From ee09a584d733636fcec822ef1487692d7e196540 Mon Sep 17 00:00:00 2001
From: Aninda <v-anipradhan@microsoft.com>
Date: Tue, 7 Jan 2025 01:05:33 +0000
Subject: [PATCH 1/2] Upgraded mod_security to version 2.9.7

---
 ...mod_security-2.9.7-send_error_bucket.patch | 30 +++++++
 .../mod_security/mod_security.signatures.json |  4 +-
 SPECS-EXTENDED/mod_security/mod_security.spec | 83 ++++++++++++++++---
 cgmanifest.json                               |  4 +-
 4 files changed, 105 insertions(+), 16 deletions(-)
 create mode 100644 SPECS-EXTENDED/mod_security/mod_security-2.9.7-send_error_bucket.patch

diff --git a/SPECS-EXTENDED/mod_security/mod_security-2.9.7-send_error_bucket.patch b/SPECS-EXTENDED/mod_security/mod_security-2.9.7-send_error_bucket.patch
new file mode 100644
index 00000000000..7691507341a
--- /dev/null
+++ b/SPECS-EXTENDED/mod_security/mod_security-2.9.7-send_error_bucket.patch
@@ -0,0 +1,30 @@
+From b2fa083522c70368c7ab911696dcb87dde5dc688 Mon Sep 17 00:00:00 2001
+From: Tomas Korbar <tkorbar@redhat.com>
+Date: Thu, 22 Dec 2022 14:49:34 +0100
+Subject: [PATCH] Clear original response code in send_error_bucket function
+
+If this is left intact, then apache thinks that this code
+was generated during processing of ErrorDocument and does not
+handle it properly
+
+Fix #2849
+---
+ apache2/apache2_util.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/apache2/apache2_util.c b/apache2/apache2_util.c
+index cdae2b580..520a30f2f 100644
+--- a/apache2/apache2_util.c
++++ b/apache2/apache2_util.c
+@@ -31,6 +31,11 @@ apr_status_t send_error_bucket(modsec_rec *msr, ap_filter_t *f, int status) {
+     /* Set the status line explicitly for the error document */
+     f->r->status_line = ap_get_status_line(status);
+ 
++    /* Clear previously set response code to make clear that this is
++     * not a recursive error
++     */
++    f->r->status = 200;
++
+     brigade = apr_brigade_create(f->r->pool, f->r->connection->bucket_alloc);
+     if (brigade == NULL) return APR_EGENERAL;
+ 
diff --git a/SPECS-EXTENDED/mod_security/mod_security.signatures.json b/SPECS-EXTENDED/mod_security/mod_security.signatures.json
index a158e41e69a..43ac00174e3 100644
--- a/SPECS-EXTENDED/mod_security/mod_security.signatures.json
+++ b/SPECS-EXTENDED/mod_security/mod_security.signatures.json
@@ -2,7 +2,7 @@
  "Signatures": {
   "10-mod_security.conf": "01a1e5ed3357a2de6b9dbd0f6b02cde2d92ebf0fcb6d6adcfa2b064c7fcdf0a0",
   "mod_security.conf": "c945d2d940121ee8eaa8a29c5b1eabdcc589d46644a152e9d809fb3340a1e368",
-  "modsecurity-2.9.4.tar.gz": "970e1801907d181e94faec74d595868a3b4abeb07b790b0f30aea3a5d0e05929",
+  "modsecurity-2.9.7.tar.gz": "2a28fcfccfef21581486f98d8d5fe0397499749b8380f60ec7bb1c08478e1839",
   "modsecurity_localrules.conf": "9aa9e822f13552d5159ab5543d92551d1200a3ae52870907f1b0dafcf0c67c22"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/mod_security/mod_security.spec b/SPECS-EXTENDED/mod_security/mod_security.spec
index d805412086a..519a23b7186 100644
--- a/SPECS-EXTENDED/mod_security/mod_security.spec
+++ b/SPECS-EXTENDED/mod_security/mod_security.spec
@@ -11,9 +11,9 @@ Distribution:   Azure Linux
 
 Summary: Security module for the Apache HTTP Server
 Name: mod_security
-Version: 2.9.4
-Release: 1%{?dist}
-License: ASL 2.0
+Version: 2.9.7
+Release: 8%{?dist}
+License: Apache-2.0
 URL: http://www.modsecurity.org/
 Source: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-%{version}.tar.gz
 Source1: mod_security.conf
@@ -22,6 +22,7 @@ Source3: modsecurity_localrules.conf
 Patch0: modsecurity-2.9.3-lua-54.patch
 Patch1: modsecurity-2.9.3-apulibs.patch
 Patch2: mod_security-2.9.3-remote-rules-timeout.patch
+Patch3: mod_security-2.9.7-send_error_bucket.patch
 
 Requires: httpd httpd-mmn = %{_httpd_mmn}
 Requires(pre): httpd-filesystem
@@ -29,8 +30,8 @@ Requires(pre): httpd-filesystem
 BuildRequires: gcc, make, autoconf, automake, libtool
 BuildRequires: httpd-devel
 BuildRequires: perl-generators
+BuildRequires: pcre2-devel
 BuildRequires: pkgconfig(libcurl)
-BuildRequires: pkgconfig(libpcre)
 BuildRequires: pkgconfig(libxml-2.0)
 BuildRequires: pkgconfig(lua)
 
@@ -66,6 +67,7 @@ This package contains the ModSecurity Audit Log Collector.
            --enable-pcre-match-limit-recursion=1000000 \
            --with-apxs=%{_httpd_apxs} \
            --with-yajl \
+           --with-pcre2 \
            --disable-static
 
 # remove rpath
@@ -116,8 +118,7 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 
 
 %files
-%license LICENSE
-%doc CHANGES README.* NOTICE
+%doc CHANGES LICENSE README.* NOTICE
 %{_httpd_moddir}/mod_security2.so
 %config(noreplace) %{_httpd_confdir}/*.conf
 %if "%{_httpd_modconfdir}" != "%{_httpd_confdir}"
@@ -140,12 +141,70 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 %endif
 
 %changelog
-* Fri Mar 04 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.9.4-1
-- Updating to version 2.9.4 using Fedora 36 spec (license: MIT) for guidance.
-- License verified.
+* Mon Jan 06 2025 Aninda Pradhan <v-anipradhan@fedoraproject.org> - 2.9.7-8
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License verified
 
-* Fri Oct 15 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.9.3-5
-- Initial CBL-Mariner import from Fedora 32 (license: MIT).
+* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Jan 02 2024 Tomas Korbar <tkorbar@redhat.com> - 2.9.7-4
+- Clear original response code in send_error_bucket function
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jun 02 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-2
+- SPDX migration
+
+* Thu Apr 13 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.9.7-1
+- new version 2.9.7
+- use pcre2 instead of deprecated pcre (rhbz #2128330)
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Sep 14 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.6-1
+- new version 2.9.6
+
+* Wed Aug 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.9.5-1
+- new version 2.9.5
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Aug 18 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.9.4-1
+- new version 2.9.4
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-10
+- Resolves: #1930664 - RFE: Add a feature that can set a mod_security/libcurl
+  timeout for retrieving the rules
+- rename mlogc to mod_security-mlogc
+
+* Fri Jan 22 2021 Joe Orton <jorton@redhat.com> - 2.9.3-8
+- don't link against redundant apr-util dependent libraries
+
+* Sat Aug 08 2020 Othman Madjoudj <athmane@fedoraproject.org> - 2.9.3-7
+- Add a patch to fix build with Lua 5.4 until we completely switch to mod_sec3 as default
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-6
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
@@ -473,4 +532,4 @@ install -m0644 mlogc/mlogc-default.conf %{buildroot}%{_sysconfdir}/mlogc.conf
 - Don't strip the module (so we can get a useful debuginfo package)
 
 * Thu May 19 2005 Michael Fleming <mfleming+rpm@enlartenment.com> 1.8.7-1
-- Initial spin for Extras
+- Initial spin for Extras
\ No newline at end of file
diff --git a/cgmanifest.json b/cgmanifest.json
index baa0bcbf1aa..d9620ec9442 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -13312,8 +13312,8 @@
         "type": "other",
         "other": {
           "name": "mod_security",
-          "version": "2.9.4",
-          "downloadUrl": "https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.4/modsecurity-2.9.4.tar.gz"
+          "version": "2.9.7",
+          "downloadUrl": "https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.7/modsecurity-2.9.7.tar.gz"
         }
       }
     },

From 7bc2ab990b4d7dba2a5807318ce5bc7770daefb0 Mon Sep 17 00:00:00 2001
From: Aninda <v-anipradhan@microsoft.com>
Date: Wed, 8 Jan 2025 03:08:04 +0000
Subject: [PATCH 2/2] moved httpd-mmn under provides to resolve dependency
 error

---
 SPECS-EXTENDED/mod_security/mod_security.spec | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/SPECS-EXTENDED/mod_security/mod_security.spec b/SPECS-EXTENDED/mod_security/mod_security.spec
index 519a23b7186..04ec1fda90b 100644
--- a/SPECS-EXTENDED/mod_security/mod_security.spec
+++ b/SPECS-EXTENDED/mod_security/mod_security.spec
@@ -24,7 +24,8 @@ Patch1: modsecurity-2.9.3-apulibs.patch
 Patch2: mod_security-2.9.3-remote-rules-timeout.patch
 Patch3: mod_security-2.9.7-send_error_bucket.patch
 
-Requires: httpd httpd-mmn = %{_httpd_mmn}
+Requires: httpd 
+Provides: httpd-mmn = %{_httpd_mmn}
 Requires(pre): httpd-filesystem
 
 BuildRequires: gcc, make, autoconf, automake, libtool