Bug 143932

Summary: [UPDATE] ports/www/mod_security to version v2.5.12
Product: Ports & Packages Reporter: Andrei V. Lavreniyuk <andy.lavr>
Component: Individual Port(s)Assignee: Marcelo Araujo <araujo>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Andrei V. Lavreniyuk 2010-02-14 14:05:06 UTC 
 Please update ports/www/mod_security to version  v2.5.12

_____________________________________________________________


  http://www.modsecurity.org/

of version v2.5.12:
 
http://sourceforge.net/projects/mod-security/files/modsecurity-apache/2.5.12/CHANGES_2.5.12.txt/download

More details from the SVN log:
  * r1488 | b1v1r | 2010-02-05 19:38:56 +0100 (Fri, 05 Feb 2010) | 1 line
    Cleanup path nomalization routine and add some further regression tests    
    (MODSEC-123).

  * r1487 | b1v1r | 2010-02-05 19:26:43 +0100 (Fri, 05 Feb 2010) | 1 line
    Fixed SecUploadFileMode to set the correct mode (MODSEC-129).

  * r1486 | b1v1r | 2010-02-05 19:24:44 +0100 (Fri, 05 Feb 2010) | 1 line
    Fixed nolog,auditlog/noauditlog/nolog controls for disruptive actions   
    (MODSEC-78, MODSEC-130)

  * r1479 | b1v1r | 2010-02-05 19:15:31 +0100 (Fri, 05 Feb 2010) | 1 line
    Added SecUploadFileLimit (MODSEC-116).

  * r1478 | b1v1r | 2010-02-05 19:14:08 +0100 (Fri, 05 Feb 2010) | 1 line
    Rewrote path normalization routine (MODSEC-123).

  * r1476 | b1v1r | 2010-02-05 19:12:53 +0100 (Fri, 05 Feb 2010) | 1 line
    Trim whitespace around phrases used with @pmFromFile and allow for
    both LF and CRLF terminated lines (MODSEC-126).

  * r1474 | b1v1r | 2010-02-05 19:11:36 +0100 (Fri, 05 Feb 2010) | 1 line
    Allow for more robust parsing for multipart header folding. Reported
    by Sogeti/ESEC R&D (MODSEC-118). Added additional multipart regression
    tests.

  * r1472 | b1v1r | 2010-02-05 19:09:19 +0100 (Fri, 05 Feb 2010) | 1 line
    Added PCRE limits and studying by default to help alleviate REDoS
    reported by Sogeti/ESEC R&D (MODSEC-119).

  * r1471 | b1v1r | 2010-02-05 19:07:56 +0100 (Fri, 05 Feb 2010) | 1 line
    Fixed memory leak in v1 cookie parser reported by Sogeti/ESEC R&D 
    (MODSEC-121).

Further references:
  http://secunia.com/advisories/38460/
  http://freshmeat.net/projects/modsecurity/releases/312017

CVE Request:
  http://www.openwall.com/lists/oss-security/2010/02/10/2
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-02-14 14:05:16 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->araujo

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Marcelo Araujo freebsd_committer freebsd_triage 2010-04-05 23:44:44 UTC 
State Changed
From-To: open->suspended

It doesn't build properly and the patching is in coming.
Comment 3 Philip M. Gollucci freebsd_committer freebsd_triage 2010-05-28 02:28:23 UTC 
State Changed
From-To: suspended->closed

see ports/147099