pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
ap-modsecurity: Fix COMMIT_MSG
Module Name: pkgsrc-wip
Committed By: Marcin Gondek <drixter%e-utp.net@localhost>
Pushed By: drixter
Date: Mon Jul 6 18:07:36 2026 +0200
Changeset: 55335995df9ad53ae30482359404814d9ce2ee7f
Modified Files:
ap-modsecurity2/COMMIT_MSG
Log Message:
ap-modsecurity: Fix COMMIT_MSG
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=55335995df9ad53ae30482359404814d9ce2ee7f
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
ap-modsecurity2/COMMIT_MSG | 128 +++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 123 insertions(+), 5 deletions(-)
diffs:
diff --git a/ap-modsecurity2/COMMIT_MSG b/ap-modsecurity2/COMMIT_MSG
index 5fde54434a..9cd1cacd35 100644
--- a/ap-modsecurity2/COMMIT_MSG
+++ b/ap-modsecurity2/COMMIT_MSG
@@ -1,8 +1,126 @@
ap-modsecurity: Update to version 2.9.14
-Full list of changes:
+Last version changes:
-chore: fix cppcheck issues with v2.21.0
-fix: ctl:ruleRemoveTargetByTag not removing XML attribute targets
-Remove deprecated REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
-Re-apply lost fix 4f33f5b: collection_unpack value_len underflow regression
+02 Jul 2026 - 2.9.14
+--------------------
+
+ * chore: fix cppcheck issues with v2.21.0
+ [Issue #3593 - @airween]
+ * fix: ctl:ruleRemoveTargetByTag not removing XML attribute targets
+ [Issue #3592 - @fzipi]
+ * Remove deprecated REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
+ [Issue #3578 - @hnakamur]
+ * Re-apply lost fix 4f33f5b: collection_unpack value_len underflow regression
+ [Issue #3560 - @g4mm4-VCF]
+
+28 Apr 2026 - 2.9.13
+--------------------
+
+ * fix: heap buffer overflow in acmp pm
+ [Issue #3545 - @fumfel,@airween]
+ * fix: probably UB (left shift of neg. val) in ip_tree code
+ [Issue #3542 - @fumfel,@airween]
+ * feat(libinjection): add libinjection 4 final to v2
+ [Issue #3535 - @airween]
+ * fix: cppcheck warnings
+ [Issue #3530 - @airween]
+ * feat: add Lua 5.5 support when available
+ [Issue #3527 - @fzipi,@airween]
+ * refactor: remove NGINX support from v2 (#3498)
+ [Issue #3502 - @sanjib2006]
+ * fix: cppcheck warnings in nginx/
+ [Issue #3493 - @umprayz]
+ * fix: cppcheck warnings in standalone/
+ [Issue #3488 - @umprayz]
+ * v2: Accept requests whose body length is exactly equal to SecRequestBodyNoFilesLimit
+ [Issue #3480 - @hnakamur]
+ * fix: yajl detection for source installations (#3457)
+ [Issue #3458 - @weida]
+ * feat: fix regression test, add a new CI workflow
+ [Issue #3456 - @airween]
+ * Fix libxml2 related deprecated issues
+ [Issue #3454 - @airween]
+ * Add CMake and CI Pipeline for ModSecurityIIS in ModSecurity V2
+ [Issue #3452 - @A13501350]
+ * fix(iis): IPv6 Handling in ModSecurity IIS Module
+ [Issue #3443 - @A13501350]
+ * fix: add event message resources to ModSecurityIIS.dll and resolve "Invalid function" errors (#3408)
+ [Issue #3438 - @A13501350]
+
+05 Aug 2025 - 2.9.12
+--------------------
+
+ * fix: Improper error handling
+ [PR from private repo - @orangetw, @pgajdos, @ylavic, @theseion, @fzipi, @airween
+ fixed CVE-2025-54571]
+ * fix: mod_security2's regression tests [Issue #3425 - @airween]
+ * fix: remove unused condition from msc_status_engine.c [Issue #3412 - @airween]
+ * fix: remove unwanted '\0' string terminator from argument's value [Issue #3411 - @airween]
+
+01 Jul 2025 - 2.9.11
+--------------------
+
+ * fix: prevent segmentation fault if the XML node is empty
+ [PR from private repo - @theseion, @fzipi, @RedXanadu, @airween; fixed CVE-2025-52891]
+ * Plug memory leak when msre_op_validateSchema_execute() exits normally (validateSchema)
+ [Issue #3401 - @nic-prgs]
+ * chore: bump version in MSI installer.wxs
+ [Issue #3400 - @airween]
+ * Fix resource leaks in `msc_status_engine_mac_address`
+ [Issue #3391 - @amezin]
+
+02 Jun 2025 - 2.9.10
+--------------------
+
+ * fix: DoS vulnerability
+ [PR from private repo - @theseion, @fzipi, @airween; fixed CVE-2025-48866]
+
+21 May 2025 - 2.9.9
+-------------------
+
+ * fix: DoS vulnerability
+ [PR from private repo - @theseion, @fzipi, @airween; fixed CVE-2025-47947]
+ * chore: log error codes for global mutex failure modes.
+ [Issue #3387 - @airween]
+ * chore: refactor build system to use PCRE2
+ [Issue #3383 - @airween]
+ * feat: add 'make test' to v2's workflow
+ [Issue #3379 - @airween]
+ * fix: 'make test' is able to run again
+ [Issue #3378 - @airween]
+ * fix: add PCRE2 capability to standalone module
+ [Issue #3377 - @airween]
+ * chore: remove unnecessary @LIBXML2_CFLAGS@ from linker flags
+ [Issue #3376 - @airween]
+ * fix: add msc_fullinfo() to check JIT compilation
+ [Issue #3375 - @airween]
+ * Fix error logging for standalone module
+ [Issue #3374 - @RedXanadu]
+ * Fix compiler warnings from GCC
+ [Issue #3372 - @notroj]
+ * feat: improved XMLArgs processing
+ [Issue #3358 - @airween]
+ * Incorrect utf8toUnicode transformation for 00xx
+ [Issue #3284 - @marcstern]
+ * Fixed PCRE2 error message
+ [Issue #3279 - @marcstern]
+ * make rootpath and incpath consts for apr_filepath_root
+ [Issue #3270 - @Marcool04]
+ * Fix apr_global_mutex_create() usage
+ [Issue #3269 - @marcstern]
+ * chore: add 'log' action to rule 200005 (v2/master)
+ [Issue #3267 - @airween]
+ * Move id_log() to msc_util to fix unit tests; it is declared on msc_ut…
+ [Issue #3265 - @rainerjung]
+ * Missing #include <time.h>
+ [Issue #3262 - @marcstern]
+ * Fixed apr_global_mutex_create() usage (no filename)
+ [PR #3269 - @marcstern]
+ * handle errors from apr_global_mutex_lock
+ [PR #3257 - @marcstern]
+
+03 Sep 2024 - 2.9.8 <-> 31 Mar 2014 - 2.8.0-RC1
+-------------------
+
+Please look: https://github.com/owasp-modsecurity/ModSecurity/blob/v2.9.14/CHANGES
Home |
Main Index |
Thread Index |
Old Index