Accepting request 1098838 from home:dirkmueller:Factory

- update to 2.9.7:
  * Fix: FILES_TMP_CONTENT may sometimes lack complete content
  * Support configurable limit on number of arguments processed
  * Silence compiler warning about discarded const
  * Support for JIT option for PCRE2
  * Use uid for user if apr_uid_name_get() fails
  * Fix: handle error with SecConnReadStateLimit configuration
  * Only check for pcre2 install if required
  * Adjustment of previous fix for log messages
  * Mark apache error log messages as from mod_security2
  * Use pkg-config to find libxml2 first
  * Support for PCRE2 in mlogc
  * Support for PCRE2
  * Adjust parser activation rules in modsecurity.conf-
    recommended
  * Multipart parsing fixes and new MULTIPART_PART_HEADERS
    collection
  * Limit rsub null termination to where necessary
  * IIS: Update dependencies for next planned release
  * XML parser cleanup: NULL duplicate pointer
  * Properly cleanup XML parser contexts upon completion
  * Fix memory leak in streams
  * Fix: negative usec on log line when data type long is 32b
  * mlogc log-line parsing fails due to enhanced timestamp
  * Allow no-key, single-value JSON body
  * Set SecStatusEngine Off in modsecurity.conf-recommended
  * Fix memory leak that occurs on JSON parsing error
  * Multipart names/filenames may include single quote if double-
    quote enclosed
  * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-

OBS-URL: https://build.opensuse.org/request/show/1098838
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_security2?expand=0&rev=87

SpiderLabs-owasp-modsecurity-crs-2.2.9-5-gebe8790.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:bae3ef19925168a3b8ef9663bc9ed677cc6ca2fdbdbdd6111653c1b2991e24e3
+oid sha256:637b53696e96f3855f8d4bc678dd67dc8a4ba1ce7da418dafc74524cbf36c92a
-size 280011
+size 291337

apache2-mod_security2.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Sat Jul 15 17:09:55 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.9.7:
+  * Fix: FILES_TMP_CONTENT may sometimes lack complete content
+  * Support configurable limit on number of arguments processed
+  * Silence compiler warning about discarded const
+  * Support for JIT option for PCRE2
+  * Use uid for user if apr_uid_name_get() fails
+  * Fix: handle error with SecConnReadStateLimit configuration
+  * Only check for pcre2 install if required
+  * Adjustment of previous fix for log messages
+  * Mark apache error log messages as from mod_security2
+  * Use pkg-config to find libxml2 first
+  * Support for PCRE2 in mlogc
+  * Support for PCRE2
+  * Adjust parser activation rules in modsecurity.conf-
+    recommended
+  * Multipart parsing fixes and new MULTIPART_PART_HEADERS
+    collection
+  * Limit rsub null termination to where necessary
+  * IIS: Update dependencies for next planned release
+  * XML parser cleanup: NULL duplicate pointer
+  * Properly cleanup XML parser contexts upon completion
+  * Fix memory leak in streams
+  * Fix: negative usec on log line when data type long is 32b
+  * mlogc log-line parsing fails due to enhanced timestamp
+  * Allow no-key, single-value JSON body
+  * Set SecStatusEngine Off in modsecurity.conf-recommended
+  * Fix memory leak that occurs on JSON parsing error
+  * Multipart names/filenames may include single quote if double-
+    quote enclosed
+  * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-
+    recommended
+  * IIS: Update dependencies for Windows build as of v2.9.5
+  * Support configurable limit on depth of JSON parsing
+
 -------------------------------------------------------------------
 Mon Jul 19 09:37:45 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
 

apache2-mod_security2.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package apache2-mod_security2
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
 %define tarballname   modsecurity-%{version}
 %define usrsharedir %{_datadir}/%{name}
 Name:           apache2-mod_security2
-Version:        2.9.4
+Version:        2.9.7
 Release:        0
 Summary:        Web Application Firewall for apache httpd
 License:        Apache-2.0
@@ -96,13 +96,11 @@ rm -rf %{buildroot}/%{usrsharedir}/rules/util
 rm -rf %{buildroot}/%{usrsharedir}/rules/lua
 rm -f %{buildroot}/%{usrsharedir}/rules/READM*
 rm -f %{buildroot}/%{usrsharedir}/rules/INSTALL %{buildroot}/%{usrsharedir}/rules/CHANGELOG
-mv %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf.example \
-  %{buildroot}/%{usrsharedir}/rules/modsecurity_crs_10_setup.conf
 
 # Temporarily disable test suite as there are some failures that need to be solved
-#%check
+%check
-#make test
+make test
-#make test-regression
+# make test-regression
 
 %files
 %{apache_libexecdir}/%{modname}.so

modsecurity-2.9.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:970e1801907d181e94faec74d595868a3b4abeb07b790b0f30aea3a5d0e05929
-size 4319796

modsecurity-2.9.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a28fcfccfef21581486f98d8d5fe0397499749b8380f60ec7bb1c08478e1839
+size 4320766