Hello Alberto, I've prepared a full patch for mod_security making your package. It is based on Ondřej's patch who did the vast work. However, I also made some more changes actually improving the Apache 2.4 compatibility:
- I've renamed your Apache conffiles to their canonical name and made sure they're properly moved during upgrades - I've updated your Apache configuration which does not load to 2.4 if you do not change it ("Include" does not work anymore the way it did in 2.2). I plan to NMU the attached diff straight to Sid unless you upload it yourself before (but mind you, Apache2 is not in Unstable yet, so that you should upload to Experimental). Please do also consider renaming your binary package. The correct name would be libapache2-mod-security2 (i.e. libapache2-mod-<soname>). -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D
diff --git a/debian/changelog b/debian/changelog index 9dc3531..74f690f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +modsecurity-apache (2.6.6-7.1) unstable; urgency=low + + * Non-maintainer upload. + * Add support for Apache 2.4 using the patch provided by OndÅej Surý + (Closes: #666848) + * Move apache2 configuration files to their canonical name: + - mod-security.load -> security2.load + - mod-security.conf -> security2.conf + Thus, also slightly raise the debhelper build dependency to 8.1. + * Update security2.conf for changes in Apache 2.4 + + -- Arno Töll <a...@debian.org> Wed, 08 May 2013 16:14:19 +0200 + modsecurity-apache (2.6.6-6) unstable; urgency=high * Applied upstream patch to fix XXE attacks. CVE-2013-1915 diff --git a/debian/control b/debian/control index 43d8347..5524d80 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: modsecurity-apache Section: httpd Priority: optional Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org> -Build-Depends: debhelper (>> 7.0.0), apache2-threaded-dev|apache2-prefork-dev, libxml2-dev (>= 2.0.50-10), liblua5.1-0-dev, libcurl4-gnutls-dev +Build-Depends: debhelper (>> 8.1.0~), apache2-dev, libxml2-dev (>= 2.0.50-10), liblua5.1-0-dev, libcurl4-gnutls-dev Standards-Version: 3.9.3 Homepage: http://www.modsecurity.org/ @@ -11,7 +11,7 @@ Architecture: any Replaces: libapache-mod-security (<< 2.5.13-1), mod-security-common (<< 2.5.13-1) Conflicts: libapache-mod-security (<< 2.5.13-1), mod-security-common (<< 2.5.13-1) Recommends: modsecurity-crs -Depends: apache2.2-common, libxml2, ${shlibs:Depends}, ${misc:Depends} +Depends: libxml2, ${shlibs:Depends}, ${misc:Depends} Description: Tighten web applications security for Apache Modsecurity is an Apache module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention diff --git a/debian/libapache2-modsecurity.apache2 b/debian/libapache2-modsecurity.apache2 new file mode 100644 index 0000000..265c913 --- /dev/null +++ b/debian/libapache2-modsecurity.apache2 @@ -0,0 +1,3 @@ +mod apache2/.libs/mod_security2.so +mod debian/security2.load +mod debian/security2.conf diff --git a/debian/libapache2-modsecurity.install b/debian/libapache2-modsecurity.install index 3874b11..165e276 100644 --- a/debian/libapache2-modsecurity.install +++ b/debian/libapache2-modsecurity.install @@ -1,6 +1,3 @@ -apache2/.libs/mod_security2.so usr/lib/apache2/modules -debian/mod-security.load etc/apache2/mods-available -debian/mod-security.conf etc/apache2/mods-available mlogc/mlogc usr/bin mlogc/README.mlogc usr/share/doc/libapache2-modsecurity mlogc/mlogc-default.conf usr/share/doc/libapache2-modsecurity diff --git a/debian/libapache2-modsecurity.maintscript b/debian/libapache2-modsecurity.maintscript new file mode 100644 index 0000000..241e103 --- /dev/null +++ b/debian/libapache2-modsecurity.maintscript @@ -0,0 +1,2 @@ +mv_conffile /etc/apache2/mods-available/mod-security.conf /etc/apache2/mods-available/security2.conf +mv_conffile /etc/apache2/mods-available/mod-security.load /etc/apache2/mods-available/security2.load diff --git a/debian/libapache2-modsecurity.postinst b/debian/libapache2-modsecurity.postinst deleted file mode 100644 index f9ea05c..0000000 --- a/debian/libapache2-modsecurity.postinst +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -set -e -# copied from libapache2-mod-php4 - -reload_apache() -{ - if apache2ctl configtest 2>/dev/null; then - invoke-rc.d apache2 restart || true - else - echo "Your apache2 configuration is broken, so we're not restarting it for you." - fi -} - -if [ -n "$2" ]; then -# we're upgrading. test if we're enabled, and if so, restart to reload the module. - if [ -e /etc/apache2/mods-enabled/mod-security.load ]; then - reload_apache - fi - exit 0 -fi - -if [ -e /etc/apache2/apache2.conf ]; then -# Enable the module, but hide a2enmod's misleading message about apachectl -# and force-reload the thing ourselves. - a2enmod mod-security >/dev/null || true - a2enmod unique_id >/dev/null || true - reload_apache -fi - -#DEBHELPER# - -exit 0 diff --git a/debian/libapache2-modsecurity.prerm b/debian/libapache2-modsecurity.prerm deleted file mode 100644 index 95b7282..0000000 --- a/debian/libapache2-modsecurity.prerm +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -set -e -# copied from libapache2-mod-php4 - -if [ "$1" != "remove" -a "$1" != "purge" ]; then - exit 0 -fi - -if [ -e /etc/apache2/apache2.conf ]; then - a2dismod mod-security || true -fi - -#DEBHELPER# - -exit 0 diff --git a/debian/mod-security.conf b/debian/mod-security.conf deleted file mode 100644 index 17c1f4d..0000000 --- a/debian/mod-security.conf +++ /dev/null @@ -1,10 +0,0 @@ -<IfModule security2_module> - # Default Debian dir for modsecurity's persistent data - SecDataDir /var/cache/modsecurity - - # Include all the *.conf files in /etc/modsecurity. - # Keeping your local configuration in that directory - # will allow for an easy upgrade of THIS file and - # make your life easier - Include "/etc/modsecurity/*.conf" -</IfModule> diff --git a/debian/mod-security.load b/debian/mod-security.load deleted file mode 100644 index a20b4d1..0000000 --- a/debian/mod-security.load +++ /dev/null @@ -1,2 +0,0 @@ -LoadFile libxml2.so.2 -LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so diff --git a/debian/rules b/debian/rules index f5440aa..55e85e8 100755 --- a/debian/rules +++ b/debian/rules @@ -38,6 +38,7 @@ install: build dh_prep dh_installdirs dh_install + dh_apache2 binary-indep: build install dh_testdir -i diff --git a/debian/security2.conf b/debian/security2.conf new file mode 100644 index 0000000..b4804df --- /dev/null +++ b/debian/security2.conf @@ -0,0 +1,10 @@ +<IfModule security2_module> + # Default Debian dir for modsecurity's persistent data + SecDataDir /var/cache/modsecurity + + # Include all the *.conf files in /etc/modsecurity. + # Keeping your local configuration in that directory + # will allow for an easy upgrade of THIS file and + # make your life easier + IncludeOptional /etc/modsecurity/*.conf +</IfModule> diff --git a/debian/security2.load b/debian/security2.load new file mode 100644 index 0000000..1afae8f --- /dev/null +++ b/debian/security2.load @@ -0,0 +1,3 @@ +# Depends: unique_id +LoadFile libxml2.so.2 +LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
signature.asc
Description: OpenPGP digital signature