pool/apache2-mod_security2
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:factory
Branches Tags
pool:slfo-1.2 pool:slfo-main pool:factory

4 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
8d600dac91 Accepting request 1300032 from Apache:Modules 
see if you woulnd't force people to submit using --noservice this would not happen (forwarded request 1300030 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/1300032
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_security2?expand=0&rev=37
 2025-08-18 14:08:56 +00:00
Petr Gajdos
0e1b406a18 see if you woulnd't force people to submit using --noservice this would not happen 
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=109
 2025-08-18 10:01:09 +00:00
Petr Gajdos
8f5d268621 fixup, don't know what happened there 
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=108
 2025-08-18 09:36:02 +00:00
Petr Gajdos
8948cd3a99 apache2-mod_security2 2.9.12 CVE-2025-54571 boo#1247674 
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=107
 2025-08-18 07:42:46 +00:00
8 changed files with 27 additions and 347 deletions
Expand all files Collapse all files

236
apache2-mod_security2-CVE-2025-54571.patch
View File

@@ -1,236 +0,0 @@
From dfbde557acc41d858dbe04d4b6eaec64478347ff Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Wed, 30 Jul 2025 10:55:33 +0200
Subject: [PATCH] Fix invalid request handling
---
apache2/apache2_io.c | 48 +++++++++++++++++-----------------
apache2/mod_security2.c | 57 ++++++-----------------------------------
2 files changed, 32 insertions(+), 73 deletions(-)
Index: modsecurity-v2.9.11/apache2/apache2_io.c
===================================================================
--- modsecurity-v2.9.11.orig/apache2/apache2_io.c
+++ modsecurity-v2.9.11/apache2/apache2_io.c
@@ -192,27 +192,29 @@ apr_status_t read_request_body(modsec_re
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: This request does not have a body.");
}
- return 0;
+ return APR_SUCCESS;
}
if (msr->txcfg->reqbody_access != 1) {
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Request body access not enabled.");
}
- return 0;
+ return APR_SUCCESS;
}
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Input filter: Reading request body.");
}
if (modsecurity_request_body_start(msr, error_msg) < 0) {
- return -1;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
finished_reading = 0;
msr->if_seen_eos = 0;
bb_in = apr_brigade_create(msr->mp, r->connection->bucket_alloc);
- if (bb_in == NULL) return -1;
+ if (bb_in == NULL) {
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
do {
apr_status_t rc;
@@ -224,27 +226,19 @@ apr_status_t read_request_body(modsec_re
switch(rc) {
case AP_FILTER_ERROR :
*error_msg = apr_pstrdup(msr->mp, "Error reading request body: filter error");
- return -8;
+ break;
- case APR_INCOMPLETE :
- *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
- return -7;
- case APR_EOF :
- *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
- return -6;
- case APR_TIMEUP :
- *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
- return -4;
case APR_ENOSPC:
*error_msg = apr_psprintf(msr->mp, "Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)");
- return -3;
+ break;
case APR_EGENERAL :
*error_msg = apr_psprintf(msr->mp, "Error reading request body: Client went away.");
- return -2;
+ break;
default :
*error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
- return -1;
+ break;
}
+ return ap_map_http_request_error(rc, HTTP_BAD_REQUEST);
}
/* Loop through the buckets in the brigade in order
@@ -260,7 +254,7 @@ apr_status_t read_request_body(modsec_re
rc = apr_bucket_read(bucket, &buf, &buflen, APR_BLOCK_READ);
if (rc != APR_SUCCESS) {
*error_msg = apr_psprintf(msr->mp, "Failed reading input / bucket (%d): %s", rc, get_apr_error(msr->mp, rc));
- return -1;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
if (msr->txcfg->debuglog_level >= 9) {
@@ -273,7 +267,7 @@ apr_status_t read_request_body(modsec_re
if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
*error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_limit);
- return -5;
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
} else if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)) {
*error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
@@ -294,7 +288,7 @@ apr_status_t read_request_body(modsec_re
*error_msg = apr_psprintf(msr->mp, "Request body is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_limit);
- return -5;
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
}
@@ -304,7 +298,7 @@ apr_status_t read_request_body(modsec_re
modsecurity_request_body_to_stream(msr, buf, buflen, error_msg);
#else
if (modsecurity_request_body_to_stream(msr, buf, buflen, error_msg) < 0) {
- return -1;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
#endif
}
@@ -323,7 +317,7 @@ apr_status_t read_request_body(modsec_re
if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
- return -5;
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
} else if ((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_PARTIAL)) {
*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
@@ -333,12 +327,12 @@ apr_status_t read_request_body(modsec_re
} else {
*error_msg = apr_psprintf(msr->mp, "Request body no files data length is larger than the "
"configured limit (%ld).", msr->txcfg->reqbody_no_files_limit);
- return -5;
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
}
}
if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT))
- return -1;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
}
@@ -361,7 +355,13 @@ apr_status_t read_request_body(modsec_re
msr->if_status = IF_STATUS_WANTS_TO_RUN;
- return rcbe;
+ if (rcbe == -5) {
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
+ }
+ if (rcbe < 0) {
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ return APR_SUCCESS;
}
Index: modsecurity-v2.9.11/apache2/mod_security2.c
===================================================================
--- modsecurity-v2.9.11.orig/apache2/mod_security2.c
+++ modsecurity-v2.9.11/apache2/mod_security2.c
@@ -1032,64 +1032,18 @@ static int hook_request_late(request_rec
}
rc = read_request_body(msr, &my_error_msg);
- if (rc < 0) {
- switch(rc) {
- case -1 :
- if (my_error_msg != NULL) {
- msr_log(msr, 1, "%s", my_error_msg);
- }
- return HTTP_INTERNAL_SERVER_ERROR;
- break;
- case -2 : /* Bad request. */
- case -6 : /* EOF when reading request body. */
- case -7 : /* Partial recieved */
- if (my_error_msg != NULL) {
- msr_log(msr, 4, "%s", my_error_msg);
- }
- r->connection->keepalive = AP_CONN_CLOSE;
- return HTTP_BAD_REQUEST;
- break;
- case -3 : /* Apache's LimitRequestBody. */
- if (my_error_msg != NULL) {
- msr_log(msr, 1, "%s", my_error_msg);
- }
- return HTTP_REQUEST_ENTITY_TOO_LARGE;
- break;
- case -4 : /* Timeout. */
- if (my_error_msg != NULL) {
- msr_log(msr, 4, "%s", my_error_msg);
- }
- r->connection->keepalive = AP_CONN_CLOSE;
- return HTTP_REQUEST_TIME_OUT;
- break;
- case -5 : /* Request body limit reached. */
- msr->inbound_error = 1;
- if((msr->txcfg->is_enabled == MODSEC_ENABLED) && (msr->txcfg->if_limit_action == REQUEST_BODY_LIMIT_ACTION_REJECT)) {
- r->connection->keepalive = AP_CONN_CLOSE;
- if (my_error_msg != NULL) {
- msr_log(msr, 1, "%s. Deny with code (%d)", my_error_msg, HTTP_REQUEST_ENTITY_TOO_LARGE);
- }
- return HTTP_REQUEST_ENTITY_TOO_LARGE;
- } else {
- if (my_error_msg != NULL) {
- msr_log(msr, 1, "%s", my_error_msg);
- }
- }
- break;
- case -8 : /* Filter error. */
- if (my_error_msg != NULL) {
- msr_log(msr, 1, "%s", my_error_msg);
- }
- return AP_FILTER_ERROR;
- break;
- default :
- /* allow through */
- break;
- }
- msr->msc_reqbody_error = 1;
- msr->msc_reqbody_error_msg = my_error_msg;
- }
+ if (rc != OK) {
+ if (my_error_msg != NULL) {
+ msr_log(msr, 1, "%s", my_error_msg);
+ }
+
+ if (rc == HTTP_REQUEST_ENTITY_TOO_LARGE) {
+ msr->inbound_error = 1;
+ }
+ r->connection->keepalive = AP_CONN_CLOSE;
+ return rc;
+ }
/* Update the request headers. They might have changed after
* the body was read (trailers).

12
apache2-mod_security2.changes
View File

@@ -1,10 +1,12 @@
-------------------------------------------------------------------
Fri Aug 22 09:51:44 UTC 2025 - pgajdos@suse.com
Wed Aug 6 18:25:52 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- security update
- added patches
CVE-2025-54571 [bsc#1247674], Insufficient Return Value Handling on ModSecurity leads to XSS and Source Code Disclosure
+ apache2-mod_security2-CVE-2025-54571.patch
- update to 2.9.12:
* CVE-2025-54571: Improper error handling (boo#1247674)
* remove unused condition from msc_status_engine.c
* remove unwanted '\0' string terminator from argument's valu
- drop modsecurity-2.9.3-input_filtering_errors.patch different
change included upstream
-------------------------------------------------------------------
Thu Jul 3 11:13:07 UTC 2025 - pgajdos@suse.com

6
apache2-mod_security2.spec
View File

@@ -18,7 +18,7 @@
Name: apache2-mod_security2
Version: 2.9.11
Version: 2.9.12
Release: 0
Summary: Web Application Firewall for Apache httpd
License: Apache-2.0
@@ -32,10 +32,6 @@ Source4: README_SUSE
Patch0: apache2-mod_security2-no_rpath.diff
Patch1: modsecurity-fixes.patch
Patch2: apache2-mod_security2_tests_conf.patch
# https://github.com/SpiderLabs/ModSecurity/issues/2514
Patch3: modsecurity-2.9.3-input_filtering_errors.patch
# CVE-2025-54571 [bsc#1247674], Insufficient Return Value Handling on ModSecurity leads to XSS and Source Code Disclosure
Patch4: apache2-mod_security2-CVE-2025-54571.patch
BuildRequires: apache-rpm-macros
BuildRequires: apache2-devel
BuildRequires: apache2-prefork

82
modsecurity-2.9.3-input_filtering_errors.patch
View File

@@ -1,82 +0,0 @@
Index: modsecurity-v2.9.8/apache2/apache2_io.c
===================================================================
--- modsecurity-v2.9.8.orig/apache2/apache2_io.c
+++ modsecurity-v2.9.8/apache2/apache2_io.c
@@ -222,6 +222,10 @@ apr_status_t read_request_body(modsec_re
* too large and APR_EGENERAL when the client disconnects.
*/
switch(rc) {
+ case AP_FILTER_ERROR :
+ *error_msg = apr_pstrdup(msr->mp, "Error reading request body: filter error");
+ return -8;
+
case APR_INCOMPLETE :
*error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
return -7;
@@ -231,7 +235,7 @@ apr_status_t read_request_body(modsec_re
case APR_TIMEUP :
*error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
return -4;
- case AP_FILTER_ERROR :
+ case APR_ENOSPC:
*error_msg = apr_psprintf(msr->mp, "Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)");
return -3;
case APR_EGENERAL :
Index: modsecurity-v2.9.8/apache2/mod_security2.c
===================================================================
--- modsecurity-v2.9.8.orig/apache2/mod_security2.c
+++ modsecurity-v2.9.8/apache2/mod_security2.c
@@ -1032,7 +1032,7 @@ static int hook_request_late(request_rec
}
rc = read_request_body(msr, &my_error_msg);
- if (rc < 0 && msr->txcfg->is_enabled == MODSEC_ENABLED) {
+ if (rc < 0) {
switch(rc) {
case -1 :
if (my_error_msg != NULL) {
@@ -1040,6 +1040,21 @@ static int hook_request_late(request_rec
}
return HTTP_INTERNAL_SERVER_ERROR;
break;
+ case -2 : /* Bad request. */
+ case -6 : /* EOF when reading request body. */
+ case -7 : /* Partial recieved */
+ if (my_error_msg != NULL) {
+ msr_log(msr, 4, "%s", my_error_msg);
+ }
+ r->connection->keepalive = AP_CONN_CLOSE;
+ return HTTP_BAD_REQUEST;
+ break;
+ case -3 : /* Apache's LimitRequestBody. */
+ if (my_error_msg != NULL) {
+ msr_log(msr, 1, "%s", my_error_msg);
+ }
+ return HTTP_REQUEST_ENTITY_TOO_LARGE;
+ break;
case -4 : /* Timeout. */
if (my_error_msg != NULL) {
msr_log(msr, 4, "%s", my_error_msg);
@@ -1061,19 +1076,11 @@ static int hook_request_late(request_rec
}
}
break;
- case -6 : /* EOF when reading request body. */
- if (my_error_msg != NULL) {
- msr_log(msr, 4, "%s", my_error_msg);
- }
- r->connection->keepalive = AP_CONN_CLOSE;
- return HTTP_BAD_REQUEST;
- break;
- case -7 : /* Partial recieved */
+ case -8 : /* Filter error. */
if (my_error_msg != NULL) {
- msr_log(msr, 4, "%s", my_error_msg);
+ msr_log(msr, 1, "%s", my_error_msg);
}
- r->connection->keepalive = AP_CONN_CLOSE;
- return HTTP_BAD_REQUEST;
+ return AP_FILTER_ERROR;
break;
default :
/* allow through */

BIN
modsecurity-v2.9.11.tar.gz LFS
View File

Binary file not shown.

16
modsecurity-v2.9.11.tar.gz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECyuhkkBltEaRICoq0obgIhSfD24FAmhkPzkACgkQ0obgIhSf
D24YRw/+JF1n0okE+h4JtAOha1AAr7PP2KlNxiCJmmhTpSs2TMyKQCE6FOcYsSKp
Moffi7oHq28t5X2QEafYd/3B1cp8fZK2QRNJp3blNngSufcOjTfuM/sbm74BXQp0
/tR/00Ckjbxr4Wpxz3uqWrKthMHAFX2YBfYrO7GDcwLAGUNVxqd2gm1k8JPqgYQU
9vYE9ykbTsIFTbZc1ajweKD8Ia5UbA4phA9HFX3AABLJOWfXysMEmkdwRnyq5Jgo
tSYcWBS1+Ij3tBCVdN4Np6qwoV5yvJtXAEjt8E25tDjotP8rM1y8/qcDxJJOsPQC
54rOjMRxOcfFvBuTgmLqH1Eowys1SUviu+jyMOxRoW/mxWqsKmjLFimQ33k9cFKB
9Fyu4tkkKtA2TP4oxb/IuJ2iJYRh0DVdq/MXgeS4XDv1Fa6tcG4eTONR2czgcdJ6
PpFdbAoNBiCpPABCiFt3uLW6c+uKcURw9brUnwF3nnPpdl5Gfz/at54hbDxsTv1b
U958aoG1db1FFG62xMR9cpIHyxwP9vaAYKKyaZvNhrGf/ilPzIabTEZQaeXYfRVw
g9GyvUSjZbTSnvBgWThpSYsJhP7pmbAS/0lCexS1vYl7wiT0RIZnUI1pjH21WtOG
/PAhFVT5Ivhfv6oeKEIBu80sTA2SWZ7Tq47a9vJNDleJzuQAMH8=
=N9wk
-----END PGP SIGNATURE-----

3
modsecurity-v2.9.12.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:79ada8693303be3490201397344bf66900a45f07ae328bf6cf01ca99e5d135fa
size 4366282

16
modsecurity-v2.9.12.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECyuhkkBltEaRICoq0obgIhSfD24FAmiSWM0ACgkQ0obgIhSf
D27ucQ//XQae+Ou0fuFw/P4YC65r/i1W2hQ6l/PGsXw5k9xgiY22qitaJEngBcbk
77hA7x5X1aQZ2/e965IDeT8n8A5J2ERLfbeFHpKQKY3LxzOxzzihqcXVCMQR4G50
+XrgTpAd+q1nrwVAh7fZQjVtdbBsv+jTuST/W/vFL4GCwsZcLrAfQlrDYT6O13tg
4j6UqiZ18NvH7XsuT2F26ScpNbeBL691VDXsgg7UyPWuYp3gz8iUQUfAsuRwxpDx
7b9S/pupGMMBslWoCx1BdLotHaLs3TQ+nEh3ahwC/gQqq/7qlzDXIS47znwVKZPR
ggOII4Auq/0aes/3zjMfF3ssY5gLnB4FRkAiI9bKCqO+rjJPdzbh7X9+BrzILVfI
4w7nc0Vmj6L1VKAJpGPrE3Yqv4z4HlSCfBJZ2OSqYJzaJxpqEGZjq5Q9fDDZzMYG
perrpGRoaxqn+K2cLur34Nvq1sdbFCC6WNGBo7bFsK3vsh542qpRmAey5Ikuxxx8
JtYttjEd7yBDsZ5ySnv499ftJlyxb/CxmMpr9lJCvxBLUFPbSPT3cKTgxnaPqYGP
BYnTe94gza05IPRWvcVTz46IV01cm3jYi5VEwFguzO8UZQnsbmytlLaqDYJZf3/H
IKm6oS3dibr4BG4CtbGLKrqJegJ+XjUNTujwdo2M1LuA7VyQ+xE=
=mjbm
-----END PGP SIGNATURE-----