From a665b0aca2b51e394448ad79e8f3791b0f84ca49 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sun, 1 Jun 2025 22:59:25 +0200
Subject: [PATCH] modsecurity_standalone: 2.9.8 -> 2.9.12

Fixes CVE-2025-47947, CVE 2025-48866, CVE-2025-52891 and CVE 2025-54571.

https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.9
https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.10
https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.11
https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.12
---
 .../mo/modsecurity_standalone/package.nix     | 28 ++-----------------
 1 file changed, 2 insertions(+), 26 deletions(-)

diff --git a/pkgs/by-name/mo/modsecurity_standalone/package.nix b/pkgs/by-name/mo/modsecurity_standalone/package.nix
index 064e589f0887..58f6d6bbe899 100644
--- a/pkgs/by-name/mo/modsecurity_standalone/package.nix
+++ b/pkgs/by-name/mo/modsecurity_standalone/package.nix
@@ -13,7 +13,6 @@
   luaSupport ? false,
   lua5,
   perl,
-  fetchpatch,
   versionCheckHook,
 }:
 
@@ -24,13 +23,13 @@ in
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "modsecurity";
-  version = "2.9.8";
+  version = "2.9.12";
 
   src = fetchFromGitHub {
     owner = "owasp-modsecurity";
     repo = "modsecurity";
     tag = "v${finalAttrs.version}";
-    hash = "sha256-fJ5XeO5m5LlImAuzIvXVVWkc9awbaRI3NWWOOwGrshI=";
+    hash = "sha256-scMOiu8oI3+VcXe05gLNQ8ILmnP4iwls8ZZ9r+3ei5Y=";
   };
 
   nativeBuildInputs = [
@@ -61,11 +60,6 @@ stdenv.mkDerivation (finalAttrs: {
 
   enableParallelBuilding = true;
 
-  env.NIX_CFLAGS_COMPILE = toString [
-    # msc_test.c:86:5: error: initialization of 'int' from 'void *' makes integer from pointer without a cast []
-    "-Wno-error=int-conversion"
-  ];
-
   outputs = [
     "out"
     "nginx"
@@ -74,24 +68,6 @@ stdenv.mkDerivation (finalAttrs: {
     # by default modsecurity's install script copies compiled output to httpd's modules folder
     # this patch removes those lines
     ./Makefile.am.patch
-    # remove when 2.9.9 is released
-    (fetchpatch {
-      name = "move-id_log";
-      url = "https://github.com/owasp-modsecurity/ModSecurity/commit/149376377ecef9ecc36ee81d5b666fc0ac7e249b.patch";
-      hash = "sha256-KjQGqSBt/u9zPZY1aSIupnYHleJbsOAOk3Y2bNOyRxk=";
-    })
-    # remove when 2.9.9 is released
-    (fetchpatch {
-      name = "gcc-format-security";
-      url = "https://github.com/owasp-modsecurity/ModSecurity/commit/cddd9a7eb5585a9b3be1f9bdcadcace8f60f5808.patch";
-      hash = "sha256-H1wkZQ5bTQIRhlEvvvj7YCBi9qndRgHgKTnE9Cusq3I=";
-    })
-    # remove when 2.9.9 is released
-    (fetchpatch {
-      name = "gcc-incompatible-pointer-type";
-      url = "https://github.com/owasp-modsecurity/ModSecurity/commit/4919814a5cf0e7911f71856ed872b0e73b659a0a.patch";
-      hash = "sha256-9JzCtiLf43xw6i4NqQpok37es+kuWXZWKdJum28Hx4M=";
-    })
   ];
 
   doCheck = true;