Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8
@ 2023-01-15 17:32 Fabrice Fontaine
  2023-01-27 12:46 ` Peter Korsgaard
  2023-02-23 15:01 ` Frank Vanbever
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2023-01-15 17:32 UTC (permalink / raw)
  To: buildroot; +Cc: Frank Vanbever, Fabrice Fontaine

https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/libmodsecurity/libmodsecurity.hash | 4 ++--
 package/libmodsecurity/libmodsecurity.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash
index 087157d162..7ba0ef7f18 100644
--- a/package/libmodsecurity/libmodsecurity.hash
+++ b/package/libmodsecurity/libmodsecurity.hash
@@ -1,4 +1,4 @@
-# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.7/modsecurity-v3.0.7.tar.gz.sha256
-sha256  cfd8b7e7e6a0e9ca4e19b9adeb07594ba75eba16a66da5e9b0974c0117c21a34  modsecurity-v3.0.7.tar.gz
+# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz.sha256
+sha256  e241c89b3cd7e58a863d0d0d6b9b8ba4d33ffb0f51171044c258c62e3e7956c7  modsecurity-v3.0.8.tar.gz
 # Localy calculated
 sha256  c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4  LICENSE
diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk
index 916ba8fbcb..e83fda895f 100644
--- a/package/libmodsecurity/libmodsecurity.mk
+++ b/package/libmodsecurity/libmodsecurity.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBMODSECURITY_VERSION = 3.0.7
+LIBMODSECURITY_VERSION = 3.0.8
 LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
 LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION)
 LIBMODSECURITY_INSTALL_STAGING = YES
-- 
2.39.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8
  2023-01-15 17:32 [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8 Fabrice Fontaine
@ 2023-01-27 12:46 ` Peter Korsgaard
  2023-02-23 15:01 ` Frank Vanbever
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-01-27 12:46 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Frank Vanbever, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8
  2023-01-15 17:32 [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8 Fabrice Fontaine
  2023-01-27 12:46 ` Peter Korsgaard
@ 2023-02-23 15:01 ` Frank Vanbever
  1 sibling, 0 replies; 3+ messages in thread
From: Frank Vanbever @ 2023-02-23 15:01 UTC (permalink / raw)
  To: buildroot, peter; +Cc: Fabrice Fontaine, Yann Morin

Hi all,

Any version of libmodsecurity < 3.0.8 is affected by CVE-2022-48279 [1] so this 
bump is also relevant for 2022.11.x (3.0.7) and 2022.02.x (3.0.6)

I originally backported the fix from 3.0.8 to 3.0.7 and it comes in at just 
under 1MB. This rightfully triggered a quarantine in the mailing list and is a 
pretty good sign that a version bump might be a better course of action here.

Best regards,
Frank

[1] https://nvd.nist.gov/vuln/detail/CVE-2022-48279

On zondag 15 januari 2023 18:32:40 CET Fabrice Fontaine wrote:
> https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.8
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/libmodsecurity/libmodsecurity.hash | 4 ++--
>  package/libmodsecurity/libmodsecurity.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/libmodsecurity/libmodsecurity.hash
> b/package/libmodsecurity/libmodsecurity.hash index 087157d162..7ba0ef7f18
> 100644
> --- a/package/libmodsecurity/libmodsecurity.hash
> +++ b/package/libmodsecurity/libmodsecurity.hash
> @@ -1,4 +1,4 @@
> -# From
> https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.7/modsecur
> ity-v3.0.7.tar.gz.sha256 -sha256 
> cfd8b7e7e6a0e9ca4e19b9adeb07594ba75eba16a66da5e9b0974c0117c21a34 
> modsecurity-v3.0.7.tar.gz +# From
> https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecur
> ity-v3.0.8.tar.gz.sha256 +sha256 
> e241c89b3cd7e58a863d0d0d6b9b8ba4d33ffb0f51171044c258c62e3e7956c7 
> modsecurity-v3.0.8.tar.gz # Localy calculated
>  sha256  c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 
> LICENSE diff --git a/package/libmodsecurity/libmodsecurity.mk
> b/package/libmodsecurity/libmodsecurity.mk index 916ba8fbcb..e83fda895f
> 100644
> --- a/package/libmodsecurity/libmodsecurity.mk
> +++ b/package/libmodsecurity/libmodsecurity.mk
> @@ -4,7 +4,7 @@
>  #
>  ###########################################################################
> #####
> 
> -LIBMODSECURITY_VERSION = 3.0.7
> +LIBMODSECURITY_VERSION = 3.0.8
>  LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz
>  LIBMODSECURITY_SITE =
> https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURI
> TY_VERSION) LIBMODSECURITY_INSTALL_STAGING = YES




_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-23 15:02 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-01-15 17:32 [Buildroot] [PATCH 1/1] package/libmodsecurity: bump to version 3.0.8 Fabrice Fontaine
2023-01-27 12:46 ` Peter Korsgaard
2023-02-23 15:01 ` Frank Vanbever

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox