- Update to 2.7.3 due a vulnerability that affect all versions 2.x. [1]
- Update MASTER_SITES. - Convert to optionsNG. - Trim header. More info: https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES Reported by: olli hauer <ohauer@gmx.de> [1] Approved by: portmgr (bdrewery) Security: 2070c79a-8e1e-11e2-b34d-000c2957946c
This commit is contained in:
Marcelo Araujo
parent
97b3d5bb0c
commit
d9e4c9a9ce
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=315811
3 changed files with 53 additions and 28 deletions
|
|
@ -51,6 +51,39 @@ Note: Please add new entries to the beginning of this file.
|
|||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="2070c79a-8e1e-11e2-b34d-000c2957946c">
|
||||
<topic>ModSecurity -- XML External Entity Processing Vulnerability</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>mod_security</name>
|
||||
<range><gt>2.*</gt><lt>2.7.3</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Positive Technologies has reported a vulnerability in ModSecurity,
|
||||
which can be exploited by malicious people to disclose potentially
|
||||
sensitive information or cause a DoS (Denial Of Serice).</p>
|
||||
<p>The vulnerability is caused due to an error when parsing external
|
||||
XML entities and can be exploited to e.g. disclose local files or
|
||||
cause excessive memory and CPU consumption.</p>
|
||||
<blockquote cite="https://secunia.com/advisories/52847/">
|
||||
<p>.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2013-1915</cvename>
|
||||
<url>https://secunia.com/advisories/52847/</url>
|
||||
<url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1915</url>
|
||||
<url>https://bugs.gentoo.org/show_bug.cgi?id=464188</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2013-04-02</discovery>
|
||||
<entry>2013-04-16</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="a2ff483f-a5c6-11e2-9601-000d601460a4">
|
||||
<topic>sieve-connect -- TLS hostname verification was not occurring</topic>
|
||||
<affects>
|
||||
|
|
|
|||
|
|
@ -1,15 +1,9 @@
|
|||
# New ports collection makefile for: mod_security
|
||||
# Date created: 4 June 2003
|
||||
# Whom: Marcelo Araujo <araujo@FreeBSD.org>
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= mod_security
|
||||
PORTVERSION= 2.6.6
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.7.3
|
||||
CATEGORIES= www security
|
||||
MASTER_SITES= SF/mod-security/modsecurity-apache/${PORTVERSION}
|
||||
MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/
|
||||
PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX}
|
||||
DISTNAME= ${PORTNAME:S/_//:S/2//}-apache_${PORTVERSION}
|
||||
|
||||
|
|
@ -19,7 +13,7 @@ COMMENT= An intrusion detection and prevention engine
|
|||
LICENSE= AL2
|
||||
MAKE_JOBS_SAFE= yes
|
||||
|
||||
LIB_DEPENDS+= pcre.3:${PORTSDIR}/devel/pcre \
|
||||
LIB_DEPENDS+= pcre:${PORTSDIR}/devel/pcre \
|
||||
apr-1:${PORTSDIR}/devel/apr1
|
||||
|
||||
USE_APACHE= 22+
|
||||
|
|
@ -39,36 +33,34 @@ PLIST_FILES= etc/modsecurity.conf-example \
|
|||
${APACHEMODDIR}/mod_security2.so \
|
||||
bin/rules-updater.pl \
|
||||
lib/mod_security2.so
|
||||
OPTIONS= LUA "Embedded Lua language support" off \
|
||||
MLOGC "Build ModSecurity Log Collector" off
|
||||
|
||||
OPTIONS_DEFINE= LUA MLOGC
|
||||
MLOGC_DESC= Build ModSecurity Log Collector
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if defined(WITH_MLOGC)
|
||||
PLIST_FILES+= bin/mlogc
|
||||
.endif
|
||||
|
||||
.if defined(WITH_LUA)
|
||||
USE_LUA= 5.1+
|
||||
CONFIGURE_ARGS+= --with-lua=${LOCALBASE}
|
||||
LIB_DEPENDS+= lua-5.1.1:${PORTSDIR}/lang/lua
|
||||
.else
|
||||
CONFIGURE_ARGS+= --without-lua
|
||||
.endif
|
||||
|
||||
.if defined(WITH_MLOGC)
|
||||
.if ${PORT_OPTIONS:MMLOGC}
|
||||
LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl
|
||||
CONFIGURE_ARGS+= --with-curl=${LOCALBASE} --disable-errors
|
||||
PLIST_FILES+= bin/mlogc bin/mlogc-batch-load.pl
|
||||
.else
|
||||
CONFIGURE_ARGS+= --disable-mlogc
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MLUA}
|
||||
USE_LUA= 5.1+
|
||||
CONFIGURE_ARGS+= --with-lua=${LOCALBASE}
|
||||
LIB_DEPENDS+= lua-5.1.5:${PORTSDIR}/lang/lua
|
||||
.else
|
||||
CONFIGURE_ARGS+= --without-lua
|
||||
.endif
|
||||
|
||||
REINPLACE_ARGS= -i ""
|
||||
AP_EXTRAS+= -DWITH_LIBXML2
|
||||
CONFIGURE_ARGS+= --with-apxs=${APXS} --with-pcre=${LOCALBASE}
|
||||
|
||||
post-build:
|
||||
.if defined(WITH_MLOGC)
|
||||
.if ${PORT_OPTIONS:MMLOGC}
|
||||
# XXX there is "mlogc-static" target in the Makefile, too
|
||||
cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} mlogc
|
||||
.endif
|
||||
|
|
@ -79,7 +71,7 @@ post-install:
|
|||
@${MKDIR} ${DOCSDIR}
|
||||
@(cd ${WRKSRC} && ${COPYTREE_SHARE} "doc" ${DOCSDIR}/)
|
||||
.endif
|
||||
.if defined(WITH_MLOGC)
|
||||
.if ${PORT_OPTIONS:MMLOGC}
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/mlogc/mlogc ${PREFIX}/bin/
|
||||
.endif
|
||||
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
SHA256 (modsecurity-apache_2.6.6.tar.gz) = a0cb075d5898230d17da5805eb102d1bbba07fe0748dcc32920990c4711b7708
|
||||
SIZE (modsecurity-apache_2.6.6.tar.gz) = 781984
|
||||
SHA256 (modsecurity-apache_2.7.3.tar.gz) = fa5b0a2fabe9cd6c7b35ae09a433a60da183b2cabcf26479ec40fc4a419693e4
|
||||
SIZE (modsecurity-apache_2.7.3.tar.gz) = 981947
|
||||
|
|
|
|||
Loading…
Reference in a new issue