Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package modsecurity for openSUSE:Factory checked in at 2025-03-31 11:42:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/modsecurity (Old) and /work/SRC/openSUSE:Factory/.modsecurity.new.2696 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "modsecurity" Mon Mar 31 11:42:25 2025 rev:12 rq:1265356 version:3.0.14 Changes: -------- --- /work/SRC/openSUSE:Factory/modsecurity/modsecurity.changes 2024-12-10 23:50:58.831171273 +0100 +++ /work/SRC/openSUSE:Factory/.modsecurity.new.2696/modsecurity.changes 2025-03-31 11:43:39.273340462 +0200 @@ -1,0 +2,18 @@ +Wed Mar 19 17:46:26 UTC 2025 - Andreas Stieger <andreas.stie...@gmx.de> + +- update to 3.0.14: + * changed t:htmlEntityDecode transformation + CVE-2025-27110 boo#1238061 + * add value checking to @validateByteRange operator + * aligned TIME_MON variable's behavior + * Leverage std::make_unique & std::make_shared to create objects in the heap + * Simplified handling of RuleMessage by removing usage of std::shared_ptr + * Simplified constructors, copy constructors & assignment operators +- new upstream +- add upstream signing key and validate source signature +- drop build dependencies no longer needed +- build with support for curl, MaxMindDB, ssdeep (libfuzzy), yail +- build with pcre2 instead of pcre +- correct upstream license, it is Apache-2.0 + +------------------------------------------------------------------- Old: ---- modsecurity-v3.0.13.tar.gz New: ---- modsecurity-v3.0.14.tar.gz modsecurity-v3.0.14.tar.gz.sig modsecurity.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ modsecurity.spec ++++++ --- /var/tmp/diff_new_pack.GFS7dW/_old 2025-03-31 11:43:40.277382125 +0200 +++ /var/tmp/diff_new_pack.GFS7dW/_new 2025-03-31 11:43:40.277382125 +0200 @@ -2,6 +2,7 @@ # spec file for package modsecurity # # Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 Andreas Stieger <andreas.stie...@gmx.de> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,42 +17,46 @@ # +%define sover 3 Name: modsecurity -Version: 3.0.13 +Version: 3.0.14 Release: 0 Summary: Web application firewall engine -License: BSD-2-Clause +License: Apache-2.0 Group: Productivity/Networking/Security URL: https://www.modsecurity.org/ -Source0: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz +Source0: https://github.com/owasp-modsecurity/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz Source1: baselibs.conf -BuildRequires: automake -BuildRequires: cmake -BuildRequires: gcc-c++ -BuildRequires: gd-devel -BuildRequires: git -BuildRequires: libtool -BuildRequires: libxslt-devel -BuildRequires: openssl-devel -BuildRequires: pcre-devel +Source2: https://github.com/owasp-modsecurity/ModSecurity/releases/download/v%{version}/modsecurity-v%{version}.tar.gz.sig +Source3: https://modsecurity.org/security.asc#/%{name}.keyring +BuildRequires: c++_compiler +BuildRequires: libfuzzy-devel BuildRequires: pkgconfig +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(libmaxminddb) +BuildRequires: pkgconfig(libpcre2-8) +BuildRequires: pkgconfig(libxml-2.0) >= 2.6.29 +BuildRequires: pkgconfig(lua) +BuildRequires: pkgconfig(yajl) +# optional dependencies disabled by default +# BuildRequires: pkgconfig(lmdb) %description ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. -%package -n libmodsecurity3 +%package -n libmodsecurity%{sover} Summary: Web application firewall engine Group: System/Libraries -%description -n libmodsecurity3 +%description -n libmodsecurity%{sover} ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. %package devel Summary: Development files for modsecurity, a web application firewall engine Group: Development/Languages/C and C++ -Requires: libmodsecurity3 = %{version} +Requires: libmodsecurity%{sover} = %{version} %description devel ModSecurity is a toolkit for real-time web application monitoring, logging, and @@ -60,33 +65,35 @@ This subpackage holds the development headers for the library. %prep -%setup -q -n %{name}-v%{version} +%autosetup -p1 -n %{name}-v%{version} %build -export MAKEFLAGS=-j$(($(grep -c ^processor /proc/cpuinfo) - 0)) -sh build.sh -%configure --disable-doxygen-doc --disable-examples --disable-dependency-tracking +%configure \ + --disable-doxygen-doc \ + --disable-examples \ + --disable-dependency-tracking \ + --disable-static \ + --with-pcre2 \ + %{nil} %make_build %install -export MAKEFLAGS=-j$(($(grep -c ^processor /proc/cpuinfo) - 0)) %make_install find %{buildroot} -type f -name "*.la" -delete -print -find %{buildroot} -type f -name "*.a" -delete -print -%post -n libmodsecurity3 -p /sbin/ldconfig -%postun -n libmodsecurity3 -p /sbin/ldconfig +%ldconfig_scriptlets -n libmodsecurity%{sover} %files %license LICENSE %{_bindir}/modsec-rules-check -%files -n libmodsecurity3 +%files -n libmodsecurity%{sover} %license LICENSE -%{_libdir}/libmodsecurity.so.3 -%{_libdir}/libmodsecurity.so.3.* +%{_libdir}/libmodsecurity.so.%{sover} +%{_libdir}/libmodsecurity.so.%{sover}.* %files devel +%license LICENSE %{_libdir}/libmodsecurity.so %{_includedir}/modsecurity %{_libdir}/pkgconfig/*.pc ++++++ modsecurity-v3.0.13.tar.gz -> modsecurity-v3.0.14.tar.gz ++++++ /work/SRC/openSUSE:Factory/modsecurity/modsecurity-v3.0.13.tar.gz /work/SRC/openSUSE:Factory/.modsecurity.new.2696/modsecurity-v3.0.14.tar.gz differ: char 14, line 1
