forked from pool/apache2-mod_security2
7ec8988758
in autoconf m4 macros. Obsoletes patch
modsecurity-apache_2.8.0-build_fix_pcre.diff
- use automake for build, add autoconf and automake to
BuildRequires:. This fix is combined with [bnc#876878].
- turn on --enable-htaccess-config
- use %{?_smp_mflags} for build
- OWASP rule set. [bnc#876878]
new in 2.8.0 (more complete changelog to add to last changelog):
* Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit)
now support white and suspicious list
* New variables: FULL_REQUEST and FULL_REQUEST_LENGTH
* GPLv2 replaced by Apache License v2
* rules are not part of the source tarball any longer, but
maintaned upstream externally, and included in this package.
* documentation was externalized to a wiki. Package contains
the FAQ and the reference manual in html form.
* renamed the term "Encryption" in directives that actually refer
to hashes. See CHANGES file for more details.
* byte conversion issues on s390x when logging fixed.
* many small issues fixed that were discovered by a Coverity scanner
* updated reference manual
* wrong time calculation when logging for some timezones fixed.
* replaced time-measuring mechanism with finer granularity for
measured request/answer phases. (Stopwatch remains for compat.)
* cookie parser memory leak fix
* parsing of quoted strings in multipart Content-Disposition
headers fixed.
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=46
325 lines
14 KiB
Diff
325 lines
14 KiB
Diff
diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.am ./apache2/Makefile.am
|
|
--- ../modsecurity-2.8.0-o/apache2/Makefile.am 2014-04-15 14:44:04.000000000 +0200
|
|
+++ ./apache2/Makefile.am 2014-06-16 16:17:44.000000000 +0200
|
|
@@ -73,61 +73,61 @@
|
|
@APXS_LDFLAGS@ \
|
|
@LIBXML2_LDFLAGS@ \
|
|
@LUA_LDFLAGS@ \
|
|
@PCRE_LDFLAGS@ \
|
|
@YAJL_LDFLAGS@
|
|
endif
|
|
|
|
if MACOSX
|
|
mod_security2_la_LDFLAGS = -module -avoid-version \
|
|
@APR_LDFLAGS@ \
|
|
@APU_LDFLAGS@ \
|
|
@APXS_LDFLAGS@ \
|
|
@LIBXML2_LDFLAGS@ \
|
|
@LUA_LDFLAGS@ \
|
|
@PCRE_LDFLAGS@ \
|
|
@YAJL_LDFLAGS@
|
|
endif
|
|
|
|
if SOLARIS
|
|
mod_security2_la_LDFLAGS = -module -avoid-version \
|
|
@APR_LDFLAGS@ \
|
|
@APU_LDFLAGS@ \
|
|
@APXS_LDFLAGS@ \
|
|
@LIBXML2_LDFLAGS@ \
|
|
@LUA_LDFLAGS@ \
|
|
@PCRE_LDFLAGS@ \
|
|
@YAJL_LDFLAGS@
|
|
endif
|
|
|
|
if LINUX
|
|
-mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version -R @PCRE_LD_PATH@ \
|
|
+mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
|
|
@APR_LDFLAGS@ \
|
|
@APU_LDFLAGS@ \
|
|
@APXS_LDFLAGS@ \
|
|
@LIBXML2_LDFLAGS@ \
|
|
@LUA_LDFLAGS@ \
|
|
@PCRE_LDFLAGS@ \
|
|
@YAJL_LDFLAGS@
|
|
endif
|
|
|
|
if FREEBSD
|
|
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
|
|
@APR_LDFLAGS@ \
|
|
@APU_LDFLAGS@ \
|
|
@APXS_LDFLAGS@ \
|
|
@LIBXML2_LDFLAGS@ \
|
|
@LUA_LDFLAGS@ \
|
|
@PCRE_LDFLAGS@ \
|
|
@YAJL_LDFLAGS@
|
|
endif
|
|
|
|
if OPENBSD
|
|
mod_security2_la_LDFLAGS = -no-undefined -module -avoid-version \
|
|
@APR_LDFLAGS@ \
|
|
@APU_LDFLAGS@ \
|
|
@APXS_LDFLAGS@ \
|
|
@LIBXML2_LDFLAGS@ \
|
|
@LUA_LDFLAGS@ \
|
|
@PCRE_LDFLAGS@ \
|
|
@YAJL_LDFLAGS@
|
|
endif
|
|
diff -rNU 30 ../modsecurity-2.8.0-o/apache2/Makefile.in ./apache2/Makefile.in
|
|
--- ../modsecurity-2.8.0-o/apache2/Makefile.in 2014-04-15 14:44:14.000000000 +0200
|
|
+++ ./apache2/Makefile.in 2014-06-16 16:18:03.000000000 +0200
|
|
@@ -600,61 +600,61 @@
|
|
else :; fi; \
|
|
done; \
|
|
test -z "$$list2" || { \
|
|
echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \
|
|
$(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \
|
|
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \
|
|
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \
|
|
}
|
|
|
|
uninstall-pkglibLTLIBRARIES:
|
|
@$(NORMAL_UNINSTALL)
|
|
@list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \
|
|
for p in $$list; do \
|
|
$(am__strip_dir) \
|
|
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \
|
|
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \
|
|
done
|
|
|
|
clean-pkglibLTLIBRARIES:
|
|
-test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES)
|
|
@list='$(pkglib_LTLIBRARIES)'; \
|
|
locs=`for p in $$list; do echo $$p; done | \
|
|
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
|
|
sort -u`; \
|
|
test -z "$$locs" || { \
|
|
echo rm -f $${locs}; \
|
|
rm -f $${locs}; \
|
|
}
|
|
|
|
mod_security2.la: $(mod_security2_la_OBJECTS) $(mod_security2_la_DEPENDENCIES) $(EXTRA_mod_security2_la_DEPENDENCIES)
|
|
- $(AM_V_CCLD)$(mod_security2_la_LINK) -rpath $(pkglibdir) $(mod_security2_la_OBJECTS) $(mod_security2_la_LIBADD) $(LIBS)
|
|
+ $(AM_V_CCLD)$(mod_security2_la_LINK) $(mod_security2_la_OBJECTS) $(mod_security2_la_LIBADD) $(LIBS)
|
|
|
|
mostlyclean-compile:
|
|
-rm -f *.$(OBJEXT)
|
|
|
|
distclean-compile:
|
|
-rm -f *.tab.c
|
|
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-acmp.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_config.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_io.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-apache2_util.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_html5.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_sqli.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-libinjection_xss.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-mod_security2.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-modsecurity.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_crypt.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_geo.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_gsb.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_json.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_logging.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_lua.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_multipart.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_parsers.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_pcre.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_release.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_reqbody.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_status_engine.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_tree.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_security2_la-msc_unicode.Plo@am__quote@
|
|
diff -rNU 30 ../modsecurity-2.8.0-o/build/libtool.m4 ./build/libtool.m4
|
|
--- ../modsecurity-2.8.0-o/build/libtool.m4 2014-04-15 14:44:04.000000000 +0200
|
|
+++ ./build/libtool.m4 2014-06-16 16:16:39.000000000 +0200
|
|
@@ -4661,61 +4661,61 @@
|
|
if test "$with_gnu_ld" = yes; then
|
|
case $host_os in
|
|
aix*)
|
|
# The AIX port of GNU ld has always aspired to compatibility
|
|
# with the native linker. However, as the warning in the GNU ld
|
|
# block says, versions before 2.19.5* couldn't really create working
|
|
# shared libraries, regardless of the interface used.
|
|
case `$LD -v 2>&1` in
|
|
*\ \(GNU\ Binutils\)\ 2.19.5*) ;;
|
|
*\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
|
|
*\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
|
|
*)
|
|
lt_use_gnu_ld_interface=yes
|
|
;;
|
|
esac
|
|
;;
|
|
*)
|
|
lt_use_gnu_ld_interface=yes
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if test "$lt_use_gnu_ld_interface" = yes; then
|
|
# If archive_cmds runs LD, not CC, wlarc should be empty
|
|
wlarc='${wl}'
|
|
|
|
# Set some defaults for GNU ld with shared library support. These
|
|
# are reset later if shared libraries are not supported. Putting them
|
|
# here allows them to be overridden if necessary.
|
|
runpath_var=LD_RUN_PATH
|
|
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
|
|
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
|
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
|
|
# ancient GNU ld didn't support --whole-archive et. al.
|
|
if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
|
|
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
|
|
else
|
|
_LT_TAGVAR(whole_archive_flag_spec, $1)=
|
|
fi
|
|
supports_anon_versioning=no
|
|
case `$LD -v 2>&1` in
|
|
*GNU\ gold*) supports_anon_versioning=yes ;;
|
|
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
|
|
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
|
|
*\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
|
|
*\ 2.11.*) ;; # other 2.11 versions
|
|
*) supports_anon_versioning=yes ;;
|
|
esac
|
|
|
|
# See if GNU ld supports shared libraries.
|
|
case $host_os in
|
|
aix[[3-9]]*)
|
|
# On AIX/PPC, the GNU linker is very broken
|
|
if test "$host_cpu" != ia64; then
|
|
_LT_TAGVAR(ld_shlibs, $1)=no
|
|
cat <<_LT_EOF 1>&2
|
|
|
|
*** Warning: the GNU linker, at least up to release 2.19, is reported
|
|
*** to be unable to reliably create shared libraries on AIX.
|
|
*** Therefore, libtool is disabling shared libraries support. If you
|
|
*** really care for shared libraries, you may want to install binutils
|
|
*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
|
|
@@ -4897,61 +4897,61 @@
|
|
_LT_EOF
|
|
elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
|
|
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
|
|
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
|
|
else
|
|
_LT_TAGVAR(ld_shlibs, $1)=no
|
|
fi
|
|
;;
|
|
|
|
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
|
|
case `$LD -v 2>&1` in
|
|
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
|
|
_LT_TAGVAR(ld_shlibs, $1)=no
|
|
cat <<_LT_EOF 1>&2
|
|
|
|
*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
|
|
*** reliably create shared libraries on SCO systems. Therefore, libtool
|
|
*** is disabling shared libraries support. We urge you to upgrade GNU
|
|
*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
|
|
*** your PATH or compiler configuration so that the native linker is
|
|
*** used, and then restart.
|
|
|
|
_LT_EOF
|
|
;;
|
|
*)
|
|
# For security reasons, it is highly recommended that you always
|
|
# use absolute paths for naming shared libraries, and exclude the
|
|
# DT_RUNPATH tag from executables and libraries. But doing so
|
|
# requires that you compile everything twice, which is a pain.
|
|
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
|
|
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
|
|
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
|
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
|
|
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
|
|
else
|
|
_LT_TAGVAR(ld_shlibs, $1)=no
|
|
fi
|
|
;;
|
|
esac
|
|
;;
|
|
|
|
sunos4*)
|
|
_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
|
|
wlarc=
|
|
_LT_TAGVAR(hardcode_direct, $1)=yes
|
|
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
|
|
;;
|
|
|
|
*)
|
|
if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
|
|
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
|
|
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
|
|
else
|
|
_LT_TAGVAR(ld_shlibs, $1)=no
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
|
|
runpath_var=
|
|
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
|
|
_LT_TAGVAR(export_dynamic_flag_spec, $1)=
|
|
@@ -5907,61 +5907,61 @@
|
|
else
|
|
$as_unset lt_cv_path_LD
|
|
fi
|
|
test -z "${LDCXX+set}" || LD=$LDCXX
|
|
CC=${CXX-"c++"}
|
|
CFLAGS=$CXXFLAGS
|
|
compiler=$CC
|
|
_LT_TAGVAR(compiler, $1)=$CC
|
|
_LT_CC_BASENAME([$compiler])
|
|
|
|
if test -n "$compiler"; then
|
|
# We don't want -fno-exception when compiling C++ code, so set the
|
|
# no_builtin_flag separately
|
|
if test "$GXX" = yes; then
|
|
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
|
|
else
|
|
_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
|
|
fi
|
|
|
|
if test "$GXX" = yes; then
|
|
# Set up default GNU C++ configuration
|
|
|
|
LT_PATH_LD
|
|
|
|
# Check if GNU C++ uses GNU ld as the underlying linker, since the
|
|
# archiving commands below assume that GNU ld is being used.
|
|
if test "$with_gnu_ld" = yes; then
|
|
_LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
|
|
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
|
|
|
|
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
|
|
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
|
_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
|
|
|
|
# If archive_cmds runs LD, not CC, wlarc should be empty
|
|
# XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
|
|
# investigate it a little bit more. (MM)
|
|
wlarc='${wl}'
|
|
|
|
# ancient GNU ld didn't support --whole-archive et. al.
|
|
if eval "`$CC -print-prog-name=ld` --help 2>&1" |
|
|
$GREP 'no-whole-archive' > /dev/null; then
|
|
_LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
|
|
else
|
|
_LT_TAGVAR(whole_archive_flag_spec, $1)=
|
|
fi
|
|
else
|
|
with_gnu_ld=no
|
|
wlarc=
|
|
|
|
# A generic and very simple default shared library creation
|
|
# command for GNU C++ for the case where it uses the native
|
|
# linker, instead of GNU ld. If possible, this setting should
|
|
# overridden to take advantage of the native linker features on
|
|
# the platform it is being used on.
|
|
_LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
|
|
fi
|
|
|
|
# Commands to make compiler produce verbose output that lists
|
|
# what "hidden" libraries, object files and flags are used when
|
|
# linking a shared library.
|
|
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
|