Bug 322261

Summary: modecurity doesn't play nicely with svn
Product: [Fedora] Fedora Reporter: Eli Barzilay <eli>
Component: mod_securityAssignee: Michael Fleming <mfleming+rpm>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-30 22:23:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eli Barzilay 2007-10-07 16:09:35 UTC 
Description of problem:

  After a recent update of some rpms, subversion stopped working.  Turns out
  that the update included modsecurity that I didn't have before, and it
  sounds like making it work with svn takes work.

  I don't mind these problems (I'll probably just disable it), but it sounds
  like a bad idea to automatically install stuff for people that breaks svn.
Comment 1 Michael Fleming 2007-10-30 12:32:49 UTC 
I'm not following you here. mod_security is not an essential package and no
other packages in Fedora are dependent on it's presence - it's an entirely
optional package. What commands / RPMs did you use that caused it to be pulled in?

Neither I nor any other packager (to my knowledge) have mandated mod_security as
part of a general update.

I also noticed that you've not included any logs or means of repeating this
issue (ie. which rule has tripped up SVN, taken from modsec_audit.log et. al).
You might also wish to check the mailing lists @ www.modsecurity.org as I'm
certain this has come up there before now.
Comment 2 Eli Barzilay 2007-10-30 13:52:00 UTC 
I don't know how it got in, I didn't keep track of things.  All I know is that
I didn't use to have it (and svn worked fine) before that update, and did had
it afterwards.

So, since I don't have any additional information, feel free to close this
bug.  Alternatively, if you know of some place where yum updates are logged
(with the dependency information that has lead to additional packages), then
tell me and I'll grep for the reason I got it, or send it over here.
Comment 3 Michael Fleming 2007-10-30 22:23:35 UTC 
If you can't provide further information (/var/log/yum.log will list what
packages have been installed on update but not show a full dependency tree) I
will certainly close this bug.

When you can verify that there is a real, repeatable issue reopen this bug (or
log a new one) supplying the info from yum/modsec_audit.log files respectively.
I am not psychic but I strongly suspect user error here.