Created attachment 382088 [details] www-apache/mod_security-2.8.0.ebuild (Update) The latest ebuild is a year old, time for a bump? The same ebuild file still works for me. I've added modsecurity.conf-recommended to the dodoc, though, since I always end up downloading a copy every time I install this software.
*** Bug 529614 has been marked as a duplicate of this bug. ***
Also, can we get some additional config options added as well to reduce the pcre errors (they render the output quite unusable)? --enable-pcre-match-limit=no \ --enable-pcre-match-limit-recursion=no \ --enable-pcre-study \ http://www4.atomicorp.com/channels/source/mod_security/mod_security.spec Without that it's impossible to get rid of the seemingly common error: Execution error - PCRE limits exceeded (-8): (null) Thanks!
Version 2.9.0 was released Feb 12 2015.
And version 2.9.1 was released on Mar 09, 2016. How can I help move this along? 2.9.0 is in barzog-overlay
Josh, you can maintain this as a proxy maintainer. Do you wish to?
(In reply to Tomáš Mózes from comment #5) > Josh, you can maintain this as a proxy maintainer. Do you wish to? If I knew how. :) I don't (yet) know the depths of ebuilds & portage, and haven't yet used mod_security, but I can try to give it a go. Let me see if I can take barzog's 2.9.0 ebuild and get it to work on 2.9.1.
I already updated it to 2.9.1. ALthough not tested.
Just filing pull request against the main tree on github would get this bumped.
I'd happily add a pull request, but unfortunately I'm not running any Gentoo at the moment. :(
(In reply to Mario D. Santana from comment #9) > I'd happily add a pull request, but unfortunately I'm not running any Gentoo > at the moment. :( I'll see what I can do on my own.
I'm a bit confused about `files/modsecurity-2.7.conf`. 1. It's gets moved to `79_modsecurity.conf`, while all other config files are `XX_mod_something.conf` format. 2. Why isn't https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended copied into the initial config file outright, with a few `IfDefine` etc modifications. This config file seems much more useful, whereas Gentoo's currently literally seems to do nothing. 3. https://wiki.gentoo.org/wiki/Apache#Enabling_mod_security is of not much help, since it seems to indicate that things just work out of the box. Probably should be updated with `modsecurity.conf-recommended` or some other basic ruleset guide, or am I missing something?
I just committed mod_security-2.9.1 with a mixture of suggestions from here and bug 615294. Can you please give that a try to see if it at least works? Then we can work on polishing it up.