From 676245341325d1ed70b7979dfb46cd937da8fe36 Mon Sep 17 00:00:00 2001
From: Anil Mahtani <929854+Anilm3@users.noreply.github.com>
Date: Thu, 18 Apr 2024 07:32:21 +0100
Subject: [PATCH] Release v1.17.0 & remove rpath from linux-musl binary (#282)

---
 CHANGELOG.md                     | 29 +++++++++++++++++++++++++++++
 docker/libddwaf/build/Dockerfile |  4 ++--
 version                          |  2 +-
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40e80e29f..216d428a5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,33 @@
 # libddwaf release
+### v1.17.0 ([unstable](https://github.com/DataDog/libddwaf/blob/master/README.md#versioning-semantics))
+
+This new version introduces RASP rules and supporting features, including:
+- Multivariate operators for the development of complex rules.
+- A new operator `lfi_detector` for the detection of local file inclusion (LFI) / path traversal attacks.
+- A new operator `ssrf_detector` for the detection of server-side request forgery (SSRF) attacks.
+- Better support for rule actions, as well as internal default actions: `block`, `stack_trace` and `extract_schema`.
+
+The [upgrading guide](UPGRADING.md#upgrading-from-116x-to-1170) has also been updated to cover the new breaking changes.
+
+#### Changes
+- Multivariate operator support ([#241](https://github.com/DataDog/libddwaf/pull/241))
+- Local file inclusion (LFI) operator ([#258](https://github.com/DataDog/libddwaf/pull/258))
+- Server-side request forgery (SSRF) detection operator ([#268](https://github.com/DataDog/libddwaf/pull/268))
+- Action semantics and related improvements ([#277](https://github.com/DataDog/libddwaf/pull/277))
+
+#### Fixes
+- Reduce benchmark noise ([#257](https://github.com/DataDog/libddwaf/pull/257), [#259](https://github.com/DataDog/libddwaf/pull/259), [#260](https://github.com/DataDog/libddwaf/pull/260))
+- Add support for old glibc (e.g. RHEL 6) ([#262](https://github.com/DataDog/libddwaf/pull/262))
+- Add weak ceilf symbol and definition ([#263](https://github.com/DataDog/libddwaf/pull/263))
+- Fix parsing of variadic arguments ([#267](https://github.com/DataDog/libddwaf/pull/267))
+
+#### Miscellaneous
+- Update node-16 actions to node-20 ones ([#266](https://github.com/DataDog/libddwaf/pull/266))
+- Attempt to build libddwaf on arm64 runner ([#270](https://github.com/DataDog/libddwaf/pull/270))
+- Run tests on arm64 ([#271](https://github.com/DataDog/libddwaf/pull/271))
+- LFI detector fuzzer ([#274](https://github.com/DataDog/libddwaf/pull/274))
+- Remove rpath from linux-musl binary ([#282](https://github.com/DataDog/libddwaf/pull/282))
+
 ### v1.17.0-alpha3 ([unstable](https://github.com/DataDog/libddwaf/blob/master/README.md#versioning-semantics))
 #### Changes
 - Action semantics and related improvements ([#277](https://github.com/DataDog/libddwaf/pull/277))
diff --git a/docker/libddwaf/build/Dockerfile b/docker/libddwaf/build/Dockerfile
index 75d83059e..61cd2a590 100644
--- a/docker/libddwaf/build/Dockerfile
+++ b/docker/libddwaf/build/Dockerfile
@@ -11,7 +11,7 @@ RUN cd build && cmake \
     -DCMAKE_TOOLCHAIN_FILE=/libddwaf/docker/libddwaf/sysroot/Toolchain.cmake.${ARCH} \
     -DLIBDDWAF_ENABLE_LTO=ON \
     ../libddwaf && ninja
-RUN patchelf --remove-needed $(basename /sysroot/${ARCH}-none-linux-musl/lib/libc.musl-*.so.1) /build/libddwaf.so
+RUN patchelf --remove-needed $(basename /sysroot/${ARCH}-none-linux-musl/lib/libc.musl-*.so.1) /build/libddwaf.so --remove-rpath
 
 RUN ninja -v -C build waf_test waf_validator
 RUN cd libddwaf/tests && qemu-$ARCH-static /build/tests/waf_test
@@ -28,7 +28,7 @@ RUN cd /build && \
 RUN cd /build && stripcmd=$(egrep -o "/usr/bin/[a-z0-9\_-]*-strip" /libddwaf/docker/libddwaf/sysroot/Toolchain.cmake.${ARCH}) ; $stripcmd -x -S libddwaf.a -o libddwaf.a.stripped
 
 RUN cd /build && ninja -v package && \
-    new_name=$(ls libddwaf-*.tar.gz | head -n1 | sed -e "s/\(libddwaf-[\.0-9]*\(-\(alpha\|beta\)[0-9]\)?*\)-linux-\([_a-zA-Z0-9]*\)\(-\?[a-zA-Z0-9]*.tar.gz\)/\1-\4-linux-musl\5/g"); \
+    new_name=$(ls libddwaf-*.tar.gz | head -n1 | sed -e "s/\(libddwaf-[\.0-9]*\(-\(alpha\|beta\|rc\)[0-9]\)\?\)-linux-\([_a-zA-Z0-9]*\)\(-[a-zA-Z0-9]*\)\?\.tar.gz/\1-\4-linux-musl\5.tar.gz/g") ; \
     mv libddwaf-*.tar.gz "$new_name"
 
 FROM scratch
diff --git a/version b/version
index d339f7df0..73d74673c 100644
--- a/version
+++ b/version
@@ -1 +1 @@
-1.17.0-alpha3
\ No newline at end of file
+1.17.0
\ No newline at end of file