diff options
| author | Marcelo Araujo <araujo@FreeBSD.org> | 2013-04-16 10:58:15 +0000 |
|---|---|---|
| committer | Marcelo Araujo <araujo@FreeBSD.org> | 2013-04-16 10:58:15 +0000 |
| commit | d9e4c9a9cee2ad1313eacf65abdb669960141ac8 (patch) | |
| tree | 3810b324b0facd0568bb6c589b1709d9047260c1 | |
| parent | 97b3d5bb0cc339ddee07549d9dbba3d22c168fab (diff) | |
| download | ports-d9e4c9a9cee2ad1313eacf65abdb669960141ac8.tar.gz ports-d9e4c9a9cee2ad1313eacf65abdb669960141ac8.zip | |
- Update to 2.7.3 due a vulnerability that affect all versions 2.x. [1]
- Update MASTER_SITES.
- Convert to optionsNG.
- Trim header.
More info:
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
Reported by: olli hauer <ohauer@gmx.de> [1]
Approved by: portmgr (bdrewery)
Security: 2070c79a-8e1e-11e2-b34d-000c2957946c
Notes
Notes:
svn path=/head/; revision=315811
| -rw-r--r-- | security/vuxml/vuln.xml | 33 | ||||
| -rw-r--r-- | www/mod_security/Makefile | 40 | ||||
| -rw-r--r-- | www/mod_security/distinfo | 4 |
3 files changed, 51 insertions, 26 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d020151e3c7e..42a3059b2df7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2070c79a-8e1e-11e2-b34d-000c2957946c"> + <topic>ModSecurity -- XML External Entity Processing Vulnerability</topic> + <affects> + <package> + <name>mod_security</name> + <range><gt>2.*</gt><lt>2.7.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Positive Technologies has reported a vulnerability in ModSecurity, + which can be exploited by malicious people to disclose potentially + sensitive information or cause a DoS (Denial Of Serice).</p> + <p>The vulnerability is caused due to an error when parsing external + XML entities and can be exploited to e.g. disclose local files or + cause excessive memory and CPU consumption.</p> + <blockquote cite="https://secunia.com/advisories/52847/"> + <p>.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1915</cvename> + <url>https://secunia.com/advisories/52847/</url> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1915</url> + <url>https://bugs.gentoo.org/show_bug.cgi?id=464188</url> + </references> + <dates> + <discovery>2013-04-02</discovery> + <entry>2013-04-16</entry> + </dates> + </vuln> + <vuln vid="a2ff483f-a5c6-11e2-9601-000d601460a4"> <topic>sieve-connect -- TLS hostname verification was not occurring</topic> <affects> diff --git a/www/mod_security/Makefile b/www/mod_security/Makefile index 632f232648f7..5f416b96e369 100644 --- a/www/mod_security/Makefile +++ b/www/mod_security/Makefile @@ -1,15 +1,9 @@ -# New ports collection makefile for: mod_security -# Date created: 4 June 2003 -# Whom: Marcelo Araujo <araujo@FreeBSD.org> -# # $FreeBSD$ -# PORTNAME= mod_security -PORTVERSION= 2.6.6 -PORTREVISION= 1 +PORTVERSION= 2.7.3 CATEGORIES= www security -MASTER_SITES= SF/mod-security/modsecurity-apache/${PORTVERSION} +MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} DISTNAME= ${PORTNAME:S/_//:S/2//}-apache_${PORTVERSION} @@ -19,7 +13,7 @@ COMMENT= An intrusion detection and prevention engine LICENSE= AL2 MAKE_JOBS_SAFE= yes -LIB_DEPENDS+= pcre.3:${PORTSDIR}/devel/pcre \ +LIB_DEPENDS+= pcre:${PORTSDIR}/devel/pcre \ apr-1:${PORTSDIR}/devel/apr1 USE_APACHE= 22+ @@ -39,36 +33,34 @@ PLIST_FILES= etc/modsecurity.conf-example \ ${APACHEMODDIR}/mod_security2.so \ bin/rules-updater.pl \ lib/mod_security2.so -OPTIONS= LUA "Embedded Lua language support" off \ - MLOGC "Build ModSecurity Log Collector" off + +OPTIONS_DEFINE= LUA MLOGC +MLOGC_DESC= Build ModSecurity Log Collector .include <bsd.port.pre.mk> -.if defined(WITH_MLOGC) -PLIST_FILES+= bin/mlogc +.if ${PORT_OPTIONS:MMLOGC} +LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl +CONFIGURE_ARGS+= --with-curl=${LOCALBASE} --disable-errors +PLIST_FILES+= bin/mlogc bin/mlogc-batch-load.pl +.else +CONFIGURE_ARGS+= --disable-mlogc .endif -.if defined(WITH_LUA) +.if ${PORT_OPTIONS:MLUA} USE_LUA= 5.1+ CONFIGURE_ARGS+= --with-lua=${LOCALBASE} -LIB_DEPENDS+= lua-5.1.1:${PORTSDIR}/lang/lua +LIB_DEPENDS+= lua-5.1.5:${PORTSDIR}/lang/lua .else CONFIGURE_ARGS+= --without-lua .endif -.if defined(WITH_MLOGC) -LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl -CONFIGURE_ARGS+= --with-curl=${LOCALBASE} --disable-errors -.else -CONFIGURE_ARGS+= --disable-mlogc -.endif - REINPLACE_ARGS= -i "" AP_EXTRAS+= -DWITH_LIBXML2 CONFIGURE_ARGS+= --with-apxs=${APXS} --with-pcre=${LOCALBASE} post-build: -.if defined(WITH_MLOGC) +.if ${PORT_OPTIONS:MMLOGC} # XXX there is "mlogc-static" target in the Makefile, too cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} mlogc .endif @@ -79,7 +71,7 @@ post-install: @${MKDIR} ${DOCSDIR} @(cd ${WRKSRC} && ${COPYTREE_SHARE} "doc" ${DOCSDIR}/) .endif -.if defined(WITH_MLOGC) +.if ${PORT_OPTIONS:MMLOGC} ${INSTALL_PROGRAM} ${WRKSRC}/mlogc/mlogc ${PREFIX}/bin/ .endif diff --git a/www/mod_security/distinfo b/www/mod_security/distinfo index 672205aa1274..0340fd38eeb4 100644 --- a/www/mod_security/distinfo +++ b/www/mod_security/distinfo @@ -1,2 +1,2 @@ -SHA256 (modsecurity-apache_2.6.6.tar.gz) = a0cb075d5898230d17da5805eb102d1bbba07fe0748dcc32920990c4711b7708 -SIZE (modsecurity-apache_2.6.6.tar.gz) = 781984 +SHA256 (modsecurity-apache_2.7.3.tar.gz) = fa5b0a2fabe9cd6c7b35ae09a433a60da183b2cabcf26479ec40fc4a419693e4 +SIZE (modsecurity-apache_2.7.3.tar.gz) = 981947 |