commit: 6797f69e531b1eee893dbd9213ceb0b07029a482 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Nov 6 02:25:32 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Nov 6 02:35:43 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6797f69e
www-apache/mod_security: add 2.9.12 Make pcre2 mandatory. 2.9.9 upstream made this the default too. Bug: https://bugs.gentoo.org/965722 Signed-off-by: Sam James <sam <AT> gentoo.org> profiles/arch/amd64/x32/package.use.mask | 1 + profiles/arch/arm/armv4/package.use.mask | 1 + profiles/arch/arm/armv4t/package.use.mask | 1 + profiles/arch/arm/armv5te/package.use.mask | 1 + profiles/arch/loong/package.use.mask | 1 + profiles/arch/riscv/package.use.mask | 1 + www-apache/mod_security/Manifest | 1 + www-apache/mod_security/mod_security-2.9.12.ebuild | 133 +++++++++++++++++++++ 8 files changed, 140 insertions(+) diff --git a/profiles/arch/amd64/x32/package.use.mask b/profiles/arch/amd64/x32/package.use.mask index 0ea971ba87cb..62c44b838850 100644 --- a/profiles/arch/amd64/x32/package.use.mask +++ b/profiles/arch/amd64/x32/package.use.mask @@ -16,6 +16,7 @@ dev-lang/php jit mail-filter/rspamd jit net-proxy/haproxy pcre-jit www-servers/varnish jit +www-apache/mod_security pcre-jit # Andreas Sturmlechner <[email protected]> (2024-03-24) # Requires unkeyworded dev-qt/qtwebengine diff --git a/profiles/arch/arm/armv4/package.use.mask b/profiles/arch/arm/armv4/package.use.mask index 8f0a5b550fc3..1eb871300302 100644 --- a/profiles/arch/arm/armv4/package.use.mask +++ b/profiles/arch/arm/armv4/package.use.mask @@ -7,3 +7,4 @@ dev-libs/libpcre2 jit dev-lang/php jit net-proxy/haproxy pcre-jit www-servers/varnish jit +www-apache/mod_security pcre-jit diff --git a/profiles/arch/arm/armv4t/package.use.mask b/profiles/arch/arm/armv4t/package.use.mask index 8f0a5b550fc3..1eb871300302 100644 --- a/profiles/arch/arm/armv4t/package.use.mask +++ b/profiles/arch/arm/armv4t/package.use.mask @@ -7,3 +7,4 @@ dev-libs/libpcre2 jit dev-lang/php jit net-proxy/haproxy pcre-jit www-servers/varnish jit +www-apache/mod_security pcre-jit diff --git a/profiles/arch/arm/armv5te/package.use.mask b/profiles/arch/arm/armv5te/package.use.mask index 8f0a5b550fc3..1eb871300302 100644 --- a/profiles/arch/arm/armv5te/package.use.mask +++ b/profiles/arch/arm/armv5te/package.use.mask @@ -7,3 +7,4 @@ dev-libs/libpcre2 jit dev-lang/php jit net-proxy/haproxy pcre-jit www-servers/varnish jit +www-apache/mod_security pcre-jit diff --git a/profiles/arch/loong/package.use.mask b/profiles/arch/loong/package.use.mask index 074bd3ae8c4d..89f443b37bb9 100644 --- a/profiles/arch/loong/package.use.mask +++ b/profiles/arch/loong/package.use.mask @@ -382,5 +382,6 @@ sys-libs/libxcrypt compat # These aren't ported to LoongArch yet dev-libs/libpcre jit www-servers/nginx pcre-jit +www-apache/mod_security pcre-jit # End snippets taken from riscv diff --git a/profiles/arch/riscv/package.use.mask b/profiles/arch/riscv/package.use.mask index 1f907927f127..aa643535907e 100644 --- a/profiles/arch/riscv/package.use.mask +++ b/profiles/arch/riscv/package.use.mask @@ -274,3 +274,4 @@ sci-libs/opencascade vtk # This doesn't work for (any) riscv yet. dev-libs/libpcre jit www-servers/nginx pcre-jit +www-apache/mod_security pcre-jit diff --git a/www-apache/mod_security/Manifest b/www-apache/mod_security/Manifest index 6727523f0e79..9d608788bf5f 100644 --- a/www-apache/mod_security/Manifest +++ b/www-apache/mod_security/Manifest @@ -1 +1,2 @@ +DIST modsecurity-v2.9.12.tar.gz 4366282 BLAKE2B fc3665899b0ac52eab3d0d1c1b95ce34c5d416e4fd2640eab65791fcacaac048f9e3e310df4f2c59978784d5b6353c5a63542d8c807c27b6a6d370063aafffdd SHA512 1fce5fd3362a70271ce9255dc0ab51319ea84cbdbc508e4708a11e1699dbf61c2d85664c0cb015e3907cdfabb048aa334dc1ad73a9151bff75a22bd762a9d170 DIST modsecurity-v2.9.8.tar.gz 4341347 BLAKE2B 27563e06bbf86c8c84f851b20c3e281798fbcb3056abe6097493cca510b58a13f059bd510b5c7c1f75cd3347872ba2a93db2ed93d67c094637ae532860135812 SHA512 73d7965e501db0d59e25398360cb33fa34ddd6095e0dbc2df50ace7bbb5b4ad554fbc9b324cc117a82c67ad144b8477a8d55081eaee5d5a8ad692a42761fd367 diff --git a/www-apache/mod_security/mod_security-2.9.12.ebuild b/www-apache/mod_security/mod_security-2.9.12.ebuild new file mode 100644 index 000000000000..3c7b3fa2695c --- /dev/null +++ b/www-apache/mod_security/mod_security-2.9.12.ebuild @@ -0,0 +1,133 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-{1..3} ) + +inherit autotools apache-module lua-single + +MY_PN=modsecurity +MY_P=${MY_PN}-v${PV} + +DESCRIPTION="Application firewall and intrusion detection for Apache" +HOMEPAGE="https://github.com/owasp-modsecurity/ModSecurity"; +SRC_URI="https://github.com/owasp-modsecurity/ModSecurity/releases/download/v${PV}/${MY_P}.tar.gz"; +S="${WORKDIR}/${MY_P}" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="doc fuzzyhash geoip jit json lua mlogc" + +REQUIRED_USE="lua? ( ${LUA_REQUIRED_USE} )" + +DEPEND=" + dev-libs/apr:1= + dev-libs/apr-util:1[openssl] + dev-libs/expat + dev-libs/libxml2:= + dev-libs/libpcre2[jit?] + net-misc/curl + sys-apps/util-linux + sys-libs/gdbm:= + virtual/libcrypt:= + www-servers/apache[apache2_modules_unique_id] + fuzzyhash? ( app-crypt/ssdeep ) + json? ( dev-libs/yajl:= ) + lua? ( ${LUA_DEPS} ) + mlogc? ( net-misc/curl ) +" +BDEPEND="doc? ( app-text/doxygen )" +RDEPEND=" + ${DEPEND} + geoip? ( dev-libs/geoip ) + mlogc? ( dev-lang/perl ) +" +PDEPEND=">=www-apache/modsecurity-crs-3.3.2" + +APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" +APACHE2_MOD_CONF="79_${PN}" +APACHE2_MOD_DEFINE="SECURITY" + +# Tests require symbols only defined within the Apache binary. +RESTRICT="test" + +PATCHES=( + "${FILESDIR}"/${PN}-2.9.3-autoconf_lua_package_name.patch +) + +need_apache2 + +pkg_setup() { + _init_apache2 + _init_apache2_late + use lua && lua-single_pkg_setup +} + +src_prepare() { + default + eautoreconf +} + +src_configure() { + local myconf=( + --disable-static + --enable-request-early + --with-apxs="${APXS}" + --with-pic + --with-pcre2 + $(use_enable doc docs) + $(use_enable jit pcre-jit) + $(use_enable lua lua-cache) + $(use_enable mlogc) + $(use_with fuzzyhash ssdeep) + $(use_with json yajl) + $(use_with lua) + ) + + econf "${myconf[@]}" +} + +src_compile() { + default +} + +src_install() { + apache-module_src_install + + dodoc CHANGES README.md modsecurity.conf-recommended unicode.mapping + + if use doc; then + dodoc -r doc/apache/html + fi + + if use mlogc; then + insinto /etc/ + newins mlogc/mlogc-default.conf mlogc.conf + dobin mlogc/mlogc + dobin mlogc/mlogc-batch-load.pl + newdoc mlogc/INSTALL INSTALL-mlogc + fi + + # Use /var/lib instead of /var/cache. This stuff is "persistent," + # and isn't a cached copy of something that we can recreate. + # Bug 605496. + keepdir /var/lib/modsecurity + fowners apache:apache /var/lib/modsecurity + fperms 0750 /var/lib/modsecurity + for dir in data tmp upload; do + keepdir "/var/lib/modsecurity/${dir}" + fowners apache:apache "/var/lib/modsecurity/${dir}" + fperms 0750 "/var/lib/modsecurity/${dir}" + done +} + +pkg_postinst() { + elog "The base configuration file has been renamed ${APACHE2_MOD_CONF}" + elog "so that you can put your own configuration in (for example)" + elog "90_modsecurity_local.conf." + elog "" + elog "That would be the correct place for site-global security rules." + elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs" +}
