Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/www-apache/mod_security/ChangeLog
blob: 539e95c75d198c1cfac2fde4bb0da8d34c2e41e5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386

# ChangeLog for www-apache/mod_security
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.51 2011/03/28 21:58:58 flameeyes Exp $

  28 Mar 2011; Diego E. Pettenò <flameeyes@gentoo.org>
  +files/modsecurity.conf, -files/2.5.13-r2/79_modsecurity.conf,
  -files/2.5.13/79_mod_security.conf, -mod_security-2.5.13-r1.ebuild,
  mod_security-2.5.13-r2.ebuild, metadata.xml:
  Cleanup ebuild, port to EAPI=3; add geoip USE flag to bring in dev-libs/geoip
  and set it up.

*mod_security-2.5.13-r2 (23 Mar 2011)

  23 Mar 2011; Diego E. Pettenò <flameeyes@gentoo.org>
  +files/2.5.13-r2/79_modsecurity.conf, -mod_security-2.5.12-r1.ebuild,
  +mod_security-2.5.13-r2.ebuild:
  Version bump; don't force usage of CRS in the configuration file for the
  module; rename mod_security to modsecurity in it for consistency with
  upstream and future Debian.

  26 Feb 2011; Kacper Kowalik <xarthisius@gentoo.org>
  mod_security-2.5.13-r1.ebuild:
  Marked ~ppc wrt #338548

*mod_security-2.5.13-r1 (09 Jan 2011)

  09 Jan 2011; Diego E. Pettenò <flameeyes@gentoo.org>
  +files/2.5.13/79_mod_security.conf, -mod_security-2.5.13.ebuild,
  +mod_security-2.5.13-r1.ebuild:
  Revision bump to change the installed modsecurity conf file from 99_ to 79_,
  makes easier to add site-global rules.

*mod_security-2.5.13 (01 Dec 2010)

  01 Dec 2010; Diego E. Pettenò <flameeyes@gentoo.org>
  +mod_security-2.5.13.ebuild:
  Version bump.

  24 Oct 2010; Raúl Porcel <armin76@gentoo.org>
  mod_security-2.5.12-r1.ebuild:
  Add ~sparc wrt #338548

  13 Oct 2010; Markus Meier <maekke@gentoo.org>
  mod_security-2.5.12-r1.ebuild:
  add ~x86, bug #338548

  24 Sep 2010; Diego E. Pettenò <flameeyes@gentoo.org>
  -files/mod_security-2.5.9-as-needed.patch,
  -files/2.1.2/99_mod_security.conf, -mod_security-2.5.9-r1.ebuild,
  -files/mod_security-2.5.9-broken-autotools.patch,
  -files/mod_security-2.5.10-broken-autotools.patch,
  -mod_security-2.5.11-r2.ebuild,
  -files/mod_security-2.5.11-disable-http-pollution.patch:
  Cleanup old versions and unused files.

*mod_security-2.5.12-r1 (24 Sep 2010)

  24 Sep 2010; Diego E. Pettenò <flameeyes@gentoo.org>
  +mod_security-2.5.12-r1.ebuild:
  Add a new revision that doesn't install the Core Rule Set and rather rely
  on www-apache/modsecurity-crs.

  02 Jun 2010; Torsten Veller <tove@gentoo.org> metadata.xml:
  Remove chtekk from metadata.xml (#103720)

  14 Mar 2010; Raúl Porcel <armin76@gentoo.org> mod_security-2.5.12.ebuild:
  sparc stable wrt #304147

  09 Mar 2010; Joseph Jezak <josejx@gentoo.org> mod_security-2.5.12.ebuild:
  Marked ppc stable for bug #304147.

  07 Mar 2010; Markus Meier <maekke@gentoo.org> mod_security-2.5.12.ebuild:
  amd64 stable, bug #304147

  05 Mar 2010; Christian Faulhammer <fauli@gentoo.org>
  mod_security-2.5.12.ebuild:
  stable x86, security bug 304147

*mod_security-2.5.12 (09 Feb 2010)

  09 Feb 2010; Diego E. Pettenò <flameeyes@gentoo.org>
  files/2.5.10/99_mod_security.conf, -mod_security-2.5.9.ebuild,
  -mod_security-2.5.11-r1.ebuild, +mod_security-2.5.12.ebuild:
  Version bump, this version fixes possible security problems. Keep an old
  version around though as the HTTP Parameter Pollution code changed
  drastically and might break Rails again.

  28 Dec 2009; Raúl Porcel <armin76@gentoo.org>
  mod_security-2.5.9-r1.ebuild:
  sparc stable wrt #293366

  08 Dec 2009; nixnut <nixnut@gentoo.org> mod_security-2.5.9-r1.ebuild:
  ppc stable #293366

*mod_security-2.5.11-r2 (26 Nov 2009)

  26 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  +mod_security-2.5.11-r2.ebuild:
  Further improved ebuild, using EAPI 2: depend on the presence of unique_id
  Apache module; create a secured data directory instead of using /tmp;
  avoid changing the server signature by default (USE=-vanilla).

*mod_security-2.5.11-r1 (21 Nov 2009)

  21 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  -mod_security-2.5.10-r1.ebuild, -mod_security-2.5.11.ebuild,
  +mod_security-2.5.11-r1.ebuild,
  +files/mod_security-2.5.11-disable-http-pollution.patch, metadata.xml:
  Sanitising mod_security: add a vanilla USE flag that restores the original
  upstream behaviour for the CRS, if disabled (default), then also disable
  some pretty braindamaged rules. Add warnings about the original rules if
  vanilla USE flag is enabled or if perl USE flag is enabled. Document in
  metadata the new vanilla flag as well as the package-local meaning of the
  perl USE flag. Remove older versions.

  19 Nov 2009; Markus Meier <maekke@gentoo.org>
  mod_security-2.5.9-r1.ebuild:
  amd64/x86 stable, bug #293366

*mod_security-2.5.11 (16 Nov 2009)

  16 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  +mod_security-2.5.11.ebuild:
  Version bump. This time disable some draconic/nearly-idiotic rules.

*mod_security-2.5.10-r1 (26 Oct 2009)

  26 Oct 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  +files/2.5.10/99_mod_security.conf, -mod_security-2.5.10.ebuild,
  +mod_security-2.5.10-r1.ebuild:
  Revision bump; install the proper ruleset; install a new config file.

  02 Oct 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  mod_security-2.5.10.ebuild,
  +files/mod_security-2.5.10-broken-autotools.patch:
  Ooops, fix the missing broken autotools correction.

*mod_security-2.5.10 (01 Oct 2009)

  01 Oct 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  +mod_security-2.5.10.ebuild, +files/mod_security-2.5.10-as-needed.patch:
  Version bump.

  27 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  mod_security-2.5.9-r1.ebuild:
  Also list rule 950907 in the list of draconian rules.

  15 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  mod_security-2.5.9-r1.ebuild:
  Install modsec-rules-updater in sbin, since it requires root privileges.

  15 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  +files/2.1.2/99_mod_security.conf:
  Restore one file deleted by mistake.

  14 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  -files/2.1.2/99_mod_security.conf, -mod_security-2.1.2.ebuild,
  -mod_security-2.1.6.ebuild, -mod_security-2.5.5.ebuild,
  -mod_security-2.5.6.ebuild, -mod_security-2.5.7.ebuild:
  Remove older versions.

*mod_security-2.5.9-r1 (14 Jul 2009)

  14 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  +mod_security-2.5.9-r1.ebuild, +files/mod_security-2.5.9-as-needed.patch,
  files/mod_security-2.5.9-broken-autotools.patch:
  Add patch to properly build with --as-needed (thanks to Christian Ruppert
  in bug #276272 — this required an extra fix to the autotools); add a
  perl USE flag to disable the update script and add the libwww-perl
  dependency (thanks again to Christian in bug #275864), and add a notice
  about the draconic command injection rule (bug #223815 reported by David
  Sommerseth.

  14 Jun 2009; Diego E. Pettenò <flameeyes@gentoo.org> metadata.xml:
  Add myself as maintainer too since I haven't seen Luca in a while.

  02 Jun 2009; Raúl Porcel <armin76@gentoo.org> mod_security-2.5.9.ebuild:
  sparc stable wrt #262302

  25 May 2009; Brent Baude <ranger@gentoo.org> mod_security-2.5.9.ebuild:
  Marking mod_security-2.5.9 ppc for bug 262302

  23 May 2009; Markus Meier <maekke@gentoo.org> mod_security-2.5.9.ebuild:
  amd64/x86 stable, bug #262302

*mod_security-2.5.9 (22 May 2009)

  22 May 2009; Diego E. Pettenò <flameeyes@gentoo.org>
  +mod_security-2.5.9.ebuild,
  +files/mod_security-2.5.9-broken-autotools.patch:
  Update to version 2.5.9; finally respect flags (if apxs allows to..), have
  a test function, simplify install.

*mod_security-2.5.7 (01 Jan 2009)

  01 Jan 2009; Benedikt Böhm <hollow@gentoo.org>
  +mod_security-2.5.7.ebuild:
  version bump wrt #234424

*mod_security-2.5.6 (01 Jan 2009)

  01 Jan 2009; Benedikt Böhm <hollow@gentoo.org>
  -mod_security-2.5.1.ebuild, -mod_security-2.5.4.ebuild,
  +mod_security-2.5.6.ebuild:
  version bump wrt security #240946

*mod_security-2.5.5 (01 Jul 2008)

  01 Jul 2008; Benedikt Böhm <hollow@gentoo.org>
  +mod_security-2.5.5.ebuild:
  version bump wrt #230139

*mod_security-2.5.4 (01 Jun 2008)

  01 Jun 2008; Benedikt Böhm <hollow@gentoo.org>
  -mod_security-2.1.4_rc1.ebuild, +mod_security-2.5.4.ebuild:
  version bump wrt #221763

  25 Apr 2008; Benedikt Böhm <hollow@gentoo.org> mod_security-2.5.1.ebuild:
  install rules-updater wrt #219059

*mod_security-2.5.1 (22 Mar 2008)
*mod_security-2.1.6 (22 Mar 2008)

  22 Mar 2008; Benedikt Böhm <hollow@gentoo.org>
  -files/99_mod_security-2.1.1.conf, +mod_security-2.1.6.ebuild,
  +mod_security-2.5.1.ebuild:
  version bumps wrt #209632

  31 Jan 2008; Benedikt Böhm <hollow@gentoo.org>
  files/99_mod_security-2.1.1.conf, files/2.1.2/99_mod_security.conf:
  cleanup

  29 Jan 2008; Benedikt Böhm <hollow@gentoo.org> mod_security-2.1.2.ebuild,
  mod_security-2.1.4_rc1.ebuild:
  fix depend.apache usage wrt #208033

  25 Nov 2007; Benedikt Böhm <hollow@gentoo.org> mod_security-2.1.2.ebuild:
  fix apache-module eclass usage

*mod_security-2.1.4_rc1 (21 Oct 2007)

  21 Oct 2007; Benedikt Böhm <hollow@gentoo.org>
  -mod_security-2.1.1.ebuild, +mod_security-2.1.4_rc1.ebuild:
  version bump

  27 Sep 2007; Raúl Porcel <armin76@gentoo.org> mod_security-2.1.2.ebuild:
  sparc stable wrt #191973

  19 Sep 2007; Lars Weiler <pylon@gentoo.org> mod_security-2.1.2.ebuild:
  Stable on ppc; bug #191973.

  17 Sep 2007; Chris Gianelloni <wolf31o2@gentoo.org>
  mod_security-2.1.2.ebuild:
  Stable on amd64 wrt bug #191973.

  16 Sep 2007; Christian Faulhammer <opfer@gentoo.org>
  mod_security-2.1.2.ebuild:
  stable x86, bug 191973

*mod_security-2.1.2 (08 Sep 2007)

  08 Sep 2007; Benedikt Böhm <hollow@gentoo.org>
  -files/mod_security-2.1.1-request_interception.patch,
  +files/2.1.2/99_mod_security.conf, -mod_security-2.1.1-r1.ebuild,
  +mod_security-2.1.2.ebuild:
  version bump; fixes #180150, #189995, #191381, #181887, #190301

  29 Jul 2007; Christian Heim <phreak@gentoo.org>
  +files/mod_security-2.1.1-request_interception.patch,
  +files/99_mod_security-2.1.1.conf, +metadata.xml,
  +mod_security-2.1.1.ebuild, +mod_security-2.1.1-r1.ebuild:
  Moving net-www/mod_security to www-apache/mod_security (#81244).

*mod_security-2.1.1-r1 (15 Jun 2007)

  15 Jun 2007; Benedikt Böhm <hollow@gentoo.org>
  +files/mod_security-2.1.1-request_interception.patch,
  -files/99_mod_security.conf, -mod_security-1.8.7.ebuild,
  -mod_security-1.9.4.ebuild, +mod_security-2.1.1-r1.ebuild:
  remove apache-1 version; fix #180150

  11 May 2007; Steve Dibb <beandog@gentoo.org> mod_security-2.1.1.ebuild:
  amd64 stable, security bug 169778

  08 May 2007; Gustavo Zacarias <gustavoz@gentoo.org>
  mod_security-2.1.1.ebuild:
  Stable on sparc wrt security #169778

  08 May 2007; Raúl Porcel <armin76@gentoo.org> mod_security-2.1.1.ebuild:
  x86 stable wrt security bug 169778

  08 May 2007; Tobias Scherbaum <dertobi123@gentoo.org>
  mod_security-2.1.1.ebuild:
  ppc stable, bug #169778

*mod_security-2.1.1 (06 May 2007)

  06 May 2007; Christian Heim <phreak@gentoo.org>
  +files/99_mod_security-2.1.1.conf, +mod_security-2.1.1.ebuild:
  Version bump, thanks to Nick Palmer <nicholas and slackers.net> and Julien
  Allanos <dju at gentoo.org> in #151826 for security #169778.

  14 Jan 2007; Luca Longinotti <chtekk@gentoo.org>
  -files/1.8.6/99_mod_security.conf, files/99_mod_security.conf,
  -files/mod_security.conf, mod_security-1.8.7.ebuild,
  -mod_security-1.9.1.ebuild, mod_security-1.9.4.ebuild:
  Cleanup.

*mod_security-1.9.4 (05 Jun 2006)

  05 Jun 2006; Benedikt Böhm <hollow@gentoo.org>
  +mod_security-1.9.4.ebuild:
  Version bump

  05 Jun 2006; Michael Stewart <vericgar@gentoo.org>
  -mod_security-1.7.6.ebuild, -mod_security-1.8.6.ebuild,
  -mod_security-1.8.7_rc2.ebuild:
  Remove old-style ebuilds

  02 Jun 2006; Luca Longinotti <chtekk@gentoo.org> metadata.xml:
  Update maintainer metadata.

  18 Apr 2006; Jason Wever <weeve@gentoo.org> mod_security-1.8.7.ebuild:
  Stable on SPARC.

  19 Feb 2006; Joshua Kinard <kumba@gentoo.org> mod_security-1.9.1.ebuild:
  Added ~mips to KEYWORDS.

*mod_security-1.9.1 (05 Jan 2006)

  05 Jan 2006; Luca Longinotti <chtekk@gentoo.org>
  +mod_security-1.9.1.ebuild:
  Version bump to 1.9.1, fixes bug #115480.

  22 Nov 2005; <dang@gentoo.org> mod_security-1.8.7.ebuild:
  Marked stable on amd64

  01 Nov 2005; Tobias Scherbaum <dertobi123@gentoo.org>
  mod_security-1.8.7.ebuild:
  Marked ppc stable, bug #106430

  18 Sep 2005; Michael Stewart <vericgar@gentoo.org>
  mod_security-1.8.7.ebuild:
  Stable on x86

  20 Jun 2005; Simon Stelling <blubb@gentoo.org> mod_security-1.8.7.ebuild:
  added ~amd64 keyword

*mod_security-1.8.7 (06 Mar 2005)

  06 Mar 2005; Elfyn McBratney <beu@gentoo.org> +mod_security-1.8.7.ebuild:
  Version bump, closes bug #84250.

*mod_security-1.8.7_rc2 (01 Mar 2005)

  01 Mar 2005; Elfyn McBratney <beu@gentoo.org> metadata.xml,
  +mod_security-1.8.7_rc2.ebuild:
  Version bump.  Fixes a few segfaults (Apache 2.x only), and a few other bugs.

*mod_security-1.8.6 (09 Jan 2005)

  09 Jan 2005; Benedikt Boehm <hollow@gentoo.org> metadata.xml,
  +files/1.8.6/99_mod_security.conf, +mod_security-1.8.6.ebuild:
  Apache herd package refresh

  18 Oct 2004; Jason Wever <weeve@gentoo.org> mod_security-1.7.6.ebuild:
  Added ~sparc keyword wrt bug #66615.

  04 Sep 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
  mod_security-1.7.6.ebuild:
  Masked mod_security-1.7.6.ebuild stable for ppc

  05 Aug 2004; Chuck Short <zul@gentoo.org> mod_security-1.7.6.ebuild:
  Marked stable for x86.

  05 Jun 2004; David Holm <dholm@gentoo.org> mod_security-1.7.6.ebuild:
  Added to ~ppc.

*mod_security-1.7.6 (03 Jun 2004)

  03 Jun 2004; Chuck Short <zul@gentoo.org> metadata.xml, mod_security-1.7.6.ebuild,
  files/99_mod_security.conf, files/mod_security.conf:
  Initial version,e build written by dju` <dju @ elegiac.net>.
  Closes #32190.