Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: apache2-mod_security2 | Distribution: SUSE Linux Enterprise 15 |
Version: 2.9.4 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: 150400.3.6.1 | Build date: Mon Feb 13 16:55:36 2023 |
Group: Productivity/Networking/Web/Servers | Build host: goat06 |
Size: 3429007 | Source RPM: apache2-mod_security2-2.9.4-150400.3.6.1.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://www.modsecurity.org/ | |
Summary: Web Application Firewall for apache httpd |
ModSecurity is an intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
Apache-2.0
* Mon Feb 13 2023 danilo.spinella@suse.com - Fix CVE-2023-24021, FILES_TMP_CONTENT sometimes lacked the complete content (CVE-2023-24021, bsc#1207379) * fix-CVE-2023-24021.patch * Wed Jan 25 2023 danilo.spinella@suse.com - Fix CVE-2022-48279, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall (CVE-2022-48279, bsc#1207378) * fix-CVE-2022-48279.patch * Mon Jul 19 2021 danilo.spinella@suse.com - Update to 2.9.4: * Add microsec timestamp resolution to the formatted log timestamp * Added missing Geo Countries * Store temporaries in the request pool for regexes compiled per-request. * Fix other usage of the global pool for request temporaries in re_operators.c * Adds a sanity check before use ctl:ruleRemoveTargetById and ctl:ruleRemoveTargetByMsg. * Fix the order of error_msg validation * When the input filter finishes, check whether we returned data * fix: care non-null terminated chunk data * Fix for apr_global_mutex_create() crashes with mod_security * Fix inet addr handling on 64 bit big endian systems - Run spec-cleaner - Remove if/else for older version of SUSE distribution * Tue Feb 23 2021 pgajdos@suse.com - version update to 2.9.3 * Enable optimization for large stream input by default on IIS [Issue #1299 - @victorhora, @zimmerle] * Allow 0 length JSON requests. [Issue #1822 - @allanbomsft, @zimmerle, @victorhora, @marcstern] * Include unanmed JSON values in unnamed ARGS [Issue #1577, #1576 - @marcstern, @victorhora, @zimmerle] * Fix buffer size for utf8toUnicode transformation [Issue #1208 - @katef, @victorhora] * Fix sanitizing JSON request bodies in native audit log format [p0pr0ck5, @victorhora] * IIS: Update Wix installer to bundle a supported CRS version (3.0) [@victorhora, @zimmerle] * IIS: Update dependencies for Windows build [Issue #1848 - @victorhora, @hsluoyz] * IIS: Set SecStreamInBodyInspection by default on IIS builds (#1299) [Issue #1299 - @victorhora] * IIS: Update modsecurity.conf [Issue #788 - @victorhora, @brianclark] * Add sanity check for a couple malloc() and make code more resilient [Issue #979 - @dogbert2, @victorhora, @zimmerl] * Fix NetBSD build by renaming the hmac function to avoid conflicts [Issue #1241 - @victorhora, @joerg, @sevan] * IIS: Windows build, fix duplicate YAJL dir in script [Issue #1612 - @allanbomsft, @victorhora] * IIS: Remove body prebuffering due to no locking in modsecProcessRequest [Issue #1917 - @allanbomsft, @victorhora] * Fix mpm-itk / mod_ruid2 compatibility [Issue #712 - @ju5t , @derhansen, @meatlayer, @victorhora] * Code cosmetics: checks if actionset is not null before use it [Issue #1556 - @marcstern, @zimmerle, @victorhora] * Only generate SecHashKey when SecHashEngine is On [Issue #1671 - @dmuey, @monkburger, @zimmerle] * Docs: Reformat README to Markdown and update dependencies [Issue #1857 - @hsluoyz, @victorhora] * IIS: no lock on ProcessRequest. No reload of config. [Issue #1826 - @allanbomsft] * IIS: buffer request body before taking lock [Issue #1651 - @allanbomsft] * good practices: Initialize variables before use it [Issue #1889 - Marc Stern] * Let body parsers observe SecRequestBodyNoFilesLimit [Issue #1613 - @allanbomsft] * potential off by one in parse_arguments [Issue #1799 - @tinselcity, @zimmerle] * Fix utf-8 character encoding conversion [Issue #1794 - @tinselcity, @zimmerle] * Fix ip tree lookup on netmask content [Issue #1793 - @tinselcity, @zimmerle] * IIS: set overrideModeDefault to Allow so that individual websites can add <ModSecurity ...> to their web.config file [Issue #1781 - @default-kramer] * modsecurity.conf-recommended: Fix spelling [Issue #1721 - @padraigdoran] * build: fix when multiple lines for curl version [Issue #1771 - @Artistan] * Fix arabic charset in unicode_mapping file [Issue #1619 - @alaa-ahmed-a] * Optionally preallocates memory when SecStreamInBodyInspection is on [Issue #1366 - @allanbomsft, @zimmerle] * Fixed typo in build_yajl.bat [Issue #1366 - @allanbomsft] * Fixes SecConnWriteStateLimit [Issue #1545 - @nicjansma] * Added "empy chunk" check [Issue #1347, #1446 - @gravagli, @bostrt, @zimmerle] * Add capture action to @detectXSS operator [Issue #1488, #1482 - @victorhora] * Fix for wildcard operator when loading conf files on Nginx / IIS [Issue #1486, #1285 - @victorhora and @thierry-f-78] * Set of fixies to make windows build workable with the buildbots [Commit 94fe3 - @zimmerle] * Uses LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH [Issue #1510 - @marcstern] * Adds missing headers [Issue #1454 - @devnexen] - modified patches % modsecurity-fixes.patch (fix crash caused by our patch) [bsc#1180830] - added patches + modsecurity-2.9.3-input_filtering_errors.patch [bsc#1180830] * Wed Feb 12 2020 pgajdos@suse.com - removing %apache_test_* macros, do not test module just by loading the module * Fri Dec 29 2017 jengelh@inai.de - Trim advertisement and filler wording from descriptions. * Wed Dec 20 2017 pgajdos@suse.com - fix build for SLE_11_SP4: BuildRoot and %deffattr have to be present * Mon Oct 02 2017 kstreitova@suse.com - update to 2.9.2 * release notes https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2 * refresh apache2-mod_security2-no_rpath.diff * remove apache2-mod_security2-lua-5.3.patch that was applied upstream - remove outdated html pages and diagram (they can be accessed online at https://github.com/SpiderLabs/ModSecurity/wiki) * Reference-Manual.html.bz2 * ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 * modsecurity_diagram_apache_request_cycle.jpg - don't pack the whole doc directory as it contains also Makefiles or doxygen configuration files - disable mlogc as we don't pack it and it also can't be built for curl <=7.34 - add basic and regression test suite (but disabled for now) * add apache2-mod_security2_tests_conf.patch for apache2 configuration file used for tests that was trying to load mpm_worker_module (it's static for our apache2 package) * add "BuildRequires: perl-libwww-perl" needed for the test suite * Wed Jun 21 2017 dimstar@opensuse.org - Update modsecurity-fixes.patch: additionally include netdb.h in order to have gethostbyname defined. * Thu Mar 23 2017 kstreitova@suse.com - cleanup with spec-cleaner * Wed Jul 29 2015 pgajdos@suse.com - fix build for lua 5.3 + apache2-mod_security2-lua-5.3.patch * Thu Jul 16 2015 pgajdos@suse.com - Requries: %{apache_suse_maintenance_mmn} This will pull this module to the update (in released distribution) when apache maintainer thinks it is good (due api/abi changes). * Mon Mar 02 2015 tchvatal@suse.com - Remove useless comment lines/whitespace * Tue Feb 24 2015 crrodriguez@opensuse.org - spec, build: Respect optflags - spec: buildrequire pkgconfig - modsecurity-fixes.patch: mod_security fails at: * building with optflags enabled due to undefined behaviour and implicit declarations. * It abuses it apr_allocator api, creating one allocator per request and then destroying it, flooding the system with mmap() , munmap requests, this is particularly nasty with threaded mpms. it should instead use the allocator from the request pool. * Sat Feb 14 2015 thomas.worm@sicsec.de - Raised to version 2.9.0 - Updated patch: apache2-mod_security2-no_rpath.diff (adapted lines) * Mon Nov 03 2014 pgajdos@suse.com - call spec-cleaner - use apache rpm macros
/etc/apache2/conf.d/mod_security2.conf /etc/apache2/mod_security2.d /etc/apache2/mod_security2.d/README-SUSE-mod_security2.txt /etc/apache2/mod_security2.d/empty.conf /usr/lib64/apache2/mod_security2.so /usr/share/apache2-mod_security2 /usr/share/apache2-mod_security2/rules /usr/share/apache2-mod_security2/rules/CHANGES /usr/share/apache2-mod_security2/rules/activated_rules /usr/share/apache2-mod_security2/rules/activated_rules/README /usr/share/apache2-mod_security2/rules/base_rules /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_35_bad_robots.data /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_35_scanners.data /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_40_generic_attacks.data /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_50_outbound.data /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_50_outbound_malware.data /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_20_protocol_violations.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_21_protocol_anomalies.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_23_request_limits.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_30_http_policy.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_35_bad_robots.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_40_generic_attacks.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_41_sql_injection_attacks.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_41_xss_attacks.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_42_tight_security.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_45_trojans.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_47_common_exceptions.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_48_local_exceptions.conf.example /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_49_inbound_blocking.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_50_outbound.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_59_outbound_blocking.conf /usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_60_correlation.conf /usr/share/apache2-mod_security2/rules/experimental_rules /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_brute_force.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_dos_protection.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_proxy_abuse.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_slow_dos_protection.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_16_scanner_integration.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_25_cc_track_pan.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_3.0_end.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_http_parameter_pollution.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_42_csp_enforcement.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_46_scanner_integration.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_48_bayes_analysis.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_55_response_profiling.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_56_pvi_checks.conf /usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_61_ip_forensics.conf /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf /usr/share/apache2-mod_security2/rules/optional_rules /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_42_comment_spam.data /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_10_ignore_static.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_11_avs_traffic.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_13_xml_enabler.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_16_authentication_tracking.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_16_session_hijacking.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_16_username_tracking.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_25_cc_known.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_42_comment_spam.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_43_csrf_protection.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_46_av_scanning.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_47_skip_outbound_checks.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_49_header_tagging.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_55_application_defects.conf /usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_55_marketing.conf /usr/share/apache2-mod_security2/rules/slr_rules /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_joomla.data /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_lfi.data /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_phpbb.data /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_rfi.data /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_sqli.data /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_wordpress.data /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_xss.data /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_joomla_attacks.conf /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_lfi_attacks.conf /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_phpbb_attacks.conf /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_rfi_attacks.conf /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_sqli_attacks.conf /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_wordpress_attacks.conf /usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_xss_attacks.conf /usr/share/apache2-mod_security2/tools /usr/share/apache2-mod_security2/tools/README-rules-updater.txt /usr/share/apache2-mod_security2/tools/rules-updater-example.conf /usr/share/apache2-mod_security2/tools/rules-updater.pl /usr/share/doc/packages/apache2-mod_security2 /usr/share/doc/packages/apache2-mod_security2/CHANGES /usr/share/doc/packages/apache2-mod_security2/NOTICE /usr/share/doc/packages/apache2-mod_security2/README-SUSE-mod_security2.txt /usr/share/doc/packages/apache2-mod_security2/README.md /usr/share/doc/packages/apache2-mod_security2/README.txt /usr/share/doc/packages/apache2-mod_security2/authors.txt /usr/share/doc/packages/apache2-mod_security2/regression-tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/INSTALL /usr/share/doc/packages/apache2-mod_security2/regression-tests/README /usr/share/doc/packages/apache2-mod_security2/regression-tests/modsecurity_crs_59_header_tagging.conf /usr/share/doc/packages/apache2-mod_security2/regression-tests/rulestest.conf /usr/share/doc/packages/apache2-mod_security2/regression-tests/rulestest.pl /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_20_protocol_violations.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_21_protocol_anomalies.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_23_request_limits.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_30_http_policy.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_35_bad_robots.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_40_generic_attacks.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_41_sql_injection_attacks.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_41_xss_attacks.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_50_outbound.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/ruby.tests /usr/share/doc/packages/apache2-mod_security2/regression-tests/testserver.cgi /usr/share/licenses/apache2-mod_security2 /usr/share/licenses/apache2-mod_security2/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:11:13 2024