Compare commits
No commits in common. "c10s" and "c8s" have entirely different histories.
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SOURCES/v3.3.4.tar.gz
|
||||||
|
/v3.3.4.tar.gz
|
@ -1 +0,0 @@
|
|||||||
mod_security_crs was removed due to minimization efforts prior to public launch
|
|
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}
|
280
mod_security_crs-early-blocking.patch
Normal file
280
mod_security_crs-early-blocking.patch
Normal file
@ -0,0 +1,280 @@
|
|||||||
|
diff --git a/crs-setup.conf.example b/crs-setup.conf.example
|
||||||
|
index b443e77..0fdd5cb 100644
|
||||||
|
--- a/crs-setup.conf.example
|
||||||
|
+++ b/crs-setup.conf.example
|
||||||
|
@@ -234,7 +234,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
-# -- [[ Anomaly Mode Severity Levels ]] ----------------------------------------
|
||||||
|
+# -- [[ Anomaly Scoring Mode Severity Levels ]] --------------------------------
|
||||||
|
#
|
||||||
|
# Each rule in the CRS has an associated severity level.
|
||||||
|
# These are the default scoring points for each severity level.
|
||||||
|
@@ -270,7 +270,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
-# -- [[ Anomaly Mode Blocking Threshold Levels ]] ------------------------------
|
||||||
|
+# -- [[ Anomaly Scoring Mode Blocking Threshold Levels ]] ----------------------
|
||||||
|
#
|
||||||
|
# Here, you can specify at which cumulative anomaly score an inbound request,
|
||||||
|
# or outbound response, gets blocked.
|
||||||
|
@@ -319,6 +319,35 @@ SecDefaultAction "phase:2,log,auditlog,pass"
|
||||||
|
# setvar:tx.outbound_anomaly_score_threshold=4"
|
||||||
|
|
||||||
|
#
|
||||||
|
+# -- [[ Early Anomaly Scoring Mode Blocking ]] ------------------------------
|
||||||
|
+#
|
||||||
|
+# The anomaly scores for the request and the responses are generally summed up
|
||||||
|
+# and evaluated at the end of phase:2 and at the end of phase:4 respectively.
|
||||||
|
+# However, it is possible to enable an early evaluation of these anomaly scores
|
||||||
|
+# at the end of phase:1 and at the end of phase:3.
|
||||||
|
+#
|
||||||
|
+# If a request (or a response) hits the anomaly threshold in this early
|
||||||
|
+# evaluation, then blocking happens immediately (if blocking is enabled) and
|
||||||
|
+# the phase 2 (and phase 4 respectively) will no longer be executed.
|
||||||
|
+#
|
||||||
|
+# Enable the rule 900120 that sets the variable tx.blocking_early to 1 in order
|
||||||
|
+# to enable early blocking. The variable tx.blocking_early is set to 0 by
|
||||||
|
+# default. Early blocking is thus disabled by default.
|
||||||
|
+#
|
||||||
|
+# Please note that blocking early will hide potential alerts from you. This
|
||||||
|
+# means that a payload that would appear in an alert in phase 2 (or phase 4)
|
||||||
|
+# does not get evaluated if the request is being blocked early. So when you
|
||||||
|
+# disabled blocking early again at some point in the future, then new alerts
|
||||||
|
+# from phase 2 might pop up.
|
||||||
|
+#SecAction \
|
||||||
|
+# "id:900120,\
|
||||||
|
+# phase:1,\
|
||||||
|
+# nolog,\
|
||||||
|
+# pass,\
|
||||||
|
+# t:none,\
|
||||||
|
+# setvar:tx.blocking_early=1"
|
||||||
|
+
|
||||||
|
+
|
||||||
|
# -- [[ Application Specific Rule Exclusions ]] ----------------------------------------
|
||||||
|
#
|
||||||
|
# Some well-known applications may undertake actions that appear to be
|
||||||
|
diff --git a/rules/REQUEST-901-INITIALIZATION.conf b/rules/REQUEST-901-INITIALIZATION.conf
|
||||||
|
index 5044abd..06a1bb3 100644
|
||||||
|
--- a/rules/REQUEST-901-INITIALIZATION.conf
|
||||||
|
+++ b/rules/REQUEST-901-INITIALIZATION.conf
|
||||||
|
@@ -89,6 +89,15 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
|
||||||
|
ver:'OWASP_CRS/3.3.4',\
|
||||||
|
setvar:'tx.outbound_anomaly_score_threshold=4'"
|
||||||
|
|
||||||
|
+# Default Blocking Early (rule 900120 in setup.conf)
|
||||||
|
+SecRule &TX:blocking_early "@eq 0" \
|
||||||
|
+ "id:901115,\
|
||||||
|
+ phase:1,\
|
||||||
|
+ pass,\
|
||||||
|
+ nolog,\
|
||||||
|
+ ver:'OWASP_CRS/3.3.0',\
|
||||||
|
+ setvar:'tx.blocking_early=0'"
|
||||||
|
+
|
||||||
|
# Default Paranoia Level (rule 900000 in setup.conf)
|
||||||
|
SecRule &TX:paranoia_level "@eq 0" \
|
||||||
|
"id:901120,\
|
||||||
|
diff --git a/rules/REQUEST-949-BLOCKING-EVALUATION.conf b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
||||||
|
index 050eb04..755315f 100644
|
||||||
|
--- a/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
||||||
|
+++ b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
||||||
|
@@ -12,7 +12,66 @@
|
||||||
|
# -= Paranoia Level 0 (empty) =- (apply unconditionally)
|
||||||
|
#
|
||||||
|
|
||||||
|
-# Summing up the anomaly score.
|
||||||
|
+# Skipping early blocking
|
||||||
|
+
|
||||||
|
+SecRule TX:BLOCKING_EARLY "!@eq 1" \
|
||||||
|
+ "id:949050,\
|
||||||
|
+ phase:1,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ skipAfter:BLOCKING_EARLY_ANOMALY_SCORING"
|
||||||
|
+
|
||||||
|
+SecRule TX:BLOCKING_EARLY "!@eq 1" \
|
||||||
|
+ "id:949051,\
|
||||||
|
+ phase:2,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ skipAfter:BLOCKING_EARLY_ANOMALY_SCORING"
|
||||||
|
+
|
||||||
|
+# Summing up the anomaly score for early blocking
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 1" \
|
||||||
|
+ "id:949052,\
|
||||||
|
+ phase:1,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl1}'"
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 2" \
|
||||||
|
+ "id:949053,\
|
||||||
|
+ phase:1,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl2}'"
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 3" \
|
||||||
|
+ "id:949054,\
|
||||||
|
+ phase:1,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl3}'"
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 4" \
|
||||||
|
+ "id:949055,\
|
||||||
|
+ phase:1,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl4}'"
|
||||||
|
+
|
||||||
|
+SecAction "id:949059,\
|
||||||
|
+ phase:2,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.anomaly_score=0'"
|
||||||
|
+
|
||||||
|
+SecMarker BLOCKING_EARLY_ANOMALY_SCORING
|
||||||
|
|
||||||
|
# NOTE: tx.anomaly_score should not be set initially, but masking would lead to difficult bugs.
|
||||||
|
# So we add to it.
|
||||||
|
@@ -93,6 +152,21 @@ SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
|
||||||
|
severity:'CRITICAL',\
|
||||||
|
setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
|
||||||
|
|
||||||
|
+SecRule TX:BLOCKING_EARLY "@eq 1" \
|
||||||
|
+ "id:949111,\
|
||||||
|
+ phase:1,\
|
||||||
|
+ deny,\
|
||||||
|
+ t:none,\
|
||||||
|
+ msg:'Inbound Anomaly Score Exceeded in phase 1 (Total Score: %{TX.ANOMALY_SCORE})',\
|
||||||
|
+ tag:'application-multi',\
|
||||||
|
+ tag:'language-multi',\
|
||||||
|
+ tag:'platform-multi',\
|
||||||
|
+ tag:'attack-generic',\
|
||||||
|
+ ver:'OWASP_CRS/3.3.0',\
|
||||||
|
+ severity:'CRITICAL',\
|
||||||
|
+ chain"
|
||||||
|
+ SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
|
||||||
|
+ "setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
|
||||||
|
|
||||||
|
|
||||||
|
SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
|
||||||
|
diff --git a/rules/RESPONSE-950-DATA-LEAKAGES.conf b/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
||||||
|
index 13013de..bf9b03d 100644
|
||||||
|
--- a/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
||||||
|
+++ b/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
||||||
|
@@ -96,7 +96,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,skipAf
|
||||||
|
#
|
||||||
|
SecRule RESPONSE_STATUS "@rx ^5\d{2}$" \
|
||||||
|
"id:950100,\
|
||||||
|
- phase:4,\
|
||||||
|
+ phase:3,\
|
||||||
|
block,\
|
||||||
|
capture,\
|
||||||
|
t:none,\
|
||||||
|
diff --git a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
||||||
|
index 24130eb..549c07c 100644
|
||||||
|
--- a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
||||||
|
+++ b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
||||||
|
@@ -22,7 +22,67 @@
|
||||||
|
# -= Paranoia Level 0 (empty) =- (apply unconditionally)
|
||||||
|
#
|
||||||
|
|
||||||
|
-# Summing up the anomaly score.
|
||||||
|
+
|
||||||
|
+# Skipping early blocking
|
||||||
|
+
|
||||||
|
+SecRule TX:BLOCKING_EARLY "!@eq 1" \
|
||||||
|
+ "id:959050,\
|
||||||
|
+ phase:3,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ skipAfter:BLOCKING_EARLY_ANOMALY_SCORING"
|
||||||
|
+
|
||||||
|
+SecRule TX:BLOCKING_EARLY "!@eq 1" \
|
||||||
|
+ "id:959051,\
|
||||||
|
+ phase:4,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ skipAfter:BLOCKING_EARLY_ANOMALY_SCORING"
|
||||||
|
+
|
||||||
|
+# Summing up the anomaly score for early blocking
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 1" \
|
||||||
|
+ "id:959052,\
|
||||||
|
+ phase:3,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.outbound_anomaly_score=+%{tx.anomaly_score_pl1}'"
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 2" \
|
||||||
|
+ "id:959053,\
|
||||||
|
+ phase:3,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.outbound_anomaly_score=+%{tx.anomaly_score_pl2}'"
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 3" \
|
||||||
|
+ "id:959054,\
|
||||||
|
+ phase:3,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.outbound_anomaly_score=+%{tx.anomaly_score_pl3}'"
|
||||||
|
+
|
||||||
|
+SecRule TX:PARANOIA_LEVEL "@ge 4" \
|
||||||
|
+ "id:959055,\
|
||||||
|
+ phase:3,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.outbound_anomaly_score=+%{tx.anomaly_score_pl4}'"
|
||||||
|
+
|
||||||
|
+SecAction "id:959059,\
|
||||||
|
+ phase:4,\
|
||||||
|
+ pass,\
|
||||||
|
+ t:none,\
|
||||||
|
+ nolog,\
|
||||||
|
+ setvar:'tx.outbound_anomaly_score=0'"
|
||||||
|
+
|
||||||
|
+SecMarker BLOCKING_EARLY_ANOMALY_SCORING
|
||||||
|
|
||||||
|
# NOTE: tx.anomaly_score should not be set initially, but masking would lead to difficult bugs.
|
||||||
|
# So we add to it.
|
||||||
|
@@ -76,6 +136,21 @@ SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
|
||||||
|
ver:'OWASP_CRS/3.3.4',\
|
||||||
|
setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
|
||||||
|
|
||||||
|
+SecRule TX:BLOCKING_EARLY "@eq 1" \
|
||||||
|
+ "id:959101,\
|
||||||
|
+ phase:3,\
|
||||||
|
+ deny,\
|
||||||
|
+ t:none,\
|
||||||
|
+ msg:'Outbound Anomaly Score Exceeded in phase 3 (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
|
||||||
|
+ tag:'application-multi',\
|
||||||
|
+ tag:'language-multi',\
|
||||||
|
+ tag:'platform-multi',\
|
||||||
|
+ tag:'attack-generic',\
|
||||||
|
+ ver:'OWASP_CRS/3.3.0',\
|
||||||
|
+ severity:'CRITICAL',\
|
||||||
|
+ chain"
|
||||||
|
+ SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
|
||||||
|
+ "setvar:'tx.anomaly_score=%{tx.outbound_anomaly_score}'"
|
||||||
|
|
||||||
|
|
||||||
|
SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:959011,phase:3,pass,nolog,skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
|
16
mod_security_crs-rule-941310-dont-match-japanese-word.patch
Normal file
16
mod_security_crs-rule-941310-dont-match-japanese-word.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
--- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2020-07-01 18:38:19.000000000 +0200
|
||||||
|
+++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2023-02-16 09:14:52.151838881 +0100
|
||||||
|
@@ -543,8 +543,11 @@
|
||||||
|
ctl:auditLogParts=+E,\
|
||||||
|
ver:'OWASP_CRS/3.3.4',\
|
||||||
|
severity:'CRITICAL',\
|
||||||
|
- setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
|
||||||
|
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
|
||||||
|
+ chain"
|
||||||
|
+ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx [^\xe4]\xbc[^\x9a][^\xbe>]*[^\xe7][^\xa4][\xbe>]|<[^\xbe]*[^\xe7][^\xa4]\xbe" \
|
||||||
|
+ "t:none,t:lowercase,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\
|
||||||
|
+ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
|
||||||
|
+ setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
|
||||||
|
|
||||||
|
#
|
||||||
|
# https://nedbatchelder.com/blog/200704/xss_with_utf7.html
|
168
mod_security_crs.spec
Normal file
168
mod_security_crs.spec
Normal file
@ -0,0 +1,168 @@
|
|||||||
|
Summary: ModSecurity Rules
|
||||||
|
Name: mod_security_crs
|
||||||
|
Version: 3.3.4
|
||||||
|
Release: 3%{?dist}
|
||||||
|
License: ASL 2.0
|
||||||
|
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
|
||||||
|
Group: System Environment/Daemons
|
||||||
|
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
||||||
|
BuildArch: noarch
|
||||||
|
Requires: mod_security >= 2.8.0
|
||||||
|
Obsoletes: mod_security_crs-extras < 3.0.0
|
||||||
|
Patch0: mod_security_crs-early-blocking.patch
|
||||||
|
Patch1: mod_security_crs-rule-941310-dont-match-japanese-word.patch
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package provides the base rules for mod_security.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n coreruleset-%{version}
|
||||||
|
%patch0 -p1 -b.early_blocking
|
||||||
|
%patch1 -p1 -b.rule_941310
|
||||||
|
|
||||||
|
%build
|
||||||
|
|
||||||
|
%install
|
||||||
|
|
||||||
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
|
||||||
|
install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
|
||||||
|
install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
|
||||||
|
|
||||||
|
# To exclude rules (pre/post)
|
||||||
|
mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
||||||
|
mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
||||||
|
|
||||||
|
install -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
||||||
|
install -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
|
||||||
|
mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||||
|
|
||||||
|
# activate base_rules
|
||||||
|
for f in `ls %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/` ; do
|
||||||
|
ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f;
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%doc CHANGES README.md
|
||||||
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
|
||||||
|
%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
|
||||||
|
%{_datarootdir}/mod_modsecurity_crs
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue Apr 04 2023 Richard Lescak <rlescak@redhat.com> - 3.3.4-3
|
||||||
|
- bump release to enable build
|
||||||
|
- Related: rhbz#2040257
|
||||||
|
|
||||||
|
* Fri Mar 31 2023 Richard Lescak <rlescak@redhat.com> - 3.3.4-2
|
||||||
|
- add chained regex for rule 941310 to not match japan word 'company'
|
||||||
|
- Resolves: rhbz#2040257
|
||||||
|
|
||||||
|
* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
|
||||||
|
- new version 3.3.4
|
||||||
|
- Resolves: #2141432 - [RFE] upgrade mod_security_crs to latest upstream 3.3.x
|
||||||
|
|
||||||
|
* Wed Sep 07 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-5
|
||||||
|
- Fix application of early blocking patch
|
||||||
|
- Related: rhbz#2101020
|
||||||
|
|
||||||
|
* Mon Sep 05 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-4
|
||||||
|
- Rebuild because of build system issue
|
||||||
|
- Related: rhbz#2101020
|
||||||
|
|
||||||
|
* Tue Aug 02 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-3
|
||||||
|
- Backport early blocking feature
|
||||||
|
- Resolves: rhbz#2101020
|
||||||
|
|
||||||
|
* Thu May 06 2021 Lubos Uhliarik <luhliari@redhat.com> - 3.3.0-2
|
||||||
|
- Resolves: #1855858 - [RFE] update mod_security_crs to 3.3
|
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Apr 22 2017 Athmane Madjoudj <athmane@fedoraproject.org> - 3.0.0-4
|
||||||
|
- Exclude rule files should not be symlink
|
||||||
|
|
||||||
|
* Sat Apr 22 2017 Athmane Madjoudj <athmane@fedoraproject.org> - 3.0.0-3
|
||||||
|
- Use versioned obsoletes
|
||||||
|
- Move away from /lib since rules are data
|
||||||
|
|
||||||
|
* Sat Apr 22 2017 Athmane Madjoudj <athmane@fedoraproject.org> - 3.0.0-2
|
||||||
|
- Fix the install part since extra and experimental rules are not longer included in 3.x
|
||||||
|
- Remove EL5 bits since EL5/EPEL5 are OEL-ed
|
||||||
|
- Bump reqs
|
||||||
|
|
||||||
|
* Sat Apr 22 2017 Athmane Madjoudj <athmane@fedoraproject.org> - 3.0.0-1
|
||||||
|
- Update to 3.0.0
|
||||||
|
- Clean up the spec
|
||||||
|
|
||||||
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.9.20160414git-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Apr 29 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.9.20160414git-1
|
||||||
|
- Update to 2.9.20160414git
|
||||||
|
|
||||||
|
* Tue Mar 08 2016 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.9.20160219git-1
|
||||||
|
- Update to 2.2.9
|
||||||
|
- Minor spec cleanup
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.8-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.8-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.8-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 02 2013 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.8-1
|
||||||
|
- Update to 2.2.8
|
||||||
|
- Adapt the spec file to new github tarball schema.
|
||||||
|
- Correct bugus date in the spec file.
|
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.6-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Nov 19 2012 Peter Vrabec <pvrabec@redhat.com> 2.2.6-4
|
||||||
|
- "extras" subpackage is not provided on RHEL7
|
||||||
|
|
||||||
|
* Wed Oct 17 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.6-3
|
||||||
|
- Remove the patch since we're requiring mod_security >= 2.7.0
|
||||||
|
- Require mod_security >= 2.7.0
|
||||||
|
|
||||||
|
* Mon Oct 01 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.6-2
|
||||||
|
- Add a patch to fix incompatible rules.
|
||||||
|
- Update to new git release
|
||||||
|
|
||||||
|
* Sat Sep 15 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.6-1
|
||||||
|
- Update to 2.2.6
|
||||||
|
- Update spec file since upstream moved to Github.
|
||||||
|
|
||||||
|
* Thu Sep 13 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.5-5
|
||||||
|
- Enable extra rules sub-package for EPEL.
|
||||||
|
|
||||||
|
* Tue Aug 28 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.5-4
|
||||||
|
- Fix spec for el5
|
||||||
|
|
||||||
|
* Tue Aug 28 2012 Athmane Madjoudj <athmane@fedoraproject.org> 2.2.5-3
|
||||||
|
- Add BuildRoot def for el5 compatibility
|
||||||
|
|
||||||
|
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.5-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 22 2012 Peter Vrabec <pvrabec@redhat.com> 2.2.5-1
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
* Wed Jun 20 2012 Peter Vrabec <pvrabec@redhat.com> 2.2.4-3
|
||||||
|
- "extras" subpackage is not provided on RHEL
|
||||||
|
|
||||||
|
* Thu May 03 2012 Peter Vrabec <pvrabec@redhat.com> 2.2.4-2
|
||||||
|
- fix fedora-review issues (#816975)
|
||||||
|
|
||||||
|
* Thu Apr 19 2012 Peter Vrabec <pvrabec@redhat.com> 2.2.4-1
|
||||||
|
- initial package
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user