09:16 Jochen Neumeister (joneum) 

www/mod_security: Update to 2.9.13

Changelog: https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v2.9.13

Sponsored by:	Netzkommune GmbH

    3143752

20:29 Jochen Neumeister (joneum)  Author: Einar Bjarni Halldórsson

www/mod_security: Update to 2.9.12

PR:	289495
Sponsored by:	Netzkommune GmbH

    55f098d

06:12 Kurt Jaeger (pi)  Author: Einar Bjarni Halldórsson

www/mod_security: 2.9.6 -> 2.9.10

- Trustwave has announced the transfer of ModSecurity custodianship to OWASP
  in January 2024
- uses pcre2 instead of pcre

PR:		278180
Submitted-by:	Pascal Christen <pascal.christen@hostpoint.ch>
Reviewed-by:	Dani I. <i.dani@outlook.com>
Changes:	https://github.com/owasp-modsecurity/ModSecurity/releases
Security:	CVE 2025-47947, CVE 2025-48866

    dd398a9

16:11 Fernando Apesteguía (fernape)  Author: Pascal Christen

www/mod_security: Update to 2.9.6

ChangeLog: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.6

New features and security impacting issues

    Adjust parser activation rules in modsecurity.conf-recommended
    Multipart parsing fixes and new MULTIPART_PART_HEADERS collection

Bug fixes

 * Limit rsub null termination to where necessary
 * IIS: Update dependencies for next planned release
 * XML parser cleanup: NULL duplicate pointer
 * Properly cleanup XML parser contexts upon completion
 * Fix memory leak in streams
 * Fix: negative usec on log line when data type long is 32b
 * mlogc log-line parsing fails due to enhanced timestamp
 * Allow no-key, single-value JSON body
 * Set SecStatusEngine Off in modsecurity.conf-recommended
 * Fix memory leak that occurs on JSON parsing error
 * Multipart names/filenames may include single quote if double-quote enclosed
 * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended

PR:		266318
Reported by:	pascal.christen@hostpoint.ch
Reviewed by:	tuc03516@gmail.com
Approved by:	joneum@ (maintainer, timeout > 1 month)

    ecca075

15:54 Jochen Neumeister (joneum) 

www/mod_security: Update to 2.9.5

Changelog: https://github.com/SpiderLabs/ModSecurity/releases/

PR:	261527
Sponsored by:	Netzkommune GmbH

    9bceefe

08:30 joneum 

Update to 2.9.3

Changelog: https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.9.3

PR:		235054
Sponsored by:	Netzkommune GmbH

 

08:54 pizzamig 

www/mod_security: update to 2.9.2

PR:		222838
Submitted by:	walter@lifeforms.nl (maintainer)
Approved by:	olivier (mentor)
Differential Revision:	https://reviews.freebsd.org/D12623

 

17:29 ohauer 

- update to 2.9.1
- install etc/apache2x/modules.d/280_mod_security.conf.sample
- adjust README and pkg-message to reflect new module activation
- adjust and sort pkg-plist

Changes:
- ModSecurity: update to 2.9.1
- Add support for Lua 5.1 or higher (was 5.1 only)
- pkg-plist: bring back mod_unique_id activation, fix deprecated @exec
- README: point user to configuration files

PR:		208144
Submitted by:	Walter Hop (maintainer)
MFH:		2016Q2

 

21:19 adamw 

Update to 2.9.0.

Changes:
- update ModSecurity to 2.9.0 (released Feb 12, 2015)
- add JSON parsing support via devel/yajl
- add support for loading remote configuration, which depends on ftp/curl
- add optional support for fuzzy hashes via security/ssdeep
- fix: use lua51 only, ModSecurity does not support lua 5.2 yet
- add FreeBSD specific README with installation and configuration hints
- pkg-message: refer uses to README
- install recommended modsecurity.conf using .sample config file convention
- port skeleton cleanups

PR:		197833
Submitted by:	maintainer (Walter Hop)

 

20:23 ohauer 

- update to version 2.7.7 [1]

- Makefile cleanup
 - remove unused variables
 - use explicit OPTIONSFILE
 - mlogc is build and installed unless explicit disabled,
   remove useless Makefile instructions

- pass MAINTAINER to submitter [1]

Changelog:
https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES

PR:		ports/186524 [1]
Submitted by:	Walter Hop <walter@lifeforms.nl> (new port maintainer)

 

06:51 araujo 

- Update to 2.7.4.

More info:
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES

PR:		ports/179167
Submitted by:	ohauer@
Security:	9dfb63b8-8f36-11e2-b34d-000c2957946c

 

10:58 araujo 

- Update to 2.7.3 due a vulnerability that affect all versions 2.x. [1]
- Update MASTER_SITES.
- Convert to optionsNG.
- Trim header.

More info:
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES

Reported by:    olli hauer <ohauer@gmx.de> [1]
Approved by:    portmgr (bdrewery)
Security:       2070c79a-8e1e-11e2-b34d-000c2957946c

 

07:58 araujo 

- Update to 2.6.6.

06:19 araujo 

- Update to 2.6.5.
- Define LICENSE.

01:04 araujo 

- Update to 2.5.13.

PR:             ports/153985
Submitted by:   Jin-Sih Lin <linpct@gmail.com>

22:01 pgollucci 

- Remove previously stray entry

21:58 pgollucci 

- Update to 2.5.12
- sort PLIST_FILES and PLIST_DIRS

PR:             ports/147099
Submitted by:   pgollucci@ (myself), several
Approved by:    maintainer (araujo; implicit)
With Hat:       apache@

22:37 pav 

- Update to 2.5.11

PR:             ports/140463
Submitted by:   Chris Petrik <chris@officialunix.com>
Approved by:    maintainer timeout (araujo; 1 month)

02:34 araujo 

- Update to 2.5.9.
- Update MASTER_SITES.

17:05 araujo 

- Add WITH_MLOGC knob. [0]
- Update to 2.5.7.

PR:             ports/126559 [0]
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

00:41 araujo 

- The branch 1.9 not is more supported, from now on mod_security receive a new
series called 2.5.
x.
- Take maintainership.

Thanks to Alex Dupre which maintained this port by a long time.

PR:             ports/124828, ports/124830
Submitted by:   araujo (myself)
Approved by:    Alex Dupre <ale@FreeBSD.org> (maintainer)
Thanks to:      WIKTORZAK Cedric <cedric@synapse-interactive.fr>

05:51 ale 

Update to 1.9.4 release.

PR:             ports/100079
Submitted by:   Yi-Huan Chan <yhchan@csie.nctu.edu.tw>

13:15 ale 

Update to 1.9.2 release.

PR:             ports/92168
Submitted by:   Gary Palmer <freebsd-bugs@in-addr.com>

14:25 ale 

Update to 1.9.1 release.

14:52 ale 

Update to 1.8.7 release.

PR:             ports/79171
Submitted by:   Toni Viemero <toni.viemero@iki.fi>

15:49 ale 

Update to 1.8.6 release.

07:06 ale 

Update to 1.8.4 release.

09:41 ale 

Update to 1.8.2 release.

09:14 ale 

Update to 1.8 release.

22:06 ale 

Update to 1.7.6 release.

12:03 ale 

Update to 1.7.5 release.

16:34 nork 

Update to 1.7.4 release.

PR:             ports/61017
Submitted by:   ale (maintainer)

11:50 osa 

Update to 1.7.3.
Add a newline after COMMENT section, change DISTNAME.

Submitted by:   Alex Dupre <sysadmin@alexdupre.com> (maintainer)
PR:             59193

14:12 osa 

Security update to 1.7.2.
This release fixes several bugs, one of which is
a potentially exploitable local vulnerability
(Apache 2.x users only).

Submitted by:   Alex Dupre <sysadmin@alexdupre.com> (maintainer)
PR:             58681

11:05 osa 

Update to latest bugfix release: 1.7.1

Submitted by:   Alex Dupre <sysamin@alexdupre.com> (maintainer)
PR:             58374

12:49 osa 

Update to 1.7.

Submitted by:   Alex Dupre <sysadmin@alexdupre.com> (maintainer)
PR:             58307

06:49 leeym 

Update to 1.5.1 release.

PR:             54344
Submitted by:   Alex Dupre <sysadmin@alexdupre.com>

12:04 edwin 

[New Port] www/mod_security

        ModSecurity is an open source intrustion detection and
        prevention engine for web applications. It operates embedded
        into the web server, acting as a powerful umbrella - shielding
        web applications from attacks.

        WWW: http://www.modsecurity.org/

        It supports both Apache 1.3 and Apache 2.0.

PR:             ports/52937
Submitted by:   Alex Dupre <sysadmin@alexdupre.com>