1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
|
# ChangeLog for www-apache/mod_security
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.37 2010/02/09 17:48:42 flameeyes Exp $
*mod_security-2.5.12 (09 Feb 2010)
09 Feb 2010; Diego E. Pettenò <flameeyes@gentoo.org>
files/2.5.10/99_mod_security.conf, -mod_security-2.5.9.ebuild,
-mod_security-2.5.11-r1.ebuild, +mod_security-2.5.12.ebuild:
Version bump, this version fixes possible security problems. Keep an old
version around though as the HTTP Parameter Pollution code changed
drastically and might break Rails again.
28 Dec 2009; Raúl Porcel <armin76@gentoo.org>
mod_security-2.5.9-r1.ebuild:
sparc stable wrt #293366
08 Dec 2009; nixnut <nixnut@gentoo.org> mod_security-2.5.9-r1.ebuild:
ppc stable #293366
*mod_security-2.5.11-r2 (26 Nov 2009)
26 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+mod_security-2.5.11-r2.ebuild:
Further improved ebuild, using EAPI 2: depend on the presence of unique_id
Apache module; create a secured data directory instead of using /tmp;
avoid changing the server signature by default (USE=-vanilla).
*mod_security-2.5.11-r1 (21 Nov 2009)
21 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org>
-mod_security-2.5.10-r1.ebuild, -mod_security-2.5.11.ebuild,
+mod_security-2.5.11-r1.ebuild,
+files/mod_security-2.5.11-disable-http-pollution.patch, metadata.xml:
Sanitising mod_security: add a vanilla USE flag that restores the original
upstream behaviour for the CRS, if disabled (default), then also disable
some pretty braindamaged rules. Add warnings about the original rules if
vanilla USE flag is enabled or if perl USE flag is enabled. Document in
metadata the new vanilla flag as well as the package-local meaning of the
perl USE flag. Remove older versions.
19 Nov 2009; Markus Meier <maekke@gentoo.org>
mod_security-2.5.9-r1.ebuild:
amd64/x86 stable, bug #293366
*mod_security-2.5.11 (16 Nov 2009)
16 Nov 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+mod_security-2.5.11.ebuild:
Version bump. This time disable some draconic/nearly-idiotic rules.
*mod_security-2.5.10-r1 (26 Oct 2009)
26 Oct 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+files/2.5.10/99_mod_security.conf, -mod_security-2.5.10.ebuild,
+mod_security-2.5.10-r1.ebuild:
Revision bump; install the proper ruleset; install a new config file.
02 Oct 2009; Diego E. Pettenò <flameeyes@gentoo.org>
mod_security-2.5.10.ebuild,
+files/mod_security-2.5.10-broken-autotools.patch:
Ooops, fix the missing broken autotools correction.
*mod_security-2.5.10 (01 Oct 2009)
01 Oct 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+mod_security-2.5.10.ebuild, +files/mod_security-2.5.10-as-needed.patch:
Version bump.
27 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
mod_security-2.5.9-r1.ebuild:
Also list rule 950907 in the list of draconian rules.
15 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
mod_security-2.5.9-r1.ebuild:
Install modsec-rules-updater in sbin, since it requires root privileges.
15 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+files/2.1.2/99_mod_security.conf:
Restore one file deleted by mistake.
14 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
-files/2.1.2/99_mod_security.conf, -mod_security-2.1.2.ebuild,
-mod_security-2.1.6.ebuild, -mod_security-2.5.5.ebuild,
-mod_security-2.5.6.ebuild, -mod_security-2.5.7.ebuild:
Remove older versions.
*mod_security-2.5.9-r1 (14 Jul 2009)
14 Jul 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+mod_security-2.5.9-r1.ebuild, +files/mod_security-2.5.9-as-needed.patch,
files/mod_security-2.5.9-broken-autotools.patch:
Add patch to properly build with --as-needed (thanks to Christian Ruppert
in bug #276272 — this required an extra fix to the autotools); add a
perl USE flag to disable the update script and add the libwww-perl
dependency (thanks again to Christian in bug #275864), and add a notice
about the draconic command injection rule (bug #223815 reported by David
Sommerseth.
14 Jun 2009; Diego E. Pettenò <flameeyes@gentoo.org> metadata.xml:
Add myself as maintainer too since I haven't seen Luca in a while.
02 Jun 2009; Raúl Porcel <armin76@gentoo.org> mod_security-2.5.9.ebuild:
sparc stable wrt #262302
25 May 2009; Brent Baude <ranger@gentoo.org> mod_security-2.5.9.ebuild:
Marking mod_security-2.5.9 ppc for bug 262302
23 May 2009; Markus Meier <maekke@gentoo.org> mod_security-2.5.9.ebuild:
amd64/x86 stable, bug #262302
*mod_security-2.5.9 (22 May 2009)
22 May 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+mod_security-2.5.9.ebuild,
+files/mod_security-2.5.9-broken-autotools.patch:
Update to version 2.5.9; finally respect flags (if apxs allows to..), have
a test function, simplify install.
*mod_security-2.5.7 (01 Jan 2009)
01 Jan 2009; Benedikt Böhm <hollow@gentoo.org>
+mod_security-2.5.7.ebuild:
version bump wrt #234424
*mod_security-2.5.6 (01 Jan 2009)
01 Jan 2009; Benedikt Böhm <hollow@gentoo.org>
-mod_security-2.5.1.ebuild, -mod_security-2.5.4.ebuild,
+mod_security-2.5.6.ebuild:
version bump wrt security #240946
*mod_security-2.5.5 (01 Jul 2008)
01 Jul 2008; Benedikt Böhm <hollow@gentoo.org>
+mod_security-2.5.5.ebuild:
version bump wrt #230139
*mod_security-2.5.4 (01 Jun 2008)
01 Jun 2008; Benedikt Böhm <hollow@gentoo.org>
-mod_security-2.1.4_rc1.ebuild, +mod_security-2.5.4.ebuild:
version bump wrt #221763
25 Apr 2008; Benedikt Böhm <hollow@gentoo.org> mod_security-2.5.1.ebuild:
install rules-updater wrt #219059
*mod_security-2.5.1 (22 Mar 2008)
*mod_security-2.1.6 (22 Mar 2008)
22 Mar 2008; Benedikt Böhm <hollow@gentoo.org>
-files/99_mod_security-2.1.1.conf, +mod_security-2.1.6.ebuild,
+mod_security-2.5.1.ebuild:
version bumps wrt #209632
31 Jan 2008; Benedikt Böhm <hollow@gentoo.org>
files/99_mod_security-2.1.1.conf, files/2.1.2/99_mod_security.conf:
cleanup
29 Jan 2008; Benedikt Böhm <hollow@gentoo.org> mod_security-2.1.2.ebuild,
mod_security-2.1.4_rc1.ebuild:
fix depend.apache usage wrt #208033
25 Nov 2007; Benedikt Böhm <hollow@gentoo.org> mod_security-2.1.2.ebuild:
fix apache-module eclass usage
*mod_security-2.1.4_rc1 (21 Oct 2007)
21 Oct 2007; Benedikt Böhm <hollow@gentoo.org>
-mod_security-2.1.1.ebuild, +mod_security-2.1.4_rc1.ebuild:
version bump
27 Sep 2007; Raúl Porcel <armin76@gentoo.org> mod_security-2.1.2.ebuild:
sparc stable wrt #191973
19 Sep 2007; Lars Weiler <pylon@gentoo.org> mod_security-2.1.2.ebuild:
Stable on ppc; bug #191973.
17 Sep 2007; Chris Gianelloni <wolf31o2@gentoo.org>
mod_security-2.1.2.ebuild:
Stable on amd64 wrt bug #191973.
16 Sep 2007; Christian Faulhammer <opfer@gentoo.org>
mod_security-2.1.2.ebuild:
stable x86, bug 191973
*mod_security-2.1.2 (08 Sep 2007)
08 Sep 2007; Benedikt Böhm <hollow@gentoo.org>
-files/mod_security-2.1.1-request_interception.patch,
+files/2.1.2/99_mod_security.conf, -mod_security-2.1.1-r1.ebuild,
+mod_security-2.1.2.ebuild:
version bump; fixes #180150, #189995, #191381, #181887, #190301
29 Jul 2007; Christian Heim <phreak@gentoo.org>
+files/mod_security-2.1.1-request_interception.patch,
+files/99_mod_security-2.1.1.conf, +metadata.xml,
+mod_security-2.1.1.ebuild, +mod_security-2.1.1-r1.ebuild:
Moving net-www/mod_security to www-apache/mod_security (#81244).
*mod_security-2.1.1-r1 (15 Jun 2007)
15 Jun 2007; Benedikt Böhm <hollow@gentoo.org>
+files/mod_security-2.1.1-request_interception.patch,
-files/99_mod_security.conf, -mod_security-1.8.7.ebuild,
-mod_security-1.9.4.ebuild, +mod_security-2.1.1-r1.ebuild:
remove apache-1 version; fix #180150
11 May 2007; Steve Dibb <beandog@gentoo.org> mod_security-2.1.1.ebuild:
amd64 stable, security bug 169778
08 May 2007; Gustavo Zacarias <gustavoz@gentoo.org>
mod_security-2.1.1.ebuild:
Stable on sparc wrt security #169778
08 May 2007; Raúl Porcel <armin76@gentoo.org> mod_security-2.1.1.ebuild:
x86 stable wrt security bug 169778
08 May 2007; Tobias Scherbaum <dertobi123@gentoo.org>
mod_security-2.1.1.ebuild:
ppc stable, bug #169778
*mod_security-2.1.1 (06 May 2007)
06 May 2007; Christian Heim <phreak@gentoo.org>
+files/99_mod_security-2.1.1.conf, +mod_security-2.1.1.ebuild:
Version bump, thanks to Nick Palmer <nicholas and slackers.net> and Julien
Allanos <dju at gentoo.org> in #151826 for security #169778.
14 Jan 2007; Luca Longinotti <chtekk@gentoo.org>
-files/1.8.6/99_mod_security.conf, files/99_mod_security.conf,
-files/mod_security.conf, mod_security-1.8.7.ebuild,
-mod_security-1.9.1.ebuild, mod_security-1.9.4.ebuild:
Cleanup.
*mod_security-1.9.4 (05 Jun 2006)
05 Jun 2006; Benedikt Böhm <hollow@gentoo.org>
+mod_security-1.9.4.ebuild:
Version bump
05 Jun 2006; Michael Stewart <vericgar@gentoo.org>
-mod_security-1.7.6.ebuild, -mod_security-1.8.6.ebuild,
-mod_security-1.8.7_rc2.ebuild:
Remove old-style ebuilds
02 Jun 2006; Luca Longinotti <chtekk@gentoo.org> metadata.xml:
Update maintainer metadata.
18 Apr 2006; Jason Wever <weeve@gentoo.org> mod_security-1.8.7.ebuild:
Stable on SPARC.
19 Feb 2006; Joshua Kinard <kumba@gentoo.org> mod_security-1.9.1.ebuild:
Added ~mips to KEYWORDS.
*mod_security-1.9.1 (05 Jan 2006)
05 Jan 2006; Luca Longinotti <chtekk@gentoo.org>
+mod_security-1.9.1.ebuild:
Version bump to 1.9.1, fixes bug #115480.
22 Nov 2005; <dang@gentoo.org> mod_security-1.8.7.ebuild:
Marked stable on amd64
01 Nov 2005; Tobias Scherbaum <dertobi123@gentoo.org>
mod_security-1.8.7.ebuild:
Marked ppc stable, bug #106430
18 Sep 2005; Michael Stewart <vericgar@gentoo.org>
mod_security-1.8.7.ebuild:
Stable on x86
20 Jun 2005; Simon Stelling <blubb@gentoo.org> mod_security-1.8.7.ebuild:
added ~amd64 keyword
*mod_security-1.8.7 (06 Mar 2005)
06 Mar 2005; Elfyn McBratney <beu@gentoo.org> +mod_security-1.8.7.ebuild:
Version bump, closes bug #84250.
*mod_security-1.8.7_rc2 (01 Mar 2005)
01 Mar 2005; Elfyn McBratney <beu@gentoo.org> metadata.xml,
+mod_security-1.8.7_rc2.ebuild:
Version bump. Fixes a few segfaults (Apache 2.x only), and a few other bugs.
*mod_security-1.8.6 (09 Jan 2005)
09 Jan 2005; Benedikt Boehm <hollow@gentoo.org> metadata.xml,
+files/1.8.6/99_mod_security.conf, +mod_security-1.8.6.ebuild:
Apache herd package refresh
18 Oct 2004; Jason Wever <weeve@gentoo.org> mod_security-1.7.6.ebuild:
Added ~sparc keyword wrt bug #66615.
04 Sep 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
mod_security-1.7.6.ebuild:
Masked mod_security-1.7.6.ebuild stable for ppc
05 Aug 2004; Chuck Short <zul@gentoo.org> mod_security-1.7.6.ebuild:
Marked stable for x86.
05 Jun 2004; David Holm <dholm@gentoo.org> mod_security-1.7.6.ebuild:
Added to ~ppc.
*mod_security-1.7.6 (03 Jun 2004)
03 Jun 2004; Chuck Short <zul@gentoo.org> metadata.xml, mod_security-1.7.6.ebuild,
files/99_mod_security.conf, files/mod_security.conf:
Initial version,e build written by dju` <dju @ elegiac.net>.
Closes #32190.
|