The NetBSD Project

CVS log for pkgsrc/security/ap-modsecurity2/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / ap-modsecurity2

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.61 / (download) - annotate - [select for diffs], Wed Nov 23 16:20:59 2022 UTC (2 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4, HEAD
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)

massive revision bump after textproc/icu update

Revision 1.60 / (download) - annotate - [select for diffs], Wed Oct 26 10:31:56 2022 UTC (3 months ago) by wiz
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)

*: bump PKGREVISION for libunistring shlib major bump

Revision 1.59 / (download) - annotate - [select for diffs], Mon Apr 18 19:11:58 2022 UTC (9 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)

revbump for textproc/icu update

Revision 1.58 / (download) - annotate - [select for diffs], Wed Dec 8 16:06:16 2021 UTC (13 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)

revbump for icu and libffi

Revision 1.57 / (download) - annotate - [select for diffs], Wed Sep 29 19:01:15 2021 UTC (16 months ago) by adam
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)

revbump for boost-libs

Revision 1.56 / (download) - annotate - [select for diffs], Wed Apr 21 13:25:18 2021 UTC (21 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)

revbump for boost-libs

Revision 1.55 / (download) - annotate - [select for diffs], Wed Apr 21 11:42:34 2021 UTC (21 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)

revbump for textproc/icu

Revision 1.54 / (download) - annotate - [select for diffs], Thu Nov 5 09:09:01 2020 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)

*: Recursive revbump from textproc/icu-68.1

Revision 1.53 / (download) - annotate - [select for diffs], Tue Jun 30 17:38:02 2020 UTC (2 years, 7 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.52: +3 -4 lines
Diff to previous 1.52 (colored)

ap-modsecurity2: Uses lua51.

Revision 1.52 / (download) - annotate - [select for diffs], Tue Jun 2 08:24:39 2020 UTC (2 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)

Revbump for icu

Revision 1.51 / (download) - annotate - [select for diffs], Fri May 22 10:56:35 2020 UTC (2 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)

revbump after updating security/nettle

Revision 1.50 / (download) - annotate - [select for diffs], Wed May 6 14:04:59 2020 UTC (2 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)

revbump after boost update

Revision 1.49 / (download) - annotate - [select for diffs], Sun Mar 8 16:51:06 2020 UTC (2 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)

*: recursive bump for libffi

Revision 1.48 / (download) - annotate - [select for diffs], Sun Jan 26 17:32:02 2020 UTC (3 years ago) by rillig
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)

all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Revision 1.47 / (download) - annotate - [select for diffs], Sat Jan 18 21:50:33 2020 UTC (3 years ago) by jperkin
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)

*: Recursive revision bump for openssl 1.1.1.

Revision 1.46 / (download) - annotate - [select for diffs], Sun Jan 12 20:20:41 2020 UTC (3 years ago) by ryoon
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)

*: Recursive revbump from devel/boost-libs

Revision 1.45 / (download) - annotate - [select for diffs], Thu Aug 22 12:23:43 2019 UTC (3 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)

Recursive revbump from boost-1.71.0

Revision 1.44 / (download) - annotate - [select for diffs], Sat Jul 20 22:46:46 2019 UTC (3 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)

*: recursive bump for nettle 3.5.1

Revision 1.43 / (download) - annotate - [select for diffs], Mon Jul 1 04:08:44 2019 UTC (3 years, 7 months ago) by ryoon
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)

Recursive revbump from boost-1.70.0

Revision 1.42 / (download) - annotate - [select for diffs], Thu Dec 13 19:52:19 2018 UTC (4 years, 1 month ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)

revbump for boost 1.69.0

Revision 1.41 / (download) - annotate - [select for diffs], Thu Aug 16 18:55:09 2018 UTC (4 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)

revbump after boost-libs update

Revision 1.40 / (download) - annotate - [select for diffs], Sun Apr 29 21:32:02 2018 UTC (4 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)

revbump for boost-libs update

Revision 1.39 / (download) - annotate - [select for diffs], Mon Jan 29 09:48:45 2018 UTC (5 years ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)

Fix the examples directory in MESSAGE to match where it is...
Bump PKGREVISION.

Revision 1.38 / (download) - annotate - [select for diffs], Mon Jan 1 21:18:50 2018 UTC (5 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)

Revbump after boost update

Revision 1.37 / (download) - annotate - [select for diffs], Mon Jan 1 10:23:04 2018 UTC (5 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.36: +1 -2 lines
Diff to previous 1.36 (colored)

apache22: remove, it was eol'd in June 2017

Remove packages that only work with apache22.
Remove apache22 references.

Revision 1.36 / (download) - annotate - [select for diffs], Thu Aug 24 20:03:38 2017 UTC (5 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)

Revbump for boost update

Revision 1.35 / (download) - annotate - [select for diffs], Sun Apr 30 01:21:59 2017 UTC (5 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)

Recursive revbump from boost update

Revision 1.34 / (download) - annotate - [select for diffs], Sun Jan 1 16:06:35 2017 UTC (6 years, 1 month ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

Revbump after boost update

Revision 1.33 / (download) - annotate - [select for diffs], Fri Oct 7 18:26:09 2016 UTC (6 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)

Revbump post boost update

Revision 1.32 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:18 2016 UTC (6 years, 10 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

Bump PKGREVISION for security/openssl ABI bump.

Revision 1.31 / (download) - annotate - [select for diffs], Sun Oct 19 22:27:47 2014 UTC (8 years, 3 months ago) by alnsn
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)

Revbump after lang/lua51 update.

Revision 1.30 / (download) - annotate - [select for diffs], Sat May 3 13:01:24 2014 UTC (8 years, 9 months ago) by alnsn
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.29: +8 -6 lines
Diff to previous 1.29 (colored)

Adapt to Lua multiversion support.

Revision 1.29 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:31 2014 UTC (8 years, 11 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.28: +2 -1 lines
Diff to previous 1.28 (colored)

Recursive PKGREVISION bump for OpenSSL API version bump.

Revision 1.28 / (download) - annotate - [select for diffs], Thu Feb 6 08:17:42 2014 UTC (8 years, 11 months ago) by obache
Branch: MAIN
Changes since 1.27: +10 -15 lines
Diff to previous 1.27 (colored)

Update ap-modsecurity2 to 2.7.7.

17 Dec 2013 - 2.7.7
-------------------
Fixes:

- Changed release version to 2.7.7
- Got the configure scripts inside the release tarball


16 Dec 2013 - 2.7.6
-------------------
Improvements:

- Organizes all Makefile.am - 1cde4d2dd9d96747536c1c25d06ba0677069477f
  Now using one file per line (sorted). This is the better way to handle it, since it reduces the possibility of merge conflicts.

- nginx: generates config file using configure input. - 351b9cc357d439e30ebd61d89a9e38ecf55c6827
  The nginx config file was looking for depedencies by its own, by doing that it was ignoring the options that were passed to configure script. This commit deletes this config file and adds a meta-config which is populated by configure whenever the standalone-module is enabled.

- nginx: adds lua support - da16d9e5d51d4ef8734687514a4e1368e7fb4284

- iis: Cosmetics fixies on sqli. - 5046c8327ea21c69b4c0d0c0057c692b05b09fef
  This is needed to get it compiled with VS2011 on Windows8

- Regression tests: makes configuration compatible with 2.2 and 2.4 (try 2) - ae252ee8767069363906e5a611dff487b799b839

- nginx: Trying apxs and apxs2 while compiling nginx module - 65d9272fdc353e1263567b60604542d377d19672

- nginx: Trying apxs and apxs2 while compiling nginx module - 35fd75d859e4a8873b8843da1db13e04a1b08140

- macos: Using glibtoolize instead of libtoolize - 751a9f4e45213cd69f00c62c71edc9d7ad99b82d

- regression-tests: makes configuration compatible with 2.2 and 2.4 - 6fc4cac37ab1be8d1232140042b58fe4bd93ee17

- Regression test: get it working with apache 2.4 - e9813cd0d9bfc5b0c9aa5832634ec1b39b805108
  Changes in httpd.conf.in to get it working with apache 2.4

- Code cosmetics. - 7366f35c1d80772d739b35da8faa972f92a72b97
  Changed to reduce the number of possible fails during Build Bot compilation.

- iis: Waiting for 5 seconds before move curl directory - 9bf2959c919587ebc63f5a1b8c0785da8927bff5
  Testing buildbot.

- Redefines unixd_set_global_mutex_perms on tests - f70f6f4281b806627e0cf0dbb9c84ae5864bdb16
  Avoding conflicts with the standalone implementation

- Adds verbose quality check - 388943440cc9b8c6fdea09f5e365a2e5a3e792e2
  Vera++ and ccpcheck are not outputing to the stderr instead stdout allowing the buildbot to extract some numbers about it.

- Adds support for coding style and quality check - b77e90152d119609ac78a7028383c3b79898b2cf
  Initial effort to get the code on shape. This will be executed by the buildbots as soon as they get ready for it.

- iis: New improvements on the Wix installer - 2ea5a74a7bfb00f21312e51e48aa6dac03d84600
  * Now the installation is divided in modules: ModSecurity and CRS.
  * Added default configuration
  * Configuration was moved to "Program Files" folder
  * Build_msi script now using candle available in %PATH%

- iis: Removes the installer helper dependency - 1a12648c9f6028f251af0f03c889397c7954b74c
  Now using appcmd directly with WiX instead of calling the installer helper.

- iis: Remove readme.html - 550d5aae21cba696cac1ce75ab8113e5255d5a59
  This HTML is about "Creating a Native Module for IIS7" not straight related to ModSecurity itself.

- iis: Adds batch script to compile Wix - a2c5fc831baf0b324ebb66b0f878dacf1ec2f808
  This batch script can be used to generate our msi installer.

- iis: Adds Wix installer resources - 3604763e15a665eb7a6ecae1f7e7c65cebbb1d17
  This is all about cosmetic changes.

- iss: Removes Post-Build event. - 28bbde1bb218b004654cb865fc8563d69b848dc2
  There was a copy on Post-Build event using a hard coded path. This patch removes this Post-Build event.

- iis: Relative paths on the VS project file - 368617ddb2443f9b6036f80a648d467d07c9a054
  There are a ModSecurityIIS solution and project files, those were using hard coded paths to meet the dependencies. As consequence of the last update in our build scripts, now we are able to built the dependencies and load it to our Visual Studio project using relative paths.

- iis: Adds release script - 9477118903861ce80c4c27cb581bf3462315e98e

- iis: fixies the Installer.cpp coding style - 79875b1af8e8571098345b91557bab9c06eb7c88

- iis: Removes AppWizard remade file - 91738f93bcc82b6ab756c550a66b6cf6af2fa9f8
  Apparently the AppWizard was used to generate part of this Installer, the ReadMe.txt created by the AppWizard was removed by this commit

- iss: Removes pre-compiled headers - adfbeb85dcfa9466b72eebb8d1bd8eb7728bab79
  No need to use the pre-compiled headers in InstallerHelper, removing it, in order to keep the project lean.

- iis: Moves installer to InstallerHelper - 6adf25667dd4bfa33010bd6d8ae3d35046a69967
  To organize the folder the Installer application was renamed to installer helper. It is not the real installer, it is just an helper which is executed during the installation phase.

- iss: Removes fart dependencies - 8c3b8d81b613aaa38f28472af1eb26c90c7fc9da
  This commit removes the dependency of the fart.exe utility. The utility was responsible to rename contents inside some dependencies build files. Those modifications are not longer needed.

- iss: Better err handling in build scripts. - 192599bf63b6ae5aa08e4536a90d5d0a17f969f7
  Now checking for errors in every step of the build phase

- iis: Moves build_module.bat to build_modsecurity.bat - e25c6b2e85ced7beba4d41867dbdf30e9c1286d3
  The build_modsecurity.bat is now on the iis sub-directory, not in the dependencies anymore. Its content was also changed fixing all the paths.


- iis: Identifies arch before unzip apache - cf5de78dfb9fffd21edf17af9e1db8f2fd83c804
  Currently we need the Apache binary which could be used in 32 or 64 bits. This patch makes usage of 'cl' to identify which architecture is set.

- iis: Renamves winbuild to dependencies - 1447766e816a896e88c9c8f053fcc3f62797bac1
  Since the directory becomes all about dependencies there is no need to call it winbuild anymore.

- iis: Removes unnecessary files from winbuild dir - 9f8cbf6ed8034ba42aa4967699308df09864fd18
  Those .mak files seems to be part of an old build system. Since the script are now working fine, this commit removes all those .mac files and also a CMakeList.txt and the Makefile.win.

- iis: Improves the iis build system - b277e538f28c87c81c1b50925dd8b82996b88294
  Now checking for common errors while building. Refactoring on the build scripts, now there is this build_dependencies.bat script on the iis sub-folder. By calling this script all the dependencies should be build under the winbuild/. This commit also removes build scripts that were not needed anymore.

- iis: Fixes the vcxproj file - a946a163f0ad822c760af80ca32dda61f0e6b2a9
  Versions of the dependencies were changed, as long as the version of the Visual Studio, now 12.

- iis: Removes unecessary files from the build system - 26738d2e34bcc7620047bd23180e0e26a64c71ee
  The following files were removed:
  * VCVarsQueryRegistry.bat
  * vcvars64.bat
  * vsvars32.bat
The visual studio files can be called direcltly, not necessary to distribute those files, at least in VS12.

- iss: Changes httpd version 2.4.6 - 0a772cb0748aa51a01800e0473309b9de792b456
  Apache version was changed to 2.4.6 to sync with the current apache lounge version.

- iis: Changes the version of the dependencies - 3e6fb41d36b7a5e98a55d8f52b88b29d1bd50b64
  * pcre from 8.30 to 8.33
  * zlib from 1.2.7 to 1.2.8
  * libxml2 from 2.7.7 to 2.9.1
  * curl from 7.24 to 7.33.0

- Removes standalone/Makefile.in - e3c19d53d23c48fea337aae76a87b2a85c36a1f1
  Makefile.in is recommended to be in the repository whenever it is edit manually, in our case the automatically generated Makefile.in is ok.


Bug Fixes:

- test: Avoids conflict of fuctions definition - cef72855e4106ce29e1d39103ebf9eb9ab28f17e

- test: Makes the unit tests to work again - cc982ae42ec86c79a67be1a01c6ee35fb06c272c
  The unit tests was not working due to lack update. This patch adds the necessary stuff to have it work again.

- iis: Avoids directory link while building - ad330a44bfa39430cf6340cb52971568cccdf1d6
  Build scripts was creating links allowing the project to be loaded into Visual Studio without care about the dependencies versions. Sometimes windows refuse to delete those links leading the script to fail. This patch moves the sources directories instead of create links to it.

- QA: Avoids the utilization of 3rd filedescriptor - 69c5ccac662f4e11a6eefd54a3e912583c067b9d
  No need to use a 3rd description on the quality check scripts. Stderr is now redirected to stdout and filtered as needed.

- Supports WarningCountingShellCommand in cppcheck and vera - baaf502363e68c3240b60adb7f7c91f5b4f0ba03
  WarningCountingShellCommand allow us to have some measurements on the buildbot waterfall.

- iis: Using base_rules instead of activated_rules - 7b1537058fa451e0df7098cd907ef19f04102f9d

- iis: Fix inet_pton build problem - a4202146b8d26b6615bbab986383fe0afae60d77
  There is a function named inet_pton on windows API, with different signature. This patch just override the windows function and point the inet_pton to our implementation.

- iis: Adds Wix installer xml file.c - b32cb7d9ab397160f0154aa4bd4e9638658b41e6
  This commit adds the Wix template to our git repository.

- iis: build_modsecurity.bat fixies - 7e03e3f840375ed682c35a5bb67932461cc77013
  This commit enable a cleanup on the mod_security build directory avoiding symbols with different architectures.

- iis: Fix mlogc build on windows - 9b7663fa79377a0685130a019916d810f31e7478
  The libcurl path was not pointing to the correct directory

- Fix #154, Uses addn instead of apr_table_setn - 1734221d9d3a78f9aafd68e35717da9ee1a4fe51
  The headers are represented in the format of an apr_table, which is able to handle elements with the same key, however the function apr_table_setn checks if the key exists before add the element, if so it replaces the old value with the new one. This was making our implementation to just keep the last added Cookie. The apr_table_addn function, which is now used, just add a new item without check for olders one.

- Merge pull request #579 from zimmerle/revert_139 - 61e54f2067ae760808359926ff91d57275df1aac
  Revert merge request #139

- Revert "Merge pull request #139 from chaizhenhua/remotes/trunk" - 7f7d00fa2c364716691df1b45779304b24a0debb
  This reverts commit 10fd40fb0d06f6c577d870b6f15d2f6e2a3a5b1b, reversing changes made to 414033aafa94cd50c9b310afd3f164740caccc94.

- Merge pull request #578 from client9/remotes/trunk - b0c3977845f60747b15ae10531b7d20355a22627
  libinjection sync to v3.8.0

- libinjection sync - a5f175d79fac1e69124da4e1e227b622e7e233d7

- Merge pull request #152 from client9/remotes/trunk - 88ebf8a0bdbc4db1be76f3a2e70df77cc52a5925
  Sync to libinjection v3.7.1

- libinjection sync - fcb6dc13ed6efb066fb9b70405eecab8b83a2d96

- libinjection sync - f52242a013f301ca5c17e59b662124833cb7cc6d

- Merge pull request #148 from zimmerle/bugfix_charset_missing_string_terminator - b76e26d81ddafc2b99bffad53d1426f8fd33080a
  Bugfix: missing string terminator while mounting the charset (nginx)

- Bugfix: missing string terminator while mounting the charset (nginx) - ff19dcd5c53d4af61d0a9397d4616f47f80ee207
  The charset in headers is mounted using ngx_snprintf which does not place the string terminator. This patch adds the terminator at the end of the string. The size was correctly allocated, just missing the terminator.

- Merge pull request #141 from client9/remotes/trunk - 9a630eea23a7ead4e77617c86dc937fd7a421a57
  libinjection sync to v3.6.0

- libinjection sync - 11217207e8f2e0cf15742273836399866971071a

- Fix Chunked string case sensitive issue - CVE-2013-5705 - f8d441cd25172fdfe5b613442fedfc0da3cc333d

- Revert "Fix Chuncked string case sensitive issue" - 3901128f17e0763ac1a260106b79859d2aad6d90
  This reverts commit 16a815a3c2735f62238ef99af26090a2b8430d3d.

- Fix Chuncked string case sensitive issue - 16a815a3c2735f62238ef99af26090a2b8430d3d

- Merge pull request #139 from chaizhenhua/remotes/trunk - 10fd40fb0d06f6c577d870b6f15d2f6e2a3a5b1b
  Fixed fd leackage after reload

- Merge pull request #138 from client9/remotes/trunk - 414033aafa94cd50c9b310afd3f164740caccc94
  libinjection sync

- Fixed fd leackage after reload - e0993fcd7a166ce9e1a279a47d050af1311d9001

- libinjection sync - 2268626c20260e88cab9b7830f8a06101fa7172a

- Fix logical disjunction and conjunction issues - 7e0a9ecf7d492e85650671a0cfcfd53e5f15df2c


23 Jul 2013 - 2.7.5
-------------------
Improvements:

    * SecUnicodeCodePage is deprecated. SecUnicodeMapFile now accepts the code page as a second parameter.

    * Updated Libinjection to version 3.4.1. Many improvements were made.

    * Severity action now supports strings (emergency, alert, critical, error, warning, notice, info, debug).

Bug Fixes:

    * Fixed utf8toUnicode tfn null byte conversion.

    * Fixed NGINX crash when issue reload command.

    * Fixed flush output buffer before inject modified hashed response body.

    * Fixed url normalization for Hash Engine.

    * Fixed NGINX ap_unixd_set_global_perms_mutex compilation error with apache 2.4 devel files.

Security Issues:

10 May 2013 - 2.7.4
-------------------
Improvements:

    * Added Libinjection project http://www.client9.com/projects/libinjection/ as a new operator @detectSQLi. (Thanks Nick Galbreath).

    * Added new variable SDBM_DELETE_ERROR that will be set to 1 when sdbm engine fails to delete entries.

    * NGINX is now set to STABLE. Thanks chaizhenhua and all the people in community who help the project testing, sending feedback and patches.

Bug Fixes:

    * Fixed SecRulePerfTime storing unnecessary rules performance times.

    * Fixed Possible SDBM deadlock condition.

    * Fixed Possible @rsub memory leak.

    * Fixed REMOTE_ADDR content will receive the client ip address when mod_remoteip.c is present.

    * Fixed NGINX Audit engine in Concurrent mode was overwriting existing alert files because a issue with UNIQUE_ID.

    * Fixed CPU 100% issue in NGINX port. This is also related to an memory leak when loading response body.

Security Issues:

    * Fixed Remote Null Pointer DeReference (CVE-2013-2765). When forceRequestBodyVariable action is triggered and a unknown Content-Type is used,
      mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI).

28 Mar 2013 - 2.7.3
-------------------

  * Fixed IIS version race condition when module is initialized.

  * Fixed IIS version failing config commands in libapr.

  * Nginx version is now RC quality. The rule engine should works for all phases.
    We fixed many issues and missing features (for more information please check jira).
    Code is running well with latest Nginx 1.2.7 stable.
    Thanks chaizhenhua for your help.

  * Added MULTIPART_NAME and MULTIPART_FILENAME. Should be used soon by CRS
    and will help prevent attacks using multipart data.

  * Added --enable-htaccess-config configure option. It will allow the follow directives
    to be used into .htaccess files when AllowOverride Options is set:

        - SecAction
        - SecRule

        - SecRuleRemoveByMsg
        - SecRuleRemoveByTag
        - SecRuleRemoveById

        - SecRuleUpdateActionById
        - SecRuleUpdateTargetById
        - SecRuleUpdateTargetByTag
        - SecRuleUpdateTargetByMsg

  * Improvements in the ID duplicate code checking. Should be faster now.

  * SECURITY: Added SecXmlExternalEntity (On|Off - default it Off) that will disable
    by default the external entity load task executed by LibXml2. This is a security issue
    [CVE-2013-1915] reported by Timur Yunusov, Alexey Osipov (Positive Technologies).

21 Jan 2013 - 2.7.2
-------------------

  * IIS version is now stable.

  * Fixed IIS version does not pass through POST data to ASP.NET when SecRequestBodyAccess
    is set to On (MODSEC-372).

  * Fixed IIS version HTTP Request Smuggling protection does not work (MODSEC-344).

  * Fixed IIS version PHP Injection Attack (958976) protection does not work (MODSEC-346).

  * Fixed IIS version Request limit protections are not working (MODSEC-349).

  * Fixed IIS version Outbound protections are not working (MODSEC-350).

  * Added IIS version better installer.

  * NGINX version removed ModSecurityPassCommand (Thanks chaizhenhua).

  * Fixed NGINX version ngx_http_read_client_request_body returned unexpected buffer type (Thanks chaizhenhua).

  * Fixed NGINX version INCS config directories on fedora (Thanks chaizhenhua).

  * Added NGINX version Added drop action for nginx (Thanks chaizhenhua).

  * Fixed bug in cpf_verify operator (Thanks Hideaki Hayashi).

  * Fixed build modsecurity under Arch Linux.

  * Fixed make test crashing when JIT pcre is enabled.

  * Fixed better cookie separator detection code.

  * Fixed mod_security displaying wrong ip address in error.log using apache 2.4 and mod_remoteip.

  * Fixed mod_security was not compiling when use apr without ipv6 support.

  * Fixed mod_security was not compiling when use lua 5.2.

  * Fixed issue when execute make install under Solaris.

  * Fixed ipmatchf operator was not working as expected.

01 Nov 2012 - 2.7.1
-------------------

  * Changed "Encryption" name of directives and options related to hmac feature to "Hash".

    SecEncryptionEngine       to SecHashEngine
    SecEncryptionKey          to SecHashKey
    SecEncryptionParam        to SecHashParam
    SecEncryptionMethodRx     to SecHashMethodRx
    SecEncryptionMethodPm     to SecHashMethodPm
    @validateEncryption       to @validateHash
    ctl:EncryptionEnforcement to ctl:HashEnforcement
    ctl:EncryptionEngine      to ctl:HashEngine

  * Added a better random bytes generator using apr_generate_random_bytes() to create
    the HMAC key.

  * Fixed byte conversion issue during logging under Linux s390x platform.

  * Fixed compilation bug with LibXML2 2.9.0 (Thanks Athmane Madjoudj).

  * Fixed parsing error with modsecurity-recommended.conf and Apache 2.4.

  * Fixed DROP action was disabled for Apache 2 module by mistake.

  * Fixed bug when use ctl:ruleRemoveTargetByTag.

  * Fixed IIS and NGINX modules bugs.

  * Fixed bug when @strmatch patterns use invalid escape sequence (Thanks Hideaki Hayashi).

  * Fixed bugs in @verifySSN (Thanks Hideaki Hayashi).

  * The doc/ directory now contains the instructions to access online documentation.

15 Oct 2012 - 2.7.0
-------------------

  * Fixed Pause action should work as a disruptive action (MODSEC-297).

  * Fixed Problem loading mod_env variables in phase 2 (MODSEC-226).

  * Fixed Detect cookie v0 separator and use it for parsing (MODSEC-261).

  * Fixed Variable REMOTE_ADDR with wrong IP address in NGINX version (MODSEC-337).

  * Fixed Errors compiling NGINX version.

  * Added Include directive into standalone module. IIS and NGINX module should
    support Include directive like Apache2.

  * Added MULTIPART_INVALID_PART flag. Also used in rule id 200002 for multipart strict
    validation. https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20121017-0_mod_security_ruleset_bypass.txt).

  * Updated Reference Manual.

25 Sep 2012 - 2.6.8
-------------------

  * Fixed ctl:ruleRemoveTargetByID order issue (MODSEC-333). Thanks to Armadillo Dasypodidae.

  * Fixed variable HIGHEST_SEVERITY incorrectly gets reset in a chain rule (MODSEC-315). Thanks to Valery Reznic.

10 Sep 2012 - 2.7.0-rc3
-------------------

 * Fixed requests bigger than SecRequestBodyNoFilesLimit were truncated even engine mode was detection only.

 * Fixed double close() for multipart temporary files (Thanks Seema Deepak).

 * Fixed many small issues reported by Coverity Scanner (Thanks Peter Vrabek).

 * Fixed format string issue in ngnix experimental code. (Thanks Eldar Zaitov).

 * Added ctl:ruleRemoveTargetByTag/Msg and removed ctl:ruleUpdateTargetByTag/Msg.

 * Added IIS and Ngnix platform code.

 * Added new transformation utf8toUnicode.

23 Jul 2012 - 2.6.7
-------------------

 * Fixed explicit target replacement using SecUpdateTargetById was broken.

 * The ctl:ruleUpdateTargetById is deprecated and will be removed for future versions since
   there is no safe way to use it per-request.

 * Added ctl:ruleRemoveTargetById that can be used to exclude targets to be processed per-request.

22 Jun 2012 - 2.7.0-rc2
-------------------

 * Fixed compilation errors and warnings under Windows platform.

 * Fixed SecEncryptionKey was not working as expected.

08 Jun 2012 - 2.7.0-rc1
-------------------

 * Added SecEncryptionEngine. Initial crypt engine support, at the momment it will sign some Html
   and Response Header options.

 * Added SecEncryptionKey to define the a rand or static key for crypt engine.

 * Added SecEncryptionParam to define the new parameter name.

 * Added SecEncryptionMethodRx used with a regular expression to inspect the html in response
   body/header and decide what to protect.

 * Added SecEncryptionMethodPm used with multiple or single strings to inspect the html in response
   body/header and decide what to protect.

 * Added ctl encryptionEngine as a per transaction version of SecEncryptionEgine diretive.

 * Added ctl encryptionEnforcement that will allow the engine to sign the data but the enforcement is
   disabled.

 * Added validateEncryption operator to enforce the signed elements.

 * Added rsub operator supports the syntax |hex| allowing users to use special chars like \n \r.

 * Added SecRuleUpdateTargetById now supports id range.

 * Added SecRuleUpdateTargetByMsg and its ctl version (Thanks Scott Gifford).

 * Added SecRuleUpdateTargetByTag and its ctl version (Thanks Scott Gifford).

 * Added SecRulePerfTime when greater than zero it will fill rule id's execution time into PERF_RULE
   and log id=usec information in the new Perf-rule-info: line in part H.

 * Added PERF_RULES variable that contains rule execution time.

 * Added Engine-mode: section in part H.

 * Added ruleRemoveByMsg ctl version.

 * Added removeCommentsChar and removeComments now can work with <!-- --> style.

 * Added SecArgumentSeparator and SecCookieFormat can be used in different scope locations.

 * Added Rules must have ID action and must be numeric.

 * Added The use of tfns are deprecated in SecDefaultAction. Should be forbid in the future.

 * Added Macro expansion support to the action pause.

 * Added IpmatchFromFile/IpmatchF operator.

 * Added New setrsc action, the RESOURCE collection used SecWebAppId Name Space

 * Added Configure option --enable-cache-lua that allows reuse of Lua VM per transaction.
   It will only take any effect when ModSecurity has multiple scripts to run per transaction.

 * Added Configure option --enable-pcre-jit that allows ModSecurity regex engine to use PCRE Jit support.

 * Added Configure option --enable-request-early that allows ModSecurity run phase 1 in post_read_request hook.

 * Added RBL operator now support the httpBl api (http://www.projecthoneypot.org/httpbl_api.php).

 * Added SecHttpBlKey to be used with httpBl api.

 * Added SecSensorId will specify the modsecurity sensor name into audit log part H.

 * Added aliases to phase:2 (phase:request), phase:4 (phase:response) and phase:5 (phase:logging).

 * Added USERAGENT_IP variable. Created when Apache24 is used with mod_remoteip to know the real
   client ip address.

 ^ Added new rule metadata actions ver, maturity and accuracy. Also included into RULE collection.

 * Updated Reference manual into doc/ directory.

 * Fixed Variable DURATION contains the elapsed time in microseconds for compatible reasons with apache and
   other variables.

 * Fixed Preserve names/identity of the variables going into MATCHED_VARS.

 * Fixed Redirect macro expansion does not work in SecDefaultAction when SecRule uses block action.

 * Fixed rsub operator does not work as expect if regex contains parentheses (Thanks Jerome Freilinger).

 * Current Google Safe Browsing implementation is deprecated. Google changed the API and does not allow
   anymore the malware database for download.

08 Jun 2012 - 2.6.6
-------------------

 * Added build system support for KfreeBSD and HURD.

 * Fixed a multipart bypass issue related to quote parsing
   Credits to  Qualys Vulnerability & Malware Research Labs (VMRL).

20 Mar 2012 - 2.6.5
-------------------

 * Fixed increased a specific message debug level in SBDM code (MODSEC-293).

 * Cleanup build system.

09 Mar 2012 - 2.6.4
-------------------

 * Fixed Mlogc 100% CPU consume (Thanks Klaubert Herr and Ebrahim Khalilzadeh).

 * Fixed ModSecurity cannot load session and user sdbm data.

 * Fixed updateTargetById was creating rule unparsed content making apache memory grow.

 * Code cleanup.

23 Feb 2012 - 2.6.4-rc1
-------------------

 * Fixed @rsub adding garbage data into stream variables.

 * Fixed regex for section A into mlogc-batch-load.pl (Thanks Ebrahim Khalilzadeh).

 * Fixed logdata cuts message without closing it with final chars.

 * Added sanitizeMatchedBytes support to verifyCPF, verifyCC and verifySSN.


06 Dec 2011 - 2.6.3-rc1
-------------------

* Fixed MATCHED_VARS does not correctly handle multiple VARS with the same name.

* Fixed SDBM garbage collection was not working as expected, increasing the size of files.

* Fixed wrong timestamp calculation for some time zones in log files.

* Fixed SecUpdateTargetById failed to load multiple VARS (MODSEC-270).

* Fixed Reverted hexDecode for hexEncode compatibility reason.

* Added SecCollectionTimeout to set collection timeout, default is 3600.

* Added sqlHexDecode transformation to decode sql hex data. Thanks Marc Stern.

30 Sep 2011 - 2.6.2
-------------------

 * Fixed hexDecode test during make.

 * Updated the reference manual into doc/ directory.

5 Sep 2011 - 2.6.2-rc1
-------------------

 * Added support to macro expansion for rx operator.

 * Added new transformations removeComments and removeCommentsChars

 * Fixed colletion names are not case-sensitive anymore.

 * Fixed compilation errors with apache 2.0.

 * Fixed build system was not using some libraries CFLAGS.

 * Fixed check for valid hex values into hexDecode transformation.

 * Fixed ctl:ruleUpdateTargetById appending multiple targets.

18 Jun 2011 - 2.6.1
-------------------

 * Updated the reference manual into doc/ directory.

11 Jul 2011 - trunk
-------------------

 * Add HttpBl support to rbl operator.

30 Jun 2011 - 2.6.1-rc1
-------------------

 * Fixed SecUploadFileMode doesn't work with the new build system.

 * Fixed building with Lua library (Thanks Diego Elio).

 * Fixed some ./configure --enable* features not being enabled in compilation time.

 * Improvements on GSB database add/search operations.

 * Log part K was removed from modsecurity.conf-recommended.

 * Added SecUnicodeMapFile directive. Must be use to load the unicode.mapping file.

 * Added SecUnicodeCodePage directive. Used to define the unicode code page. There are a few already available:

    1250  (ANSI - Central Europe)
    1251  (ANSI - Cyrillic)
    1252  (ANSI - Latin I)
    1253  (ANSI - Greek)
    1254  (ANSI - Turkish)
    1255  (ANSI - Hebrew)
    1256  (ANSI - Arabic)
    1257  (ANSI - Baltic)
    1258  (ANSI/OEM - Viet Nam)
    20127 (US-ASCII)
    20261 (T.61)
    20866 (Russian - KOI8)
    28591 (ISO 8859-1 Latin I)
    28592 (ISO 8859-2 Central Europe)
    28605 (ISO 8859-15 Latin 9)
    37    (IBM EBCDIC - U.S./Canada)
    437   (OEM - United States)
    500   (IBM EBCDIC - International)
    850   (OEM - Multilingual Latin I)
    860   (OEM - Portuguese)
    861   (OEM - Icelandic)
    863   (OEM - Canadian French)
    865   (OEM - Nordic)
    874   (ANSI/OEM - Thai)
    932   (ANSI/OEM - Japanese Shift-JIS)
    936   (ANSI/OEM - Simplified Chinese GBK)
    949   (ANSI/OEM - Korean)
    950   (ANSI/OEM - Traditional Chinese Big5)

    Also mapping some extra unicode chars defined at http://tools.ietf.org/html/rfc3490#section-3.1

 * Fixed SecRequestBodyLimit was truncating the real request body.

18 May 2011 - 2.6.0
-------------------

 * Added SecWriteStateLimit for Slow Post DoS mitigation.

 * Fix problem when buffering in input filter.

 * Fix memory leak when use MATCHED_VAR_NAMES.


2 May 2011 - 2.6.0-rc2
-------------------

 * Added code optimizations - thanks Diego Elio.

 * Added support to AIX and HPUX in the build system (untested).

 * Renamed decodeBase64Ext to base64DecodeExt.

 * Build system improvements - thanks Diego Elio.

 * Improvements on gsblookup parser.

 * Fixed input filter bug when upload files and SecStreamInBodyInspect is enabled.

 * Logging improvements and bug fix.

 * Remove extra useless files when make clean and maintainer-clean

18 Apr 2011 - 2.6.0-rc1
-------------------

 * Replaced previous GPLv2 License to Apachev2.

 * Added Google Safe Browsing lookups operator and directive. It should be
   used to extract and lookup urls from http packets.

 * Added Data Modification operator. It must be used with STREAM_* variables
   to replace/add/edit any data from http bodies.

 * Added STREAM_OUPUT_BODY and STREAM_INPUT_BODY variables to work with data
   modification operators.

 * Added fast ip address operator. It supports partial ip address, cidr for
   IPv4 and IPv6. Thanks Tom Donovan.

 * Added new sensitive data tracking verifyCPF and verifySSN.

 * Added MATCHED_VARS and MATCHED_VARS_NAMES. It is similiar to MATCHED_VAR,
   but now we should see all matched variables.

 * Added UNIQUE_ID variable. It holds the data created my mod_unique_id.

 * Added new tranformation cmdline. Thanks Marc Stern.

 * Added new exception handling operators and directives. It should help users
   reduce FN and FPs. The directives SecRuleUpdateTargetById, SecRuleRemoveByTag
   and its ctl actions were included.

 * Added SecStreamOutBodyInspection and SecStreamInBodyInspection to enable STREAM_*
   variables.

 * Added SecGsbLookupDB used to load Google Safe Browsing malware databse into
   memory.

 * Added the directive SecInterceptOnError to control what to do if a rule returns
   values less than zero.

 * Improvements in DetectionOnly engine mode. Also added SecRequestBodyLimitAction
   to control what to do if the engine receive a http request over a hard limit.
   Note that there is now many combinations with SecRuleEngine and the limit action
   directives for response and request data. Please see the reference manual.

 * Improvements under RBL operator. It now will parse return code values for some
   RBL lists.

 * Added new Log Part J. It should log some informations about uploaded files.

 * Added new sanitizeMatchedBytes action. It will give more flexibilty for user to sanitize
   logged data, also improving peformance when sanitize big amount of data.

 * Improvements on Logging phase. It is possible now see full chains, distinguish between
   simple rules, chain starters and chain nodes.

 * Improvements on AutoTools usage.

 * Improvements on pattern matching operators, pmf, pm and strmatch now supports more flexible
   input data allowing any kind of special char.

 * Improvements on SecRuleUpdateActionById to update chain nodes.

 * Many bugs were fixed. Please see the ModSecurity Jira for more details


19 Mar 2010 - trunk
-------------------

 * Added SecDisableBackendCompression, which disabled backend compression
   while keeping the frontend compression enabled (assuming mod_deflate
   in installed and configured in the proxy). [Ivan Ristic]

 * Added REQUEST_BODY_LENGTH, which contains the number of request body
   bytes read. [Ivan Ristic]

 * Integrate with mod_log_config using the %{VARNAME}M format string.
   (MODSEC-108) [Ivan Ristic]

 * Replaced the previous time-measuring mechanism with a new one, which
   provides the following information: request time, request duration,
   phase duration (for all 5 phases), time spent dealing with persistent
   storage, and time spent on audit logging. The new information is now
   available in the Stopwatch2 audit log header. The Stopwatch header
   remains for backward compatiblity, although it now only includes
   the request time and request duration values. Added the following
   variables: PERF_COMBINED, PERF_PHASE1, PERF_PHASE2, PERF_PHASE3,
   PERF_PHASE4, PERF_PHASE5, PERF_SREAD, PERF_SWRITE, PERF_LOGGING,
   PERF_GC. [Ivan Ristic]

 * Added DURATION, which contains the time ellapsed since the beginning
   of the current transaction, in milliseconds. [Ivan Ristic]

 * Adjusted phase 5 to execute just prior to mod_log_config. This should
   allow phase 5 rules to to implement conditional logging, as well as
   pave support for allowing access to all ModSecurity variables from
   mog_log_config. [Ivan Ristic]

 * Added the URLENCODED_ERROR flag, which is raised whenever invalid URL
   encoding is encountered in the query string or in the request body
   (but only if URLENCODED request body processor is used). (MODSEC-111)
   [Ivan Ristic]

 * Removed the obsolete PDF UXSS functionality. (MODSEC-96) [Ivan Ristic]

 * Renamed normalisePath to normalizePath and normalisePathWin to
   normalizePathWin. Kept the previous names for backward compatibility.
   (MODSEC-103) [Ivan Ristic]

 * Moved phase 1 to be run in the same Apache hook as phase 2. This means
   that you can now have phase 1 rules in <Location> tags and, more
   importantly, override server configuration in <Location> and others.
   (MODSEC-98) [Ivan Ristic]

 * Renamed the sanitise family of actions to sanitize. Kept the old variants
   for backward compatibility. (MODSEC-95) [Ivan Ristic]

 * Improve the logging of the ctl action. (MODSEC-99) [Ivan Ristic]

 * Cleanup build files that were from the Apache source.

Revision 1.27 / (download) - annotate - [select for diffs], Wed Nov 13 22:53:10 2013 UTC (9 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)

Force Lua 5.1.

Revision 1.26 / (download) - annotate - [select for diffs], Wed Oct 30 06:49:54 2013 UTC (9 years, 3 months ago) by dholland
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

Bump PKGREVISION of packages whose Lua depends changed form, but whose
own PKGNAME is unchanged.

Revision 1.25 / (download) - annotate - [select for diffs], Thu Jul 4 21:27:58 2013 UTC (9 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)

Revbump after updating lang/lua to 5.2.2.

Revision 1.24 / (download) - annotate - [select for diffs], Wed Feb 6 23:23:34 2013 UTC (9 years, 11 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)

PKGREVISION bumps for the security/openssl 1.0.1d update.

Revision 1.23 / (download) - annotate - [select for diffs], Sun Dec 16 01:52:31 2012 UTC (10 years, 1 month ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

recursive bump from cyrus-sasl libsasl2 shlib major bump.

Revision 1.22 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:21 2012 UTC (10 years, 3 months ago) by asau
Branch: MAIN
Changes since 1.21: +1 -3 lines
Diff to previous 1.21 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.21 / (download) - annotate - [select for diffs], Thu Jun 14 07:45:23 2012 UTC (10 years, 7 months ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

Recursive PKGREVISION bump for libxml2 buildlink addition.

Revision 1.20 / (download) - annotate - [select for diffs], Sat Mar 3 00:13:51 2012 UTC (10 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

Recursive bump for pcre-8.30* (shlib major change)

Revision 1.19 / (download) - annotate - [select for diffs], Fri Nov 25 22:18:11 2011 UTC (11 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

Wants APU, so no apache2

Revision 1.18 / (download) - annotate - [select for diffs], Fri Apr 22 14:40:45 2011 UTC (11 years, 9 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored)

recursive bump from gettext-lib shlib bump.

Revision 1.17 / (download) - annotate - [select for diffs], Sat Mar 19 21:18:06 2011 UTC (11 years, 10 months ago) by dholland
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1
Changes since 1.16: +24 -16 lines
Diff to previous 1.16 (colored)

Update ap-modsecurity2 to 2.5.13, partly from Matthew Sporleder in
PR 44745, rest by me.

pkgsrc changes:
   - fix up deps
   - fix Apache module handling
   - DESTDIR support

XXX: The DESTDIR support has to bypass apxs because as far as I can tell
XXX: apxs -i doesn't know how to handle DESTDIRs. Various Apache modules
XXX: do this in various different ways. Someone(TM) should teach apxs -i
XXX: about DESTDIRs and fix up all the abuse. The infrastructure for
XXX: Apache modules could use some rototilling as well.

29 Nov 2010 - 2.5.13
--------------------

 * Cleaned up some mlogc code and debugging output.

 * Remove the ability to use a relative path to a piped audit logger
   (i.e. mlogc) as Apache does not support it in their piped loggers
   and it was breaking Windows and probably other platforms that
   use spaces in filesystem paths.  Discovered by Tom Donovan.

 * Fix memory leak freeing regex.  Discovered by Tom Donovan.

 * Fix some portability issues on Windows.

 * Fixed Geo lookup concurrent connections bug

 * Fixed Skip/SkipAfter chain bug

 * Added new setvar Lua API to be used into Lua scripts

 * Added PCRE messages indicates each rule that exceed match limits

 * Added new Base64 transformation function called base64DecodeEx, which
   can decode base64 data skipping special characters.

 * Add SecReadStateLimit to limit the number of concurrent threads in BUSY connections per ip address

 * Fixed redirect action was not expanding macros in chained rules



04 Feb 2010 - 2.5.12
--------------------

 * Fixed SecUploadFileMode to set the correct mode.

 * Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions.

 * Added additional file info definitions introduced in APR 0.9.5 so that
   build will work with older APRs (IBM HTTP Server v6).

 * Added SecUploadFileLimit to limit the number of uploaded file parts that
   will be processed in a multipart POST.  The default is 100.

 * Fixed path normalization to better handle backreferences that extend
   above root directories.  Reported by Sogeti/ESEC R&D.

 * Trim whitespace around phrases used with @pmFromFile and allow
   for both LF and CRLF terminated lines.

 * Allow for more robust parsing for multipart header folding.  Reported
   by Sogeti/ESEC R&D.

 * Fixed failure to match internally set TX variables with regex
   (TX:/.../) syntax.

 * Fixed failure to log full internal TX variable names and populate
   MATCHED_VAR* vars.

 * Enabled PCRE "studying" by default.  This is now a configure-time option.

 * Added PCRE match limits (SecPcreMatchLimit/SecPcreMatchLimitRecursion) to
   aide in REDoS type attacks.  A rule that goes over the limits will set
   TX:MSC_PCRE_LIMITS_EXCEEDED.  It is intended that the next major release
   of ModSecurity (2.6.x) will move these flags to a dedicated collection.

 * Reduced default PCRE match limits reducing impact of REDoS on poorly
   written regex rules.  Reported by Sogeti/ESEC R&D.

 * Fixed memory leak in v1 cookie parser.  Reported by Sogeti/ESEC R&D.

 * Now support macro expansion in numeric operators (@eq, @ge, @lt, etc.)

 * Update copyright to 2010.

 * Reserved 700,000-799,999 IDs for Ivan Ristic.

 * Fixed SecAction not working when CONNECT request method is used
   (MODSEC-110). [Ivan Ristic]

 * Do not escape quotes in macro resolution and only escape NUL in setenv
   values.


04 Nov 2009 - 2.5.11
--------------------

 * Added a new multipart flag, MULTIPART_INVALID_QUOTING, which will be
   set true if any invalid quoting is found during multipart parsing.

 * Fixed parsing quoted strings in multipart Content-Disposition headers.
   Discovered by Stefan Esser.

 * Cleanup persistence database locking code.

 * Added warning during configure if libcurl is found linked against
   gnutls for SSL.  The openssl lib is recommended as gnutls has
   proven to cause issues with mutexes and may crash.

 * Cleanup some mlogc (over)logging.

 * Do not log output filter errors in the error log.

 * Moved output filter to run before other stock filters (mod_deflate,
   mod_cache, mod_expires, mod_filter) to avoid analyzing modified data
   in the response.  Patch originally submitted by Ivan Ristic.



18 Sep 2009 - 2.5.10
--------------------

 * Cleanup mlogc so that it builds on Windows.

 * Added more detailed messages to replace "Unknown error" in filters.

 * Added SecAuditLogDirMode and SecAuditLogFileMode to allow fine tuning
   auditlog permissions (especially with mpm-itk).

 * Cleanup SecUploadFileMode implementation.

 * Cleanup build scripts.

 * Fixed crash on configuration if SecMarker is used before any rules.

 * Fixed SecRuleUpdateActionById so that it will work on chain starters.

 * Cleanup build system for mlogc.

 * Allow mlogc to periodically flush memory pools.

 * Using nolog,auditlog will now log the "Message:" line to the auditlog, but
   nothing to the error log.  Prior versions dropped the "Message:" line from
   both logs.  To do this now, just use "nolog" or "nolog,noauditlog".

 * Forced mlogc to use SSLv3 to avoid some potential auto negotiation
   issues with some libcurl versions.

 * Fixed mlogc issue seen on big endian machines where content type
   could be listed as zero.

 * Removed extra newline from audit log message line when logging XML errors.
   This was causing problems parsing audit logs.

 * Fixed @pm/@pmFromFile case insensitivity.


 * Truncate long parameters in log message for "Match of ... against ...
   required" messages.

 * Correctly resolve chained rule actions in logs.

 * Cleanup some code for portability.

 * AIX does not support hidden visibility with xlc compiler.

 * Allow specifying EXTRA_CFLAGS during configure to override gcc specific
   values for non-gcc compilers.

 * Populate GEO:COUNTRY_NAME and GEO:COUNTRY_CONTINENT as documented.

 * Handle a newer geo database more gracefully, avoiding a potential crash for
   new countries that ModSecurity is not yet aware.

 * Allow checking &GEO "@eq 0" for a failed @geoLookup.

 * Fixed mlogc global mutex locking issue and added more debugging output.

 * Cleaned up build dependencies and configure options.

Revision 1.16 / (download) - annotate - [select for diffs], Sat Mar 19 13:31:52 2011 UTC (11 years, 10 months ago) by obache
Branch: MAIN
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)

* additional missing clean up after removal of libxml option.
* pass to configure more preferred variables.

Revision 1.15 / (download) - annotate - [select for diffs], Mon Aug 31 07:19:44 2009 UTC (13 years, 5 months ago) by seb
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Fix build problem on Solaris with PKGSRC_COMPILER=sunpro and 'db4'
in PKG_OPTIONS.apr-util/PKG_DEFAULT_OPTIONS.

USE_LANGUAGES should be set before including mk/apache.mk as it
(may) ends up including mk/compiler.mk.
This last file sets a default value of 'c' to USE_LANGUAGES and
then uses it to set PKG_CC, PKG_CXX and PKG_FC to "fail wrappers".
Hence the C++ compiler command ends up being wrapped by a "fail
script" thus breaks the build.

Revision 1.14 / (download) - annotate - [select for diffs], Fri Jul 17 18:00:23 2009 UTC (13 years, 6 months ago) by adrianp
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

Give up MAINTAINER

Revision 1.13 / (download) - annotate - [select for diffs], Sat Mar 14 13:45:38 2009 UTC (13 years, 10 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.12: +8 -5 lines
Diff to previous 1.12 (colored)

Update to 2.5.9
 * Fixed PDF XSS issue where a non-GET request for a PDF file would crash the
   Apache httpd process.  Discovered by Steve Grubb at Red Hat.

 * Removed an invalid "Internal error: Issuing "%s" for unspecified error."
   message that was logged when denying with nolog/noauditlog set and
   causing the request to be audited.

 * Fixed parsing multipart content with a missing part header name which
   would crash Apache.  Discovered by "Internet Security Auditors"
   (isecauditors.com).

 * Added ability to specify the config script directly using --with-apr
   and --with-apu.

 * Updated copyright year to 2009.

 * Added macro expansion for append/prepend action.

 * Fixed race condition in concurrent updates of persistent counters.  Updates
   are now atomic.

 * Cleaned up build, adding an option for verbose configure output and making
   the mlogc build more portable.

Revision 1.12 / (download) - annotate - [select for diffs], Mon Feb 23 22:01:11 2009 UTC (13 years, 11 months ago) by adrianp
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)

Typo

Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 29 16:54:17 2009 UTC (14 years ago) by joerg
Branch: MAIN
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)

Needs libtool.

Revision 1.10 / (download) - annotate - [select for diffs], Sat Oct 25 15:59:27 2008 UTC (14 years, 3 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4
Changes since 1.9: +4 -2 lines
Diff to previous 1.9 (colored)

Also supports apache 2.2.x
PKGREVISION++

Revision 1.9 / (download) - annotate - [select for diffs], Sun Oct 12 12:50:17 2008 UTC (14 years, 3 months ago) by adrianp
Branch: MAIN
Changes since 1.8: +18 -29 lines
Diff to previous 1.8 (colored)

Update from 2.1.4->2.5.7
Use ./configure as one is now supplied
libmxl2 is no longer optional but curl is
Rename doc/eg dirs from ap-security to ap-modsecurity

* Allow for disabling request body limit checks in phase:1
* Now log XML parsing/validation warnings and errors to be in the debug log
  at levels 3 and 4, respectivly.
* Transformation caching has been deprecated, and is now off by default. We
  now advise against using transformation caching in production.
* Improve request body processing error messages.

Any many more . . . see CHANGES for all the details

Revision 1.8 / (download) - annotate - [select for diffs], Mon May 26 02:13:23 2008 UTC (14 years, 8 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.7: +4 -2 lines
Diff to previous 1.7 (colored)

Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.

Revision 1.7 / (download) - annotate - [select for diffs], Fri Jan 4 10:05:51 2008 UTC (15 years, 1 month ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1
Changes since 1.6: +2 -3 lines
Diff to previous 1.6 (colored)

Update to 2.1.4

27 Nov 2007 - 2.1.4
-------------------
* Updated included Core Ruleset to version 1.5 and noted in the docs that
XML support is required to use the rules without modification.
* Fixed an evasion FP, mistaking a multipart non-boundary for a boundary.
* Fixed multiple warnings on Solaris and/or 64bit builds.
* Do not process subrequests in phase 2-4, but do hand off the request data.
* Fixed a blocking FP in the multipart parser, which affected Safari.

11 Sep 2007 - 2.1.3
-------------------
* Updated multipart parsing code adding variables to allow checking
for various parsing issues (request body abnormalities).
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
* Quiet some compiler warnings.
* Do not block internal ErrorDocument requests after blocking request.
* Added ability to compile without an external API (use -DNO_MODSEC_API).

27 Jul 2007 - 2.1.2
-------------------
* Cleaned up and clarified some documentation.
* Update included core rules to latest version (1.4.3).
* Enhanced ability to alert/audit failed requests.
* Do not trigger "pause" action for internal requests.
* Fixed issue with requests that use internal requests.  These had the
potential to be intercepted incorrectly when other Apache httpd modules
that used internal requests were used with mod_security.
* Added Solaris and Cygwin to the list of platforms not supporting the hidden
visibility attribute.
* Fixed decoding full-width unicode in t:urlDecodeUni.
* Lessen some overhead of debugging messages and calculations.
* Do not try to intercept a request after a failed rule.  This fixes the
issue associated with an "Internal Error: Asked to intercept request
but was_intercepted is zero" error message.
* Added SecAuditLog2 directive to allow redundent concurrent audit log
index files.  This will allow sending audit data to two consoles, etc.
* Small performance improvement in memory management for rule execution.

Revision 1.6 / (download) - annotate - [select for diffs], Thu Dec 27 16:39:07 2007 UTC (15 years, 1 month ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)

Add a PCRE bl3 depends to fix builds (found by DragonFly bulk builds)
PKGREVISION++

Revision 1.5 / (download) - annotate - [select for diffs], Fri May 18 09:20:09 2007 UTC (15 years, 8 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

11 Apr 2007 - 2.1.1
-------------------
* Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression
  for the @rx operator and variables.
* Really set PCRE_DOTALL option when compiling the regular expression
  for the @rx operator as the docs state.
* Fixed potential memory corruption when expanding macros.
* Fixed error when a collection was retrieved from storage in the same second
  as creation by setting the rate to zero.
* Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms.
* Fixed the faulty REQUEST_FILENAME variable, which used to change
  the internal Apache structures by mistake.
* Updates to quiet some compiler warnings.
* Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf)

Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 18 10:35:13 2007 UTC (15 years, 10 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)

Update to 2.1.0
Fix a typo in options.mk

23 Feb 2006 - 2.1.0
-------------------

* Removed the "Connection reset by peer" message, which has nothing
to do with us. Actually the message was downgraded from ERROR to
NOTICE so it will still appear in the debug log.
* Removed the (harmless) message mentioning LAST_UPDATE_TIME missing.
* It was not possible to remove a rule placed in phase 4 using
SecRuleRemoveById or SecRuleRemoveByMsg. Fixed.
* Fixed a problem with incorrectly setting requestBodyProcessor using
the ctl action.
* Bundled Core Rules 2.1-1.3.2b4.
* Updates to the reference manual.
* Reversed the return values of @validateDTD and @validateSchema, to
make them consistent with other operators.
* Added a few helpful debug messages in the XML validation area.
* Updates to the reference manual.
* Fixed the validateByteRange operator.
* Default value for the status action is now 403 (as it was supposed to
be but it was effectively 500).
* Rule exceptions (removing using an ID range or an regular expression)
is now applied to the current context too. (Previously it only worked
on rules that are inherited from the parent context.)
* Fix of a bug with expired variables.
* Fixed regular expression variable selectors for many collections.
* Performance improvements - up to two times for real-life work loads!
* Memory consumption improvements (not measured but significant).
* The allow action did not work in phases 3 and 4. Fixed.
* Unlocked collections GLOBAL and RESOURCE.
* Added support for variable expansion in the msg action.
* New feature: It is now possible to make relative changes to the
audit log parts with the ctl action. For example: "ctl:auditLogParts=+E".
* New feature: "tag" action. To be used for event categorisation.
* XML parser was not reporting errors that occured at the end
of XML payload.
* Files were not extracted from request if SecUploadKeepFiles was
Off. Fixed.
* Regular expressions that are too long are truncated to 256
characters before used in error messages. (In order to keep
the error messages in the log at a reasonable size.)
* Fixed the sha1 transformation function.
* Fixed the skip action.
* Fixed REQUEST_PROTOCOL, REMOTE_USER, and AUTH_TYPE.
* SecRuleEngine did not work in child configuration contexts
(e.g. <Location>).
* Fixed base64Decode and base64Encode.

15 Nov 2006 - 2.0.4
-------------------
* Fixed the "deprecatevar" action.
* Decreasing variable values did not work.
* Made "nolog" do what it is supposed to do - cause a rule match to
not be logged. Also "nolog" now implies "noauditlog" but it's
possible to follow "nolog" with "auditlog" and have the match
not logged to the error log but logged to the auditlog. (Not
something that strikes me as useful but it's possible.)
* Relative paths given to SecDataDir will now be treated as relative
* Decreasing variable values did not work.
* Made "nolog" do what it is supposed to do - cause a rule match to
not be logged. Also "nolog" now implies "noauditlog" but it's
possible to follow "nolog" with "auditlog" and have the match
not logged to the error log but logged to the auditlog. (Not
something that strikes me as useful but it's possible.)
* Relative paths given to SecDataDir will now be treated as relative
to the Apache server root.
* Added checks to make sure only correct actions are specified in
SecDefaultAction (some actions are required, some don't make any
sense) and in rules that are not chain starters (same). This should
make the unhelpful "Internal Error: Failed to add rule to the ruleset"
message go away.
* Fixed the problem when "SecRuleInheritance Off" is used in a context
with no rules defined.
* Fixed a problem of lost input (request body) data on some redirections,
for example when mod_rewrite is used.

Revision 1.3 / (download) - annotate - [select for diffs], Thu Feb 22 19:27:07 2007 UTC (15 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.

Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 5 18:05:33 2006 UTC (16 years, 2 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4
Changes since 1.1: +3 -1 lines
Diff to previous 1.1 (colored)

Add in a BUILDLINK depends on apache>=2.0.59nb2 as that contains the
libtool fix this package needs to build.
Riding on the initial import - no PKGREVISION bump

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 5 14:33:37 2006 UTC (16 years, 2 months ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

ModSecurity is an open source intrusion detection and prevention engine for
web applications (or a web application firewall). Operating as an Apache Web
server module or standalone, the purpose of ModSecurity is to increase web
application security, protecting web applications from known and unknown
attacks.

This is the 2.x branch of modsecurity and only supports Apache 2.x

Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 5 14:33:37 2006 UTC (16 years, 2 months ago) by adrianp
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>