File: changelog

package info (click to toggle)
modsecurity-apache 2.9.7-1
  • links: PTS
  • area: main
  • in suites: bookworm
  • size: 10,200 kB
  • sloc: ansic: 51,930; sh: 4,516; perl: 2,340; cpp: 1,930; makefile: 620; xml: 6
file content (507 lines) | stat: -rw-r--r-- 17,846 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
modsecurity-apache (2.9.7-1) unstable; urgency=medium

  * New upstream version 2.9.7
  * Fixes CVE-2022-48279
  * Switched from old PCRE to PCRE2
    https://lists.debian.org/debian-devel/2021/11/msg00176.html
  * Bumped minimum version of libxml2-dev

 -- Ervin Hegedüs <airween@gmail.com>  Mon, 23 Jan 2023 11:39:50 +0100

modsecurity-apache (2.9.6-1) unstable; urgency=medium

  * New upstream version 2.9.6
  * Bump Standards-Version to 4.6.1

 -- Ervin Hegedus <airween@gmail.com>  Fri, 09 Sep 2022 09:09:04 +0200

modsecurity-apache (2.9.5-1) unstable; urgency=medium

  [ Ervin Hegedüs ]
  * New upstream version 2.9.5
  * Fixes CVE-2021-2021-42727
  * Removed d/patches/970833_fix.patch; upstream contains it
  * Added Ervin Hegedus <airween@gmail.com> to Uploaders in d/control
  * Changed Homepage field in d/changelog
  * Added Vcs-Browser to d/changelog
  * Bump Standards-Versio to 4.6.0
  * Bump compat to 13
  * Aligned d/watch - old URI is no longer available

 -- Ervin Hegedus <airween@gmail.com>  Tue, 23 Nov 2021 13:25:57 +0100

modsecurity-apache (2.9.3-3) unstable; urgency=medium

  * Add upstream patch to fix Segfault when using SecRemoteRules.
    (Closes: #970833)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 10 Dec 2020 19:14:15 +0100

modsecurity-apache (2.9.3-2) unstable; urgency=medium

  * Added `--enable-pcre-jit` option to configure script

 -- Ervin Hegedus <airween@gmail.com>  Sun, 17 May 2020 19:47:56 +0000

modsecurity-apache (2.9.3-1) unstable; urgency=medium

  * New upstream release.
  * Bumped to debhelper compatibility level 11, removed build-dep on
    dh-autoreconf.
  * Bumped Standards-Version to 4.2.1

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 10 Dec 2018 20:21:48 +0100

modsecurity-apache (2.9.2-2) unstable; urgency=medium

  * Change CRS IncludeOptional to wildcard to get the desired behaviour (not
    failing when CRS not present). Thanks Walter Kleynscheldt for pointing
    this out. (Closes: #874542)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 17 Sep 2018 09:11:12 +0200

modsecurity-apache (2.9.2-1) unstable; urgency=medium

  * New upstream release. Remove logging patch.
  * Removed no longer needed libapache2-modsecurity transitional package.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Wed, 11 Oct 2017 12:53:50 +0200

modsecurity-apache (2.9.1-3) unstable; urgency=medium

  * Apply upstream (#1216) patch to fix errors on logging.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 29 Jun 2017 11:19:57 +0200

modsecurity-apache (2.9.1-2) unstable; urgency=medium

  * security2.load: Remove no longer needed load of libxml2.so.2
  * improve_defaults.patch: Increase PCRE limits, reorder SecAuditLogParts
    Thanks Christian Folini for the suggestions!
  * Add IncludeOptional directive for modsecurity-crs package.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 20 Dec 2016 17:14:15 +0100

modsecurity-apache (2.9.1-1) unstable; urgency=medium

  * New upstream release.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 19 Sep 2016 19:04:01 +0200

modsecurity-apache (2.9.0-1) unstable; urgency=medium

  * New upstream release. (Closes: #790116)
  * Removed mlogc_TLS1.2.patch, not needed anymore.
  * Remove old (no longer applied) patches from debian/patches

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 07 Jul 2015 12:26:36 +0200

modsecurity-apache (2.8.0-4) unstable; urgency=medium

  * Apply upstream patch to make mlogc use TLS 1.2 instead of SSL v3.
  * Add support for JSON. (Closes: #765605)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 04 Nov 2014 12:54:04 +0100

modsecurity-apache (2.8.0-3) unstable; urgency=medium

  * Add explicit Build-Dep on libpcre3-dev since libaprutil1-dev no longer
    does. (Closes: #765122)
  * Add pkg-config to Build-Dep so that lua support is picked up correctly.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 13 Oct 2014 20:19:23 +0200

modsecurity-apache (2.8.0-2) unstable; urgency=medium

  * Move libapache2-mod-security2.maintscript to
    libapache2-modsecurity.maintscript, since the previous conffiles
    were in the latter.
  * libapache2-modsecurity. Remove dangling symlinks in mods-enabled on
    upgrades.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 03 Oct 2014 11:44:24 +0200

modsecurity-apache (2.8.0-1) unstable; urgency=medium

  * New upstream version

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 21 Apr 2014 18:35:38 +0200

modsecurity-apache (2.7.7-2) unstable; urgency=medium

  * Use dh-autoreconf to fix FTBFS on ppc64el. (Closes: #734573)
    Thanks Logan Rosen for the patch.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Wed, 15 Jan 2014 10:18:58 +0100

modsecurity-apache (2.7.7-1) unstable; urgency=low

  * New upstream version
  * Bumped Standards-Version to 3.9.5
  * Renamed binary package so that it follows naming standards

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 19 Dec 2013 17:09:28 +0100

modsecurity-apache (2.7.5-1) unstable; urgency=low

  * New upstream version

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 11 Oct 2013 11:24:43 +0200

modsecurity-apache (2.7.4-1) unstable; urgency=low

  * New upstream version.
  * Remove doc-base since doc files were removed upstream.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 01 Jul 2013 17:14:29 +0200

modsecurity-apache (2.6.6-9) unstable; urgency=high

  * Applied upstream patch to fix NULL pointer dereference.
    CVE-2013-2765. (Closes: #710217)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 04 Jun 2013 09:34:41 +0200

modsecurity-apache (2.6.6-8) unstable; urgency=low

  * Upload to unstable.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 28 May 2013 18:20:39 +0200

modsecurity-apache (2.6.6-7) experimental; urgency=low

  [Arno Töll]
  * Add support for Apache 2.4 using the patch provided by Ondřej Surý
    (Closes: #666848)
  * Move apache2 configuration files to their canonical name:
    - mod-security.load -> security2.load
    - mod-security.conf -> security2.conf
    Thus, also slightly raise the debhelper build dependency to 8.1.
  * Update security2.conf for changes in Apache 2.4

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 23 May 2013 13:38:35 +0200

modsecurity-apache (2.6.6-6) unstable; urgency=high

  * Applied upstream patch to fix XXE attacks. CVE-2013-1915
    Thanks Thomas Goirand for backporting the patch.
    (Closes: #704625)
    Adds new SecXmlExternalEntity option which by default (Off) disables
    the external entity load task executed by libxml2.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sat, 06 Apr 2013 11:09:12 +0200

modsecurity-apache (2.6.6-5) unstable; urgency=high

  * Applied upstream patch to fix multipart/invalid part
    ruleset bypass. CVE-2012-4528. (Closes: #691146)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 22 Oct 2012 16:23:19 +0200

modsecurity-apache (2.6.6-4) unstable; urgency=low

  * Fix dangling symlink to /usr/share/doc/mod-security-common.
    (Closes: #687866)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 01 Oct 2012 18:05:09 +0200

modsecurity-apache (2.6.6-3) unstable; urgency=low

  * Relicense debian/* files to ASLv2 to avoid conflicts with upstream
    license.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 12 Jul 2012 13:05:20 +0200

modsecurity-apache (2.6.6-2) unstable; urgency=low

  * Updated debian/copyright with right license.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 02 Jul 2012 17:23:08 +0200

modsecurity-apache (2.6.6-1) unstable; urgency=low

  * New upstream release.
  * Remove patches/fix_non_linux.patch. Applied upstream.
  * debian/rules: cleanup.
  * Add hardening flags to build process.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 15 Jun 2012 12:34:20 +0200

modsecurity-apache (2.6.5-2) unstable; urgency=low

  * mod-security.load: removed /usr/lib/ from libxml2's LoadFile path.
    (Closes: #670247)
  * README.Debian: Fix name of example configuration file.
    (Closes: #668938, #659858)
  * debian/control: Remove mention to modsecurity-common.
    (Closes: #662862)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 03 May 2012 17:36:01 +0200

modsecurity-apache (2.6.5-1) unstable; urgency=low

  * New upstream release

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 20 Mar 2012 20:05:09 +0100

modsecurity-apache (2.6.4-1) unstable; urgency=low

  * New upstream release
  * Apply patch by Peter Michael Green to fix FTBFS on non-linux
    kernels. (Closes: #631649, #654719)
  * Added doc-base entry
  * Set Priority to extra for transitional libapache-mod-security

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 16 Mar 2012 13:26:32 +0100

modsecurity-apache (2.6.3-1) unstable; urgency=low

  * New upstream release
  * Include mlogc (still missing manpage). (Closes: #645875)
  * postinst: changed force-reload to restart to avoid apache from segfaulting
    when upgrading modsecurity module (Closes: #574376)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Wed, 28 Dec 2011 16:51:11 +0100

modsecurity-apache (2.6.2-1) unstable; urgency=low

  * New upstream release (Closes: #634844)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sun, 02 Oct 2011 11:34:03 +0200

modsecurity-apache (2.6.0-1) unstable; urgency=low

  * New upstream release (Closes: #627858, #607763)
  * Bumped Standards-Version to 3.9.2

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 16 Jun 2011 13:58:40 +0200

modsecurity-apache (2.5.13-1) unstable; urgency=low

  * The "Rename the whole thing" release
    Move to libapache2- for the binary package to match the rest of
    Apache 2.x modules.
    Rename the source package to its current name, modsecurity-apache,
    since the former source name came from very old versions (1.x).
    Also allowing the future modsecurity-crs to have a more related source
    name.  (Closes: #516540)
  * Merge documentation in libapache2-modsecurity temporarily.
    mod-security-common is going away. modsecurity-crs will soon come.
  * New upstream release
  * debian/control:
    - Added Homepage field
    - Bumped Standards-Version to 3.9.1
  * Added watch file

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Wed, 23 Mar 2011 18:36:29 +0100

libapache-mod-security (2.5.12-1) unstable; urgency=low

  * New upstream release. Fixes several security issues.
    (Closes: #569658)
  * Moved to dpkg-source 3.0 (quilt).
  * Bumped Standards-Version to 3.8.4.0

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 11 Mar 2010 13:36:25 +0100

libapache-mod-security (2.5.11-1) unstable; urgency=low

  * New upstream release
  * Changed section to httpd (from web)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 12 Nov 2009 11:50:33 +0100

libapache-mod-security (2.5.10-1) unstable; urgency=low

  * New upstream version.
  * debian/control: remove mod-security-common dependency on
    libapache-mod-security. (Closes: #529064)
  * liblua correctly detected on build now. (Closes: #524913)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 01 Oct 2009 12:57:44 +0200

libapache-mod-security (2.5.9-1) unstable; urgency=high

  * New upstream release. (Closes: #512472)
    Urgency high due to it fixing multiple remote DoS.
    Bugtraq ID: 34096
  * Moved to debhelper compatibility level 7:
    - echo 7 > debian/compat
    - Added ${misc:Depends} to debian/control
    - Bumped debhelper version dependency in debian/control
  * Fixed long description formatting. (Closes: #516540)
  * Prepared build of mlogc, not releasing this time due to
    urgency of release and missing man page.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 23 Mar 2009 09:56:42 +0100

libapache-mod-security (2.5.6-1) unstable; urgency=low

  * The 'Back to the archive!' Release (Closes: #487431)
  * Drop '2' from package name, now libapache-mod-security
  * New upstream release
    - Includes a new licensing exception that allows binary
      distribution with licenses not compatible with GPLv2,
      such as Apache's. See MODSECURITY_LICENSING_EXCEPTION
  * Removed debian/bug and debian/rules entry to install bug
    handling when out of the archive.
  * Bumped Standards-Version to 3.8.0.0

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 08 Aug 2008 13:31:56 +0200

libapache-mod-security2 (2.5.5-1) unstable; urgency=low

  * New upstream release

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Tue, 10 Jun 2008 17:21:48 +0200

libapache-mod-security2 (2.5.0-1) unstable; urgency=low

  * New upstream release
  * Added liblua5.1-0-dev to Build-Depends
  * Added apache2-prefork-dev as Build-Depends alternative

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sun, 09 Mar 2008 19:41:47 +0100

libapache-mod-security2 (2.1.5-1) unstable; urgency=low

  * New upstream release

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 31 Jan 2008 16:27:29 +0100

libapache-mod-security2 (2.1.2-1) unstable; urgency=low

  * New upstream version

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 06 Aug 2007 21:55:28 +0200

libapache-mod-security2 (2.1.0-1) unstable; urgency=low

  * New upstream version
  * Added Core Rules to examples directory

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sun,  4 Mar 2007 15:17:08 +0100

libapache-mod-security2 (2.0.4-1) unstable; urgency=low

  * New upstream version

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sat, 18 Nov 2006 11:00:21 +0100

libapache-mod-security2 (2.0.3-1) unstable; urgency=low

  * Initial release (Only available for Apache 2.x)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 06 Nov 2006 17:55:54 +0100

libapache-mod-security (1.9.4-2) unstable; urgency=low

  * Moved to apache2.2-common
  * Fixed Depends between libapache2-mod-security, libapache-mod-security and
    mod-security-common, so they can be binNMUed
  * Bumped Standards-Version to 3.7.2.2

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Mon, 30 Oct 2006 16:52:16 +0100

libapache-mod-security (1.9.4-1) unstable; urgency=low

  * New upstream release.
  * Added bug control files to avoid spamming Debian's BTS.
    Thanks Daniel Baumann for the patch.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu,  1 Jun 2006 09:29:40 +0200

libapache-mod-security (1.9.2.0-1) unstable; urgency=low

  * New upstream release.
    Note: Added extra .0 to version number to ease upgrading from -rc3
    packages.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri, 27 Jan 2006 14:32:04 +0100

libapache-mod-security (1.9.2-rc3-1) unstable; urgency=low

  * New upstream release.
  * Moved away from Debian's archive due to license problems.
    (You may find updates @ http://inittab.org/debian)
  * Removed tests, as upstream did. Removed README.debian as it
    only mentioned tests.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sat, 14 Jan 2006 21:44:50 +0100

libapache-mod-security (1.8.7-1) unstable; urgency=medium

  * New upstream release. (Closes: #285365)
  * Fixes several security issues, thus the urgency.
  * Set proper permissions on test suite scripts (Closes: #304195)
  * Corrected minor typo in README.Debian (Closes: #304196)
  * debian/control: Reworded packages descriptions to be more useful.
    (Closes: #304445)

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Sun, 10 Apr 2005 12:28:03 +0200

libapache-mod-security (1.8.4-2) unstable; urgency=medium

  * New maintainer (Closes: #303613)
  * Thanks Adam Conrad for helping with the apache2
    LFS transition. (Closes: #267353)
  * Patched apache2/mod_security.c to include regex.h and build
    correctly. (Closes: #297983). Thanks Andreas Jochens.
    This was RC, thus the urgency.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Fri,  8 Apr 2005 08:48:11 +0200

libapache-mod-security (1.8.4-1.1) unstable; urgency=high

  * NMU: Back out the ill-fated apache2 LFS transition. (closes: #267353)
  * Bump the apache2-threaded-dev build-dep to (>= 2.0.50-10)

 -- Adam Conrad <adconrad@0c3.net>  Sun, 22 Aug 2004 22:49:06 -0700

libapache-mod-security (1.8.4-1) unstable; urgency=medium

  * Upload/fixes on maintainer's behalf (hence non-NMU version)
  * New upstream version (Closes: #256414)
  * Rebuilt with latest apache2-dev (Closes: #266187)
  * Change apache2-dev build-dep to apache2-threaded-dev, as the
    former is a virtual package, and can't have a versioned dep.

 -- Adam Conrad <adconrad@0c3.net>  Tue, 17 Aug 2004 05:42:20 -0600

libapache-mod-security (1.7.1-1) unstable; urgency=low

  * New upstream version
  * Fix example http.conf path references in README.Debian (Closes: #216464)
  * Fix upstream url in copyright file
  * Also install new util directory with snort2modsec scripts
  * Added doc-base support for pdf documentation
  * Updated to use modules-config for apache 1.x instead of deprecated apacheconfig
  * Added http.example from CVS as upstream forgot to update it in tarball and
    there was some failing new tests

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Wed, 22 Oct 2003 14:29:09 +0100

libapache-mod-security (1.6-1) unstable; urgency=low

  * New upstream version (1.5 and 1.5.1 missed due to old information in
    old site; new site at http://www.modsecurity.org)
  * Fix typo in description (Closes: #195860)
  * Bumped Standards-Version to 3.6.1
  * Since 1.5, mod_security supports apache 2.x, so there's a corresponding
    new libapache2-mod-security and a -common package

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Mon, 29 Sep 2003 14:48:32 +0100

libapache-mod-security (1.4.2-1) unstable; urgency=low

  * New upstream version
  * New package (Closes: #178722)
  * Fixed a bug in postrm

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Wed, 19 Mar 2003 02:51:55 +0000

libapache-mod-security (1.4-0) unstable; urgency=low

  * Initial release

 -- Bruno Rodrigues <bruno.rodrigues@litux.org>  Tue, 28 Jan 2003 04:22:39 +0000