Revisions of apache2-mod_security2
Roman Drahtmueller (draht)
committed
(revision 53)
Roman Drahtmueller (draht)
committed
(revision 52)
Roman Drahtmueller (draht)
committed
(revision 51)
Roman Drahtmueller (draht)
committed
(revision 50)
- Portability: provide /etc/apache2/mod_security2.d/empty.conf to avoid a non-match of the file-glob in the Include statement from /etc/apache2/conf.d/mod_security2.conf . This restores the Include back from the IncludeOptional, which is not portable.
Roman Drahtmueller (draht)
accepted
request 246404
from
Thomas Worm (thomas-worm-sicsec)
(revision 49)
Added backward compatibility for SLE 11 (aclocal fails on older distributions than openSuSE 13.1). Please forward to updates.
Roman Drahtmueller (draht)
committed
(revision 48)
- last changelog does not say that apache2-mod_security2-libtool-fix.diff was obsoleted.
Roman Drahtmueller (draht)
committed
(revision 47)
- BuildRequires: libtool missing - apache2-mod_security2-libtool-fix.diff: initialize libtool.
Roman Drahtmueller (draht)
committed
(revision 46)
- apache2-mod_security2-no_rpath.diff: avoid the usage of -rpath
in autoconf m4 macros. Obsoletes patch
modsecurity-apache_2.8.0-build_fix_pcre.diff
- use automake for build, add autoconf and automake to
BuildRequires:. This fix is combined with [bnc#876878].
- turn on --enable-htaccess-config
- use %{?_smp_mflags} for build
- OWASP rule set. [bnc#876878]
new in 2.8.0 (more complete changelog to add to last changelog):
* Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit)
now support white and suspicious list
* New variables: FULL_REQUEST and FULL_REQUEST_LENGTH
* GPLv2 replaced by Apache License v2
* rules are not part of the source tarball any longer, but
maintaned upstream externally, and included in this package.
* documentation was externalized to a wiki. Package contains
the FAQ and the reference manual in html form.
* renamed the term "Encryption" in directives that actually refer
to hashes. See CHANGES file for more details.
* byte conversion issues on s390x when logging fixed.
* many small issues fixed that were discovered by a Coverity scanner
* updated reference manual
* wrong time calculation when logging for some timezones fixed.
* replaced time-measuring mechanism with finer granularity for
measured request/answer phases. (Stopwatch remains for compat.)
* cookie parser memory leak fix
* parsing of quoted strings in multipart Content-Disposition
headers fixed.
Cristian Rodríguez (elvigia)
accepted
request 232296
from
Thomas Worm (thomas-worm-sicsec)
(revision 45)
- Raised to version 2.8.0.
- updated patches:
* modsecurity-apache_2.8.0-build_fix_pcre.diff
-> modsecurity-apache_2.7.7-build_fix_pcre.diff
Tomáš Chvátal (scarabeus_factory)
accepted
request 215135
from
Thomas Worm (thomas-worm-sicsec)
(revision 44)
- Raised to version 2.7.7.
- modified patches:
* modsecurity-apache_2.7.5-build_fix_pcre.diff,
renamed to modsecurity-apache_2.7.7-build_fix_pcre.diff.
Roman Drahtmueller (draht)
accepted
request 214773
from
Aeneas Jaißle (aeneas_jaissle)
(revision 43)
Use correct source Url
Roman Drahtmueller (draht)
accepted
request 206042
from
Roman Drahtmueller (draht)
(revision 42)
- complete overhaul of this package, with update to 2.7.5.
- ruleset update to 2.2.8-0-g0f07cbb.
- new configuration framework private to mod_security2:
/etc/apache2/conf.d/mod_security2.conf loads
/usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf,
then /etc/apache2/mod_security2.d/*.conf , as set up based on
advice in /etc/apache2/conf.d/mod_security2.conf
Your configuration starting point is
/etc/apache2/conf.d/mod_security2.conf
- !!! Please note that mod_unique_id is needed for mod_security2 to run!
- modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous
linker parameter, preventing rpath in shared object.
- fixes contained for the following bugs:
* CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling
* [bnc#768293] multi-part bypass, minor threat
* CVE-2013-1915 [bnc#813190] XML external entity vulnerability
* CVE-2012-4528 [bnc#789393] rule bypass
* CVE-2013-2765 [bnc#822664] null pointer dereference crash
- new from 2.5.9 to 2.7.5, only major changes:
* GPLv2 replaced by Apache License v2
* rules are not part of the source tarball any longer, but
maintaned upstream externally, and included in this package.
* documentation was externalized to a wiki. Package contains
the FAQ and the reference manual in html form.
* renamed the term "Encryption" in directives that actually refer
to hashes. See CHANGES file for more details.
* new directive SecXmlExternalEntity, default off
* byte conversion issues on s390x when logging fixed.
* many small issues fixed that were discovered by a Coverity scanner
* updated reference manual
buildservice-autocommit
accepted
request 131757
from
Ismail Dönmez (namtrac)
(revision 41)
Ismail Dönmez (namtrac)
(revision 41)
baserev update by copy to link target
Ismail Dönmez (namtrac)
accepted
request 131755
from
Ciaran Farrell (babelworx)
(revision 40)
license update: Apache-2.0 and GPL-2.0 Many of the files in the rules/ subdirectory are GPL-2.0 licensed
Ismail Dönmez (namtrac)
accepted
request 130251
from
Cristian Rodríguez (elvigia)
(revision 39)
- Update to version 2.6.7, fixes build in apache 2.4 - Update spec file macros.
Stephan Kulow (coolo)
accepted
request 82767
from
Jan Engelhardt (jengelh)
(revision 38)
- Remove redundant tags/sections from specfile - Use %_smp_mflags for parallel build
Roman Drahtmueller (draht)
committed
(revision 37)
- update to version 2.6.1-rc1 for submission to SLE11-SP2 (fate#309433):
- SecUnicodeCodePage and SecUnicodeMapFile directives added
- fixed bug: SecRequestBodyLimit was truncating the real request
body
additional fixes from 2.6.0:
- buffering filter problems fixed
- memory leak fix when using MATCHED_VAR_NAMES
- SecWriteStateLimit added against slow DoS
additional fixes from 2.6.0 release candidates:
- optimizations
- bug in logging code fixed
- cleanup
- google safe browsing support
Stephan Kulow (coolo)
committed
(revision 34)
Displaying revisions 41 - 60 of 93
