| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Bug: https://bugs.gentoo.org/show_bug.cgi?id=594920
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Closes: https://github.com/gentoo/gentoo/pull/4970
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.1
|
|
|
|
|
|
| |
Gentoo-Bug: https://bugs.gentoo.org/551216
Closes: https://github.com/gentoo/gentoo/pull/4962
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.1
|
|
|
|
| |
Package-Manager: Portage-2.3.6, Repoman-2.3.2
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
|
|
|
| |
Package-Manager: Portage-2.3.6, Repoman-2.3.2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new version is a companion to the new mod_security-2.9.1. The
rule numbering (and loading?) upstream has been completely rewritten,
so the ebuild was too: it's a lot simpler now. I based the new ebuild
off of the one posted to bug 615750 by Graham E, so thanks are due to
him.
The "geoip" and "lua" USE flags were dropped in the hopes that the new
rule-loading system is smart enough to do the right thing. If not,
this may need a revision to disable any rules that won't work with the
installed version of mod_security.
Gentoo-Bug: 615750
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've made a few small changes to the configuration file that we
install by default. First, I've added two settings, SecTmpDir and
SecUploadDir, which serve a similar purpose as the existing
SecDataDir. All of those need to be located somewhere safe, and the
upstream defaults point to /tmp (which is not safe). It is therefore
necessary that we override them, and point them to a location that is
created and made private in the ebuild. We now use
/var/lib/modsecurity/{data,tmp,upload}
and I've made them mode 0750 by default (owned by apache:apache).
I've also removed two settings that used to be present. Our default
configuration is extremely close to the upstream defaults, and sets
almost nothing in 79_mod_security.conf explicitly. The presence of
SecHttpBlKey was therefore rather strange, since it was disabled by
default and contained nothing Gentoo-specific. I've removed it for
consistency (it is documented upstream for people who want it).
The other setting that I've removed is SecGeoLookupDb. This one could
at least be justified for containing a Gentoo-specific path. However,
the path doesn't work out-of-the-box; it requires you to (manually, or
via cron) update your GeoIP database at least once before using it. At
that point, you know the location of the database, and can point
mod_security to it yourself. Taking that into consideration, it again
makes more sense to omit the setting for consistency and defer to the
upstream documentation and defaults.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
|
|
|
|
|
|
|
| |
Fix EAPI=6 which failed silently due to changes in depend.apache.eclass.
This only seems possible when apache2 is optional, so make this a
USE flag. This should make it possible to use passenger standalone version
without apache, but this is not tested yet.
Fixes bug 618270
Package-Manager: Portage-2.3.5, Repoman-2.3.1
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a few important changes in this version. First, there is a
new USE flag "mlogc" for the audit log collector. USE=curl was too
confusing. Oh, and it actually installs the log collector files now.
Next, I've moved the SecDataDir under /var/lib to eliminate a QA
warning. That's a better place for it anyway, because it doesn't hold
cached data (we have no way to recreate the stuff if it disappears).
I've dropped the code that enables/disables the GeoIP stuff in the
configuration file. We don't need to sed our users' configurations
based on USE flags: they'll set it to what they want, and we should
leave it that way. The flag is still there to pull in the geoip libs.
The configuration file is named 79_mod_security.conf now, for consistency.
There are two completely new flags, USE=json and USE=fuzzyhash to
enable new upstream features. Some missing dependencies were added,
and the docs are being built with doxygen for now.
The following users submitted code and/or suggestions that I've
used. Thanks guys!
* Chris Frederick
* Graham E
* Leho Kraav
* Mario D. Santana
Gentoo-Bug: 518828
Gentoo-Bug: 594720
Gentoo-Bug: 605496
Gentoo-Bug: 615294
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
|
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="ppc64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
|
|
| |
Bug: 573914
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
|
|
|
| |
Bug: 601228
Bug: 616602
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
RepoMan-Options: --include-arches="amd64 arm arm64 ppc ppc64"
|
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
RepoMan-Options: --include-arches="arm arm64 ppc ppc64"
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
| |
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
| |
Package-Manager: Portage-2.3.5, Repoman-2.3.2
|
| |
|
|
|
|
| |
Bug: 611234
|
|
|
|
| |
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
|
|
|
|
| |
Closes: https://github.com/gentoo/gentoo/pull/3968
|
|
|
|
| |
Closes: https://github.com/gentoo/gentoo/pull/3959
|
|
|
|
| |
Closes: https://github.com/gentoo/gentoo/pull/3961
|
|
|
|
| |
Closes: https://github.com/gentoo/gentoo/pull/3960
|
|
|
|
|
|
|
|
|
| |
mod_perl needs the APR_ECRYPT header definition which was introduced in
apr-util-1.4.x. Any box with only apr-util-1.3.x would fail to compile
otherwise. Compile failure found during infra upgrades, as nothing else
brought in newer apr-util on old systems.
Package-Manager: portage-2.3.2
|
|
|
|
|
|
| |
Fixes: https://bugs.gentoo.org/show_bug.cgi?id=580078
Package-Manager: portage-2.3.2
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
mpm_itk needs root or things running apache as non-root fail.
mod_perl tests needs to be not run as root or it will skip tests.
Therefor, mod_perl's tests and mpm_itk can't coexist.
Bug: https://bugs.gentoo.org/603378
Package-Manager: Portage-2.3.3, Repoman-2.3.1
|
|
|
|
| |
Package-Manager: portage-2.3.3
|
|
|
|
|
|
| |
Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="ppc"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|
|
|
|
|
|
| |
Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
|