| Summary: | www-apache/mod_security-2.8.0 version bump | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Mario D. Santana <gentoo> |
| Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: | RESOLVED FIXED | ||
| Severity: | enhancement | CC: | barzog, chicago, hydrapolic, leho, mjo, travisghansen |
| Priority: | Normal | Keywords: | EBUILD |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=615294 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 615750 | ||
| Attachments: | www-apache/mod_security-2.8.0.ebuild (Update) | ||
*** Bug 529614 has been marked as a duplicate of this bug. *** Also, can we get some additional config options added as well to reduce the pcre errors (they render the output quite unusable)? --enable-pcre-match-limit=no \ --enable-pcre-match-limit-recursion=no \ --enable-pcre-study \ http://www4.atomicorp.com/channels/source/mod_security/mod_security.spec Without that it's impossible to get rid of the seemingly common error: Execution error - PCRE limits exceeded (-8): (null) Thanks! Version 2.9.0 was released Feb 12 2015. And version 2.9.1 was released on Mar 09, 2016. How can I help move this along? 2.9.0 is in barzog-overlay Josh, you can maintain this as a proxy maintainer. Do you wish to? (In reply to Tomáš Mózes from comment #5) > Josh, you can maintain this as a proxy maintainer. Do you wish to? If I knew how. :) I don't (yet) know the depths of ebuilds & portage, and haven't yet used mod_security, but I can try to give it a go. Let me see if I can take barzog's 2.9.0 ebuild and get it to work on 2.9.1. I already updated it to 2.9.1. ALthough not tested. Just filing pull request against the main tree on github would get this bumped. I'd happily add a pull request, but unfortunately I'm not running any Gentoo at the moment. :( (In reply to Mario D. Santana from comment #9) > I'd happily add a pull request, but unfortunately I'm not running any Gentoo > at the moment. :( I'll see what I can do on my own. I'm a bit confused about `files/modsecurity-2.7.conf`. 1. It's gets moved to `79_modsecurity.conf`, while all other config files are `XX_mod_something.conf` format. 2. Why isn't https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended copied into the initial config file outright, with a few `IfDefine` etc modifications. This config file seems much more useful, whereas Gentoo's currently literally seems to do nothing. 3. https://wiki.gentoo.org/wiki/Apache#Enabling_mod_security is of not much help, since it seems to indicate that things just work out of the box. Probably should be updated with `modsecurity.conf-recommended` or some other basic ruleset guide, or am I missing something? I just committed mod_security-2.9.1 with a mixture of suggestions from here and bug 615294. Can you please give that a try to see if it at least works? Then we can work on polishing it up. |
Created attachment 382088 [details] www-apache/mod_security-2.8.0.ebuild (Update) The latest ebuild is a year old, time for a bump? The same ebuild file still works for me. I've added modsecurity.conf-recommended to the dodoc, though, since I always end up downloading a copy every time I install this software.