Revisions of apache2-mod_security2
buildservice-autocommit
accepted
request 1173611
from
Petr Gajdos (pgajdos)
(revision 93)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 1172451
from
Petr Gajdos (pgajdos)
(revision 92)
- added patches fix fix build with gcc14 + apache2-mod_security2-gcc14.patch
buildservice-autocommit
accepted
request 1149082
from
Petr Gajdos (pgajdos)
(revision 91)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 1147828
from
Dominique Leuenberger (dimstar)
(revision 90)
Prepare for RPM 4.20
Danilo Spinella (dspinella)
accepted
request 1101664
from
Danilo Spinella (dspinella)
(revision 89)
revert to 87
Danilo Spinella (dspinella)
accepted
request 1099113
from
Dirk Mueller (dirkmueller)
(revision 88)
- reenable tests - switch to SpiderLabs owasp 3.2.0 release (final release, upstream archived the project, please switch to coreruleset instead): * Various security fixes, see * https://raw.githubusercontent.com/SpiderLabs/owasp-modsecurity-crs/v3.2.0/CHANGES - introduce supply chain security by adding gpg signature and keyring
Danilo Spinella (dspinella)
accepted
request 1098838
from
Dirk Mueller (dirkmueller)
(revision 87)
- update to 2.9.7: * Fix: FILES_TMP_CONTENT may sometimes lack complete content * Support configurable limit on number of arguments processed * Silence compiler warning about discarded const * Support for JIT option for PCRE2 * Use uid for user if apr_uid_name_get() fails * Fix: handle error with SecConnReadStateLimit configuration * Only check for pcre2 install if required * Adjustment of previous fix for log messages * Mark apache error log messages as from mod_security2 * Use pkg-config to find libxml2 first * Support for PCRE2 in mlogc * Support for PCRE2 * Adjust parser activation rules in modsecurity.conf- recommended * Multipart parsing fixes and new MULTIPART_PART_HEADERS collection * Limit rsub null termination to where necessary * IIS: Update dependencies for next planned release * XML parser cleanup: NULL duplicate pointer * Properly cleanup XML parser contexts upon completion * Fix memory leak in streams * Fix: negative usec on log line when data type long is 32b * mlogc log-line parsing fails due to enhanced timestamp * Allow no-key, single-value JSON body * Set SecStatusEngine Off in modsecurity.conf-recommended * Fix memory leak that occurs on JSON parsing error * Multipart names/filenames may include single quote if double- quote enclosed * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-
Danilo Spinella (dspinella)
accepted
request 907282
from
Danilo Spinella (dspinella)
(revision 85)
- Update to 2.9.4: * Add microsec timestamp resolution to the formatted log timestamp * Added missing Geo Countries * Store temporaries in the request pool for regexes compiled per-request. * Fix other usage of the global pool for request temporaries in re_operators.c * Adds a sanity check before use ctl:ruleRemoveTargetById and ctl:ruleRemoveTargetByMsg. * Fix the order of error_msg validation * When the input filter finishes, check whether we returned data * fix: care non-null terminated chunk data * Fix for apr_global_mutex_create() crashes with mod_security * Fix inet addr handling on 64 bit big endian systems - Run spec-cleaner - Remove if/else for older version of SUSE distribution
buildservice-autocommit
accepted
request 874491
from
Petr Gajdos (pgajdos)
(revision 84)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 83)
- version update to 2.9.3 * Enable optimization for large stream input by default on IIS [Issue #1299 - @victorhora, @zimmerle] * Allow 0 length JSON requests. [Issue #1822 - @allanbomsft, @zimmerle, @victorhora, @marcstern] * Include unanmed JSON values in unnamed ARGS [Issue #1577, #1576 - @marcstern, @victorhora, @zimmerle] * Fix buffer size for utf8toUnicode transformation [Issue #1208 - @katef, @victorhora] * Fix sanitizing JSON request bodies in native audit log format [p0pr0ck5, @victorhora] * IIS: Update Wix installer to bundle a supported CRS version (3.0) [@victorhora, @zimmerle] * IIS: Update dependencies for Windows build [Issue #1848 - @victorhora, @hsluoyz] * IIS: Set SecStreamInBodyInspection by default on IIS builds (#1299) [Issue #1299 - @victorhora] * IIS: Update modsecurity.conf [Issue #788 - @victorhora, @brianclark] * Add sanity check for a couple malloc() and make code more resilient [Issue #979 - @dogbert2, @victorhora, @zimmerl] * Fix NetBSD build by renaming the hmac function to avoid conflicts [Issue #1241 - @victorhora, @joerg, @sevan] * IIS: Windows build, fix duplicate YAJL dir in script [Issue #1612 - @allanbomsft, @victorhora] * IIS: Remove body prebuffering due to no locking in modsecProcessRequest [Issue #1917 - @allanbomsft, @victorhora] * Fix mpm-itk / mod_ruid2 compatibility [Issue #712 - @ju5t , @derhansen, @meatlayer, @victorhora] * Code cosmetics: checks if actionset is not null before use it
buildservice-autocommit
accepted
request 777581
from
Factory Maintainer (factory-maintainer)
(revision 82)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 81)
- removing %apache_test_* macros, do not test module just by loading the module
Petr Gajdos (pgajdos)
accepted
request 739567
from
Richard Brown (RBrownSUSE)
(revision 79)
Remove obsolete Groups tag (fate#326485)
buildservice-autocommit
accepted
request 561619
from
Kristyna Streitova (kstreitova)
(revision 78)
baserev update by copy to link target
Kristyna Streitova (kstreitova)
accepted
request 560465
from
Jan Engelhardt (jengelh)
(revision 77)
* (TM) ought not to be used according to openSUSE's license guidelines (when I last looked at it) * simplify the find line
Petr Gajdos (pgajdos)
committed
(revision 76)
- fix build for SLE_11_SP4: BuildRoot and %deffattr have to be present
Kristyna Streitova (kstreitova)
accepted
request 556963
from
Kristyna Streitova (kstreitova)
(revision 75)
- update to 2.9.2 * release notes https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.2 * refresh apache2-mod_security2-no_rpath.diff * remove apache2-mod_security2-lua-5.3.patch that was applied upstream - remove outdated html pages and diagram (they can be accessed online at https://github.com/SpiderLabs/ModSecurity/wiki) * Reference-Manual.html.bz2 * ModSecurity-Frequently-Asked-Questions-FAQ.html.bz2 * modsecurity_diagram_apache_request_cycle.jpg - don't pack the whole doc directory as it contains also Makefiles or doxygen configuration files - disable mlogc as we don't pack it and it also can't be built for curl <=7.34 - add basic and regression test suite (but disabled for now) * add apache2-mod_security2_tests_conf.patch for apache2 configuration file used for tests that was trying to load mpm_worker_module (it's static for our apache2 package) * add "BuildRequires: perl-libwww-perl" needed for the test suite
buildservice-autocommit
accepted
request 505810
from
Petr Gajdos (pgajdos)
(revision 74)
baserev update by copy to link target
Displaying revisions 1 - 20 of 93