.gitignore

@@ -19,7 +19,3 @@ modsecurity-apache_2.5.12.tar.gz
 /modsecurity-2.9.1.tar.gz
 /modsecurity-2.9.2.tar.gz
 /modsecurity-2.9.3.tar.gz
-/modsecurity-2.9.4.tar.gz
-/modsecurity-2.9.5.tar.gz
-/modsecurity-2.9.6.tar.gz
-/modsecurity-2.9.7.tar.gz

mod_security-2.9.3-remote-rules-timeout.patch

@@ -1,85 +0,0 @@
-diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
-index 80f8f2b..7912d84 100644
---- a/apache2/apache2_config.c
-+++ b/apache2/apache2_config.c
-@@ -2354,6 +2354,24 @@ static const char *cmd_remote_rules(cmd_parms *cmd, void *_dcfg, const char *p1,
- }
- 
- 
-+static const char *cmd_remote_timeout(cmd_parms *cmd, void *_dcfg, const char *p1)
-+{
-+    directory_config *dcfg = (directory_config *)_dcfg;
-+    long int timeout;
-+
-+    if (dcfg == NULL) return NULL;
-+
-+    timeout = strtol(p1, NULL, 10);
-+    if ((timeout == LONG_MAX)||(timeout == LONG_MIN)||(timeout < 0)) {
-+        return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRemoteTimeout: %s", p1);
-+    }
-+
-+    remote_rules_timeout = timeout;
-+
-+    return NULL;
-+}
-+
-+
- static const char *cmd_status_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
- {
-     if (strcasecmp(p1, "on") == 0) {
-@@ -3667,6 +3685,14 @@ const command_rec module_directives[] = {
-         "Abort or Warn"
-     ),
- 
-+    AP_INIT_TAKE1 (
-+        "SecRemoteTimeout",
-+        cmd_remote_timeout,
-+        NULL,
-+        CMD_SCOPE_ANY,
-+        "timeout in seconds"
-+    ),
-+
- 
-     AP_INIT_TAKE1 (
-         "SecXmlExternalEntity",
-diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
-index 7bb215e..c155495 100644
---- a/apache2/mod_security2.c
-+++ b/apache2/mod_security2.c
-@@ -79,6 +79,8 @@ msc_remote_rules_server DSOLOCAL *remote_rules_server = NULL;
- #endif
- int DSOLOCAL remote_rules_fail_action = REMOTE_RULES_ABORT_ON_FAIL;
- char DSOLOCAL *remote_rules_fail_message = NULL;
-+unsigned long int DSOLOCAL remote_rules_timeout = NOT_SET;
-+
- 
- int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED;
- 
-diff --git a/apache2/modsecurity.h b/apache2/modsecurity.h
-index f24bc75..8bcd453 100644
---- a/apache2/modsecurity.h
-+++ b/apache2/modsecurity.h
-@@ -150,6 +150,7 @@ extern DSOLOCAL msc_remote_rules_server *remote_rules_server;
- #endif
- extern DSOLOCAL int remote_rules_fail_action;
- extern DSOLOCAL char *remote_rules_fail_message;
-+extern DSOLOCAL unsigned long int remote_rules_timeout;
- 
- extern DSOLOCAL int status_engine_state;
- 
-diff --git a/apache2/msc_remote_rules.c b/apache2/msc_remote_rules.c
-index 99968f0..b8db13e 100644
---- a/apache2/msc_remote_rules.c
-+++ b/apache2/msc_remote_rules.c
-@@ -358,6 +358,11 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
-         /* We want Curl to return error in case there is an HTTP error code */
-         curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
- 
-+        /* In case we want different timeout than a default one */
-+        if (remote_rules_timeout != NOT_SET){
-+            curl_easy_setopt(curl, CURLOPT_TIMEOUT, remote_rules_timeout);
-+        }
-+
-         res = curl_easy_perform(curl);
- 
-         if (res != CURLE_OK)

mod_security-2.9.7-send_error_bucket.patch

@@ -1,30 +0,0 @@
-From b2fa083522c70368c7ab911696dcb87dde5dc688 Mon Sep 17 00:00:00 2001
-From: Tomas Korbar <tkorbar@redhat.com>
-Date: Thu, 22 Dec 2022 14:49:34 +0100
-Subject: [PATCH] Clear original response code in send_error_bucket function
-
-If this is left intact, then apache thinks that this code
-was generated during processing of ErrorDocument and does not
-handle it properly
-
-Fix #2849
----
- apache2/apache2_util.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
-index cdae2b580..520a30f2f 100644
---- a/apache2/apache2_util.c
-+++ b/apache2/apache2_util.c
-@@ -31,6 +31,11 @@ apr_status_t send_error_bucket(modsec_rec *msr, ap_filter_t *f, int status) {
-     /* Set the status line explicitly for the error document */
-     f->r->status_line = ap_get_status_line(status);
- 
-+    /* Clear previously set response code to make clear that this is
-+     * not a recursive error
-+     */
-+    f->r->status = 200;
-+
-     brigade = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
-     if (brigade == NULL) return APR_EGENERAL;
- 

mod_security.spec

@@ -9,30 +9,26 @@
 
 Summary: Security module for the Apache HTTP Server
 Name: mod_security 
-Version: 2.9.7
-Release: 6%{?dist}
-License: Apache-2.0
+Version: 2.9.3
+Release: 2%{?dist}
+License: ASL 2.0
 URL: http://www.modsecurity.org/
 Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
 Source2: 10-mod_security.conf
 Source3: modsecurity_localrules.conf
-Patch0: modsecurity-2.9.3-lua-54.patch
-Patch1: modsecurity-2.9.3-apulibs.patch
-Patch2: mod_security-2.9.3-remote-rules-timeout.patch
-Patch3: mod_security-2.9.7-send_error_bucket.patch
-
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 %if 0%{?fedora} || 0%{?rhel} > 7
 # Ensure apache user exists for file ownership
 Requires(pre): httpd-filesystem
 %endif
 
-BuildRequires: gcc, make, autoconf, automake, libtool
+BuildRequires: gcc
 BuildRequires: httpd-devel
+BuildRequires: make
 BuildRequires: perl-generators
-BuildRequires: pcre2-devel
 BuildRequires: pkgconfig(libcurl)
+BuildRequires: pkgconfig(libpcre)
 BuildRequires: pkgconfig(libxml-2.0)
 BuildRequires: pkgconfig(lua)
 
@@ -50,30 +46,26 @@ for web applications. It operates embedded into the web server, acting
 as a powerful umbrella - shielding web applications from attacks.
 
 %if %{with mlogc}
-%package        mlogc
+%package -n     mlogc
 Summary:        ModSecurity Audit Log Collector
 Requires:       mod_security
-%if 0%{?fedora} || 0%{?rhel} > 7
+%if 0%{fedora} || 0%{?rhel} > 7
 # Ensure apache user exists for file ownership
 Requires(pre):  httpd-filesystem
 %endif
 
-%description mlogc
+%description -n mlogc
 This package contains the ModSecurity Audit Log Collector.
 %endif
 
 %prep
-%autosetup -p1 -n modsecurity-%{version}
+%setup -q -n modsecurity-%{version}
 
 %build
-./autogen.sh
 %configure --enable-pcre-match-limit=1000000 \
            --enable-pcre-match-limit-recursion=1000000 \
            --with-apxs=%{_httpd_apxs} \
-           --with-yajl \
-           --with-pcre2 \
-           --disable-static
-
+           --with-yajl
 # remove rpath
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
@@ -135,7 +127,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %attr(770,apache,root) %dir %{_localstatedir}/lib/%{name}
 
 %if %{with mlogc}
-%files mlogc
+%files -n mlogc
 %doc mlogc/INSTALL
 %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/mlogc.conf
 %attr(0755,root,root) %dir %{_localstatedir}/log/mlogc
@@ -145,70 +137,6 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %endif
 
 %changelog
-* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Tue Jan 02 2024 Tomas Korbar <tkorbar@redhat.com> - 2.9.7-4
-- Clear original response code in send_error_bucket function
-
-* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Fri Jun 02 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-2
-- SPDX migration
-
-* Thu Apr 13 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-1
-- new version 2.9.7
-- use pcre2 instead of deprecated pcre (rhbz #2128330)
-
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Wed Sep 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
-- new version 2.9.6
-
-* Wed Aug 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.5-1
-- new version 2.9.5
-
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Wed Aug 18 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.9.4-1
-- new version 2.9.4
-
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10
-- Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
-  timeout for retrieving the rules
-- rename mlogc to mod_security-mlogc
-
-* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
-- don't link against redundant apr-util dependent libraries
-
-* Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
-- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
-- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 

modsecurity-2.9.3-apulibs.patch

@@ -1,14 +0,0 @@
-
-Strip redundant APR-util dependent libraries, it is sufficient to link against -laprutil-1.
-
---- modsecurity-2.9.3/build/find_apu.m4.apulibs
-+++ modsecurity-2.9.3/build/find_apu.m4
-@@ -59,7 +59,7 @@
-     APU_CFLAGS="`${APU_CONFIG} --includes`"
-     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu CFLAGS: $APU_CFLAGS); fi
-     APU_LDFLAGS="`${APU_CONFIG} --ldflags`"
--    APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --libs`"
-+    APU_LDFLAGS="$APU_LDFLAGS `${APU_CONFIG} --avoid-ldap --avoid-dbm --libs`"
-     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDFLAGS: $APU_LDFLAGS); fi
-     APU_LDADD="`${APU_CONFIG} --link-libtool`"
-     if test "$verbose_output" -eq 1; then AC_MSG_NOTICE(apu LDADD: $APU_LDADD); fi

modsecurity-2.9.3-lua-54.patch

@@ -1,31 +0,0 @@
-diff -ru modsecurity-2.9.3/apache2/msc_lua.c modsecurity-2.9.3-lua-patch/apache2/msc_lua.c
---- modsecurity-2.9.3/apache2/msc_lua.c	2018-12-04 18:49:37.000000000 +0000
-+++ modsecurity-2.9.3-lua-patch/apache2/msc_lua.c	2020-08-08 16:55:14.936045777 +0000
-@@ -429,12 +429,12 @@
- #else
- 
-     /* Create new state. */
--#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501
-+#if LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 501 || LUA_VERSION_NUM == 504
-     L = luaL_newstate();
- #elif LUA_VERSION_NUM == 500
-     L = lua_open();
- #else
--#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
-+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
- #endif
-     luaL_openlibs(L);
- 
-@@ -459,10 +459,10 @@
-     /* Register functions. */
- #if LUA_VERSION_NUM == 500 || LUA_VERSION_NUM == 501
-     luaL_register(L, "m", mylib);
--#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503
-+#elif LUA_VERSION_NUM == 502 || LUA_VERSION_NUM == 503 || LUA_VERSION_NUM == 504
-     luaL_setfuncs(L, mylib, 0);
- #else
--#error We are only tested under Lua 5.0, 5.1, 5.2, or 5.3.
-+#error We are only tested under Lua 5.0, 5.1, 5.2, 5.3 or 5.4.
- #endif
- 
-     lua_setglobal(L, "m");

sources

@@ -1 +1 @@
-SHA512 (modsecurity-2.9.7.tar.gz) = a333d142f0dedf332a3cccca8267ccf9193cd4ad5a026b3cdbe0713dd1f3edde33739eae8baced2c63409cc0b220001e0a226ea032874a97c08e4065eb1fbdd5
+SHA512 (modsecurity-2.9.3.tar.gz) = 4e1ea5dd8edadf8f630e4fe92a200d3a8e78963fce3128b5975a1e1ecd0e8bf9ceecd9905c95f8c508932ccd837f1d8ae8bb2ba423307718c3c6a4ae9b783ddd