demus/mod_security-rpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove unused patches.

Browse Source
This commit is contained in:
Joe Orton 2018-11-16 08:19:58 +00:00
parent 1556031562
commit cfc1554ac0
4 changed files with 0 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0001-mlogc-Changes-the-default-SSL-algo-to-TLS-1.2.patch
View File

@ -1,28 +0,0 @@
From 84f2299f6b3b56cf5342ad378c3641be548bf79c Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Mon, 3 Nov 2014 10:13:21 -0800
Subject: [PATCH] mlogc: Changes the default SSL algo to TLS 1.2
As reported by Josh Amishav-Zlatin, mlogc was making usage of SSLv3 instead of
TLS 1.2. Servers should not answer SSLv3 after poodle.
---
mlogc/mlogc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mlogc/mlogc.c b/mlogc/mlogc.c
index 4163230..c4b2a23 100644
--- a/mlogc/mlogc.c
+++ b/mlogc/mlogc.c
@@ -1218,8 +1218,8 @@ static void logc_init(void)
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
- /* SSLv3 works better overall as some servers have issues with TLS */
- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15);
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE);
curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
--
1.9.1

23
mod_security-2.7.3-fix-mem-leak-and-cve-2013-2765.patch
View File

@ -1,23 +0,0 @@
diff -ru modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c modsecurity-apache_2.7.3/apache2/msc_reqbody.c
--- modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c 2013-03-24 08:12:29.000000000 +0100
+++ modsecurity-apache_2.7.3/apache2/msc_reqbody.c 2013-05-28 14:48:39.063673996 +0100
@@ -170,6 +170,7 @@
/* Would storing this chunk mean going over the limit? */
if ((msr->msc_reqbody_spilltodisk)
+ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
&& (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
{
msc_data_chunk **chunks;
diff -ru modsecurity-apache_2.7.3.orig/apache2/re_operators.c modsecurity-apache_2.7.3/apache2/re_operators.c
--- modsecurity-apache_2.7.3.orig/apache2/re_operators.c 2013-03-24 08:12:29.000000000 +0100
+++ modsecurity-apache_2.7.3/apache2/re_operators.c 2013-05-28 14:49:30.448696404 +0100
@@ -369,7 +369,7 @@
/* rsub */
static char *param_remove_escape(msre_rule *rule, char *str, int len) {
- char *parm = apr_palloc(rule->ruleset->mp, len);
+ char *parm = apr_pcalloc(rule->ruleset->mp, len);
char *ret = parm;
for(;*str!='\0';str++) {

82
mod_security-fix-build-with-libxml29.patch
View File

@ -1,82 +0,0 @@
--- apache2/msc_crypt.c.orig 2012-10-18 10:42:43.381000000 +0100
+++ apache2/msc_crypt.c 2012-10-18 10:46:52.442000000 +0100
@@ -1079,6 +1079,70 @@
htmlDocContentDumpFormatOutput(output_buf, msr->crypto_html_tree, NULL, 0);
+#ifdef LIBXML2_NEW_BUFFER
+
+ if (output_buf->conv == NULL || (output_buf->conv && xmlOutputBufferGetSize(output_buf) == 0)) {
+
+ if(output_buf->buffer == NULL || xmlOutputBufferGetSize(output_buf) == 0) {
+ xmlOutputBufferClose(output_buf);
+ xmlFreeDoc(msr->crypto_html_tree);
+ msr->of_stream_changed = 0;
+ return -1;
+ }
+
+ if(msr->stream_output_data != NULL) {
+ free(msr->stream_output_data);
+ msr->stream_output_data = NULL;
+ }
+
+ msr->stream_output_length = xmlOutputBufferGetSize(output_buf);
+ msr->stream_output_data = (char *)malloc(msr->stream_output_length+1);
+
+ if (msr->stream_output_data == NULL) {
+ xmlOutputBufferClose(output_buf);
+ xmlFreeDoc(msr->crypto_html_tree);
+ return -1;
+ }
+
+ memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
+ memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length);
+
+ if (msr->txcfg->debuglog_level >= 4)
+ msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf));
+
+ } else {
+
+ if(output_buf->conv == NULL || xmlOutputBufferGetSize(output_buf) == 0) {
+ xmlOutputBufferClose(output_buf);
+ xmlFreeDoc(msr->crypto_html_tree);
+ msr->of_stream_changed = 0;
+ return -1;
+ }
+
+ if(msr->stream_output_data != NULL) {
+ free(msr->stream_output_data);
+ msr->stream_output_data = NULL;
+ }
+
+ msr->stream_output_length = xmlOutputBufferGetSize(output_buf);
+ msr->stream_output_data = (char *)malloc(msr->stream_output_length+1);
+
+ if (msr->stream_output_data == NULL) {
+ xmlOutputBufferClose(output_buf);
+ xmlFreeDoc(msr->crypto_html_tree);
+ return -1;
+ }
+
+ memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
+ memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length);
+
+ if (msr->txcfg->debuglog_level >= 4)
+ msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf));
+
+ }
+
+#else
+
if (output_buf->conv == NULL || (output_buf->conv && output_buf->conv->use == 0)) {
if(output_buf->buffer == NULL || output_buf->buffer->use == 0) {
@@ -1139,6 +1203,8 @@
}
+#endif
+
xmlOutputBufferClose(output_buf);
content_value = (char*)apr_psprintf(msr->mp, "%"APR_SIZE_T_FMT, msr->stream_output_length);

16
modsecurity-2.9.0-fix-lua53-build.patch
View File

@ -1,16 +0,0 @@
diff -ru modsecurity-2.9.0.orig/apache2/msc_lua.c modsecurity-2.9.0/apache2/msc_lua.c
--- modsecurity-2.9.0.orig/apache2/msc_lua.c 2015-02-12 20:08:30.000000000 +0100
+++ modsecurity-2.9.0/apache2/msc_lua.c 2015-02-13 13:07:42.976716385 +0100
@@ -111,8 +111,11 @@
dump.pool = pool;
dump.parts = apr_array_make(pool, 128, sizeof(msc_script_part *));
+#if LUA_VERSION_NUM >= 503
+ lua_dump(L, dump_writer, &dump, 1);
+#else
lua_dump(L, dump_writer, &dump);
-
+#endif
(*script) = apr_pcalloc(pool, sizeof(msc_script));
(*script)->name = filename;
(*script)->parts = dump.parts;