commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2020-02-20 14:57:56 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new.26092 (New) Package is "apache2-mod_security2" Thu Feb 20 14:57:56 2020 rev:26 rq:777581 version:2.9.2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2018-01-09 14:52:28.153838613 +0100 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new.26092/apache2-mod_security2.changes 2020-02-20 14:57:59.542595574 +0100 @@ -1,0 +2,6 @@ +Wed Feb 12 10:26:15 UTC 2020 - pgaj...@suse.com + +- removing %apache_test_* macros, do not test module just by + loading the module + +--- Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.bDsHUX/_old 2020-02-20 14:58:00.926598289 +0100 +++ /var/tmp/diff_new_pack.bDsHUX/_new 2020-02-20 14:58:00.926598289 +0100 @@ -1,7 +1,7 @@ # # spec file for package apache2-mod_security2 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -25,7 +25,7 @@ Summary:Web Application Firewall for apache httpd License:Apache-2.0 Group: Productivity/Networking/Web/Servers -Url:http://www.modsecurity.org/ +URL:http://www.modsecurity.org/ Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz Source2:mod_security2.conf @@ -110,15 +110,6 @@ #make test #make test-regression -set +x -mkdir -p %{apache_test_module_dir} -cp %{SOURCE2} %{apache_test_module_dir}/%{modname}-test.conf -sed -i 's:%{_localstatedir}/log/apache2:/tmp:' %{apache_test_module_dir}/%{modname}-test.conf -sed -i 's:%{_prefix}/share:%{buildroot}%{_prefix}/share:' %{apache_test_module_dir}/%{modname}-test.conf -sed -i 's:%{_sysconfdir}/apache2:%{buildroot}%{_sysconfdir}/apache2:' %{apache_test_module_dir}/%{modname}-test.conf -%apache_test_module_load -m security2 -i %{modname}-test.conf -set -x - %files %if %{suse_version} == 1110 %defattr (-,root,root)
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2018-01-09 14:52:25 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is "apache2-mod_security2" Tue Jan 9 14:52:25 2018 rev:25 rq:561619 version:2.9.2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2017-06-26 15:52:34.417035536 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2018-01-09 14:52:28.153838613 +0100 @@ -1,0 +2,35 @@ +Fri Dec 29 00:09:38 UTC 2017 - jeng...@inai.de + +- Trim advertisement and filler wording from descriptions. + +--- +Wed Dec 20 09:13:49 UTC 2017 - pgaj...@suse.com + +- fix build for SLE_11_SP4: BuildRoot and %deffattr have to be + present + +--- +Mon Oct 2 11:02:58 UTC 2017 - kstreit...@suse.com + +- update to 2.9.2 + * release notes +https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2 + * refresh apache2-mod_security2-no_rpath.diff + * remove apache2-mod_security2-lua-5.3.patch that was applied +upstream +- remove outdated html pages and diagram (they can be accessed + online at https://github.com/SpiderLabs/ModSecurity/wiki) + * Reference-Manual.html.bz2 + * ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 + * modsecurity_diagram_apache_request_cycle.jpg +- don't pack the whole doc directory as it contains also Makefiles + or doxygen configuration files +- disable mlogc as we don't pack it and it also can't be built for + curl <=7.34 +- add basic and regression test suite (but disabled for now) + * add apache2-mod_security2_tests_conf.patch for apache2 +configuration file used for tests that was trying to load +mpm_worker_module (it's static for our apache2 package) + * add "BuildRequires: perl-libwww-perl" needed for the test suite + +--- Old: ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 Reference-Manual.html.bz2 apache2-mod_security2-lua-5.3.patch modsecurity-2.9.0.tar.gz modsecurity_diagram_apache_request_cycle.jpg New: apache2-mod_security2_tests_conf.patch modsecurity-2.9.2.tar.gz Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.tfjUna/_old 2018-01-09 14:52:29.061796047 +0100 +++ /var/tmp/diff_new_pack.tfjUna/_new 2018-01-09 14:52:29.061796047 +0100 @@ -19,27 +19,21 @@ %define modname mod_security2 %define tarballname modsecurity-%{version} %define usrsharedir %{_datadir}/%{name} -%define refman Reference-Manual.html -%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html Name: apache2-mod_security2 -Version:2.9.0 +Version:2.9.2 Release:0 -Summary:ModSecurity Open Source Web Application Firewall +Summary:Web Application Firewall for apache httpd License:Apache-2.0 Group: Productivity/Networking/Web/Servers Url:http://www.modsecurity.org/ Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz Source2:mod_security2.conf -Source3:%{refman}.bz2 -Source4:%{faq}.bz2 -Source5:modsecurity_diagram_apache_request_cycle.jpg Source6:README-SUSE-mod_security2.txt Source7:empty.conf Patch0: apache2-mod_security2-no_rpath.diff Patch1: modsecurity-fixes.patch -# https://github.com/SpiderLabs/ModSecurity/pull/837 -Patch2: apache2-mod_security2-lua-5.3.patch +Patch2: apache2-mod_security2_tests_conf.patch BuildRequires: apache-rpm-macros BuildRequires: apache2-devel BuildRequires: apache2-prefork @@ -51,42 +45,40 @@ BuildRequires: libxml2-devel BuildRequires: lua-devel BuildRequires: pcre-devel +BuildRequires: perl-libwww-perl BuildRequires: pkgconfig Requires: %{apache_mmn} Requires: %{apache_suse_maintenance_mmn} Requires: apache2 +%if 0%{suse_version} == 1110 BuildRoot: %{_tmppath}/%{name}-%{version}-build +%endif %description -ModSecurity(TM) is an open source intrusion detection and prevention +ModSecurity is an intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security,
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2017-06-26 15:52:32 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is "apache2-mod_security2" Mon Jun 26 15:52:32 2017 rev:24 rq:505810 version:2.9.0 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2017-03-31 15:08:40.423287574 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2017-06-26 15:52:34.417035536 +0200 @@ -1,0 +2,6 @@ +Wed Jun 21 10:16:28 UTC 2017 - dims...@opensuse.org + +- Update modsecurity-fixes.patch: additionally include netdb.h in + order to have gethostbyname defined. + +--- Other differences: -- ++ modsecurity-fixes.patch ++ --- /var/tmp/diff_new_pack.k6OZxJ/_old 2017-06-26 15:52:35.792841534 +0200 +++ /var/tmp/diff_new_pack.k6OZxJ/_new 2017-06-26 15:52:35.796840970 +0200 @@ -1,3 +1,5 @@ +Index: modsecurity-2.9.0/apache2/mod_security2.c +=== --- modsecurity-2.9.0.orig/apache2/mod_security2.c +++ modsecurity-2.9.0/apache2/mod_security2.c @@ -457,17 +457,13 @@ static void store_tx_context(modsec_rec @@ -19,6 +21,8 @@ msr->modsecurity = modsecurity; msr->r = r; +Index: modsecurity-2.9.0/apache2/msc_reqbody.c +=== --- modsecurity-2.9.0.orig/apache2/msc_reqbody.c +++ modsecurity-2.9.0/apache2/msc_reqbody.c @@ -88,7 +88,7 @@ apr_status_t modsecurity_request_body_st @@ -30,16 +34,21 @@ /* Initialise request body processors, if any. */ +Index: modsecurity-2.9.0/apache2/msc_status_engine.c +=== --- modsecurity-2.9.0.orig/apache2/msc_status_engine.c +++ modsecurity-2.9.0/apache2/msc_status_engine.c -@@ -37,6 +37,7 @@ +@@ -37,6 +37,8 @@ #if (defined(__linux__) || defined(__gnu_linux__)) #include #include +#include ++#include #endif #ifdef HAVE_SYS_UTSNAME_H #include +Index: modsecurity-2.9.0/apache2/msc_remote_rules.c +=== --- modsecurity-2.9.0.orig/apache2/msc_remote_rules.c +++ modsecurity-2.9.0/apache2/msc_remote_rules.c @@ -792,6 +792,7 @@ next: @@ -50,6 +59,8 @@ } +Index: modsecurity-2.9.0/apache2/msc_util.c +=== --- modsecurity-2.9.0.orig/apache2/msc_util.c +++ modsecurity-2.9.0/apache2/msc_util.c @@ -18,6 +18,7 @@
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2017-03-31 15:08:39 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is "apache2-mod_security2" Fri Mar 31 15:08:39 2017 rev:23 rq:482450 version:2.9.0 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2015-08-05 06:50:59.0 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2017-03-31 15:08:40.423287574 +0200 @@ -1,0 +2,5 @@ +Thu Mar 23 15:14:11 UTC 2017 - kstreit...@suse.com + +- cleanup with spec-cleaner + +--- Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.vkAteb/_old 2017-03-31 15:08:41.275167136 +0200 +++ /var/tmp/diff_new_pack.vkAteb/_new 2017-03-31 15:08:41.279166571 +0200 @@ -1,7 +1,7 @@ # # spec file for package apache2-mod_security2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -117,6 +117,16 @@ mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \ %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf +%check +set +x +mkdir -p %{apache_test_module_dir} +cp %{SOURCE2} %{apache_test_module_dir}/%{modname}-test.conf +sed -i 's:%{_localstatedir}/log/apache2:/tmp:' %{apache_test_module_dir}/%{modname}-test.conf +sed -i 's:%{_prefix}/share:%{buildroot}%{_prefix}/share:' %{apache_test_module_dir}/%{modname}-test.conf +sed -i 's:%{_sysconfdir}/apache2:%{buildroot}%{_sysconfdir}/apache2:' %{apache_test_module_dir}/%{modname}-test.conf +%apache_test_module_load -m security2 -i %{modname}-test.conf +set -x + %files %defattr(-, root, root, 0755) %{apache_libexecdir}/%{modname}.so
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2015-08-05 06:50:58 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2015-07-20 11:21:08.0 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2015-08-05 06:50:59.0 +0200 @@ -1,0 +2,6 @@ +Wed Jul 29 06:42:19 UTC 2015 - pgaj...@suse.com + +- fix build for lua 5.3 + + apache2-mod_security2-lua-5.3.patch + +--- New: apache2-mod_security2-lua-5.3.patch Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.s0nz2b/_old 2015-08-05 06:51:00.0 +0200 +++ /var/tmp/diff_new_pack.s0nz2b/_new 2015-08-05 06:51:00.0 +0200 @@ -38,6 +38,8 @@ Source7:empty.conf Patch0: apache2-mod_security2-no_rpath.diff Patch1: modsecurity-fixes.patch +# https://github.com/SpiderLabs/ModSecurity/pull/837 +Patch2: apache2-mod_security2-lua-5.3.patch BuildRequires: apache-rpm-macros BuildRequires: apache2-devel BuildRequires: apache2-prefork @@ -73,6 +75,7 @@ bzip2 -dc %{SOURCE4} %{_sourcedir}/%{faq} touch -r %{SOURCE4} %{_sourcedir}/%{faq} %patch0 %patch1 -p1 +%patch2 -p1 %build # aclocal only works with never distributions, ++ apache2-mod_security2-lua-5.3.patch ++ From 422e22141b9f6cdd0496919093fcf51b02732b84 Mon Sep 17 00:00:00 2001 From: Athmane Madjoudj athm...@fedoraproject.org Date: Fri, 13 Feb 2015 13:24:50 +0100 Subject: [PATCH] Fix build issue with Lua = 5.3 --- apache2/msc_lua.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apache2/msc_lua.c b/apache2/msc_lua.c index f4482ae..58206a7 100644 --- a/apache2/msc_lua.c +++ b/apache2/msc_lua.c @@ -111,8 +111,11 @@ char *lua_compile(msc_script **script, const char *filename, apr_pool_t *pool) { dump.pool = pool; dump.parts = apr_array_make(pool, 128, sizeof(msc_script_part *)); +#if LUA_VERSION_NUM = 503 +lua_dump(L, dump_writer, dump, 1); +#else lua_dump(L, dump_writer, dump); - +#endif (*script) = apr_pcalloc(pool, sizeof(msc_script)); (*script)-name = filename; (*script)-parts = dump.parts;
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2015-07-20 11:21:07 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2015-03-11 09:58:51.0 +0100 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2015-07-20 11:21:08.0 +0200 @@ -1,0 +2,7 @@ +Thu Jul 16 07:22:02 UTC 2015 - pgaj...@suse.com + +- Requries: %{apache_suse_maintenance_mmn} + This will pull this module to the update (in released distribution) + when apache maintainer thinks it is good (due api/abi changes). + +--- Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.yXiyQK/_old 2015-07-20 11:21:10.0 +0200 +++ /var/tmp/diff_new_pack.yXiyQK/_new 2015-07-20 11:21:10.0 +0200 @@ -51,6 +51,7 @@ BuildRequires: pcre-devel BuildRequires: pkgconfig Requires: %{apache_mmn} +Requires: %{apache_suse_maintenance_mmn} Requires: apache2 BuildRoot: %{_tmppath}/%{name}-%{version}-build
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2015-03-11 09:58:49 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2015-03-03 11:14:47.0 +0100 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2015-03-11 09:58:51.0 +0100 @@ -1,0 +2,5 @@ +Mon Mar 2 14:46:15 UTC 2015 - tchva...@suse.com + +- Remove useless comment lines/whitespace + +--- @@ -14 +18,0 @@ - Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.FI8CEP/_old 2015-03-11 09:58:52.0 +0100 +++ /var/tmp/diff_new_pack.FI8CEP/_new 2015-03-11 09:58:52.0 +0100 @@ -18,19 +18,15 @@ %define modname mod_security2 %define tarballname modsecurity-%{version} -# %define usrsharedir %{_datadir}/%{name} %define refman Reference-Manual.html %define faq ModSecurity-Frequently-Asked-Questions-FAQ.html - Name: apache2-mod_security2 Version:2.9.0 Release:0 -# Summary:ModSecurity Open Source Web Application Firewall License:Apache-2.0 Group: Productivity/Networking/Web/Servers -# Url:http://www.modsecurity.org/ Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz @@ -56,8 +52,6 @@ BuildRequires: pkgconfig Requires: %{apache_mmn} Requires: apache2 -# -# BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -127,15 +121,8 @@ %{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt %{apache_sysconfdir}/mod_security2.d/empty.conf %dir %{usrsharedir} -#%dir %{usrsharedir}/tools -#%dir %{usrsharedir}/rules %doc README.TXT CHANGES LICENSE NOTICE authors.txt %{usrsharedir} -#%{usrsharedir}/rules/activated_rules -#%{usrsharedir}/rules/base_rules -#%{usrsharedir}/rules/experimental_rules -#%{usrsharedir}/rules/optional_rules -#%{usrsharedir}/rules/slr_rules %doc doc/* rules/util/regression-tests %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2015-03-03 11:14:44 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2015-02-16 22:11:55.0 +0100 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2015-03-03 11:14:47.0 +0100 @@ -1,0 +2,15 @@ +Tue Feb 24 04:23:11 UTC 2015 - crrodrig...@opensuse.org + +- spec, build: Respect optflags +- spec: buildrequire pkgconfig +- modsecurity-fixes.patch: mod_security fails at: + * building with optflags enabled due to undefined behaviour +and implicit declarations. + * It abuses it apr_allocator api, creating one allocator +per request and then destroying it, flooding the system +with mmap() , munmap requests, this is particularly nasty +with threaded mpms. it should instead use the allocator +from the request pool. + + +--- New: modsecurity-fixes.patch Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.l8I8VM/_old 2015-03-03 11:14:48.0 +0100 +++ /var/tmp/diff_new_pack.l8I8VM/_new 2015-03-03 11:14:48.0 +0100 @@ -41,6 +41,7 @@ Source6:README-SUSE-mod_security2.txt Source7:empty.conf Patch0: apache2-mod_security2-no_rpath.diff +Patch1: modsecurity-fixes.patch BuildRequires: apache-rpm-macros BuildRequires: apache2-devel BuildRequires: apache2-prefork @@ -52,6 +53,7 @@ BuildRequires: libxml2-devel BuildRequires: lua-devel BuildRequires: pcre-devel +BuildRequires: pkgconfig Requires: %{apache_mmn} Requires: apache2 # @@ -75,8 +77,7 @@ bzip2 -dc %{SOURCE3} %{_sourcedir}/%{refman} touch -r %{SOURCE3} %{_sourcedir}/%{refman} bzip2 -dc %{SOURCE4} %{_sourcedir}/%{faq} touch -r %{SOURCE4} %{_sourcedir}/%{faq} %patch0 -#%patch1 -#%patch2 +%patch1 -p1 %build # aclocal only works with never distributions, @@ -87,7 +88,7 @@ autoreconf -fi %endif automake -./configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config +%configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config CFLAGS=%{optflags} make %{?_smp_mflags} %install ++ modsecurity-fixes.patch ++ --- modsecurity-2.9.0.orig/apache2/mod_security2.c +++ modsecurity-2.9.0/apache2/mod_security2.c @@ -457,17 +457,13 @@ static void store_tx_context(modsec_rec * Creates a new transaction context. */ static modsec_rec *create_tx_context(request_rec *r) { -apr_allocator_t *allocator = NULL; modsec_rec *msr = NULL; msr = (modsec_rec *)apr_pcalloc(r-pool, sizeof(modsec_rec)); if (msr == NULL) return NULL; -apr_allocator_create(allocator); -apr_allocator_max_free_set(allocator, 1024); -apr_pool_create_ex(msr-mp, r-pool, NULL, allocator); +apr_pool_create(msr-mp, r-pool); if (msr-mp == NULL) return NULL; -apr_allocator_owner_set(allocator, msr-mp); msr-modsecurity = modsecurity; msr-r = r; --- modsecurity-2.9.0.orig/apache2/msc_reqbody.c +++ modsecurity-2.9.0/apache2/msc_reqbody.c @@ -88,7 +88,7 @@ apr_status_t modsecurity_request_body_st * to allocate structures from (not data, which is allocated * via malloc). */ -apr_pool_create(msr-msc_reqbody_mp, NULL); +apr_pool_create(msr-msc_reqbody_mp, msr-mp); /* Initialise request body processors, if any. */ --- modsecurity-2.9.0.orig/apache2/msc_status_engine.c +++ modsecurity-2.9.0/apache2/msc_status_engine.c @@ -37,6 +37,7 @@ #if (defined(__linux__) || defined(__gnu_linux__)) #include linux/if.h #include linux/sockios.h +#include sys/ioctl.h #endif #ifdef HAVE_SYS_UTSNAME_H #include sys/utsname.h --- modsecurity-2.9.0.orig/apache2/msc_remote_rules.c +++ modsecurity-2.9.0/apache2/msc_remote_rules.c @@ -792,6 +792,7 @@ next: compilation.; return -1; #endif +return -1; } --- modsecurity-2.9.0.orig/apache2/msc_util.c +++ modsecurity-2.9.0/apache2/msc_util.c @@ -18,6 +18,7 @@ #include stdlib.h #include sys/types.h #include sys/stat.h +#include arpa/inet.h #include msc_release.h #include msc_util.h -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2015-02-16 22:11:53 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2014-11-12 00:22:22.0 +0100 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2015-02-16 22:11:55.0 +0100 @@ -1,0 +2,7 @@ +Sat Feb 14 17:51:49 UTC 2015 - thomas.w...@sicsec.de + +- Raised to version 2.9.0 +- Updated patch: apache2-mod_security2-no_rpath.diff + (adapted lines) + +--- Old: modsecurity-2.8.0.tar.gz New: modsecurity-2.9.0.tar.gz Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.xnGHPj/_old 2015-02-16 22:11:57.0 +0100 +++ /var/tmp/diff_new_pack.xnGHPj/_new 2015-02-16 22:11:57.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package apache2-mod_security2 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,8 +22,9 @@ %define usrsharedir %{_datadir}/%{name} %define refman Reference-Manual.html %define faq ModSecurity-Frequently-Asked-Questions-FAQ.html + Name: apache2-mod_security2 -Version:2.8.0 +Version:2.9.0 Release:0 # Summary:ModSecurity Open Source Web Application Firewall ++ apache2-mod_security2-no_rpath.diff ++ --- /var/tmp/diff_new_pack.xnGHPj/_old 2015-02-16 22:11:57.0 +0100 +++ /var/tmp/diff_new_pack.xnGHPj/_new 2015-02-16 22:11:57.0 +0100 @@ -1,23 +1,19 @@ -diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.am ./apache2/Makefile.am ../modsecurity-2.8.0-o/apache2/Makefile.am 2014-04-15 14:44:04.0 +0200 -+++ ./apache2/Makefile.am 2014-06-16 16:17:44.0 +0200 -@@ -73,61 +73,61 @@ - @APXS_LDFLAGS@ \ - @LIBXML2_LDFLAGS@ \ - @LUA_LDFLAGS@ \ - @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ - endif +--- ../modsecurity-2.9.0-o/apache2/Makefile.am 2015-02-12 20:08:30.0 +0100 ./apache2/Makefile.am 2015-02-14 18:55:11.762837073 +0100 +@@ -91,61 +91,61 @@ if MACOSX mod_security2_la_LDFLAGS = -module -avoid-version \ @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ @APXS_LDFLAGS@ \ + @CURL_LDFLAGS@ \ + @LIBXML2_CFLAGS@ \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if SOLARIS @@ -25,10 +21,13 @@ @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ @APXS_LDFLAGS@ \ + @CURL_LDFLAGS@ \ + @LIBXML2_CFLAGS@ \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if LINUX @@ -37,10 +36,13 @@ @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ @APXS_LDFLAGS@ \ + @CURL_LDFLAGS@ \ + @LIBXML2_CFLAGS@ \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if FREEBSD @@ -48,41 +50,22 @@ @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ @APXS_LDFLAGS@ \ + @CURL_LDFLAGS@ \ + @LIBXML2_CFLAGS@ \ @LIBXML2_LDFLAGS@ \ @LUA_LDFLAGS@ \ @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ + @YAJL_LDFLAGS@ \ + @SSDEEP_LDFLAGS@ endif if OPENBSD mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \ @APR_LDFLAGS@ \ @APU_LDFLAGS@ \ - @APXS_LDFLAGS@ \ - @LIBXML2_LDFLAGS@ \ - @LUA_LDFLAGS@ \ - @PCRE_LDFLAGS@ \ - @YAJL_LDFLAGS@ - endif -diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.in ./apache2/Makefile.in ../modsecurity-2.8.0-o/apache2/Makefile.in 2014-04-15 14:44:14.0 +0200 -+++ ./apache2/Makefile.in 2014-06-16 16:18:03.0 +0200 -@@ -600,61 +600,61 @@ - else :; fi; \ - done; \ - test -z $$list2 || { \ - echo $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'; \ - $(MKDIR_P) $(DESTDIR)$(pkglibdir) || exit 1; \ - echo $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 $(DESTDIR)$(pkglibdir); \
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2014-11-12 00:21:58 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2014-09-03 19:32:14.0 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2014-11-12 00:22:22.0 +0100 @@ -1,0 +2,6 @@ +Mon Nov 3 09:41:02 UTC 2014 - pgaj...@suse.com + +- call spec-cleaner +- use apache rpm macros + +--- Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.QD6gFQ/_old 2014-11-12 00:22:23.0 +0100 +++ /var/tmp/diff_new_pack.QD6gFQ/_new 2014-11-12 00:22:23.0 +0100 @@ -16,12 +16,31 @@ # +%define modname mod_security2 +%define tarballname modsecurity-%{version} +# +%define usrsharedir %{_datadir}/%{name} +%define refman Reference-Manual.html +%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html Name: apache2-mod_security2 Version:2.8.0 -Release:0.1 +Release:0 # +Summary:ModSecurity Open Source Web Application Firewall +License:Apache-2.0 +Group: Productivity/Networking/Web/Servers # -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Url:http://www.modsecurity.org/ +Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz +Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz +Source2:mod_security2.conf +Source3:%{refman}.bz2 +Source4:%{faq}.bz2 +Source5:modsecurity_diagram_apache_request_cycle.jpg +Source6:README-SUSE-mod_security2.txt +Source7:empty.conf +Patch0: apache2-mod_security2-no_rpath.diff +BuildRequires: apache-rpm-macros BuildRequires: apache2-devel BuildRequires: apache2-prefork BuildRequires: autoconf @@ -32,36 +51,11 @@ BuildRequires: libxml2-devel BuildRequires: lua-devel BuildRequires: pcre-devel -%define apacheapache2 -%define modname mod_security2 -%define tarballname modsecurity-%{version} -# -%define apxs %{_sbindir}/apxs2 -%define apache_libexecdir %(%{apxs} -q LIBEXECDIR) -%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) -%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN $MMN) -%define usrsharedir %{_prefix}/share/%{name} -%define refman Reference-Manual.html -%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html -%if 0%{?apache_mmn} Requires: %{apache_mmn} -%endif Requires: apache2 # -Url:http://www.modsecurity.org/ -Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz -Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz -Source2:mod_security2.conf -Source3:%{refman}.bz2 -Source4:%{faq}.bz2 -Source5:modsecurity_diagram_apache_request_cycle.jpg -Source6:README-SUSE-mod_security2.txt -Source7:empty.conf -Patch0: apache2-mod_security2-no_rpath.diff # -Summary:ModSecurity Open Source Web Application Firewall -License:Apache-2.0 -Group: Productivity/Networking/Web/Servers +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description ModSecurity(TM) is an open source intrusion detection and prevention @@ -73,10 +67,9 @@ The modsecurity team also offer a commercial version of their excellent ruleset. Please have a look at http://www.modsecurity.org/ for more details. - %prep -%setup -n %{tarballname} -%setup -D -T -a 1 -n %{tarballname} +%setup -q -n %{tarballname} +%setup -q -D -T -a 1 -n %{tarballname} mv -v SpiderLabs* rules bzip2 -dc %{SOURCE3} %{_sourcedir}/%{refman} touch -r %{SOURCE3} %{_sourcedir}/%{refman} bzip2 -dc %{SOURCE4} %{_sourcedir}/%{faq} touch -r %{SOURCE4} %{_sourcedir}/%{faq} @@ -93,11 +86,11 @@ autoreconf -fi %endif automake -./configure --with-apxs=%{apxs} --enable-request-early --enable-htaccess-config +./configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config CFLAGS=%{optflags} make %{?_smp_mflags} %install -pushd %{apache} +pushd apache2 install -d -m 0755 %{buildroot}%{apache_libexecdir} install .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so popd @@ -124,10 +117,6 @@ mv
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2014-09-03 18:22:03 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2 Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2012-08-27 15:45:40.0 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2014-09-03 19:32:14.0 +0200 @@ -1,0 +2,135 @@ +Wed Aug 27 17:30:25 CEST 2014 - dr...@suse.de + +- Portability: provide /etc/apache2/mod_security2.d/empty.conf + to avoid a non-match of the file-glob in the Include statement + from /etc/apache2/conf.d/mod_security2.conf . This restores + the Include back from the IncludeOptional, which is not portable. +- Source URL set to (expanded) + https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz + +--- +Mon Aug 25 19:33:11 UTC 2014 - thomas.w...@sicsec.de + +- Fixed spec file to work with older distribution versions. + Before openSuSE 13.1 aclocal doesn't work, instead autoreconf + has to be called. + +--- +Mon Jul 7 14:06:19 CEST 2014 - dr...@suse.de + +- last changelog does not say that + apache2-mod_security2-libtool-fix.diff was obsoleted. + +--- +Mon Jun 16 19:04:00 CEST 2014 - dr...@suse.de + +- BuildRequires: libtool missing + +--- +Mon Jun 16 18:17:26 CEST 2014 - dr...@suse.de + +- apache2-mod_security2-libtool-fix.diff: initialize libtool. + +--- +Mon Jun 16 17:31:34 CEST 2014 - dr...@suse.de + +- apache2-mod_security2-no_rpath.diff: avoid the usage of -rpath + in autoconf m4 macros. Obsoletes patch + modsecurity-apache_2.8.0-build_fix_pcre.diff +- use automake for build, add autoconf and automake to + BuildRequires:. This fix is combined with [bnc#876878]. +- turn on --enable-htaccess-config +- use %{?_smp_mflags} for build + +--- +Thu Jun 12 12:33:49 CEST 2014 - dr...@suse.de + +- OWASP rule set. [bnc#876878] + new in 2.8.0 (more complete changelog to add to last changelog): + * Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit) +now support white and suspicious list + * New variables: FULL_REQUEST and FULL_REQUEST_LENGTH + * GPLv2 replaced by Apache License v2 + * rules are not part of the source tarball any longer, but +maintaned upstream externally, and included in this package. + * documentation was externalized to a wiki. Package contains +the FAQ and the reference manual in html form. + * renamed the term Encryption in directives that actually refer +to hashes. See CHANGES file for more details. + * byte conversion issues on s390x when logging fixed. + * many small issues fixed that were discovered by a Coverity scanner + * updated reference manual + * wrong time calculation when logging for some timezones fixed. + * replaced time-measuring mechanism with finer granularity for +measured request/answer phases. (Stopwatch remains for compat.) + * cookie parser memory leak fix + * parsing of quoted strings in multipart Content-Disposition +headers fixed. + +--- +Thu May 1 05:06:15 UTC 2014 - thomas.w...@sicsec.de + +- Raised to version 2.8.0. +- updated patches: + * modsecurity-apache_2.8.0-build_fix_pcre.diff +- modsecurity-apache_2.7.7-build_fix_pcre.diff + +--- +Sat Jan 25 17:43:33 UTC 2014 - thomas.w...@sicsec.de + + - Raised to version 2.7.7. + - modified patches: + * modsecurity-apache_2.7.5-build_fix_pcre.diff, +renamed to modsecurity-apache_2.7.7-build_fix_pcre.diff. + +--- +Thu Jan 23 13:06:09 UTC 2014 - a...@ajaissle.de + +- Use correct source Url + +--- +Fri Aug 2 14:18:39 CEST 2013 - dr...@suse.de + +- complete overhaul of this package, with update to 2.7.5. +- ruleset update to 2.2.8-0-g0f07cbb. +- new configuration framework private to mod_security2: + /etc/apache2/conf.d/mod_security2.conf loads + /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf, + then /etc/apache2/mod_security2.d/*.conf , as set up based on + advice in /etc/apache2/conf.d/mod_security2.conf + Your configuration starting point is +
commit apache2-mod_security2 for openSUSE:Factory
Hello community, here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2012-08-27 15:45:37 Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New) Package is apache2-mod_security2, Maintainer is dr...@suse.com Changes: --- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2011-09-23 01:51:54.0 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2012-08-27 15:45:40.0 +0200 @@ -1,0 +2,35 @@ +Mon Aug 27 11:43:47 UTC 2012 - cfarr...@suse.com + +- license update: Apache-2.0 and GPL-2.0 + Many of the files in the rules/ subdirectory are GPL-2.0 licensed + +--- +Mon Aug 6 20:59:45 UTC 2012 - crrodrig...@opensuse.org + +- Update to version 2.6.7, fixes build in apache 2.4 +- Update spec file macros. + +--- +Sat Sep 17 11:20:39 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +--- +Wed Jul 6 04:33:49 CEST 2011 - dr...@suse.de + +- update to version 2.6.1-rc1 for submission to SLE11-SP2 (fate#309433): + - SecUnicodeCodePage and SecUnicodeMapFile directives added + - fixed bug: SecRequestBodyLimit was truncating the real request +body + additional fixes from 2.6.0: + - buffering filter problems fixed + - memory leak fix when using MATCHED_VAR_NAMES + - SecWriteStateLimit added against slow DoS + additional fixes from 2.6.0 release candidates: + - optimizations + - bug in logging code fixed + - cleanup + - google safe browsing support + +--- Old: modsecurity-apache_2.5.9.tar.gz New: modsecurity-apache_2.6.7.tar.gz rules.tar.bz2 Other differences: -- ++ apache2-mod_security2.spec ++ --- /var/tmp/diff_new_pack.Q8vv3N/_old 2012-08-27 15:45:44.0 +0200 +++ /var/tmp/diff_new_pack.Q8vv3N/_new 2012-08-27 15:45:44.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package apache2-mod_security2 (Version 2.5.9) +# spec file for package apache2-mod_security2 # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,33 +15,44 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: apache2-mod_security2 -Version:2.5.9 -Release:2 +Version:2.6.7 +Release:0 +%define aversion 2.6.7 # -License:GPL v2 only; GPLv2 with some FLOSS linking exceptions -Group: Productivity/Networking/Web/Servers # BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: apache2-devel apache2-prefork c++_compiler curl-devel libxml2-devel pcre-devel +BuildRequires: apache2-devel +BuildRequires: apache2-prefork +BuildRequires: c++_compiler +BuildRequires: curl-devel +BuildRequires: libxml2-devel +BuildRequires: pcre-devel %define apacheapache2 %define modname mod_security2 -%define tarballname modsecurity-apache_%{version} +%define tarballname modsecurity-apache_%{aversion} # -%define apxs %{_sbindir}/apxs2 -%define apache_libexecdir %(%{apxs} -q LIBEXECDIR) -%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) -%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN $MMN) -Requires: apache2 %{apache_mmn} + +%{!?apxs: %global apxs /usr/sbin/apxs2} +%{!?apache_libexecdir: %global apache_libexecdir %(%{apxs} -q LIBEXECDIR)} +%{!?apache_sysconfdir: %global apache_sysconfdir %(%{apxs} -q SYSCONFDIR)} +%{!?apache_includedir: %global apache_includedir %(%{apxs} -q INCLUDEDIR)} +%{!?apache_serveroot: %global apache_serverroot %(%{apxs} -q PREFIX)} +%{!?apache_localstatedir: %global apache_localstatedir %(%{apxs} -q LOCALSTATEDIR)} +%{!?apache_mmn: %global apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN $MMN)} + +Requires: %{apache_mmn} +Requires: apache2 # Url:http://www.modsecurity.org/ Source: http://www.modsecurity.org/download/%{tarballname}.tar.gz Source1:mod_security2.conf +Source2:rules.tar.bz2 # Summary:ModSecurity Open Source Web Application Firewall +License:Apache-2.0 and GPL-2.0 +Group: