[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2021-10-11 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327

Othman Madjoudj  changed:

   What|Removed |Added

 Status|POST|CLOSED
 Resolution|--- |RAWHIDE
Last Closed||2021-10-11 21:03:44




-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=1507327
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2021-10-11 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327

Othman Madjoudj  changed:

   What|Removed |Added

  Flags|needinfo?(athma...@gmail.co |
   |m)  |



--- Comment #11 from Othman Madjoudj  ---
Imported in rawhide, although it will not replace mod_security2 yet since
upstream still consider mod_security3 as beta

Quote from upstream:

NOTE:  This project is not production ready

This project should be considered under development and not production ready. 
The functionality is not complete and so should not be used.  With Apache HTTP
Server, the recommended version of ModSecurity is v2.9.x.


-- 
You are receiving this mail because:
You are always notified about changes to this product and component
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1507327
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2021-10-11 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327

Mattia Verga  changed:

   What|Removed |Added

  Flags||needinfo?(athma...@gmail.co
   ||m)



--- Comment #10 from Mattia Verga  ---
So, here we go again: any progress? This was originally approved 4 years ago,
so the review is greatly outdated, either import it or I will proceed and ask
releng to retire the package repository.


-- 
You are receiving this mail because:
You are always notified about changes to this product and component
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1507327
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2021-06-20 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327



--- Comment #9 from Othman Madjoudj  ---
(In reply to Mattia Verga from comment #8)
> I previously didn't look throughly and I'm a bit confused here: this review
> is for package 'mod_security3' and the repo 'mod_security3' was created, but
> the latest spec file you uploaded in this review is named 'libmodsecurity',
> which seems to exist in Fedora repositories and at a first glance it seems
> the same as this one...

Starting from mod_security v3, upstream split the core filtering library from
the Apache module, so it can be used with different webservers (right now
Microsoft IIS and Nginx are supported).

libmodsecurity is already pushed in Fedora and EPEL long time ago, this review
is for mod_security3 which itself depends on libmodsecurity, at the time of the
review it was still in beta/RC.

I hope that clears up the confusion.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2021-06-20 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327



--- Comment #8 from Mattia Verga  ---
I previously didn't look throughly and I'm a bit confused here: this review is
for package 'mod_security3' and the repo 'mod_security3' was created, but the
latest spec file you uploaded in this review is named 'libmodsecurity', which
seems to exist in Fedora repositories and at a first glance it seems the same
as this one...


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2021-06-20 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327

Othman Madjoudj  changed:

   What|Removed |Added

  Flags|needinfo?(athma...@gmail.co |
   |m)  |



--- Comment #7 from Othman Madjoudj  ---
(In reply to Mattia Verga from comment #6)
> This package was never imported, but the repo was created... Othman, do you
> want to push it to the repos, or should we properly retire the package?

Yes, I'm planning to import it on the current Fedora Rawhide and EPEL8 if
possible, and retire mod_sec2 and leave it only on the old branches.

Initially, I thought it was easy to share the rules and keep both of them in
parallel, afterward I realized that the format of the rules is not grantee to
be compatible with the old mod_sec2 ie. to keep mod_sec2 one needs to keep the
old rules as well.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2021-06-07 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327

Mattia Verga  changed:

   What|Removed |Added

 CC||mattia.ve...@protonmail.com
  Flags||needinfo?(athma...@gmail.co
   ||m)



--- Comment #6 from Mattia Verga  ---
This package was never imported, but the repo was created... Othman, do you
want to push it to the repos, or should we properly retire the package?


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/package-review@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2017-11-11 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327



--- Comment #5 from Gwyn Ciesla  ---
(fedrepo-req-admin):  The Pagure repository was created at
https://src.fedoraproject.org/rpms/mod_security3

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2017-10-30 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327

Robert-André Mauchin  changed:

   What|Removed |Added

 Status|NEW |POST
   Assignee|nob...@fedoraproject.org|zebo...@gmail.com
  Flags||fedora-review+



--- Comment #4 from Robert-André Mauchin  ---
Ok, package accepted.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2017-10-30 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327



--- Comment #3 from Athmane Madjoudj  ---
Sorry I forget to put the full BR, fixed now.

mod_security3 and mod_security are supposed to use the same rules hence the
shared ownership of some directories (it's not the case at the moment since v3
is not feature complete yet)

SPEC: https://athmane.fedorapeople.org/review/libmodsecurity.spec
SRPM:
https://athmane.fedorapeople.org/review/mod_security3-0.1.1-0.20170821git4e8854c.1.fc27.src.rpm

Koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=22811086

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2017-10-29 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327

Robert-André Mauchin  changed:

   What|Removed |Added

 CC||zebo...@gmail.com



--- Comment #2 from Robert-André Mauchin  ---
Hello,

 - Build fails because you're missing a bunch of BR:

/usr/bin/ld: cannot find -lcurl
/usr/bin/ld: cannot find -lGeoIP
/usr/bin/ld: cannot find -lyajl
/usr/bin/ld: cannot find -lxml2
/usr/bin/ld: cannot find -lz
/usr/bin/ld: cannot find -llzma
/usr/bin/ld: cannot find -lpcre
collect2: error: ld returned 1 exit status

   Here is the needed BR:

BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(geoip)
BuildRequires: pkgconfig(yajl)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(zlib)
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(libpcre)



Package Review
==

Legend:
[x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated
[ ] = Manual review needed


= MUST items =

C/C++:
[x]: Package does not contain kernel modules.
[x]: Package contains no static executables.
[x]: Development (unversioned) .so files in -devel subpackage, if present.
 Note: Unversioned so-files in private %_libdir subdirectory (see
 attachment). Verify they are not in ld path.
[x]: Package does not contain any libtool archives (.la)
[x]: Rpath absent or only used for internal libs.

Generic:
[x]: Package is licensed with an open-source compatible license and meets
 other legal requirements as defined in the legal section of Packaging
 Guidelines.
[x]: License field in the package spec file matches the actual license.
 Note: Checking patched sources after %prep for licenses. Licenses
 found: "GPL (v2 or later)", "Unknown or generated", "*No copyright*
 Apache (v2.0)". 88 files have unknown license. Detailed output of
 licensecheck in /home/bob/packaging/review/mod_security3/review-
 mod_security3/licensecheck.txt
[x]: License file installed when any subpackage combination is installed.
[-]: Package does not own files or directories owned by other packages.
 /etc/httpd/modsecurity.d/activated_rules(mod_security),
 /etc/httpd/modsecurity.d/local_rules(mod_security),
 /etc/httpd/modsecurity.d(mod_security)
[x]: %build honors applicable compiler flags or justifies otherwise.
[x]: Package contains no bundled libraries without FPC exception.
[x]: Changelog in prescribed format.
[x]: Sources contain only permissible code or content.
[-]: Package contains desktop file if it is a GUI application.
[-]: Development files must be in a -devel package
[x]: Package uses nothing in %doc for runtime.
[x]: Package consistently uses macros (instead of hard-coded directory
 names).
[x]: Package is named according to the Package Naming Guidelines.
[x]: Package does not generate any conflict.
[x]: Package obeys FHS, except libexecdir and /usr/target.
[-]: If the package is a rename of another package, proper Obsoletes and
 Provides are present.
[x]: Requires correct, justified where necessary.
[x]: Spec file is legible and written in American English.
[-]: Package contains systemd file(s) if in need.
[x]: Useful -debuginfo package or justification otherwise.
[x]: Package is not known to require an ExcludeArch tag.
[-]: Large documentation must go in a -doc subpackage. Large could be size
 (~1MB) or number of files.
 Note: Documentation size is 10240 bytes in 1 files.
[x]: Package complies to the Packaging Guidelines
[x]: Package successfully compiles and builds into binary rpms on at least
 one supported primary architecture.
[x]: Package installs properly.
[x]: Rpmlint is run on all rpms the build produces.
 Note: There are rpmlint messages (see attachment).
[x]: If (and only if) the source package includes the text of the
 license(s) in its own file, then that file, containing the text of the
 license(s) for the package is included in %license.
[x]: Package requires other packages for directories it uses.
[x]: Package must own all directories that it creates.
[x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT
[x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the
 beginning of %install.
[x]: %config files are marked noreplace or the reason is justified.
[x]: Macros in Summary, %description expandable at SRPM build time.
[x]: Dist tag is present.
[x]: Package does not contain duplicates in %files.
[x]: Permissions on files are set properly.
[x]: Package use %makeinstall only when make install DESTDIR=... doesn't
 work.
[x]: Package is named using only allowed ASCII characters.
[x]: No %config files under /usr.
[x]: Package does not use a name that already exists.
[x]: Package is not relocatable.
[x]: Sources used to build the package match the upstream source, as
 provided in the spec URL.
[x]: Spec file

[Bug 1507327] Review Request: mod_security3 - ModSecurity v3 Apache Connector

2017-10-29 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1507327



--- Comment #1 from Athmane Madjoudj  ---
Rpmlint output:
mod_security3.spec:38: W: unversioned-explicit-provides mod_security
mod_security3.src: W: spelling-error %description -l en_US libmodsecurity ->
molecularity
mod_security3.src:38: W: unversioned-explicit-provides mod_security
mod_security3.x86_64: W: spelling-error %description -l en_US libmodsecurity ->
molecularity
mod_security3.x86_64: E: non-standard-dir-perm /var/lib/mod_security3 770
2 packages and 1 specfiles checked; 1 errors, 4 warnings.


NB. This pkg depends on libmodsecurity (v3) which is available only in rawhide.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
___
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org