File apache2-mod_security2.changes of Package apache2-mod_security2

Thu May 14 18:05:26 CEST 2009 -

- update to version 2.5.9
  - Fixed parsing multipart content with a missing part header name
    which would crash Apache.  Discovered by "Internet Security
    Auditors" (
  - Added ability to specify the config script directly using
    --with-apr and --with-apu.
  - Added macro expansion for append/prepend action.
  - Fixed race condition in concurrent updates of persistent
    counters.  Updates are now atomic.
  - Cleaned up build, adding an option for verbose configure output
    and making the mlogc build more portable.
- additional changes from 2.5.8
  - Fixed PDF XSS issue where a non-GET request for a PDF file
    would crash the Apache httpd process.  Discovered by Steve
    Grubb at Red Hat.
  - Removed an invalid "Internal error: Issuing "%s" for
    unspecified error." message that was logged when denying with
    nolog/noauditlog set and causing the request to be audited.
- additional changes from 2.5.7
  - Fixed XML DTD/Schema validation which will now fail after
    request body processing errors, even if the XML parser returns
    a document tree.
  - Added ctl:forceRequestBodyVariable=on|off which, when enabled,
    will force the REQUEST_BODY variable to be set when a request
    body processor is not set.  Previously the REQUEST_BODY target
    was only populated by the URLENCODED request body processor.
  - Integrated mlogc source.
  - Fixed logging the hostname in the error_log which was logging
    the request hostname instead of the Apache resolved hostname.
  - Allow for disabling request body limit checks in phase:1.
  - Added transformations for processing parity for legacy
    protocols ported to HTTP(S): t:parityEven7bit, t:parityOdd7bit,
  - Added t:cssDecode transformation to decode CSS escapes.
  - Now log XML parsing/validation warnings and errors to be in the
    debug log at levels 3 and 4, respectivly.
- build and package mlogc
- remove --with-apxs from the configure args as it breaks the build
  configure now finds our apxs2

Fri Jan 23 16:56:55 CET 2009 -

- fix broken config [bnc#457200]

Mon Sep 15 14:05:05 CEST 2008 -

- update to version 2.5.6
- initial submit to FACTORY

Mon May 12 05:25:07 CEST 2008 -

-update to 2.1.7

Thu Feb 3 05:44:12 CEST 2008 -

-update to 2.1.6

Wed Aug  8 05:36:42 CEST 2007 -

- update to 2.1.2

Mon Apr 16 10:34:05 CEST 2007 -

- update to 2.1.1
- switched to perl based patching instead of cmdline params for make

Fri Sep 22 08:31:51 CEST 2006 -

- fix build (./install was vanished)