rpms
/
mod_security
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:i8c
Branches Tags
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta
..
compare: rpms:c9
Branches Tags
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'i8c' and 'c9' have entirely different histories.
i8c ... c9

4 changed files with 117 additions and 38 deletions
Show Stats

14
SOURCES/mod_security-2.9.2-remote-rules-timeout.patch → SOURCES/mod_security-2.9.3-remote-rules-timeout.patch
Unescape View File

@ -1,8 +1,8 @@
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index ce97950..5d4e9b5 100644 index 80f8f2b..7912d84 100644
--- a/apache2/apache2_config.c --- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c +++ b/apache2/apache2_config.c
@@ -2345,6 +2345,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1, @@ -2354,6 +2354,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
} }
@ -27,7 +27,7 @@ index ce97950..5d4e9b5 100644
static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1) static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
{ {
if (strcasecmp(p1, "on") == 0) { if (strcasecmp(p1, "on") == 0) {
@@ -3658,6 +3677,14 @@ const command_rec module_directives[] = { @@ -3667,6 +3685,14 @@ const command_rec module_directives[] = {
"Abort or Warn" "Abort or Warn"
), ),
@ -43,7 +43,7 @@ index ce97950..5d4e9b5 100644
AP_INIT_TAKE1 ( AP_INIT_TAKE1 (
"SecXmlExternalEntity", "SecXmlExternalEntity",
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index b6e98e9..1410ac7 100644 index 7bb215e..c155495 100644
--- a/apache2/mod_security2.c --- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c +++ b/apache2/mod_security2.c
@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL; @@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
@ -56,7 +56,7 @@ index b6e98e9..1410ac7 100644
int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED; int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index f170034..d9de1f0 100644 index f24bc75..8bcd453 100644
--- a/apache2/modsecurity.h --- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h +++ b/apache2/modsecurity.h
@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server; @@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
@ -68,10 +68,10 @@ index f170034..d9de1f0 100644
extern DSOLOCAL int status_engine_state; extern DSOLOCAL int status_engine_state;
diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
index 8a6df9e..af437d1 100644 index 99968f0..b8db13e 100644
--- a/apache2/msc_remote_rules.c --- a/apache2/msc_remote_rules.c
+++ b/apache2/msc_remote_rules.c +++ b/apache2/msc_remote_rules.c
@@ -353,6 +353,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key @@ -358,6 +358,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
/* We want Curl to return error in case there is an HTTP error code */ /* We want Curl to return error in case there is an HTTP error code */
curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1); curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);

14
SOURCES/modsecurity-2.9.3-apulibs.patch
Unescape View File

@ -0,0 +1,14 @@
Strip redundant APR-util dependent libraries, it is sufficient to link against -laprutil-1.
--- modsecurity-2.9.3/build/find_apu.m4.apulibs
+++ modsecurity-2.9.3/build/find_apu.m4
@@ -59,7 +59,7 @@
APU_CFLAGS="`${APU_CONFIG} --includes`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu CFLAGS: $APU_CFLAGS); fi
APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
- APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --libs`"
+ APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --avoid-ldap --avoid-dbm --libs`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
APU_LDADD="`${APU_CONFIG} --link-libtool`"
if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi

31
SOURCES/modsecurity-2.9.3-lua-54.patch
Unescape View File

@ -0,0 +1,31 @@
diff -ru modsecurity-2.9.3/apache2/msc_lua.c modsecurity-2.9.3-lua-patch/apache2/msc_lua.c
--- modsecurity-2.9.3/apache2/msc_lua.c 2018-12-04 18:49:37.000000000 +0000
+++ modsecurity-2.9.3-lua-patch/apache2/msc_lua.c 2020-08-08 16:55:14.936045777 +0000
@@ -429,12 +429,12 @@
#else
/* Create new state. */
-#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501
+#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501 || LUA_VERSION_NUM == 504
L = luaL_newstate();
#elif LUA_VERSION_NUM == 500
L = lua_open();
#else
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
#endif
luaL_openlibs(L);
@@ -459,10 +459,10 @@
/* Register functions. */
#if LUA_VERSION_NUM == 500 || LUA_VERSION_NUM == 501
luaL_register(L, "m", mylib);
-#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503
+#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 504
luaL_setfuncs(L, mylib, 0);
#else
-#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
#endif
lua_setglobal(L, "m");

90
SPECS/mod_security.spec
Unescape View File

@ -5,7 +5,7 @@
%{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}} %{!?_httpd_confdir: %{expand: %%global _httpd_confdir %%{_sysconfdir}/httpd/conf.d}}
%{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}} %{!?_httpd_moddir: %{expand: %%global _httpd_moddir %%{_libdir}/httpd/modules}}
%global with_mlogc 1 %bcond_without mlogc
Summary: Security module for the Apache HTTP Server Summary: Security module for the Apache HTTP Server
Name: mod_security Name: mod_security
@ -13,18 +13,22 @@ Version: 2.9.6
Release: 1%{?dist} Release: 1%{?dist}
License: ASL 2.0 License: ASL 2.0
URL: http://www.modsecurity.org/ URL: http://www.modsecurity.org/
Group: System Environment/Daemons
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
Source1: mod_security.conf Source1: mod_security.conf
Source2: 10-mod_security.conf Source2: 10-mod_security.conf
Source3: modsecurity_localrules.conf Source3: modsecurity_localrules.conf
Patch1: mod_security-2.9.2-remote-rules-timeout.patch Patch0: modsecurity-2.9.3-lua-54.patch
Patch1: modsecurity-2.9.3-apulibs.patch
Patch2: mod_security-2.9.3-remote-rules-timeout.patch
Requires: httpd httpd-mmn = %{_httpd_mmn} Requires: httpd httpd-mmn = %{_httpd_mmn}
# To ensure correct file ownership %if 0%{?fedora} || 0%{?rhel} > 7
# Ensure apache user exists for file ownership
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
BuildRequires: gcc %endif
BuildRequires: gcc, make, autoconf, automake, libtool
BuildRequires: httpd-devel BuildRequires: httpd-devel
BuildRequires: make
BuildRequires: perl-generators BuildRequires: perl-generators
BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(libpcre) BuildRequires: pkgconfig(libpcre)
@ -44,27 +48,30 @@ ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks. as a powerful umbrella - shielding web applications from attacks.
%if %with_mlogc %if %{with mlogc}
%package mlogc %package mlogc
Summary: ModSecurity Audit Log Collector Summary: ModSecurity Audit Log Collector
Group: System Environment/Daemons Requires: mod_security
Requires: mod_security%{?_isa} = %{version}-%{release} %if 0%{?fedora} || 0%{?rhel} > 7
# Ensure apache user exists for file ownership
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
%endif
%description mlogc %description mlogc
This package contains the ModSecurity Audit Log Collector. This package contains the ModSecurity Audit Log Collector.
%endif %endif
%prep %prep
%setup -q -n modsecurity-%{version} %autosetup -p1 -n modsecurity-%{version}
%patch1 -p1 -b .remote-rules-timeout
%build %build
./autogen.sh
%configure --enable-pcre-match-limit=1000000 \ %configure --enable-pcre-match-limit=1000000 \
--enable-pcre-match-limit-recursion=1000000 \ --enable-pcre-match-limit-recursion=1000000 \
--with-apxs=%{_httpd_apxs} \ --with-apxs=%{_httpd_apxs} \
--with-yajl \ --with-yajl \
--enable-collection-global-lock --disable-static
# remove rpath # remove rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
@ -103,7 +110,7 @@ install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/ install -Dp -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/local_rules/
# mlogc # mlogc
%if %with_mlogc %if %{with mlogc}
install -d %{buildroot}%{_localstatedir}/log/mlogc install -d %{buildroot}%{_localstatedir}/log/mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc/data install -d %{buildroot}%{_localstatedir}/log/mlogc/data
install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
@ -125,7 +132,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/local_rules/*.conf
%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name} %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
%if %with_mlogc %if %{with mlogc}
%files mlogc %files mlogc
%doc mlogc/INSTALL %doc mlogc/INSTALL
%attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
@ -136,26 +143,53 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%endif %endif
%changelog %changelog
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.9.6-1 * Wed Nov 16 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
- Rebuilt for MSVSphere 8.8
* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
- new version 2.9.6 - new version 2.9.6
- Resolves: #2143207 - [RFE] upgrade mod_security to 2.9.6 - Resolves: #2143211 - [RFE] upgrade mod_security to 2.9.6
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-12
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.3-11
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Sun Nov 15 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-9 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10
- Resolves: #1824859 - RFE: Add a feature that can set a mod_security/libcurl - Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
timeout for retrieving the rules timeout for retrieving the rules
- rename mlogc to mod_security-mlogc
* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
- don't link against redundant apr-util dependent libraries
* Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Dec 17 2018 Joe Orton <jorton@redhat.com> - 2.9.2-8 * Sun Dec 09 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.3-1
- enable collection global lock (#1650268) - Update to 2.9.3
* Wed Nov 28 2018 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-7 * Fri Nov 16 2018 Joe Orton <jorton@redhat.com> - 2.9.2-7
- Related: #1650242 - mod_security-mlogc dropped - Requires(pre): httpd-filesystem to ensure apache user exists
- enable mlogc everywhere, use buildcond to disable
* Thu Nov 15 2018 Joe Orton <jorton@redhat.com> - 2.9.2-6 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-6
- build -mlogc subpackage (#1650242) - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
- add httpd-filesystem as Requires(pre)
* Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5 * Sun Feb 18 2018 Athmane Madjoudj <athmane@fedoraproject.org> - 2.9.2-5
- Add gcc and make as BR (minimal buildroot change) - Add gcc and make as BR (minimal buildroot change)

Write Preview
Loading…
Cancel
Save