Пакет apache2-mod_security: Specfile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 | # Spec file for mod_security module for Apache 2.0 server %define real_name modsecurity %define module_name mod_security %define version 2.9.1 %define release alt1 Name: apache2-%module_name Version: %version Release: alt1 Summary: Tighten web applications security for Apache 2.x License: Apache 2.0 Group: System/Servers URL: http://www.modsecurity.org # VCS: https://github.com/SpiderLabs/ModSecurity Packager: Nikolay A. Fetisov <naf@altlinux.ru> Source0: %real_name.tar Source3: README.ALT Source4: altdefaults.conf Source5: security.load Source6: security.conf BuildRequires(pre): apache2-devel >= 2.2.5 BuildRequires(pre): rpm-build-licenses BuildRequires: apache2-httpd-prefork gcc-c++ libcurl-devel libpcre-devel libxml2-devel BuildRequires: libyajl-devel BuildRequires: %apache2_apr_buildreq Requires(pre): apache2 >= %apache2_version-%apache2_release %description ModSecurity is an Apache 1.x/2.x module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server. At the moment its main features are: * Audit log; store full request details in a separate file, including POST payloads. * Request filtering; incoming requests can be analysed and offensive requests can be rejected (or simply logged, if that is what you want). This feature can be used to prevent many types of attacks (e.g. XSS attacks, SQL injection, ...) and even allow you to run insecure applications on your servers (if you have no other choice, of course). %package doc Summary: Documentation for %name module Group: System/Servers BuildArch: noarch %description doc ModSecurity is an Apache 1.x/2.x module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server. This package contains a documentation for ModSecurity. %summary %define conf_dir %_sysconfdir/%{module_name}2 %prep %setup -q -n %real_name %build %configure --with-apxs=%apache2_apxs \ --with-apr=%apache2_apr_config \ --enable-pcre-match-limit=1000000 \ --enable-pcre-match-limit-recursion=1000000 \ --with-yajl # remove rpath sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool %make %install /bin/install -pDm644 -- apache2/.libs/mod_security2.so %buildroot%apache2_libexecdir/mod_security2.so /bin/install -pm644 -- %SOURCE3 README.ALT /bin/install -pDm644 -- %SOURCE5 %buildroot%apache2_mods_available/security.load /bin/install -pDm644 -- %SOURCE6 %buildroot%apache2_mods_available/security.conf %__subst 's,@conf_dir@,%conf_dir,g' %buildroot%apache2_mods_available/security.conf %__subst 's,@apache2_tmpdir@,%apache2_tmpdir,g' %buildroot%apache2_mods_available/security.conf %__subst 's,@_libdir@,%_libdir,g' %buildroot%apache2_mods_available/security.load # alt default ruleset /bin/install -pD -m644 -- %SOURCE4 %buildroot%conf_dir/altdefaults.conf %post # Reconfigure Apache2: %apache2_sbindir/a2chkconfig ||: if [ -e %apache2_mods_enabled/%module_name.load ]; then CONF_OK=0 %apache2_sbindir/apachectl2 configtest && CONF_OK=1 ||: if [ "$CONF_OK" = "1" ]; then service %apache2_dname condrestart ||: else echo "Some errors detected in Apache2 configuration!" echo "To use %real_name check configuration and start %apache2_dname service." echo fi else echo "Apache2 %real_name module had been installed, but does't enabled." echo "Check %apache2_mods_start directory for files with '%module_name=no' lines." echo fi %preun if [ "$1" = "0" ] ; then # last uninstall [ -e %apache2_mods_enabled/%module_name.load ] && %apache2_sbindir/a2dismod %module_name 2>&1 >/dev/null ||: fi %postun # Reconfigure Apache2: %apache2_sbindir/a2chkconfig ||: if [ "$1" = "0" ] ; then # last uninstall CONF_OK=0 %apache2_sbindir/apachectl2 configtest && CONF_OK=1 ||: if [ "$CONF_OK" = "1" ]; then service %apache2_dname condrestart ||: else echo "Some errors detected in Apache2 configuration!" echo "To complete %real_name uninstalling check configuration and restart %apache2_dname service." echo fi fi %files %doc README.* LICENSE %apache2_libexecdir/mod_security2.so %apache2_mods_available/security.load %config(noreplace) %apache2_mods_available/security.conf %dir %conf_dir %config(noreplace) %conf_dir/*.conf %files doc %doc doc/* %changelog * Wed Apr 06 2016 Andrey Cherepanov <cas@altlinux.org> 2.9.1-alt1 - New version * Wed Apr 06 2016 Andrey Cherepanov <cas@altlinux.org> 2.5.9-alt1.qa2 - Rebuild with new apache2 * Wed Apr 17 2013 Dmitry V. Levin (QA) <qa_ldv@altlinux.org> 2.5.9-alt1.qa1 - NMU: rebuilt for debuginfo. * Mon Mar 30 2009 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.9-alt1 - New version: + Security fix: remote DoS when parsing multipart content with a missing part header name + Security fix: potential DoS when PDF XSS protection is enabled - Fix default configuration * Sun Feb 22 2009 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.7-alt3 - Fix default configuration * Sun Dec 14 2008 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.7-alt2 - Move filtering rules to the /etc/mod_security2 - Build documentation sub-package as noarch * Fri Dec 12 2008 Nikolay A. Fetisov <naf@altlinux.ru> 2.5.7-alt1 - New version 2.5.7 - Revives from orphaned * Mon May 21 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 2.1.1-alt1 - Updated to 2.1.1: + Security fix: CVE-2007-1359 (ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms) + Fixed potential memory corruption when expanding macros + other fixes (see CHANGES) * Tue Apr 10 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 2.1.0-alt2 - Change module activation way accordind to new apache2 scheme - Fix linking * Fri Mar 09 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 2.1.0-alt1 - Updated to 2.1.0: + Security fix: BONUS-12-2007:mod_security POST Rules Bypass Vulnerability, see http://www.php-security.org/MOPB/BONUS-12-2007.html (Closes: #11035) * Fri Mar 09 2007 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt4 - Build only apache2 module - Don't build separate %name-common subpackage - Rename package to apache2-mod_security * Fri Oct 06 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt3 - Whoops, really fix path to module (Closes: #10089) * Tue Sep 26 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt2 - Don't use full path to mod_security.so in apache config because it make troubles on x86_64 (reported by thresh@) * Thu Jun 01 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.4-alt1 - 1.9.4 * Thu Apr 20 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.3-alt1 - 1.9.3 * Wed Feb 01 2006 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.2-alt1 - New version - Don't use %%a_libexecdir macros * Mon Dec 12 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9.1-alt1 - New version (bugfix release) - Provide default apache-related config with some rules - Common stuff moved into -common package - Updated README.ALT * Mon Nov 07 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.9-alt1 - New version * Thu Sep 01 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.8.7-alt3 - Splited to several parts by reason: - Now building module for apache2 also - Minor spec cleanup - Changed Group * Wed Aug 24 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.8.7-alt2 - Fixed config installation (should really go to addonconfdir.d/) (thanks to mike@) - Remove previous config inclusion from httpd.conf (thanks to mike@) - Minor spec cleanup - Added README.ALT (mike@) * Wed Jul 20 2005 Vladimir V Kamarzin <vvk@altlinux.ru> 1.8.7-alt1 - Initial build for Sisyphus |