Bug 862050 - mod_security_crs-2.2.6-1 (and mod_security_crs-extras-2.2.6-1) is incompatible with mod_security-2.6.7-1
mod_security_crs-2.2.6-1 (and mod_security_crs-extras-2.2.6-1) is incompatibl...
Product: Fedora
Classification: Fedora
Component: mod_security_crs (Show other bugs)
Unspecified Unspecified
unspecified Severity urgent
: ---
: ---
Assigned To: Athmane Madjoudj
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-10-01 13:59 EDT by Mike Lilley
Modified: 2012-12-20 11:23 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-12-20 11:23:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mike Lilley 2012-10-01 13:59:13 EDT
Description of problem:
Recently updated mod_security_crs and mod_security_crs-extras prevent httpd from running.  The ruleset provided requires mod_security 2.7, which is not currently available.

Version-Release number of selected component (if applicable): 2.2.6-1

How reproducible:

Steps to Reproduce:
1. Use yum update to get current versions of mod_security_crs and mod_security_crs-extras on a machine running httpd & mod_security.
2. Restart httpd server.
Actual results:
httpd fails to start.  The error message is: Syntax error on line 52 of /etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_20_protocol_violations.conf:

Expected results:
httpd starts correctly.

Additional info:
Refer to this discussion for more information: http://comments.gmane.org/gmane.comp.apache.mod-security.user/9689
Comment 1 Athmane Madjoudj 2012-10-01 16:12:13 EDT
Hi Mike,

I'm working on a patch to make CRS 2.2.6 usable with mod_security 2.6.x.

It will be included in  2.2.6-2 update (links will be posted here).
Comment 2 Fedora Update System 2012-10-01 16:26:45 EDT
mod_security_crs-2.2.6-2.fc17 has been submitted as an update for Fedora 17.
Comment 3 Fedora Update System 2012-10-02 11:53:12 EDT
Package mod_security_crs-2.2.6-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing mod_security_crs-2.2.6-2.fc17'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 4 Mike Lilley 2012-10-02 13:46:40 EDT
Thanks for the very quick turn-around on this!  Karma has been updated.
Comment 5 Fedora Update System 2012-12-20 11:23:15 EST
mod_security_crs-2.2.6-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.