diff --git a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz index 78f0869..f6fa190 100644 --- a/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz +++ b/SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bae3ef19925168a3b8ef9663bc9ed677cc6ca2fdbdbdd6111653c1b2991e24e3 -size 280011 +oid sha256:637b53696e96f3855f8d4bc678dd67dc8a4ba1ce7da418dafc74524cbf36c92a +size 291337 diff --git a/apache2-mod_security2.changes b/apache2-mod_security2.changes index 33fce3c..c7ca08f 100644 --- a/apache2-mod_security2.changes +++ b/apache2-mod_security2.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Sat Jul 15 17:09:55 UTC 2023 - Dirk Müller + +- update to 2.9.7: + * Fix: FILES_TMP_CONTENT may sometimes lack complete content + * Support configurable limit on number of arguments processed + * Silence compiler warning about discarded const + * Support for JIT option for PCRE2 + * Use uid for user if apr_uid_name_get() fails + * Fix: handle error with SecConnReadStateLimit configuration + * Only check for pcre2 install if required + * Adjustment of previous fix for log messages + * Mark apache error log messages as from mod_security2 + * Use pkg-config to find libxml2 first + * Support for PCRE2 in mlogc + * Support for PCRE2 + * Adjust parser activation rules in modsecurity.conf- + recommended + * Multipart parsing fixes and new MULTIPART_PART_HEADERS + collection + * Limit rsub null termination to where necessary + * IIS: Update dependencies for next planned release + * XML parser cleanup: NULL duplicate pointer + * Properly cleanup XML parser contexts upon completion + * Fix memory leak in streams + * Fix: negative usec on log line when data type long is 32b + * mlogc log-line parsing fails due to enhanced timestamp + * Allow no-key, single-value JSON body + * Set SecStatusEngine Off in modsecurity.conf-recommended + * Fix memory leak that occurs on JSON parsing error + * Multipart names/filenames may include single quote if double- + quote enclosed + * Add SecRequestBodyJsonDepthLimit to modsecurity.conf- + recommended + * IIS: Update dependencies for Windows build as of v2.9.5 + * Support configurable limit on depth of JSON parsing + ------------------------------------------------------------------- Mon Jul 19 09:37:45 UTC 2021 - Danilo Spinella diff --git a/apache2-mod_security2.spec b/apache2-mod_security2.spec index 4a81f60..be68b80 100644 --- a/apache2-mod_security2.spec +++ b/apache2-mod_security2.spec @@ -1,7 +1,7 @@ # # spec file for package apache2-mod_security2 # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define tarballname modsecurity-%{version} %define usrsharedir %{_datadir}/%{name} Name: apache2-mod_security2 -Version: 2.9.4 +Version: 2.9.7 Release: 0 Summary: Web Application Firewall for apache httpd License: Apache-2.0 @@ -96,13 +96,11 @@ rm -rf %{buildroot}/%{usrsharedir}/rules/util rm -rf %{buildroot}/%{usrsharedir}/rules/lua rm -f %{buildroot}/%{usrsharedir}/rules/READM* rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rules/CHANGELOG -mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \ - %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf # Temporarily disable test suite as there are some failures that need to be solved -#%check -#make test -#make test-regression +%check +make test +# make test-regression %files %{apache_libexecdir}/%{modname}.so diff --git a/modsecurity-2.9.4.tar.gz b/modsecurity-2.9.4.tar.gz deleted file mode 100644 index 1ada6e0..0000000 --- a/modsecurity-2.9.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:970e1801907d181e94faec74d595868a3b4abeb07b790b0f30aea3a5d0e05929 -size 4319796 diff --git a/modsecurity-2.9.7.tar.gz b/modsecurity-2.9.7.tar.gz new file mode 100644 index 0000000..155fd62 --- /dev/null +++ b/modsecurity-2.9.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a28fcfccfef21581486f98d8d5fe0397499749b8380f60ec7bb1c08478e1839 +size 4320766