From b365d4d2031b29a05eb07226275d3619b47e712abd114acf632d4c28661aef17 Mon Sep 17 00:00:00 2001 From: Danilo Spinella Date: Tue, 1 Aug 2023 09:14:57 +0000 Subject: [PATCH] Accepting request 1099113 from home:dirkmueller:Factory - reenable tests - switch to SpiderLabs owasp 3.2.0 release (final release, upstream archived the project, please switch to coreruleset instead): * Various security fixes, see * https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.2.0/CHANGES - introduce supply chain security by adding gpg signature and keyring OBS-URL: https://build.opensuse.org/request/show/1099113 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=88 --- ...sp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz | 3 - apache2-mod_security2.changes | 6 + apache2-mod_security2.keyring | 104 ++++++++++++++++++ apache2-mod_security2.spec | 8 +- modsecurity-2.9.7.tar.gz.asc | 16 +++ v3.2.0.tar.gz | 3 + 6 files changed, 134 insertions(+), 6 deletions(-) delete mode 100644 SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz create mode 100644 apache2-mod_security2.keyring create mode 100644 modsecurity-2.9.7.tar.gz.asc create mode 100644 v3.2.0.tar.gz diff --git a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz deleted file mode 100644 index f6fa190..0000000 --- a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:637b53696e96f3855f8d4bc678dd67dc8a4ba1ce7da418dafc74524cbf36c92a -size 291337 diff --git a/apache2-mod_security2.changes b/apache2-mod_security2.changes index c7ca08f..1bc9b9d 100644 --- a/apache2-mod_security2.changes +++ b/apache2-mod_security2.changes @@ -34,6 +34,12 @@ Sat Jul 15 17:09:55 UTC 2023 - Dirk Müller recommended * IIS: Update dependencies for Windows build as of v2.9.5 * Support configurable limit on depth of JSON parsing +- reenable tests +- switch to SpiderLabs owasp 3.2.0 release (final release, upstream + archived the project, please switch to coreruleset instead): + * Various security fixes, see + * https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.2.0/CHANGES +- introduce supply chain security by adding gpg signature and keyring ------------------------------------------------------------------- Mon Jul 19 09:37:45 UTC 2021 - Danilo Spinella diff --git a/apache2-mod_security2.keyring b/apache2-mod_security2.keyring new file mode 100644 index 0000000..c05b5c5 --- /dev/null +++ b/apache2-mod_security2.keyring @@ -0,0 +1,104 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF2scPUBEADzKAm5+CJ4TC9OGdh/koPHvGkl1h5cHXHCcyn3GAkD6lz9TJs1 +gAJxKuljq1Ux9CGgf+2OUuhPopC7W9gPg+MuyD4AJr3g9b4IBYwnY9yo5Z337j1m ++yp3SRr6bXW0lutboTAMLBXC7WYdb0k/dJZuqsWe34Y+V6EQLIrZQv1ojclZa+I9 +7AmB8bJO8cwq+QRXQYCu8gE7WD54Khv660uHvZtGXId9AOGpE3fjEGIz7r0BW95u +pGXveFDq+3xdBuahqIsvkr7FacXOwf7fJmkBra2IWuWgCdg4CADTdUpYgL+0ugm5 +B8qhzVBdhnnN1sUaLTB0nny6gwaWWvDvzNqant/VT5qckzRA+e2TK2C/t1znuqBn +DwyNwElXas/y+9cD0AEf//xg1y5BKd2akSwNOlhBqZOzotW0ITWI2Rx4yB9PujLD +jgW9Jy9aAHAnAGk2Qtb+MNU2VBqDzXc2npxqLju2b0lp57PeVte1bhK6ZAdpotfX +rAzYMtrgDsmx/9FJbFMJIKaHJC0PSx2UF4qLTaiL66QHXJ9900HqUGzDpElrf4ZZ +5wXyIk0wwDsnzKcJbRqaT9Or14oQYjbiUua12lN6ID9SW1QgacHwjpm8RCSYcFWh +eQblcH7FGueB0FVvN/wdzLOFRkMIgmuuiBW7inz1+jRu0TTzWMr2gqKBJQARAQAB +tC5PV0FTUCBDb3JlIFJ1bGUgU2V0IDxzZWN1cml0eUBjb3JlcnVsZXNldC5vcmc+ +iQJOBBMBCAA4FiEENgBvDguhZ4MhWIIROO6soauKbnIFAl2scPUCGwMFCwkIBwIG +FQoJCAsCBBYCAwECHgECF4AACgkQOO6soauKbnIeOg//SVOZaRwP/ZFFILJXQMd5 +H97d+6LWZc9O1aRhNWfVwee0jmCNOc8E3eooAkiDpHZb/w9kKKfXf4MPOtN6u+yY +5I0OvEsE1torm6PmlTrrM5To8hao0jV/jEmVMM7cNSz18GBp2fjDvXrp/CIR3Jjz +VT3TyFavAfpq9WIThtOM1QB0qt+eRVvP2bYEJHnnchMOS+H2ITr8PTfdF8INNxY5 +ggjdYOS3b20EHOF9CZ4UYFsdsP4C32tTOF75nJVIWAXxgm8M/xKm9DkrpHmROoUH +yPUljA9yZNjtNHkSce1nczj2C5M5CuJuKthsxitE6QZ4AMaLu0GOJfVRw8aRF1Yc +1d9O2Ww2kpBWf5QVo65Qi0puwwUknW8sq3hnfu92se9l+MCaAynvLqDlEQp0gKg8 +ZDrXbpBJa7O948uIjwYDp1N2dKSZeZb5bFP/0Bl3PFLANhGJ2NqEkkOnOTgouI5X +2dNSCgr/YFsPHOGGXwPkleL43JO6I+jN3XJcX4b2TgsW/NpSgR74CGENUcLRSO0z +XSs4ffq2spmEX5j0+o/Yw5slXuu8y+X8cc78QQ2QQYcu5WqXg6ij7/41OtY/e4uC +3Ap1SsjR/GIjhP5uryTkYfugmDn2gsjg7sqqpgBXVuvBL8j094VXj8QGKFLnlu0e +s8ZNAFTIWyjznC7OQX5Xtkm5Ag0EXaxw9QEQAMkyF4/mewIA6Rx/zuPT8v/Euk/q +Hqpr9iKvIIho8e53SfqVSJWTLNvTaIROROaSz/B2RyIgvICCaqFJWKqW80sSCAk0 +uc1OsP5Lt1RrmtM9AgH5L/ZTnZUnFMGz/ba+i8dWF2tKBL4l1I6fNUBP+PtSESgm +/T+Dv32+s8QI/c0J9XwOwF/ZzBfeFj0zv8Sdx3W0S6M7dmGK1LX4r4w2zFRGt5MD +5QgjmlbDzMsCe4flzs2QWIyaSqJWTZPxWG57bc0kNWSC2Hv5UFrnKuElyav+aFkc +/HkN+sPf0y4ahF8xmVkWYumoN4iKKsnGIAtuLrLDL6IKlfjq06DKeOVpXCKBS6vF +w4AcIaoW+aVUGRmIxIHf2Mb9tKShcy4i0yZVpdeJQxFUHBDYaE8a6GpKPzT17LYv +03K5g2w2+hsUi07H8PRMsckr4UvD2pTvRcP0e9K7/qVF0i440CgpX5f+yHefCv2P +nP3apiCS7qK4m02NUU14//tkJLeGLhxUJ9WhxzFUYWs233jjN+5wJsOHyIzqs1kc +jCN1Qx+91hklTWRmmCgO6gk6eIlpKTALFrTlF0A5eMSIb/Zw40aw2mZ7ku3Y3xAf +4yAK210ILFYrGErbr47ArLDfeMKcAu83uIHyc1IacR/8UaqM0GLAq8H8n//lB2Xz +urz9ZsGF8uB3gODtABEBAAGJAjYEGAEIACAWIQQ2AG8OC6FngyFYghE47qyhq4pu +cgUCXaxw9QIbDAAKCRA47qyhq4puciTyD/9dLUF2rAHzBqQr8S7MWbo7SYU+vHkZ +UF1JNYP+YDo7C0ZJ4ANyfh9GOBly2ZSDYTigLel1GKGO5sf2U7N4dQmy9xTCDRM8 +slqnbt6jfvtRBgJB9mg6UTq/o4vUClyXX4iqAInGMFPxIpuSrOKkZ640c9WW2pcM +U8KoGgDu1vCZxZ6160EQzpQubxCHyQhzRnl9Y/AYy/BbjY1IOf4n/u3hwHXD4piP +dQFJDcqEoob5TvxqolNlw9BfpZpFwsCk2MFrxKuwBP57iuy+/gPJoUrWArgJyvvZ +q0u1r+Q/T5XregBf2RJ/sQc1wF3f28KUBHZlnEsLHF6k/wrWq6xaGxvwWzdXOPYn +O/GoEG8Z26+6wNG3NYGFlToupjd4PQ6uQGSVyZf2ud/6ewW6gQuryMKanxqJ5zqR +KN/ah7Kzr4faQnM3Sk0WDzzQlKkmvAZ1PedTNIDL4OLfbt5h6DBuH7pP6nqSMS+4 +AXpW/RIpjHZy6kBBc/wjm1x5cvQfuY/asHwk9OeSRBVuuO7wS63OCxX+x0jzHxj8 +TyO7DXXuD1K+UnI+IN8Ge/84kiKk1AueNbeYmXyHBcl3kWz4g7OEiDb5P12YGMrV +1EDhTZ9V87jkn4QoJmsN6t4EV2IQvQuLlpbzp0c+gnxktQAWfYEWw9BWw9/6IWq5 +XdQEIOeqEZLTZQ== +=F7wV +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGGL8ngBEACsyb//l5LzsYFKmwPrFNyVmWWXKtuj7rGiz7NYDDCcRn+d6Df+ +augCPmvIWLC9NZE6tOFn6NYMMs4GdhcJ3vHddMAaVkkBUpw9lSGYolitlV0k1FI2 +jjHC4e3sETqP4ara1hF9UrAh+NGjW5Nc6gjDWMqCfUmXBgqvpIH5E4M/BkhkuRAj +n7tTCW+JWDTVx4vwK3Zdb2zPPLx9Trmdh33upCKRKUMwRyF3EarEUtHh82j99cyD +sbjkexmpenTsHAJqHEafBRPpNduRtaUOT3HsmZ4nDctMWWoxGoixRaALfLQTvIl6 +gJzTlaoQw5UC7iksEGGmX53w5gqmdR0cpMBiIGEiTCJY38lochf16XtNz006aQYz +gO7L5QxwdDXMlhrcfXKYAjI/NX9SmYr+vBSjmpyA9T3U2kds0NI0L1RLsVGAGH6M +Kx/Wef8iOMn22meM7UFwKh6WKms9V4hseYwJnVw0L5wBS3rvh6mPOQTytYzxneNt +9EGh8wIgiWMhCncOGvHOMfd2tt1CDm9cEmsgzWYfN0yNTopcMDS3z2XjD6tot4bg +9Wwn6Mxt4+OeFiLCpRIfXmnjSsqLEBr6//OKSZW09LZXXEvQIO5IDV46RiQoe7Aj +jqbbgaSUNUjphqcAc5ruLhlkwCgzQUT3oZanXmCwO21BgFr4DZl4Sy1mnQARAQAB +tDpNYXJ0aW4gVmllcnVsYSAoR2l0SHViIGtleSkgPE1hcnRpbi5WaWVydWxhQHRy +dXN0d2F2ZS5jb20+iQJOBBMBCgA4FiEE8SZpLpuoazlY5z7S8vxORYg7y6QFAmGL +8ngCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ8vxORYg7y6Rnyw/+Iq7N +NYDP0Rf/v3N/EMXHmBSnLdlZlEASJpJn6pGvGFTzmCqf1BvraXWjbMFFvF1OC3SS +HawBHzwGseQgEt4vk43cXxp2/neTmJWGORHVODLUZm6o6M/A8aMScCjw+cpt5W5s +Za2cnT/+DZVGQTY33JAuTxeGLZ6c2B4UWH6nRj+DIjBfWzULj+edJ9oTgJRuHgbj +3/SFz4lpUmrzpwo57W8Y+oqzUeDfyw+tm/Vk5XQOTkJqRcG1SmWp1IA40ygg0VDK +TGKE40/6H9LDoR2FA5ArMjkixafLhoVlw84dirz9VXaTTWBcxgT3Rl1WnLtYhUnk +aRd23OkHmLkT+mj/xCnKEqXVMI3Bsma7kd3+oFQHTkY5xpPQ576IcQg6xzGelLJd +tMiWZwj6rtW16UwLruaLaGkMfVNqo0vGgYKjY92IP2Oj8O0Y+zG6CZzd/2xh5i6f +fslaHDl+nfUjsXTn+zgKdoRlLnwT6FVNrHswNKcDuNnIo8rqCjaUOlY26H7kDR/3 +nw0QOE1O8r3+HrCu0Nnszsw0OfPcBuzhOFrFGvaipTR5GVso0VwM1LaDcnveeIlu +BeBIV8hWlfZuf1HQTjFRzTKmbGGJ0pqMwu9rc3u2zX6afC9T9hJOvc+js3PcjpPh +vqQ8ZnQQtMVD9ru1IAfthLIJLaxwssSfh36xBra5Ag0EYYvyeAEQAOTk9zr//CmW +sWdvjNfp5Nh89bymBOqtusDgNh2EHLHXT2pCnQ9YQ7Kf/RGHPuapkaKiXvTy1h0w +ewfL5eSBsx762TJpPbmR9zDu9UDpdxxR6jcgU7ZXYgBcz1uQvHmvGRoAa6rcv757 +5UmROsQz9QNNS4mYnCdeVQuIaGa0uCJgXDI+EQNUKRrAlBhgaDOUpuvqnxDz7A65 +W4u7OchU+GtHqnzgopDQtjGTwCE+F1lutwABc+xrWkvl9ph7zp6VWze62AErWsc0 +bLsCnzVm3+pu1IQO76poqjapfEL13OpZGZfmxzJTc+GPfnevAfF72QkDjldF30MV +fBySxnLcupoPhR56t/Ix0/nkziduvflYWqtIq4LyB4KYFFmylkFHQiPWtG5QJAFc +FwZS/CUJREJ2aR/SFSqjAmASqGIRn0idqZxZdZV3Uw4TyyUaLUJyyV7RgQ+/BEt6 +QLu+Oay/si6nT5Rq5KBQT4a6ttJpyr6C/kdqXCPifPItTFu6HTqyLe+NCENzXr6e +syjxllYJJKI/tVAk+ItQrQ+6370QFOmJnm3jNqS5ylFDUQH+M/ypop6ssajTjaKY +o7FRIN2grfRaKXSrFMCmmgRpXcXZs1kA8C910BeI9z96+RtOl3jp9OEiibZtSDCt +murdZN1kn5eZrq1uJSakNnUg27SFR72LABEBAAGJAjYEGAEKACAWIQTxJmkum6hr +OVjnPtLy/E5FiDvLpAUCYYvyeAIbDAAKCRDy/E5FiDvLpLJuD/9LnDYu1Qjsg9zZ +Q2N4u2gcEfEBn7Gl3J0FkN12mRy8eaVEHuTxcFEsKZVllLBc0yHaM5wBwtln0CpA +oHLQfIKDXP6mPKEU+9/z0oiWP7LiPO5jqKam26GVGIfucx4Yw92eJFpgB3lQzQZN +rStcenUKRmjXdUplalXSXxwqIGMvAJrQyQ7MKTUHKBV/sh1+Mrh9KN1+WRetbOY4 +2k/8Gm42uvmc+u8y2+rzSnoZf3xdVPIbq94rm+IC+jvzMqfL7QPEyT7gsAgGCjlL +CfV1PKj2YRv8IQzQgbRm3Vu++PvIalKQFa2Szc0dz6fgG2AedhYvqloMcgbXgpkM +RRIa7p/lcAR8SGilkiNafOQZBHWVKhXNa2IewyWa6rao1oPydz/6QwuUM6OI9J5a +iH8sEwExEJ74ZZjJ/g4yRaBx13i3tRxXdSG3d7l1VR4Xe0clLW2mo7YDKO3SZXCV +UAVD5SRh/P/WdPJGlpMifccgNZpCGy4Scr+nYXISvrH3+OZl5s/HsxD1eZPEYuvi +QDAljPNWq4BBqRo/cO5wBtZFS8IovT6YA3n9cGslcnlWmpqKvORQMDK35zs/9/Yg +MsjNbAXtv9AnmVSDcUnN20GFLE6lyrn62f2yi3SN3FPLyZP1CmyMDYMkU6LmcGjy +GcN2K4YXkS3Z1QIoOtUvc7FGIEggAA== +=g03h +-----END PGP PUBLIC KEY BLOCK----- diff --git a/apache2-mod_security2.spec b/apache2-mod_security2.spec index be68b80..4a08b70 100644 --- a/apache2-mod_security2.spec +++ b/apache2-mod_security2.spec @@ -27,10 +27,12 @@ License: Apache-2.0 Group: Productivity/Networking/Web/Servers URL: https://www.modsecurity.org/ Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz -Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz +Source1: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz.asc +Source10: https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/refs/tags/v3.2.0.tar.gz Source2: mod_security2.conf Source6: README-SUSE-mod_security2.txt Source7: empty.conf +Source99: apache2-mod_security2.keyring Patch0: apache2-mod_security2-no_rpath.diff Patch1: modsecurity-fixes.patch Patch2: apache2-mod_security2_tests_conf.patch @@ -62,8 +64,8 @@ applications from known and unknown attacks. %prep %setup -q -n %{tarballname} -%setup -q -D -T -a 1 -n %{tarballname} -mv -v SpiderLabs* rules +%setup -q -D -T -a 10 -n %{tarballname} +mv -v owasp-modsecurity-crs-3.2.0 rules %patch0 %patch1 -p1 %patch2 -p1 diff --git a/modsecurity-2.9.7.tar.gz.asc b/modsecurity-2.9.7.tar.gz.asc new file mode 100644 index 0000000..32908ad --- /dev/null +++ b/modsecurity-2.9.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE8SZpLpuoazlY5z7S8vxORYg7y6QFAmO19QwACgkQ8vxORYg7 +y6R5yhAApYMN3e2fJu3kh1QS3w5KaNNE5tc58eWLBju4A+rTAenNdeciXfmzndJa +59cgNC8wZigSVN/PhNMhj/OJta88TFwzTkuc5CmOZ0zEgudXmIHifkUZZ+4UkCto +ihcrfb9I7JjA5WJ0AB6vpC4tZzqiI3i6ZOiftcKDJbhfFjhfuoBFbmwzfV9RSCna +7AKQWBfrHj5yvjKiBLMIyu045HpWOdhPqbZGm99417cejix8roAIszx0eNlb0oyJ +qIJx3RQStcduLHyIcxMRVn0ftElK8theAJOeO15e7efdJIyaR7Qmu875A8aB3yFk +v6ewLRE2uy4NJfS1daBscs3Ua4QSmpUqaSaa6zBu4OO5jAoS/WPuiSjy5ulmeWEU +CbE/APCgq9v1uOLN7TMmkcZAFZXgJ0bVfauSCgB4jokLQsRwFwH7v9I1PZfLKNb6 +RsJ3zN82tNeJ8n7rzXwDk8Qj1PJFTB/5TXIwlzlACh6774I2Q0mvfdXhUuTphcc4 +P8FQR6lW4uePMZAkNS3yrnzL9XT7NduQNuKGvYS16xMnIwH0C/4X6IL9C5YET6I8 +S8OBBLJ0LRw+M6+jb5Ev9bby7NcY3rB2eXcPjKg2XYhicmLbZ0F9SY8vGyJG0RwK +g0z3+d36XnpHQw8247xEBjdtmKWgNWbpJMZcqVWBwCsAscft3v4= +=ycKi +-----END PGP SIGNATURE----- diff --git a/v3.2.0.tar.gz b/v3.2.0.tar.gz new file mode 100644 index 0000000..bcadaab --- /dev/null +++ b/v3.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1e5431d83c24bb745a0d7ae520328a5bcee066e33b0303bd22c864436bdf97a0 +size 282225