[ https://www.modsecurity.org/tracker/browse/MODSEC-356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto closed MODSEC-356.
> Mod_Security: dependency incompatibility with Apache httpd 2.4.x
> Key: MODSEC-356
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-356
> Project: ModSecurity
> Issue Type: Task
> Security Level: Normal
> Components: Build System
> Affects Versions: 2.7.1
> Environment: CentOS 6.3 x86-64 / Apache httpd 2.4.3
> Reporter: Jeff Kayser
> Assignee: Breno Silva Pinto
> Labels: 2.4.x, dependencies, httpd
> Fix For: 2.7.2
> Hello, mod_security developers.
> First of all, thank you for working on mod_security.
> To help with on this freely available software is really a labor of love.
> It's great to have mod_security between my web servers and the hackers out there.
> On a new installation, I am having an issue installing mod_security 2.6.7.
> My internet research indicates that I will have the same issue trying to install mod_security 2.7.1.
> I'm running CentOS 6.3 x86-64. I'm trying to use RPMs, because it the recommended approach for building software on CentOS.
> Here is my system type:
> [root@... APACHE]# uname -a
> Linux localhost.localdomain 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
> [root@... APACHE]# cat /etc/issue
> CentOS release 6.3 (Final)
> Kernel \r on an \m
> [root@... APACHE]#
> I've done an rpmbuild of Apache httpd 2.4.3, and then installed Apache httpd 2.4.3.
> When I try to install mod_security 2.6.7 RPM (from the EPEL repository), I get an error:
> [root@... APACHE]# yum --enablerepo=c6-testing install mod_security.x86_64
> Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> * base: mirror.web-ster.com
> * epel: mirrors.xmission.com
> * extras: centos.sonn.com
> * updates: centos.mirror.sea.rackd.net
> 200 packages excluded due to repository priority protections
> Setting up Install Process
> Resolving Dependencies
> --> Running transaction check
> ---> Package mod_security.x86_64 0:2.6.7-2.el6 will be installed
> --> Processing Dependency: httpd-mmn = 20051115 for package: mod_security-2.6.7-2.el6.x86_64
> --> Finished Dependency Resolution
> Error: Package: mod_security-2.6.7-2.el6.x86_64 (epel)
> Requires: httpd-mmn = 20051115
> Installed: httpd-2.4.3-1.x86_64 (installed)
> httpd-mmn = 20120211
> Available: httpd-2.2.15-15.el6.centos.1.x86_64 (base)
> httpd-mmn = 20051115
> You could try using --skip-broken to work around the problem
> You could try running: rpm -Va --nofiles --nodigest
> [root@... APACHE]#
> When I do internet research about it, it seems that, if I want the older version of httpd-mmn (for mod_security 2.6.7 compatibility),
> I will have to downgrade Apache httpd to version 2.2.x. Then, it would be compatible with mod_security 2.6.7.
> When I look at the package specs for mod_security 2.7.1, it looks like 2.7.1 will also be incompatible with Apache httpd 2.4.x.
> Bottom line:
> In order to install mod_security 2.6.7 or 2.7.x, you need to have Apache 2.2.x or lower.
> As far as I can tell, Apache httpd 2.4.x will not work.
> Caveat: I am not a Linux guru. Did I miss something, or do something wrong?
> Jeff Kayser
> Jibe Consulting, Inc.
> Cell: 503-901-5021
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira