Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

apache2-mod_security2-2.9.4-150400.3.6.1 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

Name: apache2-mod_security2 Distribution: SUSE Linux Enterprise 15
Version: 2.9.4 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150400.3.6.1 Build date: Mon Feb 13 16:55:36 2023
Group: Productivity/Networking/Web/Servers Build host: goat06
Size: 3429007 Source RPM: apache2-mod_security2-2.9.4-150400.3.6.1.src.rpm
Packager: https://www.suse.com/
Url: https://www.modsecurity.org/
Summary: Web Application Firewall for apache httpd
ModSecurity is an intrusion detection and prevention
engine for web applications (or a web application firewall). Operating
as an Apache Web server module or standalone, the purpose of
ModSecurity is to increase web application security, protecting web
applications from known and unknown attacks.

Provides

Requires

License

Apache-2.0

Changelog

* Mon Feb 13 2023 danilo.spinella@suse.com
  - Fix CVE-2023-24021, FILES_TMP_CONTENT sometimes lacked the complete content
    (CVE-2023-24021, bsc#1207379)
    * fix-CVE-2023-24021.patch
* Wed Jan 25 2023 danilo.spinella@suse.com
  - Fix CVE-2022-48279, HTTP multipart requests were incorrectly
    parsed and could bypass the Web Application Firewall
    (CVE-2022-48279, bsc#1207378)
    * fix-CVE-2022-48279.patch
* Mon Jul 19 2021 danilo.spinella@suse.com
  - Update to 2.9.4:
    * Add microsec timestamp resolution to the formatted log timestamp
    * Added missing Geo Countries
    * Store temporaries in the request pool for regexes compiled per-request.
    * Fix other usage of the global pool for request temporaries in re_operators.c
    * Adds a sanity check before use ctl:ruleRemoveTargetById and ctl:ruleRemoveTargetByMsg.
    * Fix the order of error_msg validation
    * When the input filter finishes, check whether we returned data
    * fix: care non-null terminated chunk data
    * Fix for apr_global_mutex_create() crashes with mod_security
    * Fix inet addr handling on 64 bit big endian systems
  - Run spec-cleaner
  - Remove if/else for older version of SUSE distribution
* Tue Feb 23 2021 pgajdos@suse.com
  - version update to 2.9.3
    * Enable optimization for large stream input by default on IIS
    [Issue #1299 - @victorhora, @zimmerle]
    * Allow 0 length JSON requests.
    [Issue #1822 - @allanbomsft, @zimmerle, @victorhora, @marcstern]
    * Include unanmed JSON values in unnamed ARGS
    [Issue #1577, #1576 - @marcstern, @victorhora, @zimmerle]
    * Fix buffer size for utf8toUnicode transformation
    [Issue #1208 - @katef, @victorhora]
    * Fix sanitizing JSON request bodies in native audit log format
    [p0pr0ck5, @victorhora]
    * IIS: Update Wix installer to bundle a supported CRS version (3.0)
    [@victorhora, @zimmerle]
    * IIS: Update dependencies for Windows build
    [Issue #1848 - @victorhora, @hsluoyz]
    * IIS: Set SecStreamInBodyInspection by default on IIS builds (#1299)
    [Issue #1299 - @victorhora]
    * IIS: Update modsecurity.conf
    [Issue #788 - @victorhora, @brianclark]
    * Add sanity check for a couple malloc() and make code more resilient
    [Issue #979 - @dogbert2, @victorhora, @zimmerl]
    * Fix NetBSD build by renaming the hmac function to avoid conflicts
    [Issue #1241 - @victorhora, @joerg, @sevan]
    * IIS: Windows build, fix duplicate YAJL dir in script
    [Issue #1612 - @allanbomsft, @victorhora]
    * IIS: Remove body prebuffering due to no locking in modsecProcessRequest
    [Issue #1917 - @allanbomsft, @victorhora]
    * Fix mpm-itk / mod_ruid2 compatibility
    [Issue #712 - @ju5t , @derhansen, @meatlayer, @victorhora]
    * Code cosmetics: checks if actionset is not null before use it
    [Issue #1556 - @marcstern, @zimmerle, @victorhora]
    * Only generate SecHashKey when SecHashEngine is On
    [Issue #1671 - @dmuey, @monkburger, @zimmerle]
    * Docs: Reformat README to Markdown and update dependencies
    [Issue #1857 - @hsluoyz, @victorhora]
    * IIS: no lock on ProcessRequest. No reload of config.
    [Issue #1826 - @allanbomsft]
    * IIS: buffer request body before taking lock
    [Issue #1651 - @allanbomsft]
    * good practices: Initialize variables before use it
    [Issue #1889 - Marc Stern]
    * Let body parsers observe SecRequestBodyNoFilesLimit
    [Issue #1613 - @allanbomsft]
    * potential off by one in parse_arguments
    [Issue #1799 - @tinselcity, @zimmerle]
    * Fix utf-8 character encoding conversion
    [Issue #1794 - @tinselcity, @zimmerle]
    * Fix ip tree lookup on netmask content
    [Issue #1793 - @tinselcity, @zimmerle]
    * IIS: set overrideModeDefault to Allow so that individual websites can
    add <ModSecurity ...> to their web.config file
    [Issue #1781 - @default-kramer]
    * modsecurity.conf-recommended: Fix spelling
    [Issue #1721 - @padraigdoran]
    * build: fix when multiple lines for curl version
    [Issue #1771 - @Artistan]
    * Fix arabic charset in unicode_mapping file
    [Issue #1619 - @alaa-ahmed-a]
    * Optionally preallocates memory when SecStreamInBodyInspection is on
    [Issue #1366 - @allanbomsft, @zimmerle]
    * Fixed typo in build_yajl.bat
    [Issue #1366 - @allanbomsft]
    * Fixes SecConnWriteStateLimit
    [Issue #1545 - @nicjansma]
    * Added "empy chunk" check
    [Issue #1347, #1446 - @gravagli, @bostrt, @zimmerle]
    * Add capture action to @detectXSS operator
    [Issue #1488, #1482 - @victorhora]
    * Fix for wildcard operator when loading conf files on Nginx / IIS
    [Issue #1486, #1285 - @victorhora and @thierry-f-78]
    * Set of fixies to make windows build workable with the buildbots
    [Commit 94fe3 - @zimmerle]
    * Uses LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH
    [Issue #1510 - @marcstern]
    * Adds missing headers
    [Issue #1454 - @devnexen]
  - modified patches
    % modsecurity-fixes.patch (fix crash caused by our patch)
      [bsc#1180830]
  - added patches
    + modsecurity-2.9.3-input_filtering_errors.patch
      [bsc#1180830]
* Wed Feb 12 2020 pgajdos@suse.com
  - removing %apache_test_* macros, do not test module just by
    loading the module
* Fri Dec 29 2017 jengelh@inai.de
  - Trim advertisement and filler wording from descriptions.
* Wed Dec 20 2017 pgajdos@suse.com
  - fix build for SLE_11_SP4: BuildRoot and %deffattr have to be
    present
* Mon Oct 02 2017 kstreitova@suse.com
  - update to 2.9.2
    * release notes
      https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2
    * refresh apache2-mod_security2-no_rpath.diff
    * remove apache2-mod_security2-lua-5.3.patch that was applied
      upstream
  - remove outdated html pages and diagram (they can be accessed
    online at https://github.com/SpiderLabs/ModSecurity/wiki)
    * Reference-Manual.html.bz2
    * ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2
    * modsecurity_diagram_apache_request_cycle.jpg
  - don't pack the whole doc directory as it contains also Makefiles
    or doxygen configuration files
  - disable mlogc as we don't pack it and it also can't be built for
    curl <=7.34
  - add basic and regression test suite (but disabled for now)
    * add apache2-mod_security2_tests_conf.patch for apache2
      configuration file used for tests that was trying to load
      mpm_worker_module (it's static for our apache2 package)
    * add "BuildRequires: perl-libwww-perl" needed for the test suite
* Wed Jun 21 2017 dimstar@opensuse.org
  - Update modsecurity-fixes.patch: additionally include netdb.h in
    order to have gethostbyname defined.
* Thu Mar 23 2017 kstreitova@suse.com
  - cleanup with spec-cleaner
* Wed Jul 29 2015 pgajdos@suse.com
  - fix build for lua 5.3
    + apache2-mod_security2-lua-5.3.patch
* Thu Jul 16 2015 pgajdos@suse.com
  - Requries: %{apache_suse_maintenance_mmn}
    This will pull this module to the update (in released distribution)
    when apache maintainer thinks it is good (due api/abi changes).
* Mon Mar 02 2015 tchvatal@suse.com
  - Remove useless comment lines/whitespace
* Tue Feb 24 2015 crrodriguez@opensuse.org
  - spec, build: Respect optflags
  - spec: buildrequire pkgconfig
  - modsecurity-fixes.patch: mod_security fails at:
    * building with optflags enabled due to undefined behaviour
      and implicit declarations.
    * It abuses it apr_allocator api, creating one allocator
      per request and then destroying it, flooding the system
      with mmap() , munmap requests, this is particularly nasty
      with threaded mpms. it should instead use the allocator
      from the request pool.
* Sat Feb 14 2015 thomas.worm@sicsec.de
  - Raised to version 2.9.0
  - Updated patch: apache2-mod_security2-no_rpath.diff
    (adapted lines)
* Mon Nov 03 2014 pgajdos@suse.com
  - call spec-cleaner
  - use apache rpm macros

Files

/etc/apache2/conf.d/mod_security2.conf
/etc/apache2/mod_security2.d
/etc/apache2/mod_security2.d/README-SUSE-mod_security2.txt
/etc/apache2/mod_security2.d/empty.conf
/usr/lib64/apache2/mod_security2.so
/usr/share/apache2-mod_security2
/usr/share/apache2-mod_security2/rules
/usr/share/apache2-mod_security2/rules/CHANGES
/usr/share/apache2-mod_security2/rules/activated_rules
/usr/share/apache2-mod_security2/rules/activated_rules/README
/usr/share/apache2-mod_security2/rules/base_rules
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_35_bad_robots.data
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_35_scanners.data
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_40_generic_attacks.data
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_50_outbound.data
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_50_outbound_malware.data
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_20_protocol_violations.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_21_protocol_anomalies.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_23_request_limits.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_30_http_policy.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_35_bad_robots.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_40_generic_attacks.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_41_xss_attacks.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_42_tight_security.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_45_trojans.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_47_common_exceptions.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_48_local_exceptions.conf.example
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_49_inbound_blocking.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_50_outbound.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_59_outbound_blocking.conf
/usr/share/apache2-mod_security2/rules/base_rules/modsecurity_crs_60_correlation.conf
/usr/share/apache2-mod_security2/rules/experimental_rules
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_brute_force.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_dos_protection.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_proxy_abuse.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_11_slow_dos_protection.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_16_scanner_integration.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_25_cc_track_pan.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_appsensor_detection_point_3.0_end.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_40_http_parameter_pollution.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_42_csp_enforcement.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_46_scanner_integration.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_48_bayes_analysis.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_55_response_profiling.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_56_pvi_checks.conf
/usr/share/apache2-mod_security2/rules/experimental_rules/modsecurity_crs_61_ip_forensics.conf
/usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf
/usr/share/apache2-mod_security2/rules/optional_rules
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_42_comment_spam.data
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_10_ignore_static.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_11_avs_traffic.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_13_xml_enabler.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_16_authentication_tracking.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_16_session_hijacking.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_16_username_tracking.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_25_cc_known.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_42_comment_spam.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_43_csrf_protection.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_46_av_scanning.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_47_skip_outbound_checks.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_49_header_tagging.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_55_application_defects.conf
/usr/share/apache2-mod_security2/rules/optional_rules/modsecurity_crs_55_marketing.conf
/usr/share/apache2-mod_security2/rules/slr_rules
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_joomla.data
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_lfi.data
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_phpbb.data
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_rfi.data
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_sqli.data
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_wordpress.data
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_46_slr_et_xss.data
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_joomla_attacks.conf
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_lfi_attacks.conf
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_phpbb_attacks.conf
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_rfi_attacks.conf
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_sqli_attacks.conf
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_wordpress_attacks.conf
/usr/share/apache2-mod_security2/rules/slr_rules/modsecurity_crs_46_slr_et_xss_attacks.conf
/usr/share/apache2-mod_security2/tools
/usr/share/apache2-mod_security2/tools/README-rules-updater.txt
/usr/share/apache2-mod_security2/tools/rules-updater-example.conf
/usr/share/apache2-mod_security2/tools/rules-updater.pl
/usr/share/doc/packages/apache2-mod_security2
/usr/share/doc/packages/apache2-mod_security2/CHANGES
/usr/share/doc/packages/apache2-mod_security2/NOTICE
/usr/share/doc/packages/apache2-mod_security2/README-SUSE-mod_security2.txt
/usr/share/doc/packages/apache2-mod_security2/README.md
/usr/share/doc/packages/apache2-mod_security2/README.txt
/usr/share/doc/packages/apache2-mod_security2/authors.txt
/usr/share/doc/packages/apache2-mod_security2/regression-tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/INSTALL
/usr/share/doc/packages/apache2-mod_security2/regression-tests/README
/usr/share/doc/packages/apache2-mod_security2/regression-tests/modsecurity_crs_59_header_tagging.conf
/usr/share/doc/packages/apache2-mod_security2/regression-tests/rulestest.conf
/usr/share/doc/packages/apache2-mod_security2/regression-tests/rulestest.pl
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_20_protocol_violations.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_21_protocol_anomalies.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_23_request_limits.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_30_http_policy.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_35_bad_robots.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_40_generic_attacks.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_41_sql_injection_attacks.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_41_xss_attacks.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/modsecurity_crs_50_outbound.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/tests/ruby.tests
/usr/share/doc/packages/apache2-mod_security2/regression-tests/testserver.cgi
/usr/share/licenses/apache2-mod_security2
/usr/share/licenses/apache2-mod_security2/LICENSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:11:13 2024