diff options
author | Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-09-24 13:06:56 +0000 |
---|---|---|
committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-09-24 13:06:56 +0000 |
commit | 5d08c98273c4abaf2c42bd44dd16ff26cc8be593 (patch) | |
tree | 83ed996f1a2216a095b8e9f41ae1e16a8b7a578a /www-apache | |
parent | Add a new revision that doesn't install the Core Rule Set and rather rely on ... (diff) | |
download | historical-5d08c98273c4abaf2c42bd44dd16ff26cc8be593.tar.gz historical-5d08c98273c4abaf2c42bd44dd16ff26cc8be593.tar.bz2 historical-5d08c98273c4abaf2c42bd44dd16ff26cc8be593.zip |
Cleanup old versions and unused files.
Package-Manager: portage-2.2_rc86/cvs/Linux x86_64
Diffstat (limited to 'www-apache')
9 files changed, 14 insertions, 385 deletions
diff --git a/www-apache/mod_security/ChangeLog b/www-apache/mod_security/ChangeLog index 2c0002d69657..5abf51689356 100644 --- a/www-apache/mod_security/ChangeLog +++ b/www-apache/mod_security/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for www-apache/mod_security # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.43 2010/09/24 13:02:45 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.44 2010/09/24 13:06:56 flameeyes Exp $ + + 24 Sep 2010; Diego E. Pettenò <flameeyes@gentoo.org> + -files/mod_security-2.5.9-as-needed.patch, + -files/2.1.2/99_mod_security.conf, -mod_security-2.5.9-r1.ebuild, + -files/mod_security-2.5.9-broken-autotools.patch, + -files/mod_security-2.5.10-broken-autotools.patch, + -mod_security-2.5.11-r2.ebuild, + -files/mod_security-2.5.11-disable-http-pollution.patch: + Cleanup old versions and unused files. *mod_security-2.5.12-r1 (24 Sep 2010) diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest index 3c3f0cd5e706..36aec50beb01 100644 --- a/www-apache/mod_security/Manifest +++ b/www-apache/mod_security/Manifest @@ -1,26 +1,17 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -AUX 2.1.2/99_mod_security.conf 198 RMD160 cde9de9e21d3e31467737a87fe6af73e18827bc6 SHA1 f41792ed3de6955786d5b08da708c74e2be6d3bf SHA256 45ae219fca3eddadf47b9ebd1ebd44c668833b894a38672c481a828af97cdfcf AUX 2.5.10/99_mod_security.conf 457 RMD160 8f0e24cdfa7a71487365b42fd194a87e5ce426a8 SHA1 2d3cf537fb777dca964a40de2f512245bf390641 SHA256 541fbaa2f62f501190cfef67bb760f2c4ef7aef7d260a544b3d8886aca6aea2d AUX mod_security-2.5.10-as-needed.patch 1169 RMD160 56ea5b1de8673556a0cfff3db606824ccb092e92 SHA1 1417de57c5e3bce8bab6f37f6ef532be44140c6c SHA256 aa1086c66d10b40d4ae184dad1bf9fc18e2fc8c6c3474ad2537b1728a01bd8be -AUX mod_security-2.5.10-broken-autotools.patch 626 RMD160 5c11f992e483b64cfada87407b8eb4491a744ce6 SHA1 5dbaf237d045d2ecfd750a2dbe3da7bf93212ece SHA256 ec30cc387036e08c7126473aadc72003233a23e49037aaaac163efce7886bc04 -AUX mod_security-2.5.11-disable-http-pollution.patch 1499 RMD160 9089b9385faed2c8414f7e2bf3bfe41bc0af3ba5 SHA1 68711eb3ce736ce1a81a2984899507ecb5707226 SHA256 f1fa066962ef24daa479b0e24eb76bf637aa198d0315dae7b03ff1aed78cf939 -AUX mod_security-2.5.9-as-needed.patch 1166 RMD160 e70d1e0ff9e8396d4447e25bb0664111a27a31ff SHA1 d2e35d9a823ec37fd11119644bff4c2373b31553 SHA256 4438e7cc1675ce23354cd6ba9c74b5b669f2f80629bdd4cc7532e48cda8ebfd5 -AUX mod_security-2.5.9-broken-autotools.patch 2103 RMD160 795e3fc59b881bf02fa5a65b6dae4f120de253f0 SHA1 773a56d9e177056be3de0b0c85747478fb5f3b2f SHA256 68df2416a6b464719fb41772472fd04b196b9fee7e102fc76f95c6827282a283 -DIST modsecurity-apache_2.5.11.tar.gz 1338425 RMD160 1d9769bda6ddc0c65f5e7be452515c4f1980b8c1 SHA1 aa8ec8d637efb0c646c41eb6880e684df04f8214 SHA256 fd81a8998327ef2010426fcc2899312eddfe4dc462c417e9e7aeb64a6d4ed2bf DIST modsecurity-apache_2.5.12.tar.gz 1392209 RMD160 e7dae0754e5866c247083f1291bcd5cd08db87d5 SHA1 eb2068e5d31525fa53769dabd1a1c65896fd4e76 SHA256 168bb6591a0f9665169e0ed223a00d63a1c87e11d1e56388abcf431f30efaa84 -DIST modsecurity-apache_2.5.9.tar.gz 1252295 RMD160 adab10e5eab50f0d114e3ccb47c343e744119c8f SHA1 875919332a918956371fe8e2f7e46d88081857cf SHA256 02352221ea268f8ae9aae5b84507f51eba2a67c0f7d2efd5cc88e85f1f394056 -EBUILD mod_security-2.5.11-r2.ebuild 4177 RMD160 3fce2ec1a4640cbf627b35047200112b9e78439b SHA1 6641c5141684d858f89d5aca046c9e50d5be9538 SHA256 de3dba2f3677a57a9eaf55ea158a919323b4af73490ea0c295c8bebd147916ca EBUILD mod_security-2.5.12-r1.ebuild 1786 RMD160 7e8c9df57a5eaad91003cbc50078c5ced1751713 SHA1 9109b8a15609188af794590198763890b8950068 SHA256 59f56700e18c56ab1b4f43bdd78a88bf8e4d704dd964661fe8138d47b5b7aee8 EBUILD mod_security-2.5.12.ebuild 3780 RMD160 93051a495325ef39354c8f7cd0ecfd202a537db9 SHA1 8d638448793d19bd1e74b1017cdda5632a48664b SHA256 2eb168002097badb690bf895e1770171c98b0f3aaf60828e435c960ce4737fd7 -EBUILD mod_security-2.5.9-r1.ebuild 2785 RMD160 1ce2700c67ca15c7de02545b05fda23415e2b6f2 SHA1 6c37e9fa938c780a7cf89021b443b928d3956763 SHA256 0f1ecb0e2bd70507483ab23cec1645acbf7d284cb0789f98d711b09d293a3038 -MISC ChangeLog 12001 RMD160 4a4027eec5b0a4d2dea1eb34bb50696ebc65d2b8 SHA1 b285366a6de7d4f248aba6e6f89f58d8c2f16b6b SHA256 fd48217e4ee4dc33e3d1e16702cde62a219526ea20326ba090d4c819a32b0a73 +MISC ChangeLog 12410 RMD160 8706fea374fdf8a57317a3186149140c8130f024 SHA1 b496ca086ac279bd2160ced6ac2d94e2c22cd438 SHA256 8153e8b840aa244fbb35da778c4f32651b08d93d72943acf2a7c2526e00fc865 MISC metadata.xml 897 RMD160 31443d00b492a9e39bba6556c867c9c84775560e SHA1 e96370de59f922a1ed1b46920e82a16fff04bb54 SHA256 6acdb58a20b4004b0d571df0183e7090f8eb97f904028c84bcecece8cf64f547 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) -iEYEARECAAYFAkycoXgACgkQAiZjviIA2Xj2hQCgu5P2q9Nkk5x4ab1vlbBQlT4/ -WPMAnAjJiKrQqNhPqZCXRto55f5qlIvt -=2Vtl +iEYEARECAAYFAkyconMACgkQAiZjviIA2Xj+2ACgo0ddoLMb53ppvisZEYPkh/os +3e0AoO02y+s906cWOOPz7kWASStD0Yks +=t+4d -----END PGP SIGNATURE----- diff --git a/www-apache/mod_security/files/2.1.2/99_mod_security.conf b/www-apache/mod_security/files/2.1.2/99_mod_security.conf deleted file mode 100644 index 819e52fd2538..000000000000 --- a/www-apache/mod_security/files/2.1.2/99_mod_security.conf +++ /dev/null @@ -1,8 +0,0 @@ -<IfDefine SECURITY> -LoadModule security2_module modules/mod_security2.so - -# use Core Rule Set by default: -Include /etc/apache2/modules.d/mod_security/*.conf -</IfDefine> - -# vim: ts=4 filetype=apache diff --git a/www-apache/mod_security/files/mod_security-2.5.10-broken-autotools.patch b/www-apache/mod_security/files/mod_security-2.5.10-broken-autotools.patch deleted file mode 100644 index 6992aa3f1ac3..000000000000 --- a/www-apache/mod_security/files/mod_security-2.5.10-broken-autotools.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: modsecurity-apache_2.5.9/apache2/configure.in -=================================================================== ---- modsecurity-apache_2.5.9.orig/apache2/configure.in -+++ modsecurity-apache_2.5.9/apache2/configure.in -@@ -247,7 +247,7 @@ VERSION_OK - if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apxs LIBDIR: $APXS_LIBDIR); fi - # Make sure the lib dir is used - if test -n "$APXS_LIBDIR"; then -- APXS_LIBS="-L{$APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" -+ APXS_LIBS="-L${APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" - else - APXS_LIBS="`$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" - fi diff --git a/www-apache/mod_security/files/mod_security-2.5.11-disable-http-pollution.patch b/www-apache/mod_security/files/mod_security-2.5.11-disable-http-pollution.patch deleted file mode 100644 index 0508d835c7e3..000000000000 --- a/www-apache/mod_security/files/mod_security-2.5.11-disable-http-pollution.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: modsecurity-apache_2.5.11/rules/base_rules/modsecurity_crs_40_generic_attacks.conf -=================================================================== ---- modsecurity-apache_2.5.11.orig/rules/base_rules/modsecurity_crs_40_generic_attacks.conf -+++ modsecurity-apache_2.5.11/rules/base_rules/modsecurity_crs_40_generic_attacks.conf -@@ -21,13 +21,6 @@ - # Begin RegEx Checks for rules that could not use @pm prequalifications - # - --# --# HTTP Parameter Pollution --# --SecRule ARGS_NAMES ".*" \ -- "chain,phase:2,t:none,nolog,auditlog,pass,capture,setvar:'tx.arg_name_%{tx.0}=+1',msg:'Possible HTTP Parameter Pollution Attack: Multiple Parameters with the same Name.'" -- SecRule TX:/ARG_NAME_*/ "@gt 1" "t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+20,setvar:tx.web_attack_score=+1,setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%{matched_var}" -- - SecRule ARGS "(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\'\"\|\;\`\-\s]|$))" \ - "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,block,nolog,auditlog,status:501,msg:'System Command Injection',id:'950907',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+20,setvar:tx.web_attack_score=+1,setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%{matched_var}" - SecRule "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs|User-Agent)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES" \ diff --git a/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch b/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch deleted file mode 100644 index 77d093c140cc..000000000000 --- a/www-apache/mod_security/files/mod_security-2.5.9-as-needed.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -Naurp -Naurp modsecurity-apache_2.5.9.old/apache2/Makefile.in modsecurity-apache_2.5.9/apache2/Makefile.in ---- modsecurity-apache_2.5.9.old/apache2/Makefile.in 2009-07-02 19:18:31.000000000 +0200 -+++ modsecurity-apache_2.5.9/apache2/Makefile.in 2009-07-02 19:48:23.000000000 +0200 -@@ -52,11 +52,11 @@ APU_LIBS = @APU_LIBS@ - APU_LINK_LD = @APU_LINK_LD@ - - CPPFLAGS = @CPPFLAGS@ $(PCRE_CFLAGS) $(LIBXML_CFLAGS) $(LUA_CFLAGS) --LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML_LIBS) $(LUA_LIBS) -+LIBS = @LIBS@ $(PCRE_LIBS) $(LIBXML_LIBS) $(LUA_LIBS) $(APXS_LIBS) $(APR_LIBS) $(APR_LINK_LD) $(APU_LIBS) $(APU_LINK_LD) - LDFLAGS = @LDFLAGS@ - CFLAGS = @CFLAGS@ - --COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS) $(LIBS) -+COMPILE_APACHE_MOD = $(APXS_WRAPPER) -c $(CPPFLAGS) $(LDFLAGS) - - INSTALL_MOD_SHARED = $(APXS_WRAPPER) -i - -@@ -93,7 +93,7 @@ mod_security2.la: $(MOD_SECURITY2_H) *.c - src="$$src $$f.c"; \ - done; \ - rm -f msc_test msc_test.o msc_test.lo msc_test.slo; \ -- $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src -+ $(COMPILE_APACHE_MOD) $(APXS_EXTRA_CFLAGS) $(MODSEC_APXS_EXTRA_CFLAGS) $$src $(LIBS) - - ### MLogC - mlogc: diff --git a/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch b/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch deleted file mode 100644 index 4ef1960d6535..000000000000 --- a/www-apache/mod_security/files/mod_security-2.5.9-broken-autotools.patch +++ /dev/null @@ -1,47 +0,0 @@ -Index: modsecurity-apache_2.5.9/apache2/build/find_apr.m4 -=================================================================== ---- modsecurity-apache_2.5.9.orig/apache2/build/find_apr.m4 -+++ modsecurity-apache_2.5.9/apache2/build/find_apr.m4 -@@ -24,9 +24,9 @@ AC_ARG_WITH( - AC_MSG_CHECKING([for libapr config script]) - - dnl # Determine if the script was specified and use it directly --if test ! -d "${withval}" -a -e "${withval}"; then -- APR_CONFIG="`basename $withval`" -- with_apr=`echo ${withval} | sed "s/\/\?${APR_CONFIG}\$//"` -+if test ! -d "${apr_path}" -a -e "${apr_path}"; then -+ APR_CONFIG="`basename $apr_path`" -+ with_apr=`echo ${apr_path} | sed "s/\/\?${APR_CONFIG}\$//"` - fi - - dnl # Look for the config script -Index: modsecurity-apache_2.5.9/apache2/build/find_apu.m4 -=================================================================== ---- modsecurity-apache_2.5.9.orig/apache2/build/find_apu.m4 -+++ modsecurity-apache_2.5.9/apache2/build/find_apu.m4 -@@ -24,9 +24,9 @@ AC_ARG_WITH( - AC_MSG_CHECKING([for libapr-util config script]) - - dnl # Determine if the script was specified and use it directly --if test ! -d "${withval}" -a -e "${withval}"; then -- APU_CONFIG="`basename $withval`" -- with_apu=`echo ${withval} | sed "s/\/\?${APU_CONFIG}\$//"` -+if test ! -d "${apu_path}" -a -e "${apu_path}"; then -+ APU_CONFIG="`basename $apu_path`" -+ with_apu=`echo ${apu_path} | sed "s/\/\?${APU_CONFIG}\$//"` - fi - - dnl # Look for the config script -Index: modsecurity-apache_2.5.9/apache2/configure.in -=================================================================== ---- modsecurity-apache_2.5.9.orig/apache2/configure.in -+++ modsecurity-apache_2.5.9/apache2/configure.in -@@ -247,7 +247,7 @@ VERSION_OK - if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apxs LIBDIR: $APXS_LIBDIR); fi - # Make sure the lib dir is used - if test -n "$APXS_LIBDIR"; then -- APXS_LIBS="-L{$APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" -+ APXS_LIBS="-L${APXS_LIBDIR} `$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" - else - APXS_LIBS="`$APXS -q LIBS` `$APXS -q EXTRA_LIBS`" - fi diff --git a/www-apache/mod_security/mod_security-2.5.11-r2.ebuild b/www-apache/mod_security/mod_security-2.5.11-r2.ebuild deleted file mode 100644 index abcaa02e0f18..000000000000 --- a/www-apache/mod_security/mod_security-2.5.11-r2.ebuild +++ /dev/null @@ -1,147 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.11-r2.ebuild,v 1.1 2009/11/26 09:48:42 flameeyes Exp $ - -EAPI=2 - -inherit apache-module autotools - -MY_P=${P/mod_security-/modsecurity-apache_} -MY_P=${MY_P/_rc/-rc} - -DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~mips ~ppc ~sparc ~x86" -IUSE="lua perl vanilla" - -DEPEND="dev-libs/libxml2 - perl? ( dev-perl/libwww-perl ) - lua? ( >=dev-lang/lua-5.1 ) - www-servers/apache[apache2_modules_unique_id]" -RDEPEND="${DEPEND}" - -S="${WORKDIR}/${MY_P}" - -APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_CONF="2.5.10/99_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -need_apache2 - -src_prepare() { - if ! use vanilla; then - # Disabling rules here - epatch "${FILESDIR}"/${PN}-2.5.11-disable-http-pollution.patch - sed -i -e 's:^SecServerSignature:#\0:' \ - rules/modsecurity_crs_10_global_config.conf || die - fi - - sed -i -e '/^SecDataDir/s: .*: /var/cache/mod_security:' \ - rules/modsecurity_crs_10_global_config.conf || die - - epatch "${FILESDIR}"/${PN}-2.5.10-broken-autotools.patch - epatch "${FILESDIR}"/${PN}-2.5.10-as-needed.patch - - cd apache2 - eautoreconf -} - -src_configure() { - cd apache2 - - econf --with-apxs="${APXS}" \ - --without-curl \ - $(use_with lua) \ - || die "econf failed" -} - -src_compile() { - cd apache2 - - APXS_FLAGS= - for flag in ${CFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" - done - - # Yes we need to prefix it _twice_ - for flag in ${LDFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" - done - - emake \ - APXS_CFLAGS="${CFLAGS}" \ - APXS_LDFLAGS="${LDFLAGS}" \ - APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ - || die "emake failed" -} - -src_test() { - cd apache2 - emake test || die -} - -src_install() { - apache-module_src_install - - # install rules updater only if perl is enabled (optionally) - if use perl; then - newsbin tools/rules-updater.pl modsec-rules-updater || die - fi - - # install documentation - dodoc CHANGES || die - newdoc rules/CHANGELOG CHANGES.crs || die - newdoc rules/README README.crs || die - dohtml -r doc/* || die - - # Prepare the core ruleset - cd "${S}"/rules/ - - sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die - - insinto ${APACHE_MODULES_CONFDIR}/mod_security/ - doins *.conf base_rules/* || die - - insinto ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules - doins optional_rules/* || die - - if ! use vanilla; then - mv "${D}"${APACHE_MODULES_CONFDIR}/mod_security/modsecurity_*{41_phpids,50_outbound}* \ - "${D}"${APACHE_MODULES_CONFDIR}/mod_security/optional_rules || die - fi - - keepdir /var/cache/mod_security || die - fowners apache:apache /var/cache/mod_security || die - fperms 0770 /var/cache/mod_security || die -} - -pkg_postinst() { - if ! use vanilla; then - elog "Please note that the core rule set distributed with mod_security is quite" - elog "draconic; to make it more usable, the Gentoo distribution disables a few" - elog "rule set files, that are relevant for PHP-only websites or that would make it" - elog "kill a website that discussed of source code." - elog - elog "Furthermore we disable the 'HTTP Parameter Pollution' tests that disallow" - elog "multiple parameters with the same name, because that's common practice both" - elog "for Rails-based web-applications and Bugzilla." - if use perl; then - elog - elog "You want to install the Perl-based updater script for the Core Rule Set." - elog "Be warned that the script will update the rules iwth the original, draconic" - elog "rules, so you might end up with unusable web applications." - fi - else - elog "You decided to enable the original Core Rule Set from ModSecurity." - elog "Be warned that the original Core Rule Set is draconic and most likely will" - elog "render your web application unusable if you don't disable at leat some of" - elog "the rules." - fi - elog - elog "If you want to enable further rules, check the following directory:" - elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules" -} diff --git a/www-apache/mod_security/mod_security-2.5.9-r1.ebuild b/www-apache/mod_security/mod_security-2.5.9-r1.ebuild deleted file mode 100644 index ada59e529f9b..000000000000 --- a/www-apache/mod_security/mod_security-2.5.9-r1.ebuild +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.9-r1.ebuild,v 1.6 2009/12/28 18:18:13 armin76 Exp $ - -inherit apache-module autotools - -MY_P=${P/mod_security-/modsecurity-apache_} -MY_P=${MY_P/_rc/-rc} - -DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ~mips ppc sparc x86" -IUSE="lua perl" - -DEPEND="dev-libs/libxml2 - perl? ( dev-perl/libwww-perl ) - lua? ( >=dev-lang/lua-5.1 )" -RDEPEND="${DEPEND}" - -S="${WORKDIR}/${MY_P}" - -APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_CONF="2.1.2/99_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -need_apache2 - -src_unpack() { - unpack ${A} - - cd "${S}"/apache2 - - epatch "${FILESDIR}"/${P}-broken-autotools.patch - epatch "${FILESDIR}"/${P}-as-needed.patch - - eautoreconf -} - -src_compile() { - cd apache2 - - econf --with-apxs="${APXS}" \ - --without-curl \ - $(use_with lua) \ - || die "econf failed" - - APXS_FLAGS= - for flag in ${CFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" - done - - # Yes we need to prefix it _twice_ - for flag in ${LDFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" - done - - emake \ - APXS_CFLAGS="${CFLAGS}" \ - APXS_LDFLAGS="${LDFLAGS}" \ - APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ - || die "emake failed" -} - -src_test() { - cd apache2 - make test || die -} - -src_install() { - apache-module_src_install - - # install rules updater only if perl is enabled (optionally) - if use perl; then - newsbin tools/rules-updater.pl modsec-rules-updater || die - fi - - # install documentation - dodoc CHANGES || die - newdoc rules/CHANGELOG CHANGES.crs || die - newdoc rules/README README.crs || die - dohtml -r doc/* || die - - # Prepare the core ruleset - cd "${S}"/rules/ - - sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die - - insinto ${APACHE_MODULES_CONFDIR}/mod_security/ - for i in *.conf; do - newins ${i} ${i/modsecurity_crs_/} || die - done -} - -pkg_postinst() { - elog "Please note that the core rule set distributed with mod_security is quite" - elog "draconic. If you're using this on a blog, a forum or another user-submitted" - elog "web application where you might talk about standard Unix paths (such as /etc" - elog "or /bin), you might want to disable at least rules 950005 and 950907" - elog "(command injection) if you're sure it might not be a security risk." - elog " " - elog "To do that on the most limited case you might want to use something like" - elog "the following code (this comes from a Typo weblog instance):" - elog " " - elog " <Location /comments>" - elog " SecRuleRemoveById 950005 950907" - elog " </Location>" - elog " " -} |