From 17700eca5b6288d166b37e339932223b372b5aef Mon Sep 17 00:00:00 2001
From: Elevations <153743901+ElevationsRPG@users.noreply.github.com>
Date: Wed, 11 Dec 2024 17:45:37 +1300
Subject: [PATCH 1/6] Update README.md

Update Windows README to use latest conan version and conan center.
---
 build/win32/README.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/build/win32/README.md b/build/win32/README.md
index 85fd868e..5c8d1f59 100644
--- a/build/win32/README.md
+++ b/build/win32/README.md
@@ -18,10 +18,13 @@ The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for
         * Windows SDK
         * CMake
         * Address Sanitizer
- * [Conan package manager 2.2.2](https://github.com/conan-io/conan/releases/download/2.2.2/conan-2.2.2-windows-x86_64-installer.exe)
+ * [Conan package manager 2.10.2](https://github.com/conan-io/conan/releases/download/2.10.2/conan-2.10.2-windows-x86_64-installer.exe)
     * Install and then setup the default Conan profile to use the MSVC C++ compiler:
       1. Open a command-prompt and set the MSVC C++ compiler environment by executing: `C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat`
       2. Execute: `conan profile detect --force`
+      3. Make sure you are using latest conan center:
+        `conan remote list`
+        `conan remote update conan-center https://center.conan.io`
  * [Git for Windows 2.44.0](https://github.com/git-for-windows/git/releases/download/v2.44.0.windows.1/Git-2.44.0-64-bit.exe)
     * To clone the libModSecurity repository.
     * NOTE: Make sure to initialize and update submodules (to get `libinjection` and regression tests)
@@ -30,7 +33,7 @@ The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for
 
 ## Build
 
-Install the prerequisites listsed in the previous section, checkout libModSecurity and from the directory where it's located execute:
+Install the prerequisites listed in the previous section, checkout libModSecurity and from the directory where it's located execute:
 
 ```
 vcbuild.bat [build_configuration] [arch] [USE_ASAN]

From 7b4c3a2c0fb2046ef72213107ae783f27790b90a Mon Sep 17 00:00:00 2001
From: Elevations <153743901+ElevationsRPG@users.noreply.github.com>
Date: Wed, 11 Dec 2024 19:06:59 +1300
Subject: [PATCH 2/6] Update Dockerfile

Update Docker to latest conan version 2.10.2
---
 build/win32/docker/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/win32/docker/Dockerfile b/build/win32/docker/Dockerfile
index a33d12f8..e0189790 100644
--- a/build/win32/docker/Dockerfile
+++ b/build/win32/docker/Dockerfile
@@ -35,7 +35,7 @@ RUN %INSTALLER% /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL `
     /NORESTART /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /LOADINF=git.inf
 
 # download & setup conan
-ARG CONAN_VERSION=2.2.2
+ARG CONAN_VERSION=2.10.2
 ARG CONAN_BINARY=conan-${CONAN_VERSION}-windows-x86_64-installer.exe
 ARG CONAN_URL=https://github.com/conan-io/conan/releases/download/${CONAN_VERSION}/${CONAN_BINARY}
 

From c0681b6239dcd665484ebc677365c4acc8fa522b Mon Sep 17 00:00:00 2001
From: Elevations <153743901+ElevationsRPG@users.noreply.github.com>
Date: Wed, 11 Dec 2024 19:29:32 +1300
Subject: [PATCH 3/6] Update README.md

Remove conan center change
---
 build/win32/README.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/build/win32/README.md b/build/win32/README.md
index 5c8d1f59..2c9c11d0 100644
--- a/build/win32/README.md
+++ b/build/win32/README.md
@@ -22,9 +22,6 @@ The Windows build of libModSecurity uses Build Tools for Visual Studio 2022 (for
     * Install and then setup the default Conan profile to use the MSVC C++ compiler:
       1. Open a command-prompt and set the MSVC C++ compiler environment by executing: `C:\BuildTools\VC\Auxiliary\Build\vcvars64.bat`
       2. Execute: `conan profile detect --force`
-      3. Make sure you are using latest conan center:
-        `conan remote list`
-        `conan remote update conan-center https://center.conan.io`
  * [Git for Windows 2.44.0](https://github.com/git-for-windows/git/releases/download/v2.44.0.windows.1/Git-2.44.0-64-bit.exe)
     * To clone the libModSecurity repository.
     * NOTE: Make sure to initialize and update submodules (to get `libinjection` and regression tests)

From 4c5bc45dfdf6c3a0ac44ee3cb9c4c6938d3a8c9b Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Mon, 6 Jan 2025 16:36:36 +0100
Subject: [PATCH 4/6] Add value checking to @validateByteRange

---
 src/operators/validate_byte_range.cc | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/operators/validate_byte_range.cc b/src/operators/validate_byte_range.cc
index 2553b9c1..a309091a 100644
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@@ -37,6 +37,11 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
                 "' into a number");
             return false;
         }
+        if ((start < 0) || (start > 255)) {
+            error->assign("Invalid range start value: " +
+                std::to_string(start));
+            return false;
+        }
         table[start >> 3] = (table[start >> 3] | (1 << (start & 0x7)));
         return true;
     }
@@ -60,11 +65,6 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
         return false;
     }
 
-    if ((start < 0) || (start > 255)) {
-        error->assign("Invalid range start value: " +
-            std::to_string(start));
-        return false;
-    }
     if ((end < 0) || (end > 255)) {
        error->assign("Invalid range end value: " + std::to_string(end));
        return false;
@@ -87,21 +87,29 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
 bool ValidateByteRange::init(const std::string &file,
     std::string *error) {
     size_t pos = m_param.find_first_of(",");
+    bool rc;
 
     if (pos == std::string::npos) {
-        getRange(m_param, error);
+        rc = getRange(m_param, error);
     } else {
-        getRange(std::string(m_param, 0, pos), error);
+        rc = getRange(std::string(m_param, 0, pos), error);
+    }
+
+    if (rc == false) {
+        return false;
     }
 
     while (pos != std::string::npos) {
         size_t next_pos = m_param.find_first_of(",", pos + 1);
 
         if (next_pos == std::string::npos) {
-            getRange(std::string(m_param, pos + 1, m_param.length() -
+            rc = getRange(std::string(m_param, pos + 1, m_param.length() -
                 (pos + 1)), error);
         } else {
-            getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error);
+            rc = getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error);
+        }
+        if (rc == false) {
+            return false;
         }
         pos = next_pos;
     }

From 9158477561f70d002f816cd4ba3719db4f5b1420 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Mon, 6 Jan 2025 17:36:49 +0100
Subject: [PATCH 5/6] Add check after intervall parsing, spell fix

---
 src/operators/validate_byte_range.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/operators/validate_byte_range.cc b/src/operators/validate_byte_range.cc
index a309091a..05d06c78 100644
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@@ -38,7 +38,7 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
             return false;
         }
         if ((start < 0) || (start > 255)) {
-            error->assign("Invalid range start value: " +
+            error->assign("Invalid byte value: " +
                 std::to_string(start));
             return false;
         }
@@ -65,6 +65,11 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
         return false;
     }
 
+    if ((start < 0) || (start > 255)) {
+        error->assign("Invalid range start value: " +
+            std::to_string(start));
+        return false;
+    }
     if ((end < 0) || (end > 255)) {
        error->assign("Invalid range end value: " + std::to_string(end));
        return false;

From 199056b916e4e4f169643edaeeabf3344da36558 Mon Sep 17 00:00:00 2001
From: Andrew Taylor <roo.h.taylor@gmail.com>
Date: Thu, 30 Jan 2025 01:19:50 -0500
Subject: [PATCH 6/6] Fix for issue #3334: build not finding YAJL

When searching for YAJL during ./configure, pkg-config is checked first,
and then a list of directories is searched if pkg-config bears no fruit.
The previous version of yajl.m4 was looping over YAJL_POSSIBLE_LIB_NAMES
instead of YAJL_POSSIBLE_PATHS and passing the lib name to the
CHECK_FOR_YAJL_AT() function instead of the path. The would lead to YAJL
never being found if pkg-config could not find it.
---
 build/yajl.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/yajl.m4 b/build/yajl.m4
index e050c084..10d4e78a 100644
--- a/build/yajl.m4
+++ b/build/yajl.m4
@@ -62,7 +62,7 @@ else
                 YAJL_DISPLAY="${YAJL_LDADD}, ${YAJL_CFLAGS}"
             else
                 # If pkg-config did not find anything useful, go over file lookup.
-                for x in ${YAJL_POSSIBLE_LIB_NAMES}; do
+                for x in ${YAJL_POSSIBLE_PATHS}; do
                     CHECK_FOR_YAJL_AT(${x})
                     if test -n "${YAJL_VERSION}"; then
                         break