commit
f1136d0f74
@ -0,0 +1 @@
|
|||||||
|
SOURCES/modsecurity-2.9.6.tar.gz
|
@ -0,0 +1 @@
|
|||||||
|
1f9b8f5d6462770d917d2ea3f3586618c37ba158 SOURCES/modsecurity-2.9.6.tar.gz
|
@ -0,0 +1,5 @@
|
|||||||
|
LoadModule security2_module modules/mod_security2.so
|
||||||
|
|
||||||
|
<IfModule !mod_unique_id.c>
|
||||||
|
LoadModule unique_id_module modules/mod_unique_id.so
|
||||||
|
</IfModule>
|
@ -0,0 +1,85 @@
|
|||||||
|
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
|
||||||
|
index 80f8f2b..7912d84 100644
|
||||||
|
--- a/apache2/apache2_config.c
|
||||||
|
+++ b/apache2/apache2_config.c
|
||||||
|
@@ -2354,6 +2354,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+static const char *cmd_remote_timeout(cmd_parms *cmd, void *_dcfg, const char *p1)
|
||||||
|
+{
|
||||||
|
+ directory_config *dcfg = (directory_config *)_dcfg;
|
||||||
|
+ long int timeout;
|
||||||
|
+
|
||||||
|
+ if (dcfg == NULL) return NULL;
|
||||||
|
+
|
||||||
|
+ timeout = strtol(p1, NULL, 10);
|
||||||
|
+ if ((timeout == LONG_MAX)||(timeout == LONG_MIN)||(timeout < 0)) {
|
||||||
|
+ return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRemoteTimeout: %s", p1);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ remote_rules_timeout = timeout;
|
||||||
|
+
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
|
||||||
|
{
|
||||||
|
if (strcasecmp(p1, "on") == 0) {
|
||||||
|
@@ -3667,6 +3685,14 @@ const command_rec module_directives[] = {
|
||||||
|
"Abort or Warn"
|
||||||
|
),
|
||||||
|
|
||||||
|
+ AP_INIT_TAKE1 (
|
||||||
|
+ "SecRemoteTimeout",
|
||||||
|
+ cmd_remote_timeout,
|
||||||
|
+ NULL,
|
||||||
|
+ CMD_SCOPE_ANY,
|
||||||
|
+ "timeout in seconds"
|
||||||
|
+ ),
|
||||||
|
+
|
||||||
|
|
||||||
|
AP_INIT_TAKE1 (
|
||||||
|
"SecXmlExternalEntity",
|
||||||
|
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
|
||||||
|
index 7bb215e..c155495 100644
|
||||||
|
--- a/apache2/mod_security2.c
|
||||||
|
+++ b/apache2/mod_security2.c
|
||||||
|
@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
|
||||||
|
#endif
|
||||||
|
int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
|
||||||
|
char DSOLOCAL *remote_rules_fail_message = NULL;
|
||||||
|
+unsigned long int DSOLOCAL remote_rules_timeout = NOT_SET;
|
||||||
|
+
|
||||||
|
|
||||||
|
int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
|
||||||
|
|
||||||
|
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
|
||||||
|
index f24bc75..8bcd453 100644
|
||||||
|
--- a/apache2/modsecurity.h
|
||||||
|
+++ b/apache2/modsecurity.h
|
||||||
|
@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
|
||||||
|
#endif
|
||||||
|
extern DSOLOCAL int remote_rules_fail_action;
|
||||||
|
extern DSOLOCAL char *remote_rules_fail_message;
|
||||||
|
+extern DSOLOCAL unsigned long int remote_rules_timeout;
|
||||||
|
|
||||||
|
extern DSOLOCAL int status_engine_state;
|
||||||
|
|
||||||
|
diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
|
||||||
|
index 99968f0..b8db13e 100644
|
||||||
|
--- a/apache2/msc_remote_rules.c
|
||||||
|
+++ b/apache2/msc_remote_rules.c
|
||||||
|
@@ -358,6 +358,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
|
||||||
|
/* We want Curl to return error in case there is an HTTP error code */
|
||||||
|
curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
|
||||||
|
|
||||||
|
+ /* In case we want different timeout than a default one */
|
||||||
|
+ if (remote_rules_timeout != NOT_SET){
|
||||||
|
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, remote_rules_timeout);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
res = curl_easy_perform(curl);
|
||||||
|
|
||||||
|
if (res != CURLE_OK)
|
@ -0,0 +1,56 @@
|
|||||||
|
<IfModule mod_security2.c>
|
||||||
|
# Default recommended configuration
|
||||||
|
SecRuleEngine On
|
||||||
|
SecRequestBodyAccess On
|
||||||
|
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
|
||||||
|
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
|
||||||
|
SecRequestBodyLimit 13107200
|
||||||
|
SecRequestBodyNoFilesLimit 131072
|
||||||
|
SecRequestBodyInMemoryLimit 131072
|
||||||
|
SecRequestBodyLimitAction Reject
|
||||||
|
SecRule REQBODY_ERROR "!@eq 0" \
|
||||||
|
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
|
||||||
|
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
|
||||||
|
"id:'200002',phase:2,t:none,log,deny,status:400,msg:'Multipart request body \
|
||||||
|
failed strict validation: \
|
||||||
|
PE %{REQBODY_PROCESSOR_ERROR}, \
|
||||||
|
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
|
||||||
|
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
|
||||||
|
DB %{MULTIPART_DATA_BEFORE}, \
|
||||||
|
DA %{MULTIPART_DATA_AFTER}, \
|
||||||
|
HF %{MULTIPART_HEADER_FOLDING}, \
|
||||||
|
LF %{MULTIPART_LF_LINE}, \
|
||||||
|
SM %{MULTIPART_MISSING_SEMICOLON}, \
|
||||||
|
IQ %{MULTIPART_INVALID_QUOTING}, \
|
||||||
|
IP %{MULTIPART_INVALID_PART}, \
|
||||||
|
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
|
||||||
|
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
|
||||||
|
|
||||||
|
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
|
||||||
|
"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
|
||||||
|
|
||||||
|
SecPcreMatchLimit 1000
|
||||||
|
SecPcreMatchLimitRecursion 1000
|
||||||
|
|
||||||
|
SecRule TX:/^MSC_/ "!@streq 0" \
|
||||||
|
"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
|
||||||
|
|
||||||
|
SecResponseBodyAccess Off
|
||||||
|
SecDebugLog /var/log/httpd/modsec_debug.log
|
||||||
|
SecDebugLogLevel 0
|
||||||
|
SecAuditEngine RelevantOnly
|
||||||
|
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
|
||||||
|
SecAuditLogParts ABIJDEFHZ
|
||||||
|
SecAuditLogType Serial
|
||||||
|
SecAuditLog /var/log/httpd/modsec_audit.log
|
||||||
|
SecArgumentSeparator &
|
||||||
|
SecCookieFormat 0
|
||||||
|
SecTmpDir /var/lib/mod_security
|
||||||
|
SecDataDir /var/lib/mod_security
|
||||||
|
|
||||||
|
# ModSecurity Core Rules Set and Local configuration
|
||||||
|
Include modsecurity.d/*.conf
|
||||||
|
Include modsecurity.d/activated_rules/*.conf
|
||||||
|
Include modsecurity.d/local_rules/*.conf
|
||||||
|
|
||||||
|
</IfModule>
|
@ -0,0 +1,14 @@
|
|||||||
|
|
||||||
|
Strip redundant APR-util dependent libraries, it is sufficient to link against -laprutil-1.
|
||||||
|
|
||||||
|
--- modsecurity-2.9.3/build/find_apu.m4.apulibs
|
||||||
|
+++ modsecurity-2.9.3/build/find_apu.m4
|
||||||
|
@@ -59,7 +59,7 @@
|
||||||
|
APU_CFLAGS="`${APU_CONFIG} --includes`"
|
||||||
|
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu CFLAGS: $APU_CFLAGS); fi
|
||||||
|
APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
|
||||||
|
- APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --libs`"
|
||||||
|
+ APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --avoid-ldap --avoid-dbm --libs`"
|
||||||
|
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
|
||||||
|
APU_LDADD="`${APU_CONFIG} --link-libtool`"
|
||||||
|
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi
|
@ -0,0 +1,31 @@
|
|||||||
|
diff -ru modsecurity-2.9.3/apache2/msc_lua.c modsecurity-2.9.3-lua-patch/apache2/msc_lua.c
|
||||||
|
--- modsecurity-2.9.3/apache2/msc_lua.c 2018-12-04 18:49:37.000000000 +0000
|
||||||
|
+++ modsecurity-2.9.3-lua-patch/apache2/msc_lua.c 2020-08-08 16:55:14.936045777 +0000
|
||||||
|
@@ -429,12 +429,12 @@
|
||||||
|
#else
|
||||||
|
|
||||||
|
/* Create new state. */
|
||||||
|
-#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501
|
||||||
|
+#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501 || LUA_VERSION_NUM == 504
|
||||||
|
L = luaL_newstate();
|
||||||
|
#elif LUA_VERSION_NUM == 500
|
||||||
|
L = lua_open();
|
||||||
|
#else
|
||||||
|
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
|
||||||
|
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
|
||||||
|
#endif
|
||||||
|
luaL_openlibs(L);
|
||||||
|
|
||||||
|
@@ -459,10 +459,10 @@
|
||||||
|
/* Register functions. */
|
||||||
|
#if LUA_VERSION_NUM == 500 || LUA_VERSION_NUM == 501
|
||||||
|
luaL_register(L, "m", mylib);
|
||||||
|
-#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503
|
||||||
|
+#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 504
|
||||||
|
luaL_setfuncs(L, mylib, 0);
|
||||||
|
#else
|
||||||
|
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
|
||||||
|
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
|
||||||
|
#endif
|
||||||
|
|
||||||
|
lua_setglobal(L, "m");
|
@ -0,0 +1,9 @@
|
|||||||
|
# User defined rules and settings .
|
||||||
|
#
|
||||||
|
# You can use this file/directory to drop your local rules or
|
||||||
|
# to remove some rules provided by mod_security_crs package with SecRuleRemoveById
|
||||||
|
#
|
||||||
|
# You can also disable mod_security for some incompatible web applications (eg. phpMyAdmin).
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
@ -0,0 +1,504 @@
|
|||||||
|
%{!?_httpd_apxs: %{expand: %%global _httpd_apxs %%{_sbindir}/apxs}}
|
||||||
|
%{!?_httpd_mmn: %{expand: %%global _httpd_mmn %%(cat %{_includedir}/httpd/.mmn || echo 0-0)}}
|
||||||
|
# /etc/httpd/conf.d with httpd < 2.4 and defined as /etc/httpd/conf.modules.d with httpd >= 2.4
|
||||||
|
%{!?_httpd_modconfdir: %{expand: %%global _httpd_modconfdir %%{_sysconfdir}/httpd/conf.d}}
|
||||||
|
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
|
||||||
|
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
|
||||||
|
|
||||||
|
%bcond_without mlogc
|
||||||
|
|
||||||
|
Summary: Security module for the Apache HTTP Server
|
||||||
|
Name: mod_security
|
||||||
|
Version: 2.9.6
|
||||||
|
Release: 1%{?dist}
|
||||||
|
License: ASL 2.0
|
||||||
|
URL: http://www.modsecurity.org/
|
||||||
|
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
|
||||||
|
Source1: mod_security.conf
|
||||||
|
Source2: 10-mod_security.conf
|
||||||
|
Source3: modsecurity_localrules.conf
|
||||||
|
Patch0: modsecurity-2.9.3-lua-54.patch
|
||||||
|
Patch1: modsecurity-2.9.3-apulibs.patch
|
||||||
|
Patch2: mod_security-2.9.3-remote-rules-timeout.patch
|
||||||
|
|
||||||
|
Requires: httpd httpd-mmn = %{_httpd_mmn}
|
||||||
|
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||||
|
# Ensure apache user exists for file ownership
|
||||||
|
Requires(pre): httpd-filesystem
|
||||||
|
%endif
|
||||||
|
|
||||||
|
BuildRequires: gcc, make, autoconf, automake, libtool
|
||||||
|
BuildRequires: httpd-devel
|
||||||
|
BuildRequires: perl-generators
|
||||||
|
BuildRequires: pkgconfig(libcurl)
|
||||||
|
BuildRequires: pkgconfig(libpcre)
|
||||||
|
BuildRequires: pkgconfig(libxml-2.0)
|
||||||
|
BuildRequires: pkgconfig(lua)
|
||||||
|
|
||||||
|
# Workarround for EL6
|
||||||
|
%if 0%{?el6}
|
||||||
|
BuildRequires: yajl-devel
|
||||||
|
%else
|
||||||
|
BuildRequires: pkgconfig(yajl)
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%description
|
||||||
|
ModSecurity is an open source intrusion detection and prevention engine
|
||||||
|
for web applications. It operates embedded into the web server, acting
|
||||||
|
as a powerful umbrella - shielding web applications from attacks.
|
||||||
|
|
||||||
|
%if %{with mlogc}
|
||||||
|
%package mlogc
|
||||||
|
Summary: ModSecurity Audit Log Collector
|
||||||
|
Requires: mod_security
|
||||||
|
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||||
|
# Ensure apache user exists for file ownership
|
||||||
|
Requires(pre): httpd-filesystem
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description mlogc
|
||||||
|
This package contains the ModSecurity Audit Log Collector.
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1 -n modsecurity-%{version}
|
||||||
|
|
||||||
|
%build
|
||||||
|
./autogen.sh
|
||||||
|
%configure --enable-pcre-match-limit=1000000 \
|
||||||
|
--enable-pcre-match-limit-recursion=1000000 \
|
||||||
|
--with-apxs=%{_httpd_apxs} \
|
||||||
|
--with-yajl \
|
||||||
|
--disable-static
|
||||||
|
|
||||||
|
# remove rpath
|
||||||
|
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
||||||
|
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
||||||
|
|
||||||
|
make %{_smp_mflags}
|
||||||
|
|
||||||
|
%check
|
||||||
|
# Test suite does not start because of some issue in shipped httpd config (fix upstreamed in PR #669)
|
||||||
|
# After the fix, the test suite starts but still fails
|
||||||
|
#make test
|
||||||
|
#make test-regression
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -d %{buildroot}%{_sbindir}
|
||||||
|
install -d %{buildroot}%{_bindir}
|
||||||
|
install -d %{buildroot}%{_httpd_moddir}
|
||||||
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
|
||||||
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
||||||
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules
|
||||||
|
|
||||||
|
install -m0755 apache2/.libs/mod_security2.so %{buildroot}%{_httpd_moddir}/mod_security2.so
|
||||||
|
|
||||||
|
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
||||||
|
# 2.4-style
|
||||||
|
install -Dp -m0644 %{SOURCE2} %{buildroot}%{_httpd_modconfdir}/10-mod_security.conf
|
||||||
|
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
|
||||||
|
sed -i 's/Include/IncludeOptional/' %{buildroot}%{_httpd_confdir}/mod_security.conf
|
||||||
|
%else
|
||||||
|
# 2.2-style
|
||||||
|
install -d -m0755 %{buildroot}%{_httpd_confdir}
|
||||||
|
cat %{SOURCE2} %{SOURCE1} > %{buildroot}%{_httpd_confdir}/mod_security.conf
|
||||||
|
%endif
|
||||||
|
install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
|
||||||
|
|
||||||
|
# Local rules example
|
||||||
|
install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
|
||||||
|
|
||||||
|
# mlogc
|
||||||
|
%if %{with mlogc}
|
||||||
|
install -d %{buildroot}%{_localstatedir}/log/mlogc
|
||||||
|
install -d %{buildroot}%{_localstatedir}/log/mlogc/data
|
||||||
|
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
|
||||||
|
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
|
||||||
|
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc CHANGES LICENSE README.* NOTICE
|
||||||
|
%{_httpd_moddir}/mod_security2.so
|
||||||
|
%config(noreplace) %{_httpd_confdir}/*.conf
|
||||||
|
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
|
||||||
|
%config(noreplace) %{_httpd_modconfdir}/*.conf
|
||||||
|
%endif
|
||||||
|
%dir %{_sysconfdir}/httpd/modsecurity.d
|
||||||
|
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
||||||
|
%dir %{_sysconfdir}/httpd/modsecurity.d/local_rules
|
||||||
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
|
||||||
|
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
|
||||||
|
|
||||||
|
%if %{with mlogc}
|
||||||
|
%files mlogc
|
||||||
|
%doc mlogc/INSTALL
|
||||||
|
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
|
||||||
|
%attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
|
||||||
|
%attr(0770,root,apache) %dir %{_localstatedir}/log/mlogc/data
|
||||||
|
%attr(0755,root,root) %{_bindir}/mlogc
|
||||||
|
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.9.6-1
|
||||||
|
- Rebuilt for MSVSphere 9.2 beta
|
||||||
|
|
||||||
|
* Wed Nov 16 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
|
||||||
|
- new version 2.9.6
|
||||||
|
- Resolves: #2143211 - [RFE] upgrade mod_security to 2.9.6
|
||||||
|
|
||||||
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-12
|
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-11
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10
|
||||||
|
- Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
|
||||||
|
timeout for retrieving the rules
|
||||||
|
- rename mlogc to mod_security-mlogc
|
||||||
|
|
||||||
|
* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
|
||||||
|
- don't link against redundant apr-util dependent libraries
|
||||||
|
|
||||||
|
* Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
|
||||||
|
- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
|
||||||
|
|
||||||
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Dec 09 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.3-1
|
||||||
|
- Update to 2.9.3
|
||||||
|
|
||||||
|
* Fri Nov 16 2018 Joe Orton <jorton@redhat.com> - 2.9.2-7
|
||||||
|
- Requires(pre): httpd-filesystem to ensure apache user exists
|
||||||
|
- enable mlogc everywhere, use buildcond to disable
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5
|
||||||
|
- Add gcc and make as BR (minimal buildroot change)
|
||||||
|
|
||||||
|
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 21 2017 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-1
|
||||||
|
- Update to 2.9.2
|
||||||
|
|
||||||
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Mar 09 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.1-1
|
||||||
|
- Update to final 2.9.1
|
||||||
|
- Minor spec fix.
|
||||||
|
|
||||||
|
* Tue Mar 08 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.1-0.1.rc1
|
||||||
|
- Add workaround for el6
|
||||||
|
|
||||||
|
* Tue Mar 08 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.1-0.rc1
|
||||||
|
- Update to 2.9.1-rc1
|
||||||
|
- Remove upstreamed patch
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.0-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Oct 02 2015 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.0-5
|
||||||
|
- Update BuildRequires using pkgconfig name schema
|
||||||
|
|
||||||
|
* Tue Sep 01 2015 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.0-4
|
||||||
|
- Add yajl support
|
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 13 2015 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.0-2
|
||||||
|
- Remove curl version dep. since it no longer required
|
||||||
|
|
||||||
|
* Fri Feb 13 2015 Athmane Madjoudj <athmane@fedoraproject.org> 2.9.0-1
|
||||||
|
- Update to 2.9.0
|
||||||
|
- Remove backported patch
|
||||||
|
- Add patch to fix lua 5.3 build issue (PR #837)
|
||||||
|
|
||||||
|
* Tue Nov 04 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-7
|
||||||
|
- Make sure mod_security is built with correct curl version
|
||||||
|
|
||||||
|
* Mon Nov 03 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-6
|
||||||
|
- Changes the default SSL version to TLS 1.2 since SSLv3 is vulnerable to poodle
|
||||||
|
|
||||||
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.0-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Aug 15 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-4
|
||||||
|
- Add support for user-provided configurations and rules (rhbz #1129843)
|
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.8.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Apr 16 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-1
|
||||||
|
- Update to 2.8.0 Final
|
||||||
|
|
||||||
|
* Thu Apr 03 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.8.0-0.rc1
|
||||||
|
- Update to 2.8.0-RC1
|
||||||
|
|
||||||
|
* Tue Mar 04 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-6
|
||||||
|
- Fix status code in the configuration file (upstream PR #666)
|
||||||
|
|
||||||
|
* Sat Mar 01 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-5
|
||||||
|
- Fix rpmlint warnings
|
||||||
|
|
||||||
|
* Thu Feb 27 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-4
|
||||||
|
- Add check section
|
||||||
|
|
||||||
|
* Sat Feb 22 2014 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-3
|
||||||
|
- Fix bogus date in chanelog
|
||||||
|
|
||||||
|
* Thu Jan 23 2014 Joe Orton <jorton@redhat.com> - 2.7.7-2
|
||||||
|
- fix _httpd_mmn expansion in absence of httpd-devel
|
||||||
|
|
||||||
|
* Thu Dec 19 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.7-1
|
||||||
|
- Update to 2.7.7
|
||||||
|
- Fix the spec file since upstream fixed the bugs reported.
|
||||||
|
|
||||||
|
* Tue Dec 17 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.6-2
|
||||||
|
- Add autotools deps
|
||||||
|
|
||||||
|
* Tue Dec 17 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.6-1
|
||||||
|
- Update to 2.7.6
|
||||||
|
- Fix spec since upstream will only provide tarball via Github
|
||||||
|
|
||||||
|
* Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 2.7.5-2
|
||||||
|
- Perl 5.18 rebuild
|
||||||
|
|
||||||
|
* Tue Jul 30 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.5-1
|
||||||
|
- Update to 2.7.5
|
||||||
|
|
||||||
|
* Thu Jul 18 2013 Petr Pisar <ppisar@redhat.com> - 2.7.4-2
|
||||||
|
- Perl 5.18 rebuild
|
||||||
|
|
||||||
|
* Tue May 28 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.4-1
|
||||||
|
- Update to 2.7.4
|
||||||
|
- Drop non required patch
|
||||||
|
|
||||||
|
* Tue May 28 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-2
|
||||||
|
- Fix NULL pointer dereference (DoS, crash) (CVE-2013-2765) (RHBZ #967615)
|
||||||
|
- Fix a possible memory leak.
|
||||||
|
|
||||||
|
* Sat Mar 30 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.3-1
|
||||||
|
- Update to 2.7.3
|
||||||
|
|
||||||
|
* Fri Jan 25 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.2-1
|
||||||
|
- Update to 2.7.2
|
||||||
|
- Update source url in the spec.
|
||||||
|
|
||||||
|
* Thu Nov 22 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-5
|
||||||
|
- Use conditional for loading mod_unique_id (rhbz #879264)
|
||||||
|
- Fix syntax errors on httpd 2.4.x by using IncludeOptional (rhbz #879264, comment #2)
|
||||||
|
|
||||||
|
* Mon Nov 19 2012 Peter Vrabec <pvrabec@redhat.com> 2.7.1-4
|
||||||
|
- mlogc subpackage is not provided on RHEL7
|
||||||
|
|
||||||
|
* Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-3
|
||||||
|
- Add some missing directives RHBZ #569360
|
||||||
|
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
|
||||||
|
(RHBZ #867424, #867773, #867774)
|
||||||
|
|
||||||
|
* Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-2
|
||||||
|
- Fix mod_security.conf
|
||||||
|
|
||||||
|
* Thu Nov 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.1-1
|
||||||
|
- Update to 2.7.1
|
||||||
|
- Remove libxml2 build patch (upstreamed)
|
||||||
|
- Update spec since upstream moved to github
|
||||||
|
|
||||||
|
* Thu Oct 18 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.0-2
|
||||||
|
- Add a patch to fix failed build against libxml2 >= 2.9.0
|
||||||
|
|
||||||
|
* Wed Oct 17 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.7.0-1
|
||||||
|
- Update to 2.7.0
|
||||||
|
|
||||||
|
* Fri Sep 28 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.8-1
|
||||||
|
- Update to 2.6.8
|
||||||
|
|
||||||
|
* Wed Sep 12 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-2
|
||||||
|
- Re-add mlogc sub-package for epel (#856525)
|
||||||
|
|
||||||
|
* Sat Aug 25 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-1
|
||||||
|
- Update to 2.6.7
|
||||||
|
|
||||||
|
* Sat Aug 25 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.6.7-1
|
||||||
|
- Update to 2.6.7
|
||||||
|
|
||||||
|
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.6-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 22 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-2
|
||||||
|
- mlogc subpackage is not provided on RHEL
|
||||||
|
|
||||||
|
* Thu Jun 21 2012 Peter Vrabec <pvrabec@redhat.com> - 2.6.6-1
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
* Mon May 7 2012 Joe Orton <jorton@redhat.com> - 2.6.5-3
|
||||||
|
- packaging fixes
|
||||||
|
|
||||||
|
* Fri Apr 27 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-2
|
||||||
|
- fix license tag
|
||||||
|
|
||||||
|
* Thu Apr 05 2012 Peter Vrabec <pvrabec@redhat.com> 2.6.5-1
|
||||||
|
- upgrade & move rules into new package mod_security_crs
|
||||||
|
|
||||||
|
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 2.5.13-3
|
||||||
|
- Rebuild against PCRE 8.30
|
||||||
|
- Do not install non-existing files
|
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.13-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue May 3 2011 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.13-1
|
||||||
|
- Newer upstream version
|
||||||
|
|
||||||
|
* Wed Jun 30 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-3
|
||||||
|
- Fix log dirs and files ordering per bz#569360
|
||||||
|
|
||||||
|
* Thu Apr 29 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-2
|
||||||
|
- Fix SecDatadir and minimal config per bz #569360
|
||||||
|
|
||||||
|
* Sat Feb 13 2010 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.12-1
|
||||||
|
- Update to latest upstream release
|
||||||
|
- SECURITY: Fix potential rules bypass and denial of service (bz#563576)
|
||||||
|
|
||||||
|
* Fri Nov 6 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.10-2
|
||||||
|
- Fix rules and Apache configuration (bz#533124)
|
||||||
|
|
||||||
|
* Thu Oct 8 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> - 2.5.10-1
|
||||||
|
- Upgrade to 2.5.10 (with Core Rules v2)
|
||||||
|
|
||||||
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.9-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Mar 12 2009 Michael Fleming <mfleming+rpm@thatfleminggent.com> 2.5.9-1
|
||||||
|
- Update to upstream release 2.5.9
|
||||||
|
- Fixes potential DoS' in multipart request and PDF XSS handling
|
||||||
|
|
||||||
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.7-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Dec 29 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.5.7-1
|
||||||
|
- Update to upstream 2.5.7
|
||||||
|
- Reinstate mlogc
|
||||||
|
|
||||||
|
* Sat Aug 2 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.5.6-1
|
||||||
|
- Update to upstream 2.5.6
|
||||||
|
- Remove references to mlogc, it no longer ships in the main tarball.
|
||||||
|
- Link correctly vs. libxml2 and lua (bz# 445839)
|
||||||
|
- Remove bogus LoadFile directives as they're no longer needed.
|
||||||
|
|
||||||
|
* Sun Apr 13 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.7-1
|
||||||
|
- Update to upstream 2.1.7
|
||||||
|
|
||||||
|
* Sat Feb 23 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.6-1
|
||||||
|
- Update to upstream 2.1.6 (Extra features including SecUploadFileMode)
|
||||||
|
|
||||||
|
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.1.5-3
|
||||||
|
- Autorebuild for GCC 4.3
|
||||||
|
|
||||||
|
* Sun Jan 27 2008 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.5-2
|
||||||
|
- Update to 2.1.5 (bz#425986)
|
||||||
|
- "blocking" -> "optional_rules" per tarball ;-)
|
||||||
|
|
||||||
|
|
||||||
|
* Thu Sep 13 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.3-1
|
||||||
|
- Update to 2.1.3
|
||||||
|
- Update License tag per guidelines.
|
||||||
|
|
||||||
|
* Mon Sep 3 2007 Joe Orton <jorton@redhat.com> 2.1.1-3
|
||||||
|
- rebuild for fixed 32-bit APR (#254241)
|
||||||
|
|
||||||
|
* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 2.1.1-2
|
||||||
|
- Rebuild for selinux ppc32 issue.
|
||||||
|
|
||||||
|
* Tue Jun 19 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.1-1
|
||||||
|
- New upstream release
|
||||||
|
- Drop ASCIIZ rule (fixed upstream)
|
||||||
|
- Re-enable protocol violation/anomalies rules now that REQUEST_FILENAME
|
||||||
|
is fixed upstream.
|
||||||
|
|
||||||
|
* Sun Apr 1 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-3
|
||||||
|
- Automagically configure correct library path for libxml2 library.
|
||||||
|
- Add LoadModule for mod_unique_id as the logging wants this at runtime
|
||||||
|
|
||||||
|
* Mon Mar 26 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-2
|
||||||
|
- Fix DSO permissions (bz#233733)
|
||||||
|
|
||||||
|
* Tue Mar 13 2007 Michael Fleming <mfleming+rpm@enlartenment.com> 2.1.0-1
|
||||||
|
- New major release - 2.1.0
|
||||||
|
- Fix CVE-2007-1359 with a local rule courtesy of Ivan Ristic
|
||||||
|
- Addition of core ruleset
|
||||||
|
- (Build)Requires libxml2 and pcre added.
|
||||||
|
|
||||||
|
* Sun Sep 3 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-2
|
||||||
|
- Rebuild
|
||||||
|
- Fix minor longstanding braino in included sample configuration (bz #203972)
|
||||||
|
|
||||||
|
* Mon May 15 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.4-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Tue Apr 11 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.3-1
|
||||||
|
- New upstream release
|
||||||
|
- Trivial spec tweaks
|
||||||
|
|
||||||
|
* Wed Mar 1 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-3
|
||||||
|
- Bump for FC5
|
||||||
|
|
||||||
|
* Fri Feb 10 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-2
|
||||||
|
- Bump for newer gcc/glibc
|
||||||
|
|
||||||
|
* Wed Jan 18 2006 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.2-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Fri Dec 16 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.1-2
|
||||||
|
- Bump for new httpd
|
||||||
|
|
||||||
|
* Thu Dec 1 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9.1-1
|
||||||
|
- New release 1.9.1
|
||||||
|
|
||||||
|
* Wed Nov 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.9-1
|
||||||
|
- New stable upstream release 1.9
|
||||||
|
|
||||||
|
* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-4
|
||||||
|
- Add Requires: httpd-mmn to get the appropriate "module magic" version
|
||||||
|
(thanks Ville Skytta)
|
||||||
|
- Disabled an overly-agressive rule or two..
|
||||||
|
|
||||||
|
* Sat Jul 9 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-3
|
||||||
|
- Correct Buildroot
|
||||||
|
- Some sensible and safe rules for common apps in mod_security.conf
|
||||||
|
|
||||||
|
* Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-2
|
||||||
|
- Don't strip the module (so we can get a useful debuginfo package)
|
||||||
|
|
||||||
|
* Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-1
|
||||||
|
- Initial spin for Extras
|
Loading…
Reference in new issue