pkgsrc-WIP-changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

ap-modsecurity: Fix COMMIT_MSG



Module Name:	pkgsrc-wip
Committed By:	Marcin Gondek <drixter%e-utp.net@localhost>
Pushed By:	drixter
Date:		Mon Jul 6 18:07:36 2026 +0200
Changeset:	55335995df9ad53ae30482359404814d9ce2ee7f

Modified Files:
	ap-modsecurity2/COMMIT_MSG

Log Message:
ap-modsecurity: Fix COMMIT_MSG

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=55335995df9ad53ae30482359404814d9ce2ee7f

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 ap-modsecurity2/COMMIT_MSG | 128 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 123 insertions(+), 5 deletions(-)

diffs:
diff --git a/ap-modsecurity2/COMMIT_MSG b/ap-modsecurity2/COMMIT_MSG
index 5fde54434a..9cd1cacd35 100644
--- a/ap-modsecurity2/COMMIT_MSG
+++ b/ap-modsecurity2/COMMIT_MSG
@@ -1,8 +1,126 @@
 ap-modsecurity: Update to version 2.9.14
 
-Full list of changes:
+Last version changes:
 
-chore: fix cppcheck issues with v2.21.0
-fix: ctl:ruleRemoveTargetByTag not removing XML attribute targets
-Remove deprecated REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
-Re-apply lost fix 4f33f5b: collection_unpack value_len underflow regression
+02 Jul 2026 - 2.9.14
+--------------------
+
+ * chore: fix cppcheck issues with v2.21.0
+   [Issue #3593 - @airween]
+ * fix: ctl:ruleRemoveTargetByTag not removing XML attribute targets
+   [Issue #3592 - @fzipi]
+ * Remove deprecated REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
+   [Issue #3578 - @hnakamur]
+ * Re-apply lost fix 4f33f5b: collection_unpack value_len underflow regression
+   [Issue #3560 - @g4mm4-VCF]
+
+28 Apr 2026 - 2.9.13
+--------------------
+
+ * fix: heap buffer overflow in acmp pm
+   [Issue #3545 - @fumfel,@airween]
+ * fix: probably UB (left shift of neg. val) in ip_tree code
+   [Issue #3542 - @fumfel,@airween]
+ * feat(libinjection): add libinjection 4 final to v2
+   [Issue #3535 - @airween]
+ * fix: cppcheck warnings
+   [Issue #3530 - @airween]
+ * feat: add Lua 5.5 support when available
+   [Issue #3527 - @fzipi,@airween]
+ * refactor: remove NGINX support from v2 (#3498)
+   [Issue #3502 - @sanjib2006]
+ * fix: cppcheck warnings in nginx/
+   [Issue #3493 - @umprayz]
+ * fix: cppcheck warnings in standalone/
+   [Issue #3488 - @umprayz]
+ * v2: Accept requests whose body length is exactly equal to SecRequestBodyNoFilesLimit
+   [Issue #3480 - @hnakamur]
+ * fix: yajl detection for source installations (#3457)
+   [Issue #3458 - @weida]
+ * feat: fix regression test, add a new CI workflow
+   [Issue #3456 - @airween]
+ * Fix libxml2 related deprecated issues
+   [Issue #3454 - @airween]
+ * Add CMake and CI Pipeline for ModSecurityIIS in ModSecurity V2
+   [Issue #3452 - @A13501350]
+ * fix(iis):  IPv6 Handling in ModSecurity IIS Module
+   [Issue #3443 - @A13501350]
+ * fix: add event message resources to ModSecurityIIS.dll and resolve "Invalid function" errors (#3408)
+   [Issue #3438 - @A13501350]
+
+05 Aug 2025 - 2.9.12
+--------------------
+
+ * fix: Improper error handling
+   [PR from private repo - @orangetw, @pgajdos, @ylavic, @theseion, @fzipi, @airween
+    fixed CVE-2025-54571]
+ * fix: mod_security2's regression tests [Issue #3425 - @airween]
+ * fix: remove unused condition from msc_status_engine.c [Issue #3412 - @airween]
+ * fix: remove unwanted '\0' string terminator from argument's value [Issue #3411 - @airween]
+
+01 Jul 2025 - 2.9.11
+--------------------
+
+ * fix: prevent segmentation fault if the XML node is empty
+   [PR from private repo - @theseion, @fzipi, @RedXanadu, @airween; fixed CVE-2025-52891]
+ * Plug memory leak when msre_op_validateSchema_execute() exits normally (validateSchema)
+   [Issue #3401 - @nic-prgs]
+ * chore: bump version in MSI installer.wxs
+   [Issue #3400 - @airween]
+ * Fix resource leaks in `msc_status_engine_mac_address`
+   [Issue #3391 - @amezin]
+
+02 Jun 2025 - 2.9.10
+--------------------
+
+ * fix: DoS vulnerability
+   [PR from private repo - @theseion, @fzipi, @airween; fixed CVE-2025-48866]
+
+21 May 2025 - 2.9.9
+-------------------
+
+ * fix: DoS vulnerability
+   [PR from private repo - @theseion, @fzipi, @airween; fixed CVE-2025-47947]
+ * chore: log error codes for global mutex failure modes.
+   [Issue #3387 - @airween]
+ * chore: refactor build system to use PCRE2
+   [Issue #3383 - @airween]
+ * feat: add 'make test' to v2's workflow
+   [Issue #3379 - @airween]
+ * fix: 'make test' is able to run again
+   [Issue #3378 - @airween]
+ * fix: add PCRE2 capability to standalone module
+   [Issue #3377 - @airween]
+ * chore: remove unnecessary @LIBXML2_CFLAGS@ from linker flags
+   [Issue #3376 - @airween]
+ * fix: add msc_fullinfo() to check JIT compilation
+   [Issue #3375 - @airween]
+ * Fix error logging for standalone module
+   [Issue #3374 - @RedXanadu]
+ * Fix compiler warnings from GCC
+   [Issue #3372 - @notroj]
+ * feat: improved XMLArgs processing
+   [Issue #3358 - @airween]
+ * Incorrect utf8toUnicode transformation for 00xx
+   [Issue #3284 - @marcstern]
+ * Fixed PCRE2 error message
+   [Issue #3279 - @marcstern]
+ * make rootpath and incpath consts for apr_filepath_root
+   [Issue #3270 - @Marcool04]
+ * Fix apr_global_mutex_create() usage
+   [Issue #3269 - @marcstern]
+ * chore: add 'log' action to rule 200005 (v2/master)
+   [Issue #3267 - @airween]
+ * Move id_log() to msc_util to fix unit tests; it is declared on msc_ut…
+   [Issue #3265 - @rainerjung]
+ * Missing #include <time.h>
+   [Issue #3262 - @marcstern]
+ * Fixed apr_global_mutex_create() usage (no filename)
+   [PR #3269 - @marcstern]
+ * handle errors from apr_global_mutex_lock
+   [PR #3257 - @marcstern]
+
+03 Sep 2024 - 2.9.8 <-> 31 Mar 2014 - 2.8.0-RC1
+-------------------
+
+Please look: https://github.com/owasp-modsecurity/ModSecurity/blob/v2.9.14/CHANGES


Home | Main Index | Thread Index | Old Index