import mod_security-2.9.2-9.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:46:05 -04:00 committed by Andrew Lukoshko
parent bc8d02dcf8
commit 698fccf161
2 changed files with 92 additions and 1 deletions

View File

@ -0,0 +1,85 @@
diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index ce97950..5d4e9b5 100644
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -2345,6 +2345,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
}
+static const char *cmd_remote_timeout(cmd_parms *cmd, void *_dcfg, const char *p1)
+{
+ directory_config *dcfg = (directory_config *)_dcfg;
+ long int timeout;
+
+ if (dcfg == NULL) return NULL;
+
+ timeout = strtol(p1, NULL, 10);
+ if ((timeout == LONG_MAX)||(timeout == LONG_MIN)||(timeout < 0)) {
+ return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRemoteTimeout: %s", p1);
+ }
+
+ remote_rules_timeout = timeout;
+
+ return NULL;
+}
+
+
static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
{
if (strcasecmp(p1, "on") == 0) {
@@ -3658,6 +3677,14 @@ const command_rec module_directives[] = {
"Abort or Warn"
),
+ AP_INIT_TAKE1 (
+ "SecRemoteTimeout",
+ cmd_remote_timeout,
+ NULL,
+ CMD_SCOPE_ANY,
+ "timeout in seconds"
+ ),
+
AP_INIT_TAKE1 (
"SecXmlExternalEntity",
diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index b6e98e9..1410ac7 100644
--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
#endif
int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
char DSOLOCAL *remote_rules_fail_message = NULL;
+unsigned long int DSOLOCAL remote_rules_timeout = NOT_SET;
+
int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
index f170034..d9de1f0 100644
--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
#endif
extern DSOLOCAL int remote_rules_fail_action;
extern DSOLOCAL char *remote_rules_fail_message;
+extern DSOLOCAL unsigned long int remote_rules_timeout;
extern DSOLOCAL int status_engine_state;
diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
index 8a6df9e..af437d1 100644
--- a/apache2/msc_remote_rules.c
+++ b/apache2/msc_remote_rules.c
@@ -353,6 +353,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
/* We want Curl to return error in case there is an HTTP error code */
curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
+ /* In case we want different timeout than a default one */
+ if (remote_rules_timeout != NOT_SET){
+ curl_easy_setopt(curl, CURLOPT_TIMEOUT, remote_rules_timeout);
+ }
+
res = curl_easy_perform(curl);
if (res != CURLE_OK)

View File

@ -10,7 +10,7 @@
Summary: Security module for the Apache HTTP Server Summary: Security module for the Apache HTTP Server
Name: mod_security Name: mod_security
Version: 2.9.2 Version: 2.9.2
Release: 8%{?dist} Release: 9%{?dist}
License: ASL 2.0 License: ASL 2.0
URL: http://www.modsecurity.org/ URL: http://www.modsecurity.org/
Group: System Environment/Daemons Group: System Environment/Daemons
@ -18,6 +18,7 @@ Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/
Source1: mod_security.conf Source1: mod_security.conf
Source2: 10-mod_security.conf Source2: 10-mod_security.conf
Source3: modsecurity_localrules.conf Source3: modsecurity_localrules.conf
Patch1: mod_security-2.9.2-remote-rules-timeout.patch
Requires: httpd httpd-mmn = %{_httpd_mmn} Requires: httpd httpd-mmn = %{_httpd_mmn}
# To ensure correct file ownership # To ensure correct file ownership
Requires(pre): httpd-filesystem Requires(pre): httpd-filesystem
@ -56,6 +57,7 @@ This package contains the ModSecurity Audit Log Collector.
%prep %prep
%setup -q -n modsecurity-%{version} %setup -q -n modsecurity-%{version}
%patch1 -p1 -b .remote-rules-timeout
%build %build
%configure --enable-pcre-match-limit=1000000 \ %configure --enable-pcre-match-limit=1000000 \
@ -134,6 +136,10 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
%endif %endif
%changelog %changelog
* Sun Nov 15 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-9
- Resolves: #1824859 - RFE: Add a feature that can set a mod_security/libcurl
timeout for retrieving the rules
* Mon Dec 17 2018 Joe Orton <jorton@redhat.com> - 2.9.2-8 * Mon Dec 17 2018 Joe Orton <jorton@redhat.com> - 2.9.2-8
- enable collection global lock (#1650268) - enable collection global lock (#1650268)