From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4EA96138334 for ; Wed, 31 Oct 2018 18:34:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5F0EDE08CA; Wed, 31 Oct 2018 18:34:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 297CCE08CA for ; Wed, 31 Oct 2018 18:34:16 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B2E31335C9F for ; Wed, 31 Oct 2018 18:34:13 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 75274440 for ; Wed, 31 Oct 2018 18:34:11 +0000 (UTC) From: "Pacho Ramos" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Pacho Ramos" Message-ID: <1541010841.2dacb30d5bbd42e21c274419aedf3b8eeba2baac.pacho@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: www-apache/modsecurity-crs/, www-apache/modsecurity-crs/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: www-apache/modsecurity-crs/Manifest www-apache/modsecurity-crs/files/80_mod_security-crs.conf www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild X-VCS-Directories: www-apache/modsecurity-crs/files/ www-apache/modsecurity-crs/ X-VCS-Committer: pacho X-VCS-Committer-Name: Pacho Ramos X-VCS-Revision: 2dacb30d5bbd42e21c274419aedf3b8eeba2baac X-VCS-Branch: master Date: Wed, 31 Oct 2018 18:34:11 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 2ef7f5d3-e23f-4361-83e6-666269f09125 X-Archives-Hash: 7db6e6eedd3473702b3e3582a1a4d9ba commit: 2dacb30d5bbd42e21c274419aedf3b8eeba2baac Author: Pacho Ramos gentoo org> AuthorDate: Wed Oct 31 18:32:05 2018 +0000 Commit: Pacho Ramos gentoo org> CommitDate: Wed Oct 31 18:34:01 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dacb30d www-apache/modsecurity-crs: Drop old Signed-off-by: Pacho Ramos gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 www-apache/modsecurity-crs/Manifest | 2 - .../modsecurity-crs/files/80_mod_security-crs.conf | 8 -- .../modsecurity-crs/modsecurity-crs-2.2.7.ebuild | 134 -------------------- .../modsecurity-crs/modsecurity-crs-2.2.9.ebuild | 138 --------------------- 4 files changed, 282 deletions(-) diff --git a/www-apache/modsecurity-crs/Manifest b/www-apache/modsecurity-crs/Manifest index da8c80c1e06..0b221bc9969 100644 --- a/www-apache/modsecurity-crs/Manifest +++ b/www-apache/modsecurity-crs/Manifest @@ -1,3 +1 @@ -DIST modsecurity-crs-2.2.7.tar.gz 294137 BLAKE2B 399c72d5c52f2914e8f92c813b6ac346bbd2858d34b61ff4845dbbc7671ff7ffa906b43e2d8e3283a5f30b2fec59395b81239c121c953d51d736b009bc86f4bb SHA512 d0d3dac1b391c8ab730cc16546c9508d93c85dd674b2750d12fff99c17e5575b36bea0cf00e06fdd20c2db5dfdbdc3fd7bbaa26502988617632acfde1ee88927 -DIST modsecurity-crs-2.2.9.tar.gz 279898 BLAKE2B 75e9c5c9fb0fdf3957b17926b923d1d26b44677fc30556bf58d0b44d73918f7f65052714a7c67c53fc312f81a28422025303674f934f085929e8f4b9ea9fc063 SHA512 fc95cfff9d4ba9a4478c704e5d16e4054e514eb3ffb6343706840aad76607f997b4cc4b8b148adc5cb83743ea7996328d35b8556115de29d6a0e034b67591a09 DIST modsecurity-crs-3.0.2.tar.gz 156751 BLAKE2B 111a330b6081d476899be321e15d74379b3c3db23f429a4a4ef1900c87e4b29229638acf3bb367745446ef97ccba4679db91b0d84bae93f2c127bbb6e8031851 SHA512 ae8fe9a0f00a57708c8680cb76882214e4f5ff647e13087aaf1bfc7382cefb38d2f3a88eb1f210031b553f56d3e44c12dbdc68f8b0d09fb4a9e2f15a70d885aa diff --git a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf b/www-apache/modsecurity-crs/files/80_mod_security-crs.conf deleted file mode 100644 index c6b767a3cf2..00000000000 --- a/www-apache/modsecurity-crs/files/80_mod_security-crs.conf +++ /dev/null @@ -1,8 +0,0 @@ - - # Add your custom CRS configuration here. A copy of upstream's - # crs-setup.conf.example is includes with the documentation of - # modsecurity-crs. - - # Include the rules AFTER your custom configuration. - Include /usr/share/modsecurity-crs/rules/*.conf - diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild deleted file mode 100644 index c96ed6be896..00000000000 --- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.7.ebuild +++ /dev/null @@ -1,134 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -GITHUB_USER=SpiderLabs -GITHUB_PROJECT=owasp-${PN} - -DESCRIPTION="Core Rule Set for ModSecurity" -HOMEPAGE=" - https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project - https://modsecurity.org/crs/ - https://coreruleset.org/" -SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ppc sparc x86" -IUSE="lua geoip" - -RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" -DEPEND="" - -S="${WORKDIR}/${GITHUB_PROJECT}-${PV}" - -RULESDIR=/etc/modsecurity -LUADIR=/usr/share/${PN}/lua - -src_prepare() { - if ! use lua; then - # comment out this since it's in the same file as another one we want to keep - sed -i -e "/id:'96000[456]'/s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - - # remove these that rely on the presence of the lua files - rm \ - experimental_rules/modsecurity_crs_16_scanner_integration.conf \ - experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ - experimental_rules/modsecurity_crs_41_advanced_filters.conf \ - experimental_rules/modsecurity_crs_55_response_profiling.conf \ - experimental_rules/modsecurity_crs_56_pvi_checks.conf \ - || die - else - # fix up the path to the scripts; there seems to be no - # consistency at all on how the rules are loaded. - sed -i \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ - -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ - -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:\.\./lua/:${LUADIR}/:" \ - *_rules/*.conf || die - - # fix up the shebang on the scripts - sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ - lua/*.lua || die - fi - - sed -i \ - -e '/SecGeoLookupDb/s:^:#:' \ - -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - - if ! use geoip; then - if use lua; then - # only comment this out as the file is going to be used for other things - sed -i -e "/id:'960007'/,+1 s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - else - rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - fi - fi -} - -src_install() { - insinto "${RULESDIR}" - # slr_rules as of 2.2.6 have broken IDs that don't work with - # ModSecurity 2.7, but the rules require 2.7 to begin with. - doins -r base_rules optional_rules experimental_rules #slr_rules - - insinto "${LUADIR}" - doins lua/*.lua - - dodoc CHANGELOG README.md - - ( - cat - < -EOF - - cat modsecurity_crs_10_setup.conf.example - - cat - < - -# -*- apache -*- -# vim: ts=4 filetype=apache - -EOF - ) > "${T}"/"80_${PN}.conf" - - insinto /etc/apache2/modules.d/ - doins "${T}"/"80_${PN}.conf" -} - -pkg_postinst() { - elog - elog "If you want to enable further rules, check the following directories:" - elog " ${RULESDIR}/optional_rules" - elog " ${RULESDIR}/experimental_rules" - elog "" - elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" - elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" - elog "should change 80_${PN}.conf so that you have these settings enabled:" - elog "" - elog " #SecDefaultAction \"phase:2,deny,log\"" - elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" - elog "" - elog "Starting from version 2.1.2 rules are installed, for consistency, under" - elog "/etc/modsecurity, and can be configured with the following file:" - elog " /etc/apache2/modules.d/80_${PN}.conf" - elog "" -} diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild deleted file mode 100644 index 57f9f9b0391..00000000000 --- a/www-apache/modsecurity-crs/modsecurity-crs-2.2.9.ebuild +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -GITHUB_USER=SpiderLabs -GITHUB_PROJECT=owasp-${PN} - -DESCRIPTION="Core Rule Set for ModSecurity" -HOMEPAGE=" - https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project - https://modsecurity.org/crs/ - https://coreruleset.org/" -SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~sparc ~x86" -IUSE="lua geoip" - -RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]" -DEPEND="" - -S="${WORKDIR}/${GITHUB_PROJECT}-${PV}" - -RULESDIR=/etc/modsecurity -LUADIR=/usr/share/${PN}/lua - -src_prepare() { - if ! use lua; then - # comment out this since it's in the same file as another one we want to keep - sed -i -e "/id:'900036'/s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - - # remove these that rely on the presence of the lua files - rm \ - experimental_rules/modsecurity_crs_16_scanner_integration.conf \ - experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf \ - experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \ - experimental_rules/modsecurity_crs_48_bayes_analysis.conf \ - experimental_rules/modsecurity_crs_55_response_profiling.conf \ - experimental_rules/modsecurity_crs_56_pvi_checks.conf \ - || die - else - # fix up the path to the scripts; there seems to be no - # consistency at all on how the rules are loaded. - sed -i \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:profile_page_scripts.lua:${LUADIR}/\0:" \ - -e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \ - -e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \ - -e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \ - -e "s:\.\./lua/:${LUADIR}/:" \ - *_rules/*.conf || die - - # fix up the shebang on the scripts - sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \ - lua/*.lua || die - fi - - sed -i \ - -e '/SecGeoLookupDb/s:^:#:' \ - -e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf \ - experimental_rules/modsecurity_crs_11_proxy_abuse.conf || die - - if ! use geoip; then - rm experimental_rules/modsecurity_crs_11_proxy_abuse.conf - - if use lua; then - # only comment this out as the file is going to be used for other things - sed -i -e "/id:'900039'/,+1 s:^:#:" \ - experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - else - rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die - fi - fi - - eapply_user -} - -src_install() { - insinto "${RULESDIR}" - doins -r base_rules optional_rules experimental_rules slr_rules - - insinto "${LUADIR}" - doins lua/*.lua - - dodoc CHANGES README.md - - ( - cat - < -EOF - - cat modsecurity_crs_10_setup.conf.example - - cat - < - -# -*- apache -*- -# vim: ts=4 filetype=apache - -EOF - ) > "${T}"/"80_${PN}.conf" - - insinto /etc/apache2/modules.d/ - doins "${T}"/"80_${PN}.conf" -} - -pkg_postinst() { - elog - elog "If you want to enable further rules, check the following directories:" - elog " ${RULESDIR}/optional_rules" - elog " ${RULESDIR}/experimental_rules" - elog "" - elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block" - elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you" - elog "should change 80_${PN}.conf so that you have these settings enabled:" - elog "" - elog " #SecDefaultAction \"phase:2,deny,log\"" - elog " SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\"" - elog "" - elog "Starting from version 2.1.2 rules are installed, for consistency, under" - elog "/etc/modsecurity, and can be configured with the following file:" - elog " /etc/apache2/modules.d/80_${PN}.conf" - elog "" -}