Bug 862050

Summary: mod_security_crs-2.2.6-1 (and mod_security_crs-extras-2.2.6-1) is incompatible with mod_security-2.6.7-1
Product: [Fedora] Fedora Reporter: Mike Lilley <lilley.rpm>
Component: mod_security_crsAssignee: Othman Madjoudj <athmanem>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 17CC: athmanem, pvrabec
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 16:23:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Lilley 2012-10-01 17:59:13 UTC 
Description of problem:
Recently updated mod_security_crs and mod_security_crs-extras prevent httpd from running.  The ruleset provided requires mod_security 2.7, which is not currently available.

Version-Release number of selected component (if applicable): 2.2.6-1

How reproducible:
Always.

Steps to Reproduce:
1. Use yum update to get current versions of mod_security_crs and mod_security_crs-extras on a machine running httpd & mod_security.
2. Restart httpd server.
  
Actual results:
httpd fails to start.  The error message is: Syntax error on line 52 of /etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_20_protocol_violations.conf:

Expected results:
httpd starts correctly.

Additional info:
Refer to this discussion for more information: http://comments.gmane.org/gmane.comp.apache.mod-security.user/9689
Comment 1 Othman Madjoudj 2012-10-01 20:12:13 UTC 
Hi Mike,

I'm working on a patch to make CRS 2.2.6 usable with mod_security 2.6.x.

It will be included in  2.2.6-2 update (links will be posted here).
Comment 2 Fedora Update System 2012-10-01 20:26:45 UTC 
mod_security_crs-2.2.6-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/mod_security_crs-2.2.6-2.fc17
Comment 3 Fedora Update System 2012-10-02 15:53:12 UTC 
Package mod_security_crs-2.2.6-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mod_security_crs-2.2.6-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-15178/mod_security_crs-2.2.6-2.fc17
then log in and leave karma (feedback).
Comment 4 Mike Lilley 2012-10-02 17:46:40 UTC 
Thanks for the very quick turn-around on this!  Karma has been updated.
Comment 5 Fedora Update System 2012-12-20 16:23:15 UTC 
mod_security_crs-2.2.6-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.