nginx-module-modsecurity: updated to 1.0.2-2.
diff --git a/alpine/Makefile.module-modsecurity b/alpine/Makefile.module-modsecurity
index 1369a1f..ec5262c 100644
--- a/alpine/Makefile.module-modsecurity
+++ b/alpine/Makefile.module-modsecurity
@@ -6,7 +6,7 @@
include $(CONTRIB)/src/modsecurity-nginx/version
MODULE_VERSION_modsecurity= $(MODSECURITY_NGINX_VERSION)
-MODULE_RELEASE_modsecurity= 1
+MODULE_RELEASE_modsecurity= 2
LIBMODSECURITY_SOVER= $(MODSECURITY_VERSION)
MODULE_VERSION_PREFIX_modsecurity=$(MODULE_TARGET_PREFIX)
diff --git a/contrib/src/modsecurity/Makefile b/contrib/src/modsecurity/Makefile
index 0950753..374cb7d 100644
--- a/contrib/src/modsecurity/Makefile
+++ b/contrib/src/modsecurity/Makefile
@@ -19,7 +19,6 @@
modsecurity: modsecurity-v$(MODSECURITY_VERSION).tar.gz .sum-modsecurity
$(UNPACK)
- $(APPLY) $(SRC)/modsecurity/PR2348.patch
$(MOVE)
.modsecurity: modsecurity
diff --git a/contrib/src/modsecurity/PR2348.patch b/contrib/src/modsecurity/PR2348.patch
deleted file mode 100644
index 41e7a56..0000000
--- a/contrib/src/modsecurity/PR2348.patch
+++ /dev/null
@@ -1,280 +0,0 @@
-diff --git a/src/operators/rx.cc b/src/operators/rx.cc
-index 0ba983d73..b4fc6ff4d 100644
---- a/src/operators/rx.cc
-+++ b/src/operators/rx.cc
-@@ -38,7 +38,6 @@
-
- bool Rx::evaluate(Transaction *transaction, Rule *rule,
- const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
-- std::list<SMatch> matches;
- Regex *re;
-
- if (m_param.empty() && !m_string->m_containsMacro) {
-@@ -52,29 +51,29 @@
- re = m_re;
- }
-
-- matches = re->searchAll(input);
-+ std::vector<Utils::SMatchCapture> captures;
-+ re->searchOneMatch(input, captures);
-+
- if (rule && rule->m_containsCaptureAction && transaction) {
-- int i = 0;
-- matches.reverse();
-- for (const SMatch& a : matches) {
-+ for (const Utils::SMatchCapture& capture : captures) {
-+ const std::string capture_substring(input.substr(capture.m_offset,capture.m_length));
- transaction->m_collections.m_tx_collection->storeOrUpdateFirst(
-- std::to_string(i), a.str());
-+ std::to_string(capture.m_group), capture_substring);
- ms_dbg_a(transaction, 7, "Added regex subexpression TX." +
-- std::to_string(i) + ": " + a.str());
-- transaction->m_matched.push_back(a.str());
-- i++;
-+ std::to_string(capture.m_group) + ": " + capture_substring);
-+ transaction->m_matched.push_back(capture_substring);
- }
- }
-
-- for (const auto & i : matches) {
-- logOffset(ruleMessage, i.offset(), i.str().size());
-+ for (const auto & capture : captures) {
-+ logOffset(ruleMessage, capture.m_offset, capture.m_length);
- }
-
- if (m_string->m_containsMacro) {
- delete re;
- }
-
-- if (matches.size() > 0) {
-+ if (captures.size() > 0) {
- return true;
- }
-
-diff --git a/src/utils/regex.cc b/src/utils/regex.cc
-index be56e378a..0feb256cc 100644
---- a/src/utils/regex.cc
-+++ b/src/utils/regex.cc
-@@ -16,10 +16,6 @@
- #include "src/utils/regex.h"
-
- #include <pcre.h>
--#include <sys/socket.h>
--#include <sys/types.h>
--#include <netinet/in.h>
--#include <arpa/inet.h>
- #include <string>
- #include <list>
-
-@@ -99,6 +95,26 @@ std::list<SMatch> Regex::searchAll(const std::string& s) const {
- return retList;
- }
-
-+bool Regex::searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const {
-+ const char *subject = s.c_str();
-+ int ovector[OVECCOUNT];
-+
-+ int rc = pcre_exec(m_pc, m_pce, subject, s.size(), 0, 0, ovector, OVECCOUNT);
-+
-+ for (int i = 0; i < rc; i++) {
-+ size_t start = ovector[2*i];
-+ size_t end = ovector[2*i+1];
-+ size_t len = end - start;
-+ if (end > s.size()) {
-+ continue;
-+ }
-+ SMatchCapture capture(i, start, len);
-+ captures.push_back(capture);
-+ }
-+
-+ return (rc > 0);
-+}
-+
- int Regex::search(const std::string& s, SMatch *match) const {
- int ovector[OVECCOUNT];
- int ret = pcre_exec(m_pc, m_pce, s.c_str(),
-diff --git a/src/utils/regex.h b/src/utils/regex.h
-index 7dcc4dbf6..46dab6b83 100644
---- a/src/utils/regex.h
-+++ b/src/utils/regex.h
-@@ -19,6 +19,7 @@
- #include <fstream>
- #include <string>
- #include <list>
-+#include <vector>
-
- #ifndef SRC_UTILS_REGEX_H_
- #define SRC_UTILS_REGEX_H_
-@@ -47,6 +48,16 @@
- size_t m_offset;
- };
-
-+struct SMatchCapture {
-+ SMatchCapture(size_t group, size_t offset, size_t length) :
-+ m_group(group),
-+ m_offset(offset),
-+ m_length(length) { }
-+
-+ size_t m_group; // E.g. 0 = full match; 6 = capture group 6
-+ size_t m_offset; // offset of match within the analyzed string
-+ size_t m_length;
-+};
-
- class Regex {
- public:
-@@ -58,6 +69,7 @@
- Regex& operator=(const Regex&) = delete;
-
- std::list<SMatch> searchAll(const std::string& s) const;
-+ bool searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const;
- int search(const std::string &s, SMatch *m) const;
- int search(const std::string &s) const;
-
-diff --git a/test/test-cases/regression/variable-TX.json b/test/test-cases/regression/variable-TX.json
-index 0cd45381b..904628e9b 100644
---- a/test/test-cases/regression/variable-TX.json
-+++ b/test/test-cases/regression/variable-TX.json
-@@ -80,5 +80,143 @@
- "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"",
- "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\""
- ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: capture group match after unused group",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=aadd",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"",
-+ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
-+ ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: empty capture group match followed by nonempty capture group",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=aadd",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx (aa)(bb|cc|)(dd)\" \"id:18,phase:1,log,pass,capture\"",
-+ "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
-+ ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: repeating capture group -- alternates",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=_abc123_",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.2: abc[\\s\\S]*Added regex subexpression TX\\.3: 123"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx _((?:(abc)|(123))+)_\" \"id:18,phase:1,log,pass,capture\""
-+ ]
-+ },
-+ {
-+ "enabled":1,
-+ "version_min":300000,
-+ "title":"Testing Variables :: repeating capture group -- same (nested)",
-+ "client":{
-+ "ip":"200.249.12.31",
-+ "port":123
-+ },
-+ "server":{
-+ "ip":"200.249.12.31",
-+ "port":80
-+ },
-+ "request":{
-+ "uri":"/?key=a:5a:8a:9",
-+ "method":"GET"
-+ },
-+ "response":{
-+ "headers":{
-+ "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+ "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+ "Content-Type":"text/html"
-+ },
-+ "body":[
-+ "no need."
-+ ]
-+ },
-+ "expected":{
-+ "debug_log":"Added regex subexpression TX\\.1: 5[\\s\\S]*Added regex subexpression TX\\.2: 8[\\s\\S]*Added regex subexpression TX\\.3: 9"
-+ },
-+ "rules":[
-+ "SecRuleEngine On",
-+ "SecRule ARGS \"@rx a:([0-9])(?:a:([0-9])(?:a:([0-9]))*)*\" \"id:18,phase:1,log,pass,capture\""
-+ ]
- }
- ]
diff --git a/contrib/src/modsecurity/SHA512SUMS b/contrib/src/modsecurity/SHA512SUMS
index 8f9ec47..3fb03a3 100644
--- a/contrib/src/modsecurity/SHA512SUMS
+++ b/contrib/src/modsecurity/SHA512SUMS
@@ -1 +1,2 @@
6ba9265054acfe7e67583dd0100bb592687080eee5d8cd5371785bb7b615a7361b52d0a037f6fa4e90ecfe857ed6a714969301b0bf17a638efebba86532f3f85 modsecurity-v3.0.4.tar.gz
+80c2d827044ac515bb501e8c5782daf06be5817efcb3c934e63d7763691cb119da2c5cd8dca6e18f86369499b78c82cc6838a905408ac7e162fe4254c3a05e63 modsecurity-v3.0.5.tar.gz
diff --git a/contrib/src/modsecurity/version b/contrib/src/modsecurity/version
index de8a971..056bf89 100644
--- a/contrib/src/modsecurity/version
+++ b/contrib/src/modsecurity/version
@@ -1 +1 @@
-MODSECURITY_VERSION := 3.0.4
+MODSECURITY_VERSION := 3.0.5
diff --git a/debian/Makefile.module-modsecurity b/debian/Makefile.module-modsecurity
index b23d404..cb3e12d 100644
--- a/debian/Makefile.module-modsecurity
+++ b/debian/Makefile.module-modsecurity
@@ -6,7 +6,7 @@
include $(CONTRIB)/src/modsecurity-nginx/version
MODULE_VERSION_modsecurity= $(MODSECURITY_NGINX_VERSION)
-MODULE_RELEASE_modsecurity= 1
+MODULE_RELEASE_modsecurity= 2
LIBMODSECURITY_SOVER= $(MODSECURITY_VERSION)
MODULE_VERSION_PREFIX_modsecurity=$(MODULE_TARGET_PREFIX)
diff --git a/docs/nginx-module-modsecurity.xml b/docs/nginx-module-modsecurity.xml
index b84145b..dfa656d 100644
--- a/docs/nginx-module-modsecurity.xml
+++ b/docs/nginx-module-modsecurity.xml
@@ -5,6 +5,19 @@
<change_log title="nginx_module_modsecurity">
+<changes apply="nginx-module-modsecurity" ver="1.0.2" rev="2" basever="1.21.1"
+ date="2021-08-10" time="16:30:00 +0300"
+ packager="Andrei Belov <defan@nginx.com>">
+<change>
+<para>
+ModSecurity updated to v3.0.5, see changelog at
+https://github.com/SpiderLabs/ModSecurity/blob/v3.0.5/CHANGES
+</para>
+</change>
+
+</changes>
+
+
<changes apply="nginx-module-modsecurity" ver="1.0.2" rev="1" basever="1.21.1"
date="2021-07-06" time="18:11:20 +0300"
packager="Konstantin Pavlov <thresh@nginx.com>">
diff --git a/rpm/SPECS/Makefile.module-modsecurity b/rpm/SPECS/Makefile.module-modsecurity
index be64112..e066b89 100644
--- a/rpm/SPECS/Makefile.module-modsecurity
+++ b/rpm/SPECS/Makefile.module-modsecurity
@@ -6,7 +6,7 @@
include $(CONTRIB)/src/modsecurity-nginx/version
MODULE_VERSION_modsecurity= $(MODSECURITY_NGINX_VERSION)
-MODULE_RELEASE_modsecurity= 1
+MODULE_RELEASE_modsecurity= 2
LIBMODSECURITY_SOVER= $(MODSECURITY_VERSION)
MODULE_VERSION_PREFIX_modsecurity=$(MODULE_TARGET_PREFIX)
