SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for apache2-mod_security2-debugsource-2.9.8-2.1.x86_64.rpm :

* Tue Jan 21 2025 pgajdosAATTsuse.com- package cleanup, coordinated with owasp-modsecurity-crs cleanup- version update to 2.9.8 (changed upstream: Trustwave -> OWASP)
* Fixed ap_log_perror() usage
* Memory leaks + enhanced logging
* CI improvement: First check syntax & always display error/audit logs
* Fixed assert() usage
* Removed useless code
* feat: Check if the MP header contains invalid character
* Use standard httpd logging format in error log
* fix msc_regexec() != PCRE_ERROR_NOMATCH strict check
* Move xmlFree() call to the right place
* Add collection size in log in case of writing error
* Passing address of lock instead of lock in acquire_global_lock()
* Invalid pointer access in case rule id == NOT_SET_P
* Show error.log after httpd start in CI
* chore: add pull request template
* chore: add gitignore file
* Possible double free
* Set \'jit\' variable\'s initial value
* Missing null byte + optimization
* fix: remove usage of insecure tmpname
* docs: update copyright
* Enhanced logging [Issue #3107]
* Check for null pointer dereference (almost) everywhere
* Fix possible segfault in collection_unpack
* fix: Replace obsolete macros
* chore: update bug-report-for-version-2-x.md
* feat: Add more steps: install built module and restart the server
* Add new flag: --without-lua
* Initial release of CI worklow
* V2/fixbuildissue
* ; incorrectly replaced by space in cmdline
* Detailed error message when writing collections
* docs: Fix organization name in references and security e-mail (v2)
* ctl:ruleRemoveByTag isn\'t executed if no rule id is present in the rule
* Suppress useless loop on tag matching
* Optimization: Avoid last loop and storing an empty value in case nothing after last %{..} macro
* Ignore (consistently) empty actions
* Add context info to error message
* Implement msre_action_phase_validate()
* Avoid some useless code and memory allocation in case no macro is present
* \'jit\' variable not initialized when WITH_PCRE2 is defined
* Configure: do not check for pcre1 if pcre2 requested
* Double memory allocation
* Fix for DEBUG_CONF compile flag
* Enhance logging
* Fix possible segfault in collection_unpack
* Set the minimum security protocol version for SecRemoteRules
* Allow lua version 5.4
* Configure: do not check for pcre1 if pcre2 requested
* Check return code of apr_procattr_io_set()
* Do not escape special chars in rx pattern with macro
* Substitute two equals-equals operators in build- modified patches % apache2-mod_security2-no_rpath.diff (refreshed) % modsecurity-2.9.3-input_filtering_errors.patch (refreshed) % modsecurity-fixes.patch (refreshed)- added sources + apache2-mod_security2.keyring
* Tue Jun 04 2024 pgajdosAATTsuse.com- %autopatch instead of %patchN- modified patches % apache2-mod_security2-no_rpath.diff (refreshed)
* Tue Jun 04 2024 Dominique Leuenberger - Fix patch application syntax: Use %patch -P N instead of deprecated %patchN.
* Tue May 07 2024 pgajdosAATTsuse.com- added patches fix fix build with gcc14 + apache2-mod_security2-gcc14.patch
* Tue Feb 20 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Sat Jul 15 2023 Dirk Müller - update to 2.9.7:
* Fix: FILES_TMP_CONTENT may sometimes lack complete content
* Support configurable limit on number of arguments processed
* Silence compiler warning about discarded const
* Support for JIT option for PCRE2
* Use uid for user if apr_uid_name_get() fails
* Fix: handle error with SecConnReadStateLimit configuration
* Only check for pcre2 install if required
* Adjustment of previous fix for log messages
* Mark apache error log messages as from mod_security2
* Use pkg-config to find libxml2 first
* Support for PCRE2 in mlogc
* Support for PCRE2
* Adjust parser activation rules in modsecurity.conf- recommended
* Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
* Limit rsub null termination to where necessary
* IIS: Update dependencies for next planned release
* XML parser cleanup: NULL duplicate pointer
* Properly cleanup XML parser contexts upon completion
* Fix memory leak in streams
* Fix: negative usec on log line when data type long is 32b
* mlogc log-line parsing fails due to enhanced timestamp
* Allow no-key, single-value JSON body
* Set SecStatusEngine Off in modsecurity.conf-recommended
* Fix memory leak that occurs on JSON parsing error
* Multipart names/filenames may include single quote if double- quote enclosed
* Add SecRequestBodyJsonDepthLimit to modsecurity.conf- recommended
* IIS: Update dependencies for Windows build as of v2.9.5
* Support configurable limit on depth of JSON parsing- fixes CVE-2022-48279 [bsc#1207378], CVE-2023-24021 [bsc#1207379]
* Mon Jul 19 2021 Danilo Spinella - Update to 2.9.4:
* Add microsec timestamp resolution to the formatted log timestamp
* Added missing Geo Countries
* Store temporaries in the request pool for regexes compiled per-request.
* Fix other usage of the global pool for request temporaries in re_operators.c
* Adds a sanity check before use ctl:ruleRemoveTargetById and ctl:ruleRemoveTargetByMsg.
* Fix the order of error_msg validation
* When the input filter finishes, check whether we returned data
* fix: care non-null terminated chunk data
* Fix for apr_global_mutex_create() crashes with mod_security
* Fix inet addr handling on 64 bit big endian systems- Run spec-cleaner- Remove if/else for older version of SUSE distribution
* Tue Feb 23 2021 pgajdosAATTsuse.com- version update to 2.9.3
* Enable optimization for large stream input by default on IIS [Issue #1299 - AATTvictorhora, AATTzimmerle]
* Allow 0 length JSON requests. [Issue #1822 - AATTallanbomsft, AATTzimmerle, AATTvictorhora, AATTmarcstern]
* Include unanmed JSON values in unnamed ARGS [Issue #1577, #1576 - AATTmarcstern, AATTvictorhora, AATTzimmerle]
* Fix buffer size for utf8toUnicode transformation [Issue #1208 - AATTkatef, AATTvictorhora]
* Fix sanitizing JSON request bodies in native audit log format [p0pr0ck5, AATTvictorhora]
* IIS: Update Wix installer to bundle a supported CRS version (3.0) [AATTvictorhora, AATTzimmerle]
* IIS: Update dependencies for Windows build [Issue #1848 - AATTvictorhora, AATThsluoyz]
* IIS: Set SecStreamInBodyInspection by default on IIS builds (#1299) [Issue #1299 - AATTvictorhora]
* IIS: Update modsecurity.conf [Issue #788 - AATTvictorhora, AATTbrianclark]
* Add sanity check for a couple malloc() and make code more resilient [Issue #979 - AATTdogbert2, AATTvictorhora, AATTzimmerl]
* Fix NetBSD build by renaming the hmac function to avoid conflicts [Issue #1241 - AATTvictorhora, AATTjoerg, AATTsevan]
* IIS: Windows build, fix duplicate YAJL dir in script [Issue #1612 - AATTallanbomsft, AATTvictorhora]
* IIS: Remove body prebuffering due to no locking in modsecProcessRequest [Issue #1917 - AATTallanbomsft, AATTvictorhora]
* Fix mpm-itk / mod_ruid2 compatibility [Issue #712 - AATTju5t , AATTderhansen, AATTmeatlayer, AATTvictorhora]
* Code cosmetics: checks if actionset is not null before use it [Issue #1556 - AATTmarcstern, AATTzimmerle, AATTvictorhora]
* Only generate SecHashKey when SecHashEngine is On [Issue #1671 - AATTdmuey, AATTmonkburger, AATTzimmerle]
* Docs: Reformat README to Markdown and update dependencies [Issue #1857 - AATThsluoyz, AATTvictorhora]
* IIS: no lock on ProcessRequest. No reload of config. [Issue #1826 - AATTallanbomsft]
* IIS: buffer request body before taking lock [Issue #1651 - AATTallanbomsft]
* good practices: Initialize variables before use it [Issue #1889 - Marc Stern]
* Let body parsers observe SecRequestBodyNoFilesLimit [Issue #1613 - AATTallanbomsft]
* potential off by one in parse_arguments [Issue #1799 - AATTtinselcity, AATTzimmerle]
* Fix utf-8 character encoding conversion [Issue #1794 - AATTtinselcity, AATTzimmerle]
* Fix ip tree lookup on netmask content [Issue #1793 - AATTtinselcity, AATTzimmerle]
* IIS: set overrideModeDefault to Allow so that individual websites can add to their web.config file [Issue #1781 - AATTdefault-kramer]
* modsecurity.conf-recommended: Fix spelling [Issue #1721 - AATTpadraigdoran]
* build: fix when multiple lines for curl version [Issue #1771 - AATTArtistan]
* Fix arabic charset in unicode_mapping file [Issue #1619 - AATTalaa-ahmed-a]
* Optionally preallocates memory when SecStreamInBodyInspection is on [Issue #1366 - AATTallanbomsft, AATTzimmerle]
* Fixed typo in build_yajl.bat [Issue #1366 - AATTallanbomsft]
* Fixes SecConnWriteStateLimit [Issue #1545 - AATTnicjansma]
* Added \"empy chunk\" check [Issue #1347, #1446 - AATTgravagli, AATTbostrt, AATTzimmerle]
* Add capture action to AATTdetectXSS operator [Issue #1488, #1482 - AATTvictorhora]
* Fix for wildcard operator when loading conf files on Nginx / IIS [Issue #1486, #1285 - AATTvictorhora and AATTthierry-f-78]
* Set of fixies to make windows build workable with the buildbots [Commit 94fe3 - AATTzimmerle]
* Uses LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH [Issue #1510 - AATTmarcstern]
* Adds missing headers [Issue #1454 - AATTdevnexen]- modified patches % modsecurity-fixes.patch (fix crash caused by our patch) [bsc#1180830]- added patches + modsecurity-2.9.3-input_filtering_errors.patch [bsc#1180830]
* Wed Feb 12 2020 pgajdosAATTsuse.com- removing %apache_test_
* macros, do not test module just by loading the module
* Fri Dec 29 2017 jengelhAATTinai.de- Trim advertisement and filler wording from descriptions.
  
ICM