Hello community,
here is the log from the commit of package apache2-mod_security2 for
openSUSE:Factory checked in at 2014-09-03 18:22:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_security2"
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes
2012-08-27 15:45:40.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes
2014-09-03 19:32:14.000000000 +0200
@@ -1,0 +2,135 @@
+Wed Aug 27 17:30:25 CEST 2014 - dr...@suse.de
+
+- Portability: provide /etc/apache2/mod_security2.d/empty.conf
+ to avoid a non-match of the file-glob in the Include statement
+ from /etc/apache2/conf.d/mod_security2.conf . This restores
+ the Include back from the IncludeOptional, which is not portable.
+- Source URL set to (expanded)
+ https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz
+
+-------------------------------------------------------------------
+Mon Aug 25 19:33:11 UTC 2014 - thomas.w...@sicsec.de
+
+- Fixed spec file to work with older distribution versions.
+ Before openSuSE 13.1 aclocal doesn't work, instead autoreconf
+ has to be called.
+
+-------------------------------------------------------------------
+Mon Jul 7 14:06:19 CEST 2014 - dr...@suse.de
+
+- last changelog does not say that
+ apache2-mod_security2-libtool-fix.diff was obsoleted.
+
+-------------------------------------------------------------------
+Mon Jun 16 19:04:00 CEST 2014 - dr...@suse.de
+
+- BuildRequires: libtool missing
+
+-------------------------------------------------------------------
+Mon Jun 16 18:17:26 CEST 2014 - dr...@suse.de
+
+- apache2-mod_security2-libtool-fix.diff: initialize libtool.
+
+-------------------------------------------------------------------
+Mon Jun 16 17:31:34 CEST 2014 - dr...@suse.de
+
+- apache2-mod_security2-no_rpath.diff: avoid the usage of -rpath
+ in autoconf m4 macros. Obsoletes patch
+ modsecurity-apache_2.8.0-build_fix_pcre.diff
+- use automake for build, add autoconf and automake to
+ BuildRequires:. This fix is combined with [bnc#876878].
+- turn on --enable-htaccess-config
+- use %{?_smp_mflags} for build
+
+-------------------------------------------------------------------
+Thu Jun 12 12:33:49 CEST 2014 - dr...@suse.de
+
+- OWASP rule set. [bnc#876878]
+ new in 2.8.0 (more complete changelog to add to last changelog):
+ * Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit)
+ now support white and suspicious list
+ * New variables: FULL_REQUEST and FULL_REQUEST_LENGTH
+ * GPLv2 replaced by Apache License v2
+ * rules are not part of the source tarball any longer, but
+ maintaned upstream externally, and included in this package.
+ * documentation was externalized to a wiki. Package contains
+ the FAQ and the reference manual in html form.
+ * renamed the term "Encryption" in directives that actually refer
+ to hashes. See CHANGES file for more details.
+ * byte conversion issues on s390x when logging fixed.
+ * many small issues fixed that were discovered by a Coverity scanner
+ * updated reference manual
+ * wrong time calculation when logging for some timezones fixed.
+ * replaced time-measuring mechanism with finer granularity for
+ measured request/answer phases. (Stopwatch remains for compat.)
+ * cookie parser memory leak fix
+ * parsing of quoted strings in multipart Content-Disposition
+ headers fixed.
+
+-------------------------------------------------------------------
+Thu May 1 05:06:15 UTC 2014 - thomas.w...@sicsec.de
+
+- Raised to version 2.8.0.
+- updated patches:
+ * modsecurity-apache_2.8.0-build_fix_pcre.diff
+ -> modsecurity-apache_2.7.7-build_fix_pcre.diff
+
+-------------------------------------------------------------------
+Sat Jan 25 17:43:33 UTC 2014 - thomas.w...@sicsec.de
+
+ - Raised to version 2.7.7.
+ - modified patches:
+ * modsecurity-apache_2.7.5-build_fix_pcre.diff,
+ renamed to modsecurity-apache_2.7.7-build_fix_pcre.diff.
+
+-------------------------------------------------------------------
+Thu Jan 23 13:06:09 UTC 2014 - a...@ajaissle.de
+
+- Use correct source Url
+
+-------------------------------------------------------------------
+Fri Aug 2 14:18:39 CEST 2013 - dr...@suse.de
+
+- complete overhaul of this package, with update to 2.7.5.
+- ruleset update to 2.2.8-0-g0f07cbb.
+- new configuration framework private to mod_security2:
+ /etc/apache2/conf.d/mod_security2.conf loads
+ /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf,
+ then /etc/apache2/mod_security2.d/*.conf , as set up based on
+ advice in /etc/apache2/conf.d/mod_security2.conf
+ Your configuration starting point is
+ /etc/apache2/conf.d/mod_security2.conf
+- !!! Please note that mod_unique_id is needed for mod_security2 to run!
+- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
+ linker parameter, preventing rpath in shared object.
+- fixes contained for the following bugs:
+ * CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
+ * [bnc#768293] multi-part bypass, minor threat
+ * CVE-2013-1915 [bnc#813190] XML external entity vulnerability
+ * CVE-2012-4528 [bnc#789393] rule bypass
+ * CVE-2013-2765 [bnc#822664] null pointer dereference crash
+- new from 2.5.9 to 2.7.5, only major changes:
+ * GPLv2 replaced by Apache License v2
+ * rules are not part of the source tarball any longer, but
+ maintaned upstream externally, and included in this package.
+ * documentation was externalized to a wiki. Package contains
+ the FAQ and the reference manual in html form.
+ * renamed the term "Encryption" in directives that actually refer
+ to hashes. See CHANGES file for more details.
+ * new directive SecXmlExternalEntity, default off
+ * byte conversion issues on s390x when logging fixed.
+ * many small issues fixed that were discovered by a Coverity scanner
+ * updated reference manual
+ * wrong time calculation when logging for some timezones fixed.
+ * replaced time-measuring mechanism with finer granularity for
+ measured request/answer phases. (Stopwatch remains for compat.)
+ * cookie parser memory leak fix
+ * parsing of quoted strings in multipart Content-Disposition
+ headers fixed.
+ * SDBM deadlock fix
+ * @rsub memory leak fix
+ * cookie separator code improvements
+ * build failure fixes
+ * compile time option --enable-htaccess-config (set)
+
+-------------------------------------------------------------------
Old:
----
modsecurity-apache_2.6.7.tar.gz
rules.tar.bz2
New:
----
ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
README-SUSE-mod_security2.txt
Reference-Manual.html.bz2
SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
apache2-mod_security2-no_rpath.diff
empty.conf
modsecurity-2.8.0.tar.gz
modsecurity_diagram_apache_request_cycle.jpg
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_security2.spec ++++++
--- /var/tmp/diff_new_pack.DX7ht6/_old 2014-09-03 19:32:16.000000000 +0200
+++ /var/tmp/diff_new_pack.DX7ht6/_new 2014-09-03 19:32:16.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package apache2-mod_security2
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,41 +17,50 @@
Name: apache2-mod_security2
-Version: 2.6.7
-Release: 0
-%define aversion 2.6.7
+Version: 2.8.0
+Release: 0.1
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: apache2-devel
BuildRequires: apache2-prefork
+BuildRequires: autoconf
+BuildRequires: automake
BuildRequires: c++_compiler
-BuildRequires: curl-devel
+BuildRequires: libcurl-devel
+BuildRequires: libtool
BuildRequires: libxml2-devel
+BuildRequires: lua-devel
BuildRequires: pcre-devel
%define apache apache2
%define modname mod_security2
-%define tarballname modsecurity-apache_%{aversion}
+%define tarballname modsecurity-%{version}
#
-
-%{!?apxs: %global apxs /usr/sbin/apxs2}
-%{!?apache_libexecdir: %global apache_libexecdir %(%{apxs} -q LIBEXECDIR)}
-%{!?apache_sysconfdir: %global apache_sysconfdir %(%{apxs} -q SYSCONFDIR)}
-%{!?apache_includedir: %global apache_includedir %(%{apxs} -q INCLUDEDIR)}
-%{!?apache_serveroot: %global apache_serverroot %(%{apxs} -q PREFIX)}
-%{!?apache_localstatedir: %global apache_localstatedir %(%{apxs} -q
LOCALSTATEDIR)}
-%{!?apache_mmn: %global apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x
$MMN && $MMN)}
-
+%define apxs %{_sbindir}/apxs2
+%define apache_libexecdir %(%{apxs} -q LIBEXECDIR)
+%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR)
+%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN &&
$MMN)
+%define usrsharedir %{_prefix}/share/%{name}
+%define refman Reference-Manual.html
+%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html
+%if 0%{?apache_mmn}
Requires: %{apache_mmn}
+%endif
Requires: apache2
#
Url: http://www.modsecurity.org/
-Source: http://www.modsecurity.org/download/%{tarballname}.tar.gz
-Source1: mod_security2.conf
-Source2: rules.tar.bz2
+Source:
https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz
+Source1:
https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
+Source2: mod_security2.conf
+Source3: %{refman}.bz2
+Source4: %{faq}.bz2
+Source5: modsecurity_diagram_apache_request_cycle.jpg
+Source6: README-SUSE-mod_security2.txt
+Source7: empty.conf
+Patch0: apache2-mod_security2-no_rpath.diff
#
Summary: ModSecurity Open Source Web Application Firewall
-License: Apache-2.0 and GPL-2.0
+License: Apache-2.0
Group: Productivity/Networking/Web/Servers
%description
@@ -61,44 +70,81 @@
ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks.
+The modsecurity team also offer a commercial version of their excellent
+ruleset. Please have a look at http://www.modsecurity.org/ for more details.
%prep
%setup -n %{tarballname}
-tar -xvjpf %{S:2}
+%setup -D -T -a 1 -n %{tarballname}
+mv -v SpiderLabs* rules
+bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3}
%{_sourcedir}/%{refman}
+bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4}
%{_sourcedir}/%{faq}
+%patch0
+#%patch1
+#%patch2
%build
-#pushd %{apache}
- ./configure
- make %{?_smp_mflags}
-# make -C mlogc-src/
-#popd
+# aclocal only works with never distributions,
+%if 0%{?suse_version} >= 1310
+aclocal
+# on older versions only autoconf is called.
+%else
+autoreconf -fi
+%endif
+automake
+./configure --with-apxs=%{apxs} --enable-request-early --enable-htaccess-config
+CFLAGS="%{optflags}" make %{?_smp_mflags}
%install
pushd %{apache}
- install -D -m 0755 .libs/mod_security2.so
%{buildroot}%{apache_libexecdir}/%{modname}.so
+ install -d -m 0755 %{buildroot}%{apache_libexecdir}
+ install .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so
popd
- install -D -m 0755 mlogc/mlogc %{buildroot}%{_sbindir}/mlogc
- install -D -m 0755 mlogc/mlogc-batch-load.pl
%{buildroot}%{_sbindir}/mlogc-batch-load.pl
- install -D -m 0640 mlogc/mlogc-default.conf
%{buildroot}%{_sysconfdir}/mlogc.conf
- cp mlogc/INSTALL mlogc/INSTALL.mlogc
-install -D -m 0644 %{SOURCE1}
%{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf
-mkdir examples
-cp -a tools examples
-rm -f examples/tools/M*
-chmod 644 examples/tools/*
+install -D -m 0644 %{SOURCE2}
%{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf
+install -d -m 0755 %{buildroot}%{apache_sysconfdir}/mod_security2.d
+install -D -m 0644 %{SOURCE6} %{buildroot}%{apache_sysconfdir}/mod_security2.d
+install -D -m 0644 %{SOURCE7} %{buildroot}%{apache_sysconfdir}/mod_security2.d
+cp -a %{SOURCE6} doc
+install -m 0644 %{_sourcedir}/%{faq} %{_sourcedir}/%{refman} doc
+install -m 0644 %{SOURCE5} doc
+install -d -m 0755 %{buildroot}/%{usrsharedir}
+install -d -m 0755 %{buildroot}/%{usrsharedir}/tools
+install -d -m 0755 %{buildroot}/%{usrsharedir}
+rm -f rules/.gitignore rules/LICENSE
+cp -a rules/util/README
%{buildroot}/%{usrsharedir}/tools/README-rules-updater.txt
+cp -a tools/rules-updater.pl tools/rules-updater-example.conf
%{buildroot}/%{usrsharedir}/tools
+find rules -type f -print0 | \
+ xargs -0 chmod 644
+cp -a rules %{buildroot}/%{usrsharedir}
+rm -rf %{buildroot}/%{usrsharedir}/rules/util
+rm -rf %{buildroot}/%{usrsharedir}/rules/lua
+rm -f %{buildroot}/%{usrsharedir}/rules/READM*
+rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL
%{buildroot}/%{usrsharedir}/rules/CHANGELOG
+mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
+ %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf
+
+%clean
+%{__rm} -rf %{buildroot};
+%{__rm} -f %{_sourcedir}/%{faq} %{_sourcedir}/%{refman}
%files
%defattr(-, root, root, 0755)
%{apache_libexecdir}/%{modname}.so
%config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf
-%doc doc/Reference_Manual.html
-%doc README.TXT CHANGES LICENSE modsecurity.conf-recommended
-%doc mlogc/INSTALL.mlogc mlogc/mlogc-default.conf
-%doc examples/
-%doc rules/
-%{_sbindir}/mlogc
-%{_sbindir}/mlogc-batch-load.pl
-%config(noreplace) %{_sysconfdir}/mlogc.conf
+%dir %{apache_sysconfdir}/mod_security2.d
+%{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt
+%{apache_sysconfdir}/mod_security2.d/empty.conf
+%dir %{usrsharedir}
+#%dir %{usrsharedir}/tools
+#%dir %{usrsharedir}/rules
+%doc README.TXT CHANGES LICENSE NOTICE authors.txt
+%{usrsharedir}
+#%{usrsharedir}/rules/activated_rules
+#%{usrsharedir}/rules/base_rules
+#%{usrsharedir}/rules/experimental_rules
+#%{usrsharedir}/rules/optional_rules
+#%{usrsharedir}/rules/slr_rules
+%doc doc/* rules/util/regression-tests
%changelog
++++++ README-SUSE-mod_security2.txt ++++++
#
# Dear Administrator,
#
# mod_security2 is not activated by default upon installation of the
# apache module.
#
# Your starting point for the configuration of mod_security2 is
# /etc/apache2/conf.d/mod_security2.conf .
# Please see that file for comments on how to activate the module
# and on how to assign rules.
#
++++++ apache2-mod_security2-no_rpath.diff ++++++
diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.am ./apache2/Makefile.am
--- ../modsecurity-2.8.0-o/apache2/Makefile.am 2014-04-15 14:44:04.000000000
+0200
+++ ./apache2/Makefile.am 2014-06-16 16:17:44.000000000 +0200
@@ -73,61 +73,61 @@
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if MACOSX
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if SOLARIS
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if LINUX
-mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R
@PCRE_LD_PATH@ \
+mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if FREEBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if OPENBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.in ./apache2/Makefile.in
--- ../modsecurity-2.8.0-o/apache2/Makefile.in 2014-04-15 14:44:14.000000000
+0200
+++ ./apache2/Makefile.in 2014-06-16 16:18:03.000000000 +0200
@@ -600,61 +600,61 @@
else :; fi; \
done; \
test -z "$$list2" || { \
echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install
$(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install
$(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
}
uninstall-pkglibLTLIBRARIES:
@$(NORMAL_UNINSTALL)
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
for p in $$list; do \
$(am__strip_dir) \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall
rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f
"$(DESTDIR)$(pkglibdir)/$$f"; \
done
clean-pkglibLTLIBRARIES:
-test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
@list='$(pkglib_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES)
$(EXTRA_mod_security2_la_DEPENDENCIES)
- $(AM_V_CCLD)$(mod_security2_la_LINK) -rpath $(pkglibdir)
$(mod_security2_la_OBJECTS) $(mod_security2_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(mod_security2_la_LINK) $(mod_security2_la_OBJECTS)
$(mod_security2_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-acmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-apache2_config.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-apache2_io.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-apache2_util.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-libinjection_html5.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-libinjection_sqli.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-libinjection_xss.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-mod_security2.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-modsecurity.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_crypt.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_geo.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_gsb.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_json.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_logging.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_lua.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_multipart.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_parsers.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_pcre.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_release.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_reqbody.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_status_engine.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_tree.Plo@am__quote@
@AMDEP_TRUE@@am__include@
@am__quote@./$(DEPDIR)/mod_security2_la-msc_unicode.Plo@am__quote@
diff -rNU 30 ../modsecurity-2.8.0-o/build/libtool.m4 ./build/libtool.m4
--- ../modsecurity-2.8.0-o/build/libtool.m4 2014-04-15 14:44:04.000000000
+0200
+++ ./build/libtool.m4 2014-06-16 16:16:39.000000000 +0200
@@ -4661,61 +4661,61 @@
if test "$with_gnu_ld" = yes; then
case $host_os in
aix*)
# The AIX port of GNU ld has always aspired to compatibility
# with the native linker. However, as the warning in the GNU ld
# block says, versions before 2.19.5* couldn't really create working
# shared libraries, regardless of the interface used.
case `$LD -v 2>&1` in
*\ \(GNU\ Binutils\)\ 2.19.5*) ;;
*\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
*\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
fi
if test "$lt_use_gnu_ld_interface" = yes; then
# If archive_cmds runs LD, not CC, wlarc should be empty
wlarc='${wl}'
# Set some defaults for GNU ld with shared library support. These
# are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary.
runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
# ancient GNU ld didn't support --whole-archive et. al.
if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec,
$1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
supports_anon_versioning=no
case `$LD -v 2>&1` in
*GNU\ gold*) supports_anon_versioning=yes ;;
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
*\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
*\ 2.11.*) ;; # other 2.11 versions
*) supports_anon_versioning=yes ;;
esac
# See if GNU ld supports shared libraries.
case $host_os in
aix[[3-9]]*)
# On AIX/PPC, the GNU linker is very broken
if test "$host_cpu" != ia64; then
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: the GNU linker, at least up to release 2.19, is reported
*** to be unable to reliably create shared libraries on AIX.
*** Therefore, libtool is disabling shared libraries support. If you
*** really care for shared libraries, you may want to install binutils
*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
@@ -4897,61 +4897,61 @@
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null;
then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs
$compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs
$deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file
$wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
case `$LD -v 2>&1` in
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
*** reliably create shared libraries on SCO systems. Therefore, libtool
*** is disabling shared libraries support. We urge you to upgrade GNU
*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
*** your PATH or compiler configuration so that the native linker is
*** used, and then restart.
_LT_EOF
;;
*)
# For security reasons, it is highly recommended that you always
# use absolute paths for naming shared libraries, and exclude the
# DT_RUNPATH tag from executables and libraries. But doing so
# requires that you compile everything twice, which is a pain.
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null;
then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs
$compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs
$compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file
$wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
;;
sunos4*)
_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib
$libobjs $deplibs $linker_flags'
wlarc=
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
;;
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs
$compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs
$deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file
$wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
runpath_var=
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(export_dynamic_flag_spec, $1)=
@@ -5907,61 +5907,61 @@
else
$as_unset lt_cv_path_LD
fi
test -z "${LDCXX+set}" || LD=$LDCXX
CC=${CXX-"c++"}
CFLAGS=$CXXFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_CC_BASENAME([$compiler])
if test -n "$compiler"; then
# We don't want -fno-exception when compiling C++ code, so set the
# no_builtin_flag separately
if test "$GXX" = yes; then
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
else
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
fi
if test "$GXX" = yes; then
# Set up default GNU C++ configuration
LT_PATH_LD
# Check if GNU C++ uses GNU ld as the underlying linker, since the
# archiving commands below assume that GNU ld is being used.
if test "$with_gnu_ld" = yes; then
_LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib
$predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname
$wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib
$predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname
$wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
# If archive_cmds runs LD, not CC, wlarc should be empty
# XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
# investigate it a little bit more. (MM)
wlarc='${wl}'
# ancient GNU ld didn't support --whole-archive et. al.
if eval "`$CC -print-prog-name=ld` --help 2>&1" |
$GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec,
$1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
else
with_gnu_ld=no
wlarc=
# A generic and very simple default shared library creation
# command for GNU C++ for the case where it uses the native
# linker, instead of GNU ld. If possible, this setting should
# overridden to take advantage of the native linker features on
# the platform it is being used on.
_LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects
$libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
fi
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 |
$GREP -v "^Configured with:" | $GREP "\-L"'
++++++ empty.conf ++++++
# This configuration file has been intentionally left empty to avoid errors
# resulting from an Include statement that matches no files.
# (IncludeOptional is available for apache > 2.4)
#
++++++ mod_security2.conf ++++++
--- /var/tmp/diff_new_pack.DX7ht6/_old 2014-09-03 19:32:16.000000000 +0200
+++ /var/tmp/diff_new_pack.DX7ht6/_new 2014-09-03 19:32:16.000000000 +0200
@@ -1,60 +1,293 @@
+
+# Dear administrator/webmaster,
+#
+# Welcome to /etc/apache2/conf.d/mod_security2.conf, the starting point for
+# the configuration of mod_security2.
+# Please read this text down to line 63 for information about activation
+# and configuration of the mod_security2 apache module.
+#
+# To activate mod_security2, its apache module must be configured to be
+# loaded when apache starts. The mod_security2 apache module depends on
+# the module mod_unique_id to be able to run. This means that both apache
+# modules must be activated/loaded when apache starts.
+
+# Change the configuration to load these two modules by adding the two
+# module names "security2" and "unique_id" to the variable APACHE_MODULES
+# in /etc/sysconfig/apache2 . You can do that manually, or use the tools
+# a2enmod (enable apache module) and a2dismod (disable apache module).
+# These two tools expect the name of the module without the leading
+# "mod_" as an argument!
+#
+# note: /etc/sysconfig/apache2 is evaluated upon apache start by the apache
+# start script /usr/sbin/start_apache2 . Changes in APACHE_MODULES are then
+# visible in /etc/apache2/sysconfig.d/loadmodule.conf, changed by the start
+# script.
+#
+# example for the use of a2enmod/a2dismod:
+#
+# a2enmod security2 # enable module security2
+# a2enmod unique_id # enable module unique_id
+#
+# a2dismod security2 # disable
+# a2dismod unique_id # %
+
+#
+# This file /etc/apache2/conf.d/mod_security2.conf makes some basic
+# configuration settings, then loads
+# /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf
+# which is the baseline for the rules that can be loaded later.
+#
+# Afterwards, all files named *.conf in /etc/apache2/mod_security2.d are read.
+# For the rules you wish to apply, place a symlink to the rules file there.
+#
+# About the rules; The OWASP ModSecurity Core Rule Set version 2.2.9
+# is contained in this package, a splendid set of rules made to provide for a
+# decent basic and even advanced protection. The rules files are contained
+# in the directory /usr/share/apache2-mod_security2/rules/.
+#
+# Example (use all of the basic rules that come with the package):
+#
+# cd /etc/apache2/mod_security2.d
+# for i in /usr/share/apache2-mod_security2/rules/base_rules/mod*; do
+# ln -s $i .
+# done
+#
+# At last, simply restart apache:
+# rcapache2 restart
+#
+# In doubt, please consult the valuable online documentation on the project's
+# website, which is the authoritative source for documentation.
+# For offline reading, the webpages for the Reference Guide and the FAQ are
+# located in the package's documentation directory, in the state of 2013/01:
+# /usr/share/doc/packages/apache2-mod_security2
+#
+# Roman Drahtmueller <dr...@suse.de>, SUSE, 20140610.
+#
+
+
+
<IfModule mod_security2.c>
- # Basic configuration options
- SecRuleEngine On
- SecRequestBodyAccess On
- SecResponseBodyAccess Off
-
- # Handling of file uploads
- # TODO Choose a folder private to Apache.
- # SecUploadDir /opt/apache-frontend/tmp/
- SecUploadKeepFiles Off
-
- # Debug log
- SecDebugLog /var/log/apache2/modsec_debug.log
- SecDebugLogLevel 0
-
- # Serial audit log
- SecAuditEngine RelevantOnly
- SecAuditLogRelevantStatus ^5
- SecAuditLogParts ABIFHZ
- SecAuditLogType Serial
- SecAuditLog /var/log/apache2/modsec_audit.log
-
- # Maximum request body size we will
- # accept for buffering
- SecRequestBodyLimit 131072
-
- # Store up to 128 KB in memory
- SecRequestBodyInMemoryLimit 131072
-
- # Buffer response bodies of up to
- # 512 KB in length
- SecResponseBodyLimit 524288
-
- # Verify that we've correctly processed the request body.
- # As a rule of thumb, when failing to process a request body
- # you should reject the request (when deployed in blocking mode)
- # or log a high-severity alert (when deployed in detection-only mode).
- SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
- "phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
-
- # By default be strict with what we accept in the multipart/form-data
- # request body. If the rule below proves to be too strict for your
- # environment consider changing it to detection-only. You are encouraged
- # _not_ to remove it altogether.
- SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
- "phase:2,t:none,log,deny,msg:'Multipart request body \
- failed strict validation: \
- PE %{REQBODY_PROCESSOR_ERROR}, \
- BQ %{MULTIPART_BOUNDARY_QUOTED}, \
- BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
- DB %{MULTIPART_DATA_BEFORE}, \
- DA %{MULTIPART_DATA_AFTER}, \
- HF %{MULTIPART_HEADER_FOLDING}, \
- LF %{MULTIPART_LF_LINE}, \
- SM %{MULTIPART_SEMICOLON_MISSING}'"
-
- # Did we see anything that might be a boundary?
- SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
- "phase:2,t:none,log,deny,msg:'Multipart parser detected a possible
unmatched boundary.'"
+
+# -- Rule engine initialization ----------------------------------------------
+
+# Enable ModSecurity, attaching it to every transaction. Use detection
+# only to start with, because that minimises the chances of post-installation
+# disruption.
+#
+SecRuleEngine DetectionOnly
+
+
+# -- Request body handling ---------------------------------------------------
+
+# Allow ModSecurity to access request bodies. If you don't, ModSecurity
+# won't be able to see any POST parameters, which opens a large security
+# hole for attackers to exploit.
+#
+SecRequestBodyAccess On
+
+
+# Enable XML request body parser.
+# Initiate XML Processor in case of xml content-type
+#
+SecRule REQUEST_HEADERS:Content-Type "text/xml" \
+
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+
+
+# Maximum request body size we will accept for buffering. If you support
+# file uploads then the value given on the first line has to be as large
+# as the largest file you are willing to accept. The second value refers
+# to the size of data, with files excluded. You want to keep that value as
+# low as practical.
+#
+SecRequestBodyLimit 13107200
+SecRequestBodyNoFilesLimit 131072
+
+# Store up to 128 KB of request body data in memory. When the multipart
+# parser reachers this limit, it will start using your hard disk for
+# storage. That is slow, but unavoidable.
+#
+SecRequestBodyInMemoryLimit 131072
+
+# What do do if the request body size is above our configured limit.
+# Keep in mind that this setting will automatically be set to ProcessPartial
+# when SecRuleEngine is set to DetectionOnly mode in order to minimize
+# disruptions when initially deploying ModSecurity.
+#
+SecRequestBodyLimitAction Reject
+
+# Verify that we've correctly processed the request body.
+# As a rule of thumb, when failing to process a request body
+# you should reject the request (when deployed in blocking mode)
+# or log a high-severity alert (when deployed in detection-only mode).
+#
+SecRule REQBODY_ERROR "!@eq 0" \
+"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request
body.',logdata:'%{reqbody_error_msg}',severity:2"
+
+# By default be strict with what we accept in the multipart/form-data
+# request body. If the rule below proves to be too strict for your
+# environment consider changing it to detection-only. You are encouraged
+# _not_ to remove it altogether.
+#
+SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+"id:'200002',phase:2,t:none,log,deny,status:44, \
+msg:'Multipart request body failed strict validation: \
+PE %{REQBODY_PROCESSOR_ERROR}, \
+BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+DB %{MULTIPART_DATA_BEFORE}, \
+DA %{MULTIPART_DATA_AFTER}, \
+HF %{MULTIPART_HEADER_FOLDING}, \
+LF %{MULTIPART_LF_LINE}, \
+SM %{MULTIPART_MISSING_SEMICOLON}, \
+IQ %{MULTIPART_INVALID_QUOTING}, \
+IP %{MULTIPART_INVALID_PART}, \
+IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+# Did we see anything that might be a boundary?
+#
+SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
+"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected
a possible unmatched boundary.'"
+
+# PCRE Tuning
+# We want to avoid a potential RegEx DoS condition
+#
+SecPcreMatchLimit 1000
+SecPcreMatchLimitRecursion 1000
+
+# Some internal errors will set flags in TX and we will need to look for these.
+# All of these are prefixed with "MSC_". The following flags currently exist:
+#
+# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
+#
+SecRule TX:/^MSC_/ "!@streq 0" \
+ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error
flagged: %{MATCHED_VAR_NAME}'"
+
+
+# -- Response body handling --------------------------------------------------
+
+# Allow ModSecurity to access response bodies.
+# You should have this directive enabled in order to identify errors
+# and data leakage issues.
+#
+# Do keep in mind that enabling this directive does increases both
+# memory consumption and response latency.
+#
+SecResponseBodyAccess On
+
+# Which response MIME types do you want to inspect? You should adjust the
+# configuration below to catch documents but avoid static files
+# (e.g., images and archives).
+#
+SecResponseBodyMimeType text/plain text/html text/xml
+
+# Buffer response bodies of up to 512 KB in length.
+SecResponseBodyLimit 524288
+
+# What happens when we encounter a response body larger than the configured
+# limit? By default, we process what we have and let the rest through.
+# That's somewhat less secure, but does not break any legitimate pages.
+#
+SecResponseBodyLimitAction ProcessPartial
+
+
+# -- Filesystem configuration ------------------------------------------------
+
+# The location where ModSecurity stores temporary files (for example, when
+# it needs to handle a file upload that is larger than the configured limit).
+#
+# This default setting is chosen due to all systems have /tmp available
however,
+# this is less than ideal. It is recommended that you specify a location
that's private.
+#
+SecTmpDir /tmp/
+
+# The location where ModSecurity will keep its persistent data. This default
setting
+# is chosen due to all systems have /tmp available however, it
+# too should be updated to a place that other users can't access.
+#
+SecDataDir /tmp/
+
+
+# -- File uploads handling configuration -------------------------------------
+
+# The location where ModSecurity stores intercepted uploaded files. This
+# location must be private to ModSecurity. You don't want other users on
+# the server to access the files, do you?
+#
+#SecUploadDir /opt/modsecurity/var/upload/
+
+# By default, only keep the files that were determined to be unusual
+# in some way (by an external inspection script). For this to work you
+# will also need at least one file inspection rule.
+#
+#SecUploadKeepFiles RelevantOnly
+
+# Uploaded files are by default created with permissions that do not allow
+# any other user to access them. You may need to relax that if you want to
+# interface ModSecurity to an external program (e.g., an anti-virus).
+#
+#SecUploadFileMode 0600
+
+
+# -- Debug log configuration -------------------------------------------------
+
+# The default debug log configuration is to duplicate the error, warning
+# and notice messages from the error log.
+#
+#SecDebugLog /var/log/apache2/modsec_debug.log
+#SecDebugLogLevel 3
+
+# -- Audit log configuration -------------------------------------------------
+
+# Log the transactions that are marked by a rule, as well as those that
+# trigger a server error (determined by a 5xx or 4xx, excluding 404,
+# level response status codes).
+#
+SecAuditEngine RelevantOnly
+SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+
+# Log everything we know about a transaction.
+SecAuditLogParts ABIJDEFHZ
+
+# Use a single file for logging. This is much easier to look at, but
+# assumes that you will use the audit log only ocassionally.
+#
+SecAuditLogType Serial
+SecAuditLog /var/log/apache2/modsec_audit.log
+
+# Specify the path for concurrent audit logging.
+#SecAuditLogStorageDir /opt/modsecurity/var/audit/
+
+
+# -- Miscellaneous -----------------------------------------------------------
+
+# Use the most commonly used application/x-www-form-urlencoded parameter
+# separator. There's probably only one application somewhere that uses
+# something else so don't expect to change this value.
+#
+SecArgumentSeparator &
+
+# Settle on version 0 (zero) cookies, as that is what most applications
+# use. Using an incorrect cookie version may open your installation to
+# evasion attacks (against the rules that examine named cookies).
+#
+SecCookieFormat 0
+
+# Specify your Unicode Code Point.
+# This mapping is used by the t:urlDecodeUni transformation function
+# to properly map encoded data to your language. Properly setting
+# these directives helps to reduce false positives and negatives.
+#
+#SecUnicodeCodePage 20127
+#SecUnicodeMapFile unicode.mapping
+
+
+
+
+
+
+Include /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf
+# as set up with symlinks for files that are placed here:
+Include /etc/apache2/mod_security2.d/*.conf
+
</IfModule>
++++++ modsecurity-apache_2.6.7.tar.gz -> modsecurity-2.8.0.tar.gz ++++++
++++ 84093 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
