From c648fa3d5cd860972c7d0b02bf6bb4cd05147b5647c21b874c024fa83b3e0170 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tomas.chvatal@gmail.com>
Date: Sun, 1 Mar 2015 11:04:28 +0000
Subject: [PATCH] Accepting request 287448 from
 home:elvigia:branches:Apache:Modules

- spec, build: Respect optflags
- spec: buildrequire pkgconfig
- modsecurity-fixes.patch: mod_security fails at:
  * building with optflags enabled due to undefined behaviour
    and implicit declarations.
  * It abuses it apr_allocator api, creating one allocator
    per request and then destroying it, flooding the system
    with mmap() , munmap requests, this is particularly nasty
    with threaded mpms. it should instead use the allocator
    from the request pool.

OBS-URL: https://build.opensuse.org/request/show/287448
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=61
---
 apache2-mod_security2.changes | 15 +++++++++
 apache2-mod_security2.spec    |  7 ++--
 modsecurity-fixes.patch       | 62 +++++++++++++++++++++++++++++++++++
 3 files changed, 81 insertions(+), 3 deletions(-)
 create mode 100644 modsecurity-fixes.patch

diff --git a/apache2-mod_security2.changes b/apache2-mod_security2.changes
index ad53836..8c9a3c9 100644
--- a/apache2-mod_security2.changes
+++ b/apache2-mod_security2.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Feb 24 04:23:11 UTC 2015 - crrodriguez@opensuse.org
+
+- spec, build: Respect optflags
+- spec: buildrequire pkgconfig
+- modsecurity-fixes.patch: mod_security fails at:
+  * building with optflags enabled due to undefined behaviour
+    and implicit declarations.
+  * It abuses it apr_allocator api, creating one allocator
+    per request and then destroying it, flooding the system
+    with mmap() , munmap requests, this is particularly nasty
+    with threaded mpms. it should instead use the allocator
+    from the request pool.
+
+
 -------------------------------------------------------------------
 Sat Feb 14 17:51:49 UTC 2015 - thomas.worm@sicsec.de
 
diff --git a/apache2-mod_security2.spec b/apache2-mod_security2.spec
index 263bf9b..af59a6e 100644
--- a/apache2-mod_security2.spec
+++ b/apache2-mod_security2.spec
@@ -41,6 +41,7 @@ Source5:        modsecurity_diagram_apache_request_cycle.jpg
 Source6:        README-SUSE-mod_security2.txt
 Source7:        empty.conf
 Patch0:         apache2-mod_security2-no_rpath.diff
+Patch1:         modsecurity-fixes.patch
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel
 BuildRequires:  apache2-prefork
@@ -52,6 +53,7 @@ BuildRequires:  libtool
 BuildRequires:  libxml2-devel
 BuildRequires:  lua-devel
 BuildRequires:  pcre-devel
+BuildRequires:  pkgconfig
 Requires:       %{apache_mmn}
 Requires:       apache2
 #
@@ -75,8 +77,7 @@ mv -v SpiderLabs* rules
 bzip2 -dc %{SOURCE3} > %{_sourcedir}/%{refman} && touch -r %{SOURCE3} %{_sourcedir}/%{refman}
 bzip2 -dc %{SOURCE4} > %{_sourcedir}/%{faq} && touch -r %{SOURCE4} %{_sourcedir}/%{faq}
 %patch0
-#%patch1
-#%patch2
+%patch1 -p1
 
 %build
 # aclocal only works with never distributions,
@@ -87,7 +88,7 @@ aclocal
 autoreconf -fi
 %endif
 automake
-./configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config
+%configure --with-apxs=%{apache_apxs} --enable-request-early --enable-htaccess-config
 CFLAGS="%{optflags}" make %{?_smp_mflags}
 
 %install
diff --git a/modsecurity-fixes.patch b/modsecurity-fixes.patch
new file mode 100644
index 0000000..80216d7
--- /dev/null
+++ b/modsecurity-fixes.patch
@@ -0,0 +1,62 @@
+--- modsecurity-2.9.0.orig/apache2/mod_security2.c
++++ modsecurity-2.9.0/apache2/mod_security2.c
+@@ -457,17 +457,13 @@ static void store_tx_context(modsec_rec
+  * Creates a new transaction context.
+  */
+ static modsec_rec *create_tx_context(request_rec *r) {
+-    apr_allocator_t *allocator = NULL;
+     modsec_rec *msr = NULL;
+ 
+     msr = (modsec_rec *)apr_pcalloc(r->pool, sizeof(modsec_rec));
+     if (msr == NULL) return NULL;
+ 
+-    apr_allocator_create(&allocator);
+-    apr_allocator_max_free_set(allocator, 1024);
+-    apr_pool_create_ex(&msr->mp, r->pool, NULL, allocator);
++    apr_pool_create(&msr->mp, r->pool);
+     if (msr->mp == NULL) return NULL;
+-    apr_allocator_owner_set(allocator, msr->mp);
+ 
+     msr->modsecurity = modsecurity;
+     msr->r = r;
+--- modsecurity-2.9.0.orig/apache2/msc_reqbody.c
++++ modsecurity-2.9.0/apache2/msc_reqbody.c
+@@ -88,7 +88,7 @@ apr_status_t modsecurity_request_body_st
+      * to allocate structures from (not data, which is allocated
+      * via malloc).
+      */
+-    apr_pool_create(&msr->msc_reqbody_mp, NULL);
++    apr_pool_create(&msr->msc_reqbody_mp, msr->mp);
+ 
+     /* Initialise request body processors, if any. */
+ 
+--- modsecurity-2.9.0.orig/apache2/msc_status_engine.c
++++ modsecurity-2.9.0/apache2/msc_status_engine.c
+@@ -37,6 +37,7 @@
+ #if (defined(__linux__) || defined(__gnu_linux__))
+ #include <linux/if.h>
+ #include <linux/sockios.h>
++#include <sys/ioctl.h>
+ #endif
+ #ifdef HAVE_SYS_UTSNAME_H
+ #include <sys/utsname.h>
+--- modsecurity-2.9.0.orig/apache2/msc_remote_rules.c
++++ modsecurity-2.9.0/apache2/msc_remote_rules.c
+@@ -792,6 +792,7 @@ next:
+         "compilation.";
+     return -1;
+ #endif
++    return -1;
+ }
+ 
+ 
+--- modsecurity-2.9.0.orig/apache2/msc_util.c
++++ modsecurity-2.9.0/apache2/msc_util.c
+@@ -18,6 +18,7 @@
+ #include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <arpa/inet.h>
+ 
+ #include "msc_release.h"
+ #include "msc_util.h"