From 196d82d91e750788018224c37d7086076bc395d9059a14f37e7d739bf9afe256 Mon Sep 17 00:00:00 2001 From: Danilo Spinella Date: Tue, 1 Aug 2023 09:41:33 +0000 Subject: [PATCH] Accepting request 1101664 from Apache:Modules revert to 87 OBS-URL: https://build.opensuse.org/request/show/1101664 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=89 --- ...sp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz | 3 + apache2-mod_security2.changes | 6 - apache2-mod_security2.keyring | 104 ------------------ apache2-mod_security2.spec | 8 +- modsecurity-2.9.7.tar.gz.asc | 16 --- v3.2.0.tar.gz | 3 - 6 files changed, 6 insertions(+), 134 deletions(-) create mode 100644 SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz delete mode 100644 apache2-mod_security2.keyring delete mode 100644 modsecurity-2.9.7.tar.gz.asc delete mode 100644 v3.2.0.tar.gz diff --git a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz new file mode 100644 index 0000000..f6fa190 --- /dev/null +++ b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:637b53696e96f3855f8d4bc678dd67dc8a4ba1ce7da418dafc74524cbf36c92a +size 291337 diff --git a/apache2-mod_security2.changes b/apache2-mod_security2.changes index 1bc9b9d..c7ca08f 100644 --- a/apache2-mod_security2.changes +++ b/apache2-mod_security2.changes @@ -34,12 +34,6 @@ Sat Jul 15 17:09:55 UTC 2023 - Dirk Müller recommended * IIS: Update dependencies for Windows build as of v2.9.5 * Support configurable limit on depth of JSON parsing -- reenable tests -- switch to SpiderLabs owasp 3.2.0 release (final release, upstream - archived the project, please switch to coreruleset instead): - * Various security fixes, see - * https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.2.0/CHANGES -- introduce supply chain security by adding gpg signature and keyring ------------------------------------------------------------------- Mon Jul 19 09:37:45 UTC 2021 - Danilo Spinella diff --git a/apache2-mod_security2.keyring b/apache2-mod_security2.keyring deleted file mode 100644 index c05b5c5..0000000 --- a/apache2-mod_security2.keyring +++ /dev/null @@ -1,104 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBF2scPUBEADzKAm5+CJ4TC9OGdh/koPHvGkl1h5cHXHCcyn3GAkD6lz9TJs1 -gAJxKuljq1Ux9CGgf+2OUuhPopC7W9gPg+MuyD4AJr3g9b4IBYwnY9yo5Z337j1m -+yp3SRr6bXW0lutboTAMLBXC7WYdb0k/dJZuqsWe34Y+V6EQLIrZQv1ojclZa+I9 -7AmB8bJO8cwq+QRXQYCu8gE7WD54Khv660uHvZtGXId9AOGpE3fjEGIz7r0BW95u -pGXveFDq+3xdBuahqIsvkr7FacXOwf7fJmkBra2IWuWgCdg4CADTdUpYgL+0ugm5 -B8qhzVBdhnnN1sUaLTB0nny6gwaWWvDvzNqant/VT5qckzRA+e2TK2C/t1znuqBn -DwyNwElXas/y+9cD0AEf//xg1y5BKd2akSwNOlhBqZOzotW0ITWI2Rx4yB9PujLD -jgW9Jy9aAHAnAGk2Qtb+MNU2VBqDzXc2npxqLju2b0lp57PeVte1bhK6ZAdpotfX -rAzYMtrgDsmx/9FJbFMJIKaHJC0PSx2UF4qLTaiL66QHXJ9900HqUGzDpElrf4ZZ -5wXyIk0wwDsnzKcJbRqaT9Or14oQYjbiUua12lN6ID9SW1QgacHwjpm8RCSYcFWh -eQblcH7FGueB0FVvN/wdzLOFRkMIgmuuiBW7inz1+jRu0TTzWMr2gqKBJQARAQAB -tC5PV0FTUCBDb3JlIFJ1bGUgU2V0IDxzZWN1cml0eUBjb3JlcnVsZXNldC5vcmc+ -iQJOBBMBCAA4FiEENgBvDguhZ4MhWIIROO6soauKbnIFAl2scPUCGwMFCwkIBwIG -FQoJCAsCBBYCAwECHgECF4AACgkQOO6soauKbnIeOg//SVOZaRwP/ZFFILJXQMd5 -H97d+6LWZc9O1aRhNWfVwee0jmCNOc8E3eooAkiDpHZb/w9kKKfXf4MPOtN6u+yY -5I0OvEsE1torm6PmlTrrM5To8hao0jV/jEmVMM7cNSz18GBp2fjDvXrp/CIR3Jjz -VT3TyFavAfpq9WIThtOM1QB0qt+eRVvP2bYEJHnnchMOS+H2ITr8PTfdF8INNxY5 -ggjdYOS3b20EHOF9CZ4UYFsdsP4C32tTOF75nJVIWAXxgm8M/xKm9DkrpHmROoUH -yPUljA9yZNjtNHkSce1nczj2C5M5CuJuKthsxitE6QZ4AMaLu0GOJfVRw8aRF1Yc -1d9O2Ww2kpBWf5QVo65Qi0puwwUknW8sq3hnfu92se9l+MCaAynvLqDlEQp0gKg8 -ZDrXbpBJa7O948uIjwYDp1N2dKSZeZb5bFP/0Bl3PFLANhGJ2NqEkkOnOTgouI5X -2dNSCgr/YFsPHOGGXwPkleL43JO6I+jN3XJcX4b2TgsW/NpSgR74CGENUcLRSO0z -XSs4ffq2spmEX5j0+o/Yw5slXuu8y+X8cc78QQ2QQYcu5WqXg6ij7/41OtY/e4uC -3Ap1SsjR/GIjhP5uryTkYfugmDn2gsjg7sqqpgBXVuvBL8j094VXj8QGKFLnlu0e -s8ZNAFTIWyjznC7OQX5Xtkm5Ag0EXaxw9QEQAMkyF4/mewIA6Rx/zuPT8v/Euk/q -Hqpr9iKvIIho8e53SfqVSJWTLNvTaIROROaSz/B2RyIgvICCaqFJWKqW80sSCAk0 -uc1OsP5Lt1RrmtM9AgH5L/ZTnZUnFMGz/ba+i8dWF2tKBL4l1I6fNUBP+PtSESgm -/T+Dv32+s8QI/c0J9XwOwF/ZzBfeFj0zv8Sdx3W0S6M7dmGK1LX4r4w2zFRGt5MD -5QgjmlbDzMsCe4flzs2QWIyaSqJWTZPxWG57bc0kNWSC2Hv5UFrnKuElyav+aFkc -/HkN+sPf0y4ahF8xmVkWYumoN4iKKsnGIAtuLrLDL6IKlfjq06DKeOVpXCKBS6vF -w4AcIaoW+aVUGRmIxIHf2Mb9tKShcy4i0yZVpdeJQxFUHBDYaE8a6GpKPzT17LYv -03K5g2w2+hsUi07H8PRMsckr4UvD2pTvRcP0e9K7/qVF0i440CgpX5f+yHefCv2P -nP3apiCS7qK4m02NUU14//tkJLeGLhxUJ9WhxzFUYWs233jjN+5wJsOHyIzqs1kc -jCN1Qx+91hklTWRmmCgO6gk6eIlpKTALFrTlF0A5eMSIb/Zw40aw2mZ7ku3Y3xAf -4yAK210ILFYrGErbr47ArLDfeMKcAu83uIHyc1IacR/8UaqM0GLAq8H8n//lB2Xz -urz9ZsGF8uB3gODtABEBAAGJAjYEGAEIACAWIQQ2AG8OC6FngyFYghE47qyhq4pu -cgUCXaxw9QIbDAAKCRA47qyhq4puciTyD/9dLUF2rAHzBqQr8S7MWbo7SYU+vHkZ -UF1JNYP+YDo7C0ZJ4ANyfh9GOBly2ZSDYTigLel1GKGO5sf2U7N4dQmy9xTCDRM8 -slqnbt6jfvtRBgJB9mg6UTq/o4vUClyXX4iqAInGMFPxIpuSrOKkZ640c9WW2pcM -U8KoGgDu1vCZxZ6160EQzpQubxCHyQhzRnl9Y/AYy/BbjY1IOf4n/u3hwHXD4piP -dQFJDcqEoob5TvxqolNlw9BfpZpFwsCk2MFrxKuwBP57iuy+/gPJoUrWArgJyvvZ -q0u1r+Q/T5XregBf2RJ/sQc1wF3f28KUBHZlnEsLHF6k/wrWq6xaGxvwWzdXOPYn -O/GoEG8Z26+6wNG3NYGFlToupjd4PQ6uQGSVyZf2ud/6ewW6gQuryMKanxqJ5zqR -KN/ah7Kzr4faQnM3Sk0WDzzQlKkmvAZ1PedTNIDL4OLfbt5h6DBuH7pP6nqSMS+4 -AXpW/RIpjHZy6kBBc/wjm1x5cvQfuY/asHwk9OeSRBVuuO7wS63OCxX+x0jzHxj8 -TyO7DXXuD1K+UnI+IN8Ge/84kiKk1AueNbeYmXyHBcl3kWz4g7OEiDb5P12YGMrV -1EDhTZ9V87jkn4QoJmsN6t4EV2IQvQuLlpbzp0c+gnxktQAWfYEWw9BWw9/6IWq5 -XdQEIOeqEZLTZQ== -=F7wV ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGGL8ngBEACsyb//l5LzsYFKmwPrFNyVmWWXKtuj7rGiz7NYDDCcRn+d6Df+ -augCPmvIWLC9NZE6tOFn6NYMMs4GdhcJ3vHddMAaVkkBUpw9lSGYolitlV0k1FI2 -jjHC4e3sETqP4ara1hF9UrAh+NGjW5Nc6gjDWMqCfUmXBgqvpIH5E4M/BkhkuRAj -n7tTCW+JWDTVx4vwK3Zdb2zPPLx9Trmdh33upCKRKUMwRyF3EarEUtHh82j99cyD -sbjkexmpenTsHAJqHEafBRPpNduRtaUOT3HsmZ4nDctMWWoxGoixRaALfLQTvIl6 -gJzTlaoQw5UC7iksEGGmX53w5gqmdR0cpMBiIGEiTCJY38lochf16XtNz006aQYz -gO7L5QxwdDXMlhrcfXKYAjI/NX9SmYr+vBSjmpyA9T3U2kds0NI0L1RLsVGAGH6M -Kx/Wef8iOMn22meM7UFwKh6WKms9V4hseYwJnVw0L5wBS3rvh6mPOQTytYzxneNt -9EGh8wIgiWMhCncOGvHOMfd2tt1CDm9cEmsgzWYfN0yNTopcMDS3z2XjD6tot4bg -9Wwn6Mxt4+OeFiLCpRIfXmnjSsqLEBr6//OKSZW09LZXXEvQIO5IDV46RiQoe7Aj -jqbbgaSUNUjphqcAc5ruLhlkwCgzQUT3oZanXmCwO21BgFr4DZl4Sy1mnQARAQAB -tDpNYXJ0aW4gVmllcnVsYSAoR2l0SHViIGtleSkgPE1hcnRpbi5WaWVydWxhQHRy -dXN0d2F2ZS5jb20+iQJOBBMBCgA4FiEE8SZpLpuoazlY5z7S8vxORYg7y6QFAmGL -8ngCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ8vxORYg7y6Rnyw/+Iq7N -NYDP0Rf/v3N/EMXHmBSnLdlZlEASJpJn6pGvGFTzmCqf1BvraXWjbMFFvF1OC3SS -HawBHzwGseQgEt4vk43cXxp2/neTmJWGORHVODLUZm6o6M/A8aMScCjw+cpt5W5s -Za2cnT/+DZVGQTY33JAuTxeGLZ6c2B4UWH6nRj+DIjBfWzULj+edJ9oTgJRuHgbj -3/SFz4lpUmrzpwo57W8Y+oqzUeDfyw+tm/Vk5XQOTkJqRcG1SmWp1IA40ygg0VDK -TGKE40/6H9LDoR2FA5ArMjkixafLhoVlw84dirz9VXaTTWBcxgT3Rl1WnLtYhUnk -aRd23OkHmLkT+mj/xCnKEqXVMI3Bsma7kd3+oFQHTkY5xpPQ576IcQg6xzGelLJd -tMiWZwj6rtW16UwLruaLaGkMfVNqo0vGgYKjY92IP2Oj8O0Y+zG6CZzd/2xh5i6f -fslaHDl+nfUjsXTn+zgKdoRlLnwT6FVNrHswNKcDuNnIo8rqCjaUOlY26H7kDR/3 -nw0QOE1O8r3+HrCu0Nnszsw0OfPcBuzhOFrFGvaipTR5GVso0VwM1LaDcnveeIlu -BeBIV8hWlfZuf1HQTjFRzTKmbGGJ0pqMwu9rc3u2zX6afC9T9hJOvc+js3PcjpPh -vqQ8ZnQQtMVD9ru1IAfthLIJLaxwssSfh36xBra5Ag0EYYvyeAEQAOTk9zr//CmW -sWdvjNfp5Nh89bymBOqtusDgNh2EHLHXT2pCnQ9YQ7Kf/RGHPuapkaKiXvTy1h0w -ewfL5eSBsx762TJpPbmR9zDu9UDpdxxR6jcgU7ZXYgBcz1uQvHmvGRoAa6rcv757 -5UmROsQz9QNNS4mYnCdeVQuIaGa0uCJgXDI+EQNUKRrAlBhgaDOUpuvqnxDz7A65 -W4u7OchU+GtHqnzgopDQtjGTwCE+F1lutwABc+xrWkvl9ph7zp6VWze62AErWsc0 -bLsCnzVm3+pu1IQO76poqjapfEL13OpZGZfmxzJTc+GPfnevAfF72QkDjldF30MV -fBySxnLcupoPhR56t/Ix0/nkziduvflYWqtIq4LyB4KYFFmylkFHQiPWtG5QJAFc -FwZS/CUJREJ2aR/SFSqjAmASqGIRn0idqZxZdZV3Uw4TyyUaLUJyyV7RgQ+/BEt6 -QLu+Oay/si6nT5Rq5KBQT4a6ttJpyr6C/kdqXCPifPItTFu6HTqyLe+NCENzXr6e -syjxllYJJKI/tVAk+ItQrQ+6370QFOmJnm3jNqS5ylFDUQH+M/ypop6ssajTjaKY -o7FRIN2grfRaKXSrFMCmmgRpXcXZs1kA8C910BeI9z96+RtOl3jp9OEiibZtSDCt -murdZN1kn5eZrq1uJSakNnUg27SFR72LABEBAAGJAjYEGAEKACAWIQTxJmkum6hr -OVjnPtLy/E5FiDvLpAUCYYvyeAIbDAAKCRDy/E5FiDvLpLJuD/9LnDYu1Qjsg9zZ -Q2N4u2gcEfEBn7Gl3J0FkN12mRy8eaVEHuTxcFEsKZVllLBc0yHaM5wBwtln0CpA -oHLQfIKDXP6mPKEU+9/z0oiWP7LiPO5jqKam26GVGIfucx4Yw92eJFpgB3lQzQZN -rStcenUKRmjXdUplalXSXxwqIGMvAJrQyQ7MKTUHKBV/sh1+Mrh9KN1+WRetbOY4 -2k/8Gm42uvmc+u8y2+rzSnoZf3xdVPIbq94rm+IC+jvzMqfL7QPEyT7gsAgGCjlL -CfV1PKj2YRv8IQzQgbRm3Vu++PvIalKQFa2Szc0dz6fgG2AedhYvqloMcgbXgpkM -RRIa7p/lcAR8SGilkiNafOQZBHWVKhXNa2IewyWa6rao1oPydz/6QwuUM6OI9J5a -iH8sEwExEJ74ZZjJ/g4yRaBx13i3tRxXdSG3d7l1VR4Xe0clLW2mo7YDKO3SZXCV -UAVD5SRh/P/WdPJGlpMifccgNZpCGy4Scr+nYXISvrH3+OZl5s/HsxD1eZPEYuvi -QDAljPNWq4BBqRo/cO5wBtZFS8IovT6YA3n9cGslcnlWmpqKvORQMDK35zs/9/Yg -MsjNbAXtv9AnmVSDcUnN20GFLE6lyrn62f2yi3SN3FPLyZP1CmyMDYMkU6LmcGjy -GcN2K4YXkS3Z1QIoOtUvc7FGIEggAA== -=g03h ------END PGP PUBLIC KEY BLOCK----- diff --git a/apache2-mod_security2.spec b/apache2-mod_security2.spec index 4a08b70..be68b80 100644 --- a/apache2-mod_security2.spec +++ b/apache2-mod_security2.spec @@ -27,12 +27,10 @@ License: Apache-2.0 Group: Productivity/Networking/Web/Servers URL: https://www.modsecurity.org/ Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz -Source1: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz.asc -Source10: https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/refs/tags/v3.2.0.tar.gz +Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master//SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz Source2: mod_security2.conf Source6: README-SUSE-mod_security2.txt Source7: empty.conf -Source99: apache2-mod_security2.keyring Patch0: apache2-mod_security2-no_rpath.diff Patch1: modsecurity-fixes.patch Patch2: apache2-mod_security2_tests_conf.patch @@ -64,8 +62,8 @@ applications from known and unknown attacks. %prep %setup -q -n %{tarballname} -%setup -q -D -T -a 10 -n %{tarballname} -mv -v owasp-modsecurity-crs-3.2.0 rules +%setup -q -D -T -a 1 -n %{tarballname} +mv -v SpiderLabs* rules %patch0 %patch1 -p1 %patch2 -p1 diff --git a/modsecurity-2.9.7.tar.gz.asc b/modsecurity-2.9.7.tar.gz.asc deleted file mode 100644 index 32908ad..0000000 --- a/modsecurity-2.9.7.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE8SZpLpuoazlY5z7S8vxORYg7y6QFAmO19QwACgkQ8vxORYg7 -y6R5yhAApYMN3e2fJu3kh1QS3w5KaNNE5tc58eWLBju4A+rTAenNdeciXfmzndJa -59cgNC8wZigSVN/PhNMhj/OJta88TFwzTkuc5CmOZ0zEgudXmIHifkUZZ+4UkCto -ihcrfb9I7JjA5WJ0AB6vpC4tZzqiI3i6ZOiftcKDJbhfFjhfuoBFbmwzfV9RSCna -7AKQWBfrHj5yvjKiBLMIyu045HpWOdhPqbZGm99417cejix8roAIszx0eNlb0oyJ -qIJx3RQStcduLHyIcxMRVn0ftElK8theAJOeO15e7efdJIyaR7Qmu875A8aB3yFk -v6ewLRE2uy4NJfS1daBscs3Ua4QSmpUqaSaa6zBu4OO5jAoS/WPuiSjy5ulmeWEU -CbE/APCgq9v1uOLN7TMmkcZAFZXgJ0bVfauSCgB4jokLQsRwFwH7v9I1PZfLKNb6 -RsJ3zN82tNeJ8n7rzXwDk8Qj1PJFTB/5TXIwlzlACh6774I2Q0mvfdXhUuTphcc4 -P8FQR6lW4uePMZAkNS3yrnzL9XT7NduQNuKGvYS16xMnIwH0C/4X6IL9C5YET6I8 -S8OBBLJ0LRw+M6+jb5Ev9bby7NcY3rB2eXcPjKg2XYhicmLbZ0F9SY8vGyJG0RwK -g0z3+d36XnpHQw8247xEBjdtmKWgNWbpJMZcqVWBwCsAscft3v4= -=ycKi ------END PGP SIGNATURE----- diff --git a/v3.2.0.tar.gz b/v3.2.0.tar.gz deleted file mode 100644 index bcadaab..0000000 --- a/v3.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1e5431d83c24bb745a0d7ae520328a5bcee066e33b0303bd22c864436bdf97a0 -size 282225