Accepting request 1098838 from home:dirkmueller:Factory

- update to 2.9.7: * Fix: FILES_TMP_CONTENT may sometimes lack complete content * Support configurable limit on number of arguments processed * Silence compiler warning about discarded const * Support for JIT option for PCRE2 * Use uid for user if apr_uid_name_get() fails * Fix: handle error with SecConnReadStateLimit configuration * Only check for pcre2 install if required * Adjustment of previous fix for log messages * Mark apache error log messages as from mod_security2 * Use pkg-config to find libxml2 first * Support for PCRE2 in mlogc * Support for PCRE2 * Adjust parser activation rules in modsecurity.conf- recommended * Multipart parsing fixes and new MULTIPART_PART_HEADERS collection * Limit rsub null termination to where necessary * IIS: Update dependencies for next planned release * XML parser cleanup: NULL duplicate pointer * Properly cleanup XML parser contexts upon completion * Fix memory leak in streams * Fix: negative usec on log line when data type long is 32b * mlogc log-line parsing fails due to enhanced timestamp * Allow no-key, single-value JSON body * Set SecStatusEngine Off in modsecurity.conf-recommended * Fix memory leak that occurs on JSON parsing error * Multipart names/filenames may include single quote if double- quote enclosed * Add SecRequestBodyJsonDepthLimit to modsecurity.conf- OBS-URL: https://build.opensuse.org/request/show/1098838 OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=87
2023-07-17 08:33:54 +00:00 · 2023-07-17 08:33:54 +00:00 · ca6551fe3a
commit ca6551fe3a
parent 1dd8c36c28
5 changed files with 47 additions and 12 deletions
--- a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
+++ b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:bae3ef19925168a3b8ef9663bc9ed677cc6ca2fdbdbdd6111653c1b2991e24e3
-size 280011
+oid sha256:637b53696e96f3855f8d4bc678dd67dc8a4ba1ce7da418dafc74524cbf36c92a
+size 291337
--- a/apache2-mod_security2.changes
+++ b/apache2-mod_security2.changes
@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Sat Jul 15 17:09:55 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.9.7:
+  * Fix: FILES_TMP_CONTENT may sometimes lack complete content
+  * Support configurable limit on number of arguments processed
+  * Silence compiler warning about discarded const
+  * Support for JIT option for PCRE2
+  * Use uid for user if apr_uid_name_get() fails
+  * Fix: handle error with SecConnReadStateLimit configuration
+  * Only check for pcre2 install if required
+  * Adjustment of previous fix for log messages
+  * Mark apache error log messages as from mod_security2
+  * Use pkg-config to find libxml2 first
+  * Support for PCRE2 in mlogc
+  * Support for PCRE2
+  * Adjust parser activation rules in modsecurity.conf-
+    recommended
+  * Multipart parsing fixes and new MULTIPART_PART_HEADERS
+    collection
+  * Limit rsub null termination to where necessary
+  * IIS: Update dependencies for next planned release
+  * XML parser cleanup: NULL duplicate pointer
+  * Properly cleanup XML parser contexts upon completion
+  * Fix memory leak in streams
+  * Fix: negative usec on log line when data type long is 32b
+  * mlogc log-line parsing fails due to enhanced timestamp
+  * Allow no-key, single-value JSON body
+  * Set SecStatusEngine Off in modsecurity.conf-recommended
+  * Fix memory leak that occurs on JSON parsing error
+  * Multipart names/filenames may include single quote if double-
+    quote enclosed
+  * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-
+    recommended
+  * IIS: Update dependencies for Windows build as of v2.9.5
+  * Support configurable limit on depth of JSON parsing
+
 -------------------------------------------------------------------
 Mon Jul 19 09:37:45 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>

--- a/apache2-mod_security2.spec
+++ b/apache2-mod_security2.spec
@ -1,7 +1,7 @@
 #
 # spec file for package apache2-mod_security2
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -20,7 +20,7 @@
 %define tarballname   modsecurity-%{version}
 %define usrsharedir %{_datadir}/%{name}
 Name:           apache2-mod_security2
-Version:        2.9.4
+Version:        2.9.7
 Release:        0
 Summary:        Web Application Firewall for apache httpd
 License:        Apache-2.0
@ -96,13 +96,11 @@ rm -rf %{buildroot}/%{usrsharedir}/rules/util
 rm -rf %{buildroot}/%{usrsharedir}/rules/lua
 rm -f %{buildroot}/%{usrsharedir}/rules/READM*
 rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rules/CHANGELOG
-mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
-  %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf

 # Temporarily disable test suite as there are some failures that need to be solved
-#%check
-#make test
-#make test-regression
+%check
+make test
+# make test-regression

 %files
 %{apache_libexecdir}/%{modname}.so
--- a/modsecurity-2.9.4.tar.gz
+++ b/modsecurity-2.9.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:970e1801907d181e94faec74d595868a3b4abeb07b790b0f30aea3a5d0e05929
-size 4319796
--- a/modsecurity-2.9.7.tar.gz
+++ b/modsecurity-2.9.7.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a28fcfccfef21581486f98d8d5fe0397499749b8380f60ec7bb1c08478e1839
+size 4320766