mod-security-developers Mailing List for ModSecurity (Page 21)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers — Development discussion about mod_security
You can subscribe to this list here.
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(8) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(9) |
Sep
|
Oct
(1) |
Nov
|
Dec
(3) |
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(12) |
Mar
(42) |
Apr
(68) |
May
(30) |
Jun
(50) |
Jul
(17) |
Aug
(3) |
Sep
(5) |
Oct
(7) |
Nov
(3) |
Dec
(4) |
| 2012 |
Jan
(11) |
Feb
(11) |
Mar
(37) |
Apr
|
May
(21) |
Jun
(21) |
Jul
(12) |
Aug
(41) |
Sep
(19) |
Oct
(31) |
Nov
(24) |
Dec
(10) |
| 2013 |
Jan
(12) |
Feb
(18) |
Mar
(3) |
Apr
(8) |
May
(35) |
Jun
(5) |
Jul
(38) |
Aug
(5) |
Sep
(2) |
Oct
(4) |
Nov
(11) |
Dec
(6) |
| 2014 |
Jan
(3) |
Feb
(12) |
Mar
(11) |
Apr
(18) |
May
(2) |
Jun
(1) |
Jul
(11) |
Aug
(5) |
Sep
|
Oct
(15) |
Nov
(13) |
Dec
(9) |
| 2015 |
Jan
(2) |
Feb
(8) |
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(11) |
Oct
(14) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
(11) |
Feb
(19) |
Mar
(20) |
Apr
(6) |
May
(3) |
Jun
(17) |
Jul
(5) |
Aug
|
Sep
(7) |
Oct
(2) |
Nov
(2) |
Dec
(12) |
| 2017 |
Jan
(4) |
Feb
(1) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(3) |
Oct
(1) |
Nov
|
Dec
(15) |
| 2018 |
Jan
(13) |
Feb
(2) |
Mar
(14) |
Apr
(9) |
May
|
Jun
(6) |
Jul
(3) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
(13) |
Dec
(1) |
| 2019 |
Jan
(2) |
Feb
(9) |
Mar
(28) |
Apr
(4) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
(2) |
| 2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(3) |
Aug
|
Sep
(4) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
(10) |
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2024 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Diego E. P. <fla...@fl...> - 2013-05-29 10:51:28
|
It's just crappy development to change a tarball after the release. I'm very sorry you can't see it. It makes me doubt whether I want to keep packaging ModSecurity, honestly. |
|
From: Breno S. <bre...@gm...> - 2013-05-28 22:37:10
|
Basically all distros i tried to install modsec uses very old versions. They spent a very long time to update the stable distros pkgs. So again... i don't see any problem, also packagers will not build modsec with MSC_TEST flag, It does not make any sense. And again.. it was done because i'm sure we will not have impact for any user. Breno On Tue, May 28, 2013 at 7:20 PM, Diego Elio Pettenò <fla...@fl...>wrote: > On 28/05/2013 19:56, Breno Silva wrote: > > I did it because it is a very small and not so important fix for 99% of > > the users. > > If it was bigger i would hold it for 2.7.5. > > > > It will not affect your system if you don't want to update > > This kind of change-tarball-in-flight behaviour is a pain in the ass for > all distributions and tars the trust with upstream. > > Seriously, I was expecting better from ModSecurity. > > -- > Diego Elio Pettenò — Flameeyes > fla...@fl... — http://blog.flameeyes.eu/ > > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Diego E. P. <fla...@fl...> - 2013-05-28 22:20:51
|
On 28/05/2013 19:56, Breno Silva wrote: > I did it because it is a very small and not so important fix for 99% of > the users. > If it was bigger i would hold it for 2.7.5. > > It will not affect your system if you don't want to update This kind of change-tarball-in-flight behaviour is a pain in the ass for all distributions and tars the trust with upstream. Seriously, I was expecting better from ModSecurity. -- Diego Elio Pettenò — Flameeyes fla...@fl... — http://blog.flameeyes.eu/ |
|
From: Michael S. <mi...@go...> - 2013-05-28 20:48:28
|
Works fine for me. I'm much happier with speed as long as there's some traffic on the list, as in this case. We can certainly track this on our end. Michael Shinn PGP Key: 0xF953E84E Key fingerprint = 4A1D 6AAC EED8 EC84 19BF 5EB8 91D6 A715 F953 E84E IMPORTANT NOTICE: This transmission is intended to be delivered only to the named addressee and may contain information that is confidential, proprietary or subject to legal protection or privilege. If it is received by anyone other than the named addressee, the recipient should immediately notify the sender at (703) 266-6006 and obtain instructions as to the disposal of the transmitted material. In no event should such material be read or retained by anyone other than the named recipient, except by express written authority of the sender or the named addressee. On May 28, 2013, at 14:56, Breno Silva <bre...@gm...> wrote: > I did it because it is a very small and not so important fix for 99% of the users. > If it was bigger i would hold it for 2.7.5. > > It will not affect your system if you don't want to update > > > On Tue, May 28, 2013 at 3:28 PM, Diego Elio Pettenò <fla...@fl...> wrote: >> On 28/05/2013 13:15, Breno Silva wrote: >> > I fixed it in the tarball. Could you download again and try ? >> >> Seriously, never do that again. >> >> If you need to fix the tarball, name it 2.7.4a or something, but if I >> did bump this before in Gentoo in the morning, I would have been pissed >> that the tarball changed on me. >> >> Tarballs should be immutable. >> >> -- >> Diego Elio Pettenò — Flameeyes >> fla...@fl... — http://blog.flameeyes.eu/ >> >> ------------------------------------------------------------------------------ >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >> Get 100% visibility into your production application - at no cost. >> Code-level diagnostics for performance bottlenecks with <2% overhead >> Download for free and get started troubleshooting in minutes. >> http://p.sf.net/sfu/appdyn_d2d_ap1 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
|
From: Breno S. <bre...@gm...> - 2013-05-28 18:57:03
|
I did it because it is a very small and not so important fix for 99% of the users. If it was bigger i would hold it for 2.7.5. It will not affect your system if you don't want to update On Tue, May 28, 2013 at 3:28 PM, Diego Elio Pettenò <fla...@fl...>wrote: > On 28/05/2013 13:15, Breno Silva wrote: > > I fixed it in the tarball. Could you download again and try ? > > Seriously, never do that again. > > If you need to fix the tarball, name it 2.7.4a or something, but if I > did bump this before in Gentoo in the morning, I would have been pissed > that the tarball changed on me. > > Tarballs should be immutable. > > -- > Diego Elio Pettenò — Flameeyes > fla...@fl... — http://blog.flameeyes.eu/ > > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Diego E. P. <fla...@fl...> - 2013-05-28 18:52:50
|
On 28/05/2013 13:15, Breno Silva wrote: > I fixed it in the tarball. Could you download again and try ? Seriously, never do that again. If you need to fix the tarball, name it 2.7.4a or something, but if I did bump this before in Gentoo in the morning, I would have been pissed that the tarball changed on me. Tarballs should be immutable. -- Diego Elio Pettenò — Flameeyes fla...@fl... — http://blog.flameeyes.eu/ |
|
From: Breno S. <bre...@gm...> - 2013-05-28 12:26:51
|
RIght. I still didn't understand why this regex issue is happening. When i run make test in my ubuntu box.. everything works fine. So.. not sure it is is a distro based issue. If so.. i will replace this regex in the next version. Thanks Breno On Tue, May 28, 2013 at 9:22 AM, Pavel Mateja <pa...@ne...> wrote: > > I fixed it in the tarball. Could you download again and try ? > > Hi, > I was able to compile the new tarball. > FIY: The (?^ test is still broken. > -- > Pavel Mateja > > > Thanks > > > > On Tue, May 28, 2013 at 9:10 AM, Breno Silva <bre...@gm...> > wrote: > > > You are right. > > > > > > need to add : > > > > > > #if !defined(MSC_TEST) > > > ap_find_linked_module > > > #endif > > > > > > On Tue, May 28, 2013 at 5:54 AM, Pavel Mateja <pa...@ne...> > wrote: > > >> Hi, > > >> I've tried to build latest version of ModSecurity but it failed on: > > >> > > >> /bin/bash ../libtool --tag=CC --mode=link gcc -I/apache/include - > > >> I/apache/include -I/apache/include -I/usr/include/libxml2 > > >> -DWITH_PCRE_STUDY > > >> -DMODSEC_PCRE_MATCH_LIMIT=50000 > > >> -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 > > >> > > >> - > > >> > > >> DREQUEST_EARLY -DMSC_TEST -lrt -lcrypt -lpthread -ldl > > >> > > >> -lexpat > > >> > > >> -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o > > >> msc_test-re_actions.o msc_test-re_tfns.o msc_test-re_variables.o > > >> msc_test- msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o > > >> msc_test- modsecurity.o msc_test-msc_parsers.o msc_test-msc_util.o > > >> msc_test-msc_pcre.o > > >> msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o > > >> msc_test- > > >> msc_crypt.o msc_test-msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o > > >> msc_test-acmp.o msc_test-msc_lua.o msc_test-msc_release.o > > >> msc_test-sqlparse.o > > >> /apache/lib/libapr-1.la > > >> /apache/lib/libaprutil-1.la-L/usr/lib/i386-linux-gnu -lpcre -L/usr/lib > > >> -lxml2 > > >> libtool: link: gcc -I/apache/include -I/apache/include > -I/apache/include > > >> - I/usr/include/libxml2 -DWITH_PCRE_STUDY > > >> -DMODSEC_PCRE_MATCH_LIMIT=50000 - > > >> DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 -DREQUEST_EARLY -DMSC_TEST -o > > >> msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o > > >> msc_test- > > >> re_actions.o msc_test-re_tfns.o msc_test-re_variables.o > > >> msc_test-msc_logging.o > > >> msc_test-msc_xml.o msc_test-msc_multipart.o msc_test-modsecurity.o > > >> msc_test- > > >> msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o > > >> msc_test-msc_unicode.o > > >> msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test-msc_crypt.o > > >> msc_test- > > >> msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o > > >> msc_test- msc_lua.o msc_test-msc_release.o msc_test-sqlparse.o -lrt > > >> -lcrypt -lpthread - > > >> ldl /usr/lib/i386-linux-gnu/libexpat.so /apache/lib/libapr-1.so > > >> /apache/lib/libaprutil-1.so -L/usr/lib/i386-linux-gnu -lpcre > -L/usr/lib > > >> -lxml2 > > >> -pthread > > >> msc_test-re_variables.o: In function `var_remote_addr_generate': > > >> re_variables.c:(.text+0x191f): undefined reference to > > >> `ap_find_linked_module' > > >> collect2: error: ld returned 1 exit status > > >> make[2]: *** [msc_test] Error 1 > > >> make[2]: Leaving directory `/tmp/modsecurity-apache_2.7.4/tests' > > >> make[1]: *** [check-am] Error 2 > > >> make: *** [check-recursive] Error 1 > > >> > > >> 2.7.3 compiled just fine on the same system using the same configure > > >> parameters: > > >> ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs > > >> --with- apr=/apache/bin/apr-1-config > > >> --with-apu=/apache/bin/apu-1-config --enable-pcre- > > >> match-limit=50000 --enable-pcre-match-limit-recursion=10000 > > >> --disable-mlogc > > >> > > >> What has changed since last version? I can see one new usage of > > >> ap_find_linked_module in > modsecurity-apache_2.7.4/apache2/re_variables.c > > >> > > >> Thanks > > >> -- > > >> Pavel Mateja > > >> > > >> > > >> > ------------------------------------------------------------------------ > > >> ------ Try New Relic Now & We'll Send You this Cool Shirt > > >> New Relic is the only SaaS-based application performance monitoring > > >> service > > >> that delivers powerful full stack analytics. Optimize and monitor your > > >> browser, app, & servers with just a few lines of code. Try New Relic > > >> and get this awesome Nerd Life shirt! > > >> http://p.sf.net/sfu/newrelic_d2d_may > > >> _______________________________________________ > > >> mod-security-developers mailing list > > >> mod...@li... > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > >> ModSecurity Services from Trustwave's SpiderLabs: > > >> https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Pavel M. <pa...@ne...> - 2013-05-28 12:22:41
|
> I fixed it in the tarball. Could you download again and try ? Hi, I was able to compile the new tarball. FIY: The (?^ test is still broken. -- Pavel Mateja > Thanks > > On Tue, May 28, 2013 at 9:10 AM, Breno Silva <bre...@gm...> wrote: > > You are right. > > > > need to add : > > > > #if !defined(MSC_TEST) > > ap_find_linked_module > > #endif > > > > On Tue, May 28, 2013 at 5:54 AM, Pavel Mateja <pa...@ne...> wrote: > >> Hi, > >> I've tried to build latest version of ModSecurity but it failed on: > >> > >> /bin/bash ../libtool --tag=CC --mode=link gcc -I/apache/include - > >> I/apache/include -I/apache/include -I/usr/include/libxml2 > >> -DWITH_PCRE_STUDY > >> -DMODSEC_PCRE_MATCH_LIMIT=50000 > >> -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 > >> > >> - > >> > >> DREQUEST_EARLY -DMSC_TEST -lrt -lcrypt -lpthread -ldl > >> > >> -lexpat > >> > >> -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o > >> msc_test-re_actions.o msc_test-re_tfns.o msc_test-re_variables.o > >> msc_test- msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o > >> msc_test- modsecurity.o msc_test-msc_parsers.o msc_test-msc_util.o > >> msc_test-msc_pcre.o > >> msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o > >> msc_test- > >> msc_crypt.o msc_test-msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o > >> msc_test-acmp.o msc_test-msc_lua.o msc_test-msc_release.o > >> msc_test-sqlparse.o > >> /apache/lib/libapr-1.la > >> /apache/lib/libaprutil-1.la-L/usr/lib/i386-linux-gnu -lpcre -L/usr/lib > >> -lxml2 > >> libtool: link: gcc -I/apache/include -I/apache/include -I/apache/include > >> - I/usr/include/libxml2 -DWITH_PCRE_STUDY > >> -DMODSEC_PCRE_MATCH_LIMIT=50000 - > >> DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 -DREQUEST_EARLY -DMSC_TEST -o > >> msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o > >> msc_test- > >> re_actions.o msc_test-re_tfns.o msc_test-re_variables.o > >> msc_test-msc_logging.o > >> msc_test-msc_xml.o msc_test-msc_multipart.o msc_test-modsecurity.o > >> msc_test- > >> msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o > >> msc_test-msc_unicode.o > >> msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test-msc_crypt.o > >> msc_test- > >> msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o > >> msc_test- msc_lua.o msc_test-msc_release.o msc_test-sqlparse.o -lrt > >> -lcrypt -lpthread - > >> ldl /usr/lib/i386-linux-gnu/libexpat.so /apache/lib/libapr-1.so > >> /apache/lib/libaprutil-1.so -L/usr/lib/i386-linux-gnu -lpcre -L/usr/lib > >> -lxml2 > >> -pthread > >> msc_test-re_variables.o: In function `var_remote_addr_generate': > >> re_variables.c:(.text+0x191f): undefined reference to > >> `ap_find_linked_module' > >> collect2: error: ld returned 1 exit status > >> make[2]: *** [msc_test] Error 1 > >> make[2]: Leaving directory `/tmp/modsecurity-apache_2.7.4/tests' > >> make[1]: *** [check-am] Error 2 > >> make: *** [check-recursive] Error 1 > >> > >> 2.7.3 compiled just fine on the same system using the same configure > >> parameters: > >> ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs > >> --with- apr=/apache/bin/apr-1-config > >> --with-apu=/apache/bin/apu-1-config --enable-pcre- > >> match-limit=50000 --enable-pcre-match-limit-recursion=10000 > >> --disable-mlogc > >> > >> What has changed since last version? I can see one new usage of > >> ap_find_linked_module in modsecurity-apache_2.7.4/apache2/re_variables.c > >> > >> Thanks > >> -- > >> Pavel Mateja > >> > >> > >> ------------------------------------------------------------------------ > >> ------ Try New Relic Now & We'll Send You this Cool Shirt > >> New Relic is the only SaaS-based application performance monitoring > >> service > >> that delivers powerful full stack analytics. Optimize and monitor your > >> browser, app, & servers with just a few lines of code. Try New Relic > >> and get this awesome Nerd Life shirt! > >> http://p.sf.net/sfu/newrelic_d2d_may > >> _______________________________________________ > >> mod-security-developers mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >> ModSecurity Services from Trustwave's SpiderLabs: > >> https://www.trustwave.com/spiderLabs.php |
|
From: Breno S. <bre...@gm...> - 2013-05-28 12:15:49
|
I fixed it in the tarball. Could you download again and try ? Thanks On Tue, May 28, 2013 at 9:10 AM, Breno Silva <bre...@gm...> wrote: > You are right. > > need to add : > > #if !defined(MSC_TEST) > ap_find_linked_module > #endif > > > > > On Tue, May 28, 2013 at 5:54 AM, Pavel Mateja <pa...@ne...> wrote: > >> Hi, >> I've tried to build latest version of ModSecurity but it failed on: >> >> /bin/bash ../libtool --tag=CC --mode=link gcc -I/apache/include - >> I/apache/include -I/apache/include -I/usr/include/libxml2 >> -DWITH_PCRE_STUDY >> -DMODSEC_PCRE_MATCH_LIMIT=50000 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 >> - >> DREQUEST_EARLY -DMSC_TEST -lrt -lcrypt -lpthread -ldl >> -lexpat >> -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o >> msc_test-re_actions.o msc_test-re_tfns.o msc_test-re_variables.o msc_test- >> msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o msc_test- >> modsecurity.o msc_test-msc_parsers.o msc_test-msc_util.o >> msc_test-msc_pcre.o >> msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o >> msc_test- >> msc_crypt.o msc_test-msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o >> msc_test-acmp.o msc_test-msc_lua.o msc_test-msc_release.o >> msc_test-sqlparse.o >> /apache/lib/libapr-1.la /apache/lib/libaprutil-1.la-L/usr/lib/i386-linux-gnu >> -lpcre -L/usr/lib -lxml2 >> libtool: link: gcc -I/apache/include -I/apache/include -I/apache/include - >> I/usr/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=50000 - >> DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 -DREQUEST_EARLY -DMSC_TEST -o >> msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o >> msc_test- >> re_actions.o msc_test-re_tfns.o msc_test-re_variables.o >> msc_test-msc_logging.o >> msc_test-msc_xml.o msc_test-msc_multipart.o msc_test-modsecurity.o >> msc_test- >> msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o >> msc_test-msc_unicode.o >> msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test-msc_crypt.o >> msc_test- >> msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o msc_test- >> msc_lua.o msc_test-msc_release.o msc_test-sqlparse.o -lrt -lcrypt >> -lpthread - >> ldl /usr/lib/i386-linux-gnu/libexpat.so /apache/lib/libapr-1.so >> /apache/lib/libaprutil-1.so -L/usr/lib/i386-linux-gnu -lpcre -L/usr/lib >> -lxml2 >> -pthread >> msc_test-re_variables.o: In function `var_remote_addr_generate': >> re_variables.c:(.text+0x191f): undefined reference to >> `ap_find_linked_module' >> collect2: error: ld returned 1 exit status >> make[2]: *** [msc_test] Error 1 >> make[2]: Leaving directory `/tmp/modsecurity-apache_2.7.4/tests' >> make[1]: *** [check-am] Error 2 >> make: *** [check-recursive] Error 1 >> >> 2.7.3 compiled just fine on the same system using the same configure >> parameters: >> ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs --with- >> apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config >> --enable-pcre- >> match-limit=50000 --enable-pcre-match-limit-recursion=10000 >> --disable-mlogc >> >> What has changed since last version? I can see one new usage of >> ap_find_linked_module in modsecurity-apache_2.7.4/apache2/re_variables.c >> >> Thanks >> -- >> Pavel Mateja >> >> >> ------------------------------------------------------------------------------ >> Try New Relic Now & We'll Send You this Cool Shirt >> New Relic is the only SaaS-based application performance monitoring >> service >> that delivers powerful full stack analytics. Optimize and monitor your >> browser, app, & servers with just a few lines of code. Try New Relic >> and get this awesome Nerd Life shirt! >> http://p.sf.net/sfu/newrelic_d2d_may >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
|
From: Breno S. <bre...@gm...> - 2013-05-28 12:10:29
|
You are right. need to add : #if !defined(MSC_TEST) ap_find_linked_module #endif On Tue, May 28, 2013 at 5:54 AM, Pavel Mateja <pa...@ne...> wrote: > Hi, > I've tried to build latest version of ModSecurity but it failed on: > > /bin/bash ../libtool --tag=CC --mode=link gcc -I/apache/include - > I/apache/include -I/apache/include -I/usr/include/libxml2 > -DWITH_PCRE_STUDY > -DMODSEC_PCRE_MATCH_LIMIT=50000 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 > - > DREQUEST_EARLY -DMSC_TEST -lrt -lcrypt -lpthread -ldl > -lexpat > -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o > msc_test-re_actions.o msc_test-re_tfns.o msc_test-re_variables.o msc_test- > msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o msc_test- > modsecurity.o msc_test-msc_parsers.o msc_test-msc_util.o > msc_test-msc_pcre.o > msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o > msc_test- > msc_crypt.o msc_test-msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o > msc_test-acmp.o msc_test-msc_lua.o msc_test-msc_release.o > msc_test-sqlparse.o > /apache/lib/libapr-1.la /apache/lib/libaprutil-1.la-L/usr/lib/i386-linux-gnu > -lpcre -L/usr/lib -lxml2 > libtool: link: gcc -I/apache/include -I/apache/include -I/apache/include - > I/usr/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=50000 - > DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 -DREQUEST_EARLY -DMSC_TEST -o > msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o > msc_test- > re_actions.o msc_test-re_tfns.o msc_test-re_variables.o > msc_test-msc_logging.o > msc_test-msc_xml.o msc_test-msc_multipart.o msc_test-modsecurity.o > msc_test- > msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o > msc_test-msc_unicode.o > msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test-msc_crypt.o > msc_test- > msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o msc_test- > msc_lua.o msc_test-msc_release.o msc_test-sqlparse.o -lrt -lcrypt > -lpthread - > ldl /usr/lib/i386-linux-gnu/libexpat.so /apache/lib/libapr-1.so > /apache/lib/libaprutil-1.so -L/usr/lib/i386-linux-gnu -lpcre -L/usr/lib > -lxml2 > -pthread > msc_test-re_variables.o: In function `var_remote_addr_generate': > re_variables.c:(.text+0x191f): undefined reference to > `ap_find_linked_module' > collect2: error: ld returned 1 exit status > make[2]: *** [msc_test] Error 1 > make[2]: Leaving directory `/tmp/modsecurity-apache_2.7.4/tests' > make[1]: *** [check-am] Error 2 > make: *** [check-recursive] Error 1 > > 2.7.3 compiled just fine on the same system using the same configure > parameters: > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs --with- > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config > --enable-pcre- > match-limit=50000 --enable-pcre-match-limit-recursion=10000 --disable-mlogc > > What has changed since last version? I can see one new usage of > ap_find_linked_module in modsecurity-apache_2.7.4/apache2/re_variables.c > > Thanks > -- > Pavel Mateja > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Pavel M. <pa...@ne...> - 2013-05-28 08:54:19
|
Hi, I've tried to build latest version of ModSecurity but it failed on: /bin/bash ../libtool --tag=CC --mode=link gcc -I/apache/include - I/apache/include -I/apache/include -I/usr/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=50000 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 - DREQUEST_EARLY -DMSC_TEST -lrt -lcrypt -lpthread -ldl -lexpat -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o msc_test-re_actions.o msc_test-re_tfns.o msc_test-re_variables.o msc_test- msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o msc_test- modsecurity.o msc_test-msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test- msc_crypt.o msc_test-msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o msc_test-msc_lua.o msc_test-msc_release.o msc_test-sqlparse.o /apache/lib/libapr-1.la /apache/lib/libaprutil-1.la -L/usr/lib/i386-linux-gnu -lpcre -L/usr/lib -lxml2 libtool: link: gcc -I/apache/include -I/apache/include -I/apache/include - I/usr/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=50000 - DMODSEC_PCRE_MATCH_LIMIT_RECURSION=10000 -DREQUEST_EARLY -DMSC_TEST -o msc_test msc_test-msc_test.o msc_test-re.o msc_test-re_operators.o msc_test- re_actions.o msc_test-re_tfns.o msc_test-re_variables.o msc_test-msc_logging.o msc_test-msc_xml.o msc_test-msc_multipart.o msc_test-modsecurity.o msc_test- msc_parsers.o msc_test-msc_util.o msc_test-msc_pcre.o msc_test-msc_unicode.o msc_test-persist_dbm.o msc_test-msc_reqbody.o msc_test-msc_crypt.o msc_test- msc_tree.o msc_test-msc_geo.o msc_test-msc_gsb.o msc_test-acmp.o msc_test- msc_lua.o msc_test-msc_release.o msc_test-sqlparse.o -lrt -lcrypt -lpthread - ldl /usr/lib/i386-linux-gnu/libexpat.so /apache/lib/libapr-1.so /apache/lib/libaprutil-1.so -L/usr/lib/i386-linux-gnu -lpcre -L/usr/lib -lxml2 -pthread msc_test-re_variables.o: In function `var_remote_addr_generate': re_variables.c:(.text+0x191f): undefined reference to `ap_find_linked_module' collect2: error: ld returned 1 exit status make[2]: *** [msc_test] Error 1 make[2]: Leaving directory `/tmp/modsecurity-apache_2.7.4/tests' make[1]: *** [check-am] Error 2 make: *** [check-recursive] Error 1 2.7.3 compiled just fine on the same system using the same configure parameters: ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs --with- apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config --enable-pcre- match-limit=50000 --enable-pcre-match-limit-recursion=10000 --disable-mlogc What has changed since last version? I can see one new usage of ap_find_linked_module in modsecurity-apache_2.7.4/apache2/re_variables.c Thanks -- Pavel Mateja |
|
From: Breno S. <bre...@gm...> - 2013-05-27 12:58:19
|
The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.7.4 Stable Release.The stability of this release is good, includes many bug fixes and some new features. NGINX module version is now STABLE. We added support to libinjection as a new operator @detectSQLi. There is a security issue fixed with this release, please check CVE-2013-2765 for more information. Please see the release notes included into CHANGES file. For known problems and more information about bug fixes, please see the online ModSecurity Jira. Please report any bug to mod...@li... . Thanks Breno Silva |
|
From: Ryan B. <RBa...@tr...> - 2013-05-25 17:32:58
|
Yes it can be done as we do this as part of our demo here - http://www.modsecurity.org/demo/phpids?test=YourPayloadHere%27+or+%272%27+%21%3D+%275%27%3B-- Take a look at these rules for some similar functionality - https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/optional_rules/modsecurity_crs_49_header_tagging.conf Basically you need to use setenv and then in the HTML page use SSI to populate the data from setenv. -- Ryan Barnett On May 25, 2013, at 12:00 PM, "Justin Searle" <ju...@me...<mailto:ju...@me...>> wrote: Hi guys. I'm working on a new security course, and I was wondering if there is a simple way to have ModSec add which rule was triggered (and maybe the rule's regex) in the 403 response. Is that possible by throwing in the some variable in the SecDefaultAction directive, or by some other means? Justin Searle Managing Partner - UtiliSec +1 801-784-2052 ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Justin S. <ju...@me...> - 2013-05-25 16:00:21
|
Hi guys. I'm working on a new security course, and I was wondering if there is a simple way to have ModSec add which rule was triggered (and maybe the rule's regex) in the 403 response. Is that possible by throwing in the some variable in the SecDefaultAction directive, or by some other means? Justin Searle Managing Partner - UtiliSec +1 801-784-2052 |
|
From: Pavel M. <pa...@ne...> - 2013-05-22 14:12:57
|
> Could you tell me your libpcre version (compiled and linked) ?
>
> You can run apache and get it in the error.log
The old working one is:
ModSecurity: PCRE compiled version="8.2 "; loaded version="8.02 2010-03-19"
The new broken one is:
ModSecurity: PCRE compiled version="8.2 "; loaded version="8.30 2012-02-04"
debian package: libpcre3:i386 1:8.30-5
> On Wed, May 22, 2013 at 11:02 AM, Breno Silva <bre...@gm...> wrote:
> > Maybe i can replace this test by another regex.
> >
> > On Wed, May 22, 2013 at 10:57 AM, Pavel Mateja <pa...@ne...> wrote:
> >> > I'm testing with an external tool that uses libpcre and it is failing
> >> > to compile this regex too.
> >> > So i'm start thinking (?^ syntax is not supported by libpcre ?
> >>
> >> As I wrote in first email the 2.7.2 was able to run all tests on the
> >> same server running Debian Wheezy. I was just recompiling apache with
> >> modules against new libraries.
> >> It might be problem with newer version of libpcre in Squeeze.
> >> --
> >> Pavel Mateja
> >>
> >> > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...>
> >>
> >> wrote:
> >> > > Yes. Looks like for some reason the regex is not being compiled.
> >> > >
> >> > > I will investigate it
> >> > >
> >> > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...>
> >>
> >> wrote:
> >> > >> > You should do:
> >> > >> >
> >> > >> > Make sure there is a core dump area with something like:
> >> > >> > CoreDumpDirectory /tmp
> >> > >> >
> >> > >> > Make sure limits are set to dump core:
> >> > >> > ulimit -c unlimited
> >> > >> >
> >> > >> > Restart and trigger the error. A core file should be in the
> >>
> >> directory
> >>
> >> > >> > you specified.
> >> > >> >
> >> > >> > Then use gdb to get a backtrace:
> >> > >> >
> >> > >> > gdb /path/to/httpd /path/to/core --batch --quiet \
> >> > >> >
> >> > >> > -ex "thread apply all bt full" > backtrace.log
> >> > >>
> >> > >> Hi again. I'm confused.
> >> > >>
> >> > >> The bug is triggered by msc_test forked by make test not httpd.
> >> > >> Just like the
> >> > >> core says:
> >> > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV),
> >> > >> SVR4-style, from
> >> > >> './msc_test -t op -n rx -p
> >>
> >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
> >>
> >> > >> -D 0
> >> > >> -r'
> >> > >> And gdb complains about right binary:
> >> > >> warning: core file may not match specified executable file.
> >> > >>
> >> > >> I tried to get backtrace against msc_test but I got:
> >> > >> warning: Can't read pathname for load map: Input/output error.
> >> > >> and the backtrace is useless:
> >> > >>
> >> > >> [New LWP 2179]
> >> > >> [Thread debugging using libthread_db enabled]
> >> > >> Using host libthread_db library "/lib/i386-linux-
> >> > >> gnu/i686/nosegneg/libthread_db.so.1".
> >> > >> Core was generated by `./msc_test -t op -n rx -p
> >> > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
> >> > >> Program terminated with signal 11, Segmentation fault.
> >> > >> #0 0x080561d6 in msre_op_rx_execute ()
> >> > >>
> >> > >> Thread 1 (Thread 0x4046c870 (LWP 2179)):
> >> > >> #0 0x080561d6 in msre_op_rx_execute ()
> >> > >> No symbol table info available.
> >> > >> #1 0x0804c40e in test_op ()
> >> > >> No symbol table info available.
> >> > >> #2 0x0804d9d3 in main ()
> >> > >> No symbol table info available.
> >> > >> --
> >> > >> Pavel Mateja
> >> > >>
> >> > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...>
> >>
> >> wrote:
> >> > >> > > > Hello Pavel,
> >> > >> > > >
> >> > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ?
> >> > >> > >
> >> > >> > > Yes, I am.
> >> > >> > >
> >> > >> > > > Can you send me your backtrace ?
> >> > >> > >
> >> > >> > > Sure. What exactly do you need?
> >> > >> > >
> >> > >> > > > Thanks
> >> > >> > > >
> >> > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <
> >> > >>
> >> > >> rai...@ki...
> >> > >>
> >> > >> > > >wrote:
> >> > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote:
> >> > >> > > > > > Hi guys,
> >> > >> > > > > > I've upgraded our debian servers from wheezy to squeeze
> >>
> >> and I
> >>
> >> > >> can't
> >> > >>
> >> > >> > > > > > pass
> >> > >> > > > >
> >> > >> > > > > "make
> >> > >> > > > >
> >> > >> > > > > > test" of modsecurity any more:
> >> > >> > > > > >
> >> > >> > > > > > Loaded 8 tests from ./op/rx.t
> >> > >> > > > > >
> >> > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> >> > >> > > > > > 2) op "rx": passed
> >> > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> >> > >> > > > > > 4) op "rx": passed (Pattern match "abc" at
> >> > >> > > > > > UNIT_TEST.) 5) op "rx": passed (Pattern match "def"
> >> > >> > > > > > at UNIT_TEST.) 6) op "rx": passed (Pattern match
> >> > >> > > > > > "ghi" at UNIT_TEST.) 7) op "rx": passed
> >> > >> > > > > >
> >> > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating
> >>
> >> rule:
> >> > >> > > > > > Error
> >> > >> > > > >
> >> > >> > > > > compiling
> >> > >> > > > >
> >> > >> > > > > > pattern (offset 2): unrecognized character after (? or
> >> > >> > > > > > (?- Test exited with signal 11.
> >> > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> >> > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0"
> >>
> >> "-r"
> >>
> >> > >> "1"
> >> > >>
> >> > >> > > > > > 8) op "rx": failed
> >> > >> > > > > >
> >> > >> > > > > > Passed: 7; Failed: 1
> >> > >> > > > > >
> >> > >> > > > > > I've tried version 2.7.2 which passed test on old debian
> >>
> >> and
> >>
> >> > >> latest
> >> > >>
> >> > >> > > > > 2.7.3.
> >> > >> > > > >
> >> > >> > > > > > Both failed on the same place.
> >> > >> > > > > >
> >> > >> > > > > > Compilation parameters were:
> >> > >> > > > > > ./configure --prefix=/apache/modules/
> >> > >>
> >> > >> --with-apxs=/apache/bin/apxs
> >> > >>
> >> > >> > > > > --with-
> >> > >> > > > >
> >> > >> > > > > > apr=/apache/bin/apr-1-config
> >> > >> > > > > > --with-apu=/apache/bin/apu-1-config
> >> > >> > > > >
> >> > >> > > > > --enable-pcre-
> >> > >> > > > >
> >> > >> > > > > > match-limit=50000
> >> > >> > > > > > --enable-pcre-match-limit-recursion=10000
> >> > >> > > > >
> >> > >> > > > > --disable-mlogc
> >> > >> > > > >
> >> > >> > > > > Since it exits with signal 11 it might be related to this
> >>
> >> bug:
> >> > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23
> >> > >> > > > >
> >> > >> > > > > It was fixed in this commit
> >>
> >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631
> >>
> >> > >> 7
> >> > >>
> >> > >> > > > > af1680f2a007aead
> >> > >> > > > >
> >> > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't
> >> > >> > > > > catch
> >> > >>
> >> > >> all
> >> > >>
> >> > >> > > > > similar situations?
> >> > >> > > > >
> >> > >> > > > > Regards,
> >> > >> > > > >
> >> > >> > > > > Rainer
> >>
> >> ------------------------------------------------------------------------
> >>
> >> > >> -
> >> > >>
> >> > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> >> > >> > > > > New Relic is the only SaaS-based application performance
> >> > >>
> >> > >> monitoring
> >> > >>
> >> > >> > > > > service that delivers powerful full stack analytics.
> >> > >> > > > > Optimize and monitor your browser, app, & servers with
> >> > >> > > > > just a few
> >>
> >> lines
> >>
> >> > >> > > > > of
> >> > >>
> >> > >> code.
> >> > >>
> >> > >> > > > > Try New Relic and get this awesome Nerd Life shirt!
> >> > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may
> >> > >> > > > > _______________________________________________
> >> > >> > > > > mod-security-developers mailing list
> >> > >> > > > > mod...@li...
> >> > >>
> >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developer
> >> > >> s
> >> > >>
> >> > >> > > > > ModSecurity Services from Trustwave's SpiderLabs:
> >> > >> > > > > https://www.trustwave.com/spiderLabs.php
> >> > >> > >
> >> > >> > > --
> >> > >> > > Pavel Mateja
> >>
> >> ------------------------------------------------------------------------
> >>
> >> > >> -
> >> > >>
> >> > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> >> > >> > > New Relic is the only SaaS-based application performance
> >>
> >> monitoring
> >>
> >> > >> > > service that delivers powerful full stack analytics. Optimize
> >> > >> > > and monitor your browser, app, & servers with just a few lines
> >> > >> > > of
> >>
> >> code.
> >>
> >> > >> Try
> >> > >>
> >> > >> > > New Relic and get this awesome Nerd Life shirt!
> >> > >> > > http://p.sf.net/sfu/newrelic_d2d_may
> >> > >> > > _______________________________________________
> >> > >> > > mod-security-developers mailing list
> >> > >> > > mod...@li...
> >>
> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> >>
> >> > >> > > ModSecurity Services from Trustwave's SpiderLabs:
> >> > >> > > https://www.trustwave.com/spiderLabs.php
> >>
> >> ------------------------------------------------------------------------
> >>
> >> > >> ------ Try New Relic Now & We'll Send You this Cool Shirt
> >> > >> New Relic is the only SaaS-based application performance monitoring
> >> > >> service
> >> > >> that delivers powerful full stack analytics. Optimize and monitor
> >>
> >> your
> >>
> >> > >> browser, app, & servers with just a few lines of code. Try New
> >> > >> Relic and get this awesome Nerd Life shirt!
> >> > >> http://p.sf.net/sfu/newrelic_d2d_may
> >> > >> _______________________________________________
> >> > >> mod-security-developers mailing list
> >> > >> mod...@li...
> >> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developer
> >> > >> s ModSecurity Services from Trustwave's SpiderLabs:
> >> > >> https://www.trustwave.com/spiderLabs.php
> >>
> >> ------------------------------------------------------------------------
> >> ------ Try New Relic Now & We'll Send You this Cool Shirt
> >> New Relic is the only SaaS-based application performance monitoring
> >> service
> >> that delivers powerful full stack analytics. Optimize and monitor your
> >> browser, app, & servers with just a few lines of code. Try New Relic
> >> and get this awesome Nerd Life shirt!
> >> http://p.sf.net/sfu/newrelic_d2d_may
> >> _______________________________________________
> >> mod-security-developers mailing list
> >> mod...@li...
> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> >> ModSecurity Services from Trustwave's SpiderLabs:
> >> https://www.trustwave.com/spiderLabs.php
--
Pavel Mateja
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 14:05:30
|
Could you tell me your libpcre version (compiled and linked) ?
You can run apache and get it in the error.log
On Wed, May 22, 2013 at 11:02 AM, Breno Silva <bre...@gm...> wrote:
> Maybe i can replace this test by another regex.
>
>
> On Wed, May 22, 2013 at 10:57 AM, Pavel Mateja <pa...@ne...> wrote:
>
>> > I'm testing with an external tool that uses libpcre and it is failing to
>> > compile this regex too.
>> > So i'm start thinking (?^ syntax is not supported by libpcre ?
>>
>> As I wrote in first email the 2.7.2 was able to run all tests on the same
>> server running Debian Wheezy. I was just recompiling apache with modules
>> against new libraries.
>> It might be problem with newer version of libpcre in Squeeze.
>> --
>> Pavel Mateja
>>
>> > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...>
>> wrote:
>> > > Yes. Looks like for some reason the regex is not being compiled.
>> > >
>> > > I will investigate it
>> > >
>> > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...>
>> wrote:
>> > >> > You should do:
>> > >> >
>> > >> > Make sure there is a core dump area with something like:
>> > >> > CoreDumpDirectory /tmp
>> > >> >
>> > >> > Make sure limits are set to dump core:
>> > >> > ulimit -c unlimited
>> > >> >
>> > >> > Restart and trigger the error. A core file should be in the
>> directory
>> > >> > you specified.
>> > >> >
>> > >> > Then use gdb to get a backtrace:
>> > >> >
>> > >> > gdb /path/to/httpd /path/to/core --batch --quiet \
>> > >> >
>> > >> > -ex "thread apply all bt full" > backtrace.log
>> > >>
>> > >> Hi again. I'm confused.
>> > >>
>> > >> The bug is triggered by msc_test forked by make test not httpd. Just
>> > >> like the
>> > >> core says:
>> > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV),
>> > >> SVR4-style, from
>> > >> './msc_test -t op -n rx -p
>> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
>> > >> -D 0
>> > >> -r'
>> > >> And gdb complains about right binary:
>> > >> warning: core file may not match specified executable file.
>> > >>
>> > >> I tried to get backtrace against msc_test but I got:
>> > >> warning: Can't read pathname for load map: Input/output error.
>> > >> and the backtrace is useless:
>> > >>
>> > >> [New LWP 2179]
>> > >> [Thread debugging using libthread_db enabled]
>> > >> Using host libthread_db library "/lib/i386-linux-
>> > >> gnu/i686/nosegneg/libthread_db.so.1".
>> > >> Core was generated by `./msc_test -t op -n rx -p
>> > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
>> > >> Program terminated with signal 11, Segmentation fault.
>> > >> #0 0x080561d6 in msre_op_rx_execute ()
>> > >>
>> > >> Thread 1 (Thread 0x4046c870 (LWP 2179)):
>> > >> #0 0x080561d6 in msre_op_rx_execute ()
>> > >> No symbol table info available.
>> > >> #1 0x0804c40e in test_op ()
>> > >> No symbol table info available.
>> > >> #2 0x0804d9d3 in main ()
>> > >> No symbol table info available.
>> > >> --
>> > >> Pavel Mateja
>> > >>
>> > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...>
>> wrote:
>> > >> > > > Hello Pavel,
>> > >> > > >
>> > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ?
>> > >> > >
>> > >> > > Yes, I am.
>> > >> > >
>> > >> > > > Can you send me your backtrace ?
>> > >> > >
>> > >> > > Sure. What exactly do you need?
>> > >> > >
>> > >> > > > Thanks
>> > >> > > >
>> > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <
>> > >>
>> > >> rai...@ki...
>> > >>
>> > >> > > >wrote:
>> > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote:
>> > >> > > > > > Hi guys,
>> > >> > > > > > I've upgraded our debian servers from wheezy to squeeze
>> and I
>> > >>
>> > >> can't
>> > >>
>> > >> > > > > > pass
>> > >> > > > >
>> > >> > > > > "make
>> > >> > > > >
>> > >> > > > > > test" of modsecurity any more:
>> > >> > > > > >
>> > >> > > > > > Loaded 8 tests from ./op/rx.t
>> > >> > > > > >
>> > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
>> > >> > > > > > 2) op "rx": passed
>> > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
>> > >> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
>> > >> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
>> > >> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
>> > >> > > > > > 7) op "rx": passed
>> > >> > > > > >
>> > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating
>> rule:
>> > >> > > > > > Error
>> > >> > > > >
>> > >> > > > > compiling
>> > >> > > > >
>> > >> > > > > > pattern (offset 2): unrecognized character after (? or (?-
>> > >> > > > > > Test exited with signal 11.
>> > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
>> > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0"
>> "-r"
>> > >>
>> > >> "1"
>> > >>
>> > >> > > > > > 8) op "rx": failed
>> > >> > > > > >
>> > >> > > > > > Passed: 7; Failed: 1
>> > >> > > > > >
>> > >> > > > > > I've tried version 2.7.2 which passed test on old debian
>> and
>> > >>
>> > >> latest
>> > >>
>> > >> > > > > 2.7.3.
>> > >> > > > >
>> > >> > > > > > Both failed on the same place.
>> > >> > > > > >
>> > >> > > > > > Compilation parameters were:
>> > >> > > > > > ./configure --prefix=/apache/modules/
>> > >>
>> > >> --with-apxs=/apache/bin/apxs
>> > >>
>> > >> > > > > --with-
>> > >> > > > >
>> > >> > > > > > apr=/apache/bin/apr-1-config
>> > >> > > > > > --with-apu=/apache/bin/apu-1-config
>> > >> > > > >
>> > >> > > > > --enable-pcre-
>> > >> > > > >
>> > >> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
>> > >> > > > >
>> > >> > > > > --disable-mlogc
>> > >> > > > >
>> > >> > > > > Since it exits with signal 11 it might be related to this
>> bug:
>> > >> > > > >
>> > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23
>> > >> > > > >
>> > >> > > > > It was fixed in this commit
>> > >>
>> > >>
>> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631
>> > >> 7
>> > >>
>> > >> > > > > af1680f2a007aead
>> > >> > > > >
>> > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't
>> > >> > > > > catch
>> > >>
>> > >> all
>> > >>
>> > >> > > > > similar situations?
>> > >> > > > >
>> > >> > > > > Regards,
>> > >> > > > >
>> > >> > > > > Rainer
>> > >>
>> > >>
>> ------------------------------------------------------------------------
>> > >> -
>> > >>
>> > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
>> > >> > > > > New Relic is the only SaaS-based application performance
>> > >>
>> > >> monitoring
>> > >>
>> > >> > > > > service that delivers powerful full stack analytics. Optimize
>> > >> > > > > and monitor your browser, app, & servers with just a few
>> lines
>> > >> > > > > of
>> > >>
>> > >> code.
>> > >>
>> > >> > > > > Try New Relic and get this awesome Nerd Life shirt!
>> > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may
>> > >> > > > > _______________________________________________
>> > >> > > > > mod-security-developers mailing list
>> > >> > > > > mod...@li...
>> > >>
>> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> > >>
>> > >> > > > > ModSecurity Services from Trustwave's SpiderLabs:
>> > >> > > > > https://www.trustwave.com/spiderLabs.php
>> > >> > >
>> > >> > > --
>> > >> > > Pavel Mateja
>> > >>
>> > >>
>> ------------------------------------------------------------------------
>> > >> -
>> > >>
>> > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
>> > >> > > New Relic is the only SaaS-based application performance
>> monitoring
>> > >> > > service that delivers powerful full stack analytics. Optimize and
>> > >> > > monitor your browser, app, & servers with just a few lines of
>> code.
>> > >>
>> > >> Try
>> > >>
>> > >> > > New Relic and get this awesome Nerd Life shirt!
>> > >> > > http://p.sf.net/sfu/newrelic_d2d_may
>> > >> > > _______________________________________________
>> > >> > > mod-security-developers mailing list
>> > >> > > mod...@li...
>> > >> > >
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> > >> > > ModSecurity Services from Trustwave's SpiderLabs:
>> > >> > > https://www.trustwave.com/spiderLabs.php
>> > >>
>> > >>
>> ------------------------------------------------------------------------
>> > >> ------ Try New Relic Now & We'll Send You this Cool Shirt
>> > >> New Relic is the only SaaS-based application performance monitoring
>> > >> service
>> > >> that delivers powerful full stack analytics. Optimize and monitor
>> your
>> > >> browser, app, & servers with just a few lines of code. Try New Relic
>> > >> and get this awesome Nerd Life shirt!
>> > >> http://p.sf.net/sfu/newrelic_d2d_may
>> > >> _______________________________________________
>> > >> mod-security-developers mailing list
>> > >> mod...@li...
>> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> > >> ModSecurity Services from Trustwave's SpiderLabs:
>> > >> https://www.trustwave.com/spiderLabs.php
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> mod-security-developers mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> ModSecurity Services from Trustwave's SpiderLabs:
>> https://www.trustwave.com/spiderLabs.php
>>
>
>
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 14:02:27
|
Maybe i can replace this test by another regex.
On Wed, May 22, 2013 at 10:57 AM, Pavel Mateja <pa...@ne...> wrote:
> > I'm testing with an external tool that uses libpcre and it is failing to
> > compile this regex too.
> > So i'm start thinking (?^ syntax is not supported by libpcre ?
>
> As I wrote in first email the 2.7.2 was able to run all tests on the same
> server running Debian Wheezy. I was just recompiling apache with modules
> against new libraries.
> It might be problem with newer version of libpcre in Squeeze.
> --
> Pavel Mateja
>
> > On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...>
> wrote:
> > > Yes. Looks like for some reason the regex is not being compiled.
> > >
> > > I will investigate it
> > >
> > > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...>
> wrote:
> > >> > You should do:
> > >> >
> > >> > Make sure there is a core dump area with something like:
> > >> > CoreDumpDirectory /tmp
> > >> >
> > >> > Make sure limits are set to dump core:
> > >> > ulimit -c unlimited
> > >> >
> > >> > Restart and trigger the error. A core file should be in the
> directory
> > >> > you specified.
> > >> >
> > >> > Then use gdb to get a backtrace:
> > >> >
> > >> > gdb /path/to/httpd /path/to/core --batch --quiet \
> > >> >
> > >> > -ex "thread apply all bt full" > backtrace.log
> > >>
> > >> Hi again. I'm confused.
> > >>
> > >> The bug is triggered by msc_test forked by make test not httpd. Just
> > >> like the
> > >> core says:
> > >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV),
> > >> SVR4-style, from
> > >> './msc_test -t op -n rx -p
> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
> > >> -D 0
> > >> -r'
> > >> And gdb complains about right binary:
> > >> warning: core file may not match specified executable file.
> > >>
> > >> I tried to get backtrace against msc_test but I got:
> > >> warning: Can't read pathname for load map: Input/output error.
> > >> and the backtrace is useless:
> > >>
> > >> [New LWP 2179]
> > >> [Thread debugging using libthread_db enabled]
> > >> Using host libthread_db library "/lib/i386-linux-
> > >> gnu/i686/nosegneg/libthread_db.so.1".
> > >> Core was generated by `./msc_test -t op -n rx -p
> > >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
> > >> Program terminated with signal 11, Segmentation fault.
> > >> #0 0x080561d6 in msre_op_rx_execute ()
> > >>
> > >> Thread 1 (Thread 0x4046c870 (LWP 2179)):
> > >> #0 0x080561d6 in msre_op_rx_execute ()
> > >> No symbol table info available.
> > >> #1 0x0804c40e in test_op ()
> > >> No symbol table info available.
> > >> #2 0x0804d9d3 in main ()
> > >> No symbol table info available.
> > >> --
> > >> Pavel Mateja
> > >>
> > >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...>
> wrote:
> > >> > > > Hello Pavel,
> > >> > > >
> > >> > > > Are you running make CFLAGS=-DMSC_TEST test right ?
> > >> > >
> > >> > > Yes, I am.
> > >> > >
> > >> > > > Can you send me your backtrace ?
> > >> > >
> > >> > > Sure. What exactly do you need?
> > >> > >
> > >> > > > Thanks
> > >> > > >
> > >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <
> > >>
> > >> rai...@ki...
> > >>
> > >> > > >wrote:
> > >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote:
> > >> > > > > > Hi guys,
> > >> > > > > > I've upgraded our debian servers from wheezy to squeeze and
> I
> > >>
> > >> can't
> > >>
> > >> > > > > > pass
> > >> > > > >
> > >> > > > > "make
> > >> > > > >
> > >> > > > > > test" of modsecurity any more:
> > >> > > > > >
> > >> > > > > > Loaded 8 tests from ./op/rx.t
> > >> > > > > >
> > >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > >> > > > > > 2) op "rx": passed
> > >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > >> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> > >> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> > >> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> > >> > > > > > 7) op "rx": passed
> > >> > > > > >
> > >> > > > > > ERROR: Failed to create rule for op "rx": Error creating
> rule:
> > >> > > > > > Error
> > >> > > > >
> > >> > > > > compiling
> > >> > > > >
> > >> > > > > > pattern (offset 2): unrecognized character after (? or (?-
> > >> > > > > > Test exited with signal 11.
> > >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> > >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0"
> "-r"
> > >>
> > >> "1"
> > >>
> > >> > > > > > 8) op "rx": failed
> > >> > > > > >
> > >> > > > > > Passed: 7; Failed: 1
> > >> > > > > >
> > >> > > > > > I've tried version 2.7.2 which passed test on old debian and
> > >>
> > >> latest
> > >>
> > >> > > > > 2.7.3.
> > >> > > > >
> > >> > > > > > Both failed on the same place.
> > >> > > > > >
> > >> > > > > > Compilation parameters were:
> > >> > > > > > ./configure --prefix=/apache/modules/
> > >>
> > >> --with-apxs=/apache/bin/apxs
> > >>
> > >> > > > > --with-
> > >> > > > >
> > >> > > > > > apr=/apache/bin/apr-1-config
> > >> > > > > > --with-apu=/apache/bin/apu-1-config
> > >> > > > >
> > >> > > > > --enable-pcre-
> > >> > > > >
> > >> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
> > >> > > > >
> > >> > > > > --disable-mlogc
> > >> > > > >
> > >> > > > > Since it exits with signal 11 it might be related to this bug:
> > >> > > > >
> > >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23
> > >> > > > >
> > >> > > > > It was fixed in this commit
> > >>
> > >>
> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631
> > >> 7
> > >>
> > >> > > > > af1680f2a007aead
> > >> > > > >
> > >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't
> > >> > > > > catch
> > >>
> > >> all
> > >>
> > >> > > > > similar situations?
> > >> > > > >
> > >> > > > > Regards,
> > >> > > > >
> > >> > > > > Rainer
> > >>
> > >>
> ------------------------------------------------------------------------
> > >> -
> > >>
> > >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > >> > > > > New Relic is the only SaaS-based application performance
> > >>
> > >> monitoring
> > >>
> > >> > > > > service that delivers powerful full stack analytics. Optimize
> > >> > > > > and monitor your browser, app, & servers with just a few lines
> > >> > > > > of
> > >>
> > >> code.
> > >>
> > >> > > > > Try New Relic and get this awesome Nerd Life shirt!
> > >> > > > > http://p.sf.net/sfu/newrelic_d2d_may
> > >> > > > > _______________________________________________
> > >> > > > > mod-security-developers mailing list
> > >> > > > > mod...@li...
> > >>
> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > >>
> > >> > > > > ModSecurity Services from Trustwave's SpiderLabs:
> > >> > > > > https://www.trustwave.com/spiderLabs.php
> > >> > >
> > >> > > --
> > >> > > Pavel Mateja
> > >>
> > >>
> ------------------------------------------------------------------------
> > >> -
> > >>
> > >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > >> > > New Relic is the only SaaS-based application performance
> monitoring
> > >> > > service that delivers powerful full stack analytics. Optimize and
> > >> > > monitor your browser, app, & servers with just a few lines of
> code.
> > >>
> > >> Try
> > >>
> > >> > > New Relic and get this awesome Nerd Life shirt!
> > >> > > http://p.sf.net/sfu/newrelic_d2d_may
> > >> > > _______________________________________________
> > >> > > mod-security-developers mailing list
> > >> > > mod...@li...
> > >> > >
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > >> > > ModSecurity Services from Trustwave's SpiderLabs:
> > >> > > https://www.trustwave.com/spiderLabs.php
> > >>
> > >>
> ------------------------------------------------------------------------
> > >> ------ Try New Relic Now & We'll Send You this Cool Shirt
> > >> New Relic is the only SaaS-based application performance monitoring
> > >> service
> > >> that delivers powerful full stack analytics. Optimize and monitor your
> > >> browser, app, & servers with just a few lines of code. Try New Relic
> > >> and get this awesome Nerd Life shirt!
> > >> http://p.sf.net/sfu/newrelic_d2d_may
> > >> _______________________________________________
> > >> mod-security-developers mailing list
> > >> mod...@li...
> > >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > >> ModSecurity Services from Trustwave's SpiderLabs:
> > >> https://www.trustwave.com/spiderLabs.php
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
|
|
From: Pavel M. <pa...@ne...> - 2013-05-22 13:58:04
|
> I'm testing with an external tool that uses libpcre and it is failing to
> compile this regex too.
> So i'm start thinking (?^ syntax is not supported by libpcre ?
As I wrote in first email the 2.7.2 was able to run all tests on the same
server running Debian Wheezy. I was just recompiling apache with modules
against new libraries.
It might be problem with newer version of libpcre in Squeeze.
--
Pavel Mateja
> On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...> wrote:
> > Yes. Looks like for some reason the regex is not being compiled.
> >
> > I will investigate it
> >
> > On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> wrote:
> >> > You should do:
> >> >
> >> > Make sure there is a core dump area with something like:
> >> > CoreDumpDirectory /tmp
> >> >
> >> > Make sure limits are set to dump core:
> >> > ulimit -c unlimited
> >> >
> >> > Restart and trigger the error. A core file should be in the directory
> >> > you specified.
> >> >
> >> > Then use gdb to get a backtrace:
> >> >
> >> > gdb /path/to/httpd /path/to/core --batch --quiet \
> >> >
> >> > -ex "thread apply all bt full" > backtrace.log
> >>
> >> Hi again. I'm confused.
> >>
> >> The bug is triggered by msc_test forked by make test not httpd. Just
> >> like the
> >> core says:
> >> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV),
> >> SVR4-style, from
> >> './msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
> >> -D 0
> >> -r'
> >> And gdb complains about right binary:
> >> warning: core file may not match specified executable file.
> >>
> >> I tried to get backtrace against msc_test but I got:
> >> warning: Can't read pathname for load map: Input/output error.
> >> and the backtrace is useless:
> >>
> >> [New LWP 2179]
> >> [Thread debugging using libthread_db enabled]
> >> Using host libthread_db library "/lib/i386-linux-
> >> gnu/i686/nosegneg/libthread_db.so.1".
> >> Core was generated by `./msc_test -t op -n rx -p
> >> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
> >> Program terminated with signal 11, Segmentation fault.
> >> #0 0x080561d6 in msre_op_rx_execute ()
> >>
> >> Thread 1 (Thread 0x4046c870 (LWP 2179)):
> >> #0 0x080561d6 in msre_op_rx_execute ()
> >> No symbol table info available.
> >> #1 0x0804c40e in test_op ()
> >> No symbol table info available.
> >> #2 0x0804d9d3 in main ()
> >> No symbol table info available.
> >> --
> >> Pavel Mateja
> >>
> >> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
> >> > > > Hello Pavel,
> >> > > >
> >> > > > Are you running make CFLAGS=-DMSC_TEST test right ?
> >> > >
> >> > > Yes, I am.
> >> > >
> >> > > > Can you send me your backtrace ?
> >> > >
> >> > > Sure. What exactly do you need?
> >> > >
> >> > > > Thanks
> >> > > >
> >> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <
> >>
> >> rai...@ki...
> >>
> >> > > >wrote:
> >> > > > > On 22.05.2013 10:22, Pavel Mateja wrote:
> >> > > > > > Hi guys,
> >> > > > > > I've upgraded our debian servers from wheezy to squeeze and I
> >>
> >> can't
> >>
> >> > > > > > pass
> >> > > > >
> >> > > > > "make
> >> > > > >
> >> > > > > > test" of modsecurity any more:
> >> > > > > >
> >> > > > > > Loaded 8 tests from ./op/rx.t
> >> > > > > >
> >> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> >> > > > > > 2) op "rx": passed
> >> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> >> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> >> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> >> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> >> > > > > > 7) op "rx": passed
> >> > > > > >
> >> > > > > > ERROR: Failed to create rule for op "rx": Error creating rule:
> >> > > > > > Error
> >> > > > >
> >> > > > > compiling
> >> > > > >
> >> > > > > > pattern (offset 2): unrecognized character after (? or (?-
> >> > > > > > Test exited with signal 11.
> >> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> >> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r"
> >>
> >> "1"
> >>
> >> > > > > > 8) op "rx": failed
> >> > > > > >
> >> > > > > > Passed: 7; Failed: 1
> >> > > > > >
> >> > > > > > I've tried version 2.7.2 which passed test on old debian and
> >>
> >> latest
> >>
> >> > > > > 2.7.3.
> >> > > > >
> >> > > > > > Both failed on the same place.
> >> > > > > >
> >> > > > > > Compilation parameters were:
> >> > > > > > ./configure --prefix=/apache/modules/
> >>
> >> --with-apxs=/apache/bin/apxs
> >>
> >> > > > > --with-
> >> > > > >
> >> > > > > > apr=/apache/bin/apr-1-config
> >> > > > > > --with-apu=/apache/bin/apu-1-config
> >> > > > >
> >> > > > > --enable-pcre-
> >> > > > >
> >> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
> >> > > > >
> >> > > > > --disable-mlogc
> >> > > > >
> >> > > > > Since it exits with signal 11 it might be related to this bug:
> >> > > > >
> >> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23
> >> > > > >
> >> > > > > It was fixed in this commit
> >>
> >> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e631
> >> 7
> >>
> >> > > > > af1680f2a007aead
> >> > > > >
> >> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't
> >> > > > > catch
> >>
> >> all
> >>
> >> > > > > similar situations?
> >> > > > >
> >> > > > > Regards,
> >> > > > >
> >> > > > > Rainer
> >>
> >> ------------------------------------------------------------------------
> >> -
> >>
> >> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> >> > > > > New Relic is the only SaaS-based application performance
> >>
> >> monitoring
> >>
> >> > > > > service that delivers powerful full stack analytics. Optimize
> >> > > > > and monitor your browser, app, & servers with just a few lines
> >> > > > > of
> >>
> >> code.
> >>
> >> > > > > Try New Relic and get this awesome Nerd Life shirt!
> >> > > > > http://p.sf.net/sfu/newrelic_d2d_may
> >> > > > > _______________________________________________
> >> > > > > mod-security-developers mailing list
> >> > > > > mod...@li...
> >>
> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> >>
> >> > > > > ModSecurity Services from Trustwave's SpiderLabs:
> >> > > > > https://www.trustwave.com/spiderLabs.php
> >> > >
> >> > > --
> >> > > Pavel Mateja
> >>
> >> ------------------------------------------------------------------------
> >> -
> >>
> >> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> >> > > New Relic is the only SaaS-based application performance monitoring
> >> > > service that delivers powerful full stack analytics. Optimize and
> >> > > monitor your browser, app, & servers with just a few lines of code.
> >>
> >> Try
> >>
> >> > > New Relic and get this awesome Nerd Life shirt!
> >> > > http://p.sf.net/sfu/newrelic_d2d_may
> >> > > _______________________________________________
> >> > > mod-security-developers mailing list
> >> > > mod...@li...
> >> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> >> > > ModSecurity Services from Trustwave's SpiderLabs:
> >> > > https://www.trustwave.com/spiderLabs.php
> >>
> >> ------------------------------------------------------------------------
> >> ------ Try New Relic Now & We'll Send You this Cool Shirt
> >> New Relic is the only SaaS-based application performance monitoring
> >> service
> >> that delivers powerful full stack analytics. Optimize and monitor your
> >> browser, app, & servers with just a few lines of code. Try New Relic
> >> and get this awesome Nerd Life shirt!
> >> http://p.sf.net/sfu/newrelic_d2d_may
> >> _______________________________________________
> >> mod-security-developers mailing list
> >> mod...@li...
> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> >> ModSecurity Services from Trustwave's SpiderLabs:
> >> https://www.trustwave.com/spiderLabs.php
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 13:44:34
|
I'm testing with an external tool that uses libpcre and it is failing to
compile this regex too.
So i'm start thinking (?^ syntax is not supported by libpcre ?
On Wed, May 22, 2013 at 9:53 AM, Breno Silva <bre...@gm...> wrote:
> Yes. Looks like for some reason the regex is not being compiled.
>
> I will investigate it
>
>
> On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> wrote:
>
>> > You should do:
>> >
>> > Make sure there is a core dump area with something like:
>> >
>> > CoreDumpDirectory /tmp
>> >
>> > Make sure limits are set to dump core:
>> >
>> > ulimit -c unlimited
>> >
>> > Restart and trigger the error. A core file should be in the directory
>> > you specified.
>> >
>> > Then use gdb to get a backtrace:
>> >
>> > gdb /path/to/httpd /path/to/core --batch --quiet \
>> > -ex "thread apply all bt full" > backtrace.log
>>
>> Hi again. I'm confused.
>>
>> The bug is triggered by msc_test forked by make test not httpd. Just like
>> the
>> core says:
>> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style,
>> from
>> './msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
>> -D 0
>> -r'
>> And gdb complains about right binary:
>> warning: core file may not match specified executable file.
>>
>> I tried to get backtrace against msc_test but I got:
>> warning: Can't read pathname for load map: Input/output error.
>> and the backtrace is useless:
>>
>> [New LWP 2179]
>> [Thread debugging using libthread_db enabled]
>> Using host libthread_db library "/lib/i386-linux-
>> gnu/i686/nosegneg/libthread_db.so.1".
>> Core was generated by `./msc_test -t op -n rx -p
>> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
>> Program terminated with signal 11, Segmentation fault.
>> #0 0x080561d6 in msre_op_rx_execute ()
>>
>> Thread 1 (Thread 0x4046c870 (LWP 2179)):
>> #0 0x080561d6 in msre_op_rx_execute ()
>> No symbol table info available.
>> #1 0x0804c40e in test_op ()
>> No symbol table info available.
>> #2 0x0804d9d3 in main ()
>> No symbol table info available.
>> --
>> Pavel Mateja
>>
>> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
>> > > > Hello Pavel,
>> > > >
>> > > > Are you running make CFLAGS=-DMSC_TEST test right ?
>> > >
>> > > Yes, I am.
>> > >
>> > > > Can you send me your backtrace ?
>> > >
>> > > Sure. What exactly do you need?
>> > >
>> > > > Thanks
>> > > >
>> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <
>> rai...@ki...
>> > > >
>> > > >wrote:
>> > > > > On 22.05.2013 10:22, Pavel Mateja wrote:
>> > > > > > Hi guys,
>> > > > > > I've upgraded our debian servers from wheezy to squeeze and I
>> can't
>> > > > > > pass
>> > > > >
>> > > > > "make
>> > > > >
>> > > > > > test" of modsecurity any more:
>> > > > > >
>> > > > > > Loaded 8 tests from ./op/rx.t
>> > > > > >
>> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
>> > > > > > 2) op "rx": passed
>> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
>> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
>> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
>> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
>> > > > > > 7) op "rx": passed
>> > > > > >
>> > > > > > ERROR: Failed to create rule for op "rx": Error creating rule:
>> > > > > > Error
>> > > > >
>> > > > > compiling
>> > > > >
>> > > > > > pattern (offset 2): unrecognized character after (? or (?-
>> > > > > > Test exited with signal 11.
>> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
>> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r"
>> "1"
>> > > > > >
>> > > > > > 8) op "rx": failed
>> > > > > >
>> > > > > > Passed: 7; Failed: 1
>> > > > > >
>> > > > > > I've tried version 2.7.2 which passed test on old debian and
>> latest
>> > > > >
>> > > > > 2.7.3.
>> > > > >
>> > > > > > Both failed on the same place.
>> > > > > >
>> > > > > > Compilation parameters were:
>> > > > > > ./configure --prefix=/apache/modules/
>> --with-apxs=/apache/bin/apxs
>> > > > >
>> > > > > --with-
>> > > > >
>> > > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
>> > > > >
>> > > > > --enable-pcre-
>> > > > >
>> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
>> > > > >
>> > > > > --disable-mlogc
>> > > > >
>> > > > > Since it exits with signal 11 it might be related to this bug:
>> > > > >
>> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23
>> > > > >
>> > > > > It was fixed in this commit
>> > >
>> > >
>> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
>> > >
>> > > > > af1680f2a007aead
>> > > > >
>> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch
>> all
>> > > > > similar situations?
>> > > > >
>> > > > > Regards,
>> > > > >
>> > > > > Rainer
>> > >
>> > >
>> -------------------------------------------------------------------------
>> > >
>> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
>> > > > > New Relic is the only SaaS-based application performance
>> monitoring
>> > > > > service that delivers powerful full stack analytics. Optimize and
>> > > > > monitor your browser, app, & servers with just a few lines of
>> code.
>> > > > > Try New Relic and get this awesome Nerd Life shirt!
>> > > > > http://p.sf.net/sfu/newrelic_d2d_may
>> > > > > _______________________________________________
>> > > > > mod-security-developers mailing list
>> > > > > mod...@li...
>> > > > >
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> > > > > ModSecurity Services from Trustwave's SpiderLabs:
>> > > > > https://www.trustwave.com/spiderLabs.php
>> > >
>> > > --
>> > > Pavel Mateja
>> > >
>> > >
>> > >
>> -------------------------------------------------------------------------
>> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
>> > > New Relic is the only SaaS-based application performance monitoring
>> > > service that delivers powerful full stack analytics. Optimize and
>> > > monitor your browser, app, & servers with just a few lines of code.
>> Try
>> > > New Relic and get this awesome Nerd Life shirt!
>> > > http://p.sf.net/sfu/newrelic_d2d_may
>> > > _______________________________________________
>> > > mod-security-developers mailing list
>> > > mod...@li...
>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> > > ModSecurity Services from Trustwave's SpiderLabs:
>> > > https://www.trustwave.com/spiderLabs.php
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> mod-security-developers mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> ModSecurity Services from Trustwave's SpiderLabs:
>> https://www.trustwave.com/spiderLabs.php
>>
>
>
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 12:53:16
|
Yes. Looks like for some reason the regex is not being compiled.
I will investigate it
On Wed, May 22, 2013 at 9:47 AM, Pavel Mateja <pa...@ne...> wrote:
> > You should do:
> >
> > Make sure there is a core dump area with something like:
> >
> > CoreDumpDirectory /tmp
> >
> > Make sure limits are set to dump core:
> >
> > ulimit -c unlimited
> >
> > Restart and trigger the error. A core file should be in the directory
> > you specified.
> >
> > Then use gdb to get a backtrace:
> >
> > gdb /path/to/httpd /path/to/core --batch --quiet \
> > -ex "thread apply all bt full" > backtrace.log
>
> Hi again. I'm confused.
>
> The bug is triggered by msc_test forked by make test not httpd. Just like
> the
> core says:
> core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style,
> from
> './msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)
> -D 0
> -r'
> And gdb complains about right binary:
> warning: core file may not match specified executable file.
>
> I tried to get backtrace against msc_test but I got:
> warning: Can't read pathname for load map: Input/output error.
> and the backtrace is useless:
>
> [New LWP 2179]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/i386-linux-
> gnu/i686/nosegneg/libthread_db.so.1".
> Core was generated by `./msc_test -t op -n rx -p
> (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
> Program terminated with signal 11, Segmentation fault.
> #0 0x080561d6 in msre_op_rx_execute ()
>
> Thread 1 (Thread 0x4046c870 (LWP 2179)):
> #0 0x080561d6 in msre_op_rx_execute ()
> No symbol table info available.
> #1 0x0804c40e in test_op ()
> No symbol table info available.
> #2 0x0804d9d3 in main ()
> No symbol table info available.
> --
> Pavel Mateja
>
> > On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
> > > > Hello Pavel,
> > > >
> > > > Are you running make CFLAGS=-DMSC_TEST test right ?
> > >
> > > Yes, I am.
> > >
> > > > Can you send me your backtrace ?
> > >
> > > Sure. What exactly do you need?
> > >
> > > > Thanks
> > > >
> > > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <
> rai...@ki...
> > > >
> > > >wrote:
> > > > > On 22.05.2013 10:22, Pavel Mateja wrote:
> > > > > > Hi guys,
> > > > > > I've upgraded our debian servers from wheezy to squeeze and I
> can't
> > > > > > pass
> > > > >
> > > > > "make
> > > > >
> > > > > > test" of modsecurity any more:
> > > > > >
> > > > > > Loaded 8 tests from ./op/rx.t
> > > > > >
> > > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > > > 2) op "rx": passed
> > > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> > > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> > > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> > > > > > 7) op "rx": passed
> > > > > >
> > > > > > ERROR: Failed to create rule for op "rx": Error creating rule:
> > > > > > Error
> > > > >
> > > > > compiling
> > > > >
> > > > > > pattern (offset 2): unrecognized character after (? or (?-
> > > > > > Test exited with signal 11.
> > > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> > > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
> > > > > >
> > > > > > 8) op "rx": failed
> > > > > >
> > > > > > Passed: 7; Failed: 1
> > > > > >
> > > > > > I've tried version 2.7.2 which passed test on old debian and
> latest
> > > > >
> > > > > 2.7.3.
> > > > >
> > > > > > Both failed on the same place.
> > > > > >
> > > > > > Compilation parameters were:
> > > > > > ./configure --prefix=/apache/modules/
> --with-apxs=/apache/bin/apxs
> > > > >
> > > > > --with-
> > > > >
> > > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
> > > > >
> > > > > --enable-pcre-
> > > > >
> > > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
> > > > >
> > > > > --disable-mlogc
> > > > >
> > > > > Since it exits with signal 11 it might be related to this bug:
> > > > >
> > > > > https://github.com/SpiderLabs/ModSecurity/issues/23
> > > > >
> > > > > It was fixed in this commit
> > >
> > >
> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
> > >
> > > > > af1680f2a007aead
> > > > >
> > > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch
> all
> > > > > similar situations?
> > > > >
> > > > > Regards,
> > > > >
> > > > > Rainer
> > >
> > >
> -------------------------------------------------------------------------
> > >
> > > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > > > > New Relic is the only SaaS-based application performance monitoring
> > > > > service that delivers powerful full stack analytics. Optimize and
> > > > > monitor your browser, app, & servers with just a few lines of code.
> > > > > Try New Relic and get this awesome Nerd Life shirt!
> > > > > http://p.sf.net/sfu/newrelic_d2d_may
> > > > > _______________________________________________
> > > > > mod-security-developers mailing list
> > > > > mod...@li...
> > > > >
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > > > > ModSecurity Services from Trustwave's SpiderLabs:
> > > > > https://www.trustwave.com/spiderLabs.php
> > >
> > > --
> > > Pavel Mateja
> > >
> > >
> > >
> -------------------------------------------------------------------------
> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > > New Relic is the only SaaS-based application performance monitoring
> > > service that delivers powerful full stack analytics. Optimize and
> > > monitor your browser, app, & servers with just a few lines of code. Try
> > > New Relic and get this awesome Nerd Life shirt!
> > > http://p.sf.net/sfu/newrelic_d2d_may
> > > _______________________________________________
> > > mod-security-developers mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > > ModSecurity Services from Trustwave's SpiderLabs:
> > > https://www.trustwave.com/spiderLabs.php
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
|
|
From: Pavel M. <pa...@ne...> - 2013-05-22 12:47:49
|
> You should do:
>
> Make sure there is a core dump area with something like:
>
> CoreDumpDirectory /tmp
>
> Make sure limits are set to dump core:
>
> ulimit -c unlimited
>
> Restart and trigger the error. A core file should be in the directory
> you specified.
>
> Then use gdb to get a backtrace:
>
> gdb /path/to/httpd /path/to/core --batch --quiet \
> -ex "thread apply all bt full" > backtrace.log
Hi again. I'm confused.
The bug is triggered by msc_test forked by make test not httpd. Just like the
core says:
core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style, from
'./msc_test -t op -n rx -p (?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0
-r'
And gdb complains about right binary:
warning: core file may not match specified executable file.
I tried to get backtrace against msc_test but I got:
warning: Can't read pathname for load map: Input/output error.
and the backtrace is useless:
[New LWP 2179]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-
gnu/i686/nosegneg/libthread_db.so.1".
Core was generated by `./msc_test -t op -n rx -p
(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$) -D 0 -r'.
Program terminated with signal 11, Segmentation fault.
#0 0x080561d6 in msre_op_rx_execute ()
Thread 1 (Thread 0x4046c870 (LWP 2179)):
#0 0x080561d6 in msre_op_rx_execute ()
No symbol table info available.
#1 0x0804c40e in test_op ()
No symbol table info available.
#2 0x0804d9d3 in main ()
No symbol table info available.
--
Pavel Mateja
> On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
> > > Hello Pavel,
> > >
> > > Are you running make CFLAGS=-DMSC_TEST test right ?
> >
> > Yes, I am.
> >
> > > Can you send me your backtrace ?
> >
> > Sure. What exactly do you need?
> >
> > > Thanks
> > >
> > > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki...
> > >
> > >wrote:
> > > > On 22.05.2013 10:22, Pavel Mateja wrote:
> > > > > Hi guys,
> > > > > I've upgraded our debian servers from wheezy to squeeze and I can't
> > > > > pass
> > > >
> > > > "make
> > > >
> > > > > test" of modsecurity any more:
> > > > >
> > > > > Loaded 8 tests from ./op/rx.t
> > > > >
> > > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > > 2) op "rx": passed
> > > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> > > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> > > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> > > > > 7) op "rx": passed
> > > > >
> > > > > ERROR: Failed to create rule for op "rx": Error creating rule:
> > > > > Error
> > > >
> > > > compiling
> > > >
> > > > > pattern (offset 2): unrecognized character after (? or (?-
> > > > > Test exited with signal 11.
> > > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> > > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
> > > > >
> > > > > 8) op "rx": failed
> > > > >
> > > > > Passed: 7; Failed: 1
> > > > >
> > > > > I've tried version 2.7.2 which passed test on old debian and latest
> > > >
> > > > 2.7.3.
> > > >
> > > > > Both failed on the same place.
> > > > >
> > > > > Compilation parameters were:
> > > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs
> > > >
> > > > --with-
> > > >
> > > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
> > > >
> > > > --enable-pcre-
> > > >
> > > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
> > > >
> > > > --disable-mlogc
> > > >
> > > > Since it exits with signal 11 it might be related to this bug:
> > > >
> > > > https://github.com/SpiderLabs/ModSecurity/issues/23
> > > >
> > > > It was fixed in this commit
> >
> > https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
> >
> > > > af1680f2a007aead
> > > >
> > > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all
> > > > similar situations?
> > > >
> > > > Regards,
> > > >
> > > > Rainer
> >
> > -------------------------------------------------------------------------
> >
> > > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > > > New Relic is the only SaaS-based application performance monitoring
> > > > service that delivers powerful full stack analytics. Optimize and
> > > > monitor your browser, app, & servers with just a few lines of code.
> > > > Try New Relic and get this awesome Nerd Life shirt!
> > > > http://p.sf.net/sfu/newrelic_d2d_may
> > > > _______________________________________________
> > > > mod-security-developers mailing list
> > > > mod...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > > > ModSecurity Services from Trustwave's SpiderLabs:
> > > > https://www.trustwave.com/spiderLabs.php
> >
> > --
> > Pavel Mateja
> >
> >
> > -------------------------------------------------------------------------
> > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > New Relic is the only SaaS-based application performance monitoring
> > service that delivers powerful full stack analytics. Optimize and
> > monitor your browser, app, & servers with just a few lines of code. Try
> > New Relic and get this awesome Nerd Life shirt!
> > http://p.sf.net/sfu/newrelic_d2d_may
> > _______________________________________________
> > mod-security-developers mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > ModSecurity Services from Trustwave's SpiderLabs:
> > https://www.trustwave.com/spiderLabs.php
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 12:43:00
|
I can just reproduce it running ./msc_test alone:
root@ubuntu:/home/brenosilva/modsecurity-apache_2.7.4/tests# ./msc_test
"-t" "op" "-n" "rx" "-p" "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)"
"-D" "0" "-r" "1"
ERROR: Failed to create rule for op "rx": Error creating rule: Error
compiling pattern (offset 2): unrecognized character after (? or (?-
Segmentation fault
However when running with make test it works fine.
On Wed, May 22, 2013 at 9:41 AM, Breno Silva <bre...@gm...> wrote:
> Oops you should change the binary to msc_test :)
>
>
> On Wed, May 22, 2013 at 9:37 AM, Breno Silva <bre...@gm...>wrote:
>
>> Could you also send me your error.log?
>>
>>
>> On Wed, May 22, 2013 at 9:36 AM, Breno Silva <bre...@gm...>wrote:
>>
>>> You should do:
>>>
>>> Make sure there is a core dump area with something like:
>>>
>>> CoreDumpDirectory /tmp
>>>
>>> Make sure limits are set to dump core:
>>>
>>> ulimit -c unlimited
>>>
>>> Restart and trigger the error. A core file should be in the directory
>>> you specified.
>>>
>>> Then use gdb to get a backtrace:
>>>
>>> gdb /path/to/httpd /path/to/core --batch --quiet \
>>> -ex "thread apply all bt full" > backtrace.log
>>>
>>>
>>> On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
>>>
>>>> > Hello Pavel,
>>>> >
>>>> > Are you running make CFLAGS=-DMSC_TEST test right ?
>>>>
>>>> Yes, I am.
>>>>
>>>> > Can you send me your backtrace ?
>>>>
>>>> Sure. What exactly do you need?
>>>>
>>>> > Thanks
>>>> >
>>>> > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki...
>>>> >wrote:
>>>> > > On 22.05.2013 10:22, Pavel Mateja wrote:
>>>> > > > Hi guys,
>>>> > > > I've upgraded our debian servers from wheezy to squeeze and I
>>>> can't
>>>> > > > pass
>>>> > >
>>>> > > "make
>>>> > >
>>>> > > > test" of modsecurity any more:
>>>> > > >
>>>> > > > Loaded 8 tests from ./op/rx.t
>>>> > > >
>>>> > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
>>>> > > > 2) op "rx": passed
>>>> > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
>>>> > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
>>>> > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
>>>> > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
>>>> > > > 7) op "rx": passed
>>>> > > >
>>>> > > > ERROR: Failed to create rule for op "rx": Error creating rule:
>>>> Error
>>>> > >
>>>> > > compiling
>>>> > >
>>>> > > > pattern (offset 2): unrecognized character after (? or (?-
>>>> > > > Test exited with signal 11.
>>>> > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
>>>> > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
>>>> > > >
>>>> > > > 8) op "rx": failed
>>>> > > >
>>>> > > > Passed: 7; Failed: 1
>>>> > > >
>>>> > > > I've tried version 2.7.2 which passed test on old debian and
>>>> latest
>>>> > >
>>>> > > 2.7.3.
>>>> > >
>>>> > > > Both failed on the same place.
>>>> > > >
>>>> > > > Compilation parameters were:
>>>> > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs
>>>> > >
>>>> > > --with-
>>>> > >
>>>> > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
>>>> > >
>>>> > > --enable-pcre-
>>>> > >
>>>> > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
>>>> > >
>>>> > > --disable-mlogc
>>>> > >
>>>> > > Since it exits with signal 11 it might be related to this bug:
>>>> > >
>>>> > > https://github.com/SpiderLabs/ModSecurity/issues/23
>>>> > >
>>>> > > It was fixed in this commit
>>>> > >
>>>> > >
>>>> > >
>>>> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
>>>> > > af1680f2a007aead
>>>> > >
>>>> > > and should be part of 2.7.2 and later. Maybe the fix didn't catch
>>>> all
>>>> > > similar situations?
>>>> > >
>>>> > > Regards,
>>>> > >
>>>> > > Rainer
>>>> > >
>>>> > >
>>>> > >
>>>> -------------------------------------------------------------------------
>>>> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
>>>> > > New Relic is the only SaaS-based application performance monitoring
>>>> > > service that delivers powerful full stack analytics. Optimize and
>>>> > > monitor your browser, app, & servers with just a few lines of code.
>>>> Try
>>>> > > New Relic and get this awesome Nerd Life shirt!
>>>> > > http://p.sf.net/sfu/newrelic_d2d_may
>>>> > > _______________________________________________
>>>> > > mod-security-developers mailing list
>>>> > > mod...@li...
>>>> > >
>>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>>> > > ModSecurity Services from Trustwave's SpiderLabs:
>>>> > > https://www.trustwave.com/spiderLabs.php
>>>> --
>>>> Pavel Mateja
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Try New Relic Now & We'll Send You this Cool Shirt
>>>> New Relic is the only SaaS-based application performance monitoring
>>>> service
>>>> that delivers powerful full stack analytics. Optimize and monitor your
>>>> browser, app, & servers with just a few lines of code. Try New Relic
>>>> and get this awesome Nerd Life shirt!
>>>> http://p.sf.net/sfu/newrelic_d2d_may
>>>> _______________________________________________
>>>> mod-security-developers mailing list
>>>> mod...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>>> ModSecurity Services from Trustwave's SpiderLabs:
>>>> https://www.trustwave.com/spiderLabs.php
>>>>
>>>
>>>
>>
>
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 12:41:22
|
Oops you should change the binary to msc_test :)
On Wed, May 22, 2013 at 9:37 AM, Breno Silva <bre...@gm...> wrote:
> Could you also send me your error.log?
>
>
> On Wed, May 22, 2013 at 9:36 AM, Breno Silva <bre...@gm...>wrote:
>
>> You should do:
>>
>> Make sure there is a core dump area with something like:
>>
>> CoreDumpDirectory /tmp
>>
>> Make sure limits are set to dump core:
>>
>> ulimit -c unlimited
>>
>> Restart and trigger the error. A core file should be in the directory
>> you specified.
>>
>> Then use gdb to get a backtrace:
>>
>> gdb /path/to/httpd /path/to/core --batch --quiet \
>> -ex "thread apply all bt full" > backtrace.log
>>
>>
>> On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
>>
>>> > Hello Pavel,
>>> >
>>> > Are you running make CFLAGS=-DMSC_TEST test right ?
>>>
>>> Yes, I am.
>>>
>>> > Can you send me your backtrace ?
>>>
>>> Sure. What exactly do you need?
>>>
>>> > Thanks
>>> >
>>> > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki...
>>> >wrote:
>>> > > On 22.05.2013 10:22, Pavel Mateja wrote:
>>> > > > Hi guys,
>>> > > > I've upgraded our debian servers from wheezy to squeeze and I can't
>>> > > > pass
>>> > >
>>> > > "make
>>> > >
>>> > > > test" of modsecurity any more:
>>> > > >
>>> > > > Loaded 8 tests from ./op/rx.t
>>> > > >
>>> > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
>>> > > > 2) op "rx": passed
>>> > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
>>> > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
>>> > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
>>> > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
>>> > > > 7) op "rx": passed
>>> > > >
>>> > > > ERROR: Failed to create rule for op "rx": Error creating rule:
>>> Error
>>> > >
>>> > > compiling
>>> > >
>>> > > > pattern (offset 2): unrecognized character after (? or (?-
>>> > > > Test exited with signal 11.
>>> > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
>>> > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
>>> > > >
>>> > > > 8) op "rx": failed
>>> > > >
>>> > > > Passed: 7; Failed: 1
>>> > > >
>>> > > > I've tried version 2.7.2 which passed test on old debian and latest
>>> > >
>>> > > 2.7.3.
>>> > >
>>> > > > Both failed on the same place.
>>> > > >
>>> > > > Compilation parameters were:
>>> > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs
>>> > >
>>> > > --with-
>>> > >
>>> > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
>>> > >
>>> > > --enable-pcre-
>>> > >
>>> > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
>>> > >
>>> > > --disable-mlogc
>>> > >
>>> > > Since it exits with signal 11 it might be related to this bug:
>>> > >
>>> > > https://github.com/SpiderLabs/ModSecurity/issues/23
>>> > >
>>> > > It was fixed in this commit
>>> > >
>>> > >
>>> > >
>>> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
>>> > > af1680f2a007aead
>>> > >
>>> > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all
>>> > > similar situations?
>>> > >
>>> > > Regards,
>>> > >
>>> > > Rainer
>>> > >
>>> > >
>>> > >
>>> -------------------------------------------------------------------------
>>> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
>>> > > New Relic is the only SaaS-based application performance monitoring
>>> > > service that delivers powerful full stack analytics. Optimize and
>>> > > monitor your browser, app, & servers with just a few lines of code.
>>> Try
>>> > > New Relic and get this awesome Nerd Life shirt!
>>> > > http://p.sf.net/sfu/newrelic_d2d_may
>>> > > _______________________________________________
>>> > > mod-security-developers mailing list
>>> > > mod...@li...
>>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>> > > ModSecurity Services from Trustwave's SpiderLabs:
>>> > > https://www.trustwave.com/spiderLabs.php
>>> --
>>> Pavel Mateja
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Try New Relic Now & We'll Send You this Cool Shirt
>>> New Relic is the only SaaS-based application performance monitoring
>>> service
>>> that delivers powerful full stack analytics. Optimize and monitor your
>>> browser, app, & servers with just a few lines of code. Try New Relic
>>> and get this awesome Nerd Life shirt!
>>> http://p.sf.net/sfu/newrelic_d2d_may
>>> _______________________________________________
>>> mod-security-developers mailing list
>>> mod...@li...
>>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>> ModSecurity Services from Trustwave's SpiderLabs:
>>> https://www.trustwave.com/spiderLabs.php
>>>
>>
>>
>
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 12:37:13
|
Could you also send me your error.log?
On Wed, May 22, 2013 at 9:36 AM, Breno Silva <bre...@gm...> wrote:
> You should do:
>
> Make sure there is a core dump area with something like:
>
> CoreDumpDirectory /tmp
>
> Make sure limits are set to dump core:
>
> ulimit -c unlimited
>
> Restart and trigger the error. A core file should be in the directory
> you specified.
>
> Then use gdb to get a backtrace:
>
> gdb /path/to/httpd /path/to/core --batch --quiet \
> -ex "thread apply all bt full" > backtrace.log
>
>
> On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
>
>> > Hello Pavel,
>> >
>> > Are you running make CFLAGS=-DMSC_TEST test right ?
>>
>> Yes, I am.
>>
>> > Can you send me your backtrace ?
>>
>> Sure. What exactly do you need?
>>
>> > Thanks
>> >
>> > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki...
>> >wrote:
>> > > On 22.05.2013 10:22, Pavel Mateja wrote:
>> > > > Hi guys,
>> > > > I've upgraded our debian servers from wheezy to squeeze and I can't
>> > > > pass
>> > >
>> > > "make
>> > >
>> > > > test" of modsecurity any more:
>> > > >
>> > > > Loaded 8 tests from ./op/rx.t
>> > > >
>> > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
>> > > > 2) op "rx": passed
>> > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
>> > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
>> > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
>> > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
>> > > > 7) op "rx": passed
>> > > >
>> > > > ERROR: Failed to create rule for op "rx": Error creating rule: Error
>> > >
>> > > compiling
>> > >
>> > > > pattern (offset 2): unrecognized character after (? or (?-
>> > > > Test exited with signal 11.
>> > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
>> > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
>> > > >
>> > > > 8) op "rx": failed
>> > > >
>> > > > Passed: 7; Failed: 1
>> > > >
>> > > > I've tried version 2.7.2 which passed test on old debian and latest
>> > >
>> > > 2.7.3.
>> > >
>> > > > Both failed on the same place.
>> > > >
>> > > > Compilation parameters were:
>> > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs
>> > >
>> > > --with-
>> > >
>> > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
>> > >
>> > > --enable-pcre-
>> > >
>> > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
>> > >
>> > > --disable-mlogc
>> > >
>> > > Since it exits with signal 11 it might be related to this bug:
>> > >
>> > > https://github.com/SpiderLabs/ModSecurity/issues/23
>> > >
>> > > It was fixed in this commit
>> > >
>> > >
>> > >
>> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
>> > > af1680f2a007aead
>> > >
>> > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all
>> > > similar situations?
>> > >
>> > > Regards,
>> > >
>> > > Rainer
>> > >
>> > >
>> > >
>> -------------------------------------------------------------------------
>> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
>> > > New Relic is the only SaaS-based application performance monitoring
>> > > service that delivers powerful full stack analytics. Optimize and
>> > > monitor your browser, app, & servers with just a few lines of code.
>> Try
>> > > New Relic and get this awesome Nerd Life shirt!
>> > > http://p.sf.net/sfu/newrelic_d2d_may
>> > > _______________________________________________
>> > > mod-security-developers mailing list
>> > > mod...@li...
>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> > > ModSecurity Services from Trustwave's SpiderLabs:
>> > > https://www.trustwave.com/spiderLabs.php
>> --
>> Pavel Mateja
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> mod-security-developers mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>> ModSecurity Services from Trustwave's SpiderLabs:
>> https://www.trustwave.com/spiderLabs.php
>>
>
>
|
|
From: Breno S. <bre...@gm...> - 2013-05-22 12:36:47
|
You should do:
Make sure there is a core dump area with something like:
CoreDumpDirectory /tmp
Make sure limits are set to dump core:
ulimit -c unlimited
Restart and trigger the error. A core file should be in the directory
you specified.
Then use gdb to get a backtrace:
gdb /path/to/httpd /path/to/core --batch --quiet \
-ex "thread apply all bt full" > backtrace.log
On Wed, May 22, 2013 at 9:32 AM, Pavel Mateja <pa...@ne...> wrote:
> > Hello Pavel,
> >
> > Are you running make CFLAGS=-DMSC_TEST test right ?
>
> Yes, I am.
>
> > Can you send me your backtrace ?
>
> Sure. What exactly do you need?
>
> > Thanks
> >
> > On Wed, May 22, 2013 at 8:05 AM, Rainer Jung <rai...@ki...
> >wrote:
> > > On 22.05.2013 10:22, Pavel Mateja wrote:
> > > > Hi guys,
> > > > I've upgraded our debian servers from wheezy to squeeze and I can't
> > > > pass
> > >
> > > "make
> > >
> > > > test" of modsecurity any more:
> > > >
> > > > Loaded 8 tests from ./op/rx.t
> > > >
> > > > 1) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > 2) op "rx": passed
> > > > 3) op "rx": passed (Pattern match "" at UNIT_TEST.)
> > > > 4) op "rx": passed (Pattern match "abc" at UNIT_TEST.)
> > > > 5) op "rx": passed (Pattern match "def" at UNIT_TEST.)
> > > > 6) op "rx": passed (Pattern match "ghi" at UNIT_TEST.)
> > > > 7) op "rx": passed
> > > >
> > > > ERROR: Failed to create rule for op "rx": Error creating rule: Error
> > >
> > > compiling
> > >
> > > > pattern (offset 2): unrecognized character after (? or (?-
> > > > Test exited with signal 11.
> > > > Executed: ./msc_test "-t" "op" "-n" "rx" "-p"
> > > > "(?^i:^([^=])\s*=\s*((?:abc)+(?:def|ghi){2})$)" "-D" "0" "-r" "1"
> > > >
> > > > 8) op "rx": failed
> > > >
> > > > Passed: 7; Failed: 1
> > > >
> > > > I've tried version 2.7.2 which passed test on old debian and latest
> > >
> > > 2.7.3.
> > >
> > > > Both failed on the same place.
> > > >
> > > > Compilation parameters were:
> > > > ./configure --prefix=/apache/modules/ --with-apxs=/apache/bin/apxs
> > >
> > > --with-
> > >
> > > > apr=/apache/bin/apr-1-config --with-apu=/apache/bin/apu-1-config
> > >
> > > --enable-pcre-
> > >
> > > > match-limit=50000 --enable-pcre-match-limit-recursion=10000
> > >
> > > --disable-mlogc
> > >
> > > Since it exits with signal 11 it might be related to this bug:
> > >
> > > https://github.com/SpiderLabs/ModSecurity/issues/23
> > >
> > > It was fixed in this commit
> > >
> > >
> > >
> https://github.com/SpiderLabs/ModSecurity/commit/3f6c14de5993b8b2c66e6317
> > > af1680f2a007aead
> > >
> > > and should be part of 2.7.2 and later. Maybe the fix didn't catch all
> > > similar situations?
> > >
> > > Regards,
> > >
> > > Rainer
> > >
> > >
> > >
> -------------------------------------------------------------------------
> > > ----- Try New Relic Now & We'll Send You this Cool Shirt
> > > New Relic is the only SaaS-based application performance monitoring
> > > service that delivers powerful full stack analytics. Optimize and
> > > monitor your browser, app, & servers with just a few lines of code. Try
> > > New Relic and get this awesome Nerd Life shirt!
> > > http://p.sf.net/sfu/newrelic_d2d_may
> > > _______________________________________________
> > > mod-security-developers mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> > > ModSecurity Services from Trustwave's SpiderLabs:
> > > https://www.trustwave.com/spiderLabs.php
> --
> Pavel Mateja
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> mod-security-developers mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
> ModSecurity Services from Trustwave's SpiderLabs:
> https://www.trustwave.com/spiderLabs.php
>
|
10 messages has been excluded from this view by a project administrator.
