package/modsecurity2: security bump to version 2.9.7

- Fix CVE-2023-24021: Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer overflows on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. - host-pkgconf is mandatory and used to find libxml2 since baa38ddbaf - pcre2 is supported since: 8fc0b519b7 https://github.com/SpiderLabs/ModSecurity/blob/v2.9.7/CHANGES Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit 42e34cf10f) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-02-05 15:00:02 +01:00 · 2023-02-05 15:00:02 +01:00 · 3665ba04bc
parent 3959f94377
commit 3665ba04bc
3 changed files with 6 additions and 7 deletions
--- a/package/modsecurity2/Config.in
+++ b/package/modsecurity2/Config.in
@ -2,7 +2,7 @@ config BR2_PACKAGE_MODSECURITY2
 	bool "modsecurity2"
 	depends on BR2_PACKAGE_APACHE
 	select BR2_PACKAGE_LIBXML2
-	select BR2_PACKAGE_PCRE
+	select BR2_PACKAGE_PCRE2
 	help
 	  ModSecurity is an open source, cross-platform web application
 	  firewall (WAF) module. Known as the "Swiss Army Knife" of
--- a/package/modsecurity2/modsecurity2.hash
+++ b/package/modsecurity2/modsecurity2.hash
@ -1,5 +1,5 @@
-# From https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.5/modsecurity-2.9.5.tar.gz.sha256
-sha256  e2bfc8cd8b8de1e21f054d310543373ea5d89adbd96784e832be0da3e4dc149e  modsecurity-2.9.5.tar.gz
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.7/modsecurity-2.9.7.tar.gz.sha256
+sha256  2a28fcfccfef21581486f98d8d5fe0397499749b8380f60ec7bb1c08478e1839  modsecurity-2.9.7.tar.gz

 # Locally computed
 sha256  2c564f5a67e49e74c80e5a7dcacd1904e7408f1fd6a95218b38c04f012d94cb9  LICENSE
--- a/package/modsecurity2/modsecurity2.mk
+++ b/package/modsecurity2/modsecurity2.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-MODSECURITY2_VERSION = 2.9.5
+MODSECURITY2_VERSION = 2.9.7
 MODSECURITY2_SOURCE = modsecurity-$(MODSECURITY2_VERSION).tar.gz
 MODSECURITY2_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(MODSECURITY2_VERSION)
 MODSECURITY2_LICENSE = Apache-2.0
@ -12,11 +12,10 @@ MODSECURITY2_LICENSE_FILES = LICENSE
 MODSECURITY2_CPE_ID_VENDOR = trustwave
 MODSECURITY2_CPE_ID_PRODUCT = modsecurity
 MODSECURITY2_INSTALL_STAGING = YES
-MODSECURITY2_DEPENDENCIES = apache libxml2 pcre
+MODSECURITY2_DEPENDENCIES = host-pkgconf apache libxml2 pcre2

 MODSECURITY2_CONF_OPTS = \
-	--with-pcre=$(STAGING_DIR)/usr/bin/pcre-config \
-	--with-libxml=$(STAGING_DIR)/usr \
+	--with-pcre2=$(STAGING_DIR)/usr/bin/pcre2-config \
 	--with-apr=$(STAGING_DIR)/usr/bin/apr-1-config \
 	--with-apu=$(STAGING_DIR)/usr/bin/apu-1-config \
 	--with-apxs=$(STAGING_DIR)/usr/bin/apxs \