- apache2-mod_security2-no_rpath.diff: avoid the usage of -rpath

in autoconf m4 macros. Obsoletes patch modsecurity-apache_2.8.0-build_fix_pcre.diff - use automake for build, add autoconf and automake to BuildRequires:. This fix is combined with [bnc#876878]. - turn on --enable-htaccess-config - use %{?_smp_mflags} for build - OWASP rule set. [bnc#876878] new in 2.8.0 (more complete changelog to add to last changelog): * Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit) now support white and suspicious list * New variables: FULL_REQUEST and FULL_REQUEST_LENGTH * GPLv2 replaced by Apache License v2 * rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. * documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. * renamed the term "Encryption" in directives that actually refer to hashes. See CHANGES file for more details. * byte conversion issues on s390x when logging fixed. * many small issues fixed that were discovered by a Coverity scanner * updated reference manual * wrong time calculation when logging for some timezones fixed. * replaced time-measuring mechanism with finer granularity for measured request/answer phases. (Stopwatch remains for compat.) * cookie parser memory leak fix * parsing of quoted strings in multipart Content-Disposition headers fixed. OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=46
2014-06-16 15:37:59 +00:00 · 2014-06-16 15:37:59 +00:00 · 7ec8988758
commit 7ec8988758
parent 2052f24a65
7 changed files with 393 additions and 73 deletions
--- a/SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz
+++ b/SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:74053b91ff528ef1052da65ea56881c6849ef809074a84e01dbd8a70ec369e87
-size 279879
--- a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
+++ b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bae3ef19925168a3b8ef9663bc9ed677cc6ca2fdbdbdd6111653c1b2991e24e3
+size 280011
--- a/apache2-mod_security2-no_rpath.diff
+++ b/apache2-mod_security2-no_rpath.diff
@ -0,0 +1,324 @@
+diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.am ./apache2/Makefile.am
+--- ../modsecurity-2.8.0-o/apache2/Makefile.am	2014-04-15 14:44:04.000000000 +0200
+++ ./apache2/Makefile.am	2014-06-16 16:17:44.000000000 +0200
+@@ -73,61 +73,61 @@
+     @APXS_LDFLAGS@ \
+     @LIBXML2_LDFLAGS@ \
+     @LUA_LDFLAGS@ \
+     @PCRE_LDFLAGS@ \
+     @YAJL_LDFLAGS@
+ endif
+ 
+ if MACOSX
+ mod_security2_la_LDFLAGS = -module -avoid-version \
+     @APR_LDFLAGS@ \
+     @APU_LDFLAGS@ \
+     @APXS_LDFLAGS@ \
+     @LIBXML2_LDFLAGS@ \
+     @LUA_LDFLAGS@ \
+     @PCRE_LDFLAGS@ \
+     @YAJL_LDFLAGS@
+ endif
+ 
+ if SOLARIS
+ mod_security2_la_LDFLAGS = -module -avoid-version \
+     @APR_LDFLAGS@ \
+     @APU_LDFLAGS@ \
+     @APXS_LDFLAGS@ \
+     @LIBXML2_LDFLAGS@ \
+     @LUA_LDFLAGS@ \
+     @PCRE_LDFLAGS@ \
+     @YAJL_LDFLAGS@
+ endif
+ 
+ if LINUX
+-mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH@ \
+mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
+     @APR_LDFLAGS@ \
+     @APU_LDFLAGS@ \
+     @APXS_LDFLAGS@ \
+     @LIBXML2_LDFLAGS@ \
+     @LUA_LDFLAGS@ \
+     @PCRE_LDFLAGS@ \
+     @YAJL_LDFLAGS@
+ endif
+ 
+ if FREEBSD
+ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
+     @APR_LDFLAGS@ \
+     @APU_LDFLAGS@ \
+     @APXS_LDFLAGS@ \
+     @LIBXML2_LDFLAGS@ \
+     @LUA_LDFLAGS@ \
+     @PCRE_LDFLAGS@ \
+     @YAJL_LDFLAGS@
+ endif
+ 
+ if OPENBSD
+ mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
+     @APR_LDFLAGS@ \
+     @APU_LDFLAGS@ \
+     @APXS_LDFLAGS@ \
+     @LIBXML2_LDFLAGS@ \
+     @LUA_LDFLAGS@ \
+     @PCRE_LDFLAGS@ \
+     @YAJL_LDFLAGS@
+ endif
+diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.in ./apache2/Makefile.in
+--- ../modsecurity-2.8.0-o/apache2/Makefile.in	2014-04-15 14:44:14.000000000 +0200
+++ ./apache2/Makefile.in	2014-06-16 16:18:03.000000000 +0200
+@@ -600,61 +600,61 @@
+ 	  else :; fi; \
+ 	done; \
+ 	test -z "$$list2" || { \
+ 	  echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \
+ 	  $(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \
+ 	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
+ 	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
+ 	}
+ 
+ uninstall-pkglibLTLIBRARIES:
+ 	@$(NORMAL_UNINSTALL)
+ 	@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
+ 	for p in $$list; do \
+ 	  $(am__strip_dir) \
+ 	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \
+ 	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \
+ 	done
+ 
+ clean-pkglibLTLIBRARIES:
+ 	-test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
+ 	@list='$(pkglib_LTLIBRARIES)'; \
+ 	locs=`for p in $$list; do echo $$p; done | \
+ 	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ 	      sort -u`; \
+ 	test -z "$$locs" || { \
+ 	  echo rm -f $${locs}; \
+ 	  rm -f $${locs}; \
+ 	}
+ 
+ mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES) $(EXTRA_mod_security2_la_DEPENDENCIES) 
+-	$(AM_V_CCLD)$(mod_security2_la_LINK) -rpath $(pkglibdir) $(mod_security2_la_OBJECTS) $(mod_security2_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(mod_security2_la_LINK) $(mod_security2_la_OBJECTS) $(mod_security2_la_LIBADD) $(LIBS)
+ 
+ mostlyclean-compile:
+ 	-rm -f *.$(OBJEXT)
+ 
+ distclean-compile:
+ 	-rm -f *.tab.c
+ 
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-acmp.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_config.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_io.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_util.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_html5.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_sqli.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_xss.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-mod_security2.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-modsecurity.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_crypt.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_geo.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_gsb.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_json.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_logging.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_lua.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_multipart.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_parsers.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_pcre.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_release.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_reqbody.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_status_engine.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_tree.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_unicode.Plo@am__quote@
+diff -rNU 30 ../modsecurity-2.8.0-o/build/libtool.m4 ./build/libtool.m4
+--- ../modsecurity-2.8.0-o/build/libtool.m4	2014-04-15 14:44:04.000000000 +0200
+++ ./build/libtool.m4	2014-06-16 16:16:39.000000000 +0200
+@@ -4661,61 +4661,61 @@
+   if test "$with_gnu_ld" = yes; then
+     case $host_os in
+       aix*)
+ 	# The AIX port of GNU ld has always aspired to compatibility
+ 	# with the native linker.  However, as the warning in the GNU ld
+ 	# block says, versions before 2.19.5* couldn't really create working
+ 	# shared libraries, regardless of the interface used.
+ 	case `$LD -v 2>&1` in
+ 	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
+ 	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
+ 	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
+ 	  *)
+ 	    lt_use_gnu_ld_interface=yes
+ 	    ;;
+ 	esac
+ 	;;
+       *)
+ 	lt_use_gnu_ld_interface=yes
+ 	;;
+     esac
+   fi
+ 
+   if test "$lt_use_gnu_ld_interface" = yes; then
+     # If archive_cmds runs LD, not CC, wlarc should be empty
+     wlarc='${wl}'
+ 
+     # Set some defaults for GNU ld with shared library support. These
+     # are reset later if shared libraries are not supported. Putting them
+     # here allows them to be overridden if necessary.
+     runpath_var=LD_RUN_PATH
+-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+     _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+     # ancient GNU ld didn't support --whole-archive et. al.
+     if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+       _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+     else
+       _LT_TAGVAR(whole_archive_flag_spec, $1)=
+     fi
+     supports_anon_versioning=no
+     case `$LD -v 2>&1` in
+       *GNU\ gold*) supports_anon_versioning=yes ;;
+       *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+       *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+       *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+       *\ 2.11.*) ;; # other 2.11 versions
+       *) supports_anon_versioning=yes ;;
+     esac
+ 
+     # See if GNU ld supports shared libraries.
+     case $host_os in
+     aix[[3-9]]*)
+       # On AIX/PPC, the GNU linker is very broken
+       if test "$host_cpu" != ia64; then
+ 	_LT_TAGVAR(ld_shlibs, $1)=no
+ 	cat <<_LT_EOF 1>&2
+ 
+ *** Warning: the GNU linker, at least up to release 2.19, is reported
+ *** to be unable to reliably create shared libraries on AIX.
+ *** Therefore, libtool is disabling shared libraries support.  If you
+ *** really care for shared libraries, you may want to install binutils
+ *** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
+@@ -4897,61 +4897,61 @@
+ _LT_EOF
+       elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ 	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+       else
+ 	_LT_TAGVAR(ld_shlibs, $1)=no
+       fi
+       ;;
+ 
+     sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+       case `$LD -v 2>&1` in
+         *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
+ 	_LT_TAGVAR(ld_shlibs, $1)=no
+ 	cat <<_LT_EOF 1>&2
+ 
+ *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+ *** reliably create shared libraries on SCO systems.  Therefore, libtool
+ *** is disabling shared libraries support.  We urge you to upgrade GNU
+ *** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+ *** your PATH or compiler configuration so that the native linker is
+ *** used, and then restart.
+ 
+ _LT_EOF
+ 	;;
+ 	*)
+ 	  # For security reasons, it is highly recommended that you always
+ 	  # use absolute paths for naming shared libraries, and exclude the
+ 	  # DT_RUNPATH tag from executables and libraries.  But doing so
+ 	  # requires that you compile everything twice, which is a pain.
+ 	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ 	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ 	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ 	  else
+ 	    _LT_TAGVAR(ld_shlibs, $1)=no
+ 	  fi
+ 	;;
+       esac
+       ;;
+ 
+     sunos4*)
+       _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+       wlarc=
+       _LT_TAGVAR(hardcode_direct, $1)=yes
+       _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+       ;;
+ 
+     *)
+       if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ 	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+       else
+ 	_LT_TAGVAR(ld_shlibs, $1)=no
+       fi
+       ;;
+     esac
+ 
+     if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
+       runpath_var=
+       _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+       _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+@@ -5907,61 +5907,61 @@
+   else
+     $as_unset lt_cv_path_LD
+   fi
+   test -z "${LDCXX+set}" || LD=$LDCXX
+   CC=${CXX-"c++"}
+   CFLAGS=$CXXFLAGS
+   compiler=$CC
+   _LT_TAGVAR(compiler, $1)=$CC
+   _LT_CC_BASENAME([$compiler])
+ 
+   if test -n "$compiler"; then
+     # We don't want -fno-exception when compiling C++ code, so set the
+     # no_builtin_flag separately
+     if test "$GXX" = yes; then
+       _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+     else
+       _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+     fi
+ 
+     if test "$GXX" = yes; then
+       # Set up default GNU C++ configuration
+ 
+       LT_PATH_LD
+ 
+       # Check if GNU C++ uses GNU ld as the underlying linker, since the
+       # archiving commands below assume that GNU ld is being used.
+       if test "$with_gnu_ld" = yes; then
+         _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+         _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ 
+-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+         _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ 
+         # If archive_cmds runs LD, not CC, wlarc should be empty
+         # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+         #     investigate it a little bit more. (MM)
+         wlarc='${wl}'
+ 
+         # ancient GNU ld didn't support --whole-archive et. al.
+         if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+ 	  $GREP 'no-whole-archive' > /dev/null; then
+           _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+         else
+           _LT_TAGVAR(whole_archive_flag_spec, $1)=
+         fi
+       else
+         with_gnu_ld=no
+         wlarc=
+ 
+         # A generic and very simple default shared library creation
+         # command for GNU C++ for the case where it uses the native
+         # linker, instead of GNU ld.  If possible, this setting should
+         # overridden to take advantage of the native linker features on
+         # the platform it is being used on.
+         _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+       fi
+ 
+       # Commands to make compiler produce verbose output that lists
+       # what "hidden" libraries, object files and flags are used when
+       # linking a shared library.
+       output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
--- a/apache2-mod_security2.changes
+++ b/apache2-mod_security2.changes
@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Mon Jun 16 17:31:34 CEST 2014 - draht@suse.de
+
+- apache2-mod_security2-no_rpath.diff: avoid the usage of -rpath
+  in autoconf m4 macros. Obsoletes patch
+  modsecurity-apache_2.8.0-build_fix_pcre.diff
+- use automake for build, add autoconf and automake to
+  BuildRequires:. This fix is combined with [bnc#876878].
+- turn on --enable-htaccess-config
+- use %{?_smp_mflags} for build
+
+-------------------------------------------------------------------
+Thu Jun 12 12:33:49 CEST 2014 - draht@suse.de
+
+- OWASP rule set. [bnc#876878]
+  new in 2.8.0 (more complete changelog to add to last changelog):
+  * Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit)
+    now support white and suspicious list
+  * New variables: FULL_REQUEST and FULL_REQUEST_LENGTH
+  * GPLv2 replaced by Apache License v2
+  * rules are not part of the source tarball any longer, but
+    maintaned upstream externally, and included in this package.
+  * documentation was externalized to a wiki. Package contains
+    the FAQ and the reference manual in html form.
+  * renamed the term "Encryption" in directives that actually refer
+    to hashes. See CHANGES file for more details.
+  * byte conversion issues on s390x when logging fixed.
+  * many small issues fixed that were discovered by a Coverity scanner
+  * updated reference manual
+  * wrong time calculation when logging for some timezones fixed.
+  * replaced time-measuring mechanism with finer granularity for
+    measured request/answer phases. (Stopwatch remains for compat.)
+  * cookie parser memory leak fix
+  * parsing of quoted strings in multipart Content-Disposition
+    headers fixed.
+
 -------------------------------------------------------------------
 Thu May  1 05:06:15 UTC 2014 - thomas.worm@sicsec.de

--- a/apache2-mod_security2.spec
+++ b/apache2-mod_security2.spec
@ -18,46 +18,45 @@

 Name:           apache2-mod_security2
 Version:        2.8.0
-Release:        0
-%define aversion 2.8.0
+Release:        0.1
 #
 #
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  apache2-devel
 BuildRequires:  apache2-prefork
+BuildRequires:  autoconf
+BuildRequires:  automake
 BuildRequires:  c++_compiler
-BuildRequires:  curl-devel
+BuildRequires:  libcurl-devel
 BuildRequires:  libxml2-devel
+BuildRequires:  lua-devel
 BuildRequires:  pcre-devel
 %define apache        apache2
 %define modname       mod_security2
-%define tarballname   modsecurity-%{aversion}
-%define refman        Reference-Manual.html
-%define faq           ModSecurity-Frequently-Asked-Questions-FAQ.html
+%define tarballname   modsecurity-%{version}
+#
+%define apxs              %{_sbindir}/apxs2
+%define apache_libexecdir %(%{apxs} -q LIBEXECDIR)
+%define apache_sysconfdir %(%{apxs} -q SYSCONFDIR)
+%define apache_mmn       %(MMN=$(%{apxs} -q LIBEXECDIR)/MMN; test -x $MMN && $MMN)
 %define usrsharedir %{_prefix}/share/%{name}
-
-%{!?apxs: %global apxs /usr/sbin/apxs2}
-%{!?apache_libexecdir: %global apache_libexecdir %(%{apxs} -q LIBEXECDIR)}
-%{!?apache_sysconfdir: %global apache_sysconfdir %(%{apxs} -q SYSCONFDIR)}  
-%{!?apache_includedir: %global apache_includedir %(%{apxs} -q INCLUDEDIR)}
-%{!?apache_serveroot: %global apache_serverroot %(%{apxs} -q PREFIX)}
-%{!?apache_localstatedir: %global apache_localstatedir %(%{apxs} -q LOCALSTATEDIR)}
-%{!?apache_mmn: %global apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)}
-
+%define refman Reference-Manual.html
+%define faq ModSecurity-Frequently-Asked-Questions-FAQ.html
+%if 0%{?apache_mmn}
 Requires:       %{apache_mmn}
+%endif
 Requires:       apache2
 #
 Url:            http://www.modsecurity.org/
-Source:         https://www.modsecurity.org/tarball/%{version}/%{tarballname}.tar.gz
-Source1:        https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz
+Source:         http://www.modsecurity.org/download/%{tarballname}.tar.gz
+Source1:        https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
 Source2:        mod_security2.conf
 Source3:        %{refman}.bz2
 Source4:        %{faq}.bz2
 Source5:        modsecurity_diagram_apache_request_cycle.jpg
 Source6:        README-SUSE-mod_security2.txt
+Patch0:         apache2-mod_security2-no_rpath.diff
 #
-# PATCH-FIX-OPENSUSE modsecurity-apache_2.8.0-build_fix_pcre.diff
-Patch0:         modsecurity-apache_2.8.0-build_fix_pcre.diff
 Summary:        ModSecurity Open Source Web Application Firewall
 License:        Apache-2.0
 Group:          Productivity/Networking/Web/Servers
@ -75,21 +74,24 @@ ruleset. Please have a look at http://www.modsecurity.org/ for more details.

 %prep
 %setup -n %{tarballname}
-#tar -xvjpf %{S:2}
 %setup -D -T -a 1 -n %{tarballname}
 mv -v SpiderLabs* rules
 bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3} %{_sourcedir}/%{refman}
 bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4} %{_sourcedir}/%{faq}
-%patch0 -p1
+%patch0
+#%patch1
+#%patch2

 %build
-%configure --with-apxs=%{apxs} --enable-request-early --enable-htaccess-config
-make %{?_smp_mflags}
+aclocal
+automake
+./configure --with-apxs=%{apxs} --enable-request-early --enable-htaccess-config
+CFLAGS="%{optflags}" make %{?_smp_mflags}

 %install
 pushd %{apache}
  install -d -m 0755 %{buildroot}%{apache_libexecdir}
-  install -m 0755 .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so
+  install .libs/mod_security2.so %{buildroot}%{apache_libexecdir}/%{modname}.so
 popd
 install -D -m 0644 %{SOURCE2} %{buildroot}%{apache_sysconfdir}/conf.d/%{modname}.conf
 install -d -m 0755 %{buildroot}%{apache_sysconfdir}/mod_security2.d
@ -133,7 +135,6 @@ mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
 #%{usrsharedir}/rules/experimental_rules
 #%{usrsharedir}/rules/optional_rules
 #%{usrsharedir}/rules/slr_rules
-%doc doc/*
-#rules/util/regression_tests
+%doc doc/* rules/util/regression-tests

 %changelog
--- a/mod_security2.conf
+++ b/mod_security2.conf
@ -19,7 +19,7 @@
 # "mod_" as an argument!
 #
 # note: /etc/sysconfig/apache2 is evaluated upon apache start by the apache
-# start script /etc/init.d/apache2 . Changes in APACHE_MODULES are then 
+# start script /usr/sbin/start_apache2 . Changes in APACHE_MODULES are then 
 # visible in /etc/apache2/sysconfig.d/loadmodule.conf, changed by the start
 # script.
 #
@ -40,7 +40,7 @@
 # Afterwards, all files named *.conf in /etc/apache2/mod_security2.d are read.
 # For the rules you wish to apply, place a symlink to the rules file there.
 #
-# About the rules; The OWASP ModSecurity Core Rule Set version 2.2.7
+# About the rules; The OWASP ModSecurity Core Rule Set version 2.2.9
 # is contained in this package, a splendid set of rules made to provide for a
 # decent basic and even advanced protection. The rules files are contained
 # in the directory /usr/share/apache2-mod_security2/rules/.
@ -61,7 +61,7 @@
 # located in the package's documentation directory, in the state of 2013/01:
 # /usr/share/doc/packages/apache2-mod_security2
 #
-# Roman Drahtmueller <draht@suse.de>, SUSE, 20130118.
+# Roman Drahtmueller <draht@suse.de>, SUSE, 20140610.
 #


@ -93,10 +93,6 @@ SecRule REQUEST_HEADERS:Content-Type "text/xml" \
     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"


-# -- XML external entity loading by libxml2.
-# Defaults to off.
-SecXmlExternalEntity Off
-
 # Maximum request body size we will accept for buffering. If you support
 # file uploads then the value given on the first line has to be as large
 # as the largest file you are willing to accept. The second value refers
--- a/modsecurity-apache_2.8.0-build_fix_pcre.diff
+++ b/modsecurity-apache_2.8.0-build_fix_pcre.diff
@ -1,37 +0,0 @@
-diff -rupN modsecurity-apache_2.7.7.orig/apache2/Makefile.am modsecurity-apache_2.7.7/apache2/Makefile.am
--- modsecurity-apache_2.7.7.orig/apache2/Makefile.am	2013-12-17 00:55:17.000000000 +0100
-+++ modsecurity-apache_2.7.7/apache2/Makefile.am	2014-01-25 18:28:47.542133608 +0100
-@@ -100,7 +100,7 @@ mod_security2_la_LDFLAGS = -module -avoi
- endif
- 
- if LINUX
-mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH@ \
-+mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
-     @APR_LDFLAGS@ \
-     @APU_LDFLAGS@ \
-     @APXS_LDFLAGS@ \
-diff -rupN modsecurity-apache_2.7.7.orig/apache2/Makefile.in modsecurity-apache_2.7.7/apache2/Makefile.in
--- modsecurity-apache_2.7.7.orig/apache2/Makefile.in	2013-12-18 12:50:41.000000000 +0100
-+++ modsecurity-apache_2.7.7/apache2/Makefile.in	2014-01-25 18:28:59.621134193 +0100
-@@ -495,7 +495,7 @@ mod_security2_la_LIBADD = @APR_LDADD@ \
- @HPUX_TRUE@    @PCRE_LDFLAGS@ \
- @HPUX_TRUE@    @YAJL_LDFLAGS@
- 
-@LINUX_TRUE@mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH@ \
-+@LINUX_TRUE@mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
- @LINUX_TRUE@    @APR_LDFLAGS@ \
- @LINUX_TRUE@    @APU_LDFLAGS@ \
- @LINUX_TRUE@    @APXS_LDFLAGS@ \
-diff -rupN modsecurity-apache_2.7.7.orig/configure modsecurity-apache_2.7.7/configure
--- modsecurity-apache_2.7.7.orig/configure	2013-12-18 12:50:42.000000000 +0100
-+++ modsecurity-apache_2.7.7/configure	2014-01-25 18:32:31.913144475 +0100
-@@ -14233,7 +14233,8 @@ $as_echo "$as_me: pcre CFLAGS: $PCRE_CFL
-     PCRE_LDADD="`${PCRE_CONFIG} --libs`"
-     if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: pcre LDADD: $PCRE_LDADD" >&5
- $as_echo "$as_me: pcre LDADD: $PCRE_LDADD" >&6;}; fi
-    PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
-+    #PCRE_LD_PATH="/`${PCRE_CONFIG} --libs | cut -d'/' -f2,3,4,5,6 | cut -d ' ' -f1`"
-+    PCRE_LD_PATH=""
-     if test "$verbose_output" -eq 1; then { $as_echo "$as_me:${as_lineno-$LINENO}: pcre PCRE_LD_PATH: $PCRE_LD_PATH" >&5
- $as_echo "$as_me: pcre PCRE_LD_PATH: $PCRE_LD_PATH" >&6;}; fi
- else