[Buildroot] [git commit branch/2021.05.x] package/libmodsecurity: security bump to version 3.0.5
Peter Korsgaard
peter at korsgaard.com
Fri Jul 30 13:20:31 UTC 2021
commit: https://git.buildroot.net/buildroot/commit/?id=db7d49f4cffa74a08807735807d229e802134b66
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.05.x
Security Impacting Issues
Handle URI received with uri-fragment
[@martinhsv]
- Drop patches (already in version) and so drop autoreconf
- Static linking is supported since
https://github.com/SpiderLabs/ModSecurity/commit/f76a1a667b8fdbcfe0d943daca9b41eb59cc61f3
- Update indentation in hash file (two spaces)
https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
(cherry picked from commit 464d0be380c84ac7c3f1684e49153c3868280d7e)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
...-when-CANONICAL_HOST-cannot-be-determined.patch | 31 ----------------------
...0002-test-for-uClinux-in-configure-script.patch | 28 -------------------
package/libmodsecurity/Config.in | 6 ++---
package/libmodsecurity/libmodsecurity.hash | 6 ++---
package/libmodsecurity/libmodsecurity.mk | 4 +--
package/nginx-modsecurity/Config.in | 6 ++---
6 files changed, 8 insertions(+), 73 deletions(-)
diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
deleted file mode 100644
index ab00a14e2a..0000000000
--- a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001
-From: Frank Vanbever <frank.vanbever at essensium.com>
-Date: Fri, 10 Jan 2020 11:14:43 +0100
-Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined
-
-When the CANONICAL_HOST is unknown the configure script exits
-with exit code 0 even though no makefile was produced.
-
-Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
-
-Signed-off-by: Frank Vanbever <frank.vanbever at essensium.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 95e48843..5e6971f4 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -193,7 +193,7 @@ case $host in
- ;;
- *)
- echo "Unknown CANONICAL_HOST $host"
-- exit
-+ exit 1
- ;;
- esac
-
---
-2.20.1
-
diff --git a/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
deleted file mode 100644
index ccd96fea95..0000000000
--- a/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 13c505e30474c919ed9ae552e459769c456da21e Mon Sep 17 00:00:00 2001
-From: Frank Vanbever <frank.vanbever at essensium.com>
-Date: Fri, 10 Jan 2020 11:24:43 +0100
-Subject: [PATCH] test for uClinux in configure script
-
-Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235
-
-Signed-off-by: Frank Vanbever <frank.vanbever at essensium.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5e6971f4..51d38071 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -156,7 +156,7 @@ case $host in
- AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
- PLATFORM="MacOSX"
- ;;
-- *-*-linux*)
-+ *-*-linux* | *-*uclinux*)
- echo "Checking platform... Identified as Linux"
- AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
- PLATFORM="Linux"
---
-2.20.1
-
diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in
index ea58c6d0e2..87f7a9c103 100644
--- a/package/libmodsecurity/Config.in
+++ b/package/libmodsecurity/Config.in
@@ -1,7 +1,6 @@
config BR2_PACKAGE_LIBMODSECURITY
bool "libmodsecurity"
depends on BR2_INSTALL_LIBSTDCPP
- depends on !BR2_STATIC_LIBS
depends on BR2_TOOLCHAIN_HAS_THREADS
select BR2_PACKAGE_PCRE
help
@@ -16,6 +15,5 @@ config BR2_PACKAGE_LIBMODSECURITY
https://github.com/SpiderLabs/ModSecurity
-comment "libmodsecurity needs a toolchain w/ C++, dynamic library, threads"
- depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS || \
- !BR2_TOOLCHAIN_HAS_THREADS
+comment "libmodsecurity needs a toolchain w/ C++, threads"
+ depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
index ddce3ef9c6..dff39569c1 100644
--- a/package/libmodsecurity/libmodsecurity.hash
+++ b/package/libmodsecurity/libmodsecurity.hash
@@ -1,4 +1,4 @@
-# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.4/modsecurity-v3.0.4.tar.gz.sha256
-sha256 b4231177dd80b4e076b228e57d498670113b69d445bab86db25f65346c24db22 modsecurity-v3.0.4.tar.gz
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.5/modsecurity-v3.0.5.tar.gz.sha256
+sha256 751bf95a7a8d39c440d0c26ec1f73961550ca2eb2ac9e2e7a56dce2dd7b959e9 modsecurity-v3.0.5.tar.gz
# Localy calculated
-sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
+sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE
diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
index 605f7eb03e..b2637257b6 100644
--- a/package/libmodsecurity/libmodsecurity.mk
+++ b/package/libmodsecurity/libmodsecurity.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBMODSECURITY_VERSION = 3.0.4
+LIBMODSECURITY_VERSION = 3.0.5
LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
LIBMODSECURITY_INSTALL_STAGING = YES
@@ -12,8 +12,6 @@ LIBMODSECURITY_LICENSE = Apache-2.0
LIBMODSECURITY_LICENSE_FILES = LICENSE
LIBMODSECURITY_CPE_ID_VENDOR = trustwave
LIBMODSECURITY_CPE_ID_PRODUCT = modsecurity
-# 0002-test-for-uClinux-in-configure-script.patch
-LIBMODSECURITY_AUTORECONF = YES
LIBMODSECURITY_DEPENDENCIES = pcre
LIBMODSECURITY_CONF_OPTS = \
diff --git a/package/nginx-modsecurity/Config.in b/package/nginx-modsecurity/Config.in
index 2af11eeee2..470424a530 100644
--- a/package/nginx-modsecurity/Config.in
+++ b/package/nginx-modsecurity/Config.in
@@ -2,7 +2,6 @@ config BR2_PACKAGE_NGINX_MODSECURITY
bool "nginx-modsecurity"
depends on BR2_PACKAGE_NGINX_HTTP
depends on BR2_INSTALL_LIBSTDCPP # libmodsecurity
- depends on !BR2_STATIC_LIBS # libmodsecurity
depends on BR2_TOOLCHAIN_HAS_THREADS # libmodsecurity
select BR2_PACKAGE_PCRE # libmodsecurity
select BR2_PACKAGE_LIBMODSECURITY
@@ -13,7 +12,6 @@ config BR2_PACKAGE_NGINX_MODSECURITY
https://github.com/SpiderLabs/ModSecurity-nginx
-comment "nginx-modsecurity needs a toolchain w/ C++, dynamic library, threads"
+comment "nginx-modsecurity needs a toolchain w/ C++, threads"
depends on BR2_PACKAGE_NGINX_HTTP
- depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS || \
- !BR2_TOOLCHAIN_HAS_THREADS
+ depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS
More information about the buildroot
mailing list