diff options
author | adrianp <adrianp@pkgsrc.org> | 2008-01-04 10:05:51 +0000 |
---|---|---|
committer | adrianp <adrianp@pkgsrc.org> | 2008-01-04 10:05:51 +0000 |
commit | 026d9b3c21e8dd198155273ab52952e95bd65ce2 (patch) | |
tree | e6196189d0f296379cc76e0376b8da53ea0e0a36 /security | |
parent | d1f1032e98389473f7e755192175edd54f36ba5c (diff) | |
download | pkgsrc-026d9b3c21e8dd198155273ab52952e95bd65ce2.tar.gz |
Update to 2.1.4
27 Nov 2007 - 2.1.4
-------------------
* Updated included Core Ruleset to version 1.5 and noted in the docs that
XML support is required to use the rules without modification.
* Fixed an evasion FP, mistaking a multipart non-boundary for a boundary.
* Fixed multiple warnings on Solaris and/or 64bit builds.
* Do not process subrequests in phase 2-4, but do hand off the request data.
* Fixed a blocking FP in the multipart parser, which affected Safari.
11 Sep 2007 - 2.1.3
-------------------
* Updated multipart parsing code adding variables to allow checking
for various parsing issues (request body abnormalities).
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
* Quiet some compiler warnings.
* Do not block internal ErrorDocument requests after blocking request.
* Added ability to compile without an external API (use -DNO_MODSEC_API).
27 Jul 2007 - 2.1.2
-------------------
* Cleaned up and clarified some documentation.
* Update included core rules to latest version (1.4.3).
* Enhanced ability to alert/audit failed requests.
* Do not trigger "pause" action for internal requests.
* Fixed issue with requests that use internal requests. These had the
potential to be intercepted incorrectly when other Apache httpd modules
that used internal requests were used with mod_security.
* Added Solaris and Cygwin to the list of platforms not supporting the hidden
visibility attribute.
* Fixed decoding full-width unicode in t:urlDecodeUni.
* Lessen some overhead of debugging messages and calculations.
* Do not try to intercept a request after a failed rule. This fixes the
issue associated with an "Internal Error: Asked to intercept request
but was_intercepted is zero" error message.
* Added SecAuditLog2 directive to allow redundent concurrent audit log
index files. This will allow sending audit data to two consoles, etc.
* Small performance improvement in memory management for rule execution.
Diffstat (limited to 'security')
-rw-r--r-- | security/ap-modsecurity2/Makefile | 5 | ||||
-rw-r--r-- | security/ap-modsecurity2/PLIST | 5 | ||||
-rw-r--r-- | security/ap-modsecurity2/distinfo | 10 | ||||
-rw-r--r-- | security/ap-modsecurity2/patches/patch-aa | 23 |
4 files changed, 20 insertions, 23 deletions
diff --git a/security/ap-modsecurity2/Makefile b/security/ap-modsecurity2/Makefile index 075635b39fc..7ac7cc5e787 100644 --- a/security/ap-modsecurity2/Makefile +++ b/security/ap-modsecurity2/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.6 2007/12/27 16:39:07 adrianp Exp $ +# $NetBSD: Makefile,v 1.7 2008/01/04 10:05:51 adrianp Exp $ -DISTNAME= modsecurity-apache_2.1.1 +DISTNAME= modsecurity-apache_2.1.4 PKGNAME= ${APACHE_PKG_PREFIX}-${DISTNAME:S/apache_//} CATEGORIES= www security -PKGREVISION= 1 MASTER_SITES= http://www.modsecurity.org/download/ MAINTAINER= adrianp@NetBSD.org diff --git a/security/ap-modsecurity2/PLIST b/security/ap-modsecurity2/PLIST index e43b5582b1a..3f131aee127 100644 --- a/security/ap-modsecurity2/PLIST +++ b/security/ap-modsecurity2/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2007/03/18 10:35:13 adrianp Exp $ +@comment $NetBSD: PLIST,v 1.3 2008/01/04 10:05:51 adrianp Exp $ lib/httpd/mod_security2.so share/doc/ap-security/apache_request_cycle-modsecurity.jpg share/doc/ap-security/breach-logo-small.gif @@ -10,8 +10,9 @@ share/doc/ap-security/html-multipage/05-variables.html share/doc/ap-security/html-multipage/06-transformation-functions.html share/doc/ap-security/html-multipage/07-actions.html share/doc/ap-security/html-multipage/08-operators.html -share/doc/ap-security/html-multipage/apache_request_cycle-modsecurity.jpg share/doc/ap-security/html-multipage/ar01s02.html +share/doc/ap-security/html-multipage/ar01s10.html +share/doc/ap-security/html-multipage/apache_request_cycle-modsecurity.jpg share/doc/ap-security/html-multipage/breach-logo-small.gif share/doc/ap-security/html-multipage/index.html share/doc/ap-security/html-multipage/modsecurity-reference.css diff --git a/security/ap-modsecurity2/distinfo b/security/ap-modsecurity2/distinfo index e036b32d885..a5183b21168 100644 --- a/security/ap-modsecurity2/distinfo +++ b/security/ap-modsecurity2/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.3 2007/05/18 09:20:09 adrianp Exp $ +$NetBSD: distinfo,v 1.4 2008/01/04 10:05:51 adrianp Exp $ -SHA1 (modsecurity-apache_2.1.1.tar.gz) = 06527f16271628b882d375b4a0ad188d13dc7291 -RMD160 (modsecurity-apache_2.1.1.tar.gz) = 17e94c19d51f7e9e09ef435f81d696ec638aad44 -Size (modsecurity-apache_2.1.1.tar.gz) = 650607 bytes -SHA1 (patch-aa) = 58909761e850fff12b989e68b70f418b6720c96d +SHA1 (modsecurity-apache_2.1.4.tar.gz) = 2dbd940f8537641a0f0366b6ed6512e53e045589 +RMD160 (modsecurity-apache_2.1.4.tar.gz) = a782e78691f765f68bef13fda1786df750bf31dc +Size (modsecurity-apache_2.1.4.tar.gz) = 676539 bytes +SHA1 (patch-aa) = ab35a84c0576968661ae08c5dc14c156e7b9e13b diff --git a/security/ap-modsecurity2/patches/patch-aa b/security/ap-modsecurity2/patches/patch-aa index 5d23df847a1..713a8efa8a7 100644 --- a/security/ap-modsecurity2/patches/patch-aa +++ b/security/ap-modsecurity2/patches/patch-aa @@ -1,28 +1,25 @@ -$NetBSD: patch-aa,v 1.3 2007/05/18 09:20:09 adrianp Exp $ +$NetBSD: patch-aa,v 1.4 2008/01/04 10:05:51 adrianp Exp $ ---- apache2/Makefile.orig 2007-03-07 16:24:45.000000000 +0000 +--- apache2/Makefile.orig 2007-11-27 18:37:37.000000000 +0000 +++ apache2/Makefile -@@ -17,7 +17,7 @@ builddir = . - # Debian - /usr/share/apache2 (apache2-prefork-dev or apache2-threaded-dev - # needed, depending on your installation type) +@@ -32,7 +32,7 @@ builddir = . + # XML references in the Core Ruleset if you choose not to include XML support. + # In future versions of ModSecurity XML support will be required. # --top_dir = /apps/apache22 +-top_dir = /usr/local/apache2 +top_dir = @PREFIX@/share/httpd top_srcdir = ${top_dir} top_builddir = ${top_dir} -@@ -27,11 +27,11 @@ include ${top_builddir}/build/special.mk +@@ -42,9 +42,9 @@ include ${top_builddir}/build/special.mk APXS = apxs APACHECTL = apachectl -INCLUDES = -I /usr/include/libxml2 --DEFS = -DWITH_LIBXML2 +INCLUDES += -I@PREFIX@/include/httpd @XMLINC@ + #INCLUDES = -I /usr/include/libxml2 -I /path/to/httpd-x.y/srclib/pcre +-DEFS = -DWITH_LIBXML2 +DEFS += @XMLDEFS@ + #DEFS = -DWITH_LIBXML2 -DNO_MODSEC_API #LIBS = -Lmy/lib/dir -lmylib --CFLAGS = -O2 -g -Wuninitialized -Wall -Wmissing-prototypes -Wshadow -Wunused-variable -Wunused-value -Wchar-subscripts -Wsign-compare -+#CFLAGS = -O2 -g -Wuninitialized -Wall -Wmissing-prototypes -Wshadow -Wunused-variable -Wunused-value -Wchar-subscripts -Wsign-compare - - all: local-shared-build - |