Bug 322261 - modecurity doesn't play nicely with svn
modecurity doesn't play nicely with svn
Product: Fedora
Classification: Fedora
Component: mod_security (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Michael Fleming
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-10-07 12:09 EDT by Eli Barzilay
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-30 18:23:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eli Barzilay 2007-10-07 12:09:35 EDT
Description of problem:

  After a recent update of some rpms, subversion stopped working.  Turns out
  that the update included modsecurity that I didn't have before, and it
  sounds like making it work with svn takes work.

  I don't mind these problems (I'll probably just disable it), but it sounds
  like a bad idea to automatically install stuff for people that breaks svn.
Comment 1 Michael Fleming 2007-10-30 08:32:49 EDT
I'm not following you here. mod_security is not an essential package and no
other packages in Fedora are dependent on it's presence - it's an entirely
optional package. What commands / RPMs did you use that caused it to be pulled in?

Neither I nor any other packager (to my knowledge) have mandated mod_security as
part of a general update.

I also noticed that you've not included any logs or means of repeating this
issue (ie. which rule has tripped up SVN, taken from modsec_audit.log et. al).
You might also wish to check the mailing lists @ www.modsecurity.org as I'm
certain this has come up there before now.
Comment 2 Eli Barzilay 2007-10-30 09:52:00 EDT
I don't know how it got in, I didn't keep track of things.  All I know is that
I didn't use to have it (and svn worked fine) before that update, and did had
it afterwards.

So, since I don't have any additional information, feel free to close this
bug.  Alternatively, if you know of some place where yum updates are logged
(with the dependency information that has lead to additional packages), then
tell me and I'll grep for the reason I got it, or send it over here.
Comment 3 Michael Fleming 2007-10-30 18:23:35 EDT
If you can't provide further information (/var/log/yum.log will list what
packages have been installed on update but not show a full dependency tree) I
will certainly close this bug.

When you can verify that there is a real, repeatable issue reopen this bug (or
log a new one) supplying the info from yum/modsec_audit.log files respectively.
I am not psychic but I strongly suspect user error here.

Note You need to log in before you can comment on or make changes to this bug.