FreeBSD Bugzilla – Attachment 228279 Details for
Bug 258801
security/modsecurity3: Update to v3.0.5
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
update modsecurity3-3.0.5
modsecurity3-3.0.5.diff (text/plain), 12.17 KB, created by
waitman
on 2021-09-30 07:47:16 UTC
(
hide
)
Description:
update modsecurity3-3.0.5
Filename:
MIME Type:
Creator:
waitman
Created:
2021-09-30 07:47:16 UTC
Size:
12.17 KB
patch
obsolete
>diff --git a/security/modsecurity3/Makefile b/security/modsecurity3/Makefile >index 9cee083b764e..6cffad6e8317 100644 >--- a/security/modsecurity3/Makefile >+++ b/security/modsecurity3/Makefile >@@ -1,7 +1,6 @@ > PORTNAME= modsecurity > DISTVERSIONPREFIX= v >-DISTVERSION= 3.0.4 >-PORTREVISION= 2 >+DISTVERSION= 3.0.5 > CATEGORIES= security www > MASTER_SITES= https://github.com/SpiderLabs/ModSecurity/releases/download/v${PORTVERSION}/ > PKGNAMESUFFIX= 3 >@@ -17,10 +16,9 @@ LIB_DEPENDS= libcurl.so:ftp/curl \ > libyajl.so:devel/yajl \ > libmaxminddb.so:net/libmaxminddb > >-USES= compiler:c++11-lang cpe gmake gnome libtool pkgconfig:build >+USES= cpe gmake gnome libtool pkgconfig:build > USE_GNOME= libxml2 > # GCC because of https://github.com/SpiderLabs/ModSecurity/issues/1411 >-USE_GCC= yes > USE_LDCONFIG= yes > > CPE_VENDOR= trustwave >diff --git a/security/modsecurity3/distinfo b/security/modsecurity3/distinfo >index 378c1b80adc1..5e9158a0a40c 100644 >--- a/security/modsecurity3/distinfo >+++ b/security/modsecurity3/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1579339210 >-SHA256 (modsecurity-v3.0.4.tar.gz) = b4231177dd80b4e076b228e57d498670113b69d445bab86db25f65346c24db22 >-SIZE (modsecurity-v3.0.4.tar.gz) = 2806291 >+TIMESTAMP = 1632981543 >+SHA256 (modsecurity-v3.0.5.tar.gz) = 751bf95a7a8d39c440d0c26ec1f73961550ca2eb2ac9e2e7a56dce2dd7b959e9 >+SIZE (modsecurity-v3.0.5.tar.gz) = 3485840 >diff --git a/security/modsecurity3/files/patch-src_operators_rx.cc b/security/modsecurity3/files/patch-src_operators_rx.cc >deleted file mode 100644 >index 0e8f626e59c1..000000000000 >--- a/security/modsecurity3/files/patch-src_operators_rx.cc >+++ /dev/null >@@ -1,51 +0,0 @@ >---- src/operators/rx.cc.orig 2020-01-13 13:09:28 UTC >-+++ src/operators/rx.cc >-@@ -38,7 +38,6 @@ bool Rx::init(const std::string &arg, st >- >- bool Rx::evaluate(Transaction *transaction, Rule *rule, >- const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) { >-- std::list<SMatch> matches; >- Regex *re; >- >- if (m_param.empty() && !m_string->m_containsMacro) { >-@@ -52,29 +51,29 @@ bool Rx::evaluate(Transaction *transacti >- re = m_re; >- } >- >-- matches = re->searchAll(input); >-+ std::vector<Utils::SMatchCapture> captures; >-+ re->searchOneMatch(input, captures); >-+ >- if (rule && rule->m_containsCaptureAction && transaction) { >-- int i = 0; >-- matches.reverse(); >-- for (const SMatch& a : matches) { >-+ for (const Utils::SMatchCapture& capture : captures) { >-+ const std::string capture_substring(input.substr(capture.m_offset,capture.m_length)); >- transaction->m_collections.m_tx_collection->storeOrUpdateFirst( >-- std::to_string(i), a.str()); >-+ std::to_string(capture.m_group), capture_substring); >- ms_dbg_a(transaction, 7, "Added regex subexpression TX." + >-- std::to_string(i) + ": " + a.str()); >-- transaction->m_matched.push_back(a.str()); >-- i++; >-+ std::to_string(capture.m_group) + ": " + capture_substring); >-+ transaction->m_matched.push_back(capture_substring); >- } >- } >- >-- for (const auto & i : matches) { >-- logOffset(ruleMessage, i.offset(), i.str().size()); >-+ for (const auto & capture : captures) { >-+ logOffset(ruleMessage, capture.m_offset, capture.m_length); >- } >- >- if (m_string->m_containsMacro) { >- delete re; >- } >- >-- if (matches.size() > 0) { >-+ if (captures.size() > 0) { >- return true; >- } >- >diff --git a/security/modsecurity3/files/patch-src_utils_regex.cc b/security/modsecurity3/files/patch-src_utils_regex.cc >deleted file mode 100644 >index ec2b6195545b..000000000000 >--- a/security/modsecurity3/files/patch-src_utils_regex.cc >+++ /dev/null >@@ -1,40 +0,0 @@ >---- src/utils/regex.cc.orig 2020-01-13 13:09:28 UTC >-+++ src/utils/regex.cc >-@@ -16,10 +16,6 @@ >- #include "src/utils/regex.h" >- >- #include <pcre.h> >--#include <sys/socket.h> >--#include <sys/types.h> >--#include <netinet/in.h> >--#include <arpa/inet.h> >- #include <string> >- #include <list> >- >-@@ -99,6 +95,26 @@ std::list<SMatch> Regex::searchAll(const >- return retList; >- } >- >-+bool Regex::searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const { >-+ const char *subject = s.c_str(); >-+ int ovector[OVECCOUNT]; >-+ >-+ int rc = pcre_exec(m_pc, m_pce, subject, s.size(), 0, 0, ovector, OVECCOUNT); >-+ >-+ for (int i = 0; i < rc; i++) { >-+ size_t start = ovector[2*i]; >-+ size_t end = ovector[2*i+1]; >-+ size_t len = end - start; >-+ if (end > s.size()) { >-+ continue; >-+ } >-+ SMatchCapture capture(i, start, len); >-+ captures.push_back(capture); >-+ } >-+ >-+ return (rc > 0); >-+} >-+ >- int Regex::search(const std::string& s, SMatch *match) const { >- int ovector[OVECCOUNT]; >- int ret = pcre_exec(m_pc, m_pce, s.c_str(), >diff --git a/security/modsecurity3/files/patch-src_utils_regex.h b/security/modsecurity3/files/patch-src_utils_regex.h >deleted file mode 100644 >index 32652ce5c525..000000000000 >--- a/security/modsecurity3/files/patch-src_utils_regex.h >+++ /dev/null >@@ -1,35 +0,0 @@ >---- src/utils/regex.h.orig 2020-01-13 13:09:28 UTC >-+++ src/utils/regex.h >-@@ -19,6 +19,7 @@ >- #include <fstream> >- #include <string> >- #include <list> >-+#include <vector> >- >- #ifndef SRC_UTILS_REGEX_H_ >- #define SRC_UTILS_REGEX_H_ >-@@ -47,6 +48,16 @@ class SMatch { >- size_t m_offset; >- }; >- >-+struct SMatchCapture { >-+ SMatchCapture(size_t group, size_t offset, size_t length) : >-+ m_group(group), >-+ m_offset(offset), >-+ m_length(length) { } >-+ >-+ size_t m_group; // E.g. 0 = full match; 6 = capture group 6 >-+ size_t m_offset; // offset of match within the analyzed string >-+ size_t m_length; >-+}; >- >- class Regex { >- public: >-@@ -58,6 +69,7 @@ class Regex { >- Regex& operator=(const Regex&) = delete; >- >- std::list<SMatch> searchAll(const std::string& s) const; >-+ bool searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const; >- int search(const std::string &s, SMatch *m) const; >- int search(const std::string &s) const; >- >diff --git a/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json b/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json >deleted file mode 100644 >index 485a9081af87..000000000000 >--- a/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json >+++ /dev/null >@@ -1,146 +0,0 @@ >---- test/test-cases/regression/variable-TX.json.orig 2020-01-13 13:09:28 UTC >-+++ test/test-cases/regression/variable-TX.json >-@@ -80,5 +80,143 @@ >- "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"", >- "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\"" >- ] >-+ }, >-+ { >-+ "enabled":1, >-+ "version_min":300000, >-+ "title":"Testing Variables :: capture group match after unused group", >-+ "client":{ >-+ "ip":"200.249.12.31", >-+ "port":123 >-+ }, >-+ "server":{ >-+ "ip":"200.249.12.31", >-+ "port":80 >-+ }, >-+ "request":{ >-+ "uri":"/?key=aadd", >-+ "method":"GET" >-+ }, >-+ "response":{ >-+ "headers":{ >-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >-+ "Content-Type":"text/html" >-+ }, >-+ "body":[ >-+ "no need." >-+ ] >-+ }, >-+ "expected":{ >-+ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1" >-+ }, >-+ "rules":[ >-+ "SecRuleEngine On", >-+ "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"", >-+ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\"" >-+ ] >-+ }, >-+ { >-+ "enabled":1, >-+ "version_min":300000, >-+ "title":"Testing Variables :: empty capture group match followed by nonempty capture group", >-+ "client":{ >-+ "ip":"200.249.12.31", >-+ "port":123 >-+ }, >-+ "server":{ >-+ "ip":"200.249.12.31", >-+ "port":80 >-+ }, >-+ "request":{ >-+ "uri":"/?key=aadd", >-+ "method":"GET" >-+ }, >-+ "response":{ >-+ "headers":{ >-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >-+ "Content-Type":"text/html" >-+ }, >-+ "body":[ >-+ "no need." >-+ ] >-+ }, >-+ "expected":{ >-+ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1" >-+ }, >-+ "rules":[ >-+ "SecRuleEngine On", >-+ "SecRule ARGS \"@rx (aa)(bb|cc|)(dd)\" \"id:18,phase:1,log,pass,capture\"", >-+ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\"" >-+ ] >-+ }, >-+ { >-+ "enabled":1, >-+ "version_min":300000, >-+ "title":"Testing Variables :: repeating capture group -- alternates", >-+ "client":{ >-+ "ip":"200.249.12.31", >-+ "port":123 >-+ }, >-+ "server":{ >-+ "ip":"200.249.12.31", >-+ "port":80 >-+ }, >-+ "request":{ >-+ "uri":"/?key=_abc123_", >-+ "method":"GET" >-+ }, >-+ "response":{ >-+ "headers":{ >-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >-+ "Content-Type":"text/html" >-+ }, >-+ "body":[ >-+ "no need." >-+ ] >-+ }, >-+ "expected":{ >-+ "debug_log":"Added regex subexpression TX\\.2: abc[\\s\\S]*Added regex subexpression TX\\.3: 123" >-+ }, >-+ "rules":[ >-+ "SecRuleEngine On", >-+ "SecRule ARGS \"@rx _((?:(abc)|(123))+)_\" \"id:18,phase:1,log,pass,capture\"" >-+ ] >-+ }, >-+ { >-+ "enabled":1, >-+ "version_min":300000, >-+ "title":"Testing Variables :: repeating capture group -- same (nested)", >-+ "client":{ >-+ "ip":"200.249.12.31", >-+ "port":123 >-+ }, >-+ "server":{ >-+ "ip":"200.249.12.31", >-+ "port":80 >-+ }, >-+ "request":{ >-+ "uri":"/?key=a:5a:8a:9", >-+ "method":"GET" >-+ }, >-+ "response":{ >-+ "headers":{ >-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT", >-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", >-+ "Content-Type":"text/html" >-+ }, >-+ "body":[ >-+ "no need." >-+ ] >-+ }, >-+ "expected":{ >-+ "debug_log":"Added regex subexpression TX\\.1: 5[\\s\\S]*Added regex subexpression TX\\.2: 8[\\s\\S]*Added regex subexpression TX\\.3: 9" >-+ }, >-+ "rules":[ >-+ "SecRuleEngine On", >-+ "SecRule ARGS \"@rx a:([0-9])(?:a:([0-9])(?:a:([0-9]))*)*\" \"id:18,phase:1,log,pass,capture\"" >-+ ] >- } >- ] >diff --git a/security/modsecurity3/pkg-plist b/security/modsecurity3/pkg-plist >index b3c760bc04f2..44f6c5f9c1a0 100644 >--- a/security/modsecurity3/pkg-plist >+++ b/security/modsecurity3/pkg-plist >@@ -1,22 +1,29 @@ > bin/modsec-rules-check >-include/modsecurity/actions/action.h > include/modsecurity/anchored_set_variable.h >+include/modsecurity/anchored_set_variable_translation_proxy.h >+include/modsecurity/rule_message.h >+include/modsecurity/rule_unconditional.h >+include/modsecurity/variable_origin.h >+include/modsecurity/transaction.h > include/modsecurity/anchored_variable.h >-include/modsecurity/audit_log.h >-include/modsecurity/collection/collection.h >-include/modsecurity/collection/collections.h >-include/modsecurity/debug_log.h > include/modsecurity/intervention.h >+include/modsecurity/collection/collections.h >+include/modsecurity/collection/collection.h >+include/modsecurity/rule_with_operator.h >+include/modsecurity/variable_value.h >+include/modsecurity/rules_set.h >+include/modsecurity/audit_log.h > include/modsecurity/modsecurity.h >-include/modsecurity/reading_logs_via_rule_message.h >-include/modsecurity/rule.h >-include/modsecurity/rule_message.h >+include/modsecurity/debug_log.h >+include/modsecurity/rule_with_actions.h >+include/modsecurity/rules_set_properties.h >+include/modsecurity/rule_marker.h > include/modsecurity/rules.h > include/modsecurity/rules_exceptions.h >-include/modsecurity/rules_properties.h >-include/modsecurity/transaction.h >-include/modsecurity/variable_origin.h >-include/modsecurity/variable_value.h >+include/modsecurity/rules_set_phases.h >+include/modsecurity/reading_logs_via_rule_message.h >+include/modsecurity/actions/action.h >+include/modsecurity/rule.h > lib/libmodsecurity.a > lib/libmodsecurity.so > lib/libmodsecurity.so.3
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=228279">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 258801
: 228279