8 changed files with 1 additions and 621 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +0,0 @@
 SOURCES/modsecurity-2.9.6.tar.gz
--- a/.mod_security.metadata
+++ b/.mod_security.metadata
@ -1 +0,0 @@
 1f9b8f5d6462770d917d2ea3f3586618c37ba158 SOURCES/modsecurity-2.9.6.tar.gz
--- a/SOURCES/10-mod_security.conf
+++ b/SOURCES/10-mod_security.conf
@ -1,5 +0,0 @@
 LoadModule security2_module modules/mod_security2.so
 <IfModule !mod_unique_id.c>
    LoadModule unique_id_module modules/mod_unique_id.so
 </IfModule>
--- a/SOURCES/mod_security-2.9.2-remote-rules-timeout.patch
+++ b/SOURCES/mod_security-2.9.2-remote-rules-timeout.patch
@ -1,85 +0,0 @@
 diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
 index ce97950..5d4e9b5 100644
 --- a/apache2/apache2_config.c
 +++ b/apache2/apache2_config.c
@@ -2345,6 +2345,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
 }
 +static const char *cmd_remote_timeout(cmd_parms *cmd, void *_dcfg, const char *p1)
 +{
 +    directory_config *dcfg = (directory_config *)_dcfg;
 +    long int timeout;
 +
 +    if (dcfg == NULL) return NULL;
 +
 +    timeout = strtol(p1, NULL, 10);
 +    if ((timeout == LONG_MAX)||(timeout == LONG_MIN)||(timeout < 0)) {
 +        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRemoteTimeout: %s", p1);
 +    }
 +
 +    remote_rules_timeout = timeout;
 +
 +    return NULL;
 +}
 +
 +
 static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
 {
     if (strcasecmp(p1, "on") == 0) {
@@ -3658,6 +3677,14 @@ const command_rec module_directives[] = {
         "Abort or Warn"
     ),
 +    AP_INIT_TAKE1 (
 +        "SecRemoteTimeout",
 +        cmd_remote_timeout,
 +        NULL,
 +        CMD_SCOPE_ANY,
 +        "timeout in seconds"
 +    ),
 +
     AP_INIT_TAKE1 (
         "SecXmlExternalEntity",
 diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
 index b6e98e9..1410ac7 100644
 --- a/apache2/mod_security2.c
 +++ b/apache2/mod_security2.c
@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
 #endif
 int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
 char DSOLOCAL *remote_rules_fail_message = NULL;
 +unsigned long int DSOLOCAL remote_rules_timeout = NOT_SET;
 +
 int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
 diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
 index f170034..d9de1f0 100644
 --- a/apache2/modsecurity.h
 +++ b/apache2/modsecurity.h
@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
 #endif
 extern DSOLOCAL int remote_rules_fail_action;
 extern DSOLOCAL char *remote_rules_fail_message;
 +extern DSOLOCAL unsigned long int remote_rules_timeout;
 extern DSOLOCAL int status_engine_state;
 diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
 index 8a6df9e..af437d1 100644
 --- a/apache2/msc_remote_rules.c
 +++ b/apache2/msc_remote_rules.c
@@ -353,6 +353,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
         /* We want Curl to return error in case there is an HTTP error code */
         curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
 +        /* In case we want different timeout than a default one */
 +        if (remote_rules_timeout != NOT_SET){
 +            curl_easy_setopt(curl, CURLOPT_TIMEOUT, remote_rules_timeout);
 +        }
 +
         res = curl_easy_perform(curl);
         if (res != CURLE_OK)
--- a/SOURCES/mod_security.conf
+++ b/SOURCES/mod_security.conf
@ -1,56 +0,0 @@
 <IfModule mod_security2.c>
    # Default recommended configuration
    SecRuleEngine On
    SecRequestBodyAccess On
    SecRule REQUEST_HEADERS:Content-Type "text/xml" \
         "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
    SecRequestBodyLimit 13107200
    SecRequestBodyNoFilesLimit 131072
    SecRequestBodyInMemoryLimit 131072
    SecRequestBodyLimitAction Reject
    SecRule REQBODY_ERROR "!@eq 0" \
    "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
    "id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \
    failed strict validation: \
    PE %{REQBODY_PROCESSOR_ERROR}, \
    BQ %{MULTIPART_BOUNDARY_QUOTED}, \
    BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
    DB %{MULTIPART_DATA_BEFORE}, \
    DA %{MULTIPART_DATA_AFTER}, \
    HF %{MULTIPART_HEADER_FOLDING}, \
    LF %{MULTIPART_LF_LINE}, \
    SM %{MULTIPART_MISSING_SEMICOLON}, \
    IQ %{MULTIPART_INVALID_QUOTING}, \
    IP %{MULTIPART_INVALID_PART}, \
    IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
    FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
    SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
    "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
    SecPcreMatchLimit 1000
    SecPcreMatchLimitRecursion 1000
    SecRule TX:/^MSC_/ "!@streq 0" \
            "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
    SecResponseBodyAccess Off
    SecDebugLog /var/log/httpd/modsec_debug.log
    SecDebugLogLevel 0
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
    SecAuditLogParts ABIJDEFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/httpd/modsec_audit.log
    SecArgumentSeparator &
    SecCookieFormat 0
    SecTmpDir /var/lib/mod_security
    SecDataDir /var/lib/mod_security
    # ModSecurity Core Rules Set and Local configuration
 	Include modsecurity.d/*.conf
 	Include modsecurity.d/activated_rules/*.conf
 	Include modsecurity.d/local_rules/*.conf
 </IfModule>
--- a/SOURCES/modsecurity_localrules.conf
+++ b/SOURCES/modsecurity_localrules.conf
@ -1,9 +0,0 @@
 # User defined rules and settings .
 #
 # You can use this file/directory to drop your local rules or
 # to remove some rules provided by mod_security_crs package with SecRuleRemoveById
 #
 # You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin).
 #
 #
--- a/SPECS/mod_security.spec
+++ b/SPECS/mod_security.spec
@ -1,464 +0,0 @@
 %{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
 %{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
 # /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
 %{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
 %{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
 %{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}
 %global with_mlogc 1
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 2.9.6
 Release: 1%{?dist}
 License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
 Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
 Source3: modsecurity_localrules.conf
 Patch1: mod_security-2.9.2-remote-rules-timeout.patch
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 # To ensure correct file ownership
 Requires(pre): httpd-filesystem
 BuildRequires: gcc
 BuildRequires: httpd-devel
 BuildRequires: make
 BuildRequires: perl-generators
 BuildRequires: pkgconfig(libcurl)
 BuildRequires: pkgconfig(libpcre)
 BuildRequires: pkgconfig(libxml-2.0)
 BuildRequires: pkgconfig(lua)
 # Workarround for EL6
 %if 0%{?el6}
 BuildRequires: yajl-devel
 %else
 BuildRequires: pkgconfig(yajl)  
 %endif
 %description
 ModSecurity is an open source intrusion detection and prevention engine
 for web applications. It operates embedded into the web server, acting
 as a powerful umbrella - shielding web applications from attacks.
 %if %with_mlogc
 %package        mlogc
 Summary:        ModSecurity Audit Log Collector
 Group:          System Environment/Daemons
 Requires:       mod_security%{?_isa} = %{version}-%{release}
 Requires(pre):  httpd-filesystem
 %description    mlogc
 This package contains the ModSecurity Audit Log Collector.
 %endif
 %prep
 %setup -q -n modsecurity-%{version}
 %patch1 -p1 -b .remote-rules-timeout
 %build
 %configure --enable-pcre-match-limit=1000000 \
           --enable-pcre-match-limit-recursion=1000000 \
           --with-apxs=%{_httpd_apxs} \
           --with-yajl \
           --enable-collection-global-lock
 # remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 make %{_smp_mflags}
 %check
 # Test suite does not start because of some issue in shipped httpd config (fix upstreamed in PR #669)
 # After the fix, the test suite starts but still fails
 #make test
 #make test-regression
 %install
 install -d %{buildroot}%{_sbindir}
 install -d %{buildroot}%{_bindir}
 install -d %{buildroot}%{_httpd_moddir}
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
 install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
 install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
 %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
 # 2.4-style
 install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
 install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
 sed  -i 's/Include/IncludeOptional/'  %{buildroot}%{_httpd_confdir}/mod_security.conf
 %else
 # 2.2-style
 install -d -m0755 %{buildroot}%{_httpd_confdir}
 cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
 %endif
 install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
 # Local rules example
 install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
 # mlogc
 %if %with_mlogc
 install -d %{buildroot}%{_localstatedir}/log/mlogc
 install -d %{buildroot}%{_localstatedir}/log/mlogc/data
 install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
 install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
 install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %endif
 %files
 %doc CHANGES LICENSE README.* NOTICE
 %{_httpd_moddir}/mod_security2.so
 %config(noreplace) %{_httpd_confdir}/*.conf
 %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
 %config(noreplace) %{_httpd_modconfdir}/*.conf
 %endif
 %dir %{_sysconfdir}/httpd/modsecurity.d
 %dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
 %dir %{_sysconfdir}/httpd/modsecurity.d/local_rules
 %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
 %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
 %if %with_mlogc
 %files mlogc
 %doc mlogc/INSTALL
 %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
 %attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
 %attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
 %attr(0755,root,root) %{_bindir}/mlogc
 %attr(0755,root,root) %{_bindir}/mlogc-batch-load
 %endif
 %changelog
 * Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
 - new version 2.9.6
 - Resolves: #2143207 - [RFE] upgrade mod_security to 2.9.6
 * Sun Nov 15 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-9
 - Resolves: #1824859 - RFE: Add a feature that can set a mod_security/libcurl
  timeout for retrieving the rules
 * Mon Dec 17 2018 Joe Orton <jorton@redhat.com> - 2.9.2-8
 - enable collection global lock (#1650268)
 * Wed Nov 28 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-7
 - Related: #1650242 - mod_security-mlogc dropped
 * Thu Nov 15 2018 Joe Orton <jorton@redhat.com> - 2.9.2-6
 - build -mlogc subpackage (#1650242)
 - add httpd-filesystem as Requires(pre)
 * Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5
 - Add gcc and make as BR (minimal buildroot change)
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Fri Jul 21 2017 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-1
 - Update to 2.9.2
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 * Wed Mar 09 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.1-1
 - Update to final 2.9.1
 - Minor spec fix.
 * Tue Mar 08 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.1-0.1.rc1
 - Add workaround for el6
 * Tue Mar 08 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.1-0.rc1
 - Update to 2.9.1-rc1
 - Remove upstreamed patch
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.0-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 * Fri Oct 02 2015 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.0-5
 - Update BuildRequires using pkgconfig name schema
 * Tue Sep 01 2015 Athmane Madjoudj <athmane@fedoraproject.org>  2.9.0-4
 - Add yajl support
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 * Fri Feb 13 2015 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.0-2
 - Remove curl version dep. since it no longer required
 * Fri Feb 13 2015 Athmane Madjoudj <athmane@fedoraproject.org>  2.9.0-1
 - Update to 2.9.0
 - Remove backported patch
 - Add patch to fix lua 5.3 build issue (PR #837)
 * Tue Nov 04 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-7
 - Make sure mod_security is built with correct curl version
 * Mon Nov 03 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-6
 - Changes the default SSL version to TLS 1.2 since SSLv3 is vulnerable to poodle
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 * Fri Aug 15 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-4
 - Add support for user-provided configurations and rules (rhbz #1129843)
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 * Wed Apr 16 2014  Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-1
 - Update to 2.8.0 Final
 * Thu Apr 03 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-0.rc1
 - Update to 2.8.0-RC1
 * Tue Mar 04 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-6
 - Fix status code in the configuration file (upstream PR #666)
 * Sat Mar 01 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-5
 - Fix rpmlint warnings
 * Thu Feb 27 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-4
 - Add check section
 * Sat Feb 22 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-3
 - Fix bogus date in chanelog
 * Thu Jan 23 2014 Joe Orton <jorton@redhat.com> - 2.7.7-2
 - fix _httpd_mmn expansion in absence of httpd-devel
 * Thu Dec 19 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-1
 - Update to 2.7.7
 - Fix the spec file since upstream fixed the bugs reported.
 * Tue Dec 17 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.6-2
 - Add autotools deps
 * Tue Dec 17 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.6-1
 - Update to 2.7.6
 - Fix spec since upstream will only provide tarball via Github
 * Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 2.7.5-2
 - Perl 5.18 rebuild
 * Tue Jul 30 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.5-1
 - Update to 2.7.5
 * Thu Jul 18 2013 Petr Pisar <ppisar@redhat.com> - 2.7.4-2
 - Perl 5.18 rebuild
 * Tue May 28 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.4-1
 - Update to 2.7.4
 - Drop non required patch
 * Tue May 28 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-2
 - Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
 - Fix a possible memory leak.
 * Sat Mar 30 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-1
 - Update to 2.7.3
 * Fri Jan 25 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.2-1
 - Update to 2.7.2
 - Update source url in the spec.
 * Thu Nov 22 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-5
 - Use conditional for loading mod_unique_id (rhbz #879264)
 - Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2)
 * Mon Nov 19 2012 Peter Vrabec <pvrabec@redhat.com> 2.7.1-4
 - mlogc subpackage is not provided on RHEL7
 * Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-3
 - Add some missing directives RHBZ #569360
 - Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
  (RHBZ #867424, #867773, #867774)
 * Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-2
 - Fix mod_security.conf
 * Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-1
 - Update to 2.7.1
 - Remove libxml2 build patch (upstreamed)
 - Update spec since upstream moved to github
 * Thu Oct 18 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.0-2
 - Add a patch to fix failed build against libxml2 >= 2.9.0
 * Wed Oct 17 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.0-1
 - Update to 2.7.0
 * Fri Sep 28 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.8-1
 - Update to 2.6.8
 * Wed Sep 12 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-2
 - Re-add mlogc sub-package for epel (#856525)
 * Sat Aug 25 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-1
 - Update to 2.6.7
 * Sat Aug 25 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-1
 - Update to 2.6.7
 * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 * Fri Jun 22 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-2
 - mlogc subpackage is not provided on RHEL
 * Thu Jun 21 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-1
 - upgrade
 * Mon May  7 2012 Joe Orton <jorton@redhat.com> - 2.6.5-3
 - packaging fixes
 * Fri Apr 27 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-2
 - fix license tag
 * Thu Apr 05 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-1
 - upgrade & move rules into new package mod_security_crs
 * Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.5.13-3
 - Rebuild against PCRE 8.30
 - Do not install non-existing files
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.13-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 * Tue  May 3 2011 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.13-1
 - Newer upstream version
 * Wed Jun 30 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-3
 - Fix log dirs and files ordering per bz#569360
 * Thu Apr 29 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-2
 - Fix SecDatadir and minimal config per bz #569360
 * Sat Feb 13 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-1
 - Update to latest upstream release
 - SECURITY: Fix potential rules bypass and denial of service (bz#563576)
 * Fri Nov 6 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.10-2
 - Fix rules and Apache configuration (bz#533124)
 * Thu Oct 8 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.10-1
 - Upgrade to 2.5.10 (with Core Rules v2)
 * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.9-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Thu Mar 12 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> 2.5.9-1
 - Update to upstream release 2.5.9
 - Fixes potential DoS' in multipart request and PDF XSS handling
 * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 * Mon Dec 29 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.5.7-1
 - Update to upstream 2.5.7
 - Reinstate mlogc
 * Sat Aug 2 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.5.6-1
 - Update to upstream 2.5.6
 - Remove references to mlogc, it no longer ships in the main tarball.
 - Link correctly vs. libxml2 and lua (bz# 445839)
 - Remove bogus LoadFile directives as they're no longer needed.
 * Sun Apr 13 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.7-1
 - Update to upstream 2.1.7
 * Sat Feb 23 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.6-1
 - Update to upstream 2.1.6 (Extra features including SecUploadFileMode)
 * Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.1.5-3
 - Autorebuild for GCC 4.3
 * Sun Jan 27 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.5-2
 - Update to 2.1.5 (bz#425986)
 - "blocking" -> "optional_rules" per tarball ;-)
 * Thu Sep  13 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.3-1
 - Update to 2.1.3
 - Update License tag per guidelines.
 * Mon Sep  3 2007 Joe Orton <jorton@redhat.com> 2.1.1-3
 - rebuild for fixed 32-bit APR (#254241)
 * Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 2.1.1-2
 - Rebuild for selinux ppc32 issue.
 * Tue Jun 19 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.1-1
 - New upstream release
 - Drop ASCIIZ rule (fixed upstream)
 - Re-enable protocol violation/anomalies rules now that REQUEST_FILENAME
  is fixed upstream.
 * Sun Apr 1 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-3
 - Automagically configure correct library path for libxml2 library.
 - Add LoadModule for mod_unique_id as the logging wants this at runtime
 * Mon Mar 26 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-2
 - Fix DSO permissions (bz#233733)
 * Tue Mar 13 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-1
 - New major release - 2.1.0
 - Fix CVE-2007-1359 with a local rule courtesy of Ivan Ristic
 - Addition of core ruleset
 - (Build)Requires libxml2 and pcre added.
 * Sun Sep 3 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-2
 - Rebuild
 - Fix minor longstanding braino in included sample configuration (bz #203972)
 * Mon May 15 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-1
 - New upstream release
 * Tue Apr 11 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.3-1
 - New upstream release
 - Trivial spec tweaks
 * Wed Mar 1 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-3
 - Bump for FC5
 * Fri Feb 10 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-2
 - Bump for newer gcc/glibc
 * Wed Jan 18 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-1
 - New upstream release
 * Fri Dec 16 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.1-2
 - Bump for new httpd
 * Thu Dec 1 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.1-1
 - New release 1.9.1 
 * Wed Nov 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9-1
 - New stable upstream release 1.9
 * Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-4
 - Add Requires: httpd-mmn to get the appropriate "module magic" version
  (thanks Ville Skytta)
 - Disabled an overly-agressive rule or two..
 * Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3
 - Correct Buildroot
 - Some sensible and safe rules for common apps in mod_security.conf
 * Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-2
 - Don't strip the module (so we can get a useful debuginfo package)
 * Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-1
 - Initial spin for Extras
--- a/dead.package
+++ b/dead.package
@ -0,0 +1 @@
 mod_security was removed due to minimization efforts prior to public launch
		`@ -1 +0,0 @@`
			`1f9b8f5d6462770d917d2ea3f3586618c37ba158 SOURCES/modsecurity-2.9.6.tar.gz`
		`@ -0,0 +1 @@`
							`mod_security was removed due to minimization efforts prior to public launch`