On Fri, Jun 02, 2023 at 09:46:19PM +0200, Paul Gevers wrote: > Hi, > > On 01-06-2023 22:39, Ervin Hegedüs wrote: > > > On Thu, Jun 01, 2023 at 09:52:06PM +0200, Paul Gevers wrote: > > I think there is absolutely no risk. Bot package (libmodsecurity3 > > and libnginx-mod-http-modsecurity) is totally new packages, we > > won't introduce any "unknown" issues. > > Huh? src:modsecurity as been part of stable for at least two times.
yes, but nothing uses it. There is not any package which depends on it. > > these files (which created the huge diff) are generated by Bison. > > Now that is extremely relevant information. Why wasn't that shared before > (and filtered from the debdiff for that reason)? I don't know... :( > Does the same hold for all > that .m4 stuff? Are those files recreated during the build? I don't think that .m4 files are re-generated during the build process. The vendor of ModSecurity provides the generated Bison related files, but it does not matter, because the generated files are also have a huge diff. > > (A side note: not these files (above) have huge diff, but the > > derived ones: seclang-parser.cc, seclang-parser.hh, > > seclang-scanner.cc) > > But I didn't know... So, please tell me. Which files are generated? In the upstream directory, here is the line which generates these lines: https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/parser/Makefile.am#L33 And these are the generated lines: https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/parser/Makefile.am#L36-L42 a.
