From 705deac6a0268f1d9b85a5ba7339936557b2bb83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 21 May 2024 01:13:52 +0200
Subject: [PATCH] Resolves: RHEL-32964 - new version 3.3.5

---
 .gitignore                                         |  1 +
 mod_security_crs-early-blocking.patch              | 14 +++++++-------
 ...ity_crs-rule-913100-req-scanner-detection.patch |  4 ++--
 ..._crs-rule-941310-dont-match-japanese-word.patch | 10 ++++++----
 mod_security_crs.spec                              |  9 ++++++---
 sources                                            |  2 +-
 6 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5897ba5..298e3c4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@
 /owasp-modsecurity-crs-3.2.0.tar.gz
 /v3.3.0.tar.gz
 /v3.3.4.tar.gz
+/v3.3.5.tar.gz
diff --git a/mod_security_crs-early-blocking.patch b/mod_security_crs-early-blocking.patch
index 2d2dbb3..6a291d0 100644
--- a/mod_security_crs-early-blocking.patch
+++ b/mod_security_crs-early-blocking.patch
@@ -1,5 +1,5 @@
 diff --git a/crs-setup.conf.example b/crs-setup.conf.example
-index b443e77..0fdd5cb 100644
+index e0b1d9c..cc2f97c 100644
 --- a/crs-setup.conf.example
 +++ b/crs-setup.conf.example
 @@ -234,7 +234,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
@@ -57,11 +57,11 @@ index b443e77..0fdd5cb 100644
  #
  # Some well-known applications may undertake actions that appear to be
 diff --git a/rules/REQUEST-901-INITIALIZATION.conf b/rules/REQUEST-901-INITIALIZATION.conf
-index 5044abd..06a1bb3 100644
+index 27fd54a..2095bf7 100644
 --- a/rules/REQUEST-901-INITIALIZATION.conf
 +++ b/rules/REQUEST-901-INITIALIZATION.conf
 @@ -89,6 +89,15 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
-     ver:'OWASP_CRS/3.3.4',\
+     ver:'OWASP_CRS/3.3.5',\
      setvar:'tx.outbound_anomaly_score_threshold=4'"
  
 +# Default Blocking Early (rule 900120 in setup.conf)
@@ -77,7 +77,7 @@ index 5044abd..06a1bb3 100644
  SecRule &TX:paranoia_level "@eq 0" \
      "id:901120,\
 diff --git a/rules/REQUEST-949-BLOCKING-EVALUATION.conf b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
-index 050eb04..755315f 100644
+index 9ee4a8d..c5e4604 100644
 --- a/rules/REQUEST-949-BLOCKING-EVALUATION.conf
 +++ b/rules/REQUEST-949-BLOCKING-EVALUATION.conf
 @@ -12,7 +12,66 @@
@@ -171,7 +171,7 @@ index 050eb04..755315f 100644
  
  SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
 diff --git a/rules/RESPONSE-950-DATA-LEAKAGES.conf b/rules/RESPONSE-950-DATA-LEAKAGES.conf
-index 13013de..bf9b03d 100644
+index 0b6f832..5c61674 100644
 --- a/rules/RESPONSE-950-DATA-LEAKAGES.conf
 +++ b/rules/RESPONSE-950-DATA-LEAKAGES.conf
 @@ -96,7 +96,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,skipAf
@@ -184,7 +184,7 @@ index 13013de..bf9b03d 100644
      capture,\
      t:none,\
 diff --git a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
-index 24130eb..549c07c 100644
+index 689cc94..e30ce13 100644
 --- a/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
 +++ b/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
 @@ -22,7 +22,67 @@
@@ -257,7 +257,7 @@ index 24130eb..549c07c 100644
  # NOTE: tx.anomaly_score should not be set initially, but masking would lead to difficult bugs.
  # So we add to it.
 @@ -76,6 +136,21 @@ SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
-     ver:'OWASP_CRS/3.3.4',\
+     ver:'OWASP_CRS/3.3.5',\
      setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
  
 +SecRule TX:BLOCKING_EARLY "@eq 1" \
diff --git a/mod_security_crs-rule-913100-req-scanner-detection.patch b/mod_security_crs-rule-913100-req-scanner-detection.patch
index 7826728..8bb6233 100644
--- a/mod_security_crs-rule-913100-req-scanner-detection.patch
+++ b/mod_security_crs-rule-913100-req-scanner-detection.patch
@@ -1,5 +1,5 @@
 diff --git a/rules/REQUEST-913-SCANNER-DETECTION.conf b/rules/REQUEST-913-SCANNER-DETECTION.conf
-index 2b21cef..335dad2 100644
+index 6e12d08..6be0b67 100644
 --- a/rules/REQUEST-913-SCANNER-DETECTION.conf
 +++ b/rules/REQUEST-913-SCANNER-DETECTION.conf
 @@ -31,6 +31,7 @@ SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,skipAf
@@ -12,7 +12,7 @@ index 2b21cef..335dad2 100644
      phase:2,\
 @@ -49,10 +50,12 @@ SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \
      tag:'PCI/6.5.10',\
-     ver:'OWASP_CRS/3.3.4',\
+     ver:'OWASP_CRS/3.3.5',\
      severity:'CRITICAL',\
 -    setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
 -    setvar:'ip.reput_block_flag=1',\
diff --git a/mod_security_crs-rule-941310-dont-match-japanese-word.patch b/mod_security_crs-rule-941310-dont-match-japanese-word.patch
index d93a5d6..b50e1b1 100644
--- a/mod_security_crs-rule-941310-dont-match-japanese-word.patch
+++ b/mod_security_crs-rule-941310-dont-match-japanese-word.patch
@@ -1,8 +1,10 @@
---- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf	2020-07-01 18:38:19.000000000 +0200
-+++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf	2023-02-16 09:14:52.151838881 +0100
-@@ -543,8 +543,11 @@
+diff --git a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
+index 3b2376b..504eb26 100644
+--- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
++++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
+@@ -543,8 +543,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
      ctl:auditLogParts=+E,\
-     ver:'OWASP_CRS/3.3.4',\
+     ver:'OWASP_CRS/3.3.5',\
      severity:'CRITICAL',\
 -    setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
 -    setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
diff --git a/mod_security_crs.spec b/mod_security_crs.spec
index 0244959..5f0d43a 100644
--- a/mod_security_crs.spec
+++ b/mod_security_crs.spec
@@ -1,7 +1,7 @@
 Summary: ModSecurity Rules
 Name: mod_security_crs
-Version: 3.3.4
-Release: 3%{?dist}
+Version: 3.3.5
+Release: 1%{?dist}
 License: ASL 2.0
 URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
 Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
@@ -48,12 +48,15 @@ done
 
 %files
 %license LICENSE
-%doc CHANGES README.md
+%doc CHANGES.md README.md
 %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
 %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
 %{_datarootdir}/mod_modsecurity_crs
 
 %changelog
+* Mon May 20 2024 Luboš Uhliarik <luhliari@redhat.com> - 3.3.5-1
+- Resolves: RHEL-32964 - new version 3.3.5
+
 * Fri Feb 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-3
 - Resolves: #RHEL-22733 - mod_security_crs - The rule id:913100 in the
   REQUEST-913-SCANNER-DETECTION.conf blocks requests  with "User-agent:
diff --git a/sources b/sources
index 4d22b93..a84fefb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (v3.3.4.tar.gz) = a8b8b210054a9a4e3f8e45a5a9428110bb4075e40430e3fc16f4717e363af141265b1fb5c173ff96abeff0ac61ef5eef667a4b9cb703f8edc15e48deb3342827
+SHA512 (v3.3.5.tar.gz) = 001f9afe25f479dd988aaec1a4a2c0197b2d27e00d2cd10b70892e4889b399259cd0655f42a96965ae655855abdb7f9d8295c225ae17bf1e47361b70232633e5