From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 026AA1581F3 for ; Sun, 1 Dec 2024 12:12:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E1890E0829; Sun, 1 Dec 2024 12:12:46 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C49FBE082F for ; Sun, 1 Dec 2024 12:12:45 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DADF1342F93 for ; Sun, 1 Dec 2024 12:12:44 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 40C5817CC for ; Sun, 1 Dec 2024 12:12:43 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1733054805.7b148743444421207e067d25ebda49b07f21e96c.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: www-apache/mod_security/ X-VCS-Repository: repo/gentoo X-VCS-Files: www-apache/mod_security/Manifest www-apache/mod_security/metadata.xml www-apache/mod_security/mod_security-2.9.8.ebuild X-VCS-Directories: www-apache/mod_security/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 7b148743444421207e067d25ebda49b07f21e96c X-VCS-Branch: master Date: Sun, 1 Dec 2024 12:12:43 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 5243ba01-3504-4c78-bec3-ef0f6b4f7c0c X-Archives-Hash: ec90917bb344dd6eb8f3360fd299026e commit: 7b148743444421207e067d25ebda49b07f21e96c Author: Tomáš Mózes gmail com> AuthorDate: Sat Oct 19 05:58:31 2024 +0000 Commit: Sam James gentoo org> CommitDate: Sun Dec 1 12:06:45 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b148743 www-apache/mod_security: add 2.9.8 Project owner changed from Trustwave to OWASP: https://owasp.org/blog/2024/01/09/ModSecurity Signed-off-by: Tomáš Mózes gmail.com> Closes: https://github.com/gentoo/gentoo/pull/39039 Signed-off-by: Sam James gentoo.org> www-apache/mod_security/Manifest | 1 + www-apache/mod_security/metadata.xml | 2 +- www-apache/mod_security/mod_security-2.9.8.ebuild | 131 ++++++++++++++++++++++ 3 files changed, 133 insertions(+), 1 deletion(-) diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest index fbf1cffc7c4f..8d5e87be1090 100644 --- a/www-apache/mod_security/Manifest +++ b/www-apache/mod_security/Manifest @@ -1 +1,2 @@ DIST modsecurity-2.9.7.tar.gz 4320766 BLAKE2B 2e0c62ae4f6fcef0b41bf1f74ab5acbae485e728f35bf621a96e622d86e2256c7e052d3a452ff49a4c4cb824243e71a706f9a5868bb3f77e37191a1dfe1b371b SHA512 a333d142f0dedf332a3cccca8267ccf9193cd4ad5a026b3cdbe0713dd1f3edde33739eae8baced2c63409cc0b220001e0a226ea032874a97c08e4065eb1fbdd5 +DIST modsecurity-v2.9.8.tar.gz 4341347 BLAKE2B 27563e06bbf86c8c84f851b20c3e281798fbcb3056abe6097493cca510b58a13f059bd510b5c7c1f75cd3347872ba2a93db2ed93d67c094637ae532860135812 SHA512 73d7965e501db0d59e25398360cb33fa34ddd6095e0dbc2df50ace7bbb5b4ad554fbc9b324cc117a82c67ad144b8477a8d55081eaee5d5a8ad692a42761fd367 diff --git a/www-apache/mod_security/metadata.xml b/www-apache/mod_security/metadata.xml index b17d41d2886d..b68c6fe191ce 100644 --- a/www-apache/mod_security/metadata.xml +++ b/www-apache/mod_security/metadata.xml @@ -34,6 +34,6 @@ - SpiderLabs/ModSecurity + owasp-modsecurity/ModSecurity diff --git a/www-apache/mod_security/mod_security-2.9.8.ebuild b/www-apache/mod_security/mod_security-2.9.8.ebuild new file mode 100644 index 000000000000..4138f6a327b8 --- /dev/null +++ b/www-apache/mod_security/mod_security-2.9.8.ebuild @@ -0,0 +1,131 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-{1..3} ) + +inherit autotools apache-module lua-single + +MY_PN=modsecurity +MY_P=${MY_PN}-v${PV} + +DESCRIPTION="Application firewall and intrusion detection for Apache" +HOMEPAGE="https://github.com/owasp-modsecurity/ModSecurity" +SRC_URI="https://github.com/owasp-modsecurity/ModSecurity/releases/download/v${PV}/${MY_P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="doc fuzzyhash geoip jit json lua mlogc pcre2" + +REQUIRED_USE="lua? ( ${LUA_REQUIRED_USE} )" + +DEPEND="dev-libs/apr:1= + dev-libs/apr-util:1[openssl] + dev-libs/expat + dev-libs/libxml2 + dev-libs/libpcre[jit?] + net-misc/curl + sys-apps/util-linux + sys-libs/gdbm:= + virtual/libcrypt:= + fuzzyhash? ( app-crypt/ssdeep ) + json? ( dev-libs/yajl ) + lua? ( ${LUA_DEPS} ) + mlogc? ( net-misc/curl ) + pcre2? ( dev-libs/libpcre2:= ) + www-servers/apache[apache2_modules_unique_id]" +BDEPEND="doc? ( app-text/doxygen )" +RDEPEND="${DEPEND} + geoip? ( dev-libs/geoip ) + mlogc? ( dev-lang/perl )" +PDEPEND=">=www-apache/modsecurity-crs-3.3.2" + +S="${WORKDIR}/${MY_P}" + +APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" +APACHE2_MOD_CONF="79_${PN}" +APACHE2_MOD_DEFINE="SECURITY" + +# Tests require symbols only defined within the Apache binary. +RESTRICT=test + +PATCHES=( + "${FILESDIR}"/${PN}-2.9.3-autoconf_lua_package_name.patch +) + +need_apache2 + +pkg_setup() { + _init_apache2 + _init_apache2_late + use lua && lua-single_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myconf=( + --disable-static + --enable-request-early + --with-apxs="${APXS}" + --with-pic + $(use_enable doc docs) + $(use_enable jit pcre-jit) + $(use_enable lua lua-cache) + $(use_enable mlogc) + $(use_with fuzzyhash ssdeep) + $(use_with json yajl) + $(use_with lua) + $(use_with pcre2) + ) + + econf ${myconf[@]} +} + +src_compile() { + default +} + +src_install() { + apache-module_src_install + + dodoc CHANGES README.md modsecurity.conf-recommended unicode.mapping + + if use doc; then + dodoc -r doc/apache/html + fi + + if use mlogc; then + insinto /etc/ + newins mlogc/mlogc-default.conf mlogc.conf + dobin mlogc/mlogc + dobin mlogc/mlogc-batch-load.pl + newdoc mlogc/INSTALL INSTALL-mlogc + fi + + # Use /var/lib instead of /var/cache. This stuff is "persistent," + # and isn't a cached copy of something that we can recreate. + # Bug 605496. + keepdir /var/lib/modsecurity + fowners apache:apache /var/lib/modsecurity + fperms 0750 /var/lib/modsecurity + for dir in data tmp upload; do + keepdir "/var/lib/modsecurity/${dir}" + fowners apache:apache "/var/lib/modsecurity/${dir}" + fperms 0750 "/var/lib/modsecurity/${dir}" + done +} + +pkg_postinst() { + elog "The base configuration file has been renamed ${APACHE2_MOD_CONF}" + elog "so that you can put your own configuration in (for example)" + elog "90_modsecurity_local.conf." + elog "" + elog "That would be the correct place for site-global security rules." + elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs" +}