[mod_security] - Add some missing directives RHBZ #569360 - Fix multipart/invalid part ruleset bypass issue (CVE-20
Athmane Madjoudj
athmane at fedoraproject.org
Thu Nov 15 08:24:23 UTC 2012
commit b4feb280b3f3b1025be543884028bc752c52fa75
Author: Athmane Madjoudj <athmane at fedoraproject.org>
Date: Thu Nov 15 09:23:16 2012 +0100
- Add some missing directives RHBZ #569360
- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
(RHBZ #867424, #867773, #867774)
mod_security.conf | 2 ++
mod_security.spec | 10 +++++++++-
2 files changed, 11 insertions(+), 1 deletions(-)
---
diff --git a/mod_security.conf b/mod_security.conf
index 9a98bbc..607e169 100644
--- a/mod_security.conf
+++ b/mod_security.conf
@@ -52,4 +52,6 @@ LoadModule unique_id_module modules/mod_unique_id.so
SecAuditLog /var/log/httpd/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
+ SecTmpDir /var/lib/mod_security
+ SecDataDir /var/lib/mod_security
</IfModule>
diff --git a/mod_security.spec b/mod_security.spec
index 892be51..7491f54 100644
--- a/mod_security.spec
+++ b/mod_security.spec
@@ -8,7 +8,7 @@
Summary: Security module for the Apache HTTP Server
Name: mod_security
Version: 2.7.1
-Release: 2%{?dist}
+Release: 3%{?dist}
License: ASL 2.0
URL: http://www.modsecurity.org/
Group: System Environment/Daemons
@@ -65,6 +65,7 @@ install -Dp -m0644 10-mod_security.conf %{buildroot}%{_httpd_modconfdir}/10-mod_
# 2.2-style
install -Dp -m0644 %{SOURCE1} %{buildroot}%{_httpd_confdir}/mod_security.conf
%endif
+install -m 700 -d $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}
# mlogc
install -d %{buildroot}%{_localstatedir}/log/mlogc
@@ -73,6 +74,7 @@ install -m0755 mlogc/mlogc %{buildroot}%{_bindir}/mlogc
install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load
install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
+
%clean
rm -rf %{buildroot}
@@ -86,6 +88,7 @@ rm -rf %{buildroot}
%endif
%dir %{_sysconfdir}/httpd/modsecurity.d
%dir %{_sysconfdir}/httpd/modsecurity.d/activated_rules
+%attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
%files -n mlogc
%defattr (-,root,root)
@@ -97,6 +100,11 @@ rm -rf %{buildroot}
%attr(0755,root,root) %{_bindir}/mlogc-batch-load
%changelog
+* Thu Nov 15 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.1-3
+- Add some missing directives RHBZ #569360
+- Fix multipart/invalid part ruleset bypass issue (CVE-2012-4528)
+ (RHBZ #867424, #867773, #867774)
+
* Thu Nov 15 2012 Athmane Madjoudj <athmane at fedoraproject.org> 2.7.1-2
- Fix mod_security.conf
More information about the scm-commits
mailing list