2008-09-24 15:02:28 +02:00
|
|
|
## Default LFS
|
|
|
|
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.png filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
|
|
|
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
Accepting request 206042 from home:draht:branches:Apache:Modules
- complete overhaul of this package, with update to 2.7.5.
- ruleset update to 2.2.8-0-g0f07cbb.
- new configuration framework private to mod_security2:
/etc/apache2/conf.d/mod_security2.conf loads
/usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf,
then /etc/apache2/mod_security2.d/*.conf , as set up based on
advice in /etc/apache2/conf.d/mod_security2.conf
Your configuration starting point is
/etc/apache2/conf.d/mod_security2.conf
- !!! Please note that mod_unique_id is needed for mod_security2 to run!
- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
linker parameter, preventing rpath in shared object.
- fixes contained for the following bugs:
* CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
* [bnc#768293] multi-part bypass, minor threat
* CVE-2013-1915 [bnc#813190] XML external entity vulnerability
* CVE-2012-4528 [bnc#789393] rule bypass
* CVE-2013-2765 [bnc#822664] null pointer dereference crash
- new from 2.5.9 to 2.7.5, only major changes:
* GPLv2 replaced by Apache License v2
* rules are not part of the source tarball any longer, but
maintaned upstream externally, and included in this package.
* documentation was externalized to a wiki. Package contains
the FAQ and the reference manual in html form.
* renamed the term "Encryption" in directives that actually refer
to hashes. See CHANGES file for more details.
* new directive SecXmlExternalEntity, default off
* byte conversion issues on s390x when logging fixed.
* many small issues fixed that were discovered by a Coverity scanner
* updated reference manual
OBS-URL: https://build.opensuse.org/request/show/206042
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=42
2013-11-07 00:16:14 +01:00
|
|
|
## Specific LFS patterns
|
|
|
|
|
modsecurity_diagram_apache_request_cycle.jpg filter=lfs diff=lfs merge=lfs -text
|
