Accepting request 1300032 from Apache:Modules

see if you woulnd't force people to submit using --noservice this would not happen (forwarded request 1300030 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/1300032
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_security2?expand=0&rev=37

apache2-mod_security2.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Aug  6 18:25:52 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 2.9.12:
+ * CVE-2025-54571: Improper error handling (boo#1247674)
+ * remove unused condition from msc_status_engine.c
+ * remove unwanted '\0' string terminator from argument's valu
+- drop modsecurity-2.9.3-input_filtering_errors.patch different
+  change included upstream
+
 -------------------------------------------------------------------
 Thu Jul  3 11:13:07 UTC 2025 - pgajdos@suse.com
 

apache2-mod_security2.spec

@@ -18,7 +18,7 @@
 
 
 Name:           apache2-mod_security2
-Version:        2.9.11
+Version:        2.9.12
 Release:        0
 Summary:        Web Application Firewall for Apache httpd
 License:        Apache-2.0
@@ -32,8 +32,6 @@ Source4:        README_SUSE
 Patch0:         apache2-mod_security2-no_rpath.diff
 Patch1:         modsecurity-fixes.patch
 Patch2:         apache2-mod_security2_tests_conf.patch
-# https://github.com/SpiderLabs/ModSecurity/issues/2514
-Patch3:         modsecurity-2.9.3-input_filtering_errors.patch
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel
 BuildRequires:  apache2-prefork

modsecurity-2.9.3-input_filtering_errors.patch

@@ -1,82 +0,0 @@
-Index: modsecurity-v2.9.8/apache2/apache2_io.c
-===================================================================
---- modsecurity-v2.9.8.orig/apache2/apache2_io.c
-+++ modsecurity-v2.9.8/apache2/apache2_io.c
-@@ -222,6 +222,10 @@ apr_status_t read_request_body(modsec_re
-              *      too large and APR_EGENERAL when the client disconnects.
-              */
-             switch(rc) {
-+                case AP_FILTER_ERROR :
-+                    *error_msg = apr_pstrdup(msr->mp, "Error reading request body: filter error");
-+                    return -8;
-+
-                 case APR_INCOMPLETE :
-                     *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
-                     return -7;
-@@ -231,7 +235,7 @@ apr_status_t read_request_body(modsec_re
-                 case APR_TIMEUP :
-                     *error_msg = apr_psprintf(msr->mp, "Error reading request body: %s", get_apr_error(msr->mp, rc));
-                     return -4;
--                case AP_FILTER_ERROR :
-+                case APR_ENOSPC:
-                     *error_msg = apr_psprintf(msr->mp, "Error reading request body: HTTP Error 413 - Request entity too large. (Most likely.)");
-                     return -3;
-                 case APR_EGENERAL :
-Index: modsecurity-v2.9.8/apache2/mod_security2.c
-===================================================================
---- modsecurity-v2.9.8.orig/apache2/mod_security2.c
-+++ modsecurity-v2.9.8/apache2/mod_security2.c
-@@ -1032,7 +1032,7 @@ static int hook_request_late(request_rec
-     }
- 
-     rc = read_request_body(msr, &my_error_msg);
--    if (rc < 0 && msr->txcfg->is_enabled == MODSEC_ENABLED) {
-+    if (rc < 0) {
-         switch(rc) {
-             case -1 :
-                 if (my_error_msg != NULL) {
-@@ -1040,6 +1040,21 @@ static int hook_request_late(request_rec
-                 }
-                 return HTTP_INTERNAL_SERVER_ERROR;
-                 break;
-+            case -2 : /* Bad request. */
-+            case -6 : /* EOF when reading request body. */
-+            case -7 : /* Partial recieved */
-+                if (my_error_msg != NULL) {
-+                    msr_log(msr, 4, "%s", my_error_msg);
-+                }
-+                r->connection->keepalive = AP_CONN_CLOSE;
-+                return HTTP_BAD_REQUEST;
-+                break;
-+            case -3 : /* Apache's LimitRequestBody. */
-+                if (my_error_msg != NULL) {
-+                    msr_log(msr, 1, "%s", my_error_msg);
-+                }
-+                return HTTP_REQUEST_ENTITY_TOO_LARGE;
-+                break;
-             case -4 : /* Timeout. */
-                 if (my_error_msg != NULL) {
-                     msr_log(msr, 4, "%s", my_error_msg);
-@@ -1061,19 +1076,11 @@ static int hook_request_late(request_rec
-                     }
-                 }
-                 break;
--            case -6 : /* EOF when reading request body. */
--                if (my_error_msg != NULL) {
--                    msr_log(msr, 4, "%s", my_error_msg);
--                }
--                r->connection->keepalive = AP_CONN_CLOSE;
--                return HTTP_BAD_REQUEST;
--                break;
--            case -7 : /* Partial recieved */
-+            case -8 : /* Filter error. */
-                 if (my_error_msg != NULL) {
--                    msr_log(msr, 4, "%s", my_error_msg);
-+                    msr_log(msr, 1, "%s", my_error_msg);
-                 }
--                r->connection->keepalive = AP_CONN_CLOSE;
--                return HTTP_BAD_REQUEST;
-+                return AP_FILTER_ERROR;
-                 break;
-             default :
-                 /* allow through */

modsecurity-v2.9.11.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECyuhkkBltEaRICoq0obgIhSfD24FAmhkPzkACgkQ0obgIhSf
-D24YRw/+JF1n0okE+h4JtAOha1AAr7PP2KlNxiCJmmhTpSs2TMyKQCE6FOcYsSKp
-Moffi7oHq28t5X2QEafYd/3B1cp8fZK2QRNJp3blNngSufcOjTfuM/sbm74BXQp0
-/tR/00Ckjbxr4Wpxz3uqWrKthMHAFX2YBfYrO7GDcwLAGUNVxqd2gm1k8JPqgYQU
-9vYE9ykbTsIFTbZc1ajweKD8Ia5UbA4phA9HFX3AABLJOWfXysMEmkdwRnyq5Jgo
-tSYcWBS1+Ij3tBCVdN4Np6qwoV5yvJtXAEjt8E25tDjotP8rM1y8/qcDxJJOsPQC
-54rOjMRxOcfFvBuTgmLqH1Eowys1SUviu+jyMOxRoW/mxWqsKmjLFimQ33k9cFKB
-9Fyu4tkkKtA2TP4oxb/IuJ2iJYRh0DVdq/MXgeS4XDv1Fa6tcG4eTONR2czgcdJ6
-PpFdbAoNBiCpPABCiFt3uLW6c+uKcURw9brUnwF3nnPpdl5Gfz/at54hbDxsTv1b
-U958aoG1db1FFG62xMR9cpIHyxwP9vaAYKKyaZvNhrGf/ilPzIabTEZQaeXYfRVw
-g9GyvUSjZbTSnvBgWThpSYsJhP7pmbAS/0lCexS1vYl7wiT0RIZnUI1pjH21WtOG
-/PAhFVT5Ivhfv6oeKEIBu80sTA2SWZ7Tq47a9vJNDleJzuQAMH8=
-=N9wk
------END PGP SIGNATURE-----

modsecurity-v2.9.12.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:79ada8693303be3490201397344bf66900a45f07ae328bf6cf01ca99e5d135fa
+size 4366282

modsecurity-v2.9.12.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECyuhkkBltEaRICoq0obgIhSfD24FAmiSWM0ACgkQ0obgIhSf
+D27ucQ//XQae+Ou0fuFw/P4YC65r/i1W2hQ6l/PGsXw5k9xgiY22qitaJEngBcbk
+77hA7x5X1aQZ2/e965IDeT8n8A5J2ERLfbeFHpKQKY3LxzOxzzihqcXVCMQR4G50
++XrgTpAd+q1nrwVAh7fZQjVtdbBsv+jTuST/W/vFL4GCwsZcLrAfQlrDYT6O13tg
+4j6UqiZ18NvH7XsuT2F26ScpNbeBL691VDXsgg7UyPWuYp3gz8iUQUfAsuRwxpDx
+7b9S/pupGMMBslWoCx1BdLotHaLs3TQ+nEh3ahwC/gQqq/7qlzDXIS47znwVKZPR
+ggOII4Auq/0aes/3zjMfF3ssY5gLnB4FRkAiI9bKCqO+rjJPdzbh7X9+BrzILVfI
+4w7nc0Vmj6L1VKAJpGPrE3Yqv4z4HlSCfBJZ2OSqYJzaJxpqEGZjq5Q9fDDZzMYG
+perrpGRoaxqn+K2cLur34Nvq1sdbFCC6WNGBo7bFsK3vsh542qpRmAey5Ikuxxx8
+JtYttjEd7yBDsZ5ySnv499ftJlyxb/CxmMpr9lJCvxBLUFPbSPT3cKTgxnaPqYGP
+BYnTe94gza05IPRWvcVTz46IV01cm3jYi5VEwFguzO8UZQnsbmytlLaqDYJZf3/H
+IKm6oS3dibr4BG4CtbGLKrqJegJ+XjUNTujwdo2M1LuA7VyQ+xE=
+=mjbm
+-----END PGP SIGNATURE-----