rpms
/
mod_security_crs
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:c8
Branches Tags
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'c8' have entirely different histories.
c9 ... c8

2 changed files with 40 additions and 48 deletions
Show Stats

16
SOURCES/mod_security_crs-rule-941310-dont-match-japanese-word.patch
Unescape View File

@ -0,0 +1,16 @@
--- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2020-07-01 18:38:19.000000000 +0200
+++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2023-02-16 09:14:52.151838881 +0100
@@ -543,8 +543,11 @@
ctl:auditLogParts=+E,\
ver:'OWASP_CRS/3.3.4',\
severity:'CRITICAL',\
- setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
+ chain"
+ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx [^\xe4]\xbc[^\x9a][^\xbe>]*[^\xe7][^\xa4][\xbe>]|<[^\xbe]*[^\xe7][^\xa4]\xbe" \
+ "t:none,t:lowercase,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\
+ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
+ setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
#
# https://nedbatchelder.com/blog/200704/xss_with_utf7.html

72
SPECS/mod_security_crs.spec
Unescape View File

@ -1,14 +1,16 @@
Summary: ModSecurity Rules
Name: mod_security_crs
Version: 3.3.4
Release: 1%{?dist}
Release: 3%{?dist}
License: ASL 2.0
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
Group: System Environment/Daemons
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
BuildArch: noarch
Requires: mod_security >= 2.9.6
Requires: mod_security >= 2.8.0
Obsoletes: mod_security_crs-extras < 3.0.0
Patch0: mod_security_crs-early-blocking.patch
Patch1: mod_security_crs-rule-941310-dont-match-japanese-word.patch
%description
This package provides the base rules for mod_security.
@ -16,6 +18,7 @@ This package provides the base rules for mod_security.
%prep
%setup -q -n coreruleset-%{version}
%patch0 -p1 -b.early_blocking
%patch1 -p1 -b.rule_941310
%build
@ -31,7 +34,6 @@ mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysc
install -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
install -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
# activate base_rules
@ -48,58 +50,32 @@ done
%{_datarootdir}/mod_modsecurity_crs
%changelog
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
* Tue Apr 04 2023 Richard Lescak <rlescak@redhat.com> - 3.3.4-3
- bump release to enable build
- Related: rhbz#2040257
* Fri Mar 31 2023 Richard Lescak <rlescak@redhat.com> - 3.3.4-2
- add chained regex for rule 941310 to not match japan word 'company'
- Resolves: rhbz#2040257
* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
- new version 3.3.4
- Resolves: #2143210 - [RFE] upgrade mod_security_crs to latest upstream 3.3.x
- Resolves: #2141432 - [RFE] upgrade mod_security_crs to latest upstream 3.3.x
* Wed Sep 07 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-6
* Wed Sep 07 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-5
- Fix application of early blocking patch
- Related: rhbz#2115313
- Related: rhbz#2101020
* Fri Aug 05 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-5
- Fix patch for early blocking
- Related: rhbz#2115313
* Mon Sep 05 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-4
- Rebuild because of build system issue
- Related: rhbz#2101020
* Thu Aug 04 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-4
* Tue Aug 02 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-3
- Backport early blocking feature
- Resolves: rhbz#2115313
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Aug 2 2021 Joe Orton <jorton@redhat.com> - 3.3.0-2
- rebuild (#1986075)
* Thu Apr 22 2021 Lubos Uhliarik <luhliari@redhat.com> - 3.3.0-1
- Resolves: #1947962 - [RFE] update mod_security_crs to 3.3
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2.0-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Mar 05 2021 Lubos Uhliarik <luhliari@redhat.com> - 3.2.0-1
- new version 3.2.0
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
- Resolves: rhbz#2101020
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu May 06 2021 Lubos Uhliarik <luhliari@redhat.com> - 3.3.0-2
- Resolves: #1855858 - [RFE] update mod_security_crs to 3.3
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

Write Preview
Loading…
Cancel
Save