On Thu, Aug 09, 2007 at 06:27:27PM +0200, Thomas Wiesel wrote: > hello, > > there ist a new version of mod_security available > (http://www.modsecurity.org/download/modsecurity-apache_1.9.5.tar.gz), > in the ports the version is still 1.9.3. > > The required changes are only to modify the version in the makefile > and supply the according checksums. I did this localy, no problems so > far. > > Update would be great in the ports because of some security fixes.
I just performed what I suppose your changes are. Patch attached at the end. The changelog is rather minimal: 5/6/2007 1.9.5 -------------- * Changed Thinking Stone references to Breach Security, Inc. in docs. * Fixed compiler warnings and documented compile with warnings enabled. 11/3/2007 1.9.5-rc1 ------------------- * Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded * forms when the byte range is set to not include NUL bytes. 15/5/2006 1.9.4 --------------- * No changes since 1.9.4-rc1. 27/4/2006 1.9.4-rc1 ------------------- * Request headers that are analysed are now fetched from the header cache. This prevents the potential headers table (the real one) being changed on a rule match - which is only an issue in detection-only mode. * Enhanced memory utilisation. Plus, the memory for the request body is now allocated from the OS directly so that it can be released back to it faster (Apache keeps the memory for itself even after it is freed.) * Added an one-liner to deal with weird IE multipart/form-data behaviour. I did some minimal testing on -current/i386, and did not notice any problems. I agree that it would be good to update this port, as the current version does have some security problems, including http://www.securityfocus.com/bid/22831. Joachim diff -Nurd /usr/ports/www/mod_security/Makefile /usr/ports/mystuff/www/mod_security/Makefile --- /usr/ports/www/mod_security/Makefile Fri Jul 6 06:17:00 2007 +++ /usr/ports/mystuff/www/mod_security/Makefile Fri Aug 10 00:46:43 2007 @@ -2,9 +2,9 @@ COMMENT= "Web intrusion detection and prevention engine" -VER= 1.9.3 +VER= 1.9.5 DISTNAME= modsecurity-apache_${VER} -PKGNAME= modsecurity-apache-${VER}p1 +PKGNAME= modsecurity-apache-${VER} CATEGORIES= www diff -Nurd /usr/ports/www/mod_security/distinfo /usr/ports/mystuff/www/mod_security/distinfo --- /usr/ports/www/mod_security/distinfo Thu Apr 5 19:26:22 2007 +++ /usr/ports/mystuff/www/mod_security/distinfo Fri Aug 10 00:45:08 2007 @@ -1,5 +1,5 @@ -MD5 (modsecurity-apache_1.9.3.tar.gz) = zVWFSI4kmcQhiksTQZwwZQ== -RMD160 (modsecurity-apache_1.9.3.tar.gz) = Ya7Yr59VkspKeSv9iTTtQPh50xU= -SHA1 (modsecurity-apache_1.9.3.tar.gz) = vlTmYBZOqFyU2DBHKhSDbkjqYDU= -SHA256 (modsecurity-apache_1.9.3.tar.gz) = AwTJanFP8aChSXf+GFeL7yKgVeJnZh9QOA6k9Z9CmS4= -SIZE (modsecurity-apache_1.9.3.tar.gz) = 495555 +MD5 (modsecurity-apache_1.9.5.tar.gz) = g/VszkIH0CuT/2CHC/EgTw== +RMD160 (modsecurity-apache_1.9.5.tar.gz) = 828p91uzDKgOuvWpaqlR6d5HXQM= +SHA1 (modsecurity-apache_1.9.5.tar.gz) = QjWVB7Fh81V6ooWZLPjk9kb7sAo= +SHA256 (modsecurity-apache_1.9.5.tar.gz) = kn+vvOT8EdMv6AikbGLaM1qHA6bRjCKq233ZaSz3UqU= +SIZE (modsecurity-apache_1.9.5.tar.gz) = 467173
