pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/ap-modsecurity2 Update ap-modsecurity2 to 2.5...
details: https://anonhg.NetBSD.org/pkgsrc/rev/53bc97b94fe7
branches: trunk
changeset: 586768:53bc97b94fe7
user: dholland <dholland%pkgsrc.org@localhost>
date: Sat Mar 19 21:18:06 2011 +0000
description:
Update ap-modsecurity2 to 2.5.13, partly from Matthew Sporleder in
PR 44745, rest by me.
pkgsrc changes:
- fix up deps
- fix Apache module handling
- DESTDIR support
XXX: The DESTDIR support has to bypass apxs because as far as I can tell
XXX: apxs -i doesn't know how to handle DESTDIRs. Various Apache modules
XXX: do this in various different ways. Someone(TM) should teach apxs -i
XXX: about DESTDIRs and fix up all the abuse. The infrastructure for
XXX: Apache modules could use some rototilling as well.
29 Nov 2010 - 2.5.13
--------------------
* Cleaned up some mlogc code and debugging output.
* Remove the ability to use a relative path to a piped audit logger
(i.e. mlogc) as Apache does not support it in their piped loggers
and it was breaking Windows and probably other platforms that
use spaces in filesystem paths. Discovered by Tom Donovan.
* Fix memory leak freeing regex. Discovered by Tom Donovan.
* Fix some portability issues on Windows.
* Fixed Geo lookup concurrent connections bug
* Fixed Skip/SkipAfter chain bug
* Added new setvar Lua API to be used into Lua scripts
* Added PCRE messages indicates each rule that exceed match limits
* Added new Base64 transformation function called base64DecodeEx, which
can decode base64 data skipping special characters.
* Add SecReadStateLimit to limit the number of concurrent threads in BUSY connections per ip address
* Fixed redirect action was not expanding macros in chained rules
04 Feb 2010 - 2.5.12
--------------------
* Fixed SecUploadFileMode to set the correct mode.
* Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions.
* Added additional file info definitions introduced in APR 0.9.5 so that
build will work with older APRs (IBM HTTP Server v6).
* Added SecUploadFileLimit to limit the number of uploaded file parts that
will be processed in a multipart POST. The default is 100.
* Fixed path normalization to better handle backreferences that extend
above root directories. Reported by Sogeti/ESEC R&D.
* Trim whitespace around phrases used with @pmFromFile and allow
for both LF and CRLF terminated lines.
* Allow for more robust parsing for multipart header folding. Reported
by Sogeti/ESEC R&D.
* Fixed failure to match internally set TX variables with regex
(TX:/.../) syntax.
* Fixed failure to log full internal TX variable names and populate
MATCHED_VAR* vars.
* Enabled PCRE "studying" by default. This is now a configure-time option.
* Added PCRE match limits (SecPcreMatchLimit/SecPcreMatchLimitRecursion) to
aide in REDoS type attacks. A rule that goes over the limits will set
TX:MSC_PCRE_LIMITS_EXCEEDED. It is intended that the next major release
of ModSecurity (2.6.x) will move these flags to a dedicated collection.
* Reduced default PCRE match limits reducing impact of REDoS on poorly
written regex rules. Reported by Sogeti/ESEC R&D.
* Fixed memory leak in v1 cookie parser. Reported by Sogeti/ESEC R&D.
* Now support macro expansion in numeric operators (@eq, @ge, @lt, etc.)
* Update copyright to 2010.
* Reserved 700,000-799,999 IDs for Ivan Ristic.
* Fixed SecAction not working when CONNECT request method is used
(MODSEC-110). [Ivan Ristic]
* Do not escape quotes in macro resolution and only escape NUL in setenv
values.
04 Nov 2009 - 2.5.11
--------------------
* Added a new multipart flag, MULTIPART_INVALID_QUOTING, which will be
set true if any invalid quoting is found during multipart parsing.
* Fixed parsing quoted strings in multipart Content-Disposition headers.
Discovered by Stefan Esser.
* Cleanup persistence database locking code.
* Added warning during configure if libcurl is found linked against
gnutls for SSL. The openssl lib is recommended as gnutls has
proven to cause issues with mutexes and may crash.
* Cleanup some mlogc (over)logging.
* Do not log output filter errors in the error log.
* Moved output filter to run before other stock filters (mod_deflate,
mod_cache, mod_expires, mod_filter) to avoid analyzing modified data
in the response. Patch originally submitted by Ivan Ristic.
18 Sep 2009 - 2.5.10
--------------------
* Cleanup mlogc so that it builds on Windows.
* Added more detailed messages to replace "Unknown error" in filters.
* Added SecAuditLogDirMode and SecAuditLogFileMode to allow fine tuning
auditlog permissions (especially with mpm-itk).
* Cleanup SecUploadFileMode implementation.
* Cleanup build scripts.
* Fixed crash on configuration if SecMarker is used before any rules.
* Fixed SecRuleUpdateActionById so that it will work on chain starters.
* Cleanup build system for mlogc.
* Allow mlogc to periodically flush memory pools.
* Using nolog,auditlog will now log the "Message:" line to the auditlog, but
nothing to the error log. Prior versions dropped the "Message:" line from
both logs. To do this now, just use "nolog" or "nolog,noauditlog".
* Forced mlogc to use SSLv3 to avoid some potential auto negotiation
issues with some libcurl versions.
* Fixed mlogc issue seen on big endian machines where content type
could be listed as zero.
* Removed extra newline from audit log message line when logging XML errors.
This was causing problems parsing audit logs.
* Fixed @pm/@pmFromFile case insensitivity.
* Truncate long parameters in log message for "Match of ... against ...
required" messages.
* Correctly resolve chained rule actions in logs.
* Cleanup some code for portability.
* AIX does not support hidden visibility with xlc compiler.
* Allow specifying EXTRA_CFLAGS during configure to override gcc specific
values for non-gcc compilers.
* Populate GEO:COUNTRY_NAME and GEO:COUNTRY_CONTINENT as documented.
* Handle a newer geo database more gracefully, avoiding a potential crash for
new countries that ModSecurity is not yet aware.
* Allow checking &GEO "@eq 0" for a failed @geoLookup.
* Fixed mlogc global mutex locking issue and added more debugging output.
* Cleaned up build dependencies and configure options.
diffstat:
security/ap-modsecurity2/Makefile | 38 ++++++++++++++++++------------
security/ap-modsecurity2/distinfo | 10 ++++----
security/ap-modsecurity2/patches/patch-aa | 36 +++++++++++++---------------
3 files changed, 45 insertions(+), 39 deletions(-)
diffs (129 lines):
diff -r e1e271c8b644 -r 53bc97b94fe7 security/ap-modsecurity2/Makefile
--- a/security/ap-modsecurity2/Makefile Sat Mar 19 21:16:27 2011 +0000
+++ b/security/ap-modsecurity2/Makefile Sat Mar 19 21:18:06 2011 +0000
@@ -1,16 +1,21 @@
-# $NetBSD: Makefile,v 1.16 2011/03/19 13:31:52 obache Exp $
+# $NetBSD: Makefile,v 1.17 2011/03/19 21:18:06 dholland Exp $
-DISTNAME= modsecurity-apache_2.5.9
+DISTNAME= modsecurity-apache_2.5.13
PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/apache_//}
CATEGORIES= www security
MASTER_SITES= http://www.modsecurity.org/download/
+LICENSE= gnu-gpl-v2
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://www.modsecurity.org/
COMMENT= Intrusion detection and prevention engine for web applications
+PKG_DESTDIR_SUPPORT= user-destdir
+
+APACHE_MODULE= yes
PKG_APACHE_ACCEPTED= apache2 apache22
-USE_LANGUAGES+= c++ c
+USE_APR= yes
+USE_LANGUAGES= c++ c
.include "../../mk/apache.mk"
.include "options.mk"
@@ -23,27 +28,30 @@
CONFIGURE_ARGS+= --with-apxs=${APXS}
CONFIGURE_ARGS+= --with-pcre=${BUILDLINK_PREFIX.pcre}
CONFIGURE_ARGS+= --with-libxml=${BUILDLINK_PREFIX.libxml2}
+CONFIGURE_ARGS+= --with-lua=${BUILDLINK_PREFIX.lua}
+CONFIGURE_ARGS+= --with-apr=${BUILDLINK_PREFIX.apr}
+CONFIGURE_ARGS+= --with-apu=${BUILDLINK_PREFIX.apr-util}
-SUBST_CLASSES+= config
-SUBST_STAGE.config= post-patch
-SUBST_FILES.config= configure
-SUBST_SED.config= -e "s|@@PREFIX@@|${PREFIX}|g"
-SUBST_MESSAGE.config= Fixing configuration files.
+INSTALLATION_DIRS+= lib/httpd
+INSTALL_ENV+= APACHEPREFIX=${BUILDLINK_PREFIX.apache}
+INSTALL_ENV+= DESTDIR=${DESTDIR}
-EGDIR= ${PREFIX}/share/examples/ap-modsecurity
-CONF_FILES= ${EGDIR}/modsecurity.conf-minimal \
+EGDIR= share/examples/ap-modsecurity
+DOCDIR= share/doc/ap-modsecurity
+INSTALLATION_DIRS+= ${EGDIR} ${DOCDIR}
+
+CONF_FILES= ${PREFIX}/${EGDIR}/modsecurity.conf-minimal \
${PKG_SYSCONFDIR}/httpd/modsecurity.conf
BUILDLINK_API_DEPENDS.apache+= apache>=2.0.59nb2
post-install:
- ${INSTALL_DATA_DIR} ${EGDIR}
- ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/ap-modsecurity
-
- ${INSTALL_DATA} ${WRKDIR}/${DISTNAME}/modsecurity.conf-minimal ${EGDIR}
+ ${INSTALL_DATA} ${WRKDIR}/${DISTNAME}/modsecurity.conf-minimal \
+ ${DESTDIR}${PREFIX}/${EGDIR}
cd ${WRKDIR}/${DISTNAME}/doc && \
- pax -rw . ${PREFIX}/share/doc/ap-modsecurity
+ pax -rw . ${DESTDIR}${PREFIX}/${DOCDIR}
.include "../../textproc/libxml2/buildlink3.mk"
.include "../../devel/pcre/buildlink3.mk"
+.include "../../lang/lua/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff -r e1e271c8b644 -r 53bc97b94fe7 security/ap-modsecurity2/distinfo
--- a/security/ap-modsecurity2/distinfo Sat Mar 19 21:16:27 2011 +0000
+++ b/security/ap-modsecurity2/distinfo Sat Mar 19 21:18:06 2011 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.6 2009/03/14 13:45:38 adrianp Exp $
+$NetBSD: distinfo,v 1.7 2011/03/19 21:18:06 dholland Exp $
-SHA1 (modsecurity-apache_2.5.9.tar.gz) = 875919332a918956371fe8e2f7e46d88081857cf
-RMD160 (modsecurity-apache_2.5.9.tar.gz) = adab10e5eab50f0d114e3ccb47c343e744119c8f
-Size (modsecurity-apache_2.5.9.tar.gz) = 1252295 bytes
-SHA1 (patch-aa) = 19642ee3f22bd502208ee868cf24fb050bd2c56d
+SHA1 (modsecurity-apache_2.5.13.tar.gz) = dff3dc2b360aeb4a4feebc94ff3d507a4dfad0cf
+RMD160 (modsecurity-apache_2.5.13.tar.gz) = 2e7be42d5a755acc888ef28cf44598cc2540a207
+Size (modsecurity-apache_2.5.13.tar.gz) = 1421293 bytes
+SHA1 (patch-aa) = 21b8ba084e0a70d4751764433ccb4c09078e057e
diff -r e1e271c8b644 -r 53bc97b94fe7 security/ap-modsecurity2/patches/patch-aa
--- a/security/ap-modsecurity2/patches/patch-aa Sat Mar 19 21:16:27 2011 +0000
+++ b/security/ap-modsecurity2/patches/patch-aa Sat Mar 19 21:18:06 2011 +0000
@@ -1,22 +1,20 @@
-$NetBSD: patch-aa,v 1.6 2009/03/14 13:45:38 adrianp Exp $
+$NetBSD: patch-aa,v 1.7 2011/03/19 21:18:06 dholland Exp $
+
+destdir support.
---- configure.orig 2009-03-12 06:15:45.000000000 +0000
-+++ configure
-@@ -5479,7 +5479,7 @@ fi
+--- Makefile.in~ 2011-03-19 20:34:00.000000000 +0000
++++ Makefile.in
+@@ -81,8 +81,12 @@ distclean: clean
+ maintainer-clean: distclean
+ @rm -rf config config.log config.status configure mod_security2_config.h autoscan.log configure.scan build/libtool.m4 build/config.guess build/config.sub build/ltmain.sh
- if test -z "${with_apr}"; then
- if test -z "${apr_path}"; then
-- test_paths="/usr/local/apr /usr/local /usr"
-+ test_paths="@@PREFIX@@ /usr/local/apr /usr/local /usr"
- else
- test_paths="${apr_path}"
- fi
-@@ -5562,7 +5562,7 @@ fi
++# dholland 20110319 apxs -i currently doesn't know how to cope with DESTDIRs,
++# so hack around it. XXX this is abusive and someone should fix apxs.
+ install-mods: mod_security2.la
+- $(INSTALL_MOD_SHARED) mod_security2.la
++ #$(INSTALL_MOD_SHARED) mod_security2.la
++ ${APACHEPREFIX}/share/httpd/build/instdso.sh SH_LIBTOOL='libtool' \
++ mod_security2.la ${DESTDIR}${APACHEPREFIX}/lib/httpd
- if test -z "${with_apu}"; then
- if test -z "${apu_path}"; then
-- test_paths="/usr/local/apr-util /usr/local/apu /usr/local/apr /usr/local /usr"
-+ test_paths="@@PREFIX@@ /usr/local/apr-util /usr/local/apu /usr/local/apr /usr/local /usr"
- else
- test_paths="${apu_path}"
- fi
+ ${MOD_SECURITY2:=.slo}: $(MOD_SECURITY2_H)
+ ${MOD_SECURITY2:=.lo}: $(MOD_SECURITY2_H)
Home |
Main Index |
Thread Index |
Old Index