/mod_security/files/99_mod_security.conf +++ /dev/null @@ -1,123 +0,0 @@ -<IfDefine SECURITY> - <IfModule !mod_security.c> - LoadModule security_module modules/mod_security.so - </IfModule> -</IfDefine> - -# Examples below are taken from the online documentation -# Refer to: -# http://www.modsecurity.org/documentation/quick-examples.html - -<IfModule mod_security.c> - - # Turn the filtering engine On or Off - SecFilterEngine On - - # Make sure that URL encoding is valid - SecFilterCheckURLEncoding On - - # Only allow bytes from this range - SecFilterForceByteRange 32 126 - - # The audit engine works independently and - # can be turned On of Off on the per-server or - # on the per-directory basis. "On" will log everything, - # "DynamicOrRelevant" will log dynamic requests or violations, - # and "RelevantOnly" will only log policy violations - SecAuditEngine RelevantOnly - - # The name of the audit log file - SecAuditLog logs/audit_log - - SecFilterDebugLog logs/modsec_debug_log - SecFilterDebugLevel 0 - - # Should mod_security inspect POST payloads - SecFilterScanPOST On - - # Action to take by default - SecFilterDefaultAction "deny,log,status:500" - - # Redirect user on filter match - SecFilter xxx redirect:http://www.webkreator.com - - # Execute the external script on filter match - SecFilter yyy log,exec:/home/users/ivanr/apache/bin/report-attack.pl - - # Simple filter - SecFilter 111 - - # Only check the QUERY_STRING variable - SecFilterSelective QUERY_STRING 222 - - # Only check the body of the POST request - SecFilterSelective POST_PAYLOAD 333 - - # Only check arguments (will work for GET and POST) - SecFilterSelective ARGS 444 - - # Test filter - SecFilter "/cgi-bin/modsec-test.pl/keyword" - - # Another test filter, will be denied with 404 but not logged - # action supplied as a parameter overrides the default action - SecFilter 999 "deny,nolog,status:500" - - # Prevent OS specific keywords - SecFilter /etc/passwd - - # Prevent path traversal (..) attacks - SecFilter "\.\./" - - # Weaker XSS protection but allows common HTML tags - SecFilter "<[[:space:]]*script" - - # Prevent XSS atacks (HTML/Javascript injection) - SecFilter "<(.|\n)+>" - - # Very crude filters to prevent SQL injection attacks - SecFilter "delete[[:space:]]+from" - SecFilter "insert[[:space:]]+into" - SecFilter "select.+from" - - # Require HTTP_USER_AGENT and HTTP_HOST headers - SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" - - # Forbid file upload - SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data - - # Only watch argument p1 - SecFilterSelective "ARG_p1" 555 - - # Watch all arguments except p1 - SecFilterSelective "ARGS|!ARG_p2" 666 - - # Only allow our own test utility to send requests (or Mozilla) - SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)" - - # Do not allow variables with this name - SecFilterSelective ARGS_NAMES 777 - - # Do now allow this variable value (names are ok) - SecFilterSelective ARGS_VALUES 888 - - # Test for a POST variable parsing bug, see test #41 - SecFilterSelective ARG_p2 AAA - - # Stop spamming through FormMail - # note the exclamation mark at the beginning - # of the filter - only requests that match this regex will - # be allowed - <Location /cgi-bin/FormMail> - SecFilterSelective "ARG_recipient" "!@webkreator.com$" - </Location> - - # when allowing upload, only allow images - # note that this is not foolproof, a determined attacker - # could get around this - <Location /fileupload.php> - SecFilterInheritance Off - SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)" - </Location> - -</IfModule> diff --git a/net-www/mod_security/files/digest-mod_security-1.8.7 b/net-www/mod_security/files/digest-mod_security-1.8.7 deleted file mode 100644 index 372fb7623b46..000000000000 --- a/net-www/mod_security/files/digest-mod_security-1.8.7 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 0dd48656e451c711358c097dc80e0369 modsecurity-1.8.7.tar.gz 313004 -RMD160 ee5e6566dda8c932e5e01833af290186f22af773 modsecurity-1.8.7.tar.gz 313004 -SHA256 7314a0c6ebe50d8c71e44fcc520969a60d1d01a3c1a2e0a1d08b2b166eabf8ce modsecurity-1.8.7.tar.gz 313004 diff --git a/net-www/mod_security/files/digest-mod_security-1.9.4 b/net-www/mod_security/files/digest-mod_security-1.9.4 deleted file mode 100644 index 01390ffc6533..000000000000 --- a/net-www/mod_security/files/digest-mod_security-1.9.4 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 74d2317781bab619cd7b6b376b978107 modsecurity-apache_1.9.4.tar.gz 496805 -RMD160 2fd5e3f43fa94836a4845f106285bed68c704aef modsecurity-apache_1.9.4.tar.gz 496805 -SHA256 9ca6e614c58783faec9b14f58f569a96de420b25ab23063387a1ab51ce3f5171 modsecurity-apache_1.9.4.tar.gz 496805 diff --git a/net-www/mod_security/files/digest-mod_security-2.1.1-r1 b/net-www/mod_security/files/digest-mod_security-2.1.1-r1 new file mode 100644 index 000000000000..af3a5b2f6338 --- /dev/null +++ b/net-www/mod_security/files/digest-mod_security-2.1.1-r1 @@ -0,0 +1,3 @@ +MD5 ab74ed5f320ffc4ed9f56487bf17c670 modsecurity-apache_2.1.1.tar.gz 650607 +RMD160 17e94c19d51f7e9e09ef435f81d696ec638aad44 modsecurity-apache_2.1.1.tar.gz 650607 +SHA256 fadeb3b4ce5672c99c094611792b827d45fcd6b38c4c4fa81c4cfdc63c63b71a modsecurity-apache_2.1.1.tar.gz 650607 diff --git a/net-www/mod_security/files/mod_security-2.1.1-request_interception.patch b/net-www/mod_security/files/mod_security-2.1.1-request_interception.patch new file mode 100644 index 000000000000..5f38268e203d --- /dev/null +++ b/net-www/mod_security/files/mod_security-2.1.1-request_interception.patch @@ -0,0 +1,15 @@ +Index: apache2/mod_security2.c +=================================================================== +--- apache2/mod_security2.c (revision 266) ++++ apache2/mod_security2.c (working copy) +@@ -558,6 +558,10 @@ + + /* Has this phase been completed already? */ + if (msr->phase_request_body_complete) { ++ if (msr->was_intercepted) { ++ msr_log(msr, 4, "Phase REQUEST_BODY subrequest already intercepted with code %u.", msr->intercept_actionset->intercept_status); ++ return msr->intercept_actionset->intercept_status; ++ } + if (msr->txcfg->debuglog_level >= 4) { + msr_log(msr, 4, "Phase REQUEST_BODY already complete, skipping."); + } diff --git a/net-www/mod_security/mod_security-1.8.7.ebuild b/net-www/mod_security/mod_security-1.8.7.ebuild deleted file mode 100644 index 6d04a0a0e602..000000000000 --- a/net-www/mod_security/mod_security-1.8.7.ebuild +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-1.8.7.ebuild,v 1.7 2007/01/14 20:09:54 chtekk Exp $ - -inherit apache-module - -KEYWORDS="amd64 ppc sparc x86" - -DESCRIPTION="Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${P/_/}.tar.gz" -LICENSE="GPL-2" -SLOT="0" -IUSE="doc" - -S="${WORKDIR}/${P/_/}" - -APXS1_ARGS="-S LIBEXECDIR=${S} -c ${S}/apache1/mod_security.c" -APACHE1_MOD_FILE="apache1/${PN}.so" -APACHE1_MOD_CONF="99_mod_security" -APACHE1_MOD_DEFINE="SECURITY" - -APXS2_ARGS="-S LIBEXECDIR=${S} -c ${S}/apache2/mod_security.c" -APACHE2_MOD_FILE="apache2/.libs/${PN}.so" -APACHE2_MOD_CONF="99_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -DOCFILES="CHANGES httpd.conf.* INSTALL LICENSE README" -use doc && DOCFILES="${DOCFILES} modsecurity-manual.pdf" - -need_apache diff --git a/net-www/mod_security/mod_security-1.9.4.ebuild b/net-www/mod_security/mod_security-1.9.4.ebuild deleted file mode 100644 index e86849e72990..000000000000 --- a/net-www/mod_security/mod_security-1.9.4.ebuild +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-1.9.4.ebuild,v 1.2 2007/01/14 20:09:54 chtekk Exp $ - -inherit apache-module - -KEYWORDS="~amd64 ~mips ~ppc ~sparc ~x86" - -DESCRIPTION="Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${P/mod_security-/modsecurity-apache_}.tar.gz" -LICENSE="GPL-2" -SLOT="0" -IUSE="doc" - -S="${WORKDIR}/${P/mod_security-/modsecurity-apache_}" - -APXS1_ARGS="-S LIBEXECDIR=${S} -c ${S}/apache1/mod_security.c" -APACHE1_MOD_FILE="apache1/${PN}.so" -APACHE1_MOD_CONF="99_mod_security" -APACHE1_MOD_DEFINE="SECURITY" - -APXS2_ARGS="-S LIBEXECDIR=${S} -c ${S}/apache2/mod_security.c" -APACHE2_MOD_FILE="apache2/.libs/${PN}.so" -APACHE2_MOD_CONF="99_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -DOCFILES="CHANGES httpd.conf.* INSTALL LICENSE README" -use doc && DOCFILES="${DOCFILES} doc/modsecurity-apache-manual-1.9.pdf" - -need_apache diff --git a/net-www/mod_security/mod_security-2.1.1-r1.ebuild b/net-www/mod_security/mod_security-2.1.1-r1.ebuild new file mode 100644 index 000000000000..80849c61a3e3 --- /dev/null +++ b/net-www/mod_security/mod_security-2.1.1-r1.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_security/mod_security-2.1.1-r1.ebuild,v 1.1 2007/06/15 18:21:47 hollow Exp $ + +inherit eutils apache-module + +KEYWORDS="amd64 ~mips ppc sparc x86" + +MY_P=${P/mod_security-/modsecurity-apache_} + +DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." +HOMEPAGE="http://www.modsecurity.org/" +SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +IUSE="doc" + +S="${WORKDIR}/${MY_P}" + +APXS2_ARGS="-S LIBEXECDIR=${S} -c -o ${PN}2.so ${S}/apache2/*.c" +APACHE2_MOD_FILE=".libs/${PN}2.so" +#APACHE2_MOD_CONF="99_mod_security" +APACHE2_MOD_DEFINE="SECURITY" + +need_apache2 + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-request_interception.patch +} + +src_install() { + apache2_src_install + + # install documentation + dodoc CHANGES + newdoc rules/CHANGELOG CHANGES.crs + newdoc rules/README README.crs + dohtml doc/*.html doc/*.gif doc/*.jpg doc/*.css doc/*.pdf + cp -r "${S}"/doc/html-multipage "${D}"/usr/share/doc/${P}/html/ + + # Once APACHE2_MOD_CONF is able to use newconfd (probably never), this line + # should go. + insinto ${APACHE2_MODULES_CONFDIR} + newins "${FILESDIR}"/99_mod_security-${PV}.conf 99_mod_security.conf + + # Prepare the core ruleset + for i in $( ls "${S}"/rules/*.conf ); do + mv $i ${i/modsecurity_crs_/} + done + + # Install core ruleset + insinto ${APACHE2_MODULES_CONFDIR}/mod_security/ + doins "${S}"/rules/*.conf +} |