Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package modsecurity for openSUSE:Factory checked in at 2023-05-17 10:53:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/modsecurity (Old) and /work/SRC/openSUSE:Factory/.modsecurity.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "modsecurity" Wed May 17 10:53:12 2023 rev:7 rq:1087408 version:3.0.9 Changes: -------- --- /work/SRC/openSUSE:Factory/modsecurity/modsecurity.changes 2023-01-12 22:45:01.869113478 +0100 +++ /work/SRC/openSUSE:Factory/.modsecurity.new.1533/modsecurity.changes 2023-05-17 10:53:44.727545854 +0200 @@ -1,0 +2,21 @@ +Tue May 9 11:30:26 UTC 2023 - Danilo Spinella <[email protected]> + +- Update to version 3.0.9: + * Add some member variable inits in Transaction class (possible segfault) + * Fix: possible segfault on reload if duplicate ip+CIDR in ip match list + * Resolve memory leak on reload (bison-generated variable) + * Support equals sign in XPath expressions + * Encode two special chars in error.log output + * Add JIT support for PCRE2 + * Support comments in ipMatchFromFile file via '#' token + * Use name package name libmaxminddb with pkg-config + * Fix: FILES_TMP_CONTENT collection key should use part name + * Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro + * During configure, do not check for pcre if pcre2 specified + * Use pkg-config to find libxml2 first + * Fix two rule-reload memory leak issues + * Correct whitespace handling for Include directive +- Fix CVE-2023-28882, a segfault and a resultant crash of a worker process + in some configurations with certain inputs, bsc#1210993 + +------------------------------------------------------------------- Old: ---- modsecurity-v3.0.8.tar.gz New: ---- modsecurity-v3.0.9.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ modsecurity.spec ++++++ --- /var/tmp/diff_new_pack.HM9bkI/_old 2023-05-17 10:53:45.263548741 +0200 +++ /var/tmp/diff_new_pack.HM9bkI/_new 2023-05-17 10:53:45.271548784 +0200 @@ -1,7 +1,7 @@ # # spec file for package modsecurity # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: modsecurity -Version: 3.0.8 +Version: 3.0.9 Release: 0 Summary: Web application firewall engine License: BSD-2-Clause ++++++ modsecurity-v3.0.8.tar.gz -> modsecurity-v3.0.9.tar.gz ++++++ ++++ 18406 lines of diff (skipped)
