summaryrefslogtreecommitdiff
path: root/www/nginx-devel/files/extra-patch-nginx-modsecurity-configure (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update NGINX JavaScript (aka njs) module from 0.3.8 to 0.3.9.Sergey A. Osokin2020-03-031-1/+1
| | | | | | | | | | | To avoid a potential conflict between two versions of LuaJIT let's update mod_security's dependecy list and use lang/luajit-openresty instead of original lang/luajit. Bump PORTREVISION. Notes: svn path=/head/; revision=527678
* Update third-party modsecurity module from 2.9.2 to 2.9.3.Sergey A. Osokin2018-12-271-2/+2
| | | | | | | Bump PORTREVISION. Notes: svn path=/head/; revision=488501
* Upgrade from 1.13.8 to 1.13.9.Sergey A. Osokin2018-02-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Upgrade third-party modules to their recent version. Remove needless patches. <ChangeLog> *) Feature: HTTP/2 server push support; the "http2_push" and "http2_push_preload" directives. *) Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.9.13. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_verify_client" directive was used and no SSL certificate was specified in a virtual server. *) Bugfix: in the ngx_http_v2_module. *) Bugfix: in the ngx_http_dav_module. </ChangeLog> Notes: svn path=/head/; revision=462474
* Upgrade third-party modules:Sergey A. Osokin2016-03-121-2/+2
| | | | | | | | o) http_push from 0.99.6 to 0.99.7; o) modsecurity from 2.9.1-RC1 to 2.9.1. Notes: svn path=/head/; revision=410934
* Upgrade third-party modsecurity module from 2.9.0 to 2.9.1-rc1.Sergey A. Osokin2016-02-071-4/+4
| | | | Notes: svn path=/head/; revision=408436
* Use luajit instead of lua for third-party modsecurity module, sort list of ↵Sergey A. Osokin2015-08-101-10/+15
| | | | | | | | | dependences for it. PR: 200263 Notes: svn path=/head/; revision=393858
* Update third-party modsecurity module from 2.8.0 to 2.9.0.Sergey A. Osokin2015-02-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | <ChangeLog> 12 Feb 2015 - 2.9.0 ------------------- * Fix apr_crypto.h include, now checking if apr_crypto.h is available by checking the definition WITH_APU_CRYPTO. [martinjina and ModSecurity team] 15 Dez 2014 - 2.9.0-RC2 ----------------------- * OpenSSL dependency was removed on MS Windows builds. ModSecurity is now using the Windows certificate storage. [Gregg Smith, Steffen and ModSecurity team] * Informs about external resources loaded/failed while reloading Apache. [ModSecurity team] * Adds missing 'ModSecurity:' prefix in some warnings messages. [Walter Hop and ModSecurity team] * Refactoring external resources download warn messages. Holding the message to be displayed when Apache is ready to write on the error_log. [ModSecurity team] * Remote resources loading process is now failing in case of HTTP error. [Walter Hop and ModSecurity team] * Fixed start up crash on Apache with mod_ssl configured. Crash was happening during the download of remote resources. [Christian Folini, Walter Hop and ModSecurity team] * Curl is not a mandatory dependency to ModSecurity core anymore. [Rainer Jung and ModSecurity team] 18 Nov 2014 - 2.9.0-RC1 ----------------------- * `pmFromFile' and `ipMatchFromFile' operators are now accepting HTTPS served files as parameter. * `SecRemoteRules' directive - allows you to specify a HTTPS served file that may contain rules in the SecRule format to be loaded into your ModSecurity instance. * `SecRemoteRulesFailAction' directive - allows you to control whenever the user wants to Abort or just Warn when there is a problem while downloading rules specified with the directive: `SecRemoteRules'. * `fuzzyHash' operator - allows to match contents using fuzzy hashes. * `FILES_TMP_CONTENT' collection - make available the content of uploaded files. * InsecureNoCheckCert - option to validate or not a chain of SSL certificates on mlogc connections. * ModSecurityIIS: ModSecurity event ID was changed from 0 to 0x1. [Issue #676 - Kris Kater and ModSecurity team] * Fixed signature on "status call": ModSecurity is now using the original server signature. [Issues #702 - Linas and ModSecurity team] * YAJL version is printed while ModSecurity initialization. [Issue #703 - Steffen (Apache Lounge) and Mauro Faccenda] * Fixed subnet representation using slash notation on the @ipMatch operator. [Issue #706 - Walter Hop and ModSecurity team] * Limited the length of a status call. [Issue #714 - 'cpanelkurt' and ModSecurity team] * Added the missing -P option to nginx regression tests. [Issue #720 - Paul Yang] * Fixed automake scripts to do not use features which will be deprecated in the upcoming releases of automake. [Issue #760 - ModSecurity team] * apr-utils's LDFALGS is now considered while building ModSecurity. [Issue #782 - Daniel J. Luke] * IIS installer is not considering IIS 6 as compatible anymore. [Issue #790 - ModSecurity team] * Fixed yajl build script: now looking for the correct header file. [Issue #804 - 'rpfilomeno' and ModSecurity team] * mlgoc is now forced to use TLS 1.x. [Issue #806 - Josh Amishav-Zlatin and ModSecurity team] </ChangeLog> Notes: svn path=/head/; revision=378927
* Update third-party modsecurity module from 2.7.5 to latest version 2.8.0.Sergey A. Osokin2014-08-101-0/+24
Notes: svn path=/head/; revision=364551
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-30 19:47:56 +0000