Bug#842929: jessie-pu: package modsecurity-crs/2.2.9-1

[Alberto Gonzalez Iniesta]

On Thu, Nov 24, 2016 at 07:39:01PM +0100, Julien Cristau wrote:
> On Thu, Nov 10, 2016 at 16:54:41 +0100, Alberto Gonzalez Iniesta wrote:
> 
> > On Thu, Nov 10, 2016 at 03:38:12PM +0000, Adam D. Barratt wrote:
> > > 
> > > On Wed, 2016-11-02 at 12:51 +0100, Alberto Gonzalez Iniesta wrote:
> > > > I was asked to update modsecurity-crs in Jessie in order to fix #838009.
> > > > The fix is trivial [1] and was uploaded to unstable a while ago [2],
> > > 
> > > The BTS's metadata disagrees on that.
> > 
> > Sorry, the fix was for another bug number (same bug):
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826710
> > 
> The metadata on #838009 still needs fixing, either by merging it with
> #826710 or by separately marking it as fixed in some version in
> unstable/testing.

Hi,

Thanks for the corrections. Please find attached the debdiff file in the
right direction. #838009 as marked as fixed in unstable/testing and
#826710 will be marked accordingly if this upload happens.

Regards,

Alberto

-- 
Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
mailto/sip: a...@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55

diff -Nru modsecurity-crs-2.2.9/debian/changelog 
modsecurity-crs-2.2.9/debian/changelog
--- modsecurity-crs-2.2.9/debian/changelog      2014-09-23 13:22:21.000000000 
+0200
+++ modsecurity-crs-2.2.9/debian/changelog      2016-11-17 11:19:17.000000000 
+0100
@@ -1,3 +1,10 @@
+modsecurity-crs (2.2.9-1+deb8u1) stable; urgency=medium
+
+  * Fix typo in modsecurity_crs_16_session_hijacking.conf.
+    (Closes: #838009)
+
+ -- Alberto Gonzalez Iniesta <a...@inittab.org>  Thu, 17 Nov 2016 11:18:03 
+0100
+
 modsecurity-crs (2.2.9-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru modsecurity-crs-2.2.9/debian/patches/fix_838009.patch 
modsecurity-crs-2.2.9/debian/patches/fix_838009.patch
--- modsecurity-crs-2.2.9/debian/patches/fix_838009.patch       1970-01-01 
01:00:00.000000000 +0100
+++ modsecurity-crs-2.2.9/debian/patches/fix_838009.patch       2016-11-17 
11:13:04.000000000 +0100
@@ -0,0 +1,13 @@
+Index: modsecurity-crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
+===================================================================
+--- 
modsecurity-crs.orig/optional_rules/modsecurity_crs_16_session_hijacking.conf
++++ modsecurity-crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
+@@ -46,7 +46,7 @@ SecRule RESPONSE_HEADERS:/Set-Cookie2?/
+ 
+ SecRule &SESSION:SESSIONID "@eq 1" 
"chain,phase:5,id:'981063',nolog,pass,t:none"
+         SecRule REMOTE_ADDR "^(\d{1,3}\.\d{1,3}\.\d{1,3}\.)"  
"chain,nolog,capture,t:none"
+-        SecRule TX:1 ".*" 
"chain,t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"
++        SecRule TX:1 ".*" 
"t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"
+ 
+ SecRule &SESSION:SESSIONID "@eq 1" 
"chain,phase:5,id:'981064',nolog,pass,t:none"
+         SecRule REQUEST_HEADERS:User-Agent ".*" 
"t:none,t:sha1,t:hexEncode,nolog,setvar:session.ua_hash=%{matched_var}"
diff -Nru modsecurity-crs-2.2.9/debian/patches/series 
modsecurity-crs-2.2.9/debian/patches/series
--- modsecurity-crs-2.2.9/debian/patches/series 2013-07-12 11:24:40.000000000 
+0200
+++ modsecurity-crs-2.2.9/debian/patches/series 2016-11-17 11:14:55.000000000 
+0100
@@ -3,3 +3,4 @@
 GeoLiteCity_path.patch
 lua_path.patch
 perl_path.patch
+fix_838009.patch