github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v2/master' into v2/mst/nullcheck2

Browse Source
This commit is contained in:
Marc Stern 2024-04-04 16:08:59 +02:00 committed by GitHub
commit 649aea7288
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 361 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/security2.conf vendored Normal file
View File

@ -0,0 +1,6 @@
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
<IfModule security2_module>
SecDataDir /var/cache/modsecurity
Include /etc/apache2/modsecurity.conf
</IfModule>

51
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,51 @@
name: Quality Assurance
on:
push:
pull_request:
jobs:
build-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-22.04]
platform: [x32, x64]
compiler: [gcc, clang]
configure:
- {label: "with pcre, no study, no jit", opt: "--enable-pcre-study=no" }
- {label: "with pcre, with study, no jit", opt: "--enable-pcre-study=yes" }
- {label: "with pcre, no study, with jit", opt: "--enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre, with study, with jit", opt: "--enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with pcre2", opt: "--with-pcre2 --enable-pcre-study=no" }
- {label: "with pcre2, with study, no jit", opt: "--with-pcre2 --enable-pcre-study=yes" }
- {label: "with pcre2, no study, with jit", opt: "--with-pcre2 --enable-pcre-study=no --enable-pcre-jit" }
- {label: "with pcre2, with study, with jit", opt: "--with-pcre2 --enable-pcre-study=yes --enable-pcre-jit" }
- {label: "with lua", opt: "--with-lua" }
- {label: "wo lua", opt: "--without-lua" }
steps:
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install -y apache2-dev libxml2-dev liblua5.1-0-dev libcurl4-gnutls-dev libpcre2-dev pkg-config libyajl-dev apache2 apache2-bin apache2-data
- uses: actions/checkout@v2
- name: autogen.sh
run: ./autogen.sh
- name: configure ${{ matrix.configure.label }}
run: ./configure ${{ matrix.configure.opt }}
- uses: ammaraskar/gcc-problem-matcher@master
- name: make
run: make -j `nproc`
- name: install module
run: sudo make install
- name: prepare config
run: |
sudo cp .github/security2.conf /etc/apache2/mods-enabled/
sudo cp modsecurity.conf-recommended /etc/apache2/modsecurity.conf
sudo cp unicode.mapping /etc/apache2/
sudo mkdir -p /var/cache/modsecurity
sudo chown -R www-data:www-data /var/cache/modsecurity
- name: start apache with module
run: |
sudo systemctl restart apache2.service

2
CHANGES
View File

@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released)
-------------------
* Fix possible segfault in collection_unpack
[Issue #3072 - @twouters]
* Set the minimum security protocol version for SecRemoteRules
[Issue security/code-scanning/2 - @airween]
* Allow lua version 5.4

8
apache2/msc_json.c
View File

@ -366,17 +366,15 @@ int json_process_chunk(modsec_rec *msr, const char *buf, unsigned int size, char
assert(msr != NULL);
assert(error_msg != NULL);
*error_msg = NULL;
// Take a copy in case libyajl decodes the buffer inline
base_offset = apr_pstrmemdup(msr->mp, buf, size);
if (!base_offset) return -1;
base_offset=buf;
/* Feed our parser and catch any errors */
msr->json->status = yajl_parse(msr->json->handle, (unsigned char*)base_offset, size);
msr->json->status = yajl_parse(msr->json->handle, buf, size);
if (msr->json->status != yajl_status_ok) {
if (msr->json->depth_limit_exceeded) {
*error_msg = "JSON depth limit exceeded";
} else {
char *yajl_err = yajl_get_error(msr->json->handle, 0, base_offset, size);
char *yajl_err = yajl_get_error(msr->json->handle, 0, buf, size);
*error_msg = apr_pstrdup(msr->mp, yajl_err);
yajl_free_error(msr->json->handle, yajl_err);
}

10
apache2/msc_logging.c
View File

@ -237,7 +237,15 @@ static char *construct_auditlog_filename(apr_pool_t *mp, const char *uniqueid) {
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
* It also changes the return statement.
*/
char *userinfo = get_username(mp);
char *userinfo;
apr_status_t rc;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, mp);
rc = apr_uid_name_get(&userinfo, uid, mp);
if (rc != APR_SUCCESS) {
userinfo = apr_psprintf(mp, "%u", uid);
}
apr_time_exp_lt(&t, apr_time_now());

14
apache2/msc_pcre.c
View File

@ -31,7 +31,11 @@ static apr_status_t msc_pcre_cleanup(msc_regex_t *regex) {
}
#else
if (regex->pe != NULL) {
#if defined(VERSION_NGINX)
pcre_free(regex->pe);
#else
free(regex->pe);
#endif
regex->pe = NULL;
}
if (regex->re != NULL) {
@ -148,15 +152,19 @@ void *msc_pregcomp_ex(apr_pool_t *pool, const char *pattern, int options,
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
pe = pcre_study(regex->re, PCRE_STUDY_EXTRA_NEEDED|PCRE_STUDY_JIT_COMPILE, &errptr);
pe = pcre_study(regex->re, PCRE_STUDY_JIT_COMPILE, &errptr);
#else
pe = pcre_study(regex->re, PCRE_STUDY_EXTRA_NEEDED, &errptr);
pe = pcre_study(regex->re, 0, &errptr);
#endif
#endif
/* Setup the pcre_extra record if pcre_study did not already do it */
if (pe == NULL) {
pe = (pcre_extra*)pcre_malloc(sizeof(pcre_extra));
#if defined(VERSION_NGINX)
pe = pcre_malloc(sizeof(pcre_extra));
#else
pe = malloc(sizeof(pcre_extra));
#endif
if (pe == NULL) {
return NULL;
}

11
apache2/msc_util.c
View File

@ -2850,14 +2850,3 @@ char* strtok_r(
}
#endif
// Function compatible with Linux & Windows, also with mpm-itk & mod_ruid2
char* get_username(apr_pool_t* mp) {
char* username;
apr_uid_t uid;
apr_gid_t gid;
int rc = apr_uid_current(&uid, &gid, mp);
if (rc != APR_SUCCESS) return "apache";
rc = apr_uid_name_get(&username, uid, mp);
if (rc != APR_SUCCESS) return "apache";
return username;
}

2
apache2/msc_util.h
View File

@ -160,8 +160,6 @@ int DSOLOCAL tree_contains_ip(apr_pool_t *mp, TreeRoot *rtree,
int DSOLOCAL ip_tree_from_param(apr_pool_t *pool,
char *param, TreeRoot **rtree, char **error_msg);
char DSOLOCAL *get_username(apr_pool_t* mp);
#ifdef WITH_CURL
int ip_tree_from_uri(TreeRoot **rtree, char *uri,
apr_pool_t *mp, char **error_msg);

2
apache2/persist_dbm.c
View File

@ -813,4 +813,4 @@ error:
}
return -1;
}
}

43
apache2/re.c
View File

@ -84,7 +84,6 @@ static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *va
assert(exceptions != NULL);
{
myvar = apr_pstrdup(msr->mp, var->name);
c = strchr(myvar,':');
@ -363,11 +362,11 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg);
if (rc < 0) {
if(msr) {
msr_log(msr, 9, "Error parsing rule targets to replace variable: %s", my_error_msg);
msr_log(msr, 9, "Error parsing rule targets to replace variable");
}
#if !defined(MSC_TEST)
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Error parsing rule targets to replace variable: %s", my_error_msg);
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Error parsing rule targets to replace variable");
}
#endif
goto end;
@ -388,7 +387,7 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
}
#if !defined(MSC_TEST)
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Cannot find variable to replace");
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, " ModSecurity: Cannot find varibale to replace");
}
#endif
goto end;
@ -396,13 +395,8 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
} else {
target = strdup(p);
if(target == NULL) {
if(target_list != NULL)
free(target_list);
if(replace != NULL)
free(replace);
return NULL;
}
if(target == NULL)
return NULL;
is_negated = is_counting = 0;
param = name = value = NULL;
@ -436,8 +430,6 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
free(target_list);
if(replace != NULL)
free(replace);
if(target != NULL)
free(target);
if(msr) {
msr_log(msr, 9, "Error to update target - [%s] is not valid target", name);
}
@ -516,7 +508,7 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
if(var_appended == 1) {
current_targets = msre_generate_target_string(ruleset->mp, rule);
rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, current_targets, NULL, NULL);
rule->p1 = current_targets;
rule->p1 = apr_pstrdup(ruleset->mp, current_targets);
if(msr) {
msr_log(msr, 9, "Successfully appended variable");
}
@ -529,12 +521,18 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r
}
end:
if(target_list != NULL)
if(target_list != NULL) {
free(target_list);
if(replace != NULL)
target_list = NULL;
}
if(replace != NULL) {
free(replace);
if(target != NULL)
replace = NULL;
}
if(target != NULL) {
free(target);
target = NULL;
}
return NULL;
}
@ -648,10 +646,7 @@ static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule) {
/**
* Generate an action string from an actionset.
*/
#ifndef DEBUG_CONF
static
#endif
char *msre_actionset_generate_action_string(apr_pool_t *pool, const msre_actionset *actionset) {
static char *msre_actionset_generate_action_string(apr_pool_t *pool, const msre_actionset *actionset) {
const apr_array_header_t *tarr = NULL;
const apr_table_entry_t *telts = NULL;
char *actions = NULL;
@ -1071,12 +1066,6 @@ int msre_parse_generic(apr_pool_t *mp, const char *text, apr_table_t *vartable,
/* ignore whitespace */
while(isspace(*p)) p++;
if (*p == '\0') return count;
/* ignore empty action */
if (*p == ',') {
p++;
continue;
}
/* we are at the beginning of the name */
name = p;

4
apache2/re.h
View File

@ -75,10 +75,6 @@ int DSOLOCAL rule_id_in_range(int ruleid, const char *range);
msre_var DSOLOCAL *generate_single_var(modsec_rec *msr, msre_var *var, apr_array_header_t *tfn_arr,
msre_rule *rule, apr_pool_t *mptmp);
#ifdef DEBUG_CONF
char DSOLOCAL* msre_actionset_generate_action_string(apr_pool_t* pool, const msre_actionset* actionset);
#endif
#if defined(WITH_LUA)
apr_table_t DSOLOCAL *generate_multi_var(modsec_rec *msr, msre_var *var, apr_array_header_t *tfn_arr,
msre_rule *rule, apr_pool_t *mptmp);

4
apache2/re_actions.c
View File

@ -187,9 +187,9 @@ int expand_macros(modsec_rec *msr, msc_string *var, msre_rule *rule, apr_pool_t
* no macros in the input data.
*/
data = var->value;
data = apr_pstrdup(mptmp, var->value); /* IMP1 Are we modifying data anywhere? */
arr = apr_array_make(mptmp, 16, sizeof(msc_string *));
if (arr == NULL) return -1;
if ((data == NULL)||(arr == NULL)) return -1;
text_start = next_text_start = data;
do {

32
apache2/re_operators.c
View File

@ -643,13 +643,18 @@ nextround:
}
if(msr->stream_input_data != NULL && input_body == 1) {
memset(msr->stream_input_data, 0x0, msr->stream_input_length);
free(msr->stream_input_data);
msr->stream_input_data = NULL;
msr->stream_input_length = 0;
#ifdef MSC_LARGE_STREAM_INPUT
msr->stream_input_allocated_length = 0;
#endif
msr->stream_input_data = (char *)malloc(size);
#else
msr->stream_input_data = (char *)malloc(size+1);
#endif
if(msr->stream_input_data == NULL) {
return -1;
}
@ -657,11 +662,16 @@ nextround:
msr->stream_input_length = size;
#ifdef MSC_LARGE_STREAM_INPUT
msr->stream_input_allocated_length = size;
memset(msr->stream_input_data, 0x0, size);
#else
memset(msr->stream_input_data, 0x0, size+1);
#endif
msr->if_stream_changed = 1;
memcpy(msr->stream_input_data, data, size);
#ifndef MSC_LARGE_STREAM_INPUT
msr->stream_input_data[size] = '\0';
#endif
var->value_len = size;
var->value = msr->stream_input_data;
@ -691,7 +701,7 @@ static int msre_op_validateHash_param_init(msre_rule *rule, char **error_msg) {
const char *pattern = rule->op_param;
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
int rc, jit = 0;
int rc, jit;
#endif
#endif
@ -774,7 +784,7 @@ static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_v
int rc;
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
int jit = 0;
int jit;
#endif
#endif
@ -966,7 +976,7 @@ static int msre_op_rx_param_init(msre_rule *rule, char **error_msg) {
const char *pattern = rule->op_param;
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
int rc, jit = 0;
int rc, jit;
#endif
#endif
@ -1049,7 +1059,7 @@ static int msre_op_rx_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, c
msc_parm *mparm = NULL;
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
int jit = 0;
int jit;
#endif
#endif
@ -1574,10 +1584,10 @@ static const char *gsb_replace_tpath(apr_pool_t *pool, const char *domain, int l
url = apr_palloc(pool, len + 1);
data = apr_palloc(pool, len + 1);
data[0] = '\0';
memset(data, 0, len+1);
memset(url, 0, len+1);
memcpy(url, domain, len);
url[len] = 0;
while(( pos = strstr(url , "/./" )) != NULL) {
match = 1;
@ -2932,7 +2942,7 @@ static int msre_op_verifyCC_execute(modsec_rec *msr, msre_rule *rule, msre_var *
msc_parm *mparm = NULL;
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
int jit = 0;
int jit;
#endif
#endif
@ -3265,7 +3275,7 @@ static int msre_op_verifyCPF_execute(modsec_rec *msr, msre_rule *rule, msre_var
msc_parm *mparm = NULL;
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
int jit = 0;
int jit;
#endif
#endif
@ -3585,7 +3595,7 @@ static int msre_op_verifySSN_execute(modsec_rec *msr, msre_rule *rule, msre_var
msc_parm *mparm = NULL;
#ifdef WITH_PCRE_STUDY
#ifdef WITH_PCRE_JIT
int jit = 0;
int jit;
#endif
#endif

248
build/compile
View File

@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand `-c -o'.
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2005-05-14.22
scriptversion=2018-03-07.03; # UTC
# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
# Copyright (C) 1999-2021 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@ -17,8 +17,7 @@ scriptversion=2005-05-14.22
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@ -29,21 +28,224 @@ scriptversion=2005-05-14.22
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
# We need space, tab and new line, in precisely that order. Quoting is
# there to prevent tools from complaining about whitespace usage.
IFS=" "" $nl"
file_conv=
# func_file_conv build_file lazy
# Convert a $build file to $host form and store it in $file
# Currently only supports Windows hosts. If the determined conversion
# type is listed in (the comma separated) LAZY, no conversion will
# take place.
func_file_conv ()
{
file=$1
case $file in
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
esac
}
# func_cl_dashL linkdir
# Make cl look for libraries in LINKDIR
func_cl_dashL ()
{
func_file_conv "$1"
if test -z "$lib_path"; then
lib_path=$file
else
lib_path="$lib_path;$file"
fi
linker_opts="$linker_opts -LIBPATH:$file"
}
# func_cl_dashl library
# Do a library search-path lookup for cl
func_cl_dashl ()
{
lib=$1
found=no
save_IFS=$IFS
IFS=';'
for dir in $lib_path $LIB
do
IFS=$save_IFS
if $shared && test -f "$dir/$lib.dll.lib"; then
found=yes
lib=$dir/$lib.dll.lib
break
fi
if test -f "$dir/$lib.lib"; then
found=yes
lib=$dir/$lib.lib
break
fi
if test -f "$dir/lib$lib.a"; then
found=yes
lib=$dir/lib$lib.a
break
fi
done
IFS=$save_IFS
if test "$found" != yes; then
lib=$lib.lib
fi
}
# func_cl_wrapper cl arg...
# Adjust compile command to suit cl
func_cl_wrapper ()
{
# Assume a capable shell
lib_path=
shared=:
linker_opts=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
eat=1
case $2 in
*.o | *.[oO][bB][jJ])
func_file_conv "$2"
set x "$@" -Fo"$file"
shift
;;
*)
func_file_conv "$2"
set x "$@" -Fe"$file"
shift
;;
esac
;;
-I)
eat=1
func_file_conv "$2" mingw
set x "$@" -I"$file"
shift
;;
-I*)
func_file_conv "${1#-I}" mingw
set x "$@" -I"$file"
shift
;;
-l)
eat=1
func_cl_dashl "$2"
set x "$@" "$lib"
shift
;;
-l*)
func_cl_dashl "${1#-l}"
set x "$@" "$lib"
shift
;;
-L)
eat=1
func_cl_dashL "$2"
;;
-L*)
func_cl_dashL "${1#-L}"
;;
-static)
shared=false
;;
-Wl,*)
arg=${1#-Wl,}
save_ifs="$IFS"; IFS=','
for flag in $arg; do
IFS="$save_ifs"
linker_opts="$linker_opts $flag"
done
IFS="$save_ifs"
;;
-Xlinker)
eat=1
linker_opts="$linker_opts $2"
;;
-*)
set x "$@" "$1"
shift
;;
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
func_file_conv "$1"
set x "$@" -Tp"$file"
shift
;;
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
func_file_conv "$1" mingw
set x "$@" "$file"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -n "$linker_opts"; then
linker_opts="-link$linker_opts"
fi
exec "$@" $linker_opts
exit 1
}
eat=
case $1 in
'')
echo "$0: No command. Try \`$0 --help' for more information." 1>&2
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand `-c -o'.
Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
Wrapper for compilers which do not understand '-c -o'.
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file `INSTALL'.
right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
@ -53,11 +255,14 @@ EOF
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
ofile=
cfile=
eat=
for arg
do
@ -66,8 +271,8 @@ do
else
case $1 in
-o)
# configure might choose to run compile as `compile cc -o foo foo.c'.
# So we strip `-o arg' only if arg is an object.
# configure might choose to run compile as 'compile cc -o foo foo.c'.
# So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
@ -94,22 +299,22 @@ do
done
if test -z "$ofile" || test -z "$cfile"; then
# If no `-o' option was seen then we might have been invoked from a
# If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# `.c' file was seen then we are probably linking. That is also
# '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
# Note: use `[/.-]' here to ensure that we don't use the same name
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
@ -124,9 +329,9 @@ trap "rmdir '$lockdir'; exit 1" 1 2 15
ret=$?
if test -f "$cofile"; then
mv "$cofile" "$ofile"
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
mv "${cofile}bj" "$ofile"
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
@ -135,8 +340,9 @@ exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

2
build/find_apr.m4
View File

@ -18,7 +18,7 @@ AC_DEFUN([CHECK_APR],
AC_ARG_WITH(
apr,
[AC_HELP_STRING([--with-apr=PATH],[Path to apr prefix or config script])],
[AS_HELP_STRING([--with-apr=PATH],[Path to apr prefix or config script])],
[test_paths="${with_apr}"],
[test_paths="/usr/local/libapr /usr/local/apr /usr/local /opt/libapr /opt/apr /opt /usr"])

2
build/find_apu.m4
View File

@ -18,7 +18,7 @@ AC_DEFUN([CHECK_APU],
AC_ARG_WITH(
apu,
[AC_HELP_STRING([--with-apu=PATH],[Path to apu prefix or config script])],
[AS_HELP_STRING([--with-apu=PATH],[Path to apu prefix or config script])],
[test_paths="${with_apu}"],
[test_paths="/usr/local/libapr-util /usr/local/apr-util /usr/local/libapu /usr/local/apu /usr/local/apr /usr/local /opt/libapr-util /opt/apr-util /opt/libapu /opt/apu /opt /usr"])

2
build/find_curl.m4
View File

@ -18,7 +18,7 @@ AC_DEFUN([CHECK_CURL],
AC_ARG_WITH(
curl,
[AC_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
[AS_HELP_STRING([--with-curl=PATH],[Path to curl prefix or config script])],
[test_paths="${with_curl}"],
[test_paths="/usr/local/libcurl /usr/local/curl /usr/local /opt/libcurl /opt/curl /opt /usr"])

2
build/find_lua.m4
View File

@ -21,7 +21,7 @@ LUA_SONAMES="so la sl dll dylib a"
AC_ARG_WITH(
lua,
[AC_HELP_STRING([--with-lua=PATH],[Path to lua prefix or config script])]
[AS_HELP_STRING([--with-lua=PATH],[Path to lua prefix or config script])]
,, with_lua=yes)
AS_CASE(["${with_lua}"],

2
build/find_pcre.m4
View File

@ -17,7 +17,7 @@ AC_DEFUN([CHECK_PCRE],
AC_ARG_WITH(
pcre,
[AC_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
[AS_HELP_STRING([--with-pcre=PATH],[Path to pcre prefix or config script])],
[test_paths="${with_pcre}"],
[test_paths="/usr/local/libpcre /usr/local/pcre /usr/local /opt/libpcre /opt/pcre /opt /usr"])

2
build/find_pcre2.m4
View File

@ -17,7 +17,7 @@ AC_DEFUN([CHECK_PCRE2],
AC_ARG_WITH(
pcre2,
[AC_HELP_STRING([--with-pcre2=PATH],[Path to pcre2 prefix or config script])],
[AS_HELP_STRING([--with-pcre2=PATH],[Path to pcre2 prefix or config script])],
, with_pcre2=no)
AS_CASE(["${with_pcre2}"],

2
build/find_ssdeep.m4
View File

@ -13,7 +13,7 @@ SSDEEP_LDADD=""
AC_ARG_WITH(
ssdeep,
[AC_HELP_STRING([--with-ssdeep=PATH],[Path to ssdeep prefix])]
[AS_HELP_STRING([--with-ssdeep=PATH],[Path to ssdeep prefix])]
,, with_ssdeep=yes)
AS_CASE(["${with_ssdeep}"],

2
build/find_yajl.m4
View File

@ -23,7 +23,7 @@ YAJL_SONAMES="so la sl dll dylib"
AC_ARG_WITH(
yajl,
[AC_HELP_STRING([--with-yajl=PATH],[Path to yajl prefix or config script])]
[AS_HELP_STRING([--with-yajl=PATH],[Path to yajl prefix or config script])]
,, with_yajl=yes)
AS_CASE(["${with_yajl}"],

9
configure.ac
View File

@ -33,7 +33,6 @@ AC_PATH_PROGS(ENV_CMD, [env printenv], )
PKG_PROG_PKG_CONFIG
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([fcntl.h limits.h stdlib.h string.h unistd.h sys/types.h sys/stat.h sys/utsname.h])
# Checks for typedefs, structures, and compiler characteristics.
@ -889,13 +888,13 @@ ORIG_CFLAGS="$CFLAGS $APU_CFLAGS"
ORIG_CPPFLAGS="$CPPFLAGS"
CFLAGS="$CFLAGS $APR_CFLAGS"
CPPFLAGS="$CPPFLAGS $APR_CPPFLAGS"
AC_TRY_COMPILE(
[#include <apr_crypto.h>],
[
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[ #include <apr_crypto.h> ]],
[[
#if APU_HAVE_CRYPTO == 0
#error APR util was not compiled with crypto support.
#endif
],
]])],
[ AC_DEFINE([WITH_APU_CRYPTO], [1], [APR util was compiled with crypto support])
MODSEC_EXTRA_CFLAGS="$MODSEC_EXTRA_CFLAGS -DWITH_APU_CRYPTO"
],