commit apache2-mod_security2 for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package apache2-mod_security2 for openSUSE:Factory checked in at 2014-09-03 18:22:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_security2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes 2012-08-27 15:45:40.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.apache2-mod_security2.new/apache2-mod_security2.changes 2014-09-03 19:32:14.000000000 +0200
@@ -1,0 +2,135 @@
+Wed Aug 27 17:30:25 CEST 2014 - draht@suse.de
+
+- Portability: provide /etc/apache2/mod_security2.d/empty.conf
+ to avoid a non-match of the file-glob in the Include statement
+ from /etc/apache2/conf.d/mod_security2.conf . This restores
+ the Include back from the IncludeOptional, which is not portable.
+- Source URL set to (expanded)
+ https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz
+
+-------------------------------------------------------------------
+Mon Aug 25 19:33:11 UTC 2014 - thomas.worm@sicsec.de
+
+- Fixed spec file to work with older distribution versions.
+ Before openSuSE 13.1 aclocal doesn't work, instead autoreconf
+ has to be called.
+
+-------------------------------------------------------------------
+Mon Jul 7 14:06:19 CEST 2014 - draht@suse.de
+
+- last changelog does not say that
+ apache2-mod_security2-libtool-fix.diff was obsoleted.
+
+-------------------------------------------------------------------
+Mon Jun 16 19:04:00 CEST 2014 - draht@suse.de
+
+- BuildRequires: libtool missing
+
+-------------------------------------------------------------------
+Mon Jun 16 18:17:26 CEST 2014 - draht@suse.de
+
+- apache2-mod_security2-libtool-fix.diff: initialize libtool.
+
+-------------------------------------------------------------------
+Mon Jun 16 17:31:34 CEST 2014 - draht@suse.de
+
+- apache2-mod_security2-no_rpath.diff: avoid the usage of -rpath
+ in autoconf m4 macros. Obsoletes patch
+ modsecurity-apache_2.8.0-build_fix_pcre.diff
+- use automake for build, add autoconf and automake to
+ BuildRequires:. This fix is combined with [bnc#876878].
+- turn on --enable-htaccess-config
+- use %{?_smp_mflags} for build
+
+-------------------------------------------------------------------
+Thu Jun 12 12:33:49 CEST 2014 - draht@suse.de
+
+- OWASP rule set. [bnc#876878]
+ new in 2.8.0 (more complete changelog to add to last changelog):
+ * Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit)
+ now support white and suspicious list
+ * New variables: FULL_REQUEST and FULL_REQUEST_LENGTH
+ * GPLv2 replaced by Apache License v2
+ * rules are not part of the source tarball any longer, but
+ maintaned upstream externally, and included in this package.
+ * documentation was externalized to a wiki. Package contains
+ the FAQ and the reference manual in html form.
+ * renamed the term "Encryption" in directives that actually refer
+ to hashes. See CHANGES file for more details.
+ * byte conversion issues on s390x when logging fixed.
+ * many small issues fixed that were discovered by a Coverity scanner
+ * updated reference manual
+ * wrong time calculation when logging for some timezones fixed.
+ * replaced time-measuring mechanism with finer granularity for
+ measured request/answer phases. (Stopwatch remains for compat.)
+ * cookie parser memory leak fix
+ * parsing of quoted strings in multipart Content-Disposition
+ headers fixed.
+
+-------------------------------------------------------------------
+Thu May 1 05:06:15 UTC 2014 - thomas.worm@sicsec.de
+
+- Raised to version 2.8.0.
+- updated patches:
+ * modsecurity-apache_2.8.0-build_fix_pcre.diff
+ -> modsecurity-apache_2.7.7-build_fix_pcre.diff
+
+-------------------------------------------------------------------
+Sat Jan 25 17:43:33 UTC 2014 - thomas.worm@sicsec.de
+
+ - Raised to version 2.7.7.
+ - modified patches:
+ * modsecurity-apache_2.7.5-build_fix_pcre.diff,
+ renamed to modsecurity-apache_2.7.7-build_fix_pcre.diff.
+
+-------------------------------------------------------------------
+Thu Jan 23 13:06:09 UTC 2014 - aj@ajaissle.de
+
+- Use correct source Url
+
+-------------------------------------------------------------------
+Fri Aug 2 14:18:39 CEST 2013 - draht@suse.de
+
+- complete overhaul of this package, with update to 2.7.5.
+- ruleset update to 2.2.8-0-g0f07cbb.
+- new configuration framework private to mod_security2:
+ /etc/apache2/conf.d/mod_security2.conf loads
+ /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf,
+ then /etc/apache2/mod_security2.d/*.conf , as set up based on
+ advice in /etc/apache2/conf.d/mod_security2.conf
+ Your configuration starting point is
+ /etc/apache2/conf.d/mod_security2.conf
+- !!! Please note that mod_unique_id is needed for mod_security2 to run!
+- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
+ linker parameter, preventing rpath in shared object.
+- fixes contained for the following bugs:
+ * CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
+ * [bnc#768293] multi-part bypass, minor threat
+ * CVE-2013-1915 [bnc#813190] XML external entity vulnerability
+ * CVE-2012-4528 [bnc#789393] rule bypass
+ * CVE-2013-2765 [bnc#822664] null pointer dereference crash
+- new from 2.5.9 to 2.7.5, only major changes:
+ * GPLv2 replaced by Apache License v2
+ * rules are not part of the source tarball any longer, but
+ maintaned upstream externally, and included in this package.
+ * documentation was externalized to a wiki. Package contains
+ the FAQ and the reference manual in html form.
+ * renamed the term "Encryption" in directives that actually refer
+ to hashes. See CHANGES file for more details.
+ * new directive SecXmlExternalEntity, default off
+ * byte conversion issues on s390x when logging fixed.
+ * many small issues fixed that were discovered by a Coverity scanner
+ * updated reference manual
+ * wrong time calculation when logging for some timezones fixed.
+ * replaced time-measuring mechanism with finer granularity for
+ measured request/answer phases. (Stopwatch remains for compat.)
+ * cookie parser memory leak fix
+ * parsing of quoted strings in multipart Content-Disposition
+ headers fixed.
+ * SDBM deadlock fix
+ * @rsub memory leak fix
+ * cookie separator code improvements
+ * build failure fixes
+ * compile time option --enable-htaccess-config (set)
+
+-------------------------------------------------------------------
Old:
----
modsecurity-apache_2.6.7.tar.gz
rules.tar.bz2
New:
----
ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
README-SUSE-mod_security2.txt
Reference-Manual.html.bz2
SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
apache2-mod_security2-no_rpath.diff
empty.conf
modsecurity-2.8.0.tar.gz
modsecurity_diagram_apache_request_cycle.jpg
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_security2.spec ++++++
--- /var/tmp/diff_new_pack.DX7ht6/_old 2014-09-03 19:32:16.000000000 +0200
+++ /var/tmp/diff_new_pack.DX7ht6/_new 2014-09-03 19:32:16.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package apache2-mod_security2
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,41 +17,50 @@
Name: apache2-mod_security2
-Version: 2.6.7
-Release: 0
-%define aversion 2.6.7
+Version: 2.8.0
+Release: 0.1
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: apache2-devel
BuildRequires: apache2-prefork
+BuildRequires: autoconf
+BuildRequires: automake
BuildRequires: c++_compiler
-BuildRequires: curl-devel
+BuildRequires: libcurl-devel
+BuildRequires: libtool
BuildRequires: libxml2-devel
+BuildRequires: lua-devel
BuildRequires: pcre-devel
%define apache apache2
%define modname mod_security2
-%define tarballname modsecurity-apache_%{aversion}
+%define tarballname modsecurity-%{version}
#
-
-%{!?apxs: %global apxs /usr/sbin/apxs2}
-%{!?apache_libexecdir: %global apache_libexecdir %(%{apxs} -q LIBEXECDIR)}
-%{!?apache_sysconfdir: %global apache_sysconfdir %(%{apxs} -q SYSCONFDIR)}
-%{!?apache_includedir: %global apache_includedir %(%{apxs} -q INCLUDEDIR)}
-%{!?apache_serveroot: %global apache_serverroot %(%{apxs} -q PREFIX)}
-%{!?apache_localstatedir: %global apache_localstatedir %(%{apxs} -q LOCALSTATEDIR)}
-%{!?apache_mmn: %global apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)}
-
+%define apxs %{_sbindir}/apxs2
+%define apache_libexecdir %(%{apxs} -q LIBEXECDIR)
+%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR)
+%define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN && $MMN)
+%define usrsharedir %{_prefix}/share/%{name}
+%define refman Reference-Manual.html
+%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html
+%if 0%{?apache_mmn}
Requires: %{apache_mmn}
+%endif
Requires: apache2
#
Url: http://www.modsecurity.org/
-Source: http://www.modsecurity.org/download/%{tarballname}.tar.gz
-Source1: mod_security2.conf
-Source2: rules.tar.bz2
+Source: https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz
+Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLa...
+Source2: mod_security2.conf
+Source3: %{refman}.bz2
+Source4: %{faq}.bz2
+Source5: modsecurity_diagram_apache_request_cycle.jpg
+Source6: README-SUSE-mod_security2.txt
+Source7: empty.conf
+Patch0: apache2-mod_security2-no_rpath.diff
#
Summary: ModSecurity Open Source Web Application Firewall
-License: Apache-2.0 and GPL-2.0
+License: Apache-2.0
Group: Productivity/Networking/Web/Servers
%description
@@ -61,44 +70,81 @@
ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks.
+The modsecurity team also offer a commercial version of their excellent
+ruleset. Please have a look at http://www.modsecurity.org/ for more details.
%prep
%setup -n %{tarballname}
-tar -xvjpf %{S:2}
+%setup -D -T -a 1 -n %{tarballname}
+mv -v SpiderLabs* rules
+bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3} %{_sourcedir}/%{refman}
+bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4} %{_sourcedir}/%{faq}
+%patch0
+#%patch1
+#%patch2
%build
-#pushd %{apache}
- ./configure
- make %{?_smp_mflags}
-# make -C mlogc-src/
-#popd
+# aclocal only works with never distributions,
+%if 0%{?suse_version} >= 1310
+aclocal
+# on older versions only autoconf is called.
+%else
+autoreconf -fi
+%endif
+automake
+./configure --with-apxs=%{apxs} --enable-request-early --enable-htaccess-config
+CFLAGS="%{optflags}" make %{?_smp_mflags}
%install
pushd %{apache}
- install -D -m 0755 .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so
+ install -d -m 0755 %{buildroot}%{apache_libexecdir}
+ install .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so
popd
- install -D -m 0755 mlogc/mlogc %{buildroot}%{_sbindir}/mlogc
- install -D -m 0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_sbindir}/mlogc-batch-load.pl
- install -D -m 0640 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
- cp mlogc/INSTALL mlogc/INSTALL.mlogc
-install -D -m 0644 %{SOURCE1} %{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf
-mkdir examples
-cp -a tools examples
-rm -f examples/tools/M*
-chmod 644 examples/tools/*
+install -D -m 0644 %{SOURCE2} %{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf
+install -d -m 0755 %{buildroot}%{apache_sysconfdir}/mod_security2.d
+install -D -m 0644 %{SOURCE6} %{buildroot}%{apache_sysconfdir}/mod_security2.d
+install -D -m 0644 %{SOURCE7} %{buildroot}%{apache_sysconfdir}/mod_security2.d
+cp -a %{SOURCE6} doc
+install -m 0644 %{_sourcedir}/%{faq} %{_sourcedir}/%{refman} doc
+install -m 0644 %{SOURCE5} doc
+install -d -m 0755 %{buildroot}/%{usrsharedir}
+install -d -m 0755 %{buildroot}/%{usrsharedir}/tools
+install -d -m 0755 %{buildroot}/%{usrsharedir}
+rm -f rules/.gitignore rules/LICENSE
+cp -a rules/util/README %{buildroot}/%{usrsharedir}/tools/README-rules-updater.txt
+cp -a tools/rules-updater.pl tools/rules-updater-example.conf %{buildroot}/%{usrsharedir}/tools
+find rules -type f -print0 | \
+ xargs -0 chmod 644
+cp -a rules %{buildroot}/%{usrsharedir}
+rm -rf %{buildroot}/%{usrsharedir}/rules/util
+rm -rf %{buildroot}/%{usrsharedir}/rules/lua
+rm -f %{buildroot}/%{usrsharedir}/rules/READM*
+rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rules/CHANGELOG
+mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
+ %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf
+
+%clean
+%{__rm} -rf %{buildroot};
+%{__rm} -f %{_sourcedir}/%{faq} %{_sourcedir}/%{refman}
%files
%defattr(-, root, root, 0755)
%{apache_libexecdir}/%{modname}.so
%config(noreplace) %{apache_sysconfdir}/conf.d/%{modname}.conf
-%doc doc/Reference_Manual.html
-%doc README.TXT CHANGES LICENSE modsecurity.conf-recommended
-%doc mlogc/INSTALL.mlogc mlogc/mlogc-default.conf
-%doc examples/
-%doc rules/
-%{_sbindir}/mlogc
-%{_sbindir}/mlogc-batch-load.pl
-%config(noreplace) %{_sysconfdir}/mlogc.conf
+%dir %{apache_sysconfdir}/mod_security2.d
+%{apache_sysconfdir}/mod_security2.d/README-SUSE-mod_security2.txt
+%{apache_sysconfdir}/mod_security2.d/empty.conf
+%dir %{usrsharedir}
+#%dir %{usrsharedir}/tools
+#%dir %{usrsharedir}/rules
+%doc README.TXT CHANGES LICENSE NOTICE authors.txt
+%{usrsharedir}
+#%{usrsharedir}/rules/activated_rules
+#%{usrsharedir}/rules/base_rules
+#%{usrsharedir}/rules/experimental_rules
+#%{usrsharedir}/rules/optional_rules
+#%{usrsharedir}/rules/slr_rules
+%doc doc/* rules/util/regression-tests
%changelog
++++++ README-SUSE-mod_security2.txt ++++++
#
# Dear Administrator,
#
# mod_security2 is not activated by default upon installation of the
# apache module.
#
# Your starting point for the configuration of mod_security2 is
# /etc/apache2/conf.d/mod_security2.conf .
# Please see that file for comments on how to activate the module
# and on how to assign rules.
#
++++++ apache2-mod_security2-no_rpath.diff ++++++
diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.am ./apache2/Makefile.am
--- ../modsecurity-2.8.0-o/apache2/Makefile.am 2014-04-15 14:44:04.000000000 +0200
+++ ./apache2/Makefile.am 2014-06-16 16:17:44.000000000 +0200
@@ -73,61 +73,61 @@
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if MACOSX
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if SOLARIS
mod_security2_la_LDFLAGS = -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if LINUX
-mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH@ \
+mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if FREEBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
if OPENBSD
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
@APR_LDFLAGS@ \
@APU_LDFLAGS@ \
@APXS_LDFLAGS@ \
@LIBXML2_LDFLAGS@ \
@LUA_LDFLAGS@ \
@PCRE_LDFLAGS@ \
@YAJL_LDFLAGS@
endif
diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.in ./apache2/Makefile.in
--- ../modsecurity-2.8.0-o/apache2/Makefile.in 2014-04-15 14:44:14.000000000 +0200
+++ ./apache2/Makefile.in 2014-06-16 16:18:03.000000000 +0200
@@ -600,61 +600,61 @@
else :; fi; \
done; \
test -z "$$list2" || { \
echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
}
uninstall-pkglibLTLIBRARIES:
@$(NORMAL_UNINSTALL)
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
for p in $$list; do \
$(am__strip_dir) \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \
done
clean-pkglibLTLIBRARIES:
-test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
@list='$(pkglib_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES) $(EXTRA_mod_security2_la_DEPENDENCIES)
- $(AM_V_CCLD)$(mod_security2_la_LINK) -rpath $(pkglibdir) $(mod_security2_la_OBJECTS) $(mod_security2_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(mod_security2_la_LINK) $(mod_security2_la_OBJECTS) $(mod_security2_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-acmp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_config.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_io.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_util.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_html5.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_sqli.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_xss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-mod_security2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-modsecurity.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_crypt.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_geo.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_gsb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_json.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_logging.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_lua.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_multipart.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_parsers.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_pcre.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_release.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_reqbody.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_status_engine.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_tree.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_unicode.Plo@am__quote@
diff -rNU 30 ../modsecurity-2.8.0-o/build/libtool.m4 ./build/libtool.m4
--- ../modsecurity-2.8.0-o/build/libtool.m4 2014-04-15 14:44:04.000000000 +0200
+++ ./build/libtool.m4 2014-06-16 16:16:39.000000000 +0200
@@ -4661,61 +4661,61 @@
if test "$with_gnu_ld" = yes; then
case $host_os in
aix*)
# The AIX port of GNU ld has always aspired to compatibility
# with the native linker. However, as the warning in the GNU ld
# block says, versions before 2.19.5* couldn't really create working
# shared libraries, regardless of the interface used.
case `$LD -v 2>&1` in
*\ \(GNU\ Binutils\)\ 2.19.5*) ;;
*\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
*\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
;;
*)
lt_use_gnu_ld_interface=yes
;;
esac
fi
if test "$lt_use_gnu_ld_interface" = yes; then
# If archive_cmds runs LD, not CC, wlarc should be empty
wlarc='${wl}'
# Set some defaults for GNU ld with shared library support. These
# are reset later if shared libraries are not supported. Putting them
# here allows them to be overridden if necessary.
runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
# ancient GNU ld didn't support --whole-archive et. al.
if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
supports_anon_versioning=no
case `$LD -v 2>&1` in
*GNU\ gold*) supports_anon_versioning=yes ;;
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
*\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
*\ 2.11.*) ;; # other 2.11 versions
*) supports_anon_versioning=yes ;;
esac
# See if GNU ld supports shared libraries.
case $host_os in
aix[[3-9]]*)
# On AIX/PPC, the GNU linker is very broken
if test "$host_cpu" != ia64; then
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: the GNU linker, at least up to release 2.19, is reported
*** to be unable to reliably create shared libraries on AIX.
*** Therefore, libtool is disabling shared libraries support. If you
*** really care for shared libraries, you may want to install binutils
*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
@@ -4897,61 +4897,61 @@
_LT_EOF
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
case `$LD -v 2>&1` in
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
_LT_TAGVAR(ld_shlibs, $1)=no
cat <<_LT_EOF 1>&2
*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
*** reliably create shared libraries on SCO systems. Therefore, libtool
*** is disabling shared libraries support. We urge you to upgrade GNU
*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
*** your PATH or compiler configuration so that the native linker is
*** used, and then restart.
_LT_EOF
;;
*)
# For security reasons, it is highly recommended that you always
# use absolute paths for naming shared libraries, and exclude the
# DT_RUNPATH tag from executables and libraries. But doing so
# requires that you compile everything twice, which is a pain.
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
;;
sunos4*)
_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
wlarc=
_LT_TAGVAR(hardcode_direct, $1)=yes
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
;;
*)
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
else
_LT_TAGVAR(ld_shlibs, $1)=no
fi
;;
esac
if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
runpath_var=
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
_LT_TAGVAR(export_dynamic_flag_spec, $1)=
@@ -5907,61 +5907,61 @@
else
$as_unset lt_cv_path_LD
fi
test -z "${LDCXX+set}" || LD=$LDCXX
CC=${CXX-"c++"}
CFLAGS=$CXXFLAGS
compiler=$CC
_LT_TAGVAR(compiler, $1)=$CC
_LT_CC_BASENAME([$compiler])
if test -n "$compiler"; then
# We don't want -fno-exception when compiling C++ code, so set the
# no_builtin_flag separately
if test "$GXX" = yes; then
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
else
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
fi
if test "$GXX" = yes; then
# Set up default GNU C++ configuration
LT_PATH_LD
# Check if GNU C++ uses GNU ld as the underlying linker, since the
# archiving commands below assume that GNU ld is being used.
if test "$with_gnu_ld" = yes; then
_LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
# If archive_cmds runs LD, not CC, wlarc should be empty
# XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
# investigate it a little bit more. (MM)
wlarc='${wl}'
# ancient GNU ld didn't support --whole-archive et. al.
if eval "`$CC -print-prog-name=ld` --help 2>&1" |
$GREP 'no-whole-archive' > /dev/null; then
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
else
_LT_TAGVAR(whole_archive_flag_spec, $1)=
fi
else
with_gnu_ld=no
wlarc=
# A generic and very simple default shared library creation
# command for GNU C++ for the case where it uses the native
# linker, instead of GNU ld. If possible, this setting should
# overridden to take advantage of the native linker features on
# the platform it is being used on.
_LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
fi
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
++++++ empty.conf ++++++
# This configuration file has been intentionally left empty to avoid errors
# resulting from an Include statement that matches no files.
# (IncludeOptional is available for apache > 2.4)
#
++++++ mod_security2.conf ++++++
--- /var/tmp/diff_new_pack.DX7ht6/_old 2014-09-03 19:32:16.000000000 +0200
+++ /var/tmp/diff_new_pack.DX7ht6/_new 2014-09-03 19:32:16.000000000 +0200
@@ -1,60 +1,293 @@
+
+# Dear administrator/webmaster,
+#
+# Welcome to /etc/apache2/conf.d/mod_security2.conf, the starting point for
+# the configuration of mod_security2.
+# Please read this text down to line 63 for information about activation
+# and configuration of the mod_security2 apache module.
+#
+# To activate mod_security2, its apache module must be configured to be
+# loaded when apache starts. The mod_security2 apache module depends on
+# the module mod_unique_id to be able to run. This means that both apache
+# modules must be activated/loaded when apache starts.
+
+# Change the configuration to load these two modules by adding the two
+# module names "security2" and "unique_id" to the variable APACHE_MODULES
+# in /etc/sysconfig/apache2 . You can do that manually, or use the tools
+# a2enmod (enable apache module) and a2dismod (disable apache module).
+# These two tools expect the name of the module without the leading
+# "mod_" as an argument!
+#
+# note: /etc/sysconfig/apache2 is evaluated upon apache start by the apache
+# start script /usr/sbin/start_apache2 . Changes in APACHE_MODULES are then
+# visible in /etc/apache2/sysconfig.d/loadmodule.conf, changed by the start
+# script.
+#
+# example for the use of a2enmod/a2dismod:
+#
+# a2enmod security2 # enable module security2
+# a2enmod unique_id # enable module unique_id
+#
+# a2dismod security2 # disable
+# a2dismod unique_id # %
+
+#
+# This file /etc/apache2/conf.d/mod_security2.conf makes some basic
+# configuration settings, then loads
+# /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf
+# which is the baseline for the rules that can be loaded later.
+#
+# Afterwards, all files named *.conf in /etc/apache2/mod_security2.d are read.
+# For the rules you wish to apply, place a symlink to the rules file there.
+#
+# About the rules; The OWASP ModSecurity Core Rule Set version 2.2.9
+# is contained in this package, a splendid set of rules made to provide for a
+# decent basic and even advanced protection. The rules files are contained
+# in the directory /usr/share/apache2-mod_security2/rules/.
+#
+# Example (use all of the basic rules that come with the package):
+#
+# cd /etc/apache2/mod_security2.d
+# for i in /usr/share/apache2-mod_security2/rules/base_rules/mod*; do
+# ln -s $i .
+# done
+#
+# At last, simply restart apache:
+# rcapache2 restart
+#
+# In doubt, please consult the valuable online documentation on the project's
+# website, which is the authoritative source for documentation.
+# For offline reading, the webpages for the Reference Guide and the FAQ are
+# located in the package's documentation directory, in the state of 2013/01:
+# /usr/share/doc/packages/apache2-mod_security2
+#
+# Roman Drahtmueller
participants (1)
-
root@hilbert.suse.de