Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apache2-mod_security2 for
openSUSE:Factory checked in at 2025-06-03 17:57:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_security2.new.16005 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_security2"
Tue Jun 3 17:57:14 2025 rev:35 rq:1282334 version:2.9.10
Changes:
--------
---
/work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes
2025-03-31 11:40:39.589894599 +0200
+++
/work/SRC/openSUSE:Factory/.apache2-mod_security2.new.16005/apache2-mod_security2.changes
2025-06-03 17:57:50.304301129 +0200
@@ -1,0 +2,18 @@
+Mon Jun 2 19:14:45 UTC 2025 - Andreas Stieger <[email protected]>
+
+- update to 2.9.10:
+ * CVE-2025-48866: excessive number of arguments in sanitiseArg
+ can lead to a denial of service due to high memory consumption
+ (boo#1243976)
+- includes changes from 2.9.9:
+ * CVE-2025-47947: DoS through sanitiseMatchedBytes (boo#1243978)
+ * log error codes for global mutex failure modes
+ * Fix error logging for standalone module
+ * improved XMLArgs processing
+ * Incorrect utf8toUnicode transformation for 00xx
+ * PCRE2 compatibility fixes
+ * gcc14 fixes, developer visible fixes
+- drop apache2-mod_security2-gcc14.patch
+- run tests again as they are now fixed with pcre2
+
+-------------------------------------------------------------------
Old:
----
apache2-mod_security2-gcc14.patch
modsecurity-v2.9.8.tar.gz
modsecurity-v2.9.8.tar.gz.asc
New:
----
modsecurity-v2.9.10.tar.gz
modsecurity-v2.9.10.tar.gz.asc
BETA DEBUG BEGIN:
Old: * gcc14 fixes, developer visible fixes
- drop apache2-mod_security2-gcc14.patch
- run tests again as they are now fixed with pcre2
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_security2.spec ++++++
--- /var/tmp/diff_new_pack.CPojA2/_old 2025-06-03 17:57:51.472349560 +0200
+++ /var/tmp/diff_new_pack.CPojA2/_new 2025-06-03 17:57:51.472349560 +0200
@@ -2,6 +2,7 @@
# spec file for package apache2-mod_security2
#
# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 Andreas Stieger <[email protected]>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +18,7 @@
Name: apache2-mod_security2
-Version: 2.9.8
+Version: 2.9.10
Release: 0
Summary: Web Application Firewall for Apache httpd
License: Apache-2.0
@@ -33,8 +34,6 @@
Patch2: apache2-mod_security2_tests_conf.patch
# https://github.com/SpiderLabs/ModSecurity/issues/2514
Patch3: modsecurity-2.9.3-input_filtering_errors.patch
-# fix build with gcc14
-Patch4: apache2-mod_security2-gcc14.patch
BuildRequires: apache-rpm-macros
BuildRequires: apache2-devel
BuildRequires: apache2-prefork
@@ -86,6 +85,9 @@
mkdir -p %{buildroot}%{apache_sysconfdir}/conf.d/
cp -a %{SOURCE3} %{buildroot}%{apache_sysconfdir}/conf.d/
+%check
+%make_build test
+
%files
%{apache_libexecdir}/mod_security2.so
%license LICENSE
++++++ modsecurity-v2.9.8.tar.gz -> modsecurity-v2.9.10.tar.gz ++++++
++++ 12241 lines of diff (skipped)
