Compare commits

...

No commits in common. 'c9' and 'i8c' have entirely different histories.
c9 ... i8c

@ -1,8 +1,8 @@
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index 80f8f2b..7912d84 100644 index ce97950..5d4e9b5 100644
--- a/apache2/apache2_config.c --- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c +++ b/apache2/apache2_config.c
@@ -2354,6 +2354,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1, @@ -2345,6 +2345,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
} }
@ -27,7 +27,7 @@ index 80f8f2b..7912d84 100644
static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1) static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
{ {
if (strcasecmp(p1, "on") == 0) { if (strcasecmp(p1, "on") == 0) {
@@ -3667,6 +3685,14 @@ const command_rec module_directives[] = { @@ -3658,6 +3677,14 @@ const command_rec module_directives[] = {
"Abort or Warn" "Abort or Warn"
), ),
@ -43,7 +43,7 @@ index 80f8f2b..7912d84 100644
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecXmlExternalEntity", "SecXmlExternalEntity",
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index 7bb215e..c155495 100644 index b6e98e9..1410ac7 100644
--- a/apache2/mod_security2.c --- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c +++ b/apache2/mod_security2.c
@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL; @@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
@ -56,7 +56,7 @@ index 7bb215e..c155495 100644
int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED; int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index f24bc75..8bcd453 100644 index f170034..d9de1f0 100644
--- a/apache2/modsecurity.h --- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h +++ b/apache2/modsecurity.h
@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server; @@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
@ -68,10 +68,10 @@ index f24bc75..8bcd453 100644
extern DSOLOCAL int status_engine_state; extern DSOLOCAL int status_engine_state;
diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
index 99968f0..b8db13e 100644 index 8a6df9e..af437d1 100644
--- a/apache2/msc_remote_rules.c --- a/apache2/msc_remote_rules.c
+++ b/apache2/msc_remote_rules.c +++ b/apache2/msc_remote_rules.c
@@ -358,6 +358,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key @@ -353,6 +353,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
/* We want Curl to return error in case there is an HTTP error code */ /* We want Curl to return error in case there is an HTTP error code */
curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1); curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);

@ -1,14 +0,0 @@
Strip redundant APR-util dependent libraries, it is sufficient to link against -laprutil-1.
--- modsecurity-2.9.3/build/find_apu.m4.apulibs
+++ modsecurity-2.9.3/build/find_apu.m4
@@ -59,7 +59,7 @@
APU_CFLAGS="`${APU_CONFIG} --includes`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu CFLAGS: $APU_CFLAGS); fi
APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
- APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --libs`"
+ APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --avoid-ldap --avoid-dbm --libs`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
APU_LDADD="`${APU_CONFIG} --link-libtool`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi

@ -1,31 +0,0 @@
diff -ru modsecurity-2.9.3/apache2/msc_lua.c modsecurity-2.9.3-lua-patch/apache2/msc_lua.c
--- modsecurity-2.9.3/apache2/msc_lua.c 2018-12-04 18:49:37.000000000 +0000
+++ modsecurity-2.9.3-lua-patch/apache2/msc_lua.c 2020-08-08 16:55:14.936045777 +0000
@@ -429,12 +429,12 @@
#else
/* Create new state. */
-#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501
+#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501 || LUA_VERSION_NUM == 504
L = luaL_newstate();
#elif LUA_VERSION_NUM == 500
L = lua_open();
#else
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
#endif
luaL_openlibs(L);
@@ -459,10 +459,10 @@
/* Register functions. */
#if LUA_VERSION_NUM == 500 || LUA_VERSION_NUM == 501
luaL_register(L, "m", mylib);
-#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503
+#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 504
luaL_setfuncs(L, mylib, 0);
#else
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
#endif
lua_setglobal(L, "m");

@ -5,30 +5,26 @@
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}} %{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}} %{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
%bcond_without mlogc %global with_mlogc 1
Summary: Security module for the Apache HTTP Server Summary: Security module for the Apache HTTP Server
Name: mod_security Name: mod_security
Version: 2.9.6 Version: 2.9.6
Release: 1%{?dist} Release: 1%{?dist}
License: ASL 2.0 License: ASL 2.0
URL: http://www.modsecurity.org/ URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
Source1: mod_security.conf Source1: mod_security.conf
Source2: 10-mod_security.conf Source2: 10-mod_security.conf
Source3: modsecurity_localrules.conf Source3: modsecurity_localrules.conf
Patch0: modsecurity-2.9.3-lua-54.patch Patch1: mod_security-2.9.2-remote-rules-timeout.patch
Patch1: modsecurity-2.9.3-apulibs.patch
Patch2: mod_security-2.9.3-remote-rules-timeout.patch
Requires: httpd httpd-mmn = %{_httpd_mmn} Requires: httpd httpd-mmn = %{_httpd_mmn}
%if 0%{?fedora} || 0%{?rhel} > 7 # To ensure correct file ownership
# Ensure apache user exists for file ownership
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
%endif BuildRequires: gcc
BuildRequires: gcc, make, autoconf, automake, libtool
BuildRequires: httpd-devel BuildRequires: httpd-devel
BuildRequires: make
BuildRequires: perl-generators BuildRequires: perl-generators
BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(libpcre) BuildRequires: pkgconfig(libpcre)
@ -39,7 +35,7 @@ BuildRequires: pkgconfig(lua)
%if 0%{?el6} %if 0%{?el6}
BuildRequires: yajl-devel BuildRequires: yajl-devel
%else %else
BuildRequires: pkgconfig(yajl) BuildRequires: pkgconfig(yajl)
%endif %endif
@ -48,30 +44,27 @@ ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks. as a powerful umbrella - shielding web applications from attacks.
%if %{with mlogc} %if %with_mlogc
%package mlogc %package mlogc
Summary: ModSecurity Audit Log Collector Summary: ModSecurity Audit Log Collector
Requires: mod_security Group: System Environment/Daemons
%if 0%{?fedora} || 0%{?rhel} > 7 Requires: mod_security%{?_isa} = %{version}-%{release}
# Ensure apache user exists for file ownership
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
%endif
%description mlogc %description mlogc
This package contains the ModSecurity Audit Log Collector. This package contains the ModSecurity Audit Log Collector.
%endif %endif
%prep %prep
%autosetup -p1 -n modsecurity-%{version} %setup -q -n modsecurity-%{version}
%patch1 -p1 -b .remote-rules-timeout
%build %build
./autogen.sh
%configure --enable-pcre-match-limit=1000000 \ %configure --enable-pcre-match-limit=1000000 \
--enable-pcre-match-limit-recursion=1000000 \ --enable-pcre-match-limit-recursion=1000000 \
--with-apxs=%{_httpd_apxs} \ --with-apxs=%{_httpd_apxs} \
--with-yajl \ --with-yajl \
--disable-static --enable-collection-global-lock
# remove rpath # remove rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
@ -110,7 +103,7 @@ install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/ install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
# mlogc # mlogc
%if %{with mlogc} %if %with_mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc install -d %{buildroot}%{_localstatedir}/log/mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc/data install -d %{buildroot}%{_localstatedir}/log/mlogc/data
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
@ -132,7 +125,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name} %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
%if %{with mlogc} %if %with_mlogc
%files mlogc %files mlogc
%doc mlogc/INSTALL %doc mlogc/INSTALL
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
@ -143,53 +136,26 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%endif %endif
%changelog %changelog
* Wed Nov 16 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1 * Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.9.6-1
- new version 2.9.6 - Rebuilt for MSVSphere 8.8
- Resolves: #2143211 - [RFE] upgrade mod_security to 2.9.6
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-12 * Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - new version 2.9.6
Related: rhbz#1991688 - Resolves: #2143207 - [RFE] upgrade mod_security to 2.9.6
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-11
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10 * Sun Nov 15 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-9
- Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl - Resolves: #1824859 - RFE: Add a feature that can set a mod_security/libcurl
timeout for retrieving the rules timeout for retrieving the rules
- rename mlogc to mod_security-mlogc
* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
- don't link against redundant apr-util dependent libraries
* Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sun Dec 09 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.3-1 * Mon Dec 17 2018 Joe Orton <jorton@redhat.com> - 2.9.2-8
- Update to 2.9.3 - enable collection global lock (#1650268)
* Fri Nov 16 2018 Joe Orton <jorton@redhat.com> - 2.9.2-7 * Wed Nov 28 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-7
- Requires(pre): httpd-filesystem to ensure apache user exists - Related: #1650242 - mod_security-mlogc dropped
- enable mlogc everywhere, use buildcond to disable
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-6 * Thu Nov 15 2018 Joe Orton <jorton@redhat.com> - 2.9.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - build -mlogc subpackage (#1650242)
- add httpd-filesystem as Requires(pre)
* Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5 * Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5
- Add gcc and make as BR (minimal buildroot change) - Add gcc and make as BR (minimal buildroot change)

Loading…
Cancel
Save