summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDiego Elio Pettenò <flameeyes@gentoo.org>2012-06-24 16:35:44 +0000
committerDiego Elio Pettenò <flameeyes@gentoo.org>2012-06-24 16:35:44 +0000
commitf7ee621301d62f9da4bd00d63a691fd10fa0620e (patch)
tree17d8e8b9a54b87e3b9e663e2097b479633e4f44f /www-apache/mod_security
parentclamav bump (diff)
downloadgentoo-2-f7ee621301d62f9da4bd00d63a691fd10fa0620e.tar.gz
gentoo-2-f7ee621301d62f9da4bd00d63a691fd10fa0620e.tar.bz2
gentoo-2-f7ee621301d62f9da4bd00d63a691fd10fa0620e.zip
Version bump to 2.7 RC2; add a new setting to the default config file for httpBL API key. Dropped sparc keyword due to libpcre's jit support.
(Portage version: 2.2.0_alpha112/cvs/Linux x86_64)
Diffstat (limited to 'www-apache/mod_security')
-rw-r--r--www-apache/mod_security/ChangeLog12
-rw-r--r--www-apache/mod_security/files/2.5.10/99_mod_security.conf16
-rw-r--r--www-apache/mod_security/files/mod_security-2.5.10-as-needed.patch26
-rw-r--r--www-apache/mod_security/files/modsecurity-2.7.conf15
-rw-r--r--www-apache/mod_security/mod_security-2.7.0_rc2.ebuild98
5 files changed, 123 insertions, 44 deletions
diff --git a/www-apache/mod_security/ChangeLog b/www-apache/mod_security/ChangeLog
index d44b750fd7f0..0aeb69b8b2b0 100644
--- a/www-apache/mod_security/ChangeLog
+++ b/www-apache/mod_security/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for www-apache/mod_security
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.75 2012/06/22 21:56:40 nativemad Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.76 2012/06/24 16:35:44 flameeyes Exp $
+
+*mod_security-2.7.0_rc2 (24 Jun 2012)
+
+ 24 Jun 2012; Diego E. Pettenò <flameeyes@gentoo.org>
+ +files/modsecurity-2.7.conf, +mod_security-2.7.0_rc2.ebuild,
+ -files/2.5.10/99_mod_security.conf,
+ -files/mod_security-2.5.10-as-needed.patch:
+ Version bump to 2.7 RC2; add a new setting to the default config file for
+ httpBL API key. Dropped sparc keyword due to libpcre's jit support.
22 Jun 2012; Andreas Schuerch <nativemad@gentoo.org>
mod_security-2.6.6.ebuild:
@@ -504,4 +513,3 @@
files/99_mod_security.conf, files/mod_security.conf:
Initial version,e build written by dju` <dju @ elegiac.net>.
Closes #32190.
-
diff --git a/www-apache/mod_security/files/2.5.10/99_mod_security.conf b/www-apache/mod_security/files/2.5.10/99_mod_security.conf
deleted file mode 100644
index d5ed8fa8b96d..000000000000
--- a/www-apache/mod_security/files/2.5.10/99_mod_security.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-<IfDefine SECURITY>
-LoadModule security2_module modules/mod_security2.so
-
-# this is only useful with either no core-rule-set, or with crs
-# version 2.0.5 or later, as it doesn't set it.
-SecDataDir /var/cache/mod_security
-
-# use Core Rule Set by default:
-Include /etc/apache2/modules.d/mod_security/*.conf
-
-# Optionally use the other rules as well
-# Include /etc/apache2/modules.d/mod_security/optional_rules/*.conf
-
-</IfDefine>
-
-# vim: ts=4 filetype=apache
diff --git a/www-apache/mod_security/files/mod_security-2.5.10-as-needed.patch b/www-apache/mod_security/files/mod_security-2.5.10-as-needed.patch
deleted file mode 100644
index f664d35efb54..000000000000
--- a/www-apache/mod_security/files/mod_security-2.5.10-as-needed.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Naurp -Naurp modsecurity-apache_2.5.9.old/apache2/Makefile.in modsecurity-apache_2.5.9/apache2/Makefile.in
---- modsecurity-apache_2.5.9.old/apache2/Makefile.in 2009-07-02 19:18:31.000000000 +0200
-+++ modsecurity-apache_2.5.9/apache2/Makefile.in 2009-07-02 19:48:23.000000000 +0200
-@@ -52,11 +52,11 @@ APU_LIBS = @APU_LIBS@
- APU_LINK_LD = @APU_LINK_LD@
-
- CPPFLAGS = @CPPFLAGS@ $(PCRE_CFLAGS) $(LIBXML2_CFLAGS) $(LUA_CFLAGS)
--LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML2_LIBS) $(LUA_LIBS)
-+LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML2_LIBS) $(LUA_LIBS) $(APXS_LIBS) $(APR_LIBS) $(APR_LINK_LD) $(APU_LIBS) $(APU_LINK_LD)
- LDFLAGS = @LDFLAGS@
- CFLAGS = @CFLAGS@
-
--COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS) $(LIBS)
-+COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS)
-
- INSTALL_MOD_SHARED = $(APXS_WRAPPER) -i
-
-@@ -93,7 +93,7 @@ mod_security2.la: $(MOD_SECURITY2_H) *.c
- src="$$src $$f.c"; \
- done; \
- rm -f msc_test msc_test.o msc_test.lo msc_test.slo; \
-- $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src
-+ $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src $(LIBS)
-
- ### MLogC
- mlogc:
diff --git a/www-apache/mod_security/files/modsecurity-2.7.conf b/www-apache/mod_security/files/modsecurity-2.7.conf
new file mode 100644
index 000000000000..43508bca635f
--- /dev/null
+++ b/www-apache/mod_security/files/modsecurity-2.7.conf
@@ -0,0 +1,15 @@
+<IfDefine SECURITY>
+LoadModule security2_module modules/mod_security2.so
+
+# Enable looking up geolocation data from MaxMind's GeoIP database
+SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
+
+SecDataDir /var/cache/modsecurity
+
+# Define here your http:BL API key if any
+# see http://www.projecthoneypot.org/httpbl_api.php
+#SecHttpBlKey xxxxxxxx
+</IfDefine>
+
+# -*- apache -*-
+# vim: ts=4 filetype=apache
diff --git a/www-apache/mod_security/mod_security-2.7.0_rc2.ebuild b/www-apache/mod_security/mod_security-2.7.0_rc2.ebuild
new file mode 100644
index 000000000000..e48d6dd63e7c
--- /dev/null
+++ b/www-apache/mod_security/mod_security-2.7.0_rc2.ebuild
@@ -0,0 +1,98 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.7.0_rc2.ebuild,v 1.1 2012/06/24 16:35:44 flameeyes Exp $
+
+EAPI=4
+
+inherit apache-module
+
+MY_PN=modsecurity-apache
+MY_PV=${PV/_rc/-rc}
+MY_P=${MY_PN}_${MY_PV}
+
+DESCRIPTION="Web application firewall and Intrusion Detection System for Apache."
+HOMEPAGE="http://www.modsecurity.org/"
+SRC_URI="mirror://sourceforge/project/mod-security/${MY_PN}/${MY_PV}/${MY_P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="geoip curl lua jit"
+
+DEPEND=">=dev-libs/libxml2-2.7.8
+ dev-libs/libpcre[jit?]
+ lua? ( >=dev-lang/lua-5.1 )
+ curl? ( >=net-misc/curl-7.15.1 )
+ www-servers/apache[apache2_modules_unique_id]"
+RDEPEND="${DEPEND}
+ geoip? ( dev-libs/geoip )"
+PDEPEND=">=www-apache/modsecurity-crs-2.2.5"
+
+S="${WORKDIR}/${MY_P}"
+
+APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
+APACHE2_MOD_DEFINE="SECURITY"
+
+# Tests require symbols only defined within the Apache binary.
+RESTRICT=test
+
+need_apache2
+
+src_prepare() {
+ cp "${FILESDIR}"/modsecurity-2.7.conf "${T}"/79_modsecurity.conf || die
+}
+
+src_configure() {
+ econf \
+ --enable-shared --disable-static \
+ --with-apxs="${APXS}" \
+ --enable-request-early \
+ $(use_enable curl mlogc) \
+ $(use_with lua) \
+ $(use_enable jit pcre jit) \
+ || die "econf failed"
+}
+
+src_compile() {
+ if ! use geoip; then
+ sed -i -e '/SecGeoLookupDb/s:^:#:' \
+ "${T}"/79_modsecurity.conf || die
+ fi
+
+ emake || die
+}
+
+src_test() {
+ emake check || die
+}
+
+src_install() {
+ apache-module_src_install
+
+ # install manually rather than by using the APACHE2_MOD_CONF
+ # variable since we have to edit it to set things up properly.
+ insinto "${APACHE_MODULES_CONFDIR}"
+ doins "${T}"/79_modsecurity.conf
+
+ dodoc CHANGES NOTICE README.TXT README_WINDOWS.TXT
+
+ dohtml -r doc/*
+
+ keepdir /var/cache/modsecurity
+ fowners apache:apache /var/cache/modsecurity
+ fperms 0770 /var/cache/modsecurity
+}
+
+pkg_postinst() {
+ if [[ -f "${ROOT}"/etc/apache/modules.d/99_mod_security.conf ]]; then
+ ewarn "You still have the configuration file 99_mod_security.conf."
+ ewarn "Please make sure to remove that and keep only 79_modsecurity.conf."
+ ewarn ""
+ fi
+ elog "The base configuration file has been renamed 79_modsecurity.conf"
+ elog "so that you can put your own configuration as 90_modsecurity_local.conf or"
+ elog "equivalent."
+ elog ""
+ elog "That would be the correct place for site-global security rules."
+ elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs"
+}