import mod_security-2.9.2-9.el8

2021-05-18 02:46:05 -04:00 · 2021-05-18 02:46:05 -04:00 · 698fccf161
commit 698fccf161
parent bc8d02dcf8
2 changed files with 92 additions and 1 deletions
--- a/SOURCES/mod_security-2.9.2-remote-rules-timeout.patch
+++ b/SOURCES/mod_security-2.9.2-remote-rules-timeout.patch
@ -0,0 +1,85 @@
+diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
+index ce97950..5d4e9b5 100644
+--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
+@@ -2345,6 +2345,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
+ }
+ 
+ 
+static const char *cmd_remote_timeout(cmd_parms *cmd, void *_dcfg, const char *p1)
+{
+    directory_config *dcfg = (directory_config *)_dcfg;
+    long int timeout;
+
+    if (dcfg == NULL) return NULL;
+
+    timeout = strtol(p1, NULL, 10);
+    if ((timeout == LONG_MAX)||(timeout == LONG_MIN)||(timeout < 0)) {
+        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRemoteTimeout: %s", p1);
+    }
+
+    remote_rules_timeout = timeout;
+
+    return NULL;
+}
+
+
+ static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
+ {
+     if (strcasecmp(p1, "on") == 0) {
+@@ -3658,6 +3677,14 @@ const command_rec module_directives[] = {
+         "Abort or Warn"
+     ),
+ 
+    AP_INIT_TAKE1 (
+        "SecRemoteTimeout",
+        cmd_remote_timeout,
+        NULL,
+        CMD_SCOPE_ANY,
+        "timeout in seconds"
+    ),
+
+ 
+     AP_INIT_TAKE1 (
+         "SecXmlExternalEntity",
+diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
+index b6e98e9..1410ac7 100644
+--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
+@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
+ #endif
+ int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
+ char DSOLOCAL *remote_rules_fail_message = NULL;
+unsigned long int DSOLOCAL remote_rules_timeout = NOT_SET;
+
+ 
+ int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
+ 
+diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
+index f170034..d9de1f0 100644
+--- a/apache2/modsecurity.h
+++ b/apache2/modsecurity.h
+@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
+ #endif
+ extern DSOLOCAL int remote_rules_fail_action;
+ extern DSOLOCAL char *remote_rules_fail_message;
+extern DSOLOCAL unsigned long int remote_rules_timeout;
+ 
+ extern DSOLOCAL int status_engine_state;
+ 
+diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
+index 8a6df9e..af437d1 100644
+--- a/apache2/msc_remote_rules.c
+++ b/apache2/msc_remote_rules.c
+@@ -353,6 +353,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
+         /* We want Curl to return error in case there is an HTTP error code */
+         curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
+ 
+        /* In case we want different timeout than a default one */
+        if (remote_rules_timeout != NOT_SET){
+            curl_easy_setopt(curl, CURLOPT_TIMEOUT, remote_rules_timeout);
+        }
+
+         res = curl_easy_perform(curl);
+ 
+         if (res != CURLE_OK)
--- a/SPECS/mod_security.spec
+++ b/SPECS/mod_security.spec
@ -10,7 +10,7 @@
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
 Version: 2.9.2
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: ASL 2.0
 URL: http://www.modsecurity.org/
 Group: System Environment/Daemons
@ -18,6 +18,7 @@ Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
 Source3: modsecurity_localrules.conf
+Patch1: mod_security-2.9.2-remote-rules-timeout.patch
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 # To ensure correct file ownership
 Requires(pre): httpd-filesystem
@ -56,6 +57,7 @@ This package contains the ModSecurity Audit Log Collector.

 %prep
 %setup -q -n modsecurity-%{version}
+%patch1 -p1 -b .remote-rules-timeout

 %build
 %configure --enable-pcre-match-limit=1000000 \
@ -134,6 +136,10 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %endif

 %changelog
+* Sun Nov 15 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.9.2-9
+- Resolves: #1824859 - RFE: Add a feature that can set a mod_security/libcurl
+  timeout for retrieving the rules
+
 * Mon Dec 17 2018 Joe Orton <jorton@redhat.com> - 2.9.2-8
 - enable collection global lock (#1650268)