Accepting request 1149082 from Apache:Modules

Prepare for RPM 4.20 (forwarded request 1147828 from dimstar) OBS-URL: https://build.opensuse.org/request/show/1149082 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2-mod_security2?expand=0&rev=29
2024-02-22 19:59:10 +00:00 · 2024-02-22 19:59:10 +00:00 · 768d5ed2e7
commit 768d5ed2e7
parent e21ae5f2cf 933e8d6dbd
5 changed files with 56 additions and 16 deletions
--- a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
+++ b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:bae3ef19925168a3b8ef9663bc9ed677cc6ca2fdbdbdd6111653c1b2991e24e3
-size 280011
+oid sha256:637b53696e96f3855f8d4bc678dd67dc8a4ba1ce7da418dafc74524cbf36c92a
+size 291337
--- a/apache2-mod_security2.changes
+++ b/apache2-mod_security2.changes
@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Tue Feb 20 11:02:36 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Sat Jul 15 17:09:55 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.9.7:
+  * Fix: FILES_TMP_CONTENT may sometimes lack complete content
+  * Support configurable limit on number of arguments processed
+  * Silence compiler warning about discarded const
+  * Support for JIT option for PCRE2
+  * Use uid for user if apr_uid_name_get() fails
+  * Fix: handle error with SecConnReadStateLimit configuration
+  * Only check for pcre2 install if required
+  * Adjustment of previous fix for log messages
+  * Mark apache error log messages as from mod_security2
+  * Use pkg-config to find libxml2 first
+  * Support for PCRE2 in mlogc
+  * Support for PCRE2
+  * Adjust parser activation rules in modsecurity.conf-
+    recommended
+  * Multipart parsing fixes and new MULTIPART_PART_HEADERS
+    collection
+  * Limit rsub null termination to where necessary
+  * IIS: Update dependencies for next planned release
+  * XML parser cleanup: NULL duplicate pointer
+  * Properly cleanup XML parser contexts upon completion
+  * Fix memory leak in streams
+  * Fix: negative usec on log line when data type long is 32b
+  * mlogc log-line parsing fails due to enhanced timestamp
+  * Allow no-key, single-value JSON body
+  * Set SecStatusEngine Off in modsecurity.conf-recommended
+  * Fix memory leak that occurs on JSON parsing error
+  * Multipart names/filenames may include single quote if double-
+    quote enclosed
+  * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-
+    recommended
+  * IIS: Update dependencies for Windows build as of v2.9.5
+  * Support configurable limit on depth of JSON parsing
+
 -------------------------------------------------------------------
 Mon Jul 19 09:37:45 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>

--- a/apache2-mod_security2.spec
+++ b/apache2-mod_security2.spec
@ -1,7 +1,7 @@
 #
 # spec file for package apache2-mod_security2
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -20,7 +20,7 @@
 %define tarballname   modsecurity-%{version}
 %define usrsharedir %{_datadir}/%{name}
 Name:           apache2-mod_security2
-Version:        2.9.4
+Version:        2.9.7
 Release:        0
 Summary:        Web Application Firewall for apache httpd
 License:        Apache-2.0
@ -64,10 +64,10 @@ applications from known and unknown attacks.
 %setup -q -n %{tarballname}
 %setup -q -D -T -a 1 -n %{tarballname}
 mv -v SpiderLabs* rules
-%patch0
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
+%patch -P 0
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1

 %build
 aclocal
@ -96,13 +96,11 @@ rm -rf %{buildroot}/%{usrsharedir}/rules/util
 rm -rf %{buildroot}/%{usrsharedir}/rules/lua
 rm -f %{buildroot}/%{usrsharedir}/rules/READM*
 rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rules/CHANGELOG
-mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
-  %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf

 # Temporarily disable test suite as there are some failures that need to be solved
-#%check
-#make test
-#make test-regression
+%check
+make test
+# make test-regression

 %files
 %{apache_libexecdir}/%{modname}.so
--- a/modsecurity-2.9.4.tar.gz
+++ b/modsecurity-2.9.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:970e1801907d181e94faec74d595868a3b4abeb07b790b0f30aea3a5d0e05929
-size 4319796
--- a/modsecurity-2.9.7.tar.gz
+++ b/modsecurity-2.9.7.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a28fcfccfef21581486f98d8d5fe0397499749b8380f60ec7bb1c08478e1839
+size 4320766