Compare commits
36 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
ed7c45cdf0 | ||
|
f14eac0415 | ||
|
5a3bce7f1f | ||
|
b6d5b74493 | ||
|
9a283bc767 | ||
|
63a793a3b1 | ||
|
ab0ecf6a12 | ||
|
8addc50523 | ||
|
660bbe04df | ||
|
1c77a6410a | ||
|
8f36783e50 | ||
|
6e61b95f8a | ||
|
e2d779ae50 | ||
|
bfa3bdd4e8 | ||
|
90c7eb5cb5 | ||
|
ad426ffe3d | ||
|
5f70a28f43 | ||
|
da6a79489c | ||
|
a1358f8b3d | ||
|
6feb5eee2e | ||
|
ca0ced0078 | ||
|
6a0ad4b96c | ||
|
9808088248 | ||
|
cc0c4e563d | ||
|
aa6d85d8fa | ||
|
cd75e65b77 | ||
|
7fe211f8dc | ||
|
cfc1554ac0 | ||
|
1556031562 | ||
|
e808d060a1 | ||
|
eea7ef58a2 | ||
|
8b9ee1cf8d | ||
|
0907d2b1dd | ||
|
54996fc9fb | ||
|
25fd9a3f9e | ||
|
865aff2ef6 |
6
.gitignore
vendored
6
.gitignore
vendored
@ -17,3 +17,9 @@ modsecurity-apache_2.5.12.tar.gz
|
||||
/modsecurity-2.8.0.tar.gz.sha256
|
||||
/modsecurity-2.9.0.tar.gz
|
||||
/modsecurity-2.9.1.tar.gz
|
||||
/modsecurity-2.9.2.tar.gz
|
||||
/modsecurity-2.9.3.tar.gz
|
||||
/modsecurity-2.9.4.tar.gz
|
||||
/modsecurity-2.9.5.tar.gz
|
||||
/modsecurity-2.9.6.tar.gz
|
||||
/modsecurity-2.9.7.tar.gz
|
||||
|
@ -1,28 +0,0 @@
|
||||
From 84f2299f6b3b56cf5342ad378c3641be548bf79c Mon Sep 17 00:00:00 2001
|
||||
From: Felipe Zimmerle <fcosta@trustwave.com>
|
||||
Date: Mon, 3 Nov 2014 10:13:21 -0800
|
||||
Subject: [PATCH] mlogc: Changes the default SSL algo to TLS 1.2
|
||||
|
||||
As reported by Josh Amishav-Zlatin, mlogc was making usage of SSLv3 instead of
|
||||
TLS 1.2. Servers should not answer SSLv3 after poodle.
|
||||
---
|
||||
mlogc/mlogc.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/mlogc/mlogc.c b/mlogc/mlogc.c
|
||||
index 4163230..c4b2a23 100644
|
||||
--- a/mlogc/mlogc.c
|
||||
+++ b/mlogc/mlogc.c
|
||||
@@ -1218,8 +1218,8 @@ static void logc_init(void)
|
||||
curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
|
||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
|
||||
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
|
||||
- /* SSLv3 works better overall as some servers have issues with TLS */
|
||||
- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3);
|
||||
+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
|
||||
+
|
||||
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15);
|
||||
curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE);
|
||||
curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
|
||||
--
|
||||
1.9.1
|
@ -1,23 +0,0 @@
|
||||
diff -ru modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c modsecurity-apache_2.7.3/apache2/msc_reqbody.c
|
||||
--- modsecurity-apache_2.7.3.orig/apache2/msc_reqbody.c 2013-03-24 08:12:29.000000000 +0100
|
||||
+++ modsecurity-apache_2.7.3/apache2/msc_reqbody.c 2013-05-28 14:48:39.063673996 +0100
|
||||
@@ -170,6 +170,7 @@
|
||||
|
||||
/* Would storing this chunk mean going over the limit? */
|
||||
if ((msr->msc_reqbody_spilltodisk)
|
||||
+ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON)
|
||||
&& (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit))
|
||||
{
|
||||
msc_data_chunk **chunks;
|
||||
diff -ru modsecurity-apache_2.7.3.orig/apache2/re_operators.c modsecurity-apache_2.7.3/apache2/re_operators.c
|
||||
--- modsecurity-apache_2.7.3.orig/apache2/re_operators.c 2013-03-24 08:12:29.000000000 +0100
|
||||
+++ modsecurity-apache_2.7.3/apache2/re_operators.c 2013-05-28 14:49:30.448696404 +0100
|
||||
@@ -369,7 +369,7 @@
|
||||
/* rsub */
|
||||
|
||||
static char *param_remove_escape(msre_rule *rule, char *str, int len) {
|
||||
- char *parm = apr_palloc(rule->ruleset->mp, len);
|
||||
+ char *parm = apr_pcalloc(rule->ruleset->mp, len);
|
||||
char *ret = parm;
|
||||
|
||||
for(;*str!='\0';str++) {
|
85
mod_security-2.9.3-remote-rules-timeout.patch
Normal file
85
mod_security-2.9.3-remote-rules-timeout.patch
Normal file
@ -0,0 +1,85 @@
|
||||
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
|
||||
index 80f8f2b..7912d84 100644
|
||||
--- a/apache2/apache2_config.c
|
||||
+++ b/apache2/apache2_config.c
|
||||
@@ -2354,6 +2354,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
|
||||
}
|
||||
|
||||
|
||||
+static const char *cmd_remote_timeout(cmd_parms *cmd, void *_dcfg, const char *p1)
|
||||
+{
|
||||
+ directory_config *dcfg = (directory_config *)_dcfg;
|
||||
+ long int timeout;
|
||||
+
|
||||
+ if (dcfg == NULL) return NULL;
|
||||
+
|
||||
+ timeout = strtol(p1, NULL, 10);
|
||||
+ if ((timeout == LONG_MAX)||(timeout == LONG_MIN)||(timeout < 0)) {
|
||||
+ return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRemoteTimeout: %s", p1);
|
||||
+ }
|
||||
+
|
||||
+ remote_rules_timeout = timeout;
|
||||
+
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
|
||||
{
|
||||
if (strcasecmp(p1, "on") == 0) {
|
||||
@@ -3667,6 +3685,14 @@ const command_rec module_directives[] = {
|
||||
"Abort or Warn"
|
||||
),
|
||||
|
||||
+ AP_INIT_TAKE1 (
|
||||
+ "SecRemoteTimeout",
|
||||
+ cmd_remote_timeout,
|
||||
+ NULL,
|
||||
+ CMD_SCOPE_ANY,
|
||||
+ "timeout in seconds"
|
||||
+ ),
|
||||
+
|
||||
|
||||
AP_INIT_TAKE1 (
|
||||
"SecXmlExternalEntity",
|
||||
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
|
||||
index 7bb215e..c155495 100644
|
||||
--- a/apache2/mod_security2.c
|
||||
+++ b/apache2/mod_security2.c
|
||||
@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
|
||||
#endif
|
||||
int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
|
||||
char DSOLOCAL *remote_rules_fail_message = NULL;
|
||||
+unsigned long int DSOLOCAL remote_rules_timeout = NOT_SET;
|
||||
+
|
||||
|
||||
int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
|
||||
|
||||
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
|
||||
index f24bc75..8bcd453 100644
|
||||
--- a/apache2/modsecurity.h
|
||||
+++ b/apache2/modsecurity.h
|
||||
@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
|
||||
#endif
|
||||
extern DSOLOCAL int remote_rules_fail_action;
|
||||
extern DSOLOCAL char *remote_rules_fail_message;
|
||||
+extern DSOLOCAL unsigned long int remote_rules_timeout;
|
||||
|
||||
extern DSOLOCAL int status_engine_state;
|
||||
|
||||
diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
|
||||
index 99968f0..b8db13e 100644
|
||||
--- a/apache2/msc_remote_rules.c
|
||||
+++ b/apache2/msc_remote_rules.c
|
||||
@@ -358,6 +358,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
|
||||
/* We want Curl to return error in case there is an HTTP error code */
|
||||
curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
|
||||
|
||||
+ /* In case we want different timeout than a default one */
|
||||
+ if (remote_rules_timeout != NOT_SET){
|
||||
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, remote_rules_timeout);
|
||||
+ }
|
||||
+
|
||||
res = curl_easy_perform(curl);
|
||||
|
||||
if (res != CURLE_OK)
|
30
mod_security-2.9.7-send_error_bucket.patch
Normal file
30
mod_security-2.9.7-send_error_bucket.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From b2fa083522c70368c7ab911696dcb87dde5dc688 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Korbar <tkorbar@redhat.com>
|
||||
Date: Thu, 22 Dec 2022 14:49:34 +0100
|
||||
Subject: [PATCH] Clear original response code in send_error_bucket function
|
||||
|
||||
If this is left intact, then apache thinks that this code
|
||||
was generated during processing of ErrorDocument and does not
|
||||
handle it properly
|
||||
|
||||
Fix #2849
|
||||
---
|
||||
apache2/apache2_util.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
|
||||
index cdae2b580..520a30f2f 100644
|
||||
--- a/apache2/apache2_util.c
|
||||
+++ b/apache2/apache2_util.c
|
||||
@@ -31,6 +31,11 @@ apr_status_t send_error_bucket(modsec_rec *msr, ap_filter_t *f, int status) {
|
||||
/* Set the status line explicitly for the error document */
|
||||
f->r->status_line = ap_get_status_line(status);
|
||||
|
||||
+ /* Clear previously set response code to make clear that this is
|
||||
+ * not a recursive error
|
||||
+ */
|
||||
+ f->r->status = 200;
|
||||
+
|
||||
brigade = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
|
||||
if (brigade == NULL) return APR_EGENERAL;
|
||||
|
@ -1,82 +0,0 @@
|
||||
--- apache2/msc_crypt.c.orig 2012-10-18 10:42:43.381000000 +0100
|
||||
+++ apache2/msc_crypt.c 2012-10-18 10:46:52.442000000 +0100
|
||||
@@ -1079,6 +1079,70 @@
|
||||
|
||||
htmlDocContentDumpFormatOutput(output_buf, msr->crypto_html_tree, NULL, 0);
|
||||
|
||||
+#ifdef LIBXML2_NEW_BUFFER
|
||||
+
|
||||
+ if (output_buf->conv == NULL || (output_buf->conv && xmlOutputBufferGetSize(output_buf) == 0)) {
|
||||
+
|
||||
+ if(output_buf->buffer == NULL || xmlOutputBufferGetSize(output_buf) == 0) {
|
||||
+ xmlOutputBufferClose(output_buf);
|
||||
+ xmlFreeDoc(msr->crypto_html_tree);
|
||||
+ msr->of_stream_changed = 0;
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(msr->stream_output_data != NULL) {
|
||||
+ free(msr->stream_output_data);
|
||||
+ msr->stream_output_data = NULL;
|
||||
+ }
|
||||
+
|
||||
+ msr->stream_output_length = xmlOutputBufferGetSize(output_buf);
|
||||
+ msr->stream_output_data = (char *)malloc(msr->stream_output_length+1);
|
||||
+
|
||||
+ if (msr->stream_output_data == NULL) {
|
||||
+ xmlOutputBufferClose(output_buf);
|
||||
+ xmlFreeDoc(msr->crypto_html_tree);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
|
||||
+ memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length);
|
||||
+
|
||||
+ if (msr->txcfg->debuglog_level >= 4)
|
||||
+ msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONTENT to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf));
|
||||
+
|
||||
+ } else {
|
||||
+
|
||||
+ if(output_buf->conv == NULL || xmlOutputBufferGetSize(output_buf) == 0) {
|
||||
+ xmlOutputBufferClose(output_buf);
|
||||
+ xmlFreeDoc(msr->crypto_html_tree);
|
||||
+ msr->of_stream_changed = 0;
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(msr->stream_output_data != NULL) {
|
||||
+ free(msr->stream_output_data);
|
||||
+ msr->stream_output_data = NULL;
|
||||
+ }
|
||||
+
|
||||
+ msr->stream_output_length = xmlOutputBufferGetSize(output_buf);
|
||||
+ msr->stream_output_data = (char *)malloc(msr->stream_output_length+1);
|
||||
+
|
||||
+ if (msr->stream_output_data == NULL) {
|
||||
+ xmlOutputBufferClose(output_buf);
|
||||
+ xmlFreeDoc(msr->crypto_html_tree);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ memset(msr->stream_output_data, 0x0, msr->stream_output_length+1);
|
||||
+ memcpy(msr->stream_output_data, xmlOutputBufferGetContent(output_buf), msr->stream_output_length);
|
||||
+
|
||||
+ if (msr->txcfg->debuglog_level >= 4)
|
||||
+ msr_log(msr, 4, "inject_encrypted_response_body: Copying XML tree from CONV to stream buffer [%d] bytes.", xmlOutputBufferGetSize(output_buf));
|
||||
+
|
||||
+ }
|
||||
+
|
||||
+#else
|
||||
+
|
||||
if (output_buf->conv == NULL || (output_buf->conv && output_buf->conv->use == 0)) {
|
||||
|
||||
if(output_buf->buffer == NULL || output_buf->buffer->use == 0) {
|
||||
@@ -1139,6 +1203,8 @@
|
||||
|
||||
}
|
||||
|
||||
+#endif
|
||||
+
|
||||
xmlOutputBufferClose(output_buf);
|
||||
|
||||
content_value = (char*)apr_psprintf(msr->mp, "%"APR_SIZE_T_FMT, msr->stream_output_length);
|
@ -5,26 +5,36 @@
|
||||
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
||||
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
|
||||
|
||||
%global with_mlogc 0%{?fedora} || 0%{?rhel} <= 6
|
||||
%bcond_without mlogc
|
||||
|
||||
Summary: Security module for the Apache HTTP Server
|
||||
Name: mod_security
|
||||
Version: 2.9.1
|
||||
Release: 2%{?dist}
|
||||
License: ASL 2.0
|
||||
Version: 2.9.7
|
||||
Release: 6%{?dist}
|
||||
License: Apache-2.0
|
||||
URL: http://www.modsecurity.org/
|
||||
Group: System Environment/Daemons
|
||||
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
|
||||
Source1: mod_security.conf
|
||||
Source2: 10-mod_security.conf
|
||||
Source3: modsecurity_localrules.conf
|
||||
Patch0: modsecurity-2.9.3-lua-54.patch
|
||||
Patch1: modsecurity-2.9.3-apulibs.patch
|
||||
Patch2: mod_security-2.9.3-remote-rules-timeout.patch
|
||||
Patch3: mod_security-2.9.7-send_error_bucket.patch
|
||||
|
||||
Requires: httpd httpd-mmn = %{_httpd_mmn}
|
||||
#BuildRequires: httpd-devel libxml2-devel pcre-devel lua-devel
|
||||
# Required for force recent TLS version
|
||||
#BuildRequires: curl-devel yajl-devel
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
# Ensure apache user exists for file ownership
|
||||
Requires(pre): httpd-filesystem
|
||||
%endif
|
||||
|
||||
BuildRequires: gcc, make, autoconf, automake, libtool
|
||||
BuildRequires: httpd-devel
|
||||
BuildRequires: perl-generators
|
||||
BuildRequires: pkgconfig(libxml-2.0) pkgconfig(lua) pkgconfig(libpcre) pkgconfig(libcurl)
|
||||
BuildRequires: pcre2-devel
|
||||
BuildRequires: pkgconfig(libcurl)
|
||||
BuildRequires: pkgconfig(libxml-2.0)
|
||||
BuildRequires: pkgconfig(lua)
|
||||
|
||||
# Workarround for EL6
|
||||
%if 0%{?el6}
|
||||
@ -39,24 +49,31 @@ ModSecurity is an open source intrusion detection and prevention engine
|
||||
for web applications. It operates embedded into the web server, acting
|
||||
as a powerful umbrella - shielding web applications from attacks.
|
||||
|
||||
%if %with_mlogc
|
||||
%package -n mlogc
|
||||
%if %{with mlogc}
|
||||
%package mlogc
|
||||
Summary: ModSecurity Audit Log Collector
|
||||
Group: System Environment/Daemons
|
||||
Requires: mod_security
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
# Ensure apache user exists for file ownership
|
||||
Requires(pre): httpd-filesystem
|
||||
%endif
|
||||
|
||||
%description -n mlogc
|
||||
%description mlogc
|
||||
This package contains the ModSecurity Audit Log Collector.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n modsecurity-%{version}
|
||||
%autosetup -p1 -n modsecurity-%{version}
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
%configure --enable-pcre-match-limit=1000000 \
|
||||
--enable-pcre-match-limit-recursion=1000000 \
|
||||
--with-apxs=%{_httpd_apxs} \
|
||||
--with-yajl
|
||||
--with-yajl \
|
||||
--with-pcre2 \
|
||||
--disable-static
|
||||
|
||||
# remove rpath
|
||||
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
||||
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
||||
@ -95,7 +112,7 @@ install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
|
||||
install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
|
||||
|
||||
# mlogc
|
||||
%if %with_mlogc
|
||||
%if %{with mlogc}
|
||||
install -d %{buildroot}%{_localstatedir}/log/mlogc
|
||||
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
|
||||
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
|
||||
@ -105,7 +122,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
||||
|
||||
|
||||
%files
|
||||
%doc CHANGES LICENSE README.TXT NOTICE
|
||||
%doc CHANGES LICENSE README.* NOTICE
|
||||
%{_httpd_moddir}/mod_security2.so
|
||||
%config(noreplace) %{_httpd_confdir}/*.conf
|
||||
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
||||
@ -117,8 +134,8 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
||||
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
|
||||
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
|
||||
|
||||
%if %with_mlogc
|
||||
%files -n mlogc
|
||||
%if %{with mlogc}
|
||||
%files mlogc
|
||||
%doc mlogc/INSTALL
|
||||
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
|
||||
%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
|
||||
@ -128,6 +145,98 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Tue Jan 02 2024 Tomas Korbar <tkorbar@redhat.com> - 2.9.7-4
|
||||
- Clear original response code in send_error_bucket function
|
||||
|
||||
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Fri Jun 02 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-2
|
||||
- SPDX migration
|
||||
|
||||
* Thu Apr 13 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-1
|
||||
- new version 2.9.7
|
||||
- use pcre2 instead of deprecated pcre (rhbz #2128330)
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Wed Sep 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
|
||||
- new version 2.9.6
|
||||
|
||||
* Wed Aug 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.5-1
|
||||
- new version 2.9.5
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Wed Aug 18 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.9.4-1
|
||||
- new version 2.9.4
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10
|
||||
- Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
|
||||
timeout for retrieving the rules
|
||||
- rename mlogc to mod_security-mlogc
|
||||
|
||||
* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
|
||||
- don't link against redundant apr-util dependent libraries
|
||||
|
||||
* Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
|
||||
- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Sun Dec 09 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.3-1
|
||||
- Update to 2.9.3
|
||||
|
||||
* Fri Nov 16 2018 Joe Orton <jorton@redhat.com> - 2.9.2-7
|
||||
- Requires(pre): httpd-filesystem to ensure apache user exists
|
||||
- enable mlogc everywhere, use buildcond to disable
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5
|
||||
- Add gcc and make as BR (minimal buildroot change)
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Jul 21 2017 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-1
|
||||
- Update to 2.9.2
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
|
@ -1,16 +0,0 @@
|
||||
diff -ru modsecurity-2.9.0.orig/apache2/msc_lua.c modsecurity-2.9.0/apache2/msc_lua.c
|
||||
--- modsecurity-2.9.0.orig/apache2/msc_lua.c 2015-02-12 20:08:30.000000000 +0100
|
||||
+++ modsecurity-2.9.0/apache2/msc_lua.c 2015-02-13 13:07:42.976716385 +0100
|
||||
@@ -111,8 +111,11 @@
|
||||
dump.pool = pool;
|
||||
dump.parts = apr_array_make(pool, 128, sizeof(msc_script_part *));
|
||||
|
||||
+#if LUA_VERSION_NUM >= 503
|
||||
+ lua_dump(L, dump_writer, &dump, 1);
|
||||
+#else
|
||||
lua_dump(L, dump_writer, &dump);
|
||||
-
|
||||
+#endif
|
||||
(*script) = apr_pcalloc(pool, sizeof(msc_script));
|
||||
(*script)->name = filename;
|
||||
(*script)->parts = dump.parts;
|
14
modsecurity-2.9.3-apulibs.patch
Normal file
14
modsecurity-2.9.3-apulibs.patch
Normal file
@ -0,0 +1,14 @@
|
||||
|
||||
Strip redundant APR-util dependent libraries, it is sufficient to link against -laprutil-1.
|
||||
|
||||
--- modsecurity-2.9.3/build/find_apu.m4.apulibs
|
||||
+++ modsecurity-2.9.3/build/find_apu.m4
|
||||
@@ -59,7 +59,7 @@
|
||||
APU_CFLAGS="`${APU_CONFIG} --includes`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu CFLAGS: $APU_CFLAGS); fi
|
||||
APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
|
||||
- APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --libs`"
|
||||
+ APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --avoid-ldap --avoid-dbm --libs`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
|
||||
APU_LDADD="`${APU_CONFIG} --link-libtool`"
|
||||
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi
|
31
modsecurity-2.9.3-lua-54.patch
Normal file
31
modsecurity-2.9.3-lua-54.patch
Normal file
@ -0,0 +1,31 @@
|
||||
diff -ru modsecurity-2.9.3/apache2/msc_lua.c modsecurity-2.9.3-lua-patch/apache2/msc_lua.c
|
||||
--- modsecurity-2.9.3/apache2/msc_lua.c 2018-12-04 18:49:37.000000000 +0000
|
||||
+++ modsecurity-2.9.3-lua-patch/apache2/msc_lua.c 2020-08-08 16:55:14.936045777 +0000
|
||||
@@ -429,12 +429,12 @@
|
||||
#else
|
||||
|
||||
/* Create new state. */
|
||||
-#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501
|
||||
+#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501 || LUA_VERSION_NUM == 504
|
||||
L = luaL_newstate();
|
||||
#elif LUA_VERSION_NUM == 500
|
||||
L = lua_open();
|
||||
#else
|
||||
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
|
||||
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
|
||||
#endif
|
||||
luaL_openlibs(L);
|
||||
|
||||
@@ -459,10 +459,10 @@
|
||||
/* Register functions. */
|
||||
#if LUA_VERSION_NUM == 500 || LUA_VERSION_NUM == 501
|
||||
luaL_register(L, "m", mylib);
|
||||
-#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503
|
||||
+#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 504
|
||||
luaL_setfuncs(L, mylib, 0);
|
||||
#else
|
||||
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
|
||||
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
|
||||
#endif
|
||||
|
||||
lua_setglobal(L, "m");
|
Loading…
Reference in New Issue
Block a user