Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apache2-mod_security2 for
openSUSE:Factory checked in at 2021-07-20 15:39:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new.2632 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_security2"
Tue Jul 20 15:39:41 2021 rev:28 rq:907289 version:2.9.4
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes
2021-02-23 20:23:09.347801628 +0100
+++
/work/SRC/openSUSE:Factory/.apache2-mod_security2.new.2632/apache2-mod_security2.changes
2021-07-20 15:40:39.369600303 +0200
@@ -1,0 +2,17 @@
+Mon Jul 19 09:37:45 UTC 2021 - Danilo Spinella <danilo.spine...@suse.com>
+
+- Update to 2.9.4:
+ * Add microsec timestamp resolution to the formatted log timestamp
+ * Added missing Geo Countries
+ * Store temporaries in the request pool for regexes compiled per-request.
+ * Fix other usage of the global pool for request temporaries in
re_operators.c
+ * Adds a sanity check before use ctl:ruleRemoveTargetById and
ctl:ruleRemoveTargetByMsg.
+ * Fix the order of error_msg validation
+ * When the input filter finishes, check whether we returned data
+ * fix: care non-null terminated chunk data
+ * Fix for apr_global_mutex_create() crashes with mod_security
+ * Fix inet addr handling on 64 bit big endian systems
+- Run spec-cleaner
+- Remove if/else for older version of SUSE distribution
+
+-------------------------------------------------------------------
Old:
----
modsecurity-2.9.3.tar.gz
New:
----
modsecurity-2.9.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_security2.spec ++++++
--- /var/tmp/diff_new_pack.1rssmm/_old 2021-07-20 15:40:40.021601469 +0200
+++ /var/tmp/diff_new_pack.1rssmm/_new 2021-07-20 15:40:40.025601476 +0200
@@ -20,13 +20,13 @@
%define tarballname modsecurity-%{version}
%define usrsharedir %{_datadir}/%{name}
Name: apache2-mod_security2
-Version: 2.9.3
+Version: 2.9.4
Release: 0
Summary: Web Application Firewall for apache httpd
License: Apache-2.0
Group: Productivity/Networking/Web/Servers
-URL: http://www.modsecurity.org/
-Source:
https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz
+URL: https://www.modsecurity.org/
+Source:
https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
Source1:
https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
Source2: mod_security2.conf
Source6: README-SUSE-mod_security2.txt
@@ -52,9 +52,6 @@
Requires: %{apache_mmn}
Requires: %{apache_suse_maintenance_mmn}
Requires: apache2
-%if 0%{suse_version} == 1110
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%endif
%description
ModSecurity is an intrusion detection and prevention
@@ -73,13 +70,7 @@
%patch3 -p1
%build
-# aclocal only works with newer distributions
-%if 0%{?suse_version} >= 1310
aclocal
-# on older versions only autoconf is called
-%else
-autoreconf -fi
-%endif
automake
%configure --with-apxs=%{apache_apxs} --enable-request-early
--enable-htaccess-config --disable-mlogc
CFLAGS="%{optflags}" make %{?_smp_mflags}
@@ -114,16 +105,14 @@
#make test-regression
%files
-%if %{suse_version} == 1110
-%defattr (-,root,root)
-%endif
%{apache_libexecdir}/%{modname}.so
%config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf
%dir %{apache_sysconfdir}/mod_security2.d
%{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt
%{apache_sysconfdir}/mod_security2.d/empty.conf
%{usrsharedir}
-%doc README.md CHANGES LICENSE NOTICE authors.txt
+%license LICENSE
+%doc README.md CHANGES NOTICE authors.txt
%doc doc/README.txt
%doc doc/README-SUSE-mod_security2.txt
%doc rules/util/regression-tests
++++++ modsecurity-2.9.3.tar.gz -> modsecurity-2.9.4.tar.gz ++++++
++++ 4004 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/CHANGES new/modsecurity-2.9.4/CHANGES
--- old/modsecurity-2.9.3/CHANGES 2018-12-04 19:49:37.000000000 +0100
+++ new/modsecurity-2.9.4/CHANGES 2021-06-21 14:36:18.000000000 +0200
@@ -1,3 +1,28 @@
+21 Jun 2021 - 2.9.4
+-------------------
+
+ * Add microsec timestamp resolution to the formatted log timestamp
+ [Issue #2095 - @rainerjung]
+ * Store temporaries in the request pool for regexes compiled per-request.
+ [Issue #890, #2049 - @lightsey]
+ * Fix other usage of the global pool for request temporaries in re_operators.c
+ [Issue #890, #2049 - @lightsey]
+ * Adds a sanity check before use ctl:ruleRemoveTargetById and
ctl:ruleRemoveTargetByMsg.
+ [Issue #2033 - @studersi]
+ * Fix the order of error_msg validation
+ [Issue #2128 - @marcstern, @zimmerle]
+ * Added missing Geo Countries
+ [Issue #2123, #2124 - @emphazer]
+ * When the input filter finishes, check whether we returned data
+ [Issue #2091, #2092 - @rainerjung]
+ * fix: care non-null terminated chunk data
+ [Issue #2097 - @orisano]
+ * Fix for apr_global_mutex_create() crashes with mod_security
+ [Issue #1957 - @blappm]
+ * Fix inet addr handling on 64 bit big endian systems
+ [Issue #1980 - @zimmerle, @airween]
+
+
05 Dec 2018 - 2.9.3
-------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/README.md new/modsecurity-2.9.4/README.md
--- old/modsecurity-2.9.3/README.md 2018-12-04 19:49:37.000000000 +0100
+++ new/modsecurity-2.9.4/README.md 2021-06-21 14:34:56.000000000 +0200
@@ -14,57 +14,6 @@
Please refer to: [the documentation
folder](https://github.com/SpiderLabs/ModSecurity/tree/v2/master/doc) for the
reference manual.
-## OWASP ModSecurity Core Rule Set (CRS)
+## Sponsor Note
-Project Site:
https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
-
-Download: https://github.com/SpiderLabs/owasp-modsecurity-crs
-
-ModSecurity??? is a web application firewall engine that provides very little
protection on its own. In order to become useful, ModSecurity??? must be
configured with rules. In order to enable users to take full advantage of
ModSecurity??? out of the box, Trustwave's SpiderLabs is providing a free
certified rule set for ModSecurity??? 2.x.
-
-Unlike intrusion detection and prevention systems, which rely on signatures
specific to known vulnerabilities, the Core Rules provide generic protection
from unknown vulnerabilities often found in web applications, which are in most
cases custom coded. The Core Rules are heavily commented to allow it to be used
as a step-by-step deployment guide for ModSecurity???.
-
-### Core Rules Content
-
-In order to provide generic web applications protection, the Core Rules use
the following techniques:
-
-* **HTTP Protection** - detecting violations of the HTTP protocol and a
locally defined usage policy.
-* **Real-time Blacklist Lookups** - utilizes 3rd Party IP Reputation
-* **Web-based Malware Detection** - identifies malicious web content by check
against the Google Safe Browsing API.
-* **HTTP Denial of Service Protections** - defense against HTTP Flooding and
Slow HTTP DoS Attacks.
-* **Common Web Attacks Protection** - detecting common web application
security attack.
-* **Automation Detection** - Detecting bots, crawlers, scanners and other
surface malicious activity.
-* **Integration with AV Scanning for File Uploads** - detects malicious files
uploaded through the web application.
-* **Tracking Sensitive Data** - Tracks Credit Card usage and blocks leakages.
-* **Trojan Protection** - Detecting access to Trojans horses.
-* **Identification of Application Defects** - alerts on application
misconfigurations.
-* **Error Detection and Hiding** - Disguising error messages sent by the
server.
-
-## ModSecurity Rules from Trustwave SpiderLabs
-
-Project Site: https://www.trustwave.com/modsecurity-rules-support.php
-
-Download: https://ssl.trustwave.com/web-application-firewall
-
-Trustwave now provides a commercial certified rule set for ModSecurity 2.x
that protects against known attacks that target vulnerabilities in public
software and are based on intelligence gathered from real-world investigations,
honeypot data and research.
-
-1. More than 16,000 specific rules, broken out into the following attack
categories:
-
- * SQL injection
- * Cross-site Scripting (XSS)
- * Local File Include
- * Remote File Include
-
-2. User option for application specific rules, covering the same vulnerability
classes for applications such as:
-
- * WordPress
- * cPanel
- * osCommerce
- * Joomla
- * For a complete listing of application coverage, please refer to this link
(which is updated daily): https://modsecurity.org/application_coverage.html
-
-3. Complements and integrates with the OWASP Core Rule Set
-
-4. IP Reputation capabilities which provide protection against malicious
clients identified by the Trustwave SpiderLabs Distributed Web Honeypots
-
-5. Malware Detection capabilities which prevent your web site from
distributing malicious code to clients.
+ModSecurity is sponsored by Trustwave. Trustwave offers a range of commercial
services related to ModSecurity, including a set of Rules, consultancy and
customization of ModSecurity. Contact the Trustwave sales department for more
information - sa...@trustwave.com
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/apache2_io.c
new/modsecurity-2.9.4/apache2/apache2_io.c
--- old/modsecurity-2.9.3/apache2/apache2_io.c 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/apache2_io.c 2021-06-21 14:34:56.000000000
+0200
@@ -36,6 +36,7 @@
msc_data_chunk *chunk = NULL;
apr_bucket *bucket;
apr_status_t rc;
+ int no_data = 1;
char *my_error_msg = NULL;
if (msr == NULL) {
@@ -110,6 +111,7 @@
if (bucket == NULL) return APR_EGENERAL;
APR_BRIGADE_INSERT_TAIL(bb_out, bucket);
+ no_data = 0;
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Forwarded %" APR_SIZE_T_FMT "
bytes.", chunk->length);
@@ -130,6 +132,7 @@
if (bucket == NULL) return APR_EGENERAL;
APR_BRIGADE_INSERT_TAIL(bb_out, bucket);
+ no_data = 0;
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input stream filter: Forwarded %"
APR_SIZE_T_FMT " bytes.", msr->stream_input_length);
@@ -145,6 +148,7 @@
bucket = apr_bucket_eos_create(f->r->connection->bucket_alloc);
if (bucket == NULL) return APR_EGENERAL;
APR_BRIGADE_INSERT_TAIL(bb_out, bucket);
+ no_data = 0;
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Sent EOS.");
@@ -158,6 +162,10 @@
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Input forwarding complete.");
}
+
+ if (no_data) {
+ return ap_get_brigade(f->next, bb_out, mode, block, nbytes);
+ }
}
return APR_SUCCESS;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/modsecurity.c
new/modsecurity-2.9.4/apache2/modsecurity.c
--- old/modsecurity-2.9.3/apache2/modsecurity.c 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/modsecurity.c 2021-06-21 14:34:56.000000000
+0200
@@ -133,7 +133,8 @@
curl_global_init(CURL_GLOBAL_ALL);
#endif
/* Serial audit log mutext */
- rc = apr_global_mutex_create(&msce->auditlog_lock, NULL, APR_LOCK_DEFAULT,
mp);
+ tmpnam(auditlog_lock_name);
+ rc = apr_global_mutex_create(&msce->auditlog_lock, auditlog_lock_name,
APR_LOCK_DEFAULT, mp);
if (rc != APR_SUCCESS) {
//ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "mod_security: Could not
create modsec_auditlog_lock");
//return HTTP_INTERNAL_SERVER_ERROR;
@@ -154,7 +155,8 @@
}
#endif /* SET_MUTEX_PERMS */
- rc = apr_global_mutex_create(&msce->geo_lock, NULL, APR_LOCK_DEFAULT, mp);
+ tmpnam(geo_lock_name);
+ rc = apr_global_mutex_create(&msce->geo_lock, geo_lock_name,
APR_LOCK_DEFAULT, mp);
if (rc != APR_SUCCESS) {
return -1;
}
@@ -171,7 +173,8 @@
#endif /* SET_MUTEX_PERMS */
#ifdef GLOBAL_COLLECTION_LOCK
- rc = apr_global_mutex_create(&msce->dbm_lock, NULL, APR_LOCK_DEFAULT, mp);
+ tmpnam(dbm_lock_name);
+ rc = apr_global_mutex_create(&msce->dbm_lock, dbm_lock_name,
APR_LOCK_DEFAULT, mp);
if (rc != APR_SUCCESS) {
return -1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/modsecurity.h
new/modsecurity-2.9.4/apache2/modsecurity.h
--- old/modsecurity-2.9.3/apache2/modsecurity.h 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/modsecurity.h 2021-06-21 14:34:56.000000000
+0200
@@ -133,6 +133,12 @@
#define FATAL_ERROR "ModSecurity: Fatal error (memory allocation or unexpected
internal error)!"
+static char auditlog_lock_name[L_tmpnam];
+static char geo_lock_name[L_tmpnam];
+#ifdef GLOBAL_COLLECTION_LOCK
+static char dbm_lock_name[L_tmpnam];
+#endif
+
extern DSOLOCAL char *new_server_signature;
extern DSOLOCAL char *real_server_signature;
extern DSOLOCAL char *chroot_dir;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/msc_geo.c new/modsecurity-2.9.4/apache2/msc_geo.c
--- old/modsecurity-2.9.3/apache2/msc_geo.c 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/msc_geo.c 2021-06-21 14:34:56.000000000
+0200
@@ -43,7 +43,8 @@
"TJ","TK","TM","TN","TO","TL","TR","TT","TV","TW",
"TZ","UA","UG","UM","US","UY","UZ","VA","VC","VE",
"VG","VI","VN","VU","WF","WS","YE","YT","RS","ZA",
- "ZM","ME","ZW","A1","A2","O1","AX","GG","IM","JE"
+ "ZM","ME","ZW","A1","A2","O1","AX","GG","IM","JE",
+ "BL","BQ","CW","MF","SS","SX"
};
static const char geo_country_code3[GEO_COUNTRY_LAST + 1][4] = {
@@ -72,7 +73,8 @@
"TJK","TKL","TKM","TUN","TON","TLS","TUR","TTO","TUV","TWN",
"TZA","UKR","UGA","UM","USA","URY","UZB","VAT","VCT","VEN",
"VGB","VIR","VNM","VUT","WLF","WSM","YEM","YT","SRB","ZAF",
- "ZMB","MNE","ZWE","A1","A2","O1","ALA","GGY","IMN","JEY"
+ "ZMB","MNE","ZWE","A1","A2","O1","ALA","GGY","IMN","JEY",
+ "BLM","BES","CUW","MAF","SSD","SXM"
};
static const char *const geo_country_name[GEO_COUNTRY_LAST + 1] = {
@@ -101,7 +103,8 @@
"Tajikistan","Tokelau","Turkmenistan","Tunisia","Tonga","Timor-Leste","Turkey","Trinidad
and Tobago","Tuvalu","Taiwan",
"Tanzania, United Republic of","Ukraine","Uganda","United States Minor
Outlying Islands","United States","Uruguay","Uzbekistan","Holy See (Vatican
City State)","Saint Vincent and the Grenadines","Venezuela",
"Virgin Islands, British","Virgin Islands,
U.S.","Vietnam","Vanuatu","Wallis and
Futuna","Samoa","Yemen","Mayotte","Serbia","South Africa",
- "Zambia","Montenegro","Zimbabwe","Anonymous Proxy","Satellite
Provider","Other","Aland Islands","Guernsey","Isle of Man","Jersey"
+ "Zambia","Montenegro","Zimbabwe","Anonymous Proxy","Satellite
Provider","Other","Aland Islands","Guernsey","Isle of Man","Jersey",
+ "Saint Barth??lemy","Bonaire, Sint Eustatius and Saba","Cura??ao","Saint
Martin (French part)","South Sudan","Sint Maarten (Dutch part)"
};
static const char geo_country_continent[GEO_COUNTRY_LAST + 1][4] = {
@@ -130,7 +133,8 @@
"AS","OC","AS","AF","OC","AS","AS","SA","OC","AS",
"AF","EU","AF","OC","NA","SA","AS","EU","SA","SA",
"SA","SA","AS","OC","OC","OC","AS","AF","EU","AF",
- "AF","EU","AF","--","--","--","EU","EU","EU","EU"
+ "AF","EU","AF","--","--","--","EU","EU","EU","EU",
+ "--","--","--","--","AF","--"
};
typedef enum {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/msc_geo.h new/modsecurity-2.9.4/apache2/msc_geo.h
--- old/modsecurity-2.9.3/apache2/msc_geo.h 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/msc_geo.h 2021-06-21 14:34:56.000000000
+0200
@@ -25,7 +25,7 @@
#define GEO_COUNTRY_DATABASE 1
#define GEO_CITY_DATABASE_0 6
#define GEO_CITY_DATABASE_1 2
-#define GEO_COUNTRY_LAST 250
+#define GEO_COUNTRY_LAST 256
#define GEO_SEGMENT_RECORD_LENGTH 3
#define GEO_STATE_BEGIN_REV0 16700000
#define GEO_STATE_BEGIN_REV1 16000000
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/msc_logging.c
new/modsecurity-2.9.4/apache2/msc_logging.c
--- old/modsecurity-2.9.3/apache2/msc_logging.c 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/msc_logging.c 2021-06-21 14:34:56.000000000
+0200
@@ -992,6 +992,7 @@
/* Write the sanitized chunk to the log
* and advance to the next chunk. */
+ chunk->data[chunk->length] = 0;
yajl_string(g, chunk->data);
chunk_offset += chunk->length;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/msc_release.h
new/modsecurity-2.9.4/apache2/msc_release.h
--- old/modsecurity-2.9.3/apache2/msc_release.h 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/msc_release.h 2021-06-21 14:36:18.000000000
+0200
@@ -38,7 +38,7 @@
#define MODSEC_VERSION_MAJOR "2"
#define MODSEC_VERSION_MINOR "9"
-#define MODSEC_VERSION_MAINT "3"
+#define MODSEC_VERSION_MAINT "4"
#define MODSEC_VERSION_TYPE ""
#define MODSEC_VERSION_RELEASE ""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/msc_tree.c
new/modsecurity-2.9.4/apache2/msc_tree.c
--- old/modsecurity-2.9.3/apache2/msc_tree.c 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/msc_tree.c 2021-06-21 14:34:56.000000000
+0200
@@ -832,7 +832,7 @@
switch(type) {
case IPV4_TREE:
- memset(&addr4, 0, sizeof(addr4));
+ memset(&(addr4.s_addr), 0, sizeof(addr4.s_addr));
memset(ip_strv4, 0x0, NETMASK_32);
strncpy(ip_strv4, buffer, sizeof(ip_strv4));
@@ -859,20 +859,16 @@
ip_strv4[pos] = '\0';
}
- ret = inet_pton(AF_INET, ip_strv4, &addr4);
+ ret = inet_pton(AF_INET, ip_strv4, &(addr4.s_addr));
if (ret <= 0) {
return NULL;
}
-
- ip = addr4.s_addr;
-
tree->count++;
-
- return CPTAddElement((unsigned char *)&ip, NETMASK_32, tree,
netmask_v4);
+ return CPTAddElement((unsigned char *)&(addr4.s_addr), NETMASK_32,
tree, netmask_v4);
case IPV6_TREE:
- memset(&addr6, 0, sizeof(addr6));
+ memset(&(addr6.s6_addr), 0, sizeof(addr6.s6_addr));
memset(ip_strv6, 0x0, NETMASK_128);
strncpy(ip_strv6, buffer, sizeof(ip_strv6));
@@ -899,7 +895,7 @@
ip_strv6[pos] = '\0';
}
- ret = inet_pton(AF_INET6, ip_strv6, &addr6);
+ ret = inet_pton(AF_INET6, ip_strv6, &(addr6.s6_addr));
if (ret <= 0)
{
@@ -908,10 +904,11 @@
tree->count++;
- return CPTAddElement((unsigned char *)&addr6.s6_addr, NETMASK_128,
tree, netmask_v6);
+ return CPTAddElement((unsigned char *)&(addr6.s6_addr),
NETMASK_128, tree, netmask_v6);
default:
return NULL;
}
return NULL;
}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/msc_util.c
new/modsecurity-2.9.4/apache2/msc_util.c
--- old/modsecurity-2.9.3/apache2/msc_util.c 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/msc_util.c 2021-06-21 14:34:56.000000000
+0200
@@ -1129,10 +1129,12 @@
char tstr[100];
apr_size_t len;
- apr_time_exp_lt(&t, apr_time_now());
+ apr_time_t now = apr_time_now();
+ apr_time_exp_lt(&t, now);
- apr_strftime(tstr, &len, 80, "%d/%b/%Y:%H:%M:%S ", &t);
- apr_snprintf(tstr + strlen(tstr), 80 - strlen(tstr), "%c%.2d%.2d",
+ apr_strftime(tstr, &len, 80, "%d/%b/%Y:%H:%M:%S.", &t);
+ apr_snprintf(tstr + strlen(tstr), 80 - strlen(tstr), "%06ld %c%.2d%.2d",
+ ((long)now) % 1000000L,
t.tm_gmtoff < 0 ? '-' : '+',
t.tm_gmtoff / (60 * 60), (t.tm_gmtoff / 60) % 60);
return apr_pstrdup(mp, tstr);
@@ -2712,26 +2714,26 @@
}
if (strchr(value, ':') == NULL) {
- if (inet_pton(AF_INET, value, &in) <= 0) {
+ if (inet_pton(AF_INET, value, &(in.s_addr)) <= 0) {
*error_msg = apr_psprintf(mp, "IPmatch: bad IPv4 " \
"specification \"%s\".", value);
return -1;
}
- if (CPTIpMatch(msr, (unsigned char *)&in.s_addr, rtree->ipv4_tree,
+ if (CPTIpMatch(msr, (unsigned char *)&(in.s_addr), rtree->ipv4_tree,
IPV4_TREE) != NULL) {
return 1;
}
}
#if APR_HAVE_IPV6
else {
- if (inet_pton(AF_INET6, value, &in6) <= 0) {
+ if (inet_pton(AF_INET6, value, &(in6.s6_addr)) <= 0) {
*error_msg = apr_psprintf(mp, "IPmatch: bad IPv6 " \
"specification \"%s\".", value);
return -1;
}
- if (CPTIpMatch(msr, (unsigned char *)&in6.s6_addr, rtree->ipv6_tree,
+ if (CPTIpMatch(msr, (unsigned char *)&(in6.s6_addr), rtree->ipv6_tree,
IPV6_TREE) != NULL) {
return 1;
}
@@ -2780,8 +2782,8 @@
}
#ifdef WITH_CURL
-size_t msc_curl_write_memory_cb(apr_pool_t *mp, void *contents, size_t size,
- size_t nmemb, void *userp, char **error_msg)
+size_t msc_curl_write_memory_cb(void *contents, size_t size,
+ size_t nmemb, void *userp)
{
size_t realsize = size * nmemb;
struct msc_curl_memory_buffer_t *mem = (struct msc_curl_memory_buffer_t
*)userp;
@@ -2790,19 +2792,13 @@
{
mem->memory = malloc(realsize + 1);
if (mem->memory == NULL) {
- *error_msg = apr_psprintf(mp, "Unable to allocate buffer for
mem->memory");
return 0;
}
memset(mem->memory, '\0', sizeof(realsize + 1));
}
else
{
- void *tmp;
- tmp = mem->memory;
- tmp = realloc(mem->memory, mem->size + realsize + 1);
- if (tmp != NULL) {
- mem->memory = tmp;
- }
+ mem->memory = realloc(mem->memory, mem->size + realsize + 1);
memset(mem->memory + mem->size, '\0', sizeof(realsize + 1));
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/msc_util.h
new/modsecurity-2.9.4/apache2/msc_util.h
--- old/modsecurity-2.9.3/apache2/msc_util.h 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/msc_util.h 2021-06-21 14:34:56.000000000
+0200
@@ -166,8 +166,8 @@
int read_line(char *buff, int size, FILE *fp);
-size_t msc_curl_write_memory_cb(apr_pool_t *mp, void *contents, size_t size,
- size_t nmemb, void *userp, char **error_msg);
+size_t msc_curl_write_memory_cb(void *contents, size_t size,
+ size_t nmemb, void *userp);
struct msc_curl_memory_buffer_t
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/re_actions.c
new/modsecurity-2.9.4/apache2/re_actions.c
--- old/modsecurity-2.9.3/apache2/re_actions.c 2018-12-04 19:49:37.000000000
+0100
+++ new/modsecurity-2.9.4/apache2/re_actions.c 2021-06-21 14:34:56.000000000
+0200
@@ -1235,6 +1235,11 @@
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: ruleRemoveTargetById id=%s targets=%s", p1,
p2);
}
+ if (p2 == NULL) {
+ msr_log(msr, 1, "ModSecurity: Missing target for id \"%s\"", p1);
+ return -1;
+ }
+
re = apr_pcalloc(msr->mp, sizeof(rule_exception));
re->type = RULE_EXCEPTION_REMOVE_ID;
re->param = (const char *)apr_pstrdup(msr->mp, p1);
@@ -1253,10 +1258,10 @@
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: ruleRemoveTargetByTag tag=%s targets=%s",
p1, p2);
}
- if (p2 == NULL) {
+ if (p2 == NULL) {
msr_log(msr, 1, "ModSecurity: Missing target for tag \"%s\"", p1);
- return -1;
- }
+ return -1;
+ }
re = apr_pcalloc(msr->mp, sizeof(rule_exception));
re->type = RULE_EXCEPTION_REMOVE_TAG;
@@ -1281,6 +1286,10 @@
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: ruleRemoveTargetByMsg msg=%s targets=%s",
p1, p2);
}
+ if (p2 == NULL) {
+ msr_log(msr, 1, "ModSecurity: Missing target for msg \"%s\"", p1);
+ return -1;
+ }
re = apr_pcalloc(msr->mp, sizeof(rule_exception));
re->type = RULE_EXCEPTION_REMOVE_MSG;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/apache2/re_operators.c
new/modsecurity-2.9.4/apache2/re_operators.c
--- old/modsecurity-2.9.3/apache2/re_operators.c 2018-12-04
19:49:38.000000000 +0100
+++ new/modsecurity-2.9.4/apache2/re_operators.c 2021-06-21
14:34:56.000000000 +0200
@@ -784,10 +784,10 @@
msr_log(msr, 6, "Escaping pattern [%s]",pattern);
}
- regex = msc_pregcomp_ex(rule->ruleset->mp, pattern, PCRE_DOTALL |
PCRE_DOLLAR_ENDONLY, &errptr,
+ regex = msc_pregcomp_ex(msr->mp, pattern, PCRE_DOTALL |
PCRE_DOLLAR_ENDONLY, &errptr,
&erroffset, msc_pcre_match_limit,
msc_pcre_match_limit_recursion);
if (regex == NULL) {
- *error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling
pattern (offset %d): %s",
+ *error_msg = apr_psprintf(msr->mp, "Error compiling pattern
(offset %d): %s",
erroffset, errptr);
return 0;
}
@@ -797,7 +797,7 @@
if (msr->txcfg->debuglog_level >= 4) {
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
if ((rc != 0) || (jit != 1)) {
- *error_msg = apr_psprintf(rule->ruleset->mp,
+ *error_msg = apr_psprintf(msr->mp,
"Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - "
"Execution error - "
"Does not support JIT (%d)",
@@ -1018,9 +1018,9 @@
msr_log(msr, 6, "Escaping pattern [%s]",pattern);
}
- regex = msc_pregcomp_ex(rule->ruleset->mp, pattern, PCRE_DOTALL |
PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit,
msc_pcre_match_limit_recursion);
+ regex = msc_pregcomp_ex(msr->mp, pattern, PCRE_DOTALL |
PCRE_DOLLAR_ENDONLY, &errptr, &erroffset, msc_pcre_match_limit,
msc_pcre_match_limit_recursion);
if (regex == NULL) {
- *error_msg = apr_psprintf(rule->ruleset->mp, "Error compiling
pattern (offset %d): %s",
+ *error_msg = apr_psprintf(msr->mp, "Error compiling pattern
(offset %d): %s",
erroffset, errptr);
return 0;
}
@@ -1030,7 +1030,7 @@
if (msr->txcfg->debuglog_level >= 4) {
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
if ((rc != 0) || (jit != 1)) {
- *error_msg = apr_psprintf(rule->ruleset->mp,
+ *error_msg = apr_psprintf(msr->mp,
"Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - "
"Execution error - "
"Does not support JIT (%d)",
@@ -1684,7 +1684,7 @@
return 0;
}
- data = apr_pcalloc(rule->ruleset->mp, var->value_len+1);
+ data = apr_pcalloc(msr->mp, var->value_len+1);
if(data == NULL) {
*error_msg = "Internal Error: cannot allocate memory for data.";
@@ -1699,18 +1699,18 @@
{
for(i = 0; i < rv; ++i)
{
- match = apr_psprintf(rule->ruleset->mp, "%.*s", ovector[2*i+1] -
ovector[2*i], data + ovector[2*i]);
+ match = apr_psprintf(msr->mp, "%.*s", ovector[2*i+1] -
ovector[2*i], data + ovector[2*i]);
if (match == NULL) {
*error_msg = "Internal Error: cannot allocate memory for
match.";
return -1;
}
- match = remove_escape(rule->ruleset->mp, match, strlen(match));
+ match = remove_escape(msr->mp, match, strlen(match));
- match = gsb_replace_tpath(rule->ruleset->mp, match, strlen(match));
+ match = gsb_replace_tpath(msr->mp, match, strlen(match));
- match = gsb_reduce_char(rule->ruleset->mp, match);
+ match = gsb_reduce_char(msr->mp, match);
match_length = strlen(match);
@@ -1732,7 +1732,7 @@
log_escape_nq(msr->mp, match));
}
- str = apr_pstrdup(rule->ruleset->mp,match);
+ str = apr_pstrdup(msr->mp,match);
base = apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1744,7 +1744,7 @@
/* append / in the end of full url */
if ((match[match_length -1] != '/') && (strchr(match,'?') ==
NULL)) {
- canon = apr_psprintf(rule->ruleset->mp, "%s/", match);
+ canon = apr_psprintf(msr->mp, "%s/", match);
if (canon != NULL) {
canon_length = strlen(canon);
@@ -1757,7 +1757,7 @@
log_escape_nq(msr->mp, canon));
}
- str = apr_pstrdup(rule->ruleset->mp,match);
+ str = apr_pstrdup(msr->mp,match);
base = apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1770,7 +1770,7 @@
/* Parsing full url */
- domain = apr_pstrdup(rule->ruleset->mp, match);
+ domain = apr_pstrdup(msr->mp, match);
domain_len = strlen(domain);
@@ -1785,7 +1785,7 @@
dot = strchr(domain,'.');
if(dot != NULL) {
- canon = apr_pstrdup(rule->ruleset->mp, domain);
+ canon = apr_pstrdup(msr->mp, domain);
ret = verify_gsb(gsb, msr, canon, strlen(canon));
@@ -1796,7 +1796,7 @@
log_escape_nq(msr->mp, canon));
}
- str = apr_pstrdup(rule->ruleset->mp,match);
+ str = apr_pstrdup(msr->mp,match);
base = apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1818,7 +1818,7 @@
log_escape_nq(msr->mp, base));
}
- str = apr_pstrdup(rule->ruleset->mp,match);
+ str = apr_pstrdup(msr->mp,match);
base = apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1829,13 +1829,13 @@
}
- url = apr_palloc(rule->ruleset->mp, strlen(canon));
+ url = apr_palloc(msr->mp, strlen(canon));
count_slash = 0;
while(*canon != '\0') {
switch (*canon) {
case '/':
- ptr =
apr_psprintf(rule->ruleset->mp,"%s/",url);
+ ptr = apr_psprintf(msr->mp,"%s/",url);
ret = verify_gsb(gsb, msr, ptr,
strlen(ptr));
if(ret > 0) {
set_match_to_tx(msr, capture, ptr, 0);
@@ -1844,7 +1844,7 @@
log_escape_nq(msr->mp,
ptr));
}
- str =
apr_pstrdup(rule->ruleset->mp,match);
+ str = apr_pstrdup(msr->mp,match);
base = apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1871,7 +1871,7 @@
}
- str = apr_pstrdup(rule->ruleset->mp, match);
+ str = apr_pstrdup(msr->mp, match);
while (*str != '\0') {
@@ -1896,7 +1896,7 @@
dot = strchr(domain,'.');
if(dot != NULL) {
- canon = apr_pstrdup(rule->ruleset->mp,
domain);
+ canon = apr_pstrdup(msr->mp, domain);
ret = verify_gsb(gsb, msr, canon,
strlen(canon));
@@ -1906,7 +1906,7 @@
*error_msg = apr_psprintf(msr->mp,
"Gsb lookup for \"%s\" succeeded.",
log_escape_nq(msr->mp,
canon));
}
- str =
apr_pstrdup(rule->ruleset->mp,match);
+ str = apr_pstrdup(msr->mp,match);
base = apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1926,7 +1926,7 @@
*error_msg =
apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
log_escape_nq(msr->mp,
base));
}
- str =
apr_pstrdup(rule->ruleset->mp,match);
+ str = apr_pstrdup(msr->mp,match);
base =
apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1936,13 +1936,13 @@
}
- url = apr_palloc(rule->ruleset->mp,
strlen(canon));
+ url = apr_palloc(msr->mp, strlen(canon));
count_slash = 0;
while(*canon != '\0') {
switch (*canon) {
case '/':
- ptr =
apr_psprintf(rule->ruleset->mp,"%s/",url);
+ ptr =
apr_psprintf(msr->mp,"%s/",url);
ret = verify_gsb(gsb, msr,
ptr, strlen(ptr));
if(ret > 0) {
set_match_to_tx(msr,
capture, ptr, 0);
@@ -1950,7 +1950,7 @@
*error_msg =
apr_psprintf(msr->mp, "Gsb lookup for \"%s\" succeeded.",
log_escape_nq(msr->mp, ptr));
}
- str =
apr_pstrdup(rule->ruleset->mp,match);
+ str =
apr_pstrdup(msr->mp,match);
base =
apr_strtok(str,"/",&savedptr);
if(base != NULL)
@@ -1993,6 +1993,9 @@
unsigned int target_length = 0;
unsigned int i, i_max;
+ if (error_msg == NULL) return -1;
+ *error_msg = NULL;
+
str->value = (char *)rule->op_param;
if (str->value == NULL) {
@@ -2002,9 +2005,6 @@
str->value_len = strlen(str->value);
- if (error_msg == NULL) return -1;
- *error_msg = NULL;
-
expand_macros(msr, str, rule, msr->mp);
match = (const char *)str->value;
@@ -2781,7 +2781,7 @@
if (msr->txcfg->debuglog_level >= 4) {
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
if ((rc != 0) || (jit != 1)) {
- *error_msg = apr_psprintf(rule->ruleset->mp,
+ *error_msg = apr_psprintf(msr->mp,
"Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - "
"Execution error - "
"Does not support JIT (%d)",
@@ -3092,7 +3092,7 @@
if (msr->txcfg->debuglog_level >= 4) {
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
if ((rc != 0) || (jit != 1)) {
- *error_msg = apr_psprintf(rule->ruleset->mp,
+ *error_msg = apr_psprintf(msr->mp,
"Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - "
"Execution error - "
"Does not support JIT (%d)",
@@ -3386,7 +3386,7 @@
if (msr->txcfg->debuglog_level >= 4) {
rc = msc_fullinfo(regex, PCRE_INFO_JIT, &jit);
if ((rc != 0) || (jit != 1)) {
- *error_msg = apr_psprintf(rule->ruleset->mp,
+ *error_msg = apr_psprintf(msr->mp,
"Rule %pp [id \"%s\"][file \"%s\"][line \"%d\"] - "
"Execution error - "
"Does not support JIT (%d)",
@@ -3967,7 +3967,7 @@
#ifdef WITH_SSDEEP
if (fuzzy_hash_buf(var->value, var->value_len, result))
{
- *error_msg = apr_psprintf(rule->ruleset->mp, "Problems generating " \
+ *error_msg = apr_psprintf(msr->mp, "Problems generating " \
"fuzzy hash.");
return -1;
@@ -3987,7 +3987,7 @@
chunk = chunk->next;
}
#else
- *error_msg = apr_psprintf(rule->ruleset->mp, "ModSecurity was not " \
+ *error_msg = apr_psprintf(msr->mp, "ModSecurity was not " \
"compiled with ssdeep support.");
return -1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/build/ar-lib new/modsecurity-2.9.4/build/ar-lib
--- old/modsecurity-2.9.3/build/ar-lib 2018-12-04 19:49:51.000000000 +0100
+++ new/modsecurity-2.9.4/build/ar-lib 2021-06-21 18:53:19.000000000 +0200
@@ -4,7 +4,7 @@
me=ar-lib
scriptversion=2012-03-01.08; # UTC
-# Copyright (C) 2010-2017 Free Software Foundation, Inc.
+# Copyright (C) 2010-2018 Free Software Foundation, Inc.
# Written by Peter Rosin <p...@lysator.liu.se>.
#
# This program is free software; you can redistribute it and/or modify
@@ -18,7 +18,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/build/compile new/modsecurity-2.9.4/build/compile
--- old/modsecurity-2.9.3/build/compile 2018-12-04 19:49:51.000000000 +0100
+++ new/modsecurity-2.9.4/build/compile 2021-06-21 18:53:19.000000000 +0200
@@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
-scriptversion=2012-10-14.11; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2018 Free Software Foundation, Inc.
# Written by Tom Tromey <tro...@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -255,7 +255,8 @@
echo "compile $scriptversion"
exit $?
;;
- cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
+ icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
@@ -339,9 +340,9 @@
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/build/libtool.m4 new/modsecurity-2.9.4/build/libtool.m4
--- old/modsecurity-2.9.3/build/libtool.m4 2018-12-04 19:49:38.000000000
+0100
+++ new/modsecurity-2.9.4/build/libtool.m4 2021-06-21 18:53:14.000000000
+0200
@@ -1041,8 +1041,8 @@
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+ $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
cat > conftest.c << _LT_EOF
@@ -1492,7 +1492,7 @@
m4_defun([_LT_PROG_AR],
[AC_CHECK_TOOLS(AR, [ar], false)
: ${AR=ar}
-: ${AR_FLAGS=cru}
+: ${AR_FLAGS=cr}
_LT_DECL([], [AR], [1], [The archiver])
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
@@ -4063,7 +4063,8 @@
if AC_TRY_EVAL(ac_compile); then
# Now try to grab the symbols.
nlist=conftest.nm
- if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe"
\> $nlist) && test -s "$nlist"; then
+ $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext |
$lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
+ if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \>
$nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -4703,6 +4704,12 @@
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
+ # flang / f18. f95 an alias for gfortran or flang on Debian
+ flang* | f18* | f95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@@ -6438,7 +6445,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 |
$GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 |
$GREP -v "^Configured with:" | $GREP " \-L"'
else
GXX=no
@@ -6813,7 +6820,7 @@
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@@ -6878,7 +6885,7 @@
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v
conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z
in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac;
done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@@ -7217,7 +7224,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# FIXME: insert proper C++ library support
@@ -7301,7 +7308,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v
conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v
conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# g++ 2.7 appears to require '-G' NOT '-shared' on this
# platform.
@@ -7312,7 +7319,7 @@
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext
2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
fi
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/build/missing new/modsecurity-2.9.4/build/missing
--- old/modsecurity-2.9.3/build/missing 2018-12-04 19:49:51.000000000 +0100
+++ new/modsecurity-2.9.4/build/missing 2021-06-21 18:53:19.000000000 +0200
@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2013-10-28.13; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -101,9 +101,9 @@
exit $st
fi
-perl_URL=http://www.perl.org/
-flex_URL=http://flex.sourceforge.net/
-gnu_software_URL=http://www.gnu.org/software
+perl_URL=https://www.perl.org/
+flex_URL=https://github.com/westes/flex
+gnu_software_URL=https://www.gnu.org/software
program_details ()
{
@@ -207,9 +207,9 @@
exit $st
# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/build/test-driver new/modsecurity-2.9.4/build/test-driver
--- old/modsecurity-2.9.3/build/test-driver 2018-12-04 19:49:52.000000000
+0100
+++ new/modsecurity-2.9.4/build/test-driver 2021-06-21 18:53:19.000000000
+0200
@@ -1,9 +1,9 @@
#! /bin/sh
# test-driver - basic testsuite driver script.
-scriptversion=2013-07-13.22; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 2011-2014 Free Software Foundation, Inc.
+# Copyright (C) 2011-2018 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -140,9 +140,9 @@
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/iis/build_dependencies.bat
new/modsecurity-2.9.4/iis/build_dependencies.bat
--- old/modsecurity-2.9.3/iis/build_dependencies.bat 2018-12-04
19:49:38.000000000 +0100
+++ new/modsecurity-2.9.4/iis/build_dependencies.bat 2021-06-21
14:35:20.000000000 +0200
@@ -10,15 +10,15 @@
@set CMAKE=cmake-3.12.4-win32-x86.zip
@set PCRE=pcre-8.41.zip
@set ZLIB=zlib-1.2.11.tar.gz
-@set LIBXML2=libxml2-2.9.8.tar.gz
-@set LUA=lua-5.3.5.tar.gz
-@set CURL=curl-7.62.0.zip
-@set APACHE_SRC=httpd-2.4.37.tar.gz
-@set APACHE_BIN32=httpd-2.4.37-win32-VC11.zip
-@set APACHE_BIN64=httpd-2.4.37-win64-VC11.zip
+@set LIBXML2=libxml2-2.9.11.tar.gz
+@set LUA=lua-5.3.6.tar.gz
+@set CURL=curl-7.77.0.zip
+@set APACHE_SRC=httpd-2.4.48.tar.gz
+@set APACHE_BIN32=httpd-2.4.48-win32-VS16.zip
+@set APACHE_BIN64=httpd-2.4.48-win64-VS16.zip
@set YAJL=yajl-2.1.0.zip
-@set SSDEEP=ssdeep-2.13.tar.gz
-@set SSDEEP_BIN=ssdeep-2.13.zip
+@set SSDEEP=ssdeep-2.14.1.tar.gz
+@set SSDEEP_BIN=ssdeep-2.14.1.zip
@set CMAKE_DIR=%WORK_DIR%\%CMAKE:~0,-4%\bin
@@ -64,7 +64,7 @@
@echo # pcre. - %PCRE%
@call dependencies/build_pcre.bat
@if NOT (%ERRORLEVEL%) == (0) goto build_failed_pcre
-@cd "%CURRENT_DIR%"
+@cd "%CURRENT_DIR%
@echo # zlib - %ZLIB%
@call dependencies/build_zlib.bat
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/iis/build_msi.bat new/modsecurity-2.9.4/iis/build_msi.bat
--- old/modsecurity-2.9.3/iis/build_msi.bat 2018-12-04 19:49:38.000000000
+0100
+++ new/modsecurity-2.9.4/iis/build_msi.bat 2021-06-21 14:35:20.000000000
+0200
@@ -5,16 +5,16 @@
del installer.wix*
-"candle.exe" -ext WixUtilExtension -ext WixUIExtension
"%CURRENT_DIR%\installer.wxs" -out "%CURRENT_DIR%\installer.wixobj" -arch x64
+"C:\Program Files (x86)\WiX Toolset v3.11\bin\candle.exe" -ext
WixUtilExtension -ext WixUIExtension "%CURRENT_DIR%\installer.wxs" -out
"%CURRENT_DIR%\installer.wixobj" -arch x64
@if NOT (%ERRORLEVEL%) == (0) goto build_failed
-"light.exe" -ext WixUtilExtension -ext WixUIExtension
"%CURRENT_DIR%\installer.wixobj" -out "%CURRENT_DIR%\installer-64.msi"
+"C:\Program Files (x86)\WiX Toolset v3.11\bin\light.exe" -ext WixUtilExtension
-ext WixUIExtension "%CURRENT_DIR%\installer.wixobj" -out
"%CURRENT_DIR%\installer-64.msi"
@if NOT (%ERRORLEVEL%) == (0) goto build_failed
-"candle.exe" -ext WixUtilExtension -ext WixUIExtension
"%CURRENT_DIR%\installer.wxs" -out "%CURRENT_DIR%\installer.wixobj" -arch x86
+"C:\Program Files (x86)\WiX Toolset v3.11\bin\candle.exe" -ext
WixUtilExtension -ext WixUIExtension "%CURRENT_DIR%\installer.wxs" -out
"%CURRENT_DIR%\installer.wixobj" -arch x86
@if NOT (%ERRORLEVEL%) == (0) goto build_failed
-"light.exe" -ext WixUtilExtension -ext WixUIExtension
"%CURRENT_DIR%\installer.wixobj" -out "%CURRENT_DIR%\installer-32.msi"
+"C:\Program Files (x86)\WiX Toolset v3.11\bin\light.exe" -ext WixUtilExtension
-ext WixUIExtension "%CURRENT_DIR%\installer.wixobj" -out
"%CURRENT_DIR%\installer-32.msi"
@if NOT (%ERRORLEVEL%) == (0) goto build_failed
exit /B 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/iis/dependencies/build_curl.bat
new/modsecurity-2.9.4/iis/dependencies/build_curl.bat
--- old/modsecurity-2.9.3/iis/dependencies/build_curl.bat 2018-12-04
19:49:38.000000000 +0100
+++ new/modsecurity-2.9.4/iis/dependencies/build_curl.bat 2021-06-21
14:35:20.000000000 +0200
@@ -20,9 +20,10 @@
cd "%WORK_DIR%"
-copy /y
"%WORK_DIR%\curl\builds\libcurl-vc-%ARCH%-release-dll-zlib-dll-ipv6-sspi-winssl-obj-lib\libcurl.dll"
"%OUTPUT_DIR%"
-copy /y
"%WORK_DIR%\curl\builds\libcurl-vc-%ARCH%-release-dll-zlib-dll-ipv6-sspi-winssl-obj-lib\libcurl.lib"
"%OUTPUT_DIR%"
-copy /y
"%WORK_DIR%\curl\builds\libcurl-vc-%ARCH%-release-dll-zlib-dll-ipv6-sspi-winssl-obj-lib\libcurl.lib"
"%WORK_DIR%\curl\libcurl.lib"
+copy /y
"%WORK_DIR%\curl\builds\libcurl-vc-%ARCH%-release-dll-zlib-dll-ipv6-sspi-schannel-obj-lib\libcurl.dll"
"%OUTPUT_DIR%"
+copy /y
"%WORK_DIR%\curl\builds\libcurl-vc-%ARCH%-release-dll-zlib-dll-ipv6-sspi-schannel-obj-lib\libcurl.lib"
"%OUTPUT_DIR%"
+copy /y
"%WORK_DIR%\curl\builds\libcurl-vc-%ARCH%-release-dll-zlib-dll-ipv6-sspi-schannel-obj-lib\libcurl.lib"
"%WORK_DIR%\curl\libcurl.lib"
+
exit /B 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/iis/installer.wxs new/modsecurity-2.9.4/iis/installer.wxs
--- old/modsecurity-2.9.3/iis/installer.wxs 2018-12-04 19:49:38.000000000
+0100
+++ new/modsecurity-2.9.4/iis/installer.wxs 2021-06-21 14:35:50.000000000
+0200
@@ -7,7 +7,7 @@
lightArgs:
-->
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi";
xmlns:util="http://schemas.microsoft.com/wix/UtilExtension";>
- <Product Id="22B04FDB-9BAB-46B0-87B8-A39544ECECD3" Name="ModSecurity IIS"
Language="1033" Version="2.9.1" Manufacturer="ModSecurity"
UpgradeCode="82F09489-1678-4C38-ADCB-08C3757653DB">
+ <Product Id="22B04FDB-9BAB-46B0-87B8-A39544ECECD3" Name="ModSecurity IIS"
Language="1033" Version="2.9.4" Manufacturer="ModSecurity"
UpgradeCode="82F09489-1678-4C38-ADCB-08C3757653DB">
<Package Description="ModSecurityISS" Comments="none"
InstallerVersion="405" Compressed="yes" InstallPrivileges="elevated"
InstallScope="perMachine" />
<?define ProductName = "ModSecuirty IIS" ?>
<?if $(sys.BUILDARCH) = x64 ?>
@@ -129,12 +129,15 @@
</Directory>
</Directory>
</Directory>
- <?endif ?>
+ <?endif ?>
<Directory Id="$(var.PlatformProgramFilesFolder)">
<Directory Id="INSTALLFOLDER" Name="ModSecurity IIS">
+ <!--
<Component Id="OWASP_CRS_V_3_0_2_SETUP" DiskId="1"
Guid="64629082-F6A2-4675-9E3E-4EA363CD6500">
<File Id="CRS_SETUP.CONF.EXAMPLE"
Name="crs-setup.conf.example" Source="release\owasp_crs\crs-setup.conf.example"
/>
- </Component>
+ </Component>
+ -->
+ <!--
<Directory Id="OWASP_CRS" Name="owasp_crs">
<Component Id="OWASP_CRS_V_3_0_2" DiskId="1"
Guid="64629082-F6A2-4675-9E3E-4EA363CD6502">
<File Id="CHANGES" Name="CHANGES"
Source="release\owasp_crs\CHANGES" />
@@ -208,7 +211,7 @@
<File Id="UNIX_SHELL.DATA"
Name="unix-shell.data" Source="release\owasp_crs\rules\unix-shell.data" />
<File Id="WINDOWS_POWERSHELL_COMMANDS.DATA"
Name="windows-powershell-commands.data"
Source="release\owasp_crs\rules\windows-powershell-commands.data" />
</Component>
- </Directory>
+ </Directory>
<Directory Id="UTIL" Name="util">
<Component Id="UTIL" DiskId="1"
Guid="A95D50D7-4E87-4A87-BAD1-12370B8F5B9B">
<File Id="ID_RANGE" Name="id-range"
Source="release\owasp_crs\util\id-range" />
@@ -294,13 +297,14 @@
</Directory>
</Directory>
</Directory>
+ -->
</Directory>
- </Directory>
+ </Directory>
<Directory Id="ProgramMenuFolder">
<Directory Id="ProgramMenuDir" Name="ModSecurity IIS">
<Component Id="StartMenuShortcuts"
Guid="43C26B13-C4D8-42F8-8715-3AF78E66C902">
<util:InternetShortcut Id="WebsiteShortcut"
Name="ModSecurity" Target="http://www.modsecurity.org/"; />
- <util:InternetShortcut Id="CSR" Name="OWASP
ModSecurity Core Rule Set"
Target="http://spIderlabs.github.io/owasp-modsecurity-crs/"; />
+ <!--<util:InternetShortcut Id="CSR" Name="OWASP
ModSecurity Core Rule Set"
Target="http://spIderlabs.github.io/owasp-modsecurity-crs/"; />-->
<RemoveFolder Id="ProgramMenuDir" On="uninstall" />
<RegistryValue Root="HKCU"
Key="Software\[Manufacturer]\[ProductName]" Type="string" Value="" />
<Shortcut Id="UninstallProduct" Name="Uninstall"
Description="Uninstalls the ModSecurity IIS"
Target="[System64Folder]msiexec.exe" Arguments="/x [ProductCode]" />
@@ -315,104 +319,189 @@
</Directory>
</Directory>
</Directory>
- <DirectoryRef Id="INSTALLFOLDER">
- <Component Id="ModSecCommon" DiskId="1"
Guid="980270DF-81AB-469B-AB0E-64FA3BA160B6" Location="local">
- <File Id="README.TXT" Name="README.TXT"
Source="wix\README.TXT" />
- <File Id="EULA.RTF" Name="EULA.rtf" Source="wix\EULA.rtf" />
- <File Id="modsecurity.conf" Name="modsecurity.conf"
Source="wix\modsecurity.conf" />
- <File Id="modsecurity_iis.conf" Name="modsecurity_iis.conf"
Source="wix\modsecurity_iis.conf" />
- <File Id="unicode.mapping" Name="unicode.mapping"
Source="wix\unicode.mapping" />
- <!-- <File Id="modsecurity_crs_10_setup.conf"
Name="modsecurity_crs_10_setup.conf" Source="wix\modsecurity_crs_10_setup.conf"
/> -->
- <File Id="LIST_DEPENDENCIES.BAT" Name="list_dependencies.bat"
Source="wix\list_dependencies.bat" />
- <File Id="ModSecurity.xml" Name="ModSecurity.xml"
Source="ModSecurity.xml" />
- <!-- Modify ApplicationHost.config -->
- <util:XmlConfig Id="appHostEntry" File="$(var.ConfigFile)"
Action="create"
ElementPath="//configuration/configSections/sectionGroup[\[]@name='system.webServer'[\]]"
VerifyPath="section[\[]@name='ModSecurity'[\]]" Name="section" Node="element"
Sequence="1" On="install" />
- <util:XmlConfig Id="appHostEntryName" File="$(var.ConfigFile)"
ElementPath="appHostEntry" Name="name" Value="ModSecurity" Sequence="2" />
- <util:XmlConfig Id="appHostEntryOverrideMode"
File="$(var.ConfigFile)" ElementPath="appHostEntry" Name="overrideModeDefault"
Value="Allow" Sequence="3" />
- <util:XmlConfig Id="appHostEntryAllowDefinition"
File="$(var.ConfigFile)" ElementPath="appHostEntry" Name="allowDefinition"
Value="Everywhere" Sequence="4" />
- <util:XmlConfig Id="removeAppHostEntry"
File="$(var.ConfigFile)" Action="delete"
ElementPath="/configuration/configSections/sectionGroup[\[]@name='system.webServer'[\]]"
Node="element" VerifyPath="section[\[]@name='ModSecurity'[\]]" On="uninstall"
Sequence="1" />
- <util:XmlConfig Id="removeAppHostEntry2"
File="$(var.ConfigFile)" Action="delete"
ElementPath="/configuration/system.webServer" Node="element"
VerifyPath="/configuration/system.webServer/ModSecurity" Name="section"
On="uninstall" Sequence="2" />
- <RegistryKey Root="HKLM"
Key="SOFTWARE\ModSecurity\ModSecurity" Action="createAndRemoveOnUninstall">
- <RegistryValue Type="string"
Name="ModSecurityConfigureIIS" Value="[IIS_SETUP]" KeyPath="yes" />
- </RegistryKey>
- </Component>
- </DirectoryRef>
- <?if $(var.Win64) = "yes" ?>
- <DirectoryRef Id="inetsrv64">
- <Component Id="ModSec64" DiskId="1"
Guid="514A81F0-2413-42EF-B19F-E2613125ECE0" Win64="yes" Location="local">
- <File Id="_64_LIBAPR_1" Name="libapr-1.dll"
Source="Release\amd64\libapr-1.dll" />
- <File Id="_64_LIBAPRICONV_1" Name="libapriconv-1.dll"
Source="Release\amd64\libapriconv-1.dll" />
- <File Id="_64_LIBAPRUTIL_1" Name="libaprutil-1.dll"
Source="Release\amd64\libaprutil-1.dll" />
- <File Id="_64_LIBCURL" Name="libcurl.dll"
Source="Release\amd64\libcurl.dll" />
- <File Id="_64_LIBXML2" Name="libxml2.dll"
Source="Release\amd64\libxml2.dll" />
- <File Id="_64_LUA5.1" Name="lua5.1.dll"
Source="Release\amd64\lua5.1.dll" />
- <File Id="_64_YAJL" Name="yajl.dll"
Source="Release\amd64\yajl.dll" />
- <File Id="_64_MLOGC" Name="mlogc.exe"
Source="Release\amd64\mlogc.exe" />
- <File Id="_64_MODSECURITYIIS" Name="ModSecurityIIS.dll"
Source="Release\amd64\ModSecurityIIS.dll" />
- <File Id="_64_PCRE" Name="pcre.dll"
Source="Release\amd64\pcre.dll" />
- <File Id="_64_ZLIB1" Name="zlib1.dll"
Source="Release\amd64\zlib1.dll" />
- <File Id="_64_FUZZY" Name="fuzzy.dll"
Source="Release\amd64\fuzzy.dll" />
- </Component>
- </DirectoryRef>
- <DirectoryRef Id="inetsrv32">
- <Component Id="ModSec32" DiskId="1"
Guid="514A81F0-2413-42EF-B19F-E2613125ECE7" Win64="no" Location="local">
- <File Id="_32_LIBAPR_1" Name="libapr-1.dll"
Source="Release\x86\libapr-1.dll" />
- <File Id="_32_LIBAPRICONV_1" Name="libapriconv-1.dll"
Source="Release\x86\libapriconv-1.dll" />
- <File Id="_32_LIBAPRUTIL_1" Name="libaprutil-1.dll"
Source="Release\x86\libaprutil-1.dll" />
- <File Id="_32_LIBCURL" Name="libcurl.dll"
Source="Release\x86\libcurl.dll" />
- <File Id="_32_LIBXML2" Name="libxml2.dll"
Source="Release\x86\libxml2.dll" />
- <File Id="_32_LUA5.1" Name="lua5.1.dll"
Source="Release\x86\lua5.1.dll" />
- <File Id="_32_YAJL" Name="yajl.dll"
Source="Release\x86\yajl.dll" />
- <File Id="_32_MLOGC" Name="mlogc.exe"
Source="Release\x86\mlogc.exe" />
- <File Id="_32_MODSECURITYIIS" Name="ModSecurityIIS.dll"
Source="Release\x86\ModSecurityIIS.dll" />
- <File Id="_32_PCRE" Name="pcre.dll"
Source="Release\x86\pcre.dll" />
- <File Id="_32_ZLIB1" Name="zlib1.dll"
Source="Release\x86\zlib1.dll" />
- <File Id="_32_FUZZY" Name="fuzzy.dll"
Source="Release\x86\fuzzy.dll" />
- </Component>
- </DirectoryRef>
- <DirectoryRef Id="SystemFolderConfigSchema32">
- <Component Id="ConfigSchema32"
Guid="514A81F0-2413-42EF-B19F-E2613125EC11" Location="local" Win64="no">
- <File Id="_32_ConfigSchema" Name="ModSecurity.xml"
Source="ModSecurity.xml" />
- </Component>
- </DirectoryRef>
- <DirectoryRef Id="SystemFolderConfigSchema64">
- <Component Id="ConfigSchema64"
Guid="514A81F0-2413-42EF-B19F-E2613125EC22" Location="local" Win64="yes">
- <File Id="_64_ConfigSchema" Name="ModSecurity.xml"
Source="ModSecurity.xml" />
- </Component>
- </DirectoryRef>
- <?else ?>
- <DirectoryRef Id="inetsrv32">
- <Component Id="ModSec32" DiskId="1"
Guid="514A81F0-2413-42EF-B19F-E2613125ECE1" Win64="no" Location="local">
- <File Id="_32_LIBAPR_1" Name="libapr-1.dll"
Source="Release\x86\libapr-1.dll" />
- <File Id="_32_LIBAPRICONV_1" Name="libapriconv-1.dll"
Source="Release\x86\libapriconv-1.dll" />
- <File Id="_32_LIBAPRUTIL_1" Name="libaprutil-1.dll"
Source="Release\x86\libaprutil-1.dll" />
- <File Id="_32_LIBCURL" Name="libcurl.dll"
Source="Release\x86\libcurl.dll" />
- <File Id="_32_LIBXML2" Name="libxml2.dll"
Source="Release\x86\libxml2.dll" />
- <File Id="_32_LUA5.1" Name="lua5.1.dll"
Source="Release\x86\lua5.1.dll" />
- <File Id="_32_YAJL" Name="yajl.dll"
Source="Release\x86\yajl.dll" />
- <File Id="_32_MLOGC" Name="mlogc.exe"
Source="Release\x86\mlogc.exe" />
- <File Id="_32_MODSECURITYIIS" Name="ModSecurityIIS.dll"
Source="Release\x86\ModSecurityIIS.dll" />
- <File Id="_32_PCRE" Name="pcre.dll"
Source="Release\x86\pcre.dll" />
- <File Id="_32_ZLIB1" Name="zlib1.dll"
Source="Release\x86\zlib1.dll" />
- <File Id="_32_FUZZY" Name="fuzzy.dll"
Source="Release\x86\fuzzy.dll" />
- </Component>
- </DirectoryRef>
- <DirectoryRef Id="SystemFolderConfigSchema32">
- <Component Id="ConfigSchema32"
Guid="514A81F0-2413-42EF-B19F-E2613125EC11" Location="local" Win64="no">
- <File Id="_32_ConfigSchema" Name="ModSecurity.xml"
Source="ModSecurity.xml" />
- </Component>
- </DirectoryRef>
- <?endif ?>
- <Feature Id="DefaultFeature" Title="ModSecurity IIS Common files"
Level="1" InstallDefault="local" Absent="disallow" Display="expand"
AllowAdvertise="no" Description="Configuration and common files">
- <ComponentRef Id="ModSecCommon" />
- <ComponentRef Id="ConfigSchema32" />
- <?if $(var.Win64) = "yes" ?>
- <ComponentRef Id="ConfigSchema64" />
- <?endif ?>
- <ComponentRef Id="StartMenuShortcuts" />
- <Feature Id="OWASP_ModSecurity_CRS_v3.0.2" Level="1" Title="OWASP
ModSecurity CRS v3.0.2" InstallDefault="local" Display="expand"
AllowAdvertise="no" Description="Install OWASP CRS v3.0.2">
- <ComponentRef Id="OWASP_CRS_V_3_0_2" />
- <ComponentRef Id="OWASP_CRS_V_3_0_2_SETUP" />
+ <DirectoryRef Id="INSTALLFOLDER"> <Component Id="ModSecCommon"
+ DiskId="1" Guid="980270DF-81AB-469B-AB0E-64FA3BA160B6"
+ Location="local"> <File Id="README.TXT"
+ Name="README.TXT" Source="wix\README.TXT" />
+ <File Id="EULA.RTF" Name="EULA.rtf"
+ Source="wix\EULA.rtf" /> <File
+ Id="modsecurity.conf" Name="modsecurity.conf"
+ Source="wix\modsecurity.conf" />
+ <File Id="modsecurity_iis.conf" Name="modsecurity_iis.conf"
+ Source="wix\modsecurity_iis.conf" /> <File
+ Id="unicode.mapping" Name="unicode.mapping"
+ Source="wix\unicode.mapping" />
+ <!-- <File Id="modsecurity_crs_10_setup.conf"
+ Name="modsecurity_crs_10_setup.conf"
+ Source="wix\modsecurity_crs_10_setup.conf" /> --> <File
+ Id="LIST_DEPENDENCIES.BAT" Name="list_dependencies.bat"
+ Source="wix\list_dependencies.bat" /> <File
+ Id="ModSecurity.xml" Name="ModSecurity.xml"
+ Source="ModSecurity.xml" />
+ <!-- Modify ApplicationHost.config --> <util:XmlConfig
+ Id="appHostEntry" File="$(var.ConfigFile)"
+ Action="create"
+
ElementPath="//configuration/configSections/sectionGroup[\[]@name='system.webServer'[\]]"
+ VerifyPath="section[\[]@name='ModSecurity'[\]]"
+ Name="section" Node="element" Sequence="1" On="install"
+ /> <util:XmlConfig Id="appHostEntryName"
+ File="$(var.ConfigFile)" ElementPath="appHostEntry"
+ Name="name" Value="ModSecurity" Sequence="2" />
+ <util:XmlConfig Id="appHostEntryOverrideMode"
+ File="$(var.ConfigFile)" ElementPath="appHostEntry"
+ Name="overrideModeDefault" Value="Allow" Sequence="3"
+ /> <util:XmlConfig Id="appHostEntryAllowDefinition"
+ File="$(var.ConfigFile)" ElementPath="appHostEntry"
+ Name="allowDefinition" Value="Everywhere" Sequence="4"
+ /> <util:XmlConfig Id="removeAppHostEntry"
+ File="$(var.ConfigFile)" Action="delete"
+
ElementPath="/configuration/configSections/sectionGroup[\[]@name='system.webServer'[\]]"
+ Node="element"
+ VerifyPath="section[\[]@name='ModSecurity'[\]]"
+ On="uninstall" Sequence="1" /> <util:XmlConfig
+ Id="removeAppHostEntry2" File="$(var.ConfigFile)"
+ Action="delete"
+ ElementPath="/configuration/system.webServer"
+ Node="element"
+ VerifyPath="/configuration/system.webServer/ModSecurity"
+ Name="section" On="uninstall" Sequence="2" />
+ <RegistryKey Root="HKLM" Key="SOFTWARE\ModSecurity\ModSecurity"
+ Action="createAndRemoveOnUninstall"> <RegistryValue
+ Type="string" Name="ModSecurityConfigureIIS"
+ Value="[IIS_SETUP]" KeyPath="yes" />
+ </RegistryKey> </Component> </DirectoryRef> <?if $(var.Win64) =
+ "yes" ?> <DirectoryRef Id="inetsrv64"> <Component Id="ModSec64"
+ DiskId="1"
+ Guid="514A81F0-2413-42EF-B19F-E2613125ECE0"
+ Win64="yes" Location="local"> <File
+ Id="_64_LIBAPR_1" Name="libapr-1.dll"
+ Source="Release\amd64\libapr-1.dll" />
+ <File Id="_64_LIBAPRICONV_1"
+ Name="libapriconv-1.dll"
+ Source="Release\amd64\libapriconv-1.dll"
+ /> <File Id="_64_LIBAPRUTIL_1"
+ Name="libaprutil-1.dll"
+ Source="Release\amd64\libaprutil-1.dll"
+ /> <File Id="_64_LIBCURL"
+ Name="libcurl.dll"
+ Source="Release\amd64\libcurl.dll" />
+ <File Id="_64_LIBXML2" Name="libxml2.dll"
+ Source="Release\amd64\libxml2.dll" />
+ <File Id="_64_LUA5.1" Name="lua5.1.dll"
+ Source="Release\amd64\lua5.1.dll" />
+ <File Id="_64_YAJL" Name="yajl.dll"
+ Source="Release\amd64\yajl.dll" />
+ <File Id="_64_MLOGC" Name="mlogc.exe"
+ Source="Release\amd64\mlogc.exe" />
+ <File Id="_64_MODSECURITYIIS"
+ Name="ModSecurityIIS.dll"
+
Source="Release\amd64\ModSecurityIIS.dll"
+ /> <File Id="_64_PCRE" Name="pcre.dll"
+ Source="Release\amd64\pcre.dll" />
+ <File Id="_64_ZLIB1" Name="zlib1.dll"
+ Source="Release\amd64\zlib1.dll" />
+ <File Id="_64_FUZZY" Name="fuzzy.dll"
+ Source="Release\amd64\fuzzy.dll" />
+ </Component> </DirectoryRef> <DirectoryRef
+ Id="inetsrv32"> <Component Id="ModSec32" DiskId="1"
+ Guid="514A81F0-2413-42EF-B19F-E2613125ECE7"
+ Win64="no" Location="local"> <File
+ Id="_32_LIBAPR_1" Name="libapr-1.dll"
+ Source="Release\x86\libapr-1.dll" />
+ <File Id="_32_LIBAPRICONV_1"
+ Name="libapriconv-1.dll"
+ Source="Release\x86\libapriconv-1.dll"
+ /> <File Id="_32_LIBAPRUTIL_1"
+ Name="libaprutil-1.dll"
+ Source="Release\x86\libaprutil-1.dll"
+ /> <File Id="_32_LIBCURL"
+ Name="libcurl.dll"
+ Source="Release\x86\libcurl.dll" />
+ <File Id="_32_LIBXML2" Name="libxml2.dll"
+ Source="Release\x86\libxml2.dll" />
+ <File Id="_32_LUA5.1" Name="lua5.1.dll"
+ Source="Release\x86\lua5.1.dll" />
+ <File Id="_32_YAJL" Name="yajl.dll"
+ Source="Release\x86\yajl.dll" /> <File
+ Id="_32_MLOGC" Name="mlogc.exe"
+ Source="Release\x86\mlogc.exe" /> <File
+ Id="_32_MODSECURITYIIS"
+ Name="ModSecurityIIS.dll"
+ Source="Release\x86\ModSecurityIIS.dll"
+ /> <File Id="_32_PCRE" Name="pcre.dll"
+ Source="Release\x86\pcre.dll" /> <File
+ Id="_32_ZLIB1" Name="zlib1.dll"
+ Source="Release\x86\zlib1.dll" /> <File
+ Id="_32_FUZZY" Name="fuzzy.dll"
+ Source="Release\x86\fuzzy.dll" />
+ </Component> </DirectoryRef> <DirectoryRef
+ Id="SystemFolderConfigSchema32"> <Component
+ Id="ConfigSchema32"
+ Guid="514A81F0-2413-42EF-B19F-E2613125EC11"
+ Location="local" Win64="no"> <File
+ Id="_32_ConfigSchema"
+ Name="ModSecurity.xml"
+ Source="ModSecurity.xml" />
+ </Component> </DirectoryRef> <DirectoryRef
+ Id="SystemFolderConfigSchema64"> <Component Id="ConfigSchema64"
+ Guid="514A81F0-2413-42EF-B19F-E2613125EC22"
+ Location="local" Win64="yes"> <File
+ Id="_64_ConfigSchema" Name="ModSecurity.xml"
+ Source="ModSecurity.xml" /> </Component>
+ </DirectoryRef> <?else ?> <DirectoryRef Id="inetsrv32">
+ <Component Id="ModSec32" DiskId="1"
+ Guid="514A81F0-2413-42EF-B19F-E2613125ECE1"
+ Win64="no" Location="local"> <File
+ Id="_32_LIBAPR_1" Name="libapr-1.dll"
+ Source="Release\x86\libapr-1.dll" />
+ <File Id="_32_LIBAPRICONV_1"
+ Name="libapriconv-1.dll"
+ Source="Release\x86\libapriconv-1.dll"
+ /> <File Id="_32_LIBAPRUTIL_1"
+ Name="libaprutil-1.dll"
+ Source="Release\x86\libaprutil-1.dll"
+ /> <File Id="_32_LIBCURL"
+ Name="libcurl.dll"
+ Source="Release\x86\libcurl.dll" />
+ <File Id="_32_LIBXML2" Name="libxml2.dll"
+ Source="Release\x86\libxml2.dll" />
+ <File Id="_32_LUA5.1" Name="lua5.1.dll"
+ Source="Release\x86\lua5.1.dll" />
+ <File Id="_32_YAJL" Name="yajl.dll"
+ Source="Release\x86\yajl.dll" /> <File
+ Id="_32_MLOGC" Name="mlogc.exe"
+ Source="Release\x86\mlogc.exe" /> <File
+ Id="_32_MODSECURITYIIS"
+ Name="ModSecurityIIS.dll"
+ Source="Release\x86\ModSecurityIIS.dll"
+ /> <File Id="_32_PCRE" Name="pcre.dll"
+ Source="Release\x86\pcre.dll" /> <File
+ Id="_32_ZLIB1" Name="zlib1.dll"
+ Source="Release\x86\zlib1.dll" /> <File
+ Id="_32_FUZZY" Name="fuzzy.dll"
+ Source="Release\x86\fuzzy.dll" />
+ </Component> </DirectoryRef> <DirectoryRef
+ Id="SystemFolderConfigSchema32"> <Component
+ Id="ConfigSchema32"
+ Guid="514A81F0-2413-42EF-B19F-E2613125EC11"
+ Location="local" Win64="no"> <File
+ Id="_32_ConfigSchema"
+ Name="ModSecurity.xml"
+ Source="ModSecurity.xml" />
+ </Component> </DirectoryRef> <?endif ?> <Feature
+ Id="DefaultFeature" Title="ModSecurity IIS Common files"
+ Level="1" InstallDefault="local" Absent="disallow"
+ Display="expand" AllowAdvertise="no" Description="Configuration
+ and common files"> <ComponentRef Id="ModSecCommon" />
+ <ComponentRef Id="ConfigSchema32" /> <?if $(var.Win64) = "yes"
+ ?> <ComponentRef Id="ConfigSchema64" /> <?endif ?>
+ <ComponentRef Id="StartMenuShortcuts" />
+ <!--
+ <Feature Id="OWASP_ModSecurity_CRS_v3.0.2" Level="1" Title="OWASP
+ ModSecurity CRS v3.0.2" InstallDefault="local" Display="expand"
+ AllowAdvertise="no" Description="Install OWASP CRS v3.0.2">
+ <ComponentRef Id="OWASP_CRS_V_3_0_2" /> <ComponentRef
+ Id="OWASP_CRS_V_3_0_2_SETUP" />
<ComponentRef Id="ID_NUMBERING" />
<ComponentRef Id="README" />
@@ -430,7 +519,8 @@
<ComponentRef Id="REGRESSION_TESTS" />
<ComponentRef Id="VIRTUAL_PATCHING" />
</Feature>
- </Feature>
+ -->
+ </Feature>
<Feature Id="VCRedist" Title="Visual C++ 12.0 Runtime"
AllowAdvertise="no" Display="hidden" Level="1">
<?if $(var.Win64) = "yes" ?>
<MergeRef Id="VCRedist110_64" />
@@ -526,8 +616,8 @@
<Control Id="Title" Type="Text" X="15" Y="6" Width="210"
Height="15" Transparent="yes" NoPrefix="yes" Text="{\WixUI_Font_Title}IIS
Setup" />
<Control Id="Description" Type="Text" X="25" Y="23"
Width="280" Height="15" Transparent="yes" NoPrefix="yes" Text="Choose to
configure ModSecurity on IIS or not." />
<Control Id="Text" Type="Text" X="25" Y="55" Width="320"
Height="50" Text="ModSecurityIIS needs to be configured under IIS as a module.
It is recommended to perform this configuration during the installation.
However, if you are facing problems in the installation, the recomendation is
to disable this step. This will facilitate the debugging process since the
files will be installed in place. Note that some scripts will be installed
along with ModSecurity common files that can be later used to help this
configuration/debugging process." />
- <Control Type="CheckBox" Id="ConfigureIIS" Width="200"
Height="14" X="25" Y="124" CheckBoxValue="1" Property="IIS_SETUP" Text="Perform
ModSecurityIIS configuration." />
- <Control Type="Text" Id="troubleshooting" Width="314"
Height="37" X="26" Y="161" Text="For further information about problems during
the installation, have a look at ModSecurityIIS Troubleshooting guide.
Available at:
https://github.com/SpiderLabs/ModSecurity/wiki/IIS-Troubleshooting"; />
+ <Control Type="CheckBox" Id="ConfigureIIS" Width="200"
Height="14" X="25" Y="124" CheckBoxValue="1" Property="IIS_SETUP" Text="Perform
ModSecurityIIS configuration." />
+ <Control Type="Text" Id="troubleshooting" Width="314"
Height="67" X="26" Y="161" Text="For further information about problems during
the installation, have a look at ModSecurityIIS Troubleshooting guide.
Available at:
https://github.com/SpiderLabs/ModSecurity/wiki/IIS-Troubleshooting. ATTENTION:
This installation process no longer install OWASP CRS. Please refer to the
OWASP CRS Project to understand how to install it. " />
</Dialog>
<Binary Id="bannrbmp" SourceFile="wix\banner.jpg" />
<TextStyle Id="WixUI_Font_Normal" FaceName="Tahoma" Size="8" />
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/modsecurity-2.9.3/iis/wix/modsecurity_iis.conf
new/modsecurity-2.9.4/iis/wix/modsecurity_iis.conf
--- old/modsecurity-2.9.3/iis/wix/modsecurity_iis.conf 2018-12-04
19:49:38.000000000 +0100
+++ new/modsecurity-2.9.4/iis/wix/modsecurity_iis.conf 2021-06-21
14:35:20.000000000 +0200
@@ -1,3 +1 @@
Include modsecurity.conf
-Include crs-setup.conf.example
-Include owasp_crs\rules\*.conf
