Date: Mon, 17 Sep 2007 11:38:47 +0200 (CEST) From: Robin Gruyters <r.gruyters@yirdis.nl> To: FreeBSD-gnats-submit@FreeBSD.org Cc: dom@happygiraffe.net Subject: ports/116414: [PATCH] www/mod_security2: update to 2.1.3 Message-ID: <200709170938.l8H9clT4039001@server.yirdis.net> Resent-Message-ID: <200709170940.l8H9e2v1044793@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116414 >Category: ports >Synopsis: [PATCH] www/mod_security2: update to 2.1.3 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Sep 17 09:40:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Robin Gruyters >Release: FreeBSD 6.2-RELEASE-p5 i386 >Organization: YIRDIS B.V. >Environment: System: FreeBSD server.yirdis.net 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #4: Thu May 31 10:58:52 CEST 2007 >Description: - Update to 2.1.3 Changelog mod_security: * Updated multipart parsing code adding variables to allow checking for various parsing issues (request body abnormalities). * Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity. * Quiet some compiler warnings. * Do not block internal ErrorDocument requests after blocking request. * Added ability to compile without an external API (use -DNO_MODSEC_API). * Cleaned up and clarified some documentation. * Update included core rules to latest version (1.4.3). * Enhanced ability to alert/audit failed requests. * Do not trigger "pause" action for internal requests. * Fixed issue with requests that use internal requests. These had the potential to be intercepted incorrectly when other Apache httpd modules that used internal requests were used with mod_security. * Added Solaris and Cygwin to the list of platforms not supporting the hidden visibility attribute. * Fixed decoding full-width unicode in t:urlDecodeUni. * Lessen some overhead of debugging messages and calculations. * Do not try to intercept a request after a failed rule. This fixes the issue associated with an "Internal Error: Asked to intercept request but was_intercepted is zero" error message. * Added SecAuditLog2 directive to allow redundent concurrent audit log index files. This will allow sending audit data to two consoles, etc. * Small performance improvement in memory management for rule execution. Port maintainer (dom@happygiraffe.net) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- mod_security2-2.1.3.patch begins here --- Index: Makefile =================================================================== RCS file: /data3/Build/CVS/ports/www/mod_security2/Makefile,v retrieving revision 1.8 diff -u -r1.8 Makefile --- Makefile 1 Sep 2007 21:58:02 -0000 1.8 +++ Makefile 17 Sep 2007 09:36:15 -0000 @@ -6,7 +6,7 @@ # PORTNAME= mod_security2 -PORTVERSION= 2.1.1 +PORTVERSION= 2.1.3 CATEGORIES= www security MASTER_SITES= http://www.modsecurity.org/download/ DISTNAME= ${PORTNAME:S/_//:S/2//}-apache_${PORTVERSION} Index: distinfo =================================================================== RCS file: /data3/Build/CVS/ports/www/mod_security2/distinfo,v retrieving revision 1.4 diff -u -r1.4 distinfo --- distinfo 14 Jun 2007 15:46:33 -0000 1.4 +++ distinfo 17 Sep 2007 09:36:38 -0000 @@ -1,3 +1,3 @@ -MD5 (modsecurity-apache_2.1.1.tar.gz) = ab74ed5f320ffc4ed9f56487bf17c670 -SHA256 (modsecurity-apache_2.1.1.tar.gz) = fadeb3b4ce5672c99c094611792b827d45fcd6b38c4c4fa81c4cfdc63c63b71a -SIZE (modsecurity-apache_2.1.1.tar.gz) = 650607 +MD5 (modsecurity-apache_2.1.3.tar.gz) = b98a65ce4fd5deb343e295bac9490331 +SHA256 (modsecurity-apache_2.1.3.tar.gz) = 875c35778a1e2d56859ec754272f80d05bc892db40341996e3a8c54e74076036 +SIZE (modsecurity-apache_2.1.3.tar.gz) = 674923 --- mod_security2-2.1.3.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709170938.l8H9clT4039001>