diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-02-09 17:48:43 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-02-09 17:48:43 +0000 |
| commit | 3a7dbb8fecac77d11fd3a9f24a1e9499d8e74ca4 (patch) | |
| tree | fd6515af3ca24a11b2d6fa6c927255b642db9d08 /www-apache | |
| parent | Remove www-apps/Embperl (#248474) (diff) | |
| download | gentoo-2-3a7dbb8fecac77d11fd3a9f24a1e9499d8e74ca4.tar.gz gentoo-2-3a7dbb8fecac77d11fd3a9f24a1e9499d8e74ca4.tar.bz2 gentoo-2-3a7dbb8fecac77d11fd3a9f24a1e9499d8e74ca4.zip | |
Version bump, this version fixes possible security problems. Keep an old version around though as the HTTP Parameter Pollution code changed drastically and might break Rails again.
(Portage version: 2.2_rc62/cvs/Linux x86_64)
Diffstat (limited to 'www-apache')
| -rw-r--r-- | www-apache/mod_security/ChangeLog | 13 | ||||
| -rw-r--r-- | www-apache/mod_security/files/2.5.10/99_mod_security.conf | 4 | ||||
| -rw-r--r-- | www-apache/mod_security/mod_security-2.5.12.ebuild (renamed from www-apache/mod_security/mod_security-2.5.11-r1.ebuild) | 32 | ||||
| -rw-r--r-- | www-apache/mod_security/mod_security-2.5.9.ebuild | 92 |
4 files changed, 32 insertions, 109 deletions
diff --git a/www-apache/mod_security/ChangeLog b/www-apache/mod_security/ChangeLog index 37b7b0a25508..28107b6fc2aa 100644 --- a/www-apache/mod_security/ChangeLog +++ b/www-apache/mod_security/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for www-apache/mod_security -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.36 2009/12/28 18:18:13 armin76 Exp $ +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.37 2010/02/09 17:48:42 flameeyes Exp $ + +*mod_security-2.5.12 (09 Feb 2010) + + 09 Feb 2010; Diego E. Pettenò <flameeyes@gentoo.org> + files/2.5.10/99_mod_security.conf, -mod_security-2.5.9.ebuild, + -mod_security-2.5.11-r1.ebuild, +mod_security-2.5.12.ebuild: + Version bump, this version fixes possible security problems. Keep an old + version around though as the HTTP Parameter Pollution code changed + drastically and might break Rails again. 28 Dec 2009; Raúl Porcel <armin76@gentoo.org> mod_security-2.5.9-r1.ebuild: diff --git a/www-apache/mod_security/files/2.5.10/99_mod_security.conf b/www-apache/mod_security/files/2.5.10/99_mod_security.conf index bb5bb0ce59d9..d5ed8fa8b96d 100644 --- a/www-apache/mod_security/files/2.5.10/99_mod_security.conf +++ b/www-apache/mod_security/files/2.5.10/99_mod_security.conf @@ -1,6 +1,10 @@ <IfDefine SECURITY> LoadModule security2_module modules/mod_security2.so +# this is only useful with either no core-rule-set, or with crs +# version 2.0.5 or later, as it doesn't set it. +SecDataDir /var/cache/mod_security + # use Core Rule Set by default: Include /etc/apache2/modules.d/mod_security/*.conf diff --git a/www-apache/mod_security/mod_security-2.5.11-r1.ebuild b/www-apache/mod_security/mod_security-2.5.12.ebuild index ae2c2c5d4ba2..8121bb152bd0 100644 --- a/www-apache/mod_security/mod_security-2.5.11-r1.ebuild +++ b/www-apache/mod_security/mod_security-2.5.12.ebuild @@ -1,6 +1,8 @@ -# Copyright 1999-2009 Gentoo Foundation +# Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.11-r1.ebuild,v 1.1 2009/11/21 13:13:47 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.12.ebuild,v 1.1 2010/02/09 17:48:42 flameeyes Exp $ + +EAPI=2 inherit apache-module autotools @@ -18,7 +20,8 @@ IUSE="lua perl vanilla" DEPEND="dev-libs/libxml2 perl? ( dev-perl/libwww-perl ) - lua? ( >=dev-lang/lua-5.1 )" + lua? ( >=dev-lang/lua-5.1 ) + www-servers/apache[apache2_modules_unique_id]" RDEPEND="${DEPEND}" S="${WORKDIR}/${MY_P}" @@ -29,29 +32,24 @@ APACHE2_MOD_DEFINE="SECURITY" need_apache2 -src_unpack() { - unpack ${A} - - cd "${S}" - if ! use vanilla; then - # Disabling rules here - epatch "${FILESDIR}"/${PN}-2.5.11-disable-http-pollution.patch - fi - - epatch "${FILESDIR}"/${PN}-2.5.10-broken-autotools.patch +src_prepare() { epatch "${FILESDIR}"/${PN}-2.5.10-as-needed.patch cd apache2 eautoreconf } -src_compile() { +src_configure() { cd apache2 econf --with-apxs="${APXS}" \ --without-curl \ $(use_with lua) \ || die "econf failed" +} + +src_compile() { + cd apache2 APXS_FLAGS= for flag in ${CFLAGS}; do @@ -72,7 +70,7 @@ src_compile() { src_test() { cd apache2 - make test || die + emake test || die } src_install() { @@ -104,6 +102,10 @@ src_install() { mv "${D}"${APACHE_MODULES_CONFDIR}/mod_security/modsecurity_*{41_phpids,50_outbound}* \ "${D}"${APACHE_MODULES_CONFDIR}/mod_security/optional_rules || die fi + + keepdir /var/cache/mod_security || die + fowners apache:apache /var/cache/mod_security || die + fperms 0770 /var/cache/mod_security || die } pkg_postinst() { diff --git a/www-apache/mod_security/mod_security-2.5.9.ebuild b/www-apache/mod_security/mod_security-2.5.9.ebuild deleted file mode 100644 index 1d4cf247d6a1..000000000000 --- a/www-apache/mod_security/mod_security-2.5.9.ebuild +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.9.ebuild,v 1.4 2009/06/02 16:46:55 armin76 Exp $ - -inherit apache-module autotools - -MY_P=${P/mod_security-/modsecurity-apache_} -MY_P=${MY_P/_rc/-rc} - -DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ~mips ppc sparc x86" -IUSE="lua" - -DEPEND="dev-libs/libxml2 - lua? ( >=dev-lang/lua-5.1 )" -RDEPEND="${DEPEND}" - -S="${WORKDIR}/${MY_P}" - -APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_CONF="2.1.2/99_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -need_apache2 - -src_unpack() { - unpack ${A} - - cd "${S}"/apache2 - - epatch "${FILESDIR}"/${P}-broken-autotools.patch - - eautoreconf -} - -src_compile() { - cd apache2 - - econf --with-apxs="${APXS}" \ - --without-curl \ - $(use_with lua) \ - || die "econf failed" - - APXS_FLAGS= - for flag in ${CFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" - done - - # Yes we need to prefix it _twice_ - for flag in ${LDFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" - done - - emake \ - APXS_CFLAGS="${CFLAGS}" \ - APXS_LDFLAGS="${LDFLAGS}" \ - APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ - || die "emake failed" -} - -src_test() { - cd apache2 - make test || die -} - -src_install() { - apache-module_src_install - - # install rules updater - newbin tools/rules-updater.pl modsec-rules-updater || die - - # install documentation - dodoc CHANGES || die - newdoc rules/CHANGELOG CHANGES.crs || die - newdoc rules/README README.crs || die - dohtml -r doc/* || die - - # Prepare the core ruleset - cd "${S}"/rules/ - - sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die - - insinto ${APACHE_MODULES_CONFDIR}/mod_security/ - for i in *.conf; do - newins ${i} ${i/modsecurity_crs_/} || die - done -} |