[Buildroot] [git commit branch/2023.02.x] package/libmodsecurity: security bump to version 3.0.10
Peter Korsgaard
peter at korsgaard.com
Wed Sep 13 15:56:53 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=0f4e4a75ad21b2e41b6d81a851a5b78b1a5cdd9a
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x
- Fixes CVE-2023-38285 [1]
- Adapted 0001-configure.ac-drop-usage-of-git-at-configure-time.patch due to
upstream moving to autoconf portable shell constructs.
Signed-off-by: Frank Vanbever <frank.vanbever at mind.be>
[1] https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
Signed-off-by: Frank Vanbever <frank.vanbever at mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
(cherry picked from commit 670329f057b656be06b217fab411d90695988b41)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
...nfigure.ac-drop-usage-of-git-at-configure-time.patch | 17 +++++++++--------
.../0002-modsecurity.pc.in-add-lstdc.patch | 5 +++--
package/libmodsecurity/libmodsecurity.hash | 4 ++--
package/libmodsecurity/libmodsecurity.mk | 2 +-
4 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/package/libmodsecurity/0001-configure.ac-drop-usage-of-git-at-configure-time.patch b/package/libmodsecurity/0001-configure.ac-drop-usage-of-git-at-configure-time.patch
index 14767fb28e..6853b19ccd 100644
--- a/package/libmodsecurity/0001-configure.ac-drop-usage-of-git-at-configure-time.patch
+++ b/package/libmodsecurity/0001-configure.ac-drop-usage-of-git-at-configure-time.patch
@@ -1,4 +1,4 @@
-From a2116312068b6b2c5732dfebde19b751cc81d4f3 Mon Sep 17 00:00:00 2001
+From d242b011a8f0d84781bbf7667a44a12646903ca4 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
Date: Sun, 1 Aug 2021 23:21:35 +0200
Subject: [PATCH] configure.ac: drop usage of git at configure time
@@ -8,12 +8,13 @@ which is not very useful, and causes a significant number of warning
when regenerating the configure script.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
+Signed-off-by: Frank Vanbever <frank.vanbever at mind.be>
---
configure.ac | 23 -----------------------
1 file changed, 23 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 20163e1e..14e5892a 100644
+index 66d6f4f2..746b1fb4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,6 @@
@@ -46,7 +47,7 @@ index 20163e1e..14e5892a 100644
# Check for yajl
-@@ -217,10 +208,6 @@ AC_SUBST([MSC_VERSION_WITH_PATCHLEVEL])
+@@ -224,10 +215,6 @@ AC_SUBST([MSC_VERSION_WITH_PATCHLEVEL])
MSC_VERSION=msc_version
AC_SUBST([MSC_VERSION])
@@ -55,9 +56,9 @@ index 20163e1e..14e5892a 100644
-
-
AC_ARG_ENABLE(debug-logs,
- [AC_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
+ [AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
-@@ -412,16 +399,6 @@ AC_OUTPUT
+@@ -419,16 +406,6 @@ AC_OUTPUT
# Print a fancy summary
@@ -66,14 +67,14 @@ index 20163e1e..14e5892a 100644
-echo "ModSecurity - ${MSC_GIT_VERSION} for $PLATFORM"
-echo " "
-echo " Mandatory dependencies"
--echo -n " + libInjection ...."
+-AS_ECHO_N(" + libInjection ....")
-echo LIBINJECTION_VERSION
--echo -n " + SecLang tests ...."
+-AS_ECHO_N(" + SecLang tests ....")
-echo SECLANG_TEST_VERSION
-
echo " "
echo " Optional dependencies"
--
-2.31.1
+2.39.2
diff --git a/package/libmodsecurity/0002-modsecurity.pc.in-add-lstdc.patch b/package/libmodsecurity/0002-modsecurity.pc.in-add-lstdc.patch
index 6511e6f1e0..9e0b672c8d 100644
--- a/package/libmodsecurity/0002-modsecurity.pc.in-add-lstdc.patch
+++ b/package/libmodsecurity/0002-modsecurity.pc.in-add-lstdc.patch
@@ -1,4 +1,4 @@
-From 1a84881b280eb08852d5495c57e44351a40d3f91 Mon Sep 17 00:00:00 2001
+From 4129643d657b5d0cce83f9ec4ca27289fd69ec43 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Date: Mon, 26 Jul 2021 00:24:57 +0200
Subject: [PATCH] modsecurity.pc.in: add -lstdc++
@@ -13,6 +13,7 @@ Fixes:
- http://autobuild.buildroot.org/results/e5a9eb8448980f1c5cafe97180b7d1f48ddf02ca
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
+Signed-off-by: Frank Vanbever <frank.vanbever at mind.be>
---
modsecurity.pc.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
@@ -28,5 +29,5 @@ index 96cdf5ca..7c895ddc 100644
-Libs.private: @CURL_LDADD@ @GEOIP_LDADD@ @MAXMIND_LDADD@ @GLOBAL_LDADD@ @LIBXML2_LDADD@ @LMDB_LDADD@ @LUA_LDADD@ @PCRE_LDADD@ @SSDEEP_LDADD@ @YAJL_LDADD@
+Libs.private: @CURL_LDADD@ @GEOIP_LDADD@ @MAXMIND_LDADD@ @GLOBAL_LDADD@ @LIBXML2_LDADD@ @LMDB_LDADD@ @LUA_LDADD@ @PCRE_LDADD@ @SSDEEP_LDADD@ @YAJL_LDADD@ -lstdc++
--
-2.30.2
+2.39.2
diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
index c79ae1cf45..7bcf99e167 100644
--- a/package/libmodsecurity/libmodsecurity.hash
+++ b/package/libmodsecurity/libmodsecurity.hash
@@ -1,4 +1,4 @@
-# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.9/modsecurity-v3.0.9.tar.gz.sha256
-sha256 a5111ecd23e332a1d7c9652dbdb18517a96b21573315cb887a8e86761b95d3d8 modsecurity-v3.0.9.tar.gz
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.10/modsecurity-v3.0.10.tar.gz.sha256
+sha256 d5d459f7c2e57a69a405f3222d8e285de419a594b0ea8829058709962227ead0 modsecurity-v3.0.10.tar.gz
# Localy calculated
sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
index 335f3a41e5..257f0a56df 100644
--- a/package/libmodsecurity/libmodsecurity.mk
+++ b/package/libmodsecurity/libmodsecurity.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBMODSECURITY_VERSION = 3.0.9
+LIBMODSECURITY_VERSION = 3.0.10
LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
LIBMODSECURITY_INSTALL_STAGING = YES
More information about the buildroot
mailing list