Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgraded mod_security to version 2.9.7 #11802

Open
wants to merge 2 commits into
base: 3.0-dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
From b2fa083522c70368c7ab911696dcb87dde5dc688 Mon Sep 17 00:00:00 2001
From: Tomas Korbar <[email protected]>
Date: Thu, 22 Dec 2022 14:49:34 +0100
Subject: [PATCH] Clear original response code in send_error_bucket function

If this is left intact, then apache thinks that this code
was generated during processing of ErrorDocument and does not
handle it properly

Fix #2849
---
apache2/apache2_util.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
index cdae2b580..520a30f2f 100644
--- a/apache2/apache2_util.c
+++ b/apache2/apache2_util.c
@@ -31,6 +31,11 @@ apr_status_t send_error_bucket(modsec_rec *msr, ap_filter_t *f, int status) {
/* Set the status line explicitly for the error document */
f->r->status_line = ap_get_status_line(status);

+ /* Clear previously set response code to make clear that this is
+ * not a recursive error
+ */
+ f->r->status = 200;
+
brigade = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
if (brigade == NULL) return APR_EGENERAL;

4 changes: 2 additions & 2 deletions SPECS-EXTENDED/mod_security/mod_security.signatures.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"Signatures": {
"10-mod_security.conf": "01a1e5ed3357a2de6b9dbd0f6b02cde2d92ebf0fcb6d6adcfa2b064c7fcdf0a0",
"mod_security.conf": "c945d2d940121ee8eaa8a29c5b1eabdcc589d46644a152e9d809fb3340a1e368",
"modsecurity-2.9.4.tar.gz": "970e1801907d181e94faec74d595868a3b4abeb07b790b0f30aea3a5d0e05929",
"modsecurity-2.9.7.tar.gz": "2a28fcfccfef21581486f98d8d5fe0397499749b8380f60ec7bb1c08478e1839",
"modsecurity_localrules.conf": "9aa9e822f13552d5159ab5543d92551d1200a3ae52870907f1b0dafcf0c67c22"
}
}
}
86 changes: 73 additions & 13 deletions SPECS-EXTENDED/mod_security/mod_security.spec
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ Distribution: Azure Linux

Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 2.9.4
Release: 1%{?dist}
License: ASL 2.0
Version: 2.9.7
Release: 8%{?dist}
License: Apache-2.0
URL: http://www.modsecurity.org/
Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
Source1: mod_security.conf
Expand All @@ -22,15 +22,17 @@ Source3: modsecurity_localrules.conf
Patch0: modsecurity-2.9.3-lua-54.patch
Patch1: modsecurity-2.9.3-apulibs.patch
Patch2: mod_security-2.9.3-remote-rules-timeout.patch
Patch3: mod_security-2.9.7-send_error_bucket.patch

Requires: httpd httpd-mmn = %{_httpd_mmn}
Requires: httpd
Provides: httpd-mmn = %{_httpd_mmn}
Requires(pre): httpd-filesystem

BuildRequires: gcc, make, autoconf, automake, libtool
BuildRequires: httpd-devel
BuildRequires: perl-generators
BuildRequires: pcre2-devel
BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(lua)

Expand Down Expand Up @@ -66,6 +68,7 @@ This package contains the ModSecurity Audit Log Collector.
--enable-pcre-match-limit-recursion=1000000 \
--with-apxs=%{_httpd_apxs} \
--with-yajl \
--with-pcre2 \
--disable-static

# remove rpath
Expand Down Expand Up @@ -116,8 +119,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf


%files
%license LICENSE
%doc CHANGES README.* NOTICE
%doc CHANGES LICENSE README.* NOTICE
%{_httpd_moddir}/mod_security2.so
%config(noreplace) %{_httpd_confdir}/*.conf
%if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
Expand All @@ -140,12 +142,70 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%endif

%changelog
* Fri Mar 04 2022 Pawel Winogrodzki <[email protected]> - 2.9.4-1
- Updating to version 2.9.4 using Fedora 36 spec (license: MIT) for guidance.
- License verified.
* Mon Jan 06 2025 Aninda Pradhan <[email protected]> - 2.9.7-8
- Initial Azure Linux import from Fedora 41 (license: MIT)
- License verified

* Fri Oct 15 2021 Pawel Winogrodzki <[email protected]> - 2.9.3-5
- Initial CBL-Mariner import from Fedora 32 (license: MIT).
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> - 2.9.7-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> - 2.9.7-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> - 2.9.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

* Tue Jan 02 2024 Tomas Korbar <[email protected]> - 2.9.7-4
- Clear original response code in send_error_bucket function

* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> - 2.9.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

* Fri Jun 02 2023 Luboš Uhliarik <[email protected]> - 2.9.7-2
- SPDX migration

* Thu Apr 13 2023 Luboš Uhliarik <[email protected]> - 2.9.7-1
- new version 2.9.7
- use pcre2 instead of deprecated pcre (rhbz #2128330)

* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 2.9.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Wed Sep 14 2022 Luboš Uhliarik <[email protected]> - 2.9.6-1
- new version 2.9.6

* Wed Aug 31 2022 Luboš Uhliarik <[email protected]> - 2.9.5-1
- new version 2.9.5

* Thu Jul 21 2022 Fedora Release Engineering <[email protected]> - 2.9.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> - 2.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Wed Aug 18 2021 Luboš Uhliarik <[email protected]> - 2.9.4-1
- new version 2.9.4

* Thu Jul 22 2021 Fedora Release Engineering <[email protected]> - 2.9.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Tue Jan 26 2021 Fedora Release Engineering <[email protected]> - 2.9.3-10
- Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
timeout for retrieving the rules
- rename mlogc to mod_security-mlogc

* Fri Jan 22 2021 Joe Orton <[email protected]> - 2.9.3-8
- don't link against redundant apr-util dependent libraries

* Sat Aug 08 2020 Othman Madjoudj <[email protected]> - 2.9.3-7
- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default

* Sat Aug 01 2020 Fedora Release Engineering <[email protected]> - 2.9.3-6
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Tue Jul 28 2020 Fedora Release Engineering <[email protected]> - 2.9.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Wed Jan 29 2020 Fedora Release Engineering <[email protected]> - 2.9.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Expand Down Expand Up @@ -473,4 +533,4 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
- Don't strip the module (so we can get a useful debuginfo package)

* Thu May 19 2005 Michael Fleming <[email protected]> 1.8.7-1
- Initial spin for Extras
- Initial spin for Extras
4 changes: 2 additions & 2 deletions cgmanifest.json
Original file line number Diff line number Diff line change
Expand Up @@ -13312,8 +13312,8 @@
"type": "other",
"other": {
"name": "mod_security",
"version": "2.9.4",
"downloadUrl": "https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.4/modsecurity-2.9.4.tar.gz"
"version": "2.9.7",
"downloadUrl": "https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.7/modsecurity-2.9.7.tar.gz"
}
}
},
Expand Down