%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
%{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
%{!?_httpd_moddir:    %{expand: %%global _httpd_moddir    %%{_libdir}/httpd/modules}}
%global mod_audit_log_collector 0

Name: mod_security
Version: 2.9.5
Release: 8
Summary: Security module for the Apache HTTP Server
License: ASL 2.0
URL: http://www.modsecurity.org/
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
Source1: mod_security.conf
Source2: 10-mod_security.conf
Source3: modsecurity_localrules.conf
Patch0000: modsecurity-2.9.5-lua-54.patch
Patch0001: modsecurity-2.9.5-use-uid-if-user-name-is-not-available.patch
Patch0002: modsecurity-2.9.5-Properly-cleanup-XML-parser-contexts-upon-completion.patch
Patch0003: modsecurity-2.9.5-Add-SecRequestBodyJsonDepthLimit-to-modsecurity.conf.patch
Patch0004: modsecurity-2.9.5-Fix-memory-leak-that-occurs-on-JSON-parsing-error.patch
Patch0005: modsecurity-2.9.5-Set-SecStatusEngine-Off-in-modsecurity.conf.patch
Patch0006: modsecurity-2.9.5-Allow-no-key-single-value-JSON-body.patch

Requires: httpd httpd-mmn = %{_httpd_mmn}
BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel
BuildRequires: pkgconfig(lua) pkgconfig(libcurl) pkgconfig(libxml-2.0) pkgconfig(libpcre)
BuildRequires: autoconf automake libtool

%description
This software is also called Modsec,it is an open-source web application firewall.
It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide
protections against generic classed of vulnerabilities.The install of this package
is easy and you can read the README.TXT for more information.

%if %mod_audit_log_collector
%package -n     mlogc
Summary:        Collect mod_security audit log
Requires:       mod_security

%description -n mlogc
This package collects mod_security audit log.
%endif

%prep
%autosetup -p1 -n modsecurity-%{version}

%build
./autogen.sh
%configure --with-yajl --with-apxs=%{_httpd_apxs} --enable-pcre-match-limit-recursion=1000000 --enable-pcre-match-limit=1000000
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{_smp_mflags}

%install
install -d %{buildroot}%{_bindir}
install -d %{buildroot}%{_sbindir}
install -d %{buildroot}%{_httpd_moddir}
install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
sed  -i 's/Include/IncludeOptional/'  %{buildroot}%{_httpd_confdir}/mod_security.conf
install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
%else
install -d -m0755 %{buildroot}%{_httpd_confdir}
cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
%endif

%if %mod_audit_log_collector
install -d %{buildroot}%{_localstatedir}/log/mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
%endif

%files
%doc README.* NOTICE LICENSE CHANGES
%{_httpd_moddir}/mod_security2.so
%config(noreplace) %{_httpd_confdir}/*.conf
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
%config(noreplace) %{_httpd_modconfdir}/*.conf
%endif
%dir %{_sysconfdir}/httpd/modsecurity.d
%dir %{_sysconfdir}/httpd/modsecurity.d/local_rules
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf

%if %mod_audit_log_collector
%files -n mlogc
%doc mlogc/INSTALL
%attr(0755,root,root)   %dir %{_localstatedir}/log/mlogc
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
%attr(0755,root,root)   %{_bindir}/mlogc-batch-load
%attr(0755,root,root)   %{_bindir}/mlogc
%endif

%changelog
* Mon Jan 9 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-8
- backport allow no-key, single-value JSON body

* Sat Jan 7 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-7
- backport Set SecStatusEngine Off in modsecurity.conf-recommended

* Sat Jan 7 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-6
- backport fix memory leak that occurs on JSON parsing error

* Sat Jan 7 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-5
- backport Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended

* Fri Jan 6 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-4
- backport properly cleanup XML parser contexts upon completion

* Fri Jan 6 2023 yaoguangzhong <yaoguangzhong@xfusion.com> - 2.9.5-3
- backport use uid if user name is not available

* Fri Jan 7 2022 liyanan <liyanan32@huawei.com> - 2.9.5-2
- Fix build fail with lua 5.4.3

* Tue Dec 14 2021 yaoxin <yaoxin30@huawei.com> - 2.9.5-1
- Upgrade mod_security to 2.9.5 for fix CVE-2021-42717

* Wed Nov 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.9.2-7
- Type:enhancement
- Id:NA
- SUG:NA
- DESC:modify the spec