summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /www-apache/mod_security
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'www-apache/mod_security')
-rw-r--r--www-apache/mod_security/Manifest3
-rw-r--r--www-apache/mod_security/files/modsecurity-2.7.conf15
-rw-r--r--www-apache/mod_security/metadata.xml27
-rw-r--r--www-apache/mod_security/mod_security-2.7.4.ebuild97
-rw-r--r--www-apache/mod_security/mod_security-2.7.5.ebuild97
-rw-r--r--www-apache/mod_security/mod_security-2.7.7.ebuild97
6 files changed, 336 insertions, 0 deletions
diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest
new file mode 100644
index 000000000000..d174741b1773
--- /dev/null
+++ b/www-apache/mod_security/Manifest
@@ -0,0 +1,3 @@
+DIST modsecurity-apache_2.7.4.tar.gz 1014983 SHA256 605d6f1b03e648001ef1c7db7b18d51c01edd443b57cbbd4e298770ffdcd0eb9 SHA512 5a3bc3e2845b05e33c43fd08458a91c5dfa37ecc8583abfd5bfdb52dbd405f1c6b8b9995ede22cb41eb42dce910dba657f298ba14a9d37addabde4b0ca02d5f2 WHIRLPOOL c83a92571469cde7aab960c56b96a082c68d9ad58f5ed549e08bf4e481147d0763b4c054d598ff509474d86048c048769bdc7c9e22669d957d2d28531fef96d7
+DIST modsecurity-apache_2.7.5.tar.gz 1045387 SHA256 9e907536278d8da80d3dbb29aeffe9c4ec37ce9b641035b2da64e993135647a2 SHA512 dd6d4b58c5abb7440d2b9a429a548485b5aebecf1859c93427bdcf30cdbc93c975e455f3f843cf82c4efdf2db06f6a43bf4db2bfdd84adabddeb5dabacedc141 WHIRLPOOL 4d71f3ae86ca1dda9d1547b140decde24ee5116733ecf86a0a95797e3ce9bf1e29cf42116a2a69b332132c3ad749fe5f18566bbe7dc6d60f47b378a0ef6d6cbc
+DIST modsecurity-apache_2.7.7.tar.gz 1003835 SHA256 11e05cfa6b363c2844c6412a40ff16f0021e302152b38870fd1f2f44b204379b SHA512 859f72580b6acaae5db180f98ee32ad2cb0f3ef24321d0c2df20ddd9fcfbc6c09c98b672012dc4931a6fd14f3c21c38ed31ab8900940382fcb48b37f30005a7d WHIRLPOOL e70f09c6bf640733696e6c544b4e37702ab05b043bdf07266a081316620986e976d2dcf8c1552380e846132473718b3ae7f0cadd18953b08b22bef5de3a5b455
diff --git a/www-apache/mod_security/files/modsecurity-2.7.conf b/www-apache/mod_security/files/modsecurity-2.7.conf
new file mode 100644
index 000000000000..43508bca635f
--- /dev/null
+++ b/www-apache/mod_security/files/modsecurity-2.7.conf
@@ -0,0 +1,15 @@
+<IfDefine SECURITY>
+LoadModule security2_module modules/mod_security2.so
+
+# Enable looking up geolocation data from MaxMind's GeoIP database
+SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
+
+SecDataDir /var/cache/modsecurity
+
+# Define here your http:BL API key if any
+# see http://www.projecthoneypot.org/httpbl_api.php
+#SecHttpBlKey xxxxxxxx
+</IfDefine>
+
+# -*- apache -*-
+# vim: ts=4 filetype=apache
diff --git a/www-apache/mod_security/metadata.xml b/www-apache/mod_security/metadata.xml
new file mode 100644
index 000000000000..5d1112092a64
--- /dev/null
+++ b/www-apache/mod_security/metadata.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>flameeyes@gentoo.org</email>
+ <name>Diego E. Pettenò</name>
+ </maintainer>
+ <use>
+ <flag name='geoip'>
+ Configure ModSecurity to query the GeoIP database from MaxMind,
+ provided by <pkg>dev-libs/geoip</pkg>. This flag only controls
+ the default configuration, as the GeoIP query code is part of
+ ModSecurity's source code.
+ </flag>
+
+ <flag name='curl'>
+ Build the ModSecurity Audit Log Collector (mlogc) that depends
+ on <pkg>net-misc/curl</pkg>.
+ </flag>
+
+ <flag name='jit'>
+ Add support for the PCRE Just-in-Time optimisation, as enabled
+ by <pkg>dev-libs/libpcre</pkg> with jit USE flag enabled. Might
+ not be available on hardened systems.
+ </flag>
+ </use>
+</pkgmetadata>
diff --git a/www-apache/mod_security/mod_security-2.7.4.ebuild b/www-apache/mod_security/mod_security-2.7.4.ebuild
new file mode 100644
index 000000000000..b19390883475
--- /dev/null
+++ b/www-apache/mod_security/mod_security-2.7.4.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit apache-module
+
+MY_PN=modsecurity-apache
+MY_PV=${PV/_rc/-rc}
+MY_P=${MY_PN}_${MY_PV}
+
+DESCRIPTION="Web application firewall and Intrusion Detection System for Apache"
+HOMEPAGE="http://www.modsecurity.org/"
+SRC_URI="http://www.modsecurity.org/tarball/${PV}/${MY_P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 ppc sparc x86"
+IUSE="geoip curl lua jit"
+
+DEPEND=">=dev-libs/libxml2-2.7.8
+ dev-libs/libpcre[jit?]
+ lua? ( >=dev-lang/lua-5.1 )
+ curl? ( >=net-misc/curl-7.15.1 )
+ www-servers/apache[apache2_modules_unique_id]"
+RDEPEND="${DEPEND}
+ geoip? ( dev-libs/geoip )"
+PDEPEND=">=www-apache/modsecurity-crs-2.2.6-r1"
+
+S="${WORKDIR}/${MY_P}"
+
+APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
+APACHE2_MOD_DEFINE="SECURITY"
+
+# Tests require symbols only defined within the Apache binary.
+RESTRICT=test
+
+need_apache2
+
+src_prepare() {
+ cp "${FILESDIR}"/modsecurity-2.7.conf "${T}"/79_modsecurity.conf || die
+}
+
+src_configure() {
+ econf \
+ --enable-shared --disable-static \
+ --with-apxs="${APXS}" \
+ --enable-request-early \
+ $(use_enable curl mlogc) \
+ $(use_with lua) \
+ $(use_enable jit pcre-jit)
+}
+
+src_compile() {
+ if ! use geoip; then
+ sed -i -e '/SecGeoLookupDb/s:^:#:' \
+ "${T}"/79_modsecurity.conf || die
+ fi
+
+ emake
+}
+
+src_test() {
+ emake check
+}
+
+src_install() {
+ apache-module_src_install
+
+ # install manually rather than by using the APACHE2_MOD_CONF
+ # variable since we have to edit it to set things up properly.
+ insinto "${APACHE_MODULES_CONFDIR}"
+ doins "${T}"/79_modsecurity.conf
+
+ dodoc CHANGES NOTICE README.TXT README_WINDOWS.TXT
+
+ dohtml -r doc/*
+
+ keepdir /var/cache/modsecurity
+ fowners apache:apache /var/cache/modsecurity
+ fperms 0770 /var/cache/modsecurity
+}
+
+pkg_postinst() {
+ if [[ -f "${ROOT}"/etc/apache/modules.d/99_mod_security.conf ]]; then
+ ewarn "You still have the configuration file 99_mod_security.conf."
+ ewarn "Please make sure to remove that and keep only 79_modsecurity.conf."
+ ewarn ""
+ fi
+ elog "The base configuration file has been renamed 79_modsecurity.conf"
+ elog "so that you can put your own configuration as 90_modsecurity_local.conf or"
+ elog "equivalent."
+ elog ""
+ elog "That would be the correct place for site-global security rules."
+ elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs"
+}
diff --git a/www-apache/mod_security/mod_security-2.7.5.ebuild b/www-apache/mod_security/mod_security-2.7.5.ebuild
new file mode 100644
index 000000000000..393536d792d9
--- /dev/null
+++ b/www-apache/mod_security/mod_security-2.7.5.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit apache-module
+
+MY_PN=modsecurity-apache
+MY_PV=${PV/_rc/-rc}
+MY_P=${MY_PN}_${MY_PV}
+
+DESCRIPTION="Web application firewall and Intrusion Detection System for Apache"
+HOMEPAGE="http://www.modsecurity.org/"
+SRC_URI="http://www.modsecurity.org/tarball/${PV}/${MY_P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="geoip curl lua jit"
+
+DEPEND=">=dev-libs/libxml2-2.7.8
+ dev-libs/libpcre[jit?]
+ lua? ( >=dev-lang/lua-5.1 )
+ curl? ( >=net-misc/curl-7.15.1 )
+ www-servers/apache[apache2_modules_unique_id]"
+RDEPEND="${DEPEND}
+ geoip? ( dev-libs/geoip )"
+PDEPEND=">=www-apache/modsecurity-crs-2.2.6-r1"
+
+S="${WORKDIR}/${MY_P}"
+
+APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
+APACHE2_MOD_DEFINE="SECURITY"
+
+# Tests require symbols only defined within the Apache binary.
+RESTRICT=test
+
+need_apache2
+
+src_prepare() {
+ cp "${FILESDIR}"/modsecurity-2.7.conf "${T}"/79_modsecurity.conf || die
+}
+
+src_configure() {
+ econf \
+ --enable-shared --disable-static \
+ --with-apxs="${APXS}" \
+ --enable-request-early \
+ $(use_enable curl mlogc) \
+ $(use_with lua) \
+ $(use_enable jit pcre-jit)
+}
+
+src_compile() {
+ if ! use geoip; then
+ sed -i -e '/SecGeoLookupDb/s:^:#:' \
+ "${T}"/79_modsecurity.conf || die
+ fi
+
+ emake
+}
+
+src_test() {
+ emake check
+}
+
+src_install() {
+ apache-module_src_install
+
+ # install manually rather than by using the APACHE2_MOD_CONF
+ # variable since we have to edit it to set things up properly.
+ insinto "${APACHE_MODULES_CONFDIR}"
+ doins "${T}"/79_modsecurity.conf
+
+ dodoc CHANGES NOTICE README.TXT README_WINDOWS.TXT
+
+ dohtml -r doc/*
+
+ keepdir /var/cache/modsecurity
+ fowners apache:apache /var/cache/modsecurity
+ fperms 0770 /var/cache/modsecurity
+}
+
+pkg_postinst() {
+ if [[ -f "${ROOT}"/etc/apache/modules.d/99_mod_security.conf ]]; then
+ ewarn "You still have the configuration file 99_mod_security.conf."
+ ewarn "Please make sure to remove that and keep only 79_modsecurity.conf."
+ ewarn ""
+ fi
+ elog "The base configuration file has been renamed 79_modsecurity.conf"
+ elog "so that you can put your own configuration as 90_modsecurity_local.conf or"
+ elog "equivalent."
+ elog ""
+ elog "That would be the correct place for site-global security rules."
+ elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs"
+}
diff --git a/www-apache/mod_security/mod_security-2.7.7.ebuild b/www-apache/mod_security/mod_security-2.7.7.ebuild
new file mode 100644
index 000000000000..393536d792d9
--- /dev/null
+++ b/www-apache/mod_security/mod_security-2.7.7.ebuild
@@ -0,0 +1,97 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+inherit apache-module
+
+MY_PN=modsecurity-apache
+MY_PV=${PV/_rc/-rc}
+MY_P=${MY_PN}_${MY_PV}
+
+DESCRIPTION="Web application firewall and Intrusion Detection System for Apache"
+HOMEPAGE="http://www.modsecurity.org/"
+SRC_URI="http://www.modsecurity.org/tarball/${PV}/${MY_P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="geoip curl lua jit"
+
+DEPEND=">=dev-libs/libxml2-2.7.8
+ dev-libs/libpcre[jit?]
+ lua? ( >=dev-lang/lua-5.1 )
+ curl? ( >=net-misc/curl-7.15.1 )
+ www-servers/apache[apache2_modules_unique_id]"
+RDEPEND="${DEPEND}
+ geoip? ( dev-libs/geoip )"
+PDEPEND=">=www-apache/modsecurity-crs-2.2.6-r1"
+
+S="${WORKDIR}/${MY_P}"
+
+APACHE2_MOD_FILE="apache2/.libs/${PN}2.so"
+APACHE2_MOD_DEFINE="SECURITY"
+
+# Tests require symbols only defined within the Apache binary.
+RESTRICT=test
+
+need_apache2
+
+src_prepare() {
+ cp "${FILESDIR}"/modsecurity-2.7.conf "${T}"/79_modsecurity.conf || die
+}
+
+src_configure() {
+ econf \
+ --enable-shared --disable-static \
+ --with-apxs="${APXS}" \
+ --enable-request-early \
+ $(use_enable curl mlogc) \
+ $(use_with lua) \
+ $(use_enable jit pcre-jit)
+}
+
+src_compile() {
+ if ! use geoip; then
+ sed -i -e '/SecGeoLookupDb/s:^:#:' \
+ "${T}"/79_modsecurity.conf || die
+ fi
+
+ emake
+}
+
+src_test() {
+ emake check
+}
+
+src_install() {
+ apache-module_src_install
+
+ # install manually rather than by using the APACHE2_MOD_CONF
+ # variable since we have to edit it to set things up properly.
+ insinto "${APACHE_MODULES_CONFDIR}"
+ doins "${T}"/79_modsecurity.conf
+
+ dodoc CHANGES NOTICE README.TXT README_WINDOWS.TXT
+
+ dohtml -r doc/*
+
+ keepdir /var/cache/modsecurity
+ fowners apache:apache /var/cache/modsecurity
+ fperms 0770 /var/cache/modsecurity
+}
+
+pkg_postinst() {
+ if [[ -f "${ROOT}"/etc/apache/modules.d/99_mod_security.conf ]]; then
+ ewarn "You still have the configuration file 99_mod_security.conf."
+ ewarn "Please make sure to remove that and keep only 79_modsecurity.conf."
+ ewarn ""
+ fi
+ elog "The base configuration file has been renamed 79_modsecurity.conf"
+ elog "so that you can put your own configuration as 90_modsecurity_local.conf or"
+ elog "equivalent."
+ elog ""
+ elog "That would be the correct place for site-global security rules."
+ elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs"
+}