diff --git a/mod_security-2.9.8-format-security.patch b/mod_security-2.9.8-format-security.patch deleted file mode 100644 index 5e2802f5b03d3d1a92c65dc0542747bcf427383b..0000000000000000000000000000000000000000 --- a/mod_security-2.9.8-format-security.patch +++ /dev/null @@ -1,24 +0,0 @@ -From cddd9a7eb5585a9b3be1f9bdcadcace8f60f5808 Mon Sep 17 00:00:00 2001 -From: Ervin Hegedus -Date: Tue, 3 Sep 2024 21:49:43 +0200 -Subject: [PATCH] Fix build error if -Werror=format-security is presented - ---- - apache2/re.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/apache2/re.c b/apache2/re.c -index 82eba8f23..0a8b0724d 100644 ---- a/apache2/re.c -+++ b/apache2/re.c -@@ -472,8 +472,8 @@ char *update_rule_target_ex(modsec_rec *msr, msre_ruleset *ruleset, msre_rule *r - - end: - if (my_error_msg) { -- if (msr) msr_log(msr, 9, my_error_msg); -- else ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, my_error_msg); -+ if (msr) msr_log(msr, 9, "%s", my_error_msg); -+ else ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "%s", my_error_msg); - } - if (target_list != NULL) free(target_list); - if (replace != NULL) free(replace); diff --git a/mod_security.spec b/mod_security.spec index 65a0acfae75114bc88904b2936ffed6e558ce74d..e9ec030af0d4c05fbe55ff1dbb59d45b987746e1 100644 --- a/mod_security.spec +++ b/mod_security.spec @@ -6,10 +6,10 @@ %global mod_audit_log_collector 0 Name: mod_security -Version: 2.9.8 +Version: 2.9.9 Release: 1 Summary: Security module for the Apache HTTP Server -License: ASL 2.0 +License: Apache-2.0 URL: https://www.modsecurity.org/ Source: https://github.com/owasp-modsecurity/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz Source1: mod_security.conf @@ -17,12 +17,11 @@ Source2: 10-mod_security.conf Source3: modsecurity_localrules.conf Patch0001: modsecurity-2.9.3-apulibs.patch Patch0002: mod_security-2.9.8-remote-rules-timeout.patch -Patch0003: mod_security-2.9.8-format-security.patch Requires: httpd httpd-mmn = %{_httpd_mmn} BuildRequires: gcc make perl-generators httpd-devel yajl yajl-devel pcre2-devel -BuildRequires: pkgconfig(lua) pkgconfig(libcurl) pkgconfig(libxml-2.0) pkgconfig(libpcre) +BuildRequires: pkgconfig(lua) pkgconfig(libcurl) pkgconfig(libxml-2.0) BuildRequires: autoconf automake libtool %description @@ -108,6 +107,9 @@ install -m0755 mlogc/mlogc-batch-load.pl %{buildroot}%{_bindir}/mlogc-batch-load %endif %changelog +* Mon May 26 2025 wangkai <13474090681@163.com> - 2.9.9-1 +- Update to 2.9.9 for fix CVE-2025-47947 + * Mon Sep 09 2024 Funda Wang - 2.9.8-1 - update to 2.9.8 diff --git a/modsecurity-v2.9.8.tar.gz b/modsecurity-v2.9.9.tar.gz similarity index 56% rename from modsecurity-v2.9.8.tar.gz rename to modsecurity-v2.9.9.tar.gz index 79088b5b57897d80ca17cfd964775a61f7ab33eb..f3649b8e3b452c031dd1d8e826cc1d896eef1e00 100644 Binary files a/modsecurity-v2.9.8.tar.gz and b/modsecurity-v2.9.9.tar.gz differ