Hello community, here is the log from the commit of package modsecurity for openSUSE:Factory checked in at 2020-07-30 15:47:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/modsecurity (Old) and /work/SRC/openSUSE:Factory/.modsecurity.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "modsecurity" Thu Jul 30 15:47:54 2020 rev:3 rq:823577 version:3.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/modsecurity/modsecurity.changes 2018-07-17 09:43:54.980956049 +0200 +++ /work/SRC/openSUSE:Factory/.modsecurity.new.3592/modsecurity.changes 2020-07-30 15:49:23.494041473 +0200 @@ -1,0 +2,161 @@ +Wed Jul 22 10:39:48 UTC 2020 - Dirk Mueller <dmueller@suse.com> + +- add baselibs, fix packaging (install into %_libdir) +- update to 3.0.4: + - Fix: audit log data omitted when nolog,auditlog + - Fix: ModSecurity 3.x inspectFile operator does not pass + - XML: Remove error messages from stderr + - Filter comment or blank line for pmFromFile operator + - Additional adjustment to Cookie header parsing + - Restore chained rule part H logging to be more like 2.9 behaviour + - Small fixes in log messages to help debugging the file upload + - Fix Cookie header parsing issues + - Fix rules with nolog are logging to part H + - Fix argument key-value pair parsing cases + - Fix: audit log part for response body for JSON format to be E + - Make sure m_rulesMessages is filled after successfull match + - Fix @pm lookup for possible matches on offset zero. + - Regex lookup on the key name instead of COLLECTION:key + - Missing throw in Operator::instantiate + - Making block action execution dependent of the SecEngine status + - Making block action execution dependent of the SecEngine status + - Having body limits to respect the rule engine state + - Fix SecRuleUpdateTargetById does not match regular expressions + - Adds missing check for runtime ctl:ruleRemoveByTag + - Adds a new operator verifySVNR that checks for Austrian social + security numbers. + - Fix variables output in debug logs + - Correct typo validade in log output + - fix/minor: Error encoding hexa decimal. + - Limit more log variables to 200 characters. + - parser: fix parsed file names + - Allow empty anchored variable + - Fixed FILES_NAMES collection after the end of multipart parsing + - Fixed validateByteRange parsing method + - Removes a memory leak on the JSON parser + - Enables LMDB on the regression tests. + - Fix: Extra whitespace in some configuration directives causing error + - Refactoring on Regex and SMatch classes. + - Fixed buffer overflow in Utils::Md5::hexdigest() + - Implemented merge() method for ConfigInt, ConfigDouble, ConfigString + - Adds initially support to the drop action. + - Complete merging of particular rule properties + - Replaces AC_CHECK_FILE with 'test -f' + - Fix inet addr handling on 64 bit big endian systems + - Fix tests on FreeBSD + - Changes ENV test case to read the default MODSECURTIY env var + - Regression: Sets MODSECURITY env var during the tests execution + - Fix setenv action to strdup key=variable + - Allow 0 length JSON requests. + - Fix "make dist" target to include default configuration + - Replaced log locking using mutex with fcntl lock + - Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES + - Adds support to multiple ranges in ctl:ruleRemoveById + - Rule variable interpolation broken + - Make the boundary check less strict as per RFC2046 + - Fix buffer size for utf8toUnicode transformation + - Fix double macros bug + - Override the default status code if not suitable to redirect action + - parser: Fix the support for CRLF configuration files + - Organizes the server logs + - m_lineNumber in Rule not mapping with the correct line number in file + - Using shared_ptr instead of unique_ptr on rules exceptions + - Changes debuglogs schema to avoid unecessary str allocation + - Fix the SecUnicodeMapFile and SecUnicodeCodePage + - Changes the timing to save the rule message + - Fix crash in msc_rules_add_file() when using disruptive action in chain + - Fix memory leak in AuditLog::init() + - Fix RulesProperties::appendRules() + - Fix RULE lookup in chained rules + - @ipMatch "Could not add entry" on slash/32 notation in 2.9.0 + - Using values after transformation at MATCHED_VARS + - Adds support to UpdateActionById. + - Add correct C function prototypes for msc_init and msc_create_rule_set + - Allow LuaJIT 2.1 to be used + - Match m_id JSON log with RuleMessage and v2 format + - Adds support to setenv action. + - Adds new transaction constructor that accepts the transaction id + as parameter. + - Adds request IDs and URIs to the debug log + - Treating variables exception on load-time instead of run time. + - Fix: function m.setvar in Lua scripts and add testcases + - Fix SecResponseBodyAccess and ctl:requestBodyAccess directives + - Fix OpenBSD build + - Fix parser to support GeoLookup with MaxMind + - parser: Fix simple quote setvar in the end of the line + - Fix pc file + - modsec_rules_check: uses the gnu `.la' instead of `.a' file + - good practices: Initialize variables before use it + - Fix utf-8 character encoding conversion + - Adds support for ctl:requestBodyProcessor=URLENCODED + - Add LUA compatibility for CentOS and try to use LuaJIT first if available + - Allow LuaJIT to be used + - Implement support for Lua 5.1 + - Variable names must match fully, not partially. Match should be case + insensitive. + - Improves the performance while loading the rules + - Allow empty strings to be evaluated by regex::searchAll + - Adds basic pkg-config info + - Fixed LMDB collection errors + - Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors + - Fix ip tree lookup on netmask content + - Changes the behavior of the default sec actions + - Refactoring on {global,ip,resources,session,tx,user} collections + - Fix race condition in UniqueId::uniqueId() + - Fix memory leak in error message for msc_rules_merge C APIs + - Return false in SharedFiles::open() when an error happens + - Use rvalue reference in ModSecurity::serverLog + - Build System: Fix when multiple lines for curl version. + - Checks if response body inspection is enabled before process it + - Code Cleanup. + - Fix setvar parsing of quoted data + - Fix LDFLAGS for unit tests. + - Adds time stamp back to the audit logs + - Disables skip counter if debug log is disabled + - Cosmetics: Represents amount of skipped rules without decimal + - Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser + - Fix STATUS var parsing and accept STATUS_LINE var for v2 backward comp. + - Fix memory leak in modsecurity::utils::expandEnv() + - Initialize m_dtd member in ValidateDTD class as NULL + - Fix broken @detectxss operator regression test case + - Fix utils::string::ssplit() to handle delimiter in the end of string + - Fix variable FILES_TMPNAMES + - Fix memory leak in Collections + - Fix lib version information while generating the .so file + - Adds support for ctl:ruleRemoveByTag + - Fix SecUploadDir configuration merge + - Include all prerequisites for "make check" into dist archive + - Fix: Reverse logic of checking output in @inspectFile + - Adds support to libMaxMind + - Adds capture action to detectXSS + - Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator + - Adds capture action to detectSQLi + - Adds capture action to rbl + - Adds capture action to verifyCC + - Adds capture action to verifySSN + - Adds capture action to verifyCPF + - Prettier error messages for unsupported configurations (UX) + - Add missing verify*** transformation statements to parser + - Fix a set of compilation warnings + - Check for disruptive action on SecDefaultAction. + - Fix block-block infinite loop. + - Correction remove_by_tag and remove_by_msg logic. + - Fix LMDB compile error + - Fix msc_who_am_i() to return pointer to a valid C string + - Added some cosmetics to autoconf related code + - Fix "make dist" target to include necessary headers for Lua + - Fix "include /foo/*.conf" for single matched object in directory + - Add missing Base64 transformation statements to parser + - Fixed resource load on ip match from file + - Fixed examples compilation while using disable-shared + - Fixed compilation issue while xml is disabled + - Having LDADD and LDFLAGS organized on Makefile.am + - Checking std::deque size before use it + - perf improvement: Added the concept of RunTimeString and removed + all run time parser. + - perf improvement: Checks debuglog level before format debug msg + - perf. improvement/rx: Only compute dynamic regex in case of macro + - Fix uri on the benchmark utility + - disable Lua on systems with liblua5.1 + +------------------------------------------------------------------- Old: ---- modsecurity-v3.0.0.tar.gz New: ---- baselibs.conf modsecurity-v3.0.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ modsecurity.spec ++++++ --- /var/tmp/diff_new_pack.3L1gjV/_old 2020-07-30 15:49:25.270043220 +0200 +++ /var/tmp/diff_new_pack.3L1gjV/_new 2020-07-30 15:49:25.274043224 +0200 @@ -1,7 +1,7 @@ # # spec file for package modsecurity # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,18 +12,19 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: modsecurity -Version: 3.0.0 +Version: 3.0.4 Release: 0 Summary: Web application firewall engine License: BSD-2-Clause Group: Productivity/Networking/Security -Url: https://www.modsecurity.org/ -Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz +URL: https://www.modsecurity.org/ +Source0: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz +Source1: baselibs.conf BuildRequires: automake BuildRequires: cmake BuildRequires: gcc-c++ @@ -64,11 +65,12 @@ %build export MAKEFLAGS=-j$(($(grep -c ^processor /proc/cpuinfo) - 0)) sh build.sh -./configure --prefix=%{_prefix} --disable-doxygen-doc --disable-examples --disable-dependency-tracking -make -%make_install +%configure --disable-doxygen-doc --disable-examples --disable-dependency-tracking +%make_build %install +export MAKEFLAGS=-j$(($(grep -c ^processor /proc/cpuinfo) - 0)) +%make_install find %{buildroot} -type f -name "*.la" -delete -print find %{buildroot} -type f -name "*.a" -delete -print @@ -81,11 +83,12 @@ %files -n libmodsecurity3 %license LICENSE -%{_libexecdir}/libmodsecurity.so.3 -%{_libexecdir}/libmodsecurity.so.3.* +%{_libdir}/libmodsecurity.so.3 +%{_libdir}/libmodsecurity.so.3.* %files devel -%{_libexecdir}/libmodsecurity.so +%{_libdir}/libmodsecurity.so %{_includedir}/modsecurity +%{_libdir}/pkgconfig/*.pc %changelog ++++++ baselibs.conf ++++++ libmodsecurity3 ++++++ modsecurity-v3.0.0.tar.gz -> modsecurity-v3.0.4.tar.gz ++++++ ++++ 99051 lines of diff (skipped)