Thread: [Mod-security-developers] ModSecurity version 2.9.1-rc1 announcement
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers
|
From: Felipe C. <FC...@tr...> - 2016-02-03 17:17:24
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, It is a pleasure to announce the first release candidate for ModSecurity version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. The new features list includes audit logs in JSON format. I would like to thank you all, that participate in the construction of this release. A special thanks to the ones who sent patches and the ones who participated on the community meetings, which helped to increase the quality of our releases. Thank you. The documentation of the new features is already available on our wiki page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 The most important changes are listed bellow: * New features - Added support to generate audit logs in JSON format. [Issue #914, #897, #656 - Robert Paprocki] - Extended Lua support to include version 5.3 [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] - mlogc: Allows user to choose between TLS versions (TLSProtocol option introduced). [Issue #881 - Ishwor Gurung] - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] * Bug fixes - Creating AuditLog serial file (or parallel index) respecting the permission configured with SecAuditLogFileMode. Previously, it was used only to save the transactions while in parallel mode. [Issue #852 - @littlecho and ModSecurity team] - Checking for hashing injection response, to report in case of failure. [Issue #1041 - ModSecurity team] - Stop buffering when the request is larger than SecRequestBodyLimit in ProcessPartial mode [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] - Refactoring conditional #if/#defs directives. [Issue #996 - Wesley M and ModSecurity team] - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir files with Apache 2.4 [Issue #775 - Elia Pinto] - Understands IIS 10 as compatible on Windows installer. [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] - Fix apache logging limitation by using correct Apache call. [Issue #840 - Christian Folini] - Fix apr_crypto.h check on 32-bit Linux platform [Issue #882, #883 - Kurt Newman] - Fix variable resolution duration (Content of the DURATION variable). [Issue #662 - Andrew Elble] - Fix crash while adding empty keys to persistent collections. [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] - Remove misguided call to srand() [Issues #778, #781 and #836 - Michael Bunk, @gilperon] - Fix compilation problem while ssdeep is installed in non-standard location. [Issue #872 - Kurt Newman] - Fix invalid storage reference by apr_psprintf at msc_crypt.c [Issue #609 - Jeff Trawick] * Known issues - Instabilities of nginx add-on are still expected. Please use the "nginx refactoring" branch and stay tuned for the ModSecurity version 3. Br., Felipe "Zimmerle" Costa Lead Developer for ModSecurity Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - https://gpgtools.org iEYEARECAAYFAlayNO4ACgkQ5t+wjOixEneGyQCeJtAPhLk9EXRg7/GviovZQ2i5 bwMAn3SSrlzFC+g3zdlOU4Yug3kiRpAp =Prxb -----END PGP SIGNATURE----- ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Christian F. <chr...@ne...> - 2016-02-04 08:19:31
|
Hello Zimmerle, Thank you for the new rc1 release. I compiled it just fine against apache 2.4.18 and ran nikto against it without any problems. So this generally works. Cool. Then I tried to enable the new JSON audit log format, but I failed in the config parser: AH00526: Syntax error on line 106 of /apache/conf/httpd.conf_testing_modsec: Invalid command 'SecAuditLogFormat', perhaps misspelled or defined by a module not included in the server configuration A 2nd issue occurred, when I tried to compile against apache 2.4.17. Ahoj, Christian On Wed, Feb 03, 2016 at 05:17:12PM +0000, Felipe Costa wrote: > > Hi, > > It is a pleasure to announce the first release candidate for ModSecurity > version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. > The new features list includes audit logs in JSON format. > > I would like to thank you all, that participate in the construction of > this release. A special thanks to the ones who sent patches and the ones > who participated on the community meetings, which helped to increase the > quality of our releases. Thank you. > > The documentation of the new features is already available on our wiki > page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual > > The source and binaries (and the respective hashes) are available at: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 > > The most important changes are listed bellow: > > * New features > > - Added support to generate audit logs in JSON format. > [Issue #914, #897, #656 - Robert Paprocki] > - Extended Lua support to include version 5.3 > [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] > - mlogc: Allows user to choose between TLS versions (TLSProtocol option > introduced). > [Issue #881 - Ishwor Gurung] > - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. > [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] > > * Bug fixes > > - Creating AuditLog serial file (or parallel index) respecting the > permission configured with SecAuditLogFileMode. Previously, it was > used only to save the transactions while in parallel mode. > [Issue #852 - @littlecho and ModSecurity team] > - Checking for hashing injection response, to report in case of failure. > [Issue #1041 - ModSecurity team] > - Stop buffering when the request is larger than SecRequestBodyLimit > in ProcessPartial mode > [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] > - Refactoring conditional #if/#defs directives. > [Issue #996 - Wesley M and ModSecurity team] > - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir > files with Apache 2.4 > [Issue #775 - Elia Pinto] > - Understands IIS 10 as compatible on Windows installer. > [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] > - Fix apache logging limitation by using correct Apache call. > [Issue #840 - Christian Folini] > - Fix apr_crypto.h check on 32-bit Linux platform > [Issue #882, #883 - Kurt Newman] > - Fix variable resolution duration (Content of the DURATION variable). > [Issue #662 - Andrew Elble] > - Fix crash while adding empty keys to persistent collections. > [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] > - Remove misguided call to srand() > [Issues #778, #781 and #836 - Michael Bunk, @gilperon] > - Fix compilation problem while ssdeep is installed in non-standard > location. > [Issue #872 - Kurt Newman] > - Fix invalid storage reference by apr_psprintf at msc_crypt.c > [Issue #609 - Jeff Trawick] > > * Known issues > > - Instabilities of nginx add-on are still expected. Please use the "nginx > refactoring" branch and stay tuned for the ModSecurity version 3. > > Br., > Felipe "Zimmerle" Costa > Lead Developer for ModSecurity > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
|
From: Christian F. <chr...@ne...> - 2016-03-03 05:06:57
Attachments:
signature.asc
|
Good morning, Following up on yesterday's community meeting, I have more detailed info on the JSON audit log failure on 2.9.1-rc1. The problem is real. Details below. If you need more info, Felipe, I'll be glad to help out. Ahoj, Christian ----------------------------------------------------------------------- The error message (on launch): AH00526: Syntax error on line 110 of /apache/conf/httpd.conf_problem_... Invalid command 'SecAuditLogFormat', perhaps misspelled or defined by a module not included in the server configuration -> it dies The OS Release: Ubuntu 14.04.4 LTS \n \l Apache build: Server version: Apache/2.4.18 (Unix) Server built: Mar 3 2016 05:25:21 ./configure --prefix=/opt/apache-2.4.18 \ --with-apr=/usr/local/apr/bin/apr-1-config \ --with-apr-util=/usr/local/apr/bin/apu-1-config \ --enable-mpms-shared=event \ --enable-mods-shared=all \ --enable-nonportable-atomics=yes yajl version: ii libyajl2:amd64 2.0.4-4 ... ModSecurity: ModSecurity for Apache/2.9.1-RC1 (http://www.modsecurity.org/) ./configure --with-apxs=/apache/bin/apxs./configure \ --with-apxs=/apache/bin/apxs \ --with-apr=/usr/local/apr/bin/apr-1-config \ --with-pcre=/usr/bin/pcre-config \ --enable-request-early Apache config: ... SecRuleEngine On SecRequestBodyAccess On SecRequestBodyLimit 10000000 SecRequestBodyNoFilesLimit 64000 SecResponseBodyAccess On SecResponseBodyLimit 10000000 SecTmpDir /tmp/ SecDataDir /tmp/ SecUploadDir /tmp/ SecDebugLog /apache/logs/modsec_debug.log SecDebugLogLevel 3 SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIJEFHKZ SecAuditLogType Concurrent SecAuditLog /apache/logs/modsec_audit.log SecAuditLogStorageDir /apache/logs/audit/ SecAuditLogFormat JSON |
|
From: Walter H. <mo...@sp...> - 2016-02-10 22:00:24
|
Hi Felipe, Thanks for the work on this release! My regression tests on FreeBSD are good, JSON logging works, Lua 5.1/5.2/5.3 works. I plan to remove the hard dependency on Lua 5.1 in our port. The only thing I found so far in the RC is that the audit log is a bit dirty with extra Apache-Error log lines. I created an issue for this: https://github.com/SpiderLabs/ModSecurity/issues/1073 I’ll give it a spin on some staging servers. Br.! WH > On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...> wrote: > > Signed PGP part > Hi, > > It is a pleasure to announce the first release candidate for ModSecurity > version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. > The new features list includes audit logs in JSON format. > > I would like to thank you all, that participate in the construction of > this release. A special thanks to the ones who sent patches and the ones > who participated on the community meetings, which helped to increase the > quality of our releases. Thank you. > > The documentation of the new features is already available on our wiki > page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual > > The source and binaries (and the respective hashes) are available at: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 > > The most important changes are listed bellow: > > * New features > > - Added support to generate audit logs in JSON format. > [Issue #914, #897, #656 - Robert Paprocki] > - Extended Lua support to include version 5.3 > [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] > - mlogc: Allows user to choose between TLS versions (TLSProtocol option > introduced). > [Issue #881 - Ishwor Gurung] > - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. > [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] > > * Bug fixes > > - Creating AuditLog serial file (or parallel index) respecting the > permission configured with SecAuditLogFileMode. Previously, it was > used only to save the transactions while in parallel mode. > [Issue #852 - @littlecho and ModSecurity team] > - Checking for hashing injection response, to report in case of failure. > [Issue #1041 - ModSecurity team] > - Stop buffering when the request is larger than SecRequestBodyLimit > in ProcessPartial mode > [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] > - Refactoring conditional #if/#defs directives. > [Issue #996 - Wesley M and ModSecurity team] > - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir > files with Apache 2.4 > [Issue #775 - Elia Pinto] > - Understands IIS 10 as compatible on Windows installer. > [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] > - Fix apache logging limitation by using correct Apache call. > [Issue #840 - Christian Folini] > - Fix apr_crypto.h check on 32-bit Linux platform > [Issue #882, #883 - Kurt Newman] > - Fix variable resolution duration (Content of the DURATION variable). > [Issue #662 - Andrew Elble] > - Fix crash while adding empty keys to persistent collections. > [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] > - Remove misguided call to srand() > [Issues #778, #781 and #836 - Michael Bunk, @gilperon] > - Fix compilation problem while ssdeep is installed in non-standard > location. > [Issue #872 - Kurt Newman] > - Fix invalid storage reference by apr_psprintf at msc_crypt.c > [Issue #609 - Jeff Trawick] > > * Known issues > > - Instabilities of nginx add-on are still expected. Please use the "nginx > refactoring" branch and stay tuned for the ModSecurity version 3. > > Br., > Felipe "Zimmerle" Costa > Lead Developer for ModSecurity > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > -- Walter Hop | PGP key: https://lifeforms.nl/pgp |
|
From: Felipe C. <FC...@tr...> - 2016-02-11 12:00:31
|
Hi Walter, Thanks for testing the release candidate. I will investigate this issue. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Walter Hop <mo...@sp...<mailto:mo...@sp...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Wednesday, February 10, 2016 at 7:00 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [Mod-security-developers] [mod-security-packagers] ModSecurity version 2.9.1-rc1 announcement Hi Felipe, Thanks for the work on this release! My regression tests on FreeBSD are good, JSON logging works, Lua 5.1/5.2/5.3 works. I plan to remove the hard dependency on Lua 5.1 in our port. The only thing I found so far in the RC is that the audit log is a bit dirty with extra Apache-Error log lines. I created an issue for this: https://github.com/SpiderLabs/ModSecurity/issues/1073<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZKvVhWNow&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fissues%2f1073> I’ll give it a spin on some staging servers. Br.! WH On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Signed PGP part Hi, It is a pleasure to announce the first release candidate for ModSecurity version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. The new features list includes audit logs in JSON format. I would like to thank you all, that participate in the construction of this release. A special thanks to the ones who sent patches and the ones who participated on the community meetings, which helped to increase the quality of our releases. Thank you. The documentation of the new features is already available on our wiki page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980ac6qVUPYpQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fwiki%2fReference-Manual> The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZWvB0GO8g&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv2%2e9%2e1-RC1> The most important changes are listed bellow: * New features - Added support to generate audit logs in JSON format. [Issue #914, #897, #656 - Robert Paprocki] - Extended Lua support to include version 5.3 [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] - mlogc: Allows user to choose between TLS versions (TLSProtocol option introduced). [Issue #881 - Ishwor Gurung] - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] * Bug fixes - Creating AuditLog serial file (or parallel index) respecting the permission configured with SecAuditLogFileMode. Previously, it was used only to save the transactions while in parallel mode. [Issue #852 - @littlecho and ModSecurity team] - Checking for hashing injection response, to report in case of failure. [Issue #1041 - ModSecurity team] - Stop buffering when the request is larger than SecRequestBodyLimit in ProcessPartial mode [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] - Refactoring conditional #if/#defs directives. [Issue #996 - Wesley M and ModSecurity team] - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir files with Apache 2.4 [Issue #775 - Elia Pinto] - Understands IIS 10 as compatible on Windows installer. [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] - Fix apache logging limitation by using correct Apache call. [Issue #840 - Christian Folini] - Fix apr_crypto.h check on 32-bit Linux platform [Issue #882, #883 - Kurt Newman] - Fix variable resolution duration (Content of the DURATION variable). [Issue #662 - Andrew Elble] - Fix crash while adding empty keys to persistent collections. [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] - Remove misguided call to srand() [Issues #778, #781 and #836 - Michael Bunk, @gilperon] - Fix compilation problem while ssdeep is installed in non-standard location. [Issue #872 - Kurt Newman] - Fix invalid storage reference by apr_psprintf at msc_crypt.c [Issue #609 - Jeff Trawick] * Known issues - Instabilities of nginx add-on are still expected. Please use the "nginx refactoring" branch and stay tuned for the ModSecurity version 3. Br., Felipe "Zimmerle" Costa Lead Developer for ModSecurity Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> -- Walter Hop | PGP key: https://lifeforms.nl/pgp<http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980acH4BxWK9g&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Robert P. <rpa...@fe...> - 2016-02-11 14:42:07
|
OOC, do we have a timeline for when the final non-RC 2.9.1 will be released? On Thu, Feb 11, 2016 at 4:00 AM, Felipe Costa <FC...@tr...> wrote: > Hi Walter, > > Thanks for testing the release candidate. I will investigate this issue. > > Br., > > *Felipe “Zimmerle” Costa * > > Security Researcher, Lead Developer ModSecurity. > > > > *Trustwave* | SMART SECURITY ON DEMAND > > www.trustwave.com > > > From: Walter Hop <mo...@sp...> > Reply-To: "mod...@li..." < > mod...@li...> > Date: Wednesday, February 10, 2016 at 7:00 PM > To: "mod...@li..." < > mod...@li...> > Subject: Re: [Mod-security-developers] [mod-security-packagers] > ModSecurity version 2.9.1-rc1 announcement > > Hi Felipe, > > Thanks for the work on this release! > My regression tests on FreeBSD are good, JSON logging works, Lua > 5.1/5.2/5.3 works. > I plan to remove the hard dependency on Lua 5.1 in our port. > > The only thing I found so far in the RC is that the audit log is a bit > dirty with extra Apache-Error log lines. I created an issue for this: > https://github.com/SpiderLabs/ModSecurity/issues/1073 > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZKvVhWNow&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fissues%2f1073> > > I’ll give it a spin on some staging servers. > > Br.! > WH > > > On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...> wrote: > > Signed PGP part > Hi, > > It is a pleasure to announce the first release candidate for ModSecurity > version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. > The new features list includes audit logs in JSON format. > > I would like to thank you all, that participate in the construction of > this release. A special thanks to the ones who sent patches and the ones > who participated on the community meetings, which helped to increase the > quality of our releases. Thank you. > > The documentation of the new features is already available on our wiki > page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980ac6qVUPYpQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fwiki%2fReference-Manual> > > The source and binaries (and the respective hashes) are available at: > https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1 > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980aZWvB0GO8g&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv2%2e9%2e1-RC1> > > The most important changes are listed bellow: > > * New features > > - Added support to generate audit logs in JSON format. > [Issue #914, #897, #656 - Robert Paprocki] > - Extended Lua support to include version 5.3 > [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] > - mlogc: Allows user to choose between TLS versions (TLSProtocol option > introduced). > [Issue #881 - Ishwor Gurung] > - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. > [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] > > * Bug fixes > > - Creating AuditLog serial file (or parallel index) respecting the > permission configured with SecAuditLogFileMode. Previously, it was > used only to save the transactions while in parallel mode. > [Issue #852 - @littlecho and ModSecurity team] > - Checking for hashing injection response, to report in case of failure. > [Issue #1041 - ModSecurity team] > - Stop buffering when the request is larger than SecRequestBodyLimit > in ProcessPartial mode > [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] > - Refactoring conditional #if/#defs directives. > [Issue #996 - Wesley M and ModSecurity team] > - mlogc-batch-load.pl.in: fix searching SecAuditLogStorageDir > files with Apache 2.4 > [Issue #775 - Elia Pinto] > - Understands IIS 10 as compatible on Windows installer. > [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] > - Fix apache logging limitation by using correct Apache call. > [Issue #840 - Christian Folini] > - Fix apr_crypto.h check on 32-bit Linux platform > [Issue #882, #883 - Kurt Newman] > - Fix variable resolution duration (Content of the DURATION variable). > [Issue #662 - Andrew Elble] > - Fix crash while adding empty keys to persistent collections. > [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] > - Remove misguided call to srand() > [Issues #778, #781 and #836 - Michael Bunk, @gilperon] > - Fix compilation problem while ssdeep is installed in non-standard > location. > [Issue #872 - Kurt Newman] > - Fix invalid storage reference by apr_psprintf at msc_crypt.c > [Issue #609 - Jeff Trawick] > > * Known issues > > - Instabilities of nginx add-on are still expected. Please use the "nginx > refactoring" branch and stay tuned for the ModSecurity version 3. > > Br., > Felipe "Zimmerle" Costa > Lead Developer for ModSecurity > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > -- > Walter Hop | PGP key: https://lifeforms.nl/pgp > <http://scanmail.trustwave.com/?c=4062&d=jbO71gdwAetcb6IAI0EZpNARBiQ_X980acH4BxWK9g&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp> > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Felipe C. <FC...@tr...> - 2016-02-11 16:43:58
|
Hi Robert, Usually we wait 15 days between the RC and the real release. That depends on the amount of issues reported and how fast we address each of the issues. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Robert Paprocki <rpa...@fe...<mailto:rpa...@fe...>> Reply-To: "ro...@cr...<mailto:ro...@cr...>" <ro...@cr...<mailto:ro...@cr...>>, "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Thursday, February 11, 2016 at 11:15 AM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [Mod-security-developers] [mod-security-packagers] ModSecurity version 2.9.1-rc1 announcement OOC, do we have a timeline for when the final non-RC 2.9.1 will be released? On Thu, Feb 11, 2016 at 4:00 AM, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Hi Walter, Thanks for testing the release candidate. I will investigate this issue. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Walter Hop <mo...@sp...<mailto:mo...@sp...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Wednesday, February 10, 2016 at 7:00 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: Re: [Mod-security-developers] [mod-security-packagers] ModSecurity version 2.9.1-rc1 announcement Hi Felipe, Thanks for the work on this release! My regression tests on FreeBSD are good, JSON logging works, Lua 5.1/5.2/5.3 works. I plan to remove the hard dependency on Lua 5.1 in our port. The only thing I found so far in the RC is that the audit log is a bit dirty with extra Apache-Error log lines. I created an issue for this: https://github.com/SpiderLabs/ModSecurity/issues/1073<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lVhpMMPZlA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fissues%2f1073> I’ll give it a spin on some staging servers. Br.! WH On 03 Feb 2016, at 18:17, Felipe Costa <FC...@tr...<mailto:FC...@tr...>> wrote: Signed PGP part Hi, It is a pleasure to announce the first release candidate for ModSecurity version 2.9.1. The version 2.9.1-RC1 contains fixes and new features. The new features list includes audit logs in JSON format. I would like to thank you all, that participate in the construction of this release. A special thanks to the ones who sent patches and the ones who participated on the community meetings, which helped to increase the quality of our releases. Thank you. The documentation of the new features is already available on our wiki page: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQRsM5WMkg&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fwiki%2fReference-Manual> The source and binaries (and the respective hashes) are available at: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.1-RC1<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lV9pYZfaxQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2freleases%2ftag%2fv2%2e9%2e1-RC1> The most important changes are listed bellow: * New features - Added support to generate audit logs in JSON format. [Issue #914, #897, #656 - Robert Paprocki] - Extended Lua support to include version 5.3 [Issue #837, #762, #814 - Athmane Madjoudj and ModSecurity team] - mlogc: Allows user to choose between TLS versions (TLSProtocol option introduced). [Issue #881 - Ishwor Gurung] - Allows mod_proxy's "nocanon" behavior to be specified in proxy actions. [Issue #1031, #961, #763 - Mario D. Santana and ModSecurity team] * Bug fixes - Creating AuditLog serial file (or parallel index) respecting the permission configured with SecAuditLogFileMode. Previously, it was used only to save the transactions while in parallel mode. [Issue #852 - @littlecho and ModSecurity team] - Checking for hashing injection response, to report in case of failure. [Issue #1041 - ModSecurity team] - Stop buffering when the request is larger than SecRequestBodyLimit in ProcessPartial mode [Issue #709, #705, #728 - Justin Gerace and ModSecurity team] - Refactoring conditional #if/#defs directives. [Issue #996 - Wesley M and ModSecurity team] - mlogc-batch-load.pl.in<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQhuNMWIwQ&s=5&u=http%3a%2f%2fmlogc-batch-load%2epl%2ein>: fix searching SecAuditLogStorageDir files with Apache 2.4 [Issue #775 - Elia Pinto] - Understands IIS 10 as compatible on Windows installer. [Issue #931 - Anton Serbulov, Pavel Vasilevich and ModSecurity team] - Fix apache logging limitation by using correct Apache call. [Issue #840 - Christian Folini] - Fix apr_crypto.h check on 32-bit Linux platform [Issue #882, #883 - Kurt Newman] - Fix variable resolution duration (Content of the DURATION variable). [Issue #662 - Andrew Elble] - Fix crash while adding empty keys to persistent collections. [Issue #927 - Eugene Alekseev, Marc Stern and ModSecurity team] - Remove misguided call to srand() [Issues #778, #781 and #836 - Michael Bunk, @gilperon] - Fix compilation problem while ssdeep is installed in non-standard location. [Issue #872 - Kurt Newman] - Fix invalid storage reference by apr_psprintf at msc_crypt.c [Issue #609 - Jeff Trawick] * Known issues - Instabilities of nginx add-on are still expected. Please use the "nginx refactoring" branch and stay tuned for the ModSecurity version 3. Br., Felipe "Zimmerle" Costa Lead Developer for ModSecurity Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com> <http://www.trustwave.com/> -- Walter Hop | PGP key: https://lifeforms.nl/pgp<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQs-YcPewQ&s=5&u=https%3a%2f%2flifeforms%2enl%2fpgp> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lVg8ZcLdlQ&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140> _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-developers<http://scanmail.trustwave.com/?c=4062&d=2p281jEwnc_Gd6p2jqSI30PDrRIPZIB4lQ0-acDakg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers> ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Christian F. <chr...@ne...> - 2016-03-03 05:23:11
Attachments:
signature.asc
|
Unfortunately, the build problem against apache 2.4.17 did not go away
either:
The OS Release:
Ubuntu 14.04.4 LTS \n \l
Apache build:
Server version: Apache/2.4.18 (Unix)
Server built: Mar 3 2016 05:25:21
$> ./configure --prefix=/opt/apache-2.4.18 \
--with-apr=/usr/local/apr/bin/apr-1-config \
--with-apr-util=/usr/local/apr/bin/apu-1-config \
--enable-mpms-shared=event \
--enable-mods-shared=all \
--enable-nonportable-atomics=yes
...
ModSec Configure:
$> ./configure --with-apxs=/apache/bin/apxs./configure \
--with-apxs=/apache/bin/apxs \
--with-apr=/usr/local/apr/bin/apr-1-config \
--with-pcre=/usr/bin/pcre-config \
--enable-request-early
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for ar... ar
checking the archiver (ar) interface... ar
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dlopen... no
checking for dlopen in -ldl... yes
checking whether a program can dlopen itself... yes
checking whether a statically linked program can dlopen itself... no
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for gawk... (cached) gawk
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking how to run the C preprocessor... gcc -E
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for grep that handles long lines and -e... (cached) /bin/grep
checking for perl... /usr/bin/perl
checking for env... /usr/bin/env
checking for ANSI C header files... (cached) yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for unistd.h... (cached) yes
checking for sys/types.h... (cached) yes
checking for sys/stat.h... (cached) yes
checking sys/utsname.h usability... yes
checking sys/utsname.h presence... yes
checking for sys/utsname.h... yes
checking for an ANSI C-conforming const... yes
checking for inline... inline
checking for C/C++ restrict keyword... __restrict
checking for pid_t... yes
checking for size_t... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for uint8_t... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking for working memcmp... yes
checking for atexit... yes
checking for getcwd... yes
checking for memmove... yes
checking for memset... yes
checking for strcasecmp... yes
checking for strchr... yes
checking for strdup... yes
checking for strerror... yes
checking for strncasecmp... yes
checking for strrchr... yes
checking for strstr... yes
checking for strtol... yes
checking for fchmod... yes
checking for strcasestr... yes
Checking platform... Identified as Linux
checking for libcurl config script... /usr/bin/curl-config
checking if libcurl is at least v... yes, 7.35.0
checking if libcurl is linked with gnutls... no
configure: using curl v7.35.0
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /opt/apache-2.4.17/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script... /usr/bin/pcre-config
configure: using pcre v8.31
checking for libapr config script... /usr/local/apr/bin/apr-1-config
configure: using apr v1.5.2
checking for libapu config script... /usr/local/apr/bin/apu-1-config
configure: using apu v1.5.4
checking for libxml2 config script... /usr/bin/xml2-config
checking if libxml2 is at least v2.6.29... yes, 2.9.1
configure: using libxml2 v2.9.1
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for liblua config script... /usr/bin/pkg-config
configure: using lua v5.2.0
checking for libyajl config script... no
checking for yajl install... no
configure: optional yajl library not found
checking for ssdeep path... no
configure: optional ssdeep library not found
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating tools/Makefile
config.status: creating apache2/Makefile
config.status: creating build/apxs-wrapper
config.status: creating mlogc/mlogc-batch-load.pl
config.status: creating tests/regression/misc/40-secRemoteRules.t
config.status: creating tests/regression/misc/50-ipmatchfromfile-external.t
config.status: creating tests/regression/misc/60-pmfromfile-external.t
config.status: creating tests/run-unit-tests.pl
config.status: creating tests/run-regression-tests.pl
config.status: creating tests/gen_rx-pm.pl
config.status: creating tests/csv_rx-pm.pl
config.status: creating tests/regression/server_root/conf/httpd.conf
config.status: creating tools/rules-updater.pl
config.status: creating mlogc/Makefile
config.status: creating tests/Makefile
config.status: creating apache2/modsecurity_config_auto.h
config.status: apache2/modsecurity_config_auto.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
Make:
$> make
Making all in tools
make[1]: Entering directory `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools'
Making all in apache2
make[1]: Entering directory `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2'
make all-am
make[2]: Entering directory `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2'
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c -o mod_security2_la-acmp.lo `test -f 'acmp.c' || echo './'`acmp.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c acmp.c -fPIC -DPIC -o .libs/mod_security2_la-acmp.o
libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c acmp.c -o mod_security2_la-acmp.o >/dev/null 2>&1
mv -f .deps/mod_security2_la-acmp.Tpo .deps/mod_security2_la-acmp.Plo
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 -MT mod_security2_la-apache2_config.lo -MD -MP -MF .deps/mod_security2_la-apache2_config.Tpo -c -o mod_security2_la-apache2_config.lo `test -f 'apache2_config.c' || echo './'`apache2_config.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 -MT mod_security2_la-apache2_config.lo -MD -MP -MF .deps/mod_security2_la-apache2_config.Tpo -c apache2_config.c -fPIC -DPIC -o .libs/mod_security2_la-apache2_config.o
In file included from /opt/apache-2.4.17/include/apr_network_io.h:26:0,
from /opt/apache-2.4.17/include/apr_buckets.h:29,
from /opt/apache-2.4.17/include/util_filter.h:26,
from /opt/apache-2.4.17/include/http_core.h:32,
from apache2.h:18,
from re.h:42,
from msc_util.h:29,
from modsecurity.h:40,
from apache2_config.c:17:
/opt/apache-2.4.17/include/apr_file_io.h:612:46: error: unknown type name 'apr_wait_type_t'
apr_wait_type_t direction);
^
In file included from /opt/apache-2.4.17/include/apr_buckets.h:29:0,
from /opt/apache-2.4.17/include/util_filter.h:26,
from /opt/apache-2.4.17/include/http_core.h:32,
from apache2.h:18,
from re.h:42,
from msc_util.h:29,
from modsecurity.h:40,
from apache2_config.c:17:
/opt/apache-2.4.17/include/apr_network_io.h:650:43: error: unknown type name 'apr_wait_type_t'
apr_wait_type_t direction);
^
make[2]: *** [mod_security2_la-apache2_config.lo] Error 1
make[2]: Leaving directory `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2'
make: *** [all-recursive] Error 1
Sorry for the bad news....
Ahoj,
Christian
--
I think IT projects are about supporting social systems - about
communications between people and machines. They tend to fail due to
cultural issues.
-- Tim Berners-Lee
|
|
From: Robert P. <rpa...@fe...> - 2016-03-03 14:54:22
|
So here's the culprint: checking for yajl install... no configure: optional yajl library not found Christian, do you have anything odd about the system where this is running? Perhaps try re-installing the libyajl-dev package? Here's what it should provide on Trusty (running on my laptop): poprocks@soter:~$ dpkg -L libyajl-dev /. /usr /usr/share /usr/share/doc /usr/share/doc/libyajl-dev /usr/share/doc/libyajl-dev/copyright /usr/lib /usr/lib/x86_64-linux-gnu /usr/lib/x86_64-linux-gnu/libyajl_s.a /usr/lib/x86_64-linux-gnu/pkgconfig /usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc /usr/include /usr/include/yajl /usr/include/yajl/yajl_tree.h /usr/include/yajl/yajl_version.h /usr/include/yajl/yajl_parse.h /usr/include/yajl/yajl_gen.h /usr/include/yajl/yajl_common.h /usr/share/doc/libyajl-dev/README /usr/share/doc/libyajl-dev/TODO /usr/share/doc/libyajl-dev/changelog.Debian.gz /usr/lib/x86_64-linux-gnu/libyajl.so ModSec config should be relying on the '/usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc' package config file to make it's detection I believe. Does that exist for you? On Wed, Mar 2, 2016 at 9:23 PM, Christian Folini < chr...@ne...> wrote: > Unfortunately, the build problem against apache 2.4.17 did not go away > either: > > The OS Release: > Ubuntu 14.04.4 LTS \n \l > > Apache build: > Server version: Apache/2.4.18 (Unix) > Server built: Mar 3 2016 05:25:21 > > $> ./configure --prefix=/opt/apache-2.4.18 \ > --with-apr=/usr/local/apr/bin/apr-1-config \ > --with-apr-util=/usr/local/apr/bin/apu-1-config \ > --enable-mpms-shared=event \ > --enable-mods-shared=all \ > --enable-nonportable-atomics=yes > ... > > ModSec Configure: > $> ./configure --with-apxs=/apache/bin/apxs./configure \ > --with-apxs=/apache/bin/apxs \ > --with-apr=/usr/local/apr/bin/apr-1-config \ > --with-pcre=/usr/bin/pcre-config \ > --enable-request-early > checking for a BSD-compatible install... /usr/bin/install -c > checking whether build environment is sane... yes > checking for a thread-safe mkdir -p... /bin/mkdir -p > checking for gawk... gawk > checking whether make sets $(MAKE)... yes > checking whether make supports nested variables... yes > checking for style of include used by make... GNU > checking for gcc... gcc > checking whether the C compiler works... yes > checking for C compiler default output file name... a.out > checking for suffix of executables... > checking whether we are cross compiling... no > checking for suffix of object files... o > checking whether we are using the GNU C compiler... yes > checking whether gcc accepts -g... yes > checking for gcc option to accept ISO C89... none needed > checking whether gcc understands -c and -o together... yes > checking dependency style of gcc... gcc3 > checking for ar... ar > checking the archiver (ar) interface... ar > checking build system type... x86_64-unknown-linux-gnu > checking host system type... x86_64-unknown-linux-gnu > checking how to print strings... printf > checking for a sed that does not truncate output... /bin/sed > checking for grep that handles long lines and -e... /bin/grep > checking for egrep... /bin/grep -E > checking for fgrep... /bin/grep -F > checking for ld used by gcc... /usr/bin/ld > checking if the linker (/usr/bin/ld) is GNU ld... yes > checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B > checking the name lister (/usr/bin/nm -B) interface... BSD nm > checking whether ln -s works... yes > checking the maximum length of command line arguments... 1572864 > checking whether the shell understands some XSI constructs... yes > checking whether the shell understands "+="... yes > checking how to convert x86_64-unknown-linux-gnu file names to > x86_64-unknown-linux-gnu format... func_convert_file_noop > checking how to convert x86_64-unknown-linux-gnu file names to toolchain > format... func_convert_file_noop > checking for /usr/bin/ld option to reload object files... -r > checking for objdump... objdump > checking how to recognize dependent libraries... pass_all > checking for dlltool... no > checking how to associate runtime and link libraries... printf %s\n > checking for archiver @FILE support... @ > checking for strip... strip > checking for ranlib... ranlib > checking command to parse /usr/bin/nm -B output from gcc object... ok > checking for sysroot... no > checking for mt... mt > checking if mt is a manifest tool... no > checking how to run the C preprocessor... gcc -E > checking for ANSI C header files... yes > checking for sys/types.h... yes > checking for sys/stat.h... yes > checking for stdlib.h... yes > checking for string.h... yes > checking for memory.h... yes > checking for strings.h... yes > checking for inttypes.h... yes > checking for stdint.h... yes > checking for unistd.h... yes > checking for dlfcn.h... yes > checking for objdir... .libs > checking if gcc supports -fno-rtti -fno-exceptions... no > checking for gcc option to produce PIC... -fPIC -DPIC > checking if gcc PIC flag -fPIC -DPIC works... yes > checking if gcc static flag -static works... yes > checking if gcc supports -c -o file.o... yes > checking if gcc supports -c -o file.o... (cached) yes > checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports > shared libraries... yes > checking whether -lc should be explicitly linked in... no > checking dynamic linker characteristics... GNU/Linux ld.so > checking how to hardcode library paths into programs... immediate > checking for shl_load... no > checking for shl_load in -ldld... no > checking for dlopen... no > checking for dlopen in -ldl... yes > checking whether a program can dlopen itself... yes > checking whether a statically linked program can dlopen itself... no > checking whether stripping libraries is possible... yes > checking if libtool supports shared libraries... yes > checking whether to build shared libraries... yes > checking whether to build static libraries... yes > checking for gawk... (cached) gawk > checking for gcc... (cached) gcc > checking whether we are using the GNU C compiler... (cached) yes > checking whether gcc accepts -g... (cached) yes > checking for gcc option to accept ISO C89... (cached) none needed > checking whether gcc understands -c and -o together... (cached) yes > checking dependency style of gcc... (cached) gcc3 > checking how to run the C preprocessor... gcc -E > checking whether ln -s works... yes > checking whether make sets $(MAKE)... (cached) yes > checking for grep that handles long lines and -e... (cached) /bin/grep > checking for perl... /usr/bin/perl > checking for env... /usr/bin/env > checking for ANSI C header files... (cached) yes > checking fcntl.h usability... yes > checking fcntl.h presence... yes > checking for fcntl.h... yes > checking limits.h usability... yes > checking limits.h presence... yes > checking for limits.h... yes > checking for stdlib.h... (cached) yes > checking for string.h... (cached) yes > checking for unistd.h... (cached) yes > checking for sys/types.h... (cached) yes > checking for sys/stat.h... (cached) yes > checking sys/utsname.h usability... yes > checking sys/utsname.h presence... yes > checking for sys/utsname.h... yes > checking for an ANSI C-conforming const... yes > checking for inline... inline > checking for C/C++ restrict keyword... __restrict > checking for pid_t... yes > checking for size_t... yes > checking whether struct tm is in sys/time.h or time.h... time.h > checking for uint8_t... yes > checking for stdlib.h... (cached) yes > checking for GNU libc compatible malloc... yes > checking for working memcmp... yes > checking for atexit... yes > checking for getcwd... yes > checking for memmove... yes > checking for memset... yes > checking for strcasecmp... yes > checking for strchr... yes > checking for strdup... yes > checking for strerror... yes > checking for strncasecmp... yes > checking for strrchr... yes > checking for strstr... yes > checking for strtol... yes > checking for fchmod... yes > checking for strcasestr... yes > Checking platform... Identified as Linux > checking for libcurl config script... /usr/bin/curl-config > checking if libcurl is at least v... yes, 7.35.0 > checking if libcurl is linked with gnutls... no > configure: using curl v7.35.0 > configure: looking for Apache module support via DSO through APXS > configure: found apxs at /opt/apache-2.4.17/bin/apxs > configure: checking httpd version > configure: httpd is recent enough > checking for libpcre config script... /usr/bin/pcre-config > configure: using pcre v8.31 > checking for libapr config script... /usr/local/apr/bin/apr-1-config > configure: using apr v1.5.2 > checking for libapu config script... /usr/local/apr/bin/apu-1-config > configure: using apu v1.5.4 > checking for libxml2 config script... /usr/bin/xml2-config > checking if libxml2 is at least v2.6.29... yes, 2.9.1 > configure: using libxml2 v2.9.1 > checking for pkg-config... /usr/bin/pkg-config > checking pkg-config is at least version 0.9.0... yes > checking for liblua config script... /usr/bin/pkg-config > configure: using lua v5.2.0 > checking for libyajl config script... no > checking for yajl install... no > configure: optional yajl library not found > checking for ssdeep path... no > configure: optional ssdeep library not found > checking that generated files are newer than configure... done > configure: creating ./config.status > config.status: creating Makefile > config.status: creating tools/Makefile > config.status: creating apache2/Makefile > config.status: creating build/apxs-wrapper > config.status: creating mlogc/mlogc-batch-load.pl > config.status: creating tests/regression/misc/40-secRemoteRules.t > config.status: creating tests/regression/misc/50-ipmatchfromfile-external.t > config.status: creating tests/regression/misc/60-pmfromfile-external.t > config.status: creating tests/run-unit-tests.pl > config.status: creating tests/run-regression-tests.pl > config.status: creating tests/gen_rx-pm.pl > config.status: creating tests/csv_rx-pm.pl > config.status: creating tests/regression/server_root/conf/httpd.conf > config.status: creating tools/rules-updater.pl > config.status: creating mlogc/Makefile > config.status: creating tests/Makefile > config.status: creating apache2/modsecurity_config_auto.h > config.status: apache2/modsecurity_config_auto.h is unchanged > config.status: executing depfiles commands > config.status: executing libtool commands > > > Make: > $> make > Making all in tools > make[1]: Entering directory > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' > Making all in apache2 > make[1]: Entering directory > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > make all-am > make[2]: Entering directory > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-acmp.lo -MD -MP -MF > .deps/mod_security2_la-acmp.Tpo -c -o mod_security2_la-acmp.lo `test -f > 'acmp.c' || echo './'`acmp.c > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c > acmp.c -fPIC -DPIC -o .libs/mod_security2_la-acmp.o > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c > acmp.c -o mod_security2_la-acmp.o >/dev/null 2>&1 > mv -f .deps/mod_security2_la-acmp.Tpo .deps/mod_security2_la-acmp.Plo > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-apache2_config.lo -MD > -MP -MF .deps/mod_security2_la-apache2_config.Tpo -c -o > mod_security2_la-apache2_config.lo `test -f 'apache2_config.c' || echo > './'`apache2_config.c > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > -MT mod_security2_la-apache2_config.lo -MD -MP -MF > .deps/mod_security2_la-apache2_config.Tpo -c apache2_config.c -fPIC -DPIC > -o .libs/mod_security2_la-apache2_config.o > In file included from /opt/apache-2.4.17/include/apr_network_io.h:26:0, > from /opt/apache-2.4.17/include/apr_buckets.h:29, > from /opt/apache-2.4.17/include/util_filter.h:26, > from /opt/apache-2.4.17/include/http_core.h:32, > from apache2.h:18, > from re.h:42, > from msc_util.h:29, > from modsecurity.h:40, > from apache2_config.c:17: > /opt/apache-2.4.17/include/apr_file_io.h:612:46: error: unknown type name > 'apr_wait_type_t' > apr_wait_type_t direction); > ^ > In file included from /opt/apache-2.4.17/include/apr_buckets.h:29:0, > from /opt/apache-2.4.17/include/util_filter.h:26, > from /opt/apache-2.4.17/include/http_core.h:32, > from apache2.h:18, > from re.h:42, > from msc_util.h:29, > from modsecurity.h:40, > from apache2_config.c:17: > /opt/apache-2.4.17/include/apr_network_io.h:650:43: error: unknown type > name 'apr_wait_type_t' > apr_wait_type_t direction); > ^ > make[2]: *** [mod_security2_la-apache2_config.lo] Error 1 > make[2]: Leaving directory > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > make[1]: *** [all] Error 2 > make[1]: Leaving directory > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > make: *** [all-recursive] Error 1 > > > > Sorry for the bad news.... > > Ahoj, > > Christian > > > > -- > I think IT projects are about supporting social systems - about > communications between people and machines. They tend to fail due to > cultural issues. > -- Tim Berners-Lee > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Christian F. <chr...@ne...> - 2016-03-03 20:09:58
|
Robert, So you mean I need to read the logfiles before submitting? You are right on target. I installed libyajl-dev and both problems solved: - compilation against apache 2.4.17 works - Audit-Log Format JSON works Making yajl a mandatory item in configure seems like the way to go then. Cheers, Christian On Thu, Mar 03, 2016 at 06:54:13AM -0800, Robert Paprocki wrote: > So here's the culprint: > > checking for yajl install... no > configure: optional yajl library not found > > Christian, do you have anything odd about the system where this is running? > Perhaps try re-installing the libyajl-dev package? Here's what it should > provide on Trusty (running on my laptop): > poprocks@soter:~$ dpkg -L libyajl-dev > /. > /usr > /usr/share > /usr/share/doc > /usr/share/doc/libyajl-dev > /usr/share/doc/libyajl-dev/copyright > /usr/lib > /usr/lib/x86_64-linux-gnu > /usr/lib/x86_64-linux-gnu/libyajl_s.a > /usr/lib/x86_64-linux-gnu/pkgconfig > /usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc > /usr/include > /usr/include/yajl > /usr/include/yajl/yajl_tree.h > /usr/include/yajl/yajl_version.h > /usr/include/yajl/yajl_parse.h > /usr/include/yajl/yajl_gen.h > /usr/include/yajl/yajl_common.h > /usr/share/doc/libyajl-dev/README > /usr/share/doc/libyajl-dev/TODO > /usr/share/doc/libyajl-dev/changelog.Debian.gz > /usr/lib/x86_64-linux-gnu/libyajl.so > > ModSec config should be relying on the > '/usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc' > package config file to make it's detection I believe. Does that exist for > you? > > > On Wed, Mar 2, 2016 at 9:23 PM, Christian Folini < > chr...@ne...> wrote: > > > Unfortunately, the build problem against apache 2.4.17 did not go away > > either: > > > > The OS Release: > > Ubuntu 14.04.4 LTS \n \l > > > > Apache build: > > Server version: Apache/2.4.18 (Unix) > > Server built: Mar 3 2016 05:25:21 > > > > $> ./configure --prefix=/opt/apache-2.4.18 \ > > --with-apr=/usr/local/apr/bin/apr-1-config \ > > --with-apr-util=/usr/local/apr/bin/apu-1-config \ > > --enable-mpms-shared=event \ > > --enable-mods-shared=all \ > > --enable-nonportable-atomics=yes > > ... > > > > ModSec Configure: > > $> ./configure --with-apxs=/apache/bin/apxs./configure \ > > --with-apxs=/apache/bin/apxs \ > > --with-apr=/usr/local/apr/bin/apr-1-config \ > > --with-pcre=/usr/bin/pcre-config \ > > --enable-request-early > > checking for a BSD-compatible install... /usr/bin/install -c > > checking whether build environment is sane... yes > > checking for a thread-safe mkdir -p... /bin/mkdir -p > > checking for gawk... gawk > > checking whether make sets $(MAKE)... yes > > checking whether make supports nested variables... yes > > checking for style of include used by make... GNU > > checking for gcc... gcc > > checking whether the C compiler works... yes > > checking for C compiler default output file name... a.out > > checking for suffix of executables... > > checking whether we are cross compiling... no > > checking for suffix of object files... o > > checking whether we are using the GNU C compiler... yes > > checking whether gcc accepts -g... yes > > checking for gcc option to accept ISO C89... none needed > > checking whether gcc understands -c and -o together... yes > > checking dependency style of gcc... gcc3 > > checking for ar... ar > > checking the archiver (ar) interface... ar > > checking build system type... x86_64-unknown-linux-gnu > > checking host system type... x86_64-unknown-linux-gnu > > checking how to print strings... printf > > checking for a sed that does not truncate output... /bin/sed > > checking for grep that handles long lines and -e... /bin/grep > > checking for egrep... /bin/grep -E > > checking for fgrep... /bin/grep -F > > checking for ld used by gcc... /usr/bin/ld > > checking if the linker (/usr/bin/ld) is GNU ld... yes > > checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B > > checking the name lister (/usr/bin/nm -B) interface... BSD nm > > checking whether ln -s works... yes > > checking the maximum length of command line arguments... 1572864 > > checking whether the shell understands some XSI constructs... yes > > checking whether the shell understands "+="... yes > > checking how to convert x86_64-unknown-linux-gnu file names to > > x86_64-unknown-linux-gnu format... func_convert_file_noop > > checking how to convert x86_64-unknown-linux-gnu file names to toolchain > > format... func_convert_file_noop > > checking for /usr/bin/ld option to reload object files... -r > > checking for objdump... objdump > > checking how to recognize dependent libraries... pass_all > > checking for dlltool... no > > checking how to associate runtime and link libraries... printf %s\n > > checking for archiver @FILE support... @ > > checking for strip... strip > > checking for ranlib... ranlib > > checking command to parse /usr/bin/nm -B output from gcc object... ok > > checking for sysroot... no > > checking for mt... mt > > checking if mt is a manifest tool... no > > checking how to run the C preprocessor... gcc -E > > checking for ANSI C header files... yes > > checking for sys/types.h... yes > > checking for sys/stat.h... yes > > checking for stdlib.h... yes > > checking for string.h... yes > > checking for memory.h... yes > > checking for strings.h... yes > > checking for inttypes.h... yes > > checking for stdint.h... yes > > checking for unistd.h... yes > > checking for dlfcn.h... yes > > checking for objdir... .libs > > checking if gcc supports -fno-rtti -fno-exceptions... no > > checking for gcc option to produce PIC... -fPIC -DPIC > > checking if gcc PIC flag -fPIC -DPIC works... yes > > checking if gcc static flag -static works... yes > > checking if gcc supports -c -o file.o... yes > > checking if gcc supports -c -o file.o... (cached) yes > > checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports > > shared libraries... yes > > checking whether -lc should be explicitly linked in... no > > checking dynamic linker characteristics... GNU/Linux ld.so > > checking how to hardcode library paths into programs... immediate > > checking for shl_load... no > > checking for shl_load in -ldld... no > > checking for dlopen... no > > checking for dlopen in -ldl... yes > > checking whether a program can dlopen itself... yes > > checking whether a statically linked program can dlopen itself... no > > checking whether stripping libraries is possible... yes > > checking if libtool supports shared libraries... yes > > checking whether to build shared libraries... yes > > checking whether to build static libraries... yes > > checking for gawk... (cached) gawk > > checking for gcc... (cached) gcc > > checking whether we are using the GNU C compiler... (cached) yes > > checking whether gcc accepts -g... (cached) yes > > checking for gcc option to accept ISO C89... (cached) none needed > > checking whether gcc understands -c and -o together... (cached) yes > > checking dependency style of gcc... (cached) gcc3 > > checking how to run the C preprocessor... gcc -E > > checking whether ln -s works... yes > > checking whether make sets $(MAKE)... (cached) yes > > checking for grep that handles long lines and -e... (cached) /bin/grep > > checking for perl... /usr/bin/perl > > checking for env... /usr/bin/env > > checking for ANSI C header files... (cached) yes > > checking fcntl.h usability... yes > > checking fcntl.h presence... yes > > checking for fcntl.h... yes > > checking limits.h usability... yes > > checking limits.h presence... yes > > checking for limits.h... yes > > checking for stdlib.h... (cached) yes > > checking for string.h... (cached) yes > > checking for unistd.h... (cached) yes > > checking for sys/types.h... (cached) yes > > checking for sys/stat.h... (cached) yes > > checking sys/utsname.h usability... yes > > checking sys/utsname.h presence... yes > > checking for sys/utsname.h... yes > > checking for an ANSI C-conforming const... yes > > checking for inline... inline > > checking for C/C++ restrict keyword... __restrict > > checking for pid_t... yes > > checking for size_t... yes > > checking whether struct tm is in sys/time.h or time.h... time.h > > checking for uint8_t... yes > > checking for stdlib.h... (cached) yes > > checking for GNU libc compatible malloc... yes > > checking for working memcmp... yes > > checking for atexit... yes > > checking for getcwd... yes > > checking for memmove... yes > > checking for memset... yes > > checking for strcasecmp... yes > > checking for strchr... yes > > checking for strdup... yes > > checking for strerror... yes > > checking for strncasecmp... yes > > checking for strrchr... yes > > checking for strstr... yes > > checking for strtol... yes > > checking for fchmod... yes > > checking for strcasestr... yes > > Checking platform... Identified as Linux > > checking for libcurl config script... /usr/bin/curl-config > > checking if libcurl is at least v... yes, 7.35.0 > > checking if libcurl is linked with gnutls... no > > configure: using curl v7.35.0 > > configure: looking for Apache module support via DSO through APXS > > configure: found apxs at /opt/apache-2.4.17/bin/apxs > > configure: checking httpd version > > configure: httpd is recent enough > > checking for libpcre config script... /usr/bin/pcre-config > > configure: using pcre v8.31 > > checking for libapr config script... /usr/local/apr/bin/apr-1-config > > configure: using apr v1.5.2 > > checking for libapu config script... /usr/local/apr/bin/apu-1-config > > configure: using apu v1.5.4 > > checking for libxml2 config script... /usr/bin/xml2-config > > checking if libxml2 is at least v2.6.29... yes, 2.9.1 > > configure: using libxml2 v2.9.1 > > checking for pkg-config... /usr/bin/pkg-config > > checking pkg-config is at least version 0.9.0... yes > > checking for liblua config script... /usr/bin/pkg-config > > configure: using lua v5.2.0 > > checking for libyajl config script... no > > checking for yajl install... no > > configure: optional yajl library not found > > checking for ssdeep path... no > > configure: optional ssdeep library not found > > checking that generated files are newer than configure... done > > configure: creating ./config.status > > config.status: creating Makefile > > config.status: creating tools/Makefile > > config.status: creating apache2/Makefile > > config.status: creating build/apxs-wrapper > > config.status: creating mlogc/mlogc-batch-load.pl > > config.status: creating tests/regression/misc/40-secRemoteRules.t > > config.status: creating tests/regression/misc/50-ipmatchfromfile-external.t > > config.status: creating tests/regression/misc/60-pmfromfile-external.t > > config.status: creating tests/run-unit-tests.pl > > config.status: creating tests/run-regression-tests.pl > > config.status: creating tests/gen_rx-pm.pl > > config.status: creating tests/csv_rx-pm.pl > > config.status: creating tests/regression/server_root/conf/httpd.conf > > config.status: creating tools/rules-updater.pl > > config.status: creating mlogc/Makefile > > config.status: creating tests/Makefile > > config.status: creating apache2/modsecurity_config_auto.h > > config.status: apache2/modsecurity_config_auto.h is unchanged > > config.status: executing depfiles commands > > config.status: executing libtool commands > > > > > > Make: > > $> make > > Making all in tools > > make[1]: Entering directory > > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' > > make[1]: Nothing to be done for `all'. > > make[1]: Leaving directory > > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' > > Making all in apache2 > > make[1]: Entering directory > > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > > make all-am > > make[2]: Entering directory > > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. > > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 > > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 > > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL > > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 > > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-acmp.lo -MD -MP -MF > > .deps/mod_security2_la-acmp.Tpo -c -o mod_security2_la-acmp.lo `test -f > > 'acmp.c' || echo './'`acmp.c > > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c > > acmp.c -fPIC -DPIC -o .libs/mod_security2_la-acmp.o > > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c > > acmp.c -o mod_security2_la-acmp.o >/dev/null 2>&1 > > mv -f .deps/mod_security2_la-acmp.Tpo .deps/mod_security2_la-acmp.Plo > > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. > > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 > > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 > > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL > > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 > > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-apache2_config.lo -MD > > -MP -MF .deps/mod_security2_la-apache2_config.Tpo -c -o > > mod_security2_la-apache2_config.lo `test -f 'apache2_config.c' || echo > > './'`apache2_config.c > > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > > -MT mod_security2_la-apache2_config.lo -MD -MP -MF > > .deps/mod_security2_la-apache2_config.Tpo -c apache2_config.c -fPIC -DPIC > > -o .libs/mod_security2_la-apache2_config.o > > In file included from /opt/apache-2.4.17/include/apr_network_io.h:26:0, > > from /opt/apache-2.4.17/include/apr_buckets.h:29, > > from /opt/apache-2.4.17/include/util_filter.h:26, > > from /opt/apache-2.4.17/include/http_core.h:32, > > from apache2.h:18, > > from re.h:42, > > from msc_util.h:29, > > from modsecurity.h:40, > > from apache2_config.c:17: > > /opt/apache-2.4.17/include/apr_file_io.h:612:46: error: unknown type name > > 'apr_wait_type_t' > > apr_wait_type_t direction); > > ^ > > In file included from /opt/apache-2.4.17/include/apr_buckets.h:29:0, > > from /opt/apache-2.4.17/include/util_filter.h:26, > > from /opt/apache-2.4.17/include/http_core.h:32, > > from apache2.h:18, > > from re.h:42, > > from msc_util.h:29, > > from modsecurity.h:40, > > from apache2_config.c:17: > > /opt/apache-2.4.17/include/apr_network_io.h:650:43: error: unknown type > > name 'apr_wait_type_t' > > apr_wait_type_t direction); > > ^ > > make[2]: *** [mod_security2_la-apache2_config.lo] Error 1 > > make[2]: Leaving directory > > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > > make[1]: *** [all] Error 2 > > make[1]: Leaving directory > > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > > make: *** [all-recursive] Error 1 > > > > > > > > Sorry for the bad news.... > > > > Ahoj, > > > > Christian > > > > > > > > -- > > I think IT projects are about supporting social systems - about > > communications between people and machines. They tend to fail due to > > cultural issues. > > -- Tim Berners-Lee > > > > > > ------------------------------------------------------------------------------ > > Site24x7 APM Insight: Get Deep Visibility into Application Performance > > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > > Monitor end-to-end web transactions and take corrective actions now > > Troubleshoot faster and improve end-user experience. Signup Now! > > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > > _______________________________________________ > > mod-security-developers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > > ModSecurity Services from Trustwave's SpiderLabs: > > https://www.trustwave.com/spiderLabs.php > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
|
From: Christian F. <chr...@ne...> - 2016-03-08 13:40:19
Attachments:
signature.asc
|
Hi there, In the community meeting, we also talked about issues supposed to be related with the pull request #840: https://github.com/SpiderLabs/ModSecurity/pull/840 https://github.com/SpiderLabs/ModSecurity/issues/1073 I think I was able to proof that the misformatting of Apache Error Log messages in the audit log is not related to this change as I see it on ModSecurity 2.7.5 as well. There are other smaller concerns with 840, though. So I am not sure if Felipe really wants to keep it in, or drop it. I am OK with both. Ahoj, Christian -- There's no sense in being pessimistic. It wouldn't work out anyway. --- Anonymous |
|
From: Felipe C. <FC...@tr...> - 2016-03-08 16:54:17
|
Hi, I’ve just installed a virtual machine with Ubuntu 14.04. I have installed only the needed dependencies (including yajl-dev package). The build was successfully. The JSON logs feature was working like a charm. I also removed the yajl-dev package and managed to built it successfully. Without the yajl-dev package the JSON logs feature is not available. I have added a note on the manual saying that without the yajl-dev package this feature won’t be available. Here goes the link to the manual: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secauditlogformat I don’t think we should make the dependency mandatory. As the example of other optional dependencies the feature will only be available if the dependency is there. Every dependency that we add make difficult the compilation in certain platforms. It is not fair to have it marked as mandatory if it is not really mandatory. I think it is safe to delivery 2.9.1 with this feature as it is. What is your opinion? Just a quick note: on v3 we print a fancy summary after the configure step: https://gist.github.com/zimmerle/60cee54cef49603b1310 Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 3/3/16, 5:09 PM, "Christian Folini" <chr...@ne...> wrote: >Robert, > >So you mean I need to read the logfiles before submitting? > >You are right on target. > >I installed libyajl-dev and both problems solved: >- compilation against apache 2.4.17 works >- Audit-Log Format JSON works > >Making yajl a mandatory item in configure seems like the >way to go then. > >Cheers, > >Christian > > >On Thu, Mar 03, 2016 at 06:54:13AM -0800, Robert Paprocki wrote: >> So here's the culprint: >> >> checking for yajl install... no >> configure: optional yajl library not found >> >> Christian, do you have anything odd about the system where this is running? >> Perhaps try re-installing the libyajl-dev package? Here's what it should >> provide on Trusty (running on my laptop): >> poprocks@soter:~$ dpkg -L libyajl-dev >> /. >> /usr >> /usr/share >> /usr/share/doc >> /usr/share/doc/libyajl-dev >> /usr/share/doc/libyajl-dev/copyright >> /usr/lib >> /usr/lib/x86_64-linux-gnu >> /usr/lib/x86_64-linux-gnu/libyajl_s.a >> /usr/lib/x86_64-linux-gnu/pkgconfig >> /usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc >> /usr/include >> /usr/include/yajl >> /usr/include/yajl/yajl_tree.h >> /usr/include/yajl/yajl_version.h >> /usr/include/yajl/yajl_parse.h >> /usr/include/yajl/yajl_gen.h >> /usr/include/yajl/yajl_common.h >> /usr/share/doc/libyajl-dev/README >> /usr/share/doc/libyajl-dev/TODO >> /usr/share/doc/libyajl-dev/changelog.Debian.gz >> /usr/lib/x86_64-linux-gnu/libyajl.so >> >> ModSec config should be relying on the >> '/usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc' >> package config file to make it's detection I believe. Does that exist for >> you? >> >> >> On Wed, Mar 2, 2016 at 9:23 PM, Christian Folini < >> chr...@ne...> wrote: >> >> > Unfortunately, the build problem against apache 2.4.17 did not go away >> > either: >> > >> > The OS Release: >> > Ubuntu 14.04.4 LTS \n \l >> > >> > Apache build: >> > Server version: Apache/2.4.18 (Unix) >> > Server built: Mar 3 2016 05:25:21 >> > >> > $> ./configure --prefix=/opt/apache-2.4.18 \ >> > --with-apr=/usr/local/apr/bin/apr-1-config \ >> > --with-apr-util=/usr/local/apr/bin/apu-1-config \ >> > --enable-mpms-shared=event \ >> > --enable-mods-shared=all \ >> > --enable-nonportable-atomics=yes >> > ... >> > >> > ModSec Configure: >> > $> ./configure --with-apxs=/apache/bin/apxs./configure \ >> > --with-apxs=/apache/bin/apxs \ >> > --with-apr=/usr/local/apr/bin/apr-1-config \ >> > --with-pcre=/usr/bin/pcre-config \ >> > --enable-request-early >> > checking for a BSD-compatible install... /usr/bin/install -c >> > checking whether build environment is sane... yes >> > checking for a thread-safe mkdir -p... /bin/mkdir -p >> > checking for gawk... gawk >> > checking whether make sets $(MAKE)... yes >> > checking whether make supports nested variables... yes >> > checking for style of include used by make... GNU >> > checking for gcc... gcc >> > checking whether the C compiler works... yes >> > checking for C compiler default output file name... a.out >> > checking for suffix of executables... >> > checking whether we are cross compiling... no >> > checking for suffix of object files... o >> > checking whether we are using the GNU C compiler... yes >> > checking whether gcc accepts -g... yes >> > checking for gcc option to accept ISO C89... none needed >> > checking whether gcc understands -c and -o together... yes >> > checking dependency style of gcc... gcc3 >> > checking for ar... ar >> > checking the archiver (ar) interface... ar >> > checking build system type... x86_64-unknown-linux-gnu >> > checking host system type... x86_64-unknown-linux-gnu >> > checking how to print strings... printf >> > checking for a sed that does not truncate output... /bin/sed >> > checking for grep that handles long lines and -e... /bin/grep >> > checking for egrep... /bin/grep -E >> > checking for fgrep... /bin/grep -F >> > checking for ld used by gcc... /usr/bin/ld >> > checking if the linker (/usr/bin/ld) is GNU ld... yes >> > checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B >> > checking the name lister (/usr/bin/nm -B) interface... BSD nm >> > checking whether ln -s works... yes >> > checking the maximum length of command line arguments... 1572864 >> > checking whether the shell understands some XSI constructs... yes >> > checking whether the shell understands "+="... yes >> > checking how to convert x86_64-unknown-linux-gnu file names to >> > x86_64-unknown-linux-gnu format... func_convert_file_noop >> > checking how to convert x86_64-unknown-linux-gnu file names to toolchain >> > format... func_convert_file_noop >> > checking for /usr/bin/ld option to reload object files... -r >> > checking for objdump... objdump >> > checking how to recognize dependent libraries... pass_all >> > checking for dlltool... no >> > checking how to associate runtime and link libraries... printf %s\n >> > checking for archiver @FILE support... @ >> > checking for strip... strip >> > checking for ranlib... ranlib >> > checking command to parse /usr/bin/nm -B output from gcc object... ok >> > checking for sysroot... no >> > checking for mt... mt >> > checking if mt is a manifest tool... no >> > checking how to run the C preprocessor... gcc -E >> > checking for ANSI C header files... yes >> > checking for sys/types.h... yes >> > checking for sys/stat.h... yes >> > checking for stdlib.h... yes >> > checking for string.h... yes >> > checking for memory.h... yes >> > checking for strings.h... yes >> > checking for inttypes.h... yes >> > checking for stdint.h... yes >> > checking for unistd.h... yes >> > checking for dlfcn.h... yes >> > checking for objdir... .libs >> > checking if gcc supports -fno-rtti -fno-exceptions... no >> > checking for gcc option to produce PIC... -fPIC -DPIC >> > checking if gcc PIC flag -fPIC -DPIC works... yes >> > checking if gcc static flag -static works... yes >> > checking if gcc supports -c -o file.o... yes >> > checking if gcc supports -c -o file.o... (cached) yes >> > checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports >> > shared libraries... yes >> > checking whether -lc should be explicitly linked in... no >> > checking dynamic linker characteristics... GNU/Linux http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSd-wO1wNQ&s=5&u=http%3a%2f%2fld%2eso >> > checking how to hardcode library paths into programs... immediate >> > checking for shl_load... no >> > checking for shl_load in -ldld... no >> > checking for dlopen... no >> > checking for dlopen in -ldl... yes >> > checking whether a program can dlopen itself... yes >> > checking whether a statically linked program can dlopen itself... no >> > checking whether stripping libraries is possible... yes >> > checking if libtool supports shared libraries... yes >> > checking whether to build shared libraries... yes >> > checking whether to build static libraries... yes >> > checking for gawk... (cached) gawk >> > checking for gcc... (cached) gcc >> > checking whether we are using the GNU C compiler... (cached) yes >> > checking whether gcc accepts -g... (cached) yes >> > checking for gcc option to accept ISO C89... (cached) none needed >> > checking whether gcc understands -c and -o together... (cached) yes >> > checking dependency style of gcc... (cached) gcc3 >> > checking how to run the C preprocessor... gcc -E >> > checking whether ln -s works... yes >> > checking whether make sets $(MAKE)... (cached) yes >> > checking for grep that handles long lines and -e... (cached) /bin/grep >> > checking for perl... /usr/bin/perl >> > checking for env... /usr/bin/env >> > checking for ANSI C header files... (cached) yes >> > checking fcntl.h usability... yes >> > checking fcntl.h presence... yes >> > checking for fcntl.h... yes >> > checking limits.h usability... yes >> > checking limits.h presence... yes >> > checking for limits.h... yes >> > checking for stdlib.h... (cached) yes >> > checking for string.h... (cached) yes >> > checking for unistd.h... (cached) yes >> > checking for sys/types.h... (cached) yes >> > checking for sys/stat.h... (cached) yes >> > checking sys/utsname.h usability... yes >> > checking sys/utsname.h presence... yes >> > checking for sys/utsname.h... yes >> > checking for an ANSI C-conforming const... yes >> > checking for inline... inline >> > checking for C/C++ restrict keyword... __restrict >> > checking for pid_t... yes >> > checking for size_t... yes >> > checking whether struct tm is in sys/time.h or time.h... time.h >> > checking for uint8_t... yes >> > checking for stdlib.h... (cached) yes >> > checking for GNU libc compatible malloc... yes >> > checking for working memcmp... yes >> > checking for atexit... yes >> > checking for getcwd... yes >> > checking for memmove... yes >> > checking for memset... yes >> > checking for strcasecmp... yes >> > checking for strchr... yes >> > checking for strdup... yes >> > checking for strerror... yes >> > checking for strncasecmp... yes >> > checking for strrchr... yes >> > checking for strstr... yes >> > checking for strtol... yes >> > checking for fchmod... yes >> > checking for strcasestr... yes >> > Checking platform... Identified as Linux >> > checking for libcurl config script... /usr/bin/curl-config >> > checking if libcurl is at least v... yes, 7.35.0 >> > checking if libcurl is linked with gnutls... no >> > configure: using curl v7.35.0 >> > configure: looking for Apache module support via DSO through APXS >> > configure: found apxs at /opt/apache-2.4.17/bin/apxs >> > configure: checking httpd version >> > configure: httpd is recent enough >> > checking for libpcre config script... /usr/bin/pcre-config >> > configure: using pcre v8.31 >> > checking for libapr config script... /usr/local/apr/bin/apr-1-config >> > configure: using apr v1.5.2 >> > checking for libapu config script... /usr/local/apr/bin/apu-1-config >> > configure: using apu v1.5.4 >> > checking for libxml2 config script... /usr/bin/xml2-config >> > checking if libxml2 is at least v2.6.29... yes, 2.9.1 >> > configure: using libxml2 v2.9.1 >> > checking for pkg-config... /usr/bin/pkg-config >> > checking pkg-config is at least version 0.9.0... yes >> > checking for liblua config script... /usr/bin/pkg-config >> > configure: using lua v5.2.0 >> > checking for libyajl config script... no >> > checking for yajl install... no >> > configure: optional yajl library not found >> > checking for ssdeep path... no >> > configure: optional ssdeep library not found >> > checking that generated files are newer than configure... done >> > configure: creating ./config.status >> > config.status: creating Makefile >> > config.status: creating tools/Makefile >> > config.status: creating apache2/Makefile >> > config.status: creating build/apxs-wrapper >> > config.status: creating mlogc/mlogc-batch-load.pl >> > config.status: creating tests/regression/misc/40-secRemoteRules.t >> > config.status: creating tests/regression/misc/50-ipmatchfromfile-external.t >> > config.status: creating tests/regression/misc/60-pmfromfile-external.t >> > config.status: creating tests/run-unit-tests.pl >> > config.status: creating tests/run-regression-tests.pl >> > config.status: creating tests/gen_rx-pm.pl >> > config.status: creating tests/csv_rx-pm.pl >> > config.status: creating tests/regression/server_root/conf/httpd.conf >> > config.status: creating tools/rules-updater.pl >> > config.status: creating mlogc/Makefile >> > config.status: creating tests/Makefile >> > config.status: creating apache2/modsecurity_config_auto.h >> > config.status: apache2/modsecurity_config_auto.h is unchanged >> > config.status: executing depfiles commands >> > config.status: executing libtool commands >> > >> > >> > Make: >> > $> make >> > Making all in tools >> > make[1]: Entering directory >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' >> > make[1]: Nothing to be done for `all'. >> > make[1]: Leaving directory >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' >> > Making all in apache2 >> > make[1]: Entering directory >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' >> > make all-am >> > make[2]: Entering directory >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' >> > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. >> > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 >> > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 >> > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL >> > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 >> > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-acmp.lo -MD -MP -MF >> > .deps/mod_security2_la-acmp.Tpo -c -o mod_security2_la-acmp.lo `test -f >> > 'acmp.c' || echo './'`acmp.c >> > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT >> > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 >> > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include >> > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 >> > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 >> > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c >> > acmp.c -fPIC -DPIC -o .libs/mod_security2_la-acmp.o >> > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT >> > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 >> > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include >> > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 >> > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 >> > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c >> > acmp.c -o mod_security2_la-acmp.o >/dev/null 2>&1 >> > mv -f .deps/mod_security2_la-acmp.Tpo .deps/mod_security2_la-acmp.Plo >> > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. >> > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 >> > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 >> > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL >> > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 >> > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-apache2_config.lo -MD >> > -MP -MF .deps/mod_security2_la-apache2_config.Tpo -c -o >> > mod_security2_la-apache2_config.lo `test -f 'apache2_config.c' || echo >> > './'`apache2_config.c >> > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT >> > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 >> > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include >> > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 >> > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 >> > -MT mod_security2_la-apache2_config.lo -MD -MP -MF >> > .deps/mod_security2_la-apache2_config.Tpo -c apache2_config.c -fPIC -DPIC >> > -o .libs/mod_security2_la-apache2_config.o >> > In file included from /opt/apache-2.4.17/include/apr_network_io.h:26:0, >> > from /opt/apache-2.4.17/include/apr_buckets.h:29, >> > from /opt/apache-2.4.17/include/util_filter.h:26, >> > from /opt/apache-2.4.17/include/http_core.h:32, >> > from apache2.h:18, >> > from re.h:42, >> > from msc_util.h:29, >> > from modsecurity.h:40, >> > from apache2_config.c:17: >> > /opt/apache-2.4.17/include/apr_file_io.h:612:46: error: unknown type name >> > 'apr_wait_type_t' >> > apr_wait_type_t direction); >> > ^ >> > In file included from /opt/apache-2.4.17/include/apr_buckets.h:29:0, >> > from /opt/apache-2.4.17/include/util_filter.h:26, >> > from /opt/apache-2.4.17/include/http_core.h:32, >> > from apache2.h:18, >> > from re.h:42, >> > from msc_util.h:29, >> > from modsecurity.h:40, >> > from apache2_config.c:17: >> > /opt/apache-2.4.17/include/apr_network_io.h:650:43: error: unknown type >> > name 'apr_wait_type_t' >> > apr_wait_type_t direction); >> > ^ >> > make[2]: *** [mod_security2_la-apache2_config.lo] Error 1 >> > make[2]: Leaving directory >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' >> > make[1]: *** [all] Error 2 >> > make[1]: Leaving directory >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' >> > make: *** [all-recursive] Error 1 >> > >> > >> > >> > Sorry for the bad news.... >> > >> > Ahoj, >> > >> > Christian >> > >> > >> > >> > -- >> > I think IT projects are about supporting social systems - about >> > communications between people and machines. They tend to fail due to >> > cultural issues. >> > -- Tim Berners-Lee >> > >> > >> > ------------------------------------------------------------------------------ >> > Site24x7 APM Insight: Get Deep Visibility into Application Performance >> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> > Monitor end-to-end web transactions and take corrective actions now >> > Troubleshoot faster and improve end-user experience. Signup Now! >> > http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSJ4wLolYw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 >> > _______________________________________________ >> > mod-security-developers mailing list >> > mod...@li... >> > http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXd6zLgiZA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >> > ModSecurity Services from Trustwave's SpiderLabs: >> > https://www.trustwave.com/spiderLabs.php >> > > >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSJ4wLolYw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 > >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXd6zLgiZA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > >-- >mailto:chr...@ne... >http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXYskbssNQ&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech >twitter: @ChrFolini > >------------------------------------------------------------------------------ >Site24x7 APM Insight: Get Deep Visibility into Application Performance >APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >Monitor end-to-end web transactions and take corrective actions now >Troubleshoot faster and improve end-user experience. Signup Now! >http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSJ4wLolYw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 >_______________________________________________ >mod-security-developers mailing list >mod...@li... >http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXd6zLgiZA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Christian F. <chr...@ne...> - 2016-03-09 10:42:19
|
Hello, On Tue, Mar 08, 2016 at 04:52:17PM +0000, Felipe Costa wrote: > I don’t think we should make the dependency mandatory. As the example of other > optional dependencies the feature will only be available if the dependency is > there. Every dependency that we add make difficult the compilation in certain > platforms. It is not fair to have it marked as mandatory if it is not really > mandatory. > > I think it is safe to delivery 2.9.1 with this feature as it is. What is your > opinion? I agree with your reasoning. This is better than mandatory. And the the note in the reference manual is very clear. Thank you. > Just a quick note: on v3 we print a fancy summary after the configure step: > https://gist.github.com/zimmerle/60cee54cef49603b1310 That's nice! Cheers, Christian > > > > Br., > Felipe “Zimmerle” Costa > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > > > > On 3/3/16, 5:09 PM, "Christian Folini" <chr...@ne...> wrote: > > >Robert, > > > >So you mean I need to read the logfiles before submitting? > > > >You are right on target. > > > >I installed libyajl-dev and both problems solved: > >- compilation against apache 2.4.17 works > >- Audit-Log Format JSON works > > > >Making yajl a mandatory item in configure seems like the > >way to go then. > > > >Cheers, > > > >Christian > > > > > >On Thu, Mar 03, 2016 at 06:54:13AM -0800, Robert Paprocki wrote: > >> So here's the culprint: > >> > >> checking for yajl install... no > >> configure: optional yajl library not found > >> > >> Christian, do you have anything odd about the system where this is running? > >> Perhaps try re-installing the libyajl-dev package? Here's what it should > >> provide on Trusty (running on my laptop): > >> poprocks@soter:~$ dpkg -L libyajl-dev > >> /. > >> /usr > >> /usr/share > >> /usr/share/doc > >> /usr/share/doc/libyajl-dev > >> /usr/share/doc/libyajl-dev/copyright > >> /usr/lib > >> /usr/lib/x86_64-linux-gnu > >> /usr/lib/x86_64-linux-gnu/libyajl_s.a > >> /usr/lib/x86_64-linux-gnu/pkgconfig > >> /usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc > >> /usr/include > >> /usr/include/yajl > >> /usr/include/yajl/yajl_tree.h > >> /usr/include/yajl/yajl_version.h > >> /usr/include/yajl/yajl_parse.h > >> /usr/include/yajl/yajl_gen.h > >> /usr/include/yajl/yajl_common.h > >> /usr/share/doc/libyajl-dev/README > >> /usr/share/doc/libyajl-dev/TODO > >> /usr/share/doc/libyajl-dev/changelog.Debian.gz > >> /usr/lib/x86_64-linux-gnu/libyajl.so > >> > >> ModSec config should be relying on the > >> '/usr/lib/x86_64-linux-gnu/pkgconfig/yajl.pc' > >> package config file to make it's detection I believe. Does that exist for > >> you? > >> > >> > >> On Wed, Mar 2, 2016 at 9:23 PM, Christian Folini < > >> chr...@ne...> wrote: > >> > >> > Unfortunately, the build problem against apache 2.4.17 did not go away > >> > either: > >> > > >> > The OS Release: > >> > Ubuntu 14.04.4 LTS \n \l > >> > > >> > Apache build: > >> > Server version: Apache/2.4.18 (Unix) > >> > Server built: Mar 3 2016 05:25:21 > >> > > >> > $> ./configure --prefix=/opt/apache-2.4.18 \ > >> > --with-apr=/usr/local/apr/bin/apr-1-config \ > >> > --with-apr-util=/usr/local/apr/bin/apu-1-config \ > >> > --enable-mpms-shared=event \ > >> > --enable-mods-shared=all \ > >> > --enable-nonportable-atomics=yes > >> > ... > >> > > >> > ModSec Configure: > >> > $> ./configure --with-apxs=/apache/bin/apxs./configure \ > >> > --with-apxs=/apache/bin/apxs \ > >> > --with-apr=/usr/local/apr/bin/apr-1-config \ > >> > --with-pcre=/usr/bin/pcre-config \ > >> > --enable-request-early > >> > checking for a BSD-compatible install... /usr/bin/install -c > >> > checking whether build environment is sane... yes > >> > checking for a thread-safe mkdir -p... /bin/mkdir -p > >> > checking for gawk... gawk > >> > checking whether make sets $(MAKE)... yes > >> > checking whether make supports nested variables... yes > >> > checking for style of include used by make... GNU > >> > checking for gcc... gcc > >> > checking whether the C compiler works... yes > >> > checking for C compiler default output file name... a.out > >> > checking for suffix of executables... > >> > checking whether we are cross compiling... no > >> > checking for suffix of object files... o > >> > checking whether we are using the GNU C compiler... yes > >> > checking whether gcc accepts -g... yes > >> > checking for gcc option to accept ISO C89... none needed > >> > checking whether gcc understands -c and -o together... yes > >> > checking dependency style of gcc... gcc3 > >> > checking for ar... ar > >> > checking the archiver (ar) interface... ar > >> > checking build system type... x86_64-unknown-linux-gnu > >> > checking host system type... x86_64-unknown-linux-gnu > >> > checking how to print strings... printf > >> > checking for a sed that does not truncate output... /bin/sed > >> > checking for grep that handles long lines and -e... /bin/grep > >> > checking for egrep... /bin/grep -E > >> > checking for fgrep... /bin/grep -F > >> > checking for ld used by gcc... /usr/bin/ld > >> > checking if the linker (/usr/bin/ld) is GNU ld... yes > >> > checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B > >> > checking the name lister (/usr/bin/nm -B) interface... BSD nm > >> > checking whether ln -s works... yes > >> > checking the maximum length of command line arguments... 1572864 > >> > checking whether the shell understands some XSI constructs... yes > >> > checking whether the shell understands "+="... yes > >> > checking how to convert x86_64-unknown-linux-gnu file names to > >> > x86_64-unknown-linux-gnu format... func_convert_file_noop > >> > checking how to convert x86_64-unknown-linux-gnu file names to toolchain > >> > format... func_convert_file_noop > >> > checking for /usr/bin/ld option to reload object files... -r > >> > checking for objdump... objdump > >> > checking how to recognize dependent libraries... pass_all > >> > checking for dlltool... no > >> > checking how to associate runtime and link libraries... printf %s\n > >> > checking for archiver @FILE support... @ > >> > checking for strip... strip > >> > checking for ranlib... ranlib > >> > checking command to parse /usr/bin/nm -B output from gcc object... ok > >> > checking for sysroot... no > >> > checking for mt... mt > >> > checking if mt is a manifest tool... no > >> > checking how to run the C preprocessor... gcc -E > >> > checking for ANSI C header files... yes > >> > checking for sys/types.h... yes > >> > checking for sys/stat.h... yes > >> > checking for stdlib.h... yes > >> > checking for string.h... yes > >> > checking for memory.h... yes > >> > checking for strings.h... yes > >> > checking for inttypes.h... yes > >> > checking for stdint.h... yes > >> > checking for unistd.h... yes > >> > checking for dlfcn.h... yes > >> > checking for objdir... .libs > >> > checking if gcc supports -fno-rtti -fno-exceptions... no > >> > checking for gcc option to produce PIC... -fPIC -DPIC > >> > checking if gcc PIC flag -fPIC -DPIC works... yes > >> > checking if gcc static flag -static works... yes > >> > checking if gcc supports -c -o file.o... yes > >> > checking if gcc supports -c -o file.o... (cached) yes > >> > checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports > >> > shared libraries... yes > >> > checking whether -lc should be explicitly linked in... no > >> > checking dynamic linker characteristics... GNU/Linux http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSd-wO1wNQ&s=5&u=http%3a%2f%2fld%2eso > >> > checking how to hardcode library paths into programs... immediate > >> > checking for shl_load... no > >> > checking for shl_load in -ldld... no > >> > checking for dlopen... no > >> > checking for dlopen in -ldl... yes > >> > checking whether a program can dlopen itself... yes > >> > checking whether a statically linked program can dlopen itself... no > >> > checking whether stripping libraries is possible... yes > >> > checking if libtool supports shared libraries... yes > >> > checking whether to build shared libraries... yes > >> > checking whether to build static libraries... yes > >> > checking for gawk... (cached) gawk > >> > checking for gcc... (cached) gcc > >> > checking whether we are using the GNU C compiler... (cached) yes > >> > checking whether gcc accepts -g... (cached) yes > >> > checking for gcc option to accept ISO C89... (cached) none needed > >> > checking whether gcc understands -c and -o together... (cached) yes > >> > checking dependency style of gcc... (cached) gcc3 > >> > checking how to run the C preprocessor... gcc -E > >> > checking whether ln -s works... yes > >> > checking whether make sets $(MAKE)... (cached) yes > >> > checking for grep that handles long lines and -e... (cached) /bin/grep > >> > checking for perl... /usr/bin/perl > >> > checking for env... /usr/bin/env > >> > checking for ANSI C header files... (cached) yes > >> > checking fcntl.h usability... yes > >> > checking fcntl.h presence... yes > >> > checking for fcntl.h... yes > >> > checking limits.h usability... yes > >> > checking limits.h presence... yes > >> > checking for limits.h... yes > >> > checking for stdlib.h... (cached) yes > >> > checking for string.h... (cached) yes > >> > checking for unistd.h... (cached) yes > >> > checking for sys/types.h... (cached) yes > >> > checking for sys/stat.h... (cached) yes > >> > checking sys/utsname.h usability... yes > >> > checking sys/utsname.h presence... yes > >> > checking for sys/utsname.h... yes > >> > checking for an ANSI C-conforming const... yes > >> > checking for inline... inline > >> > checking for C/C++ restrict keyword... __restrict > >> > checking for pid_t... yes > >> > checking for size_t... yes > >> > checking whether struct tm is in sys/time.h or time.h... time.h > >> > checking for uint8_t... yes > >> > checking for stdlib.h... (cached) yes > >> > checking for GNU libc compatible malloc... yes > >> > checking for working memcmp... yes > >> > checking for atexit... yes > >> > checking for getcwd... yes > >> > checking for memmove... yes > >> > checking for memset... yes > >> > checking for strcasecmp... yes > >> > checking for strchr... yes > >> > checking for strdup... yes > >> > checking for strerror... yes > >> > checking for strncasecmp... yes > >> > checking for strrchr... yes > >> > checking for strstr... yes > >> > checking for strtol... yes > >> > checking for fchmod... yes > >> > checking for strcasestr... yes > >> > Checking platform... Identified as Linux > >> > checking for libcurl config script... /usr/bin/curl-config > >> > checking if libcurl is at least v... yes, 7.35.0 > >> > checking if libcurl is linked with gnutls... no > >> > configure: using curl v7.35.0 > >> > configure: looking for Apache module support via DSO through APXS > >> > configure: found apxs at /opt/apache-2.4.17/bin/apxs > >> > configure: checking httpd version > >> > configure: httpd is recent enough > >> > checking for libpcre config script... /usr/bin/pcre-config > >> > configure: using pcre v8.31 > >> > checking for libapr config script... /usr/local/apr/bin/apr-1-config > >> > configure: using apr v1.5.2 > >> > checking for libapu config script... /usr/local/apr/bin/apu-1-config > >> > configure: using apu v1.5.4 > >> > checking for libxml2 config script... /usr/bin/xml2-config > >> > checking if libxml2 is at least v2.6.29... yes, 2.9.1 > >> > configure: using libxml2 v2.9.1 > >> > checking for pkg-config... /usr/bin/pkg-config > >> > checking pkg-config is at least version 0.9.0... yes > >> > checking for liblua config script... /usr/bin/pkg-config > >> > configure: using lua v5.2.0 > >> > checking for libyajl config script... no > >> > checking for yajl install... no > >> > configure: optional yajl library not found > >> > checking for ssdeep path... no > >> > configure: optional ssdeep library not found > >> > checking that generated files are newer than configure... done > >> > configure: creating ./config.status > >> > config.status: creating Makefile > >> > config.status: creating tools/Makefile > >> > config.status: creating apache2/Makefile > >> > config.status: creating build/apxs-wrapper > >> > config.status: creating mlogc/mlogc-batch-load.pl > >> > config.status: creating tests/regression/misc/40-secRemoteRules.t > >> > config.status: creating tests/regression/misc/50-ipmatchfromfile-external.t > >> > config.status: creating tests/regression/misc/60-pmfromfile-external.t > >> > config.status: creating tests/run-unit-tests.pl > >> > config.status: creating tests/run-regression-tests.pl > >> > config.status: creating tests/gen_rx-pm.pl > >> > config.status: creating tests/csv_rx-pm.pl > >> > config.status: creating tests/regression/server_root/conf/httpd.conf > >> > config.status: creating tools/rules-updater.pl > >> > config.status: creating mlogc/Makefile > >> > config.status: creating tests/Makefile > >> > config.status: creating apache2/modsecurity_config_auto.h > >> > config.status: apache2/modsecurity_config_auto.h is unchanged > >> > config.status: executing depfiles commands > >> > config.status: executing libtool commands > >> > > >> > > >> > Make: > >> > $> make > >> > Making all in tools > >> > make[1]: Entering directory > >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' > >> > make[1]: Nothing to be done for `all'. > >> > make[1]: Leaving directory > >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/tools' > >> > Making all in apache2 > >> > make[1]: Entering directory > >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > >> > make all-am > >> > make[2]: Entering directory > >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > >> > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. > >> > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 > >> > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 > >> > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL > >> > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 > >> > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-acmp.lo -MD -MP -MF > >> > .deps/mod_security2_la-acmp.Tpo -c -o mod_security2_la-acmp.lo `test -f > >> > 'acmp.c' || echo './'`acmp.c > >> > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > >> > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > >> > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > >> > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > >> > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > >> > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c > >> > acmp.c -fPIC -DPIC -o .libs/mod_security2_la-acmp.o > >> > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > >> > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > >> > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > >> > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > >> > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > >> > -MT mod_security2_la-acmp.lo -MD -MP -MF .deps/mod_security2_la-acmp.Tpo -c > >> > acmp.c -o mod_security2_la-acmp.o >/dev/null 2>&1 > >> > mv -f .deps/mod_security2_la-acmp.Tpo .deps/mod_security2_la-acmp.Plo > >> > /bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. > >> > -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/libxml2 > >> > -I/usr/local/apr//include/apr-1 -I/usr/local/apr//include/apr-1 > >> > -I/opt/apache-2.4.17/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL > >> > -I/usr/include/libxml2 -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 > >> > -I/usr/local/apr//include/apr-1 -MT mod_security2_la-apache2_config.lo -MD > >> > -MP -MF .deps/mod_security2_la-apache2_config.Tpo -c -o > >> > mod_security2_la-apache2_config.lo `test -f 'apache2_config.c' || echo > >> > './'`apache2_config.c > >> > libtool: compile: gcc -DHAVE_CONFIG_H -I. -DLINUX -D_REENTRANT > >> > -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/local/apr//include/apr-1 > >> > -I/usr/local/apr//include/apr-1 -I/opt/apache-2.4.17/include > >> > -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/usr/include/libxml2 > >> > -DWITH_LUA -I/usr/include/lua5.2 -DWITH_PCRE_STUDY > >> > -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 > >> > -DREQUEST_EARLY -DWITH_REMOTE_RULES -g -O2 -I/usr/local/apr//include/apr-1 > >> > -MT mod_security2_la-apache2_config.lo -MD -MP -MF > >> > .deps/mod_security2_la-apache2_config.Tpo -c apache2_config.c -fPIC -DPIC > >> > -o .libs/mod_security2_la-apache2_config.o > >> > In file included from /opt/apache-2.4.17/include/apr_network_io.h:26:0, > >> > from /opt/apache-2.4.17/include/apr_buckets.h:29, > >> > from /opt/apache-2.4.17/include/util_filter.h:26, > >> > from /opt/apache-2.4.17/include/http_core.h:32, > >> > from apache2.h:18, > >> > from re.h:42, > >> > from msc_util.h:29, > >> > from modsecurity.h:40, > >> > from apache2_config.c:17: > >> > /opt/apache-2.4.17/include/apr_file_io.h:612:46: error: unknown type name > >> > 'apr_wait_type_t' > >> > apr_wait_type_t direction); > >> > ^ > >> > In file included from /opt/apache-2.4.17/include/apr_buckets.h:29:0, > >> > from /opt/apache-2.4.17/include/util_filter.h:26, > >> > from /opt/apache-2.4.17/include/http_core.h:32, > >> > from apache2.h:18, > >> > from re.h:42, > >> > from msc_util.h:29, > >> > from modsecurity.h:40, > >> > from apache2_config.c:17: > >> > /opt/apache-2.4.17/include/apr_network_io.h:650:43: error: unknown type > >> > name 'apr_wait_type_t' > >> > apr_wait_type_t direction); > >> > ^ > >> > make[2]: *** [mod_security2_la-apache2_config.lo] Error 1 > >> > make[2]: Leaving directory > >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > >> > make[1]: *** [all] Error 2 > >> > make[1]: Leaving directory > >> > `/usr/src/modsecurity/modsecurity-2.9.1-RC1/apache2' > >> > make: *** [all-recursive] Error 1 > >> > > >> > > >> > > >> > Sorry for the bad news.... > >> > > >> > Ahoj, > >> > > >> > Christian > >> > > >> > > >> > > >> > -- > >> > I think IT projects are about supporting social systems - about > >> > communications between people and machines. They tend to fail due to > >> > cultural issues. > >> > -- Tim Berners-Lee > >> > > >> > > >> > ------------------------------------------------------------------------------ > >> > Site24x7 APM Insight: Get Deep Visibility into Application Performance > >> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > >> > Monitor end-to-end web transactions and take corrective actions now > >> > Troubleshoot faster and improve end-user experience. Signup Now! > >> > http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSJ4wLolYw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 > >> > _______________________________________________ > >> > mod-security-developers mailing list > >> > mod...@li... > >> > http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXd6zLgiZA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers > >> > ModSecurity Services from Trustwave's SpiderLabs: > >> > https://www.trustwave.com/spiderLabs.php > >> > > > > >> ------------------------------------------------------------------------------ > >> Site24x7 APM Insight: Get Deep Visibility into Application Performance > >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > >> Monitor end-to-end web transactions and take corrective actions now > >> Troubleshoot faster and improve end-user experience. Signup Now! > >> http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSJ4wLolYw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 > > > >> _______________________________________________ > >> mod-security-developers mailing list > >> mod...@li... > >> http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXd6zLgiZA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers > >> ModSecurity Services from Trustwave's SpiderLabs: > >> https://www.trustwave.com/spiderLabs.php > > > > > >-- > >mailto:chr...@ne... > >http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXYskbssNQ&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech > >twitter: @ChrFolini > > > >------------------------------------------------------------------------------ > >Site24x7 APM Insight: Get Deep Visibility into Application Performance > >APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > >Monitor end-to-end web transactions and take corrective actions now > >Troubleshoot faster and improve end-user experience. Signup Now! > >http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CSJ4wLolYw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 > >_______________________________________________ > >mod-security-developers mailing list > >mod...@li... > >http://scanmail.trustwave.com/?c=4062&d=uJrY1n0_DrF3my2Z46kGTt5TajY6Gu34CXd6zLgiZA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers > >ModSecurity Services from Trustwave's SpiderLabs: > >https://www.trustwave.com/spiderLabs.php > > ________________________________ > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://makebettercode.com/inteldaal-eval > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- mailto:chr...@ne... http://www.christian-folini.ch twitter: @ChrFolini |
Thanks for helping keep SourceForge clean.
X