1
0
Commit Graph

3 Commits

Author SHA256 Message Date
8a706f0f57 Accepting request 556963 from home:kstreitova:branches:Apache:Modules
- update to 2.9.2
  * release notes
    https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2
  * refresh apache2-mod_security2-no_rpath.diff
  * remove apache2-mod_security2-lua-5.3.patch that was applied
    upstream
- remove outdated html pages and diagram (they can be accessed
  online at https://github.com/SpiderLabs/ModSecurity/wiki)
  * Reference-Manual.html.bz2
  * ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
  * modsecurity_diagram_apache_request_cycle.jpg
- don't pack the whole doc directory as it contains also Makefiles
  or doxygen configuration files
- disable mlogc as we don't pack it and it also can't be built for
  curl <=7.34
- add basic and regression test suite (but disabled for now)
  * add apache2-mod_security2_tests_conf.patch for apache2
    configuration file used for tests that was trying to load
    mpm_worker_module (it's static for our apache2 package)
  * add "BuildRequires: perl-libwww-perl" needed for the test suite

OBS-URL: https://build.opensuse.org/request/show/556963
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=75
2017-12-18 09:36:29 +00:00
Roman Drahtmueller
fdf6dd2bf3 Accepting request 206042 from home:draht:branches:Apache:Modules
- complete overhaul of this package, with update to 2.7.5.
- ruleset update to 2.2.8-0-g0f07cbb.
- new configuration framework private to mod_security2:
  /etc/apache2/conf.d/mod_security2.conf loads
  /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf,
  then /etc/apache2/mod_security2.d/*.conf , as set up based on
  advice in /etc/apache2/conf.d/mod_security2.conf
  Your configuration starting point is
  /etc/apache2/conf.d/mod_security2.conf
- !!! Please note that mod_unique_id is needed for mod_security2 to run!
- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
  linker parameter, preventing rpath in shared object.
- fixes contained for the following bugs:
  * CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
  * [bnc#768293] multi-part bypass, minor threat
  * CVE-2013-1915 [bnc#813190] XML external entity vulnerability
  * CVE-2012-4528 [bnc#789393] rule bypass
  * CVE-2013-2765 [bnc#822664] null pointer dereference crash
- new from 2.5.9 to 2.7.5, only major changes:
  * GPLv2 replaced by Apache License v2
  * rules are not part of the source tarball any longer, but
    maintaned upstream externally, and included in this package.
  * documentation was externalized to a wiki. Package contains
    the FAQ and the reference manual in html form.
  * renamed the term "Encryption" in directives that actually refer
    to hashes. See CHANGES file for more details.
  * new directive SecXmlExternalEntity, default off
  * byte conversion issues on s390x when logging fixed.
  * many small issues fixed that were discovered by a Coverity scanner
  * updated reference manual

OBS-URL: https://build.opensuse.org/request/show/206042
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=42
2013-11-06 23:16:14 +00:00
OBS User unknown
b08c840c20 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_security2?expand=0&rev=1 2008-09-24 13:02:28 +00:00