package/modsecurity2: security bump to version 2.9.5

- Fix CVE-2021-42717: ModSecurity 3.x through 3.0.5 mishandles
  excessively nested JSON objects. Crafted JSON objects with nesting
  tens-of-thousands deep could result in the web server being unable to
  service legitimate requests. Even a moderately large (e.g., 300KB)
  HTTP request can occupy one of the limited NGINX worker processes for
  minutes and consume almost all of the available CPU on the machine.
  Modsecurity 2 is similarly vulnerable: the affected versions include
  2.8.0 through 2.9.4.
- Use official tarball and so drop autoreconf

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/modsecurity2/modsecurity2.hash

@@ -1,3 +1,5 @@
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.5/modsecurity-2.9.5.tar.gz.sha256
+sha256  e2bfc8cd8b8de1e21f054d310543373ea5d89adbd96784e832be0da3e4dc149e  modsecurity-2.9.5.tar.gz
+
 # Locally computed
-sha256  686695c650449a338757711254ea78c67dedb1d258e03e5c8686f869388fff8c  modsecurity2-2.9.4.tar.gz
 sha256  2c564f5a67e49e74c80e5a7dcacd1904e7408f1fd6a95218b38c04f012d94cb9  LICENSE

package/modsecurity2/modsecurity2.mk

@@ -4,15 +4,15 @@
 #
 ################################################################################
 
-MODSECURITY2_VERSION = 2.9.4
-MODSECURITY2_SITE = $(call github,SpiderLabs,ModSecurity,v$(MODSECURITY2_VERSION))
+MODSECURITY2_VERSION = 2.9.5
+MODSECURITY2_SOURCE = modsecurity-$(MODSECURITY2_VERSION).tar.gz
+MODSECURITY2_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(MODSECURITY2_VERSION)
 MODSECURITY2_LICENSE = Apache-2.0
 MODSECURITY2_LICENSE_FILES = LICENSE
 MODSECURITY2_CPE_ID_VENDOR = trustwave
 MODSECURITY2_CPE_ID_PRODUCT = modsecurity
 MODSECURITY2_INSTALL_STAGING = YES
 MODSECURITY2_DEPENDENCIES = apache libxml2 pcre
-MODSECURITY2_AUTORECONF = YES
 
 MODSECURITY2_CONF_OPTS = \
 	--with-pcre=$(STAGING_DIR)/usr/bin/pcre-config \