Changes - j0ke.net Open Build Service

Difference Between Revision 24 and internetx:managed:testing / mod_security

[-] [+]	Changed	mod_security-ix.changes
@@ -1,133 +1,4 @@ ------------------------------------------------------------------- -Wed Jan 11 06:34:21 UTC 2023 - Carsten Schoene <carsten.schoene@internetx.com> - -- Update to release 2.9.7 - -------------------------------------------------------------------- -Thu Mar 17 10:30:16 UTC 2022 - Local OBS User <cs@linux-administrator.com> - -- Update to release 2.9.5 - -------------------------------------------------------------------- -Mon Aug 23 11:39:54 UTC 2021 - Local OBS User <cs@linux-administrator.com> - -- Update to release 2.9.4 - -------------------------------------------------------------------- -Wed Feb 5 09:52:49 UTC 2020 - Local OBS User <cs@linux-administrator.com> - -- Update to release 2.9.3 - -------------------------------------------------------------------- -Wed May 16 06:44:59 UTC 2018 - cs@linux-administrator.com - -- Update to release 2.9.2 - -------------------------------------------------------------------- -Thu Apr 9 09:26:32 UTC 2015 - cs@linux-administrator.com - -- Update to relesae 2.9.0 -- set PERL ENV var to /usr/bin/perl -- drop mlogc-disable-force-sslv3.patch (TLSv1 is default now) - -------------------------------------------------------------------- -Fri Aug 8 17:29:19 UTC 2014 - cs@linux-administrator.com - -- Update to release 2.8.0 - -------------------------------------------------------------------- -Sun Jan 5 16:20:52 UTC 2014 - cs@linux-administrator.com - -- enable --enable-htaccess-config - -------------------------------------------------------------------- -Thu Dec 19 23:23:46 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.7 - -------------------------------------------------------------------- -Tue Jul 30 17:01:30 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.5 - -------------------------------------------------------------------- -Thu Jul 11 19:33:18 UTC 2013 - cs@linux-administrator.com - -- build against asl-libxml2 for EL5 based systems - -------------------------------------------------------------------- -Sat Jun 29 17:00:16 UTC 2013 - cs@linux-administrator.com - -- added CVE-2013-2765.patch for 2.6.8 (included in 2.7.4) - -------------------------------------------------------------------- -Wed Jun 5 10:16:47 UTC 2013 - cs@linux-administrator.com - -- fix permissions in cleanup cron script - -------------------------------------------------------------------- -Mon May 27 17:02:32 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.4 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Fri Mar 29 17:31:45 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.3 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Fri Jan 25 20:10:39 UTC 2013 - cs@linux-administrator.com - -- Update to release 2.7.2 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Sat Dec 29 10:33:37 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.7.1 (only for >= SLE_11, >= EL6) - -------------------------------------------------------------------- -Wed Oct 3 08:10:36 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.8 - -------------------------------------------------------------------- -Sun Jul 29 15:58:38 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.7 - -------------------------------------------------------------------- -Wed Jul 18 07:05:49 UTC 2012 - cs@linux-administrator.com - -- disable Rule 340152 - -------------------------------------------------------------------- -Tue Jul 3 08:30:53 UTC 2012 - cs@linux-administrator.com - -- disable Cross-Site Request Forgery (CSRF) rules -- add cleanup cron for /var/asl/data/audit - -------------------------------------------------------------------- -Mon Jun 18 10:21:17 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.6 - - added rule 391213 to default exclude list - -------------------------------------------------------------------- -Thu Mar 29 21:43:48 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.5 - -------------------------------------------------------------------- -Sat Jan 7 21:44:12 UTC 2012 - cs@linux-administrator.com - -- Update to release 2.6.3 - -------------------------------------------------------------------- -Sun Oct 23 09:49:21 UTC 2011 - cs@linux-administrator.com - -- Update to release 2.6.2 - -------------------------------------------------------------------- Fri Jul 22 07:10:30 UTC 2011 - cs@linux-administrator.com - Update to release 2.6.1 x 1 @@ -1,133 +1,4 @@ 2 ------------------------------------------------------------------- 3 -Wed Jan 11 06:34:21 UTC 2023 - Carsten Schoene <carsten.schoene@internetx.com> 4 - 5 -- Update to release 2.9.7 6 - 7 -------------------------------------------------------------------- 8 -Thu Mar 17 10:30:16 UTC 2022 - Local OBS User <cs@linux-administrator.com> 9 - 10 -- Update to release 2.9.5 11 - 12 -------------------------------------------------------------------- 13 -Mon Aug 23 11:39:54 UTC 2021 - Local OBS User <cs@linux-administrator.com> 14 - 15 -- Update to release 2.9.4 16 - 17 -------------------------------------------------------------------- 18 -Wed Feb 5 09:52:49 UTC 2020 - Local OBS User <cs@linux-administrator.com> 19 - 20 -- Update to release 2.9.3 21 - 22 -------------------------------------------------------------------- 23 -Wed May 16 06:44:59 UTC 2018 - cs@linux-administrator.com 24 - 25 -- Update to release 2.9.2 26 - 27 -------------------------------------------------------------------- 28 -Thu Apr 9 09:26:32 UTC 2015 - cs@linux-administrator.com 29 - 30 -- Update to relesae 2.9.0 31 -- set PERL ENV var to /usr/bin/perl 32 -- drop mlogc-disable-force-sslv3.patch (TLSv1 is default now) 33 - 34 -------------------------------------------------------------------- 35 -Fri Aug 8 17:29:19 UTC 2014 - cs@linux-administrator.com 36 - 37 -- Update to release 2.8.0 38 - 39 -------------------------------------------------------------------- 40 -Sun Jan 5 16:20:52 UTC 2014 - cs@linux-administrator.com 41 - 42 -- enable --enable-htaccess-config 43 - 44 -------------------------------------------------------------------- 45 -Thu Dec 19 23:23:46 UTC 2013 - cs@linux-administrator.com 46 - 47 -- Update to release 2.7.7 48 - 49 -------------------------------------------------------------------- 50 -Tue Jul 30 17:01:30 UTC 2013 - cs@linux-administrator.com 51 - 52 -- Update to release 2.7.5 53 - 54 -------------------------------------------------------------------- 55 -Thu Jul 11 19:33:18 UTC 2013 - cs@linux-administrator.com 56 - 57 -- build against asl-libxml2 for EL5 based systems 58 - 59 -------------------------------------------------------------------- 60 -Sat Jun 29 17:00:16 UTC 2013 - cs@linux-administrator.com 61 - 62 -- added CVE-2013-2765.patch for 2.6.8 (included in 2.7.4) 63 - 64 -------------------------------------------------------------------- 65 -Wed Jun 5 10:16:47 UTC 2013 - cs@linux-administrator.com 66 - 67 -- fix permissions in cleanup cron script 68 - 69 -------------------------------------------------------------------- 70 -Mon May 27 17:02:32 UTC 2013 - cs@linux-administrator.com 71 - 72 -- Update to release 2.7.4 (only for >= SLE_11, >= EL6) 73 - 74 -------------------------------------------------------------------- 75 -Fri Mar 29 17:31:45 UTC 2013 - cs@linux-administrator.com 76 - 77 -- Update to release 2.7.3 (only for >= SLE_11, >= EL6) 78 - 79 -------------------------------------------------------------------- 80 -Fri Jan 25 20:10:39 UTC 2013 - cs@linux-administrator.com 81 - 82 -- Update to release 2.7.2 (only for >= SLE_11, >= EL6) 83 - 84 -------------------------------------------------------------------- 85 -Sat Dec 29 10:33:37 UTC 2012 - cs@linux-administrator.com 86 - 87 -- Update to release 2.7.1 (only for >= SLE_11, >= EL6) 88 - 89 -------------------------------------------------------------------- 90 -Wed Oct 3 08:10:36 UTC 2012 - cs@linux-administrator.com 91 - 92 -- Update to release 2.6.8 93 - 94 -------------------------------------------------------------------- 95 -Sun Jul 29 15:58:38 UTC 2012 - cs@linux-administrator.com 96 - 97 -- Update to release 2.6.7 98 - 99 -------------------------------------------------------------------- 100 -Wed Jul 18 07:05:49 UTC 2012 - cs@linux-administrator.com 101 - 102 -- disable Rule 340152 103 - 104 -------------------------------------------------------------------- 105 -Tue Jul 3 08:30:53 UTC 2012 - cs@linux-administrator.com 106 - 107 -- disable Cross-Site Request Forgery (CSRF) rules 108 -- add cleanup cron for /var/asl/data/audit 109 - 110 -------------------------------------------------------------------- 111 -Mon Jun 18 10:21:17 UTC 2012 - cs@linux-administrator.com 112 - 113 -- Update to release 2.6.6 114 - - added rule 391213 to default exclude list 115 - 116 -------------------------------------------------------------------- 117 -Thu Mar 29 21:43:48 UTC 2012 - cs@linux-administrator.com 118 - 119 -- Update to release 2.6.5 120 - 121 -------------------------------------------------------------------- 122 -Sat Jan 7 21:44:12 UTC 2012 - cs@linux-administrator.com 123 - 124 -- Update to release 2.6.3 125 - 126 -------------------------------------------------------------------- 127 -Sun Oct 23 09:49:21 UTC 2011 - cs@linux-administrator.com 128 - 129 -- Update to release 2.6.2 130 - 131 -------------------------------------------------------------------- 132 Fri Jul 22 07:10:30 UTC 2011 - cs@linux-administrator.com 133 134 - Update to release 2.6.1 135
[-] [+]	Changed	mod_security-ix.spec ^
@@ -1,36 +1,11 @@ -%define aslxml 1 -%define pkgname modsecurity- Summary: Security module for the Apache HTTP Server Name: mod_security -%if 0%{?centos_version} >= 6 \|\| 0%{?rhel_version} >= 600 \|\| 0%{?sl_version} >= 600 \|\| 0%{?suse_version} >= 1110 \|\| 0%{?sles_version} >= 11 -%define pkgversion 2.9.7 -%define oldver 0 -%define _aslxml 0 -%define epoch 1 -BuildRequires: libxml2-devel -%else -%if %{aslxml} -%define pkgversion 2.9.7 -%define oldver 0 -%define _aslxml 1 -%define epoch 1 -BuildRequires: asl-libxml2-devel -%else -%define pkgversion 2.6.8 -%define pkgname modsecurity-apache_ -%define oldver 1 -%define _aslxml 0 -%define epoch 0 -BuildRequires: libxml2-devel -%endif -%endif -Version: %{pkgversion} -Epoch: %{epoch} -Release: 35 +Version: 2.6.1 +Release: 23 License: GPLv2 URL: http://www.modsecurity.org/ Group: System Environment/Daemons -Source: http://www.modsecurity.org/download/%{pkgname}%{version}.tar.bz2 +Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.bz2 %if 0%{?rhel_version} \|\| 0%{?centos_version} \|\| 0%{?sl_version} \|\| 0%{?redhat_version} Source1: 00_mod_security.conf Source2: modsecurity_crs_10_config-default.conf @@ -42,20 +17,13 @@ Source3: zzz_asl_custom_exclude.conf Source4: zzz_asl_custom_local_exclude.conf Source5: modsec-clamscan.pl -Source6: modsec-clean_var-asl-data-audit Patch1: waf-label.patch -Patch2: modsecurity-2.9.1_curl-lower_7.34.patch -Patch50: CVE-2013-2765.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %if 0%{?rhel_version} \|\| 0%{?centos_version} \|\| 0%{?sl_version} \|\| 0%{?redhat_version} Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn \|\| echo missing) BuildRequires: httpd-devel pkgconfig lua-devel Requires: lua -%if 0%{?rhel} >= 7 -%define apxs %{_bindir}/apxs -%else %define apxs %{_sbindir}/apxs -%endif %define apache_libexecdir %(%{apxs} -q LIBEXECDIR) ##%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) %define apache_sysconfdir /etc/httpd @@ -79,10 +47,9 @@ Provides: apache2-mod_security2 = %{version} %endif -BuildRequires: pcre-devel libtool curl-devel +BuildRequires: libxml2-devel pcre-devel libtool curl-devel BuildRequires: curl -BuildRequires: autoconf automake Requires: libxml2 pcre Provides: ix-mod_security = %{version} @@ -92,28 +59,19 @@ as a powerful umbrella - shielding web applications from attacks. %prep -%setup -n %{pkgname}%{version} +%setup -n modsecurity-apache_%{version} %patch1 -p1 -%patch2 -p0 -%if 0%{?oldver} == 1 -%patch50 -p1 -%endif %build CFLAGS="%{optflags}" export CFLAGS -export PERL=/usr/bin/perl - -[ ! -f configure ] && ./autogen.sh %configure \ -%if 0%{_aslxml} == 1 - --with-libxml=/var/asl/usr/ \ -%endif - --enable-pcre-match-limit=no \ - --enable-pcre-match-limit-recursion=no \ - --enable-pcre-study \ - --enable-htaccess-config + --disable-pcre-match-limit \ + --disable-pcre-match-limit-recursion + +# Legacy from LoadFile +#perl -pi.orig -e 's\|LIBDIR\|%{_libdir}\|;' %{SOURCE1} make %{_smp_mflags} @@ -133,9 +91,6 @@ install -D -m644 %{SOURCE3} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_exclude.conf install -D -m644 %{SOURCE4} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf install -D -m755 %{SOURCE5} %{buildroot}%{_bindir}/modsec-clamscan.pl -install -D -m755 %{SOURCE6} %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit -sed -i s@"%APAUSR%:%APAGRP%"@"%{apache_usr}:%{apache_grp}"@g %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit - mkdir -p %{buildroot}/var/log/mlogc/data install -D -m755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc install -m755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load.pl @@ -166,7 +121,6 @@ %config(noreplace) %{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf %config(noreplace) %{_sysconfdir}/mlogc.conf %config %{_sysconfdir}/mlogc-default.conf -%config %{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit %defattr(-,%{apache_usr},%{apache_grp}) %dir /var/asl %dir /var/asl/data 127 1 @@ -1,36 +1,11 @@ 2 -%define aslxml 1 3 -%define pkgname modsecurity- 4 Summary: Security module for the Apache HTTP Server 5 Name: mod_security 6 -%if 0%{?centos_version} >= 6 \|\| 0%{?rhel_version} >= 600 \|\| 0%{?sl_version} >= 600 \|\| 0%{?suse_version} >= 1110 \|\| 0%{?sles_version} >= 11 7 -%define pkgversion 2.9.7 8 -%define oldver 0 9 -%define _aslxml 0 10 -%define epoch 1 11 -BuildRequires: libxml2-devel 12 -%else 13 -%if %{aslxml} 14 -%define pkgversion 2.9.7 15 -%define oldver 0 16 -%define _aslxml 1 17 -%define epoch 1 18 -BuildRequires: asl-libxml2-devel 19 -%else 20 -%define pkgversion 2.6.8 21 -%define pkgname modsecurity-apache_ 22 -%define oldver 1 23 -%define _aslxml 0 24 -%define epoch 0 25 -BuildRequires: libxml2-devel 26 -%endif 27 -%endif 28 -Version: %{pkgversion} 29 -Epoch: %{epoch} 30 -Release: 35 31 +Version: 2.6.1 32 +Release: 23 33 License: GPLv2 34 URL: http://www.modsecurity.org/ 35 Group: System Environment/Daemons 36 -Source: http://www.modsecurity.org/download/%{pkgname}%{version}.tar.bz2 37 +Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.bz2 38 %if 0%{?rhel_version} \|\| 0%{?centos_version} \|\| 0%{?sl_version} \|\| 0%{?redhat_version} 39 Source1: 00_mod_security.conf 40 Source2: modsecurity_crs_10_config-default.conf 41 @@ -42,20 +17,13 @@ 42 Source3: zzz_asl_custom_exclude.conf 43 Source4: zzz_asl_custom_local_exclude.conf 44 Source5: modsec-clamscan.pl 45 -Source6: modsec-clean_var-asl-data-audit 46 Patch1: waf-label.patch 47 -Patch2: modsecurity-2.9.1_curl-lower_7.34.patch 48 -Patch50: CVE-2013-2765.patch 49 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 50 %if 0%{?rhel_version} \|\| 0%{?centos_version} \|\| 0%{?sl_version} \|\| 0%{?redhat_version} 51 Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn \|\| echo missing) 52 BuildRequires: httpd-devel pkgconfig lua-devel 53 Requires: lua 54 -%if 0%{?rhel} >= 7 55 -%define apxs %{_bindir}/apxs 56 -%else 57 %define apxs %{_sbindir}/apxs 58 -%endif 59 %define apache_libexecdir %(%{apxs} -q LIBEXECDIR) 60 ##%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR) 61 %define apache_sysconfdir /etc/httpd 62 @@ -79,10 +47,9 @@ 63 Provides: apache2-mod_security2 = %{version} 64 %endif 65 66 -BuildRequires: pcre-devel libtool curl-devel 67 +BuildRequires: libxml2-devel pcre-devel libtool curl-devel 68 BuildRequires: curl 69 70 -BuildRequires: autoconf automake 71 Requires: libxml2 pcre 72 Provides: ix-mod_security = %{version} 73 74 @@ -92,28 +59,19 @@ 75 as a powerful umbrella - shielding web applications from attacks. 76 77 %prep 78 -%setup -n %{pkgname}%{version} 79 +%setup -n modsecurity-apache_%{version} 80 %patch1 -p1 81 -%patch2 -p0 82 -%if 0%{?oldver} == 1 83 -%patch50 -p1 84 -%endif 85 86 %build 87 CFLAGS="%{optflags}" 88 export CFLAGS 89 -export PERL=/usr/bin/perl 90 - 91 -[ ! -f configure ] && ./autogen.sh 92 93 %configure \ 94 -%if 0%{_aslxml} == 1 95 - --with-libxml=/var/asl/usr/ \ 96 -%endif 97 - --enable-pcre-match-limit=no \ 98 - --enable-pcre-match-limit-recursion=no \ 99 - --enable-pcre-study \ 100 - --enable-htaccess-config 101 + --disable-pcre-match-limit \ 102 + --disable-pcre-match-limit-recursion 103 + 104 +# Legacy from LoadFile 105 +#perl -pi.orig -e 's\|LIBDIR\|%{_libdir}\|;' %{SOURCE1} 106 107 make %{_smp_mflags} 108 109 @@ -133,9 +91,6 @@ 110 install -D -m644 %{SOURCE3} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_exclude.conf 111 install -D -m644 %{SOURCE4} %{buildroot}/%{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf 112 install -D -m755 %{SOURCE5} %{buildroot}%{_bindir}/modsec-clamscan.pl 113 -install -D -m755 %{SOURCE6} %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit 114 -sed -i s@"%APAUSR%:%APAGRP%"@"%{apache_usr}:%{apache_grp}"@g %{buildroot}%{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit 115 - 116 mkdir -p %{buildroot}/var/log/mlogc/data 117 install -D -m755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc 118 install -m755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load.pl 119 @@ -166,7 +121,6 @@ 120 %config(noreplace) %{apache_sysconfdir}/modsec/zzz_asl_custom_local_exclude.conf 121 %config(noreplace) %{_sysconfdir}/mlogc.conf 122 %config %{_sysconfdir}/mlogc-default.conf 123 -%config %{_sysconfdir}/cron.daily/modsec-clean_var-asl-data-audit 124 %defattr(-,%{apache_usr},%{apache_grp}) 125 %dir /var/asl 126 %dir /var/asl/data 127
[-] [+]	Deleted	CVE-2013-2765.patch ^
@@ -1,10 +0,0 @@ ---- modsecurity-apache_2.6.8/apache2/msc_reqbody.c.orig 2013-06-29 18:56:31.446864803 +0200 -+++ modsecurity-apache_2.6.8/apache2/msc_reqbody.c 2013-06-29 18:56:45.354863561 +0200 -@@ -170,6 +170,7 @@ - - /* Would storing this chunk mean going over the limit? / - if ((msr->msc_reqbody_spilltodisk) -+ && (msr->txcfg->reqbody_buffering != REQUEST_BODY_FORCEBUF_ON) - && (msr->msc_reqbody_length + length > (apr_size_t)msr->txcfg->reqbody_inmemory_limit)) - { - msc_data_chunk *chunks;
[-] [+]	Deleted	mlogc-disable-force-sslv3.patch ^
@@ -1,11 +0,0 @@ ---- mlogc/mlogc.c.orig 2012-03-05 17:20:00.254555490 +0100 -+++ mlogc/mlogc.c 2012-03-05 17:20:10.430753985 +0100 -@@ -1214,7 +1214,7 @@ - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); - /* SSLv3 works better overall as some servers have issues with TLS / -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); -+ / curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); */ - curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE); - curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
[-] [+]	Deleted	modsecurity-2.9.1_curl-lower_7.34.patch ^
@@ -1,60 +0,0 @@ ---- mlogc/mlogc.c.orig 2016-06-02 09:15:03.283648355 +0200 -+++ mlogc/mlogc.c 2016-06-02 10:59:44.378377602 +0200 -@@ -1270,33 +1270,36 @@ - } - - -- /* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl -- * < v7.34.0 -- * -- * version_num is a 24 bit number created like this: -- * <8 bits major number> \| <8 bits minor number> \| <8 bits patch number>. -- / -- switch (tlsprotocol) { -- case 0: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); -- break; -- case 1: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); -- break; -- case 2: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -- break; -- default: -- curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -- break; -- } - cmaj = curlversion->version_num >> 16; - cmin = (curlversion->version_num & 0x00ff00) >> 8; - cpat = (curlversion->version_num & 0x0000ff); - / If cURL version < v7.34.0, use TLS v1.x / - if (cmaj <= 7 && cmin < 34) { - curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); -- } -+#ifdef CURL_SSLVERSION_TLSv1_0 -+ } else { -+ / Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl -+ * < v7.34.0 -+ * -+ * version_num is a 24 bit number created like this: -+ * <8 bits major number> \| <8 bits minor number> \| <8 bits patch number>. -+ */ -+ switch (tlsprotocol) { -+ case 0: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); -+ break; -+ case 1: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); -+ break; -+ case 2: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+ break; -+ default: -+ curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); -+ break; -+ } -+#endif -+ } - - curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15); - curl_easy_setopt(curl, CURLOPT_NOSIGNAL, TRUE);
[-] [+]	Added	mod_security-ix.spec2513 ^
@@ -0,0 +1,110 @@ +Summary: Security module for the Apache HTTP Server +Name: mod_security +Version: 2.6.1 +Release: 23 +License: GPLv2 +URL: http://www.modsecurity.org/ +Group: System Environment/Daemons +Source: http://www.modsecurity.org/download/modsecurity-apache_%{version}.tar.bz2 +Source1: 00_mod_security.conf +Source2: modsecurity_crs_10_config-default.conf +Source3: zzz_asl_custom_exclude.conf +Source4: zzz_asl_custom_local_exclude.conf +Patch1: waf-label.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Requires: httpd httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn \|\| echo missing) +BuildRequires: httpd-devel libxml2-devel pcre-devel libtool pkgconfig curl-devel +BuildRequires: curl +BuildRequires: lua-devel + +Requires: libxml2 pcre lua +Provides: ix-mod_security = %{version} + +%description +ModSecurity is an open source intrusion detection and prevention engine +for web applications. It operates embedded into the web server, acting +as a powerful umbrella - shielding web applications from attacks. + +%prep +%setup -n modsecurity-apache_%{version} +%patch1 -p1 + +%build +CFLAGS="%{optflags}" +export CFLAGS + +cd apache2 +%configure \ + --disable-pcre-match-limit \ + --disable-pcre-match-limit-recursion + +# Legacy from LoadFile +#perl -pi.orig -e 's\|LIBDIR\|%{_libdir}\|;' %{SOURCE1} + +make %{_smp_mflags} + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/ +mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d/ +mkdir -p %{buildroot}/var/asl/data/suspicious +mkdir -p %{buildroot}/var/asl/data/msa +mkdir -p %{buildroot}/var/asl/data/audit +install -D -m755 apache2/.libs/mod_security2.so %{buildroot}/%{_libdir}/httpd/modules/mod_security2.so +install -D -m644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/httpd/conf.d/00_mod_security.conf +install -D -m644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/modsecurity.d/modsecurity_crs_10_config.conf +install -D -m644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/httpd/modsec/zzz_asl_custom_exclude.conf +install -D -m644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/httpd/modsec/zzz_asl_custom_local_exclude.conf +install -D -m755 rules/util/modsec-clamscan.pl %{buildroot}%{_bindir}/modsec-clamscan.pl + +%clean +rm -rf %{buildroot} + +%files +%defattr (-,root,root) +%doc CHANGES LICENSE README.* modsecurity* doc +%{_libdir}/httpd/modules/mod_security2.so +%{_bindir}/modsec-clamscan.pl +%config %{_sysconfdir}/httpd/conf.d/00_mod_security.conf +%dir %{_sysconfdir}/httpd/modsecurity.d +%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/modsecurity_crs_10_config.conf +%config %{_sysconfdir}/httpd/modsec/zzz_asl_custom_exclude.conf +%config(noreplace) %{_sysconfdir}/httpd/modsec/zzz_asl_custom_local_exclude.conf + +%defattr(-,apache,apache) +%dir /var/asl +%dir /var/asl/data +%dir /var/asl/data/suspicious +%dir /var/asl/data/msa +%dir /var/asl/data/audit + +%changelog +* Mon Jun 27 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-23 +- rename 999_asl_custom_exclude.conf to zzz_asl_custom_exclude.conf +- rename 999_asl_custom_local_exclude.conf to zzz_asl_custom_local_exclude.conf + + +* Mon Jun 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-21 +- added 999_asl_custom_local_exclude.conf with noreplace +- set 999_asl_custom_exclude.conf to replace + +* Mon Jun 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-20 +- added rules to excludelist: + - 350147 + - 350148 + - 340162 + +* Fri May 06 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-19 +- rename exclude config file from 00_asl_custom_exclude.conf to 999_asl_custom_exclude.conf + +* Thu May 05 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-18 +- disable clamav check rule 351000 by default + +* Tue May 03 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-17 +- add 00_asl_custom_exclude.conf and disable RBL rule 350000 by default + +* Fri Apr 01 2011 Carsten Schoene <cs@linux-administrator.com> - 2.5.13-16 +- update to release 2.5.13 + +* Wed Nov 24 2010 Carsten Schoene <cs@linux-administrator.com> - 2.5.12-15 +- initial InterNetX GmbH specific mod_security build
[-] [+]	Changed	modsec-clamscan.pl ^
@@ -27,7 +27,7 @@ my ($FILE) = @ARGV; -$cmd = "$CLAMSCAN --stdout --no-summary $FILE"; +$cmd = "$CLAMSCAN --stdout --disable-summary $FILE"; $input = `$cmd`; $input =~ m/^(.+)/; $error_message = $1;
[-] [+]	Deleted	modsec-clean_var-asl-data-audit ^
@@ -1,5 +0,0 @@ -#!/bin/bash -nice -n 19 find /var/asl/data/audit -type d -mindepth 1 -cmin +30 -print0 \| xargs -r -0 rm -rf -mkdir -p /var/asl/data/audit -chown -R %APAUSR%:%APAGRP% /var/asl/data/audit -[ -x /usr/local/bin/modsec-permissions ] && /usr/local/bin/modsec-permissions \|\| :
	Deleted	modsecurity-2.8.0.tar.bz2 ^
	Deleted	modsecurity-2.9.0.tar.bz2 ^
	Deleted	modsecurity-2.9.2.tar.bz2 ^
	Deleted	modsecurity-2.9.3.tar.bz2 ^
	Deleted	modsecurity-2.9.4.tar.bz2 ^
	Deleted	modsecurity-2.9.5.tar.bz2 ^
	Deleted	modsecurity-2.9.7.tar.bz2 ^
	Changed	modsecurity-apache_2.5.13.tar.gz ^
	Changed	modsecurity-apache_2.6.1.tar.bz2 ^
	Deleted	modsecurity-apache_2.7.5.tar.bz2 ^
	Deleted	modsecurity-apache_2.7.7.tar.bz2 ^
[-] [+]	Changed	zzz_asl_custom_exclude.conf ^
@@ -4,21 +4,3 @@ SecRuleRemoveById 350147 SecRuleRemoveById 350148 SecRuleRemoveById 340162 -SecRuleRemoveById 391213 -SecRuleRemoveById 340152 - -# experimental -SecRuleRemoveById 340202 -SecRuleRemoveById 340201 -SecRuleRemoveById 340204 -SecRuleRemoveById 340205 -SecRuleRemoveById 340206 -SecRuleRemoveById 340207 -SecRuleRemoveById 340208 -SecRuleRemoveById 340209 -SecRuleRemoveById 345400 -SecRuleRemoveById 345401 -SecRuleRemoveById 345402 -SecRuleRemoveById 345403 -SecRuleRemoveById 345404 -