apache2-mod_security2-2.7.5-16.1e>UAR{֯am?S)$jG{|j w?d?Z{9[-TrԨ6e ~>5D?Dd # T$(04BKV o`<` ` ` <` \` `<``(`<(8 9, : F/G/`H1 `I2`X3Y3 \3$`]4`^A:bCdcCdDzeDfDlDzDCapache2-mod_security22.7.516.1ModSecurity Open Source Web Application FirewallModSecurity(TM) is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. The modsecurity team also offer a commercial version of their excellent ruleset. Please have a look at http://www.modsecurity.org/ for more details.S)build316ԌopenSUSE 11.4openSUSEApache-2.0http://bugs.opensuse.orgProductivity/Networking/Web/Servershttp://www.modsecurity.org/linuxx86_64*dA aXX݊YM"OyL .W@ r Gr# !Ew 5D-#1 +W 60iP{] jdaVq1,]/Ajg}ρA큤AA큤A큤A큤A큤A큤A큤A큤A큤S)S)S)S)S)S)QtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtQtS)QtQS)S)QQS)QQr{QQS)QS)41c941f390631c465eab796fab135272642f1d2688026ccb7fe86ea7a2e12c89495cf5db262879773e3243748e016a3d99bacb117798d58a6266c70fa91f275bfd851e1d1ca5d87908780dd81de4c56056e0a324365579f1231070aa5a7009ecb3f7bad41c7f79d499f6ee3e413671cb984a799c59ce6722cbf7acce0412280c01702c7e10710ba4154969ee1f2e18761931e7aef602b80b582bd793817c2b4426acbc1599d2177eaa07c649544fd5646ce346dc71a8d8cc03224b2eb01992d478e90c576601b68f0480dd1135aa94a1973f86ef7a2c45dd24689e469b000a9b9de0cafad55b48d63916afc669a26e63655b71d8acfb2f8cfad3e88ea552310e0115e8b54ed6ad047c29a1e51168e6b7b8aa897f3c848280ce422ea67b881792516755dfd34f2908d0979f69c0780240b1dc563def0ad5ea1ad23d486eb5b46a036070d4cf83b794735d3da41619c77ccc7afc17d4c655e71239c599841f90316622c3b6378bf54af79349f077bd1641eae69bfe7ef7eb48f82b539bbe81d89af34f56d73a6c676c30b380130406baa46174d56a8f0628e7f74982b9c289059fba35b55c0257d3a88fa34b315324b0367fd4b6e2e08b1cf5c7be94577e617d42443ab581fa0c3a415d50a4bb862844e1fe2d3c20be7e8a36f986f98138dc93ac85161692f68ea1cc395a039e9445107a075fed4f2e265a2dab81568382485357096cbe37ed9a8b2633869e14ee4ab3088cce41f520cc9d5d9bf54c9879c960737c03fd0bbd5e2796af21d367ee33fcd209341dba78c46c29c434c8de01cd8700b32facb36a45542e6d9ddfb5a31ee18ba867ae92f089d57d2cb7387d96c203efe918761868f2431607ae9ff13c44413e8e94106b581656779f144c9a970754091a28ed02146cc007f4f3e9c5a89651fbcce5fad7dfbe8a9205b5d9bc2ead21250486e288f46032ac5fe05eaf09803464dbab82f8531373cf246a1e16d1436525c4330858e04b9a4117f452fa0b5455c57138b51db6577bf45adbae29589179a33d7b56bb8c46fa2cad83c0b1a25fb9b6d60682cf6b17a4ba19d0c08cc4088084a82ec0bd6b8d1263ab2003e8d1abc78280d6c62f9e76f2c1ebc2c2ad66fc20102e4463f9914b3f49c9d27668f050bdb23dd4eda4958e8adce23faae7bfb379a433c8fd32bff7466a5a52e326e22c3f1f1e1129611809d6b90a041b61f7f5921e0312dac39b9f55ec75a6251d072a12ceeb8510deef16dbaffb1432dc7e9014648e0b5c42cd6066d26fb2581ab1924928e9d43bfb1f74ea0c2cc63be0925395c4b44819b6e6ca374956fad932c4e4aaa83867191f369c2082e9b0e69b04796e7dd1a51c49e13d14196686fa6c12308b09882981b277ca89f42a7012b3bf55d82b0be6a1306bcbf8a0e910ac4bd1cf299f8b3cd4b3a7497c3d6818503733dcc1d352731101ddb1df94290717a8129222e5d47dad188adb3a919ef04f63c3a1d57e079cd20f989833c1f9cfa5188a6afb666b42a781fad0da5349c0035bd74eb8a2b96c8b438b751b3dfcb0c5695a89179dee1203e432821863d15d44e7255f74d43a4430540bd7606cc03a2f1bb8ac8896d1d7a9c30eb5092f6fa21d9e991284db98d9046b4416e8639f74514016bd4668b2ddba066bbbedc6ecae69877cce4898e8550f3cca0e5310bc988aa975061283acf9da202832dfae84eefb935c2cff5d635813b1bfc9e547491175522ee2e31486d3f3a95c324c9479bd8986968f4327e5c6cfeb76ff5270407322a55f44fc6238d37a272918a246085fdedcb5d0a374642f1d2688026ccb7fe86ea7a2e12c89bf7756dfe4482edfdb73a6ed361cd5495022560e2d4be4824178d866096c58b628e7296e404be0ff56059e2364b4c60d727b2f326c21bf0c470aae520c5e35ab685436ca346b925e072b2a4d8f16bffarootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapache2-mod_security2-2.7.5-16.1.src.rpmmod_security2.so()(64bit)apache2-mod_security2apache2-mod_security2(x86-64)  @@@@@@@@@@@@ apache_mmn_20051115apache2rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)/usr/bin/perllibapr-1.so.0()(64bit)libaprutil-1.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libpcre.so.0()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libxml2.so.2()(64bit)rpmlib(PayloadIsLzma)4.0-13.0.4-14.4.6-14.8.0SS/QMJ Iy@HN@H(1@GF@F#e@draht@suse.dedraht@suse.dedraht@suse.demrueckert@suse.deskh@suse.deskh@suse.dejg@internetx.dejg@internetx.demrueckert@suse.demrueckert@suse.de- apache2-mod_security2-2.7.x-bnc871309-CVE-2013-5705-chunked_requests_bypass.diff correction to last patch: use function m_strcasestr() as substitute for strstr(). [bnc#871309] CVE-2013-5705- apache2-mod_security2-2.7.x-bnc871309-CVE-2013-5705-chunked_requests_bypass.diff Fix for a flaw with which restrictions imposed by mod_security2 could be bypassed with chunked requests. [bnc#871309] CVE-2013-5705- complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs: * CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling * [bnc#768293] multi-part bypass, minor threat * CVE-2013-1915 [bnc#813190] XML external entity vulnerability * CVE-2012-4528 [bnc#789393] rule bypass * CVE-2013-2765 [bnc#822664] null pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes: * GPLv2 replaced by Apache License v2 * rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. * documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. * renamed the term "Encryption" in directives that actually refer to hashes. See CHANGES file for more details. * new directive SecXmlExternalEntity, default off * byte conversion issues on s390x when logging fixed. * many small issues fixed that were discovered by a Coverity scanner * updated reference manual * wrong time calculation when logging for some timezones fixed. * replaced time-measuring mechanism with finer granularity for measured request/answer phases. (Stopwatch remains for compat.) * cookie parser memory leak fix * parsing of quoted strings in multipart Content-Disposition headers fixed. * SDBM deadlock fix * @rsub memory leak fix * cookie separator code improvements * build failure fixes * compile time option --enable-htaccess-config (set)- update to version 2.5.9 - Fixed parsing multipart content with a missing part header name which would crash Apache. Discovered by "Internet Security Auditors" (isecauditors.com). - Added ability to specify the config script directly using - -with-apr and --with-apu. - Added macro expansion for append/prepend action. - Fixed race condition in concurrent updates of persistent counters. Updates are now atomic. - Cleaned up build, adding an option for verbose configure output and making the mlogc build more portable. - additional changes from 2.5.8 - Fixed PDF XSS issue where a non-GET request for a PDF file would crash the Apache httpd process. Discovered by Steve Grubb at Red Hat. - Removed an invalid "Internal error: Issuing "%s" for unspecified error." message that was logged when denying with nolog/noauditlog set and causing the request to be audited. - additional changes from 2.5.7 - Fixed XML DTD/Schema validation which will now fail after request body processing errors, even if the XML parser returns a document tree. - Added ctl:forceRequestBodyVariable=on|off which, when enabled, will force the REQUEST_BODY variable to be set when a request body processor is not set. Previously the REQUEST_BODY target was only populated by the URLENCODED request body processor. - Integrated mlogc source. - Fixed logging the hostname in the error_log which was logging the request hostname instead of the Apache resolved hostname. - Allow for disabling request body limit checks in phase:1. - Added transformations for processing parity for legacy protocols ported to HTTP(S): t:parityEven7bit, t:parityOdd7bit, t:parityZero7bit - Added t:cssDecode transformation to decode CSS escapes. - Now log XML parsing/validation warnings and errors to be in the debug log at levels 3 and 4, respectivly. - build and package mlogc - remove --with-apxs from the configure args as it breaks the build configure now finds our apxs2- fix broken config [bnc#457200]- update to version 2.5.6 - initial submit to FACTORY-update to 2.1.7-update to 2.1.6- update to 2.1.2- update to 2.1.1 - switched to perl based patching instead of cmdline params for makebuild31 1407396270ggggggghhgggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggf^gfahhhh"h h#hh$h%h!h&2.7.5-16.12.7.5-16.1    mod_security2.confmod_security2.dREADME-SUSE-mod_security2.txtmod_security2.soapache2-mod_security2rulesCHANGESactivated_rulesREADMEbase_rulesmodsecurity_35_bad_robots.datamodsecurity_35_scanners.datamodsecurity_40_generic_attacks.datamodsecurity_50_outbound.datamodsecurity_50_outbound_malware.datamodsecurity_crs_20_protocol_violations.confmodsecurity_crs_21_protocol_anomalies.confmodsecurity_crs_23_request_limits.confmodsecurity_crs_30_http_policy.confmodsecurity_crs_35_bad_robots.confmodsecurity_crs_40_generic_attacks.confmodsecurity_crs_41_sql_injection_attacks.confmodsecurity_crs_41_xss_attacks.confmodsecurity_crs_42_tight_security.confmodsecurity_crs_45_trojans.confmodsecurity_crs_47_common_exceptions.confmodsecurity_crs_48_local_exceptions.conf.examplemodsecurity_crs_49_inbound_blocking.confmodsecurity_crs_50_outbound.confmodsecurity_crs_59_outbound_blocking.confmodsecurity_crs_60_correlation.confexperimental_rulesmodsecurity_crs_11_brute_force.confmodsecurity_crs_11_dos_protection.confmodsecurity_crs_11_proxy_abuse.confmodsecurity_crs_11_slow_dos_protection.confmodsecurity_crs_16_scanner_integration.confmodsecurity_crs_25_cc_track_pan.confmodsecurity_crs_40_appsensor_detection_point_2.0_setup.confmodsecurity_crs_40_appsensor_detection_point_2.1_request_exception.confmodsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.confmodsecurity_crs_40_appsensor_detection_point_3.0_end.confmodsecurity_crs_40_http_parameter_pollution.confmodsecurity_crs_42_csp_enforcement.confmodsecurity_crs_46_scanner_integration.confmodsecurity_crs_48_bayes_analysis.confmodsecurity_crs_55_response_profiling.confmodsecurity_crs_56_pvi_checks.confmodsecurity_crs_61_ip_forensics.confmodsecurity_crs_10_setup.confoptional_rulesmodsecurity_42_comment_spam.datamodsecurity_crs_10_ignore_static.confmodsecurity_crs_11_avs_traffic.confmodsecurity_crs_13_xml_enabler.confmodsecurity_crs_16_authentication_tracking.confmodsecurity_crs_16_session_hijacking.confmodsecurity_crs_16_username_tracking.confmodsecurity_crs_25_cc_known.confmodsecurity_crs_42_comment_spam.confmodsecurity_crs_43_csrf_protection.confmodsecurity_crs_46_av_scanning.confmodsecurity_crs_47_skip_outbound_checks.confmodsecurity_crs_49_header_tagging.confmodsecurity_crs_55_application_defects.confmodsecurity_crs_55_marketing.confslr_rulesmodsecurity_46_slr_et_joomla.datamodsecurity_46_slr_et_lfi.datamodsecurity_46_slr_et_phpbb.datamodsecurity_46_slr_et_rfi.datamodsecurity_46_slr_et_sqli.datamodsecurity_46_slr_et_wordpress.datamodsecurity_46_slr_et_xss.datamodsecurity_crs_46_slr_et_joomla_attacks.confmodsecurity_crs_46_slr_et_lfi_attacks.confmodsecurity_crs_46_slr_et_phpbb_attacks.confmodsecurity_crs_46_slr_et_rfi_attacks.confmodsecurity_crs_46_slr_et_sqli_attacks.confmodsecurity_crs_46_slr_et_wordpress_attacks.confmodsecurity_crs_46_slr_et_xss_attacks.conftoolsREADME-rules-updater.txtrules-updater-example.confrules-updater.plapache2-mod_security2CHANGESLICENSEModSecurity-Frequently-Asked-Questions-FAQ.htmlNOTICEREADME-SUSE-mod_security2.txtREADME.TXTREADME.txtReference-Manual.htmlauthors.txtmodsecurity_diagram_apache_request_cycle.jpg/etc/apache2/conf.d//etc/apache2//etc/apache2/mod_security2.d//usr/lib64/apache2//usr/share//usr/share/apache2-mod_security2//usr/share/apache2-mod_security2/rules//usr/share/apache2-mod_security2/rules/activated_rules//usr/share/apache2-mod_security2/rules/base_rules//usr/share/apache2-mod_security2/rules/experimental_rules//usr/share/apache2-mod_security2/rules/optional_rules//usr/share/apache2-mod_security2/rules/slr_rules//usr/share/apache2-mod_security2/tools//usr/share/doc/packages//usr/share/doc/packages/apache2-mod_security2/-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:310/openSUSE_Evergreen_11.4/c920d4c7a90501c088e61f2510557565-apache2-mod_security2.openSUSE_Evergreen_11.4drpmlzma5x86_64-suse-linux>EbveNm?]"k%d"5okw@_Tln"i$<[; n aYL45Ѝ~i׼e+y`LBYk{TV*lW OwHr=z$X8~n )߷_W5B^A }̕EA67%\`]־o Lq3bV-^K#r1r%H 'FɨBH1T +4A1肝h2p*{/b, ͧßV7IIRo4dMۊr^`)dw~d|QXTwcο8~#STeյ$îPI{rYе }~N3`S)Gp *E8HUp7!Dm4=7wq!H^V#Z !O*_l\WY3\^:lc4hdk`"41U-Z:XiJJ${u͟A<S[B+XM.I9ڀx*tܴT-QjDe#1Gm Ŗ΋ܱU<&_Eya;KT=t@$}4/?ӊ Stx2Yڦ5?YfL%Bo*~oRU=صGe8ͼI'= BKԟF?#g5DɀȚNf!5"ڑ/ф?er٢ 6idxar)UAh k6_RV;h:Qt -XfVXn#w'e 60EX-8l잴h<vRߍ%2_&]kqjk&Sy_7R"vyzćnӠZXGO $KJ69"$n0 MPyhflE2\τ@e f{ɕzN_ Re'JB[-+J,Hzf * +KC%xW eһa1C1J/;L5S䋭~9?^5LL$/pH!BĀ49:/sJ,Ңh7Oӿgrfƽ@#Q_ %98̀Hju1!p;XK q7niÕe)]$'"$>̕Ӥe*`ǗbCù)tGK_ՍǛyxĆ23۴gV~ lwK$CU`>ȕ%P.5\ Qj'ق 02Нj50늝.@FZ~ ݄>g^:ğ7 g&c‹|%Єw|gd?,;U;sdO /Uw(~rH$Mf4];YW o_ ߤߌ蕤9*"/Q1׶Žonja7 >i(ZƸ4fXi;\1Ѵ`Zz3mBX3/0f^L˦g7;Dn@C˘Ǹ dFs{zXM%n[YCW'ra24F=.uy ݱ' fG#@m.So f0Zujf0Sp龕d3+Q;{d!܁ hN?؊jՉZ41Q]Us1yÝYnOQVs6nS4n [<+& e5rM^ Y4FjfrT=W cbip.agEY8FCFǝEk gKl̶f&UA)}P%,H=ntR'PLk~lAt~?&G)ؓ[O*vZ:zg=-dNVm?(C9\@9Kyо 4b^qL؎ ָ"@} y> Y(VMU_-r ]Ow^.]>^vSfǔR(LdG1J4y )^u뇘V_r51El.;"o{'.s)T Ҿ+4|O☟K{T'dUY>瘩1&k ?_n=Z*^Vw[΁[UaCK2WP;/Z6"FTUruoObU@~_ qvDP $2d"'