[1/1] package/libmodsecurity: security bump to 3.0.12

Message ID	20240217092413.288309-1-frank.vanbever@mind.be
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::429; helo=mail-wr1-x429.google.com; envelope-from=frank.vanbever@essensium.com; receiver=<UNKNOWN> DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 47357605C2 To: buildroot@buildroot.org Date: Sat, 17 Feb 2024 10:24:13 +0100 Message-Id: <20240217092413.288309-1-frank.vanbever@mind.be> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mind.be; s=google; t=1708161868; x=1708766668; darn=buildroot.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=7UqnUp/zielLbmMhZbIGSjyOMzfiGMERAWF5sCeRqkU=; b=Yu4Ge5UCBvKXIZGT5BX5oNFnr5LE+bRg0KX5FkeCE5Ac0eJLQrUGM4ifw4ok9aP05p qrCdO+mQXGxWH/t6qSJK6aFmaVlUBG9lQE3FY026XELoELyWWQzpfLu7Pc7z3y7ehI28 y8oNVqiUtSCPLmFDll6D5ZJFtCqjwPjTU6q45BzlbRxZD7+8do24aLwVb+1FR1sHhHTl PLXUIr96OZ8cnZy7xgnYhZoNKFDSKuERkxG11/pFYn3y5J3FE0B5AZZFIdSBXZ791GKJ 8GQB3jBJNXY7pCBHWl107sa5VSGZlm1/4SqsjE2BK9candnN2VMZvMoIoZShe5HaAaTz orWQ== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=mind.be X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=mind.be header.i=@mind.be header.a=rsa-sha256 header.s=google header.b=Yu4Ge5UC Subject: [Buildroot] [PATCH 1/1] package/libmodsecurity: security bump to 3.0.12 Precedence: list From: Frank Vanbever via buildroot <buildroot@buildroot.org> Reply-To: Frank Vanbever <frank.vanbever@mind.be> Cc: Frank Vanbever <frank.vanbever@mind.be> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/libmodsecurity: security bump to 3.0.12 \| expand [1/1] package/libmodsecurity: security bump to 3.0.12

Message ID

20240217092413.288309-1-frank.vanbever@mind.be

State

Accepted

Headers

Received-SPF: Pass (mailfrom) identity=mailfrom;
 client-ip=2a00:1450:4864:20::429; helo=mail-wr1-x429.google.com;
 envelope-from=frank.vanbever@essensium.com; receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org 47357605C2
To: buildroot@buildroot.org
Date: Sat, 17 Feb 2024 10:24:13 +0100
Message-Id: <20240217092413.288309-1-frank.vanbever@mind.be>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp3.osuosl.org;
 dmarc=pass (p=quarantine dis=none)
 header.from=mind.be
X-Mailman-Original-Authentication-Results: smtp3.osuosl.org;
 dkim=pass (2048-bit key) header.d=mind.be header.i=@mind.be
 header.a=rsa-sha256 header.s=google header.b=Yu4Ge5UC
Subject: [Buildroot] [PATCH 1/1] package/libmodsecurity: security bump to
 3.0.12
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
From: Frank Vanbever via buildroot <buildroot@buildroot.org>
Reply-To: Frank Vanbever <frank.vanbever@mind.be>
Cc: Frank Vanbever <frank.vanbever@mind.be>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/libmodsecurity: security bump to 3.0.12 | expand

Commit Message

Frank Vanbever Feb. 17, 2024, 9:24 a.m. UTC

The project has been transferred from Trustwave (SpiderLabs) to OWASP, hence the
change in URLs. The upstream CPE vendor ID will likely also change in the future
but the upstream is still working on this [1].

- Fixes:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019

[1] https://github.com/owasp-modsecurity/ModSecurity/issues/3083

Signed-off-by: Frank Vanbever <frank.vanbever@mind.be>
---
 package/libmodsecurity/Config.in           | 2 +-
 package/libmodsecurity/libmodsecurity.hash | 5 +++--
 package/libmodsecurity/libmodsecurity.mk   | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

Comments

Yann E. MORIN Feb. 21, 2024, 5:14 p.m. UTC | #1

Frank, All,

On 2024-02-17 10:24 +0100, Frank Vanbever via buildroot spake thusly:
> The project has been transferred from Trustwave (SpiderLabs) to OWASP, hence the
> change in URLs. The upstream CPE vendor ID will likely also change in the future
> but the upstream is still working on this [1].
> 
> - Fixes:
>   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019
> 
> [1] https://github.com/owasp-modsecurity/ModSecurity/issues/3083
> 
> Signed-off-by: Frank Vanbever <frank.vanbever@mind.be>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/libmodsecurity/Config.in           | 2 +-
>  package/libmodsecurity/libmodsecurity.hash | 5 +++--
>  package/libmodsecurity/libmodsecurity.mk   | 4 ++--
>  3 files changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in
> index 69bb0494cc..da14b21669 100644
> --- a/package/libmodsecurity/Config.in
> +++ b/package/libmodsecurity/Config.in
> @@ -17,7 +17,7 @@ config BR2_PACKAGE_LIBMODSECURITY
>  	  SecRules format and apply them to HTTP content
>  	  provided by your application via Connectors.
>  
> -	  https://github.com/SpiderLabs/ModSecurity
> +	  https://github.com/owasp-modsecurity/ModSecurity
>  
>  comment "libmodsecurity needs a toolchain w/ C++, threads, dynamic library"
>  	depends on !BR2_INSTALL_LIBSTDCPP || \
> diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
> index b0a1bf33f3..2221a8a37d 100644
> --- a/package/libmodsecurity/libmodsecurity.hash
> +++ b/package/libmodsecurity/libmodsecurity.hash
> @@ -1,4 +1,5 @@
> -# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.11/modsecurity-v3.0.11.tar.gz.sha256
> -sha256  070f46c779d30785b95eb1316b46e2e4e6f90fd94a96aaca4bd54cd94738b692  modsecurity-v3.0.11.tar.gz
> +# From https://github.com/owasp-modsecurity/ModSecurity/releases/download/v3.0.12/modsecurity-v3.0.12.tar.gz.sha256
> +sha256  a36118401641feef376bb469bf468abf94b7948844976a188a6fccb53390b11f  modsecurity-v3.0.12.tar.gz
> +
>  # Localy calculated
>  sha256  c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE
> diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
> index 548eeb8602..d8c10b98b2 100644
> --- a/package/libmodsecurity/libmodsecurity.mk
> +++ b/package/libmodsecurity/libmodsecurity.mk
> @@ -4,9 +4,9 @@
>  #
>  ################################################################################
>  
> -LIBMODSECURITY_VERSION = 3.0.11
> +LIBMODSECURITY_VERSION = 3.0.12
>  LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
> -LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
> +LIBMODSECURITY_SITE = https://github.com/owasp-modsecurity/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
>  LIBMODSECURITY_INSTALL_STAGING = YES
>  LIBMODSECURITY_LICENSE = Apache-2.0
>  LIBMODSECURITY_LICENSE_FILES = LICENSE
> -- 
> 2.40.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

Peter Korsgaard March 16, 2024, 10:28 p.m. UTC | #2

>>>>> "Frank" == Frank Vanbever via buildroot <buildroot@buildroot.org> writes:

 > The project has been transferred from Trustwave (SpiderLabs) to OWASP, hence the
 > change in URLs. The upstream CPE vendor ID will likely also change in the future
 > but the upstream is still working on this [1].

 > - Fixes:
 >   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019

 > [1] https://github.com/owasp-modsecurity/ModSecurity/issues/3083

 > Signed-off-by: Frank Vanbever <frank.vanbever@mind.be>

Committed to 2023.02.x and 2023.11.x, thanks.

diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in
index 69bb0494cc..da14b21669 100644
--- a/package/libmodsecurity/Config.in
+++ b/package/libmodsecurity/Config.in
@@ -17,7 +17,7 @@  config BR2_PACKAGE_LIBMODSECURITY
 	  SecRules format and apply them to HTTP content
 	  provided by your application via Connectors.
 
-	  https://github.com/SpiderLabs/ModSecurity
+	  https://github.com/owasp-modsecurity/ModSecurity
 
 comment "libmodsecurity needs a toolchain w/ C++, threads, dynamic library"
 	depends on !BR2_INSTALL_LIBSTDCPP || \
diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
index b0a1bf33f3..2221a8a37d 100644
--- a/package/libmodsecurity/libmodsecurity.hash
+++ b/package/libmodsecurity/libmodsecurity.hash
@@ -1,4 +1,5 @@ 
-# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.11/modsecurity-v3.0.11.tar.gz.sha256
-sha256  070f46c779d30785b95eb1316b46e2e4e6f90fd94a96aaca4bd54cd94738b692  modsecurity-v3.0.11.tar.gz
+# From https://github.com/owasp-modsecurity/ModSecurity/releases/download/v3.0.12/modsecurity-v3.0.12.tar.gz.sha256
+sha256  a36118401641feef376bb469bf468abf94b7948844976a188a6fccb53390b11f  modsecurity-v3.0.12.tar.gz
+
 # Localy calculated
 sha256  c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE
diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
index 548eeb8602..d8c10b98b2 100644
--- a/package/libmodsecurity/libmodsecurity.mk
+++ b/package/libmodsecurity/libmodsecurity.mk
@@ -4,9 +4,9 @@ 
 #
 ################################################################################
 
-LIBMODSECURITY_VERSION = 3.0.11
+LIBMODSECURITY_VERSION = 3.0.12
 LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
-LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
+LIBMODSECURITY_SITE = https://github.com/owasp-modsecurity/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
 LIBMODSECURITY_INSTALL_STAGING = YES
 LIBMODSECURITY_LICENSE = Apache-2.0
 LIBMODSECURITY_LICENSE_FILES = LICENSE

[1/1] package/libmodsecurity: security bump to 3.0.12

Commit Message

Comments

Patch