cgoncalves / rpms / mod_security

Forked from rpms/mod_security 4 years ago
Clone

Blame SPECS/mod_security.spec

cb7d8a
%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
cb7d8a
%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo missing-httpd-devel)}}
cb7d8a
# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
cb7d8a
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
cb7d8a
%{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
cb7d8a
%{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}
cb7d8a
24eb4d
%global with_mlogc 1
cb7d8a
cb7d8a
Summary: Security module for the Apache HTTP Server
cb7d8a
Name: mod_security 
24eb4d
Version: 2.9.2
24eb4d
Release: 1%{?dist}
cb7d8a
License: ASL 2.0
cb7d8a
URL: http://www.modsecurity.org/
cb7d8a
Group: System Environment/Daemons
24eb4d
Source: https://www.modsecurity.org/tarball/%{version}/modsecurity-%{version}.tar.gz
cb7d8a
Source1: mod_security.conf
cb7d8a
Source2: 10-mod_security.conf
7376a7
cb7d8a
Requires: httpd httpd-mmn = %{_httpd_mmn}
cb7d8a
BuildRequires: httpd-devel libxml2-devel pcre-devel curl-devel lua-devel
cb7d8a
cb7d8a
%description
cb7d8a
ModSecurity is an open source intrusion detection and prevention engine
cb7d8a
for web applications. It operates embedded into the web server, acting
cb7d8a
as a powerful umbrella - shielding web applications from attacks.
cb7d8a
cb7d8a
%if %with_mlogc
24eb4d
%package	mlogc
cb7d8a
Summary:        ModSecurity Audit Log Collector
cb7d8a
Group:          System Environment/Daemons
cb7d8a
Requires:       mod_security
cb7d8a
24eb4d
%description	mlogc
cb7d8a
This package contains the ModSecurity Audit Log Collector.
cb7d8a
%endif
cb7d8a
cb7d8a
%prep
24eb4d
%setup -q -n modsecurity-%{version}
cb7d8a
cb7d8a
%build
cb7d8a
%configure --enable-pcre-match-limit=1000000 \
cb7d8a
           --enable-pcre-match-limit-recursion=1000000 \
24eb4d
           --with-apxs=%{_httpd_apxs} \
24eb4d
%if %with_mlogc
24eb4d
	   --enable-mlogc \
24eb4d
%else
24eb4d
	   --disable-mlogc \
24eb4d
%endif
24eb4d
	   --enable-collection-global-lock
cb7d8a
# remove rpath
cb7d8a
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
cb7d8a
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
cb7d8a
cb7d8a
make %{_smp_mflags}
cb7d8a
cb7d8a
%install
cb7d8a
rm -rf %{buildroot}
cb7d8a
cb7d8a
install -d %{buildroot}%{_sbindir}
cb7d8a
install -d %{buildroot}%{_bindir}
cb7d8a
install -d %{buildroot}%{_httpd_moddir}
cb7d8a
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
cb7d8a
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
cb7d8a
cb7d8a
install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
cb7d8a
cb7d8a
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
cb7d8a
# 2.4-style
cb7d8a
install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
cb7d8a
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
cb7d8a
sed  -i 's/Include/IncludeOptional/'  %{buildroot}%{_httpd_confdir}/mod_security.conf
cb7d8a
%else
cb7d8a
# 2.2-style
cb7d8a
install -d -m0755 %{buildroot}%{_httpd_confdir}
cb7d8a
cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
cb7d8a
%endif
cb7d8a
install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
cb7d8a
cb7d8a
# mlogc
cb7d8a
%if %with_mlogc
cb7d8a
install -d %{buildroot}%{_localstatedir}/log/mlogc
cb7d8a
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
cb7d8a
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
cb7d8a
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
cb7d8a
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
cb7d8a
%endif
cb7d8a
cb7d8a
%clean
cb7d8a
rm -rf %{buildroot}
cb7d8a
cb7d8a
%files
cb7d8a
%defattr (-,root,root)
cb7d8a
%doc CHANGES LICENSE README.TXT NOTICE
cb7d8a
%{_httpd_moddir}/mod_security2.so
cb7d8a
%config(noreplace) %{_httpd_confdir}/*.conf
cb7d8a
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
cb7d8a
%config(noreplace) %{_httpd_modconfdir}/*.conf
cb7d8a
%endif
cb7d8a
%dir %{_sysconfdir}/httpd/modsecurity.d
cb7d8a
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
cb7d8a
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
cb7d8a
cb7d8a
%if %with_mlogc
24eb4d
%files mlogc
cb7d8a
%defattr (-,root,root)
cb7d8a
%doc mlogc/INSTALL
cb7d8a
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
cb7d8a
%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
cb7d8a
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
cb7d8a
%attr(0755,root,root) %{_bindir}/mlogc
cb7d8a
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
cb7d8a
%endif
cb7d8a
cb7d8a
%changelog
24eb4d
* Wed Sep  6 2017 Daniel Kopecek <dkopecek@redhat.com> - 2.9.2-1
24eb4d
- RHEL-7.5 erratum
24eb4d
 - Update to 2.9.2
24eb4d
 - Fixed bogus dates in the spec file
24eb4d
 - Enabled mlogc subpackage
24eb4d
 - Enabled collection global lock to prevent collection
24eb4d
   removal failures
24eb4d
  Resolves: rhbz#1388656
24eb4d
  Resolves: rhbz#1139728
24eb4d
  Resolves: rhbz#1473420
24eb4d
7376a7
* Thu Apr  3 2014 Daniel Kopecek <dkopecek@redhat.com> - 2.7.3-5
7376a7
- Fix Chunked string case sensitive issue (CVE-2013-5705)
7376a7
  Resolves: rhbz#1082907
7376a7
7376a7
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.7.3-4
7376a7
- Mass rebuild 2014-01-24
7376a7
7376a7
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.7.3-3
7376a7
- Mass rebuild 2013-12-27
7376a7
cb7d8a
* Tue May 28 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-2
cb7d8a
- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
cb7d8a
- Fix a possible memory leak.
cb7d8a
cb7d8a
* Sat Mar 30 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-1
cb7d8a
- Update to 2.7.3
cb7d8a
cb7d8a
* Fri Jan 25 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.2-1
cb7d8a
- Update to 2.7.2
cb7d8a
- Update source url in the spec.
cb7d8a
cb7d8a
* Thu Nov 22 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-5
cb7d8a
- Use conditional for loading mod_unique_id (rhbz #879264)
cb7d8a
- Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2)
cb7d8a
cb7d8a
* Mon Nov 19 2012 Peter Vrabec <pvrabec@redhat.com> 2.7.1-4
cb7d8a
- mlogc subpackage is not provided on RHEL7
cb7d8a
cb7d8a
* Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-3
cb7d8a
- Add some missing directives RHBZ #569360
cb7d8a
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
cb7d8a
  (RHBZ #867424, #867773, #867774)
cb7d8a
cb7d8a
* Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-2
cb7d8a
- Fix mod_security.conf
cb7d8a
cb7d8a
* Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-1
cb7d8a
- Update to 2.7.1
cb7d8a
- Remove libxml2 build patch (upstreamed)
cb7d8a
- Update spec since upstream moved to github
cb7d8a
cb7d8a
* Thu Oct 18 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.0-2
cb7d8a
- Add a patch to fix failed build against libxml2 >= 2.9.0
cb7d8a
cb7d8a
* Wed Oct 17 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.0-1
cb7d8a
- Update to 2.7.0
cb7d8a
cb7d8a
* Fri Sep 28 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.8-1
cb7d8a
- Update to 2.6.8
cb7d8a
cb7d8a
* Wed Sep 12 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-2
cb7d8a
- Re-add mlogc sub-package for epel (#856525)
cb7d8a
 
cb7d8a
* Sat Aug 25 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-1
cb7d8a
- Update to 2.6.7
cb7d8a
cb7d8a
* Sat Aug 25 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-1
cb7d8a
- Update to 2.6.7
cb7d8a
cb7d8a
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.6-3
cb7d8a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
cb7d8a
cb7d8a
* Fri Jun 22 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-2
cb7d8a
- mlogc subpackage is not provided on RHEL
cb7d8a
 
cb7d8a
* Thu Jun 21 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-1
cb7d8a
- upgrade
cb7d8a
cb7d8a
* Mon May  7 2012 Joe Orton <jorton@redhat.com> - 2.6.5-3
cb7d8a
- packaging fixes
cb7d8a
cb7d8a
* Fri Apr 27 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-2
cb7d8a
- fix license tag
cb7d8a
cb7d8a
* Thu Apr 05 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-1
cb7d8a
- upgrade & move rules into new package mod_security_crs
cb7d8a
cb7d8a
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.5.13-3
cb7d8a
- Rebuild against PCRE 8.30
cb7d8a
- Do not install non-existing files
cb7d8a
cb7d8a
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.13-2
cb7d8a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
cb7d8a
24eb4d
* Tue May 3 2011 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.13-1
cb7d8a
- Newer upstream version
cb7d8a
cb7d8a
* Wed Jun 30 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-3
cb7d8a
- Fix log dirs and files ordering per bz#569360
cb7d8a
cb7d8a
* Thu Apr 29 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-2
cb7d8a
- Fix SecDatadir and minimal config per bz #569360
cb7d8a
cb7d8a
* Sat Feb 13 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-1
cb7d8a
- Update to latest upstream release
cb7d8a
- SECURITY: Fix potential rules bypass and denial of service (bz#563576)
cb7d8a
cb7d8a
* Fri Nov 6 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.10-2
cb7d8a
- Fix rules and Apache configuration (bz#533124)
cb7d8a
cb7d8a
* Thu Oct 8 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.10-1
cb7d8a
- Upgrade to 2.5.10 (with Core Rules v2)
cb7d8a
cb7d8a
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.9-2
cb7d8a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
cb7d8a
cb7d8a
* Thu Mar 12 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> 2.5.9-1
cb7d8a
- Update to upstream release 2.5.9
cb7d8a
- Fixes potential DoS' in multipart request and PDF XSS handling
cb7d8a
cb7d8a
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.7-2
cb7d8a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
cb7d8a
cb7d8a
* Mon Dec 29 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.5.7-1
cb7d8a
- Update to upstream 2.5.7
cb7d8a
- Reinstate mlogc
cb7d8a
cb7d8a
* Sat Aug 2 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.5.6-1
cb7d8a
- Update to upstream 2.5.6
cb7d8a
- Remove references to mlogc, it no longer ships in the main tarball.
cb7d8a
- Link correctly vs. libxml2 and lua (bz# 445839)
cb7d8a
- Remove bogus LoadFile directives as they're no longer needed.
cb7d8a
cb7d8a
* Sun Apr 13 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.7-1
cb7d8a
- Update to upstream 2.1.7
cb7d8a
cb7d8a
* Sat Feb 23 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.6-1
cb7d8a
- Update to upstream 2.1.6 (Extra features including SecUploadFileMode)
cb7d8a
cb7d8a
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.1.5-3
cb7d8a
- Autorebuild for GCC 4.3
cb7d8a
24eb4d
* Sun Jan 27 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.5-2
cb7d8a
- Update to 2.1.5 (bz#425986)
cb7d8a
- "blocking" -> "optional_rules" per tarball ;-)
cb7d8a
cb7d8a
* Thu Sep  13 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.3-1
cb7d8a
- Update to 2.1.3
cb7d8a
- Update License tag per guidelines.
cb7d8a
cb7d8a
* Mon Sep  3 2007 Joe Orton <jorton@redhat.com> 2.1.1-3
cb7d8a
- rebuild for fixed 32-bit APR (#254241)
cb7d8a
cb7d8a
* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 2.1.1-2
cb7d8a
- Rebuild for selinux ppc32 issue.
cb7d8a
cb7d8a
* Tue Jun 19 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.1-1
cb7d8a
- New upstream release
cb7d8a
- Drop ASCIIZ rule (fixed upstream)
cb7d8a
- Re-enable protocol violation/anomalies rules now that REQUEST_FILENAME
cb7d8a
  is fixed upstream.
cb7d8a
cb7d8a
* Sun Apr 1 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-3
cb7d8a
- Automagically configure correct library path for libxml2 library.
cb7d8a
- Add LoadModule for mod_unique_id as the logging wants this at runtime
cb7d8a
cb7d8a
* Mon Mar 26 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-2
cb7d8a
- Fix DSO permissions (bz#233733)
cb7d8a
cb7d8a
* Tue Mar 13 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-1
cb7d8a
- New major release - 2.1.0
cb7d8a
- Fix CVE-2007-1359 with a local rule courtesy of Ivan Ristic
cb7d8a
- Addition of core ruleset
cb7d8a
- (Build)Requires libxml2 and pcre added.
cb7d8a
cb7d8a
* Sun Sep 3 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-2
cb7d8a
- Rebuild
cb7d8a
- Fix minor longstanding braino in included sample configuration (bz #203972)
cb7d8a
cb7d8a
* Mon May 15 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-1
cb7d8a
- New upstream release
cb7d8a
cb7d8a
* Tue Apr 11 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.3-1
cb7d8a
- New upstream release
cb7d8a
- Trivial spec tweaks
cb7d8a
cb7d8a
* Wed Mar 1 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-3
cb7d8a
- Bump for FC5
cb7d8a
cb7d8a
* Fri Feb 10 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-2
cb7d8a
- Bump for newer gcc/glibc
cb7d8a
cb7d8a
* Wed Jan 18 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-1
cb7d8a
- New upstream release
cb7d8a
cb7d8a
* Fri Dec 16 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.1-2
cb7d8a
- Bump for new httpd
cb7d8a
cb7d8a
* Thu Dec 1 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.1-1
cb7d8a
- New release 1.9.1 
cb7d8a
cb7d8a
* Wed Nov 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9-1
cb7d8a
- New stable upstream release 1.9
cb7d8a
cb7d8a
* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-4
cb7d8a
- Add Requires: httpd-mmn to get the appropriate "module magic" version
cb7d8a
  (thanks Ville Skytta)
cb7d8a
- Disabled an overly-agressive rule or two..
cb7d8a
cb7d8a
* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3
cb7d8a
- Correct Buildroot
cb7d8a
- Some sensible and safe rules for common apps in mod_security.conf
cb7d8a
cb7d8a
* Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-2
cb7d8a
- Don't strip the module (so we can get a useful debuginfo package)
cb7d8a
cb7d8a
* Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-1
cb7d8a
- Initial spin for Extras