From ae8101db8c521cf7272592038f7bb7592277445c Mon Sep 17 00:00:00 2001 From: Diego Elio Pettenò Date: Tue, 9 Feb 2010 17:48:43 +0000 Subject: Version bump, this version fixes possible security problems. Keep an old version around though as the HTTP Parameter Pollution code changed drastically and might break Rails again. Package-Manager: portage-2.2_rc62/cvs/Linux x86_64 --- www-apache/mod_security/ChangeLog | 13 +- www-apache/mod_security/Manifest | 18 ++- .../mod_security/files/2.5.10/99_mod_security.conf | 4 + .../mod_security/mod_security-2.5.11-r1.ebuild | 134 -------------------- www-apache/mod_security/mod_security-2.5.12.ebuild | 136 +++++++++++++++++++++ www-apache/mod_security/mod_security-2.5.9.ebuild | 92 -------------- 6 files changed, 165 insertions(+), 232 deletions(-) delete mode 100644 www-apache/mod_security/mod_security-2.5.11-r1.ebuild create mode 100644 www-apache/mod_security/mod_security-2.5.12.ebuild delete mode 100644 www-apache/mod_security/mod_security-2.5.9.ebuild (limited to 'www-apache') diff --git a/www-apache/mod_security/ChangeLog b/www-apache/mod_security/ChangeLog index 37b7b0a25508..28107b6fc2aa 100644 --- a/www-apache/mod_security/ChangeLog +++ b/www-apache/mod_security/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for www-apache/mod_security -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.36 2009/12/28 18:18:13 armin76 Exp $ +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.37 2010/02/09 17:48:42 flameeyes Exp $ + +*mod_security-2.5.12 (09 Feb 2010) + + 09 Feb 2010; Diego E. Pettenò + files/2.5.10/99_mod_security.conf, -mod_security-2.5.9.ebuild, + -mod_security-2.5.11-r1.ebuild, +mod_security-2.5.12.ebuild: + Version bump, this version fixes possible security problems. Keep an old + version around though as the HTTP Parameter Pollution code changed + drastically and might break Rails again. 28 Dec 2009; Raúl Porcel mod_security-2.5.9-r1.ebuild: diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest index c376780fed06..1d47f79fd1a2 100644 --- a/www-apache/mod_security/Manifest +++ b/www-apache/mod_security/Manifest @@ -1,15 +1,25 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX 2.1.2/99_mod_security.conf 198 RMD160 cde9de9e21d3e31467737a87fe6af73e18827bc6 SHA1 f41792ed3de6955786d5b08da708c74e2be6d3bf SHA256 45ae219fca3eddadf47b9ebd1ebd44c668833b894a38672c481a828af97cdfcf -AUX 2.5.10/99_mod_security.conf 309 RMD160 6f37945471354559afbfd00b84e74e69e2625552 SHA1 9af7b0f78b3c6294dbf53399bc7a7d0c3bbb2aec SHA256 828858d314f1e0a234bb5d848a7436456eadfbe49c8c8e00b28838d5494a79fe +AUX 2.5.10/99_mod_security.conf 457 RMD160 8f0e24cdfa7a71487365b42fd194a87e5ce426a8 SHA1 2d3cf537fb777dca964a40de2f512245bf390641 SHA256 541fbaa2f62f501190cfef67bb760f2c4ef7aef7d260a544b3d8886aca6aea2d AUX mod_security-2.5.10-as-needed.patch 1169 RMD160 56ea5b1de8673556a0cfff3db606824ccb092e92 SHA1 1417de57c5e3bce8bab6f37f6ef532be44140c6c SHA256 aa1086c66d10b40d4ae184dad1bf9fc18e2fc8c6c3474ad2537b1728a01bd8be AUX mod_security-2.5.10-broken-autotools.patch 626 RMD160 5c11f992e483b64cfada87407b8eb4491a744ce6 SHA1 5dbaf237d045d2ecfd750a2dbe3da7bf93212ece SHA256 ec30cc387036e08c7126473aadc72003233a23e49037aaaac163efce7886bc04 AUX mod_security-2.5.11-disable-http-pollution.patch 1499 RMD160 9089b9385faed2c8414f7e2bf3bfe41bc0af3ba5 SHA1 68711eb3ce736ce1a81a2984899507ecb5707226 SHA256 f1fa066962ef24daa479b0e24eb76bf637aa198d0315dae7b03ff1aed78cf939 AUX mod_security-2.5.9-as-needed.patch 1166 RMD160 e70d1e0ff9e8396d4447e25bb0664111a27a31ff SHA1 d2e35d9a823ec37fd11119644bff4c2373b31553 SHA256 4438e7cc1675ce23354cd6ba9c74b5b669f2f80629bdd4cc7532e48cda8ebfd5 AUX mod_security-2.5.9-broken-autotools.patch 2103 RMD160 795e3fc59b881bf02fa5a65b6dae4f120de253f0 SHA1 773a56d9e177056be3de0b0c85747478fb5f3b2f SHA256 68df2416a6b464719fb41772472fd04b196b9fee7e102fc76f95c6827282a283 DIST modsecurity-apache_2.5.11.tar.gz 1338425 RMD160 1d9769bda6ddc0c65f5e7be452515c4f1980b8c1 SHA1 aa8ec8d637efb0c646c41eb6880e684df04f8214 SHA256 fd81a8998327ef2010426fcc2899312eddfe4dc462c417e9e7aeb64a6d4ed2bf +DIST modsecurity-apache_2.5.12.tar.gz 1392209 RMD160 e7dae0754e5866c247083f1291bcd5cd08db87d5 SHA1 eb2068e5d31525fa53769dabd1a1c65896fd4e76 SHA256 168bb6591a0f9665169e0ed223a00d63a1c87e11d1e56388abcf431f30efaa84 DIST modsecurity-apache_2.5.9.tar.gz 1252295 RMD160 adab10e5eab50f0d114e3ccb47c343e744119c8f SHA1 875919332a918956371fe8e2f7e46d88081857cf SHA256 02352221ea268f8ae9aae5b84507f51eba2a67c0f7d2efd5cc88e85f1f394056 -EBUILD mod_security-2.5.11-r1.ebuild 3762 RMD160 19e9c0edf1250d84369b409f8e2e74762bb1eb21 SHA1 8a98eda2d91db6914e242289a010d9aac4178e73 SHA256 52766e95d61b253988f3671930f8358e10e67aa882503f44167201c39f719f3f EBUILD mod_security-2.5.11-r2.ebuild 4177 RMD160 3fce2ec1a4640cbf627b35047200112b9e78439b SHA1 6641c5141684d858f89d5aca046c9e50d5be9538 SHA256 de3dba2f3677a57a9eaf55ea158a919323b4af73490ea0c295c8bebd147916ca +EBUILD mod_security-2.5.12.ebuild 3786 RMD160 032c9baa799b5014a5818b540215a2b20ec35120 SHA1 ef5a4ad479b8c3d0a964773323e7b3c3d1df8ba0 SHA256 a00d91e1cc73cc97ffb958cd21015c508ff83055b3bac45339587710987bffb4 EBUILD mod_security-2.5.9-r1.ebuild 2785 RMD160 1ce2700c67ca15c7de02545b05fda23415e2b6f2 SHA1 6c37e9fa938c780a7cf89021b443b928d3956763 SHA256 0f1ecb0e2bd70507483ab23cec1645acbf7d284cb0789f98d711b09d293a3038 -EBUILD mod_security-2.5.9.ebuild 1944 RMD160 2007bd7cea81b0179a487ac2c96e1901791b02bb SHA1 0c3a515418374db4cd7e11d95bf6dac31fb5374b SHA256 aa0c4b31738d2c5da6e7ace0d766fceaf9fd5c8cccd8f8707ad9ef36a1912c88 -MISC ChangeLog 10801 RMD160 86bf78dd65974f92ef2f7be19e6a90cdca86da0f SHA1 360cb41fa07138046fe42fc5b10d47feb1284daf SHA256 ce9b8217b8c8deb8536b65f5becaf07248a05634a62220dfa99ad63952f5084a +MISC ChangeLog 11211 RMD160 30fff877672f7726dfd0edf11cbc215e6232d714 SHA1 b3eec361367c7d6fae2fd4a1bc0cb62d3bcb32bb SHA256 99c8f66ea92e078d6bc1549661b49771dac9ac15a81b8b26ae871b0af3b52e0e MISC metadata.xml 998 RMD160 e30606be3e29eac90df052ec81b5823f85256b35 SHA1 a1f10963249cd650e892cefc82c82fd09c675aa5 SHA256 58f671589c6c1dbaa7cd9d7866dfb9b9b563b400b5fe97c42fa74f246a70f42d +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.14 (GNU/Linux) + +iEYEARECAAYFAktxoAUACgkQAiZjviIA2XggEgCg3cyOAg5iZkgfYfwO1PP+OSW2 +FqUAoNh9mj3MwCjHHU0TiAYLZ6DTPKQC +=cn5E +-----END PGP SIGNATURE----- diff --git a/www-apache/mod_security/files/2.5.10/99_mod_security.conf b/www-apache/mod_security/files/2.5.10/99_mod_security.conf index bb5bb0ce59d9..d5ed8fa8b96d 100644 --- a/www-apache/mod_security/files/2.5.10/99_mod_security.conf +++ b/www-apache/mod_security/files/2.5.10/99_mod_security.conf @@ -1,6 +1,10 @@ LoadModule security2_module modules/mod_security2.so +# this is only useful with either no core-rule-set, or with crs +# version 2.0.5 or later, as it doesn't set it. +SecDataDir /var/cache/mod_security + # use Core Rule Set by default: Include /etc/apache2/modules.d/mod_security/*.conf diff --git a/www-apache/mod_security/mod_security-2.5.11-r1.ebuild b/www-apache/mod_security/mod_security-2.5.11-r1.ebuild deleted file mode 100644 index ae2c2c5d4ba2..000000000000 --- a/www-apache/mod_security/mod_security-2.5.11-r1.ebuild +++ /dev/null @@ -1,134 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.11-r1.ebuild,v 1.1 2009/11/21 13:13:47 flameeyes Exp $ - -inherit apache-module autotools - -MY_P=${P/mod_security-/modsecurity-apache_} -MY_P=${MY_P/_rc/-rc} - -DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~mips ~ppc ~sparc ~x86" -IUSE="lua perl vanilla" - -DEPEND="dev-libs/libxml2 - perl? ( dev-perl/libwww-perl ) - lua? ( >=dev-lang/lua-5.1 )" -RDEPEND="${DEPEND}" - -S="${WORKDIR}/${MY_P}" - -APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_CONF="2.5.10/99_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -need_apache2 - -src_unpack() { - unpack ${A} - - cd "${S}" - if ! use vanilla; then - # Disabling rules here - epatch "${FILESDIR}"/${PN}-2.5.11-disable-http-pollution.patch - fi - - epatch "${FILESDIR}"/${PN}-2.5.10-broken-autotools.patch - epatch "${FILESDIR}"/${PN}-2.5.10-as-needed.patch - - cd apache2 - eautoreconf -} - -src_compile() { - cd apache2 - - econf --with-apxs="${APXS}" \ - --without-curl \ - $(use_with lua) \ - || die "econf failed" - - APXS_FLAGS= - for flag in ${CFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" - done - - # Yes we need to prefix it _twice_ - for flag in ${LDFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" - done - - emake \ - APXS_CFLAGS="${CFLAGS}" \ - APXS_LDFLAGS="${LDFLAGS}" \ - APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ - || die "emake failed" -} - -src_test() { - cd apache2 - make test || die -} - -src_install() { - apache-module_src_install - - # install rules updater only if perl is enabled (optionally) - if use perl; then - newsbin tools/rules-updater.pl modsec-rules-updater || die - fi - - # install documentation - dodoc CHANGES || die - newdoc rules/CHANGELOG CHANGES.crs || die - newdoc rules/README README.crs || die - dohtml -r doc/* || die - - # Prepare the core ruleset - cd "${S}"/rules/ - - sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die - - insinto ${APACHE_MODULES_CONFDIR}/mod_security/ - doins *.conf base_rules/* || die - - insinto ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules - doins optional_rules/* || die - - if ! use vanilla; then - mv "${D}"${APACHE_MODULES_CONFDIR}/mod_security/modsecurity_*{41_phpids,50_outbound}* \ - "${D}"${APACHE_MODULES_CONFDIR}/mod_security/optional_rules || die - fi -} - -pkg_postinst() { - if ! use vanilla; then - elog "Please note that the core rule set distributed with mod_security is quite" - elog "draconic; to make it more usable, the Gentoo distribution disables a few" - elog "rule set files, that are relevant for PHP-only websites or that would make it" - elog "kill a website that discussed of source code." - elog - elog "Furthermore we disable the 'HTTP Parameter Pollution' tests that disallow" - elog "multiple parameters with the same name, because that's common practice both" - elog "for Rails-based web-applications and Bugzilla." - if use perl; then - elog - elog "You want to install the Perl-based updater script for the Core Rule Set." - elog "Be warned that the script will update the rules iwth the original, draconic" - elog "rules, so you might end up with unusable web applications." - fi - else - elog "You decided to enable the original Core Rule Set from ModSecurity." - elog "Be warned that the original Core Rule Set is draconic and most likely will" - elog "render your web application unusable if you don't disable at leat some of" - elog "the rules." - fi - elog - elog "If you want to enable further rules, check the following directory:" - elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules" -} diff --git a/www-apache/mod_security/mod_security-2.5.12.ebuild b/www-apache/mod_security/mod_security-2.5.12.ebuild new file mode 100644 index 000000000000..8121bb152bd0 --- /dev/null +++ b/www-apache/mod_security/mod_security-2.5.12.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.12.ebuild,v 1.1 2010/02/09 17:48:42 flameeyes Exp $ + +EAPI=2 + +inherit apache-module autotools + +MY_P=${P/mod_security-/modsecurity-apache_} +MY_P=${MY_P/_rc/-rc} + +DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." +HOMEPAGE="http://www.modsecurity.org/" +SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~mips ~ppc ~sparc ~x86" +IUSE="lua perl vanilla" + +DEPEND="dev-libs/libxml2 + perl? ( dev-perl/libwww-perl ) + lua? ( >=dev-lang/lua-5.1 ) + www-servers/apache[apache2_modules_unique_id]" +RDEPEND="${DEPEND}" + +S="${WORKDIR}/${MY_P}" + +APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" +APACHE2_MOD_CONF="2.5.10/99_mod_security" +APACHE2_MOD_DEFINE="SECURITY" + +need_apache2 + +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.5.10-as-needed.patch + + cd apache2 + eautoreconf +} + +src_configure() { + cd apache2 + + econf --with-apxs="${APXS}" \ + --without-curl \ + $(use_with lua) \ + || die "econf failed" +} + +src_compile() { + cd apache2 + + APXS_FLAGS= + for flag in ${CFLAGS}; do + APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" + done + + # Yes we need to prefix it _twice_ + for flag in ${LDFLAGS}; do + APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" + done + + emake \ + APXS_CFLAGS="${CFLAGS}" \ + APXS_LDFLAGS="${LDFLAGS}" \ + APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ + || die "emake failed" +} + +src_test() { + cd apache2 + emake test || die +} + +src_install() { + apache-module_src_install + + # install rules updater only if perl is enabled (optionally) + if use perl; then + newsbin tools/rules-updater.pl modsec-rules-updater || die + fi + + # install documentation + dodoc CHANGES || die + newdoc rules/CHANGELOG CHANGES.crs || die + newdoc rules/README README.crs || die + dohtml -r doc/* || die + + # Prepare the core ruleset + cd "${S}"/rules/ + + sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die + + insinto ${APACHE_MODULES_CONFDIR}/mod_security/ + doins *.conf base_rules/* || die + + insinto ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules + doins optional_rules/* || die + + if ! use vanilla; then + mv "${D}"${APACHE_MODULES_CONFDIR}/mod_security/modsecurity_*{41_phpids,50_outbound}* \ + "${D}"${APACHE_MODULES_CONFDIR}/mod_security/optional_rules || die + fi + + keepdir /var/cache/mod_security || die + fowners apache:apache /var/cache/mod_security || die + fperms 0770 /var/cache/mod_security || die +} + +pkg_postinst() { + if ! use vanilla; then + elog "Please note that the core rule set distributed with mod_security is quite" + elog "draconic; to make it more usable, the Gentoo distribution disables a few" + elog "rule set files, that are relevant for PHP-only websites or that would make it" + elog "kill a website that discussed of source code." + elog + elog "Furthermore we disable the 'HTTP Parameter Pollution' tests that disallow" + elog "multiple parameters with the same name, because that's common practice both" + elog "for Rails-based web-applications and Bugzilla." + if use perl; then + elog + elog "You want to install the Perl-based updater script for the Core Rule Set." + elog "Be warned that the script will update the rules iwth the original, draconic" + elog "rules, so you might end up with unusable web applications." + fi + else + elog "You decided to enable the original Core Rule Set from ModSecurity." + elog "Be warned that the original Core Rule Set is draconic and most likely will" + elog "render your web application unusable if you don't disable at leat some of" + elog "the rules." + fi + elog + elog "If you want to enable further rules, check the following directory:" + elog " ${APACHE_MODULES_CONFDIR}/mod_security/optional_rules" +} diff --git a/www-apache/mod_security/mod_security-2.5.9.ebuild b/www-apache/mod_security/mod_security-2.5.9.ebuild deleted file mode 100644 index 1d4cf247d6a1..000000000000 --- a/www-apache/mod_security/mod_security-2.5.9.ebuild +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.9.ebuild,v 1.4 2009/06/02 16:46:55 armin76 Exp $ - -inherit apache-module autotools - -MY_P=${P/mod_security-/modsecurity-apache_} -MY_P=${MY_P/_rc/-rc} - -DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ~mips ppc sparc x86" -IUSE="lua" - -DEPEND="dev-libs/libxml2 - lua? ( >=dev-lang/lua-5.1 )" -RDEPEND="${DEPEND}" - -S="${WORKDIR}/${MY_P}" - -APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_CONF="2.1.2/99_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -need_apache2 - -src_unpack() { - unpack ${A} - - cd "${S}"/apache2 - - epatch "${FILESDIR}"/${P}-broken-autotools.patch - - eautoreconf -} - -src_compile() { - cd apache2 - - econf --with-apxs="${APXS}" \ - --without-curl \ - $(use_with lua) \ - || die "econf failed" - - APXS_FLAGS= - for flag in ${CFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" - done - - # Yes we need to prefix it _twice_ - for flag in ${LDFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" - done - - emake \ - APXS_CFLAGS="${CFLAGS}" \ - APXS_LDFLAGS="${LDFLAGS}" \ - APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ - || die "emake failed" -} - -src_test() { - cd apache2 - make test || die -} - -src_install() { - apache-module_src_install - - # install rules updater - newbin tools/rules-updater.pl modsec-rules-updater || die - - # install documentation - dodoc CHANGES || die - newdoc rules/CHANGELOG CHANGES.crs || die - newdoc rules/README README.crs || die - dohtml -r doc/* || die - - # Prepare the core ruleset - cd "${S}"/rules/ - - sed -i -e 's:logs/:/var/log/apache2/:g' *.conf || die - - insinto ${APACHE_MODULES_CONFDIR}/mod_security/ - for i in *.conf; do - newins ${i} ${i/modsecurity_crs_/} || die - done -} -- cgit v1.2.3-65-gdbad