commit apache2-mod_security2 for openSUSE:Factory

Source-Sync Tue, 03 Jun 2025 09:04:02 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apache2-mod_security2 for 
openSUSE:Factory checked in at 2025-06-03 17:57:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_security2 (Old)
 and      /work/SRC/openSUSE:Factory/.apache2-mod_security2.new.16005 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "apache2-mod_security2"

Tue Jun  3 17:57:14 2025 rev:35 rq:1282334 version:2.9.10

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/apache2-mod_security2/apache2-mod_security2.changes  
    2025-03-31 11:40:39.589894599 +0200
+++ 
/work/SRC/openSUSE:Factory/.apache2-mod_security2.new.16005/apache2-mod_security2.changes
   2025-06-03 17:57:50.304301129 +0200
@@ -1,0 +2,18 @@
+Mon Jun  2 19:14:45 UTC 2025 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- update to 2.9.10:
+  * CVE-2025-48866: excessive number of arguments in sanitiseArg
+    can lead to a denial of service due to high memory consumption
+    (boo#1243976)
+- includes changes from 2.9.9:
+  * CVE-2025-47947: DoS through sanitiseMatchedBytes (boo#1243978)
+  * log error codes for global mutex failure modes
+  * Fix error logging for standalone module
+  * improved XMLArgs processing
+  * Incorrect utf8toUnicode transformation for 00xx
+  * PCRE2 compatibility fixes
+  * gcc14 fixes, developer visible fixes
+- drop apache2-mod_security2-gcc14.patch
+- run tests again as they are now fixed with pcre2
+
+-------------------------------------------------------------------

Old:
----
  apache2-mod_security2-gcc14.patch
  modsecurity-v2.9.8.tar.gz
  modsecurity-v2.9.8.tar.gz.asc

New:
----
  modsecurity-v2.9.10.tar.gz
  modsecurity-v2.9.10.tar.gz.asc

BETA DEBUG BEGIN:
  Old:  * gcc14 fixes, developer visible fixes
- drop apache2-mod_security2-gcc14.patch
- run tests again as they are now fixed with pcre2
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2-mod_security2.spec ++++++
--- /var/tmp/diff_new_pack.CPojA2/_old  2025-06-03 17:57:51.472349560 +0200
+++ /var/tmp/diff_new_pack.CPojA2/_new  2025-06-03 17:57:51.472349560 +0200
@@ -2,6 +2,7 @@
 # spec file for package apache2-mod_security2
 #
 # Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 Andreas Stieger <andreas.stie...@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +18,7 @@
 
 
 Name:           apache2-mod_security2
-Version:        2.9.8
+Version:        2.9.10
 Release:        0
 Summary:        Web Application Firewall for Apache httpd
 License:        Apache-2.0
@@ -33,8 +34,6 @@
 Patch2:         apache2-mod_security2_tests_conf.patch
 # https://github.com/SpiderLabs/ModSecurity/issues/2514
 Patch3:         modsecurity-2.9.3-input_filtering_errors.patch
-# fix build with gcc14
-Patch4:         apache2-mod_security2-gcc14.patch
 BuildRequires:  apache-rpm-macros
 BuildRequires:  apache2-devel
 BuildRequires:  apache2-prefork
@@ -86,6 +85,9 @@
 mkdir -p %{buildroot}%{apache_sysconfdir}/conf.d/
 cp -a %{SOURCE3} %{buildroot}%{apache_sysconfdir}/conf.d/
 
+%check
+%make_build test
+
 %files
 %{apache_libexecdir}/mod_security2.so
 %license LICENSE


++++++ modsecurity-v2.9.8.tar.gz -> modsecurity-v2.9.10.tar.gz ++++++
++++ 12241 lines of diff (skipped)

commit apache2-mod_security2 for openSUSE:Factory

Reply via email to