Package apache2-mod_security: Specfile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 | # Spec file for mod_security module for Apache 2.0 server %define real_name modsecurity %define module_name mod_security %define version 2.5.9 %define release alt0.M40.1 Name: apache2-%module_name Version: %version Release: %release Summary: Tighten web applications security for Apache 2.x License: %gpl2only Group: System/Servers URL: http://www.modsecurity.org Packager: Nikolay A. Fetisov <naf@altlinux.ru> Source0: %real_name.tar Source3: README.ALT Source4: altdefaults.conf Source5: security.load Source6: security.conf BuildRequires(pre): apache2-devel >= 2.2.5 BuildRequires(pre): rpm-build-licenses # Automatically added by buildreq on Fri Dec 12 2008 BuildRequires: apache2-httpd-prefork gcc-c++ libcurl-devel libpcre-devel libxml2-devel BuildRequires: %(eval echo %apache_apr_buildreq) Requires(pre): apache2 >= %apache_version-%apache_release %description ModSecurity is an Apache 1.x/2.x module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server. At the moment its main features are: * Audit log; store full request details in a separate file, including POST payloads. * Request filtering; incoming requests can be analysed and offensive requests can be rejected (or simply logged, if that is what you want). This feature can be used to prevent many types of attacks (e.g. XSS attacks, SQL injection, ...) and even allow you to run insecure applications on your servers (if you have no other choice, of course). %package doc Summary: Documentation for %name module Group: System/Servers %description doc ModSecurity is an Apache 1.x/2.x module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server. This package contains a documentation for ModSecurity. %summary %define conf_dir %_sysconfdir/%{module_name}2 %prep %setup -q -n %real_name /bin/sed -i -e "s#Apache/2.2.0 (Fedora)#Apache/2 (ALTLinux)#g" rules/modsecurity_crs_10_config.conf mv -f -- LICENSE LICENSE.orig ln -s -- $(relative %_licensedir/GPL-2 %_docdir/%name/LICENSE) LICENSE %build pushd apache2 %configure --with-apxs=%apache_apxs \ --with-apr=%apache_apr_config \ %nil %make %make mlogc popd %install /bin/install -pDm644 -- apache2/.libs/mod_security2.so %buildroot%a_libexecdir/mod_security2.so /bin/install -pm644 -- %SOURCE3 README.ALT /bin/install -pDm644 -- %SOURCE5 %buildroot%a_mods_available/security.load /bin/install -pDm644 -- %SOURCE6 %buildroot%a_mods_available/security.conf %__subst 's,@conf_dir@,%conf_dir,g' %buildroot%a_mods_available/security.conf %__subst 's,@apache2_tmpdir@,%a_spooldir,g' %buildroot%a_mods_available/security.conf %__subst 's,@_libdir@,%_libdir,g' %buildroot%a_mods_available/security.load # alt default ruleset /bin/install -pD -m644 -- %SOURCE4 %buildroot%conf_dir/altdefaults.conf /bin/gzip CHANGES # default rules /bin/cp -rp -- rules %buildroot%conf_dir/ /bin/rm -f -- %buildroot%conf_dir/rules/LICENSE pushd %buildroot%conf_dir/rules/ ln -s -- $(relative %_licensedir/GPL-2 %conf_dir/rules/LICENSE) LICENSE /bin/gzip CHANGELOG popd mkdir -p -- %buildroot%conf_dir/local_rules %post # Reconfigure Apache2: %a_sbindir/a2chkconfig ||: if [ -e %a_mods_enabled/%module_name.load ]; then CONF_OK=0 %a_sbindir/apachectl2 configtest && CONF_OK=1 ||: if [ "$CONF_OK" = "1" ]; then service %a_dname condrestart ||: else echo "Some errors detected in Apache2 configuration!" echo "To use %real_name check configuration and start %a_dname service." echo fi else echo "Apache2 %real_name module had been installed, but does't enabled." echo "Check %a_mods_start directory for files with '%module_name=no' lines." echo fi %preun if [ "$1" = "0" ] ; then # last uninstall [ -e %a_mods_enabled/%module_name.load ] && %a_sbindir/a2dismod %module_name 2>&1 >/dev/null ||: fi %postun # Reconfigure Apache2: %a_sbindir/a2chkconfig ||: if [ "$1" = "0" ] ; then # last uninstall CONF_OK=0 %a_sbindir/apachectl2 configtest && CONF_OK=1 ||: if [ "$CONF_OK" = "1" ]; then service %a_dname condrestart ||: else echo "Some errors detected in Apache2 configuration!" echo "To complete %real_name uninstalling check configuration and restart %a_dname service." echo fi fi %files %doc README* CHANGES.gz modsecurity.conf-minimal MODSECURITY_LICENSING_EXCEPTION %doc --no-dereference LICENSE %a_libexecdir/mod_security2.so %a_mods_available/security.load %config(noreplace) %a_mods_available/security.conf %dir %conf_dir %dir %conf_dir/rules %dir %conf_dir/rules/optional_rules %dir %conf_dir/local_rules %config(noreplace) %conf_dir/*.conf %config(noreplace) %conf_dir/rules/*.conf %config(noreplace) %conf_dir/rules/optional_rules/*.conf %conf_dir/rules/CHANGELOG.gz %conf_dir/rules/README %conf_dir/rules/LICENSE %files doc %doc doc/* %changelog * Mon Mar 30 2009 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.9-alt0.M40.1 - Build for M40 * Mon Mar 30 2009 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.9-alt1 - New version: + Security fix: remote DoS when parsing multipart content with a missing part header name + Security fix: potential DoS when PDF XSS protection is enabled - Fix default configuration * Sun Feb 22 2009 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.7-alt3 - Fix default configuration * Sun Dec 14 2008 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.7-alt2 - Move filtering rules to the /etc/mod_security2 - Build documentation sub-package as noarch * Fri Dec 12 2008 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.7-alt1 - New version 2.5.7 - Revives from orphaned * Mon May 21 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 2.1.1-alt1 - Updated to 2.1.1: + Security fix: CVE-2007-1359 (ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms) + Fixed potential memory corruption when expanding macros + other fixes (see CHANGES) * Tue Apr 10 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 2.1.0-alt2 - Change module activation way accordind to new apache2 scheme - Fix linking * Fri Mar 09 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 2.1.0-alt1 - Updated to 2.1.0: + Security fix: BONUS-12-2007:mod_security POST Rules Bypass Vulnerability, see http://www.php-security.org/MOPB/BONUS-12-2007.html (Closes: #11035) * Fri Mar 09 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt4 - Build only apache2 module - Don't build separate %name-common subpackage - Rename package to apache2-mod_security * Fri Oct 06 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt3 - Whoops, really fix path to module (Closes: #10089) * Tue Sep 26 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt2 - Don't use full path to mod_security.so in apache config because it make troubles on x86_64 (reported by thresh@) * Thu Jun 01 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt1 - 1.9.4 * Thu Apr 20 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.3-alt1 - 1.9.3 * Wed Feb 01 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.2-alt1 - New version - Don't use %%a_libexecdir macros * Mon Dec 12 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.1-alt1 - New version (bugfix release) - Provide default apache-related config with some rules - Common stuff moved into -common package - Updated README.ALT * Mon Nov 07 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9-alt1 - New version * Thu Sep 01 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.8.7-alt3 - Splited to several parts by reason: - Now building module for apache2 also - Minor spec cleanup - Changed Group * Wed Aug 24 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.8.7-alt2 - Fixed config installation (should really go to addonconfdir.d/) (thanks to mike@) - Remove previous config inclusion from httpd.conf (thanks to mike@) - Minor spec cleanup - Added README.ALT (mike@) * Wed Jul 20 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.8.7-alt1 - Initial build for Sisyphus |