Message ID | 20240217092413.288309-1-frank.vanbever@mind.be |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/libmodsecurity: security bump to 3.0.12 | expand |
Frank, All, On 2024-02-17 10:24 +0100, Frank Vanbever via buildroot spake thusly: > The project has been transferred from Trustwave (SpiderLabs) to OWASP, hence the > change in URLs. The upstream CPE vendor ID will likely also change in the future > but the upstream is still working on this [1]. > > - Fixes: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019 > > [1] https://github.com/owasp-modsecurity/ModSecurity/issues/3083 > > Signed-off-by: Frank Vanbever <frank.vanbever@mind.be> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/libmodsecurity/Config.in | 2 +- > package/libmodsecurity/libmodsecurity.hash | 5 +++-- > package/libmodsecurity/libmodsecurity.mk | 4 ++-- > 3 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in > index 69bb0494cc..da14b21669 100644 > --- a/package/libmodsecurity/Config.in > +++ b/package/libmodsecurity/Config.in > @@ -17,7 +17,7 @@ config BR2_PACKAGE_LIBMODSECURITY > SecRules format and apply them to HTTP content > provided by your application via Connectors. > > - https://github.com/SpiderLabs/ModSecurity > + https://github.com/owasp-modsecurity/ModSecurity > > comment "libmodsecurity needs a toolchain w/ C++, threads, dynamic library" > depends on !BR2_INSTALL_LIBSTDCPP || \ > diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash > index b0a1bf33f3..2221a8a37d 100644 > --- a/package/libmodsecurity/libmodsecurity.hash > +++ b/package/libmodsecurity/libmodsecurity.hash > @@ -1,4 +1,5 @@ > -# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.11/modsecurity-v3.0.11.tar.gz.sha256 > -sha256 070f46c779d30785b95eb1316b46e2e4e6f90fd94a96aaca4bd54cd94738b692 modsecurity-v3.0.11.tar.gz > +# From https://github.com/owasp-modsecurity/ModSecurity/releases/download/v3.0.12/modsecurity-v3.0.12.tar.gz.sha256 > +sha256 a36118401641feef376bb469bf468abf94b7948844976a188a6fccb53390b11f modsecurity-v3.0.12.tar.gz > + > # Localy calculated > sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE > diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk > index 548eeb8602..d8c10b98b2 100644 > --- a/package/libmodsecurity/libmodsecurity.mk > +++ b/package/libmodsecurity/libmodsecurity.mk > @@ -4,9 +4,9 @@ > # > ################################################################################ > > -LIBMODSECURITY_VERSION = 3.0.11 > +LIBMODSECURITY_VERSION = 3.0.12 > LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz > -LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION) > +LIBMODSECURITY_SITE = https://github.com/owasp-modsecurity/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION) > LIBMODSECURITY_INSTALL_STAGING = YES > LIBMODSECURITY_LICENSE = Apache-2.0 > LIBMODSECURITY_LICENSE_FILES = LICENSE > -- > 2.40.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Frank" == Frank Vanbever via buildroot <buildroot@buildroot.org> writes: > The project has been transferred from Trustwave (SpiderLabs) to OWASP, hence the > change in URLs. The upstream CPE vendor ID will likely also change in the future > but the upstream is still working on this [1]. > - Fixes: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019 > [1] https://github.com/owasp-modsecurity/ModSecurity/issues/3083 > Signed-off-by: Frank Vanbever <frank.vanbever@mind.be> Committed to 2023.02.x and 2023.11.x, thanks.
diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in index 69bb0494cc..da14b21669 100644 --- a/package/libmodsecurity/Config.in +++ b/package/libmodsecurity/Config.in @@ -17,7 +17,7 @@ config BR2_PACKAGE_LIBMODSECURITY SecRules format and apply them to HTTP content provided by your application via Connectors. - https://github.com/SpiderLabs/ModSecurity + https://github.com/owasp-modsecurity/ModSecurity comment "libmodsecurity needs a toolchain w/ C++, threads, dynamic library" depends on !BR2_INSTALL_LIBSTDCPP || \ diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash index b0a1bf33f3..2221a8a37d 100644 --- a/package/libmodsecurity/libmodsecurity.hash +++ b/package/libmodsecurity/libmodsecurity.hash @@ -1,4 +1,5 @@ -# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.11/modsecurity-v3.0.11.tar.gz.sha256 -sha256 070f46c779d30785b95eb1316b46e2e4e6f90fd94a96aaca4bd54cd94738b692 modsecurity-v3.0.11.tar.gz +# From https://github.com/owasp-modsecurity/ModSecurity/releases/download/v3.0.12/modsecurity-v3.0.12.tar.gz.sha256 +sha256 a36118401641feef376bb469bf468abf94b7948844976a188a6fccb53390b11f modsecurity-v3.0.12.tar.gz + # Localy calculated sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk index 548eeb8602..d8c10b98b2 100644 --- a/package/libmodsecurity/libmodsecurity.mk +++ b/package/libmodsecurity/libmodsecurity.mk @@ -4,9 +4,9 @@ # ################################################################################ -LIBMODSECURITY_VERSION = 3.0.11 +LIBMODSECURITY_VERSION = 3.0.12 LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz -LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION) +LIBMODSECURITY_SITE = https://github.com/owasp-modsecurity/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION) LIBMODSECURITY_INSTALL_STAGING = YES LIBMODSECURITY_LICENSE = Apache-2.0 LIBMODSECURITY_LICENSE_FILES = LICENSE
The project has been transferred from Trustwave (SpiderLabs) to OWASP, hence the change in URLs. The upstream CPE vendor ID will likely also change in the future but the upstream is still working on this [1]. - Fixes: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1019 [1] https://github.com/owasp-modsecurity/ModSecurity/issues/3083 Signed-off-by: Frank Vanbever <frank.vanbever@mind.be> --- package/libmodsecurity/Config.in | 2 +- package/libmodsecurity/libmodsecurity.hash | 5 +++-- package/libmodsecurity/libmodsecurity.mk | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-)