git: 0b71d7d972e6 - main - security/modsecurity3: Update to 3.0.5
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 11 Oct 2021 16:16:27 UTC
The branch main has been updated by zi:
URL: https://cgit.FreeBSD.org/ports/commit/?id=0b71d7d972e6f39c36ff9cc93dfa5c349c4a949a
commit 0b71d7d972e6f39c36ff9cc93dfa5c349c4a949a
Author: Ryan Steinmetz <zi@FreeBSD.org>
AuthorDate: 2021-10-11 16:14:56 +0000
Commit: Ryan Steinmetz <zi@FreeBSD.org>
CommitDate: 2021-10-11 16:16:10 +0000
security/modsecurity3: Update to 3.0.5
PR: 258801
Approved by: maintainer
---
security/modsecurity3/Makefile | 6 +-
security/modsecurity3/distinfo | 6 +-
.../modsecurity3/files/patch-src_operators_rx.cc | 51 -------
.../modsecurity3/files/patch-src_utils_regex.cc | 40 ------
.../modsecurity3/files/patch-src_utils_regex.h | 35 -----
...tch-test_test-cases_regression_variable-TX.json | 146 ---------------------
security/modsecurity3/pkg-plist | 31 +++--
7 files changed, 24 insertions(+), 291 deletions(-)
diff --git a/security/modsecurity3/Makefile b/security/modsecurity3/Makefile
index 9cee083b764e..6cffad6e8317 100644
--- a/security/modsecurity3/Makefile
+++ b/security/modsecurity3/Makefile
@@ -1,7 +1,6 @@
PORTNAME= modsecurity
DISTVERSIONPREFIX= v
-DISTVERSION= 3.0.4
-PORTREVISION= 2
+DISTVERSION= 3.0.5
CATEGORIES= security www
MASTER_SITES= https://github.com/SpiderLabs/ModSecurity/releases/download/v${PORTVERSION}/
PKGNAMESUFFIX= 3
@@ -17,10 +16,9 @@ LIB_DEPENDS= libcurl.so:ftp/curl \
libyajl.so:devel/yajl \
libmaxminddb.so:net/libmaxminddb
-USES= compiler:c++11-lang cpe gmake gnome libtool pkgconfig:build
+USES= cpe gmake gnome libtool pkgconfig:build
USE_GNOME= libxml2
# GCC because of https://github.com/SpiderLabs/ModSecurity/issues/1411
-USE_GCC= yes
USE_LDCONFIG= yes
CPE_VENDOR= trustwave
diff --git a/security/modsecurity3/distinfo b/security/modsecurity3/distinfo
index 378c1b80adc1..5e9158a0a40c 100644
--- a/security/modsecurity3/distinfo
+++ b/security/modsecurity3/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1579339210
-SHA256 (modsecurity-v3.0.4.tar.gz) = b4231177dd80b4e076b228e57d498670113b69d445bab86db25f65346c24db22
-SIZE (modsecurity-v3.0.4.tar.gz) = 2806291
+TIMESTAMP = 1632981543
+SHA256 (modsecurity-v3.0.5.tar.gz) = 751bf95a7a8d39c440d0c26ec1f73961550ca2eb2ac9e2e7a56dce2dd7b959e9
+SIZE (modsecurity-v3.0.5.tar.gz) = 3485840
diff --git a/security/modsecurity3/files/patch-src_operators_rx.cc b/security/modsecurity3/files/patch-src_operators_rx.cc
deleted file mode 100644
index 0e8f626e59c1..000000000000
--- a/security/modsecurity3/files/patch-src_operators_rx.cc
+++ /dev/null
@@ -1,51 +0,0 @@
---- src/operators/rx.cc.orig 2020-01-13 13:09:28 UTC
-+++ src/operators/rx.cc
-@@ -38,7 +38,6 @@ bool Rx::init(const std::string &arg, st
-
- bool Rx::evaluate(Transaction *transaction, Rule *rule,
- const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
-- std::list<SMatch> matches;
- Regex *re;
-
- if (m_param.empty() && !m_string->m_containsMacro) {
-@@ -52,29 +51,29 @@ bool Rx::evaluate(Transaction *transacti
- re = m_re;
- }
-
-- matches = re->searchAll(input);
-+ std::vector<Utils::SMatchCapture> captures;
-+ re->searchOneMatch(input, captures);
-+
- if (rule && rule->m_containsCaptureAction && transaction) {
-- int i = 0;
-- matches.reverse();
-- for (const SMatch& a : matches) {
-+ for (const Utils::SMatchCapture& capture : captures) {
-+ const std::string capture_substring(input.substr(capture.m_offset,capture.m_length));
- transaction->m_collections.m_tx_collection->storeOrUpdateFirst(
-- std::to_string(i), a.str());
-+ std::to_string(capture.m_group), capture_substring);
- ms_dbg_a(transaction, 7, "Added regex subexpression TX." +
-- std::to_string(i) + ": " + a.str());
-- transaction->m_matched.push_back(a.str());
-- i++;
-+ std::to_string(capture.m_group) + ": " + capture_substring);
-+ transaction->m_matched.push_back(capture_substring);
- }
- }
-
-- for (const auto & i : matches) {
-- logOffset(ruleMessage, i.offset(), i.str().size());
-+ for (const auto & capture : captures) {
-+ logOffset(ruleMessage, capture.m_offset, capture.m_length);
- }
-
- if (m_string->m_containsMacro) {
- delete re;
- }
-
-- if (matches.size() > 0) {
-+ if (captures.size() > 0) {
- return true;
- }
-
diff --git a/security/modsecurity3/files/patch-src_utils_regex.cc b/security/modsecurity3/files/patch-src_utils_regex.cc
deleted file mode 100644
index ec2b6195545b..000000000000
--- a/security/modsecurity3/files/patch-src_utils_regex.cc
+++ /dev/null
@@ -1,40 +0,0 @@
---- src/utils/regex.cc.orig 2020-01-13 13:09:28 UTC
-+++ src/utils/regex.cc
-@@ -16,10 +16,6 @@
- #include "src/utils/regex.h"
-
- #include <pcre.h>
--#include <sys/socket.h>
--#include <sys/types.h>
--#include <netinet/in.h>
--#include <arpa/inet.h>
- #include <string>
- #include <list>
-
-@@ -99,6 +95,26 @@ std::list<SMatch> Regex::searchAll(const
- return retList;
- }
-
-+bool Regex::searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const {
-+ const char *subject = s.c_str();
-+ int ovector[OVECCOUNT];
-+
-+ int rc = pcre_exec(m_pc, m_pce, subject, s.size(), 0, 0, ovector, OVECCOUNT);
-+
-+ for (int i = 0; i < rc; i++) {
-+ size_t start = ovector[2*i];
-+ size_t end = ovector[2*i+1];
-+ size_t len = end - start;
-+ if (end > s.size()) {
-+ continue;
-+ }
-+ SMatchCapture capture(i, start, len);
-+ captures.push_back(capture);
-+ }
-+
-+ return (rc > 0);
-+}
-+
- int Regex::search(const std::string& s, SMatch *match) const {
- int ovector[OVECCOUNT];
- int ret = pcre_exec(m_pc, m_pce, s.c_str(),
diff --git a/security/modsecurity3/files/patch-src_utils_regex.h b/security/modsecurity3/files/patch-src_utils_regex.h
deleted file mode 100644
index 32652ce5c525..000000000000
--- a/security/modsecurity3/files/patch-src_utils_regex.h
+++ /dev/null
@@ -1,35 +0,0 @@
---- src/utils/regex.h.orig 2020-01-13 13:09:28 UTC
-+++ src/utils/regex.h
-@@ -19,6 +19,7 @@
- #include <fstream>
- #include <string>
- #include <list>
-+#include <vector>
-
- #ifndef SRC_UTILS_REGEX_H_
- #define SRC_UTILS_REGEX_H_
-@@ -47,6 +48,16 @@ class SMatch {
- size_t m_offset;
- };
-
-+struct SMatchCapture {
-+ SMatchCapture(size_t group, size_t offset, size_t length) :
-+ m_group(group),
-+ m_offset(offset),
-+ m_length(length) { }
-+
-+ size_t m_group; // E.g. 0 = full match; 6 = capture group 6
-+ size_t m_offset; // offset of match within the analyzed string
-+ size_t m_length;
-+};
-
- class Regex {
- public:
-@@ -58,6 +69,7 @@ class Regex {
- Regex& operator=(const Regex&) = delete;
-
- std::list<SMatch> searchAll(const std::string& s) const;
-+ bool searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const;
- int search(const std::string &s, SMatch *m) const;
- int search(const std::string &s) const;
-
diff --git a/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json b/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json
deleted file mode 100644
index 485a9081af87..000000000000
--- a/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json
+++ /dev/null
@@ -1,146 +0,0 @@
---- test/test-cases/regression/variable-TX.json.orig 2020-01-13 13:09:28 UTC
-+++ test/test-cases/regression/variable-TX.json
-@@ -80,5 +80,143 @@
- "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"",
- "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\""
- ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: capture group match after unused group",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=aadd",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"",
-+ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
-+ ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: empty capture group match followed by nonempty capture group",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=aadd",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx (aa)(bb|cc|)(dd)\" \"id:18,phase:1,log,pass,capture\"",
-+ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
-+ ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: repeating capture group -- alternates",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=_abc123_",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.2: abc[\\s\\S]*Added regex subexpression TX\\.3: 123"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx _((?:(abc)|(123))+)_\" \"id:18,phase:1,log,pass,capture\""
-+ ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: repeating capture group -- same (nested)",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=a:5a:8a:9",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.1: 5[\\s\\S]*Added regex subexpression TX\\.2: 8[\\s\\S]*Added regex subexpression TX\\.3: 9"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx a:([0-9])(?:a:([0-9])(?:a:([0-9]))*)*\" \"id:18,phase:1,log,pass,capture\""
-+ ]
- }
- ]
diff --git a/security/modsecurity3/pkg-plist b/security/modsecurity3/pkg-plist
index b3c760bc04f2..44f6c5f9c1a0 100644
--- a/security/modsecurity3/pkg-plist
+++ b/security/modsecurity3/pkg-plist
@@ -1,22 +1,29 @@
bin/modsec-rules-check
-include/modsecurity/actions/action.h
include/modsecurity/anchored_set_variable.h
+include/modsecurity/anchored_set_variable_translation_proxy.h
+include/modsecurity/rule_message.h
+include/modsecurity/rule_unconditional.h
+include/modsecurity/variable_origin.h
+include/modsecurity/transaction.h
include/modsecurity/anchored_variable.h
-include/modsecurity/audit_log.h
-include/modsecurity/collection/collection.h
-include/modsecurity/collection/collections.h
-include/modsecurity/debug_log.h
include/modsecurity/intervention.h
+include/modsecurity/collection/collections.h
+include/modsecurity/collection/collection.h
+include/modsecurity/rule_with_operator.h
+include/modsecurity/variable_value.h
+include/modsecurity/rules_set.h
+include/modsecurity/audit_log.h
include/modsecurity/modsecurity.h
-include/modsecurity/reading_logs_via_rule_message.h
-include/modsecurity/rule.h
-include/modsecurity/rule_message.h
+include/modsecurity/debug_log.h
+include/modsecurity/rule_with_actions.h
+include/modsecurity/rules_set_properties.h
+include/modsecurity/rule_marker.h
include/modsecurity/rules.h
include/modsecurity/rules_exceptions.h
-include/modsecurity/rules_properties.h
-include/modsecurity/transaction.h
-include/modsecurity/variable_origin.h
-include/modsecurity/variable_value.h
+include/modsecurity/rules_set_phases.h
+include/modsecurity/reading_logs_via_rule_message.h
+include/modsecurity/actions/action.h
+include/modsecurity/rule.h
lib/libmodsecurity.a
lib/libmodsecurity.so
lib/libmodsecurity.so.3