Bug 1672678 - libmodsecurity: update to 3.0.3 release [NEEDINFO]
Summary: libmodsecurity: update to 3.0.3 release
Status: ON_QA
Alias: None
Product: Fedora
Classification: Fedora
Component: libmodsecurity
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Athmane Madjoudj
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-05 15:42 UTC by Denis Fateyev
Modified: 2019-06-07 23:55 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed:
denis: needinfo?


Attachments (Terms of Use)

Description Denis Fateyev 2019-02-05 15:42:30 UTC
Description of problem:

Libmodsecurity 3.0.3 upstream release is available [1,2].

Please update to the recent version in Fedora and EPEL7 branches.

Thanks!

 [1] https://www.modsecurity.org/

 [2] https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.3/modsecurity-v3.0.3.tar.gz

Comment 1 Denis Fateyev 2019-03-31 15:30:02 UTC
Any update here?

Comment 2 Fedora Update System 2019-03-31 19:14:18 UTC
libmodsecurity-3.0.3-1.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-ee5a421a8a

Comment 3 Fedora Update System 2019-03-31 19:34:27 UTC
libmodsecurity-3.0.3-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9a7ee8ddd8

Comment 4 Fedora Update System 2019-03-31 20:20:32 UTC
libmodsecurity-3.0.3-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1e12b7c8b4

Comment 5 Athmane Madjoudj 2019-03-31 20:23:03 UTC
Updates will hit testing repos soon, please test and provide feedback via karma if possible.

Comment 6 Fedora Update System 2019-04-01 01:33:03 UTC
libmodsecurity-3.0.3-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-ee5a421a8a

Comment 7 Fedora Update System 2019-04-01 02:06:43 UTC
libmodsecurity-3.0.3-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9a7ee8ddd8

Comment 8 Fedora Update System 2019-04-01 02:15:24 UTC
libmodsecurity-3.0.3-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1e12b7c8b4

Comment 9 Dridi Boukelmoune 2019-04-01 09:54:43 UTC
I don't think we can push this to Fedora outside of Rawhide. A rebuild is needed on aarch64 for dependent packages since it apparently breaks the ABI on those platforms so it's too late for f30.

I need to double check that epel7 is x86_64-only in which case it would be OK to push there.

Comment 10 Dridi Boukelmoune 2019-04-01 09:55:46 UTC
No, epel7 is also not OK apparently: https://koji.fedoraproject.org/koji/buildinfo?buildID=1240700

Comment 11 Denis Fateyev 2019-04-01 12:46:14 UTC
Which packages depend on this ABI version?
If yuo have an access, you can update everything within one update cycle (build libmodsecurity, make override in Bodhi, build dependants, push all builds as one solid update).

Comment 13 Denis Fateyev 2019-04-01 14:03:30 UTC
I don't see any dependants from "libmodsecurity", except its auxiliary packages (libmodsecurity-devel, libmodsecurity-static).

# repoquery --whatrequires libmodsecurity
libmodsecurity-devel-0:3.0.2-3.el7.x86_64
libmodsecurity-static-0:3.0.2-3.el7.x86_64

I really doubt you would break anything with bumping ABI in "libmodsecurity".

Comment 14 Dridi Boukelmoune 2019-04-04 06:57:52 UTC
I tried this instead:

    dnf repoquery --enablerepo=*-source --whatrequires libmodsecurity-devel

No dependent package, which means it's good to go in rawhide and f30. We can't break f29 because there may be users of the package and they shouldn't have to rebuild whatever uses this library on their systems, I'm one of them.

Comment 15 Athmane Madjoudj 2019-04-05 20:38:33 UTC
Sorry for late response, I'll unpush them on the stable branch, I usually dont update the stable branches unless the project is in it early stages (.0 is often buggy), plus I checked that nothing depend on it.


@Dridi: out of curiosity, do you use libmodsecurity 3.x in production ? (via Apache httpd/nginx/varnish/ ...), I'm asking because the plan is to make mod_secuirty3 the main package and leave mod_security (aka mod_security2) for while before retiring it (probability when RHEL 7 will hit EOL)

Comment 16 Denis Fateyev 2019-06-07 23:54:54 UTC
This ticket is still in ON_QA state. Could you check and resolve it?
Thanks.


Note You need to log in before you can comment on or make changes to this bug.